From 9231951aa5ac0ae813818b8ff33d4ccaaabb16e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Thu, 2 Apr 2020 15:39:13 +0100 Subject: [PATCH 01/11] target/arm: don't expose "ieee_half" via gdbstub MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While support for parsing ieee_half in the XML description was added to gdb in 2019 (a6d0f249) there is no easy way for the gdbstub to know if the gdb end will understand it. Disable it for now and allow older gdbs to successfully connect to the default -cpu max SVE enabled QEMUs. Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson Message-id: 20200402143913.24005-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell --- target/arm/gdbstub.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c index d9ef7d2187..8efc535f2a 100644 --- a/target/arm/gdbstub.c +++ b/target/arm/gdbstub.c @@ -192,7 +192,12 @@ static const struct TypeSize vec_lanes[] = { /* 16 bit */ { "uint16", 16, 'h', 'u' }, { "int16", 16, 'h', 's' }, - { "ieee_half", 16, 'h', 'f' }, + /* + * TODO: currently there is no reliable way of telling + * if the remote gdb actually understands ieee_half so + * we don't expose it in the target description for now. + * { "ieee_half", 16, 'h', 'f' }, + */ /* bytes */ { "uint8", 8, 'b', 'u' }, { "int8", 8, 'b', 's' }, From 8a2b76ffc9ff610c3439617e19f1eb9be02be50f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Mar 2020 20:49:19 +0000 Subject: [PATCH 02/11] hw/arm/collie: Put StrongARMState* into a CollieMachineState struct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity complains that the collie_init() function leaks the memory allocated in sa1110_init(). This is true but not significant since the function is called only once on machine init and the memory must remain in existence until QEMU exits anyway. Still, we can avoid the technical memory leak by keeping the pointer to the StrongARMState inside the machine state struct. Switch from the simple DEFINE_MACHINE() style to defining a subclass of TYPE_MACHINE which extends the MachineState struct, and keep the pointer there. Fixes: CID 1421921 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200326204919.22006-1-peter.maydell@linaro.org --- hw/arm/collie.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/hw/arm/collie.c b/hw/arm/collie.c index 4992084a3f..4b35ef4bed 100644 --- a/hw/arm/collie.c +++ b/hw/arm/collie.c @@ -19,6 +19,16 @@ #include "exec/address-spaces.h" #include "cpu.h" +typedef struct { + MachineState parent; + + StrongARMState *sa1110; +} CollieMachineState; + +#define TYPE_COLLIE_MACHINE MACHINE_TYPE_NAME("collie") +#define COLLIE_MACHINE(obj) \ + OBJECT_CHECK(CollieMachineState, obj, TYPE_COLLIE_MACHINE) + static struct arm_boot_info collie_binfo = { .loader_start = SA_SDCS0, .ram_size = 0x20000000, @@ -26,9 +36,9 @@ static struct arm_boot_info collie_binfo = { static void collie_init(MachineState *machine) { - StrongARMState *s; DriveInfo *dinfo; MachineClass *mc = MACHINE_GET_CLASS(machine); + CollieMachineState *cms = COLLIE_MACHINE(machine); if (machine->ram_size != mc->default_ram_size) { char *sz = size_to_str(mc->default_ram_size); @@ -37,7 +47,7 @@ static void collie_init(MachineState *machine) exit(EXIT_FAILURE); } - s = sa1110_init(machine->cpu_type); + cms->sa1110 = sa1110_init(machine->cpu_type); memory_region_add_subregion(get_system_memory(), SA_SDCS0, machine->ram); @@ -54,11 +64,13 @@ static void collie_init(MachineState *machine) sysbus_create_simple("scoop", 0x40800000, NULL); collie_binfo.board_id = 0x208; - arm_load_kernel(s->cpu, machine, &collie_binfo); + arm_load_kernel(cms->sa1110->cpu, machine, &collie_binfo); } -static void collie_machine_init(MachineClass *mc) +static void collie_machine_class_init(ObjectClass *oc, void *data) { + MachineClass *mc = MACHINE_CLASS(oc); + mc->desc = "Sharp SL-5500 (Collie) PDA (SA-1110)"; mc->init = collie_init; mc->ignore_memory_transaction_failures = true; @@ -67,4 +79,15 @@ static void collie_machine_init(MachineClass *mc) mc->default_ram_id = "strongarm.sdram"; } -DEFINE_MACHINE("collie", collie_machine_init) +static const TypeInfo collie_machine_typeinfo = { + .name = TYPE_COLLIE_MACHINE, + .parent = TYPE_MACHINE, + .class_init = collie_machine_class_init, + .instance_size = sizeof(CollieMachineState), +}; + +static void collie_machine_register_types(void) +{ + type_register_static(&collie_machine_typeinfo); +} +type_init(collie_machine_register_types); From f4e1dbc578a051db08a40c05276ebf525b98f949 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 30 Mar 2020 18:06:51 +0100 Subject: [PATCH 03/11] target/arm: PSTATE.PAN should not clear exec bits Our implementation of the PSTATE.PAN bit incorrectly cleared all access permission bits for privileged access to memory which is user-accessible. It should only affect the privileged read and write permissions; execute permission is dealt with via XN/PXN instead. Fixes: 81636b70c226dc27d7ebc8d Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20200330170651.20901-1-peter.maydell@linaro.org --- target/arm/helper.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 163c91a1cc..ed7eb8ab54 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -10025,9 +10025,11 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64, prot_rw = user_rw; } else { if (user_rw && regime_is_pan(env, mmu_idx)) { - return 0; + /* PAN forbids data accesses but doesn't affect insn fetch */ + prot_rw = 0; + } else { + prot_rw = simple_ap_to_rw_prot_is_user(ap, false); } - prot_rw = simple_ap_to_rw_prot_is_user(ap, false); } if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) { From 07d1be3b3aac20c21ac4a95c7f3f01a3622a31a3 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 31 Mar 2020 15:34:07 +0100 Subject: [PATCH 04/11] target/arm: Remove obsolete TODO note from get_phys_addr_lpae() An old comment in get_phys_addr_lpae() claims that the code does not support the different format TCR for VTCR_EL2. This used to be true but it is not true now (in particular the aa64_va_parameters() and aa32_va_parameters() functions correctly handle the different register format by checking whether the mmu_idx is Stage2). Remove the out of date parts of the comment. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20200331143407.3186-1-peter.maydell@linaro.org --- target/arm/helper.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index ed7eb8ab54..7e9ea5d20f 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -10753,12 +10753,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, bool aarch64 = arm_el_is_aa64(env, el); bool guarded = false; - /* TODO: - * This code does not handle the different format TCR for VTCR_EL2. - * This code also does not support shareability levels. - * Attribute and permission bit handling should also be checked when adding - * support for those page table walks. - */ + /* TODO: This code does not support shareability levels. */ if (aarch64) { param = aa64_va_parameters(env, address, mmu_idx, access_type != MMU_INST_FETCH); From c88311f272f5599abd7ee12a7a724a4f2bd5820c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 3 Apr 2020 13:47:12 +0100 Subject: [PATCH 05/11] hw/gpio/aspeed_gpio.c: Don't directly include assert.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove a direct include of assert.h -- this is already provided by qemu/osdep.h, and it breaks our rule that the first include must always be osdep.h. In particular we must get the assert() macro via osdep.h to avoid compile failures on mingw (see the comment in osdep.h where we redefine assert() for that platform). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Cédric Le Goater Message-id: 20200403124712.24826-1-peter.maydell@linaro.org --- hw/gpio/aspeed_gpio.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c index 41e11ea9b0..e52fcfd9a0 100644 --- a/hw/gpio/aspeed_gpio.c +++ b/hw/gpio/aspeed_gpio.