From 824cac681c3e2a6ac2d661c86befd7c36359c924 Mon Sep 17 00:00:00 2001 From: LIU Zhiwei Date: Wed, 12 Oct 2022 14:00:16 +0800 Subject: [PATCH 01/43] target/riscv: Fix PMP propagation for tlb Only the pmp index that be checked by pmp_hart_has_privs can be used by pmp_get_tlb_size to avoid an error pmp index. Before modification, we may use an error pmp index. For example, we check address 0x4fc, and the size 0x4 in pmp_hart_has_privs. If there is an pmp rule, valid range is [0x4fc, 0x500), then pmp_hart_has_privs will return true; However, this checked pmp index is discarded as pmp_hart_has_privs return bool value. In pmp_is_range_in_tlb, it will traverse all pmp rules. The tlb_sa will be 0x0, and tlb_ea will be 0xfff. If there is a pmp rule [0x10, 0x14), it will be misused as it is legal in pmp_get_tlb_size. As we have already known the correct pmp index, just remove the remove the pmp_is_range_in_tlb and get tlb size directly from pmp_get_tlb_size. Signed-off-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221012060016.30856-1-zhiwei_liu@linux.alibaba.com> Signed-off-by: Alistair Francis --- target/riscv/cpu_helper.c | 16 ++++--- target/riscv/pmp.c | 90 +++++++++++++-------------------------- target/riscv/pmp.h | 6 +-- 3 files changed, 42 insertions(+), 70 deletions(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 278d163803..5d66246c2c 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -706,24 +706,26 @@ static int get_physical_address_pmp(CPURISCVState *env, int *prot, int mode) { pmp_priv_t pmp_priv; - target_ulong tlb_size_pmp = 0; + int pmp_index = -1; if (!riscv_feature(env, RISCV_FEATURE_PMP)) { *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; return TRANSLATE_SUCCESS; } - if (!pmp_hart_has_privs(env, addr, size, 1 << access_type, &pmp_priv, - mode)) { + pmp_index = pmp_hart_has_privs(env, addr, size, 1 << access_type, + &pmp_priv, mode); + if (pmp_index < 0) { *prot = 0; return TRANSLATE_PMP_FAIL; } *prot = pmp_priv_to_page_prot(pmp_priv); - if (tlb_size != NULL) { - if (pmp_is_range_in_tlb(env, addr & ~(*tlb_size - 1), &tlb_size_pmp)) { - *tlb_size = tlb_size_pmp; - } + if ((tlb_size != NULL) && pmp_index != MAX_RISCV_PMPS) { + target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1); + target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1; + + *tlb_size = pmp_get_tlb_size(env, pmp_index, tlb_sa, tlb_ea); } return TRANSLATE_SUCCESS; diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 2b43e399b8..d1126a6066 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -292,8 +292,11 @@ static bool pmp_hart_has_privs_default(CPURISCVState *env, target_ulong addr, /* * Check if the address has required RWX privs to complete desired operation + * Return PMP rule index if a pmp rule match + * Return MAX_RISCV_PMPS if default match + * Return negtive value if no match */ -bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, +int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs, target_ulong mode) { @@ -305,8 +308,10 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, /* Short cut if no rules */ if (0 == pmp_get_num_rules(env)) { - return pmp_hart_has_privs_default(env, addr, size, privs, - allowed_privs, mode); + if (pmp_hart_has_privs_default(env, addr, size, privs, + allowed_privs, mode)) { + ret = MAX_RISCV_PMPS; + } } if (size == 0) { @@ -333,7 +338,7 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, if ((s + e) == 1) { qemu_log_mask(LOG_GUEST_ERROR, "pmp violation - access is partially inside\n"); - ret = 0; + ret = -1; break; } @@ -436,18 +441,22 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, } } - ret = ((privs & *allowed_privs) == privs); + if ((privs & *allowed_privs) == privs) { + ret = i; + } break; } } /* No rule matched */ if (ret == -1) { - return pmp_hart_has_privs_default(env, addr, size, privs, - allowed_privs, mode); + if (pmp_hart_has_privs_default(env, addr, size, privs, + allowed_privs, mode)) { + ret = MAX_RISCV_PMPS; + } } - return ret == 1 ? true : false; + return ret; } /* @@ -586,64 +595,25 @@ target_ulong mseccfg_csr_read(CPURISCVState *env) * Calculate the TLB size if the start address or the end address of * PMP entry is presented in the TLB page. */ -static target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index, - target_ulong tlb_sa, target_ulong tlb_ea) +target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index, + target_ulong tlb_sa, target_ulong tlb_ea) { target_ulong pmp_sa = env->pmp_state.addr[pmp_index].sa; target_ulong pmp_ea = env->pmp_state.addr[pmp_index].ea; - if (pmp_sa >= tlb_sa && pmp_ea <= tlb_ea) { - return pmp_ea - pmp_sa + 1; - } - - if (pmp_sa >= tlb_sa && pmp_sa <= tlb_ea && pmp_ea >= tlb_ea) { - return tlb_ea - pmp_sa + 1; - } - - if (pmp_ea <= tlb_ea && pmp_ea >= tlb_sa && pmp_sa <= tlb_sa) { - return pmp_ea - tlb_sa + 1; - } - - return 0; -} - -/* - * Check is there a PMP entry which range covers this page. If so, - * try to find the minimum granularity for the TLB size. - */ -bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa, - target_ulong *tlb_size) -{ - int i; - target_ulong val; - target_ulong tlb_ea = (tlb_sa + TARGET_PAGE_SIZE - 1); - - for (i = 0; i < MAX_RISCV_PMPS; i++) { - val = pmp_get_tlb_size(env, i, tlb_sa, tlb_ea); - if (val) { - if (*tlb_size == 0 || *tlb_size > val) { - *tlb_size = val; - } - } - } - - if (*tlb_size != 0) { + if (pmp_sa <= tlb_sa && pmp_ea >= tlb_ea) { + return TARGET_PAGE_SIZE; + } else { /* - * At this point we have a tlb_size that is the smallest possible size - * That fits within a TARGET_PAGE_SIZE and the PMP region. - * - * If the size is less then TARGET_PAGE_SIZE we drop the size to 1. - * This means the result isn't cached in the TLB and is only used for - * a single translation. - */ - if (*tlb_size < TARGET_PAGE_SIZE) { - *tlb_size = 1; - } - - return true; + * At this point we have a tlb_size that is the smallest possible size + * That fits within a TARGET_PAGE_SIZE and the PMP region. + * + * If the size is less then TARGET_PAGE_SIZE we drop the size to 1. + * This means the result isn't cached in the TLB and is only used for + * a single translation. + */ + return 1; } - - return false; } /* diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h index a8dd797476..da32c61c85 100644 --- a/target/riscv/pmp.h +++ b/target/riscv/pmp.h @@ -72,11 +72,11 @@ target_ulong mseccfg_csr_read(CPURISCVState *env); void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, target_ulong val); target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index); -bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, +int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs, target_ulong mode); -bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa, - target_ulong *tlb_size); +target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index, + target_ulong tlb_sa, target_ulong tlb_ea); void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index); void pmp_update_rule_nums(CPURISCVState *env); uint32_t pmp_get_num_rules(CPURISCVState *env); From 627227636127c44df0e01ab8fd9fae3f731fa8b0 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 22 Oct 2022 19:58:21 +1000 Subject: [PATCH 02/43] tcg/riscv: Fix range matched by TCG_CT_CONST_M12 We were matching a signed 13-bit range, not a 12-bit range. Expand the commentary within the function and be explicit about all of the ranges. Reported-by: LIU Zhiwei Signed-off-by: Richard Henderson Reviewed-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221022095821.2441874-1-richard.henderson@linaro.org> Signed-off-by: Alistair Francis --- tcg/riscv/tcg-target.c.inc | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc index 81a83e45b1..191197853f 100644 --- a/tcg/riscv/tcg-target.c.inc +++ b/tcg/riscv/tcg-target.c.inc @@ -154,13 +154,26 @@ static bool tcg_target_const_match(int64_t val, TCGType type, int ct) if ((ct & TCG_CT_CONST_ZERO) && val == 0) { return 1; } - if ((ct & TCG_CT_CONST_S12) && val == sextreg(val, 0, 12)) { + /* + * Sign extended from 12 bits: [-0x800, 0x7ff]. + * Used for most arithmetic, as this is the isa field. + */ + if ((ct & TCG_CT_CONST_S12) && val >= -0x800 && val <= 0x7ff) { return 1; } - if ((ct & TCG_CT_CONST_N12) && -val == sextreg(-val, 0, 12)) { + /* + * Sign extended from 12 bits, negated: [-0x7ff, 0x800]. + * Used for subtraction, where a constant must be handled by ADDI. + */ + if ((ct & TCG_CT_CONST_N12) && val >= -0x7ff && val <= 0x800) { return 1; } - if ((ct & TCG_CT_CONST_M12) && val >= -0xfff && val <= 0xfff) { + /* + * Sign extended from 12 bits, +/- matching: [-0x7ff, 0x7ff]. + * Used by addsub2, which may need the negative operation, + * and requires the modified constant to be representable. + */ + if ((ct & TCG_CT_CONST_M12) && val >= -0x7ff && val <= 0x7ff) { return 1; } return 0; From 9b246685b3dbbf21800e3a9a09f8bed384a1fb37 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 21 Oct 2022 09:38:36 +1000 Subject: [PATCH 03/43] tcg/riscv: Fix reg overlap case in tcg_out_addsub2 There was a typo using opc_addi instead of opc_add with the two registers. While we're at it, simplify the gating test to al == bl to improve dynamic scheduling even when the output register does not overlap the inputs. Reported-by: LIU Zhiwei Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Message-Id: <20221020233836.2341671-1-richard.henderson@linaro.org> Signed-off-by: Alistair Francis --- tcg/riscv/tcg-target.c.inc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc index 191197853f..2a84c57bec 100644 --- a/tcg/riscv/tcg-target.c.inc +++ b/tcg/riscv/tcg-target.c.inc @@ -700,9 +700,15 @@ static void tcg_out_addsub2(TCGContext *s, if (cbl) { tcg_out_opc_imm(s, opc_addi, rl, al, bl); tcg_out_opc_imm(s, OPC_SLTIU, TCG_REG_TMP0, rl, bl); - } else if (rl == al && rl == bl) { + } else if (al == bl) { + /* + * If the input regs overlap, this is a simple doubling + * and carry-out is the input msb. This special case is + * required when the output reg overlaps the input, + * but we might as well use it always. + */ tcg_out_opc_imm(s, OPC_SLTI, TCG_REG_TMP0, al, 0); - tcg_out_opc_reg(s, opc_addi, rl, al, bl); + tcg_out_opc_reg(s, opc_add, rl, al, al); } else { tcg_out_opc_reg(s, opc_add, rl, al, bl); tcg_out_opc_reg(s, OPC_SLTU, TCG_REG_TMP0, From 2e3a933abb8bd965db99375bfc341d2d46480995 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 24 Oct 2022 09:33:37 +1000 Subject: [PATCH 04/43] tcg/riscv: Fix base register for user-only qemu_ld/st When guest_base != 0, we were not coordinating the usage of TCG_REG_TMP0 as base properly, leading to a previous zero-extend of the input address being discarded. Shuffle the alignment check to the front, because that does not depend on the zero-extend, and it keeps the register usage clear. Set base after each step of the address arithmetic instead of before. Return the base register used from tcg_out_tlb_load, so as to keep that register choice localized to that function. Reported-by: LIU Zhiwei Signed-off-by: Richard Henderson Reviewed-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221023233337.2846860-1-richard.henderson@linaro.org> Signed-off-by: Alistair Francis --- tcg/riscv/tcg-target.c.inc | 39 +++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc index 2a84c57bec..e3b608034f 100644 --- a/tcg/riscv/tcg-target.c.inc +++ b/tcg/riscv/tcg-target.c.inc @@ -923,9 +923,9 @@ static void tcg_out_goto(TCGContext *s, const tcg_insn_unit *target) tcg_debug_assert(ok); } -static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl, - TCGReg addrh, MemOpIdx oi, - tcg_insn_unit **label_ptr, bool is_load) +static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addrl, + TCGReg addrh, MemOpIdx oi, + tcg_insn_unit **label_ptr, bool is_load) { MemOp opc = get_memop(oi); unsigned s_bits = opc & MO_SIZE; @@ -975,6 +975,7 @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl, addrl = TCG_REG_TMP0; } tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_REG_TMP2, addrl); + return TCG_REG_TMP0; } static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi, @@ -1177,7 +1178,7 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64) #else unsigned a_bits; #endif - TCGReg base = TCG_REG_TMP0; + TCGReg base; data_regl = *args++; data_regh = (TCG_TARGET_REG_BITS == 32 && is_64 ? *args++ : 0); @@ -1187,23 +1188,25 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64) opc = get_memop(oi); #if defined(CONFIG_SOFTMMU) - tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 1); + base = tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 1); tcg_out_qemu_ld_direct(s, data_regl, data_regh, base, opc, is_64); add_qemu_ldst_label(s, 1, oi, (is_64 ? TCG_TYPE_I64 : TCG_TYPE_I32), data_regl, data_regh, addr_regl, addr_regh, s->code_ptr, label_ptr); #else - if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) { - tcg_out_ext32u(s, base, addr_regl); - addr_regl = base; - } a_bits = get_alignment_bits(opc); if (a_bits) { tcg_out_test_alignment(s, true, addr_regl, a_bits); } + base = addr_regl; + if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) { + tcg_out_ext32u(s, TCG_REG_TMP0, base); + base = TCG_REG_TMP0; + } if (guest_base != 0) { - tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl); + tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_GUEST_BASE_REG, base); + base = TCG_REG_TMP0; } tcg_out_qemu_ld_direct(s, data_regl, data_regh, base, opc, is_64); #endif @@ -1249,7 +1252,7 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64) #else unsigned a_bits; #endif - TCGReg base = TCG_REG_TMP0; + TCGReg base; data_regl = *args++; data_regh = (TCG_TARGET_REG_BITS == 32 && is_64 ? *args++ : 0); @@ -1259,23 +1262,25 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64) opc = get_memop(oi); #if defined(CONFIG_SOFTMMU) - tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 0); + base = tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 0); tcg_out_qemu_st_direct(s, data_regl, data_regh, base, opc); add_qemu_ldst_label(s, 0, oi, (is_64 ? TCG_TYPE_I64 : TCG_TYPE_I32), data_regl, data_regh, addr_regl, addr_regh, s->code_ptr, label_ptr); #else - if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) { - tcg_out_ext32u(s, base, addr_regl); - addr_regl = base; - } a_bits = get_alignment_bits(opc); if (a_bits) { tcg_out_test_alignment(s, false, addr_regl, a_bits); } + base = addr_regl; + if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) { + tcg_out_ext32u(s, TCG_REG_TMP0, base); + base = TCG_REG_TMP0; + } if (guest_base != 0) { - tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl); + tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_GUEST_BASE_REG, base); + base = TCG_REG_TMP0; } tcg_out_qemu_st_direct(s, data_regl, data_regh, base, opc); #endif From 5379c1d0a401121628ba43faea8819a50b4bdb86 Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Tue, 25 Oct 2022 14:33:36 +1000 Subject: [PATCH 05/43] hw/riscv/opentitan: bump opentitan This patch updates the OpenTitan model to match the specified register layout as per [1]. Which is also the latest commit of OpenTitan supported by TockOS. Note: Pinmux and Padctrl has been merged into Pinmux [2][3], this patch removes any references to Padctrl. Note: OpenTitan doc [2] has not yet specified much detail regarding this, except for a note that states `TODO: this section needs to be updated to reflect the pinmux/padctrl merger` [1] https://github.com/lowRISC/opentitan/blob/d072ac505f82152678d6e04be95c72b728a347b8/hw/top_earlgrey/sw/autogen/top_earlgrey_memory.h [2] https://docs.opentitan.org/hw/top_earlgrey/doc/design/ [3] https://docs.opentitan.org/hw/ip/pinmux/doc/#overview Signed-off-by: Wilfred Mallawa Reviewed-by: Alistair Francis Reviewed-by: Bin Meng Message-Id: <20221025043335.339815-2-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 21 +++++++++++++-------- include/hw/riscv/opentitan.h | 9 ++++----- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index be7ff1eea0..92493c629d 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -28,8 +28,16 @@ #include "qemu/units.h" #include "sysemu/sysemu.h" +/* + * This version of the OpenTitan machine currently supports + * OpenTitan RTL version: + * + * + * MMIO mapping as per (specified commit): + * lowRISC/opentitan: hw/top_earlgrey/sw/autogen/top_earlgrey_memory.h + */ static const MemMapEntry ibex_memmap[] = { - [IBEX_DEV_ROM] = { 0x00008000, 0x8000 }, + [IBEX_DEV_ROM] = { 