From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 01/10] target/arm: Mark registers which call pmu_op_start() as ARM_CP_IO
Date: Fri, 30 Sep 2022 14:35:02 +0100 [thread overview]
Message-ID: <20220930133511.2112734-2-peter.maydell@linaro.org> (raw)
In-Reply-To: <20220930133511.2112734-1-peter.maydell@linaro.org>
In commit 01765386a888 we made some system register write functions
call pmu_op_start()/pmu_op_finish(). This means that they now touch
timers, so for icount to work these registers must have the ARM_CP_IO
flag set.
This fixes a bug where when icount is enabled a guest that touches
MDCR_EL3, MDCR_EL2, PMCNTENSET_EL0 or PMCNTENCLR_EL0 would cause
QEMU to print an error message and exit, for example:
[ 2.495971] TCP: Hash tables configured (established 1024 bind 1024)
[ 2.496213] UDP hash table entries: 256 (order: 1, 8192 bytes)
[ 2.496386] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[ 2.496917] NET: Registered protocol family 1
qemu-system-aarch64: Bad icount read
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220923123412.1214041-2-peter.maydell@linaro.org
---
target/arm/helper.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b5dac651e75..fadeed0b6bb 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1927,12 +1927,12 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
* or PL0_RO as appropriate and then check PMUSERENR in the helper fn.
*/
{ .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1,
- .access = PL0_RW, .type = ARM_CP_ALIAS,
+ .access = PL0_RW, .type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten),
.writefn = pmcntenset_write,
.accessfn = pmreg_access,
.raw_writefn = raw_write },
- { .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64,
+ { .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64, .type = ARM_CP_IO,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 1,
.access = PL0_RW, .accessfn = pmreg_access,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .resetvalue = 0,
@@ -1942,11 +1942,11 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten),
.accessfn = pmreg_access,
.writefn = pmcntenclr_write,
- .type = ARM_CP_ALIAS },
+ .type = ARM_CP_ALIAS | ARM_CP_IO },
{ .name = "PMCNTENCLR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 2,
.access = PL0_RW, .accessfn = pmreg_access,
- .type = ARM_CP_ALIAS,
+ .type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
.writefn = pmcntenclr_write },
{ .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
@@ -5125,7 +5125,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
.opc0 = 3, .opc1 = 6, .crn = 1, .crm = 3, .opc2 = 1,
.resetvalue = 0,
.access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) },
- { .name = "SDCR", .type = ARM_CP_ALIAS,
+ { .name = "SDCR", .type = ARM_CP_ALIAS | ARM_CP_IO,
.cp = 15, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 1,
.access = PL1_RW, .accessfn = access_trap_aa32s_el1,
.writefn = sdcr_write,
@@ -7832,7 +7832,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
* value is MDCR_EL2.HPMN which should reset to the value of PMCR_EL0.N.
*/
ARMCPRegInfo mdcr_el2 = {
- .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH,
+ .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH, .type = ARM_CP_IO,
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1,
.writefn = mdcr_el2_write,
.access = PL2_RW, .resetvalue = pmu_num_counters(env),
--
2.25.1
next prev parent reply other threads:[~2022-09-30 13:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-30 13:35 [PULL 00/10] target-arm queue Peter Maydell
2022-09-30 13:35 ` Peter Maydell [this message]
2022-09-30 13:35 ` [PULL 02/10] target/arm: Make writes to MDCR_EL3 use PMU start/finish calls Peter Maydell
2022-09-30 13:35 ` [PULL 03/10] target/arm: Update SDCR_VALID_MASK to include SCCD Peter Maydell
2022-09-30 13:35 ` [PULL 04/10] target/arm: Rearrange cpu64.c so all the CPU initfns are together Peter Maydell
2022-09-30 13:35 ` [PULL 05/10] hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers Peter Maydell
2022-09-30 13:35 ` [PULL 06/10] hw/arm/virt: Fix devicetree warning about the root node Peter Maydell
2022-09-30 13:35 ` [PULL 07/10] hw/arm/virt: Fix devicetree warning about the GIC node Peter Maydell
2022-09-30 13:35 ` [PULL 08/10] hw/arm/virt: Use "msi-map" devicetree property for PCI Peter Maydell
2022-09-30 13:35 ` [PULL 09/10] hw/arm/virt: Fix devicetree warning about the SMMU node Peter Maydell
2022-09-30 13:35 ` [PULL 10/10] target/arm: mark SP_EL1 with ARM_CP_EL3_NO_EL2_KEEP Peter Maydell
2022-10-03 23:01 ` [PULL 00/10] target-arm queue Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220930133511.2112734-2-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).