diff options
| author | Peter Maydell | 2017-07-31 15:45:42 +0200 |
|---|---|---|
| committer | Peter Maydell | 2017-07-31 15:45:42 +0200 |
| commit | 5619c179057e24195ff19c8fe6d6a6cbcb16ed28 (patch) | |
| tree | 5d2f1166996202e5d26cc5a59098ec8ef0634b7f | |
| parent | Revert "syscall: fix dereference of undefined pointer" (diff) | |
| parent | hw/mps2_scc: fix incorrect properties (diff) | |
| download | qemu-5619c179057e24195ff19c8fe6d6a6cbcb16ed28.tar.gz qemu-5619c179057e24195ff19c8fe6d6a6cbcb16ed28.tar.xz qemu-5619c179057e24195ff19c8fe6d6a6cbcb16ed28.zip | |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170731' into staging
target-arm queue:
* fix broken properties on MPS2 SCC device
* fix MPU trace handling of write vs exec
* fix MPU M profile bugs:
- not handling system space or PPB region correctly
- not resetting state
- not migrating MPU_RNR
# gpg: Signature made Mon 31 Jul 2017 13:21:40 BST
# gpg: using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20170731:
hw/mps2_scc: fix incorrect properties
target/arm: Migrate MPU_RNR register state for M profile cores
target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
target/arm: Don't allow guest to make System space executable for M profile
target/arm: Don't do MPU lookups for addresses in M profile PPB region
target/arm: Correct MPU trace handling of write vs execute
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/intc/armv7m_nvic.c | 14 | ||||
| -rw-r--r-- | hw/misc/mps2-scc.c | 4 | ||||
| -rw-r--r-- | target/arm/cpu.c | 14 | ||||
| -rw-r--r-- | target/arm/cpu.h | 3 | ||||
| -rw-r--r-- | target/arm/helper.c | 71 | ||||
| -rw-r--r-- | target/arm/machine.c | 30 |
6 files changed, 101 insertions, 35 deletions
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 26a4b2dcb5..323e2d47aa 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -536,13 +536,13 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset) case 0xd94: /* MPU_CTRL */ return cpu->env.v7m.mpu_ctrl; case 0xd98: /* MPU_RNR */ - return cpu->env.cp15.c6_rgnr; + return cpu->env.pmsav7.rnr; case 0xd9c: /* MPU_RBAR */ case 0xda4: /* MPU_RBAR_A1 */ case 0xdac: /* MPU_RBAR_A2 */ case 0xdb4: /* MPU_RBAR_A3 */ { - int region = cpu->env.cp15.c6_rgnr; + int region = cpu->env.pmsav7.rnr; if (region >= cpu->pmsav7_dregion) { return 0; @@ -554,7 +554,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset) case 0xdb0: /* MPU_RASR_A2 */ case 0xdb8: /* MPU_RASR_A3 */ { - int region = cpu->env.cp15.c6_rgnr; + int region = cpu->env.pmsav7.rnr; if (region >= cpu->pmsav7_dregion) { return 0; @@ -681,7 +681,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) PRIu32 "/%" PRIu32 "\n", value, cpu->pmsav7_dregion); } else { - cpu->env.cp15.c6_rgnr = value; + cpu->env.pmsav7.rnr = value; } break; case 0xd9c: /* MPU_RBAR */ @@ -702,9 +702,9 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) region, cpu->pmsav7_dregion); return; } - cpu->env.cp15.c6_rgnr = region; + cpu->env.pmsav7.rnr = region; } else { - region = cpu->env.cp15.c6_rgnr; + region = cpu->env.pmsav7.rnr; } if (region >= cpu->pmsav7_dregion) { @@ -720,7 +720,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) case 0xdb0: /* MPU_RASR_A2 */ case 0xdb8: /* MPU_RASR_A3 */ { - int region = cpu->env.cp15.c6_rgnr; + int region = cpu->env.pmsav7.rnr; if (region >= cpu->pmsav7_dregion) { return; diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c index cc58d26f29..32be2a9df1 100644 --- a/hw/misc/mps2-scc.c +++ b/hw/misc/mps2-scc.c @@ -270,9 +270,9 @@ static Property mps2_scc_properties[] = { /* Values for various read-only ID registers (which are specific * to the board model or FPGA image) */ - DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, aid, 0), + DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, cfg4, 0), DEFINE_PROP_UINT32("scc-aid", MPS2SCC, aid, 0), - DEFINE_PROP_UINT32("scc-id", MPS2SCC, aid, 0), + DEFINE_PROP_UINT32("scc-id", MPS2SCC, id, 0), /* These are the initial settings for the source clocks