0x00008000, 0x8000 }, [IBEX_DEV_RAM] = { 0x10000000, 0x20000 }, [IBEX_DEV_FLASH] = { 0x20000000, 0x100000 }, [IBEX_DEV_UART] = { 0x40000000, 0x1000 }, @@ -38,17 +46,17 @@ static const MemMapEntry ibex_memmap[] = { [IBEX_DEV_I2C] = { 0x40080000, 0x1000 }, [IBEX_DEV_PATTGEN] = { 0x400e0000, 0x1000 }, [IBEX_DEV_TIMER] = { 0x40100000, 0x1000 }, - [IBEX_DEV_SENSOR_CTRL] = { 0x40110000, 0x1000 }, [IBEX_DEV_OTP_CTRL] = { 0x40130000, 0x4000 }, [IBEX_DEV_LC_CTRL] = { 0x40140000, 0x1000 }, - [IBEX_DEV_USBDEV] = { 0x40150000, 0x1000 }, + [IBEX_DEV_ALERT_HANDLER] = { 0x40150000, 0x1000 }, [IBEX_DEV_SPI_HOST0] = { 0x40300000, 0x1000 }, [IBEX_DEV_SPI_HOST1] = { 0x40310000, 0x1000 }, + [IBEX_DEV_USBDEV] = { 0x40320000, 0x1000 }, [IBEX_DEV_PWRMGR] = { 0x40400000, 0x1000 }, [IBEX_DEV_RSTMGR] = { 0x40410000, 0x1000 }, [IBEX_DEV_CLKMGR] = { 0x40420000, 0x1000 }, [IBEX_DEV_PINMUX] = { 0x40460000, 0x1000 }, - [IBEX_DEV_PADCTRL] = { 0x40470000, 0x1000 }, + [IBEX_DEV_SENSOR_CTRL] = { 0x40490000, 0x1000 }, [IBEX_DEV_FLASH_CTRL] = { 0x41000000, 0x1000 }, [IBEX_DEV_AES] = { 0x41100000, 0x1000 }, [IBEX_DEV_HMAC] = { 0x41110000, 0x1000 }, @@ -59,10 +67,9 @@ static const MemMapEntry ibex_memmap[] = { [IBEX_DEV_ENTROPY] = { 0x41160000, 0x1000 }, [IBEX_DEV_EDNO] = { 0x41170000, 0x1000 }, [IBEX_DEV_EDN1] = { 0x41180000, 0x1000 }, - [IBEX_DEV_ALERT_HANDLER] = { 0x411b0000, 0x1000 }, [IBEX_DEV_NMI_GEN] = { 0x411c0000, 0x1000 }, [IBEX_DEV_PERI] = { 0x411f0000, 0x10000 }, - [IBEX_DEV_PLIC] = { 0x48000000, 0x4005000 }, + [IBEX_DEV_PLIC] = { 0x48000000, 0x4005000 }, [IBEX_DEV_FLASH_VIRTUAL] = { 0x80000000, 0x80000 }, }; @@ -265,8 +272,6 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) memmap[IBEX_DEV_CLKMGR].base, memmap[IBEX_DEV_CLKMGR].size); create_unimplemented_device("riscv.lowrisc.ibex.pinmux", memmap[IBEX_DEV_PINMUX].base, memmap[IBEX_DEV_PINMUX].size); - create_unimplemented_device("riscv.lowrisc.ibex.padctrl", - memmap[IBEX_DEV_PADCTRL].base, memmap[IBEX_DEV_PADCTRL].size); create_unimplemented_device("riscv.lowrisc.ibex.usbdev", memmap[IBEX_DEV_USBDEV].base, memmap[IBEX_DEV_USBDEV].size); create_unimplemented_device("riscv.lowrisc.ibex.flash_ctrl", diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h index 6665cd5794..1fc055cdff 100644 --- a/include/hw/riscv/opentitan.h +++ b/include/hw/riscv/opentitan.h @@ -81,7 +81,6 @@ enum { IBEX_DEV_RSTMGR, IBEX_DEV_CLKMGR, IBEX_DEV_PINMUX, - IBEX_DEV_PADCTRL, IBEX_DEV_USBDEV, IBEX_DEV_FLASH_CTRL, IBEX_DEV_PLIC, @@ -109,10 +108,10 @@ enum { IBEX_UART0_RX_TIMEOUT_IRQ = 7, IBEX_UART0_RX_PARITY_ERR_IRQ = 8, IBEX_TIMER_TIMEREXPIRED0_0 = 127, - IBEX_SPI_HOST0_ERR_IRQ = 151, - IBEX_SPI_HOST0_SPI_EVENT_IRQ = 152, - IBEX_SPI_HOST1_ERR_IRQ = 153, - IBEX_SPI_HOST1_SPI_EVENT_IRQ = 154, + IBEX_SPI_HOST0_ERR_IRQ = 134, + IBEX_SPI_HOST0_SPI_EVENT_IRQ = 135, + IBEX_SPI_HOST1_ERR_IRQ = 136, + IBEX_SPI_HOST1_SPI_EVENT_IRQ = 137, }; #endif From aefd1108ee8efe4a11fafdaf03c593b8b953aa4e Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Tue, 25 Oct 2022 14:33:37 +1000 Subject: [PATCH 06/43] hw/riscv/opentitan: add aon_timer base unimpl Adds the updated `aon_timer` base as an unimplemented device. This is used by TockOS, patch ensures the guest doesn't hit load faults. Signed-off-by: Wilfred Mallawa Reviewed-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221025043335.339815-3-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 3 +++ include/hw/riscv/opentitan.h | 1 + 2 files changed, 4 insertions(+) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index 92493c629d..78f895d773 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -56,6 +56,7 @@ static const MemMapEntry ibex_memmap[] = { [IBEX_DEV_RSTMGR] = { 0x40410000, 0x1000 }, [IBEX_DEV_CLKMGR] = { 0x40420000, 0x1000 }, [IBEX_DEV_PINMUX] = { 0x40460000, 0x1000 }, + [IBEX_DEV_AON_TIMER] = { 0x40470000, 0x1000 }, [IBEX_DEV_SENSOR_CTRL] = { 0x40490000, 0x1000 }, [IBEX_DEV_FLASH_CTRL] = { 0x41000000, 0x1000 }, [IBEX_DEV_AES] = { 0x41100000, 0x1000 }, @@ -272,6 +273,8 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) memmap[IBEX_DEV_CLKMGR].base, memmap[IBEX_DEV_CLKMGR].size); create_unimplemented_device("riscv.lowrisc.ibex.pinmux", memmap[IBEX_DEV_PINMUX].base, memmap[IBEX_DEV_PINMUX].size); + create_unimplemented_device("riscv.lowrisc.ibex.aon_timer", + memmap[IBEX_DEV_AON_TIMER].base, memmap[IBEX_DEV_AON_TIMER].size); create_unimplemented_device("riscv.lowrisc.ibex.usbdev", memmap[IBEX_DEV_USBDEV].base, memmap[IBEX_DEV_USBDEV].size); create_unimplemented_device("riscv.lowrisc.ibex.flash_ctrl", diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h index 1fc055cdff..7659d1bc5b 100644 --- a/include/hw/riscv/opentitan.h +++ b/include/hw/riscv/opentitan.h @@ -81,6 +81,7 @@ enum { IBEX_DEV_RSTMGR, IBEX_DEV_CLKMGR, IBEX_DEV_PINMUX, + IBEX_DEV_AON_TIMER, IBEX_DEV_USBDEV, IBEX_DEV_FLASH_CTRL, IBEX_DEV_PLIC, From 3bee0e40106df7926e38464d0e9f34a57a0a01ad Mon Sep 17 00:00:00 2001 From: Mayuresh Chitale Date: Sun, 16 Oct 2022 18:17:22 +0530 Subject: [PATCH 07/43] target/riscv: Add smstateen support Smstateen extension specifies a mechanism to close the potential covert channels that could cause security issues. This patch adds the CSRs defined in the specification and the corresponding predicates and read/write functions. Signed-off-by: Mayuresh Chitale Reviewed-by: Weiwei Li Reviewed-by: Alistair Francis Message-Id: <20221016124726.102129-2-mchitale@ventanamicro.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 4 + target/riscv/cpu_bits.h | 37 +++++ target/riscv/csr.c | 316 ++++++++++++++++++++++++++++++++++++++++ target/riscv/machine.c | 21 +++ 4 files changed, 378 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 443d15a47c..5cac0c5eec 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -366,6 +366,9 @@ struct CPUArchState { /* CSRs for execution enviornment configuration */ uint64_t menvcfg; + uint64_t mstateen[SMSTATEEN_MAX_COUNT]; + uint64_t hstateen[SMSTATEEN_MAX_COUNT]; + uint64_t sstateen[SMSTATEEN_MAX_COUNT]; target_ulong senvcfg; uint64_t henvcfg; #endif @@ -441,6 +444,7 @@ struct RISCVCPUConfig { bool ext_ifencei; bool ext_icsr; bool ext_zihintpause; + bool ext_smstateen; bool ext_sstc; bool ext_svinval; bool ext_svnapot; diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index d8f5f0abed..8b0d7e20ea 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -197,6 +197,12 @@ /* Supervisor Configuration CSRs */ #define CSR_SENVCFG 0x10A +/* Supervisor state CSRs */ +#define CSR_SSTATEEN0 0x10C +#define CSR_SSTATEEN1 0x10D +#define CSR_SSTATEEN2 0x10E +#define CSR_SSTATEEN3 0x10F + /* Supervisor Trap Handling */ #define CSR_SSCRATCH 0x140 #define CSR_SEPC 0x141 @@ -244,6 +250,16 @@ #define CSR_HENVCFG 0x60A #define CSR_HENVCFGH 0x61A +/* Hypervisor state CSRs */ +#define CSR_HSTATEEN0 0x60C +#define CSR_HSTATEEN0H 0x61C +#define CSR_HSTATEEN1 0x60D +#define CSR_HSTATEEN1H 0x61D +#define CSR_HSTATEEN2 0x60E +#define CSR_HSTATEEN2H 0x61E +#define CSR_HSTATEEN3 0x60F +#define CSR_HSTATEEN3H 0x61F + /* Virtual CSRs */ #define CSR_VSSTATUS 0x200 #define CSR_VSIE 0x204 @@ -289,6 +305,27 @@ #define CSR_MENVCFG 0x30A #define CSR_MENVCFGH 0x31A +/* Machine state CSRs */ +#define CSR_MSTATEEN0 0x30C +#define CSR_MSTATEEN0H 0x31C +#define CSR_MSTATEEN1 0x30D +#define CSR_MSTATEEN1H 0x31D +#define CSR_MSTATEEN2 0x30E +#define CSR_MSTATEEN2H 0x31E +#define CSR_MSTATEEN3 0x30F +#define CSR_MSTATEEN3H 0x31F + +/* Common defines for all smstateen */ +#define SMSTATEEN_MAX_COUNT 4 +#define SMSTATEEN0_CS (1ULL << 0) +#define SMSTATEEN0_FCSR (1ULL << 1) +#define SMSTATEEN0_HSCONTXT (1ULL << 57) +#define SMSTATEEN0_IMSIC (1ULL << 58) +#define SMSTATEEN0_AIA (1ULL << 59) +#define SMSTATEEN0_SVSLCT (1ULL << 60) +#define SMSTATEEN0_HSENVCFG (1ULL << 62) +#define SMSTATEEN_STATEEN (1ULL << 63) + /* Enhanced Physical Memory Protection (ePMP) */ #define CSR_MSECCFG 0x747 #define CSR_MSECCFGH 0x757 diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 5c9a7ee287..c861424e85 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -283,6 +283,72 @@ static RISCVException umode32(CPURISCVState *env, int csrno) return umode(env, csrno); } +static RISCVException mstateen(CPURISCVState *env, int csrno) +{ + CPUState *cs = env_cpu(env); + RISCVCPU *cpu = RISCV_CPU(cs); + + if (!cpu->cfg.ext_smstateen) { + return RISCV_EXCP_ILLEGAL_INST; + } + + return any(env, csrno); +} + +static RISCVException hstateen_pred(CPURISCVState *env, int csrno, int base) +{ + CPUState *cs = env_cpu(env); + RISCVCPU *cpu = RISCV_CPU(cs); + + if (!cpu->cfg.ext_smstateen) { + return RISCV_EXCP_ILLEGAL_INST; + } + + if (env->priv < PRV_M) { + if (!(env->mstateen[csrno - base] & SMSTATEEN_STATEEN)) { + return RISCV_EXCP_ILLEGAL_INST; + } + } + + return hmode(env, csrno); +} + +static RISCVException hstateen(CPURISCVState *env, int csrno) +{ + return hstateen_pred(env, csrno, CSR_HSTATEEN0); +} + +static RISCVException hstateenh(CPURISCVState *env, int csrno) +{ + return hstateen_pred(env, csrno, CSR_HSTATEEN0H); +} + +static RISCVException sstateen(CPURISCVState *env, int csrno) +{ + bool virt = riscv_cpu_virt_enabled(env); + int index = csrno - CSR_SSTATEEN0; + CPUState *cs = env_cpu(env); + RISCVCPU *cpu = RISCV_CPU(cs); + + if (!cpu->cfg.ext_smstateen) { + return RISCV_EXCP_ILLEGAL_INST; + } + + if (env->priv < PRV_M) { + if (!(env->mstateen[index] & SMSTATEEN_STATEEN)) { + return RISCV_EXCP_ILLEGAL_INST; + } + + if (virt) { + if (!(env->hstateen[index] & SMSTATEEN_STATEEN)) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + } + } + } + + return smode(env, csrno); +} + /* Checks if PointerMasking registers could be accessed */ static RISCVException pointer_masking(CPURISCVState *env, int csrno) { @@ -1861,6 +1927,197 @@ static RISCVException write_henvcfgh(CPURISCVState *env, int csrno, return RISCV_EXCP_NONE; } +static RISCVException read_mstateen(CPURISCVState *env, int csrno, + target_ulong *val) +{ + *val = env->mstateen[csrno - CSR_MSTATEEN0]; + + return RISCV_EXCP_NONE; +} + +static RISCVException write_mstateen(CPURISCVState *env, int csrno, + uint64_t wr_mask, target_ulong new_val) +{ + uint64_t *reg; + + reg = &env->mstateen[csrno - CSR_MSTATEEN0]; + *reg = (*reg & ~wr_mask) | (new_val & wr_mask); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_mstateen0(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + uint64_t wr_mask = SMSTATEEN_STATEEN; + + return write_mstateen(env, csrno, wr_mask, new_val); +} + +static RISCVException write_mstateen_1_3(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + return write_mstateen(env, csrno, SMSTATEEN_STATEEN, new_val); +} + +static RISCVException read_mstateenh(CPURISCVState *env, int csrno, + target_ulong *val) +{ + *val = env->mstateen[csrno - CSR_MSTATEEN0H] >> 32; + + return RISCV_EXCP_NONE; +} + +static RISCVException write_mstateenh(CPURISCVState *env, int csrno, + uint64_t wr_mask, target_ulong new_val) +{ + uint64_t *reg, val; + + reg = &env->mstateen[csrno - CSR_MSTATEEN0H]; + val = (uint64_t)new_val << 32; + val |= *reg & 0xFFFFFFFF; + *reg = (*reg & ~wr_mask) | (val & wr_mask); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_mstateen0h(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + uint64_t wr_mask = SMSTATEEN_STATEEN; + + return write_mstateenh(env, csrno, wr_mask, new_val); +} + +static RISCVException write_mstateenh_1_3(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + return write_mstateenh(env, csrno, SMSTATEEN_STATEEN, new_val); +} + +static RISCVException read_hstateen(CPURISCVState *env, int csrno, + target_ulong *val) +{ + int index = csrno - CSR_HSTATEEN0; + + *val = env->hstateen[index] & env->mstateen[index]; + + return RISCV_EXCP_NONE; +} + +static RISCVException write_hstateen(CPURISCVState *env, int csrno, + uint64_t mask, target_ulong new_val) +{ + int index = csrno - CSR_HSTATEEN0; + uint64_t *reg, wr_mask; + + reg = &env->hstateen[index]; + wr_mask = env->mstateen[index] & mask; + *reg = (*reg & ~wr_mask) | (new_val & wr_mask); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_hstateen0(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + uint64_t wr_mask = SMSTATEEN_STATEEN; + + return write_hstateen(env, csrno, wr_mask, new_val); +} + +static RISCVException write_hstateen_1_3(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + return write_hstateen(env, csrno, SMSTATEEN_STATEEN, new_val); +} + +static RISCVException read_hstateenh(CPURISCVState *env, int csrno, + target_ulong *val) +{ + int index = csrno - CSR_HSTATEEN0H; + + *val = (env->hstateen[index] >> 32) & (env->mstateen[index] >> 32); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_hstateenh(CPURISCVState *env, int csrno, + uint64_t mask, target_ulong new_val) +{ + int index = csrno - CSR_HSTATEEN0H; + uint64_t *reg, wr_mask, val; + + reg = &env->hstateen[index]; + val = (uint64_t)new_val << 32; + val |= *reg & 0xFFFFFFFF; + wr_mask = env->mstateen[index] & mask; + *reg = (*reg & ~wr_mask) | (val & wr_mask); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_hstateen0h(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + uint64_t wr_mask = SMSTATEEN_STATEEN; + + return write_hstateenh(env, csrno, wr_mask, new_val); +} + +static RISCVException write_hstateenh_1_3(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + return write_hstateenh(env, csrno, SMSTATEEN_STATEEN, new_val); +} + +static RISCVException read_sstateen(CPURISCVState *env, int csrno, + target_ulong *val) +{ + bool virt = riscv_cpu_virt_enabled(env); + int index = csrno - CSR_SSTATEEN0; + + *val = env->sstateen[index] & env->mstateen[index]; + if (virt) { + *val &= env->hstateen[index]; + } + + return RISCV_EXCP_NONE; +} + +static RISCVException write_sstateen(CPURISCVState *env, int csrno, + uint64_t mask, target_ulong new_val) +{ + bool virt = riscv_cpu_virt_enabled(env); + int index = csrno - CSR_SSTATEEN0; + uint64_t wr_mask; + uint64_t *reg; + + wr_mask = env->mstateen[index] & mask; + if (virt) { + wr_mask &= env->hstateen[index]; + } + + reg = &env->sstateen[index]; + *reg = (*reg & ~wr_mask) | (new_val & wr_mask); + + return RISCV_EXCP_NONE; +} + +static RISCVException write_sstateen0(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + uint64_t wr_mask = SMSTATEEN_STATEEN; + + return write_sstateen(env, csrno, wr_mask, new_val); +} + +static RISCVException write_sstateen_1_3(CPURISCVState *env, int csrno, + target_ulong new_val) +{ + return write_sstateen(env, csrno, SMSTATEEN_STATEEN, new_val); +} + static RISCVException rmw_mip64(CPURISCVState *env, int csrno, uint64_t *ret_val, uint64_t new_val, uint64_t wr_mask) @@ -3744,6 +4001,65 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = { [CSR_HENVCFGH] = { "henvcfgh", hmode32, read_henvcfgh, write_henvcfgh, .min_priv_ver = PRIV_VERSION_1_12_0 }, + /* Smstateen extension CSRs */ + [CSR_MSTATEEN0] = { "mstateen0", mstateen, read_mstateen, write_mstateen0, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN0H] = { "mstateen0h", mstateen, read_mstateenh, + write_mstateen0h, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN1] = { "mstateen1", mstateen, read_mstateen, + write_mstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN1H] = { "mstateen1h", mstateen, read_mstateenh, + write_mstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN2] = { "mstateen2", mstateen, read_mstateen, + write_mstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN2H] = { "mstateen2h", mstateen, read_mstateenh, + write_mstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN3] = { "mstateen3", mstateen, read_mstateen, + write_mstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_MSTATEEN3H] = { "mstateen3h", mstateen, read_mstateenh, + write_mstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN0] = { "hstateen0", hstateen, read_hstateen, write_hstateen0, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN0H] = { "hstateen0h", hstateenh, read_hstateenh, + write_hstateen0h, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN1] = { "hstateen1", hstateen, read_hstateen, + write_hstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN1H] = { "hstateen1h", hstateenh, read_hstateenh, + write_hstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN2] = { "hstateen2", hstateen, read_hstateen, + write_hstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN2H] = { "hstateen2h", hstateenh, read_hstateenh, + write_hstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN3] = { "hstateen3", hstateen, read_hstateen, + write_hstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_HSTATEEN3H] = { "hstateen3h", hstateenh, read_hstateenh, + write_hstateenh_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_SSTATEEN0] = { "sstateen0", sstateen, read_sstateen, write_sstateen0, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_SSTATEEN1] = { "sstateen1", sstateen, read_sstateen, + write_sstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_SSTATEEN2] = { "sstateen2", sstateen, read_sstateen, + write_sstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + [CSR_SSTATEEN3] = { "sstateen3", sstateen, read_sstateen, + write_sstateen_1_3, + .min_priv_ver = PRIV_VERSION_1_12_0 }, + /* Supervisor Trap Setup */ [CSR_SSTATUS] = { "sstatus", smode, read_sstatus, write_sstatus, NULL, read_sstatus_i128 }, diff --git a/target/riscv/machine.c b/target/riscv/machine.c index c2a94a82b3..e687f9fce0 100644 --- a/target/riscv/machine.c +++ b/target/riscv/machine.c @@ -253,6 +253,26 @@ static int riscv_cpu_post_load(void *opaque, int version_id) return 0; } +static bool smstateen_needed(void *opaque) +{ + RISCVCPU *cpu = opaque; + + return cpu->cfg.ext_smstateen; +} + +static const VMStateDescription vmstate_smstateen = { + .name = "cpu/smtateen", + .version_id = 1, + .minimum_version_id = 1, + .needed = smstateen_needed, + .fields = (VMStateField[]) { + VMSTATE_UINT64_ARRAY(env.mstateen, RISCVCPU, 4), + VMSTATE_UINT64_ARRAY(env.hstateen, RISCVCPU, 4), + VMSTATE_UINT64_ARRAY(env.sstateen, RISCVCPU, 4), + VMSTATE_END_OF_LIST() + } +}; + static bool envcfg_needed(void *opaque) { RISCVCPU *cpu = opaque; @@ -364,6 +384,7 @@ const VMStateDescription vmstate_riscv_cpu = { &vmstate_kvmtimer, &vmstate_envcfg, &vmstate_debug, + &vmstate_smstateen, NULL } }; From 252b06f638cdc79aa6dc33e91174b276eb69b3e0 Mon Sep 17 00:00:00 2001 From: Mayuresh Chitale Date: Sun, 16 Oct 2022 18:17:23 +0530 Subject: [PATCH 08/43] target/riscv: smstateen check for h/s/envcfg Accesses to henvcfg, henvcfgh and senvcfg are allowed only if the corresponding bit in mstateen0/hstateen0 is enabled. Otherwise an illegal instruction trap is generated. Signed-off-by: Mayuresh Chitale Reviewed-by: Weiwei Li Reviewed-by: Alistair Francis Message-Id: <20221016124726.102129-3-mchitale@ventanamicro.com> Signed-off-by: Alistair Francis --- target/riscv/csr.c | 87 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 80 insertions(+), 7 deletions(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index c861424e85..71236f2b5d 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -41,6 +41,42 @@ void riscv_set_csr_ops(int csrno, riscv_csr_operations *ops) } /* Predicates */ +#if !defined(CONFIG_USER_ONLY) +static RISCVException smstateen_acc_ok(CPURISCVState *env, int index, + uint64_t bit) +{ + bool virt = riscv_cpu_virt_enabled(env); + CPUState *cs = env_cpu(env); + RISCVCPU *cpu = RISCV_CPU(cs); + + if (env->priv == PRV_M || !cpu->cfg.ext_smstateen) { + return RISCV_EXCP_NONE; + } + + if (!(env->mstateen[index] & bit)) { + return RISCV_EXCP_ILLEGAL_INST; + } + + if (virt) { + if (!(env->hstateen[index] & bit)) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + } + + if (env->priv == PRV_U && !(env->sstateen[index] & bit)) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + } + } + + if (env->priv == PRV_U && riscv_has_ext(env, RVS)) { + if (!(env->sstateen[index] & bit)) { + return RISCV_EXCP_ILLEGAL_INST; + } + } + + return RISCV_EXCP_NONE; +} +#endif + static RISCVException fs(CPURISCVState *env, int csrno) { #if !defined(CONFIG_USER_ONLY) @@ -1874,6 +1910,13 @@ static RISCVException write_menvcfgh(CPURISCVState *env, int csrno, static RISCVException read_senvcfg(CPURISCVState *env, int csrno, target_ulong *val) { + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } + *val = env->senvcfg; return RISCV_EXCP_NONE; } @@ -1882,15 +1925,27 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno, target_ulong val) { uint64_t mask = SENVCFG_FIOM | SENVCFG_CBIE | SENVCFG_CBCFE | SENVCFG_CBZE; + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } env->senvcfg = (env->senvcfg & ~mask) | (val & mask); - return RISCV_EXCP_NONE; } static RISCVException read_henvcfg(CPURISCVState *env, int csrno, target_ulong *val) { + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } + *val = env->henvcfg; return RISCV_EXCP_NONE; } @@ -1899,6 +1954,12 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, target_ulong val) { uint64_t mask = HENVCFG_FIOM | HENVCFG_CBIE | HENVCFG_CBCFE | HENVCFG_CBZE; + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } if (riscv_cpu_mxl(env) == MXL_RV64) { mask |= HENVCFG_PBMTE | HENVCFG_STCE; @@ -1912,6 +1973,13 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, static RISCVException read_henvcfgh(CPURISCVState *env, int csrno, target_ulong *val) { + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } + *val = env->henvcfg >> 32; return RISCV_EXCP_NONE; } @@ -1921,9 +1989,14 @@ static RISCVException write_henvcfgh(CPURISCVState *env, int csrno, { uint64_t mask = HENVCFG_PBMTE | HENVCFG_STCE; uint64_t valh = (uint64_t)val << 32; + RISCVException ret; + + ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG); + if (ret != RISCV_EXCP_NONE) { + return ret; + } env->henvcfg = (env->henvcfg & ~mask) | (valh & mask); - return RISCV_EXCP_NONE; } @@ -1949,7 +2022,7 @@ static RISCVException write_mstateen(CPURISCVState *env, int csrno, static RISCVException write_mstateen0(CPURISCVState *env, int csrno, target_ulong new_val) { - uint64_t wr_mask = SMSTATEEN_STATEEN; + uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG; return write_mstateen(env, csrno, wr_mask, new_val); } @@ -1984,7 +2057,7 @@ static RISCVException write_mstateenh(CPURISCVState *env, int csrno, static RISCVException write_mstateen0h(CPURISCVState *env, int csrno, target_ulong new_val) { - uint64_t wr_mask = SMSTATEEN_STATEEN; + uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG; return write_mstateenh(env, csrno, wr_mask, new_val); } @@ -2021,7 +2094,7 @@ static RISCVException write_hstateen(CPURISCVState *env, int csrno, static RISCVException write_hstateen0(CPURISCVState *env, int csrno, target_ulong new_val) { - uint64_t wr_mask = SMSTATEEN_STATEEN; + uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG; return write_hstateen(env, csrno, wr_mask, new_val); } @@ -2060,7 +2133,7 @@ static RISCVException write_hstateenh(CPURISCVState *env, int csrno, static RISCVException write_hstateen0h(CPURISCVState *env, int csrno, target_ulong new_val) { - uint64_t wr_mask = SMSTATEEN_STATEEN; + uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG; return write_hstateenh(env, csrno, wr_mask, new_val); } @@ -2107,7 +2180,7 @@ static RISCVException write_sstateen(CPURISCVState *env, int csrno, static RISCVException write_sstateen0(CPURISCVState *env, int csrno, target_ulong new_val) { - uint64_t wr_mask = SMSTATEEN_STATEEN; + uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG; return write_sstateen(env, csrno, wr_mask, new_val); } From fb3f3730e405e2451dffc03c572037c2e0bd44c0 Mon Sep 17 00:00:00 2001 From: Mayuresh Chitale Date: Sun, 16 Oct 2022 18:17:24 +0530 Subject: [PATCH 09/43] target/riscv: generate virtual instruction exception This patch adds a mechanism to generate a virtual instruction instruction exception instead of an illegal instruction exception during instruction decode when virt is enabled. Signed-off-by: Mayuresh Chitale Reviewed-by: Weiwei Li Reviewed-by: Alistair Francis Message-Id: <20221016124726.102129-4-mchitale@ventanamicro.com> Signed-off-by: Alistair Francis --- target/riscv/translate.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/target/riscv/translate.c b/target/riscv/translate.c index db123da5ec..8b0bd38bb2 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -76,6 +76,7 @@ typedef struct DisasContext { to reset this known value. */ int frm; RISCVMXL ol; + bool virt_inst_excp; bool virt_enabled; const RISCVCPUConfig *cfg_ptr; bool hlsx; @@ -243,7 +244,11 @@ static void gen_exception_illegal(DisasContext *ctx) { tcg_gen_st_i32(tcg_constant_i32(ctx->opcode), cpu_env, offsetof(CPURISCVState, bins)); - generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST); + if (ctx->virt_inst_excp) { + generate_exception(ctx, RISCV_EXCP_VIRT_INSTRUCTION_FAULT); + } else { + generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST); + } } static void gen_exception_inst_addr_mis(DisasContext *ctx) @@ -1062,6 +1067,7 @@ static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t opcode) { has_XVentanaCondOps_p, decode_XVentanaCodeOps }, }; + ctx->virt_inst_excp = false; /* Check for compressed insn */ if (insn_len(opcode) == 2) { if (!has_ext(ctx, RVC)) { From 2c9d747121aa9f8f0494b9e3136a22a1c3a8b2a3 Mon Sep 17 00:00:00 2001 From: LIU Zhiwei Date: Thu, 13 Oct 2022 14:29:43 +0800 Subject: [PATCH 10/43] target/riscv: Add itrigger support when icount is not enabled When icount is not enabled, there is no API in QEMU that can get the guest instruction number. Translate the guest code in a way that each TB only has one instruction. After executing the instruction, decrease the count by 1 until it reaches 0 where the itrigger fires. Note that only when priviledge matches the itrigger configuration, the count will decrease. Signed-off-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221013062946.7530-2-zhiwei_liu@linux.alibaba.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 2 + target/riscv/cpu_helper.c | 6 ++ target/riscv/debug.c | 71 +++++++++++++++++++ target/riscv/debug.h | 12 ++++ target/riscv/helper.h | 2 + .../riscv/insn_trans/trans_privileged.c.inc | 4 +- target/riscv/insn_trans/trans_rvi.c.inc | 8 +-- target/riscv/insn_trans/trans_rvv.c.inc | 4 +- target/riscv/translate.c | 33 ++++++++- 9 files changed, 131 insertions(+), 11 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 5cac0c5eec..c32e484c0b 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -625,6 +625,8 @@ FIELD(TB_FLAGS, PM_MASK_ENABLED, 22, 1) FIELD(TB_FLAGS, PM_BASE_ENABLED, 23, 1) FIELD(TB_FLAGS, VTA, 24, 1) FIELD(TB_FLAGS, VMA, 25, 1) +/* Native debug itrigger */ +FIELD(TB_FLAGS, ITRIGGER, 26, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 5d66246c2c..9d1d1bf9f1 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -27,7 +27,9 @@ #include "tcg/tcg-op.h" #include "trace.h" #include "semihosting/common-semi.h" +#include "sysemu/cpu-timers.h" #include "cpu_bits.h" +#include "debug.h" int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch) { @@ -103,6 +105,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc, flags = FIELD_DP32(flags, TB_FLAGS, MSTATUS_HS_VS, get_field(env->mstatus_hs, MSTATUS_VS)); } + if (riscv_feature(env, RISCV_FEATURE_DEBUG) && !icount_enabled()) { + flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER, + riscv_itrigger_enabled(env)); + } #endif flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl); diff --git a/target/riscv/debug.c b/target/riscv/debug.c index e44848d0d7..036161649f 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -29,6 +29,7 @@ #include "cpu.h" #include "trace.h" #include "exec/exec-all.h" +#include "exec/helper-proto.h" /* * The following M-mode trigger CSRs are implemented: @@ -496,6 +497,76 @@ static void type6_reg_write(CPURISCVState *env, target_ulong index, return; } +/* icount trigger type */ +static inline int +itrigger_get_count(CPURISCVState *env, int index) +{ + return get_field(env->tdata1[index], ITRIGGER_COUNT); +} + +static inline void +itrigger_set_count(CPURISCVState *env, int index, int value) +{ + env->tdata1[index] = set_field(env->tdata1[index], + ITRIGGER_COUNT, value); +} + +static bool check_itrigger_priv(CPURISCVState *env, int index) +{ + target_ulong tdata1 = env->tdata1[index]; + if (riscv_cpu_virt_enabled(env)) { + /* check VU/VS bit against current privilege level */ + return (get_field(tdata1, ITRIGGER_VS) == env->priv) || + (get_field(tdata1, ITRIGGER_VU) == env->priv); + } else { + /* check U/S/M bit against current privilege level */ + return (get_field(tdata1, ITRIGGER_M) == env->priv) || + (get_field(tdata1, ITRIGGER_S) == env->priv) || + (get_field(tdata1, ITRIGGER_U) == env->priv); + } +} + +bool riscv_itrigger_enabled(CPURISCVState *env) +{ + int count; + for (int i = 0; i < RV_MAX_TRIGGERS; i++) { + if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) { + continue; + } + if (check_itrigger_priv(env, i)) { + continue; + } + count = itrigger_get_count(env, i); + if (!count) { + continue; + } + return true; + } + + return false; +} + +void helper_itrigger_match(CPURISCVState *env) +{ + int count; + for (int i = 0; i < RV_MAX_TRIGGERS; i++) { + if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) { + continue; + } + if (check_itrigger_priv(env, i)) { + continue; + } + count = itrigger_get_count(env, i); + if (!count) { + continue; + } + itrigger_set_count(env, i, count--); + if (!count) { + do_trigger_action(env, i); + } + } +} + target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) { switch (tdata_index) { diff --git a/target/riscv/debug.h b/target/riscv/debug.h index a1226b4d29..cc3358e69b 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -118,6 +118,17 @@ enum { SIZE_NUM = 16 }; +/* itrigger filed masks */ +#define ITRIGGER_ACTION 0x3f +#define ITRIGGER_U BIT(6) +#define ITRIGGER_S BIT(7) +#define ITRIGGER_PENDING BIT(8) +#define ITRIGGER_M BIT(9) +#define ITRIGGER_COUNT (0x3fff << 10) +#define ITRIGGER_HIT BIT(24) +#define ITRIGGER_VU BIT(25) +#define ITRIGGER_VS BIT(26) + bool tdata_available(CPURISCVState *env, int tdata_index); target_ulong tselect_csr_read(CPURISCVState *env); @@ -134,4 +145,5 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp); void riscv_trigger_init(CPURISCVState *env); +bool riscv_itrigger_enabled(CPURISCVState *env); #endif /* RISCV_DEBUG_H */ diff --git a/target/riscv/helper.h b/target/riscv/helper.h index a03014fe67..227c7122ef 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -109,6 +109,8 @@ DEF_HELPER_1(sret, tl, env) DEF_HELPER_1(mret, tl, env) DEF_HELPER_1(wfi, void, env) DEF_HELPER_1(tlb_flush, void, env) +/* Native Debug */ +DEF_HELPER_1(itrigger_match, void, env) #endif /* Hypervisor functions */ diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc index 3281408a87..59501b2780 100644 --- a/target/riscv/insn_trans/trans_privileged.c.inc +++ b/target/riscv/insn_trans/trans_privileged.c.inc @@ -78,7 +78,7 @@ static bool trans_sret(DisasContext *ctx, arg_sret *a) if (has_ext(ctx, RVS)) { decode_save_opc(ctx); gen_helper_sret(cpu_pc, cpu_env); - tcg_gen_exit_tb(NULL, 0); /* no chaining */ + exit_tb(ctx); /* no chaining */ ctx->base.is_jmp = DISAS_NORETURN; } else { return false; @@ -94,7 +94,7 @@ static bool trans_mret(DisasContext *ctx, arg_mret *a) #ifndef CONFIG_USER_ONLY decode_save_opc(ctx); gen_helper_mret(cpu_pc, cpu_env); - tcg_gen_exit_tb(NULL, 0); /* no chaining */ + exit_tb(ctx); /* no chaining */ ctx->base.is_jmp = DISAS_NORETURN; return true; #else diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc index c49dbec0eb..5c69b88d1e 100644 --- a/target/riscv/insn_trans/trans_rvi.c.inc +++ b/target/riscv/insn_trans/trans_rvi.c.inc @@ -66,7 +66,7 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a) } gen_set_gpri(ctx, a->rd, ctx->pc_succ_insn); - tcg_gen_lookup_and_goto_ptr(); + lookup_and_goto_ptr(ctx); if (misaligned) { gen_set_label(misaligned); @@ -803,7 +803,7 @@ static bool trans_pause(DisasContext *ctx, arg_pause *a) * end the TB and return to main loop */ gen_set_pc_imm(ctx, ctx->pc_succ_insn); - tcg_gen_exit_tb(NULL, 0); + exit_tb(ctx); ctx->base.is_jmp = DISAS_NORETURN; return true; @@ -827,7 +827,7 @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a) * however we need to end the translation block */ gen_set_pc_imm(ctx, ctx->pc_succ_insn); - tcg_gen_exit_tb(NULL, 0); + exit_tb(ctx); ctx->base.is_jmp = DISAS_NORETURN; return true; } @@ -838,7 +838,7 @@ static bool do_csr_post(DisasContext *ctx) decode_save_opc(ctx); /* We may have changed important cpu state -- exit to main loop. */ gen_set_pc_imm(ctx, ctx->pc_succ_insn); - tcg_gen_exit_tb(NULL, 0); + exit_tb(ctx); ctx->base.is_jmp = DISAS_NORETURN; return true; } diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 4dea4413ae..d455acedbf 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -196,7 +196,7 @@ static bool do_vsetvl(DisasContext *s, int rd, int rs1, TCGv s2) mark_vs_dirty(s); gen_set_pc_imm(s, s->pc_succ_insn); - tcg_gen_lookup_and_goto_ptr(); + lookup_and_goto_ptr(s); s->base.is_jmp = DISAS_NORETURN; if (rd == 0 && rs1 == 0) { @@ -222,7 +222,7 @@ static bool do_vsetivli(DisasContext *s, int rd, TCGv s1, TCGv s2) gen_set_gpr(s, rd, dst); mark_vs_dirty(s); gen_set_pc_imm(s, s->pc_succ_insn); - tcg_gen_lookup_and_goto_ptr(); + lookup_and_goto_ptr(s); s->base.is_jmp = DISAS_NORETURN; return true; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index 8b0bd38bb2..cd5eb25ee8 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -112,6 +112,8 @@ typedef struct DisasContext { /* PointerMasking extension */ bool pm_mask_enabled; bool pm_base_enabled; + /* Use icount trigger for native debug */ + bool itrigger; /* TCG of the current insn_start */ TCGOp *insn_start; } DisasContext; @@ -257,15 +259,39 @@ static void gen_exception_inst_addr_mis(DisasContext *ctx) generate_exception(ctx, RISCV_EXCP_INST_ADDR_MIS); } +static void lookup_and_goto_ptr(DisasContext *ctx) +{ +#ifndef CONFIG_USER_ONLY + if (ctx->itrigger) { + gen_helper_itrigger_match(cpu_env); + } +#endif + tcg_gen_lookup_and_goto_ptr(); +} + +static void exit_tb(DisasContext *ctx) +{ +#ifndef CONFIG_USER_ONLY + if (ctx->itrigger) { + gen_helper_itrigger_match(cpu_env); + } +#endif + tcg_gen_exit_tb(NULL, 0); +} + static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest) { - if (translator_use_goto_tb(&ctx->base, dest)) { + /* + * Under itrigger, instruction executes one by one like singlestep, + * direct block chain benefits will be small. + */ + if (translator_use_goto_tb(&ctx->base, dest) && !ctx->itrigger) { tcg_gen_goto_tb(n); gen_set_pc_imm(ctx, dest); tcg_gen_exit_tb(ctx->base.tb, n); } else { gen_set_pc_imm(ctx, dest); - tcg_gen_lookup_and_goto_ptr(); + lookup_and_goto_ptr(ctx); } } @@ -1142,6 +1168,7 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) memset(ctx->ftemp, 0, sizeof(ctx->ftemp)); ctx->pm_mask_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_MASK_ENABLED); ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); + ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); ctx->zero = tcg_constant_tl(0); } @@ -1181,7 +1208,7 @@ static void riscv_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) /* Only the first insn within a TB is allowed to cross a page boundary. */ if (ctx->base.is_jmp == DISAS_NEXT) { - if (!is_same_page(&ctx->base, ctx->base.pc_next)) { + if (ctx->itrigger || !is_same_page(&ctx->base, ctx->base.pc_next)) { ctx->base.is_jmp = DISAS_TOO_MANY; } else { unsigned page_ofs = ctx->base.pc_next & ~TARGET_PAGE_MASK; From 5a4ae64cac49564354cd6f17598840e4af70e4f5 Mon Sep 17 00:00:00 2001 From: LIU Zhiwei Date: Thu, 13 Oct 2022 14:29:44 +0800 Subject: [PATCH 11/43] target/riscv: Add itrigger support when icount is enabled The max count in itrigger can be 0x3FFF, which will cause a no trivial translation and execution overload. When icount is enabled, QEMU provides API that can fetch guest instruction number. Thus, we can set an timer for itrigger with the count as deadline. Only when timer expires or priviledge mode changes, do lazy update to count. Signed-off-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221013062946.7530-3-zhiwei_liu@linux.alibaba.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 2 ++ target/riscv/cpu_helper.c | 3 ++ target/riscv/debug.c | 59 +++++++++++++++++++++++++++++++++++++++ target/riscv/debug.h | 1 + 4 files changed, 65 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index c32e484c0b..b0b4048de9 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -329,6 +329,8 @@ struct CPUArchState { target_ulong tdata3[RV_MAX_TRIGGERS]; struct CPUBreakpoint *cpu_breakpoint[RV_MAX_TRIGGERS]; struct CPUWatchpoint *cpu_watchpoint[RV_MAX_TRIGGERS]; + QEMUTimer *itrigger_timer[RV_MAX_TRIGGERS]; + int64_t last_icount; /* machine specific rdtime callback */ uint64_t (*rdtime_fn)(void *); diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 9d1d1bf9f1..6230f65f70 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -676,6 +676,9 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv) if (newpriv == PRV_H) { newpriv = PRV_U; } + if (icount_enabled() && newpriv != env->priv) { + riscv_itrigger_update_priv(env); + } /* tlb_flush is unnecessary as mode is contained in mmu_idx */ env->priv = newpriv; env->xl = cpu_recompute_xl(env); diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 036161649f..371862cf38 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -30,6 +30,7 @@ #include "trace.h" #include "exec/exec-all.h" #include "exec/helper-proto.h" +#include "sysemu/cpu-timers.h" /* * The following M-mode trigger CSRs are implemented: @@ -567,6 +568,62 @@ void helper_itrigger_match(CPURISCVState *env) } } +static void riscv_itrigger_update_count(CPURISCVState *env) +{ + int count, executed; + /* + * Record last icount, so that we can evaluate the executed instructions + * since last priviledge mode change or timer expire. + */ + int64_t last_icount = env->last_icount, current_icount; + current_icount = env->last_icount = icount_get_raw(); + + for (int i = 0; i < RV_MAX_TRIGGERS; i++) { + if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) { + continue; + } + count = itrigger_get_count(env, i); + if (!count) { + continue; + } + /* + * Only when priviledge is changed or itrigger timer expires, + * the count field in itrigger tdata1 register is updated. + * And the count field in itrigger only contains remaining value. + */ + if (check_itrigger_priv(env, i)) { + /* + * If itrigger enabled in this priviledge mode, the number of + * executed instructions since last priviledge change + * should be reduced from current itrigger count. + */ + executed = current_icount - last_icount; + itrigger_set_count(env, i, count - executed); + if (count == executed) { + do_trigger_action(env, i); + } + } else { + /* + * If itrigger is not enabled in this priviledge mode, + * the number of executed instructions will be discard and + * the count field in itrigger will not change. + */ + timer_mod(env->itrigger_timer[i], + current_icount + count); + } + } +} + +static void riscv_itrigger_timer_cb(void *opaque) +{ + riscv_itrigger_update_count((CPURISCVState *)opaque); +} + +void riscv_itrigger_update_priv(CPURISCVState *env) +{ + riscv_itrigger_update_count(env); +} + target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) { switch (tdata_index) { @@ -796,5 +853,7 @@ void riscv_trigger_init(CPURISCVState *env) env->tdata3[i] = 0; env->cpu_breakpoint[i] = NULL; env->cpu_watchpoint[i] = NULL; + env->itrigger_timer[i] = timer_new_ns(QEMU_CLOCK_VIRTUAL, + riscv_itrigger_timer_cb, env); } } diff --git a/target/riscv/debug.h b/target/riscv/debug.h index cc3358e69b..c471748d5a 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -146,4 +146,5 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp); void riscv_trigger_init(CPURISCVState *env); bool riscv_itrigger_enabled(CPURISCVState *env); +void riscv_itrigger_update_priv(CPURISCVState *env); #endif /* RISCV_DEBUG_H */ From 91809598a055413d87c10799479086d487558b4e Mon Sep 17 00:00:00 2001 From: LIU Zhiwei Date: Thu, 13 Oct 2022 14:29:45 +0800 Subject: [PATCH 12/43] target/riscv: Enable native debug itrigger When QEMU is not in icount mode, execute instruction one by one. The tdata1 can be read directly. When QEMU is in icount mode, use a timer to simulate the itrigger. The tdata1 may be not right because of lazy update of count in tdata1. Thus, We should pack the adjusted count into tdata1 before read it back. Signed-off-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221013062946.7530-4-zhiwei_liu@linux.alibaba.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 74 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 371862cf38..b3574b250f 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -624,10 +624,80 @@ void riscv_itrigger_update_priv(CPURISCVState *env) riscv_itrigger_update_count(env); } -target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) +static target_ulong itrigger_validate(CPURISCVState *env, + target_ulong ctrl) { + target_ulong val; + + /* validate the generic part first */ + val = tdata1_validate(env, ctrl, TRIGGER_TYPE_INST_CNT); + + /* validate unimplemented (always zero) bits */ + warn_always_zero_bit(ctrl, ITRIGGER_ACTION, "action"); + warn_always_zero_bit(ctrl, ITRIGGER_HIT, "hit"); + warn_always_zero_bit(ctrl, ITRIGGER_PENDING, "pending"); + + /* keep the mode and attribute bits */ + val |= ctrl & (ITRIGGER_VU | ITRIGGER_VS | ITRIGGER_U | ITRIGGER_S | + ITRIGGER_M | ITRIGGER_COUNT); + + return val; +} + +static void itrigger_reg_write(CPURISCVState *env, target_ulong index, + int tdata_index, target_ulong val) +{ + target_ulong new_val; + switch (tdata_index) { case TDATA1: + /* set timer for icount */ + new_val = itrigger_validate(env, val); + if (new_val != env->tdata1[index]) { + env->tdata1[index] = new_val; + if (icount_enabled()) { + env->last_icount = icount_get_raw(); + /* set the count to timer */ + timer_mod(env->itrigger_timer[index], + env->last_icount + itrigger_get_count(env, index)); + } + } + break; + case TDATA2: + qemu_log_mask(LOG_UNIMP, + "tdata2 is not supported for icount trigger\n"); + break; + case TDATA3: + qemu_log_mask(LOG_UNIMP, + "tdata3 is not supported for icount trigger\n"); + break; + default: + g_assert_not_reached(); + } + + return; +} + +static int itrigger_get_adjust_count(CPURISCVState *env) +{ + int count = itrigger_get_count(env, env->trigger_cur), executed; + if ((count != 0) && check_itrigger_priv(env, env->trigger_cur)) { + executed = icount_get_raw() - env->last_icount; + count += executed; + } + return count; +} + +target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) +{ + int trigger_type; + switch (tdata_index) { + case TDATA1: + trigger_type = extract_trigger_type(env, env->tdata1[env->trigger_cur]); + if ((trigger_type == TRIGGER_TYPE_INST_CNT) && icount_enabled()) { + return deposit64(env->tdata1[env->trigger_cur], 10, 14, + itrigger_get_adjust_count(env)); + } return env->tdata1[env->trigger_cur]; case TDATA2: return env->tdata2[env->trigger_cur]; @@ -656,6 +726,8 @@ void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) type6_reg_write(env, env->trigger_cur, tdata_index, val); break; case TRIGGER_TYPE_INST_CNT: + itrigger_reg_write(env, env->trigger_cur, tdata_index, val); + break; case TRIGGER_TYPE_INT: case TRIGGER_TYPE_EXCP: case TRIGGER_TYPE_EXT_SRC: From 577f02869488f49955645dd48961cc5593fff63f Mon Sep 17 00:00:00 2001 From: LIU Zhiwei Date: Thu, 13 Oct 2022 14:29:46 +0800 Subject: [PATCH 13/43] target/riscv: Add itrigger_enabled field to CPURISCVState Avoid calling riscv_itrigger_enabled() when calculate the tbflags. As the itrigger enable status can only be changed when write tdata1, migration load or itrigger fire, update env->itrigger_enabled at these places. Signed-off-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-Id: <20221013062946.7530-5-zhiwei_liu@linux.alibaba.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 1 + target/riscv/cpu_helper.c | 3 +-- target/riscv/debug.c | 3 +++ target/riscv/machine.c | 15 +++++++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index b0b4048de9..37f9516941 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -331,6 +331,7 @@ struct CPUArchState { struct CPUWatchpoint *cpu_watchpoint[RV_MAX_TRIGGERS]; QEMUTimer *itrigger_timer[RV_MAX_TRIGGERS]; int64_t last_icount; + bool itrigger_enabled; /* machine specific rdtime callback */ uint64_t (*rdtime_fn)(void *); diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 6230f65f70..427d4d4386 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -106,8 +106,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc, get_field(env->mstatus_hs, MSTATUS_VS)); } if (riscv_feature(env, RISCV_FEATURE_DEBUG) && !icount_enabled()) { - flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER, - riscv_itrigger_enabled(env)); + flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER, env->itrigger_enabled); } #endif diff --git a/target/riscv/debug.c b/target/riscv/debug.c index b3574b250f..bf4840a6a3 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -563,6 +563,7 @@ void helper_itrigger_match(CPURISCVState *env) } itrigger_set_count(env, i, count--); if (!count) { + env->itrigger_enabled = riscv_itrigger_enabled(env); do_trigger_action(env, i); } } @@ -660,6 +661,8 @@ static void itrigger_reg_write(CPURISCVState *env, target_ulong index, /* set the count to timer */ timer_mod(env->itrigger_timer[index], env->last_icount + itrigger_get_count(env, index)); + } else { + env->itrigger_enabled = riscv_itrigger_enabled(env); } } break; diff --git a/target/riscv/machine.c b/target/riscv/machine.c index e687f9fce0..65a8549ec2 100644 --- a/target/riscv/machine.c +++ b/target/riscv/machine.c @@ -21,6 +21,8 @@ #include "qemu/error-report.h" #include "sysemu/kvm.h" #include "migration/cpu.h" +#include "sysemu/cpu-timers.h" +#include "debug.h" static bool pmp_needed(void *opaque) { @@ -229,11 +231,24 @@ static bool debug_needed(void *opaque) return riscv_feature(env, RISCV_FEATURE_DEBUG); } +static int debug_post_load(void *opaque, int version_id) +{ + RISCVCPU *cpu = opaque; + CPURISCVState *env = &cpu->env; + + if (icount_enabled()) { + env->itrigger_enabled = riscv_itrigger_enabled(env); + } + + return 0; +} + static const VMStateDescription vmstate_debug = { .name = "cpu/debug", .version_id = 2, .minimum_version_id = 2, .needed = debug_needed, + .post_load = debug_post_load, .fields = (VMStateField[]) { VMSTATE_UINTTL(env.trigger_cur, RISCVCPU), VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS), From 0a9a6cba8b9cad8786670fd8c9fa1b0d39bd00e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9trot?= Date: Mon, 14 Nov 2022 14:51:22 +0100 Subject: [PATCH 14/43] hw/intc: sifive_plic: Renumber the S irqs for numa support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 40244040a7a changed the way the S irqs are numbered. This breaks when using numa configuration, e.g.: ./qemu-system-riscv64 -nographic -machine virt,dumpdtb=numa-tree.dtb \ -m 2G -smp cpus=16 \ -object memory-backend-ram,id=mem0,size=512M \ -object memory-backend-ram,id=mem1,size=512M \ -object memory-backend-ram,id=mem2,size=512M \ -object memory-backend-ram,id=mem3,size=512M \ -numa node,cpus=0-3,memdev=mem0,nodeid=0 \ -numa node,cpus=4-7,memdev=mem1,nodeid=1 \ -numa node,cpus=8-11,memdev=mem2,nodeid=2 \ -numa node,cpus=12-15,memdev=mem3,nodeid=3 leads to: Unexpected error in object_property_find_err() at ../qom/object.c:1304: qemu-system-riscv64: Property 'riscv.sifive.plic.unnamed-gpio-out[8]' not found This patch makes the nubering of the S irqs identical to what it was before. Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Frédéric Pétrot Message-Id: <20221114135122.1668703-1-frederic.petrot@univ-grenoble-alpes.fr> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index c2dfacf028..b4949bef97 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -476,11 +476,11 @@ DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, CPUState *cpu = qemu_get_cpu(cpu_num); if (plic->addr_config[i].mode == PLICMode_M) { - qdev_connect_gpio_out(dev, num_harts - plic->hartid_base + cpu_num, + qdev_connect_gpio_out(dev, cpu_num - hartid_base + num_harts, qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT)); } if (plic->addr_config[i].mode == PLICMode_S) { - qdev_connect_gpio_out(dev, cpu_num, + qdev_connect_gpio_out(dev, cpu_num - hartid_base, qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT)); } } From 6535a443345d659882444f0db1fafd22ba1f803a Mon Sep 17 00:00:00 2001 From: Anup Patel Date: Tue, 8 Nov 2022 18:26:59 +0530 Subject: [PATCH 15/43] target/riscv: Typo fix in sstc() predicate We should use "&&" instead of "&" when checking hcounteren.TM and henvcfg.STCE bits. Fixes: 3ec0fe18a31f ("target/riscv: Add vstimecmp suppor") Signed-off-by: Anup Patel Reviewed-by: Alistair Francis Message-Id: <20221108125703.1463577-2-apatel@ventanamicro.com> Signed-off-by: Alistair Francis --- target/riscv/csr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 71236f2b5d..0db2c233e5 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -940,7 +940,7 @@ static RISCVException sstc(CPURISCVState *env, int csrno) } if (riscv_cpu_virt_enabled(env)) { - if (!(get_field(env->hcounteren, COUNTEREN_TM) & + if (!