* [PULL 00/26] target-arm queue
@ 2020-01-30 16:15 Peter Maydell
2020-01-30 19:05 ` Peter Maydell
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2020-01-30 16:15 UTC (permalink / raw)
To: qemu-devel
target-arm queue. The big thing here is the landing of the 3-phase
reset patches...
-- PMM
The following changes since commit 204aa60b37c23a89e690d418f49787d274303ca7:
Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jan-29-2020' into staging (2020-01-30 14:18:45 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200130
for you to fetch changes up to dea101a1ae9968c9fec6ab0291489dad7c49f36f:
target/arm/cpu: Add the kvm-no-adjvtime CPU property (2020-01-30 16:02:06 +0000)
----------------------------------------------------------------
target-arm queue:
* hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES
* target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr
* aspeed: some minor bugfixes
* aspeed: add eMMC controller model for AST2600 SoC
* hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
* New 3-phase reset API for device models
* hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
* Arm KVM: stop/restart the guest counter when the VM is stopped and started
----------------------------------------------------------------
Andrew Jeffery (2):
hw/sd: Configure number of slots exposed by the ASPEED SDHCI model
hw/arm: ast2600: Wire up the eMMC controller
Andrew Jones (6):
target/arm/kvm: trivial: Clean up header documentation
hw/arm/virt: Add missing 5.0 options call to 4.2 options
target/arm/kvm64: kvm64 cpus have timer registers
tests/arm-cpu-features: Check feature default values
target/arm/kvm: Implement virtual time adjustment
target/arm/cpu: Add the kvm-no-adjvtime CPU property
Cédric Le Goater (2):
ftgmac100: check RX and TX buffer alignment
hw/arm/aspeed: add a 'execute-in-place' property to boot directly from CE0
Damien Hedde (11):
add device_legacy_reset function to prepare for reset api change
hw/core/qdev: add trace events to help with resettable transition
hw/core: create Resettable QOM interface
hw/core: add Resettable support to BusClass and DeviceClass
hw/core/resettable: add support for changing parent
hw/core/qdev: handle parent bus change regarding resettable
hw/core/qdev: update hotplug reset regarding resettable
hw/core: deprecate old reset functions and introduce new ones
docs/devel/reset.rst: add doc about Resettable interface
vl: replace deprecated qbus_reset_all registration
hw/s390x/ipl: replace deprecated qdev_reset_all registration
Joel Stanley (1):
misc/pca9552: Add qom set and get
Peter Maydell (2):
hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES
target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr
Philippe Mathieu-Daudé (1):
hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
Zenghui Yu (1):
hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
hw/core/Makefile.objs | 1 +
tests/Makefile.include | 1 +
include/hw/arm/aspeed.h | 2 +
include/hw/arm/aspeed_soc.h | 2 +
include/hw/arm/virt.h | 1 +
include/hw/qdev-core.h | 58 +++++++-
include/hw/resettable.h | 247 +++++++++++++++++++++++++++++++++
include/hw/sd/aspeed_sdhci.h | 1 +
target/arm/cpu.h | 7 +
target/arm/kvm_arm.h | 95 ++++++++++---
hw/arm/aspeed.c | 72 ++++++++--
hw/arm/aspeed_ast2600.c | 31 ++++-
hw/arm/aspeed_soc.c | 2 +
hw/arm/raspi.c | 2 -
hw/arm/virt.c | 9 ++
hw/audio/intel-hda.c | 2 +-
hw/core/bus.c | 102 ++++++++++++++
hw/core/or-irq.c | 2 +-
hw/core/qdev.c | 160 ++++++++++++++++++++--
hw/core/resettable.c | 301 +++++++++++++++++++++++++++++++++++++++++
hw/hyperv/hyperv.c | 2 +-
hw/i386/microvm.c | 2 +-
hw/i386/pc.c | 2 +-
hw/ide/microdrive.c | 8 +-
hw/intc/arm_gicv3_kvm.c | 11 +-
hw/intc/spapr_xive.c | 2 +-
hw/misc/pca9552.c | 90 ++++++++++++
hw/net/ftgmac100.c | 13 ++
hw/ppc/pnv_psi.c | 4 +-
hw/ppc/spapr_pci.c | 2 +-
hw/ppc/spapr_vio.c | 2 +-
hw/s390x/ipl.c | 10 +-
hw/s390x/s390-pci-inst.c | 2 +-
hw/scsi/vmw_pvscsi.c | 2 +-
hw/sd/aspeed_sdhci.c | 11 +-
hw/sd/omap_mmc.c | 2 +-
hw/sd/pl181.c | 2 +-
target/arm/arm-semi.c | 9 ++
target/arm/cpu.c | 2 +
target/arm/cpu64.c | 1 +
target/arm/kvm.c | 120 ++++++++++++++++
target/arm/kvm32.c | 3 +
target/arm/kvm64.c | 4 +
target/arm/machine.c | 7 +
target/arm/monitor.c | 1 +
tests/qtest/arm-cpu-features.c | 41 ++++--
vl.c | 10 +-
docs/arm-cpu-features.rst | 37 ++++-
docs/devel/index.rst | 1 +
docs/devel/reset.rst | 289 +++++++++++++++++++++++++++++++++++++++
hw/core/trace-events | 27 ++++
51 files changed, 1727 insertions(+), 90 deletions(-)
create mode 100644 include/hw/resettable.h
create mode 100644 hw/core/resettable.c
create mode 100644 docs/devel/reset.rst
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2020-01-30 16:15 Peter Maydell
@ 2020-01-30 19:05 ` Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2020-01-30 19:05 UTC (permalink / raw)
To: QEMU Developers
On Thu, 30 Jan 2020 at 16:15, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> target-arm queue. The big thing here is the landing of the 3-phase
> reset patches...
>
> -- PMM
>
> The following changes since commit 204aa60b37c23a89e690d418f49787d274303ca7:
>
> Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jan-29-2020' into staging (2020-01-30 14:18:45 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200130
>
> for you to fetch changes up to dea101a1ae9968c9fec6ab0291489dad7c49f36f:
>
> target/arm/cpu: Add the kvm-no-adjvtime CPU property (2020-01-30 16:02:06 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES
> * target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr
> * aspeed: some minor bugfixes
> * aspeed: add eMMC controller model for AST2600 SoC
> * hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
> * New 3-phase reset API for device models
> * hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
> * Arm KVM: stop/restart the guest counter when the VM is stopped and started
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2020-11-02 17:09 Peter Maydell
2020-11-03 11:36 ` Peter Maydell
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2020-11-02 17:09 UTC (permalink / raw)
To: qemu-devel
Small pile of bug fixes for rc1. I've included my patches to get
our docs building with Sphinx 3, just for convenience...
-- PMM
The following changes since commit b149dea55cce97cb226683d06af61984a1c11e96:
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201102' into staging (2020-11-02 10:57:48 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201102
for you to fetch changes up to ffb4fbf90a2f63c9cb33e4bb9f854c79bf04ca4a:
tests/qtest/npcm7xx_rng-test: Disable randomness tests (2020-11-02 16:52:18 +0000)
----------------------------------------------------------------
target-arm queue:
* target/arm: Fix Neon emulation bugs on big-endian hosts
* target/arm: fix handling of HCR.FB
* target/arm: fix LORID_EL1 access check
* disas/capstone: Fix monitor disassembly of >32 bytes
* hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
* hw/arm/boot: fix SVE for EL3 direct kernel boot
* hw/display/omap_lcdc: Fix potential NULL pointer dereference
* hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
* target/arm: Get correct MMU index for other-security-state
* configure: Test that gio libs from pkg-config work
* hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
* docs: Fix building with Sphinx 3
* tests/qtest/npcm7xx_rng-test: Disable randomness tests
----------------------------------------------------------------
AlexChen (2):
hw/display/omap_lcdc: Fix potential NULL pointer dereference
hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
Peter Maydell (9):
target/arm: Fix float16 pairwise Neon ops on big-endian hosts
target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts
disas/capstone: Fix monitor disassembly of >32 bytes
target/arm: Get correct MMU index for other-security-state
configure: Test that gio libs from pkg-config work
hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments
qemu-option-trace.rst.inc: Don't use option:: markup
tests/qtest/npcm7xx_rng-test: Disable randomness tests
Philippe Mathieu-Daudé (1):
hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
Richard Henderson (11):
target/arm: Introduce neon_full_reg_offset
target/arm: Move neon_element_offset to translate.c
target/arm: Use neon_element_offset in neon_load/store_reg
target/arm: Use neon_element_offset in vfp_reg_offset
target/arm: Add read/write_neon_element32
target/arm: Expand read/write_neon_element32 to all MemOp
target/arm: Rename neon_load_reg32 to vfp_load_reg32
target/arm: Add read/write_neon_element64
target/arm: Rename neon_load_reg64 to vfp_load_reg64
target/arm: Simplify do_long_3d and do_2scalar_long
target/arm: Improve do_prewiden_3d
Rémi Denis-Courmont (3):
target/arm: fix handling of HCR.FB
target/arm: fix LORID_EL1 access check
hw/arm/boot: fix SVE for EL3 direct kernel boot
docs/qemu-option-trace.rst.inc | 6 +-
configure | 10 +-
include/hw/intc/arm_gicv3_common.h | 1 -
disas/capstone.c | 2 +-
hw/arm/boot.c | 3 +
hw/arm/smmuv3.c | 3 +-
hw/display/exynos4210_fimd.c | 4 +-
hw/display/omap_lcdc.c | 10 +-
hw/intc/arm_gicv3_cpuif.c | 5 +-
target/arm/helper.c | 24 +-
target/arm/m_helper.c | 3 +-
target/arm/translate.c | 153 +++++++++---
target/arm/vec_helper.c | 12 +-
tests/qtest/npcm7xx_rng-test.c | 14 +-
scripts/kernel-doc | 18 +-
target/arm/translate-neon.c.inc | 472 ++++++++++++++++++++-----------------
target/arm/translate-vfp.c.inc | 341 +++++++++++----------------
17 files changed, 588 insertions(+), 493 deletions(-)
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2020-11-02 17:09 Peter Maydell
@ 2020-11-03 11:36 ` Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2020-11-03 11:36 UTC (permalink / raw)
To: QEMU Developers
On Mon, 2 Nov 2020 at 17:10, Peter Maydell <peter.maydell@linaro.org> wrote:
>
>
> Small pile of bug fixes for rc1. I've included my patches to get
> our docs building with Sphinx 3, just for convenience...
>
> -- PMM
>
> The following changes since commit b149dea55cce97cb226683d06af61984a1c11e96:
>
> Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201102' into staging (2020-11-02 10:57:48 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201102
>
> for you to fetch changes up to ffb4fbf90a2f63c9cb33e4bb9f854c79bf04ca4a:
>
> tests/qtest/npcm7xx_rng-test: Disable randomness tests (2020-11-02 16:52:18 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * target/arm: Fix Neon emulation bugs on big-endian hosts
> * target/arm: fix handling of HCR.FB
> * target/arm: fix LORID_EL1 access check
> * disas/capstone: Fix monitor disassembly of >32 bytes
> * hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
> * hw/arm/boot: fix SVE for EL3 direct kernel boot
> * hw/display/omap_lcdc: Fix potential NULL pointer dereference
> * hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
> * target/arm: Get correct MMU index for other-security-state
> * configure: Test that gio libs from pkg-config work
> * hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
> * docs: Fix building with Sphinx 3
> * tests/qtest/npcm7xx_rng-test: Disable randomness tests
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2021-05-10 12:25 Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2021-05-10 12:25 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 4cc10cae64c51e17844dc4358481c393d7bf1ed4:
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging (2021-05-06 18:56:17 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210510
for you to fetch changes up to 8f96812baa53005f32aece3e30b140826c20aa19:
hw/arm/xlnx: Fix PHY address for xilinx-zynq-a9 (2021-05-10 13:24:09 +0100)
----------------------------------------------------------------
target-arm queue:
* docs: fix link in sbsa description
* linux-user/aarch64: Enable hwcap for RND, BTI, and MTE
* target/arm: Fix tlbbits calculation in tlbi_aa64_vae2is_write()
* target/arm: Split neon and vfp translation to their own
compilation units
* target/arm: Make WFI a NOP for userspace emulators
* hw/sd/omap_mmc: Use device_cold_reset() instead of
device_legacy_reset()
* include: More fixes for 'extern "C"' block use
* hw/arm/imx25_pdk: Fix error message for invalid RAM size
* hw/arm/mps2-tz: Implement AN524 memory remapping via machine property
* hw/arm/xlnx: Fix PHY address for xilinx-zynq-a9
----------------------------------------------------------------
Alex Bennée (1):
docs: fix link in sbsa description
Guenter Roeck (1):
hw/arm/xlnx: Fix PHY address for xilinx-zynq-a9
Peter Maydell (22):
target/arm: Fix tlbbits calculation in tlbi_aa64_vae2is_write()
target/arm: Move constant expanders to translate.h
target/arm: Share unallocated_encoding() and gen_exception_insn()
target/arm: Make functions used by m-nocp global
target/arm: Split m-nocp trans functions into their own file
target/arm: Move gen_aa32 functions to translate-a32.h
target/arm: Move vfp_{load, store}_reg{32, 64} to translate-vfp.c.inc
target/arm: Make functions used by translate-vfp global
target/arm: Make translate-vfp.c.inc its own compilation unit
target/arm: Move vfp_reg_ptr() to translate-neon.c.inc
target/arm: Delete unused typedef
target/arm: Move NeonGenThreeOpEnvFn typedef to translate.h
target/arm: Make functions used by translate-neon global
target/arm: Make translate-neon.c.inc its own compilation unit
target/arm: Make WFI a NOP for userspace emulators
hw/sd/omap_mmc: Use device_cold_reset() instead of device_legacy_reset()
osdep: Make os-win32.h and os-posix.h handle 'extern "C"' themselves
include/qemu/bswap.h: Handle being included outside extern "C" block
include/disas/dis-asm.h: Handle being included outside 'extern "C"'
hw/misc/mps2-scc: Add "QEMU interface" comment
hw/misc/mps2-scc: Support using CFG0 bit 0 for remapping
hw/arm/mps2-tz: Implement AN524 memory remapping via machine property
Philippe Mathieu-Daudé (1):
hw/arm/imx25_pdk: Fix error message for invalid RAM size
Richard Henderson (1):
linux-user/aarch64: Enable hwcap for RND, BTI, and MTE
docs/system/arm/mps2.rst | 10 +
docs/system/arm/sbsa.rst | 2 +-
include/disas/dis-asm.h | 12 +-
include/hw/misc/mps2-scc.h | 21 ++
include/qemu/bswap.h | 26 ++-
include/qemu/osdep.h | 8 +-
include/sysemu/os-posix.h | 8 +
include/sysemu/os-win32.h | 8 +
target/arm/translate-a32.h | 144 +++++++++++++
target/arm/translate-a64.h | 2 -
target/arm/translate.h | 29 +++
hw/arm/imx25_pdk.c | 5 +-
hw/arm/mps2-tz.c | 108 +++++++++-
hw/arm/xilinx_zynq.c | 2 +-
hw/misc/mps2-scc.c | 13 +-
hw/sd/omap_mmc.c | 2 +-
linux-user/elfload.c | 13 ++
target/arm/helper.c | 2 +-
target/arm/op_helper.c | 12 ++
target/arm/translate-a64.c | 15 --
target/arm/translate-m-nocp.c | 221 ++++++++++++++++++++
.../arm/{translate-neon.c.inc => translate-neon.c} | 19 +-
.../arm/{translate-vfp.c.inc => translate-vfp.c} | 230 +++------------------
target/arm/translate.c | 200 ++++--------------
disas/arm-a64.cc | 2 -
disas/nanomips.cpp | 2 -
target/arm/meson.build | 15 +-
27 files changed, 718 insertions(+), 413 deletions(-)
create mode 100644 target/arm/translate-a32.h
create mode 100644 target/arm/translate-m-nocp.c
rename target/arm/{translate-neon.c.inc => translate-neon.c} (99%)
rename target/arm/{translate-vfp.c.inc => translate-vfp.c} (94%)
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2022-02-21 9:27 Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2022-02-21 9:27 UTC (permalink / raw)
To: qemu-devel
The following changes since commit e670f6d825d4dee248b311197fd4048469d6772b:
Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220218' into staging (2022-02-20 15:05:41 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220221
for you to fetch changes up to d6333e2543fa41aed4d33f77c808168373e39bff:
ui/cocoa: Fix the leak of qemu_console_get_label (2022-02-21 09:12:18 +0000)
----------------------------------------------------------------
arm, cocoa and misc:
* MAINTAINERS file updates
* Mark remaining global TypeInfo instances as const
* checkpatch: Ensure that TypeInfos are const
* tests/qtest: add qtests for npcm7xx sdhci
* arm hvf: Handle unknown ID registers as RES0
* Make KVM -cpu max exactly like -cpu host
* Fix '-cpu max' for HVF
* Support PAuth extension for hvf
* Kconfig: Add I2C_DEVICES device group
* Kconfig: Add 'imply I2C_DEVICES' on boards with available i2c bus
* hw/arm/armv7m: Handle disconnected clock inputs
* osdep.h: pull out various things into new header files
* hw/timer: fix a9gtimer vmstate
* hw/arm: add initial mori-bmc board
* ui/cocoa: Remove allowedFileTypes restriction in SavePanel
* ui/cocoa: Do not alert even without block devices
* ui/cocoa: Fix the leak of qemu_console_get_label
----------------------------------------------------------------
Akihiko Odaki (3):
MAINTAINERS: Add Akihiko Odaki to macOS-relateds
ui/cocoa: Do not alert even without block devices
ui/cocoa: Fix the leak of qemu_console_get_label
Alexander Graf (2):
hvf: arm: Use macros for sysreg shift/masking
hvf: arm: Handle unknown ID registers as RES0
Ani Sinha (1):
MAINTAINERS: Adding myself as a reviewer of some components
Bernhard Beschow (2):
