qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 9d5a9a: hw/intc/armv7m_nvic: ICPRn must not u


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 9d5a9a: hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ ...
Date: Mon, 18 Jul 2022 09:47:59 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 9d5a9ae962eec0788a6ac5a8e9a7a116ff30f50a
      
https://github.com/qemu/qemu/commit/9d5a9ae962eec0788a6ac5a8e9a7a116ff30f50a
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M hw/intc/armv7m_nvic.c

  Log Message:
  -----------
  hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high

In the M-profile Arm ARM, rule R_CVJS defines when an interrupt should
be set to the Pending state:
 A) when the input line is high and the interrupt is not Active
 B) when the input line transitions from low to high and the interrupt
    is Active
(Note that the first of these is an ongoing condition, and the
second is a point-in-time event.)

This can be rephrased as:
 1 when the line goes from low to high, set Pending
 2 when Active goes from 1 to 0, if line is high then set Pending
 3 ignore attempts to clear Pending when the line is high
   and Active is 0

where 1 covers both B and one of the "transition into condition A"
cases, 2 deals with the other "transition into condition A"
possibility, and 3 is "don't drop Pending if we're already in
condition A".  Transitions out of condition A don't affect Pending
state.

We handle case 1 in set_irq_level(). For an interrupt (as opposed
to other kinds of exception) the only place where we clear Active
is in armv7m_nvic_complete_irq(), where we handle case 2 by
checking for whether we need to re-pend the exception. For case 3,
the only places where we clear Pending state on an interrupt are in
armv7m_nvic_acknowledge_irq() (where we are setting Active so it
doesn't count) and for writes to NVIC_ICPRn.

It is the "write to NVIC_ICPRn" case that we missed: we must ignore
this if the input line is high and the interrupt is not Active.
(This required behaviour is differently and perhaps more clearly
stated in the v7M Arm ARM, which has pseudocode in section B3.4.1
that implies it.)

Reported-by: Igor Kotrasiński <i.kotrasinsk@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220628154724.3297442-1-peter.maydell@linaro.org


  Commit: 6215113355a508c5e6d0a4337c79184d85eeed61
      
https://github.com/qemu/qemu/commit/6215113355a508c5e6d0a4337c79184d85eeed61
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Fill in VL for tbflags when SME enabled and SVE disabled

When PSTATE.SM, VL = SVL even if SVE is disabled.
This is visible in kselftest ssve-test.

Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220713045848.217364-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 6a775fd6e0423e76d3e3cb751b4b468d68f19ca5
      
https://github.com/qemu/qemu/commit/6a775fd6e0423e76d3e3cb751b4b468d68f19ca5
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Fix aarch64_sve_change_el for SME

We were only checking for SVE disabled and not taking into
account PSTATE.SM to check SME disabled, which resulted in
vectors being incorrectly truncated.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220713045848.217364-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 7f2cf760fe649972dba0948f8e3fc5618cb1fb37
      
https://github.com/qemu/qemu/commit/7f2cf760fe649972dba0948f8e3fc5618cb1fb37
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M accel/tcg/translate-all.c
    M target/arm/cpu.h

  Log Message:
  -----------
  linux-user/aarch64: Do not clear PROT_MTE on mprotect

The documentation for PROT_MTE says that it cannot be cleared
by mprotect.  Further, the implementation of the VM_ARCH_CLEAR bit,
contains PROT_BTI confiming that bit should be cleared.

Introduce PAGE_TARGET_STICKY to allow target/arch/cpu.h to control
which bits may be reset during page_set_flags.  This is sort of the
opposite of VM_ARCH_CLEAR, but works better with qemu's PAGE_* bits
that are separate from PROT_* bits.

Reported-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220711031420.17820-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: dfce4aa8feccf77dc10e27b7491a97c94326460d
      
https://github.com/qemu/qemu/commit/dfce4aa8feccf77dc10e27b7491a97c94326460d
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/helper.c
    M target/arm/internals.h
    M target/arm/ptw.c
    M target/arm/tlb_helper.c

  Log Message:
  -----------
  target/arm: Define and use new regime_tcr_value() function

The regime_tcr() function returns a pointer to a struct TCR
corresponding to the TCR controlling a translation regime.  The
struct TCR has the raw value of the register, plus two fields mask
and base_mask which are used as a small optimization in the case of
32-bit short-descriptor lookups.  Almost all callers of regime_tcr()
only want the raw register value.  Define and use a new
regime_tcr_value() function which returns only the raw 64-bit
register value.

