From 0dc1982312a7f8b5379b039d9f799bac343cc8f3 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 4 Apr 2016 17:33:51 +0100 Subject: [PATCH 1/5] hw/arm/bcm2836: Wire up CPU timer interrupts correctly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wire up the CPU timer interrupts in the right order, with the nonsecure physical timer on cntpnsirq, the hyp timer on cnthpirq, and the secure physical timer on cntpsirq. (We did get the virt timer right, at least.) Reported-by: Antonio Huete Jiménez Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Message-id: 1458210790-6621-1-git-send-email-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index af29dd1f19..8451190a19 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -139,9 +139,13 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) /* Connect timers from the CPU to the interrupt controller */ qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_PHYS, - qdev_get_gpio_in_named(DEVICE(&s->control), "cntpsirq", n)); + qdev_get_gpio_in_named(DEVICE(&s->control), "cntpnsirq", n)); qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_VIRT, qdev_get_gpio_in_named(DEVICE(&s->control), "cntvirq", n)); + qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_HYP, + qdev_get_gpio_in_named(DEVICE(&s->control), "cnthpirq", n)); + qdev_connect_gpio_out(DEVICE(&s->cpus[n]), GTIMER_SEC, + qdev_get_gpio_in_named(DEVICE(&s->control), "cntpsirq", n)); } } From f911e0a323f29ecc780a94380cfbf9f574c19eb7 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 4 Apr 2016 17:33:51 +0100 Subject: [PATCH 2/5] linux-user: arm: Handle (ignore) EXCP_YIELD in ARM cpu_loop() The new-in-ARMv8 YIELD instruction has been implemented to throw an EXCP_YIELD back up to the QEMU main loop. In system emulation we use this to decide to schedule a different guest CPU in SMP configurations. In usermode emulation there is nothing to do, so just ignore it and resume the guest. This prevents an abort with "unhandled CPU exception 0x10004" if the guest process uses the YIELD instruction. Reported-by: Hunter Laux Signed-off-by: Peter Maydell Message-id: 1456833171-31900-1-git-send-email-peter.maydell@linaro.org --- linux-user/main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux-user/main.c b/linux-user/main.c index b432bf2b1e..5f3ec9747a 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -907,6 +907,9 @@ void cpu_loop(CPUARMState *env) if (do_kernel_trap(env)) goto error; break; + case EXCP_YIELD: + /* nothing to do here for user-mode, just resume guest code */ + break; default: error: EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr); @@ -1097,6 +1100,9 @@ void cpu_loop(CPUARMState *env) case EXCP_SEMIHOST: env->xregs[0] = do_arm_semihosting(env); break; + case EXCP_YIELD: + /* nothing to do here for user-mode, just resume guest code */ + break; default: EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr); abort(); From e24fdd238a159d830a9a65dd9b08f80fba9b9e06 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 4 Apr 2016 17:33:51 +0100 Subject: [PATCH 3/5] target-arm: Correctly reset SCTLR_EL3 for 64-bit CPUs The regdef for SCTRL_EL3 was incorrectly marked as being an ARM_CP_ALIAS, with the remark that this was because the 32-bit definition would take care of reset and migration. However the intention for banked registers as documented in the comment in add_cpreg_to_hashtable() is: * 2) If ARMv8 is enabled then we can count on a 64-bit version * taking care of the secure bank. This requires that separate * 32 and 64-bit definitions are provided. and so it marks the 32-bit secure banked version as an alias. This results in the sctlr_s/sctlr_el[3] field never being reset or migrated for a 64-bit CPU with EL3 enabled. Fix this by removing the ARM_CP_ALIAS annotation from SCTLR_EL3. Since this means it now needs a real reset value, move the regdef into the same place that we define the 32-bit SCTLR. Signed-off-by: Peter Maydell Reviewed-by: Laurent Desnogues Reviewed-by: Sergey Fedorov Message-id: 1459435778-5526-2-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 19d5d525f3..e583e6a2d3 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3744,11 +3744,6 @@ static const ARMCPRegInfo el3_cp_reginfo[] = { .access = PL1_RW, .accessfn = access_trap_aa32s_el1, .writefn = vbar_write, .resetvalue = 0, .fieldoffset = offsetof(CPUARMState, cp15.mvbar) }, - { .name = "SCTLR_EL3", .state = ARM_CP_STATE_AA64, - .type = ARM_CP_ALIAS, /* reset handled by AArch32 view */ - .