Mark remaining global TypeInfo instances as const
checkpatch: Ensure that TypeInfos are const
Patrick Venture (1):
hw/arm: add initial mori-bmc board
Pavel Dovgalyuk (1):
hw/timer: fix a9gtimer vmstate
Peter Maydell (14):
target/arm: Move '-cpu host' code to cpu64.c
target/arm: Use aarch64_cpu_register() for 'host' CPU type
target/arm: Make KVM -cpu max exactly like -cpu host
target/arm: Unindent unnecessary else-clause
target/arm: Fix '-cpu max' for HVF
target/arm: Support PAuth extension for hvf
Kconfig: Add I2C_DEVICES device group
Kconfig: Add 'imply I2C_DEVICES' on boards with available i2c bus
hw/arm/armv7m: Handle disconnected clock inputs
include: Move qemu_madvise() and related #defines to new qemu/madvise.h
include: Move qemu_mprotect_*() to new qemu/mprotect.h
include: Move QEMU_MAP_* constants to mmap-alloc.h
include: Move qemu_[id]cache_* declarations to new qemu/cacheinfo.h
include: Move hardware version declarations to new qemu/hw-version.h
Philippe Mathieu-Daudé (1):
ui/cocoa: Remove allowedFileTypes restriction in SavePanel
Shengtan Mao (1):
tests/qtest: add qtests for npcm7xx sdhci
docs/devel/kconfig.rst | 8 +-
docs/system/arm/nuvoton.rst | 1 +
include/qemu/cacheinfo.h | 21 +++
include/qemu/hw-version.h | 27 ++++
include/qemu/madvise.h | 95 +++++++++++
include/qemu/mmap-alloc.h | 23 +++
include/qemu/mprotect.h | 14 ++
include/qemu/osdep.h | 132 ----------------
accel/tcg/translate-all.c | 1 +
backends/hostmem-file.c | 1 +
backends/hostmem.c | 1 +
hw/arm/armv7m.c | 26 ++-
hw/arm/npcm7xx_boards.c | 32 ++++
hw/arm/nseries.c | 1 +
hw/core/generic-loader.c | 2 +-
hw/core/guest-loader.c | 2 +-
hw/display/bcm2835_fb.c | 2 +-
hw/display/i2c-ddc.c | 2 +-
hw/display/macfb.c | 4 +-
hw/display/virtio-vga.c | 2 +-
hw/dma/bcm2835_dma.c | 2 +-
hw/i386/pc_piix.c | 2 +-
hw/i386/sgx-epc.c | 2 +-
hw/ide/core.c | 1 +
hw/intc/bcm2835_ic.c | 2 +-
hw/intc/bcm2836_control.c | 2 +-
hw/ipmi/ipmi.c | 4 +-
hw/mem/nvdimm.c | 2 +-
hw/mem/pc-dimm.c | 2 +-
hw/misc/bcm2835_mbox.c | 2 +-
hw/misc/bcm2835_powermgt.c | 2 +-
hw/misc/bcm2835_property.c | 2 +-
hw/misc/bcm2835_rng.c | 2 +-
hw/misc/pvpanic-isa.c | 2 +-
hw/misc/pvpanic-pci.c | 2 +-
hw/net/fsl_etsec/etsec.c | 2 +-
hw/ppc/prep_systemio.c | 2 +-
hw/ppc/spapr_iommu.c | 2 +-
hw/s390x/s390-pci-bus.c | 2 +-
hw/s390x/sclp.c | 2 +-
hw/s390x/tod-kvm.c | 2 +-
hw/s390x/tod-tcg.c | 2 +-
hw/s390x/tod.c | 2 +-
hw/scsi/lsi53c895a.c | 2 +-
hw/scsi/megasas.c | 1 +
hw/scsi/scsi-bus.c | 1 +
hw/scsi/scsi-disk.c | 1 +
hw/sd/allwinner-sdhost.c | 2 +-
hw/sd/aspeed_sdhci.c | 2 +-
hw/sd/bcm2835_sdhost.c | 2 +-
hw/sd/cadence_sdhci.c | 2 +-
hw/sd/npcm7xx_sdhci.c | 2 +-
hw/timer/a9gtimer.c | 21 +++
hw/usb/dev-mtp.c | 2 +-
hw/usb/host-libusb.c | 2 +-
hw/vfio/igd.c | 2 +-
hw/virtio/virtio-balloon.c | 1 +
hw/virtio/virtio-pmem.c | 2 +-
migration/postcopy-ram.c | 1 +
migration/qemu-file.c | 1 +
migration/ram.c | 1 +
plugins/loader.c | 1 +
qom/object.c | 4 +-
softmmu/physmem.c | 1 +
softmmu/vl.c | 1 +
target/arm/cpu.c | 30 ----
target/arm/cpu64.c | 331 +++++++++++++++++++++------------------
target/arm/hvf/hvf.c | 83 +++++++---
target/i386/cpu.c | 1 +
target/s390x/cpu_models.c | 1 +
tcg/region.c | 3 +
tcg/tcg.c | 1 +
tests/qtest/npcm7xx_sdhci-test.c | 215 +++++++++++++++++++++++++
util/atomic64.c | 1 +
util/cacheflush.c | 1 +
util/cacheinfo.c | 1 +
util/osdep.c | 3 +
util/oslib-posix.c | 1 +
MAINTAINERS | 5 +
hw/arm/Kconfig | 10 ++
hw/i2c/Kconfig | 5 +
hw/rtc/Kconfig | 2 +
hw/sensor/Kconfig | 5 +
scripts/checkpatch.pl | 1 +
tests/qtest/meson.build | 1 +
ui/cocoa.m | 15 +-
86 files changed, 822 insertions(+), 393 deletions(-)
create mode 100644 include/qemu/cacheinfo.h
create mode 100644 include/qemu/hw-version.h
create mode 100644 include/qemu/madvise.h
create mode 100644 include/qemu/mprotect.h
create mode 100644 tests/qtest/npcm7xx_sdhci-test.c
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2022-03-02 20:52 Peter Maydell
2022-03-03 19:57 ` Peter Maydell
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2022-03-02 20:52 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 64ada298b98a51eb2512607f6e6180cb330c47b1:
Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220302' into staging (2022-03-02 12:38:46 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220302
for you to fetch changes up to 268c11984e67867c22f53beb3c7f8b98900d66b2:
ui/cocoa.m: Remove unnecessary NSAutoreleasePools (2022-03-02 19:27:37 +0000)
----------------------------------------------------------------
target-arm queue:
* mps3-an547: Add missing user ahb interfaces
* hw/arm/mps2-tz.c: Update AN547 documentation URL
* hw/input/tsc210x: Don't abort on bad SPI word widths
* hw/i2c: flatten pca954x mux device
* target/arm: Support PSCI 1.1 and SMCCC 1.0
* target/arm: Fix early free of TCG temp in handle_simd_shift_fpint_conv()
* tests/qtest: add qtests for npcm7xx sdhci
* Implement FEAT_LVA
* Implement FEAT_LPA
* Implement FEAT_LPA2 (but do not enable it yet)
* Report KVM's actual PSCI version to guest in dtb
* ui/cocoa.m: Fix updateUIInfo threading issues
* ui/cocoa.m: Remove unnecessary NSAutoreleasePools
----------------------------------------------------------------
Akihiko Odaki (1):
target/arm: Support PSCI 1.1 and SMCCC 1.0
Jimmy Brisson (1):
mps3-an547: Add missing user ahb interfaces
Patrick Venture (1):
hw/i2c: flatten pca954x mux device
Peter Maydell (5):
hw/arm/mps2-tz.c: Update AN547 documentation URL
hw/input/tsc210x: Don't abort on bad SPI word widths
target/arm: Report KVM's actual PSCI version to guest in dtb
ui/cocoa.m: Fix updateUIInfo threading issues
ui/cocoa.m: Remove unnecessary NSAutoreleasePools
Richard Henderson (16):
hw/registerfields: Add FIELD_SEX<N> and FIELD_SDP<N>
target/arm: Set TCR_EL1.TSZ for user-only
target/arm: Fault on invalid TCR_ELx.TxSZ
target/arm: Move arm_pamax out of line
target/arm: Pass outputsize down to check_s2_mmu_setup
target/arm: Use MAKE_64BIT_MASK to compute indexmask
target/arm: Honor TCR_ELx.{I}PS
target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA
target/arm: Implement FEAT_LVA
target/arm: Implement FEAT_LPA
target/arm: Extend arm_fi_to_lfsc to level -1
target/arm: Introduce tlbi_aa64_get_range
target/arm: Fix TLBIRange.base for 16k and 64k pages
target/arm: Validate tlbi TG matches translation granule in use
target/arm: Advertise all page sizes for -cpu max
target/arm: Implement FEAT_LPA2
Shengtan Mao (1):
tests/qtest: add qtests for npcm7xx sdhci
Wentao_Liang (1):
target/arm: Fix early free of TCG temp in handle_simd_shift_fpint_conv()
docs/system/arm/emulation.rst | 3 +
include/hw/registerfields.h | 48 +++++-
target/arm/cpu-param.h | 4 +-
target/arm/cpu.h | 27 ++++
target/arm/internals.h | 58 ++++---
target/arm/kvm-consts.h | 14 +-
hw/arm/boot.c | 11 +-
hw/arm/mps2-tz.c | 6 +-
hw/i2c/i2c_mux_pca954x.c | 77 ++-------
hw/input/tsc210x.c | 8 +-
target/arm/cpu.c | 8 +-
target/arm/cpu64.c | 7 +-
target/arm/helper.c | 332 ++++++++++++++++++++++++++++++---------
target/arm/hvf/hvf.c | 27 +++-
target/arm/kvm64.c | 14 +-
target/arm/psci.c | 35 ++++-
target/arm/translate-a64.c | 2 +-
tests/qtest/npcm7xx_sdhci-test.c | 215 +++++++++++++++++++++++++
tests/qtest/meson.build | 1 +
ui/cocoa.m | 31 ++--
20 files changed, 736 insertions(+), 192 deletions(-)
create mode 100644 tests/qtest/npcm7xx_sdhci-test.c
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2022-03-02 20:52 Peter Maydell
@ 2022-03-03 19:57 ` Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2022-03-03 19:57 UTC (permalink / raw)
To: qemu-devel
On Wed, 2 Mar 2022 at 20:52, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The following changes since commit 64ada298b98a51eb2512607f6e6180cb330c47b1:
>
> Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220302' into staging (2022-03-02 12:38:46 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220302
>
> for you to fetch changes up to 268c11984e67867c22f53beb3c7f8b98900d66b2:
>
> ui/cocoa.m: Remove unnecessary NSAutoreleasePools (2022-03-02 19:27:37 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * mps3-an547: Add missing user ahb interfaces
> * hw/arm/mps2-tz.c: Update AN547 documentation URL
> * hw/input/tsc210x: Don't abort on bad SPI word widths
> * hw/i2c: flatten pca954x mux device
> * target/arm: Support PSCI 1.1 and SMCCC 1.0
> * target/arm: Fix early free of TCG temp in handle_simd_shift_fpint_conv()
> * tests/qtest: add qtests for npcm7xx sdhci
> * Implement FEAT_LVA
> * Implement FEAT_LPA
> * Implement FEAT_LPA2 (but do not enable it yet)
> * Report KVM's actual PSCI version to guest in dtb
> * ui/cocoa.m: Fix updateUIInfo threading issues
> * ui/cocoa.m: Remove unnecessary NSAutoreleasePools
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2023-01-23 13:35 Peter Maydell
2023-01-23 15:17 ` Peter Maydell
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2023-01-23 13:35 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 65cc5ccf06a74c98de73ec683d9a543baa302a12:
Merge tag 'pull-riscv-to-apply-20230120' of https://github.com/alistair23/qemu into staging (2023-01-20 16:17:56 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230123
for you to fetch changes up to 3b07a936d3bfe97b07ddffcfbb532985a88033dd:
target/arm: Look up ARMCPRegInfo at runtime (2023-01-23 13:32:38 +0000)
----------------------------------------------------------------
target-arm queue:
* Widen cnthctl_el2 to uint64_t
* Unify checking for M Main Extension in MRS/MSR
* bitbang_i2c, versatile_i2c: code cleanups
* SME: refactor SME SM/ZA handling
* Fix physical address resolution for MTE
* Fix in_debug path in S1_ptw_translate
* Don't set EXC_RETURN.ES if Security Extension not present
* Implement DBGCLAIM registers
* Provide stubs for more external debug registers
* Look up ARMCPRegInfo at runtime, not translate time
----------------------------------------------------------------
David Reiss (1):
target/arm: Unify checking for M Main Extension in MRS/MSR
Evgeny Iakovlev (2):
target/arm: implement DBGCLAIM registers
target/arm: provide stubs for more external debug registers
Peter Maydell (1):
target/arm: Don't set EXC_RETURN.ES if Security Extension not present
Philippe Mathieu-Daudé (10):
hw/i2c/bitbang_i2c: Define TYPE_GPIO_I2C in public header
hw/i2c/bitbang_i2c: Remove unused dummy MemoryRegion
hw/i2c/bitbang_i2c: Change state calling bitbang_i2c_set_state() helper
hw/i2c/bitbang_i2c: Trace state changes
hw/i2c/bitbang_i2c: Convert DPRINTF() to trace events
hw/i2c/versatile_i2c: Drop useless casts from void * to pointer
hw/i2c/versatile_i2c: Replace VersatileI2CState -> ArmSbconI2CState
hw/i2c/versatile_i2c: Replace TYPE_VERSATILE_I2C -> TYPE_ARM_SBCON_I2C
hw/i2c/versatile_i2c: Use ARM_SBCON_I2C() macro
hw/i2c/versatile_i2c: Rename versatile_i2c -> arm_sbcon_i2c
Richard Henderson (12):
target/arm: Widen cnthctl_el2 to uint64_t
target/arm/sme: Reorg SME access handling in handle_msr_i()
target/arm/sme: Rebuild hflags in set_pstate() helpers
target/arm/sme: Introduce aarch64_set_svcr()
target/arm/sme: Reset SVE state in aarch64_set_svcr()
target/arm/sme: Reset ZA state in aarch64_set_svcr()
target/arm/sme: Rebuild hflags in aarch64_set_svcr()
target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
target/arm: Fix physical address resolution for MTE
target/arm: Fix in_debug path in S1_ptw_translate
target/arm: Reorg do_coproc_insn
target/arm: Look up ARMCPRegInfo at runtime
MAINTAINERS | 1 +
include/hw/i2c/arm_sbcon_i2c.h | 6 +-
include/hw/i2c/bitbang_i2c.h | 2 +
target/arm/cpu.h | 5 +-
target/arm/helper-sme.h | 3 +-
target/arm/helper.h | 11 +-
target/arm/translate.h | 7 +
hw/arm/musicpal.c | 3 +-
hw/arm/realview.c | 2 +-
hw/arm/versatilepb.c | 2 +-
hw/arm/vexpress.c | 2 +-
hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} | 39 ++-
hw/i2c/bitbang_i2c.c | 80 ++++--
linux-user/aarch64/cpu_loop.c | 11 +-
linux-user/aarch64/signal.c | 13 +-
target/arm/debug_helper.c | 54 ++++
target/arm/helper.c | 41 ++-
target/arm/m_helper.c | 24 +-
target/arm/mte_helper.c | 2 +-
target/arm/op_helper.c | 27 +-
target/arm/ptw.c | 4 +-
target/arm/sme_helper.c | 37 +--
target/arm/translate-a64.c | 68 +++--
target/arm/translate.c | 430 +++++++++++++++-------------
hw/arm/Kconfig | 4 +-
hw/i2c/Kconfig | 2 +-
hw/i2c/meson.build | 2 +-
hw/i2c/trace-events | 7 +
28 files changed, 506 insertions(+), 383 deletions(-)
rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (70%)
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2023-01-23 13:35 Peter Maydell
@ 2023-01-23 15:17 ` Peter Maydell
0 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-01-23 15:17 UTC (permalink / raw)
To: qemu-devel
On Mon, 23 Jan 2023 at 13:35, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The following changes since commit 65cc5ccf06a74c98de73ec683d9a543baa302a12:
>
> Merge tag 'pull-riscv-to-apply-20230120' of https://github.com/alistair23/qemu into staging (2023-01-20 16:17:56 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230123
>
> for you to fetch changes up to 3b07a936d3bfe97b07ddffcfbb532985a88033dd:
>
> target/arm: Look up ARMCPRegInfo at runtime (2023-01-23 13:32:38 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * Widen cnthctl_el2 to uint64_t
> * Unify checking for M Main Extension in MRS/MSR
> * bitbang_i2c, versatile_i2c: code cleanups
> * SME: refactor SME SM/ZA handling
> * Fix physical address resolution for MTE
> * Fix in_debug path in S1_ptw_translate
> * Don't set EXC_RETURN.ES if Security Extension not present
> * Implement DBGCLAIM registers
> * Provide stubs for more external debug registers
> * Look up ARMCPRegInfo at runtime, not translate time
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2023-06-23 12:31 Peter Maydell
2023-06-23 12:31 ` [PULL 01/26] target/arm: Add isar_feature_aa64_rme Peter Maydell
` (26 more replies)
0 siblings, 27 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
Hi; here's a target-arm pullreq. Mostly this is RTH's FEAT_RME
series; there are also a handful of bug fixes including some
which aren't arm-specific but which it's convenient to include
here.
thanks
-- PMM
The following changes since commit b455ce4c2f300c8ba47cba7232dd03261368a4cb:
Merge tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k into staging (2023-06-22 10:18:32 +0200)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230623
for you to fetch changes up to 497fad38979c16b6412388927401e577eba43d26:
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym (2023-06-23 11:46:02 +0100)
----------------------------------------------------------------
target-arm queue:
* Add (experimental) support for FEAT_RME
* host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
* target/arm: Restructure has_vfp_d32 test
* hw/arm/sbsa-ref: add ITS support in SBSA GIC
* target/arm: Fix sve predicate store, 8 <= VQ <= 15
* pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
----------------------------------------------------------------
Peter Maydell (2):
host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
Richard Henderson (23):
target/arm: Add isar_feature_aa64_rme
target/arm: Update SCR and HCR for RME
target/arm: SCR_EL3.NS may be RES1
target/arm: Add RME cpregs
target/arm: Introduce ARMSecuritySpace
include/exec/memattrs: Add two bits of space to MemTxAttrs
target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
target/arm: Remove __attribute__((nonnull)) from ptw.c
target/arm: Pipe ARMSecuritySpace through ptw.c
target/arm: NSTable is RES0 for the RME EL3 regime
target/arm: Handle Block and Page bits for security space
target/arm: Handle no-execute for Realm and Root regimes
target/arm: Use get_phys_addr_with_struct in S1_ptw_translate
target/arm: Move s1_is_el0 into S1Translate
target/arm: Use get_phys_addr_with_struct for stage2
target/arm: Add GPC syndrome
target/arm: Implement GPC exceptions
target/arm: Implement the granule protection check
target/arm: Add cpu properties for enabling FEAT_RME
docs/system/arm: Document FEAT_RME
target/arm: Restructure has_vfp_d32 test
target/arm: Fix sve predicate store, 8 <= VQ <= 15
Shashi Mallela (1):
hw/arm/sbsa-ref: add ITS support in SBSA GIC
docs/system/arm/cpu-features.rst | 23 ++
docs/system/arm/emulation.rst | 1 +
docs/system/arm/sbsa.rst | 14 +
include/exec/memattrs.h | 9 +-
include/qemu/compiler.h | 13 +
include/qemu/host-utils.h | 2 +-
target/arm/cpu.h | 151 ++++++++---
target/arm/internals.h | 27 ++
target/arm/syndrome.h | 10 +
hw/arm/sbsa-ref.c | 33 ++-
target/arm/cpu.c | 32 ++-
target/arm/helper.c | 162 ++++++++++-
target/arm/ptw.c | 570 +++++++++++++++++++++++++++++++--------
target/arm/tcg/cpu64.c | 53 ++++
target/arm/tcg/tlb_helper.c | 96 ++++++-
target/arm/tcg/translate-sve.c | 2 +-
pc-bios/keymaps/meson.build | 2 +-
17 files changed, 1034 insertions(+), 166 deletions(-)
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 01/26] target/arm: Add isar_feature_aa64_rme
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 02/26] target/arm: Update SCR and HCR for RME Peter Maydell
` (25 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Add the missing field for ID_AA64PFR0, and the predicate.
