From 235ea1f5c89abf30e452539b973b0dbe43d3fe2b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:43 +0000 Subject: [PATCH 01/20] target-arm: Give CPSR setting on 32-bit exception return its own helper The rules for setting the CPSR on a 32-bit exception return are subtly different from those for setting the CPSR via an instruction like MSR or CPS. (In particular, in Hyp mode changing the mode bits is not valid via MSR or CPS.) Split the exception-return case into its own helper for setting CPSR, so we can eventually handle them differently in the helper function. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-2-git-send-email-peter.maydell@linaro.org --- target-arm/helper.h | 1 + target-arm/op_helper.c | 6 ++++++ target-arm/translate.c | 6 +++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/target-arm/helper.h b/target-arm/helper.h index c98e9cea3d..ea13202b17 100644 --- a/target-arm/helper.h +++ b/target-arm/helper.h @@ -57,6 +57,7 @@ DEF_HELPER_2(pre_smc, void, env, i32) DEF_HELPER_1(check_breakpoints, void, env) DEF_HELPER_3(cpsr_write, void, env, i32, i32) +DEF_HELPER_2(cpsr_write_eret, void, env, i32) DEF_HELPER_1(cpsr_read, i32, env) DEF_HELPER_3(v7m_msr, void, env, i32, i32) diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index 538887ce0c..e3ddd5ad34 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -425,6 +425,12 @@ void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask) cpsr_write(env, val, mask); } +/* Write the CPSR for a 32-bit exception return */ +void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val) +{ + cpsr_write(env, val, CPSR_ERET_MASK); +} + /* Access to user mode registers from privileged modes. */ uint32_t HELPER(get_user_reg)(CPUARMState *env, uint32_t regno) { diff --git a/target-arm/translate.c b/target-arm/translate.c index e69145d401..413f7de686 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -4094,7 +4094,7 @@ static void gen_exception_return(DisasContext *s, TCGv_i32 pc) TCGv_i32 tmp; store_reg(s, 15, pc); tmp = load_cpu_field(spsr); - gen_set_cpsr(tmp, CPSR_ERET_MASK); + gen_helper_cpsr_write_eret(cpu_env, tmp); tcg_temp_free_i32(tmp); s->is_jmp = DISAS_JUMP; } @@ -4102,7 +4102,7 @@ static void gen_exception_return(DisasContext *s, TCGv_i32 pc) /* Generate a v6 exception return. Marks both values as dead. */ static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr) { - gen_set_cpsr(cpsr, CPSR_ERET_MASK); + gen_helper_cpsr_write_eret(cpu_env, cpsr); tcg_temp_free_i32(cpsr); store_reg(s, 15, pc); s->is_jmp = DISAS_JUMP; @@ -9094,7 +9094,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) if (exc_return) { /* Restore CPSR from SPSR. */ tmp = load_cpu_field(spsr); - gen_set_cpsr(tmp, CPSR_ERET_MASK); + gen_helper_cpsr_write_eret(cpu_env, tmp); tcg_temp_free_i32(tmp); s->is_jmp = DISAS_JUMP; } From 50866ba5a2cfe922aaf3edb79f6eac5b0653477a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:43 +0000 Subject: [PATCH 02/20] target-arm: Add write_type argument to cpsr_write() Add an argument to cpsr_write() to indicate what kind of CPSR write is being requested, since the exact behaviour should differ for the different cases. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-3-git-send-email-peter.maydell@linaro.org --- linux-user/arm/nwfpe/fpa11.h | 2 +- linux-user/main.c | 6 +++--- linux-user/signal.c | 4 ++-- target-arm/cpu.h | 13 +++++++++++-- target-arm/gdbstub.c | 2 +- target-arm/helper.c | 3 ++- target-arm/kvm32.c | 2 +- target-arm/kvm64.c | 2 +- target-arm/machine.c | 2 +- target-arm/op_helper.c | 6 +++--- 10 files changed, 26 insertions(+), 16 deletions(-) diff --git a/linux-user/arm/nwfpe/fpa11.h b/linux-user/arm/nwfpe/fpa11.h index 7e114eee8a..0b072843da 100644 --- a/linux-user/arm/nwfpe/fpa11.h +++ b/linux-user/arm/nwfpe/fpa11.h @@ -105,7 +105,7 @@ static inline void writeRegister(unsigned int x, unsigned int y) static inline void writeConditionCodes(unsigned int x) { - cpsr_write(user_registers,x,CPSR_NZCV); + cpsr_write(user_registers, x, CPSR_NZCV, CPSRWriteByInstr); } #define ARM_REG_PC 15 diff --git a/linux-user/main.c b/linux-user/main.c index 2a692e0f0b..072eee8285 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -513,7 +513,7 @@ static void arm_kernel_cmpxchg64_helper(CPUARMState *env) env->regs[0] = -1; cpsr &= ~CPSR_C; } - cpsr_write(env, cpsr, CPSR_C); + cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr); end_exclusive(); return; @@ -562,7 +562,7 @@ do_kernel_trap(CPUARMState *env) env->regs[0] = -1; cpsr &= ~CPSR_C; } - cpsr_write(env, cpsr, CPSR_C); + cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr); end_exclusive(); break; case 0xffff0fe0: /* __kernel_get_tls */ @@ -4446,7 +4446,7 @@ int main(int argc, char **argv, char **envp) #elif defined(TARGET_ARM) { int i; - cpsr_write(env, regs->uregs[16], 0xffffffff); + cpsr_write(env, regs->uregs[16], 0xffffffff, CPSRWriteByInstr); for(i = 0; i < 16; i++) { env->regs[i] = regs->uregs[i]; } diff --git a/linux-user/signal.c b/linux-user/signal.c index 327c03254c..82f81c79ab 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -1611,7 +1611,7 @@ setup_return(CPUARMState *env, struct target_sigaction *ka, env->regs[13] = frame_addr; env->regs[14] = retcode; env->regs[15] = handler & (thumb ? ~1 : ~3); - cpsr_write(env, cpsr, 0xffffffff); + cpsr_write(env, cpsr, 0xffffffff, CPSRWriteByInstr); } static abi_ulong *setup_sigframe_v2_vfp(abi_ulong *regspace, CPUARMState *env) @@ -1843,7 +1843,7 @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc) __get_user(env->regs[15], &sc->arm_pc); #ifdef TARGET_CONFIG_CPU_32 __get_user(cpsr, &sc->arm_cpsr); - cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC); + cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr); #endif err |= !valid_user_regs(env); diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 3cbda73578..87720d4267 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -718,8 +718,17 @@ static inline void pstate_write(CPUARMState *env, uint32_t val) /* Return the current CPSR value. */ uint32_t cpsr_read(CPUARMState *env); -/* Set the CPSR. Note that some bits of mask must be all-set or all-clear. */ -void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask); + +typedef enum CPSRWriteType { + CPSRWriteByInstr = 0, /* from guest MSR or CPS */ + CPSRWriteExceptionReturn = 1, /* from guest exception return insn */ + CPSRWriteRaw = 2, /* trust values, do not switch reg banks */ + CPSRWriteByGDBStub = 3, /* from the GDB stub */ +} CPSRWriteType; + +/* Set the CPSR. Note that some bits of mask must be all-set or all-clear.