[Qemu-devel] [PATCH] qtest: add register fuzzing to RTC test
Signed-off-by: Blue Swirl blauwir...@gmail.com
---
tests/rtc-test.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/tests/rtc-test.c b/tests/rtc-test.c
index 983a980..f23ac3a 100644
--- a/tests/rtc-test.c
+++ b/tests/rtc-test.c
@@ -240,6 +240,22 @@ static void alarm_time(void)
g_assert(cmos_read(RTC_REG_C) == 0);
}
+/* success if no crash or abort */
+static void fuzz_registers(void)
+{
+unsigned int i;
+
+for (i = 0; i 1000; i++) {
+uint8_t reg, val;
+
+reg = (uint8_t)g_test_rand_int_range(0, 16);
+val = (uint8_t)g_test_rand_int_range(0, 256);
+
+cmos_write(reg, val);
+cmos_read(reg);
+}
+}
+
int main(int argc, char **argv)
{
QTestState *s = NULL;
@@ -253,6 +269,7 @@ int main(int argc, char **argv)
qtest_add_func(/rtc/bcd/check-time, bcd_check_time);
qtest_add_func(/rtc/dec/check-time, dec_check_time);
qtest_add_func(/rtc/alarm-time, alarm_time);
+qtest_add_func(/rtc/fuzz-registers, fuzz_registers);
ret = g_test_run();
if (s) {
--
1.7.10
Re: [Qemu-devel] [PATCH 3/3] virtio_balloon: Bugfixes for PAGE_SIZE != 4k
On Fri, Apr 13, 2012 at 01:12:11PM +1000, David Gibson wrote: On Thu, Apr 12, 2012 at 01:14:06PM +0300, Michael S. Tsirkin wrote: On Thu, Apr 12, 2012 at 03:36:35PM +1000, David Gibson wrote: [snip] Good catch! Unfortunately I find the approach a bit convoluted. It also looks like when host asks for 5 balloon pages you interpret this as 0 where 16 is probably saner on a 64K system. Hm, true. Although qemu at least actuall operates in units of megabytes on the balloon, so I doubt it matters much in practice. I think it's easier if we just keep doing math in balloon pages. I also get confused by shift operations, IMO / and * are clearer where they are applicable. Something like the below would make more sense I think. Sure. I thught working in local pages was clearer, but I don't really care. I also wrote up a detailed commit log, so we have the bugs and the expected consequences listed explicitly. I'm out of time for this week - so completely untested, sorry. Maybe you could try this out? That would be great. Thanks! Your patch has numerous syntax errors, but once those are fixed seems to work fine with a 64k ppc64 kernel. Fixed version below. I did add one comment, to note that with this change the num_pages field in the vb is no longer the same as the number of elements in the pages list. Nothing in the code relies on that, but it would probably be the first assumption of someone looking at the structure definition. Good point. Although this really applies to all other memory counters as well, so I put this at top of the file. Please apply. Patch applied, thanks very much for the testing!
Re: [Qemu-devel] qemu 1.0 breaks PCI on NetBSD (bisected)
On 04/14/2012 05:48 PM, Michael Tokarev wrote: On 14.04.2012 18:32, Michael Tokarev wrote: On 14.04.2012 18:17, Michael Tokarev wrote: Something in between 0.15 and 1.0 releases of qemu broke all NetBSD PCI functions. This is visible in the lack of any network devices in a NetBSD guest, but actually there's no PCI devices at all -- e.g. disk is being assessed using legacy ways. Bisection shows this commit as guilty: commit d0ed8076cbdc26138a7e33fed5e45a35d019a103 Author: Avi Kivity a...@redhat.com Date: Sun Jul 24 17:47:18 2011 +0300 pci_host: convert conf index and data ports to memory API Reviewed-by: Richard Henderson r...@twiddle.net Signed-off-by: Avi Kivity a...@redhat.com Is there something wrong with this commit or maybe with NetBSD? The interesting thing here is that so far, apparently, only NetBSD is affected, even other variants of *BSD works fine... Okay, this has been fixed in 1.0.1, as discussed in this thread: http://thread.gmane.org/gmane.comp.emulators.qemu/130695 but there's still an error somewhere... Current git version does not work again, with exactly the same sympthoms... Digging further... Because neither current git nor stable 1.0.1 picked up this patch apparently. So we've broken netbsd since 1.0 Oh well... :( Should it be included, finally? I'll send a pull request. -- error compiling committee.c: too many arguments to function
Re: [Qemu-devel] [PATCH master/stable-1.0] pci: fix corrupted pci conf index register by unaligned write
On Sat, Apr 14, 2012 at 07:15:31PM +0400, Michael Tokarev wrote: Ping? Its been 4 months ago, and NetBSD still can't be booted in qemu... I understand this can be done differently, but the patch in question changed behavour and it caused a visible regression, so let's fix this regression by restoring previous working behavour and start thinking how it should be made better after that... okay? ;) Thank you! I agree. Applied, thanks to everyone.
Re: [Qemu-devel] [PATCH 7/7 v5] VMXNET3 paravirtualized device implementation Interface type vmxnet3 added.
On Wed, Apr 11, 2012 at 10:10 PM, Anthony Liguori anth...@codemonkey.ws wrote: On 04/11/2012 02:08 PM, Paolo Bonzini wrote: Il 11/04/2012 19:25, Anthony Liguori ha scritto: Off the top of my head: issues with v5: polluting global namespace, must scope names appropriately with vmxnet_ VMXNET_ unless they have file scope. Don't use names with _ followed by an upper case letter or that star with two underscores. Don't mix underscores and mixed case. Don't stick any new types in net.c/pci.c - new devices should use -device not -net. Global stuff like ethernet header size should move to central place instead of copy paste. I'd like to see qtest test cases for this too. I think as things stand it is a bit too much to request this. You're basically asking to write a libos. The only functionality you need is PCI device enumeration which is pretty much dead simple. What other functions would you need a libos for? Regards, Anthony Liguori Paolo Regarding the testing - we ran WHQL networking tests on the device. If we provide the logs will it be sufficient? I believe the test coverage is much more comprehensive than anything that we will do with qtest. Best regards, Yan.
Re: [Qemu-devel] [PATCH master/stable-1.0] pci: fix corrupted pci conf index register by unaligned write
On 04/15/2012 12:11 PM, Michael S. Tsirkin wrote: On Sat, Apr 14, 2012 at 07:15:31PM +0400, Michael Tokarev wrote: Ping? Its been 4 months ago, and NetBSD still can't be booted in qemu... I understand this can be done differently, but the patch in question changed behavour and it caused a visible regression, so let's fix this regression by restoring previous working behavour and start thinking how it should be made better after that... okay? ;) Thank you! I agree. Applied, thanks to everyone. Ok, not sending my own pull request. -- error compiling committee.c: too many arguments to function
Re: [Qemu-devel] DOS VM problem with QEMU-KVM and newer kernels
On 04/12/2012 09:32 PM, Gerhard Wiesinger wrote: Hello, I'm having problems with recents kernels and qemu-kvm with a DOS VM: TD286 System: Bad selector: 0007 System: Bad selector: 0D87 System: Bad selector: 001F System: Bad selector: 0007 GP at 0020 21D4 EC 0DC4 Error 269 loading D:\BP\BIN\TD286.EXE into extended memory Another 286 DOS Extender application also rises a general protection fault: GP at 0020 18A1 CODE 357C Doesn't depend on the used DOS memory manager and is always reproduceable. Depends only on kernel version and not qemu-kvm and seabios (tried to bisect it without success): # NOK: Linux 3.3.1-3.fc16.x86_64 #1 SMP Wed Apr 4 18:08:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # NOK: Linux 3.2.10-3.fc16.x86_64 #1 SMP Thu Mar 15 19:39:46 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # OK: Linux 3.1.9-1.fc16.x86_64 #1 SMP Fri Jan 13 16:37:42 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # OK: Linux 2.6.41.9-1.fc15.x86_64 #1 SMP Fri Jan 13 16:46:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux CPU is an AMD one. Any ideas how to fix it again? Any switches which might help? The trigger is probably commit f1c1da2bde712812a3e0f9a7a7ebe7a916a4b5f4 Author: Jan Kiszka jan.kis...@siemens.com Date: Tue Oct 18 18:23:11 2011 +0200 KVM: SVM: Keep intercepting task switching with NPT enabled AMD processors apparently have a bug in the hardware task switching support when NPT is enabled. If the task switch triggers a NPF, we can get wrong EXITINTINFO along with that fault. On resume, spurious exceptions may then be injected into the guest. We were able to reproduce this bug when our guest triggered #SS and the handler were supposed to run over a separate task with not yet touched stack pages. Work around the issue by continuing to emulate task switches even in NPT mode. Signed-off-by: Jan Kiszka jan.kis...@siemens.com Signed-off-by: Marcelo Tosatti mtosa...@redhat.com Although it's not the patch's direct fault - it simply exposed an existing bug in kvm. Things to try: - revert the patch with a newer kernel - try 3.4-rc2 which has some task switch fixes from Kevin; if you want a Fedora kernel, use rawhide's [2] - post traces [1] Jan, Joerg, was an AMD erratum published for the bug? [1] http://www.linux-kvm.org/page/Tracing [2] http://mirrors.kernel.org/fedora/development/rawhide/x86_64/os/Packages/k/kernel-3.4.0-0.rc2.git2.1.fc18.x86_64.rpm -- error compiling committee.c: too many arguments to function
Re: [Qemu-devel] [PATCH 2/3] pseries: Use more conventional PCI interrupt swizzling
On Mon, Apr 02, 2012 at 02:17:36PM +1000, David Gibson wrote:
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq
allocation - one per slot up to a maximum that's greater than the usual 4.
This scheme more or less worked, because we were able to tell the guest the
irq mapping in the device tree, however it's nonstandard and may break
assumptions in the future. Worse, the array used to construct the dev
tree interrupt map was mis-sized, we got away with it only because it
happened that our SPAPR_PCI_NUM_LSI value was greater than 7.
This patch changes the pseries PCI code to use the normal PCI interrupt
swizzling scheme instead,
I don't see anything wrong with the code - I assume someone
who applies this knows about real hardware and can check that
it behaves as emulated here.
But I don't remember any standard scheme except for bridge devices,
and this isn't one, is it? Care to clarify?
and corrects allocation of the irq map.
Cc: Michael S. Tsirkin m...@redhat.com
Signed-off-by: David Gibson da...@gibson.dropbear.id.au
---
hw/spapr_pci.c | 49 -
hw/spapr_pci.h |5 ++---
2 files changed, 30 insertions(+), 24 deletions(-)
diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index 1cf84e7..b8a0313 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -198,16 +198,20 @@ static void rtas_write_pci_config(sPAPREnvironment
*spapr,
finish_write_pci_config(spapr, 0, addr, size, val, rets);
}
+static int pci_swizzle(int slot, int pin)
+{
+return (slot + pin) % PCI_NUM_PINS;
+}
+
Rename pci_spapr_swizzle pls. Or just open-code.
static int pci_spapr_map_irq(PCIDevice *pci_dev, int irq_num)
{
/*
* Here we need to convert pci_dev + irq_num to some unique value
- * which is less than number of IRQs on the specific bus (now it
- * is 16). At the moment irq_num == device_id (number of the
- * slot?)
- * FIXME: we should swizzle in fn and irq_num
+ * which is less than number of IRQs on the specific bus (4). We
+ * use standard PCI swizzling, that is (slot number + pin number)
+ * % 4.
*/
-return (pci_dev-devfn 3) % SPAPR_PCI_NUM_LSI;
+return pci_swizzle(PCI_SLOT(pci_dev-devfn), irq_num);
}
static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
@@ -304,13 +308,13 @@ static int spapr_phb_init(SysBusDevice *s)
phb-busname ? phb-busname : phb-dtbusname,
pci_spapr_set_irq, pci_spapr_map_irq, phb,
phb-memspace, phb-iospace,
- PCI_DEVFN(0, 0), SPAPR_PCI_NUM_LSI);
+ PCI_DEVFN(0, 0), PCI_NUM_PINS);
phb-host_state.bus = bus;
QLIST_INSERT_HEAD(spapr-phbs, phb, list);
/* Initialize the LSI table */
-for (i = 0; i SPAPR_PCI_NUM_LSI; i++) {
+for (i = 0; i PCI_NUM_PINS; i++) {
qemu_irq qirq;
uint32_t num;
@@ -392,8 +396,7 @@ int spapr_populate_pci_devices(sPAPRPHBState *phb,
uint32_t xics_phandle,
void *fdt)
{
-PCIBus *bus = phb-host_state.bus;
-int bus_off, i;
+int bus_off, i, j;
char nodename[256];
uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
struct {
@@ -415,8 +418,8 @@ int spapr_populate_pci_devices(sPAPRPHBState *phb,
};
uint64_t bus_reg[] = { cpu_to_be64(phb-buid), 0 };
uint32_t interrupt_map_mask[] = {
-cpu_to_be32(b_d(-1)|b_fff(0)), 0x0, 0x0, 0x0};
-uint32_t interrupt_map[bus-nirq][7];
+cpu_to_be32(b_d(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
+uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
/* Start populating the FDT */
sprintf(nodename, pci@% PRIx64, phb-buid);
@@ -450,19 +453,23 @@ int spapr_populate_pci_devices(sPAPRPHBState *phb,
*/
_FDT(fdt_setprop(fdt, bus_off, interrupt-map-mask,
interrupt_map_mask, sizeof(interrupt_map_mask)));
-for (i = 0; i 7; i++) {
-uint32_t *irqmap = interrupt_map[i];
-irqmap[0] = cpu_to_be32(b_d(i)|b_fff(0));
-irqmap[1] = 0;
-irqmap[2] = 0;
-irqmap[3] = 0;
-irqmap[4] = cpu_to_be32(xics_phandle);
-irqmap[5] = cpu_to_be32(phb-lsi_table[i %
SPAPR_PCI_NUM_LSI].dt_irq);
-irqmap[6] = cpu_to_be32(0x8);
+for (i = 0; i PCI_SLOT_MAX; i++) {
+for (j = 0; j PCI_NUM_PINS; j++) {
+uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
+int lsi_num = pci_swizzle(i, j);
+
+irqmap[0] = cpu_to_be32(b_d(i)|b_fff(0));
+irqmap[1] = 0;
+irqmap[2] = 0;
+irqmap[3] = cpu_to_be32(j+1);
+irqmap[4] = cpu_to_be32(xics_phandle);
+irqmap[5] =
Re: [Qemu-devel] [PATCH 1/3] pseries: Fix RTAS based config access
On Mon, Apr 02, 2012 at 02:17:35PM +1000, David Gibson wrote:
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin m...@redhat.com
No objections from me :) But pls note I have no idea about RTAS.
Noted a couple of apparent typos below.
Signed-off-by: David Gibson da...@gibson.dropbear.id.au
---
hw/spapr_pci.c | 117 +--
1 files changed, 79 insertions(+), 38 deletions(-)
diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index e7ef551..1cf84e7 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -57,26 +57,38 @@ static PCIDevice *find_dev(sPAPREnvironment *spapr,
static uint32_t rtas_pci_cfgaddr(uint32_t arg)
{
+/* This handles the encoding of extended config space addresses */
return ((arg 20) 0xf00) | (arg 0xff);
}
-static uint32_t rtas_read_pci_config_do(PCIDevice *pci_dev, uint32_t addr,
-uint32_t limit, uint32_t len)
+static void finish_read_pci_config(sPAPREnvironment *spapr, uint64_t buid,
+ uint32_t addr, uint32_t size,
+ target_ulong rets)
{
-if ((addr + len) = limit) {
-return pci_host_config_read_common(pci_dev, addr, limit, len);
-} else {
-return ~0x0;
+PCIDevice *pci_dev;
+uint32_t val;
+
+if ((size != 1) (size != 2) (size != 4)) {
+/* access must be 1, 2 oe 4 bytes */
oe - or?
