target-arm: Fix potential buffer overflow
Report from smatch:
target-arm/helper.c:651 arm946_prbs_read(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8target-arm/helper.c:661 arm946_prbs_write(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8...
arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
Always call unlock_user before returning.
Signed-off-by: Jim Meyering <meyering@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
target-arm: Fix typos in comments
Fix a variety of typos in comments in target-arm files.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
arm: translate: comment typo - s/middel/middle/
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>Reviewed-by: Andreas Färber <afaerber@suse.de>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
target-arm: Implement privileged-execute-never (PXN)
Implement the privileged-execute-never (PXN) translation table bit.It is implementation-defined whether this is implemented, so we giveit its own ARM_FEATURE_ flag. LPAE requires PXN, so add also anLPAE feature flag and the implication logic, as a placeholder...
target-arm: Extend feature flags to 64 bits
Extend feature flags to 64 bits, as we've just run out of spacein the 32 bit integer we were using for them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Add AMAIR0, AMAIR1 LPAE cp15 registers
Add implementations of the AMAIR0 and AMAIR1 LPAEAuxiliary Memory Attribute Indirection Registers.These are implementation defined and we choose toimplement them as RAZ/WI, matching the Cortex-A7and Cortex-A15....
target-arm: Add 64 bit variants of DBGDRAR and DBGDSAR for LPAE
LPAE extends the DBGDRAR and DBGDSAR debug registers to 64 bits; weonly implement these as dummy RAZ versions; provide dummies forthe 64 bit accesses as well.
target-arm: Add 64 bit PAR, TTBR0, TTBR1 for LPAE
Under LPAE, the cp15 registers PAR, TTBR0 and TTBR1 are extendedto 64 bits, with a 64 bit (MRRC/MCRR) access path to read thefull width of the register. Add the state fields for the tophalf and the 64 bit access path. Actual use of the top half of...
target-arm: Use target_phys_addr_t in get_phys_addr()
In the implementation of get_phys_addr(), consistently usetarget_phys_addr_t to hold the physical address rather thanuint32_t.
target-arm: Implement long-descriptor PAR format
Implement the different format of the PAR when long descriptortranslation tables are in use. Note that we assume thatget_phys_addr() returns a long-descriptor format DFSR value onfailure if long descriptors are in use; this added subtlety tips...
target-arm: Implement TTBCR changes for LPAE
Implement the changes to the TTBCR register required for LPAE: * many fewer bits should be RAZ/WI * since TTBCR changes can result in a change of ASID, we must flush the TLB on writes to it
target-arm: Add support for long format translation table walks
Implement the actual table walk code for LPAE's long formattranslation tables.
target-arm: Fix TCG temp handling in 64 bit cp writes
Fix errors in the TCG temp handling in the 64 bit coprocessorwrite path: we were reusing a 32 bit temp after it had beenfreed by store_reg(), and failing to free a 64 bit temp.
This bug has no visible effect at this point because there...
ARM: Make target_phys_addr_t 64 bits and physaddrs 40 bits
Make target_phys_addr_t 64 bits for ARM targets, and setTARGET_PHYS_ADDR_SPACE_BITS to 40. This should have no effect for ARMboards where physical addresses really are 32 bits (except perhaps a...
target-arm: Fix typo that meant TTBR1 accesses went to TTBR0
Fix a copy-and-paste error in the register description for TTBR1that meant it was a duplicate of TTBR0 rather than affecting thecorrect bit of CPU state.
target-arm: Fix some copy-and-paste errors in cp register names
Fix a couple of cases where cp register names were copy-and-pasted.These are harmless since we don't use the name for anything (exceptdebugging convenience) but could be confusing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>...
target-arm: Fix CP15 based WFI
The coprocessor register rework broke cp15 based WFI instructions.We incorrectly fall through the normal register write case, whichincorrectly adds a forced block termination. We've already donea special version of this (DISAS_WFI), so return immediately....
target-arm: Remove ARM_CPUID_* macros
All the uses of ARM_CPUID() to vary behaviour have now beenremoved, so we can delete the ARM_CPUID_* macros now.The one exception is the TI915T/925T, because of its odd behaviourwhere the MIDR value can be changed at runtime....