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: GPL-2.0-or-later */ -#include - #include "qemu/osdep.h" #include "qemu/host-utils.h" #include "qemu/log.h" From 174d2d6856bf435f4f58e9303ba30dd0e1279d3f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 24 Mar 2020 17:36:30 +0000 Subject: [PATCH 06/11] dump: Fix writing of ELF section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In write_elf_section() we set the 'shdr' pointer to point to local structures shdr32 or shdr64, which we fill in to be written out to the ELF dump. Unfortunately the address we pass to fd_write_vmcore() has a spurious '&' operator, so instead of writing out the section header we write out the literal pointer value followed by whatever is on the stack after the 'shdr' local variable. Pass the correct address into fd_write_vmcore(). Spotted by Coverity: CID 1421970. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Marc-André Lureau Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200324173630.12221-1-peter.maydell@linaro.org --- dump/dump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dump/dump.c b/dump/dump.c index 6fb6e1245a..22ed1d3b0d 100644 --- a/dump/dump.c +++ b/dump/dump.c @@ -364,7 +364,7 @@ static void write_elf_section(DumpState *s, int type, Error **errp) shdr = &shdr64; } - ret = fd_write_vmcore(&shdr, shdr_size, s); + ret = fd_write_vmcore(shdr, shdr_size, s); if (ret < 0) { error_setg_errno(errp, -ret, "dump: failed to write section header table"); From 12ba36d9109a5523fc1947f4e52ab6df940a2dcb Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 2 Apr 2020 15:47:17 +0200 Subject: [PATCH 07/11] dma/xlnx-zdma: Remove comment Remove comment. Signed-off-by: Edgar E. Iglesias Reviewed-by: Alistair Francis Reviewed-by: Francisco Iglesias Message-id: 20200402134721.27863-2-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell --- hw/dma/xlnx-zdma.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c index 2d9c0a0d5e..a6c5b2304a 100644 --- a/hw/dma/xlnx-zdma.c +++ b/hw/dma/xlnx-zdma.c @@ -511,7 +511,6 @@ static void zdma_process_descr(XlnxZDMA *s) zdma_src_done(s); } - /* Load next descriptor. */ if (ptype == PT_REG || src_cmd == CMD_STOP) { ARRAY_FIELD_DP32(s->regs, ZDMA_CH_CTRL2, EN, 0); zdma_set_state(s, DISABLED); From 28009852aa6b2d1574ba1bfd2461f274cb43fb49 Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 2 Apr 2020 15:47:18 +0200 Subject: [PATCH 08/11] dma/xlnx-zdma: Populate DBG0.CMN_BUF_FREE Populate DBG0.CMN_BUF_FREE so that SW can see some free space. Signed-off-by: Edgar E. Iglesias Reviewed-by: Alistair Francis Reviewed-by: Francisco Iglesias Message-id: 20200402134721.27863-3-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell --- hw/dma/xlnx-zdma.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c index a6c5b2304a..6a4699757a 100644 --- a/hw/dma/xlnx-zdma.c +++ b/hw/dma/xlnx-zdma.c @@ -680,6 +680,12 @@ static RegisterAccessInfo zdma_regs_info[] = { },{ .name = "ZDMA_CH_DBG0", .addr = A_ZDMA_CH_DBG0, .rsvd = 0xfffffe00, .ro = 0x1ff, + + /* + * There's SW out there that will check the debug regs for free space. + * Claim that we always have 0x100 free. + */ + .reset = 0x100 },{ .name = "ZDMA_CH_DBG1", .addr = A_ZDMA_CH_DBG1, .rsvd = 0xfffffe00, .ro = 0x1ff, From 4fc4678c6051431b75d3be9304b9c23536f3bb9c Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 2 Apr 2020 15:47:19 +0200 Subject: [PATCH 09/11] dma/xlnx-zdma: Clear DMA_DONE when halting Clear DMA_DONE when halting the DMA channel. Signed-off-by: Edgar E. Iglesias Reviewed-by: Francisco Iglesias Acked-by: Alistair Francis Message-id: 20200402134721.27863-4-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell --- hw/dma/xlnx-zdma.