+rtas_st(rets, 0, -1);
+return;
}
-}
-static void rtas_write_pci_config_do(PCIDevice *pci_dev, uint32_t addr,
- uint32_t limit, uint32_t val,
- uint32_t len)
-{
-if ((addr + len) = limit) {
-pci_host_config_write_common(pci_dev, addr, limit, val, len);
+pci_dev = find_dev(spapr, buid, addr);
+addr = rtas_pci_cfgaddr(addr);
+
+if (!pci_dev || (addr % size) || (addr = pci_config_size(pci_dev))) {
+/* Access must be to a valid device, within bounds and
+ * naturally aligned */
+rtas_st(rets, 0, -1);
+return;
}
+
+val = pci_host_config_read_common(pci_dev, addr,
+ pci_config_size(pci_dev), size);
+
+rtas_st(rets, 0, 0);
+rtas_st(rets, 1, val);
}
static void rtas_ibm_read_pci_config(sPAPREnvironment *spapr,
@@ -84,19 +96,19 @@ static void rtas_ibm_read_pci_config(sPAPREnvironment
*spapr,
target_ulong args,
uint32_t nret, target_ulong rets)
{
-uint32_t val, size, addr;
-uint64_t buid = ((uint64_t)rtas_ld(args, 1) 32) | rtas_ld(args, 2);
-PCIDevice *dev = find_dev(spapr, buid, rtas_ld(args, 0));
+uint64_t buid;
+uint32_t size, addr;
-if (!dev) {
+if ((nargs != 4) || (nret != 2)) {
rtas_st(rets, 0, -1);
return;
}
+
+buid = ((uint64_t)rtas_ld(args, 1) 32) | rtas_ld(args, 2);
size = rtas_ld(args, 3);
-addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-val = rtas_read_pci_config_do(dev, addr, pci_config_size(dev), size);
-rtas_st(rets, 0, 0);
-rtas_st(rets, 1, val);
+addr = rtas_ld(args, 0);
+
+finish_read_pci_config(spapr, buid, addr, size, rets);
}
static void rtas_read_pci_config(sPAPREnvironment *spapr,
@@ -104,18 +116,45 @@ static void rtas_read_pci_config(sPAPREnvironment
*spapr,
target_ulong args,
uint32_t nret, target_ulong rets)
{
-uint32_t val, size, addr;
-PCIDevice *dev = find_dev(spapr, 0, rtas_ld(args, 0));
+uint32_t size, addr;
-if (!dev) {
+if ((nargs != 2) || (nret != 2)) {
rtas_st(rets, 0, -1);
return;
}
+
size = rtas_ld(args, 1);
-addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-val = rtas_read_pci_config_do(dev, addr, pci_config_size(dev), size);
+addr = rtas_ld(args, 0);
+
+finish_read_pci_config(spapr, 0, addr, size, rets);
+}
+
+static void finish_write_pci_config(sPAPREnvironment *spapr, uint64_t buid,
+uint32_t addr, uint32_t size,
+uint32_t val,
Re: [Qemu-devel] [PATCH v2 0/6] prep: some fixes and Super I/O emulation
On 4/14/12, Hervé Poussineau hpous...@reactos.org wrote: Hi, Patches 1 to 3 implement the pc87312 Super I/O chip. Nice. It looks pretty similar to the SuperIO chip used in Ultra-5. We could re-use it in our sun4u machine. Blue, what do you think? This patch has been tested on PReP emulation and on IBM 40p (not yet committed). Missing part is dynamic reconfiguration of devices (serial, parallel, floppy, IDE). Would it be difficult to implement it? Proprietary Firmware tries to reconfigure them during the initialization. Although it might be satisfied if expected aliases are provided. However, it is not strictly needed as initial configuration can be changed with a property. Patch 4 completes the qdev-ification of Raven PCI host, where INTA register was mistakenly left in PReP machine. Patches 5 and 6 fix PC speaker in PReP machine, which had never worked. This patchset is based on Andreas prep-up branch. Changes v1 - v2: - removed patches already committed to prep-up branch - removed patch which changes the default CPU of prep machine - changed patches 2/3 according to remarks of Paolo and Andreas - added patches 4 to 6 Hervé Poussineau (6): isa: add isa_bus_from_device() method prep: add pc87312 Super I/O emulation prep: use pc87312 Super I/O chip instead of collection of random ISA devices prep: move int-ack register from PReP to Raven PCI emulation pcspk: initialize PC speaker if compiled in prep: initialize pc speaker Makefile.objs |1 + arch_init.c |2 +- default-configs/ppc-softmmu.mak |2 + hw/isa.h|5 + hw/pc87312.c| 405 +++ hw/ppc_prep.c | 78 +--- hw/prep_pci.c | 14 ++ trace-events|8 + 8 files changed, 446 insertions(+), 69 deletions(-) create mode 100644 hw/pc87312.c -- 1.7.9.1 -- Regards, Artyom Tarasenko solaris/sparc under qemu blog: http://tyom.blogspot.com/search/label/qemu
Re: [Qemu-devel] [PATCH 2/3] pseries: Use more conventional PCI interrupt swizzling
On Sun, Apr 15, 2012 at 01:03:57PM +0300, Michael S. Tsirkin wrote: On Mon, Apr 02, 2012 at 02:17:36PM +1000, David Gibson wrote: Currently the pseries PCI code uses a somewhat strange scheme of PCI irq allocation - one per slot up to a maximum that's greater than the usual 4. This scheme more or less worked, because we were able to tell the guest the irq mapping in the device tree, however it's nonstandard and may break assumptions in the future. Worse, the array used to construct the dev tree interrupt map was mis-sized, we got away with it only because it happened that our SPAPR_PCI_NUM_LSI value was greater than 7. This patch changes the pseries PCI code to use the normal PCI interrupt swizzling scheme instead, I don't see anything wrong with the code - I assume someone who applies this knows about real hardware and can check that it behaves as emulated here. Because the device tree lets us advertise to the guest precisely how the interrupts are mapped, it doesn't really matter whether we behave identically to real hardware (the PAPR platform we're emulating here is already a para-virtualized environment running under a hypervisor, so real isn't a particularly clear concept). I'm not sure if all pseries machines (and/or hypervisor versions) are the same in this regard, but the new scheme is certainly in use. As long as the device tree has the correct information, really any interrupt mapping scheme is compliant with PAPR. But I don't remember any standard scheme except for bridge devices, and this isn't one, is it? Care to clarify? Well, the standard swizzling scheme is for p2p bridges, whereas this is a host bridge, but there's no reason not to use the same scheme for both. This will become more important when we implement pass-through. On pSeries the unit of passthrough can be either a host bridge or a p2p bridge, and having the same swizzling scheme will make life easier. Plus this scheme is basically just better - it won't force all the functions of a multi-function device to share an interrupt. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Re: [Qemu-devel] [PATCH v2 0/6] prep: some fixes and Super I/O emulation
On Sun, Apr 15, 2012 at 10:50, Artyom Tarasenko atar4q...@gmail.com wrote: On 4/14/12, Hervé Poussineau hpous...@reactos.org wrote: Hi, Patches 1 to 3 implement the pc87312 Super I/O chip. Nice. It looks pretty similar to the SuperIO chip used in Ultra-5. We could re-use it in our sun4u machine. Blue, what do you think? I guess all SuperIO chips look similar because they implement the ISA PC hardware. If there are no user visible differences, we could use this chip. This patch has been tested on PReP emulation and on IBM 40p (not yet committed). Missing part is dynamic reconfiguration of devices (serial, parallel, floppy, IDE). Would it be difficult to implement it? Proprietary Firmware tries to reconfigure them during the initialization. Although it might be satisfied if expected aliases are provided. However, it is not strictly needed as initial configuration can be changed with a property. Patch 4 completes the qdev-ification of Raven PCI host, where INTA register was mistakenly left in PReP machine. Patches 5 and 6 fix PC speaker in PReP machine, which had never worked. This patchset is based on Andreas prep-up branch. Changes v1 - v2: - removed patches already committed to prep-up branch - removed patch which changes the default CPU of prep machine - changed patches 2/3 according to remarks of Paolo and Andreas - added patches 4 to 6 Hervé Poussineau (6): isa: add isa_bus_from_device() method prep: add pc87312 Super I/O emulation prep: use pc87312 Super I/O chip instead of collection of random ISA devices prep: move int-ack register from PReP to Raven PCI emulation pcspk: initialize PC speaker if compiled in prep: initialize pc speaker Makefile.objs | 1 + arch_init.c | 2 +- default-configs/ppc-softmmu.mak | 2 + hw/isa.h | 5 + hw/pc87312.c | 405 +++ hw/ppc_prep.c | 78 +--- hw/prep_pci.c | 14 ++ trace-events | 8 + 8 files changed, 446 insertions(+), 69 deletions(-) create mode 100644 hw/pc87312.c -- 1.7.9.1 -- Regards, Artyom Tarasenko solaris/sparc under qemu blog: http://tyom.blogspot.com/search/label/qemu
Re: [Qemu-devel] [PATCH 2/3] pseries: Use more conventional PCI interrupt swizzling
On Sun, Apr 15, 2012 at 09:47:47PM +1000, David Gibson wrote: On Sun, Apr 15, 2012 at 01:03:57PM +0300, Michael S. Tsirkin wrote: On Mon, Apr 02, 2012 at 02:17:36PM +1000, David Gibson wrote: Currently the pseries PCI code uses a somewhat strange scheme of PCI irq allocation - one per slot up to a maximum that's greater than the usual 4. This scheme more or less worked, because we were able to tell the guest the irq mapping in the device tree, however it's nonstandard and may break assumptions in the future. Worse, the array used to construct the dev tree interrupt map was mis-sized, we got away with it only because it happened that our SPAPR_PCI_NUM_LSI value was greater than 7. This patch changes the pseries PCI code to use the normal PCI interrupt swizzling scheme instead, I don't see anything wrong with the code - I assume someone who applies this knows about real hardware and can check that it behaves as emulated here. Because the device tree lets us advertise to the guest precisely how the interrupts are mapped, it doesn't really matter whether we behave identically to real hardware (the PAPR platform we're emulating here is already a para-virtualized environment running under a hypervisor, so real isn't a particularly clear concept). I'm not sure if all pseries machines (and/or hypervisor versions) are the same in this regard, but the new scheme is certainly in use. As long as the device tree has the correct information, really any interrupt mapping scheme is compliant with PAPR. So no need to check that then :) But I don't remember any standard scheme except for bridge devices, and this isn't one, is it? Care to clarify? Well, the standard swizzling scheme is for p2p bridges, whereas this is a host bridge, but there's no reason not to use the same scheme for both. This will become more important when we implement pass-through. On pSeries the unit of passthrough can be either a host bridge or a p2p bridge, and having the same swizzling scheme will make life easier. So the comment 'use standard PCI swizzling' misleads in implying the motivation is the standard. Better remove it, or replace with real motivation. Plus this scheme is basically just better - it won't force all the functions of a multi-function device to share an interrupt. Only if some functions use pin != INTA. Maybe it's true for pseries? On the pc most of them use INTA. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au| minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Re: [Qemu-devel] [SeaBIOS] [ANNOUNCE] SeaBIOS 1.7.0
Great! :) Nice to see a new release out. Please make a notice about the release on the front page of the seabios website. On Sun, Apr 15, 2012 at 4:48 AM, Kevin O'Connor ke...@koconnor.net wrote: The 1.7.0 version of SeaBIOS has now been released. For more information on the release, please see: http://seabios.org/Releases New in this release: * Many enhancements to VGA BIOS code - it should now be feature complete with LGPL vgabios. * Support for virtio-scsi. * Improved USB drive (usb-msc) support. * Several USB controller bug fixes and improvements. * Runtime ACPI AML PCI hotplug construction. * Support for running on i386 and i486 CPUs. * Enhancements to PCI init when running on emulators. * Several bug fixes For information on obtaining SeaBIOS, please see: http://seabios.org/Download -Kevin ___ SeaBIOS mailing list seab...@seabios.org http://www.seabios.org/mailman/listinfo/seabios
[Qemu-devel] [Bug 982321] [NEW] User mode arm qemu segfault
Public bug reported: The full error is attached. Fixed by using downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 M Makefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 M target-arm ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/982321 Title: User mode arm qemu segfault Status in QEMU: New Bug description: The full error is attached. Fixed by using downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/982321/+subscriptions
[Qemu-devel] [Bug 982321] Re: User mode arm qemu segfault
** Attachment added: log https://bugs.launchpad.net/bugs/982321/+attachment/3071027/+files/SLidNn8F.txt -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/982321 Title: User mode arm qemu segfault Status in QEMU: New Bug description: The full error is attached. Fixed by using downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/982321/+subscriptions
[Qemu-devel] [PATCH 00/32] target-arm: refactor copro register implementation
This patchseries refactors the target-arm handling of coprocessor
registers so that you define each register with a struct (and
possibly some read/write/reset functions), rather than having
huge nested switch statements in get_cp15()/set_cp15().
My main aim here was to get rid of the unmaintainable switch
statements. The series also removes all the behaviour depends
on value of main ID register code by a combination of defining
implementation-specific cp15 regs in the implementation subclass
instance init functions, and some extra feature bits.
As well as get/set_cp15, we also can remove the rather limited
existing effort at define a cp register used by the pxa2xx
boards, and the framework has 64 bit register support which should
provide a nice clean base to implement LPAE registers.
Patch 1 defines all the new infrastructure/framework, while leaving
the old functions in place. The remaining patches convert small
subsets of the cp registers, until everything has moved over and
the old functions can be deleted.
The conversion functions mostly take the approach of preserving
the old QEMU behaviour even if it's not really right. However
in some cases I have tightened up behaviour where it was both
obviously wrong and painful to reproduce the same brokenness
in the new scheme. I've generally remarked on those cases in the
individual commit comments.
I wanted to squeeze this in before the soft freeze deadline, so
there might be a few rough edges. We can make a decision about
whether it actually makes sense to commit before hardfreeze
depending on how the review phase goes.
The patchseries sits on top of the 'drop cpu_reset_model_id()'
v2 patchset I sent out yesterday. The whole thing is available
in git at:
git://git.linaro.org/people/pmaydell/qemu-arm.git cp15-on-qom-on-miniqom
and pointy-clicky web version:
http://git.linaro.org/gitweb?p=people/pmaydell/qemu-arm.git;a=shortlog;h=refs/heads/cp15-on-qom-on-miniqom
thanks
-- PMM
Peter Maydell (32):
target-arm: initial coprocessor register framework
hw/pxa2xx: Convert cp14 perf registers to new scheme
hw/pxa2xx.c: Convert CLKCFG and PWRMODE cp14 regs
hw/pxa2xx_pic: Convert coprocessor registers to new scheme
target-arm: Remove old cpu_arm_set_cp_io infrastructure
target-arm: Add register_cp_regs_for_features()
target-arm: Convert debug registers to cp_reginfo
target-arm: Convert TEECR, TEEHBR to new scheme
target-arm: Convert WFI/barriers special cases to cp_reginfo
target-arm: Convert TLS registers
target-arm: Convert performance monitor registers
target-arm: Convert generic timer cp15 regs
target-arm: Convert cp15 c3 register
target-arm: Convert MMU fault status cp15 registers
target-arm: Convert cp15 crn=2 registers
target-arm: Convert cp15 crn=13 registers
target-arm: Convert cp15 crn=10 registers
target-arm: Convert cp15 crn=15 registers
target-arm: Convert cp15 MMU TLB control
target-arm: Convert cp15 VA-PA translation registers
target-arm: convert cp15 crn=7 registers
target-arm: Convert cp15 crn=6 registers
target-arm: Convert cp15 crn=9 registers
target-arm: Convert cp15 crn=1 registers
target-arm: Convert cp15 crn=0 crm={1,2} feature registers
target-arm: Convert cp15 cache ID registers
target-arm: Convert MPIDR
target-arm: Convert final ID registers
target-arm: Remove c0_cachetype CPUARMState field
target-arm: Move block cache ops to new cp15 framework
target-arm: Remove remaining old cp15 infrastructure
target-arm: Remove ARM_CPUID_* macros
hw/pxa2xx.c| 285 +++
hw/pxa2xx_pic.c| 53 +-
linux-user/cpu-uname.c |5 +-
target-arm/cpu-qom.h |2 +
target-arm/cpu.c | 220 --
target-arm/cpu.h | 261 ++-
target-arm/helper.c| 2046 ++-
target-arm/helper.h| 11 +-
target-arm/machine.c |2 -
target-arm/op_helper.c | 42 +-
target-arm/translate.c | 473
11 files changed, 1865 insertions(+), 1535 deletions(-)
[Qemu-devel] [PATCH 32/32] target-arm: Remove ARM_CPUID_* macros
All the uses of ARM_CPUID() to vary behaviour have now been
removed, so we can delete the ARM_CPUID_* macros now.
The one exception is the TI915T/925T, because of its odd behaviour
where the MIDR value can be changed at runtime.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
linux-user/cpu-uname.c |5 +---
target-arm/cpu.c | 50
target-arm/cpu.h | 27 -
3 files changed, 26 insertions(+), 56 deletions(-)
diff --git a/linux-user/cpu-uname.c b/linux-user/cpu-uname.c
index ddc37be..59cd647 100644
--- a/linux-user/cpu-uname.c
+++ b/linux-user/cpu-uname.c
@@ -35,10 +35,7 @@ const char *cpu_to_uname_machine(void *cpu_env)
* armv7l; to get a list of CPU arch names from the linux source, use:
* grep arch_name: -A1 linux/arch/arm/mm/proc-*.S
* see arch/arm/kernel/setup.c: setup_processor()
- *
- * to test by CPU id, compare cpu_env-cp15.c0_cpuid to ARM_CPUID_*
- * defines and to test by CPU feature, use arm_feature(cpu_env,
- * ARM_FEATURE_*) */
+ */
/* in theory, endianness is configurable on some ARM CPUs, but this isn't
* used in user mode emulation */
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index dc124f6..422a33c 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -199,7 +199,7 @@ static void arm926_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_VFP);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
set_feature(cpu-env, ARM_FEATURE_CACHE_TEST_CLEAN);
-cpu-midr = ARM_CPUID_ARM926;
+cpu-midr = 0x41069265;
cpu-reset_fpsid = 0x41011090;
cpu-ctr = 0x1dd20d2;
cpu-reset_sctlr = 0x00090078;
@@ -211,7 +211,7 @@ static void arm946_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_V5);
set_feature(cpu-env, ARM_FEATURE_MPU);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
-cpu-midr = ARM_CPUID_ARM946;
+cpu-midr = 0x41059461;
cpu-ctr = 0x0f004006;
cpu-reset_sctlr = 0x0078;
}
@@ -224,7 +224,7 @@ static void arm1026_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_AUXCR);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
set_feature(cpu-env, ARM_FEATURE_CACHE_TEST_CLEAN);
-cpu-midr = ARM_CPUID_ARM1026;
+cpu-midr = 0x4106a262;
cpu-reset_fpsid = 0x410110a0;
cpu-ctr = 0x1dd20d2;
cpu-reset_sctlr = 0x00090078;
@@ -256,7 +256,7 @@ static void arm1136_r2_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG);
set_feature(cpu-env, ARM_FEATURE_CACHE_BLOCK_OPS);
-cpu-midr = ARM_CPUID_ARM1136_R2;
+cpu-midr = 0x4107b362;
cpu-reset_fpsid = 0x410120b4;
cpu-mvfr0 = 0x;
cpu-mvfr1 = 0x;
@@ -286,7 +286,7 @@ static void arm1136_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG);
set_feature(cpu-env, ARM_FEATURE_CACHE_BLOCK_OPS);
-cpu-midr = ARM_CPUID_ARM1136;
+cpu-midr = 0x4117b363;
cpu-reset_fpsid = 0x410120b4;
cpu-mvfr0 = 0x;
cpu-mvfr1 = 0x;
@@ -315,7 +315,7 @@ static void arm1176_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_VAPA);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG);
-cpu-midr = ARM_CPUID_ARM1176;
+cpu-midr = 0x410fb767;
cpu-reset_fpsid = 0x410120b5;
cpu-mvfr0 = 0x;
cpu-mvfr1 = 0x;
@@ -344,7 +344,7 @@ static void arm11mpcore_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_VAPA);
set_feature(cpu-env, ARM_FEATURE_MPIDR);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
-cpu-midr = ARM_CPUID_ARM11MPCORE;
+cpu-midr = 0x410fb022;
cpu-reset_fpsid = 0x410120b4;
cpu-mvfr0 = 0x;
cpu-mvfr1 = 0x;
@@ -369,7 +369,7 @@ static void cortex_m3_initfn(Object *obj)
ARMCPU *cpu = ARM_CPU(obj);
set_feature(cpu-env, ARM_FEATURE_V7);
set_feature(cpu-env, ARM_FEATURE_M);
-cpu-midr = ARM_CPUID_CORTEXM3;
+cpu-midr = 0x410fc231;
}
static const ARMCPRegInfo cortexa8_cp_reginfo[] = {
@@ -388,7 +388,7 @@ static void cortex_a8_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_NEON);
set_feature(cpu-env, ARM_FEATURE_THUMB2EE);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
-cpu-midr = ARM_CPUID_CORTEXA8;
+cpu-midr = 0x410fc080;
cpu-reset_fpsid = 0x410330c0;
cpu-mvfr0 = 0x0222;
cpu-mvfr1 = 0x00011100;
@@ -456,7 +456,7 @@ static void cortex_a9_initfn(Object *obj)
* and valid configurations; we don't model A9UP).