Disable it if EL3 is forced off by the board or command-line.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 6 ++++++
target/arm/cpu.c | 4 ++++
2 files changed, 10 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index af0119addfb..c84ec2752f6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2195,6 +2195,7 @@ FIELD(ID_AA64PFR0, SEL2, 36, 4)
FIELD(ID_AA64PFR0, MPAM, 40, 4)
FIELD(ID_AA64PFR0, AMU, 44, 4)
FIELD(ID_AA64PFR0, DIT, 48, 4)
+FIELD(ID_AA64PFR0, RME, 52, 4)
FIELD(ID_AA64PFR0, CSV2, 56, 4)
FIELD(ID_AA64PFR0, CSV3, 60, 4)
@@ -3814,6 +3815,11 @@ static inline bool isar_feature_aa64_sel2(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SEL2) != 0;
}
+static inline bool isar_feature_aa64_rme(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RME) != 0;
+}
+
static inline bool isar_feature_aa64_vh(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, VH) != 0;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 353fc485673..842e1b53ee4 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1989,6 +1989,10 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
cpu->isar.id_dfr0 = FIELD_DP32(cpu->isar.id_dfr0, ID_DFR0, COPSDBG, 0);
cpu->isar.id_aa64pfr0 = FIELD_DP64(cpu->isar.id_aa64pfr0,
ID_AA64PFR0, EL3, 0);
+
+ /* Disable the realm management extension, which requires EL3. */
+ cpu->isar.id_aa64pfr0 = FIELD_DP64(cpu->isar.id_aa64pfr0,
+ ID_AA64PFR0, RME, 0);
}
if (!cpu->has_el2) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 02/26] target/arm: Update SCR and HCR for RME
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
2023-06-23 12:31 ` [PULL 01/26] target/arm: Add isar_feature_aa64_rme Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 03/26] target/arm: SCR_EL3.NS may be RES1 Peter Maydell
` (24 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Define the missing SCR and HCR bits, allow SCR_NSE and {SCR,HCR}_GPF
to be set, and invalidate TLBs when NSE changes.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 5 +++--
target/arm/helper.c | 10 ++++++++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c84ec2752f6..318d1033b87 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1655,7 +1655,7 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
#define HCR_TERR (1ULL << 36)
#define HCR_TEA (1ULL << 37)
#define HCR_MIOCNCE (1ULL << 38)
-/* RES0 bit 39 */
+#define HCR_TME (1ULL << 39)
#define HCR_APK (1ULL << 40)
#define HCR_API (1ULL << 41)
#define HCR_NV (1ULL << 42)
@@ -1664,7 +1664,7 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
#define HCR_NV2 (1ULL << 45)
#define HCR_FWB (1ULL << 46)
#define HCR_FIEN (1ULL << 47)
-/* RES0 bit 48 */
+#define HCR_GPF (1ULL << 48)
#define HCR_TID4 (1ULL << 49)
#define HCR_TICAB (1ULL << 50)
#define HCR_AMVOFFEN (1ULL << 51)
@@ -1729,6 +1729,7 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
#define SCR_TRNDR (1ULL << 40)
#define SCR_ENTP2 (1ULL << 41)
#define SCR_GPF (1ULL << 48)
+#define SCR_NSE (1ULL << 62)
#define HSTR_TTEE (1 << 16)
#define HSTR_TJDBX (1 << 17)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4bee43bd01..d2f0d9226ec 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1874,6 +1874,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
if (cpu_isar_feature(aa64_fgt, cpu)) {
valid_mask |= SCR_FGTEN;
}
+ if (cpu_isar_feature(aa64_rme, cpu)) {
+ valid_mask |= SCR_NSE | SCR_GPF;
+ }
} else {
valid_mask &= ~(SCR_RW | SCR_ST);
if (cpu_isar_feature(aa32_ras, cpu)) {
@@ -1903,10 +1906,10 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
env->cp15.scr_el3 = value;
/*
- * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
+ * If SCR_EL3.{NS,NSE} changes, i.e. change of security state,
* we must invalidate all TLBs below EL3.
*/
- if (changed & SCR_NS) {
+ if (changed & (SCR_NS | SCR_NSE)) {
tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
ARMMMUIdxBit_E20_0 |
ARMMMUIdxBit_E10_1 |
@@ -5654,6 +5657,9 @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
if (cpu_isar_feature(aa64_fwb, cpu)) {
valid_mask |= HCR_FWB;
}
+ if (cpu_isar_feature(aa64_rme, cpu)) {
+ valid_mask |= HCR_GPF;
+ }
}
if (cpu_isar_feature(any_evt, cpu)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 03/26] target/arm: SCR_EL3.NS may be RES1
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
2023-06-23 12:31 ` [PULL 01/26] target/arm: Add isar_feature_aa64_rme Peter Maydell
2023-06-23 12:31 ` [PULL 02/26] target/arm: Update SCR and HCR for RME Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 04/26] target/arm: Add RME cpregs Peter Maydell
` (23 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
With RME, SEL2 must also be present to support secure state.
The NS bit is RES1 if SEL2 is not present.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d2f0d9226ec..9132d4de6a4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1855,6 +1855,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
}
if (cpu_isar_feature(aa64_sel2, cpu)) {
valid_mask |= SCR_EEL2;
+ } else if (cpu_isar_feature(aa64_rme, cpu)) {
+ /* With RME and without SEL2, NS is RES1 (R_GSWWH, I_DJJQJ). */
+ value |= SCR_NS;
}
if (cpu_isar_feature(aa64_mte, cpu)) {
valid_mask |= SCR_ATA;
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 04/26] target/arm: Add RME cpregs
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2023-06-23 12:31 ` [PULL 03/26] target/arm: SCR_EL3.NS may be RES1 Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 05/26] target/arm: Introduce ARMSecuritySpace Peter Maydell
` (22 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
This includes GPCCR, GPTBR, MFAR, the TLB flush insns PAALL, PAALLOS,
RPALOS, RPAOS, and the cache flush insns CIPAPA and CIGDPAPA.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 19 ++++++++++
target/arm/helper.c | 84 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 103 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 318d1033b87..c9c87b515df 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -541,6 +541,11 @@ typedef struct CPUArchState {
uint64_t fgt_read[2]; /* HFGRTR, HDFGRTR */
uint64_t fgt_write[2]; /* HFGWTR, HDFGWTR */
uint64_t fgt_exec[1]; /* HFGITR */
+
+ /* RME registers */
+ uint64_t gpccr_el3;
+ uint64_t gptbr_el3;
+ uint64_t mfar_el3;
} cp15;
struct {
@@ -1055,6 +1060,7 @@ struct ArchCPU {
uint64_t reset_cbar;
uint32_t reset_auxcr;
bool reset_hivecs;
+ uint8_t reset_l0gptsz;
/*
* Intermediate values used during property parsing.
@@ -2341,6 +2347,19 @@ FIELD(MVFR1, SIMDFMAC, 28, 4)
FIELD(MVFR2, SIMDMISC, 0, 4)
FIELD(MVFR2, FPMISC, 4, 4)
+FIELD(GPCCR, PPS, 0, 3)
+FIELD(GPCCR, IRGN, 8, 2)
+FIELD(GPCCR, ORGN, 10, 2)
+FIELD(GPCCR, SH, 12, 2)
+FIELD(GPCCR, PGS, 14, 2)
+FIELD(GPCCR, GPC, 16, 1)
+FIELD(GPCCR, GPCP, 17, 1)
+FIELD(GPCCR, L0GPTSZ, 20, 4)
+
+FIELD(MFAR, FPA, 12, 40)
+FIELD(MFAR, NSE, 62, 1)
+FIELD(MFAR, NS, 63, 1)
+
QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
/* If adding a feature bit which corresponds to a Linux ELF
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9132d4de6a4..006447dde8f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6910,6 +6910,83 @@ static const ARMCPRegInfo sme_reginfo[] = {
.access = PL2_RW, .accessfn = access_esm,
.type = ARM_CP_CONST, .resetvalue = 0 },
};
+
+static void tlbi_aa64_paall_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ CPUState *cs = env_cpu(env);
+
+ tlb_flush(cs);
+}
+
+static void gpccr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ /* L0GPTSZ is RO; other bits not mentioned are RES0. */
+ uint64_t rw_mask = R_GPCCR_PPS_MASK | R_GPCCR_IRGN_MASK |
+ R_GPCCR_ORGN_MASK | R_GPCCR_SH_MASK | R_GPCCR_PGS_MASK |
+ R_GPCCR_GPC_MASK | R_GPCCR_GPCP_MASK;
+
+ env->cp15.gpccr_el3 = (value & rw_mask) | (env->cp15.gpccr_el3 & ~rw_mask);
+}
+
+static void gpccr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+ env->cp15.gpccr_el3 = FIELD_DP64(0, GPCCR, L0GPTSZ,
+ env_archcpu(env)->reset_l0gptsz);
+}
+
+static void tlbi_aa64_paallos_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ CPUState *cs = env_cpu(env);
+
+ tlb_flush_all_cpus_synced(cs);
+}
+
+static const ARMCPRegInfo rme_reginfo[] = {
+ { .name = "GPCCR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 1, .opc2 = 6,
+ .access = PL3_RW, .writefn = gpccr_write, .resetfn = gpccr_reset,
+ .fieldoffset = offsetof(CPUARMState, cp15.gpccr_el3) },
+ { .name = "GPTBR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 1, .opc2 = 4,
+ .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.gptbr_el3) },
+ { .name = "MFAR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 6, .crm = 0, .opc2 = 5,
+ .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mfar_el3) },
+ { .name = "TLBI_PAALL", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 7, .opc2 = 4,
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
+ .writefn = tlbi_aa64_paall_write },
+ { .name = "TLBI_PAALLOS", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 4,
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
+ .writefn = tlbi_aa64_paallos_write },
+ /*
+ * QEMU does not have a way to invalidate by physical address, thus
+ * invalidating a range of physical addresses is accomplished by
+ * flushing all tlb entries in the outer sharable domain,
+ * just like PAALLOS.
+ */
+ { .name = "TLBI_RPALOS", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 4, .opc2 = 7,
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
+ .writefn = tlbi_aa64_paallos_write },
+ { .name = "TLBI_RPAOS", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 4, .opc2 = 3,
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
+ .writefn = tlbi_aa64_paallos_write },
+ { .name = "DC_CIPAPA", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 14, .opc2 = 1,
+ .access = PL3_W, .type = ARM_CP_NOP },
+};
+
+static const ARMCPRegInfo rme_mte_reginfo[] = {
+ { .name = "DC_CIGDPAPA", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 14, .opc2 = 5,
+ .access = PL3_W, .type = ARM_CP_NOP },
+};
#endif /* TARGET_AARCH64 */
static void define_pmu_regs(ARMCPU *cpu)
@@ -9130,6 +9207,13 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (cpu_isar_feature(aa64_fgt, cpu)) {
define_arm_cp_regs(cpu, fgt_reginfo);
}
+
+ if (cpu_isar_feature(aa64_rme, cpu)) {
+ define_arm_cp_regs(cpu, rme_reginfo);
+ if (cpu_isar_feature(aa64_mte, cpu)) {
+ define_arm_cp_regs(cpu, rme_mte_reginfo);
+ }
+ }
#endif
if (cpu_isar_feature(any_predinv, cpu)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 05/26] target/arm: Introduce ARMSecuritySpace
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2023-06-23 12:31 ` [PULL 04/26] target/arm: Add RME cpregs Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 06/26] include/exec/memattrs: Add two bits of space to MemTxAttrs Peter Maydell
` (21 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Introduce both the enumeration and functions to retrieve
the current state, and state outside of EL3.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 89 ++++++++++++++++++++++++++++++++++-----------
target/arm/helper.c | 60 ++++++++++++++++++++++++++++++
2 files changed, 127 insertions(+), 22 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c9c87b515df..125e53b83fe 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2414,25 +2414,53 @@ static inline int arm_feature(CPUARMState *env, int feature)
void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp);
-#if !defined(CONFIG_USER_ONLY)
/*
+ * ARM v9 security states.
+ * The ordering of the enumeration corresponds to the low 2 bits
+ * of the GPI value, and (except for Root) the concat of NSE:NS.
+ */
+
+typedef enum ARMSecuritySpace {
+ ARMSS_Secure = 0,
+ ARMSS_NonSecure = 1,
+ ARMSS_Root = 2,
+ ARMSS_Realm = 3,
+} ARMSecuritySpace;
+
+/* Return true if @space is secure, in the pre-v9 sense. */
+static inline bool arm_space_is_secure(ARMSecuritySpace space)
+{
+ return space == ARMSS_Secure || space == ARMSS_Root;
+}
+
+/* Return the ARMSecuritySpace for @secure, assuming !RME or EL[0-2]. */
+static inline ARMSecuritySpace arm_secure_to_space(bool secure)
+{
+ return secure ? ARMSS_Secure : ARMSS_NonSecure;
+}
+
+#if !defined(CONFIG_USER_ONLY)
+/**
+ * arm_security_space_below_el3:
+ * @env: cpu context
+ *
+ * Return the security space of exception levels below EL3, following
+ * an exception return to those levels. Unlike arm_security_space,
+ * this doesn't care about the current EL.
+ */
+ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env);
+
+/**
+ * arm_is_secure_below_el3:
+ * @env: cpu context
+ *
* Return true if exception levels below EL3 are in secure state,
- * or would be following an exception return to that level.
- * Unlike arm_is_secure() (which is always a question about the
- * _current_ state of the CPU) this doesn't care about the current
- * EL or mode.
+ * or would be following an exception return to those levels.
*/
static inline bool arm_is_secure_below_el3(CPUARMState *env)
{
- assert(!arm_feature(env, ARM_FEATURE_M));
- if (arm_feature(env, ARM_FEATURE_EL3)) {
- return !(env->cp15.scr_el3 & SCR_NS);
- } else {
- /* If EL3 is not supported then the secure state is implementation
- * defined, in which case QEMU defaults to non-secure.
- */
- return false;
- }
+ ARMSecuritySpace ss = arm_security_space_below_el3(env);
+ return ss == ARMSS_Secure;
}
/* Return true if the CPU is AArch64 EL3 or AArch32 Mon */
@@ -2452,16 +2480,23 @@ static inline bool arm_is_el3_or_mon(CPUARMState *env)
return false;
}
-/* Return true if the processor is in secure state */
+/**
+ * arm_security_space:
+ * @env: cpu context
+ *
+ * Return the current security space of the cpu.
+ */
+ARMSecuritySpace arm_security_space(CPUARMState *env);
+
+/**
+ * arm_is_secure:
+ * @env: cpu context
+ *
+ * Return true if the processor is in secure state.
+ */
static inline bool arm_is_secure(CPUARMState *env)
{
- if (arm_feature(env, ARM_FEATURE_M)) {
- return env->v7m.secure;
- }
- if (arm_is_el3_or_mon(env)) {
- return true;
- }
- return arm_is_secure_below_el3(env);
+ return arm_space_is_secure(arm_security_space(env));
}
/*
@@ -2480,11 +2515,21 @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
}
#else
+static inline ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env)
+{
+ return ARMSS_NonSecure;
+}
+
static inline bool arm_is_secure_below_el3(CPUARMState *env)
{
return false;
}
+static inline ARMSecuritySpace arm_security_space(CPUARMState *env)
+{
+ return ARMSS_NonSecure;
+}
+
static inline bool arm_is_secure(CPUARMState *env)
{
return false;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 006447dde8f..f68923d73b4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12136,3 +12136,63 @@ void aarch64_sve_change_el(CPUARMState *env, int old_el,
}
}
#endif
+
+#ifndef CONFIG_USER_ONLY
+ARMSecuritySpace arm_security_space(CPUARMState *env)
+{
+ if (arm_feature(env, ARM_FEATURE_M)) {
+ return arm_secure_to_space(env->v7m.secure);
+ }
+
+ /*
+ * If EL3 is not supported then the secure state is implementation
+ * defined, in which case QEMU defaults to non-secure.