This is a preliminary to removing the 32-bit short descriptor
optimization -- it only saves a handful of bit operations, which is
tiny compared to the overhead of doing a page table walk at all, and
the TCR struct is awkward and makes fixing
https://gitlab.com/qemu-project/qemu/-/issues/1103 unnecessarily
difficult.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-2-peter.maydell@linaro.org


  Commit: 9e70e26c5382f433d9ffd93b7ac5f1501ff473ff
      
https://github.com/qemu/qemu/commit/9e70e26c5382f433d9ffd93b7ac5f1501ff473ff
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/ptw.c

  Log Message:
  -----------
  target/arm: Calculate mask/base_mask in get_level1_table_address()

In get_level1_table_address(), instead of using precalculated values
of mask and base_mask from the TCR struct, calculate them directly
(in the same way we currently do in vmsa_ttbcr_raw_write() to
populate the TCR struct fields).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-3-peter.maydell@linaro.org


  Commit: c1547bba7eead64575a662acd95a986ac2956213
      
https://github.com/qemu/qemu/commit/c1547bba7eead64575a662acd95a986ac2956213
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/helper.c
    M target/arm/internals.h
    M target/arm/ptw.c
    M target/arm/tlb_helper.c

  Log Message:
  -----------
  target/arm: Fold regime_tcr() and regime_tcr_value() together

The only caller of regime_tcr() is now regime_tcr_value(); fold the
two together, and use the shorter and more natural 'regime_tcr'
name for the new function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-4-peter.maydell@linaro.org


  Commit: afbb181c2deb4584666be17adfbc49532fc90ace
      
https://github.com/qemu/qemu/commit/afbb181c2deb4584666be17adfbc49532fc90ace
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Fix big-endian host handling of VTCR

We have a bug in our handling of accesses to the AArch32 VTCR
register on big-endian hosts: we were not adjusting the part of the
uint64_t field within TCR that the generated code would access.  That
can be done with offsetoflow32(), by using an ARM_CP_STATE_BOTH cpreg
struct, or by defining a full set of read/write/reset functions --
the various other TCR cpreg structs used one or another of those
strategies, but for VTCR we did not, so on a big-endian host VTCR
accesses would touch the wrong half of the register.

Use offsetoflow32() in the VTCR register struct.  This works even
though the field in the CPU struct is currently a struct TCR, because
the first field in that struct is the uint64_t raw_tcr.

None of the other TCR registers have this bug -- either they are
AArch64 only, or else they define resetfn, writefn, etc, and
expect to be passed the full struct pointer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-5-peter.maydell@linaro.org


  Commit: 988cc1909f2895cb751fc9cc83ba51938be02183
      
https://github.com/qemu/qemu/commit/988cc1909f2895cb751fc9cc83ba51938be02183
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/cpu.h
    M target/arm/helper.c
    M target/arm/internals.h
    M target/arm/ptw.c

  Log Message:
  -----------
  target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t

Change the representation of the VSTCR_EL2 and VTCR_EL2 registers in
the CPU state struct from struct TCR to uint64_t.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-6-peter.maydell@linaro.org


  Commit: cb4a0a3444dc25fc5d69603ef098020a8767c6a0
      
https://github.com/qemu/qemu/commit/cb4a0a3444dc25fc5d69603ef098020a8767c6a0
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/cpu.c
    M target/arm/cpu.h
    M target/arm/debug_helper.c
    M target/arm/helper.c
    M target/arm/internals.h
    M target/arm/ptw.c

  Log Message:
  -----------
  target/arm: Store TCR_EL* registers as uint64_t

Change the representation of the TCR_EL* registers in the CPU state
struct from struct TCR to uint64_t.  This allows us to drop the
custom vmsa_ttbcr_raw_write() function, moving the "enforce RES0"
checks to their more usual location in the writefn
vmsa_ttbcr_write().  We also don't need the resetfn any more.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-7-peter.maydell@linaro.org


  Commit: f04383e74926180cc56809ec8319115e4cea32b7
      
https://github.com/qemu/qemu/commit/f04383e74926180cc56809ec8319115e4cea32b7
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/cpu.h
    M target/arm/internals.h

  Log Message:
  -----------
  target/arm: Honour VTCR_EL2 bits in Secure EL2

In regime_tcr() we return the appropriate TCR register for the
translation regime.  For Secure EL2, we return the VSTCR_EL2 value,
but in this translation regime some fields that control behaviour are
in VTCR_EL2.  When this code was originally written (as the comment
notes), QEMU didn't care about any of those fields, but we have since
added support for features such as LPA2 which do need the values from
those fields.

Synthesize a TCR value by merging in the relevant VTCR_EL2 fields to
the VSTCR_EL2 value.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1103
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-8-peter.maydell@linaro.org


  Commit: 4a84e85413acaad9e84b64786e44e190080d78a6
      
https://github.com/qemu/qemu/commit/4a84e85413acaad9e84b64786e44e190080d78a6
  Author: Hao Wu <wuhaotsh@google.com>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M hw/adc/npcm7xx_adc.c
    M tests/qtest/npcm7xx_adc-test.c

  Log Message:
  -----------
  hw/adc: Fix CONV bit in NPCM7XX ADC CON register

The correct bit for the CONV bit in NPCM7XX ADC is bit 13. This patch
fixes that in the module, and also lower the IRQ when the guest
is done handling an interrupt event from the ADC module.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture<venture@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-4-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 99638ba9d86b7707adabbf0b223a6e0ae144cd88
      
https://github.com/qemu/qemu/commit/99638ba9d86b7707adabbf0b223a6e0ae144cd88
  Author: Hao Wu <wuhaotsh@google.com>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M hw/adc/npcm7xx_adc.c