*/
set_feature(cpu-env, ARM_FEATURE_V7MP);
-cpu-midr = ARM_CPUID_CORTEXA9;
+cpu-midr = 0x410fc090;
cpu-reset_fpsid = 0x41033090;
cpu-mvfr0 = 0x0222;
cpu-mvfr1 = 0x0111;
@@ -523,7 +523,7 @@ static void cortex_a15_initfn(Object
[Qemu-devel] [PATCH 12/32] target-arm: Convert generic timer cp15 regs
Convert the (dummy) generic timer cp15 implementation.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 23 +++
1 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index c61e0de..620e652 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -323,6 +323,14 @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
+/* Dummy implementation: RAZ/WI the whole crn=14 space */
+{ .name = GENERIC_TIMER, .cp = 15, .crn = 14,
+ .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -359,6 +367,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
define_arm_cp_regs(env, t2ee_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
+define_arm_cp_regs(env, generic_timer_cp_reginfo);
+}
}
CPUARMState *cpu_arm_init(const char *cpu_model)
@@ -1708,12 +1719,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
goto bad_reg;
}
break;
-case 14: /* Generic timer */
-if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
-/* Dummy implementation: RAZ/WI for all */
-break;
-}
-goto bad_reg;
case 15: /* Implementation specific. */
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
if (op2 == 0 crm == 1) {
@@ -2053,12 +2058,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
default:
goto bad_reg;
}
-case 14: /* Generic timer */
-if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
-/* Dummy implementation: RAZ/WI for all */
-return 0;
-}
-goto bad_reg;
case 15: /* Implementation specific. */
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
if (op2 == 0 crm == 1)
--
1.7.1
Re: [Qemu-devel] [Bug 982321] [NEW] User mode arm qemu segfault
Am 15.04.2012 15:34, schrieb Serge Schneider: Public bug reported: The full error is attached. Fixed by using downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm Can you provide a backtrace of what free() is the problem here? Or a statically compiled testcase to reproduce? Thanks, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [Bug 982321] Re: User mode arm qemu segfault
** Description changed: The full error is attached. - Fixed by using downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb + Fixed by downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + - target-arm: Minimalistic CPU QOM'ification - - Introduce only one non-abstract type TYPE_ARM_CPU and do not touch - cp15 registers to not interfere with Peter's ongoing remodelling. - Embed CPUARMState as first (additional) field of ARMCPU. - - Let CPUClass::reset() call cpu_state_reset() for now. - - Signed-off-by: Andreas F��rber afaer...@suse.de - Signed-off-by: Peter Maydell peter.mayd...@linaro.org + target-arm: Minimalistic CPU QOM'ification + + Introduce only one non-abstract type TYPE_ARM_CPU and do not touch + cp15 registers to not interfere with Peter's ongoing remodelling. + Embed CPUARMState as first (additional) field of ARMCPU. + + Let CPUClass::reset() call cpu_state_reset() for now. + + Signed-off-by: Andreas F��rber afaer...@suse.de + Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/982321 Title: User mode arm qemu segfault Status in QEMU: New Bug description: The full error is attached. Fixed by downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/982321/+subscriptions
[Qemu-devel] [PATCH 04/32] hw/pxa2xx_pic: Convert coprocessor registers to new scheme
Convert the coprocessor access functions for the pxa2xx PIC to the
arm_cp_reginfo scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
hw/pxa2xx_pic.c | 53 +++--
1 files changed, 31 insertions(+), 22 deletions(-)
diff --git a/hw/pxa2xx_pic.c b/hw/pxa2xx_pic.c
index a806b80..04c4d88 100644
--- a/hw/pxa2xx_pic.c
+++ b/hw/pxa2xx_pic.c
@@ -206,33 +206,42 @@ static const int pxa2xx_cp_reg_map[0x10] = {
[0xa] = ICPR2,
};
-static uint32_t pxa2xx_pic_cp_read(void *opaque, int op2, int reg, int crm)
+static int pxa2xx_pic_cp_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
{
-target_phys_addr_t offset;
-
-if (pxa2xx_cp_reg_map[reg] == -1) {
-printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
-return 0;
-}
-
-offset = pxa2xx_cp_reg_map[reg];
-return pxa2xx_pic_mem_read(opaque, offset, 4);
+int offset = pxa2xx_cp_reg_map[ri-crn];
+*value = pxa2xx_pic_mem_read(ri-opaque, offset, 4);
+return 0;
}
-static void pxa2xx_pic_cp_write(void *opaque, int op2, int reg, int crm,
-uint32_t value)
+static int pxa2xx_pic_cp_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
{
-target_phys_addr_t offset;
-
-if (pxa2xx_cp_reg_map[reg] == -1) {
-printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
-return;
-}
-
-offset = pxa2xx_cp_reg_map[reg];
-pxa2xx_pic_mem_write(opaque, offset, value, 4);
+int offset = pxa2xx_cp_reg_map[ri-crn];
+pxa2xx_pic_mem_write(ri-opaque, offset, value, 4);
+return 0;
}
+#define REGINFO_FOR_PIC_CP(NAME, CRN) \
+{ .name = NAME, .cp = 6, .crn = CRN, .crm = 0, .opc1 = 0, .opc2 = 0, \
+ .access = PL1_RW, \
+ .readfn = pxa2xx_pic_cp_read, .writefn = pxa2xx_pic_cp_write }
+
+static const ARMCPRegInfo pxa_pic_cp_reginfo[] = {
+REGINFO_FOR_PIC_CP(ICIP, 0),
+REGINFO_FOR_PIC_CP(ICMR, 1),
+REGINFO_FOR_PIC_CP(ICLR, 2),
+REGINFO_FOR_PIC_CP(ICFP, 3),
+REGINFO_FOR_PIC_CP(ICPR, 4),
+REGINFO_FOR_PIC_CP(ICHP, 5),
+REGINFO_FOR_PIC_CP(ICIP2, 6),
+REGINFO_FOR_PIC_CP(ICMR2, 7),
+REGINFO_FOR_PIC_CP(ICLR2, 8),
+REGINFO_FOR_PIC_CP(ICFP2, 9),
+REGINFO_FOR_PIC_CP(ICPR2, 0xa),
+REGINFO_SENTINEL
+};
+
static const MemoryRegionOps pxa2xx_pic_ops = {
.read = pxa2xx_pic_mem_read,
.write = pxa2xx_pic_mem_write,
@@ -270,7 +279,7 @@ DeviceState *pxa2xx_pic_init(target_phys_addr_t base,
CPUARMState *env)
sysbus_mmio_map(sysbus_from_qdev(dev), 0, base);
/* Enable IC coprocessor access. */
-cpu_arm_set_cp_io(env, 6, pxa2xx_pic_cp_read, pxa2xx_pic_cp_write, s);
+define_arm_cp_regs_with_opaque(env, pxa_pic_cp_reginfo, s);
return dev;
}
--
1.7.1
[Qemu-devel] [PATCH 00/20] w64: Add support for new host
These patches add support for w64 hosts. Patch 01 was already sent. It is needed for debugging of QEMU on w64. The patches can also be pulled from git://qemu.weilnetz.de/qemu.git w64 I tested all resulting 64 bit binaries by calling them without arguments (so only the BIOS or other startup code was run). Some of them crash, but this behaviour is compatible with Linux where they crash, too. For i386 and x86_64, I also started a Debian GNU Linux system (works) and a Windows 7 (64 bit) image (blue screen). This is also compatible with QEMU on Linux. Regards, Stefan W. [PATCH 01/20] tcg/i386: Use GDB JIT debugging interface only for hosts with ELF [PATCH 02/20] tcg/i386: Add support for w64 ABI [PATCH 03/20] w64: Fix type casts used in some macros in cpu-all.h [PATCH 04/20] w64: Fix data types in cpu-all.h, exec.c [PATCH 05/20] w64: Use larger alignment for section with generated code [PATCH 06/20] w32: Move defines for socket specific errors to qemu-os-win32.h [PATCH 07/20] w64: Fix definition of setjmp [PATCH 08/20] w64: Undefine macro SYS_OPEN (fixes a compiler warning) [PATCH 09/20] w64: Fix struct CPUTLBEntry [PATCH 10/20] softmmu: Use uintptr_t for physaddr [PATCH 11/20] w64: Use uintptr_t in exec.c [PATCH 12/20] w64: Fix data types in softmmu*.h [PATCH 13/20] w64: Fix type cast in os_host_main_loop_wait [PATCH 14/20] target-mips: Fix type cast for w64 (uintptr_t) [PATCH 15/20] target-ppc: Fix type casts for w64 (uintptr_t) [PATCH 16/20] cpu-exec: Remove non-portable type cast and fix format string [PATCH 17/20] disas: Replace 'unsigned long' by 'uintptr_t' [PATCH 18/20] nbd: Fix compiler warning (w64) [PATCH 19/20] w64: Fix time conversion for some versions of MinGW-w64 [PATCH 20/20] block: Avoid compiler warning for w64
[Qemu-devel] [PATCH 03/20] w64: Fix type casts used in some macros in cpu-all.h
Instead of type casts to long, w64 needs type casts to intptr_t. For other hosts, this changes nothing. Signed-off-by: Stefan Weil s...@weilnetz.de --- cpu-all.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpu-all.h b/cpu-all.h index 4512518..58420be 100644 --- a/cpu-all.h +++ b/cpu-all.h @@ -222,8 +222,8 @@ extern unsigned long reserved_va; #else /* !CONFIG_USER_ONLY */ /* NOTE: we use double casts if pointers and target_ulong have different sizes */ -#define saddr(x) (uint8_t *)(long)(x) -#define laddr(x) (uint8_t *)(long)(x) +#define saddr(x) (uint8_t *)(intptr_t)(x) +#define laddr(x) (uint8_t *)(intptr_t)(x) #endif #define ldub_raw(p) ldub_p(laddr((p))) -- 1.7.0.4
[Qemu-devel] [PATCH 10/20] softmmu: Use uintptr_t for physaddr
Variable physaddr is a host address which should be represented by
data type 'uintptr_t'.
This is needed for w64 and changes nothing for other hosts.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
softmmu_header.h |9 +++--
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/softmmu_header.h b/softmmu_header.h
index 6b72093..edc7826 100644
--- a/softmmu_header.h
+++ b/softmmu_header.h
@@ -99,7 +99,6 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX), MEMSUFFIX)(ENV_PARAM
int page_index;
RES_TYPE res;
target_ulong addr;
-unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -111,7 +110,7 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX),
MEMSUFFIX)(ENV_PARAM
addr,
mmu_idx);
} else {
-physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
}
return res;
@@ -124,7 +123,6 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
{
int res, page_index;
target_ulong addr;
-unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -135,7 +133,7 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
res = (DATA_STYPE)glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_VAR addr, mmu_idx);
} else {
-physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
res = glue(glue(lds, SUFFIX), _raw)((uint8_t *)physaddr);
}
return res;
@@ -152,7 +150,6 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
{
int page_index;
target_ulong addr;
-unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -163,7 +160,7 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
glue(glue(glue(HELPER_PREFIX, st), SUFFIX), MMUSUFFIX)(ENV_VAR addr, v,
mmu_idx);
} else {
-physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
}
}
--
1.7.0.4
[Qemu-devel] [PATCH 21/32] target-arm: convert cp15 crn=7 registers
Convert the cp15 crn=7 registers to the new scheme. Note that to do this we have to distinguish some registers used on the ARM9 and ARM10 from some which are ARM1176 only. This is because the old code returned a value of 0 but always set the Z flag (by clearing env-ZF, since we store the Z flag in CPUState inverted). This is inconsistent with actual ARM CPU behaviour, which only sets flags for reads to r15 and sets them based on the top bits of the result. However it happened to work for the two common use cases for cp15 crn=7 reads: * On ARM9 and ARM10 the cache clean-and-test operations are typically done with a destination of r15 so that you can do a loop: mrc ... ; bne loop to keep cleaning until the cache is finally clean; always setting the Z flag means this loop terminates immediately * on ARM1176 the Cache Dirty Status Register reads as zero if the cache is dirty; returning 0 means this is correctly implemented for QEMU Since the new coprocessor register framework does the right thing of always setting flags based on the returned result for reads to r15, we need to split these up so that we can return (130) for the ARM9/ARM10 registers but 0 for the ARM1176 one. This allows us to remove the nasty hack which always sets Z. Signed-off-by: Peter Maydell peter.mayd...@linaro.org --- target-arm/cpu.c| 18 ++ target-arm/cpu.h|3 ++ target-arm/helper.c | 62 +- 3 files changed, 72 insertions(+), 11 deletions(-) diff --git a/target-arm/cpu.c b/target-arm/cpu.c index cf59e08..01de653 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -214,6 +214,8 @@ static void arm926_initfn(Object *obj) ARMCPU *cpu = ARM_CPU(obj); set_feature(cpu-env, ARM_FEATURE_V5); set_feature(cpu-env, ARM_FEATURE_VFP); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_CACHE_TEST_CLEAN); cpu-midr = ARM_CPUID_ARM926; cpu-reset_fpsid = 0x41011090; cpu-ctr = 0x1dd20d2; @@ -225,6 +227,7 @@ static void arm946_initfn(Object *obj) ARMCPU *cpu = ARM_CPU(obj); set_feature(cpu-env, ARM_FEATURE_V5); set_feature(cpu-env, ARM_FEATURE_MPU); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); cpu-midr = ARM_CPUID_ARM946; cpu-ctr = 0x0f004006; cpu-reset_sctlr = 0x0078; @@ -236,6 +239,8 @@ static void arm1026_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_V5); set_feature(cpu-env, ARM_FEATURE_VFP); set_feature(cpu-env, ARM_FEATURE_AUXCR); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_CACHE_TEST_CLEAN); cpu-midr = ARM_CPUID_ARM1026; cpu-reset_fpsid = 0x410110a0; cpu-ctr = 0x1dd20d2; @@ -254,6 +259,9 @@ static void arm1136_r2_initfn(Object *obj) */ set_feature(cpu-env, ARM_FEATURE_V6); set_feature(cpu-env, ARM_FEATURE_VFP); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG); +set_feature(cpu-env, ARM_FEATURE_CACHE_BLOCK_OPS); cpu-midr = ARM_CPUID_ARM1136_R2; cpu-reset_fpsid = 0x410120b4; cpu-mvfr0 = 0x; @@ -280,6 +288,9 @@ static void arm1136_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_V6K); set_feature(cpu-env, ARM_FEATURE_V6); set_feature(cpu-env, ARM_FEATURE_VFP); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG); +set_feature(cpu-env, ARM_FEATURE_CACHE_BLOCK_OPS); cpu-midr = ARM_CPUID_ARM1136; cpu-reset_fpsid = 0x410120b4; cpu-mvfr0 = 0x; @@ -306,6 +317,8 @@ static void arm1176_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_V6K); set_feature(cpu-env, ARM_FEATURE_VFP); set_feature(cpu-env, ARM_FEATURE_VAPA); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG); cpu-midr = ARM_CPUID_ARM1176; cpu-reset_fpsid = 0x410120b5; cpu-mvfr0 = 0x; @@ -332,6 +345,7 @@ static void arm11mpcore_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_V6K); set_feature(cpu-env, ARM_FEATURE_VFP); set_feature(cpu-env, ARM_FEATURE_VAPA); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); cpu-midr = ARM_CPUID_ARM11MPCORE; cpu-reset_fpsid = 0x410120b4; cpu-mvfr0 = 0x; @@ -366,6 +380,7 @@ static void cortex_a8_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_VFP3); set_feature(cpu-env, ARM_FEATURE_NEON); set_feature(cpu-env, ARM_FEATURE_THUMB2EE); +set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); cpu-midr = ARM_CPUID_CORTEXA8; cpu-reset_fpsid = 0x410330c0; cpu-mvfr0 = 0x0222; @@ -475,6 +490,7 @@ static void cortex_a15_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_ARM_DIV); set_feature(cpu-env, ARM_FEATURE_V7MP); set_feature(cpu-env, ARM_FEATURE_GENERIC_TIMER); +set_feature(cpu-env,
[Qemu-devel] [PATCH 08/32] target-arm: Convert TEECR, TEEHBR to new scheme
Convert the THUMB2EE cp14 registers TEECR and TEEHBR to
use arm_cp_reginfo.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 55 +--
target-arm/helper.h|2 -
target-arm/translate.c | 66
3 files changed, 46 insertions(+), 77 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 7dfee7a..997d476 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -82,6 +82,49 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int teecr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+value = 1;
+env-teecr = value;
+return 0;
+}
+
+static int teehbr_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+/* This is a helper function because the user access rights
+ * depend on the value of the TEECR.
+ */
+if (arm_current_pl(env) == 0 (env-teecr 1)) {
+return EXCP_UDEF;
+}
+*value = env-teehbr;
+return 0;
+}
+
+static int teehbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (arm_current_pl(env) == 0 (env-teecr 1)) {
+return EXCP_UDEF;
+}
+env-teehbr = value;
+return 0;
+}
+
+static const ARMCPRegInfo t2ee_cp_reginfo[] = {
+{ .name = TEECR, .cp = 14, .crn = 0, .crm = 0, .opc1 = 6, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, teecr),
+ .resetvalue = 0,
+ .writefn = teecr_write },
+{ .name = TEEHBR, .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
+ .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
+ .resetvalue = 0,
+ .readfn = teehbr_read, .writefn = teehbr_write },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -95,6 +138,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_V7)) {
define_arm_cp_regs(env, v7_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
+define_arm_cp_regs(env, t2ee_cp_reginfo);
+}
}
CPUARMState *cpu_arm_init(const char *cpu_model)
@@ -2938,12 +2984,3 @@ float64 VFP_HELPER(muladd, d)(float64 a, float64 b,
float64 c, void *fpstp)
float_status *fpst = fpstp;
return float64_muladd(a, b, c, 0, fpst);
}
-
-void HELPER(set_teecr)(CPUARMState *env, uint32_t val)
-{
-val = 1;
-if (env-teecr != val) {
-env-teecr = val;
-tb_flush(env);
-}
-}
diff --git a/target-arm/helper.h b/target-arm/helper.h
index bb6b85d..a0034ae 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -461,8 +461,6 @@ DEF_HELPER_3(iwmmxt_muladdsl, i64, i64, i32, i32)
DEF_HELPER_3(iwmmxt_muladdsw, i64, i64, i32, i32)
DEF_HELPER_3(iwmmxt_muladdswl, i64, i64, i32, i32)
-DEF_HELPER_2(set_teecr, void, env, i32)
-
DEF_HELPER_3(neon_unzip8, void, env, i32, i32)
DEF_HELPER_3(neon_unzip16, void, env, i32, i32)
DEF_HELPER_3(neon_qunzip8, void, env, i32, i32)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 8b71a1a..6e9d7a3 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -6355,67 +6355,6 @@ static int disas_neon_data_insn(CPUARMState * env,
DisasContext *s, uint32_t ins
return 0;
}
-static int disas_cp14_read(CPUARMState * env, DisasContext *s, uint32_t insn)
-{
-int crn = (insn 16) 0xf;
-int crm = insn 0xf;
-int op1 = (insn 21) 7;
-int op2 = (insn 5) 7;
-int rt = (insn 12) 0xf;
-TCGv tmp;
-
-if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
-if (op1 == 6 crn == 0 crm == 0 op2 == 0) {
-/* TEECR */
-if (IS_USER(s))
-return 1;
-tmp = load_cpu_field(teecr);
-store_reg(s, rt, tmp);
-return 0;
-}
-if (op1 == 6 crn == 1 crm == 0 op2 == 0) {
-/* TEEHBR */
-if (IS_USER(s) (env-teecr 1))
-return 1;
-tmp = load_cpu_field(teehbr);
-store_reg(s, rt, tmp);
-return 0;
-}
-}
-return 1;
-}
-
-static int disas_cp14_write(CPUARMState * env, DisasContext *s, uint32_t insn)
-{
-int crn = (insn 16) 0xf;
-int crm = insn 0xf;
-int op1 = (insn 21) 7;
-int op2 = (insn 5) 7;
-int rt = (insn 12) 0xf;
-TCGv tmp;
-
-if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
-if (op1 == 6 crn == 0 crm == 0 op2 == 0) {
-/* TEECR */
-if (IS_USER(s))
-return 1;
-tmp = load_reg(s, rt);
-gen_helper_set_teecr(cpu_env, tmp);
-tcg_temp_free_i32(tmp);
-return 0;
-}
-if (op1 == 6 crn == 1 crm == 0 op2 == 0) {
-/* TEEHBR */
-if (IS_USER(s)
[Qemu-devel] [PATCH 25/32] target-arm: Convert cp15 crn=0 crm={1, 2} feature registers
Convert the cp15 crn=0 crm={1,2} features registers to
the new cp reg framework.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c| 14 ---
target-arm/cpu.h|2 -
target-arm/helper.c | 62 --
3 files changed, 54 insertions(+), 24 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 0141296..f5a392b 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -77,20 +77,6 @@ static void arm_cpu_reset(CPUState *s)
env-vfp.xregs[ARM_VFP_MVFR0] = cpu-mvfr0;
env-vfp.xregs[ARM_VFP_MVFR1] = cpu-mvfr1;
env-cp15.c0_cachetype = cpu-ctr;
-env-cp15.c0_c1[0] = cpu-id_pfr0;
-env-cp15.c0_c1[1] = cpu-id_pfr1;
-env-cp15.c0_c1[2] = cpu-id_dfr0;
-env-cp15.c0_c1[3] = cpu-id_afr0;
-env-cp15.c0_c1[4] = cpu-id_mmfr0;
-env-cp15.c0_c1[5] = cpu-id_mmfr1;
-env-cp15.c0_c1[6] = cpu-id_mmfr2;
-env-cp15.c0_c1[7] = cpu-id_mmfr3;
-env-cp15.c0_c2[0] = cpu-id_isar0;
-env-cp15.c0_c2[1] = cpu-id_isar1;
-env-cp15.c0_c2[2] = cpu-id_isar2;
-env-cp15.c0_c2[3] = cpu-id_isar3;
-env-cp15.c0_c2[4] = cpu-id_isar4;
-env-cp15.c0_c2[5] = cpu-id_isar5;
env-cp15.c0_clid = cpu-clidr;
memcpy(env-cp15.c0_ccsid, cpu-ccsidr, ARRAY_SIZE(cpu-ccsidr));
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 50976d1..26bce2e 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -111,8 +111,6 @@ typedef struct CPUARMState {
uint32_t c0_ccsid[16]; /* Cache size. */
uint32_t c0_clid; /* Cache level. */
uint32_t c0_cssel; /* Cache size selection. */
-uint32_t c0_c1[8]; /* Feature registers. */
-uint32_t c0_c2[8]; /* Instruction set registers. */
uint32_t c1_sys; /* System control register. */
uint32_t c1_coproc; /* Coprocessor access register. */
uint32_t c1_xscaleauxcr; /* XScale auxiliary control register. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5048ac6..b16ab07 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -829,6 +829,60 @@ void register_cp_regs_for_features(ARMCPU *cpu)
define_arm_cp_regs(env, cp_reginfo);
if (arm_feature(env, ARM_FEATURE_V6)) {
+/* The ID registers all have impdef reset values */
+ARMCPRegInfo v6_idregs[] = {
+{ .name = ID_PFR0, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_pfr0 },
+{ .name = ID_PFR1, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_pfr1 },
+{ .name = ID_DFR0, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_dfr0 },
+{ .name = ID_AFR0, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 3, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_afr0 },
+{ .name = ID_MMFR0, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 4, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_mmfr0 },
+{ .name = ID_MMFR1, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_mmfr1 },
+{ .name = ID_MMFR2, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 6, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_mmfr2 },
+{ .name = ID_MMFR3, .cp = 15, .crn = 0, .crm = 1,
+ .opc1 = 0, .opc2 = 7, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_mmfr3 },
+{ .name = ID_ISAR0, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar0 },
+{ .name = ID_ISAR1, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar1 },
+{ .name = ID_ISAR2, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar2 },
+{ .name = ID_ISAR3, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 3, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar3 },
+{ .name = ID_ISAR4, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 4, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar4 },
+{ .name = ID_ISAR5, .cp = 15, .crn = 0, .crm = 2,
+ .opc1 = 0, .opc2 = 5, .access = PL1_R, .type = ARM_CP_CONST,
+ .resetvalue = cpu-id_isar5 },
+/* 6..7 are as yet unallocated and must RAZ */
+{ .name =
Re: [Qemu-devel] [PATCH 12/20] w64: Fix data types in softmmu*.h
Am 15.04.2012 16:13, schrieb Stefan Weil:
w64 requires uintptr_t.
