From cc3b66ac949e28e030eeb9b5e2950f24d894be95 Mon Sep 17 00:00:00 2001 From: Jimmy Brisson Date: Thu, 10 Feb 2022 15:02:27 -0600 Subject: [PATCH 01/26] mps3-an547: Add missing user ahb interfaces With these interfaces missing, TFM would delegate peripherals 0, 1, 2, 3 and 8, and qemu would ignore the delegation of interface 8, as it thought interface 4 was eth & USB. This patch corrects this behavior and allows TFM to delegate the eth & USB peripheral to NS mode. (The old QEMU behaviour was based on revision B of the AN547 appnote; revision C corrects this error in the documentation, and this commit brings QEMU in to line with how the FPGA image really behaves.) Signed-off-by: Jimmy Brisson Message-id: 20220210210227.3203883-1-jimmy.brisson@linaro.org Reviewed-by: Peter Maydell [PMM: added commit message note clarifying that the old behaviour was a docs issue, not because there were two different versions of the FPGA image] Signed-off-by: Peter Maydell --- hw/arm/mps2-tz.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index f40e854dec..e287ad4d06 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -1078,6 +1078,10 @@ static void mps2tz_common_init(MachineState *machine) { "gpio1", make_unimp_dev, &mms->gpio[1], 0x41101000, 0x1000 }, { "gpio2", make_unimp_dev, &mms->gpio[2], 0x41102000, 0x1000 }, { "gpio3", make_unimp_dev, &mms->gpio[3], 0x41103000, 0x1000 }, + { /* port 4 USER AHB interface 0 */ }, + { /* port 5 USER AHB interface 1 */ }, + { /* port 6 USER AHB interface 2 */ }, + { /* port 7 USER AHB interface 3 */ }, { "eth-usb", make_eth_usb, NULL, 0x41400000, 0x200000, { 49 } }, }, }, From e212fb05cd2694fdb7a20abe8f0968715d67f9e5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 21 Feb 2022 09:41:44 +0000 Subject: [PATCH 02/26] hw/arm/mps2-tz.c: Update AN547 documentation URL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The AN547 application note URL has changed: update our comment accordingly. (Rev B is still downloadable from the old URL, but there is a new Rev C of the document now.) Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Message-id: 20220221094144.426191-1-peter.maydell@linaro.org --- hw/arm/mps2-tz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index e287ad4d06..4017392bf5 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -32,7 +32,7 @@ * Application Note AN524: * https://developer.arm.com/documentation/dai0524/latest/ * Application Note AN547: - * https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/DAI0547B_SSE300_PLUS_U55_FPGA_for_mps3.pdf + * https://developer.arm.com/documentation/dai0547/latest/ * * The AN505 defers to the Cortex-M33 processor ARMv8M IoT Kit FVP User Guide * (ARM ECM0601256) for the details of some of the device layout: From bad187dfcb0834dd67d1bfa40a305a08f0d5641a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 21 Feb 2022 14:07:50 +0000 Subject: [PATCH 03/26] hw/input/tsc210x: Don't abort on bad SPI word widths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The tsc210x doesn't support anything other than 16-bit reads on the SPI bus, but the guest can program the SPI controller to attempt them anyway. If this happens, don't abort QEMU, just log this as a guest error. This fixes our machine_arm_n8x0.py:N8x0Machine.test_n800 acceptance test, which hits this assertion. The reason we hit the assertion is because the guest kernel thinks there is a TSC2005 on this SPI bus address, not a TSC210x. (The n810 *does* have a TSC2005 at this address.) The TSC2005 supports the 24-bit accesses which the guest driver makes, and the TSC210x does not (that is, our TSC210x emulation is not missing support for a word width the hardware can handle). It's not clear whether the problem here is that the guest kernel incorrectly thinks the n800 has the same device at this SPI bus address as the n810, or that QEMU's n810 board model doesn't get the SPI devices right. At this late date there no longer appears to be any reliable information on the web about the hardware behaviour, but I am inclined to think this is a guest kernel bug. In any case, we prefer not to abort QEMU for guest-triggerable conditions, so logging the error is the right thing to do. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/736 Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée Message-id: 20220221140750.514557-1-peter.maydell@linaro.org --- hw/input/tsc210x.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c index b0d5c2dd74..df7313db5d 100644 --- a/hw/input/tsc210x.c +++ b/hw/input/tsc210x.c @@ -24,6 +24,7 @@ #include "hw/hw.h" #include "audio/audio.h" #include "qemu/timer.h" +#include "qemu/log.h" #include "sysemu/reset.h" #include "ui/console.h" #include "hw/arm/omap.h" /* For I2SCodec */ @@ -910,8 +911,11 @@ uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len) TSC210xState *s = opaque; uint32_t ret = 0; - if (len != 16) - hw_error("%s: FIXME: bad SPI word width %i\n", __func__, len); + if (len != 16) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: bad SPI word width %i\n", __func__, len); + return 0; + } /* TODO: sequential reads etc - how do we make sure the host doesn't * unintentionally read out a conversion result from a register while From d8bdf9797248eb48ac3c8bc970f60e19984546bd Mon Sep 17 00:00:00 2001 From: Patrick Venture Date: Wed, 2 Feb 2022 08:45:33 -0800 Subject: [PATCH 04/26] hw/i2c: flatten pca954x mux device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously this device created N subdevices which each owned an i2c bus. Now this device simply owns the N i2c busses directly. Tested: Verified devices behind mux are still accessible via qmp and i2c from within an arm32 SoC. Reviewed-by: Hao Wu Signed-off-by: Patrick Venture Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Message-id: 20220202164533.1283668-1-venture@google.com Signed-off-by: Peter Maydell --- hw/i2c/i2c_mux_pca954x.c | 77 +++++++--------------------------------- 1 file changed, 13 insertions(+), 64 deletions(-) diff --git a/hw/i2c/i2c_mux_pca954x.c b/hw/i2c/i2c_mux_pca954x.c index 847c59921c..a9517b612a 100644 --- a/hw/i2c/i2c_mux_pca954x.c +++ b/hw/i2c/i2c_mux_pca954x.c @@ -30,24 +30,6 @@ #define PCA9548_CHANNEL_COUNT 8 #define PCA9546_CHANNEL_COUNT 4 -/* - * struct Pca954xChannel - The i2c mux device will have N of these states - * that own the i2c channel bus. - * @bus: The owned channel bus. - * @enabled: Is this channel active? - */ -typedef struct Pca954xChannel { - SysBusDevice parent; - - I2CBus *bus; - - bool enabled; -} Pca954xChannel; - -#define TYPE_PCA954X_CHANNEL "pca954x-channel" -#define PCA954X_CHANNEL(obj) \ - OBJECT_CHECK(Pca954xChannel, (obj), TYPE_PCA954X_CHANNEL) - /* * struct Pca954xState - The pca954x state object. * @control: The value written to the mux control. @@ -59,8 +41,8 @@ typedef struct Pca954xState { uint8_t control; - /* The channel i2c buses. */ - Pca954xChannel channel[PCA9548_CHANNEL_COUNT]; + bool enabled[PCA9548_CHANNEL_COUNT]; + I2CBus *bus[PCA9548_CHANNEL_COUNT]; } Pca954xState; /* @@ -98,11 +80,11 @@ static bool pca954x_match(I2CSlave *candidate, uint8_t address, } for (i = 0; i < mc->nchans; i++) { - if (!mux->channel[i].enabled) { + if (!mux->enabled[i]) { continue; } - if (i2c_scan_bus(mux->channel[i].bus, address, broadcast, + if (i2c_scan_bus(mux->bus[i], address, broadcast, current_devs)) { if (!broadcast) { return true; @@ -125,9 +107,9 @@ static void pca954x_enable_channel(Pca954xState *s, uint8_t enable_mask) */ for (i = 0; i < mc->nchans; i++) { if (enable_mask & (1 << i)) { - s->channel[i].enabled = true; + s->enabled[i] = true; } else { - s->channel[i].enabled = false; + s->enabled[i] = false; } } } @@ -184,23 +166,7 @@ I2CBus *pca954x_i2c_get_bus(I2CSlave *mux, uint8_t channel) Pca954xState *pca954x = PCA954X(mux); g_assert(channel < pc->nchans); - return I2C_BUS(qdev_get_child_bus(DEVICE(&pca954x->channel[channel]), - "i2c-bus")); -} - -static void pca954x_channel_init(Object *obj) -{ - Pca954xChannel *s = PCA954X_CHANNEL(obj); - s->bus = i2c_init_bus(DEVICE(s), "i2c-bus"); - - /* Start all channels as disabled. */ - s->enabled = false; -} - -static void pca954x_channel_class_init(ObjectClass *klass, void *data) -{ - DeviceClass *dc = DEVICE_CLASS(klass); - dc->desc = "Pca954x Channel"; + return pca954x->bus[channel]; } static void pca9546_class_init(ObjectClass *klass, void *data) @@ -215,28 +181,19 @@ static void pca9548_class_init(ObjectClass *klass, void *data) s->nchans = PCA9548_CHANNEL_COUNT; } -static void pca954x_realize(DeviceState *dev, Error **errp) -{ - Pca954xState *s = PCA954X(dev); - Pca954xClass *c = PCA954X_GET_CLASS(s); - int i; - - /* SMBus modules. Cannot fail. */ - for (i = 0; i < c->nchans; i++) { - sysbus_realize(SYS_BUS_DEVICE(&s->channel[i]), &error_abort); - } -} - static void pca954x_init(Object *obj) { Pca954xState *s = PCA954X(obj); Pca954xClass *c = PCA954X_GET_CLASS(obj); int i; - /* Only initialize the children we expect. */ + /* SMBus modules. Cannot fail. */ for (i = 0; i < c->nchans; i++) { - object_initialize_child(obj, "channel[*]", &s->channel[i], - TYPE_PCA954X_CHANNEL); + g_autofree gchar *bus_name = g_strdup_printf("i2c.