*/ +void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, + CPSRWriteType write_type); /* Return the current xPSR value. */ static inline uint32_t xpsr_read(CPUARMState *env) diff --git a/target-arm/gdbstub.c b/target-arm/gdbstub.c index 08b91a4861..3ba9aadd48 100644 --- a/target-arm/gdbstub.c +++ b/target-arm/gdbstub.c @@ -94,7 +94,7 @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n) return 4; case 25: /* CPSR */ - cpsr_write(env, tmp, 0xffffffff); + cpsr_write(env, tmp, 0xffffffff, CPSRWriteByGDBStub); return 4; } /* Unknown register. */ diff --git a/target-arm/helper.c b/target-arm/helper.c index 5a0447b93a..014bb80d85 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5233,7 +5233,8 @@ uint32_t cpsr_read(CPUARMState *env) | (env->GE << 16) | (env->daif & CPSR_AIF); } -void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) +void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, + CPSRWriteType write_type) { uint32_t changed_daif; diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c index ea01932a65..d44a7f92b6 100644 --- a/target-arm/kvm32.c +++ b/target-arm/kvm32.c @@ -428,7 +428,7 @@ int kvm_arch_get_registers(CPUState *cs) if (ret) { return ret; } - cpsr_write(env, cpsr, 0xffffffff); + cpsr_write(env, cpsr, 0xffffffff, CPSRWriteRaw); /* Make sure the current mode regs are properly set */ mode = env->uncached_cpsr & CPSR_M; diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c index 0f1b4d6a00..08c2c81479 100644 --- a/target-arm/kvm64.c +++ b/target-arm/kvm64.c @@ -723,7 +723,7 @@ int kvm_arch_get_registers(CPUState *cs) pstate_write(env, val); } else { env->uncached_cpsr = val & CPSR_M; - cpsr_write(env, val, 0xffffffff); + cpsr_write(env, val, 0xffffffff, CPSRWriteRaw); } /* KVM puts SP_EL0 in regs.sp and SP_EL1 in regs.sp_el1. On the diff --git a/target-arm/machine.c b/target-arm/machine.c index ed1925ae3e..0fc7df0ee2 100644 --- a/target-arm/machine.c +++ b/target-arm/machine.c @@ -175,7 +175,7 @@ static int get_cpsr(QEMUFile *f, void *opaque, size_t size) /* Avoid mode switch when restoring CPSR */ env->uncached_cpsr = val & CPSR_M; - cpsr_write(env, val, 0xffffffff); + cpsr_write(env, val, 0xffffffff, CPSRWriteRaw); return 0; } diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index e3ddd5ad34..543d33aad2 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -422,13 +422,13 @@ uint32_t HELPER(cpsr_read)(CPUARMState *env) void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask) { - cpsr_write(env, val, mask); + cpsr_write(env, val, mask, CPSRWriteByInstr); } /* Write the CPSR for a 32-bit exception return */ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val) { - cpsr_write(env, val, CPSR_ERET_MASK); + cpsr_write(env, val, CPSR_ERET_MASK, CPSRWriteExceptionReturn); } /* Access to user mode registers from privileged modes. */ @@ -780,7 +780,7 @@ void HELPER(exception_return)(CPUARMState *env) if (!return_to_aa64) { env->aarch64 = 0; env->uncached_cpsr = spsr & CPSR_M; - cpsr_write(env, spsr, ~0); + cpsr_write(env, spsr, ~0, CPSRWriteRaw); if (!arm_singlestep_active(env)) { env->uncached_cpsr &= ~PSTATE_SS; } From f8c88bbcda76d5674e4bb125471371b41d330df8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:43 +0000 Subject: [PATCH 03/20] target-arm: Raw CPSR writes should skip checks and bank switching Raw CPSR writes should skip the architectural checks for whether we're allowed to set the A or F bits and should also not do the switching of register banks if the mode changes. Handle this inside cpsr_write(), which allows us to drop the "manually set the mode bits to avoid the bank switch" code from all the callsites which are using CPSRWriteRaw. This fixes a bug in 32-bit KVM handling where we had forgotten the "manually set the mode bits" part and could thus potentially trash the register state if the mode from the last exit to userspace differed from the mode on this exit. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-4-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 5 +++-- target-arm/kvm64.c | 1 - target-arm/machine.c | 2 -- target-arm/op_helper.c | 5 ++++- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 014bb80d85..c491cd80ab 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5268,7 +5268,7 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, * In a V8 implementation, it is permitted for privileged software to * change the CPSR A/F bits regardless of the SCR.AW/FW bits. */ - if (!arm_feature(env, ARM_FEATURE_V8) && + if (write_type != CPSRWriteRaw && !arm_feature(env, ARM_FEATURE_V8) && arm_feature(env, ARM_FEATURE_EL3) && !arm_feature(env, ARM_FEATURE_EL2) && !arm_is_secure(env)) { @@ -5315,7 +5315,8 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, env->daif &= ~(CPSR_AIF & mask); env->daif |= val & CPSR_AIF & mask; - if ((env->uncached_cpsr ^ val) & mask & CPSR_M) { + if (write_type != CPSRWriteRaw && + ((env->uncached_cpsr ^ val) & mask & CPSR_M)) { if (bad_mode_switch(env, val & CPSR_M)) { /* Attempt to switch to an invalid mode: this is UNPREDICTABLE. * We choose to ignore the attempt and leave the CPSR M field diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c index 08c2c81479..e8527bf0cc 100644 --- a/target-arm/kvm64.c +++ b/target-arm/kvm64.c @@ -722,7 +722,6 @@ int kvm_arch_get_registers(CPUState *cs) if (is_a64(env)) { pstate_write(env, val); } else { - env->uncached_cpsr = val & CPSR_M; cpsr_write(env, val, 0xffffffff, CPSRWriteRaw); } diff --git a/target-arm/machine.c b/target-arm/machine.c index 0fc7df0ee2..03a73d950e 100644 --- a/target-arm/machine.c +++ b/target-arm/machine.c @@ -173,8 +173,6 @@ static int get_cpsr(QEMUFile *f, void *opaque, size_t size) return 0; } - /* Avoid mode switch when restoring CPSR */ - env->uncached_cpsr = val & CPSR_M; cpsr_write(env, val, 0xffffffff, CPSRWriteRaw); return 0; } diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index 543d33aad2..4881e34177 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -779,7 +779,10 @@ void HELPER(exception_return)(CPUARMState *env) if (!return_to_aa64) { env->aarch64 = 0; - env->uncached_cpsr = spsr & CPSR_M; + /* We do a raw CPSR write because aarch64_sync_64_to_32() + * will sort the register banks out for us, and we've already + * caught all the bad-mode cases in el_from_spsr(). + */ cpsr_write(env, spsr, ~0, CPSRWriteRaw); if (!arm_singlestep_active(env)) { env->uncached_cpsr &= ~PSTATE_SS; From ae08792301c182bdec48656dee3dce38b3391a1a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:43 +0000 Subject: [PATCH 04/20] linux-user: Use restrictive mask when calling cpsr_write() When linux-user code is calling cpsr_write(), use a restrictive mask to ensure we are limiting the set of CPSR bits we update. In particular, don't allow the mode bits to be changed. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-5-git-send-email-peter.maydell@linaro.org --- linux-user/main.c | 3 ++- linux-user/signal.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/linux-user/main.c b/linux-user/main.c index 072eee8285..700724effe 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -4446,7 +4446,8 @@ int main(int argc, char **argv, char **envp) #elif defined(TARGET_ARM) { int i; - cpsr_write(env, regs->uregs[16], 0xffffffff, CPSRWriteByInstr); + cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC, + CPSRWriteByInstr); for(i = 0; i < 16; i++) { env->regs[i] = regs->uregs[i]; } diff --git a/linux-user/signal.c b/linux-user/signal.c index 82f81c79ab..962111cfdf 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -1611,7 +1611,7 @@ setup_return(CPUARMState *env, struct target_sigaction *ka, env->regs[13] = frame_addr; env->regs[14] = retcode; env->regs[15] = handler & (thumb ? ~1 : ~3); - cpsr_write(env, cpsr, 0xffffffff, CPSRWriteByInstr); + cpsr_write(env, cpsr, CPSR_IT | CPSR_T, CPSRWriteByInstr); } static abi_ulong *setup_sigframe_v2_vfp(abi_ulong *regspace, CPUARMState *env) From cb01d3912c8b000ed26d5fe95f6c194b3e3ba7a6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:43 +0000 Subject: [PATCH 05/20] target-arm: In cpsr_write() ignore mode switches from User mode The only case where we can attempt a cpsr_write() mode switch from User is from the gdbstub; all other cases are handled in the calling code (notably translate.c). Architecturally attempts to alter the mode bits from user mode are simply ignored (and not treated as a bad mode switch, which in v8 sets CPSR.IL). Make mode switches from User ignored in cpsr_write() as well, for consistency. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-6-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index c491cd80ab..b2d2440edd 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5316,6 +5316,7 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, env->daif |= val & CPSR_AIF & mask; if (write_type != CPSRWriteRaw && + (env->uncached_cpsr & CPSR_M) != CPSR_USER && ((env->uncached_cpsr ^ val) & mask & CPSR_M)) { if (bad_mode_switch(env, val & CPSR_M)) { /* Attempt to switch to an invalid mode: this is UNPREDICTABLE. From 52ff951b4f63a29593650a15efdf82f63d6d962d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 06/20] target-arm: Add comment about not implementing NSACR.RFR QEMU doesn't implement the NSACR.RFR bit, which is a permitted IMPDEF in choice in ARMv7 and the only permitted choice in ARMv8. Add a comment to bad_mode_switch() to note that this is why FIQ is always a valid mode regardless of the CPU's Secure state. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-7-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index b2d2440edd..57cc8790c8 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5214,6 +5214,9 @@ static int bad_mode_switch(CPUARMState *env, int mode) case ARM_CPU_MODE_UND: case ARM_CPU_MODE_IRQ: case ARM_CPU_MODE_FIQ: + /* Note that we don't implement the IMPDEF NSACR.RFR which in v7 + * allows FIQ mode to be Secure-only. (In v8 this doesn't exist.) + */ return 0; case ARM_CPU_MODE_MON: return !arm_is_secure(env); From e6c8fc07b4fce0729bb747770756835f4b0ca7f4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 07/20] target-arm: Add Hyp mode checks to bad_mode_switch() We don't actually support Hyp mode yet, but add the correct checks for it to the bad_mode_switch() function for completeness. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-8-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index 57cc8790c8..c43d66fd8d 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5218,6 +5218,9 @@ static int bad_mode_switch(CPUARMState *env, int mode) * allows FIQ mode to be Secure-only. (In v8 this doesn't exist.) */ return 0; + case ARM_CPU_MODE_HYP: + return !arm_feature(env, ARM_FEATURE_EL2) + || arm_current_el(env) < 2 || arm_is_secure(env); case ARM_CPU_MODE_MON: return !arm_is_secure(env); default: From 58ae2d1f037fae1d90eed4522053a85d79edfbec Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 08/20] target-arm: Forbid mode switch to Mon from Secure EL1 In v8 trying to switch mode to Mon from Secure EL1 is an illegal mode switch. (In v7 this is impossible as all secure modes except User are at EL3.) We can handle this case by making a switch to Mon valid only if the current EL is 3, which then gives the correct answer whether EL3 is AArch32 or AArch64. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-9-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index c43d66fd8d..5926b15506 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5222,7 +5222,7 @@ static int bad_mode_switch(CPUARMState *env, int mode) return !arm_feature(env, ARM_FEATURE_EL2) || arm_current_el(env) < 2 || arm_is_secure(env); case ARM_CPU_MODE_MON: - return !arm_is_secure(env); + return arm_current_el(env) < 3; default: return 1; } From 81907a582901671c15be36a63b5063f88f3487e2 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 09/20] target-arm: In v8, make illegal AArch32 mode changes set PSTATE.IL In v8, the illegal mode changes which are UNPREDICTABLE in v7 are given architected behaviour: * the mode field is unchanged * PSTATE.IL is set (so any subsequent instructions will UNDEF) * any other CPSR fields are written to as normal This is pretty much the same behaviour we picked for our UNPREDICTABLE handling, with the exception that for v8 we need to set the IL bit. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-10-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 5926b15506..ff5f8955a1 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5325,11 +5325,20 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, (env->uncached_cpsr & CPSR_M) != CPSR_USER && ((env->uncached_cpsr ^ val) & mask & CPSR_M)) { if (bad_mode_switch(env, val & CPSR_M)) { - /* Attempt to switch to an invalid mode: this is UNPREDICTABLE. - * We choose to ignore the attempt and leave the CPSR M field - * untouched. + /* Attempt to switch to an invalid mode: this is UNPREDICTABLE in + * v7, and has defined behaviour in v8: + * + leave CPSR.M untouched + * + allow changes to the other CPSR fields + * + set PSTATE.IL + * For user changes via the GDB stub, we don't set PSTATE.IL, + * as this would be unnecessarily harsh for a user error. */ mask &= ~CPSR_M; + if (write_type != CPSRWriteByGDBStub && + arm_feature(env, ARM_FEATURE_V8)) { + mask |= CPSR_IL; + val |= CPSR_IL; + } } else { switch_mode(env, val & CPSR_M); } From af393ffc6da116b9dd4c70901bad1f4cafb1773d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 10/20] target-arm: Make mode switches from Hyp via CPS and MRS illegal Mode switches from Hyp to any other mode via the CPS and MRS instructions are illegal mode switches (though obviously switching via exception return is valid). Add this check to bad_mode_switch(). Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-11-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index ff5f8955a1..24ea48ecdc 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5200,12 +5200,20 @@ void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque) /* Helper coprocessor reset function for do-nothing-on-reset registers */ } -static int bad_mode_switch(CPUARMState *env, int mode) +static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type) { /* Return true if it is not valid for us to switch to * this CPU mode (ie all the UNPREDICTABLE cases in * the ARM ARM CPSRWriteByInstr pseudocode). */ + + /* Changes to or from Hyp via MSR and CPS are illegal. */ + if (write_type == CPSRWriteByInstr && + ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_HYP || + mode == ARM_CPU_MODE_HYP)) { + return 1; + } + switch (mode) { case ARM_CPU_MODE_USR: case ARM_CPU_MODE_SYS: @@ -5324,7 +5332,7 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask, if (write_type != CPSRWriteRaw && (env->uncached_cpsr & CPSR_M) != CPSR_USER && ((env->uncached_cpsr ^ val) & mask & CPSR_M)) { - if (bad_mode_switch(env, val & CPSR_M)) { + if (bad_mode_switch(env, val & CPSR_M, write_type)) { /* Attempt to switch to an invalid mode: this is UNPREDICTABLE in * v7, and has defined behaviour in v8: * + leave CPSR.M untouched From 10eacda787ac9990dc22d4437b289200c819712c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 23 Feb 2016 15:36:44 +0000 Subject: [PATCH 11/20] target-arm: Make Monitor->NS PL1 mode changes illegal if HCR.TGE is 1 If HCR.TGE is 1 then mode changes via CPS and MSR from Monitor to NonSecure PL1 modes are illegal mode changes. Implement this check in bad_mode_switch(). (We don't currently implement HCR.TGE, but this is the only missing check from the v8 ARM ARM G1.9.3 and so it's worth adding now; the rest of the HCR.TGE checks can be added later as necessary.) Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1455556977-3644-12-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index 24ea48ecdc..3d7fda15e2 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5216,6 +5216,7 @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type) switch (mode) { case ARM_CPU_MODE_USR: + return 0; case ARM_CPU_MODE_SYS: case ARM_CPU_MODE_SVC: case ARM_CPU_MODE_ABT: @@ -5225,6 +5226,15 @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type) /* Note that we don't implement the IMPDEF NSACR.RFR which in v7 * allows FIQ mode to be Secure-only. (In v8 this doesn't exist.) */ + /* If HCR.TGE is set then changes from Monitor to NS PL1 via MSR + * and CPS are treated as illegal mode changes. + */ + if (write_type == CPSRWriteByInstr && + (env->cp15.hcr_el2 & HCR_TGE) && + (env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON && + !arm_is_secure_below_el3(env)) { + return 1; + } return 0; case ARM_CPU_MODE_HYP: return !arm_feature(env, ARM_FEATURE_EL2) From a8d64e735182cbbb5dcc98f41656b118c45e57cc Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 19 Feb 2016 14:39:43 +0000 Subject: [PATCH 12/20] target-arm: Fix handling of SDCR for 32-bit code Fix two issues with our implementation of the SDCR: * it is only present from ARMv8 onwards * it does not contain several of the trap bits present in its 64-bit counterpart the MDCR_EL3 Put the register description in the right place so that it does not get enabled for ARMv7 and earlier, and give it a write function so that we can mask out the bits which should not be allowed to have an effect if EL3 is 32-bit. Signed-off-by: Peter Maydell Message-id: 1455892784-11328-2-git-send-email-peter.maydell@linaro.org Reviewed-by: Sergey Fedorov Acked-by: Alistair Francis --- target-arm/cpu.h | 4 ++++ target-arm/helper.c | 23 +++++++++++++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 87720d4267..744f052a67 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -598,6 +598,7 @@ void pmccntr_sync(CPUARMState *env); #define MDCR_EDAD (1U << 20) #define MDCR_SPME (1U << 17) #define MDCR_SDD (1U << 16) +#define MDCR_SPD (3U << 14) #define MDCR_TDRA (1U << 11) #define MDCR_TDOSA (1U << 10) #define MDCR_TDA (1U << 9) @@ -606,6 +607,9 @@ void pmccntr_sync(CPUARMState *env); #define MDCR_TPM (1U << 6) #define MDCR_TPMCR (1U << 5) +/* Not all of the MDCR_EL3 bits are present in the 32-bit SDCR */ +#define SDCR_VALID_MASK (MDCR_EPMAD | MDCR_EDAD | MDCR_SPME | MDCR_SPD) + #define CPSR_M (0x1fU) #define CPSR_T (1U << 5) #define CPSR_F (1U << 6) diff --git a/target-arm/helper.c b/target-arm/helper.c index 3d7fda15e2..e9b89e6684 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3037,6 +3037,12 @@ static CPAccessResult fpexc32_access(CPUARMState *env, const ARMCPRegInfo *ri, return CP_ACCESS_OK; } +static void sdcr_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + env->cp15.mdcr_el3 = value & SDCR_VALID_MASK; +} + static const ARMCPRegInfo v8_cp_reginfo[] = { /* Minimal set of EL0-visible registers. This will need to be expanded * significantly for system emulation of AArch64 CPUs. @@ -3331,6 +3337,15 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 3, .opc2 = 3, .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_FIQ]) }, + { .name = "MDCR_EL3", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 3, .opc2 = 1, + .resetvalue = 0, + .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) }, + { .name = "SDCR", .type = ARM_CP_ALIAS, + .cp = 15, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 1, + .access = PL1_RW, .accessfn = access_trap_aa32s_el1, + .writefn = sdcr_write, + .fieldoffset = offsetoflow32(CPUARMState, cp15.mdcr_el3) }, REGINFO_SENTINEL }; @@ -3688,14 +3703,6 @@ static const ARMCPRegInfo el3_cp_reginfo[] = { .access = PL1_RW, .accessfn = access_trap_aa32s_el1, .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3), .writefn = scr_write }, - { .name = "MDCR_EL3", .state = ARM_CP_STATE_AA64, - .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 3, .opc2 = 1, - .resetvalue = 0, - .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) }, - { .name = "SDCR", .type = ARM_CP_ALIAS, - .cp = 15, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 1, - .access = PL1_RW, .accessfn = access_trap_aa32s_el1, - .fieldoffset = offsetoflow32(CPUARMState, cp15.mdcr_el3) }, { .name = "SDER32_EL3", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 1, .access = PL3_RW, .resetvalue = 0, From 1fce1ba985d9c5c96e5b9709e1356d1814b8fa9e Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 19 Feb 2016 14:39:44 +0000 Subject: [PATCH 13/20] target-arm: Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps Implement the performance monitor register traps controlled by MDCR_EL3.TPM and MDCR_EL2.TPM. Most of the performance registers already have an access function to deal with the user-enable bit, and the TPM checks can be added there. We also need a new access function which only implements the TPM checks for use by the few not-EL0-accessible registers and by PMUSERENR_EL0 (which is always EL0-readable). Signed-off-by: Peter Maydell Message-id: 1455892784-11328-3-git-send-email-peter.maydell@linaro.org Reviewed-by: Sergey Fedorov Acked-by: Alistair Francis --- target-arm/helper.c | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index e9b89e6684..ef3f1ce9bc 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -439,6 +439,24 @@ static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri, return CP_ACCESS_OK; } +/* Check for traps to performance monitor registers, which are controlled + * by MDCR_EL2.TPM for EL2 and MDCR_EL3.TPM for EL3. + */ +static CPAccessResult access_tpm(CPUARMState *env, const ARMCPRegInfo *ri, + bool isread) +{ + int el = arm_current_el(env); + + if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM) + && !arm_is_secure_below_el3(env)) { + return CP_ACCESS_TRAP_EL2; + } + if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { + return CP_ACCESS_TRAP_EL3; + } + return CP_ACCESS_OK; +} + static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { ARMCPU *cpu = arm_env_get_cpu(env); @@ -774,11 +792,22 @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { /* Performance monitor registers user accessibility is controlled - * by PMUSERENR. + * by PMUSERENR. MDCR_EL2.TPM and MDCR_EL3.TPM allow configurable + * trapping to EL2 or EL3 for other accesses. */ - if (arm_current_el(env) == 0 && !env->cp15.c9_pmuserenr) { + int el = arm_current_el(env); + + if (el == 0 && !env->cp15.c9_pmuserenr) { return CP_ACCESS_TRAP; } + if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM) + && !arm_is_secure_below_el3(env)) { + return CP_ACCESS_TRAP_EL2; + } + if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { + return CP_ACCESS_TRAP_EL3; + } + return CP_ACCESS_OK; } @@ -1101,28 +1130,28 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0, .accessfn = pmreg_access }, { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0, - .access = PL0_R | PL1_RW, + .access = PL0_R | PL1_RW, .accessfn = access_tpm, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr), .resetvalue = 0, .writefn = pmuserenr_write, .raw_writefn = raw_write }, { .name = "PMUSERENR_EL0", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 14, .opc2 = 0, - .access = PL0_R | PL1_RW, .type = ARM_CP_ALIAS, + .access = PL0_R | PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr), .resetvalue = 0, .writefn = pmuserenr_write, .raw_writefn = raw_write }, { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1, - .access = PL1_RW, + .access = PL1_RW, .accessfn = access_tpm, .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), .resetvalue = 0, .writefn = pmintenset_write, .raw_writefn = raw_write }, { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2, - .access = PL1_RW, .type = ARM_CP_ALIAS, + .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS, .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), .writefn = pmintenclr_write, }, { .name = "PMINTENCLR_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 2, - .access = PL1_RW, .type = ARM_CP_ALIAS, + .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS, .