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 0, - .access = PL3_RW, .raw_writefn = raw_write, .writefn = sctlr_write, - .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]) }, { .name = "TTBR0_EL3", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 0, .opc2 = 0, .access = PL3_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0, @@ -4641,12 +4636,20 @@ void register_cp_regs_for_features(ARMCPU *cpu) } if (arm_feature(env, ARM_FEATURE_EL3)) { define_arm_cp_regs(cpu, el3_cp_reginfo); - ARMCPRegInfo rvbar = { - .name = "RVBAR_EL3", .state = ARM_CP_STATE_AA64, - .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 0, .opc2 = 1, - .type = ARM_CP_CONST, .access = PL3_R, .resetvalue = cpu->rvbar + ARMCPRegInfo el3_regs[] = { + { .name = "RVBAR_EL3", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 0, .opc2 = 1, + .type = ARM_CP_CONST, .access = PL3_R, .resetvalue = cpu->rvbar }, + { .name = "SCTLR_EL3", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 0, + .access = PL3_RW, + .raw_writefn = raw_write, .writefn = sctlr_write, + .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]), + .resetvalue = cpu->reset_sctlr }, + REGINFO_SENTINEL }; - define_one_arm_cp_reg(cpu, &rvbar); + + define_arm_cp_regs(cpu, el3_regs); } /* The behaviour of NSACR is sufficiently various that we don't * try to describe it in a single reginfo: From 094a7d0b9d10812d06be2c5c19288cee4603c693 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 4 Apr 2016 17:33:51 +0100 Subject: [PATCH 4/5] target-arm: Remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3 The regdefs for the ESR_EL2 and ESR_EL3 system registers should not be marked as ARM_CP_ALIAS, because these are the master copies; the DFSR regdef in vmsa_pmsa_cp_reginfo[] is marked as an alias. Remove the ALIAS tags so that these registers are correctly migrated. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1459435778-5526-3-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index e583e6a2d3..0e54d90e11 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3509,7 +3509,6 @@ static const ARMCPRegInfo el2_cp_reginfo[] = { .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, elr_el[2]) }, { .name = "ESR_EL2", .state = ARM_CP_STATE_AA64, - .type = ARM_CP_ALIAS, .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0, .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) }, { .name = "FAR_EL2", .state = ARM_CP_STATE_AA64, @@ -3759,7 +3758,6 @@ static const ARMCPRegInfo el3_cp_reginfo[] = { .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, elr_el[3]) }, { .name = "ESR_EL3", .state = ARM_CP_STATE_AA64, - .type = ARM_CP_ALIAS, .opc0 = 3, .opc1 = 6, .crn = 5, .crm = 2, .opc2 = 0, .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[3]) }, { .name = "FAR_EL3", .state = ARM_CP_STATE_AA64, From bf06c1123a427fefc2cf9cf8019578eafc19eb6f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 4 Apr 2016 17:33:52 +0100 Subject: [PATCH 5/5] target-arm: Make the 64-bit version of VTCR do the migration Move the ALIAS tag from VTCR_EL2 to VTCR so that we migrate the 64-bit version, as is usual. (This has no particular effect now unless the guest wrote to the high RES0 bits of VTCR_EL2.) Add a comment about why it's OK that we don't have the various accessor functions that the EL1 TCR regdefs do. Signed-off-by: Peter Maydell Reviewed-by: Sergey Fedorov Message-id: 1459435778-5526-4-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 0e54d90e11..09638b2e7d 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3564,11 +3564,15 @@ static const ARMCPRegInfo el2_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) }, { .name = "VTCR", .state = ARM_CP_STATE_AA32, .cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2, + .type = ARM_CP_ALIAS, .access = PL2_RW, .accessfn = access_el3_aa32ns, .fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) }, { .name = "VTCR_EL2", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2, - .access = PL2_RW, .type = ARM_CP_ALIAS, + .access = PL2_RW, + /* no .writefn needed as this can't cause an ASID change; + * no .raw_writefn or .resetfn needed as we never use mask/base_mask + */ .fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) }, { .name = "VTTBR", .state = ARM_CP_STATE_AA32, .cp = 15, .opc1 = 6, .crm = 2,