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c index 6a4699757a..dd893bc420 100644 --- a/hw/dma/xlnx-zdma.c +++ b/hw/dma/xlnx-zdma.c @@ -520,6 +520,7 @@ static void zdma_process_descr(XlnxZDMA *s) if (src_cmd == CMD_HALT) { zdma_set_state(s, PAUSED); ARRAY_FIELD_DP32(s->regs, ZDMA_CH_ISR, DMA_PAUSE, 1); + ARRAY_FIELD_DP32(s->regs, ZDMA_CH_ISR, DMA_DONE, false); zdma_ch_imr_update_irq(s); return; } From 4ec037f1dddfd5771f73af2a1c94f7df55d3fc04 Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 2 Apr 2020 15:47:20 +0200 Subject: [PATCH 10/11] dma/xlnx-zdma: Advance the descriptor address when stopping Advance the descriptor address when stopping the channel. Signed-off-by: Edgar E. Iglesias Reviewed-by: Francisco Iglesias Acked-by: Alistair Francis Message-id: 20200402134721.27863-5-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell --- hw/dma/xlnx-zdma.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c index dd893bc420..e856d233f2 100644 --- a/hw/dma/xlnx-zdma.c +++ b/hw/dma/xlnx-zdma.c @@ -514,7 +514,6 @@ static void zdma_process_descr(XlnxZDMA *s) if (ptype == PT_REG || src_cmd == CMD_STOP) { ARRAY_FIELD_DP32(s->regs, ZDMA_CH_CTRL2, EN, 0); zdma_set_state(s, DISABLED); - return; } if (src_cmd == CMD_HALT) { From 8893790966d9c964557ad01be4a68ef50696ace8 Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 2 Apr 2020 15:47:21 +0200 Subject: [PATCH 11/11] dma/xlnx-zdma: Reorg to fix CUR_DSCR Reorganize the descriptor handling so that CUR_DSCR always points to the next descriptor to be processed. Signed-off-by: Edgar E. Iglesias Reviewed-by: Alistair Francis Reviewed-by: Francisco Iglesias Message-id: 20200402134721.27863-6-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell --- hw/dma/xlnx-zdma.c | 47 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c index e856d233f2..1c45367f3c 100644 --- a/hw/dma/xlnx-zdma.c +++ b/hw/dma/xlnx-zdma.c @@ -333,10 +333,28 @@ static void zdma_load_src_descriptor(XlnxZDMA *s) } } +static void zdma_update_descr_addr(XlnxZDMA *s, bool type, + unsigned int basereg) +{ + uint64_t addr, next; + + if (type == DTYPE_LINEAR) { + addr = zdma_get_regaddr64(s, basereg); + next = addr + sizeof(s->dsc_dst); + } else { + addr = zdma_get_regaddr64(s, basereg); + addr += sizeof(s->dsc_dst); + address_space_read(s->dma_as, addr, s->attr, (void *) &next, 8); + } + + zdma_put_regaddr64(s, basereg, next); +} + static void zdma_load_dst_descriptor(XlnxZDMA *s) { uint64_t dst_addr; unsigned int ptype = ARRAY_FIELD_EX32(s->regs, ZDMA_CH_CTRL0, POINT_TYPE); + bool dst_type; if (ptype == PT_REG) { memcpy(&s->dsc_dst, &s->regs[R_ZDMA_CH_DST_DSCR_WORD0], @@ -349,24 +367,10 @@ static void zdma_load_dst_descriptor(XlnxZDMA *s) if (!zdma_load_descriptor(s, dst_addr, &s->dsc_dst)) { ARRAY_FIELD_DP32(s->regs, ZDMA_CH_ISR, AXI_RD_DST_DSCR, true); } -} -static uint64_t zdma_update_descr_addr(XlnxZDMA *s, bool type, - unsigned int basereg) -{ - uint64_t addr, next; - - if (type == DTYPE_LINEAR) { - next = zdma_get_regaddr64(s, basereg); - next += sizeof(s->dsc_dst); - zdma_put_regaddr64(s, basereg, next); - } else { - addr = zdma_get_regaddr64(s, basereg); - addr += sizeof(s->dsc_dst); - address_space_read(s->dma_as, addr, s->attr, &next, 8); - zdma_put_regaddr64(s, basereg, next); - } - return next; + /* Advance the descriptor pointer. */ + dst_type = FIELD_EX32(s->dsc_dst.words[3], ZDMA_CH_DST_DSCR_WORD3, TYPE); + zdma_update_descr_addr(s, dst_type, R_ZDMA_CH_DST_CUR_DSCR_LSB); } static void zdma_write_dst(XlnxZDMA *s, uint8_t *buf, uint32_t len) @@ -387,14 +391,7 @@ static void zdma_write_dst(XlnxZDMA *s, uint8_t *buf, uint32_t len) dst_size = FIELD_EX32(s->dsc_dst.words[2], ZDMA_CH_DST_DSCR_WORD2, SIZE); if (dst_size == 0 && ptype == PT_MEM) { - uint64_t next; - bool dst_type = FIELD_EX32(s->dsc_dst.words[3], - ZDMA_CH_DST_DSCR_WORD3, - TYPE); - - next = zdma_update_descr_addr(s, dst_type, - R_ZDMA_CH_DST_CUR_DSCR_LSB); - zdma_load_descriptor(s, next, &s->dsc_dst); + zdma_load_dst_descriptor(s); dst_size = FIELD_EX32(s->dsc_dst.words[2], ZDMA_CH_DST_DSCR_WORD2, SIZE); }