From 46747d15080a93cc82cac563c1b7b8ffef164bb5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 29 Sep 2014 18:48:46 +0100 Subject: target-arm: Implement setting guest breakpoints This patch adds support for setting guest breakpoints based on values the guest writes to the DBGBVR and DBGBCR registers. (It doesn't include the code to handle when these breakpoints fire, so has no guest-visible effect.) Signed-off-by: Peter Maydell Message-id: 1410523465-13400-2-git-send-email-peter.maydell@linaro.org --- target-arm/cpu.c | 1 + 1 file changed, 1 insertion(+) (limited to 'target-arm/cpu.c') diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 407f977742..6ab0e03dbd 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -185,6 +185,7 @@ static void arm_cpu_reset(CPUState *s) } #endif + hw_breakpoint_update_all(cpu); hw_watchpoint_update_all(cpu); } -- cgit 1.4.1 From c0f4af171999eda4e49de5169906ce98246457f0 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 29 Sep 2014 18:48:48 +0100 Subject: target-arm: Don't handle c15_cpar changes via tb_flush() At the moment we try to handle c15_cpar with the strategy of: * emit generated code which makes assumptions about its value * when the register value changes call tb_flush() to throw away the now-invalid generated code This works because XScale CPUs are always uniprocessor, but it's confusing because it suggests that the same approach can be taken for other registers. It also means we do a tb_flush() on CPU reset, which makes multithreaded linux-user binaries even more likely to fail than would otherwise be the case. Replace it with a combination of TB flags for the access checks done on cp0/cp1 for the XScale and iwMMXt instructions, plus a runtime check for cp2..cp13 coprocessor accesses. Signed-off-by: Peter Maydell Message-id: 1411056959-23070-1-git-send-email-peter.maydell@linaro.org --- target-arm/cpu.c | 5 ----- target-arm/cpu.h | 9 +++++++++ target-arm/helper.c | 7 +------ target-arm/op_helper.c | 11 +++++++++++ target-arm/translate.c | 40 +++++++++++++++++++++------------------- target-arm/translate.h | 2 ++ 6 files changed, 44 insertions(+), 30 deletions(-) (limited to 'target-arm/cpu.c') diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 6ab0e03dbd..248778d57a 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -173,11 +173,6 @@ static void arm_cpu_reset(CPUState *s) set_float_detect_tininess(float_tininess_before_rounding, &env->vfp.standard_fp_status); tlb_flush(s, 1); - /* Reset is a state change for some CPUARMState fields which we - * bake assumptions about into translated code, so we need to - * tb_flush(). - */ - tb_flush(env); #ifndef CONFIG_USER_ONLY if (kvm_enabled()) { diff --git a/target-arm/cpu.h b/target-arm/cpu.h index fa6ae0acc3..7bd3af9c07 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -1224,6 +1224,11 @@ static inline bool arm_singlestep_active(CPUARMState *env) #define ARM_TBFLAG_SS_ACTIVE_MASK (1 << ARM_TBFLAG_SS_ACTIVE_SHIFT) #define ARM_TBFLAG_PSTATE_SS_SHIFT 19 #define ARM_TBFLAG_PSTATE_SS_MASK (1 << ARM_TBFLAG_PSTATE_SS_SHIFT) +/* We store the bottom two bits of the CPAR as TB flags and handle + * checks on the other bits at runtime + */ +#define ARM_TBFLAG_XSCALE_CPAR_SHIFT 20 +#define ARM_TBFLAG_XSCALE_CPAR_MASK (3 << ARM_TBFLAG_XSCALE_CPAR_SHIFT) /* Bit usage when in AArch64 state */ #define ARM_TBFLAG_AA64_EL_SHIFT 0 @@ -1258,6 +1263,8 @@ static inline bool arm_singlestep_active(CPUARMState *env) (((F) & ARM_TBFLAG_SS_ACTIVE_MASK) >> ARM_TBFLAG_SS_ACTIVE_SHIFT) #define