+ */
+ if (!arm_feature(env, ARM_FEATURE_EL3)) {
+ return ARMSS_NonSecure;
+ }
+
+ /* Check for AArch64 EL3 or AArch32 Mon. */
+ if (is_a64(env)) {
+ if (extract32(env->pstate, 2, 2) == 3) {
+ if (cpu_isar_feature(aa64_rme, env_archcpu(env))) {
+ return ARMSS_Root;
+ } else {
+ return ARMSS_Secure;
+ }
+ }
+ } else {
+ if ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON) {
+ return ARMSS_Secure;
+ }
+ }
+
+ return arm_security_space_below_el3(env);
+}
+
+ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env)
+{
+ assert(!arm_feature(env, ARM_FEATURE_M));
+
+ /*
+ * If EL3 is not supported then the secure state is implementation
+ * defined, in which case QEMU defaults to non-secure.
+ */
+ if (!arm_feature(env, ARM_FEATURE_EL3)) {
+ return ARMSS_NonSecure;
+ }
+
+ /*
+ * Note NSE cannot be set without RME, and NSE & !NS is Reserved.
+ * Ignoring NSE when !NS retains consistency without having to
+ * modify other predicates.
+ */
+ if (!(env->cp15.scr_el3 & SCR_NS)) {
+ return ARMSS_Secure;
+ } else if (env->cp15.scr_el3 & SCR_NSE) {
+ return ARMSS_Realm;
+ } else {
+ return ARMSS_NonSecure;
+ }
+}
+#endif /* !CONFIG_USER_ONLY */
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 06/26] include/exec/memattrs: Add two bits of space to MemTxAttrs
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2023-06-23 12:31 ` [PULL 05/26] target/arm: Introduce ARMSecuritySpace Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 07/26] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Peter Maydell
` (20 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
We will need 2 bits to represent ARMSecurityState.
Do not attempt to replace or widen secure, even though it
logically overlaps the new field -- there are uses within
e.g. hw/block/pflash_cfi01.c, which don't know anything
specific about ARM.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/exec/memattrs.h | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index 9fb98bc1efd..d04170aa27a 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -29,10 +29,17 @@ typedef struct MemTxAttrs {
* "didn't specify" if necessary.
*/
unsigned int unspecified:1;
- /* ARM/AMBA: TrustZone Secure access
+ /*
+ * ARM/AMBA: TrustZone Secure access
* x86: System Management Mode access
*/
unsigned int secure:1;
+ /*
+ * ARM: ArmSecuritySpace. This partially overlaps secure, but it is
+ * easier to have both fields to assist code that does not understand
+ * ARMv9 RME, or no specific knowledge of ARM at all (e.g. pflash).
+ */
+ unsigned int space:2;
/* Memory access is usermode (unprivileged) */
unsigned int user:1;
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 07/26] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2023-06-23 12:31 ` [PULL 06/26] include/exec/memattrs: Add two bits of space to MemTxAttrs Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 08/26] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root} Peter Maydell
` (19 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
It will be helpful to have ARMMMUIdx_Phys_* to be in the same
relative order as ARMSecuritySpace enumerators. This requires
the adjustment to the nstable check. While there, check for being
in secure state rather than rely on clearing the low bit making
no change to non-secure state.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 12 ++++++------
target/arm/ptw.c | 12 +++++-------
2 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 125e53b83fe..b3386197759 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2860,18 +2860,18 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
- /* TLBs with 1-1 mapping to the physical address spaces. */
- ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
- ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
-
/*
* Used for second stage of an S12 page table walk, or for descriptor
* loads during first stage of an S1 page table walk. Note that both
* are in use simultaneously for SecureEL2: the security state for
* the S2 ptw is selected by the NS bit from the S1 ptw.
*/
- ARMMMUIdx_Stage2 = 10 | ARM_MMU_IDX_A,
- ARMMMUIdx_Stage2_S = 11 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Stage2_S = 8 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Stage2 = 9 | ARM_MMU_IDX_A,
+
+ /* TLBs with 1-1 mapping to the physical address spaces. */
+ ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
/*
* These are not allocated TLBs and are used only for AT system
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 37bcb17a9ee..3f3517f70b6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1449,16 +1449,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
- if (nstable) {
+ if (nstable && ptw->in_secure) {
/*
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
- * Assert that the non-secure idx are even, and relative order.
+ * Assert the relative order of the secure/non-secure indexes.
*/
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Phys_NS & 1) != 0);
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Stage2 & 1) != 0);
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS + 1 != ARMMMUIdx_Phys_S);
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2 + 1 != ARMMMUIdx_Stage2_S);
- ptw->in_ptw_idx &= ~1;
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_S + 1 != ARMMMUIdx_Phys_NS);
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2_S + 1 != ARMMMUIdx_Stage2);
+ ptw->in_ptw_idx += 1;
ptw->in_secure = false;
}
if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 08/26] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2023-06-23 12:31 ` [PULL 07/26] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 09/26] target/arm: Remove __attribute__((nonnull)) from ptw.c Peter Maydell
` (18 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
With FEAT_RME, there are four physical address spaces.
For now, just define the symbols, and mention them in
the same spots as the other Phys indexes in ptw.c.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 23 +++++++++++++++++++++--
target/arm/ptw.c | 10 ++++++++--
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b3386197759..590216b8559 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2870,8 +2870,10 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Stage2 = 9 | ARM_MMU_IDX_A,
/* TLBs with 1-1 mapping to the physical address spaces. */
- ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
- ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_Root = 12 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_Realm = 13 | ARM_MMU_IDX_A,
/*
* These are not allocated TLBs and are used only for AT system
@@ -2935,6 +2937,23 @@ typedef enum ARMASIdx {
ARMASIdx_TagS = 3,
} ARMASIdx;
+static inline ARMMMUIdx arm_space_to_phys(ARMSecuritySpace space)
+{
+ /* Assert the relative order of the physical mmu indexes. */
+ QEMU_BUILD_BUG_ON(ARMSS_Secure != 0);
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS != ARMMMUIdx_Phys_S + ARMSS_NonSecure);
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_Root != ARMMMUIdx_Phys_S + ARMSS_Root);
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_Realm != ARMMMUIdx_Phys_S + ARMSS_Realm);
+
+ return ARMMMUIdx_Phys_S + space;
+}
+
+static inline ARMSecuritySpace arm_phys_to_space(ARMMMUIdx idx)
+{
+ assert(idx >= ARMMMUIdx_Phys_S && idx <= ARMMMUIdx_Phys_Realm);
+ return idx - ARMMMUIdx_Phys_S;
+}
+
static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
{
/* If all the CLIDR.Ctypem bits are 0 there are no caches, and
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3f3517f70b6..a742bc18263 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -215,8 +215,10 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_E3:
break;
- case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_Phys_S:
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_Root:
+ case ARMMMUIdx_Phys_Realm:
/* No translation for physical address spaces. */
return true;
@@ -2672,8 +2674,10 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
- case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_Phys_S:
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_Root:
+ case ARMMMUIdx_Phys_Realm:
break;
default:
@@ -2861,6 +2865,8 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
switch (mmu_idx) {
case ARMMMUIdx_Phys_S:
case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_Root:
+ case ARMMMUIdx_Phys_Realm:
/* Checking Phys early avoids special casing later vs regime_el. */
return get_phys_addr_disabled(env, address, access_type, mmu_idx,
is_secure, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 09/26] target/arm: Remove __attribute__((nonnull)) from ptw.c
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2023-06-23 12:31 ` [PULL 08/26] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root} Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 10/26] target/arm: Pipe ARMSecuritySpace through ptw.c Peter Maydell
` (17 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
This was added in 7e98e21c098 as part of a reorg in which
one of the argument had been legally NULL, and this caught
actual instances. Now that the reorg is complete, this
serves little purpose.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a742bc18263..f7cbb984f93 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -34,15 +34,13 @@ typedef struct S1Translate {
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
uint64_t address,
MMUAccessType access_type, bool s1_is_el0,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
- __attribute__((nonnull));
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
target_ulong address,
MMUAccessType access_type,
GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
- __attribute__((nonnull));
+ ARMMMUFaultInfo *fi);
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
static const uint8_t pamax_map[] = {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 10/26] target/arm: Pipe ARMSecuritySpace through ptw.c
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2023-06-23 12:31 ` [PULL 09/26] target/arm: Remove __attribute__((nonnull)) from ptw.c Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 11/26] target/arm: NSTable is RES0 for the RME EL3 regime Peter Maydell
` (16 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Add input and output space members to S1Translate. Set and adjust
them in S1_ptw_translate, and the various points at which we drop
secure state. Initialize the space in get_phys_addr; for now leave
get_phys_addr_with_secure considering only secure vs non-secure spaces.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 86 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 71 insertions(+), 15 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f7cbb984f93..e1e7c9a3d22 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -21,11 +21,13 @@
typedef struct S1Translate {
ARMMMUIdx in_mmu_idx;
ARMMMUIdx in_ptw_idx;
+ ARMSecuritySpace in_space;
bool in_secure;
bool in_debug;
bool out_secure;
bool out_rw;
bool out_be;
+ ARMSecuritySpace out_space;
hwaddr out_virt;
hwaddr out_phys;
void *out_host;
@@ -249,6 +251,7 @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
hwaddr addr, ARMMMUFaultInfo *fi)
{
+ ARMSecuritySpace space = ptw->in_space;
bool is_secure = ptw->in_secure;
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
@@ -266,6 +269,9 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
.in_mmu_idx = s2_mmu_idx,
.in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
.in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
+ .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
+ : space == ARMSS_Realm ? ARMSS_Realm
+ : ARMSS_NonSecure),
.in_debug = true,
};
GetPhysAddrResult s2 = { };
@@ -277,11 +283,15 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
ptw->out_phys = s2.f.phys_addr;
pte_attrs = s2.cacheattrs.attrs;
ptw->out_secure = s2.f.attrs.secure;
+ ptw->out_space = s2.f.attrs.space;
} else {
/* Regime is physical. */
ptw->out_phys = addr;
pte_attrs = 0;
ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
+ ptw->out_space = (s2_mmu_idx == ARMMMUIdx_Phys_S ? ARMSS_Secure
+ : space == ARMSS_Realm ? ARMSS_Realm
+ : ARMSS_NonSecure);
}
ptw->out_host = NULL;
ptw->out_rw = false;
@@ -303,6 +313,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
ptw->out_rw = full->prot & PAGE_WRITE;
pte_attrs = full->pte_attrs;
ptw->out_secure = full->attrs.secure;
+ ptw->out_space = full->attrs.space;
#else
g_assert_not_reached();
#endif
@@ -355,7 +366,10 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = ptw->out_secure };
+ MemTxAttrs attrs = {
+ .secure = ptw->out_secure,
+ .space = ptw->out_space,
+ };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
@@ -398,7 +412,10 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
#endif
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = ptw->out_secure };
+ MemTxAttrs attrs = {
+ .secure = ptw->out_secure,
+ .space = ptw->out_space,
+ };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
@@ -909,6 +926,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
* regime, because the attribute will already be non-secure.
*/
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
}
result->f.phys_addr = phys_addr;
return false;
@@ -1616,6 +1634,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
* regime, because the attribute will already be non-secure.
*/
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
}
if (regime_is_stage2(mmu_idx)) {
@@ -2400,6 +2419,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
*/
if (sattrs.ns) {
result->f.attrs.secure = false;
+ result->f.attrs.space = ARMSS_NonSecure;
} else if (!secure) {
/*
* NS access to S memory must fault.
@@ -2750,6 +2770,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
bool is_secure = ptw->in_secure;
bool ret, ipa_secure;
ARMCacheAttrs cacheattrs1;
+ ARMSecuritySpace ipa_space;
bool is_el0;
uint64_t hcr;
@@ -2762,10 +2783,12 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ipa = result->f.phys_addr;
ipa_secure = result->f.attrs.secure;
+ ipa_space = result->f.attrs.space;
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
ptw->in_secure = ipa_secure;
+ ptw->in_space = ipa_space;
ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
/*
@@ -2854,11 +2877,12 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
ARMMMUIdx s1_mmu_idx;
/*
- * The page table entries may downgrade secure to non-secure, but
- * cannot upgrade an non-secure translation regime's attributes
- * to secure.
+ * The page table entries may downgrade Secure to NonSecure, but
+ * cannot upgrade a NonSecure translation regime's attributes
+ * to Secure or Realm.
*/
result->f.attrs.secure = is_secure;
+ result->f.attrs.space = ptw->in_space;
switch (mmu_idx) {
case ARMMMUIdx_Phys_S:
@@ -2910,7 +2934,7 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
default:
/* Single stage uses physical for ptw. */
- ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ ptw->in_ptw_idx = arm_space_to_phys(ptw->in_space);
break;
}
@@ -2985,6 +3009,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_secure = is_secure,
+ .in_space = arm_secure_to_space(is_secure),
};
return get_phys_addr_with_struct(env, &ptw, address, access_type,
result, fi);
@@ -2994,7 +3019,10 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
- bool is_secure;
+ S1Translate ptw = {
+ .in_mmu_idx = mmu_idx,
+ };
+ ARMSecuritySpace ss;
switch (mmu_idx) {
case ARMMMUIdx_E10_0:
@@ -3007,30 +3035,55 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
case ARMMMUIdx_E2:
- is_secure = arm_is_secure_below_el3(env);
+ ss = arm_security_space_below_el3(env);
break;
case ARMMMUIdx_Stage2:
+ /*
+ * For Secure EL2, we need this index to be NonSecure;
+ * otherwise this will already be NonSecure or Realm.
+ */
+ ss = arm_security_space_below_el3(env);
+ if (ss == ARMSS_Secure) {
+ ss = ARMSS_NonSecure;
+ }
+ break;
case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
case ARMMMUIdx_MUser:
- is_secure = false;
+ ss = ARMSS_NonSecure;
break;
- case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
case ARMMMUIdx_Phys_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
case ARMMMUIdx_MSUser:
- is_secure = true;
+ ss = ARMSS_Secure;
+ break;
+ case ARMMMUIdx_E3:
+ if (arm_feature(env, ARM_FEATURE_AARCH64) &&
+ cpu_isar_feature(aa64_rme, env_archcpu(env))) {
+ ss = ARMSS_Root;
+ } else {
+ ss = ARMSS_Secure;
+ }
+ break;
+ case ARMMMUIdx_Phys_Root:
+ ss = ARMSS_Root;
+ break;
+ case ARMMMUIdx_Phys_Realm:
+ ss = ARMSS_Realm;
break;
default:
g_assert_not_reached();
}
- return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+
+ ptw.in_space = ss;
+ ptw.in_secure = arm_space_is_secure(ss);
+ return get_phys_addr_with_struct(env, &ptw, address, access_type,
+ result, fi);
}
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
@@ -3038,9 +3091,12 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
+ ARMMMUIdx mmu_idx = arm_mmu_idx(env);
+ ARMSecuritySpace ss = arm_security_space(env);
S1Translate ptw = {
- .in_mmu_idx = arm_mmu_idx(env),
- .in_secure = arm_is_secure(env),
+ .in_mmu_idx = mmu_idx,
+ .in_space = ss,
+ .in_secure = arm_space_is_secure(ss),
.in_debug = true,
};
GetPhysAddrResult res = {};
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 11/26] target/arm: NSTable is RES0 for the RME EL3 regime
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (9 preceding siblings ...)
2023-06-23 12:31 ` [PULL 10/26] target/arm: Pipe ARMSecuritySpace through ptw.c Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 12/26] target/arm: Handle Block and Page bits for security space Peter Maydell
` (15 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Test in_space instead of in_secure so that we don't
switch out of Root space.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e1e7c9a3d22..ea0ad56f13e 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1275,7 +1275,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
{
ARMCPU *cpu = env_archcpu(env);
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
- bool is_secure = ptw->in_secure;
int32_t level;
ARMVAParameters param;
uint64_t ttbr;
@@ -1291,7 +1290,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
uint64_t descriptor, new_descriptor;
- bool nstable;
/* TODO: This code does not support shareability levels. */
if (aarch64) {
@@ -1453,21 +1451,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
descaddrmask = MAKE_64BIT_MASK(0, 40);
}
descaddrmask &= ~indexmask_grainsize;
-
- /*
- * Secure stage 1 accesses start with the page table in secure memory and
- * can be downgraded to non-secure at any step. Non-secure accesses
- * remain non-secure. We implement this by just ORing in the NSTable/NS
- * bits at each step.
- * Stage 2 never gets this kind of downgrade.
- */
- tableattrs = is_secure ? 0 : (1 << 4);
+ tableattrs = 0;
next_level:
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
- nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
- if (nstable && ptw->in_secure) {
+
+ /*
+ * Process the NSTable bit from the previous level. This changes
+ * the table address space and the output space from Secure to
+ * NonSecure. With RME, the EL3 translation regime does not change
+ * from Root to NonSecure.
+ */
+ if (ptw->in_space == ARMSS_Secure
+ && !regime_is_stage2(mmu_idx)
+ && extract32(tableattrs, 4, 1)) {
/*
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
* Assert the relative order of the secure/non-secure indexes.
@@ -1476,7 +1474,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2_S + 1 != ARMMMUIdx_Stage2);
ptw->in_ptw_idx += 1;
ptw->in_secure = false;
+ ptw->in_space = ARMSS_NonSecure;
}
+
if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
goto do_fault;
}
@@ -1579,7 +1579,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
*/
attrs = new_descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
if (!regime_is_stage2(mmu_idx)) {
- attrs |= nstable << 5; /* NS */
+ attrs |= !ptw->in_secure << 5; /* NS */
if (!param.hpd) {
attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 12/26] target/arm: Handle Block and Page bits for security space
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (10 preceding siblings ...)