  Log Message:
  -----------
  hw/adc: Make adci[*] R/W in NPCM7XX ADC

Our sensor test requires both reading and writing from a sensor's
QOM property. So we need to make the input of ADC module R/W instead
of write only for that to work.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-5-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 53ae2fdef1f5661cbaa2ea571c517f98e6041cb8
      
https://github.com/qemu/qemu/commit/53ae2fdef1f5661cbaa2ea571c517f98e6041cb8
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M target/arm/translate-a64.c

  Log Message:
  -----------
  target/arm: Don't set syndrome ISS for loads and stores with writeback

The architecture requires that for faults on loads and stores which
do writeback, the syndrome information does not have the ISS
instruction syndrome information (i.e. ISV is 0).  We got this wrong
for the load and store instructions covered by disas_ldst_reg_imm9().
Calculate iss_valid correctly so that if the insn is a writeback one
it is false.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1057
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220715123323.1550983-1-peter.maydell@linaro.org


  Commit: 004c8a8bc569c8b18fca6fc90ffe3223daaf17b7
      
https://github.com/qemu/qemu/commit/004c8a8bc569c8b18fca6fc90ffe3223daaf17b7
  Author: Andrey Makarov <ph.makarov@gmail.com>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M hw/arm/bcm2835_peripherals.c
    M include/hw/arm/bcm2835_peripherals.h
    A tests/qtest/bcm2835-dma-test.c
    M tests/qtest/meson.build

  Log Message:
  -----------
  Align Raspberry Pi DMA interrupts with Linux DTS

There is nothing in the specs on DMA engine interrupt lines: it should have
been in the "BCM2835 ARM Peripherals" datasheet but the appropriate
"ARM peripherals interrupt table" (p.113) is nearly empty.

All Raspberry Pi models 1-3 (based on bcm2835) have
Linux device tree (arch/arm/boot/dts/bcm2835-common.dtsi +25):

    /* dma channel 11-14 share one irq */

This information is repeated in the driver code
(drivers/dma/bcm2835-dma.c +1344):

    /*
     * in case of channel >= 11
     * use the 11th interrupt and that is shared
     */

In this patch channels 0--10 and 11--14 are handled separately.

Signed-off-by: Andrey Makarov <andrey.makarov@auriga.com>
Message-id: 20220716113210.349153-1-andrey.makarov@auriga.com
[PMM: fixed checkpatch nits]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 782378973121addeb11b13fd12a6ac2e69faa33f
      
https://github.com/qemu/qemu/commit/782378973121addeb11b13fd12a6ac2e69faa33f
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M accel/tcg/translate-all.c
    M hw/adc/npcm7xx_adc.c
    M hw/arm/bcm2835_peripherals.c
    M hw/intc/armv7m_nvic.c
    M include/hw/arm/bcm2835_peripherals.h
    M target/arm/cpu.c
    M target/arm/cpu.h
    M target/arm/debug_helper.c
    M target/arm/helper.c
    M target/arm/internals.h
    M target/arm/ptw.c
    M target/arm/tlb_helper.c
    M target/arm/translate-a64.c
    A tests/qtest/bcm2835-dma-test.c
    M tests/qtest/meson.build
    M tests/qtest/npcm7xx_adc-test.c

  Log Message:
  -----------
  Merge tag 'pull-target-arm-20220718' of 
https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
 * target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
 * target/arm: Fix aarch64_sve_change_el for SME
 * linux-user/aarch64: Do not clear PROT_MTE on mprotect
 * target/arm: Honour VTCR_EL2 bits in Secure EL2
 * hw/adc: Fix CONV bit in NPCM7XX ADC CON register
 * hw/adc: Make adci[*] R/W in NPCM7XX ADC
 * target/arm: Don't set syndrome ISS for loads and stores with writeback
 * Align Raspberry Pi DMA interrupts with Linux DTS

# gpg: Signature made Mon 18 Jul 2022 14:58:26 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" 
[ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20220718' of 
https://git.linaro.org/people/pmaydell/qemu-arm:
  Align Raspberry Pi DMA interrupts with Linux DTS
  target/arm: Don't set syndrome ISS for loads and stores with writeback
  hw/adc: Make adci[*] R/W in NPCM7XX ADC
  hw/adc: Fix CONV bit in NPCM7XX ADC CON register
  target/arm: Honour VTCR_EL2 bits in Secure EL2
  target/arm: Store TCR_EL* registers as uint64_t
  target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t
  target/arm: Fix big-endian host handling of VTCR
  target/arm: Fold regime_tcr() and regime_tcr_value() together
  target/arm: Calculate mask/base_mask in get_level1_table_address()
  target/arm: Define and use new regime_tcr_value() function
  linux-user/aarch64: Do not clear PROT_MTE on mprotect
  target/arm: Fix aarch64_sve_change_el for SME
  target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
  hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/20f55423960e...782378973121



reply via email to

[Prev in Thread] Current Thread [Next in Thread]