[Qemu-devel] [PULL 0/5] target-arm queue

[Qemu-devel] [PULL 0/5] target-arm queue

[Peter Maydell]

ARM changes for rc1: a small set of bugfixes which didn't quite
make rc0, mostly.

thanks
-- PMM


The following changes since commit c40e13e106243a6798b7b02b4d7de5ff6c9be128:

  bsd-user: add necessary includes to fix warnings (2016-04-04 16:17:18 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160404

for you to fetch changes up to bf06c1123a427fefc2cf9cf8019578eafc19eb6f:

  target-arm: Make the 64-bit version of VTCR do the migration (2016-04-04 17:33:52 +0100)

----------------------------------------------------------------
target-arm queue:
 * bcm2836: wire up CPU timer interrupts correctly
 * linux-user: ignore EXCP_YIELD in ARM cpu_loop()
 * target-arm: correctly reset SCTLR_EL3
 * target-arm: remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
 * target-arm: make the 64-bit version of VTCR do the migration

----------------------------------------------------------------
Peter Maydell (5):
      hw/arm/bcm2836: Wire up CPU timer interrupts correctly
      linux-user: arm: Handle (ignore) EXCP_YIELD in ARM cpu_loop()
      target-arm: Correctly reset SCTLR_EL3 for 64-bit CPUs
      target-arm: Remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
      target-arm: Make the 64-bit version of VTCR do the migration

 hw/arm/bcm2836.c    |  6 +++++-
 linux-user/main.c   |  6 ++++++
 target-arm/helper.c | 31 ++++++++++++++++++-------------
 3 files changed, 29 insertions(+), 14 deletions(-)

[Qemu-devel] [PULL 1/5] hw/arm/bcm2836: Wire up CPU timer interrupts correctly

[Peter Maydell]

Wire up the CPU timer interrupts in the right order, with the
nonsecure physical timer on cntpnsirq, the hyp timer on cnthpirq,
and the secure physical timer on cntpsirq. (We did get the
virt timer right, at least.)

Reported-by: Antonio Huete Jiménez <tuxillo@quantumachine.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1458210790-6621-1-git-send-email-peter.maydell@linaro.org
---
 hw/arm/bcm2836.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index af29dd1..8451190 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -139,9 +139,13 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 
         /* Connect timers from the CPU to the interrupt controller */
         qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_PHYS,
-                qdev_get_gpio_in_named(DEVICE(&s->control), "cntpsirq", n));
+                qdev_get_gpio_in_named(DEVICE(&s->control), "cntpnsirq", n));
         qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_VIRT,
                 qdev_get_gpio_in_named(DEVICE(&s->control), "cntvirq", n));
+        qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_HYP,
+                qdev_get_gpio_in_named(DEVICE(&s->control), "cnthpirq", n));
+        qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_SEC,
+                qdev_get_gpio_in_named(DEVICE(&s->control), "cntpsirq", n));
     }
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 2/5] linux-user: arm: Handle (ignore) EXCP_YIELD in ARM cpu_loop()

[Peter Maydell]

The new-in-ARMv8 YIELD instruction has been implemented to throw
an EXCP_YIELD back up to the QEMU main loop. In system emulation
we use this to decide to schedule a different guest CPU in SMP
configurations. In usermode emulation there is nothing to do,
so just ignore it and resume the guest.

This prevents an abort with "unhandled CPU exception 0x10004"
if the guest process uses the YIELD instruction.

Reported-by: Hunter Laux <hunterlaux@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1456833171-31900-1-git-send-email-peter.maydell@linaro.org
---
 linux-user/main.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/linux-user/main.c b/linux-user/main.c
index b432bf2..5f3ec97 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -907,6 +907,9 @@ void cpu_loop(CPUARMState *env)
             if (do_kernel_trap(env))
               goto error;
             break;
+        case EXCP_YIELD:
+            /* nothing to do here for user-mode, just resume guest code */
+            break;
         default:
         error:
             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
@@ -1097,6 +1100,9 @@ void cpu_loop(CPUARMState *env)
         case EXCP_SEMIHOST:
             env->xregs[0] = do_arm_semihosting(env);
             break;
+        case EXCP_YIELD:
+            /* nothing to do here for user-mode, just resume guest code */
+            break;
         default:
             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
             abort();
-- 
1.9.1

[Qemu-devel] [PULL 3/5] target-arm: Correctly reset SCTLR_EL3 for 64-bit CPUs

[Peter Maydell]

The regdef for SCTRL_EL3 was incorrectly marked as being an
ARM_CP_ALIAS, with the remark that this was because the 32-bit
definition would take care of reset and migration. However the
intention for banked registers as documented in the comment in
add_cpreg_to_hashtable() is:

 * 2) If ARMv8 is enabled then we can count on a 64-bit version
 *    taking care of the secure bank.  This requires that separate
 *    32 and 64-bit definitions are provided.

and so it marks the 32-bit secure banked version as an alias.
This results in the sctlr_s/sctlr_el[3] field never being reset
or migrated for a 64-bit CPU with EL3 enabled.