%d", i); + + /* start all channels as disabled. */ + s->enabled[i] = false; + s->bus[i] = i2c_init_bus(DEVICE(s), bus_name); } } @@ -252,7 +209,6 @@ static void pca954x_class_init(ObjectClass *klass, void *data) rc->phases.enter = pca954x_enter_reset; dc->desc = "Pca954x i2c-mux"; - dc->realize = pca954x_realize; k->write_data = pca954x_write_data; k->receive_byte = pca954x_read_byte; @@ -278,13 +234,6 @@ static const TypeInfo pca954x_info[] = { .parent = TYPE_PCA954X, .class_init = pca9548_class_init, }, - { - .name = TYPE_PCA954X_CHANNEL, - .parent = TYPE_SYS_BUS_DEVICE, - .class_init = pca954x_channel_class_init, - .instance_size = sizeof(Pca954xChannel), - .instance_init = pca954x_channel_init, - } }; DEFINE_TYPES(pca954x_info) From 0dc71c701cd68c0c0508360944367faebc394196 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 13 Feb 2022 12:57:53 +0900 Subject: [PATCH 05/26] target/arm: Support PSCI 1.1 and SMCCC 1.0 Support the latest PSCI on TCG and HVF. A 64-bit function called from AArch32 now returns NOT_SUPPORTED, which is necessary to adhere to SMC Calling Convention 1.0. It is still not compliant with SMCCC 1.3 since they do not implement mandatory functions. Signed-off-by: Akihiko Odaki Message-id: 20220213035753.34577-1-akihiko.odaki@gmail.com Reviewed-by: Peter Maydell [PMM: update MISMATCH_CHECK checks on PSCI_VERSION macros to match] Signed-off-by: Peter Maydell --- hw/arm/boot.c | 12 +++++++++--- target/arm/cpu.c | 5 +++-- target/arm/hvf/hvf.c | 27 ++++++++++++++++++++++++++- target/arm/kvm-consts.h | 13 +++++++++---- target/arm/kvm64.c | 2 +- target/arm/psci.c | 35 ++++++++++++++++++++++++++++++++--- 6 files changed, 80 insertions(+), 14 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index b1e95978f2..0eeef94ceb 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -488,9 +488,15 @@ static void fdt_add_psci_node(void *fdt) } qemu_fdt_add_subnode(fdt, "/psci"); - if (armcpu->psci_version == 2) { - const char comp[] = "arm,psci-0.2\0arm,psci"; - qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); + if (armcpu->psci_version == QEMU_PSCI_VERSION_0_2 || + armcpu->psci_version == QEMU_PSCI_VERSION_1_1) { + if (armcpu->psci_version == QEMU_PSCI_VERSION_0_2) { + const char comp[] = "arm,psci-0.2\0arm,psci"; + qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); + } else { + const char comp[] = "arm,psci-1.0\0arm,psci-0.2\0arm,psci"; + qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); + } cpu_off_fn = QEMU_PSCI_0_2_FN_CPU_OFF; if (arm_feature(&armcpu->env, ARM_FEATURE_AARCH64)) { diff --git a/target/arm/cpu.c b/target/arm/cpu.c index c085dc10ee..dd64d178e2 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1110,11 +1110,12 @@ static void arm_cpu_initfn(Object *obj) * picky DTB consumer will also provide a helpful error message. */ cpu->dtb_compatible = "qemu,unknown"; - cpu->psci_version = 1; /* By default assume PSCI v0.1 */ + cpu->psci_version = QEMU_PSCI_VERSION_0_1; /* By default assume PSCI v0.1 */ cpu->kvm_target = QEMU_KVM_ARM_TARGET_NONE; if (tcg_enabled() || hvf_enabled()) { - cpu->psci_version = 2; /* TCG and HVF implement PSCI 0.2 */ + /* TCG and HVF implement PSCI 1.1 */ + cpu->psci_version = QEMU_PSCI_VERSION_1_1; } } diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index 4d4ddab348..8c34f86792 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -678,7 +678,7 @@ static bool hvf_handle_psci_call(CPUState *cpu) switch (param[0]) { case QEMU_PSCI_0_2_FN_PSCI_VERSION: - ret = QEMU_PSCI_0_2_RET_VERSION_0_2; + ret = QEMU_PSCI_VERSION_1_1; break; case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE: ret = QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED; /* No trusted OS */ @@ -746,6 +746,31 @@ static bool hvf_handle_psci_call(CPUState *cpu) case QEMU_PSCI_0_2_FN_MIGRATE: ret = QEMU_PSCI_RET_NOT_SUPPORTED; break; + case QEMU_PSCI_1_0_FN_PSCI_FEATURES: + switch (param[1]) { + case QEMU_PSCI_0_2_FN_PSCI_VERSION: + case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE: + case QEMU_PSCI_0_2_FN_AFFINITY_INFO: + case QEMU_PSCI_0_2_FN64_AFFINITY_INFO: + case QEMU_PSCI_0_2_FN_SYSTEM_RESET: + case QEMU_PSCI_0_2_FN_SYSTEM_OFF: + case QEMU_PSCI_0_1_FN_CPU_ON: + case QEMU_PSCI_0_2_FN_CPU_ON: + case QEMU_PSCI_0_2_FN64_CPU_ON: + case QEMU_PSCI_0_1_FN_CPU_OFF: + case QEMU_PSCI_0_2_FN_CPU_OFF: + case QEMU_PSCI_0_1_FN_CPU_SUSPEND: + case QEMU_PSCI_0_2_FN_CPU_SUSPEND: + case QEMU_PSCI_0_2_FN64_CPU_SUSPEND: + case QEMU_PSCI_1_0_FN_PSCI_FEATURES: + ret = 0; + break; + case QEMU_PSCI_0_1_FN_MIGRATE: + case QEMU_PSCI_0_2_FN_MIGRATE: + default: + ret = QEMU_PSCI_RET_NOT_SUPPORTED; + } + break; default: return false; } diff --git a/target/arm/kvm-consts.h b/target/arm/kvm-consts.h index 580f1c1fee..e770921ddc 100644 --- a/target/arm/kvm-consts.h +++ b/target/arm/kvm-consts.h @@ -77,6 +77,8 @@ MISMATCH_CHECK(QEMU_PSCI_0_1_FN_MIGRATE, KVM_PSCI_FN_MIGRATE); #define QEMU_PSCI_0_2_FN64_AFFINITY_INFO QEMU_PSCI_0_2_FN64(4) #define QEMU_PSCI_0_2_FN64_MIGRATE QEMU_PSCI_0_2_FN64(5) +#define QEMU_PSCI_1_0_FN_PSCI_FEATURES QEMU_PSCI_0_2_FN(10) + MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_SUSPEND, PSCI_0_2_FN_CPU_SUSPEND); MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_OFF, PSCI_0_2_FN_CPU_OFF); MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_ON, PSCI_0_2_FN_CPU_ON); @@ -84,18 +86,21 @@ MISMATCH_CHECK(QEMU_PSCI_0_2_FN_MIGRATE, PSCI_0_2_FN_MIGRATE); MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_CPU_SUSPEND, PSCI_0_2_FN64_CPU_SUSPEND); MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_CPU_ON, PSCI_0_2_FN64_CPU_ON); MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_MIGRATE, PSCI_0_2_FN64_MIGRATE); +MISMATCH_CHECK(QEMU_PSCI_1_0_FN_PSCI_FEATURES, PSCI_1_0_FN_PSCI_FEATURES); /* PSCI v0.2 return values used by TCG emulation of PSCI */ /* No Trusted OS migration to worry about when offlining CPUs */ #define QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED 2 -/* We implement version 0.2 only */ -#define QEMU_PSCI_0_2_RET_VERSION_0_2 2 +#define QEMU_PSCI_VERSION_0_1 0x00001 +#define QEMU_PSCI_VERSION_0_2 0x00002 +#define QEMU_PSCI_VERSION_1_1 0x10001 MISMATCH_CHECK(QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED, PSCI_0_2_TOS_MP); -MISMATCH_CHECK(QEMU_PSCI_0_2_RET_VERSION_0_2, - (PSCI_VERSION_MAJOR(0) | PSCI_VERSION_MINOR(2))); +/* We don't bother to check every possible version value */ +MISMATCH_CHECK(QEMU_PSCI_VERSION_0_2, PSCI_VERSION(0, 2)); +MISMATCH_CHECK(QEMU_PSCI_VERSION_1_1, PSCI_VERSION(1, 1)); /* PSCI return values (inclusive of all PSCI versions) */ #define QEMU_PSCI_RET_SUCCESS 0 diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index 71c3ca6971..64d48bfb19 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -864,7 +864,7 @@ int kvm_arch_init_vcpu(CPUState *cs) cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF; } if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) { - cpu->psci_version = 2; + cpu->psci_version = QEMU_PSCI_VERSION_0_2; cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2; } if (!arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { diff --git a/target/arm/psci.c b/target/arm/psci.c index b279c0b9a4..6c1239bb96 100644 --- a/target/arm/psci.c +++ b/target/arm/psci.c @@ -57,7 +57,7 @@ void arm_handle_psci_call(ARMCPU *cpu) { /* * This function partially implements the logic for dispatching Power State - * Coordination Interface (PSCI) calls (as described in ARM DEN 0022B.b), + * Coordination Interface (PSCI) calls (as described in ARM DEN 0022D.b), * to the extent required for bringing up and taking down secondary cores, * and for handling reset and poweroff requests. * Additional information about the calling convention used is available in @@ -80,7 +80,7 @@ void arm_handle_psci_call(ARMCPU *cpu) } if ((param[0] & QEMU_PSCI_0_2_64BIT) && !is_a64(env)) { - ret = QEMU_PSCI_RET_INVALID_PARAMS; + ret = QEMU_PSCI_RET_NOT_SUPPORTED; goto err; } @@ -89,7 +89,7 @@ void arm_handle_psci_call(ARMCPU *cpu) ARMCPU *target_cpu; case QEMU_PSCI_0_2_FN_PSCI_VERSION: - ret = QEMU_PSCI_0_2_RET_VERSION_0_2; + ret = QEMU_PSCI_VERSION_1_1; break; case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE: ret = QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED; /* No trusted OS */ @@ -170,6 +170,35 @@ void arm_handle_psci_call(ARMCPU *cpu) } helper_wfi(env, 4); break; + case QEMU_PSCI_1_0_FN_PSCI_FEATURES: + switch (param[1]) { + case QEMU_PSCI_0_2_FN_PSCI_VERSION: + case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE: + case QEMU_PSCI_0_2_FN_AFFINITY_INFO: + case QEMU_PSCI_0_2_FN64_AFFINITY_INFO: + case QEMU_PSCI_0_2_FN_SYSTEM_RESET: + case QEMU_PSCI_0_2_FN_SYSTEM_OFF: + case QEMU_PSCI_0_1_FN_CPU_ON: + case QEMU_PSCI_0_2_FN_CPU_ON: + case QEMU_PSCI_0_2_FN64_CPU_ON: + case QEMU_PSCI_0_1_FN_CPU_OFF: + case QEMU_PSCI_0_2_FN_CPU_OFF: + case QEMU_PSCI_0_1_FN_CPU_SUSPEND: + case QEMU_PSCI_0_2_FN_CPU_SUSPEND: + case QEMU_PSCI_0_2_FN64_CPU_SUSPEND: + case QEMU_PSCI_1_0_FN_PSCI_FEATURES: + if (!(param[1] & QEMU_PSCI_0_2_64BIT) || is_a64(env)) { + ret = 0; + break; + } + /* fallthrough */ + case QEMU_PSCI_0_1_FN_MIGRATE: + case QEMU_PSCI_0_2_FN_MIGRATE: + default: + ret = QEMU_PSCI_RET_NOT_SUPPORTED; + break; + } + break; case QEMU_PSCI_0_1_FN_MIGRATE: case QEMU_PSCI_0_2_FN_MIGRATE: default: From 23d5acf3d40f8010275ae9a5a80daf652a97308f Mon Sep 17 00:00:00 2001 From: Wentao_Liang Date: Fri, 25 Feb 2022 12:01:42 +0800 Subject: [PATCH 06/26] target/arm: Fix early free of TCG temp in handle_simd_shift_fpint_conv() handle_simd_shift_fpint_conv() was accidentally freeing the TCG temporary tcg_fpstatus too early, before the last use of it. Move the free down to where it belongs. Signed-off-by: Wentao_Liang Reviewed-by: Richard Henderson [PMM: cleaned up commit message] Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 5a1df25f91..d1a59fad9c 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -9045,9 +9045,9 @@ static void handle_simd_shift_fpint_conv(DisasContext *s, bool is_scalar, } } - tcg_temp_free_ptr(tcg_fpstatus); tcg_temp_free_i32(tcg_shift); gen_helper_set_rmode(tcg_rmode, tcg_rmode, tcg_fpstatus); + tcg_temp_free_ptr(tcg_fpstatus); tcg_temp_free_i32(tcg_rmode); } From 4c579e15bdde6468317b40a84bf93e0114a0b179 Mon Sep 17 00:00:00 2001 From: Shengtan Mao Date: Fri, 25 Feb 2022 09:44:51 -0800 Subject: [PATCH 07/26] tests/qtest: add qtests for npcm7xx sdhci Reviewed-by: Hao Wu Reviewed-by: Chris Rauer Signed-off-by: Shengtan Mao Signed-off-by: Patrick Venture Message-id: 20220225174451.192304-1-wuhaotsh@google.com Signed-off-by: Peter Maydell --- tests/qtest/meson.build | 1 + tests/qtest/npcm7xx_sdhci-test.c | 215 +++++++++++++++++++++++++++++++ 2 files changed, 216 insertions(+) create mode 100644 tests/qtest/npcm7xx_sdhci-test.c diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index f33d84d19b..721eafad12 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -190,6 +190,7 @@ qtests_npcm7xx = \ 'npcm7xx_gpio-test', 'npcm7xx_pwm-test', 'npcm7xx_rng-test', + 'npcm7xx_sdhci-test', 'npcm7xx_smbus-test', 'npcm7xx_timer-test', 'npcm7xx_watchdog_timer-test'] + \ diff --git a/tests/qtest/npcm7xx_sdhci-test.c b/tests/qtest/npcm7xx_sdhci-test.c new file mode 100644 index 0000000000..c1f496fb29 --- /dev/null +++ b/tests/qtest/npcm7xx_sdhci-test.c @@ -0,0 +1,215 @@ +/* + * QTests for NPCM7xx SD-3.0 / MMC-4.51 Host Controller + * + * Copyright (c) 2022 Google LLC + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "qemu/osdep.h" +#include "hw/sd/npcm7xx_sdhci.h" + +#include "libqos/libqtest.h" +#include "libqtest-single.h" +#include "libqos/sdhci-cmd.h" + +#define NPCM7XX_REG_SIZE 0x100 +#define NPCM7XX_MMC_BA 0xF0842000 +#define NPCM7XX_BLK_SIZE 512 +#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30) + +char *sd_path; + +static QTestState *setup_sd_card(void) +{ + QTestState *qts = qtest_initf( + "-machine kudo-bmc " + "-device sd-card,drive=drive0 " + "-drive id=drive0,if=none,file=%s,format=raw,auto-read-only=off", + sd_path); + + qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_SWRST, SDHC_RESET_ALL); + qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_CLKCON, + SDHC_CLOCK_SDCLK_EN | SDHC_CLOCK_INT_STABLE | + SDHC_CLOCK_INT_EN); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_APP_CMD); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x41200000, 0, (41 << 8)); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_ALL_SEND_CID); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_SEND_RELATIVE_ADDR); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x45670000, 0, + SDHC_SELECT_DESELECT_CARD); + + return qts; +} + +static void write_sdread(QTestState *qts, const char *msg) +{ + int fd, ret; + size_t len = strlen(msg); + char *rmsg = g_malloc(len); + + /* write message to sd */ + fd = open(sd_path, O_WRONLY); + g_assert(fd >= 0); + ret = write(fd, msg, len); + close(fd); + g_assert(ret == len); + + /* read message using sdhci */ + ret = sdhci_read_cmd(qts, NPCM7XX_MMC_BA, rmsg, len); + g_assert(ret == len); + g_assert(!memcmp(rmsg, msg, len)); + + g_free(rmsg); +} + +/* Check MMC can read values from sd */ +static void test_read_sd(void) +{ + QTestState *qts = setup_sd_card(); + + write_sdread(qts, "hello world"); + write_sdread(qts, "goodbye"); + + qtest_quit(qts); +} + +static void sdwrite_read(QTestState *qts, const char *msg) +{ + int fd, ret; + size_t len = strlen(msg); + char *rmsg = g_malloc(len); + + /* write message using sdhci */ + sdhci_write_cmd(qts, NPCM7XX_MMC_BA, msg, len, NPCM7XX_BLK_SIZE); + + /* read message from sd */ + fd = open(sd_path, O_RDONLY); + g_assert(fd >= 0); + ret = read(fd, rmsg, len); + close(fd); + g_assert(ret == len); + + g_assert(!memcmp(rmsg, msg, len)); + + g_free(rmsg); +} + +/* Check MMC can write values to sd */ +static void test_write_sd(void) +{ + QTestState *qts = setup_sd_card(); + + sdwrite_read(qts, "hello world"); + sdwrite_read(qts, "goodbye"); + + qtest_quit(qts); +} + +/* Check SDHCI has correct default values. */ +static void test_reset(void) +{ + QTestState *qts = qtest_init("-machine kudo-bmc"); + uint64_t addr = NPCM7XX_MMC_BA; + uint64_t end_addr = addr + NPCM7XX_REG_SIZE; + uint16_t prstvals_resets[] = {NPCM7XX_PRSTVALS_0_RESET, + NPCM7XX_PRSTVALS_1_RESET, + 0, + NPCM7XX_PRSTVALS_3_RESET, + 0, + 0}; + int i; + uint32_t mask; + + while (addr < end_addr) { + switch (addr - NPCM7XX_MMC_BA) { + case SDHC_PRNSTS: + /* + * ignores bits 20 to 24: they are changed when reading registers + */ + mask = 0x1f00000; + g_assert_cmphex(qtest_readl(qts, addr) | mask, ==, + NPCM7XX_PRSNTS_RESET | mask); + addr += 4; + break; + case SDHC_BLKGAP: + g_assert_cmphex(qtest_readb(qts, addr), ==, NPCM7XX_BLKGAP_RESET); + addr += 1; + break; + case SDHC_CAPAB: + g_assert_cmphex(qtest_readq(qts, addr), ==, NPCM7XX_CAPAB_RESET); + addr += 8; + break; + case SDHC_MAXCURR: + g_assert_cmphex(qtest_readq(qts, addr), ==, NPCM7XX_MAXCURR_RESET); + addr += 8; + break; + case SDHC_HCVER: + g_assert_cmphex(qtest_readw(qts, addr), ==, NPCM7XX_HCVER_RESET); + addr += 2; + break; + case NPCM7XX_PRSTVALS: + for (i = 0; i < NPCM7XX_PRSTVALS_SIZE; ++i) { + g_assert_cmphex(qtest_readw(qts, addr + 2 * i), ==, + prstvals_resets[i]); + } + addr += NPCM7XX_PRSTVALS_SIZE * 2; + break; + default: + g_assert_cmphex(qtest_readb(qts, addr), ==, 0); + addr += 1; + } + } + + qtest_quit(qts); +} + +static void drive_destroy(void) +{ + unlink(sd_path); + g_free(sd_path); +} + +static void drive_create(void) +{ + int fd, ret; + GError *error = NULL; + + /* Create a temporary raw image */ + fd = g_file_open_tmp("sdhci_XXXXXX", &sd_path, &error); + if (fd == -1) { + fprintf(stderr, "unable to create sdhci file: %s\n", error->message); + g_error_free(error); + } + g_assert(sd_path != NULL); + + ret = ftruncate(fd, NPCM7XX_TEST_IMAGE_SIZE); + g_assert_cmpint(ret, ==, 0); + g_message("%s", sd_path); + close(fd); +} + +int main(int argc, char **argv) +{ + int ret; + + drive_create(); + + g_test_init(&argc, &argv, NULL); + + qtest_add_func("npcm7xx_sdhci/reset", test_reset); + qtest_add_func("npcm7xx_sdhci/write_sd", test_write_sd); + qtest_add_func("npcm7xx_sdhci/read_sd", test_read_sd); + + ret = g_test_run(); + drive_destroy(); + return ret; +} From d5e51efb9f1842d85f24fb0e2fe298641de6e129 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:41 -1000 Subject: [PATCH 08/26] hw/registerfields: Add FIELD_SEX and FIELD_SDP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add new macros to manipulate signed fields within the register. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-2-richard.henderson@linaro.org Suggested-by: Peter Maydell Signed-off-by: Richard Henderson Signed-off-by: Peter Maydell --- include/hw/registerfields.h | 48 ++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h index f2a3c9c41f..3a88e135d0 100644 --- a/include/hw/registerfields.h +++ b/include/hw/registerfields.h @@ -59,6 +59,19 @@ extract64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ R_ ## reg ## _ ## field ## _LENGTH) +#define FIELD_SEX8(storage, reg, field) \ + sextract8((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH) +#define FIELD_SEX16(storage, reg, field) \ + sextract16((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH) +#define FIELD_SEX32(storage, reg, field) \ + sextract32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH) +#define FIELD_SEX64(storage, reg, field) \ + sextract64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH) + /* Extract a field from an array of registers */ #define ARRAY_FIELD_EX32(regs, reg, field) \ FIELD_EX32((regs)[R_ ## reg], reg, field) @@ -95,7 +108,40 @@ _d; }) #define FIELD_DP64(storage, reg, field, val) ({ \ struct { \ - uint64_t v:R_ ## reg ## _ ## field ## _LENGTH; \ + uint64_t v:R_ ## reg ## _ ## field ## _LENGTH; \ + } _v = { .v = val }; \ + uint64_t _d; \ + _d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ + _d; }) + +#define FIELD_SDP8(storage, reg, field, val) ({ \ + struct { \ + signed int v:R_ ## reg ## _ ## field ## _LENGTH; \ + } _v = { .v = val }; \ + uint8_t _d; \ + _d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ + _d; }) +#define FIELD_SDP16(storage, reg, field, val) ({ \ + struct { \ + signed int v:R_ ## reg ## _ ## field ## _LENGTH; \ + } _v = { .v = val }; \ + uint16_t _d; \ + _d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ + _d; }) +#define FIELD_SDP32(storage, reg, field, val) ({ \ + struct { \ + signed int v:R_ ## reg ## _ ## field ## _LENGTH; \ + } _v = { .v = val }; \ + uint32_t _d; \ + _d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ + _d; }) +#define FIELD_SDP64(storage, reg, field, val) ({ \ + struct { \ + int64_t v:R_ ## reg ## _ ## field ## _LENGTH; \ } _v = { .v = val }; \ uint64_t _d; \ _d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ From 691f1ffdfc446acc1a9f0831fcced5012f6de52a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:42 -1000 Subject: [PATCH 09/26] target/arm: Set TCR_EL1.TSZ for user-only Set this as the kernel would, to 48 bits, to keep the computation of the address space correct for PAuth. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index dd64d178e2..7091684a16 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -206,10 +206,11 @@ static void arm_cpu_reset(DeviceState *dev) aarch64_sve_zcr_get_valid_len(cpu, cpu->sve_default_vq - 1); } /* + * Enable 48-bit address space (TODO: take reserved_va into account). * Enable TBI0 but not TBI1. * Note that this must match useronly_clean_ptr. */ - env->cp15.tcr_el[1].raw_tcr = (1ULL << 37); + env->cp15.tcr_el[1].raw_tcr = 5 | (1ULL << 37); /* Enable MTE */ if (cpu_isar_feature(aa64_mte, cpu)) { From ebf93ce7c07b91eecf8b00cd2218bc0be99d7f6c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:43 -1000 Subject: [PATCH 10/26] target/arm: Fault on invalid TCR_ELx.TxSZ Without FEAT_LVA, the behaviour of programming an invalid value is IMPLEMENTATION DEFINED. With FEAT_LVA, programming an invalid minimum value requires a Translation fault. It is most self-consistent to choose to generate the fault always. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 32 ++++++++++++++++++++++++++++---- target/arm/internals.h | 1 + 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 7bf50fdd76..dd4d95bda2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11190,8 +11190,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, ARMMMUIdx mmu_idx, bool data) { uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr; - bool epd, hpd, using16k, using64k; - int select, tsz, tbi, max_tsz; + bool epd, hpd, using16k, using64k, tsz_oob; + int select, tsz, tbi, max_tsz, min_tsz; if (!regime_has_2_ranges(mmu_idx)) { select = 0; @@ -11232,9 +11232,17 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, } else { max_tsz = 39; } + min_tsz = 16; /* TODO: ARMv8.2-LVA */ - tsz = MIN(tsz, max_tsz); - tsz = MAX(tsz, 16); /* TODO: ARMv8.2-LVA */ + if (tsz > max_tsz) { + tsz = max_tsz; + tsz_oob = true; + } else if (tsz < min_tsz) { + tsz = min_tsz; + tsz_oob = true; + } else { + tsz_oob = false; + } /* Present TBI as a composite with TBID. */ tbi = aa64_va_parameter_tbi(tcr, mmu_idx); @@ -11251,6 +11259,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, .hpd = hpd, .using16k = using16k, .using64k = using64k, + .tsz_oob = tsz_oob, }; } @@ -11374,6 +11383,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, param = aa64_va_parameters(env, address, mmu_idx, access_type != MMU_INST_FETCH); level = 0; + + /* + * If TxSZ is programmed to a value larger than the maximum, + * or smaller than the effective minimum, it is IMPLEMENTATION + * DEFINED whether we behave as if the field were programmed + * within bounds, or if a level 0 Translation fault is generated. + * + * With FEAT_LVA, fault on less than minimum becomes required, + * so our choice is to always raise the fault. + */ + if (param.tsz_oob) { + fault_type = ARMFault_Translation; + goto do_fault; + } + addrsize = 64 - 8 * param.tbi; inputsize = 64 - param.tsz; } else { diff --git a/target/arm/internals.h b/target/arm/internals.h index 3f05748ea4..ef6c25d8cb 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1055,6 +1055,7 @@ typedef struct ARMVAParameters { bool hpd : 1; bool using16k : 1; bool using64k : 1; + bool tsz_oob : 1; /* tsz has been clamped to legal range */ } ARMVAParameters; ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, From 71a77257dd4926e782bc8939c3323d7017e2936f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:44 -1000 Subject: [PATCH 11/26] target/arm: Move arm_pamax out of line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We will shortly share parts of this function with other portions of address translation. Reviewed-by: Peter Maydell Reviewed-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 22 ++++++++++++++++++++++ target/arm/internals.h | 19 +------------------ 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index dd4d95bda2..71e575f352 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11152,6 +11152,28 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs) } #endif /* !CONFIG_USER_ONLY */ +/* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */ +unsigned int arm_pamax(ARMCPU *cpu) +{ + static const unsigned int pamax_map[] = { + [0] = 32, + [1] = 36, + [2] = 40, + [3] = 42, + [4] = 44, + [5] = 48, + }; + unsigned int parange = + FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); + + /* + * id_aa64mmfr0 is a read-only register so values outside of the + * supported mappings can be considered an implementation error. + */ + assert(parange < ARRAY_SIZE(pamax_map)); + return pamax_map[parange]; +} + static int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index ef6c25d8cb..fefd1fb8d8 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -243,24 +243,7 @@ static inline void update_spsel(CPUARMState *env, uint32_t imm) * Returns the implementation defined bit-width of physical addresses. * The ARMv8 reference manuals refer to this as PAMax(). */ -static inline unsigned int arm_pamax(ARMCPU *cpu) -{ - static const unsigned int pamax_map[] = { - [0] = 32, - [1] = 36, - [2] = 40, - [3] = 42, - [4] = 44, - [5] = 48, - }; - unsigned int parange = - FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); - - /* id_aa64mmfr0 is a read-only register so values outside of the - * supported mappings can be considered an implementation error. */ - assert(parange < ARRAY_SIZE(pamax_map)); - return pamax_map[parange]; -} +unsigned int arm_pamax(ARMCPU *cpu); /* Return true if extended addresses are enabled. * This is always the case if our translation regime is 64 bit, From 49ba115bb7429bb64bcbc7e5705a04090058e9a3 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:45 -1000 Subject: [PATCH 12/26] target/arm: Pass outputsize down to check_s2_mmu_setup Pass down the width of the output address from translation. For now this is still just PAMax, but a subsequent patch will compute the correct value from TCR_ELx.{I}PS. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 71e575f352..431b0c1405 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11065,7 +11065,7 @@ do_fault: * false otherwise. */ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level, - int inputsize, int stride) + int inputsize, int stride, int outputsize) { const int grainsize = stride + 3; int startsizecheck; @@ -11081,22 +11081,19 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level, } if (is_aa64) { - CPUARMState *env = &cpu->env; - unsigned int pamax = arm_pamax(cpu); - switch (stride) { case 13: /* 64KB Pages. */ - if (level == 0 || (level == 1 && pamax <= 42)) { + if (level == 0 || (level == 1 && outputsize <= 42)) { return false; } break; case 11: /* 16KB Pages. */ - if (level == 0 || (level == 1 && pamax <= 40)) { + if (level == 0 || (level == 1 && outputsize <= 40)) { return false; } break; case 9: /* 4KB Pages. */ - if (level == 0 && pamax <= 42) { + if (level == 0 && outputsize <= 42) { return false; } break; @@ -11105,8 +11102,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level, } /* Inputsize checks. */ - if (inputsize > pamax && - (arm_el_is_aa64(env, 1) || inputsize > 40)) { + if (inputsize > outputsize && + (arm_el_is_aa64(&cpu->env, 1) || inputsize > 40)) { /* This is CONSTRAINED UNPREDICTABLE and we choose to fault. */ return false; } @@ -11392,7 +11389,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, target_ulong page_size; uint32_t attrs; int32_t stride; - int addrsize, inputsize; + int addrsize, inputsize, outputsize; TCR *tcr = regime_tcr(env, mmu_idx); int ap, ns, xn, pxn; uint32_t el = regime_el(env, mmu_idx); @@ -11422,11 +11419,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, addrsize = 64 - 8 * param.tbi; inputsize = 64 - param.tsz; + outputsize = arm_pamax(cpu); } else { param = aa32_va_parameters(env, address, mmu_idx); level = 1; addrsize = (mmu_idx == ARMMMUIdx_Stage2 ? 40 : 32); inputsize = addrsize - param.tsz; + outputsize = 40; } /* @@ -11511,7 +11510,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, /* Check that the starting level is valid. */ ok = check_s2_mmu_setup(cpu, aarch64, startlevel, - inputsize, stride); + inputsize, stride, outputsize); if (!ok) { fault_type = ARMFault_Translation; goto do_fault; From d06449f2eb555896057ee047b3009a3616d52028 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:46 -1000 Subject: [PATCH 13/26] target/arm: Use MAKE_64BIT_MASK to compute indexmask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The macro is a bit more readable than the inlined computation. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 431b0c1405..675aec4bf3 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11518,8 +11518,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, level = startlevel; } - indexmask_grainsize = (1ULL << (stride + 3)) - 1; - indexmask = (1ULL << (inputsize - (stride * (4 - level)))) - 1; + indexmask_grainsize = MAKE_64BIT_MASK(0, stride + 3); + indexmask = MAKE_64BIT_MASK(0, inputsize - (stride * (4 - level))); /* Now we can extract the actual base address from the TTBR */ descaddr = extract64(ttbr, 0, 48); From f4ecc01537684a4125c35433f3097295d0a1f839 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:47 -1000 Subject: [PATCH 14/26] target/arm: Honor TCR_ELx.{I}PS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This field controls the output (intermediate) physical address size of the translation process. V8 requires to raise an AddressSize fault if the page tables are programmed incorrectly, such that any intermediate descriptor address, or the final translated address, is out of range. Add a PS field to ARMVAParameters, and properly compute outputsize in get_phys_addr_lpae. Test the descaddr as extracted from TTBR and from page table entries. Restrict descaddrmask so that we won't raise the fault for v7. Reviewed-by: Peter Maydell Reviewed-by: Alex Bennée Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 72 ++++++++++++++++++++++++++++++++---------- target/arm/internals.h | 1 + 2 files changed, 57 insertions(+), 16 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 675aec4bf3..c002100979 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11149,17 +11149,19 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs) } #endif /* !CONFIG_USER_ONLY */ +/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */ +static const uint8_t pamax_map[] = { + [0] = 32, + [1] = 36, + [2] = 40, + [3] = 42, + [4] = 44, + [5] = 48, +}; + /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */ unsigned int arm_pamax(ARMCPU *cpu) { - static const unsigned int pamax_map[] = { - [0] = 32, - [1] = 36, - [2] = 40, - [3] = 42, - [4] = 44, - [5] = 48, - }; unsigned int parange = FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); @@ -11210,7 +11212,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, { uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr; bool epd, hpd, using16k, using64k, tsz_oob; - int select, tsz, tbi, max_tsz, min_tsz; + int select, tsz, tbi, max_tsz, min_tsz, ps; if (!regime_has_2_ranges(mmu_idx)) { select = 0; @@ -11224,6 +11226,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, hpd = extract32(tcr, 24, 1); } epd = false; + ps = extract32(tcr, 16, 3); } else { /* * Bit 55 is always between the two regions, and is canonical for @@ -11244,6 +11247,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, epd = extract32(tcr, 23, 1); hpd = extract64(tcr, 42, 1); } + ps = extract64(tcr, 32, 3); } if (cpu_isar_feature(aa64_st, env_archcpu(env))) { @@ -11272,6 +11276,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, return (ARMVAParameters) { .tsz = tsz, + .ps = ps, .select = select, .tbi = tbi, .epd = epd, @@ -11399,6 +11404,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, /* TODO: This code does not support shareability levels. */ if (aarch64) { + int ps; + param = aa64_va_parameters(env, address, mmu_idx, access_type != MMU_INST_FETCH); level = 0; @@ -11419,7 +11426,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, addrsize = 64 - 8 * param.tbi; inputsize = 64 - param.tsz; - outputsize = arm_pamax(cpu); + + /* + * Bound PS by PARANGE to find the effective output address size. + * ID_AA64MMFR0 is a read-only register so values outside of the + * supported mappings can be considered an implementation error. + */ + ps = FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); + ps = MIN(ps, param.ps); + assert(ps < ARRAY_SIZE(pamax_map)); + outputsize = pamax_map[ps]; } else { param = aa32_va_parameters(env, address, mmu_idx); level = 1; @@ -11523,19 +11539,38 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, /* Now we can extract the actual base address from the TTBR */ descaddr = extract64(ttbr, 0, 48); + + /* + * If the base address is out of range, raise AddressSizeFault. + * In the pseudocode, this is !IsZero(baseregister<47:outputsize>), + * but we've just cleared the bits above 47, so simplify the test. + */ + if (descaddr >> outputsize) { + level = 0; + fault_type = ARMFault_AddressSize; + goto do_fault; + } + /* * We rely on this masking to clear the RES0 bits at the bottom of the TTBR * and also to mask out CnP (bit 0) which could validly be non-zero. */ descaddr &= ~indexmask; - /* The address field in the descriptor goes up to bit 39 for ARMv7 - * but up to bit 47 for ARMv8, but we use the descaddrmask - * up to bit 39 for AArch32, because we don't need other bits in that case - * to construct next descriptor address (anyway they should be all zeroes). + /* + * For AArch32, the address field in the descriptor goes up to bit 39 + * for both v7 and v8. However, for v8 the SBZ bits [47:40] must be 0 + * or an AddressSize fault is raised. So for v8 we extract those SBZ + * bits as part of the address, which will be checked via outputsize. + * For AArch64, the address field always goes up to bit 47 (with extra + * bits for FEAT_LPA placed elsewhere). AArch64 implies v8. */ - descaddrmask = ((1ull << (aarch64 ? 48 : 40)) - 1) & - ~indexmask_grainsize; + if (arm_feature(env, ARM_FEATURE_V8)) { + descaddrmask = MAKE_64BIT_MASK(0, 48); + } else { + descaddrmask = MAKE_64BIT_MASK(0, 40); + } + descaddrmask &= ~indexmask_grainsize; /* Secure accesses start with the page table in secure memory and * can be downgraded to non-secure at any step. Non-secure accesses @@ -11560,7 +11595,12 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, /* Invalid, or the Reserved level 3 encoding */ goto do_fault; } + descaddr = descriptor & descaddrmask; + if (descaddr >> outputsize) { + fault_type = ARMFault_AddressSize; + goto do_fault; + } if ((descriptor & 2) && (level < 3)) { /* Table entry. The top five bits are attributes which may diff --git a/target/arm/internals.h b/target/arm/internals.h index fefd1fb8d8..3d3d41ba2b 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1032,6 +1032,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const ARMISARegisters *id) */ typedef struct ARMVAParameters { unsigned tsz : 8; + unsigned ps : 3; unsigned select : 1; bool tbi : 1; bool epd : 1; From 777ab8d84442dd6c0c5fbf787de87779d5ab82e8 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:48 -1000 Subject: [PATCH 15/26] target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA The original A.a revision of the AArch64 ARM required that we force-extend the addresses in these registers from 49 bits. This language has been loosened via a combination of IMPLEMENTATION DEFINED and CONSTRAINTED UNPREDICTABLE to allow consideration of the entire aligned address. This means that we do not have to consider whether or not FEAT_LVA is enabled, and decide from which bit an address might need to be extended. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index c002100979..2eff30d18c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6423,11 +6423,18 @@ static void dbgwvr_write(CPUARMState *env, const ARMCPRegInfo *ri, ARMCPU *cpu = env_archcpu(env); int i = ri->crm; - /* Bits [63:49] are hardwired to the value of bit [48]; that is, the - * register reads and behaves as if values written are sign extended. + /* * Bits [1:0] are RES0. + * + * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA) + * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if + * they contain the value written. It is CONSTRAINED UNPREDICTABLE + * whether the RESS bits are ignored when comparing an address. + * + * Therefore we are allowed to compare the entire register, which lets + * us avoid considering whether or not FEAT_LVA is actually enabled. */ - value = sextract64(value, 0, 49) & ~3ULL; + value &= ~3ULL; raw_write(env, ri, value); hw_watchpoint_update(cpu, i); @@ -6473,10 +6480,19 @@ void hw_breakpoint_update(ARMCPU *cpu, int n) case 0: /* unlinked address match */ case 1: /* linked address match */ { - /* Bits [63:49] are hardwired to the value of bit [48]; that is, - * we behave as if the register was sign extended. Bits [1:0] are - * RES0. The BAS field is used to allow setting breakpoints on 16 - * bit wide instructions; it is CONSTRAINED UNPREDICTABLE whether + /* + * Bits [1:0] are RES0. + * + * It is IMPLEMENTATION DEFINED whether bits [63:49] + * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit + * of the VA field ([48] or [52] for FEAT_LVA), or whether the + * value is read as written. It is CONSTRAINED UNPREDICTABLE + * whether the RESS bits are ignored when comparing an address. + * Therefore we are allowed to compare the entire register, which + * lets us avoid considering whether FEAT_LVA is actually enabled. + * + * The BAS field is used to allow setting breakpoints on 16-bit + * wide instructions; it is CONSTRAINED UNPREDICTABLE whether * a bp will fire if the addresses covered by the bp and the addresses * covered by the insn overlap but the insn doesn't start at the * start of the bp address range. We choose to require the insn and @@ -6489,7 +6505,7 @@ void hw_breakpoint_update(ARMCPU *cpu, int n) * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c). */ int bas = extract64(bcr, 5, 4); - addr = sextract64(bvr, 0, 49) & ~3ULL; + addr = bvr & ~3ULL; if (bas == 0) { return; } From 0af312b6edd231e1c8d0dec12494a80bc39ac761 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:49 -1000 Subject: [PATCH 16/26] target/arm: Implement FEAT_LVA This feature is relatively small, as it applies only to 64k pages and thus requires no additional changes to the table descriptor walking algorithm, only a change to the minimum TSZ (which is the inverse of the maximum virtual address space size). Note that this feature widens VBAR_ELx, but we already treat the register as being 64 bits wide. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- docs/system/arm/emulation.rst | 1 + target/arm/cpu-param.h | 2 +- target/arm/cpu.h | 5 +++++ target/arm/cpu64.c | 1 + target/arm/helper.c | 9 ++++++++- 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 144dc491d9..f3eabddfb5 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -27,6 +27,7 @@ the following architecture extensions: - FEAT_LRCPC (Load-acquire RCpc instructions) - FEAT_LRCPC2 (Load-acquire RCpc instructions v2) - FEAT_LSE (Large System Extensions) +- FEAT_LVA (Large Virtual Address space) - FEAT_MTE (Memory Tagging Extension) - FEAT_MTE2 (Memory Tagging Extension) - FEAT_MTE3 (MTE Asymmetric Fault Handling) diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h index 7f38d33b8e..5f9c288b1a 100644 --- a/target/arm/cpu-param.h +++ b/target/arm/cpu-param.h @@ -11,7 +11,7 @@ #ifdef TARGET_AARCH64 # define TARGET_LONG_BITS 64 # define TARGET_PHYS_ADDR_SPACE_BITS 48 -# define TARGET_VIRT_ADDR_SPACE_BITS 48 +# define TARGET_VIRT_ADDR_SPACE_BITS 52 #else # define TARGET_LONG_BITS 32 # define TARGET_PHYS_ADDR_SPACE_BITS 40 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index c6a4d50e82..c52d56f669 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -4289,6 +4289,11 @@ static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0; } +static inline bool isar_feature_aa64_lva(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0; +} + static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 1171ab16b9..1de31ffb40 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -811,6 +811,7 @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64MMFR2, UAO, 1); t = FIELD_DP64(t, ID_AA64MMFR2, CNP, 1); /* TTCNP */ t = FIELD_DP64(t, ID_AA64MMFR2, ST, 1); /* TTST */ + t = FIELD_DP64(t, ID_AA64MMFR2, VARANGE, 1); /* FEAT_LVA */ cpu->isar.id_aa64mmfr2 = t; t = cpu->isar.id_aa64zfr0; diff --git a/target/arm/helper.c b/target/arm/helper.c index 2eff30d18c..28b4347213 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11271,7 +11271,14 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, } else { max_tsz = 39; } - min_tsz = 16; /* TODO: ARMv8.2-LVA */ + + min_tsz = 16; + if (using64k) { + if (cpu_isar_feature(aa64_lva, env_archcpu(env))) { + min_tsz = 12; + } + } + /* TODO: FEAT_LPA2 */ if (tsz > max_tsz) { tsz = max_tsz; From 7a928f43d8724bdf0777d7fc67a5ad973a0bf4bf Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:50 -1000 Subject: [PATCH 17/26] target/arm: Implement FEAT_LPA This feature widens physical addresses (and intermediate physical addresses for 2-stage translation) from 48 to 52 bits, when using 64k pages. The only thing left at this point is to handle the extra bits in the TTBR and in the table descriptors. Note that PAR_EL1 and HPFAR_EL2 are nominally extended, but we don't mask out the high bits when writing to those registers, so no changes are required there. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-11-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- docs/system/arm/emulation.rst | 1 + target/arm/cpu-param.h | 2 +- target/arm/cpu64.c | 2 +- target/arm/helper.c | 19 ++++++++++++++++--- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index f3eabddfb5..0053ddce20 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -24,6 +24,7 @@ the following architecture extensions: - FEAT_I8MM (AArch64 Int8 matrix multiplication instructions) - FEAT_JSCVT (JavaScript conversion instructions) - FEAT_LOR (Limited ordering regions) +- FEAT_LPA (Large Physical Address space) - FEAT_LRCPC (Load-acquire RCpc instructions) - FEAT_LRCPC2 (Load-acquire RCpc instructions v2) - FEAT_LSE (Large System Extensions) diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h index 5f9c288b1a..b59d505761 100644 --- a/target/arm/cpu-param.h +++ b/target/arm/cpu-param.h @@ -10,7 +10,7 @@ #ifdef TARGET_AARCH64 # define TARGET_LONG_BITS 64 -# define TARGET_PHYS_ADDR_SPACE_BITS 48 +# define TARGET_PHYS_ADDR_SPACE_BITS 52 # define TARGET_VIRT_ADDR_SPACE_BITS 52 #else # define TARGET_LONG_BITS 32 diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 1de31ffb40..d88662cef6 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -795,7 +795,7 @@ static void aarch64_max_initfn(Object *obj) cpu->isar.id_aa64pfr1 = t; t = cpu->isar.id_aa64mmfr0; - t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */ + t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ cpu->isar.id_aa64mmfr0 = t; t = cpu->isar.id_aa64mmfr1; diff --git a/target/arm/helper.c b/target/arm/helper.c index 28b4347213..950f56599e 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -11173,6 +11173,7 @@ static const uint8_t pamax_map[] = { [3] = 42, [4] = 44, [5] = 48, + [6] = 52, }; /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */ @@ -11564,11 +11565,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, descaddr = extract64(ttbr, 0, 48); /* - * If the base address is out of range, raise AddressSizeFault. + * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [5:2] of TTBR. + * + * Otherwise, if the base address is out of range, raise AddressSizeFault. * In the pseudocode, this is !IsZero(baseregister<47:outputsize>), * but we've just cleared the bits above 47, so simplify the test. */ - if (descaddr >> outputsize) { + if (outputsize > 48) { + descaddr |= extract64(ttbr, 2, 4) << 48; + } else if (descaddr >> outputsize) { level = 0; fault_type = ARMFault_AddressSize; goto do_fault; @@ -11620,7 +11625,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, } descaddr = descriptor & descaddrmask; - if (descaddr >> outputsize) { + + /* + * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12] + * of descriptor. Otherwise, if descaddr is out of range, raise + * AddressSizeFault. + */ + if (outputsize > 48) { + descaddr |= extract64(descriptor, 12, 4) << 48; + } else if (descaddr >> outputsize) { fault_type = ARMFault_AddressSize; goto do_fault; } From 13e481c9335582fc7eed12e24e8d4d7068b24ff8 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:51 -1000 Subject: [PATCH 18/26] target/arm: Extend arm_fi_to_lfsc to level -1 With FEAT_LPA2, rather than introducing translation level 4, we introduce level -1, below the current level 0. Extend arm_fi_to_lfsc to handle these faults. Assert that this new translation level does not leak into fault types for which it is not defined, which allows some masking of fi->level to be removed. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-12-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/internals.h | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 3d3d41ba2b..00af41d792 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -462,28 +462,51 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi) case ARMFault_None: return 0; case ARMFault_AddressSize: - fsc = fi->level & 3; + assert(fi->level >= -1 && fi->level <= 3); + if (fi->level < 0) { + fsc = 0b101001; + } else { + fsc = fi->level; + } break; case ARMFault_AccessFlag: - fsc = (fi->level & 3) | (0x2 << 2); + assert(fi->level >= 0 && fi->level <= 3); + fsc = 0b001000 | fi->level; break; case ARMFault_Permission: - fsc = (fi->level & 3) | (0x3 << 2); + assert(fi->level >= 0 && fi->level <= 3); + fsc = 0b001100 | fi->level; break; case ARMFault_Translation: - fsc = (fi->level & 3) | (0x1 << 2); + assert(fi->level >= -1 && fi->level <= 3); + if (fi->level < 0) { + fsc = 0b101011; + } else { + fsc = 0b000100 | fi->level; + } break; case ARMFault_SyncExternal: fsc = 0x10 | (fi->ea << 12); break; case ARMFault_SyncExternalOnWalk: - fsc = (fi->level & 3) | (0x5 << 2) | (fi->ea << 12); + assert(fi->level >= -1 && fi->level <= 3); + if (fi->level < 0) { + fsc = 0b010011; + } else { + fsc = 0b010100 | fi->level; + } + fsc |= fi->ea << 12; break; case ARMFault_SyncParity: fsc = 0x18; break; case ARMFault_SyncParityOnWalk: - fsc = (fi->level & 3) | (0x7 << 2); + assert(fi->level >= -1 && fi->level <= 3); + if (fi->level < 0) { + fsc = 0b011011; + } else { + fsc = 0b011100 | fi->level; + } break; case ARMFault_AsyncParity: fsc = 0x19; From ab1cdb47bf89602b3cacf60720971c68f1758a40 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:52 -1000 Subject: [PATCH 19/26] target/arm: Introduce tlbi_aa64_get_range Merge tlbi_aa64_range_get_length and tlbi_aa64_range_get_base, returning a structure containing both results. Pass in the ARMMMUIdx, rather than the digested two_ranges boolean. This is in preparation for FEAT_LPA2, where the interpretation of 'value' depends on the effective value of DS for the regime. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-13-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 58 +++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 950f56599e..31c2a716f2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4511,70 +4511,60 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri, } #ifdef TARGET_AARCH64 -static uint64_t tlbi_aa64_range_get_length(CPUARMState *env, - uint64_t value) -{ - unsigned int page_shift; - unsigned int page_size_granule; - uint64_t num; - uint64_t scale; - uint64_t exponent; +typedef struct { + uint64_t base; uint64_t length; +} TLBIRange; + +static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx, + uint64_t value) +{ + unsigned int page_size_granule, page_shift, num, scale, exponent; + TLBIRange ret = { }; - num = extract64(value, 39, 5); - scale = extract64(value, 44, 2); page_size_granule = extract64(value, 46, 2); if (page_size_granule == 0) { qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n", page_size_granule); - return 0; + return ret; } page_shift = (page_size_granule - 1) * 2 + 12; - + num = extract64(value, 39, 5); + scale = extract64(value, 44, 2); exponent = (5 * scale) + 1; - length = (num + 1) << (exponent + page_shift); - return length; -} + ret.length = (num + 1) << (exponent + page_shift); -static uint64_t tlbi_aa64_range_get_base(CPUARMState *env, uint64_t value, - bool two_ranges) -{ - /* TODO: ARMv8.7 FEAT_LPA2 */ - uint64_t pageaddr; - - if (two_ranges) { - pageaddr = sextract64(value, 0, 37) << TARGET_PAGE_BITS; + if (regime_has_2_ranges(mmuidx)) { + ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS; } else { - pageaddr = extract64(value, 0, 37) << TARGET_PAGE_BITS; + ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS; } - return pageaddr; + return ret; } static void do_rvae_write(CPUARMState *env, uint64_t value, int idxmap, bool synced) { ARMMMUIdx one_idx = ARM_MMU_IDX_A | ctz32(idxmap); - bool two_ranges = regime_has_2_ranges(one_idx); - uint64_t baseaddr, length; + TLBIRange range; int bits; - baseaddr = tlbi_aa64_range_get_base(env, value, two_ranges); - length = tlbi_aa64_range_get_length(env, value); - bits = tlbbits_for_regime(env, one_idx, baseaddr); + range = tlbi_aa64_get_range(env, one_idx, value); + bits = tlbbits_for_regime(env, one_idx, range.base); if (synced) { tlb_flush_range_by_mmuidx_all_cpus_synced(env_cpu(env), - baseaddr, - length, + range.base, + range.length, idxmap, bits); } else { - tlb_flush_range_by_mmuidx(env_cpu(env), baseaddr, - length, idxmap, bits); + tlb_flush_range_by_mmuidx(env_cpu(env), range.base, + range.length, idxmap, bits); } } From d976de218c534735e307fc4a6c03e3ae764fd419 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:53 -1000 Subject: [PATCH 20/26] target/arm: Fix TLBIRange.base for 16k and 64k pages The shift of the BaseADDR field depends on the translation granule in use. Fixes: 84940ed8255 ("target/arm: Add support for FEAT_TLBIRANGE") Reported-by: Peter Maydell Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-14-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 31c2a716f2..e455397fb5 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4538,10 +4538,11 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx, ret.length = (num + 1) << (exponent + page_shift); if (regime_has_2_ranges(mmuidx)) { - ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS; + ret.base = sextract64(value, 0, 37); } else { - ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS; + ret.base = extract64(value, 0, 37); } + ret.base <<= page_shift; return ret; } From 3974ff93a7632739189ed6fce374cd9c16b525fc Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:54 -1000 Subject: [PATCH 21/26] target/arm: Validate tlbi TG matches translation granule in use For FEAT_LPA2, we will need other ARMVAParameters, which themselves depend on the translation granule in use. We might as well validate that the given TG matches; the architecture "does not require that the instruction invalidates any entries" if this is not true. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-15-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index e455397fb5..3a7f5cf6f0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4520,12 +4520,16 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx, uint64_t value) { unsigned int page_size_granule, page_shift, num, scale, exponent; + /* Extract one bit to represent the va selector in use. */ + uint64_t select = sextract64(value, 36, 1); + ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true); TLBIRange ret = { }; page_size_granule = extract64(value, 46, 2); - if (page_size_granule == 0) { - qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n", + /* The granule encoded in value must match the granule in use. */ + if (page_size_granule != (param.using64k ? 