ARM_TBFLAG_PSTATE_SS(F) \ (((F) & ARM_TBFLAG_PSTATE_SS_MASK) >> ARM_TBFLAG_PSTATE_SS_SHIFT) +#define ARM_TBFLAG_XSCALE_CPAR(F) \ + (((F) & ARM_TBFLAG_XSCALE_CPAR_MASK) >> ARM_TBFLAG_XSCALE_CPAR_SHIFT) #define ARM_TBFLAG_AA64_EL(F) \ (((F) & ARM_TBFLAG_AA64_EL_MASK) >> ARM_TBFLAG_AA64_EL_SHIFT) #define ARM_TBFLAG_AA64_FPEN(F) \ @@ -1335,6 +1342,8 @@ static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, *flags |= ARM_TBFLAG_PSTATE_SS_MASK; } } + *flags |= (extract32(env->cp15.c15_cpar, 0, 2) + << ARM_TBFLAG_XSCALE_CPAR_SHIFT); } *cs_base = 0; diff --git a/target-arm/helper.c b/target-arm/helper.c index d246d36de4..dd9fca56f6 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -1714,12 +1714,7 @@ static const ARMCPRegInfo omap_cp_reginfo[] = { static void xscale_cpar_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - value &= 0x3fff; - if (env->cp15.c15_cpar != value) { - /* Changes cp0 to cp13 behavior, so needs a TB flush. */ - tb_flush(env); - env->cp15.c15_cpar = value; - } + env->cp15.c15_cpar = value & 0x3fff; } static const ARMCPRegInfo xscale_cp_reginfo[] = { diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index d0bcd97fbb..25243bd487 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -301,6 +301,17 @@ void HELPER(set_user_reg)(CPUARMState *env, uint32_t regno, uint32_t val) void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome) { const ARMCPRegInfo *ri = rip; + + if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14 + && extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) { + env->exception.syndrome = syndrome; + raise_exception(env, EXCP_UDEF); + } + + if (!ri->accessfn) { + return; + } + switch (ri->accessfn(env, ri)) { case CP_ACCESS_OK: return; diff --git a/target-arm/translate.c b/target-arm/translate.c index 2c0b1deaea..8a2994fcb4 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -7001,22 +7001,18 @@ static int disas_coproc_insn(CPUARMState * env, DisasContext *s, uint32_t insn) const ARMCPRegInfo *ri; cpnum = (insn >> 8) & 0xf; - if (arm_feature(env, ARM_FEATURE_XSCALE) - && ((env->cp15.c15_cpar ^ 0x3fff) & (1 << cpnum))) - return 1; - - /* First check for coprocessor space used for actual instructions */ - switch (cpnum) { - case 0: - case 1: - if (arm_feature(env, ARM_FEATURE_IWMMXT)) { - return disas_iwmmxt_insn(env, s, insn); - } else if (arm_feature(env, ARM_FEATURE_XSCALE)) { - return disas_dsp_insn(env, s, insn); - } - return 1; - default: - break; + + /* First check for coprocessor space used for XScale/iwMMXt insns */ + if (arm_feature(env, ARM_FEATURE_XSCALE) && (cpnum < 2)) { + if (extract32(s->c15_cpar, cpnum, 1) == 0) { + return 1; + } + if (arm_feature(env, ARM_FEATURE_IWMMXT)) { + return disas_iwmmxt_insn(env, s, insn); + } else if (arm_feature(env, ARM_FEATURE_XSCALE)) { + return disas_dsp_insn(env, s, insn); + } + return 1; } /* Otherwise treat as a generic register access */ @@ -7049,9 +7045,12 @@ static int disas_coproc_insn(CPUARMState * env, DisasContext *s, uint32_t insn) return 1; } - if (ri->accessfn) { + if (ri->accessfn || + (arm_feature(env, ARM_FEATURE_XSCALE) && cpnum < 14)) { /* Emit code to perform further access permissions checks at * runtime; this may result in an exception. + * Note that on XScale all cp0..c13 registers do an access check + * call in order to handle c15_cpar. */ TCGv_ptr tmpptr; TCGv_i32 tcg_syn; @@ -7675,9 +7674,11 @@ static void disas_arm_insn(CPUARMState * env, DisasContext *s) } else if ((insn & 0x0e000f00) == 