History | View | Annotate | Download (111.7 kB)
target-arm: Fix potential buffer overflow
Report from smatch:
target-arm/helper.c:651 arm946_prbs_read(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8target-arm/helper.c:661 arm946_prbs_write(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8...
target-arm: Fix typos in comments
Fix a variety of typos in comments in target-arm files.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
target-arm: Implement privileged-execute-never (PXN)
Implement the privileged-execute-never (PXN) translation table bit.It is implementation-defined whether this is implemented, so we giveit its own ARM_FEATURE_ flag. LPAE requires PXN, so add also anLPAE feature flag and the implication logic, as a placeholder...
target-arm: Add AMAIR0, AMAIR1 LPAE cp15 registers
Add implementations of the AMAIR0 and AMAIR1 LPAEAuxiliary Memory Attribute Indirection Registers.These are implementation defined and we choose toimplement them as RAZ/WI, matching the Cortex-A7and Cortex-A15....
target-arm: Add 64 bit variants of DBGDRAR and DBGDSAR for LPAE
LPAE extends the DBGDRAR and DBGDSAR debug registers to 64 bits; weonly implement these as dummy RAZ versions; provide dummies forthe 64 bit accesses as well.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Add 64 bit PAR, TTBR0, TTBR1 for LPAE
Under LPAE, the cp15 registers PAR, TTBR0 and TTBR1 are extendedto 64 bits, with a 64 bit (MRRC/MCRR) access path to read thefull width of the register. Add the state fields for the tophalf and the 64 bit access path. Actual use of the top half of...
target-arm: Use target_phys_addr_t in get_phys_addr()
In the implementation of get_phys_addr(), consistently usetarget_phys_addr_t to hold the physical address rather thanuint32_t.
target-arm: Implement long-descriptor PAR format
Implement the different format of the PAR when long descriptortranslation tables are in use. Note that we assume thatget_phys_addr() returns a long-descriptor format DFSR value onfailure if long descriptors are in use; this added subtlety tips...
target-arm: Implement TTBCR changes for LPAE
Implement the changes to the TTBCR register required for LPAE: * many fewer bits should be RAZ/WI * since TTBCR changes can result in a change of ASID, we must flush the TLB on writes to it
target-arm: Add support for long format translation table walks
Implement the actual table walk code for LPAE's long formattranslation tables.
target-arm: Fix typo that meant TTBR1 accesses went to TTBR0
Fix a copy-and-paste error in the register description for TTBR1that meant it was a duplicate of TTBR0 rather than affecting thecorrect bit of CPU state.
target-arm: Fix some copy-and-paste errors in cp register names
Fix a couple of cases where cp register names were copy-and-pasted.These are harmless since we don't use the name for anything (exceptdebugging convenience) but could be confusing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>...
target-arm: Remove remaining old cp15 infrastructure
There are now no uses of the old cp15 infrastructure,so it can be deleted.
target-arm: Move block cache ops to new cp15 framework
Move the v6 optional block cache ops to the new cp15 framework.This includes only providing them on the CPUs which implementedthem, rather than the previous blunderbuss approach of makingall MCRR instructions on all CPUs act as NOPs....
target-arm: Convert final ID registers
Convert the final ID registers to the new cp15 scheme.
target-arm: Convert MPIDR
Convert the MPIDR to the new cp15 register scheme.This includes giving it its own feature bit ratherthan doing a CPUID value check.
target-arm: Convert cp15 cache ID registers
Convert the cp15 cache ID registers to the new scheme.
target-arm: Convert cp15 crn=0 crm={1,2} feature registers
Convert the cp15 crn=0 crm={1,2} features registers tothe new cp reg framework.
target-arm: Convert cp15 crn=1 registers
Convert the cp15 crn=1 registers to the new scheme.
target-arm: Convert cp15 crn=9 registers
Convert cp15 crn=9 registers (mostly cache lockdown) to the new scheme.