2023-06-23 12:31 ` [PULL 11/26] target/arm: NSTable is RES0 for the RME EL3 regime Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 13/26] target/arm: Handle no-execute for Realm and Root regimes Peter Maydell
` (14 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
With Realm security state, bit 55 of a block or page descriptor during
the stage2 walk becomes the NS bit; during the stage1 walk the bit 5
NS bit is RES0. With Root security state, bit 11 of the block or page
descriptor during the stage1 walk becomes the NSE bit.
Rather than collecting an NS bit and applying it later, compute the
output pa space from the input pa space and unconditionally assign.
This means that we no longer need to adjust the output space earlier
for the NSTable bit.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 89 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 73 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ea0ad56f13e..bbae432861f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -990,12 +990,14 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
* @mmu_idx: MMU index indicating required translation regime
* @is_aa64: TRUE if AArch64
* @ap: The 2-bit simple AP (AP[2:1])
- * @ns: NS (non-secure) bit
* @xn: XN (execute-never) bit
* @pxn: PXN (privileged execute-never) bit
+ * @in_pa: The original input pa space
+ * @out_pa: The output pa space, modified by NSTable, NS, and NSE
*/
static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
- int ap, int ns, int xn, int pxn)
+ int ap, int xn, int pxn,
+ ARMSecuritySpace in_pa, ARMSecuritySpace out_pa)
{
ARMCPU *cpu = env_archcpu(env);
bool is_user = regime_is_user(env, mmu_idx);
@@ -1028,7 +1030,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
}
}
- if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) {
+ if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
+ (env->cp15.scr_el3 & SCR_SIF)) {
return prot_rw;
}
@@ -1285,11 +1288,12 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
int32_t stride;
int addrsize, inputsize, outputsize;
uint64_t tcr = regime_tcr(env, mmu_idx);
- int ap, ns, xn, pxn;
+ int ap, xn, pxn;
uint32_t el = regime_el(env, mmu_idx);
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
uint64_t descriptor, new_descriptor;
+ ARMSecuritySpace out_space;
/* TODO: This code does not support shareability levels. */
if (aarch64) {
@@ -1592,15 +1596,75 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
}
ap = extract32(attrs, 6, 2);
+ out_space = ptw->in_space;
if (regime_is_stage2(mmu_idx)) {
- ns = mmu_idx == ARMMMUIdx_Stage2;
+ /*
+ * R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
+ * The bit remains ignored for other security states.
+ */
+ if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
+ out_space = ARMSS_NonSecure;
+ }
xn = extract64(attrs, 53, 2);
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
- ns = extract32(attrs, 5, 1);
+ int nse, ns = extract32(attrs, 5, 1);
+ switch (out_space) {
+ case ARMSS_Root:
+ /*
+ * R_GVZML: Bit 11 becomes the NSE field in the EL3 regime.
+ * R_XTYPW: NSE and NS together select the output pa space.
+ */
+ nse = extract32(attrs, 11, 1);
+ out_space = (nse << 1) | ns;
+ if (out_space == ARMSS_Secure &&
+ !cpu_isar_feature(aa64_sel2, cpu)) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ case ARMSS_Secure:
+ if (ns) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ case ARMSS_Realm:
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ /* I_CZPRF: For Realm EL1&0 stage1, NS bit is RES0. */
+ break;
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ /*
+ * R_LYKFZ, R_WGRZN: For Realm EL2 and EL2&1,
+ * NS changes the output to non-secure space.
+ */
+ if (ns) {
+ out_space = ARMSS_NonSecure;
+ }
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ case ARMSS_NonSecure:
+ /* R_QRMFF: For NonSecure state, the NS bit is RES0. */
+ break;
+ default:
+ g_assert_not_reached();
+ }
xn = extract64(attrs, 54, 1);
pxn = extract64(attrs, 53, 1);
- result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+
+ /*
+ * Note that we modified ptw->in_space earlier for NSTable, but
+ * result->f.attrs retains a copy of the original security space.
+ */
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn,
+ result->f.attrs.space, out_space);
}
if (!(result->f.prot & (1 << access_type))) {
@@ -1627,15 +1691,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
}
}
- if (ns) {
- /*
- * The NS bit will (as required by the architecture) have no effect if
- * the CPU doesn't support TZ or this is a non-secure translation
- * regime, because the attribute will already be non-secure.
- */
- result->f.attrs.secure = false;
- result->f.attrs.space = ARMSS_NonSecure;
- }
+ result->f.attrs.space = out_space;
+ result->f.attrs.secure = arm_space_is_secure(out_space);
if (regime_is_stage2(mmu_idx)) {
result->cacheattrs.is_s2_format = true;
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 13/26] target/arm: Handle no-execute for Realm and Root regimes
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (11 preceding siblings ...)
2023-06-23 12:31 ` [PULL 12/26] target/arm: Handle Block and Page bits for security space Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 14/26] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Peter Maydell
` (13 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
While Root and Realm may read and write data from other spaces,
neither may execute from other pa spaces.
This happens for Stage1 EL3, EL2, EL2&0, and Stage2 EL1&0.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 52 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 46 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index bbae432861f..45271d666b3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -943,7 +943,7 @@ do_fault:
* @xn: XN (execute-never) bits
* @s1_is_el0: true if this is S2 of an S1+2 walk for EL0
*/
-static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+static int get_S2prot_noexecute(int s2ap)
{
int prot = 0;
@@ -953,6 +953,12 @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
if (s2ap & 2) {
prot |= PAGE_WRITE;
}
+ return prot;
+}
+
+static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
+{
+ int prot = get_S2prot_noexecute(s2ap);
if (cpu_isar_feature(any_tts2uxn, env_archcpu(env))) {
switch (xn) {
@@ -1030,9 +1036,39 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
}
}
- if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
- (env->cp15.scr_el3 & SCR_SIF)) {
- return prot_rw;
+ if (in_pa != out_pa) {
+ switch (in_pa) {
+ case ARMSS_Root:
+ /*
+ * R_ZWRVD: permission fault for insn fetched from non-Root,
+ * I_WWBFB: SIF has no effect in EL3.
+ */
+ return prot_rw;
+ case ARMSS_Realm:
+ /*
+ * R_PKTDS: permission fault for insn fetched from non-Realm,
+ * for Realm EL2 or EL2&0. The corresponding fault for EL1&0
+ * happens during any stage2 translation.
+ */
+ switch (mmu_idx) {
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ return prot_rw;
+ default:
+ break;
+ }
+ break;
+ case ARMSS_Secure:
+ if (env->cp15.scr_el3 & SCR_SIF) {
+ return prot_rw;
+ }
+ break;
+ default:
+ /* Input NonSecure must have output NonSecure. */
+ g_assert_not_reached();
+ }
}
/* TODO have_wxn should be replaced with
@@ -1601,12 +1637,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
/*
* R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
* The bit remains ignored for other security states.
+ * R_YMCSL: Executing an insn fetched from non-Realm causes
+ * a stage2 permission fault.
*/
if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
out_space = ARMSS_NonSecure;
+ result->f.prot = get_S2prot_noexecute(ap);
+ } else {
+ xn = extract64(attrs, 53, 2);
+ result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
}
- xn = extract64(attrs, 53, 2);
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
int nse, ns = extract32(attrs, 5, 1);
switch (out_space) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 14/26] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (12 preceding siblings ...)
2023-06-23 12:31 ` [PULL 13/26] target/arm: Handle no-execute for Realm and Root regimes Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 15/26] target/arm: Move s1_is_el0 into S1Translate Peter Maydell
` (12 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Do not provide a fast-path for physical addresses,
as those will need to be validated for GPC.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 44 +++++++++++++++++---------------------------
1 file changed, 17 insertions(+), 27 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 45271d666b3..6d5e4855a33 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -264,37 +264,27 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
* From gdbstub, do not use softmmu so that we don't modify the
* state of the cpu at all, including softmmu tlb contents.
*/
- if (regime_is_stage2(s2_mmu_idx)) {
- S1Translate s2ptw = {
- .in_mmu_idx = s2_mmu_idx,
- .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
- .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
- .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
- : space == ARMSS_Realm ? ARMSS_Realm
- : ARMSS_NonSecure),
- .in_debug = true,
- };
- GetPhysAddrResult s2 = { };
+ S1Translate s2ptw = {
+ .in_mmu_idx = s2_mmu_idx,
+ .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
+ .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
+ .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
+ : space == ARMSS_Realm ? ARMSS_Realm
+ : ARMSS_NonSecure),
+ .in_debug = true,
+ };
+ GetPhysAddrResult s2 = { };
- if (get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
- false, &s2, fi)) {
- goto fail;
- }
- ptw->out_phys = s2.f.phys_addr;
- pte_attrs = s2.cacheattrs.attrs;
- ptw->out_secure = s2.f.attrs.secure;
- ptw->out_space = s2.f.attrs.space;
- } else {
- /* Regime is physical. */
- ptw->out_phys = addr;
- pte_attrs = 0;
- ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
- ptw->out_space = (s2_mmu_idx == ARMMMUIdx_Phys_S ? ARMSS_Secure
- : space == ARMSS_Realm ? ARMSS_Realm
- : ARMSS_NonSecure);
+ if (get_phys_addr_with_struct(env, &s2ptw, addr,
+ MMU_DATA_LOAD, &s2, fi)) {
+ goto fail;
}
+ ptw->out_phys = s2.f.phys_addr;
+ pte_attrs = s2.cacheattrs.attrs;
ptw->out_host = NULL;
ptw->out_rw = false;
+ ptw->out_secure = s2.f.attrs.secure;
+ ptw->out_space = s2.f.attrs.space;
} else {
#ifdef CONFIG_TCG
CPUTLBEntryFull *full;
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 15/26] target/arm: Move s1_is_el0 into S1Translate
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (13 preceding siblings ...)
2023-06-23 12:31 ` [PULL 14/26] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 16/26] target/arm: Use get_phys_addr_with_struct for stage2 Peter Maydell
` (11 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Instead of passing this to get_phys_addr_lpae, stash it
in the S1Translate structure.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-16-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 6d5e4855a33..558b4b731b8 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -24,6 +24,12 @@ typedef struct S1Translate {
ARMSecuritySpace in_space;
bool in_secure;
bool in_debug;
+ /*
+ * If this is stage 2 of a stage 1+2 page table walk, then this must
+ * be true if stage 1 is an EL0 access; otherwise this is ignored.
+ * Stage 2 is indicated by in_mmu_idx set to ARMMMUIdx_Stage2{,_S}.
+ */
+ bool in_s1_is_el0;
bool out_secure;
bool out_rw;
bool out_be;
@@ -34,8 +40,7 @@ typedef struct S1Translate {
} S1Translate;
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
- uint64_t address,
- MMUAccessType access_type, bool s1_is_el0,
+ uint64_t address, MMUAccessType access_type,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
@@ -1289,17 +1294,12 @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
* @ptw: Current and next stage parameters for the walk.
* @address: virtual address to get physical address for
* @access_type: MMU_DATA_LOAD, MMU_DATA_STORE or MMU_INST_FETCH
- * @s1_is_el0: if @ptw->in_mmu_idx is ARMMMUIdx_Stage2
- * (so this is a stage 2 page table walk),
- * must be true if this is stage 2 of a stage 1+2
- * walk for an EL0 access. If @mmu_idx is anything else,
- * @s1_is_el0 is ignored.
* @result: set on translation success,
* @fi: set to fault info if the translation fails
*/
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
uint64_t address,
- MMUAccessType access_type, bool s1_is_el0,
+ MMUAccessType access_type,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
@@ -1635,7 +1635,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
result->f.prot = get_S2prot_noexecute(ap);
} else {
xn = extract64(attrs, 53, 2);
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
+ result->f.prot = get_S2prot(env, ap, xn, ptw->in_s1_is_el0);
}
} else {
int nse, ns = extract32(attrs, 5, 1);
@@ -2858,7 +2858,6 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
bool ret, ipa_secure;
ARMCacheAttrs cacheattrs1;
ARMSecuritySpace ipa_space;
- bool is_el0;
uint64_t hcr;
ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi);
@@ -2872,7 +2871,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ipa_secure = result->f.attrs.secure;
ipa_space = result->f.attrs.space;
- is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
+ ptw->in_s1_is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
ptw->in_secure = ipa_secure;
ptw->in_space = ipa_space;
@@ -2891,8 +2890,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ret = get_phys_addr_pmsav8(env, ipa, access_type,
ptw->in_mmu_idx, is_secure, result, fi);
} else {
- ret = get_phys_addr_lpae(env, ptw, ipa, access_type,
- is_el0, result, fi);
+ ret = get_phys_addr_lpae(env, ptw, ipa, access_type, result, fi);
}
fi->s2addr = ipa;
@@ -3078,8 +3076,7 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, ptw, address, access_type, false,
- result, fi);
+ return get_phys_addr_lpae(env, ptw, address, access_type, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7) ||
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 16/26] target/arm: Use get_phys_addr_with_struct for stage2
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (14 preceding siblings ...)
2023-06-23 12:31 ` [PULL 15/26] target/arm: Move s1_is_el0 into S1Translate Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 17/26] target/arm: Add GPC syndrome Peter Maydell
` (10 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
This fixes a bug in which we failed to initialize
the result attributes properly after the memset.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 558b4b731b8..7c4526e2da1 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -39,10 +39,6 @@ typedef struct S1Translate {
void *out_host;
} S1Translate;
-static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
- uint64_t address, MMUAccessType access_type,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
-
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
target_ulong address,
MMUAccessType access_type,
@@ -2886,12 +2882,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- if (arm_feature(env, ARM_FEATURE_PMSA)) {
- ret = get_phys_addr_pmsav8(env, ipa, access_type,
- ptw->in_mmu_idx, is_secure, result, fi);
- } else {
- ret = get_phys_addr_lpae(env, ptw, ipa, access_type, result, fi);
- }
+ ret = get_phys_addr_with_struct(env, ptw, ipa, access_type, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 17/26] target/arm: Add GPC syndrome
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (15 preceding siblings ...)
2023-06-23 12:31 ` [PULL 16/26] target/arm: Use get_phys_addr_with_struct for stage2 Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 18/26] target/arm: Implement GPC exceptions Peter Maydell
` (9 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
The function takes the fields as filled in by
the Arm ARM pseudocode for TakeGPCException.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/syndrome.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index d27d1bc31f0..62254d0e518 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -50,6 +50,7 @@ enum arm_exception_class {
EC_SVEACCESSTRAP = 0x19,
EC_ERETTRAP = 0x1a,
EC_SMETRAP = 0x1d,
+ EC_GPC = 0x1e,
EC_INSNABORT = 0x20,
EC_INSNABORT_SAME_EL = 0x21,
EC_PCALIGNMENT = 0x22,
@@ -247,6 +248,15 @@ static inline uint32_t syn_bxjtrap(int cv, int cond, int rm)
(cv << 24) | (cond << 20) | rm;
}
+static inline uint32_t syn_gpc(int s2ptw, int ind, int gpcsc,
+ int cm, int s1ptw, int wnr, int fsc)
+{
+ /* TODO: FEAT_NV2 adds VNCR */
+ return (EC_GPC << ARM_EL_EC_SHIFT) | ARM_EL_IL | (s2ptw << 21)
+ | (ind << 20) | (gpcsc << 14) | (cm << 8) | (s1ptw << 7)
+ | (wnr << 6) | fsc;
+}
+
static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
{
return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 18/26] target/arm: Implement GPC exceptions
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (16 preceding siblings ...)
2023-06-23 12:31 ` [PULL 17/26] target/arm: Add GPC syndrome Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 19/26] target/arm: Implement the granule protection check Peter Maydell
` (8 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Handle GPC Fault types in arm_deliver_fault, reporting as
either a GPC exception at EL3, or falling through to insn
or data aborts at various exception levels.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 1 +
target/arm/internals.h | 27 +++++++++++
target/arm/helper.c | 5 ++
target/arm/tcg/tlb_helper.c | 96 +++++++++++++++++++++++++++++++++++--
4 files changed, 126 insertions(+), 3 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 590216b8559..11c3850ad94 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -57,6 +57,7 @@
#define EXCP_UNALIGNED 22 /* v7M UNALIGNED UsageFault */
#define EXCP_DIVBYZERO 23 /* v7M DIVBYZERO UsageFault */
#define EXCP_VSERR 24
+#define EXCP_GPC 25 /* v9 Granule Protection Check Fault */
/* NB: add new EXCP_ defines to the array in arm_log_exception() too */
#define ARMV7M_EXCP_RESET 1
diff --git a/target/arm/internals.h b/target/arm/internals.h
index e3029bdc37a..0f01bc32a8a 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -358,14 +358,27 @@ typedef enum ARMFaultType {
ARMFault_ICacheMaint,
ARMFault_QEMU_NSCExec, /* v8M: NS executing in S&NSC memory */
ARMFault_QEMU_SFault, /* v8M: SecureFault INVTRAN, INVEP or AUVIOL */
+ ARMFault_GPCFOnWalk,
+ ARMFault_GPCFOnOutput,
} ARMFaultType;
+typedef enum ARMGPCF {
+ GPCF_None,
+ GPCF_AddressSize,
+ GPCF_Walk,
+ GPCF_EABT,
+ GPCF_Fail,
+} ARMGPCF;
+
/**
* ARMMMUFaultInfo: Information describing an ARM MMU Fault
* @type: Type of fault
+ * @gpcf: Subtype of ARMFault_GPCFOn{Walk,Output}.