Fix this by removing the ARM_CP_ALIAS annotation from SCTLR_EL3.
Since this means it now needs a real reset value, move the regdef
into the same place that we define the 32-bit SCTLR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Message-id: 1459435778-5526-2-git-send-email-peter.maydell@linaro.org
---
 target-arm/helper.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 19d5d52..e583e6a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3744,11 +3744,6 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
       .access = PL1_RW, .accessfn = access_trap_aa32s_el1,
       .writefn = vbar_write, .resetvalue = 0,
       .fieldoffset = offsetof(CPUARMState, cp15.mvbar) },
-    { .name = "SCTLR_EL3", .state = ARM_CP_STATE_AA64,
-      .type = ARM_CP_ALIAS, /* reset handled by AArch32 view */
-      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 0,
-      .access = PL3_RW, .raw_writefn = raw_write, .writefn = sctlr_write,
-      .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]) },
     { .name = "TTBR0_EL3", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 0, .opc2 = 0,
       .access = PL3_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0,
@@ -4641,12 +4636,20 @@ void register_cp_regs_for_features(ARMCPU *cpu)
     }
     if (arm_feature(env, ARM_FEATURE_EL3)) {
         define_arm_cp_regs(cpu, el3_cp_reginfo);
-        ARMCPRegInfo rvbar = {
-            .name = "RVBAR_EL3", .state = ARM_CP_STATE_AA64,
-            .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 0, .opc2 = 1,
-            .type = ARM_CP_CONST, .access = PL3_R, .resetvalue = cpu->rvbar
+        ARMCPRegInfo el3_regs[] = {
+            { .name = "RVBAR_EL3", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 0, .opc2 = 1,
+              .type = ARM_CP_CONST, .access = PL3_R, .resetvalue = cpu->rvbar },
+            { .name = "SCTLR_EL3", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 0,
+              .access = PL3_RW,
+              .raw_writefn = raw_write, .writefn = sctlr_write,
+              .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]),
+              .resetvalue = cpu->reset_sctlr },
+            REGINFO_SENTINEL
         };
-        define_one_arm_cp_reg(cpu, &rvbar);
+
+        define_arm_cp_regs(cpu, el3_regs);
     }
     /* The behaviour of NSACR is sufficiently various that we don't
      * try to describe it in a single reginfo:
-- 
1.9.1

[Qemu-devel] [PULL 4/5] target-arm: Remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3

[Peter Maydell]

The regdefs for the ESR_EL2 and ESR_EL3 system registers should not
be marked as ARM_CP_ALIAS, because these are the master copies; the
DFSR regdef in vmsa_pmsa_cp_reginfo[] is marked as an alias.
Remove the ALIAS tags so that these registers are correctly migrated.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.rog>
Message-id: 1459435778-5526-3-git-send-email-peter.maydell@linaro.org
---
 target-arm/helper.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index e583e6a..0e54d90 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3509,7 +3509,6 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .access = PL2_RW,
       .fieldoffset = offsetof(CPUARMState, elr_el[2]) },
     { .name = "ESR_EL2", .state = ARM_CP_STATE_AA64,
-      .type = ARM_CP_ALIAS,
       .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
       .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
     { .name = "FAR_EL2", .state = ARM_CP_STATE_AA64,
@@ -3759,7 +3758,6 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
       .access = PL3_RW,
       .fieldoffset = offsetof(CPUARMState, elr_el[3]) },
     { .name = "ESR_EL3", .state = ARM_CP_STATE_AA64,
-      .type = ARM_CP_ALIAS,
       .opc0 = 3, .opc1 = 6, .crn = 5, .crm = 2, .opc2 = 0,
       .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[3]) },
     { .name = "FAR_EL3", .state = ARM_CP_STATE_AA64,
-- 
1.9.1

[Qemu-devel] [PULL 5/5] target-arm: Make the 64-bit version of VTCR do the migration

[Peter Maydell]

Move the ALIAS tag from VTCR_EL2 to VTCR so that we migrate the
64-bit version, as is usual. (This has no particular effect now
unless the guest wrote to the high RES0 bits of VTCR_EL2.)
Add a comment about why it's OK that we don't have the various
accessor functions that the EL1 TCR regdefs do.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Message-id: 1459435778-5526-4-git-send-email-peter.maydell@linaro.org
---
 target-arm/helper.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 0e54d90..09638b2 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3564,11 +3564,15 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) },
     { .name = "VTCR", .state = ARM_CP_STATE_AA32,
       .cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
+      .type = ARM_CP_ALIAS,
       .access = PL2_RW, .accessfn = access_el3_aa32ns,
       .fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) },
     { .name = "VTCR_EL2", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
-      .access = PL2_RW, .type = ARM_CP_ALIAS,
+      .access = PL2_RW,
+      /* no .writefn needed as this can't cause an ASID change;
+       * no .raw_writefn or .resetfn needed as we never use mask/base_mask
+       */
       .fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) },
     { .name = "VTTBR", .state = ARM_CP_STATE_AA32,
       .cp = 15, .opc1 = 6, .crm = 2,
-- 
1.9.1

Re: [Qemu-devel] [PULL 0/5] target-arm queue

[Peter Maydell]

On 4 April 2016 at 17:43, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM changes for rc1: a small set of bugfixes which didn't quite
> make rc0, mostly.
>
> thanks
> -- PMM
>
>
> The following changes since commit c40e13e106243a6798b7b02b4d7de5ff6c9be128:
>
>   bsd-user: add necessary includes to fix warnings (2016-04-04 16:17:18 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160404
>
> for you to fetch changes up to bf06c1123a427fefc2cf9cf8019578eafc19eb6f:
>
>   target-arm: Make the 64-bit version of VTCR do the migration (2016-04-04 17:33:52 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * bcm2836: wire up CPU timer interrupts correctly
>  * linux-user: ignore EXCP_YIELD in ARM cpu_loop()
>  * target-arm: correctly reset SCTLR_EL3
>  * target-arm: remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
>  * target-arm: make the 64-bit version of VTCR do the migration
>

Applied, thanks.

-- PMM