target-arm: Remove remaining old cp15 infrastructure
There are now no uses of the old cp15 infrastructure,so it can be deleted.
target-arm: Move block cache ops to new cp15 framework
Move the v6 optional block cache ops to the new cp15 framework.This includes only providing them on the CPUs which implementedthem, rather than the previous blunderbuss approach of makingall MCRR instructions on all CPUs act as NOPs....
target-arm: Remove c0_cachetype CPUARMState field
Remove the no-longer-used CPUARMState c0_cachetype field.Although this was a constant register we had it in ourmigration state. Drop this (with resulting version bump)because for ARM currently we prefer cleaner migration...
target-arm: Convert final ID registers
Convert the final ID registers to the new cp15 scheme.
target-arm: Convert MPIDR
Convert the MPIDR to the new cp15 register scheme.This includes giving it its own feature bit ratherthan doing a CPUID value check.
target-arm: Convert cp15 cache ID registers
Convert the cp15 cache ID registers to the new scheme.
target-arm: Convert cp15 crn=0 crm={1,2} feature registers
Convert the cp15 crn=0 crm={1,2} features registers tothe new cp reg framework.
target-arm: Convert cp15 crn=1 registers
Convert the cp15 crn=1 registers to the new scheme.
target-arm: Convert cp15 crn=9 registers
Convert cp15 crn=9 registers (mostly cache lockdown) to the new scheme.
Note that this change makes OMAPCP cores RAZ/WI the whole c9 space. This isa change from previous behaviour, but a return to the behaviour of commit...
target-arm: Convert cp15 crn=6 registers
Convert the cp15 crn=6 registers to the new scheme.Note that this includes some minor tidyup: drop an unnecessaryunderdecoding of op2 on OMAPCP cores, and only implement thepre-v6 c6,c0,0,1 IFAR on the 1026 and not on the other ARMv5...
target-arm: convert cp15 crn=7 registers
Convert the cp15 crn=7 registers to the new scheme.Note that to do this we have to distinguish some registersused on the ARM9 and ARM10 from some which are ARM1176only. This is because the old code returned a value of 0...
target-arm: Convert cp15 VA-PA translation registers
Convert the cp15 VA-PA translation registers (a subset ofthe crn=7 regs) to the new scheme.
target-arm: Convert cp15 MMU TLB control
Convert cp15 MMU TLB control (crn=8) to new scheme.
target-arm: Convert cp15 crn=15 registers
Convert the cp15 crn=15 (implementation specific) registersto the new scheme.
target-arm: Convert cp15 crn=10 registers
We RAZ/WI the entire block of crn=10 registers. Note that thisactually covers not just the implementation-defined TLBlockdown registers but also a number of v7 VMSA memoryattribute registers which we would need to implement to...
target-arm: Convert cp15 crn=13 registers
Convert the cp15 crn=13 registers (FCSEIDR, CONTEXTIDR,and the ARM946 Trace Process Identifier Register).
target-arm: Convert cp15 crn=2 registers
Convert the cp15 crn=2 registers (MMU page table control,MPU cache control) to the new scheme.
target-arm: Convert MMU fault status cp15 registers
Convert the MMU fault status and MPU access permission cp15registers to the new scheme.
target-arm: Convert cp15 c3 register
Convert the cp15 c3 register (MMU domain access controlor MPU write buffer control). NB that this is horriblyunderdecoded for modern cores (should be crn=3,crm=0,opc1=0,opc2=0) but this change preserves the existing...
target-arm: Convert generic timer cp15 regs
Convert the (dummy) generic timer cp15 implementation.
target-arm: Convert performance monitor registers
Convert the v7 performance monitor cp15 registers tothe new scheme.
target-arm: Convert TLS registers
Convert TLS registers to the new cp15 framework
target-arm: Convert WFI/barriers special cases to cp_reginfo
Convert the various WFI and barrier instruction special cases to usecp_reginfo infrastructure.
