target-arm queue:

* target/arm: avoid undefined behaviour shift in watchpoint code
  * target/arm: avoid undefined behaviour shift in handle_simd_dupe()
  * target/arm: add assert that immh != 0 in disas_simd_shift_imm()
  * aspeed/smc: Fix DMA support for AST2600
  * hw/arm/bcm283x: Correct the license text ('and' vs 'or')
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl549DMZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3s6sEACW5kzBNZJVopXwz57ifJ5g
 rKB7SPXHT7uKTmfWsKfUgywcHyMlhXtkfL3/LVpDynC/7Nfnp8JbGuojdbxt5Nrg
 rEZ73D3C+RZq1UGsATQL+bWiOBGYy3nbVlx+pxa1Yij8xi9g4JYL1y5wbJXKryF5
 +iES3/TqqMHXFkueY4eIAxZttKQgAvvCEaNXN2NNTk0KuVFocjJjmwW0wxRtxulD
 b4Dhpp9yHMsriD7U/hsT+/uyhVs1cWaQFbTGl14Xx1L373/Ifl6dCOg7Su7uzyEa
 sp3KPdgHn/VXhqoYr2EDawqZXWo9w6qPj3nPPmgQCtO4gPVjoHttlVZsecYpm52M
 S1t/OVzwENEZ3hOLRoaWMRQ5ZGbpuMFzNZTYbRiy7EZxvaEuS4t+zbSP/tIyXxDX
 MZlDpBmXkzSku8ZrjRou4Ow6G5oj6KNi3mQnTC71xfjLFyTWniX0sYf30kh9kmPg
 V4p1SDEWuStbpBFd6Nlr9wFcWmS/KRSiy8/atelL7fsyFJYqIq9aKxeic5dJoHjb
 qu8zM7+rZtPJShIgMakypCQQlC8KpfMQ/Vy4duFPBRCCqPgIzTdJVUIVbFcYk5yx
 23JFIA727Hv5gbak2QQMSRz2MV9KWpEOCwN6kcgnQJgxN5uLEQpHRtsx5Oa0MBGh
 AAsALag+tS7utEBX7LEL8Q==
 =4nmN
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200323' into staging

target-arm queue:
 * target/arm: avoid undefined behaviour shift in watchpoint code
 * target/arm: avoid undefined behaviour shift in handle_simd_dupe()
 * target/arm: add assert that immh != 0 in disas_simd_shift_imm()
 * aspeed/smc: Fix DMA support for AST2600
 * hw/arm/bcm283x: Correct the license text ('and' vs 'or')

# gpg: Signature made Mon 23 Mar 2020 17:38:59 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200323:
  target/arm: Move computation of index in handle_simd_dupe
  target/arm: Assert immh != 0 in disas_simd_shift_imm
  target/arm: Rearrange disabled check for watchpoints
  aspeed/smc: Fix DMA support for AST2600
  hw/arm/bcm283x: Correct the license text

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2020-03-23 17:41:21 +00:00
commit c532b954d9
24 changed files with 76 additions and 28 deletions

View File

@ -411,6 +411,12 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, Error **errp)
/* SPI */ /* SPI */
for (i = 0; i < sc->spis_num; i++) { for (i = 0; i < sc->spis_num; i++) {
object_property_set_link(OBJECT(&s->spi[i]), OBJECT(s->dram_mr),
"dram", &err);
if (err) {
error_propagate(errp, err);
return;
}
object_property_set_int(OBJECT(&s->spi[i]), 1, "num-cs", &err); object_property_set_int(OBJECT(&s->spi[i]), 1, "num-cs", &err);
object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", object_property_set_bool(OBJECT(&s->spi[i]), true, "realized",
&local_err); &local_err);

View File

@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -8,7 +8,8 @@
* Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
* Upstream code cleanup (c) 2018 Pekka Enberg * Upstream code cleanup (c) 2018 Pekka Enberg
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -1,7 +1,6 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann. * Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.
* This code is licensed under the GNU GPLv2 and later.
* *
* Heavily based on milkymist-vgafb.c, copyright terms below: * Heavily based on milkymist-vgafb.c, copyright terms below:
* QEMU model of the Milkymist VGA framebuffer. * QEMU model of the Milkymist VGA framebuffer.