Note that this change makes OMAPCP cores RAZ/WI the whole c9 space. This isa change from previous behaviour, but a return to the behaviour of commit...
target-arm: Convert cp15 crn=6 registers
Convert the cp15 crn=6 registers to the new scheme.Note that this includes some minor tidyup: drop an unnecessaryunderdecoding of op2 on OMAPCP cores, and only implement thepre-v6 c6,c0,0,1 IFAR on the 1026 and not on the other ARMv5...
target-arm: convert cp15 crn=7 registers
Convert the cp15 crn=7 registers to the new scheme.Note that to do this we have to distinguish some registersused on the ARM9 and ARM10 from some which are ARM1176only. This is because the old code returned a value of 0...
target-arm: Convert cp15 VA-PA translation registers
Convert the cp15 VA-PA translation registers (a subset ofthe crn=7 regs) to the new scheme.
target-arm: Convert cp15 MMU TLB control
Convert cp15 MMU TLB control (crn=8) to new scheme.
target-arm: Convert cp15 crn=15 registers
Convert the cp15 crn=15 (implementation specific) registersto the new scheme.
target-arm: Convert cp15 crn=10 registers
We RAZ/WI the entire block of crn=10 registers. Note that thisactually covers not just the implementation-defined TLBlockdown registers but also a number of v7 VMSA memoryattribute registers which we would need to implement to...
target-arm: Convert cp15 crn=13 registers
Convert the cp15 crn=13 registers (FCSEIDR, CONTEXTIDR,and the ARM946 Trace Process Identifier Register).
target-arm: Convert cp15 crn=2 registers
Convert the cp15 crn=2 registers (MMU page table control,MPU cache control) to the new scheme.
target-arm: Convert MMU fault status cp15 registers
Convert the MMU fault status and MPU access permission cp15registers to the new scheme.
target-arm: Convert cp15 c3 register
Convert the cp15 c3 register (MMU domain access controlor MPU write buffer control). NB that this is horriblyunderdecoded for modern cores (should be crn=3,crm=0,opc1=0,opc2=0) but this change preserves the existing...
target-arm: Convert generic timer cp15 regs
Convert the (dummy) generic timer cp15 implementation.
target-arm: Convert performance monitor registers
Convert the v7 performance monitor cp15 registers tothe new scheme.
target-arm: Convert TLS registers
Convert TLS registers to the new cp15 framework
target-arm: Convert WFI/barriers special cases to cp_reginfo
Convert the various WFI and barrier instruction special cases to usecp_reginfo infrastructure.
target-arm: Convert TEECR, TEEHBR to new scheme
Convert the THUMB2EE cp14 registers TEECR and TEEHBR touse arm_cp_reginfo.
target-arm: Convert debug registers to cp_reginfo
Convert the cp14 debug registers (DBGDIDR, DBGDRAR, DBGDSAR) to thecp_reginfo scheme.
target-arm: Add register_cp_regs_for_features()
Add new function register_cp_regs_for_features() as a place toregister coprocessor registers dependent on feature flags.
target-arm: Remove old cpu_arm_set_cp_io infrastructure
All the users of cpu_arm_set_cp_io have been converted, so wecan remove it and the infrastructure it used.
target-arm: initial coprocessor register framework
Initial infrastructure for data-driven registration ofcoprocessor register implementations.
We still fall back to the old-style switch statements pendingcomplete conversion of all existing registers....
Kill off cpu_state_reset()
In commit 1bba0dc932e8826a7d030df3767daf0bc339f9a2 cpu_reset()was renamed to cpu_state_reset(), to allow introducing a new cpu_reset()that would operate on QOM objects.