3 : param.using16k ? 2 : 1)) { + qemu_log_mask(LOG_GUEST_ERROR, "Invalid tlbi page size granule %d\n", page_size_granule); return ret; } @@ -4537,7 +4541,7 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx, ret.length = (num + 1) << (exponent + page_shift); - if (regime_has_2_ranges(mmuidx)) { + if (param.select) { ret.base = sextract64(value, 0, 37); } else { ret.base = extract64(value, 0, 37); From c20281b2a5048a220e09e98e002e6d3119f8c00b Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:55 -1000 Subject: [PATCH 22/26] target/arm: Advertise all page sizes for -cpu max We support 16k pages, but do not advertize that in ID_AA64MMFR0. The value 0 in the TGRAN*_2 fields indicates that stage2 lookups defer to the same support as stage1 lookups. This setting is deprecated, so indicate support for all stage2 page sizes directly. Signed-off-by: Richard Henderson Reviewed-by: Peter Maydell Message-id: 20220301215958.157011-16-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/cpu64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index d88662cef6..2fdc16bf18 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -796,6 +796,10 @@ static void aarch64_max_initfn(Object *obj) t = cpu->isar.id_aa64mmfr0; t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ + t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1); /* 16k pages supported */ + t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 2); /* 16k stage2 supported */ + t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN64_2, 2); /* 64k stage2 supported */ + t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 2); /* 4k stage2 supported */ cpu->isar.id_aa64mmfr0 = t; t = cpu->isar.id_aa64mmfr1; From ef56c2425e5f3e5f14ac080b5f037e5c36a0abdc Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 1 Mar 2022 11:59:56 -1000 Subject: [PATCH 23/26] target/arm: Implement FEAT_LPA2 This feature widens physical addresses (and intermediate physical addresses for 2-stage translation) from 48 to 52 bits, when using 4k or 16k pages. This introduces the DS bit to TCR_ELx, which is RES0 unless the page size is enabled and supports LPA2, resulting in the effective value of DS for a given table walk. The DS bit changes the format of the page table descriptor slightly, moving the PS field out to TCR so that all pages have the same sharability and repurposing those bits of the page table descriptor for the highest bits of the output address. Do not yet enable FEAT_LPA2; we need extra plumbing to avoid tickling an old kernel bug. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20220301215958.157011-17-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- docs/system/arm/emulation.rst | 1 + target/arm/cpu.h | 22 ++++++++ target/arm/helper.c | 102 +++++++++++++++++++++++++++++----- target/arm/internals.h | 2 + 4 files changed, 112 insertions(+), 15 deletions(-) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 0053ddce20..520fd39071 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -25,6 +25,7 @@ the following architecture extensions: - FEAT_JSCVT (JavaScript conversion instructions) - FEAT_LOR (Limited ordering regions) - FEAT_LPA (Large Physical Address space) +- FEAT_LPA2 (Large Physical and virtual Address space v2) - FEAT_LRCPC (Load-acquire RCpc instructions) - FEAT_LRCPC2 (Load-acquire RCpc instructions v2) - FEAT_LSE (Large System Extensions) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index c52d56f669..24d9fff170 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -4284,6 +4284,28 @@ static inline bool isar_feature_aa64_i8mm(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, I8MM) != 0; } +static inline bool isar_feature_aa64_tgran4_lpa2(const ARMISARegisters *id) +{ + return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4) >= 1; +} + +static inline bool isar_feature_aa64_tgran4_2_lpa2(const ARMISARegisters *id) +{ + unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4_2); + return t >= 3 || (t == 0 && isar_feature_aa64_tgran4_lpa2(id)); +} + +static inline bool isar_feature_aa64_tgran16_lpa2(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16) >= 2; +} + +static inline bool isar_feature_aa64_tgran16_2_lpa2(const ARMISARegisters *id) +{ + unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16_2); + return t >= 3 || (t == 0 && isar_feature_aa64_tgran16_lpa2(id)); +} + static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0; diff --git a/target/arm/helper.c b/target/arm/helper.c index 3a7f5cf6f0..088956eecf 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4546,6 +4546,14 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx, } else { ret.base = extract64(value, 0, 37); } + if (param.ds) { + /* + * With DS=1, BaseADDR is always shifted 16 so that it is able + * to address all 52 va bits. The input address is perforce + * aligned on a 64k boundary regardless of translation granule. + */ + page_shift = 16; + } ret.base <<= page_shift; return ret; @@ -11081,8 +11089,13 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level, const int grainsize = stride + 3; int startsizecheck; - /* Negative levels are never allowed. */ - if (level < 0) { + /* + * Negative levels are usually not allowed... + * Except for FEAT_LPA2, 4k page table, 52-bit address space, which + * begins with level -1. Note that previous feature tests will have + * eliminated this combination if it is not enabled. + */ + if (level < (inputsize == 52 && stride == 9 ? -1 : 0)) { return false; } @@ -11223,8 +11236,9 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, ARMMMUIdx mmu_idx, bool data) { uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr; - bool epd, hpd, using16k, using64k, tsz_oob; - int select, tsz, tbi, max_tsz, min_tsz, ps; + bool epd, hpd, using16k, using64k, tsz_oob, ds; + int select, tsz, tbi, max_tsz, min_tsz, ps, sh; + ARMCPU *cpu = env_archcpu(env); if (!regime_has_2_ranges(mmu_idx)) { select = 0; @@ -11238,7 +11252,9 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, hpd = extract32(tcr, 24, 1); } epd = false; + sh = extract32(tcr, 12, 2); ps = extract32(tcr, 16, 3); + ds = extract64(tcr, 32, 1); } else { /* * Bit 55 is always between the two regions, and is canonical for @@ -11248,6 +11264,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, if (!select) { tsz = extract32(tcr, 0, 6); epd = extract32(tcr, 7, 1); + sh = extract32(tcr, 12, 2); using64k = extract32(tcr, 14, 1); using16k = extract32(tcr, 15, 1); hpd = extract64(tcr, 41, 1); @@ -11257,24 +11274,51 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, using64k = tg == 3; tsz = extract32(tcr, 16, 6); epd = extract32(tcr, 23, 1); + sh = extract32(tcr, 28, 2); hpd = extract64(tcr, 42, 1); } ps = extract64(tcr, 32, 3); + ds = extract64(tcr, 59, 1); } - if (cpu_isar_feature(aa64_st, env_archcpu(env))) { + if (cpu_isar_feature(aa64_st, cpu)) { max_tsz = 48 - using64k; } else { max_tsz = 39; } + /* + * DS is RES0 unless FEAT_LPA2 is supported for the given page size; + * adjust the effective value of DS, as documented. + */ min_tsz = 16; if (using64k) { - if (cpu_isar_feature(aa64_lva, env_archcpu(env))) { + if (cpu_isar_feature(aa64_lva, cpu)) { + min_tsz = 12; + } + ds = false; + } else if (ds) { + switch (mmu_idx) { + case ARMMMUIdx_Stage2: + case ARMMMUIdx_Stage2_S: + if (using16k) { + ds = cpu_isar_feature(aa64_tgran16_2_lpa2, cpu); + } else { + ds = cpu_isar_feature(aa64_tgran4_2_lpa2, cpu); + } + break; + default: + if (using16k) { + ds = cpu_isar_feature(aa64_tgran16_lpa2, cpu); + } else { + ds = cpu_isar_feature(aa64_tgran4_lpa2, cpu); + } + break; + } + if (ds) { min_tsz = 12; } } - /* TODO: FEAT_LPA2 */ if (tsz > max_tsz) { tsz = max_tsz; @@ -11296,6 +11340,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, return (ARMVAParameters) { .tsz = tsz, .ps = ps, + .sh = sh, .select = select, .tbi = tbi, .epd = epd, @@ -11303,6 +11348,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, .using16k = using16k, .using64k = using64k, .tsz_oob = tsz_oob, + .ds = ds, }; } @@ -11528,10 +11574,19 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, * VTCR_EL2.SL0 field (whose interpretation depends on the page size) */ uint32_t sl0 = extract32(tcr->raw_tcr, 6, 2); + uint32_t sl2 = extract64(tcr->raw_tcr, 33, 1); uint32_t startlevel; bool ok; - if (!aarch64 || stride == 9) { + /* SL2 is RES0 unless DS=1 & 4kb granule. */ + if (param.ds && stride == 9 && sl2) { + if (sl0 != 0) { + level = 0; + fault_type = ARMFault_Translation; + goto do_fault; + } + startlevel = -1; + } else if (!aarch64 || stride == 9) { /* AArch32 or 4KB pages */ startlevel = 2 - sl0; @@ -11585,10 +11640,12 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, * for both v7 and v8. However, for v8 the SBZ bits [47:40] must be 0 * or an AddressSize fault is raised. So for v8 we extract those SBZ * bits as part of the address, which will be checked via outputsize. - * For AArch64, the address field always goes up to bit 47 (with extra - * bits for FEAT_LPA placed elsewhere). AArch64 implies v8. + * For AArch64, the address field goes up to bit 47, or 49 with FEAT_LPA2; + * the highest bits of a 52-bit output are placed elsewhere. */ - if (arm_feature(env, ARM_FEATURE_V8)) { + if (param.ds) { + descaddrmask = MAKE_64BIT_MASK(0, 50); + } else if (arm_feature(env, ARM_FEATURE_V8)) { descaddrmask = MAKE_64BIT_MASK(0, 48); } else { descaddrmask = MAKE_64BIT_MASK(0, 40); @@ -11623,11 +11680,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, /* * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12] - * of descriptor. Otherwise, if descaddr is out of range, raise - * AddressSizeFault. + * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of + * descaddr