(get_field(env->hcounteren, COUNTEREN_TM) && get_field(env->henvcfg, HENVCFG_STCE))) { return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; } From 0c83343ba37151b0edbbc7aa6bea555c58b358cf Mon Sep 17 00:00:00 2001 From: Atish Patra Date: Tue, 22 Nov 2022 00:05:29 -0800 Subject: [PATCH 16/43] hw/riscv: virt: Remove the redundant ipi-id property The imsic DT binding[1] has changed and no longer require an ipi-id. The latest IMSIC driver dynamically allocates ipi id if slow-ipi is not defined. Get rid of the unused dt property which may lead to confusion. [1] https://lore.kernel.org/lkml/20221111044207.1478350-5-apatel@ventanamicro.com/ Signed-off-by: Atish Patra Reviewed-by: Alistair Francis Message-Id: <20221122080529.1692533-1-atishp@rivosinc.com> Signed-off-by: Alistair Francis --- hw/riscv/virt.c | 4 ---- include/hw/riscv/virt.h | 1 - 2 files changed, 5 deletions(-) diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index a5bc7353b4..6cf9355b99 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -546,8 +546,6 @@ static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap, riscv_socket_count(mc) * sizeof(uint32_t) * 4); qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,num-ids", VIRT_IRQCHIP_NUM_MSIS); - qemu_fdt_setprop_cells(mc->fdt, imsic_name, "riscv,ipi-id", - VIRT_IRQCHIP_IPI_MSI); if (riscv_socket_count(mc) > 1) { qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,hart-index-bits", imsic_num_bits(imsic_max_hart_per_socket)); @@ -597,8 +595,6 @@ static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap, riscv_socket_count(mc) * sizeof(uint32_t) * 4); qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,num-ids", VIRT_IRQCHIP_NUM_MSIS); - qemu_fdt_setprop_cells(mc->fdt, imsic_name, "riscv,ipi-id", - VIRT_IRQCHIP_IPI_MSI); if (imsic_guest_bits) { qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,guest-index-bits", imsic_guest_bits); diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h index be4ab8fe7f..62513e075c 100644 --- a/include/hw/riscv/virt.h +++ b/include/hw/riscv/virt.h @@ -93,7 +93,6 @@ enum { #define VIRT_PLATFORM_BUS_NUM_IRQS 32 -#define VIRT_IRQCHIP_IPI_MSI 1 #define VIRT_IRQCHIP_NUM_MSIS 255 #define VIRT_IRQCHIP_NUM_SOURCES VIRTIO_NDEV #define VIRT_IRQCHIP_NUM_PRIO_BITS 3 From eacd03cb9e51f98c19dc97270c9e4745f441abbe Mon Sep 17 00:00:00 2001 From: Jim Shu Date: Wed, 23 Nov 2022 09:06:29 +0000 Subject: [PATCH 17/43] target/riscv: support cache-related PMU events in virtual mode let tlb_fill() function also increments PMU counter when it is from two-stage translation, so QEMU could also monitor these PMU events when CPU runs in VS/VU mode (like running guest OS). Signed-off-by: Jim Shu Reviewed-by: Alistair Francis Message-Id: <20221123090635.6574-1-jim.shu@sifive.com> Signed-off-by: Alistair Francis --- target/riscv/cpu_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 427d4d4386..1ff6ab5746 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1258,6 +1258,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, } } + pmu_tlb_fill_incr_ctr(cpu, access_type); if (riscv_cpu_virt_enabled(env) || ((riscv_cpu_two_stage_lookup(mmu_idx) || two_stage_lookup) && access_type != MMU_INST_FETCH)) { @@ -1321,7 +1322,6 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, } } } else { - pmu_tlb_fill_incr_ctr(cpu, access_type); /* Single stage lookup */ ret = get_physical_address(env, &pa, &prot, address, NULL, access_type, mmu_idx, true, false, false); From bc7dca13b7ac81832c66b5dc67d0568c7b08d064 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Fri, 25 Nov 2022 13:03:54 +0800 Subject: [PATCH 18/43] target/riscv: Add some comments for sstatus CSR in riscv_cpu_dump_state() sstatus register dump is currently missing in riscv_cpu_dump_state(). As sstatus is a copy of mstatus, which is described in the priv spec, it seems redundant to print the same information twice. Add some comments for this to let people know this is intentional. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221125050354.3166023-1-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- target/riscv/cpu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 6fe176e483..b2c132e269 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -382,6 +382,10 @@ static void riscv_cpu_dump_state(CPUState *cs, FILE *f, int flags) CSR_MHARTID, CSR_MSTATUS, CSR_MSTATUSH, + /* + * CSR_SSTATUS is intentionally omitted here as its value + * can be figured out by looking at CSR_MSTATUS + */ CSR_HSTATUS, CSR_VSSTATUS, CSR_MIP, From 13cd1d6eaff8a2e02270a8cfa74a9216fa03109f Mon Sep 17 00:00:00 2001 From: Conor Dooley Date: Thu, 17 Nov 2022 22:55:16 +0000 Subject: [PATCH 19/43] hw/misc: pfsoc: add fabric clocks to ioscb On PolarFire SoC, some peripherals (eg the PCI root port) are clocked by "Clock Conditioning Circuitry" in the FPGA. The specific clock depends on the FPGA bitstream & can be locked to one particular {D,P}LL - in the Icicle Kit Reference Design v2022.09 or later this is/will be the case. Linux v6.1+ will have a driver for this peripheral and devicetrees that previously relied on "fixed-frequency" clock nodes have been switched over to clock-controller nodes. The IOSCB region is represented in QEMU, but the specific region of it that the CCCs occupy has not so v6.1-rcN kernels fail to boot in QEMU. Add the regions as unimplemented so that the status-quo in terms of boot is maintained. Acked-by: Alistair Francis Signed-off-by: Conor Dooley Message-Id: <20221117225518.4102575-2-conor@kernel.org> Signed-off-by: Alistair Francis --- hw/misc/mchp_pfsoc_ioscb.c | 6 ++++++ include/hw/misc/mchp_pfsoc_ioscb.h | 1 + 2 files changed, 7 insertions(+) diff --git a/hw/misc/mchp_pfsoc_ioscb.c b/hw/misc/mchp_pfsoc_ioscb.c index f4fd55a0e5..f976e42f72 100644 --- a/hw/misc/mchp_pfsoc_ioscb.c +++ b/hw/misc/mchp_pfsoc_ioscb.c @@ -33,6 +33,7 @@ */ #define IOSCB_WHOLE_REG_SIZE 0x10000000 #define IOSCB_SUBMOD_REG_SIZE 0x1000 +#define IOSCB_CCC_REG_SIZE 0x2000000 /* * There are many sub-modules in the IOSCB module. @@ -45,6 +46,7 @@ #define IOSCB_LANE23_BASE 0x06510000 #define IOSCB_CTRL_BASE 0x07020000 #define IOSCB_CFG_BASE 0x07080000 +#define IOSCB_CCC_BASE 0x08000000 #define IOSCB_PLL_MSS_BASE 0x0E001000 #define IOSCB_CFM_MSS_BASE 0x0E002000 #define IOSCB_PLL_DDR_BASE 0x0E010000 @@ -168,6 +170,10 @@ static void mchp_pfsoc_ioscb_realize(DeviceState *dev, Error **errp) "mchp.pfsoc.ioscb.cfg", IOSCB_SUBMOD_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_CFG_BASE, &s->cfg); + memory_region_init_io(&s->ccc, OBJECT(s), &mchp_pfsoc_dummy_ops, s, + "mchp.pfsoc.ioscb.ccc", IOSCB_CCC_REG_SIZE); + memory_region_add_subregion(&s->container, IOSCB_CCC_BASE, &s->ccc); + memory_region_init_io(&s->pll_mss, OBJECT(s), &mchp_pfsoc_pll_ops, s, "mchp.pfsoc.ioscb.pll_mss", IOSCB_SUBMOD_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_PLL_MSS_BASE, &s->pll_mss); diff --git a/include/hw/misc/mchp_pfsoc_ioscb.h b/include/hw/misc/mchp_pfsoc_ioscb.h index 9235523e33..687b213742 100644 --- a/include/hw/misc/mchp_pfsoc_ioscb.h +++ b/include/hw/misc/mchp_pfsoc_ioscb.h @@ -30,6 +30,7 @@ typedef struct MchpPfSoCIoscbState { MemoryRegion lane23; MemoryRegion ctrl; MemoryRegion cfg; + MemoryRegion ccc; MemoryRegion pll_mss; MemoryRegion cfm_mss; MemoryRegion pll_ddr; From 8d32e374a805976c622ed58073015eaf2e6859dc Mon Sep 17 00:00:00 2001 From: Conor Dooley Date: Thu, 17 Nov 2022 22:55:17 +0000 Subject: [PATCH 20/43] hw/riscv: pfsoc: add missing FICs as unimplemented The Fabric Interconnect Controllers provide interfaces between the FPGA fabric and the core complex. There are 5 FICs on PolarFire SoC, numbered 0 through 4. FIC2 is an AXI4 slave interface from the FPGA fabric and does not show up on the MSS memory map. FIC4 is dedicated to the User Crypto Processor and does not show up on the MSS memory map either. FIC 0, 1 & 3 do show up in the MSS memory map and neither FICs 0 or 1 are represented in QEMU, leading to load access violations while booting Linux for Icicle if PCIe is enabled as the root port is connected via either FIC 0 or 1. Acked-by: Alistair Francis Signed-off-by: Conor Dooley Message-Id: <20221117225518.4102575-3-conor@kernel.org> Signed-off-by: Alistair Francis --- hw/riscv/microchip_pfsoc.c | 115 ++++++++++++++++------------- include/hw/riscv/microchip_pfsoc.h | 2 + 2 files changed, 65 insertions(+), 52 deletions(-) diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c index a821263d4f..2a24e3437a 100644 --- a/hw/riscv/microchip_pfsoc.c +++ b/hw/riscv/microchip_pfsoc.c @@ -86,58 +86,61 @@ * describes the complete IOSCB modules memory maps */ static const MemMapEntry microchip_pfsoc_memmap[] = { - [MICROCHIP_PFSOC_RSVD0] = { 0x0, 0x100 }, - [MICROCHIP_PFSOC_DEBUG] = { 0x100, 0xf00 }, - [MICROCHIP_PFSOC_E51_DTIM] = { 0x1000000, 0x2000 }, - [MICROCHIP_PFSOC_BUSERR_UNIT0] = { 0x1700000, 0x1000 }, - [MICROCHIP_PFSOC_BUSERR_UNIT1] = { 0x1701000, 0x1000 }, - [MICROCHIP_PFSOC_BUSERR_UNIT2] = { 0x1702000, 0x1000 }, - [MICROCHIP_PFSOC_BUSERR_UNIT3] = { 0x1703000, 0x1000 }, - [MICROCHIP_PFSOC_BUSERR_UNIT4] = { 0x1704000, 0x1000 }, - [MICROCHIP_PFSOC_CLINT] = { 0x2000000, 0x10000 }, - [MICROCHIP_PFSOC_L2CC] = { 0x2010000, 0x1000 }, - [MICROCHIP_PFSOC_DMA] = { 0x3000000, 0x100000 }, - [MICROCHIP_PFSOC_L2LIM] = { 0x8000000, 0x2000000 }, - [MICROCHIP_PFSOC_PLIC] = { 0xc000000, 0x4000000 }, - [MICROCHIP_PFSOC_MMUART0] = { 0x20000000, 0x1000 }, - [MICROCHIP_PFSOC_WDOG0] = { 0x20001000, 0x1000 }, - [MICROCHIP_PFSOC_SYSREG] = { 0x20002000, 0x2000 }, - [MICROCHIP_PFSOC_AXISW] = { 0x20004000, 0x1000 }, - [MICROCHIP_PFSOC_MPUCFG] = { 0x20005000, 0x1000 }, - [MICROCHIP_PFSOC_FMETER] = { 0x20006000, 0x1000 }, - [MICROCHIP_PFSOC_DDR_SGMII_PHY] = { 0x20007000, 0x1000 }, - [MICROCHIP_PFSOC_EMMC_SD] = { 0x20008000, 0x1000 }, - [MICROCHIP_PFSOC_DDR_CFG] = { 0x20080000, 0x40000 }, - [MICROCHIP_PFSOC_MMUART1] = { 0x20100000, 0x1000 }, - [MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 }, - [MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 }, - [MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 }, - [MICROCHIP_PFSOC_WDOG1] = { 0x20101000, 0x1000 }, - [MICROCHIP_PFSOC_WDOG2] = { 0x20103000, 0x1000 }, - [MICROCHIP_PFSOC_WDOG3] = { 0x20105000, 0x1000 }, - [MICROCHIP_PFSOC_WDOG4] = { 0x20106000, 0x1000 }, - [MICROCHIP_PFSOC_SPI0] = { 0x20108000, 0x1000 }, - [MICROCHIP_PFSOC_SPI1] = { 0x20109000, 0x1000 }, - [MICROCHIP_PFSOC_I2C0] = { 0x2010a000, 0x1000 }, - [MICROCHIP_PFSOC_I2C1] = { 0x2010b000, 0x1000 }, - [MICROCHIP_PFSOC_CAN0] = { 0x2010c000, 0x1000 }, - [MICROCHIP_PFSOC_CAN1] = { 0x2010d000, 0x1000 }, - [MICROCHIP_PFSOC_GEM0] = { 0x20110000, 0x2000 }, - [MICROCHIP_PFSOC_GEM1] = { 0x20112000, 0x2000 }, - [MICROCHIP_PFSOC_GPIO0] = { 0x20120000, 0x1000 }, - [MICROCHIP_PFSOC_GPIO1] = { 0x20121000, 0x1000 }, - [MICROCHIP_PFSOC_GPIO2] = { 0x20122000, 0x1000 }, - [MICROCHIP_PFSOC_RTC] = { 0x20124000, 0x1000 }, - [MICROCHIP_PFSOC_ENVM_CFG] = { 0x20200000, 0x1000 }, - [MICROCHIP_PFSOC_ENVM_DATA] = { 0x20220000, 0x20000 }, - [MICROCHIP_PFSOC_USB] = { 0x20201000, 0x1000 }, - [MICROCHIP_PFSOC_QSPI_XIP] = { 0x21000000, 0x1000000 }, - [MICROCHIP_PFSOC_IOSCB] = { 0x30000000, 0x10000000 }, - [MICROCHIP_PFSOC_FABRIC_FIC3] = { 0x40000000, 0x20000000 }, - [MICROCHIP_PFSOC_DRAM_LO] = { 0x80000000, 0x40000000 }, - [MICROCHIP_PFSOC_DRAM_LO_ALIAS] = { 0xc0000000, 0x40000000 }, - [MICROCHIP_PFSOC_DRAM_HI] = { 0x1000000000, 0x0 }, - [MICROCHIP_PFSOC_DRAM_HI_ALIAS] = { 0x1400000000, 0x0 }, + [MICROCHIP_PFSOC_RSVD0] = { 0x0, 0x100 }, + [MICROCHIP_PFSOC_DEBUG] = { 0x100, 0xf00 }, + [MICROCHIP_PFSOC_E51_DTIM] = { 0x1000000, 0x2000 }, + [MICROCHIP_PFSOC_BUSERR_UNIT0] = { 0x1700000, 0x1000 }, + [MICROCHIP_PFSOC_BUSERR_UNIT1] = { 0x1701000, 0x1000 }, + [MICROCHIP_PFSOC_BUSERR_UNIT2] = { 0x1702000, 0x1000 }, + [MICROCHIP_PFSOC_BUSERR_UNIT3] = { 0x1703000, 0x1000 }, + [MICROCHIP_PFSOC_BUSERR_UNIT4] = { 0x1704000, 0x1000 }, + [MICROCHIP_PFSOC_CLINT] = { 0x2000000, 0x10000 }, + [MICROCHIP_PFSOC_L2CC] = { 0x2010000, 0x1000 }, + [MICROCHIP_PFSOC_DMA] = { 0x3000000, 0x100000 }, + [MICROCHIP_PFSOC_L2LIM] = { 0x8000000, 0x2000000 }, + [MICROCHIP_PFSOC_PLIC] = { 0xc000000, 0x4000000 }, + [MICROCHIP_PFSOC_MMUART0] = { 0x20000000, 0x1000 }, + [MICROCHIP_PFSOC_WDOG0] = { 0x20001000, 0x1000 }, + [MICROCHIP_PFSOC_SYSREG] = { 0x20002000, 0x2000 }, + [MICROCHIP_PFSOC_AXISW] = { 0x20004000, 0x1000 }, + [MICROCHIP_PFSOC_MPUCFG] = { 0x20005000, 0x1000 }, + [MICROCHIP_PFSOC_FMETER] = { 0x20006000, 0x1000 }, + [MICROCHIP_PFSOC_DDR_SGMII_PHY] = { 0x20007000, 0x1000 }, + [MICROCHIP_PFSOC_EMMC_SD] = { 0x20008000, 0x1000 }, + [MICROCHIP_PFSOC_DDR_CFG] = { 0x20080000, 0x40000 }, + [MICROCHIP_PFSOC_MMUART1] = { 0x20100000, 0x1000 }, + [MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 }, + [MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 }, + [MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 }, + [MICROCHIP_PFSOC_WDOG1] = { 0x20101000, 0x1000 }, + [MICROCHIP_PFSOC_WDOG2] = { 0x20103000, 0x1000 }, + [MICROCHIP_PFSOC_WDOG3] = { 0x20105000, 0x1000 }, + [MICROCHIP_PFSOC_WDOG4] = { 0x20106000, 0x1000 }, + [MICROCHIP_PFSOC_SPI0] = { 0x20108000, 0x1000 }, + [MICROCHIP_PFSOC_SPI1] = { 0x20109000, 0x1000 }, + [MICROCHIP_PFSOC_I2C0] = { 0x2010a000, 0x1000 }, + [MICROCHIP_PFSOC_I2C1] = { 0x2010b000, 0x1000 }, + [MICROCHIP_PFSOC_CAN0] = { 0x2010c000, 0x1000 }, + [MICROCHIP_PFSOC_CAN1] = { 0x2010d000, 0x1000 }, + [MICROCHIP_PFSOC_GEM0] = { 0x20110000, 0x2000 }, + [MICROCHIP_PFSOC_GEM1] = { 0x20112000, 0x2000 }, + [MICROCHIP_PFSOC_GPIO0] = { 0x20120000, 0x1000 }, + [MICROCHIP_PFSOC_GPIO1] = { 0x20121000, 0x1000 }, + [MICROCHIP_PFSOC_GPIO2] = { 0x20122000, 0x1000 }, + [MICROCHIP_PFSOC_RTC] = { 0x20124000, 0x1000 }, + [MICROCHIP_PFSOC_ENVM_CFG] = { 0x20200000, 0x1000 }, + [MICROCHIP_PFSOC_ENVM_DATA] = { 0x20220000, 0x20000 }, + [MICROCHIP_PFSOC_USB] = { 0x20201000, 0x1000 }, + [MICROCHIP_PFSOC_QSPI_XIP] = { 0x21000000, 0x1000000 }, + [MICROCHIP_PFSOC_IOSCB] = { 0x30000000, 0x10000000 }, + [MICROCHIP_PFSOC_FABRIC_FIC0] = { 0x2000000000, 0x1000000000 }, + [MICROCHIP_PFSOC_FABRIC_FIC1] = { 0x3000000000, 0x1000000000 }, + [MICROCHIP_PFSOC_FABRIC_FIC3] = { 0x40000000, 0x20000000 }, + [MICROCHIP_PFSOC_DRAM_LO] = { 0x80000000, 0x40000000 }, + [MICROCHIP_PFSOC_DRAM_LO_ALIAS] = { 0xc0000000, 0x40000000 }, + [MICROCHIP_PFSOC_DRAM_HI] = { 0x1000000000, 0x0 }, + [MICROCHIP_PFSOC_DRAM_HI_ALIAS] = { 0x1400000000, 0x0 }, + }; static void microchip_pfsoc_soc_instance_init(Object *obj) @@ -461,6 +464,14 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, Error **errp) create_unimplemented_device("microchip.pfsoc.fabricfic3", memmap[MICROCHIP_PFSOC_FABRIC_FIC3].base, memmap[MICROCHIP_PFSOC_FABRIC_FIC3].size); + /* FPGA Fabric */ + create_unimplemented_device("microchip.pfsoc.fabricfic0", + memmap[MICROCHIP_PFSOC_FABRIC_FIC0].base, + memmap[MICROCHIP_PFSOC_FABRIC_FIC0].size); + /* FPGA Fabric */ + create_unimplemented_device("microchip.pfsoc.fabricfic1", + memmap[MICROCHIP_PFSOC_FABRIC_FIC1].base, + memmap[MICROCHIP_PFSOC_FABRIC_FIC1].size); /* QSPI Flash */ memory_region_init_rom(qspi_xip_mem, OBJECT(dev), diff --git a/include/hw/riscv/microchip_pfsoc.h b/include/hw/riscv/microchip_pfsoc.h index a757b240e0..7e7950dd36 100644 --- a/include/hw/riscv/microchip_pfsoc.h +++ b/include/hw/riscv/microchip_pfsoc.h @@ -121,6 +121,8 @@ enum { MICROCHIP_PFSOC_USB, MICROCHIP_PFSOC_QSPI_XIP, MICROCHIP_PFSOC_IOSCB, + MICROCHIP_PFSOC_FABRIC_FIC0, + MICROCHIP_PFSOC_FABRIC_FIC1, MICROCHIP_PFSOC_FABRIC_FIC3, MICROCHIP_PFSOC_DRAM_LO, MICROCHIP_PFSOC_DRAM_LO_ALIAS, From 592f0a9429b924bc7eec0aee60afa391f7ca96b2 Mon Sep 17 00:00:00 2001 From: Conor Dooley Date: Thu, 17 Nov 2022 22:55:18 +0000 Subject: [PATCH 21/43] hw/{misc, riscv}: pfsoc: add system controller as unimplemented The system controller on PolarFire SoC is access via a mailbox. The control registers for this mailbox lie in the "IOSCB" region & the interrupt is cleared via write to the "SYSREG" region. It also has a QSPI controller, usually connected to a flash chip, that is used for storing FPGA bitstreams and used for In-Application Programming (IAP). Linux has an implementation of the system controller, through which the hwrng is accessed, leading to load/store access faults. Add the QSPI as unimplemented and a very basic (effectively unimplemented) version of the system controller's mailbox. Rather