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), .writefn = pmintenclr_write }, { .name = "VBAR", .state = ARM_CP_STATE_BOTH, From 09aa3bf382243151e77682b2e89f997349b306d8 Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Thu, 18 Feb 2016 11:56:20 -0500 Subject: [PATCH 14/20] ARM: PL061: Checking register r/w accesses to reserved area pl061.c emulates two GPIO devices, ARM PL061 and TI Stellaris, which share the same read/write functions (pl061_read and pl061_write). However PL061 and Stellaris have different GPIO register definitions and pl061_read()/pl061_write() doesn't check it. This patch enforces checking on offset, preventing R/W into the reserved memory area. Signed-off-by: Wei Huang Message-id: 1455814580-17699-1-git-send-email-wei@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/gpio/pl061.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c index 5ece8b068e..29dc7fc38e 100644 --- a/hw/gpio/pl061.c +++ b/hw/gpio/pl061.c @@ -60,6 +60,7 @@ typedef struct PL061State { qemu_irq irq; qemu_irq out[8]; const unsigned char *id; + uint32_t rsvd_start; /* reserved area: [rsvd_start, 0xfcc] */ } PL061State; static const VMStateDescription vmstate_pl061 = { @@ -152,12 +153,15 @@ static uint64_t pl061_read(void *opaque, hwaddr offset, { PL061State *s = (PL061State *)opaque; - if (offset >= 0xfd0 && offset < 0x1000) { - return s->id[(offset - 0xfd0) >> 2]; - } if (offset < 0x400) { return s->data & (offset >> 2); } + if (offset >= s->rsvd_start && offset <= 0xfcc) { + goto err_out; + } + if (offset >= 0xfd0 && offset < 0x1000) { + return s->id[(offset - 0xfd0) >> 2]; + } switch (offset) { case 0x400: /* Direction */ return s->dir; @@ -198,10 +202,12 @@ static uint64_t pl061_read(void *opaque, hwaddr offset, case 0x528: /* Analog mode select */ return s->amsel; default: - qemu_log_mask(LOG_GUEST_ERROR, - "pl061_read: Bad offset %x\n", (int)offset); - return 0; + break; } +err_out: + qemu_log_mask(LOG_GUEST_ERROR, + "pl061_read: Bad offset %x\n", (int)offset); + return 0; } static void pl061_write(void *opaque, hwaddr offset, @@ -216,6 +222,9 @@ static void pl061_write(void *opaque, hwaddr offset, pl061_update(s); return; } + if (offset >= s->rsvd_start) { + goto err_out; + } switch (offset) { case 0x400: /* Direction */ s->dir = value & 0xff; @@ -274,10 +283,13 @@ static void pl061_write(void *opaque, hwaddr offset, s->amsel = value & 0xff; break; default: - qemu_log_mask(LOG_GUEST_ERROR, - "pl061_write: Bad offset %x\n", (int)offset); + goto err_out; } pl061_update(s); + return; +err_out: + qemu_log_mask(LOG_GUEST_ERROR, + "pl061_write: Bad offset %x\n", (int)offset); } static void pl061_reset(DeviceState *dev) @@ -347,6 +359,7 @@ static void pl061_luminary_init(Object *obj) PL061State *s = PL061(obj); s->id = pl061_id_luminary; + s->rsvd_start = 0x52c; } static void pl061_init(Object *obj) @@ -354,6 +367,7 @@ static void pl061_init(Object *obj) PL061State *s = PL061(obj); s->id = pl061_id; + s->rsvd_start = 0x424; } static void pl061_class_init(ObjectClass *klass, void *data) From a55b53a2f46bc5350ec0c3ae8d0cd82eff95a7e8 Mon Sep 17 00:00:00 2001 From: Andrew Baumann Date: Wed, 24 Feb 2016 13:58:48 -0800 Subject: [PATCH 15/20] raspi: fix SD card with recent sdhci changes Recent changes to sdhci broke SD on raspi. This change mirrors the logic to create the SD card device at the board level. Signed-off-by: Andrew Baumann Message-id: 1456351128-5560-1-git-send-email-Andrew.Baumann@microsoft.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/bcm2835_peripherals.c | 7 +++++++ hw/arm/bcm2836.c | 7 +++++++ hw/arm/raspi.c | 16 ++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c index 72467fd907..6d66fa0280 100644 --- a/hw/arm/bcm2835_peripherals.c +++ b/hw/arm/bcm2835_peripherals.c @@ -182,6 +182,13 @@ static void bcm2835_peripherals_realize(DeviceState *dev, Error **errp) sysbus_connect_irq(SYS_BUS_DEVICE(&s->sdhci), 0, qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ, INTERRUPT_ARASANSDIO)); + object_property_add_alias(OBJECT(s), "sd-bus", OBJECT(&s->sdhci), "sd-bus", + &err); + if (err) { + error_propagate(errp, err); + return; + } + } static void bcm2835_peripherals_class_init(ObjectClass *oc, void *data) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 15c7622ad1..032143905e 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -73,6 +73,13 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) return; } + object_property_add_alias(OBJECT(s), "sd-bus", OBJECT(&s->peripherals), + "sd-bus", &err); + if (err) { + error_propagate(errp, err); + return; + } + sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->peripherals), 0, BCM2836_PERI_BASE, 1); diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 48d014c8d3..65822792fe 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -113,6 +113,10 @@ static void setup_boot(MachineState *machine, int version, size_t ram_size) static void raspi2_init(MachineState *machine) { RasPiState *s = g_new0(RasPiState, 1); + DriveInfo *di; + BlockBackend *blk; + BusState *bus; + DeviceState *carddev; object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM2836); object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), @@ -133,6 +137,18 @@ static void raspi2_init(MachineState *machine) &error_abort); object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort); + /* Create and plug in the SD cards */ + di = drive_get_next(IF_SD); + blk = di ? blk_by_legacy_dinfo(di) : NULL; + bus = qdev_get_child_bus(DEVICE(&s->soc), "sd-bus"); + if (bus == NULL) { + error_report("No SD bus found in SOC object"); + exit(1); + } + carddev = qdev_create(bus, TYPE_SD_CARD); + qdev_prop_set_drive(carddev, "drive", blk, &error_fatal); + object_property_set_bool(OBJECT(carddev), true, "realized", &error_fatal); + setup_boot(machine, 2, machine->ram_size); } From ed0db8663a269fc42d04c1f78d265621b425b9f8 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 25 Feb 2016 12:22:04 +0100 Subject: [PATCH 16/20] MAINTAINERS: Add some missing ARM related header files Some header files in the include/hw/arm/ directory can be assigned to entries in the MAINTAINERS file. Signed-off-by: Thomas Huth Message-id: 1456399324-24259-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell --- MAINTAINERS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 