on the board. * In hardware they can be configured via a config file read by the * motherboard configuration controller to suit the FPGA image. diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 96d1f84030..05c038bf17 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -232,6 +232,20 @@ static void arm_cpu_reset(CPUState *s) env->vfp.xregs[ARM_VFP_FPEXC] = 0; #endif + + if (arm_feature(env, ARM_FEATURE_PMSA) && + arm_feature(env, ARM_FEATURE_V7)) { + if (cpu->pmsav7_dregion > 0) { + memset(env->pmsav7.drbar, 0, + sizeof(*env->pmsav7.drbar) * cpu->pmsav7_dregion); + memset(env->pmsav7.drsr, 0, + sizeof(*env->pmsav7.drsr) * cpu->pmsav7_dregion); + memset(env->pmsav7.dracr, 0, + sizeof(*env->pmsav7.dracr) * cpu->pmsav7_dregion); + } + env->pmsav7.rnr = 0; + } + set_flush_to_zero(1, &env->vfp.standard_fp_status); set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status); set_default_nan_mode(1, &env->vfp.standard_fp_status); diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 102c58afac..b39d64aa0b 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -305,8 +305,6 @@ typedef struct CPUARMState { uint64_t par_el[4]; }; - uint32_t c6_rgnr; - uint32_t c9_insn; /* Cache lockdown registers. */ uint32_t c9_data; uint64_t c9_pmcr; /* performance monitor control register */ @@ -519,6 +517,7 @@ typedef struct CPUARMState { uint32_t *drbar; uint32_t *drsr; uint32_t *dracr; + uint32_t rnr; } pmsav7; void *nvic; diff --git a/target/arm/helper.c b/target/arm/helper.c index 4ed32c56b8..fa60040361 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -2385,7 +2385,7 @@ static uint64_t pmsav7_read(CPUARMState *env, const ARMCPRegInfo *ri) return 0; } - u32p += env->cp15.c6_rgnr; + u32p += env->pmsav7.rnr; return *u32p; } @@ -2399,23 +2399,11 @@ static void pmsav7_write(CPUARMState *env, const ARMCPRegInfo *ri, return; } - u32p += env->cp15.c6_rgnr; + u32p += env->pmsav7.rnr; tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */ *u32p = value; } -static void pmsav7_reset(CPUARMState *env, const ARMCPRegInfo *ri) -{ - ARMCPU *cpu = arm_env_get_cpu(env); - uint32_t *u32p = *(uint32_t **)raw_ptr(env, ri); - - if (!u32p) { - return; - } - - memset(u32p, 0, sizeof(*u32p) * cpu->pmsav7_dregion); -} - static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -2433,22 +2421,30 @@ static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri, } static const ARMCPRegInfo pmsav7_cp_reginfo[] = { + /* Reset for all these registers is handled in arm_cpu_reset(), + * because the PMSAv7 is also used by M-profile CPUs, which do + * not register cpregs but still need the state to be reset. + */ { .name = "DRBAR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 0, .access = PL1_RW, .type = ARM_CP_NO_RAW, .fieldoffset = offsetof(CPUARMState, pmsav7.drbar), - .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset }, + .readfn = pmsav7_read, .writefn = pmsav7_write, + .resetfn = arm_cp_reset_ignore }, { .name = "DRSR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 2, .access = PL1_RW, .type = ARM_CP_NO_RAW, .fieldoffset = offsetof(CPUARMState, pmsav7.drsr), - .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset }, + .readfn = pmsav7_read, .writefn = pmsav7_write, + .resetfn = arm_cp_reset_ignore }, { .name = "DRACR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 4, .access = PL1_RW, .type = ARM_CP_NO_RAW, .fieldoffset = offsetof(CPUARMState, pmsav7.dracr), - .