* @level: Table walk level (for translation, access flag and permission faults)
* @domain: Domain of the fault address (for non-LPAE CPUs only)
* @s2addr: Address that caused a fault at stage 2
+ * @paddr: physical address that caused a fault for gpc
+ * @paddr_space: physical address space that caused a fault for gpc
* @stage2: True if we faulted at stage 2
* @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk
* @s1ns: True if we faulted on a non-secure IPA while in secure state
@@ -374,7 +387,10 @@ typedef enum ARMFaultType {
typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
struct ARMMMUFaultInfo {
ARMFaultType type;
+ ARMGPCF gpcf;
target_ulong s2addr;
+ target_ulong paddr;
+ ARMSecuritySpace paddr_space;
int level;
int domain;
bool stage2;
@@ -548,6 +564,17 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
case ARMFault_Exclusive:
fsc = 0x35;
break;
+ case ARMFault_GPCFOnWalk:
+ assert(fi->level >= -1 && fi->level <= 3);
+ if (fi->level < 0) {
+ fsc = 0b100011;
+ } else {
+ fsc = 0b100100 | fi->level;
+ }
+ break;
+ case ARMFault_GPCFOnOutput:
+ fsc = 0b101000;
+ break;
default:
/* Other faults can't occur in a context that requires a
* long-format status code.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f68923d73b4..323cadd3c80 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10184,6 +10184,7 @@ void arm_log_exception(CPUState *cs)
[EXCP_UNALIGNED] = "v7M UNALIGNED UsageFault",
[EXCP_DIVBYZERO] = "v7M DIVBYZERO UsageFault",
[EXCP_VSERR] = "Virtual SERR",
+ [EXCP_GPC] = "Granule Protection Check",
};
if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
@@ -10915,6 +10916,10 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
}
switch (cs->exception_index) {
+ case EXCP_GPC:
+ qemu_log_mask(CPU_LOG_INT, "...with MFAR 0x%" PRIx64 "\n",
+ env->cp15.mfar_el3);
+ /* fall through */
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
/*
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
index 8df36c2cbf0..b22b2a4c6e7 100644
--- a/target/arm/tcg/tlb_helper.c
+++ b/target/arm/tcg/tlb_helper.c
@@ -107,17 +107,106 @@ static uint32_t compute_fsr_fsc(CPUARMState *env, ARMMMUFaultInfo *fi,
return fsr;
}
+static bool report_as_gpc_exception(ARMCPU *cpu, int current_el,
+ ARMMMUFaultInfo *fi)
+{
+ bool ret;
+
+ switch (fi->gpcf) {
+ case GPCF_None:
+ return false;
+ case GPCF_AddressSize:
+ case GPCF_Walk:
+ case GPCF_EABT:
+ /* R_PYTGX: GPT faults are reported as GPC. */
+ ret = true;
+ break;
+ case GPCF_Fail:
+ /*
+ * R_BLYPM: A GPF at EL3 is reported as insn or data abort.
+ * R_VBZMW, R_LXHQR: A GPF at EL[0-2] is reported as a GPC
+ * if SCR_EL3.GPF is set, otherwise an insn or data abort.
+ */
+ ret = (cpu->env.cp15.scr_el3 & SCR_GPF) && current_el != 3;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ assert(cpu_isar_feature(aa64_rme, cpu));
+ assert(fi->type == ARMFault_GPCFOnWalk ||
+ fi->type == ARMFault_GPCFOnOutput);
+ if (fi->gpcf == GPCF_AddressSize) {
+ assert(fi->level == 0);
+ } else {
+ assert(fi->level >= 0 && fi->level <= 1);
+ }
+
+ return ret;
+}
+
+static unsigned encode_gpcsc(ARMMMUFaultInfo *fi)
+{
+ static uint8_t const gpcsc[] = {
+ [GPCF_AddressSize] = 0b000000,
+ [GPCF_Walk] = 0b000100,
+ [GPCF_Fail] = 0b001100,
+ [GPCF_EABT] = 0b010100,
+ };
+
+ /* Note that we've validated fi->gpcf and fi->level above. */
+ return gpcsc[fi->gpcf] | fi->level;
+}
+
static G_NORETURN
void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
MMUAccessType access_type,
int mmu_idx, ARMMMUFaultInfo *fi)
{
CPUARMState *env = &cpu->env;
- int target_el;
+ int target_el = exception_target_el(env);
+ int current_el = arm_current_el(env);
bool same_el;
uint32_t syn, exc, fsr, fsc;
- target_el = exception_target_el(env);
+ if (report_as_gpc_exception(cpu, current_el, fi)) {
+ target_el = 3;
+
+ fsr = compute_fsr_fsc(env, fi, target_el, mmu_idx, &fsc);
+
+ syn = syn_gpc(fi->stage2 && fi->type == ARMFault_GPCFOnWalk,
+ access_type == MMU_INST_FETCH,
+ encode_gpcsc(fi), 0, fi->s1ptw,
+ access_type == MMU_DATA_STORE, fsc);
+
+ env->cp15.mfar_el3 = fi->paddr;
+ switch (fi->paddr_space) {
+ case ARMSS_Secure:
+ break;
+ case ARMSS_NonSecure:
+ env->cp15.mfar_el3 |= R_MFAR_NS_MASK;
+ break;
+ case ARMSS_Root:
+ env->cp15.mfar_el3 |= R_MFAR_NSE_MASK;
+ break;
+ case ARMSS_Realm:
+ env->cp15.mfar_el3 |= R_MFAR_NSE_MASK | R_MFAR_NS_MASK;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ exc = EXCP_GPC;
+ goto do_raise;
+ }
+
+ /* If SCR_EL3.GPF is unset, GPF may still be routed to EL2. */
+ if (fi->gpcf == GPCF_Fail && target_el < 2) {
+ if (arm_hcr_el2_eff(env) & HCR_GPF) {
+ target_el = 2;
+ }
+ }
+
if (fi->stage2) {
target_el = 2;
env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4;
@@ -125,8 +214,8 @@ void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
env->cp15.hpfar_el2 |= HPFAR_NS;
}
}
- same_el = (arm_current_el(env) == target_el);
+ same_el = current_el == target_el;
fsr = compute_fsr_fsc(env, fi, target_el, mmu_idx, &fsc);
if (access_type == MMU_INST_FETCH) {
@@ -143,6 +232,7 @@ void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
exc = EXCP_DATA_ABORT;
}
+ do_raise:
env->exception.vaddress = addr;
env->exception.fsr = fsr;
raise_exception(env, exc, syn, target_el);
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 19/26] target/arm: Implement the granule protection check
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (17 preceding siblings ...)
2023-06-23 12:31 ` [PULL 18/26] target/arm: Implement GPC exceptions Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 20/26] target/arm: Add cpu properties for enabling FEAT_RME Peter Maydell
` (7 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Place the check at the end of get_phys_addr_with_struct,
so that we check all physical results.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-20-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 249 +++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 232 insertions(+), 17 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7c4526e2da1..6015121b99b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -39,11 +39,17 @@ typedef struct S1Translate {
void *out_host;
} S1Translate;
-static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
- target_ulong address,
- MMUAccessType access_type,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi);
+static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
+ target_ulong address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi);
+
+static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
+ target_ulong address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi);
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
static const uint8_t pamax_map[] = {
@@ -230,6 +236,197 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
+static bool granule_protection_check(CPUARMState *env, uint64_t paddress,
+ ARMSecuritySpace pspace,
+ ARMMMUFaultInfo *fi)
+{
+ MemTxAttrs attrs = {
+ .secure = true,
+ .space = ARMSS_Root,
+ };
+ ARMCPU *cpu = env_archcpu(env);
+ uint64_t gpccr = env->cp15.gpccr_el3;
+ unsigned pps, pgs, l0gptsz, level = 0;
+ uint64_t tableaddr, pps_mask, align, entry, index;
+ AddressSpace *as;
+ MemTxResult result;
+ int gpi;
+
+ if (!FIELD_EX64(gpccr, GPCCR, GPC)) {
+ return true;
+ }
+
+ /*
+ * GPC Priority 1 (R_GMGRR):
+ * R_JWCSM: If the configuration of GPCCR_EL3 is invalid,
+ * the access fails as GPT walk fault at level 0.
+ */
+
+ /*
+ * Configuration of PPS to a value exceeding the implemented
+ * physical address size is invalid.
+ */
+ pps = FIELD_EX64(gpccr, GPCCR, PPS);
+ if (pps > FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE)) {
+ goto fault_walk;
+ }
+ pps = pamax_map[pps];
+ pps_mask = MAKE_64BIT_MASK(0, pps);
+
+ switch (FIELD_EX64(gpccr, GPCCR, SH)) {
+ case 0b10: /* outer shareable */
+ break;
+ case 0b00: /* non-shareable */
+ case 0b11: /* inner shareable */
+ /* Inner and Outer non-cacheable requires Outer shareable. */
+ if (FIELD_EX64(gpccr, GPCCR, ORGN) == 0 &&
+ FIELD_EX64(gpccr, GPCCR, IRGN) == 0) {
+ goto fault_walk;
+ }
+ break;
+ default: /* reserved */
+ goto fault_walk;
+ }
+
+ switch (FIELD_EX64(gpccr, GPCCR, PGS)) {
+ case 0b00: /* 4KB */
+ pgs = 12;
+ break;
+ case 0b01: /* 64KB */
+ pgs = 16;
+ break;
+ case 0b10: /* 16KB */
+ pgs = 14;
+ break;
+ default: /* reserved */
+ goto fault_walk;
+ }
+
+ /* Note this field is read-only and fixed at reset. */
+ l0gptsz = 30 + FIELD_EX64(gpccr, GPCCR, L0GPTSZ);
+
+ /*
+ * GPC Priority 2: Secure, Realm or Root address exceeds PPS.
+ * R_CPDSB: A NonSecure physical address input exceeding PPS
+ * does not experience any fault.
+ */
+ if (paddress & ~pps_mask) {
+ if (pspace == ARMSS_NonSecure) {
+ return true;
+ }
+ goto fault_size;
+ }
+
+ /* GPC Priority 3: the base address of GPTBR_EL3 exceeds PPS. */
+ tableaddr = env->cp15.gptbr_el3 << 12;
+ if (tableaddr & ~pps_mask) {
+ goto fault_size;
+ }
+
+ /*
+ * BADDR is aligned per a function of PPS and L0GPTSZ.
+ * These bits of GPTBR_EL3 are RES0, but are not a configuration error,
+ * unlike the RES0 bits of the GPT entries (R_XNKFZ).
+ */
+ align = MAX(pps - l0gptsz + 3, 12);
+ align = MAKE_64BIT_MASK(0, align);
+ tableaddr &= ~align;
+
+ as = arm_addressspace(env_cpu(env), attrs);
+
+ /* Level 0 lookup. */
+ index = extract64(paddress, l0gptsz, pps - l0gptsz);
+ tableaddr += index * 8;
+ entry = address_space_ldq_le(as, tableaddr, attrs, &result);
+ if (result != MEMTX_OK) {
+ goto fault_eabt;
+ }
+
+ switch (extract32(entry, 0, 4)) {
+ case 1: /* block descriptor */
+ if (entry >> 8) {
+ goto fault_walk; /* RES0 bits not 0 */
+ }
+ gpi = extract32(entry, 4, 4);
+ goto found;
+ case 3: /* table descriptor */
+ tableaddr = entry & ~0xf;
+ align = MAX(l0gptsz - pgs - 1, 12);
+ align = MAKE_64BIT_MASK(0, align);
+ if (tableaddr & (~pps_mask | align)) {
+ goto fault_walk; /* RES0 bits not 0 */
+ }
+ break;
+ default: /* invalid */
+ goto fault_walk;
+ }
+
+ /* Level 1 lookup */
+ level = 1;
+ index = extract64(paddress, pgs + 4, l0gptsz - pgs - 4);
+ tableaddr += index * 8;
+ entry = address_space_ldq_le(as, tableaddr, attrs, &result);
+ if (result != MEMTX_OK) {
+ goto fault_eabt;
+ }
+
+ switch (extract32(entry, 0, 4)) {
+ case 1: /* contiguous descriptor */
+ if (entry >> 10) {
+ goto fault_walk; /* RES0 bits not 0 */
+ }
+ /*
+ * Because the softmmu tlb only works on units of TARGET_PAGE_SIZE,
+ * and because we cannot invalidate by pa, and thus will always
+ * flush entire tlbs, we don't actually care about the range here
+ * and can simply extract the GPI as the result.
+ */
+ if (extract32(entry, 8, 2) == 0) {
+ goto fault_walk; /* reserved contig */
+ }
+ gpi = extract32(entry, 4, 4);
+ break;
+ default:
+ index = extract64(paddress, pgs, 4);
+ gpi = extract64(entry, index * 4, 4);
+ break;
+ }
+
+ found:
+ switch (gpi) {
+ case 0b0000: /* no access */
+ break;
+ case 0b1111: /* all access */
+ return true;
+ case 0b1000:
+ case 0b1001:
+ case 0b1010:
+ case 0b1011:
+ if (pspace == (gpi & 3)) {
+ return true;
+ }
+ break;
+ default:
+ goto fault_walk; /* reserved */
+ }
+
+ fi->gpcf = GPCF_Fail;
+ goto fault_common;
+ fault_eabt:
+ fi->gpcf = GPCF_EABT;
+ goto fault_common;
+ fault_size:
+ fi->gpcf = GPCF_AddressSize;
+ goto fault_common;
+ fault_walk:
+ fi->gpcf = GPCF_Walk;
+ fault_common:
+ fi->level = level;
+ fi->paddr = paddress;
+ fi->paddr_space = pspace;
+ return false;
+}
+
static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
{
/*
@@ -276,10 +473,10 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
};
GetPhysAddrResult s2 = { };
- if (get_phys_addr_with_struct(env, &s2ptw, addr,
- MMU_DATA_LOAD, &s2, fi)) {
+ if (get_phys_addr_gpc(env, &s2ptw, addr, MMU_DATA_LOAD, &s2, fi)) {
goto fail;
}
+
ptw->out_phys = s2.f.phys_addr;
pte_attrs = s2.cacheattrs.attrs;
ptw->out_host = NULL;
@@ -332,6 +529,9 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
fail:
assert(fi->type != ARMFault_None);
+ if (fi->type == ARMFault_GPCFOnOutput) {
+ fi->type = ARMFault_GPCFOnWalk;
+ }
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
@@ -2769,7 +2969,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
ARMMMUFaultInfo *fi)
{
uint8_t memattr = 0x00; /* Device nGnRnE */
- uint8_t shareability = 0; /* non-sharable */
+ uint8_t shareability = 0; /* non-shareable */
int r_el;
switch (mmu_idx) {
@@ -2828,7 +3028,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
} else {
memattr = 0x44; /* Normal, NC, No */
}
- shareability = 2; /* outer sharable */
+ shareability = 2; /* outer shareable */
}
result->cacheattrs.is_s2_format = false;
break;
@@ -2856,7 +3056,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ARMSecuritySpace ipa_space;
uint64_t hcr;
- ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi);
+ ret = get_phys_addr_nogpc(env, ptw, address, access_type, result, fi);
/* If S1 fails, return early. */
if (ret) {
@@ -2882,7 +3082,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_with_struct(env, ptw, ipa, access_type, result, fi);
+ ret = get_phys_addr_nogpc(env, ptw, ipa, access_type, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
@@ -2942,7 +3142,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
return false;
}
-static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
+static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
target_ulong address,
MMUAccessType access_type,
GetPhysAddrResult *result,
@@ -3076,6 +3276,23 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
}
}
+static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
+ target_ulong address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
+{
+ if (get_phys_addr_nogpc(env, ptw, address, access_type, result, fi)) {
+ return true;
+ }
+ if (!granule_protection_check(env, result->f.phys_addr,
+ result->f.attrs.space, fi)) {
+ fi->type = ARMFault_GPCFOnOutput;
+ return true;
+ }
+ return false;
+}
+
bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
bool is_secure, GetPhysAddrResult *result,
@@ -3086,8 +3303,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
.in_secure = is_secure,
.in_space = arm_secure_to_space(is_secure),
};
- return get_phys_addr_with_struct(env, &ptw, address, access_type,
- result, fi);
+ return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
}
bool get_phys_addr(CPUARMState *env, target_ulong address,
@@ -3157,8 +3373,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
ptw.in_space = ss;
ptw.in_secure = arm_space_is_secure(ss);
- return get_phys_addr_with_struct(env, &ptw, address, access_type,
- result, fi);
+ return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
}
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
@@ -3178,7 +3393,7 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
ARMMMUFaultInfo fi = {};
bool ret;
- ret = get_phys_addr_with_struct(env, &ptw, addr, MMU_DATA_LOAD, &res, &fi);
+ ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, &res, &fi);
*attrs = res.f.attrs;
if (ret) {
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 20/26] target/arm: Add cpu properties for enabling FEAT_RME
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (18 preceding siblings ...)
2023-06-23 12:31 ` [PULL 19/26] target/arm: Implement the granule protection check Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 21/26] docs/system/arm: Document FEAT_RME Peter Maydell
` (6 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Add an x-rme cpu property to enable FEAT_RME.
Add an x-l0gptsz property to set GPCCR_EL3.L0GPTSZ,
for testing various possible configurations.