0x0c000100) { if (arm_feature(env, ARM_FEATURE_IWMMXT)) { /* iWMMXt register transfer. */ - if (env->cp15.c15_cpar & (1 << 1)) - if (!disas_iwmmxt_insn(env, s, insn)) + if (extract32(s->c15_cpar, 1, 1)) { + if (!disas_iwmmxt_insn(env, s, insn)) { return; + } + } } } else if ((insn & 0x0fe00000) == 0x0c400000) { /* Coprocessor double register transfer. */ @@ -10942,6 +10943,7 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu, dc->vfp_enabled = ARM_TBFLAG_VFPEN(tb->flags); dc->vec_len = ARM_TBFLAG_VECLEN(tb->flags); dc->vec_stride = ARM_TBFLAG_VECSTRIDE(tb->flags); + dc->c15_cpar = ARM_TBFLAG_XSCALE_CPAR(tb->flags); dc->cp_regs = cpu->cp_regs; dc->current_pl = arm_current_pl(env); dc->features = env->features; diff --git a/target-arm/translate.h b/target-arm/translate.h index b90d27514d..85c6f9dcb2 100644 --- a/target-arm/translate.h +++ b/target-arm/translate.h @@ -52,6 +52,8 @@ typedef struct DisasContext { bool is_ldex; /* True if a single-step exception will be taken to the current EL */ bool ss_same_el; + /* Bottom two bits of XScale c15_cpar coprocessor access control reg */ + int c15_cpar; #define TMP_A64_MAX 16 int tmp_a64_count; TCGv_i64 tmp_a64[TMP_A64_MAX]; -- cgit 1.4.1 From 043b7f8d12dc922172cf7d570dc2854dbf81dcb3 Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Mon, 29 Sep 2014 18:48:49 +0100 Subject: target-arm: Break out exception masking to a separate func Reviewed-by: Greg Bellows Signed-off-by: Edgar E. Iglesias Message-id: 1411718914-6608-5-git-send-email-edgar.iglesias@gmail.com [PMM: updated to account for recent cpu-exec refactoring] Signed-off-by: Peter Maydell --- target-arm/cpu.c | 7 ++----- target-arm/cpu.h | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 5 deletions(-) (limited to 'target-arm/cpu.c') diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 248778d57a..b7cdcd7c7a 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -187,12 +187,10 @@ static void arm_cpu_reset(CPUState *s) bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request) { CPUClass *cc = CPU_GET_CLASS(cs); - ARMCPU *cpu = ARM_CPU(cs); - CPUARMState *env = &cpu->env; bool ret = false; if (interrupt_request & CPU_INTERRUPT_FIQ - && !(env->daif & PSTATE_F)) { + && arm_excp_unmasked(cs, EXCP_FIQ)) { cs->exception_index = EXCP_FIQ; cc->do_interrupt(cs); ret = true; @@ -207,8 +205,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request) We avoid this by disabling interrupts when pc contains a magic address. */ if (interrupt_request & CPU_INTERRUPT_HARD - && !(env->daif & PSTATE_I) - && (!IS_M(env) || env->regs[15] < 0xfffffff0)) { + && arm_excp_unmasked(cs, EXCP_IRQ)) { cs->exception_index = EXCP_IRQ; cc->do_interrupt(cs); ret = true; diff --git a/target-arm/cpu.h b/target-arm/cpu.h index a3ba624b74..cc2c2100b3 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -1172,6 +1172,21 @@ bool write_cpustate_to_list(ARMCPU *cpu); # define TARGET_VIRT_ADDR_SPACE_BITS 32 #endif +static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) +{ + CPUARMState *env = cs->env_ptr; + + switch (excp_idx) { + case EXCP_FIQ: + return !(env->daif & PSTATE_F); + case EXCP_IRQ: + return !