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -1,7 +1,6 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann. * Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.
* This code is licensed under the GNU GPLv2 and later.
* Heavily based on pl190.c, copyright terms below: * Heavily based on pl190.c, copyright terms below:
* *
* Arm PrimeCell PL190 Vector Interrupt Controller * Arm PrimeCell PL190 Vector Interrupt Controller
@ -9,7 +8,8 @@
* Copyright (c) 2006 CodeSourcery. * Copyright (c) 2006 CodeSourcery.
* Written by Paul Brook * Written by Paul Brook
* *
* This code is licensed under the GPL. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -4,7 +4,6 @@
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade * Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later.
* *
* At present, only implements interrupt routing, and mailboxes (i.e., * At present, only implements interrupt routing, and mailboxes (i.e.,
* not PMU interrupt, or AXI counters). * not PMU interrupt, or AXI counters).
@ -13,6 +12,9 @@
* *
* Ref: * Ref:
* https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf * https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -1,11 +1,13 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later.
* *
* This file models the system mailboxes, which are used for * This file models the system mailboxes, which are used for
* communication with low-bandwidth GPU peripherals. Refs: * communication with low-bandwidth GPU peripherals. Refs:
* https://github.com/raspberrypi/firmware/wiki/Mailboxes * https://github.com/raspberrypi/firmware/wiki/Mailboxes
* https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#include "qemu/osdep.h" #include "qemu/osdep.h"

View File

@ -364,6 +364,8 @@ static const AspeedSMCController controllers[] = {
.flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE, .flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE,
.flash_window_size = 0x10000000, .flash_window_size = 0x10000000,
.has_dma = true, .has_dma = true,
.dma_flash_mask = 0x0FFFFFFC,
.dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX, .nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg, .segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment, .reg_to_segment = aspeed_2600_smc_reg_to_segment,
@ -379,7 +381,9 @@ static const AspeedSMCController controllers[] = {
.segments = aspeed_segments_ast2600_spi1, .segments = aspeed_segments_ast2600_spi1,
.flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE, .flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE,
.flash_window_size = 0x10000000, .flash_window_size = 0x10000000,
.has_dma = false, .has_dma = true,
.dma_flash_mask = 0x0FFFFFFC,
.dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX, .nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg, .segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment, .reg_to_segment = aspeed_2600_smc_reg_to_segment,
@ -395,7 +399,9 @@ static const AspeedSMCController controllers[] = {
.segments = aspeed_segments_ast2600_spi2, .segments = aspeed_segments_ast2600_spi2,
.flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE, .flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE,
.flash_window_size = 0x10000000, .flash_window_size = 0x10000000,
.has_dma = false, .has_dma = true,
.dma_flash_mask = 0x0FFFFFFC,
.dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX, .nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg, .segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment, .reg_to_segment = aspeed_2600_smc_reg_to_segment,
@ -1135,6 +1141,11 @@ static void aspeed_smc_dma_rw(AspeedSMCState *s)
MemTxResult result; MemTxResult result;
uint32_t data; uint32_t data;
trace_aspeed_smc_dma_rw(s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE ?
"write" : "read",
s->regs[R_DMA_FLASH_ADDR],
s->regs[R_DMA_DRAM_ADDR],
s->regs[R_DMA_LEN]);
while (s->regs[R_DMA_LEN]) { while (s->regs[R_DMA_LEN]) {
if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) {
data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR],

View File

@ -6,5 +6,6 @@ aspeed_smc_do_snoop(int cs, int index, int dummies, int data) "CS%d index:0x%x d
aspeed_smc_flash_write(int cs, uint64_t addr, uint32_t size, uint64_t data, int mode) "CS%d @0x%" PRIx64 " size %u: 0x%" PRIx64" mode:%d" aspeed_smc_flash_write(int cs, uint64_t addr, uint32_t size, uint64_t data, int mode) "CS%d @0x%" PRIx64 " size %u: 0x%" PRIx64" mode:%d"
aspeed_smc_read(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64 aspeed_smc_read(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64
aspeed_smc_dma_checksum(uint32_t addr, uint32_t data) "0x%08x: 0x%08x" aspeed_smc_dma_checksum(uint32_t addr, uint32_t data) "0x%08x: 0x%08x"
aspeed_smc_dma_rw(const char *dir, uint32_t flash_addr, uint32_t dram_addr, uint32_t size) "%s flash:@0x%08x dram:@0x%08x size:0x%08x"
aspeed_smc_write(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64 aspeed_smc_write(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64
aspeed_smc_flash_select(int cs, const char *prefix) "CS%d %sselect" aspeed_smc_flash_select(int cs, const char *prefix) "CS%d %sselect"