Signed-off-by: Stefan Weils...@weilnetz.de
---
softmmu_header.h |6 +++---
softmmu_template.h | 20
2 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/softmmu_header.h b/softmmu_header.h
index edc7826..77c95dc 100644
--- a/softmmu_header.h
+++ b/softmmu_header.h
@@ -111,7 +111,7 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX),
MEMSUFFIX)(ENV_PARAM
mmu_idx);
} else {
uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
+res = glue(glue(ld, USUFFIX), _raw)(physaddr);
}
return res;
}
@@ -134,7 +134,7 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
MMUSUFFIX)(ENV_VAR addr, mmu_idx);
} else {
uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
-res = glue(glue(lds, SUFFIX), _raw)((uint8_t *)physaddr);
+res = glue(glue(lds, SUFFIX), _raw)(physaddr);
}
return res;
}
@@ -161,7 +161,7 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
mmu_idx);
} else {
uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
+glue(glue(st, SUFFIX), _raw)(physaddr, v);
}
}
diff --git a/softmmu_template.h b/softmmu_template.h
index b285d78..8db33c1 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -112,7 +112,6 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_PARAM
int index;
target_ulong tlb_addr;
target_phys_addr_t ioaddr;
-unsigned long addend;
uintptr_t retaddr;
/* test if there is match for unaligned or IO access */
@@ -145,8 +144,8 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_PARAM
do_unaligned_access(ENV_VAR addr, READ_ACCESS_TYPE, mmu_idx,
retaddr);
}
#endif
-addend = env-tlb_table[mmu_idx][index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t
*)(long)(addr+addend));
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(addr+addend));
}
} else {
/* the page is not in the TLB : fill it */
@@ -171,7 +170,6 @@ glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(ENV_PARAM
DATA_TYPE res, res1, res2;
int index, shift;
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr, addr1, addr2;
index = (addr TARGET_PAGE_BITS) (CPU_TLB_SIZE - 1);
@@ -202,8 +200,8 @@ glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(ENV_PARAM
res = (DATA_TYPE)res;
} else {
/* unaligned/aligned access in the same page */
-addend = env-tlb_table[mmu_idx][index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t
*)(long)(addr+addend));
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(addr+addend));
}
} else {
/* the page is not in the TLB : fill it */
@@ -258,7 +256,6 @@ void glue(glue(glue(HELPER_PREFIX, st), SUFFIX),
MMUSUFFIX)(ENV_PARAM
int mmu_idx)
{
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr;
uintptr_t retaddr;
int index;
@@ -290,8 +287,8 @@ void glue(glue(glue(HELPER_PREFIX, st), SUFFIX),
MMUSUFFIX)(ENV_PARAM
do_unaligned_access(ENV_VAR addr, 1, mmu_idx, retaddr);
}
#endif
-addend = env-tlb_table[mmu_idx][index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)(addr+addend), val);
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+glue(glue(st, SUFFIX), _raw)((uint8_t *)(addr+addend), val);
}
} else {
/* the page is not in the TLB : fill it */
@@ -313,7 +310,6 @@ static void glue(glue(slow_st, SUFFIX), MMUSUFFIX)(ENV_PARAM
uintptr_t retaddr)
{
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr;
int index, i;
@@ -345,8 +341,8 @@ static void glue(glue(slow_st, SUFFIX), MMUSUFFIX)(ENV_PARAM
}
} else {
/* aligned/unaligned access in the same page */
-addend = env-tlb_table[mmu_idx][index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)(addr+addend), val);
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+glue(glue(st, SUFFIX), _raw)((uint8_t
[Qemu-devel] [PATCH 02/32] hw/pxa2xx: Convert cp14 perf registers to new scheme
Convert the PXA2xx cp14 perf registers from old-style
coprocessor hooks to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
hw/pxa2xx.c | 142 +-
1 files changed, 61 insertions(+), 81 deletions(-)
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
index ddaa846..38d5b0e 100644
--- a/hw/pxa2xx.c
+++ b/hw/pxa2xx.c
@@ -324,80 +324,11 @@ static void pxa2xx_clkpwr_write(void *opaque, int op2,
int reg, int crm,
}
}
-/* Performace Monitoring Registers */
-#define CPPMNC 0 /* Performance Monitor Control register */
-#define CPCCNT 1 /* Clock Counter register */
-#define CPINTEN4 /* Interrupt Enable register */
-#define CPFLAG 5 /* Overflow Flag register */
-#define CPEVTSEL 8 /* Event Selection register */
-
-#define CPPMN0 0 /* Performance Count register 0 */
-#define CPPMN1 1 /* Performance Count register 1 */
-#define CPPMN2 2 /* Performance Count register 2 */
-#define CPPMN3 3 /* Performance Count register 3 */
-
-static uint32_t pxa2xx_perf_read(void *opaque, int op2, int reg, int crm)
-{
-PXA2xxState *s = (PXA2xxState *) opaque;
-
-switch (reg) {
-case CPPMNC:
-return s-pmnc;
-case CPCCNT:
-if (s-pmnc 1)
-return qemu_get_clock_ns(vm_clock);
-else
-return 0;
-case CPINTEN:
-case CPFLAG:
-case CPEVTSEL:
-return 0;
-
-default:
-printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
-break;
-}
-return 0;
-}
-
-static void pxa2xx_perf_write(void *opaque, int op2, int reg, int crm,
-uint32_t value)
-{
-PXA2xxState *s = (PXA2xxState *) opaque;
-
-switch (reg) {
-case CPPMNC:
-s-pmnc = value;
-break;
-
-case CPCCNT:
-case CPINTEN:
-case CPFLAG:
-case CPEVTSEL:
-break;
-
-default:
-printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
-break;
-}
-}
-
static uint32_t pxa2xx_cp14_read(void *opaque, int op2, int reg, int crm)
{
switch (crm) {
case 0:
return pxa2xx_clkpwr_read(opaque, op2, reg, crm);
-case 1:
-return pxa2xx_perf_read(opaque, op2, reg, crm);
-case 2:
-switch (reg) {
-case CPPMN0:
-case CPPMN1:
-case CPPMN2:
-case CPPMN3:
-return 0;
-}
-/* Fall through */
default:
printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
break;
@@ -412,24 +343,71 @@ static void pxa2xx_cp14_write(void *opaque, int op2, int
reg, int crm,
case 0:
pxa2xx_clkpwr_write(opaque, op2, reg, crm, value);
break;
-case 1:
-pxa2xx_perf_write(opaque, op2, reg, crm, value);
-break;
-case 2:
-switch (reg) {
-case CPPMN0:
-case CPPMN1:
-case CPPMN2:
-case CPPMN3:
-return;
-}
-/* Fall through */
default:
printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
break;
}
}
+static int pxa2xx_cppmnc_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
+*value = s-pmnc;
+return 0;
+}
+
+static int pxa2xx_cppmnc_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
+s-pmnc = value;
+return 0;
+}
+
+static int pxa2xx_cpccnt_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
+if (s-pmnc 1) {
+*value = qemu_get_clock_ns(vm_clock);
+} else {
+*value = 0;
+}
+return 0;
+}
+
+static const ARMCPRegInfo pxa_cp_reginfo[] = {
+/* cp14 crn==1: perf registers */
+{ .name = CPPMNC, .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = pxa2xx_cppmnc_read, .writefn = pxa2xx_cppmnc_write },
+{ .name = CPCCNT, .cp = 14, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .readfn = pxa2xx_cpccnt_read, .writefn = arm_cp_write_ignore },
+{ .name = CPINTEN, .cp = 14, .crn = 1, .crm = 4, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = CPFLAG, .cp = 14, .crn = 1, .crm = 5, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = CPEVTSEL, .cp = 14, .crn = 1, .crm = 8, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+/* cp14 crn==2: performance count registers */
+{ .name = CPPMN0, .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = CPPMN1, .cp = 14, .crn = 2, .crm = 1, .opc1 =
[Qemu-devel] [PATCH 05/32] target-arm: Remove old cpu_arm_set_cp_io infrastructure
All the users of cpu_arm_set_cp_io have been converted, so we
can remove it and the infrastructure it used.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.h | 10
target-arm/helper.c| 54
target-arm/helper.h|3 --
target-arm/translate.c | 41 +---
4 files changed, 1 insertions(+), 107 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index f35d24f..c23c760 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -231,12 +231,6 @@ typedef struct CPUARMState {
/* Coprocessor information */
GHashTable *cp_regs;
-/* Coprocessor IO used by peripherals */
-struct {
-ARMReadCPFunc *cp_read;
-ARMWriteCPFunc *cp_write;
-void *opaque;
-} cp[15];
void *nvic;
const struct arm_boot_info *boot_info;
} CPUARMState;
@@ -403,10 +397,6 @@ void armv7m_nvic_set_pending(void *opaque, int irq);
int armv7m_nvic_acknowledge_irq(void *opaque);
void armv7m_nvic_complete_irq(void *opaque, int irq);
-void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
- ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
- void *opaque);
-
/* Interface for defining coprocessor registers.
* Registers are defined in tables of arm_cp_reginfo structs
* which are passed to define_arm_cp_regs().
diff --git a/target-arm/helper.c b/target-arm/helper.c
index f054fca..60473fc 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -373,21 +373,6 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env,
target_ulong address, int rw,
return 1;
}
-/* These should probably raise undefined insn exceptions. */
-void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
-{
-int op1 = (insn 8) 0xf;
-cpu_abort(env, cp%i insn %08x\n, op1, insn);
-return;
-}
-
-uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
-{
-int op1 = (insn 8) 0xf;
-cpu_abort(env, cp%i insn %08x\n, op1, insn);
-return 0;
-}
-
void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
{
cpu_abort(env, cp15 insn %08x\n, insn);
@@ -1124,31 +1109,6 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUARMState
*env, target_ulong addr)
return phys_addr;
}
-void HELPER(set_cp)(CPUARMState *env, uint32_t insn, uint32_t val)
-{
-int cp_num = (insn 8) 0xf;
-int cp_info = (insn 5) 7;
-int src = (insn 16) 0xf;
-int operand = insn 0xf;
-
-if (env-cp[cp_num].cp_write)
-env-cp[cp_num].cp_write(env-cp[cp_num].opaque,
- cp_info, src, operand, val);
-}
-
-uint32_t HELPER(get_cp)(CPUARMState *env, uint32_t insn)
-{
-int cp_num = (insn 8) 0xf;
-int cp_info = (insn 5) 7;
-int dest = (insn 16) 0xf;
-int operand = insn 0xf;
-
-if (env-cp[cp_num].cp_read)
-return env-cp[cp_num].cp_read(env-cp[cp_num].opaque,
- cp_info, dest, operand);
-return 0;
-}
-
/* Return basic MPU access permission bits. */
static uint32_t simple_mpu_ap_bits(uint32_t val)
{
@@ -2112,20 +2072,6 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg,
uint32_t val)
}
}
-void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
-ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
-void *opaque)
-{
-if (cpnum 0 || cpnum 14) {
-cpu_abort(env, Bad coprocessor number: %i\n, cpnum);
-return;
-}
-
-env-cp[cpnum].cp_read = cp_read;
-env-cp[cpnum].cp_write = cp_write;
-env-cp[cpnum].opaque = opaque;
-}
-
#endif
/* Note that signed overflow is undefined in C. The following routines are
diff --git a/target-arm/helper.h b/target-arm/helper.h
index b6cefed..bb6b85d 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -62,9 +62,6 @@ DEF_HELPER_2(v7m_mrs, i32, env, i32)
DEF_HELPER_3(set_cp15, void, env, i32, i32)
DEF_HELPER_2(get_cp15, i32, env, i32)
-DEF_HELPER_3(set_cp, void, env, i32, i32)
-DEF_HELPER_2(get_cp, i32, env, i32)
-
DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
DEF_HELPER_2(get_cp_reg, i32, env, ptr)
DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index ebb547e..a0cfbaa 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2439,39 +2439,6 @@ static int disas_dsp_insn(CPUARMState *env, DisasContext
*s, uint32_t insn)
return 1;
}
-/* Disassemble system coprocessor instruction. Return nonzero if
- instruction is not defined. */
-static int disas_cp_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
-{
-TCGv tmp, tmp2;
-uint32_t rd = (insn 12) 0xf;
-uint32_t cp = (insn 8) 0xf;
-if (IS_USER(s)) {
-return 1;
-}
-
-if (insn ARM_CP_RW_BIT) {
-if (!env-cp[cp].cp_read)
-return 1;
-gen_set_pc_im(s-pc);
-tmp = tcg_temp_new_i32();
-
[Qemu-devel] [PATCH] linux-user: Fix exit syscall with QOM CPU
For QOM'ified CPUs we cannot g_free() CPUArchState, we must object_delete() the object it is embedded into. Should fix LP#982321 (invalid free() while executing pacman w/qemu-arm). Reported-by: Serge Schneider se...@xecdesign.com Signed-off-by: Andreas Färber afaer...@suse.de Cc: Peter Maydell peter.mayd...@linaro.org --- linux-user/syscall.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 8a92162..7128618 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5045,7 +5045,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, NULL, NULL, 0); } thread_env = NULL; +#ifdef ENV_GET_CPU + object_delete(OBJECT(ENV_GET_CPU(cpu_env))); +#else g_free(cpu_env); +#endif g_free(ts); pthread_exit(NULL); } -- 1.7.7
[Qemu-devel] [PATCH 14/32] target-arm: Convert MMU fault status cp15 registers
Convert the MMU fault status and MPU access permission cp15
registers to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 188 +--
1 files changed, 107 insertions(+), 81 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index a682fab..7343c2a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -343,6 +343,99 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
REGINFO_SENTINEL
};
+/* Return basic MPU access permission bits. */
+static uint32_t simple_mpu_ap_bits(uint32_t val)
+{
+uint32_t ret;
+uint32_t mask;
+int i;
+ret = 0;
+mask = 3;
+for (i = 0; i 16; i += 2) {
+ret |= (val i) mask;
+mask = 2;
+}
+return ret;
+}
+
+/* Pad basic MPU access permission bits to extended format. */
+static uint32_t extended_mpu_ap_bits(uint32_t val)
+{
+uint32_t ret;
+uint32_t mask;
+int i;
+ret = 0;
+mask = 3;
+for (i = 0; i 16; i += 2) {
+ret |= (val mask) i;
+mask = 2;
+}
+return ret;
+}
+
+static int pmsav5_data_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+env-cp15.c5_data = extended_mpu_ap_bits(value);
+return 0;
+}
+
+static int pmsav5_data_ap_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+*value = simple_mpu_ap_bits(env-cp15.c5_data);
+return 0;
+}
+
+static int pmsav5_insn_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+env-cp15.c5_insn = extended_mpu_ap_bits(value);
+return 0;
+}
+
+static int pmsav5_insn_ap_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+*value = simple_mpu_ap_bits(env-cp15.c5_insn);
+return 0;
+}
+
+static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
+{ .name = DATA_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0,
+ .readfn = pmsav5_data_ap_read, .writefn = pmsav5_data_ap_write, },
+{ .name = INSN_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0,
+ .readfn = pmsav5_insn_ap_read, .writefn = pmsav5_insn_ap_write, },
+{ .name = DATA_EXT_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 =
2,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
+{ .name = INSN_EXT_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 =
3,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo vmsa_cp_reginfo[] = {
+{ .name = DFSR, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
+{ .name = IFSR, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo omap_cp_reginfo[] = {
+{ .name = DFSR, .cp = 15, .crn = 5, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c5_data), .resetvalue = 0, },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -376,12 +469,26 @@ void register_cp_regs_for_features(ARMCPU *cpu)
} else {
define_arm_cp_regs(env, not_v7_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_MPU)) {
+/* These are the MPU registers prior to PMSAv6. Any new
+ * PMSA core later than the ARM946 will require that we
+ * implement the PMSAv6 or PMSAv7 registers, which are
+ * completely different.