target-arm: Convert TEECR, TEEHBR to new scheme
Convert the THUMB2EE cp14 registers TEECR and TEEHBR touse arm_cp_reginfo.
target-arm: Convert debug registers to cp_reginfo
Convert the cp14 debug registers (DBGDIDR, DBGDRAR, DBGDSAR) to thecp_reginfo scheme.
target-arm: Add register_cp_regs_for_features()
Add new function register_cp_regs_for_features() as a place toregister coprocessor registers dependent on feature flags.
target-arm: Remove old cpu_arm_set_cp_io infrastructure
All the users of cpu_arm_set_cp_io have been converted, so wecan remove it and the infrastructure it used.
target-arm: initial coprocessor register framework
Initial infrastructure for data-driven registration ofcoprocessor register implementations.
We still fall back to the old-style switch statements pendingcomplete conversion of all existing registers....
target-arm: Fix 11MPCore cache type register value
Make the 11MPCore report a valid value in its cache type register(the previous value appears to have been incorrectly copied fromthe 1136/1176). In particular, do not report that we have analiasing VIPT cache, because this causes Linux to attempt to use...
build: move other target-*/ objects to nested Makefile.objs
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
build: move libobj-y variable to nested Makefile.objs
build: move obj-TARGET-y variables to nested Makefile.objs
Also drop duplicate occurrence of device-hotplug.o.
Kill off cpu_state_reset()
In commit 1bba0dc932e8826a7d030df3767daf0bc339f9a2 cpu_reset()was renamed to cpu_state_reset(), to allow introducing a new cpu_reset()that would operate on QOM objects.
All callers have been updated except for one in target-mips, so drop all...
target-arm: Use cpu_reset() in cpu_arm_init()
Commit 3c30dd5a68e9fee6af67cfd0d14ed7520820f36a (target-arm: Move resethandling to arm_cpu_reset) QOM'ified CPU reset. Complete it by replacingcpu_state_reset() with cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>...
target-arm/cpu.h: Make cpu_init("nonexistent cpu") return NULL
The macro definition of cpu_init meant that if cpu_arm_init()returned NULL this wouldn't result in cpu_init() itself returningNULL. This had the effect that "-cpu foo" for some unknown CPUname 'foo' would cause ARM targets to segfault rather than...
target-arm: When setting FPSCR.QC, don't clear other FPSCR bits
This patch fixes a bug affecting a variety of Neon instructions, such asVQADD.
Signed-off-by: Matt Craighead <mjcraighead@gmail.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Make SETEND respect bswap_code (BE8) setting
Make the SETEND instruction respect the setting of bswap_code,so that in BE8 mode we UNDEF for attempts to switch intolittle-endian mode and nop for attempts to stay in big-endianmode. (This is the inverse of the existing handling of SETEND...
target-arm: Move A9 config_base_address reset value to ARMCPU
Move the A9 config_base_address cp15 register reset value toARMCPU. This should become a QOM property so that the Highbankboard can set it without having to pull in cpu-qom.h, but atleast this avoids the implicit dependency on reset ordering...
target-arm: Change cpu_arm_init() return type to ARMCPU
Make cpu_arm_init() return a QOM ARMCPU, so that we don't need toobtain an ARMCPU through arm_env_get_cpu() in machine init code.This requires to adjust the inclusion site of cpu-qom.h and in turn,...
target-arm: Move reset handling to arm_cpu_reset
Now that cpu_reset_model_id() has gone we can move thereset code over to the class reset function and have cpu_state_resetsimply do a reset on the CPU QOM object.
target-arm: Drop cpu_reset_model_id()
cpu_reset_model_id() is now empty and we can remove it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Acked-by: Andreas Färber <afaerber@suse.de>
target-arm: Move cache ID register setup to cpu specific init fns
Move cache ID register reset out of cpu_reset_model_id() bycreating a field for the reset value in ARMCPU and setting itup in the cpu specific init functions.
target-arm: Move OMAP cp15_i_{max,min} reset to cpu_state_reset
Move the OMAP-specific cp15_i_{max,min} reset to cpu_state_reset;since these registers are only accessible on CPUs with theOMAPCP feature set there's no need to guard this reset witheither a CPUID or feature bit check....
