From 56c2c59252deb5676f63faf69a1b5fb97372b551 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 14 May 2020 21:04:22 +0200 Subject: [PATCH 01/29] tests/acceptance: Add a test for the canon-a1100 machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The canon-a1100 machine can be used with the Barebox firmware. The QEMU Advent Calendar 2018 features a pre-compiled image which we can use for testing. Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Reviewed-by: Wainer dos Santos Moschetta Tested-by: Wainer dos Santos Moschetta Signed-off-by: Thomas Huth Signed-off-by: Philippe Mathieu-Daudé Message-id: 20200514190422.23645-1-f4bug@amsat.org Message-Id: <20200129090420.13954-1-thuth@redhat.com> [PMD: Rebased MAINTAINERS] Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- MAINTAINERS | 1 + tests/acceptance/machine_arm_canona1100.py | 35 ++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 tests/acceptance/machine_arm_canona1100.py diff --git a/MAINTAINERS b/MAINTAINERS index 87a412c229..1e006c98fa 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -608,6 +608,7 @@ S: Odd Fixes F: include/hw/arm/digic.h F: hw/*/digic* F: include/hw/*/digic* +F: tests/acceptance/machine_arm_canona1100.py Goldfish RTC M: Anup Patel diff --git a/tests/acceptance/machine_arm_canona1100.py b/tests/acceptance/machine_arm_canona1100.py new file mode 100644 index 0000000000..0e5c43dbcf --- /dev/null +++ b/tests/acceptance/machine_arm_canona1100.py @@ -0,0 +1,35 @@ +# Functional test that boots the canon-a1100 machine with firmware +# +# Copyright (c) 2020 Red Hat, Inc. +# +# Author: +# Thomas Huth +# +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. + +from avocado_qemu import Test +from avocado_qemu import wait_for_console_pattern +from avocado.utils import archive + +class CanonA1100Machine(Test): + """Boots the barebox firmware and checks that the console is operational""" + + timeout = 90 + + def test_arm_canona1100(self): + """ + :avocado: tags=arch:arm + :avocado: tags=machine:canon-a1100 + :avocado: tags=device:pflash_cfi02 + """ + tar_url = ('https://www.qemu-advent-calendar.org' + '/2018/download/day18.tar.xz') + tar_hash = '068b5fc4242b29381acee94713509f8a876e9db6' + file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) + archive.extract(file_path, self.workdir) + self.vm.set_console() + self.vm.add_args('-bios', + self.workdir + '/day18/barebox.canon-a1100.bin') + self.vm.launch() + wait_for_console_pattern(self, 'running /env/bin/init') From fc68b1c6755c467e256202a2eed7c145c7b4581e Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 7 May 2020 16:18:15 +0100 Subject: [PATCH 02/29] docs/system: Add 'Arm' to the Integrator/CP document title MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add 'Arm' to the Integrator/CP document title, for consistency with the titling of the other documentation of Arm devboard models (versatile, realview). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 20200507151819.28444-2-peter.maydell@linaro.org --- docs/system/arm/integratorcp.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/system/arm/integratorcp.rst b/docs/system/arm/integratorcp.rst index e6f050f602..594438008e 100644 --- a/docs/system/arm/integratorcp.rst +++ b/docs/system/arm/integratorcp.rst @@ -1,5 +1,5 @@ -Integrator/CP (``integratorcp``) -================================ +Arm Integrator/CP (``integratorcp``) +==================================== The Arm Integrator/CP board is emulated with the following devices: From b6e50ad0dbda699a2511861d84e313c756baded8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 7 May 2020 16:18:16 +0100 Subject: [PATCH 03/29] docs/system: Sort Arm board index into alphabetical order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sort the board index into alphabetical order. (Note that we need to sort alphabetically by the title text of each file, which isn't the same ordering as sorting by the filename.) Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 20200507151819.28444-3-peter.maydell@linaro.org --- docs/system/target-arm.rst | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst index 324e2af1cb..d459efb3d2 100644 --- a/docs/system/target-arm.rst +++ b/docs/system/target-arm.rst @@ -67,19 +67,24 @@ Unfortunately many of the Arm boards QEMU supports are currently undocumented; you can get a complete list by running ``qemu-system-aarch64 --machine help``. +.. + This table of contents should be kept sorted alphabetically + by the title text of each file, which isn't the same ordering + as an alphabetical sort by filename. + .. toctree:: :maxdepth: 1 arm/integratorcp - arm/versatile arm/realview - arm/xscale - arm/palm - arm/nseries - arm/stellaris + arm/versatile arm/musicpal - arm/sx1 + arm/nseries arm/orangepi + arm/palm + arm/xscale + arm/sx1 + arm/stellaris Arm CPU features ================ From 5a1d424487992613582e8ed3d3070833f155cf75 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 7 May 2020 16:18:17 +0100 Subject: [PATCH 04/29] docs/system: Document Arm Versatile Express boards MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Provide a minimal documentation of the Versatile Express boards (vexpress-a9, vexpress-a15). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 20200507151819.28444-4-peter.maydell@linaro.org --- MAINTAINERS | 1 + docs/system/arm/vexpress.rst | 60 ++++++++++++++++++++++++++++++++++++ docs/system/target-arm.rst | 1 + 3 files changed, 62 insertions(+) create mode 100644 docs/system/arm/vexpress.rst diff --git a/MAINTAINERS b/MAINTAINERS index 1e006c98fa..6a9280c1b0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -828,6 +828,7 @@ M: Peter Maydell L: qemu-arm@nongnu.org S: Maintained F: hw/arm/vexpress.c +F: docs/system/arm/vexpress.rst Versatile PB M: Peter Maydell diff --git a/docs/system/arm/vexpress.rst b/docs/system/arm/vexpress.rst new file mode 100644 index 0000000000..7f1bcbef07 --- /dev/null +++ b/docs/system/arm/vexpress.rst @@ -0,0 +1,60 @@ +Arm Versatile Express boards (``vexpress-a9``, ``vexpress-a15``) +================================================================ + +QEMU models two variants of the Arm Versatile Express development +board family: + +- ``vexpress-a9`` models the combination of the Versatile Express + motherboard and the CoreTile Express A9x4 daughterboard +- ``vexpress-a15`` models the combination of the Versatile Express + motherboard and the CoreTile Express A15x2 daughterboard + +Note that as this hardware does not have PCI, IDE or SCSI, +the only available storage option is emulated SD card. + +Implemented devices: + +- PL041 audio +- PL181 SD controller +- PL050 keyboard and mouse +- PL011 UARTs +- SP804 timers +- I2C controller +- PL031 RTC +- PL111 LCD display controller +- Flash memory +- LAN9118 ethernet + +Unimplemented devices: + +- SP810 system control block +- PCI-express +- USB controller (Philips ISP1761) +- Local DAP ROM +- CoreSight interfaces +- PL301 AXI interconnect +- SCC +- System counter +- HDLCD controller (``vexpress-a15``) +- SP805 watchdog +- PL341 dynamic memory controller +- DMA330 DMA controller +- PL354 static memory controller +- BP147 TrustZone Protection Controller +- TrustZone Address Space Controller + +Other differences between the hardware and the QEMU model: + +- QEMU will default to creating one CPU unless you pass a different + ``-smp`` argument +- QEMU allows the amount of RAM provided to be specified with the + ``-m`` argument +- QEMU defaults to providing a CPU which does not provide either + TrustZone or the Virtualization Extensions: if you want these you + must enable them with ``-machine secure=on`` and ``-machine + virtualization=on`` +- QEMU provides 4 virtio-mmio virtio transports; these start at + address ``0x10013000`` for ``vexpress-a9`` and at ``0x1c130000`` for + ``vexpress-a15``, and have IRQs from 40 upwards. If a dtb is + provided on the command line then QEMU will edit it to include + suitable entries describing these transports for the guest. diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst index d459efb3d2..1c759aa1a0 100644 --- a/docs/system/target-arm.rst +++ b/docs/system/target-arm.rst @@ -78,6 +78,7 @@ undocumented; you can get a complete list by running arm/integratorcp arm/realview arm/versatile + arm/vexpress arm/musicpal arm/nseries arm/orangepi From ba7912a55ae836019a97f0f192222616388fb154 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 7 May 2020 16:18:18 +0100 Subject: [PATCH 05/29] docs/system: Document the various MPS2 models MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add basic documentation of the MPS2 board models. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 20200507151819.28444-5-peter.maydell@linaro.org --- MAINTAINERS | 1 + docs/system/arm/mps2.rst | 29 +++++++++++++++++++++++++++++ docs/system/target-arm.rst | 1 + 3 files changed, 31 insertions(+) create mode 100644 docs/system/arm/mps2.rst diff --git a/MAINTAINERS b/MAINTAINERS index 6a9280c1b0..520a7b74f2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -701,6 +701,7 @@ F: hw/misc/armsse-cpuid.c F: include/hw/misc/armsse-cpuid.h F: hw/misc/armsse-mhu.c F: include/hw/misc/armsse-mhu.h +F: docs/system/arm/mps2.rst Musca M: Peter Maydell diff --git a/docs/system/arm/mps2.rst b/docs/system/arm/mps2.rst new file mode 100644 index 0000000000..3a98cb59b0 --- /dev/null +++ b/docs/system/arm/mps2.rst @@ -0,0 +1,29 @@ +Arm MPS2 boards (``mps2-an385``, ``mps2-an505``, ``mps2-an511``, ``mps2-an521``) +================================================================================ + +These board models all use Arm M-profile CPUs. + +The Arm MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger +FPGA but is otherwise the same as the 2). Since the CPU itself +and most of the devices are in the FPGA, the details of the board +as seen by the guest depend significantly on the FPGA image. + +QEMU models the following FPGA images: + +``mps2-an385`` + Cortex-M3 as documented in ARM Application Note AN385 +``mps2-an511`` + Cortex-M3 'DesignStart' as documented in AN511 +``mps2-an505`` + Cortex-M33 as documented in ARM Application Note AN505 +``mps2-an521`` + Dual Cortex-M33 as documented in Application Note AN521 + +Differences between QEMU and real hardware: + +- AN385 remapping of low 16K of memory to either ZBT SSRAM1 or to + block RAM is unimplemented (QEMU always maps this to ZBT SSRAM1, as + if zbt_boot_ctrl is always zero) +- QEMU provides a LAN9118 ethernet rather than LAN9220; the only guest + visible difference is that the LAN9118 doesn't support checksum + offloading diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst index 1c759aa1a0..f2d9366e9b 100644 --- a/docs/system/target-arm.rst +++ b/docs/system/target-arm.rst @@ -76,6 +76,7 @@ undocumented; you can get a complete list by running :maxdepth: 1 arm/integratorcp + arm/mps2 arm/realview arm/versatile arm/vexpress From 9f8f640eae8a875fa302d64748985bf21dc7f907 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 7 May 2020 16:18:19 +0100 Subject: [PATCH 06/29] docs/system: Document Musca boards MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Provide a minimal documentation of the Musca boards. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 20200507151819.28444-6-peter.maydell@linaro.org --- MAINTAINERS | 1 + docs/system/arm/musca.rst | 31 +++++++++++++++++++++++++++++++ docs/system/target-arm.rst | 1 + 3 files changed, 33 insertions(+) create mode 100644 docs/system/arm/musca.rst diff --git a/MAINTAINERS b/MAINTAINERS index 520a7b74f2..023f48d3ea 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -708,6 +708,7 @@ M: Peter Maydell L: qemu-arm@nongnu.org S: Maintained F: hw/arm/musca.c +F: docs/system/arm/musca.rst Musicpal M: Jan Kiszka diff --git a/docs/system/arm/musca.rst b/docs/system/arm/musca.rst new file mode 100644 index 0000000000..81e3dc9219 --- /dev/null +++ b/docs/system/arm/musca.rst @@ -0,0 +1,31 @@ +Arm Musca boards (``musca-a``, ``musca-b1``) +============================================ + +The Arm Musca development boards are a reference implementation +of a system using the SSE-200 Subsystem for Embedded. They are +dual Cortex-M33 systems. + +QEMU provides models of the A and B1 variants of this board. + +Unimplemented devices: + +- SPI +- |I2C| +- |I2S| +- PWM +- QSPI +- Timer +- SCC +- GPIO +- eFlash +- MHU +- PVT +- SDIO +- CryptoCell + +Note that (like the real hardware) the Musca-A machine is +asymmetric: CPU 0 does not have the FPU or DSP extensions, +but CPU 1 does. Also like the real hardware, the memory maps +for the A and B1 variants differ significantly, so guest +software must be built for the right variant. + diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst index f2d9366e9b..dce384cb0e 100644 --- a/docs/system/target-arm.rst +++ b/docs/system/target-arm.rst @@ -77,6 +77,7 @@ undocumented; you can get a complete list by running arm/integratorcp arm/mps2 + arm/musca arm/realview arm/versatile arm/vexpress From 13a0c21e64bddf1a3659d30b2b6e95529f9047ed Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 20 Apr 2020 22:22:03 +0100 Subject: [PATCH 07/29] linux-user/arm: BKPT should cause SIGTRAP, not be a syscall MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly to EXCP_SWI, which means that if the guest executes a BKPT insn then QEMU will perform a syscall for it (which syscall depends on what value happens to be in r7...). The correct behaviour is that the guest process should take a SIGTRAP. This code has been like this (more or less) since commit 06c949e62a098f in 2006 which added BKPT in the first place. This is probably because at the time the same code path was used to handle both Linux syscalls and semihosting calls, and (on M profile) BKPT with a suitable magic number is used for semihosting calls. But these days we've moved handling of semihosting out to an entirely different codepath, so we can fix this bug by simply removing this handling of EXCP_BKPT and instead making it deliver a SIGTRAP like EXCP_DEBUG (as we do already on aarch64). Reported-by: Reviewed-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell Message-id: 20200420212206.12776-2-peter.maydell@linaro.org Fixes: https://bugs.launchpad.net/qemu/+bug/1873898 Signed-off-by: Peter Maydell --- linux-user/arm/cpu_loop.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c index cf618daa1c..82d0dd3c31 100644 --- a/linux-user/arm/cpu_loop.c +++ b/linux-user/arm/cpu_loop.c @@ -295,32 +295,17 @@ void cpu_loop(CPUARMState *env) } break; case EXCP_SWI: - case EXCP_BKPT: { env->eabi = 1; /* system call */ - if (trapnr == EXCP_BKPT) { - if (env->thumb) { - /* FIXME - what to do if get_user() fails? */ - get_user_code_u16(insn, env->regs[15], env); - n = insn & 0xff; - env->regs[15] += 2; - } else { - /* FIXME - what to do if get_user() fails? */ - get_user_code_u32(insn, env->regs[15], env); - n = (insn & 0xf) | ((insn >> 4) & 0xff0); - env->regs[15] += 4; - } + if (env->thumb) { + /* FIXME - what to do if get_user() fails? */ + get_user_code_u16(insn, env->regs[15] - 2, env); + n = insn & 0xff; } else { - if (env->thumb) { - /* FIXME - what to do if get_user() fails? */ - get_user_code_u16(insn, env->regs[15] - 2, env); - n = insn & 0xff; - } else { - /* FIXME - what to do if get_user() fails? */ - get_user_code_u32(insn, env->regs[15] - 4, env); - n = insn & 0xffffff; - } + /* FIXME - what to do if get_user() fails? */ + get_user_code_u32(insn, env->regs[15] - 4, env); + n = insn & 0xffffff; } if (n == ARM_NR_cacheflush) { @@ -396,6 +381,7 @@ void cpu_loop(CPUARMState *env) } break; case EXCP_DEBUG: + case EXCP_BKPT: excp_debug: info.si_signo = TARGET_SIGTRAP; info.si_errno = 0; From 62f141a426d27c15555714a2c2967045b43d9a4a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 20 Apr 2020 22:22:04 +0100 Subject: [PATCH 08/29] linux-user/arm: Remove bogus SVC 0xf0002 handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We incorrectly treat SVC 0xf0002 as a cacheflush request (which is a NOP for QEMU). This is the wrong syscall number, because in the svc-immediate OABI syscall numbers are all offset by the ARM_SYSCALL_BASE value and so the correct insn is SVC 0x9f0002. (This is handled further down in the code with the other Arm-specific syscalls like NR_breakpoint.) When this code was initially added in commit 6f1f31c069b20611 in 2004, ARM_NR_cacheflush was defined as (ARM_SYSCALL_BASE + 0xf0000 + 2) so the value in the comparison took account of the extra 0x900000 offset. In commit fbb4a2e371f2fa7 in 2008, the ARM_SYSCALL_BASE was removed from the definition of ARM_NR_cacheflush and handling for this group of syscalls was added below the point where we subtract ARM_SYSCALL_BASE from the SVC immediate value. However that commit forgot to remove the now-obsolete earlier handling code. Remove the spurious ARM_NR_cacheflush condition. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Message-id: 20200420212206.12776-3-peter.maydell@linaro.org --- linux-user/arm/cpu_loop.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c index 82d0dd3c31..025887d6b8 100644 --- a/linux-user/arm/cpu_loop.c +++ b/linux-user/arm/cpu_loop.c @@ -308,9 +308,7 @@ void cpu_loop(CPUARMState *env) n = insn & 0xffffff; } - if (n == ARM_NR_cacheflush) { - /* nop */ - } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) { + if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) { /* linux syscall */ if (env->thumb || n == 0) { n = env->regs[7]; From ab546bd23856866411ff1b2ffaedabdc360e69df Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 20 Apr 2020 22:22:05 +0100 Subject: [PATCH 09/29] linux-user/arm: Handle invalid arm-specific syscalls correctly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The kernel has different handling for syscalls with invalid numbers that are in the "arm-specific" range 0x9f0000 and up: * 0x9f0000..0x9f07ff return -ENOSYS if not implemented * other out of range syscalls cause a SIGILL (see the kernel's arch/arm/kernel/traps.c:arm_syscall()) Implement this distinction. (Note that our code doesn't look quite like the kernel's, because we have removed the 0x900000 prefix by this point, whereas the kernel retains it in arm_syscall().) Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200420212206.12776-4-peter.maydell@linaro.org --- linux-user/arm/cpu_loop.