+ */
+assert(!arm_feature(env, ARM_FEATURE_V6));
+define_arm_cp_regs(env, pmsav5_cp_reginfo);
+} else {
+define_arm_cp_regs(env, vmsa_cp_reginfo);
+}
if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
define_arm_cp_regs(env, t2ee_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
define_arm_cp_regs(env, generic_timer_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
+define_arm_cp_regs(env, omap_cp_reginfo);
+}
}
CPUARMState *cpu_arm_init(const char *cpu_model)
@@ -1432,36 +1539,6 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUARMState
*env, target_ulong addr)
return phys_addr;
}
-/* Return basic MPU access permission bits. */
-static uint32_t simple_mpu_ap_bits(uint32_t val)
-{
-uint32_t ret;
-uint32_t mask;
-int i;
-
[Qemu-devel] [PATCH 05/20] w64: Use larger alignment for section with generated code
The MinGW-w64 compiler allows __attribute__((aligned (32)). Signed-off-by: Stefan Weil s...@weilnetz.de --- exec.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/exec.c b/exec.c index 3dda2ca..6d10595 100644 --- a/exec.c +++ b/exec.c @@ -93,8 +93,7 @@ spinlock_t tb_lock = SPIN_LOCK_UNLOCKED; #define code_gen_section\ __attribute__((__section__(.gen_code))) \ __attribute__((aligned (32))) -#elif defined(_WIN32) -/* Maximum alignment for Win32 is 16. */ +#elif defined(_WIN32) !defined(_WIN64) #define code_gen_section\ __attribute__((aligned (16))) #else -- 1.7.0.4
[Qemu-devel] [PATCH 29/32] target-arm: Remove c0_cachetype CPUARMState field
Remove the no-longer-used CPUARMState c0_cachetype field.
Although this was a constant register we had it in our
migration state. Drop this (with resulting version bump)
because for ARM currently we prefer cleaner migration
code and have not stabilised migration format yet.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.h |3 +--
target-arm/machine.c |2 --
2 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index e7cd584..ded0118 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -107,7 +107,6 @@ typedef struct CPUARMState {
/* System control coprocessor (cp15) */
struct {
uint32_t c0_cpuid;
-uint32_t c0_cachetype;
uint32_t c0_cssel; /* Cache size selection. */
uint32_t c1_sys; /* System control register. */
uint32_t c1_coproc; /* Coprocessor access register. */
@@ -663,7 +662,7 @@ static inline int cp_access_ok(CPUARMState *env,
#define cpu_signal_handler cpu_arm_signal_handler
#define cpu_list arm_cpu_list
-#define CPU_SAVE_VERSION 6
+#define CPU_SAVE_VERSION 7
/* MMU modes definitions */
#define MMU_MODE0_SUFFIX _kernel
diff --git a/target-arm/machine.c b/target-arm/machine.c
index f66b8df..a2a75fb 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -21,7 +21,6 @@ void cpu_save(QEMUFile *f, void *opaque)
qemu_put_be32(f, env-fiq_regs[i]);
}
qemu_put_be32(f, env-cp15.c0_cpuid);
-qemu_put_be32(f, env-cp15.c0_cachetype);
qemu_put_be32(f, env-cp15.c0_cssel);
qemu_put_be32(f, env-cp15.c1_sys);
qemu_put_be32(f, env-cp15.c1_coproc);
@@ -139,7 +138,6 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
env-fiq_regs[i] = qemu_get_be32(f);
}
env-cp15.c0_cpuid = qemu_get_be32(f);
-env-cp15.c0_cachetype = qemu_get_be32(f);
env-cp15.c0_cssel = qemu_get_be32(f);
env-cp15.c1_sys = qemu_get_be32(f);
env-cp15.c1_coproc = qemu_get_be32(f);
--
1.7.1
[Qemu-devel] [PATCH 14/20] target-mips: Fix type cast for w64 (uintptr_t)
This changes nothing for other hosts.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
target-mips/op_helper.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index bca1d70..5627447 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -2275,7 +2275,7 @@ void helper_pmon (int function)
break;
case 158:
{
-unsigned char *fmt = (void *)(unsigned long)env-active_tc.gpr[4];
+unsigned char *fmt = (void *)(uintptr_t)env-active_tc.gpr[4];
printf(%s, fmt);
}
break;
--
1.7.0.4
[Qemu-devel] [PATCH 03/32] hw/pxa2xx.c: Convert CLKCFG and PWRMODE cp14 regs
Convert the PXA2xx CLKCFG and PWRMODE cp14 registers to the
new arm_cp_reginfo scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
hw/pxa2xx.c | 171 --
1 files changed, 71 insertions(+), 100 deletions(-)
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
index 38d5b0e..c321bf3 100644
--- a/hw/pxa2xx.c
+++ b/hw/pxa2xx.c
@@ -224,131 +224,96 @@ static const VMStateDescription vmstate_pxa2xx_cm = {
}
};
-static uint32_t pxa2xx_clkpwr_read(void *opaque, int op2, int reg, int crm)
+static int pxa2xx_clkcfg_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
{
-PXA2xxState *s = (PXA2xxState *) opaque;
-
-switch (reg) {
-case 6:/* Clock Configuration register */
-return s-clkcfg;
-
-case 7:/* Power Mode register */
-return 0;
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
+*value = s-clkcfg;
+return 0;
+}
-default:
-printf(%s: Bad register 0x%x\n, __FUNCTION__, reg);
-break;
+static int pxa2xx_clkcfg_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
+s-clkcfg = value 0xf;
+if (value 2) {
+printf(%s: CPU frequency change attempt\n, __func__);
}
return 0;
}
-static void pxa2xx_clkpwr_write(void *opaque, int op2, int reg, int crm,
-uint32_t value)
+static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
{
-PXA2xxState *s = (PXA2xxState *) opaque;
+PXA2xxState *s = (PXA2xxState *)ri-opaque;
static const char *pwrmode[8] = {
Normal, Idle, Deep-idle, Standby,
Sleep, reserved (!), reserved (!), Deep-sleep,
};
-switch (reg) {
-case 6:/* Clock Configuration register */
-s-clkcfg = value 0xf;
-if (value 2)
-printf(%s: CPU frequency change attempt\n, __FUNCTION__);
+if (value 8) {
+printf(%s: CPU voltage change attempt\n, __func__);
+}
+switch (value 7) {
+case 0:
+/* Do nothing */
break;
-case 7:/* Power Mode register */
-if (value 8)
-printf(%s: CPU voltage change attempt\n, __FUNCTION__);
-switch (value 7) {
-case 0:
-/* Do nothing */
-break;
-
-case 1:
-/* Idle */
-if (!(s-cm_regs[CCCR 2] (1 31))) {/* CPDIS */
-cpu_interrupt(s-env, CPU_INTERRUPT_HALT);
-break;
-}
-/* Fall through. */
-
-case 2:
-/* Deep-Idle */
+case 1:
+/* Idle */
+if (!(s-cm_regs[CCCR 2] (1 31))) { /* CPDIS */
cpu_interrupt(s-env, CPU_INTERRUPT_HALT);
-s-pm_regs[RCSR 2] |= 0x8; /* Set GPR */
-goto message;
-
-case 3:
-s-env-uncached_cpsr =
-ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
-s-env-cp15.c1_sys = 0;
-s-env-cp15.c1_coproc = 0;
-s-env-cp15.c2_base0 = 0;
-s-env-cp15.c3 = 0;
-s-pm_regs[PSSR 2] |= 0x8; /* Set STS */
-s-pm_regs[RCSR 2] |= 0x8; /* Set GPR */
-
-/*
- * The scratch-pad register is almost universally used
- * for storing the return address on suspend. For the
- * lack of a resuming bootloader, perform a jump
- * directly to that address.
- */
-memset(s-env-regs, 0, 4 * 15);
-s-env-regs[15] = s-pm_regs[PSPR 2];
+break;
+}
+/* Fall through. */
+
+case 2:
+/* Deep-Idle */
+cpu_interrupt(s-env, CPU_INTERRUPT_HALT);
+s-pm_regs[RCSR 2] |= 0x8; /* Set GPR */
+goto message;
+
+case 3:
+s-env-uncached_cpsr =
+ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
+s-env-cp15.c1_sys = 0;
+s-env-cp15.c1_coproc = 0;
+s-env-cp15.c2_base0 = 0;
+s-env-cp15.c3 = 0;
+s-pm_regs[PSSR 2] |= 0x8; /* Set STS */
+s-pm_regs[RCSR 2] |= 0x8; /* Set GPR */
+
+/*
+ * The scratch-pad register is almost universally used
+ * for storing the return address on suspend. For the
+ * lack of a resuming bootloader, perform a jump
+ * directly to that address.
+ */
+memset(s-env-regs, 0, 4 * 15);
+s-env-regs[15] = s-pm_regs[PSPR 2];
#if 0
-buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
-cpu_physical_memory_write(0, buffer, 4);
-buffer = s-pm_regs[PSPR 2];
-cpu_physical_memory_write(8, buffer, 4);
+buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
+cpu_physical_memory_write(0, buffer, 4);
+buffer = s-pm_regs[PSPR 2];
+
[Qemu-devel] [PATCH 28/32] target-arm: Convert final ID registers
Convert the final ID registers to the new cp15 scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c|2 -
target-arm/helper.c | 111 +--
2 files changed, 63 insertions(+), 50 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 52ee2a9..dc124f6 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -72,11 +72,9 @@ static void arm_cpu_reset(CPUState *s)
memset(env, 0, offsetof(CPUARMState, breakpoints));
g_hash_table_foreach(env-cp_regs, cp_reg_reset, env);
-env-cp15.c0_cpuid = cpu-midr;
env-vfp.xregs[ARM_VFP_FPSID] = cpu-reset_fpsid;
env-vfp.xregs[ARM_VFP_MVFR0] = cpu-mvfr0;
env-vfp.xregs[ARM_VFP_MVFR1] = cpu-mvfr1;
-env-cp15.c0_cachetype = cpu-ctr;
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env-iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 2b65024..ef99d1c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1007,6 +1007,69 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_MPIDR)) {
define_arm_cp_regs(env, mpidr_cp_reginfo);
}
+/* Slightly awkwardly, the OMAP and StrongARM cores need all of
+ * cp15 crn=0 to be writes-ignored.
+ */
+{
+ARMCPRegInfo id_cp_reginfo[] = {
+/* Note that the MIDR isn't a simple constant register because
+ * of the TI925 behaviour where writes to another register can
+ * cause the MIDR value to change.
+ */
+{ .name = MIDR,
+ .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_R, .resetvalue = cpu-midr,
+ .writefn = arm_cp_write_ignore,
+ .fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid) },
+{ .name = CTR,
+ .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu-ctr },
+{ .name = TCMTR,
+ .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = TLBTR,
+ .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 3,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+/* crn = 0 op1 = 0 crm = 3..7 : currently unassigned; we RAZ. */
+{ .name = DUMMY,
+ .cp = 15, .crn = 0, .crm = 3, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = DUMMY,
+ .cp = 15, .crn = 0, .crm = 4, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = DUMMY,
+ .cp = 15, .crn = 0, .crm = 5, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = DUMMY,
+ .cp = 15, .crn = 0, .crm = 6, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = DUMMY,
+ .cp = 15, .crn = 0, .crm = 7, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+ARMCPRegInfo crn0_wi_reginfo = {
+.name = CRN0_WI, .cp = 15, .crn = 0, .crm = CP_ANY,
+.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W, .type = ARM_CP_NOP
+};
+if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
+arm_feature(env, ARM_FEATURE_STRONGARM)) {
+ARMCPRegInfo *r;
+/* Register the blanket writes ignored value first, then fix
+ * up the specific ID registers to allow write access and register
+ * those; they will override the writes ignored wildcard.
+ */
+define_one_arm_cp_reg(env, crn0_wi_reginfo);
+for (r = id_cp_reginfo; r-type != ARM_CP_SENTINEL; r++) {
+r-access = PL1_RW;
+define_one_arm_cp_reg(env, r);
+}
+} else {
+/* Just register the standard ID registers */
+define_arm_cp_regs(env, id_cp_reginfo);
+}
+}
+
if (arm_feature(env, ARM_FEATURE_AUXCR)) {
ARMCPRegInfo auxcr = {
.name = AUXCR, .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 =
1,
@@ -2091,21 +2154,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
op1 = (insn 21) 7;
op2 = (insn 5) 7;
crm = insn 0xf;
-switch ((insn 16) 0xf) {
-case 0:
-/* ID codes. */
-if (arm_feature(env, ARM_FEATURE_XSCALE))
-break;
-if (arm_feature(env, ARM_FEATURE_OMAPCP))
-break;
-goto bad_reg;
-case 4: /* Reserved. */
-goto bad_reg;
-case 12: /* Reserved. */
-
Re: [Qemu-devel] [PATCH 01/20] tcg/i386: Use GDB JIT debugging interface only for hosts with ELF
On 04/15/2012 10:13 AM, Stefan Weil wrote: Not all i386 / x86_64 hosts use ELF. Ask the compiler whether ELF is used. On w64, gdb crashes when ELF_HOST_MACHINE is defined. Cc: Richard Henderson r...@twiddle.net Cc: Blue Swirl blauwir...@gmail.com Signed-off-by: Stefan Weil s...@weilnetz.de Acked-by: Richard Henderson r...@twiddle.net r~
[Qemu-devel] [PATCH 15/32] target-arm: Convert cp15 crn=2 registers
Convert the cp15 crn=2 registers (MMU page table control,
MPU cache control) to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c|1 -
target-arm/helper.c | 88 +++
2 files changed, 33 insertions(+), 56 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 43f252f..083da3e 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -131,7 +131,6 @@ static void arm_cpu_reset(CPUState *s)
}
}
env-vfp.xregs[ARM_VFP_FPEXC] = 0;
-env-cp15.c2_base_mask = 0xc000u;
#endif
set_flush_to_zero(1, env-vfp.standard_fp_status);
set_flush_inputs_to_zero(1, env-vfp.standard_fp_status);
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 7343c2a..19e27c3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -416,9 +416,32 @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
{ .name = INSN_EXT_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 =
3,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
+{ .name = DCACHE_CFG, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c2_data), .resetvalue = 0, },
+{ .name = ICACHE_CFG, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c2_insn), .resetvalue = 0, },
REGINFO_SENTINEL
};
+static int vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+value = 7;
+env-cp15.c2_control = value;
+env-cp15.c2_mask = ~(((uint32_t)0xu) value);
+env-cp15.c2_base_mask = ~((uint32_t)0x3fffu value);
+return 0;
+}
+
+static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+env-cp15.c2_base_mask = 0xc000u;
+env-cp15.c2_control = 0;
+env-cp15.c2_mask = 0;
+}
+
static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = DFSR, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
@@ -426,6 +449,16 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = IFSR, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
+{ .name = TTBR0, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c2_base0), .resetvalue = 0, },
+{ .name = TTBR1, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c2_base0), .resetvalue = 0, },
+{ .name = TTBCR, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
+ .access = PL1_RW, .writefn = vmsa_ttbcr_write,
+ .resetfn = vmsa_ttbcr_reset,
+ .fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
REGINFO_SENTINEL
};
@@ -1597,37 +1630,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
goto bad_reg;
}
break;
-case 2: /* MMU Page table control / MPU cache control. */
-if (arm_feature(env, ARM_FEATURE_MPU)) {
-switch (op2) {
-case 0:
-env-cp15.c2_data = val;
-break;
-case 1:
-env-cp15.c2_insn = val;
-break;
-default:
-goto bad_reg;
-}
-} else {
- switch (op2) {
- case 0:
- env-cp15.c2_base0 = val;
- break;
- case 1:
- env-cp15.c2_base1 = val;
- break;
- case 2:
-val = 7;
-env-cp15.c2_control = val;
- env-cp15.c2_mask = ~(((uint32_t)0xu) val);
-env-cp15.c2_base_mask = ~((uint32_t)0x3fffu val);
- break;
- default:
- goto bad_reg;
- }
-}
-break;
case 4: /* Reserved. */
goto bad_reg;
case 6: /* MMU Fault address / MPU base/size. */
@@ -1963,30 +1965,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
default:
goto bad_reg;
}
-case 2: /* MMU Page table control / MPU cache control. */
-if (arm_feature(env, ARM_FEATURE_MPU)) {
-switch (op2) {
-case 0:
-return env-cp15.c2_data;
-break;
-case 1:
-return env-cp15.c2_insn;
-break;
-default:
-goto bad_reg;
-}
-} else {
- switch (op2) {
- case 0:
- return env-cp15.c2_base0;
- case 1:
- return env-cp15.c2_base1;
- case 2:
-return env-cp15.c2_control;
- default:
- goto
[Qemu-devel] [PATCH 02/20] tcg/i386: Add support for w64 ABI
w64 uses the registers rcx, rdx, r8 and r9 for function arguments,
so it needs a different declaration of tcg_target_call_iarg_regs.
rax, rcx, rdx, r8, r9, r10 and r11 may be changed by function calls.
rbx, rbp, rdi, rsi, r12, r13, r14 and r15 remain unchanged by function calls.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
tcg/i386/tcg-target.c | 39 ---
1 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 79545e3..da17bba 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -63,10 +63,15 @@ static const int tcg_target_reg_alloc_order[] = {
static const int tcg_target_call_iarg_regs[] = {
#if TCG_TARGET_REG_BITS == 64
+#if defined(_WIN64)
+TCG_REG_RCX,
+TCG_REG_RDX,
+#else
TCG_REG_RDI,
TCG_REG_RSI,
TCG_REG_RDX,
TCG_REG_RCX,
+#endif
TCG_REG_R8,
TCG_REG_R9,
#else
@@ -176,10 +181,10 @@ static int target_parse_constraint(TCGArgConstraint *ct,
const char **pct_str)
ct-ct |= TCG_CT_REG;
if (TCG_TARGET_REG_BITS == 64) {
tcg_regset_set32(ct-u.regs, 0, 0x);
-tcg_regset_reset_reg(ct-u.regs, TCG_REG_RSI);
-tcg_regset_reset_reg(ct-u.regs, TCG_REG_RDI);
+tcg_regset_reset_reg(ct-u.regs, tcg_target_call_iarg_regs[0]);
+tcg_regset_reset_reg(ct-u.regs, tcg_target_call_iarg_regs[1]);
#ifdef CONFIG_TCG_PASS_AREG0
-tcg_regset_reset_reg(ct-u.regs, TCG_REG_RDX);
+tcg_regset_reset_reg(ct-u.regs, tcg_target_call_iarg_regs[2]);
#endif
} else {
tcg_regset_set32(ct-u.regs, 0, 0xff);
@@ -1300,9 +1305,12 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg
*args,
use the ADDR32 prefix. For now, do nothing. */
if (offset != GUEST_BASE) {
-tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_RDI, GUEST_BASE);
-tgen_arithr(s, ARITH_ADD + P_REXW, TCG_REG_RDI, base);
-base = TCG_REG_RDI, offset = 0;
+tcg_out_movi(s, TCG_TYPE_I64,
+ tcg_target_call_iarg_regs[0], GUEST_BASE);
+tgen_arithr(s, ARITH_ADD + P_REXW,
+tcg_target_call_iarg_regs[0], base);
+base = tcg_target_call_iarg_regs[0];
+offset = 0;
}
}
@@ -1434,8 +1442,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg
*args,
#endif
#else
tcg_out_mov(s, (opc == 3 ? TCG_TYPE_I64 : TCG_TYPE_I32),
-TCG_REG_RSI, data_reg);
-tcg_out_movi(s, TCG_TYPE_I32, TCG_REG_RDX, mem_index);
+tcg_target_call_iarg_regs[1], data_reg);
+tcg_out_movi(s, TCG_TYPE_I32, tcg_target_call_iarg_regs[2], mem_index);
stack_adjust = 0;
#ifdef CONFIG_TCG_PASS_AREG0
/* XXX/FIXME: suboptimal */
@@ -1474,9 +1482,12 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg
*args,
use the ADDR32 prefix. For now, do nothing. */
if (offset != GUEST_BASE) {
-tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_RDI, GUEST_BASE);
-tgen_arithr(s, ARITH_ADD + P_REXW, TCG_REG_RDI, base);
-base = TCG_REG_RDI, offset = 0;
+tcg_out_movi(s, TCG_TYPE_I64,
+ tcg_target_call_iarg_regs[0], GUEST_BASE);
+tgen_arithr(s, ARITH_ADD + P_REXW,
+tcg_target_call_iarg_regs[0], base);
+base = tcg_target_call_iarg_regs[0];
+offset = 0;
}
}
@@ -1977,6 +1988,10 @@ static int tcg_target_callee_save_regs[] = {
#if TCG_TARGET_REG_BITS == 64
TCG_REG_RBP,
TCG_REG_RBX,
+#if defined(_WIN64)
+TCG_REG_RDI,
+TCG_REG_RSI,
+#endif
TCG_REG_R12,
TCG_REG_R13,
TCG_REG_R14, /* Currently used for the global env. */
@@ -2064,8 +2079,10 @@ static void tcg_target_init(TCGContext *s)
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EDX);
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_ECX);
if (TCG_TARGET_REG_BITS == 64) {
+#if !defined(_WIN64)
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_RDI);
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_RSI);
+#endif
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R8);
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R9);
tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R10);
--
1.7.0.4
[Qemu-devel] [PATCH 11/32] target-arm: Convert performance monitor registers
Convert the v7 performance monitor cp15 registers to
the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c |4 -
target-arm/helper.c| 277 +++-
target-arm/translate.c | 26 +-
3 files changed, 158 insertions(+), 149 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index eca686c..43f252f 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -132,10 +132,6 @@ static void arm_cpu_reset(CPUState *s)
}
env-vfp.xregs[ARM_VFP_FPEXC] = 0;
env-cp15.c2_base_mask = 0xc000u;
-/* v7 performance monitor control register: same implementor
- * field as main ID register, and we implement no event counters.