target-arm: Move feature register setup to per-CPU init fns
Move feature register value setup to per-CPU init functions.
target-arm: Move iWMMXT wCID reset to cpu_state_reset
Move the iWMMXT wCID reset to cpu_state_reset(). Sincewe use the same value for all CPUs with this feature(with the major/minor revision fields set to the QEMUspecific 'Q' value) there's no need to create an ARMCPU...
target-arm: Drop JTAG_ID documentation
None of the machines in QEMU offer a JTAG debug interface, so this infowas unused. Further, the PXA250 ID contradicts the February 2002Developer's Manual, which has it as 0xn9264013 with n the MIDR Revision.
target-arm: Move SCTLR reset value setup to per cpu init fns
Move the reset value of SCTLR to ARMCPU, initialised inthe per-cpu init functions. It can then be reset by asimple copy, and we can drop the code from cpu_reset_model_id().
target-arm: Move CTR setup to per cpu init fns
Move CTR (cache type register) value to an ARMCPU fieldset up by per-cpu init fns.
target-arm: Move MVFR* setup to per cpu init fns
Move the MVFR* VFP feature register values to ARMCPU,so they are set up by the implementation-specific instanceinit functions rather than in cpu_reset_model_id().
target-arm: Move FPSID config to cpu init fns
Move the reset FPSID to the ARMCPU struct, and set it in theper-implementation instance init function. At reset we thenjust copy the reset value into the CPUARMState field.
target-arm: Move feature bit settings to CPU init fns
Move the setting of the feature bits from cpu_reset_model_id()to each CPU's instance init function. This requires us to movethe features field in CPUARMState so that it is not clearedon reset.
target-arm: Add QOM subclasses for each ARM cpu implementation
Register subclasses for each ARM CPU implementation.
Let arm_cpu_list() enumerate CPU subclasses in alphabetical order,except for special value "any".
Replace cpu_arm_find_by_name()'s string -> CPUID lookup by storing the...
target-arm: remind to keep arm features in sync with linux-user/elfload.c
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use uintptr_t for various op related functions
Use uintptr_t instead of void * or unsigned long inseveral op related functions, env->mem_io_pc andGETPC macro.
Reviewed-by: Stefan Weil <sw@weilnetz.de>Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Userspace ARM BE8 support
Add support for ARM BE8 userspace binaries.i.e. big-endian data and little-endian code.In principle LE8 mode is also possible, but AFAIK has never actuallybeen implemented/used.
System emulation doesn't have any useable big-endian board models,...
ARM: Permit any ARMv6K CPU to read the MVFR0 and MVFR1 VFP registers.
This patch replaces the ARM_FEATURE_VFP3 test when reading MVFR registerswith a test for a new feature flag ARM_FEATURE_MVFR, and sets this featurefor all ARMv6K cores (ARM1156 is not a v6K core, yet supports MVFR; qemu...
target-arm: Minimalistic CPU QOM'ification
Introduce only one non-abstract type TYPE_ARM_CPU and do not touchcp15 registers to not interfere with Peter's ongoing remodelling.Embed CPUARMState as first (additional) field of ARMCPU.
Let CPUClass::reset() call cpu_state_reset() for now....
target-arm: Drop cpu_arm_close()
It's unused, so no need to QOM'ify it later.
Signed-off-by: Andreas Färber <afaerber@suse.de>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Decode SETEND correctly in Thumb
Decode the SETEND instruction correctly in Thumb mode,rather than accidentally treating it like CPS. We don'tsupport BE8 mode, but this change brings the Thumb modein to line with behaviour in ARM mode: 'SETEND BE' is...
target-arm: Clear IT bits when taking exceptions in v7M
When taking an exception for an M profile core, we must clearthe IT bits. Since the IT bits are cached in env->condexec_bitswe must clear them there: writing the bits in env->uncached_cpsrhas no effect. (Reported as LP:944645.)...
target-arm: Fix typo in ARM946 cp15 c5 handling
Fix a typo in handling of the ARM946 cp15 c5 c0 0 1 handling(instruction access permission bits) that meant it wouldreturn the data access permission bits by mistake.
