Commit 5619c179 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170731' into staging 



target-arm queue:
 * fix broken properties on MPS2 SCC device
 * fix MPU trace handling of write vs exec
 * fix MPU M profile bugs:
   - not handling system space or PPB region correctly
   - not resetting state
   - not migrating MPU_RNR

# gpg: Signature made Mon 31 Jul 2017 13:21:40 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20170731:
  hw/mps2_scc: fix incorrect properties
  target/arm: Migrate MPU_RNR register state for M profile cores
  target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
  target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
  target/arm: Don't allow guest to make System space executable for M profile
  target/arm: Don't do MPU lookups for addresses in M profile PPB region
  target/arm: Correct MPU trace handling of write vs execute

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents bdf211f8 89cbc377

hw/intc/armv7m_nvic.c

+7 −7
Original line number Diff line number Diff line
@@ -536,13 +536,13 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset) 
    case 0xd94: /* MPU_CTRL */

        return cpu->env.v7m.mpu_ctrl;

    case 0xd98: /* MPU_RNR */

        return cpu->env.cp15.c6_rgnr;

        return cpu->env.pmsav7.rnr;

    case 0xd9c: /* MPU_RBAR */

    case 0xda4: /* MPU_RBAR_A1 */

    case 0xdac: /* MPU_RBAR_A2 */

    case 0xdb4: /* MPU_RBAR_A3 */

    {

        int region = cpu->env.cp15.c6_rgnr;

        int region = cpu->env.pmsav7.rnr;



        if (region >= cpu->pmsav7_dregion) {

            return 0;
@@ -554,7 +554,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset) 
    case 0xdb0: /* MPU_RASR_A2 */

    case 0xdb8: /* MPU_RASR_A3 */

    {

        int region = cpu->env.cp15.c6_rgnr;

        int region = cpu->env.pmsav7.rnr;



        if (region >= cpu->pmsav7_dregion) {

            return 0;
@@ -681,7 +681,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) 
                          PRIu32 "/%" PRIu32 "\n",

                          value, cpu->pmsav7_dregion);

        } else {

            cpu->env.cp15.c6_rgnr = value;

            cpu->env.pmsav7.rnr = value;

        }

        break;

    case 0xd9c: /* MPU_RBAR */
@@ -702,9 +702,9 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) 
                              region, cpu->pmsav7_dregion);

                return;

            }

            cpu->env.cp15.c6_rgnr = region;

            cpu->env.pmsav7.rnr = region;

        } else {

            region = cpu->env.cp15.c6_rgnr;

            region = cpu->env.pmsav7.rnr;

        }



        if (region >= cpu->pmsav7_dregion) {
@@ -720,7 +720,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value) 
    case 0xdb0: /* MPU_RASR_A2 */

    case 0xdb8: /* MPU_RASR_A3 */

    {

        int region = cpu->env.cp15.c6_rgnr;

        int region = cpu->env.pmsav7.rnr;



        if (region >= cpu->pmsav7_dregion) {

            return;

hw/misc/mps2-scc.c

+2 −2
Original line number Diff line number Diff line
@@ -270,9 +270,9 @@ static Property mps2_scc_properties[] = { 
    /* Values for various read-only ID registers (which are specific

     * to the board model or FPGA image)

     */

    DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, aid, 0),

    DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, cfg4, 0),

    DEFINE_PROP_UINT32("scc-aid", MPS2SCC, aid, 0),

    DEFINE_PROP_UINT32("scc-id", MPS2SCC, aid, 0),

    DEFINE_PROP_UINT32("scc-id", MPS2SCC, id, 0),

    /* These are the initial settings for the source clocks on the board.

     * In hardware they can be configured via a config file read by the

     * motherboard configuration controller to suit the FPGA image.

target/arm/cpu.c

+14 −0
Original line number Diff line number Diff line
@@ -232,6 +232,20 @@ static void arm_cpu_reset(CPUState *s) 


    env->vfp.xregs[ARM_VFP_FPEXC] = 0;

#endif



    if (arm_feature(env, ARM_FEATURE_PMSA) &&

        arm_feature(env, ARM_FEATURE_V7)) {

        if (cpu->pmsav7_dregion > 0) {

            memset(env->pmsav7.drbar, 0,

                   sizeof(*env->pmsav7.drbar) * cpu->pmsav7_dregion);

            memset(env->pmsav7.drsr, 0,

                   sizeof(*env->pmsav7.drsr) * cpu->pmsav7_dregion);

            memset(env->pmsav7.dracr, 0,

                   sizeof(*env->pmsav7.dracr) * cpu->pmsav7_dregion);

        }

        env->pmsav7.rnr = 0;

    }



    set_flush_to_zero(1, &env->vfp.standard_fp_status);

    set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);

    set_default_nan_mode(1, &env->vfp.standard_fp_status);

target/arm/cpu.h

+1 −2
Original line number Diff line number Diff line
@@ -305,8 +305,6 @@ typedef struct CPUARMState { 
            uint64_t par_el[4];

        };



        uint32_t c6_rgnr;



        uint32_t c9_insn; /* Cache lockdown registers.  */

        uint32_t c9_data;

        uint64_t c9_pmcr; /* performance monitor control register */
@@ -519,6 +517,7 @@ typedef struct CPUARMState { 
        uint32_t *drbar;

        uint32_t *drsr;

        uint32_t *dracr;

        uint32_t rnr;