- */
-env-cp15.c9_pmcr = (cpu-midr 0xff00);
#endif
set_flush_to_zero(1, env-vfp.standard_fp_status);
set_flush_inputs_to_zero(1, env-vfp.standard_fp_status);
diff --git a/target-arm/helper.c b/target-arm/helper.c
index eec111c..c61e0de 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -103,6 +103,97 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int pmreg_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+/* Generic performance monitor register read function for where
+ * user access may be allowed by PMUSERENR.
+ */
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+*value = CPREG_FIELD32(env, ri);
+return 0;
+}
+
+static int pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+/* only the DP, X, D and E bits are writable */
+env-cp15.c9_pmcr = ~0x39;
+env-cp15.c9_pmcr |= (value 0x39);
+return 0;
+}
+
+static int pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+value = (1 31);
+env-cp15.c9_pmcnten |= value;
+return 0;
+}
+
+static int pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+value = (1 31);
+env-cp15.c9_pmcnten = ~value;
+return 0;
+}
+
+static int pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+env-cp15.c9_pmovsr = ~value;
+return 0;
+}
+
+static int pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (arm_current_pl(env) == 0 !env-cp15.c9_pmuserenr) {
+return EXCP_UDEF;
+}
+env-cp15.c9_pmxevtyper = value 0xff;
+return 0;
+}
+
+static int pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+env-cp15.c9_pmuserenr = value 1;
+return 0;
+}
+
+static int pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+/* We have no event counters so only the C bit can be changed */
+value = (1 31);
+env-cp15.c9_pminten |= value;
+return 0;
+}
+
+static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+value = (1 31);
+env-cp15.c9_pminten = ~value;
+return 0;
+}
+
static const ARMCPRegInfo v7_cp_reginfo[] = {
/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components
@@ -114,6 +205,62 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
/* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
{ .name = NOP, .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
.access = PL1_W, .type = ARM_CP_NOP },
+/* Performance monitors are implementation defined in v7,
+ * but with an ARM recommended set of registers, which we
+ * follow (although we don't actually implement any counters)
+ *
+ * Performance registers fall into three categories:
+ * (a) always UNDEF in PL0, RW in PL1 (PMINTENSET, PMINTENCLR)
+ * (b) RO in PL0 (ie UNDEF on write), RW in PL1 (PMUSERENR)
+ * (c) UNDEF in PL0 if PMUSERENR.EN==0, otherwise accessible (all others)
+ * For the cases controlled by PMUSERENR we must set .access to PL0_RW
+ * or PL0_RO as appropriate and then check PMUSERENR in the helper fn.
+ */
+{ .name = PMCNTENSET, .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 =
1,
+ .access = PL0_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
+ .readfn = pmreg_read, .writefn = pmcntenset_write },
+{ .name = PMCNTENCLR, .cp = 15, .crn = 9, .crm = 12, .opc1 =
[Qemu-devel] [PATCH 17/32] target-arm: Convert cp15 crn=10 registers
We RAZ/WI the entire block of crn=10 registers. Note that this
actually covers not just the implementation-defined TLB
lockdown registers but also a number of v7 VMSA memory
attribute registers which we would need to implement to
support TEX remap. We retain the previous QEMU behaviour
in this conversion, though.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 11 +--
1 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 29578be..463ae4f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -111,6 +111,11 @@ static const ARMCPRegInfo cp_reginfo[] = {
{ .name = CONTEXTIDR, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 =
1,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
.resetvalue = 0, .writefn = contextidr_write },
+/* ??? This covers not just the impdef TLB lockdown registers but also
+ * some v7VMSA registers relating to TEX remap, so it is overly broad.
+ */
+{ .name = TLB_LOCKDOWN, .cp = 15, .crn = 10, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_NOP },
REGINFO_SENTINEL
};
@@ -1783,9 +1788,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
goto bad_reg;
}
break;
-case 10: /* MMU TLB lockdown. */
-/* ??? TLB lockdown not implemented. */
-break;
case 12: /* Reserved. */
goto bad_reg;
case 15: /* Implementation specific. */
@@ -2063,9 +2065,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
goto bad_reg;
}
break;
-case 10: /* MMU TLB lockdown. */
-/* ??? TLB lockdown not implemented. */
-return 0;
case 11: /* TCM DMA control. */
case 12: /* Reserved. */
goto bad_reg;
--
1.7.1
[Qemu-devel] [PATCH v2 2/3] target-xtensa: add license to core-dc232b.c
Signed-off-by: Max Filippov jcmvb...@gmail.com --- target-xtensa/core-dc232b.c | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) diff --git a/target-xtensa/core-dc232b.c b/target-xtensa/core-dc232b.c index 7c03835..804fdef 100644 --- a/target-xtensa/core-dc232b.c +++ b/target-xtensa/core-dc232b.c @@ -1,3 +1,30 @@ +/* + * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the Open Source and Linux Lab nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + #include cpu.h #include exec-all.h #include gdbstub.h -- 1.7.7.6
[Qemu-devel] [PATCH v2 3/3] target-xtensa: add license to core-fsf.c
Signed-off-by: Max Filippov jcmvb...@gmail.com --- target-xtensa/core-fsf.c | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) diff --git a/target-xtensa/core-fsf.c b/target-xtensa/core-fsf.c index c11d970..e36b0de 100644 --- a/target-xtensa/core-fsf.c +++ b/target-xtensa/core-fsf.c @@ -1,3 +1,30 @@ +/* + * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the Open Source and Linux Lab nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + #include cpu.h #include exec-all.h #include gdbstub.h -- 1.7.7.6
[Qemu-devel] [PATCH v2 1/3] target-xtensa: add dc233c core
This is Diamond 233L Standard Core Rev.C (LE), implemented through
linux/gdb overlay.
Signed-off-by: Max Filippov jcmvb...@gmail.com
---
Makefile.target|1 +
target-xtensa/core-dc233c.c| 55
target-xtensa/core-dc233c/core-isa.h | 475
target-xtensa/core-dc233c/gdb-config.c | 145 ++
4 files changed, 676 insertions(+), 0 deletions(-)
create mode 100644 target-xtensa/core-dc233c.c
create mode 100644 target-xtensa/core-dc233c/core-isa.h
create mode 100644 target-xtensa/core-dc233c/gdb-config.c
diff --git a/Makefile.target b/Makefile.target
index 65fb8f0..3ab791a 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -416,6 +416,7 @@ obj-xtensa-y += xtensa_sim.o
obj-xtensa-y += xtensa_lx60.o
obj-xtensa-y += xtensa-semi.o
obj-xtensa-y += core-dc232b.o
+obj-xtensa-y += core-dc233c.o
obj-xtensa-y += core-fsf.o
main.o: QEMU_CFLAGS+=$(GPROF_CFLAGS)
diff --git a/target-xtensa/core-dc233c.c b/target-xtensa/core-dc233c.c
new file mode 100644
index 000..d643f41
--- /dev/null
+++ b/target-xtensa/core-dc233c.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2012, Max Filippov, Open Source and Linux Lab.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the Open Source and Linux Lab nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include cpu.h
+#include exec-all.h
+#include gdbstub.h
+#include qemu-common.h
+#include host-utils.h
+
+#include core-dc233c/core-isa.h
+#include overlay_tool.h
+
+static const XtensaConfig dc233c = {
+.name = dc233c,
+.options = XTENSA_OPTIONS,
+.gdb_regmap = {
+.num_regs = 121,
+.num_core_regs = 52,
+.reg = {
+#include core-dc233c/gdb-config.c
+}
+},
+.nareg = XCHAL_NUM_AREGS,
+.ndepc = 1,
+EXCEPTIONS_SECTION,
+INTERRUPTS_SECTION,
+TLB_SECTION,
+.clock_freq_khz = 1,
+};
+
+REGISTER_CORE(dc233c)
diff --git a/target-xtensa/core-dc233c/core-isa.h
b/target-xtensa/core-dc233c/core-isa.h
new file mode 100644
index 000..8476dc3
--- /dev/null
+++ b/target-xtensa/core-dc233c/core-isa.h
@@ -0,0 +1,475 @@
+/*
+ * xtensa/config/core-isa.h -- HAL definitions that are dependent on Xtensa
+ * processor CORE configuration
+ *
+ * See xtensa/config/core.h, which includes this file, for more details.
+ */
+
+/* Xtensa processor core configuration information.
+
+ Copyright (c) 1999-2010 Tensilica Inc.
+
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ Software), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
+
+#ifndef
[Qemu-devel] [PATCH 06/32] target-arm: Add register_cp_regs_for_features()
Add new function register_cp_regs_for_features() as a place to
register coprocessor registers dependent on feature flags.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu-qom.h |1 +
target-arm/cpu.c |2 ++
target-arm/helper.c | 11 +++
3 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index 4abfa90..f8f1e7a 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -105,5 +105,6 @@ static inline ARMCPU *arm_env_get_cpu(CPUARMState *env)
#define ENV_GET_CPU(e) CPU(arm_env_get_cpu(e))
void arm_cpu_realize(ARMCPU *cpu);
+void register_cp_regs_for_features(ARMCPU *cpu);
#endif
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index ae55cd0..eca686c 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -210,6 +210,8 @@ void arm_cpu_realize(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_VFP3)) {
set_feature(env, ARM_FEATURE_VFP);
}
+
+register_cp_regs_for_features(cpu);
}
/* CPU models */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 60473fc..325fbab 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -61,6 +61,17 @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf,
int reg)
return 0;
}
+void register_cp_regs_for_features(ARMCPU *cpu)
+{
+/* Register all the coprocessor registers based on feature bits */
+CPUARMState *env = cpu-env;
+if (arm_feature(env, ARM_FEATURE_M)) {
+/* M profile has no coprocessor registers */
+return;
+}
+
+}
+
CPUARMState *cpu_arm_init(const char *cpu_model)
{
ARMCPU *cpu;
--
1.7.1
Re: [Qemu-devel] [PATCH v2 1/3] target-xtensa: add dc233c core
Am 15.04.2012 17:12, schrieb Max Filippov: This is Diamond 233L Standard Core Rev.C (LE), implemented through linux/gdb overlay. Signed-off-by: Max Filippov jcmvb...@gmail.com --- Makefile.target|1 + target-xtensa/core-dc233c.c| 55 target-xtensa/core-dc233c/core-isa.h | 475 target-xtensa/core-dc233c/gdb-config.c | 145 ++ 4 files changed, 676 insertions(+), 0 deletions(-) create mode 100644 target-xtensa/core-dc233c.c create mode 100644 target-xtensa/core-dc233c/core-isa.h create mode 100644 target-xtensa/core-dc233c/gdb-config.c Thanks, whole series Reviewed-by: Andreas Färber afaer...@suse.de Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH 24/32] target-arm: Convert cp15 crn=1 registers
Convert the cp15 crn=1 registers to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu-qom.h |1 +
target-arm/cpu.c |7 ++-
target-arm/helper.c | 129 +-
3 files changed, 61 insertions(+), 76 deletions(-)
diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index f8f1e7a..75109fa 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -95,6 +95,7 @@ typedef struct ARMCPU {
*/
uint32_t ccsidr[16];
uint32_t reset_cbar;
+uint32_t reset_auxcr;
} ARMCPU;
static inline ARMCPU *arm_env_get_cpu(CPUARMState *env)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 31c9820..0141296 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -77,7 +77,6 @@ static void arm_cpu_reset(CPUState *s)
env-vfp.xregs[ARM_VFP_MVFR0] = cpu-mvfr0;
env-vfp.xregs[ARM_VFP_MVFR1] = cpu-mvfr1;
env-cp15.c0_cachetype = cpu-ctr;
-env-cp15.c1_sys = cpu-reset_sctlr;
env-cp15.c0_c1[0] = cpu-id_pfr0;
env-cp15.c0_c1[1] = cpu-id_pfr1;
env-cp15.c0_c1[2] = cpu-id_dfr0;
@@ -246,6 +245,7 @@ static void arm1026_initfn(Object *obj)
cpu-reset_fpsid = 0x410110a0;
cpu-ctr = 0x1dd20d2;
cpu-reset_sctlr = 0x00090078;
+cpu-reset_auxcr = 1;
{
/* The 1026 had an IFAR at c6,c0,0,1 rather than the ARMv6 c6,c0,0,2 */
ARMCPRegInfo ifar = {
@@ -291,6 +291,7 @@ static void arm1136_r2_initfn(Object *obj)
cpu-id_isar2 = 0x1123;
cpu-id_isar3 = 0x01102131;
cpu-id_isar4 = 0x141;
+cpu-reset_auxcr = 7;
}
static void arm1136_initfn(Object *obj)
@@ -320,6 +321,7 @@ static void arm1136_initfn(Object *obj)
cpu-id_isar2 = 0x1123;
cpu-id_isar3 = 0x01102131;
cpu-id_isar4 = 0x141;
+cpu-reset_auxcr = 7;
}
static void arm1176_initfn(Object *obj)
@@ -348,6 +350,7 @@ static void arm1176_initfn(Object *obj)
cpu-id_isar2 = 0x11231121;
cpu-id_isar3 = 0x01102131;
cpu-id_isar4 = 0x01141;
+cpu-reset_auxcr = 7;
}
static void arm11mpcore_initfn(Object *obj)
@@ -374,6 +377,7 @@ static void arm11mpcore_initfn(Object *obj)
cpu-id_isar2 = 0x11221011;
cpu-id_isar3 = 0x01102131;
cpu-id_isar4 = 0x141;
+cpu-reset_auxcr = 1;
}
static void cortex_m3_initfn(Object *obj)
@@ -422,6 +426,7 @@ static void cortex_a8_initfn(Object *obj)
cpu-ccsidr[0] = 0xe007e01a; /* 16k L1 dcache. */
cpu-ccsidr[1] = 0x2007e01a; /* 16k L1 icache. */
cpu-ccsidr[2] = 0xf000; /* No L2 icache. */
+cpu-reset_auxcr = 2;
define_arm_cp_regs(cpu-env, cortexa8_cp_reginfo);
}
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b00410d..5048ac6 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -200,6 +200,16 @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t
value)
+{
+if (env-cp15.c1_coproc != value) {
+env-cp15.c1_coproc = value;
+/* ??? Is this safe when called from within a TB? */
+tb_flush(env);
+}
+return 0;
+}
+
static const ARMCPRegInfo v6_cp_reginfo[] = {
/* prefetch by MVA in v6, NOP in v7 */
{ .name = MVA_prefetch,
@@ -219,6 +229,9 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
*/
{ .name = WFAR, .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0, },
+{ .name = CPACR, .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_coproc),
+ .resetvalue = 0, .writefn = cpacr_write },
REGINFO_SENTINEL
};
@@ -380,6 +393,9 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.resetvalue = 0,
.writefn = pmintenclr_write },
+{ .name = SCR, .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
+ .resetvalue = 0, },
REGINFO_SENTINEL
};
@@ -741,6 +757,10 @@ static const ARMCPRegInfo xscale_cp_reginfo[] = {
.cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c15_cpar), .resetvalue = 0,
.writefn = xscale_cpar_write, },
+{ .name = XSCALE_AUXCR,
+ .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 1, .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c1_xscaleauxcr),
+ .resetvalue = 0, },
REGINFO_SENTINEL
};
@@ -789,6 +809,15 @@ static const ARMCPRegInfo strongarm_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t
value)
+{
+env-cp15.c1_sys = value;
+/* ??? Lots of these bits are not implemented. */
+/* This may enable/disable the MMU, so do a TLB flush. */
+tlb_flush(env, 1);
+return 0;
+}
+
void
[Qemu-devel] [PATCH 07/20] w64: Fix definition of setjmp
The default definition of setjmp which is implemented in MinGW-w64 cannot be used with programs like QEMU which call longjmp from code without structured exception handling (SEH). This code therefore disables stack unwinding. We could also implement SEH for QEMU's generated JIT code, but that is much more difficult. Stack unwinding would also cost execution time. Signed-off-by: Stefan Weil s...@weilnetz.de --- qemu-os-win32.h |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index b6533c0..753679b 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -56,6 +56,15 @@ # define EWOULDBLOCK WSAEWOULDBLOCK #endif +#if defined(_WIN64) +/* On w64, setjmp is implemented by _setjmp which needs a second parameter. + * If this parameter is NULL, longjump does no stack unwinding. + * That is what we need for QEMU. Passing the value of register rsp (default) + * lets longjmp try a stack unwinding which will crash with generated code. */ +# undef setjmp +# define setjmp(env) _setjmp(env, NULL) +#endif + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); -- 1.7.0.4
[Qemu-devel] [PATCH 17/20] disas: Replace 'unsigned long' by 'uintptr_t'
This is needed for w64. It changes nothing for other hosts.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
disas.c |8
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/disas.c b/disas.c
index 4f2c4e4..27071c3 100644
--- a/disas.c
+++ b/disas.c
@@ -268,7 +268,7 @@ void target_disas(FILE *out, target_ulong code,
target_ulong size, int flags)
/* Disassemble this for me please... (debugging). */
void disas(FILE *out, void *code, unsigned long size)
{
-unsigned long pc;
+uintptr_t pc;
int count;
struct disassemble_info disasm_info;
int (*print_insn)(bfd_vma pc, disassemble_info *info);
@@ -276,7 +276,7 @@ void disas(FILE *out, void *code, unsigned long size)
INIT_DISASSEMBLE_INFO(disasm_info, out, fprintf);
disasm_info.buffer = code;
-disasm_info.buffer_vma = (unsigned long)code;
+disasm_info.buffer_vma = (uintptr_t)code;
disasm_info.buffer_length = size;
#ifdef HOST_WORDS_BIGENDIAN
@@ -320,8 +320,8 @@ void disas(FILE *out, void *code, unsigned long size)
(long) code);
return;
#endif
-for (pc = (unsigned long)code; size 0; pc += count, size -= count) {
- fprintf(out, 0x%08lx: , pc);
+for (pc = (uintptr_t)code; size 0; pc += count, size -= count) {
+fprintf(out, 0x%08 PRIxPTR : , pc);
count = print_insn(pc, disasm_info);
fprintf(out, \n);
if (count 0)
--
1.7.0.4
[Qemu-devel] [PATCH 18/20] nbd: Fix compiler warning (w64)
Portable printing of dev_offset (data type off_t) needs a type cast. Signed-off-by: Stefan Weil s...@weilnetz.de --- nbd.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/nbd.c b/nbd.c index 567e94e..406e555 100644 --- a/nbd.c +++ b/nbd.c @@ -813,7 +813,7 @@ static void nbd_trip(void *opaque) LOG(From: % PRIu64 , Len: %u, Size: % PRIu64 , Offset: % PRIu64 \n, request.from, request.len, -(uint64_t)exp-size, exp-dev_offset); +(uint64_t)exp-size, (uint64_t)exp-dev_offset); LOG(requested operation past EOF--bad client?); goto invalid_request; } -- 1.7.0.4
[Qemu-devel] [PATCH 09/20] w64: Fix struct CPUTLBEntry
For w64, some entries need 'uintptr_t' instead of 'unsigned long'.