We're not currently completely sure whether FEAT_RME will
be OK to enable purely as a CPU-level property, or if it will
need board co-operation, so we're making these experimental
x- properties, so that the people developing the system
level software for RME can try to start using this and let
us know how it goes. The command line syntax for enabling
this will change in future, without backwards-compatibility.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-21-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/tcg/cpu64.c | 53 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 2976f94ae45..6fec2d8a57a 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -142,6 +142,56 @@ static void cpu_max_set_sve_max_vq(Object *obj, Visitor *v, const char *name,
cpu->sve_max_vq = max_vq;
}
+static bool cpu_arm_get_rme(Object *obj, Error **errp)
+{
+ ARMCPU *cpu = ARM_CPU(obj);
+ return cpu_isar_feature(aa64_rme, cpu);
+}
+
+static void cpu_arm_set_rme(Object *obj, bool value, Error **errp)
+{
+ ARMCPU *cpu = ARM_CPU(obj);
+ uint64_t t;
+
+ t = cpu->isar.id_aa64pfr0;
+ t = FIELD_DP64(t, ID_AA64PFR0, RME, value);
+ cpu->isar.id_aa64pfr0 = t;
+}
+
+static void cpu_max_set_l0gptsz(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ ARMCPU *cpu = ARM_CPU(obj);
+ uint32_t value;
+
+ if (!visit_type_uint32(v, name, &value, errp)) {
+ return;
+ }
+
+ /* Encode the value for the GPCCR_EL3 field. */
+ switch (value) {
+ case 30:
+ case 34:
+ case 36:
+ case 39:
+ cpu->reset_l0gptsz = value - 30;
+ break;
+ default:
+ error_setg(errp, "invalid value for l0gptsz");
+ error_append_hint(errp, "valid values are 30, 34, 36, 39\n");
+ break;
+ }
+}
+
+static void cpu_max_get_l0gptsz(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ ARMCPU *cpu = ARM_CPU(obj);
+ uint32_t value = cpu->reset_l0gptsz + 30;
+
+ visit_type_uint32(v, name, &value, errp);
+}
+
static Property arm_cpu_lpa2_property =
DEFINE_PROP_BOOL("lpa2", ARMCPU, prop_lpa2, true);
@@ -700,6 +750,9 @@ void aarch64_max_tcg_initfn(Object *obj)
aarch64_add_sme_properties(obj);
object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_vq,
cpu_max_set_sve_max_vq, NULL, NULL);
+ object_property_add_bool(obj, "x-rme", cpu_arm_get_rme, cpu_arm_set_rme);
+ object_property_add(obj, "x-l0gptsz", "uint32", cpu_max_get_l0gptsz,
+ cpu_max_set_l0gptsz, NULL, NULL);
qdev_property_add_static(DEVICE(obj), &arm_cpu_lpa2_property);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 21/26] docs/system/arm: Document FEAT_RME
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (19 preceding siblings ...)
2023-06-23 12:31 ` [PULL 20/26] target/arm: Add cpu properties for enabling FEAT_RME Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 22/26] host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang Peter Maydell
` (5 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230622143046.1578160-1-richard.henderson@linaro.org
[PMM: fixed typo; note experimental status in emulation.rst too]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
docs/system/arm/cpu-features.rst | 23 +++++++++++++++++++++++
docs/system/arm/emulation.rst | 1 +
2 files changed, 24 insertions(+)
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index f4524b6d3e7..6bb88a40c77 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -435,3 +435,26 @@ As with ``sve-default-vector-length``, if the default length is larger
than the maximum vector length enabled, the actual vector length will
be reduced. If this property is set to ``-1`` then the default vector
length is set to the maximum possible length.
+
+RME CPU Properties
+==================
+
+The status of RME support with QEMU is experimental. At this time we
+only support RME within the CPU proper, not within the SMMU or GIC.
+The feature is enabled by the CPU property ``x-rme``, with the ``x-``
+prefix present as a reminder of the experimental status, and defaults off.
+
+The method for enabling RME will change in some future QEMU release
+without notice or backward compatibility.
+
+RME Level 0 GPT Size Property
+-----------------------------
+
+To aid firmware developers in testing different possible CPU
+configurations, ``x-l0gptsz=S`` may be used to specify the value
+to encode into ``GPCCR_EL3.L0GPTSZ``, a read-only field that
+specifies the size of the Level 0 Granule Protection Table.
+Legal values for ``S`` are 30, 34, 36, and 39; the default is 30.
+
+As with ``x-rme``, the ``x-l0gptsz`` property may be renamed or
+removed in some future QEMU release.
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index ecbbd63adf6..bdafc68819b 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -66,6 +66,7 @@ the following architecture extensions:
- FEAT_RAS (Reliability, availability, and serviceability)
- FEAT_RASv1p1 (RAS Extension v1.1)
- FEAT_RDM (Advanced SIMD rounding double multiply accumulate instructions)
+- FEAT_RME (Realm Management Extension) (NB: support status in QEMU is experimental)
- FEAT_RNG (Random number generator)
- FEAT_S2FWB (Stage 2 forced Write-Back)
- FEAT_SB (Speculation Barrier)
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 22/26] host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (20 preceding siblings ...)
2023-06-23 12:31 ` [PULL 21/26] docs/system/arm: Document FEAT_RME Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 23/26] target/arm: Restructure has_vfp_d32 test Peter Maydell
` (4 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
borrow-out when the host compiler supports it. Unfortunately some
versions of Apple Clang have a bug in their implementation of this
intrinsic which means it returns the wrong value. The effect is that
a QEMU built with the affected compiler will hang when emulating x86
or m68k float80 division.
The upstream LLVM issue is:
https://github.com/llvm/llvm-project/issues/55253
The commit that introduced the bug apparently never made it into an
upstream LLVM release without the subsequent fix
https://github.com/llvm/llvm-project/commit/fffb6e6afdbaba563189c1f715058ed401fbc88d
but unfortunately it did make it into Apple Clang 14.0, as shipped
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
FB12210478.
Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
14 or greater. There is not currently a version of Apple Clang which
has the bug fix -- when one appears we should be able to add an upper
bound to the ifdef condition so we can start using the builtin again.
We make the lower bound a conservative "any Apple clang with major
version 14 or greater" because the consequences of incorrectly
disabling the builtin when it would work are pretty small and the
consequences of not disabling it when we should are pretty bad.
Many thanks to those users who both reported this bug and also
did a lot of work in identifying the root cause; in particular
to Daniel Bertalan and osy.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org
---
include/qemu/compiler.h | 13 +++++++++++++
include/qemu/host-utils.h | 2 +-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index c2f49df1f91..a309f90c768 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -184,4 +184,17 @@
#define QEMU_DISABLE_CFI
#endif
+/*
+ * Apple clang version 14 has a bug in its __builtin_subcll(); define
+ * BUILTIN_SUBCLL_BROKEN for the offending versions so we can avoid it.
+ * When a version of Apple clang which has this bug fixed is released
+ * we can add an upper bound to this check.
+ * See https://gitlab.com/qemu-project/qemu/-/issues/1631
+ * and https://gitlab.com/qemu-project/qemu/-/issues/1659 for details.
+ * The bug never made it into any upstream LLVM releases, only Apple ones.
+ */
+#if defined(__apple_build_version__) && __clang_major__ >= 14
+#define BUILTIN_SUBCLL_BROKEN
+#endif
+
#endif /* COMPILER_H */
diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h
index d3b4dce6a93..011618373e5 100644
--- a/include/qemu/host-utils.h
+++ b/include/qemu/host-utils.h
@@ -649,7 +649,7 @@ static inline uint64_t uadd64_carry(uint64_t x, uint64_t y, bool *pcarry)
*/
static inline uint64_t usub64_borrow(uint64_t x, uint64_t y, bool *pborrow)
{
-#if __has_builtin(__builtin_subcll)
+#if __has_builtin(__builtin_subcll) && !defined(BUILTIN_SUBCLL_BROKEN)
unsigned long long b = *pborrow;
x = __builtin_subcll(x, y, b, &b);
*pborrow = b & 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 23/26] target/arm: Restructure has_vfp_d32 test
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (21 preceding siblings ...)
2023-06-23 12:31 ` [PULL 22/26] host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 24/26] hw/arm/sbsa-ref: add ITS support in SBSA GIC Peter Maydell
` (3 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
One cannot test for feature aa32_simd_r32 without first
testing if AArch32 mode is supported at all. This leads to
qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither
for Apple M1 cpus.
We already have a check for ARMv8-A never setting vfp-d32 true,
so restructure the code so that AArch64 avoids the test entirely.
Reported-by: Mads Ynddal <mads@ynddal.dk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Mads Ynddal <m.ynddal@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Mads Ynddal <m.ynddal@samsung.com>
Message-id: 20230619140216.402530-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 842e1b53ee4..a1e77698ba2 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1402,25 +1402,27 @@ void arm_cpu_post_init(Object *obj)
* KVM does not currently allow us to lie to the guest about its
* ID/feature registers, so the guest always sees what the host has.
*/
- if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)
- ? cpu_isar_feature(aa64_fp_simd, cpu)
- : cpu_isar_feature(aa32_vfp, cpu)) {
- cpu->has_vfp = true;
- if (!kvm_enabled()) {
- qdev_property_add_static(DEVICE(obj), &arm_cpu_has_vfp_property);
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+ if (cpu_isar_feature(aa64_fp_simd, cpu)) {
+ cpu->has_vfp = true;
+ cpu->has_vfp_d32 = true;
+ if (tcg_enabled() || qtest_enabled()) {
+ qdev_property_add_static(DEVICE(obj),
+ &arm_cpu_has_vfp_property);
+ }
}
- }
-
- if (cpu->has_vfp && cpu_isar_feature(aa32_simd_r32, cpu)) {
- cpu->has_vfp_d32 = true;
- if (!kvm_enabled()) {
+ } else if (cpu_isar_feature(aa32_vfp, cpu)) {
+ cpu->has_vfp = true;
+ if (cpu_isar_feature(aa32_simd_r32, cpu)) {
+ cpu->has_vfp_d32 = true;
/*
* The permitted values of the SIMDReg bits [3:0] on
* Armv8-A are either 0b0000 and 0b0010. On such CPUs,
* make sure that has_vfp_d32 can not be set to false.
*/
- if (!(arm_feature(&cpu->env, ARM_FEATURE_V8) &&
- !arm_feature(&cpu->env, ARM_FEATURE_M))) {
+ if ((tcg_enabled() || qtest_enabled())
+ && !(arm_feature(&cpu->env, ARM_FEATURE_V8)
+ && !arm_feature(&cpu->env, ARM_FEATURE_M))) {
qdev_property_add_static(DEVICE(obj),
&arm_cpu_has_vfp_d32_property);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 24/26] hw/arm/sbsa-ref: add ITS support in SBSA GIC
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (22 preceding siblings ...)
2023-06-23 12:31 ` [PULL 23/26] target/arm: Restructure has_vfp_d32 test Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 25/26] target/arm: Fix sve predicate store, 8 <= VQ <= 15 Peter Maydell
` (2 subsequent siblings)
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Shashi Mallela <shashi.mallela@linaro.org>
Create ITS as part of SBSA platform GIC initialization.
GIC ITS information is in DeviceTree so TF-A can pass it to EDK2.
Bumping platform version to 0.2 as this is important hardware change.
Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230619170913.517373-2-marcin.juszkiewicz@linaro.org
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
docs/system/arm/sbsa.rst | 14 ++++++++++++++
hw/arm/sbsa-ref.c | 33 ++++++++++++++++++++++++++++++---
2 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst
index f571fe645e7..a8e0b530a24 100644
--- a/docs/system/arm/sbsa.rst
+++ b/docs/system/arm/sbsa.rst
@@ -46,6 +46,9 @@ to be a complete compliant DT. It currently reports:
- platform version
- GIC addresses
+Platform version
+''''''''''''''''
+
The platform version is only for informing platform firmware about
what kind of ``sbsa-ref`` board it is running on. It is neither
a QEMU versioned machine type nor a reflection of the level of the
@@ -54,3 +57,14 @@ SBSA/SystemReady SR support provided.
The ``machine-version-major`` value is updated when changes breaking
fw compatibility are introduced. The ``machine-version-minor`` value
is updated when features are added that don't break fw compatibility.
+
+Platform version changes:
+
+0.0
+ Devicetree holds information about CPUs, memory and platform version.
+
+0.1
+ GIC information is present in devicetree.
+
+0.2
+ GIC ITS information is present in devicetree.
diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index de21200ff93..0639f97dd5f 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -65,6 +65,7 @@ enum {
SBSA_CPUPERIPHS,
SBSA_GIC_DIST,
SBSA_GIC_REDIST,
+ SBSA_GIC_ITS,
SBSA_SECURE_EC,
SBSA_GWDT_WS0,
SBSA_GWDT_REFRESH,
@@ -108,6 +109,7 @@ static const MemMapEntry sbsa_ref_memmap[] = {
[SBSA_CPUPERIPHS] = { 0x40000000, 0x00040000 },
[SBSA_GIC_DIST] = { 0x40060000, 0x00010000 },
[SBSA_GIC_REDIST] = { 0x40080000, 0x04000000 },
+ [SBSA_GIC_ITS] = { 0x44081000, 0x00020000 },
[SBSA_SECURE_EC] = { 0x50000000, 0x00001000 },
[SBSA_GWDT_REFRESH] = { 0x50010000, 0x00001000 },
[SBSA_GWDT_CONTROL] = { 0x50011000, 0x00001000 },
@@ -181,8 +183,15 @@ static void sbsa_fdt_add_gic_node(SBSAMachineState *sms)
2, sbsa_ref_memmap[SBSA_GIC_REDIST].base,
2, sbsa_ref_memmap[SBSA_GIC_REDIST].size);
+ nodename = g_strdup_printf("/intc/its");
+ qemu_fdt_add_subnode(sms->fdt, nodename);
+ qemu_fdt_setprop_sized_cells(sms->fdt, nodename, "reg",
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].base,
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].size);
+
g_free(nodename);
}
+
/*
* Firmware on this machine only uses ACPI table to load OS, these limited
* device tree nodes are just to let firmware know the info which varies from
@@ -219,7 +228,7 @@ static void create_fdt(SBSAMachineState *sms)
* fw compatibility.
*/
qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);
- qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 1);
+ qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 2);
if (ms->numa_state->have_numa_distance) {
int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
@@ -409,7 +418,20 @@ static void create_secure_ram(SBSAMachineState *sms,
memory_region_add_subregion(secure_sysmem, base, secram);
}
-static void create_gic(SBSAMachineState *sms)
+static void create_its(SBSAMachineState *sms)
+{
+ const char *itsclass = its_class_name();
+ DeviceState *dev;
+
+ dev = qdev_new(itsclass);
+
+ object_property_set_link(OBJECT(dev), "parent-gicv3", OBJECT(sms->gic),
+ &error_abort);
+ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, sbsa_ref_memmap[SBSA_GIC_ITS].base);
+}
+
+static void create_gic(SBSAMachineState *sms, MemoryRegion *mem)
{
unsigned int smp_cpus = MACHINE(sms)->smp.cpus;
SysBusDevice *gicbusdev;
@@ -436,6 +458,10 @@ static void create_gic(SBSAMachineState *sms)
qdev_prop_set_uint32(sms->gic, "len-redist-region-count", 1);
qdev_prop_set_uint32(sms->gic, "redist-region-count[0]", redist0_count);
+ object_property_set_link(OBJECT(sms->gic), "sysmem",
+ OBJECT(mem), &error_fatal);
+ qdev_prop_set_bit(sms->gic, "has-lpi", true);
+
gicbusdev = SYS_BUS_DEVICE(sms->gic);
sysbus_realize_and_unref(gicbusdev, &error_fatal);
sysbus_mmio_map(gicbusdev, 0, sbsa_ref_memmap[SBSA_GIC_DIST].base);
@@ -482,6 +508,7 @@ static void create_gic(SBSAMachineState *sms)
sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
}
+ create_its(sms);
}
static void create_uart(const SBSAMachineState *sms, int uart,
@@ -788,7 +815,7 @@ static void sbsa_ref_init(MachineState *machine)
create_secure_ram(sms, secure_sysmem);
- create_gic(sms);
+ create_gic(sms, sysmem);
create_uart(sms, SBSA_UART, sysmem, serial_hd(0));
create_uart(sms, SBSA_SECURE_UART, secure_sysmem, serial_hd(1));
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 25/26] target/arm: Fix sve predicate store, 8 <= VQ <= 15
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (23 preceding siblings ...)
2023-06-23 12:31 ` [PULL 24/26] hw/arm/sbsa-ref: add ITS support in SBSA GIC Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-23 12:31 ` [PULL 26/26] pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym Peter Maydell
2023-06-25 8:25 ` [PULL 00/26] target-arm queue Richard Henderson
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Brown bag time: store instead of load results in uninitialized temp.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1704
Reported-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620134659.817559-1-richard.henderson@linaro.org
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, st}r")
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/tcg/translate-sve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
index ff050626e66..225d358922c 100644
--- a/target/arm/tcg/translate-sve.c
+++ b/target/arm/tcg/translate-sve.c
@@ -4329,7 +4329,7 @@ void gen_sve_str(DisasContext *s, TCGv_ptr base, int vofs,
/* Predicate register stores can be any multiple of 2. */
if (len_remain >= 8) {
t0 = tcg_temp_new_i64();
- tcg_gen_st_i64(t0, base, vofs + len_align);
+ tcg_gen_ld_i64(t0, base, vofs + len_align);
tcg_gen_qemu_st_i64(t0, clean_addr, midx, MO_LEUQ | MO_ATOM_NONE);
len_remain -= 8;
len_align += 8;
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PULL 26/26] pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (24 preceding siblings ...)
2023-06-23 12:31 ` [PULL 25/26] target/arm: Fix sve predicate store, 8 <= VQ <= 15 Peter Maydell
@ 2023-06-23 12:31 ` Peter Maydell
2023-06-25 8:25 ` [PULL 00/26] target-arm queue Richard Henderson
26 siblings, 0 replies; 42+ messages in thread
From: Peter Maydell @ 2023-06-23 12:31 UTC (permalink / raw)
To: qemu-devel
The xkb official name for the Arabic keyboard layout is 'ara'.
However xkb has for at least the past 15 years also permitted it to
be named via the legacy synonym 'ar'. In xkeyboard-config 2.39 this
synoynm was removed, which breaks compilation of QEMU:
FAILED: pc-bios/keymaps/ar
/home/fred/qemu-git/src/qemu/build-full/qemu-keymap -f pc-bios/keymaps/ar -l ar
xkbcommon: ERROR: Couldn't find file "symbols/ar" in include paths
xkbcommon: ERROR: 1 include paths searched:
xkbcommon: ERROR: /usr/share/X11/xkb
xkbcommon: ERROR: 3 include paths could not be added:
xkbcommon: ERROR: /home/fred/.config/xkb
xkbcommon: ERROR: /home/fred/.xkb
xkbcommon: ERROR: /etc/xkb
xkbcommon: ERROR: Abandoning symbols file "(unnamed)"
xkbcommon: ERROR: Failed to compile xkb_symbols
xkbcommon: ERROR: Failed to compile keymap
The upstream xkeyboard-config change removing the compat
mapping is:
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/commit/470ad2cd8fea84d7210377161d86b31999bb5ea6
Make QEMU always ask for the 'ara' xkb layout, which should work on
both older and newer xkeyboard-config. We leave the QEMU name for
this keyboard layout as 'ar'; it is not the only one where our name
for it deviates from the xkb standard name.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20230620162024.1132013-1-peter.maydell@linaro.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1709
---
pc-bios/keymaps/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build
index bff30833137..0bd8ce00775 100644
--- a/pc-bios/keymaps/meson.build
+++ b/pc-bios/keymaps/meson.build
@@ -1,5 +1,5 @@
keymaps = {
- 'ar': '-l ar',
+ 'ar': '-l ara',
'bepo': '-l fr -v dvorak',
'cz': '-l cz',
'da': '-l dk',
--
2.34.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
` (25 preceding siblings ...)
