From 7f4fbfb5dc08fe3fb6829bde8e4072d6cb214931 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 23 Sep 2022 13:34:10 +0100 Subject: target/arm: Mark registers which call pmu_op_start() as ARM_CP_IO In commit 01765386a888 we made some system register write functions call pmu_op_start()/pmu_op_finish(). This means that they now touch timers, so for icount to work these registers must have the ARM_CP_IO flag set. This fixes a bug where when icount is enabled a guest that touches MDCR_EL3, MDCR_EL2, PMCNTENSET_EL0 or PMCNTENCLR_EL0 would cause QEMU to print an error message and exit, for example: [ 2.495971] TCP: Hash tables configured (established 1024 bind 1024) [ 2.496213] UDP hash table entries: 256 (order: 1, 8192 bytes) [ 2.496386] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes) [ 2.496917] NET: Registered protocol family 1 qemu-system-aarch64: Bad icount read Reported-by: Thomas Huth Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20220923123412.1214041-2-peter.maydell@linaro.org --- target/arm/helper.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index b5dac651e7..fadeed0b6b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1927,12 +1927,12 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { * or PL0_RO as appropriate and then check PMUSERENR in the helper fn. */ { .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1, - .access = PL0_RW, .type = ARM_CP_ALIAS, + .access = PL0_RW, .type = ARM_CP_ALIAS | ARM_CP_IO, .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten), .writefn = pmcntenset_write, .accessfn = pmreg_access, .raw_writefn = raw_write }, - { .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64, + { .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64, .type = ARM_CP_IO, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 1, .access = PL0_RW, .accessfn = pmreg_access, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .resetvalue = 0, @@ -1942,11 +1942,11 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten), .accessfn = pmreg_access, .writefn = pmcntenclr_write, - .type = ARM_CP_ALIAS }, + .type = ARM_CP_ALIAS | ARM_CP_IO }, { .name = "PMCNTENCLR_EL0", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 2, .access = PL0_RW, .accessfn = pmreg_access, - .type = ARM_CP_ALIAS, + .type = ARM_CP_ALIAS | ARM_CP_IO, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .writefn = pmcntenclr_write }, { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3, @@ -5125,7 +5125,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 3, .opc2 = 1, .resetvalue = 0, .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) }, - { .name = "SDCR", .type = ARM_CP_ALIAS, + { .name = "SDCR", .type = ARM_CP_ALIAS | ARM_CP_IO, .cp = 15, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 1, .access = PL1_RW, .accessfn = access_trap_aa32s_el1, .writefn = sdcr_write, @@ -7832,7 +7832,7 @@ void register_cp_regs_for_features(ARMCPU *cpu) * value is MDCR_EL2.HPMN which should reset to the value of PMCR_EL0.N. */ ARMCPRegInfo mdcr_el2 = { - .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH, + .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH, .type = ARM_CP_IO, .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1, .writefn = mdcr_el2_write, .access = PL2_RW, .resetvalue = pmu_num_counters(env), -- cgit v1.2.3-55-g7522 From 80d2b43b2ff367f38ae4c9616b1ed261ecf801b6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 23 Sep 2022 13:34:11 +0100 Subject: target/arm: Make writes to MDCR_EL3 use PMU start/finish calls In commit 01765386a88868 we fixed a bug where we weren't correctly bracketing changes to some registers with pmu_op_start() and pmu_op_finish() calls for changes which affect whether the PMU counters might be enabled. However, we missed the case of writes to the AArch64 MDCR_EL3 register, because (unlike its AArch32 counterpart) they are currently done directly to the CPU state struct without going through the sdcr_write() function. Give MDCR_EL3 a writefn which handles the PMU start/finish calls. The SDCR writefn then simplfies to "call the MDCR_EL3 writefn after masking off the bits which don't exist in the AArch32 register". Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20220923123412.1214041-3-peter.maydell@linaro.org --- target/arm/helper.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index fadeed0b6b..24c592ffef 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4756,8 +4756,8 @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, } } -static void sdcr_write(CPUARMState *env, const ARMCPRegInfo *ri, - uint64_t value) +static void mdcr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) { /* * Some MDCR_EL3 bits affect whether PMU counters are running: @@ -4769,12 +4769,19 @@ static void sdcr_write(CPUARMState *env, const ARMCPRegInfo *ri, if (pmu_op) { pmu_op_start(env); } - env->cp15.mdcr_el3 = value & SDCR_VALID_MASK; + env->cp15.mdcr_el3 = value; if (pmu_op) { pmu_op_finish(env); } } +static void sdcr_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + /* Not all bits defined for MDCR_EL3 exist in the AArch32 SDCR */ + mdcr_el3_write(env, ri, value & SDCR_VALID_MASK); +} + static void mdcr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -5122,9 +5129,12 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_FIQ]) }, { .name = "MDCR_EL3", .state = ARM_CP_STATE_AA64, + .type = ARM_CP_IO, .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 3, .opc2 = 1, .resetvalue = 0, - .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) }, + .access = PL3_RW, + .writefn = mdcr_el3_write, + .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el3) }, { .name = "SDCR", .type = ARM_CP_ALIAS | ARM_CP_IO, .cp = 15, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 1, .access = PL1_RW, .accessfn = access_trap_aa32s_el1, -- cgit v1.2.3-55-g7522 From beeec926d24aac28f95cc7694ef3837d7a4cd3bb Mon Sep 17 00:00:00 2001 From: Jerome Forissier Date: Tue, 27 Sep 2022 14:00:58 +0200 Subject: target/arm: mark SP_EL1 with ARM_CP_EL3_NO_EL2_KEEP SP_EL1 must be kept when EL3 is present but EL2 is not. Therefore mark it with ARM_CP_EL3_NO_EL2_KEEP. Cc: qemu-stable@nongnu.org Fixes: 696ba3771894 ("target/arm: Handle cpreg registration for missing EL") Signed-off-by: Jerome Forissier Reviewed-by: Richard Henderson Message-id: 20220927120058.670901-1-jerome.forissier@linaro.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index 24c592ffef..db3b1ea72d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5088,7 +5088,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, sp_el[0]) }, { .name = "SP_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 1, .opc2 = 0, - .access = PL2_RW, .type = ARM_CP_ALIAS, + .access = PL2_RW, .type = ARM_CP_ALIAS | ARM_CP_EL3_NO_EL2_KEEP, .fieldoffset = offsetof(CPUARMState, sp_el[1]) }, { .name = "SPSel", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 2, .opc2 = 0, -- cgit v1.2.3-55-g7522