All callers have been updated except for one in target-mips, so drop all...
target-arm: Use cpu_reset() in cpu_arm_init()
Commit 3c30dd5a68e9fee6af67cfd0d14ed7520820f36a (target-arm: Move resethandling to arm_cpu_reset) QOM'ified CPU reset. Complete it by replacingcpu_state_reset() with cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>...
target-arm: Change cpu_arm_init() return type to ARMCPU
Make cpu_arm_init() return a QOM ARMCPU, so that we don't need toobtain an ARMCPU through arm_env_get_cpu() in machine init code.This requires to adjust the inclusion site of cpu-qom.h and in turn,...
target-arm: Move reset handling to arm_cpu_reset
Now that cpu_reset_model_id() has gone we can move thereset code over to the class reset function and have cpu_state_resetsimply do a reset on the CPU QOM object.
target-arm: Drop cpu_reset_model_id()
cpu_reset_model_id() is now empty and we can remove it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Acked-by: Andreas Färber <afaerber@suse.de>
target-arm: Move cache ID register setup to cpu specific init fns
Move cache ID register reset out of cpu_reset_model_id() bycreating a field for the reset value in ARMCPU and setting itup in the cpu specific init functions.
target-arm: Move OMAP cp15_i_{max,min} reset to cpu_state_reset
Move the OMAP-specific cp15_i_{max,min} reset to cpu_state_reset;since these registers are only accessible on CPUs with theOMAPCP feature set there's no need to guard this reset witheither a CPUID or feature bit check....
target-arm: Move feature register setup to per-CPU init fns
Move feature register value setup to per-CPU init functions.
target-arm: Move iWMMXT wCID reset to cpu_state_reset
Move the iWMMXT wCID reset to cpu_state_reset(). Sincewe use the same value for all CPUs with this feature(with the major/minor revision fields set to the QEMUspecific 'Q' value) there's no need to create an ARMCPU...
target-arm: Drop JTAG_ID documentation
None of the machines in QEMU offer a JTAG debug interface, so this infowas unused. Further, the PXA250 ID contradicts the February 2002Developer's Manual, which has it as 0xn9264013 with n the MIDR Revision.
target-arm: Move SCTLR reset value setup to per cpu init fns
Move the reset value of SCTLR to ARMCPU, initialised inthe per-cpu init functions. It can then be reset by asimple copy, and we can drop the code from cpu_reset_model_id().
target-arm: Move CTR setup to per cpu init fns
Move CTR (cache type register) value to an ARMCPU fieldset up by per-cpu init fns.
target-arm: Move MVFR* setup to per cpu init fns
Move the MVFR* VFP feature register values to ARMCPU,so they are set up by the implementation-specific instanceinit functions rather than in cpu_reset_model_id().
target-arm: Move FPSID config to cpu init fns
Move the reset FPSID to the ARMCPU struct, and set it in theper-implementation instance init function. At reset we thenjust copy the reset value into the CPUARMState field.
target-arm: Move feature bit settings to CPU init fns
Move the setting of the feature bits from cpu_reset_model_id()to each CPU's instance init function. This requires us to movethe features field in CPUARMState so that it is not clearedon reset.
target-arm: Add QOM subclasses for each ARM cpu implementation
Register subclasses for each ARM CPU implementation.
Let arm_cpu_list() enumerate CPU subclasses in alphabetical order,except for special value "any".
Replace cpu_arm_find_by_name()'s string -> CPUID lookup by storing the...
Userspace ARM BE8 support
Add support for ARM BE8 userspace binaries.i.e. big-endian data and little-endian code.In principle LE8 mode is also possible, but AFAIK has never actuallybeen implemented/used.
System emulation doesn't have any useable big-endian board models,...
ARM: Permit any ARMv6K CPU to read the MVFR0 and MVFR1 VFP registers.
This patch replaces the ARM_FEATURE_VFP3 test when reading MVFR registerswith a test for a new feature flag ARM_FEATURE_MVFR, and sets this featurefor all ARMv6K cores (ARM1156 is not a v6K core, yet supports MVFR; qemu...
target-arm: Minimalistic CPU QOM'ification
Introduce only one non-abstract type TYPE_ARM_CPU and do not touchcp15 registers to not interfere with Peter's ongoing remodelling.Embed CPUARMState as first (additional) field of ARMCPU.