2023-06-23 12:31 ` [PULL 26/26] pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym Peter Maydell
@ 2023-06-25 8:25 ` Richard Henderson
26 siblings, 0 replies; 42+ messages in thread
From: Richard Henderson @ 2023-06-25 8:25 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 6/23/23 14:31, Peter Maydell wrote:
> Hi; here's a target-arm pullreq. Mostly this is RTH's FEAT_RME
> series; there are also a handful of bug fixes including some
> which aren't arm-specific but which it's convenient to include
> here.
>
> thanks
> -- PMM
>
> The following changes since commit b455ce4c2f300c8ba47cba7232dd03261368a4cb:
>
> Merge tag 'q800-for-8.1-pull-request' ofhttps://github.com/vivier/qemu-m68k into staging (2023-06-22 10:18:32 +0200)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230623
>
> for you to fetch changes up to 497fad38979c16b6412388927401e577eba43d26:
>
> pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym (2023-06-23 11:46:02 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * Add (experimental) support for FEAT_RME
> * host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
> * target/arm: Restructure has_vfp_d32 test
> * hw/arm/sbsa-ref: add ITS support in SBSA GIC
> * target/arm: Fix sve predicate store, 8 <= VQ <= 15
> * pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/8.1 as appropriate.
r~
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2023-09-08 17:05 Peter Maydell
2023-09-11 15:19 ` Stefan Hajnoczi
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2023-09-08 17:05 UTC (permalink / raw)
To: qemu-devel
Hi; here's the latest arm pullreq...
-- PMM
The following changes since commit 03a3a62fbd0aa5227e978eef3c67d3978aec9e5f:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2023-09-07 10:29:06 -0400)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230908
for you to fetch changes up to c8f2eb5d414b788420b938f2ffdde891aa6c3ae8:
arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE (2023-09-08 16:41:36 +0100)
----------------------------------------------------------------
target-arm queue:
* New CPU type: cortex-a710
* Implement new architectural features:
- FEAT_PACQARMA3
- FEAT_EPAC
- FEAT_Pauth2
- FEAT_FPAC
- FEAT_FPACCOMBINE
- FEAT_TIDCP1
* Xilinx Versal: Model the CFU/CFI
* Implement RMR_ELx registers
* Implement handling of HCR_EL2.TIDCP trap bit
* arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE
* hw/intc/arm_gicv3_its: Avoid maybe-uninitialized error in get_vte()
* target/arm: Do not use gen_mte_checkN in trans_STGP
* arm64: Restore trapless ptimer access
----------------------------------------------------------------
Aaron Lindsay (6):
target/arm: Add ID_AA64ISAR2_EL1
target/arm: Add feature detection for FEAT_Pauth2 and extensions
target/arm: Implement FEAT_EPAC
target/arm: Implement FEAT_Pauth2
target/arm: Inform helpers whether a PAC instruction is 'combined'
target/arm: Implement FEAT_FPAC and FEAT_FPACCOMBINE
Colton Lewis (1):
arm64: Restore trapless ptimer access
Francisco Iglesias (8):
hw/misc: Introduce the Xilinx CFI interface
hw/misc: Introduce a model of Xilinx Versal's CFU_APB
hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal CFU_FDRO
hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal's CFU_SFR
hw/misc: Introduce a model of Xilinx Versal's CFRAME_REG
hw/misc: Introduce a model of Xilinx Versal's CFRAME_BCAST_REG
hw/arm/xlnx-versal: Connect the CFU_APB, CFU_FDRO and CFU_SFR
hw/arm/versal: Connect the CFRAME_REG and CFRAME_BCAST_REG
Philippe Mathieu-Daudé (1):
hw/intc/arm_gicv3_its: Avoid maybe-uninitialized error in get_vte()
Richard Henderson (9):
tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC
target/arm: Don't change pauth features when changing algorithm
target/arm: Implement FEAT_PACQARMA3
target/arm: Do not use gen_mte_checkN in trans_STGP
target/arm: Implement RMR_ELx
target/arm: Implement cortex-a710
target/arm: Implement HCR_EL2.TIDCP
target/arm: Implement FEAT_TIDCP1
target/arm: Enable SCTLR_EL1.TIDCP for user-only
Shameer Kolothum (1):
arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE
MAINTAINERS | 10 +
docs/system/arm/cpu-features.rst | 21 +-
docs/system/arm/emulation.rst | 8 +
docs/system/arm/virt.rst | 1 +
include/hw/arm/xlnx-versal.h | 85 +++
include/hw/misc/xlnx-cfi-if.h | 59 +++
include/hw/misc/xlnx-versal-cframe-reg.h | 303 +++++++++++
include/hw/misc/xlnx-versal-cfu.h | 258 ++++++++++
include/sysemu/kvm_int.h | 1 +
target/arm/cpu.h | 54 +-
target/arm/helper.h | 2 +
target/arm/syndrome.h | 7 +
target/arm/tcg/helper-a64.h | 4 +
tests/tcg/aarch64/pauth.h | 23 +
accel/kvm/kvm-all.c | 1 +
hw/arm/virt.c | 1 +
hw/arm/xlnx-versal.c | 155 +++++-
hw/intc/arm_gicv3_its.c | 15 +-
hw/misc/xlnx-cfi-if.c | 34 ++
hw/misc/xlnx-versal-cframe-reg.c | 858 +++++++++++++++++++++++++++++++
hw/misc/xlnx-versal-cfu.c | 563 ++++++++++++++++++++
target/arm/arm-qmp-cmds.c | 2 +-
target/arm/cpu.c | 4 +
target/arm/cpu64.c | 86 +++-
target/arm/helper.c | 68 ++-
target/arm/hvf/hvf.c | 1 +
target/arm/kvm.c | 61 +++
target/arm/kvm64.c | 3 +
target/arm/tcg/cpu64.c | 215 ++++++++
target/arm/tcg/op_helper.c | 33 ++
target/arm/tcg/pauth_helper.c | 180 +++++--
target/arm/tcg/translate-a64.c | 74 +--
target/arm/tcg/translate.c | 33 ++
tests/qtest/arm-cpu-features.c | 12 +-
tests/tcg/aarch64/pauth-2.c | 54 +-
tests/tcg/aarch64/pauth-4.c | 18 +-
tests/tcg/aarch64/pauth-5.c | 10 +
hw/misc/meson.build | 3 +
qemu-options.hx | 15 +
tests/tcg/aarch64/Makefile.target | 6 +-
40 files changed, 3184 insertions(+), 157 deletions(-)
create mode 100644 include/hw/misc/xlnx-cfi-if.h
create mode 100644 include/hw/misc/xlnx-versal-cframe-reg.h
create mode 100644 include/hw/misc/xlnx-versal-cfu.h
create mode 100644 tests/tcg/aarch64/pauth.h
create mode 100644 hw/misc/xlnx-cfi-if.c
create mode 100644 hw/misc/xlnx-versal-cframe-reg.c
create mode 100644 hw/misc/xlnx-versal-cfu.c
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2023-09-08 17:05 Peter Maydell
@ 2023-09-11 15:19 ` Stefan Hajnoczi
0 siblings, 0 replies; 42+ messages in thread
From: Stefan Hajnoczi @ 2023-09-11 15:19 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 115 bytes --]
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any user-visible changes.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PULL 00/26] target-arm queue
@ 2024-07-18 13:20 Peter Maydell
2024-07-19 1:26 ` Richard Henderson
0 siblings, 1 reply; 42+ messages in thread
From: Peter Maydell @ 2024-07-18 13:20 UTC (permalink / raw)
To: qemu-devel
Hi; hopefully this is the last arm pullreq before softfreeze.
There's a handful of miscellaneous bug fixes here, but the
bulk of the pullreq is Mostafa's implementation of 2-stage
translation in the SMMUv3.
thanks
-- PMM
The following changes since commit d74ec4d7dda6322bcc51d1b13ccbd993d3574795:
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging (2024-07-18 10:07:23 +1000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240718
for you to fetch changes up to 30a1690f2402e6c1582d5b3ebcf7940bfe2fad4b:
hvf: arm: Do not advance PC when raising an exception (2024-07-18 13:49:30 +0100)
----------------------------------------------------------------
target-arm queue:
* Fix handling of LDAPR/STLR with negative offset
* LDAPR should honour SCTLR_ELx.nAA
* Use float_status copy in sme_fmopa_s
* hw/display/bcm2835_fb: fix fb_use_offsets condition
* hw/arm/smmuv3: Support and advertise nesting
* Use FPST_F16 for SME FMOPA (widening)
* tests/arm-cpu-features: Do not assume PMU availability
* hvf: arm: Do not advance PC when raising an exception
----------------------------------------------------------------
Akihiko Odaki (2):
tests/arm-cpu-features: Do not assume PMU availability
hvf: arm: Do not advance PC when raising an exception
Daniyal Khan (2):
target/arm: Use float_status copy in sme_fmopa_s
tests/tcg/aarch64: Add test cases for SME FMOPA (widening)
Mostafa Saleh (18):
hw/arm/smmu-common: Add missing size check for stage-1
hw/arm/smmu: Fix IPA for stage-2 events
hw/arm/smmuv3: Fix encoding of CLASS in events
hw/arm/smmu: Use enum for SMMU stage
hw/arm/smmu: Split smmuv3_translate()
hw/arm/smmu: Consolidate ASID and VMID types
hw/arm/smmu: Introduce CACHED_ENTRY_TO_ADDR
hw/arm/smmuv3: Translate CD and TT using stage-2 table
hw/arm/smmu-common: Rework TLB lookup for nesting
hw/arm/smmu-common: Add support for nested TLB
hw/arm/smmu-common: Support nested translation
hw/arm/smmu: Support nesting in smmuv3_range_inval()
hw/arm/smmu: Introduce smmu_iotlb_inv_asid_vmid
hw/arm/smmu: Support nesting in the rest of commands
hw/arm/smmuv3: Support nested SMMUs in smmuv3_notify_iova()
hw/arm/smmuv3: Handle translation faults according to SMMUPTWEventInfo
hw/arm/smmuv3: Support and advertise nesting
hw/arm/smmu: Refactor SMMU OAS
Peter Maydell (2):
target/arm: Fix handling of LDAPR/STLR with negative offset
target/arm: LDAPR should honour SCTLR_ELx.nAA
Richard Henderson (1):
target/arm: Use FPST_F16 for SME FMOPA (widening)
SamJakob (1):
hw/display/bcm2835_fb: fix fb_use_offsets condition
hw/arm/smmuv3-internal.h | 19 +-
include/hw/arm/smmu-common.h | 46 +++-
target/arm/tcg/a64.decode | 2 +-
hw/arm/smmu-common.c | 312 ++++++++++++++++++++++---
hw/arm/smmuv3.c | 467 +++++++++++++++++++++++++-------------
hw/display/bcm2835_fb.c | 2 +-
target/arm/hvf/hvf.c | 1 +
target/arm/tcg/sme_helper.c | 2 +-
target/arm/tcg/translate-a64.c | 2 +-
target/arm/tcg/translate-sme.c | 12 +-
tests/qtest/arm-cpu-features.c | 13 +-
tests/tcg/aarch64/sme-fmopa-1.c | 63 +++++
tests/tcg/aarch64/sme-fmopa-2.c | 56 +++++
tests/tcg/aarch64/sme-fmopa-3.c | 63 +++++
hw/arm/trace-events | 26 ++-
tests/tcg/aarch64/Makefile.target | 5 +-
16 files changed, 846 insertions(+), 245 deletions(-)
create mode 100644 tests/tcg/aarch64/sme-fmopa-1.c
create mode 100644 tests/tcg/aarch64/sme-fmopa-2.c
create mode 100644 tests/tcg/aarch64/sme-fmopa-3.c
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PULL 00/26] target-arm queue
2024-07-18 13:20 Peter Maydell
@ 2024-07-19 1:26 ` Richard Henderson
0 siblings, 0 replies; 42+ messages in thread
From: Richard Henderson @ 2024-07-19 1:26 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 7/18/24 23:20, Peter Maydell wrote:
> Hi; hopefully this is the last arm pullreq before softfreeze.
> There's a handful of miscellaneous bug fixes here, but the
> bulk of the pullreq is Mostafa's implementation of 2-stage
> translation in the SMMUv3.
>
> thanks
> -- PMM
>
> The following changes since commit d74ec4d7dda6322bcc51d1b13ccbd993d3574795:
>
> Merge tag 'pull-trivial-patches' ofhttps://gitlab.com/mjt0k/qemu into staging (2024-07-18 10:07:23 +1000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240718
>
> for you to fetch changes up to 30a1690f2402e6c1582d5b3ebcf7940bfe2fad4b:
>
> hvf: arm: Do not advance PC when raising an exception (2024-07-18 13:49:30 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * Fix handling of LDAPR/STLR with negative offset
> * LDAPR should honour SCTLR_ELx.nAA
> * Use float_status copy in sme_fmopa_s
> * hw/display/bcm2835_fb: fix fb_use_offsets condition
> * hw/arm/smmuv3: Support and advertise nesting
> * Use FPST_F16 for SME FMOPA (widening)
> * tests/arm-cpu-features: Do not assume PMU availability
> * hvf: arm: Do not advance PC when raising an exception
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.
r~
^ permalink raw reply [flat|nested] 42+ messages in thread
end of thread, other threads:[~2024-07-19 1:27 UTC | newest]
Thread overview: 42+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-23 12:31 [PULL 00/26] target-arm queue Peter Maydell
2023-06-23 12:31 ` [PULL 01/26] target/arm: Add isar_feature_aa64_rme Peter Maydell
2023-06-23 12:31 ` [PULL 02/26] target/arm: Update SCR and HCR for RME Peter Maydell
2023-06-23 12:31 ` [PULL 03/26] target/arm: SCR_EL3.NS may be RES1 Peter Maydell
2023-06-23 12:31 ` [PULL 04/26] target/arm: Add RME cpregs Peter Maydell
2023-06-23 12:31 ` [PULL 05/26] target/arm: Introduce ARMSecuritySpace Peter Maydell
2023-06-23 12:31 ` [PULL 06/26] include/exec/memattrs: Add two bits of space to MemTxAttrs Peter Maydell
2023-06-23 12:31 ` [PULL 07/26] target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx Peter Maydell
2023-06-23 12:31 ` [PULL 08/26] target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root} Peter Maydell
2023-06-23 12:31 ` [PULL 09/26] target/arm: Remove __attribute__((nonnull)) from ptw.c Peter Maydell
2023-06-23 12:31 ` [PULL 10/26] target/arm: Pipe ARMSecuritySpace through ptw.c Peter Maydell
2023-06-23 12:31 ` [PULL 11/26] target/arm: NSTable is RES0 for the RME EL3 regime Peter Maydell
2023-06-23 12:31 ` [PULL 12/26] target/arm: Handle Block and Page bits for security space Peter Maydell
2023-06-23 12:31 ` [PULL 13/26] target/arm: Handle no-execute for Realm and Root regimes Peter Maydell
2023-06-23 12:31 ` [PULL 14/26] target/arm: Use get_phys_addr_with_struct in S1_ptw_translate Peter Maydell
2023-06-23 12:31 ` [PULL 15/26] target/arm: Move s1_is_el0 into S1Translate Peter Maydell
2023-06-23 12:31 ` [PULL 16/26] target/arm: Use get_phys_addr_with_struct for stage2 Peter Maydell
2023-06-23 12:31 ` [PULL 17/26] target/arm: Add GPC syndrome Peter Maydell
2023-06-23 12:31 ` [PULL 18/26] target/arm: Implement GPC exceptions Peter Maydell
2023-06-23 12:31 ` [PULL 19/26] target/arm: Implement the granule protection check Peter Maydell
2023-06-23 12:31 ` [PULL 20/26] target/arm: Add cpu properties for enabling FEAT_RME Peter Maydell
2023-06-23 12:31 ` [PULL 21/26] docs/system/arm: Document FEAT_RME Peter Maydell
2023-06-23 12:31 ` [PULL 22/26] host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang Peter Maydell
2023-06-23 12:31 ` [PULL 23/26] target/arm: Restructure has_vfp_d32 test Peter Maydell
2023-06-23 12:31 ` [PULL 24/26] hw/arm/sbsa-ref: add ITS support in SBSA GIC Peter Maydell
2023-06-23 12:31 ` [PULL 25/26] target/arm: Fix sve predicate store, 8 <= VQ <= 15 Peter Maydell
2023-06-23 12:31 ` [PULL 26/26] pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym Peter Maydell
2023-06-25 8:25 ` [PULL 00/26] target-arm queue Richard Henderson
-- strict thread matches above, loose matches on Subject: below --
2024-07-18 13:20 Peter Maydell
2024-07-19 1:26 ` Richard Henderson
2023-09-08 17:05 Peter Maydell
2023-09-11 15:19 ` Stefan Hajnoczi
2023-01-23 13:35 Peter Maydell
2023-01-23 15:17 ` Peter Maydell
2022-03-02 20:52 Peter Maydell
2022-03-03 19:57 ` Peter Maydell
2022-02-21 9:27 Peter Maydell
2021-05-10 12:25 Peter Maydell
2020-11-02 17:09 Peter Maydell
2020-11-03 11:36 ` Peter Maydell
2020-01-30 16:15 Peter Maydell
2020-01-30 19:05 ` Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).