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c index 025887d6b8..df8b7b3fa9 100644 --- a/linux-user/arm/cpu_loop.c +++ b/linux-user/arm/cpu_loop.c @@ -332,10 +332,32 @@ void cpu_loop(CPUARMState *env) env->regs[0] = cpu_get_tls(env); break; default: - qemu_log_mask(LOG_UNIMP, - "qemu: Unsupported ARM syscall: 0x%x\n", - n); - env->regs[0] = -TARGET_ENOSYS; + if (n < 0xf0800) { + /* + * Syscalls 0xf0000..0xf07ff (or 0x9f0000.. + * 0x9f07ff in OABI numbering) are defined + * to return -ENOSYS rather than raising + * SIGILL. Note that we have already + * removed the 0x900000 prefix. + */ + qemu_log_mask(LOG_UNIMP, + "qemu: Unsupported ARM syscall: 0x%x\n", + n); + env->regs[0] = -TARGET_ENOSYS; + } else { + /* Otherwise SIGILL */ + info.si_signo = TARGET_SIGILL; + info.si_errno = 0; + info.si_code = TARGET_ILL_ILLTRP; + info._sifields._sigfault._addr = env->regs[15]; + if (env->thumb) { + info._sifields._sigfault._addr -= 2; + } else { + info._sifields._sigfault._addr -= 4; + } + queue_signal(env, info.si_signo, + QEMU_SI_FAULT, &info); + } break; } } else { From 3986a1721e10aebe0dc2c17f262ebf067e7414df Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 20 Apr 2020 22:22:06 +0100 Subject: [PATCH 10/29] linux-user/arm: Fix identification of syscall numbers Our code to identify syscall numbers has some issues: * for Thumb mode, we never need the immediate value from the insn, but we always read it anyway * bad immediate values in the svc insn should cause a SIGILL, but we were abort()ing instead (via "goto error") We can fix both these things by refactoring the code that identifies the syscall number to more closely follow the kernel COMPAT_OABI code: * for Thumb it is always r7 * for Arm, if the immediate value is 0, then this is an EABI call with the syscall number in r7 * otherwise, we XOR the immediate value with 0x900000 (ARM_SYSCALL_BASE for QEMU; __NR_OABI_SYSCALL_BASE in the kernel), which converts valid syscall immediates into the desired value, and puts all invalid immediates in the range 0x100000 or above * then we can just let the existing "value too large, deliver SIGILL" case handle invalid numbers, and drop the 'goto error' Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Message-id: 20200420212206.12776-5-peter.maydell@linaro.org --- linux-user/arm/cpu_loop.c | 143 ++++++++++++++++++++------------------ 1 file changed, 77 insertions(+), 66 deletions(-) diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c index df8b7b3fa9..13629ee1f6 100644 --- a/linux-user/arm/cpu_loop.c +++ b/linux-user/arm/cpu_loop.c @@ -299,85 +299,96 @@ void cpu_loop(CPUARMState *env) env->eabi = 1; /* system call */ if (env->thumb) { - /* FIXME - what to do if get_user() fails? */ - get_user_code_u16(insn, env->regs[15] - 2, env); - n = insn & 0xff; + /* Thumb is always EABI style with syscall number in r7 */ + n = env->regs[7]; } else { + /* + * Equivalent of kernel CONFIG_OABI_COMPAT: read the + * Arm SVC insn to extract the immediate, which is the + * syscall number in OABI. + */ /* FIXME - what to do if get_user() fails? */ get_user_code_u32(insn, env->regs[15] - 4, env); n = insn & 0xffffff; - } - - if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) { - /* linux syscall */ - if (env->thumb || n == 0) { + if (n == 0) { + /* zero immediate: EABI, syscall number in r7 */ n = env->regs[7]; } else { - n -= ARM_SYSCALL_BASE; + /* + * This XOR matches the kernel code: an immediate + * in the valid range (0x900000 .. 0x9fffff) is + * converted into the correct EABI-style syscall + * number; invalid immediates end up as values + * > 0xfffff and are handled below as out-of-range. + */ + n ^= ARM_SYSCALL_BASE; env->eabi = 0; } - if ( n > ARM_NR_BASE) { - switch (n) { - case ARM_NR_cacheflush: - /* nop */ - break; - case ARM_NR_set_tls: - cpu_set_tls(env, env->regs[0]); - env->regs[0] = 0; - break; - case ARM_NR_breakpoint: - env->regs[15] -= env->thumb ? 2 : 4; - goto excp_debug; - case ARM_NR_get_tls: - env->regs[0] = cpu_get_tls(env); - break; - default: - if (n < 0xf0800) { - /* - * Syscalls 0xf0000..0xf07ff (or 0x9f0000.. - * 0x9f07ff in OABI numbering) are defined - * to return -ENOSYS rather than raising - * SIGILL. Note that we have already - * removed the 0x900000 prefix. - */ - qemu_log_mask(LOG_UNIMP, - "qemu: Unsupported ARM syscall: 0x%x\n", - n); - env->regs[0] = -TARGET_ENOSYS; + } + + if (n > ARM_NR_BASE) { + switch (n) { + case ARM_NR_cacheflush: + /* nop */ + break; + case ARM_NR_set_tls: + cpu_set_tls(env, env->regs[0]); + env->regs[0] = 0; + break; + case ARM_NR_breakpoint: + env->regs[15] -= env->thumb ? 2 : 4; + goto excp_debug; + case ARM_NR_get_tls: + env->regs[0] = cpu_get_tls(env); + break; + default: + if (n < 0xf0800) { + /* + * Syscalls 0xf0000..0xf07ff (or 0x9f0000.. + * 0x9f07ff in OABI numbering) are defined + * to return -ENOSYS rather than raising + * SIGILL. Note that we have already + * removed the 0x900000 prefix. + */ + qemu_log_mask(LOG_UNIMP, + "qemu: Unsupported ARM syscall: 0x%x\n", + n); + env->regs[0] = -TARGET_ENOSYS; + } else { + /* + * Otherwise SIGILL. This includes any SWI with + * immediate not originally 0x9fxxxx, because + * of the earlier XOR. + */ + info.si_signo = TARGET_SIGILL; + info.si_errno = 0; + info.si_code = TARGET_ILL_ILLTRP; + info._sifields._sigfault._addr = env->regs[15]; + if (env->thumb) { + info._sifields._sigfault._addr -= 2; } else { - /* Otherwise SIGILL */ - info.si_signo = TARGET_SIGILL; - info.si_errno = 0; - info.si_code = TARGET_ILL_ILLTRP; - info._sifields._sigfault._addr = env->regs[15]; - if (env->thumb) { - info._sifields._sigfault._addr -= 2; - } else { - info._sifields._sigfault._addr -= 4; - } - queue_signal(env, info.si_signo, - QEMU_SI_FAULT, &info); + info._sifields._sigfault._addr -= 4; } - break; - } - } else { - ret = do_syscall(env, - n, - env->regs[0], - env->regs[1], - env->regs[2], - env->regs[3], - env->regs[4], - env->regs[5], - 0, 0); - if (ret == -TARGET_ERESTARTSYS) { - env->regs[15] -= env->thumb ? 2 : 4; - } else if (ret != -TARGET_QEMU_ESIGRETURN) { - env->regs[0] = ret; + queue_signal(env, info.si_signo, + QEMU_SI_FAULT, &info); } + break; } } else { - goto error; + ret = do_syscall(env, + n, + env->regs[0], + env->regs[1], + env->regs[2], + env->regs[3], + env->regs[4], + env->regs[5], + 0, 0); + if (ret == -TARGET_ERESTARTSYS) { + env->regs[15] -= env->thumb ? 2 : 4; + } else if (ret != -TARGET_QEMU_ESIGRETURN) { + env->regs[0] = ret; + } } } break; From ef81aa68a708ba5162e1d5fa8d98171ac1059e2d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 15 May 2020 15:20:47 +0100 Subject: [PATCH 11/29] target/arm: Remove unused GEN_NEON_INTEGER_OP macro The GEN_NEON_INTEGER_OP macro is no longer used; remove it. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- target/arm/translate.c | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index 4c9bb8b5ac..c8296116d4 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -3034,29 +3034,6 @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1) default: return 1; \ }} while (0) -#define GEN_NEON_INTEGER_OP(name) do { \ - switch ((size << 1) | u) { \ - case 0: \ - gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \ - break; \ - case 1: \ - gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \ - break; \ - case 2: \ - gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \ - break; \ - case 3: \ - gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \ - break; \ - case 4: \ - gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \ - break; \ - case 5: \ - gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \ - break; \ - default: return 1; \ - }} while (0) - static TCGv_i32 neon_load_scratch(int scratch) { TCGv_i32 tmp = tcg_temp_new_i32(); From 37f95959c730ff29f58c85b7a98f0b825933bee1 Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:28 -0700 Subject: [PATCH 12/29] hw: Move i.MX watchdog driver to hw/watchdog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In preparation for a full implementation, move i.MX watchdog driver from hw/misc to hw/watchdog. While at it, add the watchdog files to MAINTAINERS. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-2-linux@roeck-us.net Signed-off-by: Peter Maydell --- MAINTAINERS | 2 ++ hw/arm/Kconfig | 3 +++ hw/misc/Makefile.objs | 1 - hw/watchdog/Kconfig | 3 +++ hw/watchdog/Makefile.objs | 1 + hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} | 2 +- include/hw/arm/fsl-imx6.h | 2 +- include/hw/arm/fsl-imx6ul.h | 2 +- include/hw/arm/fsl-imx7.h | 2 +- include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} | 0 10 files changed, 13 insertions(+), 5 deletions(-) rename hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} (98%) rename include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} (100%) diff --git a/MAINTAINERS b/MAINTAINERS index 023f48d3ea..3690f313c3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -633,8 +633,10 @@ S: Odd Fixes F: hw/arm/fsl-imx25.c F: hw/arm/imx25_pdk.c F: hw/misc/imx25_ccm.c +F: hw/watchdog/wdt_imx2.c F: include/hw/arm/fsl-imx25.h F: include/hw/misc/imx25_ccm.h +F: include/hw/watchdog/wdt_imx2.h i.MX31 (kzm) M: Peter Chubb diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index 5364172537..3d05dc8538 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -375,6 +375,7 @@ config FSL_IMX6 select IMX_FEC select IMX_I2C select IMX_USBPHY + select WDT_IMX2 select SDHCI config ASPEED_SOC @@ -412,6 +413,7 @@ config FSL_IMX7 select IMX select IMX_FEC select IMX_I2C + select WDT_IMX2 select PCI_EXPRESS_DESIGNWARE select SDHCI select UNIMP @@ -425,6 +427,7 @@ config FSL_IMX6UL select IMX select IMX_FEC select IMX_I2C + select WDT_IMX2 select SDHCI select UNIMP diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs index 68aae2eabb..b25181b711 100644 --- a/hw/misc/Makefile.objs +++ b/hw/misc/Makefile.objs @@ -44,7 +44,6 @@ common-obj-$(CONFIG_IMX) += imx6_ccm.o common-obj-$(CONFIG_IMX) += imx6ul_ccm.o obj-$(CONFIG_IMX) += imx6_src.o common-obj-$(CONFIG_IMX) += imx7_ccm.o -common-obj-$(CONFIG_IMX) += imx2_wdt.o common-obj-$(CONFIG_IMX) += imx7_snvs.o common-obj-$(CONFIG_IMX) += imx7_gpr.o common-obj-$(CONFIG_IMX) += imx_rngc.o diff --git a/hw/watchdog/Kconfig b/hw/watchdog/Kconfig index 2118d897c9..293209b291 100644 --- a/hw/watchdog/Kconfig +++ b/hw/watchdog/Kconfig @@ -14,3 +14,6 @@ config WDT_IB700 config WDT_DIAG288 bool + +config WDT_IMX2 + bool diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs index 3f536d1cad..631b711d86 100644 --- a/hw/watchdog/Makefile.objs +++ b/hw/watchdog/Makefile.objs @@ -4,3 +4,4 @@ common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o common-obj-$(CONFIG_ASPEED_SOC) += wdt_aspeed.o +common-obj-$(CONFIG_WDT_IMX2) += wdt_imx2.o diff --git a/hw/misc/imx2_wdt.c b/hw/watchdog/wdt_imx2.c similarity index 98% rename from hw/misc/imx2_wdt.c rename to hw/watchdog/wdt_imx2.c index 2aedfe803a..ad1ef02e9e 100644 --- a/hw/misc/imx2_wdt.c +++ b/hw/watchdog/wdt_imx2.c @@ -14,7 +14,7 @@ #include "qemu/module.h" #include "sysemu/watchdog.h" -#include "hw/misc/imx2_wdt.h" +#include "hw/watchdog/wdt_imx2.h" #define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */ #define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */ diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h index 973bcb72f7..1ebd751324 100644 --- a/include/hw/arm/fsl-imx6.h +++ b/include/hw/arm/fsl-imx6.h @@ -21,7 +21,7 @@ #include "hw/cpu/a9mpcore.h" #include "hw/misc/imx6_ccm.h" #include "hw/misc/imx6_src.h" -#include "hw/misc/imx2_wdt.h" +#include "hw/watchdog/wdt_imx2.h" #include "hw/char/imx_serial.h" #include "hw/timer/imx_gpt.h" #include "hw/timer/imx_epit.h" diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h index 1a0bab8daa..37c89cc5f9 100644 --- a/include/hw/arm/fsl-imx6ul.h +++ b/include/hw/arm/fsl-imx6ul.h @@ -24,7 +24,7 @@ #include "hw/misc/imx7_snvs.h" #include "hw/misc/imx7_gpr.h" #include "hw/intc/imx_gpcv2.h" -#include "hw/misc/imx2_wdt.h" +#include "hw/watchdog/wdt_imx2.h" #include "hw/gpio/imx_gpio.h" #include "hw/char/imx_serial.h" #include "hw/timer/imx_gpt.h" diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h index 706aef2e7e..3a0041c4c2 100644 --- a/include/hw/arm/fsl-imx7.h +++ b/include/hw/arm/fsl-imx7.h @@ -26,7 +26,7 @@ #include "hw/misc/imx7_snvs.h" #include "hw/misc/imx7_gpr.h" #include "hw/misc/imx6_src.h" -#include "hw/misc/imx2_wdt.h" +#include "hw/watchdog/wdt_imx2.h" #include "hw/gpio/imx_gpio.h" #include "hw/char/imx_serial.h" #include "hw/timer/imx_gpt.h" diff --git a/include/hw/misc/imx2_wdt.h b/include/hw/watchdog/wdt_imx2.h similarity index 100% rename from include/hw/misc/imx2_wdt.h rename to include/hw/watchdog/wdt_imx2.h From daca13d495a11945c22d2aa68ad28dc5c8180911 Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:29 -0700 Subject: [PATCH 13/29] hw/watchdog: Implement full i.MX watchdog support Implement full support for the watchdog in i.MX systems. Pretimeout support is optional because the watchdog hardware on i.MX31 does not support pretimeouts. Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-3-linux@roeck-us.net Signed-off-by: Peter Maydell [PMM: added Property array terminator entry] Reviewed-by: Peter Maydell --- hw/watchdog/wdt_imx2.c | 240 +++++++++++++++++++++++++++++++-- include/hw/watchdog/wdt_imx2.h | 61 ++++++++- 2 files changed, 286 insertions(+), 15 deletions(-) diff --git a/hw/watchdog/wdt_imx2.c b/hw/watchdog/wdt_imx2.c index ad1ef02e9e..a5fb76308f 100644 --- a/hw/watchdog/wdt_imx2.c +++ b/hw/watchdog/wdt_imx2.c @@ -13,24 +13,189 @@ #include "qemu/bitops.h" #include "qemu/module.h" #include "sysemu/watchdog.h" +#include "migration/vmstate.h" +#include "hw/qdev-properties.h" #include "hw/watchdog/wdt_imx2.h" -#define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */ -#define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */ - -static uint64_t imx2_wdt_read(void *opaque, hwaddr addr, - unsigned int size) +static void imx2_wdt_interrupt(void *opaque) { + IMX2WdtState *s = IMX2_WDT(opaque); + + s->wicr |= IMX2_WDT_WICR_WTIS; + qemu_set_irq(s->irq, 1); +} + +static void imx2_wdt_expired(void *opaque) +{ + IMX2WdtState *s = IMX2_WDT(opaque); + + s->wrsr = IMX2_WDT_WRSR_TOUT; + + /* Perform watchdog action if watchdog is enabled */ + if (s->wcr & IMX2_WDT_WCR_WDE) { + s->wrsr = IMX2_WDT_WRSR_TOUT; + watchdog_perform_action(); + } +} + +static void imx2_wdt_reset(DeviceState *dev) +{ + IMX2WdtState *s = IMX2_WDT(dev); + + ptimer_transaction_begin(s->timer); + ptimer_stop(s->timer); + ptimer_transaction_commit(s->timer); + + if (s->pretimeout_support) { + ptimer_transaction_begin(s->itimer); + ptimer_stop(s->itimer); + ptimer_transaction_commit(s->itimer); + } + + s->wicr_locked = false; + s->wcr_locked = false; + s->wcr_wde_locked = false; + + s->wcr = IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS; + s->wsr = 0; + s->wrsr &= ~(IMX2_WDT_WRSR_TOUT | IMX2_WDT_WRSR_SFTW); + s->wicr = IMX2_WDT_WICR_WICT_DEF; + s->wmcr = IMX2_WDT_WMCR_PDE; +} + +static uint64_t imx2_wdt_read(void *opaque, hwaddr addr, unsigned int size) +{ + IMX2WdtState *s = IMX2_WDT(opaque); + + switch (addr) { + case IMX2_WDT_WCR: + return s->wcr; + case IMX2_WDT_WSR: + return s->wsr; + case IMX2_WDT_WRSR: + return s->wrsr; + case IMX2_WDT_WICR: + return s->wicr; + case IMX2_WDT_WMCR: + return s->wmcr; + } return 0; } +static void imx_wdt2_update_itimer(IMX2WdtState *s, bool start) +{ + bool running = (s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT); + bool enabled = s->wicr & IMX2_WDT_WICR_WIE; + + ptimer_transaction_begin(s->itimer); + if (start || !enabled) { + ptimer_stop(s->itimer); + } + if (running && enabled) { + int count = ptimer_get_count(s->timer); + int pretimeout = s->wicr & IMX2_WDT_WICR_WICT; + + /* + * Only (re-)start pretimeout timer if its counter value is larger + * than 0. Otherwise it will fire right away and we'll get an + * interrupt loop. + */ + if (count > pretimeout) { + ptimer_set_count(s->itimer, count - pretimeout); + if (start) { + ptimer_run(s->itimer, 1); + } + } + } + ptimer_transaction_commit(s->itimer); +} + +static void imx_wdt2_update_timer(IMX2WdtState *s, bool start) +{ + ptimer_transaction_begin(s->timer); + if (start) { + ptimer_stop(s->timer); + } + if ((s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT)) { + int count = (s->wcr & IMX2_WDT_WCR_WT) >> 8; + + /* A value of 0 reflects one period (0.5s). */ + ptimer_set_count(s->timer, count + 1); + if (start) { + ptimer_run(s->timer, 1); + } + } + ptimer_transaction_commit(s->timer); + if (s->pretimeout_support) { + imx_wdt2_update_itimer(s, start); + } +} + static void imx2_wdt_write(void *opaque, hwaddr addr, uint64_t value, unsigned int size) { - if (addr == IMX2_WDT_WCR && - (~value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS))) { - watchdog_perform_action(); + IMX2WdtState *s = IMX2_WDT(opaque); + + switch (addr) { + case IMX2_WDT_WCR: + if (s->wcr_locked) { + value &= ~IMX2_WDT_WCR_LOCK_MASK; + value |= (s->wicr & IMX2_WDT_WCR_LOCK_MASK); + } + s->wcr_locked = true; + if (s->wcr_wde_locked) { + value &= ~IMX2_WDT_WCR_WDE; + value |= (s->wicr & ~IMX2_WDT_WCR_WDE); + } else if (value & IMX2_WDT_WCR_WDE) { + s->wcr_wde_locked = true; + } + if (s->wcr_wdt_locked) { + value &= ~IMX2_WDT_WCR_WDT; + value |= (s->wicr & ~IMX2_WDT_WCR_WDT); + } else if (value & IMX2_WDT_WCR_WDT) { + s->wcr_wdt_locked = true; + } + + s->wcr = value; + if (!(value & IMX2_WDT_WCR_SRS)) { + s->wrsr = IMX2_WDT_WRSR_SFTW; + } + if (!(value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS)) || + (!(value & IMX2_WDT_WCR_WT) && (value & IMX2_WDT_WCR_WDE))) { + watchdog_perform_action(); + } + s->wcr |= IMX2_WDT_WCR_SRS; + imx_wdt2_update_timer(s, true); + break; + case IMX2_WDT_WSR: + if (s->wsr == IMX2_WDT_SEQ1 && value == IMX2_WDT_SEQ2) { + imx_wdt2_update_timer(s, false); + } + s->wsr = value; + break; + case IMX2_WDT_WRSR: + break; + case IMX2_WDT_WICR: + if (!s->pretimeout_support) { + return; + } + value &= IMX2_WDT_WICR_LOCK_MASK | IMX2_WDT_WICR_WTIS; + if (s->wicr_locked) { + value &= IMX2_WDT_WICR_WTIS; + value |= (s->wicr & IMX2_WDT_WICR_LOCK_MASK); + } + s->wicr = value | (s->wicr & IMX2_WDT_WICR_WTIS); + if (value & IMX2_WDT_WICR_WTIS) { + s->wicr &= ~IMX2_WDT_WICR_WTIS; + qemu_set_irq(s->irq, 0); + } + imx_wdt2_update_itimer(s, true); + s->wicr_locked = true; + break; + case IMX2_WDT_WMCR: + s->wmcr = value & IMX2_WDT_WMCR_PDE; + break; } } @@ -45,28 +210,77 @@ static const MemoryRegionOps imx2_wdt_ops = { * real device but in practice there is no reason for a guest * to access this device unaligned. */ - .min_access_size = 4, - .max_access_size = 4, + .min_access_size = 2, + .max_access_size = 2, .unaligned = false, }, }; +static const VMStateDescription vmstate_imx2_wdt = { + .name = "imx2.wdt", + .fields = (VMStateField[]) { + VMSTATE_PTIMER(timer, IMX2WdtState), + VMSTATE_PTIMER(itimer, IMX2WdtState), + VMSTATE_BOOL(wicr_locked, IMX2WdtState), + VMSTATE_BOOL(wcr_locked, IMX2WdtState), + VMSTATE_BOOL(wcr_wde_locked, IMX2WdtState), + VMSTATE_BOOL(wcr_wdt_locked, IMX2WdtState), + VMSTATE_UINT16(wcr, IMX2WdtState), + VMSTATE_UINT16(wsr, IMX2WdtState), + VMSTATE_UINT16(wrsr, IMX2WdtState), + VMSTATE_UINT16(wmcr, IMX2WdtState), + VMSTATE_UINT16(wicr, IMX2WdtState), + VMSTATE_END_OF_LIST() + } +}; + static void imx2_wdt_realize(DeviceState *dev, Error **errp) { IMX2WdtState *s = IMX2_WDT(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); memory_region_init_io(&s->mmio, OBJECT(dev), &imx2_wdt_ops, s, - TYPE_IMX2_WDT".mmio", - IMX2_WDT_REG_NUM * sizeof(uint16_t)); - sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mmio); + TYPE_IMX2_WDT, + IMX2_WDT_MMIO_SIZE); + sysbus_init_mmio(sbd, &s->mmio); + sysbus_init_irq(sbd, &s->irq); + + s->timer = ptimer_init(imx2_wdt_expired, s, + PTIMER_POLICY_NO_IMMEDIATE_TRIGGER | + PTIMER_POLICY_NO_IMMEDIATE_RELOAD | + PTIMER_POLICY_NO_COUNTER_ROUND_DOWN); + ptimer_transaction_begin(s->timer); + ptimer_set_freq(s->timer, 2); + ptimer_set_limit(s->timer, 0xff, 1); + ptimer_transaction_commit(s->timer); + if (s->pretimeout_support) { + s->itimer = ptimer_init(imx2_wdt_interrupt, s, + PTIMER_POLICY_NO_IMMEDIATE_TRIGGER | + PTIMER_POLICY_NO_IMMEDIATE_RELOAD | + PTIMER_POLICY_NO_COUNTER_ROUND_DOWN); + ptimer_transaction_begin(s->itimer); + ptimer_set_freq(s->itimer, 2); + ptimer_set_limit(s->itimer, 0xff, 1); + ptimer_transaction_commit(s->itimer); + } } +static Property imx2_wdt_properties[] = { + DEFINE_PROP_BOOL("pretimeout-support", IMX2WdtState, pretimeout_support, + false), + DEFINE_PROP_END_OF_LIST() +}; + static void imx2_wdt_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); + device_class_set_props(dc, imx2_wdt_properties); dc->realize = imx2_wdt_realize; + dc->reset = imx2_wdt_reset; + dc->vmsd = &vmstate_imx2_wdt; + dc->desc = "i.MX watchdog timer"; set_bit(DEVICE_CATEGORY_MISC, dc->categories); } diff --git a/include/hw/watchdog/wdt_imx2.h b/include/hw/watchdog/wdt_imx2.h index b91b002528..f9af6be4b6 100644 --- a/include/hw/watchdog/wdt_imx2.h +++ b/include/hw/watchdog/wdt_imx2.h @@ -12,22 +12,79 @@ #ifndef IMX2_WDT_H #define IMX2_WDT_H +#include "qemu/bitops.h" #include "hw/sysbus.h" +#include "hw/irq.h" +#include "hw/ptimer.h" #define TYPE_IMX2_WDT "imx2.wdt" #define IMX2_WDT(obj) OBJECT_CHECK(IMX2WdtState, (obj), TYPE_IMX2_WDT) enum IMX2WdtRegisters { - IMX2_WDT_WCR = 0x0000, - IMX2_WDT_REG_NUM = 0x0008 / sizeof(uint16_t) + 1, + IMX2_WDT_WCR = 0x0000, /* Control Register */ + IMX2_WDT_WSR = 0x0002, /* Service Register */ + IMX2_WDT_WRSR = 0x0004, /* Reset Status Register */ + IMX2_WDT_WICR = 0x0006, /* Interrupt Control Register */ + IMX2_WDT_WMCR = 0x0008, /* Misc Register */ }; +#define IMX2_WDT_MMIO_SIZE 0x000a + +/* Control Register definitions */ +#define IMX2_WDT_WCR_WT (0xFF << 8) /* Watchdog Timeout Field */ +#define IMX2_WDT_WCR_WDW BIT(7) /* WDOG Disable for Wait */ +#define IMX2_WDT_WCR_WDA BIT(5) /* WDOG Assertion */ +#define IMX2_WDT_WCR_SRS BIT(4) /* Software Reset Signal */ +#define IMX2_WDT_WCR_WDT BIT(3) /* WDOG Timeout Assertion */ +#define IMX2_WDT_WCR_WDE BIT(2) /* Watchdog Enable */ +#define IMX2_WDT_WCR_WDBG BIT(1) /* Watchdog Debug Enable */ +#define IMX2_WDT_WCR_WDZST BIT(0) /* Watchdog Timer Suspend */ + +#define IMX2_WDT_WCR_LOCK_MASK (IMX2_WDT_WCR_WDZST | IMX2_WDT_WCR_WDBG \ + | IMX2_WDT_WCR_WDW) + +/* Service Register definitions */ +#define IMX2_WDT_SEQ1 0x5555 /* service sequence 1 */ +#define IMX2_WDT_SEQ2 0xAAAA /* service sequence 2 */ + +/* Reset Status Register definitions */ +#define IMX2_WDT_WRSR_TOUT BIT(1) /* Reset due to Timeout */ +#define IMX2_WDT_WRSR_SFTW BIT(0) /* Reset due to software reset */ + +/* Interrupt Control Register definitions */ +#define IMX2_WDT_WICR_WIE BIT(15) /* Interrupt Enable */ +#define IMX2_WDT_WICR_WTIS BIT(14) /* Interrupt Status */ +#define IMX2_WDT_WICR_WICT 0xff /* Interrupt Timeout */ +#define IMX2_WDT_WICR_WICT_DEF 0x04 /* Default interrupt timeout (2s) */ + +#define IMX2_WDT_WICR_LOCK_MASK (IMX2_WDT_WICR_WIE | IMX2_WDT_WICR_WICT) + +/* Misc Control Register definitions */ +#define IMX2_WDT_WMCR_PDE BIT(0) /* Power-Down Enable */ typedef struct IMX2WdtState { /* */ SysBusDevice parent_obj; + /*< public >*/ MemoryRegion mmio; + qemu_irq irq; + + struct ptimer_state *timer; + struct ptimer_state *itimer; + + bool pretimeout_support; + bool wicr_locked; + + uint16_t wcr; + uint16_t wsr; + uint16_t wrsr; + uint16_t wicr; + uint16_t wmcr; + + bool wcr_locked; /* affects WDZST, WDBG, and WDW */ + bool wcr_wde_locked; /* affects WDE */ + bool wcr_wdt_locked; /* affects WDT (never cleared) */ } IMX2WdtState; #endif /* IMX2_WDT_H */ From 4f0aff00f964721f8a5917240abbf23d9918069b Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:30 -0700 Subject: [PATCH 14/29] hw/arm/fsl-imx25: Wire up watchdog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this commit, the watchdog on imx25-pdk is fully operational, including pretimeout support. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-4-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/Kconfig | 1 + hw/arm/fsl-imx25.c | 10 ++++++++++ include/hw/arm/fsl-imx25.h | 5 +++++ 3 files changed, 16 insertions(+) diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index 3d05dc8538..8a5eb140f5 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -359,6 +359,7 @@ config FSL_IMX25 select IMX select IMX_FEC select IMX_I2C + select WDT_IMX2 select DS1338 config FSL_IMX31 diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c index 6f1a82ce3d..cdaa79c26b 100644 --- a/hw/arm/fsl-imx25.c +++ b/hw/arm/fsl-imx25.c @@ -87,6 +87,7 @@ static void fsl_imx25_init(Object *obj) TYPE_CHIPIDEA); } + sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT); } static void fsl_imx25_realize(DeviceState *dev, Error **errp) @@ -302,6 +303,15 @@ static void fsl_imx25_realize(DeviceState *dev, Error **errp) usb_table[i].irq)); } + /* Watchdog */ + object_property_set_bool(OBJECT(&s->wdt), true, "pretimeout-support", + &error_abort); + object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort); + sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX25_WDT_ADDR); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt), 0, + qdev_get_gpio_in(DEVICE(&s->avic), + FSL_IMX25_WDT_IRQ)); + /* initialize 2 x 16 KB ROM */ memory_region_init_rom(&s->rom[0], OBJECT(dev), "imx25.rom0", FSL_IMX25_ROM0_SIZE, &err); diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h index 5e196bbf05..9e228dacea 100644 --- a/include/hw/arm/fsl-imx25.h +++ b/include/hw/arm/fsl-imx25.h @@ -29,6 +29,7 @@ #include "hw/gpio/imx_gpio.h" #include "hw/sd/sdhci.h" #include "hw/usb/chipidea.h" +#include "hw/watchdog/wdt_imx2.h" #include "exec/memory.h" #include "target/arm/cpu.h" @@ -60,6 +61,7 @@ typedef struct FslIMX25State { IMXGPIOState gpio[FSL_IMX25_NUM_GPIOS]; SDHCIState esdhc[FSL_IMX25_NUM_ESDHCS]; ChipideaState usb[FSL_IMX25_NUM_USBS]; + IMX2WdtState wdt; MemoryRegion rom[2]; MemoryRegion iram; MemoryRegion iram_alias; @@ -229,6 +231,8 @@ typedef struct FslIMX25State { #define FSL_IMX25_GPIO1_SIZE 0x4000 #define FSL_IMX25_GPIO2_ADDR 0x53FD0000 #define FSL_IMX25_GPIO2_SIZE 0x4000 +#define FSL_IMX25_WDT_ADDR 0x53FDC000 +#define FSL_IMX25_WDT_SIZE 0x4000 #define FSL_IMX25_USB1_ADDR 0x53FF4000 #define FSL_IMX25_USB1_SIZE 0x0200 #define FSL_IMX25_USB2_ADDR 0x53FF4400 @@ -268,5 +272,6 @@ typedef struct FslIMX25State { #define FSL_IMX25_ESDHC2_IRQ 8 #define FSL_IMX25_USB1_IRQ 37 #define FSL_IMX25_USB2_IRQ 35 +#define FSL_IMX25_WDT_IRQ 55 #endif /* FSL_IMX25_H */ From b9e521dda3e6f8246d9ca3285ca372462e94c6d1 Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:31 -0700 Subject: [PATCH 15/29] hw/arm/fsl-imx31: Wire up watchdog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch, the watchdog on i.MX31 emulations is fully operational. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-5-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/Kconfig | 1 + hw/arm/fsl-imx31.c | 6 ++++++ include/hw/arm/fsl-imx31.h | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index 8a5eb140f5..9afa6eee79 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -367,6 +367,7 @@ config FSL_IMX31 select SERIAL select IMX select IMX_I2C + select WDT_IMX2 select LAN9118 config FSL_IMX6 diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c index 8472d2e911..1e7959863d 100644 --- a/hw/arm/fsl-imx31.c +++ b/hw/arm/fsl-imx31.c @@ -63,6 +63,8 @@ static void fsl_imx31_init(Object *obj) sysbus_init_child_obj(obj, "gpio[*]", &s->gpio[i], sizeof(s->gpio[i]), TYPE_IMX_GPIO); } + + sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT); } static void fsl_imx31_realize(DeviceState *dev, Error **errp) @@ -205,6 +207,10 @@ static void fsl_imx31_realize(DeviceState *dev, Error **errp) gpio_table[i].irq)); } + /* Watchdog */ + object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort); + sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX31_WDT_ADDR); + /* On a real system, the first 16k is a `secure boot rom' */ memory_region_init_rom(&s->secure_rom, OBJECT(dev), "imx31.secure_rom", FSL_IMX31_SECURE_ROM_SIZE, &err); diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h index ac5ca9826a..dd8561b309 100644 --- a/include/hw/arm/fsl-imx31.h +++ b/include/hw/arm/fsl-imx31.h @@ -25,6 +25,7 @@ #include "hw/timer/imx_epit.h" #include "hw/i2c/imx_i2c.h" #include "hw/gpio/imx_gpio.h" +#include "hw/watchdog/wdt_imx2.h" #include "exec/memory.h" #include "target/arm/cpu.h" @@ -49,6 +50,7 @@ typedef struct FslIMX31State { IMXEPITState epit[FSL_IMX31_NUM_EPITS]; IMXI2CState i2c[FSL_IMX31_NUM_I2CS]; IMXGPIOState gpio[FSL_IMX31_NUM_GPIOS]; + IMX2WdtState wdt; MemoryRegion secure_rom; MemoryRegion rom; MemoryRegion iram; @@ -87,6 +89,8 @@ typedef struct FslIMX31State { #define FSL_IMX31_GPIO1_SIZE 0x4000 #define FSL_IMX31_GPIO2_ADDR 0x53FD0000 #define FSL_IMX31_GPIO2_SIZE 0x4000 +#define FSL_IMX31_WDT_ADDR 0x53FDC000 +#define FSL_IMX31_WDT_SIZE 0x4000 #define FSL_IMX31_AVIC_ADDR 0x68000000 #define FSL_IMX31_AVIC_SIZE 0x100 #define FSL_IMX31_SDRAM0_ADDR 0x80000000 From bd8045a7044acd78ea5102404a9c16403933ce01 Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:32 -0700 Subject: [PATCH 16/29] hw/arm/fsl-imx6: Connect watchdog interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch applied, the watchdog in the sabrelite emulation is fully operational, including pretimeout support. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-6-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/fsl-imx6.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c index 13f1bf23a6..f58c85aa8c 100644 --- a/hw/arm/fsl-imx6.c +++ b/hw/arm/fsl-imx6.c @@ -433,11 +433,20 @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp) FSL_IMX6_WDOG1_ADDR, FSL_IMX6_WDOG2_ADDR, }; + static const int FSL_IMX6_WDOGn_IRQ[FSL_IMX6_NUM_WDTS] = { + FSL_IMX6_WDOG1_IRQ, + FSL_IMX6_WDOG2_IRQ, + }; + object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support", + &error_abort); object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &error_abort); sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX6_WDOGn_ADDR[i]); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0, + qdev_get_gpio_in(DEVICE(&s->a9mpcore), + FSL_IMX6_WDOGn_IRQ[i])); } /* ROM memory */ From 5671e960e2d8ea83405fe408b6b613f20985f87e Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:33 -0700 Subject: [PATCH 17/29] hw/arm/fsl-imx6ul: Connect watchdog interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this commit, the watchdog on mcimx6ul-evk is fully operational, including pretimeout support. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-7-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/fsl-imx6ul.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c index 56dfd7cecc..3ecb212da6 100644 --- a/hw/arm/fsl-imx6ul.c +++ b/hw/arm/fsl-imx6ul.c @@ -531,12 +531,22 @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp) FSL_IMX6UL_WDOG2_ADDR, FSL_IMX6UL_WDOG3_ADDR, }; + static const int FSL_IMX6UL_WDOGn_IRQ[FSL_IMX6UL_NUM_WDTS] = { + FSL_IMX6UL_WDOG1_IRQ, + FSL_IMX6UL_WDOG2_IRQ, + FSL_IMX6UL_WDOG3_IRQ, + }; + object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support", + &error_abort); object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &error_abort); sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX6UL_WDOGn_ADDR[i]); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0, + qdev_get_gpio_in(DEVICE(&s->a7mpcore), + FSL_IMX6UL_WDOGn_IRQ[i])); } /* From 72465e1ebaa6c850dbc099c6bb301d548bfea92b Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:34 -0700 Subject: [PATCH 18/29] hw/arm/fsl-imx7: Instantiate various unimplemented devices Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid crashes when booting mainline Linux. Reviewed-by: Peter Maydell Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-8-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/fsl-imx7.c | 24 ++++++++++++++++++++++++ include/hw/arm/fsl-imx7.h | 16 ++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c index 119b281a50..d6cf7c48ce 100644 --- a/hw/arm/fsl-imx7.c +++ b/hw/arm/fsl-imx7.c @@ -459,6 +459,30 @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp) */ create_unimplemented_device("sdma", FSL_IMX7_SDMA_ADDR, FSL_IMX7_SDMA_SIZE); + /* + * CAAM + */ + create_unimplemented_device("caam", FSL_IMX7_CAAM_ADDR, FSL_IMX7_CAAM_SIZE); + + /* + * PWM + */ + create_unimplemented_device("pwm1", FSL_IMX7_PWM1_ADDR, FSL_IMX7_PWMn_SIZE); + create_unimplemented_device("pwm2", FSL_IMX7_PWM2_ADDR, FSL_IMX7_PWMn_SIZE); + create_unimplemented_device("pwm3", FSL_IMX7_PWM3_ADDR, FSL_IMX7_PWMn_SIZE); + create_unimplemented_device("pwm4", FSL_IMX7_PWM4_ADDR, FSL_IMX7_PWMn_SIZE); + + /* + * CAN + */ + create_unimplemented_device("can1", FSL_IMX7_CAN1_ADDR, FSL_IMX7_CANn_SIZE); + create_unimplemented_device("can2", FSL_IMX7_CAN2_ADDR, FSL_IMX7_CANn_SIZE); + + /* + * OCOTP + */ + create_unimplemented_device("ocotp", FSL_IMX7_OCOTP_ADDR, + FSL_IMX7_OCOTP_SIZE); object_property_set_bool(OBJECT(&s->gpr), true, "realized", &error_abort); diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h index 3a0041c4c2..47826da2b7 100644 --- a/include/hw/arm/fsl-imx7.h +++ b/include/hw/arm/fsl-imx7.h @@ -113,6 +113,9 @@ enum FslIMX7MemoryMap { FSL_IMX7_IOMUXC_GPR_ADDR = 0x30340000, FSL_IMX7_IOMUXCn_SIZE = 0x1000, + FSL_IMX7_OCOTP_ADDR = 0x30350000, + FSL_IMX7_OCOTP_SIZE = 0x10000, + FSL_IMX7_ANALOG_ADDR = 0x30360000, FSL_IMX7_SNVS_ADDR = 0x30370000, FSL_IMX7_CCM_ADDR = 0x30380000, @@ -124,11 +127,24 @@ enum FslIMX7MemoryMap { FSL_IMX7_ADC2_ADDR = 0x30620000, FSL_IMX7_ADCn_SIZE = 0x1000, + FSL_IMX7_PWM1_ADDR = 0x30660000, + FSL_IMX7_PWM2_ADDR = 0x30670000, + FSL_IMX7_PWM3_ADDR = 0x30680000, + FSL_IMX7_PWM4_ADDR = 0x30690000, + FSL_IMX7_PWMn_SIZE = 0x10000, + FSL_IMX7_PCIE_PHY_ADDR = 0x306D0000, FSL_IMX7_PCIE_PHY_SIZE = 0x10000, FSL_IMX7_GPC_ADDR = 0x303A0000, + FSL_IMX7_CAAM_ADDR = 0x30900000, + FSL_IMX7_CAAM_SIZE = 0x40000, + + FSL_IMX7_CAN1_ADDR = 0x30A00000, + FSL_IMX7_CAN2_ADDR = 0x30A10000, + FSL_IMX7_CANn_SIZE = 0x10000, + FSL_IMX7_I2C1_ADDR = 0x30A20000, FSL_IMX7_I2C2_ADDR = 0x30A30000, FSL_IMX7_I2C3_ADDR = 0x30A40000, From c4947e64efcd8abeb6fde4bcd983f7f022c0e9f5 Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sun, 17 May 2020 09:21:35 -0700 Subject: [PATCH 19/29] hw/arm/fsl-imx7: Connect watchdog interrupts i.MX7 supports watchdog pretimeout interupts. With this commit, the watchdog in mcimx7d-sabre is fully operational, including pretimeout support. Reviewed-by: Peter Maydell Signed-off-by: Guenter Roeck Message-id: 20200517162135.110364-9-linux@roeck-us.net Signed-off-by: Peter Maydell --- hw/arm/fsl-imx7.c | 11 +++++++++++ include/hw/arm/fsl-imx7.h | 5 +++++ 2 files changed, 16 insertions(+) diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c index d6cf7c48ce..89c3b64c06 100644 --- a/hw/arm/fsl-imx7.c +++ b/hw/arm/fsl-imx7.c @@ -447,11 +447,22 @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp) FSL_IMX7_WDOG3_ADDR, FSL_IMX7_WDOG4_ADDR, }; + static const int FSL_IMX7_WDOGn_IRQ[FSL_IMX7_NUM_WDTS] = { + FSL_IMX7_WDOG1_IRQ, + FSL_IMX7_WDOG2_IRQ, + FSL_IMX7_WDOG3_IRQ, + FSL_IMX7_WDOG4_IRQ, + }; + object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support", + &error_abort); object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &error_abort); sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX7_WDOGn_ADDR[i]); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0, + qdev_get_gpio_in(DEVICE(&s->a7mpcore), + FSL_IMX7_WDOGn_IRQ[i])); } /* diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h index 47826da2b7..da977f9ffb 100644 --- a/include/hw/arm/fsl-imx7.h +++ b/include/hw/arm/fsl-imx7.h @@ -228,6 +228,11 @@ enum FslIMX7IRQs { FSL_IMX7_USB2_IRQ = 42, FSL_IMX7_USB3_IRQ = 40, + FSL_IMX7_WDOG1_IRQ = 78, + FSL_IMX7_WDOG2_IRQ = 79, + FSL_IMX7_WDOG3_IRQ = 10, + FSL_IMX7_WDOG4_IRQ = 109, + FSL_IMX7_PCI_INTA_IRQ = 125, FSL_IMX7_PCI_INTB_IRQ = 124, FSL_IMX7_PCI_INTC_IRQ = 123, From 9904625f1b54190bc6d9c098c2e0d969e67014cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 18 May 2020 16:03:06 +0200 Subject: [PATCH 20/29] hw/arm/integratorcp: Replace hw_error() by qemu_log_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw_error() calls exit(). This a bit overkill when we can log the accesses as unimplemented or guest error. When fuzzing the devices, we don't want the whole process to exit. Replace some hw_error() calls by qemu_log_mask(). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200518140309.5220-2-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/arm/integratorcp.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c index 6d69010d06..5fb54e5aa7 100644 --- a/hw/arm/integratorcp.c +++ b/hw/arm/integratorcp.c @@ -20,6 +20,7 @@ #include "exec/address-spaces.h" #include "sysemu/runstate.h" #include "sysemu/sysemu.h" +#include "qemu/log.h" #include "qemu/error-report.h" #include "hw/char/pl011.h" #include "hw/hw.h" @@ -144,8 +145,9 @@ static uint64_t integratorcm_read(void *opaque, hwaddr offset, /* ??? Voltage control unimplemented. */ return 0; default: - hw_error("integratorcm_read: Unimplemented offset 0x%x\n", - (int)offset); + qemu_log_mask(LOG_UNIMP, + "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n", + __func__, offset); return 0; } } @@ -252,8 +254,9 @@ static void integratorcm_write(void *opaque, hwaddr offset, /* ??? Voltage control unimplemented. */ break; default: - hw_error("integratorcm_write: Unimplemented offset 0x%x\n", - (int)offset); + qemu_log_mask(LOG_UNIMP, + "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n", + __func__, offset); break; } } @@ -394,7 +397,8 @@ static uint64_t icp_pic_read(void *opaque, hwaddr offset, case 5: /* INT_SOFTCLR */ case 11: /* FRQ_ENABLECLR */ default: - printf ("icp_pic_read: Bad register offset 0x%x\n", (int)offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); return 0; } } @@ -430,7 +434,8 @@ static void icp_pic_write(void *opaque, hwaddr offset, case 8: /* FRQ_STATUS */ case 9: /* FRQ_RAWSTAT */ default: - printf ("icp_pic_write: Bad register offset 0x%x\n", (int)offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); return; } icp_pic_update(s); @@ -504,7 +509,8 @@ static uint64_t icp_control_read(void *opaque, hwaddr offset, case 3: /* CP_DECODE */ return 0x11; default: - hw_error("icp_control_read: Bad offset %x\n", (int)offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); return 0; } } @@ -524,7 +530,8 @@ static void icp_control_write(void *opaque, hwaddr offset, /* Nothing interesting implemented yet. */ break; default: - hw_error("icp_control_write: Bad offset %x\n", (int)offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } } From 5a0001ec7e0a446b6da86da8ca03211aab0fcd08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 18 May 2020 16:03:07 +0200 Subject: [PATCH 21/29] hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw_error() calls exit(). This a bit overkill when we can log the accesses as unimplemented or guest error. When fuzzing the devices, we don't want the whole process to exit. Replace some hw_error() calls by qemu_log_mask(). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200518140309.5220-3-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/arm/pxa2xx_gpio.c | 7 ++++--- hw/display/pxa2xx_lcd.c | 8 +++++--- hw/dma/pxa2xx_dma.c | 14 +++++++++----- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c index f8df3cc227..a01db54a51 100644 --- a/hw/arm/pxa2xx_gpio.c +++ b/hw/arm/pxa2xx_gpio.c @@ -9,7 +9,6 @@ #include "qemu/osdep.h" #include "cpu.h" -#include "hw/hw.h" #include "hw/irq.h" #include "hw/qdev-properties.h" #include "hw/sysbus.h" @@ -199,7 +198,8 @@ static uint64_t pxa2xx_gpio_read(void *opaque, hwaddr offset, return s->status[bank]; default: - hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } return 0; @@ -252,7 +252,8 @@ static void pxa2xx_gpio_write(void *opaque, hwaddr offset, break; default: - hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } } diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c index 464e93161a..d5f2e82a4e 100644 --- a/hw/display/pxa2xx_lcd.c +++ b/hw/display/pxa2xx_lcd.c @@ -11,7 +11,7 @@ */ #include "qemu/osdep.h" -#include "hw/hw.h" +#include "qemu/log.h" #include "hw/irq.h" #include "migration/vmstate.h" #include "ui/console.h" @@ -407,7 +407,8 @@ static uint64_t pxa2xx_lcdc_read(void *opaque, hwaddr offset, default: fail: - hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } return 0; @@ -562,7 +563,8 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, default: fail: - hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } } diff --git a/hw/dma/pxa2xx_dma.c b/hw/dma/pxa2xx_dma.c index 88ed4b6ff1..8a2eeb32bc 100644 --- a/hw/dma/pxa2xx_dma.c +++ b/hw/dma/pxa2xx_dma.c @@ -9,6 +9,7 @@ */ #include "qemu/osdep.h" +#include "qemu/log.h" #include "hw/hw.h" #include "hw/irq.h" #include "hw/qdev-properties.h" @@ -268,7 +269,8 @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset, unsigned int channel; if (size != 4) { - hw_error("%s: Bad access width\n", __func__); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n", + __func__, size); return 5; } @@ -315,8 +317,8 @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset, return s->chan[channel].cmd; } } - - hw_error("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); return 7; } @@ -327,7 +329,8 @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset, unsigned int channel; if (size != 4) { - hw_error("%s: Bad access width\n", __func__); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n", + __func__, size); return; } @@ -420,7 +423,8 @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset, break; } fail: - hw_error("%s: Bad offset " TARGET_FMT_plx "\n", __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); } } From 492edf3e3038760aa6b7eb6a9bfdb648d4fa9b80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 18 May 2020 16:03:08 +0200 Subject: [PATCH 22/29] hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw_error() calls exit(). This a bit overkill when we can log the accesses as unimplemented or guest error. When fuzzing the devices, we don't want the whole process to exit. Replace some hw_error() calls by qemu_log_mask(). Reviewed-by: Edgar E. Iglesias Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200518140309.5220-4-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/char/xilinx_uartlite.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/char/xilinx_uartlite.c b/hw/char/xilinx_uartlite.c index c6512285d7..ae4ccd00c7 100644 --- a/hw/char/xilinx_uartlite.c +++ b/hw/char/xilinx_uartlite.c @@ -23,7 +23,7 @@ */ #include "qemu/osdep.h" -#include "hw/hw.h" +#include "qemu/log.h" #include "hw/irq.h" #include "hw/qdev-properties.h" #include "hw/sysbus.h" @@ -135,7 +135,8 @@ uart_write(void *opaque, hwaddr addr, switch (addr) { case R_STATUS: - hw_error("write to UART STATUS?\n"); + qemu_log_mask(LOG_GUEST_ERROR, "%s: write to UART STATUS\n", + __func__); break; case R_CTRL: From a50fe66846d1d02065265f1e54c2b0007f8cb609 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 18 May 2020 16:03:09 +0200 Subject: [PATCH 23/29] hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hw_error() calls exit(). This a bit overkill when we can log the accesses as unimplemented or guest error. When fuzzing the devices, we don't want the whole process to exit. Replace some hw_error() calls by qemu_log_mask(). Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00" Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4, the default value on the APB bus is 0. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200518140309.5220-5-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/timer/exynos4210_mct.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c index 570cf7075b..29a4b10676 100644 --- a/hw/timer/exynos4210_mct.c +++ b/hw/timer/exynos4210_mct.c @@ -54,7 +54,6 @@ #include "qemu/osdep.h" #include "qemu/log.h" -#include "hw/hw.h" #include "hw/sysbus.h" #include "migration/vmstate.h" #include "qemu/timer.h" @@ -62,7 +61,6 @@ #include "hw/ptimer.h" #include "hw/arm/exynos4210.h" -#include "hw/hw.h" #include "hw/irq.h" //#define DEBUG_MCT @@ -1062,7 +1060,7 @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset, int index; int shift; uint64_t count; - uint32_t value; + uint32_t value = 0; int lt_i; switch (offset) { @@ -1158,8 +1156,8 @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset, break; default: - hw_error("exynos4210.mct: bad read offset " - TARGET_FMT_plx "\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); break; } return value; @@ -1484,8 +1482,8 @@ static void exynos4210_mct_write(void *opaque, hwaddr offset, break; default: - hw_error("exynos4210.mct: bad write offset " - TARGET_FMT_plx "\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n", + __func__, offset); break; } } From faf58e53695be8eedc47b6232d581d37461d0f6e Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Tue, 19 May 2020 10:51:43 +0200 Subject: [PATCH 24/29] ARM: PL061: Introduce N_GPIOS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a definition for the number of GPIO lines controlled by a PL061 instance, and use it instead of the hardcoded magic value 8. Suggested-by: Philippe Mathieu-Daudé Signed-off-by: Geert Uytterhoeven Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200519085143.1376-1-geert+renesas@glider.be Signed-off-by: Peter Maydell --- hw/gpio/pl061.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c index 2a828260bd..6d3c36bc16 100644 --- a/hw/gpio/pl061.c +++ b/hw/gpio/pl061.c @@ -36,6 +36,8 @@ static const uint8_t pl061_id_luminary[12] = #define TYPE_PL061 "pl061" #define PL061(obj) OBJECT_CHECK(PL061State, (obj), TYPE_PL061) +#define N_GPIOS 8 + typedef struct PL061State { SysBusDevice parent_obj; @@ -62,7 +64,7 @@ typedef struct PL061State { uint32_t cr; uint32_t amsel; qemu_irq irq; - qemu_irq out[8]; + qemu_irq out[N_GPIOS]; const unsigned char *id; uint32_t rsvd_start; /* reserved area: [rsvd_start, 0xfcc] */ } PL061State; @@ -112,7 +114,7 @@ static void pl061_update(PL061State *s) changed = s->old_out_data ^ out; if (changed) { s->old_out_data = out; - for (i = 0; i < 8; i++) { + for (i = 0; i < N_GPIOS; i++) { mask = 1 << i; if (changed & mask) { DPRINTF("Set output %d = %d\n", i, (out & mask) != 0); @@ -125,7 +127,7 @@ static void pl061_update(PL061State *s) changed = (s->old_in_data ^ s->data) & ~s->dir; if (changed) { s->old_in_data = s->data; - for (i = 0; i < 8; i++) { + for (i = 0; i < N_GPIOS; i++) { mask = 1 << i; if (changed & mask) { DPRINTF("Changed input %d = %d\n", i, (s->data & mask) != 0); @@ -364,8 +366,8 @@ static void pl061_init(Object *obj) memory_region_init_io(&s->iomem, obj, &pl061_ops, s, "pl061", 0x1000); sysbus_init_mmio(sbd, &s->iomem); sysbus_init_irq(sbd, &s->irq); - qdev_init_gpio_in(dev, pl061_set_irq, 8); - qdev_init_gpio_out(dev, s->out, 8); + qdev_init_gpio_in(dev, pl061_set_irq, N_GPIOS); + qdev_init_gpio_out(dev, s->out, N_GPIOS); } static void pl061_class_init(ObjectClass *klass, void *data) From 5c27392dd08bd8534893abf25ef501f1bd8680fe Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 19 May 2020 14:24:52 -0700 Subject: [PATCH 25/29] target/arm: Use tcg_gen_gvec_mov for clear_vec_high MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 8-byte store for the end a !is_q operation can be merged with the other stores. Use a no-op vector move to trigger the expand_clr portion of tcg_gen_gvec_mov. Reviewed-by: Alex Bennée Signed-off-by: Richard Henderson Message-id: 20200519212453.28494-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 991e451644..4f6edb2892 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -496,14 +496,8 @@ static void clear_vec_high(DisasContext *s, bool is_q, int rd) unsigned ofs = fp_reg_offset(s, rd, MO_64); unsigned vsz = vec_full_reg_size(s); - if (!is_q) { - TCGv_i64 tcg_zero = tcg_const_i64(0); - tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8); - tcg_temp_free_i64(tcg_zero); - } - if (vsz > 16) { - tcg_gen_gvec_dup_imm(MO_64, ofs + 16, vsz - 16, vsz - 16, 0); - } + /* Nop move, with side effect of clearing the tail. */ + tcg_gen_gvec_mov(MO_64, ofs, ofs, is_q ? 