606d9c08b5..ec8a037bc3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -363,6 +363,7 @@ M: Dmitry Solodkiy L: qemu-arm@nongnu.org S: Maintained F: hw/*/exynos* +F: include/hw/arm/exynos4210.h Calxeda Highbank M: Rob Herring @@ -390,6 +391,7 @@ L: qemu-arm@nongnu.org S: Odd fixes F: hw/*/imx* F: hw/arm/kzm.c +F: include/hw/arm/fsl-imx31.h Integrator CP M: Peter Maydell @@ -432,6 +434,7 @@ F: hw/arm/spitz.c F: hw/arm/tosa.c F: hw/arm/z2.c F: hw/*/pxa2xx* +F: include/hw/arm/pxa.h Stellaris M: Peter Maydell @@ -768,6 +771,7 @@ OMAP M: Peter Maydell S: Maintained F: hw/*/omap* +F: include/hw/arm/omap.h IPack M: Alberto Garcia From 5c1bc9a234704c3d2001e7751b2d33145202a35f Mon Sep 17 00:00:00 2001 From: Andrew Baumann Date: Thu, 25 Feb 2016 13:35:29 -0800 Subject: [PATCH 17/20] sdhci: Revert "add optional quirk property to disable card insertion/removal interrupts" This reverts commit 723697551a7e926abe7d3c7f2966012b8075143d. This change was poorly tested on my part. It squelched card insertion interrupts on reset, but that was not necessary because sdhci_reset() clears all the registers (via the call to memset), so the subsequent sdhci_insert_eject_cb() call never sees the card insert interrupt enabled. However, not calling the insert_eject_cb results in prnsts remaining 0, when it actually needs to be updated to indicate card presence and R/O status. Signed-off-by: Andrew Baumann Message-id: 1456436130-7048-2-git-send-email-Andrew.Baumann@microsoft.com Signed-off-by: Peter Maydell --- hw/sd/sdhci.c | 9 +++------ include/hw/sd/sdhci.h | 1 - 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 73e7c87fbf..f175b3041e 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -198,11 +198,9 @@ static void sdhci_reset(SDHCIState *s) * initialization */ memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad); - if (!s->noeject_quirk) { - /* Reset other state based on current card insertion/readonly status */ - sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus)); - sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus)); - } + /* Reset other state based on current card insertion/readonly status */ + sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus)); + sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus)); s->data_count = 0; s->stopped_state = sdhc_not_stopped; @@ -1275,7 +1273,6 @@ static Property sdhci_sysbus_properties[] = { DEFINE_PROP_UINT32("capareg", SDHCIState, capareg, SDHC_CAPAB_REG_DEFAULT), DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0), - DEFINE_PROP_BOOL("noeject-quirk", SDHCIState, noeject_quirk, false), DEFINE_PROP_END_OF_LIST(), }; diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h index 607a83e855..4816516a26 100644 --- a/include/hw/sd/sdhci.h +++ b/include/hw/sd/sdhci.h @@ -76,7 +76,6 @@ typedef struct SDHCIState { uint32_t buf_maxsz; uint16_t data_count; /* current element in FIFO buffer */ uint8_t stopped_state;/* Current SDHC state */ - bool noeject_quirk;/* Quirk to disable card insert/remove interrupts */ /* Buffer Data Port Register - virtual access point to R and W buffers */ /* Software Reset Register - always reads as 0 */ /* Force Event Auto CMD12 Error Interrupt Reg - write only */ From 0a7ac9f9e72246ce41dfb101c77a58de607aef7c Mon Sep 17 00:00:00 2001 From: Andrew Baumann Date: Thu, 25 Feb 2016 13:35:30 -0800 Subject: [PATCH 18/20] sdhci: add quirk property for card insert interrupt status on Raspberry Pi This quirk is a workaround for the following hardware behaviour, on which UEFI (specifically, the bootloader for Windows on Pi2) depends: 1. at boot with an SD card present, the interrupt status/enable registers are initially zero 2. upon enabling it in the interrupt enable register, the card insert bit in the interrupt status register is immediately set 3. after a subsequent controller reset, the card insert interrupt does not fire, even if enabled in the interrupt enable register Signed-off-by: Andrew Baumann Message-id: 1456436130-7048-3-git-send-email-Andrew.Baumann@microsoft.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/sd/sdhci.c | 38 +++++++++++++++++++++++++++++++++++++- include/hw/sd/sdhci.h | 2 ++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index f175b3041e..e087c17ad7 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -204,6 +204,7 @@ static void sdhci_reset(SDHCIState *s) s->data_count = 0; s->stopped_state = sdhc_not_stopped; + s->pending_insert_state = false; } static void sdhci_data_transfer(void *opaque); @@ -1095,6 +1096,13 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) } else { s->norintsts &= ~SDHC_NIS_ERR; } + /* Quirk for Raspberry Pi: pending card insert interrupt + * appears when first enabled after power on */ + if ((s->norintstsen & SDHC_NISEN_INSERT) && s->pending_insert_state) { + assert(s->pending_insert_quirk); + s->norintsts |= SDHC_NIS_INSERT; + s->pending_insert_state = false; + } sdhci_update_irq(s); break; case SDHC_NORINTSIGEN: @@ -1181,6 +1189,24 @@ static void sdhci_uninitfn(SDHCIState *s) s->fifo_buffer = NULL; } +static bool sdhci_pending_insert_vmstate_needed(void *opaque) +{ + SDHCIState *s = opaque; + + return s->pending_insert_state; +} + +static const VMStateDescription sdhci_pending_insert_vmstate = { + .name = "sdhci/pending-insert", + .version_id = 1, + .minimum_version_id = 1, + .needed = sdhci_pending_insert_vmstate_needed, + .fields = (VMStateField[]) { + VMSTATE_BOOL(pending_insert_state, SDHCIState), + VMSTATE_END_OF_LIST() + }, +}; + const VMStateDescription sdhci_vmstate = { .name = "sdhci", .version_id = 1, @@ -1215,7 +1241,11 @@ const VMStateDescription sdhci_vmstate = { VMSTATE_TIMER_PTR(insert_timer, SDHCIState), VMSTATE_TIMER_PTR(transfer_timer, SDHCIState), VMSTATE_END_OF_LIST() - } + }, + .subsections = (const VMStateDescription*[]) { + &sdhci_pending_insert_vmstate, + NULL + }, }; /* Capabilities registers provide information on supported features of this @@ -1273,6 +1303,8 @@ static Property sdhci_sysbus_properties[] = { DEFINE_PROP_UINT32("capareg", SDHCIState, capareg, SDHC_CAPAB_REG_DEFAULT), DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0), + DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk, + false), DEFINE_PROP_END_OF_LIST(), }; @@ -1300,6 +1332,10 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci", SDHC_REGISTERS_MAP_SIZE); sysbus_init_mmio(sbd, &s->iomem); + + if (s->pending_insert_quirk) { + s->pending_insert_state = true; + } } static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h index 4816516a26..0f0c3f1e64 100644 --- a/include/hw/sd/sdhci.h +++ b/include/hw/sd/sdhci.h @@ -76,6 +76,8 @@ typedef struct SDHCIState { uint32_t buf_maxsz; uint16_t data_count; /* current element in FIFO buffer */ uint8_t stopped_state;/* Current SDHC state */ + bool pending_insert_quirk;/* Quirk for Raspberry Pi card insert int */ + bool pending_insert_state; /* Buffer Data Port Register - virtual access point to R and W buffers */ /* Software Reset Register - always reads as 0 */ /* Force Event Auto CMD12 Error Interrupt Reg - write only */ From d44ec156300a149b386a14d3ab349d3b83b66b8c Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Fri, 26 Feb 2016 13:45:39 +0100 Subject: [PATCH 19/20] target-arm: Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW due to the register not having any underlying state. This fixes an issue with booting KVM enabled kernels when EL2 is on. Signed-off-by: Edgar E. Iglesias Message-id: 1456490739-19343-1-git-send-email-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target-arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index ef3f1ce9bc..2b43cdc037 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3672,7 +3672,7 @@ static const ARMCPRegInfo el2_cp_reginfo[] = { .writefn = gt_hyp_cval_write, .raw_writefn = raw_write }, { .name = "CNTHP_TVAL_EL2", .state = ARM_CP_STATE_BOTH, .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 0, - .type = ARM_CP_IO, .access = PL2_RW, + .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL2_RW, .resetfn = gt_hyp_timer_reset, .readfn = gt_hyp_tval_read, .writefn = gt_hyp_tval_write }, { .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH, From e20d84c1407d43d5a2e2ac95dbb46db3b0af8f9f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 19 Feb 2016 14:07:43 +0000 Subject: [PATCH 20/20] target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The v8 ARM ARM defines that unused spaces in the ID_AA64* system register ranges are Reserved and must RAZ, rather than being UNDEF. Implement this. In particular, ARM v8.2 adds a new feature register ID_AA64MMFR2, and newer versions of the Linux kernel will attempt to read this, which causes them not to boot up on versions of QEMU missing this fix. Since the encoding .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6 is actually defined in ARMv8 (as ID_MMFR4), we give it an entry in the ARMCPU struct so CPUs can override it, though since none do this too will just RAZ. Cc: qemu-stable@nongnu.org Reported-by: Ard Biesheuvel Signed-off-by: Peter Maydell Message-id: 1455890863-11203-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Alex Bennée Tested-by: Alex Bennée --- target-arm/cpu-qom.h | 1 + target-arm/helper.c | 128 ++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 122 insertions(+), 7 deletions(-) diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h index 1cc4502fc4..1061c08a10 100644 --- a/target-arm/cpu-qom.h +++ b/target-arm/cpu-qom.h @@ -155,6 +155,7 @@ typedef struct ARMCPU { uint32_t id_mmfr1; uint32_t id_mmfr2; uint32_t id_mmfr3; + uint32_t id_mmfr4; uint32_t id_isar0; uint32_t id_isar1; uint32_t id_isar2; diff --git a/target-arm/helper.c b/target-arm/helper.c index 2b43cdc037..18c82967d3 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -4316,12 +4316,14 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_isar5 }, - /* 6..7 are as yet unallocated and must RAZ */ - { .name = "ID_ISAR6", .cp = 15, .crn = 0, .crm = 2, - .opc1 = 0, .opc2 = 6, .access = PL1_R, .type = ARM_CP_CONST, - .resetvalue = 0 }, - { .name = "ID_ISAR7", .cp = 15, .crn = 0, .crm = 2, - .opc1 = 0, .opc2 = 7, .access = PL1_R, .type = ARM_CP_CONST, + { .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = cpu->id_mmfr4 }, + /* 7 is as yet unallocated and must RAZ */ + { .name = "ID_ISAR7_RESERVED", .state = ARM_CP_STATE_BOTH, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 }, REGINFO_SENTINEL }; @@ -4375,7 +4377,11 @@ void register_cp_regs_for_features(ARMCPU *cpu) define_arm_cp_regs(cpu, not_v7_cp_reginfo); } if (arm_feature(env, ARM_FEATURE_V8)) { - /* AArch64 ID registers, which all have impdef reset values */ + /* AArch64 ID registers, which all have impdef reset values. + * Note that within the ID register ranges the unused slots + * must all RAZ, not UNDEF; future architecture versions may + * define new registers here. + */ ARMCPRegInfo v8_idregs[] = { { .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0, @@ -4385,6 +4391,30 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_aa64pfr1}, + { .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64PFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, @@ -4398,6 +4428,14 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_aa64dfr1 }, + { .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4, .access = PL1_R, .type = ARM_CP_CONST, @@ -4406,6 +4444,14 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_aa64afr1 }, + { .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, @@ -4414,6 +4460,30 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_aa64isar1 }, + { .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, @@ -4422,6 +4492,30 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->id_aa64mmfr1 }, + { .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, @@ -4434,6 +4528,26 @@ void register_cp_regs_for_features(ARMCPU *cpu) .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->mvfr2 }, + { .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, + { .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7, + .access = PL1_R, .type = ARM_CP_CONST, + .resetvalue = 0 }, { .name = "PMCEID0", .state = ARM_CP_STATE_AA32, .cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6, .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,