than purely marking the regions as unimplemented, service the mailbox requests by reporting failures and raising the interrupt so a guest can better handle the lack of support. Signed-off-by: Conor Dooley Acked-by: Alistair Francis Message-Id: <20221117225518.4102575-4-conor@kernel.org> Signed-off-by: Alistair Francis --- hw/misc/mchp_pfsoc_ioscb.c | 72 ++++++++++++++++++++++++++++- hw/misc/mchp_pfsoc_sysreg.c | 18 ++++++-- hw/riscv/microchip_pfsoc.c | 6 +++ include/hw/misc/mchp_pfsoc_ioscb.h | 3 ++ include/hw/misc/mchp_pfsoc_sysreg.h | 1 + include/hw/riscv/microchip_pfsoc.h | 1 + 6 files changed, 95 insertions(+), 6 deletions(-) diff --git a/hw/misc/mchp_pfsoc_ioscb.c b/hw/misc/mchp_pfsoc_ioscb.c index f976e42f72..a71d134295 100644 --- a/hw/misc/mchp_pfsoc_ioscb.c +++ b/hw/misc/mchp_pfsoc_ioscb.c @@ -24,6 +24,7 @@ #include "qemu/bitops.h" #include "qemu/log.h" #include "qapi/error.h" +#include "hw/irq.h" #include "hw/sysbus.h" #include "hw/misc/mchp_pfsoc_ioscb.h" @@ -34,6 +35,9 @@ #define IOSCB_WHOLE_REG_SIZE 0x10000000 #define IOSCB_SUBMOD_REG_SIZE 0x1000 #define IOSCB_CCC_REG_SIZE 0x2000000 +#define IOSCB_CTRL_REG_SIZE 0x800 +#define IOSCB_QSPIXIP_REG_SIZE 0x200 + /* * There are many sub-modules in the IOSCB module. @@ -45,6 +49,8 @@ #define IOSCB_LANE01_BASE 0x06500000 #define IOSCB_LANE23_BASE 0x06510000 #define IOSCB_CTRL_BASE 0x07020000 +#define IOSCB_QSPIXIP_BASE 0x07020100 +#define IOSCB_MAILBOX_BASE 0x07020800 #define IOSCB_CFG_BASE 0x07080000 #define IOSCB_CCC_BASE 0x08000000 #define IOSCB_PLL_MSS_BASE 0x0E001000 @@ -143,6 +149,58 @@ static const MemoryRegionOps mchp_pfsoc_io_calib_ddr_ops = { .endianness = DEVICE_LITTLE_ENDIAN, }; +#define SERVICES_CR 0x50 +#define SERVICES_SR 0x54 +#define SERVICES_STATUS_SHIFT 16 + +static uint64_t mchp_pfsoc_ctrl_read(void *opaque, hwaddr offset, + unsigned size) +{ + uint32_t val = 0; + + switch (offset) { + case SERVICES_SR: + /* + * Although some services have no error codes, most do. All services + * that do implement errors, begin their error codes at 1. Treat all + * service requests as failures & return 1. + * See the "PolarFire® FPGA and PolarFire SoC FPGA System Services" + * user guide for more information on service error codes. + */ + val = 1u << SERVICES_STATUS_SHIFT; + break; + default: + qemu_log_mask(LOG_UNIMP, "%s: unimplemented device read " + "(size %d, offset 0x%" HWADDR_PRIx ")\n", + __func__, size, offset); + } + + return val; +} + +static void mchp_pfsoc_ctrl_write(void *opaque, hwaddr offset, + uint64_t value, unsigned size) +{ + MchpPfSoCIoscbState *s = opaque; + + switch (offset) { + case SERVICES_CR: + qemu_irq_raise(s->irq); + break; + default: + qemu_log_mask(LOG_UNIMP, "%s: unimplemented device write " + "(size %d, value 0x%" PRIx64 + ", offset 0x%" HWADDR_PRIx ")\n", + __func__, size, value, offset); + } +} + +static const MemoryRegionOps mchp_pfsoc_ctrl_ops = { + .read = mchp_pfsoc_ctrl_read, + .write = mchp_pfsoc_ctrl_write, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + static void mchp_pfsoc_ioscb_realize(DeviceState *dev, Error **errp) { MchpPfSoCIoscbState *s = MCHP_PFSOC_IOSCB(dev); @@ -162,10 +220,18 @@ static void mchp_pfsoc_ioscb_realize(DeviceState *dev, Error **errp) "mchp.pfsoc.ioscb.lane23", IOSCB_SUBMOD_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_LANE23_BASE, &s->lane23); - memory_region_init_io(&s->ctrl, OBJECT(s), &mchp_pfsoc_dummy_ops, s, - "mchp.pfsoc.ioscb.ctrl", IOSCB_SUBMOD_REG_SIZE); + memory_region_init_io(&s->ctrl, OBJECT(s), &mchp_pfsoc_ctrl_ops, s, + "mchp.pfsoc.ioscb.ctrl", IOSCB_CTRL_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_CTRL_BASE, &s->ctrl); + memory_region_init_io(&s->qspixip, OBJECT(s), &mchp_pfsoc_dummy_ops, s, + "mchp.pfsoc.ioscb.qspixip", IOSCB_QSPIXIP_REG_SIZE); + memory_region_add_subregion(&s->container, IOSCB_QSPIXIP_BASE, &s->qspixip); + + memory_region_init_io(&s->mailbox, OBJECT(s), &mchp_pfsoc_dummy_ops, s, + "mchp.pfsoc.ioscb.mailbox", IOSCB_SUBMOD_REG_SIZE); + memory_region_add_subregion(&s->container, IOSCB_MAILBOX_BASE, &s->mailbox); + memory_region_init_io(&s->cfg, OBJECT(s), &mchp_pfsoc_dummy_ops, s, "mchp.pfsoc.ioscb.cfg", IOSCB_SUBMOD_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_CFG_BASE, &s->cfg); @@ -222,6 +288,8 @@ static void mchp_pfsoc_ioscb_realize(DeviceState *dev, Error **errp) IOSCB_SUBMOD_REG_SIZE); memory_region_add_subregion(&s->container, IOSCB_IO_CALIB_SGMII_BASE, &s->io_calib_sgmii); + + sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq); } static void mchp_pfsoc_ioscb_class_init(ObjectClass *klass, void *data) diff --git a/hw/misc/mchp_pfsoc_sysreg.c b/hw/misc/mchp_pfsoc_sysreg.c index 89571eded5..7876fe0c5b 100644 --- a/hw/misc/mchp_pfsoc_sysreg.c +++ b/hw/misc/mchp_pfsoc_sysreg.c @@ -24,10 +24,12 @@ #include "qemu/bitops.h" #include "qemu/log.h" #include "qapi/error.h" +#include "hw/irq.h" #include "hw/sysbus.h" #include "hw/misc/mchp_pfsoc_sysreg.h" #define ENVM_CR 0xb8 +#define MESSAGE_INT 0x118c static uint64_t mchp_pfsoc_sysreg_read(void *opaque, hwaddr offset, unsigned size) @@ -52,10 +54,17 @@ static uint64_t mchp_pfsoc_sysreg_read(void *opaque, hwaddr offset, static void mchp_pfsoc_sysreg_write(void *opaque, hwaddr offset, uint64_t value, unsigned size) { - qemu_log_mask(LOG_UNIMP, "%s: unimplemented device write " - "(size %d, value 0x%" PRIx64 - ", offset 0x%" HWADDR_PRIx ")\n", - __func__, size, value, offset); + MchpPfSoCSysregState *s = opaque; + switch (offset) { + case MESSAGE_INT: + qemu_irq_lower(s->irq); + break; + default: + qemu_log_mask(LOG_UNIMP, "%s: unimplemented device write " + "(size %d, value 0x%" PRIx64 + ", offset 0x%" HWADDR_PRIx ")\n", + __func__, size, value, offset); + } } static const MemoryRegionOps mchp_pfsoc_sysreg_ops = { @@ -73,6 +82,7 @@ static void mchp_pfsoc_sysreg_realize(DeviceState *dev, Error **errp) "mchp.pfsoc.sysreg", MCHP_PFSOC_SYSREG_REG_SIZE); sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->sysreg); + sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq); } static void mchp_pfsoc_sysreg_class_init(ObjectClass *klass, void *data) diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c index 2a24e3437a..b10321b564 100644 --- a/hw/riscv/microchip_pfsoc.c +++ b/hw/riscv/microchip_pfsoc.c @@ -306,6 +306,9 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, Error **errp) sysbus_realize(SYS_BUS_DEVICE(&s->sysreg), errp); sysbus_mmio_map(SYS_BUS_DEVICE(&s->sysreg), 0, memmap[MICROCHIP_PFSOC_SYSREG].base); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->sysreg), 0, + qdev_get_gpio_in(DEVICE(s->plic), + MICROCHIP_PFSOC_MAILBOX_IRQ)); /* AXISW */ create_unimplemented_device("microchip.pfsoc.axisw", @@ -459,6 +462,9 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, Error **errp) sysbus_realize(SYS_BUS_DEVICE(&s->ioscb), errp); sysbus_mmio_map(SYS_BUS_DEVICE(&s->ioscb), 0, memmap[MICROCHIP_PFSOC_IOSCB].base); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->ioscb), 0, + qdev_get_gpio_in(DEVICE(s->plic), + MICROCHIP_PFSOC_MAILBOX_IRQ)); /* FPGA Fabric */ create_unimplemented_device("microchip.pfsoc.fabricfic3", diff --git a/include/hw/misc/mchp_pfsoc_ioscb.h b/include/hw/misc/mchp_pfsoc_ioscb.h index 687b213742..a1104862c8 100644 --- a/include/hw/misc/mchp_pfsoc_ioscb.h +++ b/include/hw/misc/mchp_pfsoc_ioscb.h @@ -29,6 +29,8 @@ typedef struct MchpPfSoCIoscbState { MemoryRegion lane01; MemoryRegion lane23; MemoryRegion ctrl; + MemoryRegion qspixip; + MemoryRegion mailbox; MemoryRegion cfg; MemoryRegion ccc; MemoryRegion pll_mss; @@ -41,6 +43,7 @@ typedef struct MchpPfSoCIoscbState { MemoryRegion cfm_sgmii; MemoryRegion bc_sgmii; MemoryRegion io_calib_sgmii; + qemu_irq irq; } MchpPfSoCIoscbState; #define TYPE_MCHP_PFSOC_IOSCB "mchp.pfsoc.ioscb" diff --git a/include/hw/misc/mchp_pfsoc_sysreg.h b/include/hw/misc/mchp_pfsoc_sysreg.h index 546ba68f6a..3cebe40ea9 100644 --- a/include/hw/misc/mchp_pfsoc_sysreg.h +++ b/include/hw/misc/mchp_pfsoc_sysreg.h @@ -28,6 +28,7 @@ typedef struct MchpPfSoCSysregState { SysBusDevice parent; MemoryRegion sysreg; + qemu_irq irq; } MchpPfSoCSysregState; #define TYPE_MCHP_PFSOC_SYSREG "mchp.pfsoc.sysreg" diff --git a/include/hw/riscv/microchip_pfsoc.h b/include/hw/riscv/microchip_pfsoc.h index 7e7950dd36..69a686b54a 100644 --- a/include/hw/riscv/microchip_pfsoc.h +++ b/include/hw/riscv/microchip_pfsoc.h @@ -147,6 +147,7 @@ enum { MICROCHIP_PFSOC_MMUART2_IRQ = 92, MICROCHIP_PFSOC_MMUART3_IRQ = 93, MICROCHIP_PFSOC_MMUART4_IRQ = 94, + MICROCHIP_PFSOC_MAILBOX_IRQ = 96, }; #define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT 1 From bb22d391121fc0de42a04d1ed99f602441ea70e1 Mon Sep 17 00:00:00 2001 From: Jim Shu Date: Sun, 27 Nov 2022 16:57:46 +0000 Subject: [PATCH 22/43] hw/intc: sifive_plic: fix out-of-bound access of source_priority array If the number of interrupt is not multiple of 32, PLIC will have out-of-bound access to source_priority array. Compute the number of interrupt in the last word to avoid this out-of-bound access of array. Signed-off-by: Jim Shu Reviewed-by: Bin Meng Message-Id: <20221127165753.30533-1-jim.shu@sifive.com> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index b4949bef97..0c7696520d 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid) uint32_t max_irq = 0; uint32_t max_prio = plic->target_priority[addrid]; int i, j; + int num_irq_in_word = 32; for (i = 0; i < plic->bitfield_words; i++) { uint32_t pending_enabled_not_claimed = @@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid) continue; } - for (j = 0; j < 32; j++) { + if (i == (plic->bitfield_words - 1)) { + /* + * If plic->num_sources is not multiple of 32, num-of-irq in last + * word is not 32. Compute the num-of-irq of last word to avoid + * out-of-bound access of source_priority array. + */ + num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1) << 5); + } + + for (j = 0; j < num_irq_in_word; j++) { int irq = (i << 5) + j; uint32_t prio = plic->source_priority[irq]; int enabled = pending_enabled_not_claimed & (1 << j); From 4c48aad122b9dd4d96184828d7172cc62dae01c5 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Mon, 5 Dec 2022 14:53:03 +0800 Subject: [PATCH 23/43] target/riscv: Fix mret exception cause when no pmp rule is configured The priv spec v1.12 says: If no PMP entry matches an M-mode access, the access succeeds. If no PMP entry matches an S-mode or U-mode access, but at least one PMP entry is implemented, the access fails. Failed accesses generate an instruction, load, or store access-fault exception. At present the exception cause is set to 'illegal instruction' but should have been 'instruction access fault'. Fixes: d102f19a2085 ("target/riscv/pmp: Raise exception if no PMP entry is configured") Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221205065303.204095-1-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- target/riscv/op_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 09f1f5185d..d7af7f056b 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -202,7 +202,7 @@ target_ulong helper_mret(CPURISCVState *env) if (riscv_feature(env, RISCV_FEATURE_PMP) && !pmp_get_num_rules(env) && (prev_priv != PRV_M)) { - riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); + riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, GETPC()); } target_ulong prev_virt = get_field(env->mstatus, MSTATUS_MPV); From ec2918b467228e7634f1dd5f35033ad3021b6ef7 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 3 Dec 2022 11:57:44 -0600 Subject: [PATCH 24/43] target/riscv: Set pc_succ_insn for !rvc illegal insn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Failure to set pc_succ_insn may result in a TB covering zero bytes, which triggers an assert within the code generator. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1224 Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20221203175744.151365-1-richard.henderson@linaro.org> [ Changes by AF: - Add missing run-plugin-test-noc-% line ] Signed-off-by: Alistair Francis --- target/riscv/translate.c | 12 ++++-------- tests/tcg/Makefile.target | 2 ++ tests/tcg/riscv64/Makefile.target | 6 ++++++ tests/tcg/riscv64/test-noc.S | 32 +++++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 tests/tcg/riscv64/test-noc.S diff --git a/target/riscv/translate.c b/target/riscv/translate.c index cd5eb25ee8..160aefc3df 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -1096,14 +1096,10 @@ static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t opcode) ctx->virt_inst_excp = false; /* Check for compressed insn */ if (insn_len(opcode) == 2) { - if (!has_ext(ctx, RVC)) { - gen_exception_illegal(ctx); - } else { - ctx->opcode = opcode; - ctx->pc_succ_insn = ctx->base.pc_next + 2; - if (decode_insn16(ctx, opcode)) { - return; - } + ctx->opcode = opcode; + ctx->pc_succ_insn = ctx->base.pc_next + 2; + if (has_ext(ctx, RVC) && decode_insn16(ctx, opcode)) { + return; } } else { uint32_t opcode32 = opcode; diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target index 75257f2b29..14bc013181 100644 --- a/tests/tcg/Makefile.target +++ b/tests/tcg/Makefile.target @@ -117,6 +117,8 @@ endif %: %.c $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $< -o $@ $(LDFLAGS) +%: %.S + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $< -o $@ $(LDFLAGS) else # For softmmu targets we include a different Makefile fragement as the # build options for bare programs are usually pretty different. They diff --git a/tests/tcg/riscv64/Makefile.target b/tests/tcg/riscv64/Makefile.target index b5b89dfb0e..cc3ed65ffd 100644 --- a/tests/tcg/riscv64/Makefile.target +++ b/tests/tcg/riscv64/Makefile.target @@ -4,3 +4,9 @@ VPATH += $(SRC_PATH)/tests/tcg/riscv64 TESTS += test-div TESTS += noexec + +# Disable compressed instructions for test-noc +TESTS += test-noc +test-noc: LDFLAGS = -nostdlib -static +run-test-noc: QEMU_OPTS += -cpu rv64,c=false +run-plugin-test-noc-%: QEMU_OPTS += -cpu rv64,c=false diff --git a/tests/tcg/riscv64/test-noc.S b/tests/tcg/riscv64/test-noc.S new file mode 100644 index 0000000000..e29d60c8b3 --- /dev/null +++ b/tests/tcg/riscv64/test-noc.S @@ -0,0 +1,32 @@ +#include + + .text + .globl _start +_start: + .option norvc + li a0, 4 /* SIGILL */ + la a1, sa + li a2, 0 + li a3, 8 + li a7, __NR_rt_sigaction + scall + + .option rvc + li a0, 1 + j exit + .option norvc + +pass: + li a0, 0 +exit: + li a7, __NR_exit + scall + + .data + /* struct kernel_sigaction sa = { .sa_handler = pass }; */ + .type sa, @object + .size sa, 32 +sa: + .dword pass + .zero 24 + From 2bfec53b4c7d5e5ddd08ea6ef77257cba612700d Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Wed, 7 Dec 2022 17:00:36 +0800 Subject: [PATCH 25/43] target/riscv: Simplify helper_sret() a little bit There are 2 paths in helper_sret() and the same mstatus update codes are replicated. Extract the common parts to simplify it a little bit. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221207090037.281452-1-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- target/riscv/op_helper.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index d7af7f056b..a047d38152 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -149,21 +149,21 @@ target_ulong helper_sret(CPURISCVState *env) } mstatus = env->mstatus; + prev_priv = get_field(mstatus, MSTATUS_SPP); + mstatus = set_field(mstatus, MSTATUS_SIE, + get_field(mstatus, MSTATUS_SPIE)); + mstatus = set_field(mstatus, MSTATUS_SPIE, 1); + mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); + env->mstatus = mstatus; if (riscv_has_ext(env, RVH) && !riscv_cpu_virt_enabled(env)) { /* We support Hypervisor extensions and virtulisation is disabled */ target_ulong hstatus = env->hstatus; - prev_priv = get_field(mstatus, MSTATUS_SPP); prev_virt = get_field(hstatus, HSTATUS_SPV); hstatus = set_field(hstatus, HSTATUS_SPV, 0); - mstatus = set_field(mstatus, MSTATUS_SPP, 0); - mstatus = set_field(mstatus, SSTATUS_SIE, - get_field(mstatus, SSTATUS_SPIE)); - mstatus = set_field(mstatus, SSTATUS_SPIE, 1); - env->mstatus = mstatus; env->hstatus = hstatus; if (prev_virt) { @@ -171,14 +171,6 @@ target_ulong helper_sret(CPURISCVState *env) } riscv_cpu_set_virt_enabled(env, prev_virt); - } else { - prev_priv = get_field(mstatus, MSTATUS_SPP); - - mstatus = set_field(mstatus, MSTATUS_SIE, - get_field(mstatus, MSTATUS_SPIE)); - mstatus = set_field(mstatus, MSTATUS_SPIE, 1); - mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); - env->mstatus = mstatus; } riscv_cpu_set_mode(env, prev_priv); From 0ff430a5b10db884d6dd6cde930b4e73283b7507 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Wed, 7 Dec 2022 17:00:37 +0800 Subject: [PATCH 26/43] target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+ Since priv spec v1.12, MRET and SRET now clear mstatus.MPRV when leaving M-mode. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221207090037.281452-2-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- target/riscv/op_helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index a047d38152..878bcb03b8 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -154,6 +154,9 @@ target_ulong helper_sret(CPURISCVState *env) get_field(mstatus, MSTATUS_SPIE)); mstatus = set_field(mstatus, MSTATUS_SPIE, 1); mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); + if (env->priv_ver >= PRIV_VERSION_1_12_0) { + mstatus = set_field(mstatus, MSTATUS_MPRV, 0); + } env->mstatus = mstatus; if (riscv_has_ext(env, RVH) && !riscv_cpu_virt_enabled(env)) { @@ -203,6 +206,9 @@ target_ulong helper_mret(CPURISCVState *env) mstatus = set_field(mstatus, MSTATUS_MPIE, 1); mstatus = set_field(mstatus, MSTATUS_MPP, PRV_U); mstatus = set_field(mstatus, MSTATUS_MPV, 0); + if ((env->priv_ver >= PRIV_VERSION_1_12_0) && (prev_priv != PRV_M)) { + mstatus = set_field(mstatus, MSTATUS_MPRV, 0); + } env->mstatus = mstatus; riscv_cpu_set_mode(env, prev_priv); From 260b594d8a8f74198b9b250e9fada7fc43c6f03e Mon Sep 17 00:00:00 2001 From: Christoph Muellner Date: Wed, 5 Oct 2022 16:49:48 +0200 Subject: [PATCH 27/43] RISC-V: Add Zawrs ISA extension support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds support for the Zawrs ISA extension. Given the current (incomplete) implementation of reservation sets there seems to be no way to provide a full emulation of the WRS instruction (wake on reservation set invalidation or timeout or interrupt). Therefore, we just exit the TB and return to the main loop. The specification can be found here: https://github.com/riscv/riscv-zawrs/blob/main/zawrs.adoc Note, that the Zawrs extension is frozen, but not ratified yet. Changes since v3: * Remove "RFC" since the extension is frozen * Rebase on master and fix integration issues * Fix entry ordering in extension list Changes since v2: * Rebase on master and resolve conflicts * Adjustments according to a specification change * Inline REQUIRE_ZAWRS() since it has only one user Changes since v1: * Adding zawrs to the ISA string that is passed to the kernel Signed-off-by: Christoph Müllner Reviewed-by: Alistair Francis Message-Id: <20221005144948.3421504-1-christoph.muellner@vrull.eu> Signed-off-by: Alistair Francis --- target/riscv/cpu.c | 7 +++ target/riscv/cpu.h | 1 + target/riscv/insn32.decode | 4 ++ target/riscv/insn_trans/trans_rvzawrs.c.inc | 51 +++++++++++++++++++++ target/riscv/translate.c | 1 + 5 files changed, 64 insertions(+) create mode 100644 target/riscv/insn_trans/trans_rvzawrs.c.inc diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index b2c132e269..cc75ca7667 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -76,6 +76,7 @@ static const struct isa_ext_data isa_edata_arr[] = { ISA_EXT_DATA_ENTRY(zicsr, true, PRIV_VERSION_1_10_0, ext_icsr), ISA_EXT_DATA_ENTRY(zifencei, true, PRIV_VERSION_1_10_0, ext_ifencei), ISA_EXT_DATA_ENTRY(zihintpause, true, PRIV_VERSION_1_10_0, ext_zihintpause), + ISA_EXT_DATA_ENTRY(zawrs, true, PRIV_VERSION_1_12_0, ext_zawrs), ISA_EXT_DATA_ENTRY(zfh, true, PRIV_VERSION_1_12_0, ext_zfh), ISA_EXT_DATA_ENTRY(zfhmin, true, PRIV_VERSION_1_12_0, ext_zfhmin), ISA_EXT_DATA_ENTRY(zfinx, true, PRIV_VERSION_1_12_0, ext_zfinx), @@ -766,6 +767,11 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp) return; } + if ((cpu->cfg.ext_zawrs) && !cpu->cfg.ext_a) { + error_setg(errp, "Zawrs extension requires A extension"); + return; + } + if ((cpu->cfg.ext_zfh || cpu->cfg.ext_zfhmin) && !cpu->cfg.ext_f) { error_setg(errp, "Zfh/Zfhmin extensions require F extension"); return; @@ -1021,6 +1027,7 @@ static Property riscv_cpu_extensions[] = { DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true), DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true), DEFINE_PROP_BOOL("Zihintpause", RISCVCPU, cfg.ext_zihintpause, true), + DEFINE_PROP_BOOL("Zawrs", RISCVCPU, cfg.ext_zawrs, true), DEFINE_PROP_BOOL("Zfh", RISCVCPU, cfg.ext_zfh, false), DEFINE_PROP_BOOL("Zfhmin", RISCVCPU, cfg.ext_zfhmin, false), DEFINE_PROP_BOOL("Zve32f", RISCVCPU, cfg.ext_zve32f, false), diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 37f9516941..f5609b62a2 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -453,6 +453,7 @@ struct RISCVCPUConfig { bool ext_svnapot; bool ext_svpbmt; bool ext_zdinx; + bool ext_zawrs; bool ext_zfh; bool ext_zfhmin; bool ext_zfinx; diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index d0253b8104..b7e7613ea2 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -718,6 +718,10 @@ vsetvli 0 ........... ..... 111 ..... 1010111 @r2_zimm11 vsetivli 11 .......... ..... 111 ..... 1010111 @r2_zimm10 vsetvl 1000000 ..... ..... 111 ..... 1010111 @r +# *** Zawrs Standard Extension *** +wrs_nto 000000001101 00000 000 00000 1110011 +wrs_sto 000000011101 00000 000 00000 1110011 + # *** RV32 Zba Standard Extension *** sh1add 0010000 .......... 010 ..... 0110011 @r sh2add 0010000 .......... 100 ..... 0110011 @r diff --git a/target/riscv/insn_trans/trans_rvzawrs.c.inc b/target/riscv/insn_trans/trans_rvzawrs.c.inc new file mode 100644 index 0000000000..8254e7dfe2 --- /dev/null +++ b/target/riscv/insn_trans/trans_rvzawrs.c.inc @@ -0,0 +1,51 @@ +/* + * RISC-V translation routines for the RISC-V Zawrs Extension. + * + * Copyright (c) 2022 Christoph Muellner, christoph.muellner@vrull.io + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2 or later, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +static bool trans_wrs(DisasContext *ctx) +{ + if (!ctx->cfg_ptr->ext_zawrs) { + return false; + } + + /* + * The specification says: + * While stalled, an implementation is permitted to occasionally + * terminate the stall and complete execution for any reason. + * + * So let's just exit TB and return to the main loop. + */ + + /* Clear the load reservation (if any). */ + tcg_gen_movi_tl(load_res, -1); + + gen_set_pc_imm(ctx, ctx->pc_succ_insn); + tcg_gen_exit_tb(NULL, 0); + ctx->base.is_jmp = DISAS_NORETURN; + + return true; +} + +#define GEN_TRANS_WRS(insn) \ +static bool trans_ ## insn(DisasContext *ctx, arg_ ## insn *a) \ +{ \ + (void)a; \ + return trans_wrs(ctx); \ +} + +GEN_TRANS_WRS(wrs_nto) +GEN_TRANS_WRS(wrs_sto) diff --git a/target/riscv/translate.c b/target/riscv/translate.c index 160aefc3df..df38db7553 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -1060,6 +1060,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc) #include "insn_trans/trans_rvh.c.inc" #include "insn_trans/trans_rvv.c.inc" #include "insn_trans/trans_rvb.c.inc" +#include "insn_trans/trans_rvzawrs.c.inc" #include "insn_trans/trans_rvzfh.c.inc" #include "insn_trans/trans_rvk.c.inc" #include "insn_trans/trans_privileged.c.inc" From 8d8a54bf4c4b526b1fd804d5d54c90a0e1fd1099 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:14 +0800 Subject: [PATCH 28/43] hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in sifive_plic_realize(). Let SIFIVE_PLIC select MSI_NONBROKEN and drop the selection from RISC-V machines. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Wilfred Mallawa Message-Id: <20221211030829.802437-1-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/Kconfig | 1 + hw/riscv/Kconfig | 5 ----- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig index ecd2883ceb..1d4573e803 100644 --- a/hw/intc/Kconfig +++ b/hw/intc/Kconfig @@ -78,6 +78,7 @@ config RISCV_IMSIC config SIFIVE_PLIC bool + select MSI_NONBROKEN config GOLDFISH_PIC bool diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index 79ff61c464..167dc4cca6 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -11,7 +11,6 @@ config MICROCHIP_PFSOC select MCHP_PFSOC_IOSCB select MCHP_PFSOC_MMUART select MCHP_PFSOC_SYSREG - select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_PDMA select SIFIVE_PLIC @@ -37,7 +36,6 @@ config RISCV_VIRT imply TPM_TIS_SYSBUS select RISCV_NUMA select GOLDFISH_RTC - select MSI_NONBROKEN select PCI select PCI_EXPRESS_GENERIC_BRIDGE select PFLASH_CFI01 @@ -53,7 +51,6 @@ config RISCV_VIRT config SIFIVE_E bool - select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_GPIO select SIFIVE_PLIC @@ -64,7 +61,6 @@ config SIFIVE_E config SIFIVE_U bool select CADENCE - select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_GPIO select SIFIVE_PDMA @@ -82,6 +78,5 @@ config SPIKE bool select RISCV_NUMA select HTIF - select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_PLIC From a28c94e001fcc158e504bb0c1c340c10d9288c52 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:15 +0800 Subject: [PATCH 29/43] hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in both riscv_aplic_realize() and riscv_imsic_realize(). Select MSI_NONBROKEN in RISCV_APLIC and RISCV_IMSIC. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20221211030829.802437-2-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig index 1d4573e803..21441d0a0c 100644 --- a/hw/intc/Kconfig +++ b/hw/intc/Kconfig @@ -72,9 +72,11 @@ config RISCV_ACLINT config RISCV_APLIC bool + select MSI_NONBROKEN config RISCV_IMSIC bool + select MSI_NONBROKEN config SIFIVE_PLIC bool From 8a19e7fe6efc67764c107749c7be83521618048a Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:16 +0800 Subject: [PATCH 30/43] hw/riscv: Fix opentitan dependency to SIFIVE_PLIC Since commit ef6310064820 ("hw/riscv: opentitan: Update to the latest build") the IBEX PLIC model was replaced with the SiFive PLIC model in the 'opentitan' machine but we forgot the add the dependency there. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-3-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index 167dc4cca6..1e4b58024f 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -19,6 +19,7 @@ config MICROCHIP_PFSOC config OPENTITAN bool select IBEX + select SIFIVE_PLIC select UNIMP config SHAKTI_C From 8526946c96148e1cbe98cec1a1f0d35b0e917473 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:17 +0800 Subject: [PATCH 31/43] hw/riscv: Sort machines Kconfig options in alphabetical order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SHAKTI_C machine Kconfig option was inserted in disorder. Fix it. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Wilfred Mallawa Message-Id: <20221211030829.802437-4-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/Kconfig | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index 1e4b58024f..4550b3b938 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -4,6 +4,8 @@ config RISCV_NUMA config IBEX bool +# RISC-V machines in alphabetical order + config MICROCHIP_PFSOC bool select CADENCE_SDHCI @@ -22,13 +24,6 @@ config OPENTITAN select SIFIVE_PLIC select UNIMP -config SHAKTI_C - bool - select UNIMP - select SHAKTI_UART - select RISCV_ACLINT - select SIFIVE_PLIC - config RISCV_VIRT bool imply PCI_DEVICES @@ -50,6 +45,13 @@ config RISCV_VIRT select FW_CFG_DMA select PLATFORM_BUS +config SHAKTI_C + bool + select RISCV_ACLINT + select SHAKTI_UART + select SIFIVE_PLIC + select UNIMP + config SIFIVE_E bool select RISCV_ACLINT From 391eafebbc76a461c6ec6f10b0bcd9772e43b8f8 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:18 +0800 Subject: [PATCH 32/43] hw/riscv: spike: Remove misleading comments PLIC is not included in the 'spike' machine. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-5-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/spike.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index 1e1d752c00..13946acf0d 100644 --- a/hw/riscv/spike.c +++ b/hw/riscv/spike.c @@ -8,7 +8,6 @@ * * 0) HTIF Console and Poweroff * 1) CLINT (Timer and IPI) - * 2) PLIC (Platform Level Interrupt Controller) * * This program is free software; you can redistribute it and/or modify it * under the terms and conditions of the GNU General Public License, From 2904dc1c1e7895a65a2ac18ea4bb1042d6dced50 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:19 +0800 Subject: [PATCH 33/43] hw/intc: sifive_plic: Drop PLICMode_H H-mode has been removed since priv spec 1.10. Drop it. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-6-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 1 - include/hw/intc/sifive_plic.h | 1 - 2 files changed, 2 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index 0c7696520d..936dcf74bc 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -42,7 +42,6 @@ static PLICMode char_to_mode(char c) switch (c) { case 'U': return PLICMode_U; case 'S': return PLICMode_S; - case 'H': return PLICMode_H; case 'M': return PLICMode_M; default: error_report("plic: invalid mode '%c'", c); diff --git a/include/hw/intc/sifive_plic.h b/include/hw/intc/sifive_plic.h index 134cf39a96..d3f45ec248 100644 --- a/include/hw/intc/sifive_plic.h +++ b/include/hw/intc/sifive_plic.h @@ -33,7 +33,6 @@ DECLARE_INSTANCE_CHECKER(SiFivePLICState, SIFIVE_PLIC, typedef enum PLICMode { PLICMode_U, PLICMode_S, - PLICMode_H, PLICMode_M } PLICMode; From 7b0f26e420f7988ae8c257c1f4369ba92c9b1594 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:20 +0800 Subject: [PATCH 34/43] hw/intc: sifive_plic: Improve robustness of the PLIC config parser At present the PLIC config parser can only handle legal config string like "MS,MS". However if a config string like ",MS,MS,,MS,MS,," is given the parser won't get the correct configuration. This commit improves the config parser to make it more robust. Signed-off-by: Bin Meng Acked-by: Alistair Francis Message-Id: <20221211030829.802437-7-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index 936dcf74bc..c9af94a888 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -290,7 +290,7 @@ static void sifive_plic_reset(DeviceState *dev) */ static void parse_hart_config(SiFivePLICState *plic) { - int addrid, hartid, modes; + int addrid, hartid, modes, m; const char *p; char c; @@ -299,11 +299,13 @@ static void parse_hart_config(SiFivePLICState *plic) p = plic->hart_config; while ((c = *p++)) { if (c == ',') { - addrid += ctpop8(modes); - modes = 0; - hartid++; + if (modes) { + addrid += ctpop8(modes); + hartid++; + modes = 0; + } } else { - int m = 1 << char_to_mode(c); + m = 1 << char_to_mode(c); if (modes == (modes | m)) { error_report("plic: duplicate mode '%c' in config: %s", c, plic->hart_config); @@ -314,8 +316,9 @@ static void parse_hart_config(SiFivePLICState *plic) } if (modes) { addrid += ctpop8(modes); + hartid++; + modes = 0; } - hartid++; plic->num_addrs = addrid; plic->num_harts = hartid; @@ -326,11 +329,16 @@ static void parse_hart_config(SiFivePLICState *plic) p = plic->hart_config; while ((c = *p++)) { if (c == ',') { - hartid++; + if (modes) { + hartid++; + modes = 0; + } } else { + m = char_to_mode(c); plic->addr_config[addrid].addrid = addrid; plic->addr_config[addrid].hartid = hartid; - plic->addr_config[addrid].mode = char_to_mode(c); + plic->addr_config[addrid].mode = m; + modes |= (1 << m); addrid++; } } From 35401578e25caca8b3d94accf3999abf36ea3a4b Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:21 +0800 Subject: [PATCH 35/43] hw/intc: sifive_plic: Use error_setg() to propagate the error up via errp in sifive_plic_realize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The realize() callback has an errp for us to propagate the error up. While we are here, correct the wrong multi-line comment format. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20221211030829.802437-8-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index c9af94a888..9cb4c6d6d4 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -379,7 +379,8 @@ static void sifive_plic_realize(DeviceState *dev, Error **errp) s->m_external_irqs = g_malloc(sizeof(qemu_irq) * s->num_harts); qdev_init_gpio_out(dev, s->m_external_irqs, s->num_harts); - /* We can't allow the supervisor to control SEIP as this would allow the + /* + * We can't allow the supervisor to control SEIP as this would allow the * supervisor to clear a pending external interrupt which will result in * lost a interrupt in the case a PLIC is attached. The SEIP bit must be * hardware controlled when a PLIC is attached. @@ -387,8 +388,8 @@ static void sifive_plic_realize(DeviceState *dev, Error **errp) for (i = 0; i < s->num_harts; i++) { RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(s->hartid_base + i)); if (riscv_cpu_claim_interrupts(cpu, MIP_SEIP) < 0) { - error_report("SEIP already claimed"); - exit(1); + error_setg(errp, "SEIP already claimed"); + return; } } From e8fe2bc11713897453580aa36085556cade63826 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:22 +0800 Subject: [PATCH 36/43] hw/intc: sifive_plic: Update "num-sources" property default value At present the default value of "num-sources" property is zero, which does not make a lot of sense, as in sifive_plic_realize() we see s->bitfield_words is calculated by: s->bitfield_words = (s->num_sources + 31) >> 5; if the we don't configure "num-sources" property its default value zero makes s->bitfield_words zero too, which isn't true because interrupt source 0 still occupies one word. Let's change the default value to 1 meaning that only interrupt source 0 is supported by default and a sanity check in realize(). While we are here, add a comment to describe the exact meaning of this property that the number should include interrupt source 0. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-9-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index 9cb4c6d6d4..1edeb1e1ed 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -363,6 +363,11 @@ static void sifive_plic_realize(DeviceState *dev, Error **errp) parse_hart_config(s); + if (!s->num_sources) { + error_setg(errp, "plic: invalid number of interrupt sources"); + return; + } + s->bitfield_words = (s->num_sources + 31) >> 5; s->num_enables = s->bitfield_words * s->num_addrs; s->source_priority = g_new0(uint32_t, s->num_sources); @@ -420,7 +425,8 @@ static const VMStateDescription vmstate_sifive_plic = { static Property sifive_plic_properties[] = { DEFINE_PROP_STRING("hart-config", SiFivePLICState, hart_config), DEFINE_PROP_UINT32("hartid-base", SiFivePLICState, hartid_base, 0), - DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 0), + /* number of interrupt sources including interrupt source 0 */ + DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 1), DEFINE_PROP_UINT32("num-priorities", SiFivePLICState, num_priorities, 0), DEFINE_PROP_UINT32("priority-base", SiFivePLICState, priority_base, 0), DEFINE_PROP_UINT32("pending-base", SiFivePLICState, pending_base, 0), From 1257418be87c7f62f9f97944316ed01431bec491 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:23 +0800 Subject: [PATCH 37/43] hw/riscv: microchip_pfsoc: Fix the number of interrupt sources of PLIC Per chapter 6.5.2 in [1], the number of interupt sources including interrupt source 0 should be 187. [1] PolarFire SoC MSS TRM: https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/ReferenceManuals/PolarFire_SoC_FPGA_MSS_Technical_Reference_Manual_VC.pdf Fixes: 56f6e31e7b7e ("hw/riscv: Initial support for Microchip PolarFire SoC Icicle Kit board") Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Reviewed-by: Conor Dooley Message-Id: <20221211030829.802437-10-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- include/hw/riscv/microchip_pfsoc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/riscv/microchip_pfsoc.h b/include/hw/riscv/microchip_pfsoc.h index 69a686b54a..577efad0c4 100644 --- a/include/hw/riscv/microchip_pfsoc.h +++ b/include/hw/riscv/microchip_pfsoc.h @@ -153,7 +153,7 @@ enum { #define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT 1 #define MICROCHIP_PFSOC_COMPUTE_CPU_COUNT 4 -#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES 185 +#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES 187 #define MICROCHIP_PFSOC_PLIC_NUM_PRIORITIES 7 #define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x04 #define MICROCHIP_PFSOC_PLIC_PENDING_BASE 0x1000 From 3a20cd12bf348482c9bdd86a98667080011e9443 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:24 +0800 Subject: [PATCH 38/43] hw/riscv: sifive_e: Fix the number of interrupt sources of PLIC Per chapter 10 in Freedom E310 manuals [1][2][3], E310 G002 and G003 supports 52 interrupt sources while G000 supports 51 interrupt sources. We use the value of G002 and G003, so it is 53 (including source 0). [1] G000 manual: https://sifive.cdn.prismic.io/sifive/4faf3e34-4a42-4c2f-be9e-c77baa4928c7_fe310-g000-manual-v3p2.pdf [2] G002 manual: https://sifive.cdn.prismic.io/sifive/034760b5-ac6a-4b1c-911c-f4148bb2c4a5_fe310-g002-v1p5.pdf [3] G003 manual: https://sifive.cdn.prismic.io/sifive/3af39c59-6498-471e-9dab-5355a0d539eb_fe310-g003-manual.pdf Fixes: eb637edb1241 ("SiFive Freedom E Series RISC-V Machine") Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-11-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- include/hw/riscv/sifive_e.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h index d738745925..9e58247fd8 100644 --- a/include/hw/riscv/sifive_e.h +++ b/include/hw/riscv/sifive_e.h @@ -82,7 +82,12 @@ enum { }; #define SIFIVE_E_PLIC_HART_CONFIG "M" -#define SIFIVE_E_PLIC_NUM_SOURCES 127 +/* + * Freedom E310 G002 and G003 supports 52 interrupt sources while + * Freedom E310 G000 supports 51 interrupt sources. We use the value + * of G002 and G003, so it is 53 (including interrupt source 0). + */ +#define SIFIVE_E_PLIC_NUM_SOURCES 53 #define SIFIVE_E_PLIC_NUM_PRIORITIES 7 #define SIFIVE_E_PLIC_PRIORITY_BASE 0x04 #define SIFIVE_E_PLIC_PENDING_BASE 0x1000 From 724d80c8a6a9febc5ebdc8c531c34239897f2572 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:25 +0800 Subject: [PATCH 39/43] hw/riscv: sifive_u: Avoid using magic number for "riscv, ndev" At present magic number is used to create "riscv,ndev" property in the dtb. Let's use the macro SIFIVE_U_PLIC_NUM_SOURCES that is used to instantiate the PLIC model instead. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-12-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/sifive_u.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index b139824aab..b40a4767e2 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -287,7 +287,8 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry *memmap, qemu_fdt_setprop_cells(fdt, nodename, "reg", 0x0, memmap[SIFIVE_U_DEV_PLIC].base, 0x0, memmap[SIFIVE_U_DEV_PLIC].size); - qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35); + qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", + SIFIVE_U_PLIC_NUM_SOURCES - 1); qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle); plic_phandle = qemu_fdt_get_phandle(fdt, nodename); g_free(cells); From 59f74489cf3264035668b4724d4a868ebc6d277c Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:26 +0800 Subject: [PATCH 40/43] hw/riscv: virt: Fix the value of "riscv, ndev" in the dtb Commit 28d8c281200f ("hw/riscv: virt: Add optional AIA IMSIC support to virt machine") changed the value of VIRT_IRQCHIP_NUM_SOURCES from 127 to 53, which is VIRTIO_NDEV and also used as the value of "riscv,ndev" property in the dtb. Unfortunately this is wrong as VIRT_IRQCHIP_NUM_SOURCES should include interrupt source 0 but "riscv,ndev" does not. While we are here, we also fix the comments of platform bus irq range which is now "64 to 96", but should be "64 to 95", introduced since commit 1832b7cb3f64 ("hw/riscv: virt: Create a platform bus"). Fixes: 28d8c281200f ("hw/riscv: virt: Add optional AIA IMSIC support to virt machine") Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-13-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/virt.c | 3 ++- include/hw/riscv/virt.h | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index 6cf9355b99..94ff2a1584 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -468,7 +468,8 @@ static void create_fdt_socket_plic(RISCVVirtState *s, plic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4); qemu_fdt_setprop_cells(mc->fdt, plic_name, "reg", 0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size); - qemu_fdt_setprop_cell(mc->fdt, plic_name, "riscv,ndev", VIRTIO_NDEV); + qemu_fdt_setprop_cell(mc->fdt, plic_name, "riscv,ndev", + VIRT_IRQCHIP_NUM_SOURCES - 1); riscv_socket_fdt_write_id(mc, mc->fdt, plic_name, socket); qemu_fdt_setprop_cell(mc->fdt, plic_name, "phandle", plic_phandles[socket]); diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h index 62513e075c..e1ce0048af 100644 --- a/include/hw/riscv/virt.h +++ b/include/hw/riscv/virt.h @@ -87,14 +87,13 @@ enum { VIRTIO_IRQ = 1, /* 1 to 8 */ VIRTIO_COUNT = 8, PCIE_IRQ = 0x20, /* 32 to 35 */ - VIRT_PLATFORM_BUS_IRQ = 64, /* 64 to 96 */ - VIRTIO_NDEV = 96 /* Arbitrary maximum number of interrupts */ + VIRT_PLATFORM_BUS_IRQ = 64, /* 64 to 95 */ }; #define VIRT_PLATFORM_BUS_NUM_IRQS 32 #define VIRT_IRQCHIP_NUM_MSIS 255 -#define VIRT_IRQCHIP_NUM_SOURCES VIRTIO_NDEV +#define VIRT_IRQCHIP_NUM_SOURCES 96 #define VIRT_IRQCHIP_NUM_PRIO_BITS 3 #define VIRT_IRQCHIP_MAX_GUESTS_BITS 3 #define VIRT_IRQCHIP_MAX_GUESTS ((1U << VIRT_IRQCHIP_MAX_GUESTS_BITS) - 1U) From 5decd2c5218379ad8362b932461d139eab7205fa Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:27 +0800 Subject: [PATCH 41/43] hw/intc: sifive_plic: Change "priority-base" to start from interrupt source 0 At present the SiFive PLIC model "priority-base" expects interrupt priority register base starting from source 1 instead source 0, that's why on most platforms "priority-base" is set to 0x04 except 'opentitan' machine. 'opentitan' should have set "priority-base" to 0x04 too. Note the irq number calculation in sifive_plic_{read,write} is correct as the codes make up for the irq number by adding 1. Let's simply update "priority-base" to start from interrupt source 0 and add a comment to make it crystal clear. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Wilfred Mallawa Message-Id: <20221211030829.802437-14-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 5 +++-- include/hw/riscv/microchip_pfsoc.h | 2 +- include/hw/riscv/shakti_c.h | 2 +- include/hw/riscv/sifive_e.h | 2 +- include/hw/riscv/sifive_u.h | 2 +- include/hw/riscv/virt.h | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index 1edeb1e1ed..1a792cc3f5 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -140,7 +140,7 @@ static uint64_t sifive_plic_read(void *opaque, hwaddr addr, unsigned size) SiFivePLICState *plic = opaque; if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) { - uint32_t irq = ((addr - plic->priority_base) >> 2) + 1; + uint32_t irq = (addr - plic->priority_base) >> 2; return plic->source_priority[irq]; } else if (addr_between(addr, plic->pending_base, plic->num_sources >> 3)) { @@ -187,7 +187,7 @@ static void sifive_plic_write(void *opaque, hwaddr addr, uint64_t value, SiFivePLICState *plic = opaque; if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) { - uint32_t irq = ((addr - plic->priority_base) >> 2) + 1; + uint32_t irq = (addr - plic->priority_base) >> 2; if (((plic->num_priorities + 1) & plic->num_priorities) == 0) { /* @@ -428,6 +428,7 @@ static Property sifive_plic_properties[] = { /* number of interrupt sources including interrupt source 0 */ DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 1), DEFINE_PROP_UINT32("num-priorities", SiFivePLICState, num_priorities, 0), + /* interrupt priority register base starting from source 0 */ DEFINE_PROP_UINT32("priority-base", SiFivePLICState, priority_base, 0), DEFINE_PROP_UINT32("pending-base", SiFivePLICState, pending_base, 0), DEFINE_PROP_UINT32("enable-base", SiFivePLICState, enable_base, 0), diff --git a/include/hw/riscv/microchip_pfsoc.h b/include/hw/riscv/microchip_pfsoc.h index 577efad0c4..e65ffeb02d 100644 --- a/include/hw/riscv/microchip_pfsoc.h +++ b/include/hw/riscv/microchip_pfsoc.h @@ -155,7 +155,7 @@ enum { #define MICROCHIP_PFSOC_PLIC_NUM_SOURCES 187 #define MICROCHIP_PFSOC_PLIC_NUM_PRIORITIES 7 -#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x04 +#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x00 #define MICROCHIP_PFSOC_PLIC_PENDING_BASE 0x1000 #define MICROCHIP_PFSOC_PLIC_ENABLE_BASE 0x2000 #define MICROCHIP_PFSOC_PLIC_ENABLE_STRIDE 0x80 diff --git a/include/hw/riscv/shakti_c.h b/include/hw/riscv/shakti_c.h index daf0aae13f..539fe1156d 100644 --- a/include/hw/riscv/shakti_c.h +++ b/include/hw/riscv/shakti_c.h @@ -65,7 +65,7 @@ enum { #define SHAKTI_C_PLIC_NUM_SOURCES 28 /* Excluding Priority 0 */ #define SHAKTI_C_PLIC_NUM_PRIORITIES 2 -#define SHAKTI_C_PLIC_PRIORITY_BASE 0x04 +#define SHAKTI_C_PLIC_PRIORITY_BASE 0x00 #define SHAKTI_C_PLIC_PENDING_BASE 0x1000 #define SHAKTI_C_PLIC_ENABLE_BASE 0x2000 #define SHAKTI_C_PLIC_ENABLE_STRIDE 0x80 diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h index 9e58247fd8..b824a79e2d 100644 --- a/include/hw/riscv/sifive_e.h +++ b/include/hw/riscv/sifive_e.h @@ -89,7 +89,7 @@ enum { */ #define SIFIVE_E_PLIC_NUM_SOURCES 53 #define SIFIVE_E_PLIC_NUM_PRIORITIES 7 -#define SIFIVE_E_PLIC_PRIORITY_BASE 0x04 +#define SIFIVE_E_PLIC_PRIORITY_BASE 0x00 #define SIFIVE_E_PLIC_PENDING_BASE 0x1000 #define SIFIVE_E_PLIC_ENABLE_BASE 0x2000 #define SIFIVE_E_PLIC_ENABLE_STRIDE 0x80 diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h index 8f63a183c4..e680d61ece 100644 --- a/include/hw/riscv/sifive_u.h +++ b/include/hw/riscv/sifive_u.h @@ -158,7 +158,7 @@ enum { #define SIFIVE_U_PLIC_NUM_SOURCES 54 #define SIFIVE_U_PLIC_NUM_PRIORITIES 7 -#define SIFIVE_U_PLIC_PRIORITY_BASE 0x04 +#define SIFIVE_U_PLIC_PRIORITY_BASE 0x00 #define SIFIVE_U_PLIC_PENDING_BASE 0x1000 #define SIFIVE_U_PLIC_ENABLE_BASE 0x2000 #define SIFIVE_U_PLIC_ENABLE_STRIDE 0x80 diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h index e1ce0048af..3407c9e8dd 100644 --- a/include/hw/riscv/virt.h +++ b/include/hw/riscv/virt.h @@ -98,7 +98,7 @@ enum { #define VIRT_IRQCHIP_MAX_GUESTS_BITS 3 #define VIRT_IRQCHIP_MAX_GUESTS ((1U << VIRT_IRQCHIP_MAX_GUESTS_BITS) - 1U) -#define VIRT_PLIC_PRIORITY_BASE 0x04 +#define VIRT_PLIC_PRIORITY_BASE 0x00 #define VIRT_PLIC_PENDING_BASE 0x1000 #define VIRT_PLIC_ENABLE_BASE 0x2000 #define VIRT_PLIC_ENABLE_STRIDE 0x80 From a984e2b32f6da127f3b9ee1a72bde9b68effaa80 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:28 +0800 Subject: [PATCH 42/43] hw/riscv: opentitan: Drop "hartid-base" and "priority-base" initialization "hartid-base" and "priority-base" are zero by default. There is no need to initialize them to zero again. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-15-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index 78f895d773..85ffdac5be 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -173,10 +173,8 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) /* PLIC */ qdev_prop_set_string(DEVICE(&s->plic), "hart-config", "M"); - qdev_prop_set_uint32(DEVICE(&s->plic), "hartid-base", 0); qdev_prop_set_uint32(DEVICE(&s->plic), "num-sources", 180); qdev_prop_set_uint32(DEVICE(&s->plic), "num-priorities", 3); - qdev_prop_set_uint32(DEVICE(&s->plic), "priority-base", 0x00); qdev_prop_set_uint32(DEVICE(&s->plic), "pending-base", 0x1000); qdev_prop_set_uint32(DEVICE(&s->plic), "enable-base", 0x2000); qdev_prop_set_uint32(DEVICE(&s->plic), "enable-stride", 32); From bc92f261519d5c77c70cf2ebcf0a3b9a414d82d0 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 11 Dec 2022 11:08:29 +0800 Subject: [PATCH 43/43] hw/intc: sifive_plic: Fix the pending register range check The pending register upper limit is currently set to plic->num_sources >> 3, which is wrong, e.g.: considering plic->num_sources is 7, the upper limit becomes 0 which fails the range check if reading the pending register at pending_base. Fixes: 1e24429e40df ("SiFive RISC-V PLIC Block") Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-16-bmeng@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index 1a792cc3f5..5522ede2cf 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -143,7 +143,8 @@ static uint64_t sifive_plic_read(void *opaque, hwaddr addr, unsigned size) uint32_t irq = (addr - plic->priority_base) >> 2; return plic->source_priority[irq]; - } else if (addr_between(addr, plic->pending_base, plic->num_sources >> 3)) { + } else if (addr_between(addr, plic->pending_base, + (plic->num_sources + 31) >> 3)) { uint32_t word = (addr - plic->pending_base) >> 2; return plic->pending[word]; @@ -202,7 +203,7 @@ static void sifive_plic_write(void *opaque, hwaddr addr, uint64_t value, sifive_plic_update(plic); } } else if (addr_between(addr, plic->pending_base, - plic->num_sources >> 3)) { + (plic->num_sources + 31) >> 3)) { qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid pending write: 0x%" HWADDR_PRIx "", __func__, addr);