For other host systems, both data types are identical, so nothing changes.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
cpu-defs.h | 10 +-
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/cpu-defs.h b/cpu-defs.h
index 88d8093..f49e950 100644
--- a/cpu-defs.h
+++ b/cpu-defs.h
@@ -98,12 +98,12 @@ typedef struct CPUTLBEntry {
target_ulong addr_code;
/* Addend to virtual address to get host address. IO accesses
use the corresponding iotlb value. */
-unsigned long addend;
+uintptr_t addend;
/* padding to get a power of two size */
-uint8_t dummy[(1 CPU_TLB_ENTRY_BITS) -
- (sizeof(target_ulong) * 3 +
- ((-sizeof(target_ulong) * 3) (sizeof(unsigned long) - 1))
+
- sizeof(unsigned long))];
+uint8_t dummy[(1 CPU_TLB_ENTRY_BITS) -
+ (sizeof(target_ulong) * 3 +
+ ((-sizeof(target_ulong) * 3) (sizeof(uintptr_t) - 1)) +
+ sizeof(uintptr_t))];
} CPUTLBEntry;
extern int CPUTLBEntry_wrong_size[sizeof(CPUTLBEntry) == (1
CPU_TLB_ENTRY_BITS) ? 1 : -1];
--
1.7.0.4
Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 0/4] QOM'ify Power Architecture CPU
Am 14.04.2012 02:14, schrieb Andreas Färber: Hello David, This series merges my PowerPC QOM'ification v2 series with your TCG/KVM limitations patch. The finalizer is dropped for now, and cpu_ppc_close() drop has already been applied. If I don't hear objections I'm going to apply this modified version and will send a PULL for the ppc queue later today. David was okay with these changes on IRC, so applied to ppc-next: http://repo.or.cz/w/qemu/agraf.git/shortlog/refs/heads/ppc-next Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH 22/32] target-arm: Convert cp15 crn=6 registers
Convert the cp15 crn=6 registers to the new scheme.
Note that this includes some minor tidyup: drop an unnecessary
underdecoding of op2 on OMAPCP cores, and only implement the
pre-v6 c6,c0,0,1 IFAR on the 1026 and not on the other ARMv5
cores, which didn't have it.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c| 10 ++
target-arm/helper.c | 88 --
2 files changed, 45 insertions(+), 53 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 01de653..c5bedee 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -245,6 +245,16 @@ static void arm1026_initfn(Object *obj)
cpu-reset_fpsid = 0x410110a0;
cpu-ctr = 0x1dd20d2;
cpu-reset_sctlr = 0x00090078;
+{
+/* The 1026 had an IFAR at c6,c0,0,1 rather than the ARMv6 c6,c0,0,2 */
+ARMCPRegInfo ifar = {
+.name = IFAR, .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
+.access = PL1_RW,
+.fieldoffset = offsetof(CPUARMState, cp15.c6_insn),
+.resetvalue = 0
+};
+define_one_arm_cp_reg(cpu-env, ifar);
+}
}
static void arm1136_r2_initfn(Object *obj)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 46b1205..0058646 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -201,6 +201,14 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
.access = PL0_W, .type = ARM_CP_NOP },
{ .name = ISB, .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
.access = PL0_W, .type = ARM_CP_NOP },
+{ .name = IFAR, .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 2,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c6_insn),
+ .resetvalue = 0, },
+/* Watchpoint Fault Address Register : should actually only be present
+ * for 1136, 1176, 11MPCore.
+ */
+{ .name = WFAR, .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0, },
REGINFO_SENTINEL
};
@@ -545,6 +553,26 @@ static int pmsav5_insn_ap_read(CPUARMState *env, const
ARMCPRegInfo *ri,
return 0;
}
+static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t *value)
+{
+if (ri-crm 8) {
+return EXCP_UDEF;
+}
+*value = env-cp15.c6_region[ri-crm];
+return 0;
+}
+
+static int arm946_prbs_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+if (ri-crm 8) {
+return EXCP_UDEF;
+}
+env-cp15.c6_region[ri-crm] = value;
+return 0;
+}
+
static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
{ .name = DATA_AP, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
@@ -566,6 +594,10 @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
{ .name = ICACHE_CFG, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c2_insn), .resetvalue = 0, },
+/* Protection region base and size registers */
+{ .name = 946_PRBS, .cp = 15, .crn = 6, .crm = CP_ANY, .opc1 = 0,
+ .opc2 = CP_ANY, .access = PL1_RW,
+ .readfn = arm946_prbs_read, .writefn = arm946_prbs_write, },
REGINFO_SENTINEL
};
@@ -603,6 +635,9 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
.access = PL1_RW, .writefn = vmsa_ttbcr_write,
.resetfn = vmsa_ttbcr_reset,
.fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
+{ .name = DFAR, .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c6_data),
+ .resetvalue = 0, },
REGINFO_SENTINEL
};
@@ -1914,27 +1949,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
break;
case 4: /* Reserved. */
goto bad_reg;
-case 6: /* MMU Fault address / MPU base/size. */
-if (arm_feature(env, ARM_FEATURE_MPU)) {
-if (crm = 8)
-goto bad_reg;
-env-cp15.c6_region[crm] = val;
-} else {
-if (arm_feature(env, ARM_FEATURE_OMAPCP))
-op2 = 0;
-switch (op2) {
-case 0:
-env-cp15.c6_data = val;
-break;
-case 1: /* ??? This is WFAR on armv6 */
-case 2:
-env-cp15.c6_insn = val;
-break;
-default:
-goto bad_reg;
-}
-}
-break;
case 9:
if (arm_feature(env, ARM_FEATURE_OMAPCP))
break;
@@ -2108,38 +2122,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
}
case 4: /* Reserved. */
goto bad_reg;
-case 6: /* MMU Fault address. */
-if (arm_feature(env, ARM_FEATURE_MPU)) {
-if (crm = 8)
-goto bad_reg;
-return env-cp15.c6_region[crm];
-} else {
-
Re: [Qemu-devel] [PATCH 15/20] target-ppc: Fix type casts for w64 (uintptr_t)
Am 15.04.2012 16:13, schrieb Stefan Weil:
This changes nothing for other hosts.
Cc: Alexander Graf ag...@suse.de
Signed-off-by: Stefan Weil s...@weilnetz.de
---
target-ppc/translate_init.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
(Had you used scripts/get_maintainer.pl this would've also cc'ed qemu-ppc.)
Nice and harmless cleanup,
Acked-by: Andreas Färber afaer...@suse.de
I've applied this to ppc-next since I'm preparing a PULL for that:
http://repo.or.cz/w/qemu/agraf.git/shortlog/refs/heads/ppc-next
Andreas
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index b1f8785..ff5b61a 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -9504,12 +9504,12 @@ enum {
static inline int is_indirect_opcode (void *handler)
{
-return ((unsigned long)handler 0x03) == PPC_INDIRECT;
+return ((uintptr_t)handler 0x03) == PPC_INDIRECT;
}
static inline opc_handler_t **ind_table(void *handler)
{
-return (opc_handler_t **)((unsigned long)handler ~3);
+return (opc_handler_t **)((uintptr_t)handler ~3);
}
/* Instruction table creation */
@@ -9528,7 +9528,7 @@ static int create_new_table (opc_handler_t **table,
unsigned char idx)
tmp = malloc(0x20 * sizeof(opc_handler_t));
fill_new_table(tmp, 0x20);
-table[idx] = (opc_handler_t *)((unsigned long)tmp | PPC_INDIRECT);
+table[idx] = (opc_handler_t *)((uintptr_t)tmp | PPC_INDIRECT);
return 0;
}
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH 01/32] target-arm: initial coprocessor register framework
Initial infrastructure for data-driven registration of
coprocessor register implementations.
We still fall back to the old-style switch statements pending
complete conversion of all existing registers.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c | 34
target-arm/cpu.h | 214
target-arm/helper.c| 83 +++
target-arm/helper.h|5 +
target-arm/op_helper.c | 42 +-
target-arm/translate.c | 155 ++-
6 files changed, 530 insertions(+), 3 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 8f5e309..ae55cd0 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -24,6 +24,37 @@
#include hw/loader.h
#endif
+static void cp_reg_reset(void *key, void *value, void *udata)
+{
+/* Reset a single ARMCPRegInfo register */
+ARMCPRegInfo *ri = value;
+CPUARMState *env = udata;
+
+if (ri-type ARM_CP_SPECIAL) {
+return;
+}
+
+if (ri-resetfn) {
+ri-resetfn(env, ri);
+return;
+}
+
+/* A zero offset is never possible as it would be regs[0]
+ * so we use it to indicate that reset is being handled elsewhere.
+ * This is basically only used for fields in non-core coprocessors
+ * (like the pxa2xx ones).
+ */
+if (!ri-fieldoffset) {
+return;
+}
+
+if (ri-type ARM_CP_64BIT) {
+CPREG_FIELD64(env, ri) = ri-resetvalue;
+} else {
+CPREG_FIELD32(env, ri) = ri-resetvalue;
+}
+}
+
/* CPUClass::reset() */
static void arm_cpu_reset(CPUState *s)
{
@@ -39,6 +70,7 @@ static void arm_cpu_reset(CPUState *s)
acc-parent_reset(s);
memset(env, 0, offsetof(CPUARMState, breakpoints));
+g_hash_table_foreach(env-cp_regs, cp_reg_reset, env);
env-cp15.c15_config_base_address = cpu-reset_cbar;
env-cp15.c0_cpuid = cpu-midr;
env-vfp.xregs[ARM_VFP_FPSID] = cpu-reset_fpsid;
@@ -130,6 +162,8 @@ static void arm_cpu_initfn(Object *obj)
ARMCPU *cpu = ARM_CPU(obj);
cpu_exec_init(cpu-env);
+cpu-env.cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
+ g_free, g_free);
}
void arm_cpu_realize(ARMCPU *cpu)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 12f5854..f35d24f 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -228,6 +228,9 @@ typedef struct CPUARMState {
/* Internal CPU feature flags. */
uint32_t features;
+/* Coprocessor information */
+GHashTable *cp_regs;
+
/* Coprocessor IO used by peripherals */
struct {
ARMReadCPFunc *cp_read;
@@ -404,6 +407,217 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
void *opaque);
+/* Interface for defining coprocessor registers.
+ * Registers are defined in tables of arm_cp_reginfo structs
+ * which are passed to define_arm_cp_regs().
+ */
+
+/* When looking up a coprocessor register we look for it
+ * via an integer which encodes all of:
+ * coprocessor number
+ * Crn, Crm, opc1, opc2 fields
+ * 32 or 64 bit register (ie is it accessed via MRC/MCR
+ *or via MRRC/MCRR?)
+ * We allow 4 bits for opc1 because MRRC/MCRR have a 4 bit field.
+ * (In this case crn and opc2 should be zero.)
+ */
+#define ENCODE_CP_REG(cp, is64, crn, crm, opc1, opc2) \
+(((cp) 16) | ((is64) 15) | ((crn) 11) |\
+ ((crm) 7) | ((opc1) 3) | (opc2))
+
+#define DECODE_CPREG_CRN(enc) (((enc) 7) 0xf)
+
+/* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
+ * special-behaviour cp reg and bits [15..8] indicate what behaviour
+ * it has. Otherwise it is a simple cp reg, where CONST indicates that
+ * TCG can assume the value to be constant (ie load at translate time)
+ * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
+ * indicates that the TB should not be ended after a write to this register
+ * (the default is that the TB ends after cp writes).
+ */
+#define ARM_CP_SPECIAL 1
+#define ARM_CP_CONST 2
+#define ARM_CP_64BIT 4
+#define ARM_CP_SUPPRESS_TB_END 8
+#define ARM_CP_NOP (ARM_CP_SPECIAL | (1 8))
+#define ARM_CP_WFI (ARM_CP_SPECIAL | (2 8))
+/* Used only as a terminator for ARMCPRegInfo lists */
+#define ARM_CP_SENTINEL 0x
+/* Mask of only the flag bits in a type field */
+#define ARM_CP_FLAG_MASK 0xf
+
+/* Return true if cptype is a valid type field. This is used to try to
+ * catch errors where the sentinel has been accidentally left off the end
+ * of a list of registers.
+ */
+static inline int cptype_valid(int cptype)
+{
+return cptype == ARM_CP_NOP
+|| cptype == ARM_CP_WFI
+|| ((cptype ~ARM_CP_FLAG_MASK) == 0);
+}
+
+/* Access rights:
+ * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
+ * defines as PL0 (user), PL1 (fiq/irq/svc/abt/und/sys, ie privileged), and
[Qemu-devel] [PATCH 01/20] tcg/i386: Use GDB JIT debugging interface only for hosts with ELF
Not all i386 / x86_64 hosts use ELF.
Ask the compiler whether ELF is used.
On w64, gdb crashes when ELF_HOST_MACHINE is defined.
Cc: Richard Henderson r...@twiddle.net
Cc: Blue Swirl blauwir...@gmail.com
Signed-off-by: Stefan Weil s...@weilnetz.de
---
tcg/i386/tcg-target.c |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 871a7e7..79545e3 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -2102,7 +2102,9 @@ typedef struct {
DebugFrameFDE fde;
} DebugFrame;
-#if TCG_TARGET_REG_BITS == 64
+#if !defined(__ELF__)
+/* Host machine without ELF. */
+#elif TCG_TARGET_REG_BITS == 64
#define ELF_HOST_MACHINE EM_X86_64
static DebugFrame debug_frame = {
.cie.len = sizeof(DebugFrameCIE)-4, /* length after .len member */
@@ -2156,6 +2158,7 @@ static DebugFrame debug_frame = {
};
#endif
+#if defined(ELF_HOST_MACHINE)
void tcg_register_jit(void *buf, size_t buf_size)
{
/* We're expecting a 2 byte uleb128 encoded value. */
@@ -2166,3 +2169,4 @@ void tcg_register_jit(void *buf, size_t buf_size)
tcg_register_jit_int(buf, buf_size, debug_frame, sizeof(debug_frame));
}
+#endif
--
1.7.0.4
[Qemu-devel] [PATCH 27/32] target-arm: Convert MPIDR
Convert the MPIDR to the new cp15 register scheme.
This includes giving it its own feature bit rather
than doing a CPUID value check.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c|2 ++
target-arm/cpu.h|1 +
target-arm/helper.c | 50 --
3 files changed, 31 insertions(+), 22 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index d7863fe..52ee2a9 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -156,6 +156,7 @@ void arm_cpu_realize(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_V7)) {
set_feature(env, ARM_FEATURE_VAPA);
set_feature(env, ARM_FEATURE_THUMB2);
+set_feature(env, ARM_FEATURE_MPIDR);
if (!arm_feature(env, ARM_FEATURE_M)) {
set_feature(env, ARM_FEATURE_V6K);
} else {
@@ -343,6 +344,7 @@ static void arm11mpcore_initfn(Object *obj)
set_feature(cpu-env, ARM_FEATURE_V6K);
set_feature(cpu-env, ARM_FEATURE_VFP);
set_feature(cpu-env, ARM_FEATURE_VAPA);
+set_feature(cpu-env, ARM_FEATURE_MPIDR);
set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS);
cpu-midr = ARM_CPUID_ARM11MPCORE;
cpu-reset_fpsid = 0x410120b4;
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 850e0d6..e7cd584 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -383,6 +383,7 @@ enum arm_features {
ARM_FEATURE_CACHE_TEST_CLEAN, /* 926/1026 style test-and-clean ops */
ARM_FEATURE_CACHE_DIRTY_REG, /* 1136/1176 cache dirty status register */
ARM_FEATURE_CACHE_BLOCK_OPS, /* v6 optional cache block operations */
+ARM_FEATURE_MPIDR, /* has cp15 MPIDR */
};
static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index c13a483..2b65024 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -837,6 +837,31 @@ static const ARMCPRegInfo strongarm_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+uint32_t mpidr = env-cpu_index;
+/* We don't support setting cluster ID ([8..11])
+ * so these bits always RAZ.
+ */
+if (arm_feature(env, ARM_FEATURE_V7MP)) {
+mpidr |= (1 31);
+/* Cores which are uniprocessor (non-coherent)
+ * but still implement the MP extensions set
+ * bit 30. (For instance, A9UP.) However we do
+ * not currently model any of those cores.
+ */
+}
+*value = mpidr;
+return 0;
+}
+
+static const ARMCPRegInfo mpidr_cp_reginfo[] = {
+{ .name = MPIDR, .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+ .access = PL1_R, .readfn = mpidr_read },
+REGINFO_SENTINEL
+};
+
static int sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t
value)
{
env-cp15.c1_sys = value;
@@ -979,6 +1004,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_DUMMY_C15_REGS)) {
define_arm_cp_regs(env, dummy_c15_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_MPIDR)) {
+define_arm_cp_regs(env, mpidr_cp_reginfo);
+}
if (arm_feature(env, ARM_FEATURE_AUXCR)) {
ARMCPRegInfo auxcr = {
.name = AUXCR, .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 =
1,
@@ -2107,28 +2135,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
return 0;
case 3: /* TLB type register. */
return 0; /* No lockable TLB entries. */
-case 5: /* MPIDR */
-/* The MPIDR was standardised in v7; prior to
- * this it was implemented only in the 11MPCore.
- * For all other pre-v7 cores it does not exist.
- */
-if (arm_feature(env, ARM_FEATURE_V7) ||
-ARM_CPUID(env) == ARM_CPUID_ARM11MPCORE) {
-int mpidr = env-cpu_index;
-/* We don't support setting cluster ID ([8..11])
- * so these bits always RAZ.
- */
-if (arm_feature(env, ARM_FEATURE_V7MP)) {
-mpidr |= (1 31);
-/* Cores which are uniprocessor (non-coherent)
- * but still implement the MP extensions set
- * bit 30. (For instance, A9UP.) However we do
- * not currently model any of those cores.