are in [9:8]. Otherwise, if descaddr is out of range, + * raise AddressSizeFault. */ if (outputsize > 48) { - descaddr |= extract64(descriptor, 12, 4) << 48; + if (param.ds) { + descaddr |= extract64(descriptor, 8, 2) << 50; + } else { + descaddr |= extract64(descriptor, 12, 4) << 48; + } } else if (descaddr >> outputsize) { fault_type = ARMFault_AddressSize; goto do_fault; @@ -11721,7 +11783,17 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address, assert(attrindx <= 7); cacheattrs->attrs = extract64(mair, attrindx * 8, 8); } - cacheattrs->shareability = extract32(attrs, 6, 2); + + /* + * For FEAT_LPA2 and effective DS, the SH field in the attributes + * was re-purposed for output address bits. The SH attribute in + * that case comes from TCR_ELx, which we extracted earlier. + */ + if (param.ds) { + cacheattrs->shareability = param.sh; + } else { + cacheattrs->shareability = extract32(attrs, 6, 2); + } *phys_ptr = descaddr; *page_size_ptr = page_size; diff --git a/target/arm/internals.h b/target/arm/internals.h index 00af41d792..a34be2e459 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1056,6 +1056,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const ARMISARegisters *id) typedef struct ARMVAParameters { unsigned tsz : 8; unsigned ps : 3; + unsigned sh : 2; unsigned select : 1; bool tbi : 1; bool epd : 1; @@ -1063,6 +1064,7 @@ typedef struct ARMVAParameters { bool using16k : 1; bool using64k : 1; bool tsz_oob : 1; /* tsz has been clamped to legal range */ + bool ds : 1; } ARMVAParameters; ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, From dc8bc9d6574aa563ed2fcc0ff495e77a2a2a8faa Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 24 Feb 2022 13:46:54 +0000 Subject: [PATCH 24/26] target/arm: Report KVM's actual PSCI version to guest in dtb When we're using KVM, the PSCI implementation is provided by the kernel, but QEMU has to tell the guest about it via the device tree. Currently we look at the KVM_CAP_ARM_PSCI_0_2 capability to determine if the kernel is providing at least PSCI 0.2, but if the kernel provides a newer version than that we will still only tell the guest it has PSCI 0.2. (This is fairly harmless; it just means the guest won't use newer parts of the PSCI API.) The kernel exposes the specific PSCI version it is implementing via the ONE_REG API; use this to report in the dtb that the PSCI implementation is 1.0-compatible if appropriate. (The device tree binding currently only distinguishes "pre-0.2", "0.2-compatible" and "1.0-compatible".) Signed-off-by: Peter Maydell Reviewed-by: Marc Zyngier Reviewed-by: Akihiko Odaki Reviewed-by: Richard Henderson Reviewed-by: Andrew Jones Message-id: 20220224134655.1207865-1-peter.maydell@linaro.org --- hw/arm/boot.c | 5 ++--- target/arm/kvm-consts.h | 1 + target/arm/kvm64.c | 12 ++++++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 0eeef94ceb..a47f38dfc9 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -488,9 +488,8 @@ static void fdt_add_psci_node(void *fdt) } qemu_fdt_add_subnode(fdt, "/psci"); - if (armcpu->psci_version == QEMU_PSCI_VERSION_0_2 || - armcpu->psci_version == QEMU_PSCI_VERSION_1_1) { - if (armcpu->psci_version == QEMU_PSCI_VERSION_0_2) { + if (armcpu->psci_version >= QEMU_PSCI_VERSION_0_2) { + if (armcpu->psci_version < QEMU_PSCI_VERSION_1_0) { const char comp[] = "arm,psci-0.2\0arm,psci"; qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); } else { diff --git a/target/arm/kvm-consts.h b/target/arm/kvm-consts.h index e770921ddc..faacf96fdc 100644 --- a/target/arm/kvm-consts.h +++ b/target/arm/kvm-consts.h @@ -95,6 +95,7 @@ MISMATCH_CHECK(QEMU_PSCI_1_0_FN_PSCI_FEATURES, PSCI_1_0_FN_PSCI_FEATURES); #define QEMU_PSCI_VERSION_0_1 0x00001 #define QEMU_PSCI_VERSION_0_2 0x00002 +#define QEMU_PSCI_VERSION_1_0 0x10000 #define QEMU_PSCI_VERSION_1_1 0x10001 MISMATCH_CHECK(QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED, PSCI_0_2_TOS_MP); diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index 64d48bfb19..ccadfbbe72 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -849,6 +849,7 @@ int kvm_arch_init_vcpu(CPUState *cs) uint64_t mpidr; ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; + uint64_t psciver; if (cpu->kvm_target == QEMU_KVM_ARM_TARGET_NONE || !object_dynamic_cast(OBJECT(cpu), TYPE_AARCH64_CPU)) { @@ -904,6 +905,17 @@ int kvm_arch_init_vcpu(CPUState *cs) } } + /* + * KVM reports the exact PSCI version it is implementing via a + * special sysreg. If it is present, use its contents to determine + * what to report to the guest in the dtb (it is the PSCI version, + * in the same 15-bits major 16-bits minor format that PSCI_VERSION + * returns). + */ + if (!kvm_get_one_reg(cs, KVM_REG_ARM_PSCI_VERSION, &psciver)) { + cpu->psci_version = psciver; + } + /* * When KVM is in use, PSCI is emulated in-kernel and not by qemu. * Currently KVM has its own idea about MPIDR assignment, so we From 8d65dee2c42abf323a0494200f2086ddf05444c2 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 24 Feb 2022 10:13:29 +0000 Subject: [PATCH 25/26] ui/cocoa.m: Fix updateUIInfo threading issues The updateUIInfo method makes Cocoa API calls. It also calls back into QEMU functions like dpy_set_ui_info(). To do this safely, we need to follow two rules: * Cocoa API calls are made on the Cocoa UI thread * When calling back into QEMU we must hold the iothread lock Fix the places where we got this wrong, by taking the iothread lock while executing updateUIInfo, and moving the call in cocoa_switch() inside the dispatch_async block. Some of the Cocoa UI methods which call updateUIInfo are invoked as part of the initial application startup, while we're still doing the little cross-thread dance described in the comment just above call_qemu_main(). This meant they were calling back into the QEMU UI layer before we'd actually finished initializing our display and registered the DisplayChangeListener, which isn't really valid. Once updateUIInfo takes the iothread lock, we no longer get away with this, because during this startup phase the iothread lock is held by the QEMU main-loop thread which is waiting for us to finish our display initialization. So we must suppress updateUIInfo until applicationDidFinishLaunching allows the QEMU main-loop thread to continue. Signed-off-by: Peter Maydell Reviewed-by: Akihiko Odaki Tested-by: Akihiko Odaki Message-id: 20220224101330.967429-2-peter.maydell@linaro.org --- ui/cocoa.m | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/ui/cocoa.m b/ui/cocoa.m index a8f1cdaf92..5ed1495552 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -522,8 +522,9 @@ QemuCocoaView *cocoaView; } } -- (void) updateUIInfo +- (void) updateUIInfoLocked { + /* Must be called with the iothread lock, i.e. via updateUIInfo */ NSSize frameSize; QemuUIInfo info; @@ -554,6 +555,25 @@ QemuCocoaView *cocoaView; dpy_set_ui_info(dcl.con, &info, TRUE); } +- (void) updateUIInfo +{ + if (!allow_events) { + /* + * Don't try to tell QEMU about UI information in the application + * startup phase -- we haven't yet registered dcl with the QEMU UI + * layer, and also trying to take the iothread lock would deadlock. + * When cocoa_display_init() does register the dcl, the UI layer + * will call cocoa_switch(), which will call updateUIInfo, so + * we don't lose any information here. + */ + return; + } + + with_iothread_lock(^{ + [self updateUIInfoLocked]; + }); +} + - (void)viewDidMoveToWindow { [self updateUIInfo]; @@ -1985,8 +2005,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, COCOA_DEBUG("qemu_cocoa: cocoa_switch\n"); - [cocoaView updateUIInfo]; - // The DisplaySurface will be freed as soon as this callback returns. // We take a reference to the underlying pixman image here so it does // not disappear from under our feet; the switchSurface method will @@ -1994,6 +2012,7 @@ static void cocoa_switch(DisplayChangeListener *dcl, pixman_image_ref(image); dispatch_async(dispatch_get_main_queue(), ^{ + [cocoaView updateUIInfo]; [cocoaView switchSurface:image]; }); [pool release]; From 268c11984e67867c22f53beb3c7f8b98900d66b2 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 24 Feb 2022 10:13:30 +0000 Subject: [PATCH 26/26] ui/cocoa.m: Remove unnecessary NSAutoreleasePools In commit 6e657e64cdc478 in 2013 we added some autorelease pools to deal with complaints from macOS when we made calls into Cocoa from threads that didn't have automatically created autorelease pools. Later on, macOS got stricter about forbidding cross-thread Cocoa calls, and in commit 5588840ff77800e839d8 we restructured the code to avoid them. This left the autorelease pool creation in several functions without any purpose; delete it. We still need the pool in cocoa_refresh() for the clipboard related code which is called directly there. Signed-off-by: Peter Maydell Reviewed-by: Akihiko Odaki Tested-by: Akihiko Odaki Message-id: 20220224101330.967429-3-peter.maydell@linaro.org --- ui/cocoa.m | 6 ------ 1 file changed, 6 deletions(-) diff --git a/ui/cocoa.m b/ui/cocoa.m index 5ed1495552..b6e70e9134 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -1976,8 +1976,6 @@ int main (int argc, char **argv) { static void cocoa_update(DisplayChangeListener *dcl, int x, int y, int w, int h) { - NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; - COCOA_DEBUG("qemu_cocoa: cocoa_update\n"); dispatch_async(dispatch_get_main_queue(), ^{ @@ -1993,14 +1991,11 @@ static void cocoa_update(DisplayChangeListener *dcl, } [cocoaView setNeedsDisplayInRect:rect]; }); - - [pool release]; } static void cocoa_switch(DisplayChangeListener *dcl, DisplaySurface *surface) { - NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; pixman_image_t *image = surface->image; COCOA_DEBUG("qemu_cocoa: cocoa_switch\n"); @@ -2015,7 +2010,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, [cocoaView updateUIInfo]; [cocoaView switchSurface:image]; }); - [pool release]; } static void cocoa_refresh(DisplayChangeListener *dcl)