    } pmsav7;



    void *nvic;

target/arm/helper.c

+48 −23
Original line number Diff line number Diff line
@@ -2385,7 +2385,7 @@ static uint64_t pmsav7_read(CPUARMState *env, const ARMCPRegInfo *ri) 
        return 0;

    }



    u32p += env->cp15.c6_rgnr;

    u32p += env->pmsav7.rnr;

    return *u32p;

}
@@ -2399,23 +2399,11 @@ static void pmsav7_write(CPUARMState *env, const ARMCPRegInfo *ri, 
        return;

    }



    u32p += env->cp15.c6_rgnr;

    u32p += env->pmsav7.rnr;

    tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */

    *u32p = value;

}



static void pmsav7_reset(CPUARMState *env, const ARMCPRegInfo *ri)

{

    ARMCPU *cpu = arm_env_get_cpu(env);

    uint32_t *u32p = *(uint32_t **)raw_ptr(env, ri);



    if (!u32p) {

        return;

    }



    memset(u32p, 0, sizeof(*u32p) * cpu->pmsav7_dregion);

}



static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri,

                              uint64_t value)

{
@@ -2433,22 +2421,30 @@ static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri, 
}



static const ARMCPRegInfo pmsav7_cp_reginfo[] = {

    /* Reset for all these registers is handled in arm_cpu_reset(),

     * because the PMSAv7 is also used by M-profile CPUs, which do

     * not register cpregs but still need the state to be reset.

     */

    { .name = "DRBAR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 0,

      .access = PL1_RW, .type = ARM_CP_NO_RAW,

      .fieldoffset = offsetof(CPUARMState, pmsav7.drbar),

      .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },

      .readfn = pmsav7_read, .writefn = pmsav7_write,

      .resetfn = arm_cp_reset_ignore },

    { .name = "DRSR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 2,

      .access = PL1_RW, .type = ARM_CP_NO_RAW,

      .fieldoffset = offsetof(CPUARMState, pmsav7.drsr),

      .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },

      .readfn = pmsav7_read, .writefn = pmsav7_write,

      .resetfn = arm_cp_reset_ignore },

    { .name = "DRACR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 4,

      .access = PL1_RW, .type = ARM_CP_NO_RAW,

      .fieldoffset = offsetof(CPUARMState, pmsav7.dracr),

      .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },

      .readfn = pmsav7_read, .writefn = pmsav7_write,

      .resetfn = arm_cp_reset_ignore },

    { .name = "RGNR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 2, .opc2 = 0,

      .access = PL1_RW,

      .fieldoffset = offsetof(CPUARMState, cp15.c6_rgnr),

      .writefn = pmsav7_rgnr_write },

      .fieldoffset = offsetof(CPUARMState, pmsav7.rnr),

      .writefn = pmsav7_rgnr_write,

      .resetfn = arm_cp_reset_ignore },

    REGINFO_SENTINEL

};
@@ -8244,6 +8240,21 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, 
    }

}



static inline bool m_is_ppb_region(CPUARMState *env, uint32_t address)

{

    /* True if address is in the M profile PPB region 0xe0000000 - 0xe00fffff */

    return arm_feature(env, ARM_FEATURE_M) &&

        extract32(address, 20, 12) == 0xe00;

}



static inline bool m_is_system_region(CPUARMState *env, uint32_t address)

{

    /* True if address is in the M profile system region

     * 0xe0000000 - 0xffffffff

     */

    return arm_feature(env, ARM_FEATURE_M) && extract32(address, 29, 3) == 0x7;

}



static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,

                                 int access_type, ARMMMUIdx mmu_idx,

                                 hwaddr *phys_ptr, int *prot, uint32_t *fsr)
@@ -8255,7 +8266,15 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, 
    *phys_ptr = address;

    *prot = 0;



    if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */

    if (regime_translation_disabled(env, mmu_idx) ||

        m_is_ppb_region(env, address)) {

        /* MPU disabled or M profile PPB access: use default memory map.

         * The other case which uses the default memory map in the

         * v7M ARM ARM pseudocode is exception vector reads from the vector

         * table. In QEMU those accesses are done in arm_v7m_load_vector(),

         * which always does a direct read using address_space_ldl(), rather

         * than going via this function, so we don't need to check that here.

         */

        get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);

    } else { /* MPU enabled */

        for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
@@ -8339,6 +8358,12 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, 
            get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);

        } else { /* a MPU hit! */

            uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);

            uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);



            if (m_is_system_region(env, address)) {

                /* System space is always execute never */

                xn = 1;

            }



            if (is_user) { /* User mode AP bit decoding */

                switch (ap) {
@@ -8379,7 +8404,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, 
            }



            /* execute never */

            if (env->pmsav7.dracr[n] & (1 << 12)) {

            if (xn) {

                *prot &= ~PAGE_EXEC;

            }

        }
@@ -8558,8 +8583,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, 
                                   phys_ptr, prot, fsr);

        qemu_log_mask(CPU_LOG_MMU, "PMSAv7 MPU lookup for %s at 0x%08" PRIx32

                      " mmu_idx %u -> %s (prot %c%c%c)\n",

                      access_type == 1 ? "reading" :

                      (access_type == 2 ? "writing" : "execute"),

                      access_type == MMU_DATA_LOAD ? "reading" :

                      (access_type == MMU_DATA_STORE ? "writing" : "execute"),

                      (uint32_t)address, mmu_idx,

                      ret ? "Miss" : "Hit",

                      *prot & PAGE_READ ? 'r' : '-',