(env->daif & PSTATE_I) + && (!IS_M(env) || env->regs[15] < 0xfffffff0); + default: + g_assert_not_reached(); + } +} + static inline CPUARMState *cpu_init(const char *cpu_model) { ARMCPU *cpu = cpu_arm_init(cpu_model); -- cgit 1.4.1 From 136e67e9b50b61fb03fedcea5c4fbe74cf44fdcc Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Mon, 29 Sep 2014 18:48:51 +0100 Subject: target-arm: Add support for VIRQ and VFIQ This only implements the external delivery method via the GIC. Acked-by: Greg Bellows Signed-off-by: Edgar E. Iglesias Message-id: 1411718914-6608-12-git-send-email-edgar.iglesias@gmail.com [PMM: adjusted following cpu-exec refactoring] Signed-off-by: Peter Maydell --- target-arm/cpu.c | 47 ++++++++++++++++++++++++++++++++++++----------- target-arm/cpu.h | 35 ++++++++++++++++++++++++++++++++--- target-arm/helper-a64.c | 2 ++ target-arm/helper.c | 4 ++++ target-arm/internals.h | 2 ++ 5 files changed, 76 insertions(+), 14 deletions(-) (limited to 'target-arm/cpu.c') diff --git a/target-arm/cpu.c b/target-arm/cpu.c index b7cdcd7c7a..8ab6d9532e 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -41,7 +41,9 @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value) static bool arm_cpu_has_work(CPUState *cs) { return cs->interrupt_request & - (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB); + (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD + | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ + | CPU_INTERRUPT_EXITTB); } static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque) @@ -210,6 +212,18 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request) cc->do_interrupt(cs); ret = true; } + if (interrupt_request & CPU_INTERRUPT_VIRQ + && arm_excp_unmasked(cs, EXCP_VIRQ)) { + cs->exception_index = EXCP_VIRQ; + cc->do_interrupt(cs); + ret = true; + } + if (interrupt_request & CPU_INTERRUPT_VFIQ + && arm_excp_unmasked(cs, EXCP_VFIQ)) { + cs->exception_index = EXCP_VFIQ; + cc->do_interrupt(cs); + ret = true; + } return ret; } @@ -218,21 +232,29 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request) static void arm_cpu_set_irq(void *opaque, int irq, int level) { ARMCPU *cpu = opaque; + CPUARMState *env = &cpu->env; CPUState *cs = CPU(cpu); + static const int mask[] = { + [ARM_CPU_IRQ] = CPU_INTERRUPT_HARD, + [ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ, + [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ, + [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ + }; switch (irq) { - case ARM_CPU_IRQ: - if (level) { - cpu_interrupt(cs, CPU_INTERRUPT_HARD); - } else { - cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); + case ARM_CPU_VIRQ: + case ARM_CPU_VFIQ: + if (!arm_feature(env, ARM_FEATURE_EL2)) { + hw_error("%s: Virtual interrupt line %d with no EL2 support\n", + __func__, irq); } - break; + /* fall through */ + case ARM_CPU_IRQ: case ARM_CPU_FIQ: if (level) { - cpu_interrupt(cs, CPU_INTERRUPT_FIQ); + cpu_interrupt(cs, mask[irq]); } else { - cpu_reset_interrupt(cs, CPU_INTERRUPT_FIQ); + cpu_reset_interrupt(cs, mask[irq]); } break; default: @@ -282,9 +304,12 @@ static void arm_cpu_initfn(Object *obj) #ifndef CONFIG_USER_ONLY /* Our inbound IRQ and FIQ lines */ if (kvm_enabled()) { - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 2); + /* VIRQ and VFIQ are unused with KVM but we add them to maintain + * the same interface as non-KVM CPUs. + */ + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 4); } else { - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 2); + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 4); } cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE, diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 11ba9d6c02..65a3417951 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -54,6 +54,8 @@ #define EXCP_HVC 11 /* HyperVisor Call */ #define EXCP_HYP_TRAP 12 #define EXCP_SMC 13 /* Secure