Rename CPUState -> CPUArchState
Scripted conversion: for file in .[hc] hw/.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do sed -i "s/CPUState/CPUArchState/g" $file done...
Rename cpu_reset() to cpu_state_reset()
Frees the identifier cpu_reset for QOM CPUs (manual rename).
Don't hide the parameter type behind explicit casts, use staticfunctions with strongly typed argument to indirect.
target-arm: Don't overuse CPUState
Scripted conversion: sed -i "s/CPUState/CPUARMState/g" target-arm/*.[hc] sed -i "s/#define CPUARMState/#define CPUState/" target-arm/cpu.h
Signed-off-by: Andreas Färber <afaerber@suse.de>Acked-by: Anthony Liguori <aliguori@us.ibm.com>...
target-arm: Clean includes
Remove some include statements which are not needed.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Stefan Weil <sw@weilnetz.de>
target-arm/helper.c: tb_flush() on CPU reset
Since target-arm has some CPUState fields for which we take the approachof baking assumptions about them into translated code and then callingtb_flush() when the fields change, we must also tb_flush on CPU reset,...
target-arm/helper.c: Correct FPSID value for Cortex-A9
The correct FPSID for the Cortex-A9 (according to the TRM) is0x41033090 for the r0p0 that we claim to model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add Cortex-A15 CPU definition
Add a definition of a Cortex-A15 CPU. Note that for the moment we donot implement any of: * Large Physical Address Extensions (LPAE) * Virtualization Extensions * Generic Timer * TrustZone (this is also true of our existing Cortex-A9 model, etc)...
Add dummy implementation of generic timer cp15 registers
Add a dummy implementation of the cp15 registers for the generictimer (found in the Cortex-A15), just sufficient for Linux todecide that it can't use it. This requires at least CNTP_CTL andCNTFRQ to be implemented as RAZ/WI; we RAZ/WI all of c14....
target-arm: Fix implementation of TLB invalidate operations
Fix some bugs in the implementation of the TLB invalidateoperations on ARM: * the 'invalidate all' op was not passing flush_global=1 to tlb_flush(); this doesn't have a practical effect since...
target-arm/helper.c: Don't assume softfloat int32 is 32 bits only
In the helper routines for VCVT float-to-int conversions, addan explicit cast rather than relying on the softfloat int32type being exactly 32 bits wide (which it is not guaranteed to be)....
arm: store the config_base_register during cpu_reset
Long term, the config_base_register will be a QDM parameter. In themeantime, models that use it need to be able to preserve it acrosscpu_reset() calls.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>...
target-arm: Fix errors in decode of M profile CPS
Fix errors in the decode of M profile CPS: * the decode of the I (affects PRIMASK) and F (affects FAULTMASK) bits was reversed * the FAULTMASK system register number is 19, not 17
This fixes an issue reported as LP:913925....
arm: Add dummy support for co-processor 15's secure config register
Signed-off-by: Rob Herring <rob.herring@calxeda.com>Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Don't use cpu_single_env in bank_number()
Avoid using cpu_single_env in bank_number() -- if we werecalled via the gdb stub reading or writing the CPSR thenit is NULL and we will segfault if we take the cpu_abort().
target-arm: Ignore attempts to set invalid modes in CPSR
Ignore attempts to set the CPSR mode field to an invalid value.This is UNPREDICTABLE, but we should not cpu_abort() for thingsa malicious guest (or a confused user on the gdbstub interface)can provoke....
arm: add dummy A9-specific cp15 registers
Add dummy register support for the cp15, CRn=c15 registers.
config_base_register and power_control_register currentlydefault to 0, but may have improved support after the QOMCPU patches are finished.
target-arm: Infer VFPv3 feature from VFPv4
VFP4 => VFP3
Signed-off-by: Andreas Färber <andreas.faerber@web.de>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Infer Thumb2 feature from ARMv7
V7 => THUMB2
target-arm: Infer Thumb division feature from M profile
M => THUMB_DIV
target-arm: Infer VFP feature from VFPv3
VFP3 => VFP