16 : 8, vsz); } void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v) From e1f778596ebfa8782276f4dd4651f2b285d734ff Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 19 May 2020 14:24:53 -0700 Subject: [PATCH 26/29] target/arm: Use clear_vec_high more effectively MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not explicitly store zero to the NEON high part when we can pass !is_q to clear_vec_high. Reviewed-by: Alex Bennée Signed-off-by: Richard Henderson Message-id: 20200519212453.28494-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 53 +++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 4f6edb2892..874f3eb4f9 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -900,11 +900,10 @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size) { /* This always zero-extends and writes to a full 128 bit wide vector */ TCGv_i64 tmplo = tcg_temp_new_i64(); - TCGv_i64 tmphi; + TCGv_i64 tmphi = NULL; if (size < 4) { MemOp memop = s->be_data + size; - tmphi = tcg_const_i64(0); tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), memop); } else { bool be = s->be_data == MO_BE; @@ -922,12 +921,13 @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size) } tcg_gen_st_i64(tmplo, cpu_env, fp_reg_offset(s, destidx, MO_64)); - tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx)); - tcg_temp_free_i64(tmplo); - tcg_temp_free_i64(tmphi); - clear_vec_high(s, true, destidx); + if (tmphi) { + tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx)); + tcg_temp_free_i64(tmphi); + } + clear_vec_high(s, tmphi != NULL, destidx); } /* @@ -6934,7 +6934,6 @@ static void disas_simd_ext(DisasContext *s, uint32_t insn) read_vec_element(s, tcg_resh, rm, 0, MO_64); do_ext64(s, tcg_resh, tcg_resl, pos); } - tcg_gen_movi_i64(tcg_resh, 0); } else { TCGv_i64 tcg_hh; typedef struct { @@ -6964,9 +6963,11 @@ static void disas_simd_ext(DisasContext *s, uint32_t insn) write_vec_element(s, tcg_resl, rd, 0, MO_64); tcg_temp_free_i64(tcg_resl); - write_vec_element(s, tcg_resh, rd, 1, MO_64); + if (is_q) { + write_vec_element(s, tcg_resh, rd, 1, MO_64); + } tcg_temp_free_i64(tcg_resh); - clear_vec_high(s, true, rd); + clear_vec_high(s, is_q, rd); } /* TBL/TBX @@ -7003,17 +7004,21 @@ static void disas_simd_tb(DisasContext *s, uint32_t insn) * the input. */ tcg_resl = tcg_temp_new_i64(); - tcg_resh = tcg_temp_new_i64(); + tcg_resh = NULL; if (is_tblx) { read_vec_element(s, tcg_resl, rd, 0, MO_64); } else { tcg_gen_movi_i64(tcg_resl, 0); } - if (is_tblx && is_q) { - read_vec_element(s, tcg_resh, rd, 1, MO_64); - } else { - tcg_gen_movi_i64(tcg_resh, 0); + + if (is_q) { + tcg_resh = tcg_temp_new_i64(); + if (is_tblx) { + read_vec_element(s, tcg_resh, rd, 1, MO_64); + } else { + tcg_gen_movi_i64(tcg_resh, 0); + } } tcg_idx = tcg_temp_new_i64(); @@ -7033,9 +7038,12 @@ static void disas_simd_tb(DisasContext *s, uint32_t insn) write_vec_element(s, tcg_resl, rd, 0, MO_64); tcg_temp_free_i64(tcg_resl); - write_vec_element(s, tcg_resh, rd, 1, MO_64); - tcg_temp_free_i64(tcg_resh); - clear_vec_high(s, true, rd); + + if (is_q) { + write_vec_element(s, tcg_resh, rd, 1, MO_64); + tcg_temp_free_i64(tcg_resh); + } + clear_vec_high(s, is_q, rd); } /* ZIP/UZP/TRN @@ -7072,7 +7080,7 @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn) } tcg_resl = tcg_const_i64(0); - tcg_resh = tcg_const_i64(0); + tcg_resh = is_q ? tcg_const_i64(0) : NULL; tcg_res = tcg_temp_new_i64(); for (i = 0; i < elements; i++) { @@ -7123,9 +7131,12 @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn) write_vec_element(s, tcg_resl, rd, 0, MO_64); tcg_temp_free_i64(tcg_resl); - write_vec_element(s, tcg_resh, rd, 1, MO_64); - tcg_temp_free_i64(tcg_resh); - clear_vec_high(s, true, rd); + + if (is_q) { + write_vec_element(s, tcg_resh, rd, 1, MO_64); + tcg_temp_free_i64(tcg_resh); + } + clear_vec_high(s, is_q, rd); } /* From 268b1b3dfbb92a9348406f728a33f39e3d8dcd8a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 18 May 2020 15:28:01 +0100 Subject: [PATCH 27/29] target/arm: Allow user-mode code to write CPSR.E via MSR Using the MSR instruction to write to CPSR.E is deprecated, but it is required to work from any mode including unprivileged code. We were incorrectly forbidding usermode code from writing it because CPSR_USER did not include the CPSR_E bit. We use CPSR_USER in only three places: * as the mask of what to allow userspace MSR to write to CPSR * when deciding what bits a linux-user signal-return should be able to write from the sigcontext structure * in target_user_copy_regs() when we set up the initial registers for the linux-user process In the first two cases not being able to update CPSR.E is a bug, and in the third case it doesn't matter because CPSR.E is always 0 there. So we can fix both bugs by adding CPSR_E to CPSR_USER. Because the cpsr_write() in restore_sigcontext() is now changing a CPSR bit which is cached in hflags, we need to add an arm_rebuild_hflags() call there; the callsite in target_user_copy_regs() was already rebuilding hflags for other reasons. (The recommended way to change CPSR.E is to use the 'SETEND' instruction, which we do correctly allow from usermode code.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20200518142801.20503-1-peter.maydell@linaro.org --- linux-user/arm/signal.c | 1 + target/arm/cpu.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c index d96fc27ce1..8020c80acb 100644 --- a/linux-user/arm/signal.c +++ b/linux-user/arm/signal.c @@ -546,6 +546,7 @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc) #ifdef TARGET_CONFIG_CPU_32 __get_user(cpsr, &sc->arm_cpsr); cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr); + arm_rebuild_hflags(env); #endif err |= !valid_user_regs(env); diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 5d995368d4..677584e5da 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1230,7 +1230,7 @@ void pmu_init(ARMCPU *cpu); #define CACHED_CPSR_BITS (CPSR_T | CPSR_AIF | CPSR_GE | CPSR_IT | CPSR_Q \ | CPSR_NZCV) /* Bits writable in user mode. */ -#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE) +#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE | CPSR_E) /* Execution state bits. MRS read as zero, MSR writes ignored. */ #define CPSR_EXEC (CPSR_T | CPSR_IT | CPSR_J | CPSR_IL) From 45e2813964b135a11e0fb6371d2c5f48d901929e Mon Sep 17 00:00:00 2001 From: Amanieu d'Antras Date: Mon, 11 May 2020 14:11:17 +0100 Subject: [PATCH 28/29] linux-user/arm: Reset CPSR_E when entering a signal handler This fixes signal handlers running with the wrong endianness if the interrupted code used SETEND to dynamically switch endianness. Signed-off-by: Amanieu d'Antras Reviewed-by: Peter Maydell Message-id: 20200511131117.2486486-1-amanieu@gmail.com Signed-off-by: Peter Maydell --- linux-user/arm/signal.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c index 8020c80acb..698985a647 100644 --- a/linux-user/arm/signal.c +++ b/linux-user/arm/signal.c @@ -244,6 +244,11 @@ setup_return(CPUARMState *env, struct target_sigaction *ka, } else { cpsr &= ~CPSR_T; } + if (env->cp15.sctlr_el[1] & SCTLR_E0E) { + cpsr |= CPSR_E; + } else { + cpsr &= ~CPSR_E; + } if (ka->sa_flags & TARGET_SA_RESTORER) { if (is_fdpic) { @@ -287,7 +292,8 @@ setup_return(CPUARMState *env, struct target_sigaction *ka, env->regs[13] = frame_addr; env->regs[14] = retcode; env->regs[15] = handler & (thumb ? ~1 : ~3); - cpsr_write(env, cpsr, CPSR_IT | CPSR_T, CPSRWriteByInstr); + cpsr_write(env, cpsr, CPSR_IT | CPSR_T | CPSR_E, CPSRWriteByInstr); + arm_rebuild_hflags(env); return 0; } From fafe7229272f39500c14845bc7ea60a8504a5a20 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 18 May 2020 15:30:14 +0100 Subject: [PATCH 29/29] linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32 The Arm signal-handling code has some parts ifdeffed with a TARGET_CONFIG_CPU_32, which is always defined. This is a leftover from when this code's structure was based on the Linux kernel signal handling code, where it was intended to support 26-bit Arm CPUs. The kernel dropped its CONFIG_CPU_32 in kernel commit 4da8b8208eded0ba21e3 in 2009. QEMU has never had 26-bit CPU support and is unlikely to ever add it; we certainly aren't going to support 26-bit Linux binaries via linux-user mode. The ifdef is just unhelpful noise, so remove it entirely. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20200518143014.20689-1-peter.maydell@linaro.org --- linux-user/arm/signal.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c index 698985a647..f21d1535e4 100644 --- a/linux-user/arm/signal.c +++ b/linux-user/arm/signal.c @@ -126,8 +126,6 @@ struct rt_sigframe_v2 abi_ulong retcode[4]; }; -#define TARGET_CONFIG_CPU_32 1 - /* * For ARM syscalls, we encode the syscall number into the instruction. */ @@ -187,9 +185,7 @@ setup_sigcontext(struct target_sigcontext *sc, /*struct _fpstate *fpstate,*/ __put_user(env->regs[13], &sc->arm_sp); __put_user(env->regs[14], &sc->arm_lr); __put_user(env->regs[15], &sc->arm_pc); -#ifdef TARGET_CONFIG_CPU_32 __put_user(cpsr_read(env), &sc->arm_cpsr); -#endif __put_user(/* current->thread.trap_no */ 0, &sc->trap_no); __put_user(/* current->thread.error_code */ 0, &sc->error_code); @@ -549,11 +545,9 @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc) __get_user(env->regs[13], &sc->arm_sp); __get_user(env->regs[14], &sc->arm_lr); __get_user(env->regs[15], &sc->arm_pc); -#ifdef TARGET_CONFIG_CPU_32 __get_user(cpsr, &sc->arm_cpsr); cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr); arm_rebuild_hflags(env); -#endif err |= !valid_user_regs(env);