View File

@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_PERIPHERALS_H #ifndef BCM2835_PERIPHERALS_H

View File

@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2836_H #ifndef BCM2836_H

View File

@ -2,7 +2,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_AUX_H #ifndef BCM2835_AUX_H

View File

@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft * Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann * Written by Andrew Baumann
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_FB_H #ifndef BCM2835_FB_H

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_DMA_H #ifndef BCM2835_DMA_H

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_IC_H #ifndef BCM2835_IC_H

View File

@ -8,7 +8,8 @@
* ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti
* Added basic IRQ_TIMER interrupt support * Added basic IRQ_TIMER interrupt support
* *
* This code is licensed under the GNU GPLv2 and later. * This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2836_CONTROL_H #ifndef BCM2836_CONTROL_H

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_MBOX_H #ifndef BCM2835_MBOX_H

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_MBOX_DEFS_H #ifndef BCM2835_MBOX_DEFS_H

View File

@ -1,6 +1,8 @@
/* /*
* Raspberry Pi emulation (c) 2012 Gregory Estrade * Raspberry Pi emulation (c) 2012 Gregory Estrade
* This code is licensed under the GNU GPLv2 and later. *
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/ */
#ifndef BCM2835_PROPERTY_H #ifndef BCM2835_PROPERTY_H

View File

@ -6340,17 +6340,18 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
int bas = extract64(wcr, 5, 8); int bas = extract64(wcr, 5, 8);
int basstart; int basstart;
if (bas == 0) {
/* This must act as if the watchpoint is disabled */
return;
}
if (extract64(wvr, 2, 1)) { if (extract64(wvr, 2, 1)) {
/* Deprecated case of an only 4-aligned address. BAS[7:4] are /* Deprecated case of an only 4-aligned address. BAS[7:4] are
* ignored, and BAS[3:0] define which bytes to watch. * ignored, and BAS[3:0] define which bytes to watch.
*/ */
bas &= 0xf; bas &= 0xf;
} }
if (bas == 0) {
/* This must act as if the watchpoint is disabled */
return;
}
/* The BAS bits are supposed to be programmed to indicate a contiguous /* The BAS bits are supposed to be programmed to indicate a contiguous
* range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
* we fire for each byte in the word/doubleword addressed by the WVR. * we fire for each byte in the word/doubleword addressed by the WVR.

View File

@ -7422,7 +7422,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
int imm5) int imm5)
{ {
int size = ctz32(imm5); int size = ctz32(imm5);
int index = imm5 >> (size + 1); int index;
if (size > 3 || (size == 3 && !is_q)) { if (size > 3 || (size == 3 && !is_q)) {
unallocated_encoding(s); unallocated_encoding(s);
@ -7433,6 +7433,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
return; return;
} }
index = imm5 >> (size + 1);
tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd), tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd),
vec_reg_offset(s, rn, index, size), vec_reg_offset(s, rn, index, size),
is_q ? 16 : 8, vec_full_reg_size(s)); is_q ? 16 : 8, vec_full_reg_size(s));
@ -10405,6 +10406,9 @@ static void disas_simd_shift_imm(DisasContext *s, uint32_t insn)
bool is_u = extract32(insn, 29, 1); bool is_u = extract32(insn, 29, 1);
bool is_q = extract32(insn, 30, 1); bool is_q = extract32(insn, 30, 1);
/* data_proc_simd[] has sent immh == 0 to disas_simd_mod_imm. */
assert(immh != 0);
switch (opcode) { switch (opcode) {
case 0x08: /* SRI */ case 0x08: /* SRI */
if (!is_u) { if (!is_u) {