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset }, + .readfn = pmsav7_read, .writefn = pmsav7_write, + .resetfn = arm_cp_reset_ignore }, { .name = "RGNR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 2, .opc2 = 0, .access = PL1_RW, - .fieldoffset = offsetof(CPUARMState, cp15.c6_rgnr), - .writefn = pmsav7_rgnr_write }, + .fieldoffset = offsetof(CPUARMState, pmsav7.rnr), + .writefn = pmsav7_rgnr_write, + .resetfn = arm_cp_reset_ignore }, REGINFO_SENTINEL }; @@ -8244,6 +8240,21 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, } } +static inline bool m_is_ppb_region(CPUARMState *env, uint32_t address) +{ + /* True if address is in the M profile PPB region 0xe0000000 - 0xe00fffff */ + return arm_feature(env, ARM_FEATURE_M) && + extract32(address, 20, 12) == 0xe00; +} + +static inline bool m_is_system_region(CPUARMState *env, uint32_t address) +{ + /* True if address is in the M profile system region + * 0xe0000000 - 0xffffffff + */ + return arm_feature(env, ARM_FEATURE_M) && extract32(address, 29, 3) == 0x7; +} + static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, int access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, int *prot, uint32_t *fsr) @@ -8255,7 +8266,15 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, *phys_ptr = address; *prot = 0; - if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */ + if (regime_translation_disabled(env, mmu_idx) || + m_is_ppb_region(env, address)) { + /* MPU disabled or M profile PPB access: use default memory map. + * The other case which uses the default memory map in the + * v7M ARM ARM pseudocode is exception vector reads from the vector + * table. In QEMU those accesses are done in arm_v7m_load_vector(), + * which always does a direct read using address_space_ldl(), rather + * than going via this function, so we don't need to check that here. + */ get_phys_addr_pmsav7_default(env, mmu_idx, address, prot); } else { /* MPU enabled */ for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) { @@ -8339,6 +8358,12 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, get_phys_addr_pmsav7_default(env, mmu_idx, address, prot); } else { /* a MPU hit! */ uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3); + uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1); + + if (m_is_system_region(env, address)) { + /* System space is always execute never */ + xn = 1; + } if (is_user) { /* User mode AP bit decoding */ switch (ap) { @@ -8379,7 +8404,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, } /* execute never */ - if (env->pmsav7.dracr[n] & (1 << 12)) { + if (xn) { *prot &= ~PAGE_EXEC; } } @@ -8558,8 +8583,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, phys_ptr, prot, fsr); qemu_log_mask(CPU_LOG_MMU, "PMSAv7 MPU lookup for %s at 0x%08" PRIx32 " mmu_idx %u -> %s (prot %c%c%c)\n", - access_type == 1 ? "reading" : - (access_type == 2 ? "writing" : "execute"), + access_type == MMU_DATA_LOAD ? "reading" : + (access_type == MMU_DATA_STORE ? "writing" : "execute"), (uint32_t)address, mmu_idx, ret ? "Miss" : "Hit", *prot & PAGE_READ ? 'r' : '-', diff --git a/target/arm/machine.c b/target/arm/machine.c index 1a40469015..1f66da4a2c 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -151,7 +151,7 @@ static bool pmsav7_rgnr_vmstate_validate(void *opaque, int version_id) { ARMCPU *cpu = opaque; - return cpu->env.cp15.c6_rgnr < cpu->pmsav7_dregion; + return cpu->env.pmsav7.rnr < cpu->pmsav7_dregion; } static const VMStateDescription vmstate_pmsav7 = { @@ -171,6 +171,29 @@ static const VMStateDescription vmstate_pmsav7 = { } }; +static bool pmsav7_rnr_needed(void *opaque) +{ + ARMCPU *cpu = opaque; + CPUARMState *env = &cpu->env; + + /* For R profile cores pmsav7.rnr is migrated via the cpreg + * "RGNR" definition in helper.h. For M profile we have to + * migrate it separately. + */ + return arm_feature(env, ARM_FEATURE_M); +} + +static const VMStateDescription vmstate_pmsav7_rnr = { + .name = "cpu/pmsav7-rnr", + .version_id = 1, + .minimum_version_id = 1, + .needed = pmsav7_rnr_needed, + .fields = (VMStateField[]) { + VMSTATE_UINT32(env.pmsav7.rnr, ARMCPU), + VMSTATE_END_OF_LIST() + } +}; + static int get_cpsr(QEMUFile *f, void *opaque, size_t size, VMStateField *field) { @@ -377,6 +400,11 @@ const VMStateDescription vmstate_arm_cpu = { &vmstate_iwmmxt, &vmstate_m, &vmstate_thumb2ee, + /* pmsav7_rnr must come before pmsav7 so that we have the + * region number before we test it in the VMSTATE_VALIDATE + * in vmstate_pmsav7. + */ + &vmstate_pmsav7_rnr, &vmstate_pmsav7, NULL } |