Let CPUClass::reset() call cpu_state_reset() for now....
target-arm: Drop cpu_arm_close()
It's unused, so no need to QOM'ify it later.
Signed-off-by: Andreas Färber <afaerber@suse.de>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Clear IT bits when taking exceptions in v7M
When taking an exception for an M profile core, we must clearthe IT bits. Since the IT bits are cached in env->condexec_bitswe must clear them there: writing the bits in env->uncached_cpsrhas no effect. (Reported as LP:944645.)...
target-arm: Fix typo in ARM946 cp15 c5 handling
Fix a typo in handling of the ARM946 cp15 c5 c0 0 1 handling(instruction access permission bits) that meant it wouldreturn the data access permission bits by mistake.
Rename cpu_reset() to cpu_state_reset()
Frees the identifier cpu_reset for QOM CPUs (manual rename).
Don't hide the parameter type behind explicit casts, use staticfunctions with strongly typed argument to indirect.
target-arm: Don't overuse CPUState
Scripted conversion: sed -i "s/CPUState/CPUARMState/g" target-arm/*.[hc] sed -i "s/#define CPUARMState/#define CPUState/" target-arm/cpu.h
Signed-off-by: Andreas Färber <afaerber@suse.de>Acked-by: Anthony Liguori <aliguori@us.ibm.com>...
target-arm: Clean includes
Remove some include statements which are not needed.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Stefan Weil <sw@weilnetz.de>
target-arm/helper.c: tb_flush() on CPU reset
Since target-arm has some CPUState fields for which we take the approachof baking assumptions about them into translated code and then callingtb_flush() when the fields change, we must also tb_flush on CPU reset,...
target-arm/helper.c: Correct FPSID value for Cortex-A9
The correct FPSID for the Cortex-A9 (according to the TRM) is0x41033090 for the r0p0 that we claim to model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add Cortex-A15 CPU definition
Add a definition of a Cortex-A15 CPU. Note that for the moment we donot implement any of: * Large Physical Address Extensions (LPAE) * Virtualization Extensions * Generic Timer * TrustZone (this is also true of our existing Cortex-A9 model, etc)...
Add dummy implementation of generic timer cp15 registers
Add a dummy implementation of the cp15 registers for the generictimer (found in the Cortex-A15), just sufficient for Linux todecide that it can't use it. This requires at least CNTP_CTL andCNTFRQ to be implemented as RAZ/WI; we RAZ/WI all of c14....
target-arm: Fix implementation of TLB invalidate operations
Fix some bugs in the implementation of the TLB invalidateoperations on ARM: * the 'invalidate all' op was not passing flush_global=1 to tlb_flush(); this doesn't have a practical effect since...
target-arm/helper.c: Don't assume softfloat int32 is 32 bits only
In the helper routines for VCVT float-to-int conversions, addan explicit cast rather than relying on the softfloat int32type being exactly 32 bits wide (which it is not guaranteed to be)....
arm: store the config_base_register during cpu_reset
Long term, the config_base_register will be a QDM parameter. In themeantime, models that use it need to be able to preserve it acrosscpu_reset() calls.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>...
arm: Add dummy support for co-processor 15's secure config register
Signed-off-by: Rob Herring <rob.herring@calxeda.com>Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Don't use cpu_single_env in bank_number()
Avoid using cpu_single_env in bank_number() -- if we werecalled via the gdb stub reading or writing the CPSR thenit is NULL and we will segfault if we take the cpu_abort().
target-arm: Ignore attempts to set invalid modes in CPSR
Ignore attempts to set the CPSR mode field to an invalid value.This is UNPREDICTABLE, but we should not cpu_abort() for thingsa malicious guest (or a confused user on the gdbstub interface)can provoke....