Monitor Call */ +#define EXCP_VIRQ 14 +#define EXCP_VFIQ 15 #define ARMV7M_EXCP_RESET 1 #define ARMV7M_EXCP_NMI 2 @@ -68,6 +70,8 @@ /* ARM-specific interrupt pending bits. */ #define CPU_INTERRUPT_FIQ CPU_INTERRUPT_TGT_EXT_1 +#define CPU_INTERRUPT_VIRQ CPU_INTERRUPT_TGT_EXT_2 +#define CPU_INTERRUPT_VFIQ CPU_INTERRUPT_TGT_EXT_3 /* The usual mapping for an AArch64 system register to its AArch32 * counterpart is for the 32 bit world to have access to the lower @@ -83,9 +87,11 @@ #define offsetofhigh32(S, M) (offsetof(S, M) + sizeof(uint32_t)) #endif -/* Meanings of the ARMCPU object's two inbound GPIO lines */ +/* Meanings of the ARMCPU object's four inbound GPIO lines */ #define ARM_CPU_IRQ 0 #define ARM_CPU_FIQ 1 +#define ARM_CPU_VIRQ 2 +#define ARM_CPU_VFIQ 3 typedef void ARMWriteCPFunc(void *opaque, int cp_info, int srcreg, int operand, uint32_t value); @@ -1184,6 +1190,18 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) bool secure = false; /* If in EL1/0, Physical IRQ routing to EL2 only happens from NS state. */ bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2; + /* ARMv7-M interrupt return works by loading a magic value + * into the PC. On real hardware the load causes the + * return to occur. The qemu implementation performs the + * jump normally, then does the exception return when the + * CPU tries to execute code at the magic address. + * This will cause the magic PC value to be pushed to + * the stack if an interrupt occurred at the wrong time. + * We avoid this by disabling interrupts when + * pc contains a magic address. + */ + bool irq_unmasked = !(env->daif & PSTATE_I) + && (!IS_M(env) || env->regs[15] < 0xfffffff0); /* Don't take exceptions if they target a lower EL. */ if (cur_el > target_el) { @@ -1200,8 +1218,19 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) { return true; } - return !(env->daif & PSTATE_I) - && (!IS_M(env) || env->regs[15] < 0xfffffff0); + return irq_unmasked; + case EXCP_VFIQ: + if (!secure && !(env->cp15.hcr_el2 & HCR_FMO)) { + /* VFIQs are only taken when hypervized and non-secure. */ + return false; + } + return !(env->daif & PSTATE_F); + case EXCP_VIRQ: + if (!secure && !(env->cp15.hcr_el2 & HCR_IMO)) { + /* VIRQs are only taken when hypervized and non-secure. */ + return false; + } + return irq_unmasked; default: g_assert_not_reached(); } diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c index 0011488ec3..8228e29486 100644 --- a/target-arm/helper-a64.c +++ b/target-arm/helper-a64.c @@ -482,9 +482,11 @@ void aarch64_cpu_do_interrupt(CPUState *cs) env->cp15.esr_el[new_el] = env->exception.syndrome; break; case EXCP_IRQ: + case EXCP_VIRQ: addr += 0x80; break; case EXCP_FIQ: + case EXCP_VFIQ: addr += 0x100; break; default: diff --git a/target-arm/helper.c b/target-arm/helper.c index 6135594252..2669e15cb8 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3804,6 +3804,10 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx) } break; } + case EXCP_VIRQ: + case EXCP_VFIQ: + target_el = 1; + break; default: target_el = MAX(cur_el, 1); break; diff --git a/target-arm/internals.h b/target-arm/internals.h index 1486595916..b7547bbb76 100644 --- a/target-arm/internals.h +++ b/target-arm/internals.h @@ -56,6 +56,8 @@ static const char * const excnames[] = { [EXCP_HVC] = "Hypervisor Call", [EXCP_HYP_TRAP] = "Hypervisor Trap", [EXCP_SMC] = "Secure Monitor Call", + [EXCP_VIRQ] = "Virtual IRQ", + [EXCP_VFIQ] = "Virtual FIQ", }; static inline void arm_log_exception(int idx) -- cgit 1.4.1