arm: add dummy A9-specific cp15 registers
Add dummy register support for the cp15, CRn=c15 registers.
config_base_register and power_control_register currentlydefault to 0, but may have improved support after the QOMCPU patches are finished.
target-arm: Infer VFPv3 feature from VFPv4
VFP4 => VFP3
Signed-off-by: Andreas Färber <andreas.faerber@web.de>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Infer ARMv5 feature from ARMv6
V6 => V5
target-arm: Infer ARMv6 feature from v6K
V6K => V6
target-arm: Infer ARMv6(K) feature from ARMv7
V7 && M => V6V7 && !M => V6K
target-arm: Infer AUXCR feature from ARMv6
V6 && !M => AUXCR
target-arm: Infer Thumb2 feature from ARMv7
V7 => THUMB2
target-arm: Infer Thumb division feature from M profile
M => THUMB_DIV
target-arm: Infer VFP feature from VFPv3
VFP3 => VFP
arm: Fix CP15 FSR (C5) domain setting
Return the correct value in the domain field in the cp15 DFSR(C5) -- bug noticed during Xvisor development.
Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>[Peter Maydell: reworded commit message]Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Infer ARMv4T feature from ARMv5
V5 => V4T
target-arm/helper.c: Don't allocate TCG resources unless TCG enabled
Don't call arm_translate_init() (which allocates TCG resources)unless TCG is enabled.
target-arm: Fix use of free() in cpu_arm_close()
env is allocated in cpu_arm_init() with g_malloc0(), so free with g_free().
target-arm: Implement VFPv4 fused multiply-accumulate insns
Implement the fused multiply-accumulate instructions (VFMA, VFMS,VFNMA, VFNMS) which are new in VFPv4.
target-arm: Rename ARM_FEATURE_DIV to _THUMB_DIV
Rename the ARM_FEATURE_DIV feature bit to _THUMB_DIV, tomake room for a new feature switch enabling DIV in the ARMencoding. (Cores may implement either (a) no divide insns(b) divide insns in Thumb encodings only (c) divide insns...
target-arm: Add ARM UDIV/SDIV support
Add support for UDIV and SDIV in ARM mode. This is a new optionalfeature for A profile cores (Thumb mode has had UDIV and SDIV forM profile cores for some time).
rsqrte_f32: No need to copy sign bit.
Indeed, the result is known to be always positive.
Signed-off-by: Christophe Lyon <christophe.lyon@st.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Fix typo
The command line option is called -kernel, not -kenrel.
Cc: Paul Brook <paul@codesourcery.com>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Andreas Färber <andreas.faerber@web.de>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Use glib memory allocation and free functions
qemu_malloc/qemu_free no longer exist after this commit.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Merge remote-tracking branch 'pm-arm/for-upstream' into pm
Remove unused is_softmmu parameter from cpu_handle_mmu_fault
Parameter is_softmmu (and its evil mutant twin brother is_softmuu)is not used in cpu_*_handle_mmu_fault() functions, remove themand adjust callers.
Acked-by: Richard Henderson <rth@twiddle.net>...
target-arm: support for ARM1176JZF-s cores
Add support for v6K ARM1176JZF-S. This core includes the VA<->PAtranslation capability and security extensions.
Signed-off-by: Jamie Iles <jamie@jamieiles.com>Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm: Mark 1136r1 as a v6K core
The 1136r1 is actually a v6K core (unlike the 1136r0); mark it as such,thus enabling the TLS registers, NOP hints, CLREX, half and byte wideexclusive load/stores, etc.
The VA-to-PA translation registers are not present on 1136r1, so...
target-arm: make VMSAv7 remapping and AP dependent on V6K
The VMSAv7 remapping and access permissions were introduced in ARMv6Kand not ARMv7.
Merge branch 'for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
Remove exec-all.h include directives
Most exec-all.h include directives are now useless, remove them.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>