- */
-}
-return mpidr;
-}
-/* otherwise fall through to the unimplemented-reg case */
default:
goto bad_reg;
}
--
1.7.1
[Qemu-devel] [PATCH 12/20] w64: Fix data types in softmmu*.h
w64 requires uintptr_t.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
softmmu_header.h |6 +++---
softmmu_template.h | 20
2 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/softmmu_header.h b/softmmu_header.h
index edc7826..77c95dc 100644
--- a/softmmu_header.h
+++ b/softmmu_header.h
@@ -111,7 +111,7 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX),
MEMSUFFIX)(ENV_PARAM
mmu_idx);
} else {
uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
+res = glue(glue(ld, USUFFIX), _raw)(physaddr);
}
return res;
}
@@ -134,7 +134,7 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
MMUSUFFIX)(ENV_VAR addr, mmu_idx);
} else {
uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
-res = glue(glue(lds, SUFFIX), _raw)((uint8_t *)physaddr);
+res = glue(glue(lds, SUFFIX), _raw)(physaddr);
}
return res;
}
@@ -161,7 +161,7 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
mmu_idx);
} else {
uintptr_t physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
+glue(glue(st, SUFFIX), _raw)(physaddr, v);
}
}
diff --git a/softmmu_template.h b/softmmu_template.h
index b285d78..8db33c1 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -112,7 +112,6 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_PARAM
int index;
target_ulong tlb_addr;
target_phys_addr_t ioaddr;
-unsigned long addend;
uintptr_t retaddr;
/* test if there is match for unaligned or IO access */
@@ -145,8 +144,8 @@ glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_PARAM
do_unaligned_access(ENV_VAR addr, READ_ACCESS_TYPE, mmu_idx,
retaddr);
}
#endif
-addend = env-tlb_table[mmu_idx][index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t
*)(long)(addr+addend));
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(addr+addend));
}
} else {
/* the page is not in the TLB : fill it */
@@ -171,7 +170,6 @@ glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(ENV_PARAM
DATA_TYPE res, res1, res2;
int index, shift;
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr, addr1, addr2;
index = (addr TARGET_PAGE_BITS) (CPU_TLB_SIZE - 1);
@@ -202,8 +200,8 @@ glue(glue(slow_ld, SUFFIX), MMUSUFFIX)(ENV_PARAM
res = (DATA_TYPE)res;
} else {
/* unaligned/aligned access in the same page */
-addend = env-tlb_table[mmu_idx][index].addend;
-res = glue(glue(ld, USUFFIX), _raw)((uint8_t
*)(long)(addr+addend));
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)(addr+addend));
}
} else {
/* the page is not in the TLB : fill it */
@@ -258,7 +256,6 @@ void glue(glue(glue(HELPER_PREFIX, st), SUFFIX),
MMUSUFFIX)(ENV_PARAM
int mmu_idx)
{
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr;
uintptr_t retaddr;
int index;
@@ -290,8 +287,8 @@ void glue(glue(glue(HELPER_PREFIX, st), SUFFIX),
MMUSUFFIX)(ENV_PARAM
do_unaligned_access(ENV_VAR addr, 1, mmu_idx, retaddr);
}
#endif
-addend = env-tlb_table[mmu_idx][index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)(addr+addend), val);
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+glue(glue(st, SUFFIX), _raw)((uint8_t *)(addr+addend), val);
}
} else {
/* the page is not in the TLB : fill it */
@@ -313,7 +310,6 @@ static void glue(glue(slow_st, SUFFIX), MMUSUFFIX)(ENV_PARAM
uintptr_t retaddr)
{
target_phys_addr_t ioaddr;
-unsigned long addend;
target_ulong tlb_addr;
int index, i;
@@ -345,8 +341,8 @@ static void glue(glue(slow_st, SUFFIX), MMUSUFFIX)(ENV_PARAM
}
} else {
/* aligned/unaligned access in the same page */
-addend = env-tlb_table[mmu_idx][index].addend;
-glue(glue(st, SUFFIX), _raw)((uint8_t *)(long)(addr+addend), val);
+uintptr_t addend = env-tlb_table[mmu_idx][index].addend;
+glue(glue(st, SUFFIX), _raw)((uint8_t *)(addr+addend), val);
}
} else {
/* the page is not in the TLB : fill it */
--
1.7.0.4
[Qemu-devel] [PATCH 10/32] target-arm: Convert TLS registers
Convert TLS registers to the new cp15 framework
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 19 +++
target-arm/translate.c | 58
2 files changed, 19 insertions(+), 58 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 391c126..eec111c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -160,6 +160,22 @@ static const ARMCPRegInfo t2ee_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static const ARMCPRegInfo v6k_cp_reginfo[] = {
+{ .name = TPIDRURW, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 2,
+ .access = PL0_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c13_tls1),
+ .resetvalue = 0 },
+{ .name = TPIDRURO, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
+ .access = PL0_R|PL1_W,
+ .fieldoffset = offsetof(CPUARMState, cp15.c13_tls2),
+ .resetvalue = 0 },
+{ .name = TPIDRPRW, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 4,
+ .access = PL1_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.c13_tls3),
+ .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -175,6 +191,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
} else {
define_arm_cp_regs(env, not_v6_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_V6K)) {
+define_arm_cp_regs(env, v6k_cp_reginfo);
+}
if (arm_feature(env, ARM_FEATURE_V7)) {
define_arm_cp_regs(env, v7_cp_reginfo);
} else {
diff --git a/target-arm/translate.c b/target-arm/translate.c
index b51c754..fc8dbf8 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2460,64 +2460,9 @@ static int cp15_user_ok(CPUARMState *env, uint32_t insn)
}
return 0;
}
-
-if (cpn == 13 cpm == 0) {
-/* TLS register. */
-if (op == 2 || (op == 3 (insn ARM_CP_RW_BIT)))
-return 1;
-}
return 0;
}
-static int cp15_tls_load_store(CPUARMState *env, DisasContext *s, uint32_t
insn, uint32_t rd)
-{
-TCGv tmp;
-int cpn = (insn 16) 0xf;
-int cpm = insn 0xf;
-int op = ((insn 5) 7) | ((insn 18) 0x38);
-
-if (!arm_feature(env, ARM_FEATURE_V6K))
-return 0;
-
-if (!(cpn == 13 cpm == 0))
-return 0;
-
-if (insn ARM_CP_RW_BIT) {
-switch (op) {
-case 2:
-tmp = load_cpu_field(cp15.c13_tls1);
-break;
-case 3:
-tmp = load_cpu_field(cp15.c13_tls2);
-break;
-case 4:
-tmp = load_cpu_field(cp15.c13_tls3);
-break;
-default:
-return 0;
-}
-store_reg(s, rd, tmp);
-
-} else {
-tmp = load_reg(s, rd);
-switch (op) {
-case 2:
-store_cpu_field(tmp, cp15.c13_tls1);
-break;
-case 3:
-store_cpu_field(tmp, cp15.c13_tls2);
-break;
-case 4:
-store_cpu_field(tmp, cp15.c13_tls3);
-break;
-default:
-tcg_temp_free_i32(tmp);
-return 0;
-}
-}
-return 1;
-}
-
/* Disassemble system coprocessor (cp15) instruction. Return nonzero if
instruction is not defined. */
static int disas_cp15_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
@@ -2548,9 +2493,6 @@ static int disas_cp15_insn(CPUARMState *env, DisasContext
*s, uint32_t insn)
rd = (insn 12) 0xf;
-if (cp15_tls_load_store(env, s, insn, rd))
-return 0;
-
tmp2 = tcg_const_i32(insn);
if (insn ARM_CP_RW_BIT) {
tmp = tcg_temp_new_i32();
--
1.7.1
[Qemu-devel] [PATCH 31/32] target-arm: Remove remaining old cp15 infrastructure
There are now no uses of the old cp15 infrastructure,
so it can be deleted.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 39 ---
target-arm/helper.h|3 --
target-arm/translate.c | 59 +---
3 files changed, 1 insertions(+), 100 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index aef2e26..3c5671d 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1422,16 +1422,6 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env,
target_ulong address, int rw,
return 1;
}
-void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
-{
-cpu_abort(env, cp15 insn %08x\n, insn);
-}
-
-uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
-{
-cpu_abort(env, cp15 insn %08x\n, insn);
-}
-
/* These should probably raise undefined insn exceptions. */
void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
{
@@ -2158,35 +2148,6 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUARMState
*env, target_ulong addr)
return phys_addr;
}
-void HELPER(set_cp15)(CPUARMState *env, uint32_t insn, uint32_t val)
-{
-int op1;
-int op2;
-int crm;
-
-op1 = (insn 21) 7;
-op2 = (insn 5) 7;
-crm = insn 0xf;
-/* ??? For debugging only. Should raise illegal instruction exception. */
-cpu_abort(env, Unimplemented cp15 register write (c%d, c%d, {%d, %d})\n,
- (insn 16) 0xf, crm, op1, op2);
-}
-
-uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
-{
-int op1;
-int op2;
-int crm;
-
-op1 = (insn 21) 7;
-op2 = (insn 5) 7;
-crm = insn 0xf;
-/* ??? For debugging only. Should raise illegal instruction exception. */
-cpu_abort(env, Unimplemented cp15 register read (c%d, c%d, {%d, %d})\n,
- (insn 16) 0xf, crm, op1, op2);
-return 0;
-}
-
void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
{
if ((env-uncached_cpsr CPSR_M) == mode) {
diff --git a/target-arm/helper.h b/target-arm/helper.h
index a0034ae..21e9cfe 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -59,9 +59,6 @@ DEF_HELPER_0(cpsr_read, i32)
DEF_HELPER_3(v7m_msr, void, env, i32, i32)
DEF_HELPER_2(v7m_mrs, i32, env, i32)
-DEF_HELPER_3(set_cp15, void, env, i32, i32)
-DEF_HELPER_2(get_cp15, i32, env, i32)
-
DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
DEF_HELPER_2(get_cp_reg, i32, env, ptr)
DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 09e2165..ea5a1a6 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2439,55 +2439,6 @@ static int disas_dsp_insn(CPUARMState *env, DisasContext
*s, uint32_t insn)
return 1;
}
-/* Disassemble system coprocessor (cp15) instruction. Return nonzero if
- instruction is not defined. */
-static int disas_cp15_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
-{
-uint32_t rd;
-TCGv tmp, tmp2;
-
-/* M profile cores use memory mapped registers instead of cp15. */
-if (arm_feature(env, ARM_FEATURE_M))
- return 1;
-
-if ((insn (1 25)) == 0) {
-return 1;
-}
-if ((insn (1 4)) == 0) {
-/* cdp */
-return 1;
-}
-
-if (IS_USER(s)) {
-return 1;
-}
-
-rd = (insn 12) 0xf;
-
-tmp2 = tcg_const_i32(insn);
-if (insn ARM_CP_RW_BIT) {
-tmp = tcg_temp_new_i32();
-gen_helper_get_cp15(tmp, cpu_env, tmp2);
-/* If the destination register is r15 then sets condition codes. */
-if (rd != 15)
-store_reg(s, rd, tmp);
-else
-tcg_temp_free_i32(tmp);
-} else {
-tmp = load_reg(s, rd);
-gen_helper_set_cp15(cpu_env, tmp2, tmp);
-tcg_temp_free_i32(tmp);
-/* Normally we would always end the TB here, but Linux
- * arch/arm/mach-pxa/sleep.S expects two instructions following
- * an MMU enable to execute from cache. Imitate this behaviour. */
-if (!arm_feature(env, ARM_FEATURE_XSCALE) ||
-(insn 0x0fff0fff) != 0x0e010f10)
-gen_lookup_tb(s);
-}
-tcg_temp_free_i32(tmp2);
-return 0;
-}
-
#define VFP_REG_SHR(x, n) (((n) 0) ? (x) (n) : (x) -(n))
#define VFP_SREG(insn, bigbit, smallbit) \
((VFP_REG_SHR(insn, bigbit - 1) 0x1e) | (((insn) (smallbit)) 1))
@@ -6387,15 +6338,7 @@ static int disas_coproc_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
return 0;
}
-/* Fallback code: handle coprocessor registers not yet converted
- * to ARMCPRegInfo.
- */
-switch (cpnum) {
-case 15:
- return disas_cp15_insn (env, s, insn);
-default:
-return 1;
-}
+return 1;
}
--
1.7.1
[Qemu-devel] [PATCH 11/20] w64: Use uintptr_t in exec.c
Replace all type casts to 'long' or 'unsigned long' by 'intptr_t' or
'uintptr_t'.
For type casts which are only used to extract the lower bits of an address
or to modify those bits, signedness does not matter. There I always use
'uintptr_t'.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
exec.c | 77 +--
1 files changed, 40 insertions(+), 37 deletions(-)
diff --git a/exec.c b/exec.c
index 6d10595..77d6866 100644
--- a/exec.c
+++ b/exec.c
@@ -887,8 +887,8 @@ static inline void tb_page_remove(TranslationBlock **ptb,
TranslationBlock *tb)
for(;;) {
tb1 = *ptb;
-n1 = (long)tb1 3;
-tb1 = (TranslationBlock *)((long)tb1 ~3);
+n1 = (uintptr_t)tb1 3;
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
if (tb1 == tb) {
*ptb = tb1-page_next[n1];
break;
@@ -908,8 +908,8 @@ static inline void tb_jmp_remove(TranslationBlock *tb, int
n)
/* find tb(n) in circular list */
for(;;) {
tb1 = *ptb;
-n1 = (long)tb1 3;
-tb1 = (TranslationBlock *)((long)tb1 ~3);
+n1 = (uintptr_t)tb1 3;
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
if (n1 == n tb1 == tb)
break;
if (n1 == 2) {
@@ -929,7 +929,7 @@ static inline void tb_jmp_remove(TranslationBlock *tb, int
n)
another TB */
static inline void tb_reset_jump(TranslationBlock *tb, int n)
{
-tb_set_jmp_target(tb, n, (unsigned long)(tb-tc_ptr +
tb-tb_next_offset[n]));
+tb_set_jmp_target(tb, n, (uintptr_t)(tb-tc_ptr + tb-tb_next_offset[n]));
}
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
@@ -974,16 +974,16 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
/* suppress any remaining jumps to this TB */
tb1 = tb-jmp_first;
for(;;) {
-n1 = (long)tb1 3;
+n1 = (uintptr_t)tb1 3;
if (n1 == 2)
break;
-tb1 = (TranslationBlock *)((long)tb1 ~3);
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
tb2 = tb1-jmp_next[n1];
tb_reset_jump(tb1, n1);
tb1-jmp_next[n1] = NULL;
tb1 = tb2;
}
-tb-jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
+tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
tb_phys_invalidate_count++;
}
@@ -1024,8 +1024,8 @@ static void build_page_bitmap(PageDesc *p)
tb = p-first_tb;
while (tb != NULL) {
-n = (long)tb 3;
-tb = (TranslationBlock *)((long)tb ~3);
+n = (uintptr_t)tb 3;
+tb = (TranslationBlock *)((uintptr_t)tb ~3);
/* NOTE: this is subtle as a TB may span two physical pages */
if (n == 0) {
/* NOTE: tb_end may be after the end of the page, but
@@ -1069,7 +1069,8 @@ TranslationBlock *tb_gen_code(CPUArchState *env,
tb-flags = flags;
tb-cflags = cflags;
cpu_gen_code(env, tb, code_gen_size);
-code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size +
CODE_GEN_ALIGN - 1) ~(CODE_GEN_ALIGN - 1));
+code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
+ CODE_GEN_ALIGN - 1) ~(CODE_GEN_ALIGN - 1));
/* check next page if needed */
virt_page2 = (pc + tb-size - 1) TARGET_PAGE_MASK;
@@ -1117,8 +1118,8 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start,
tb_page_addr_t end,
/* XXX: see if in some cases it could be faster to invalidate all the code
*/
tb = p-first_tb;
while (tb != NULL) {
-n = (long)tb 3;
-tb = (TranslationBlock *)((long)tb ~3);
+n = (uintptr_t)tb 3;
+tb = (TranslationBlock *)((uintptr_t)tb ~3);
tb_next = tb-page_next[n];
/* NOTE: this is subtle as a TB may span two physical pages */
if (n == 0) {
@@ -1201,7 +1202,8 @@ static inline void
tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
qemu_log(modifying code at 0x%x size=%d EIP=%x PC=%08x\n,
cpu_single_env-mem_io_vaddr, len,
cpu_single_env-eip,
- cpu_single_env-eip + (long)cpu_single_env-segs[R_CS].base);
+ cpu_single_env-eip +
+ (intptr_t)cpu_single_env-segs[R_CS].base);
}
#endif
p = page_find(start TARGET_PAGE_BITS);
@@ -1245,8 +1247,8 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
}
#endif
while (tb != NULL) {
-n = (long)tb 3;
-tb = (TranslationBlock *)((long)tb ~3);
+n = (uintptr_t)tb 3;
+tb = (TranslationBlock *)((uintptr_t)tb ~3);
#ifdef TARGET_HAS_PRECISE_SMC
if (current_tb == tb
(current_tb-cflags CF_COUNT_MASK) != 1) {
@@ -1294,7 +1296,7 @@ static inline void tb_alloc_page(TranslationBlock *tb,
#ifndef CONFIG_USER_ONLY
page_already_protected =
[Qemu-devel] [PATCH 16/20] cpu-exec: Remove non-portable type cast and fix format string
This change is needed for w64, but also changes the code for other hosts. Signed-off-by: Stefan Weil s...@weilnetz.de --- cpu-exec.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpu-exec.c b/cpu-exec.c index d153f97..0344cd5 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -541,8 +541,8 @@ int cpu_exec(CPUArchState *env) tb_invalidated_flag = 0; } #ifdef CONFIG_DEBUG_EXEC -qemu_log_mask(CPU_LOG_EXEC, Trace 0x%08lx [ TARGET_FMT_lx ] %s\n, - (long)tb-tc_ptr, tb-pc, +qemu_log_mask(CPU_LOG_EXEC, Trace %p [ TARGET_FMT_lx ] %s\n, + tb-tc_ptr, tb-pc, lookup_symbol(tb-pc)); #endif /* see if we can patch the calling TB. When the TB -- 1.7.0.4
Re: [Qemu-devel] [PATCH] linux-user: Fix exit syscall with QOM CPU
On 15 April 2012 15:39, Andreas Färber afaer...@suse.de wrote: For QOM'ified CPUs we cannot g_free() CPUArchState, we must object_delete() the object it is embedded into. Should fix LP#982321 (invalid free() while executing pacman w/qemu-arm). Reported-by: Serge Schneider se...@xecdesign.com Signed-off-by: Andreas Färber afaer...@suse.de Cc: Peter Maydell peter.mayd...@linaro.org Reviewed-by: Peter Maydell peter.mayd...@linaro.org Tested with a random simple multithreaded test program, confirmed that this fixes the invalid-free problem. (The program is still somewhat unreliable under qemu, sometimes segfaulting, but I think that is just the usual multithreaded programs don't work reliably issue we've had since forever.) -- PMM
[Qemu-devel] [PATCH 19/20] w64: Fix time conversion for some versions of MinGW-w64
tb.time is a time value, but not necessarily of the same size as time_t:
while time_t is 64 bit for w64, tb.time still is 32 bit only.
Therefore we need en explicit conversion.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
savevm.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/savevm.c b/savevm.c
index 12fb209..2d18bab 100644
--- a/savevm.c
+++ b/savevm.c
@@ -2106,7 +2106,8 @@ void do_savevm(Monitor *mon, const QDict *qdict)
}
} else {
#ifdef _WIN32
-ptm = localtime(tb.time);
+time_t t = tb.time;
+ptm = localtime(t);
strftime(sn-name, sizeof(sn-name), vm-%Y%m%d%H%M%S, ptm);
#else
/* cast below needed for OpenBSD where tv_sec is still 'long' */
--
1.7.0.4
[Qemu-devel] [PATCH 09/32] target-arm: Convert WFI/barriers special cases to cp_reginfo
Convert the various WFI and barrier instruction special cases to use
cp_reginfo infrastructure.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 42 +++
target-arm/translate.c | 51
2 files changed, 42 insertions(+), 51 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 997d476..391c126 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -71,6 +71,38 @@ static const ARMCPRegInfo cp_reginfo[] = {
REGINFO_SENTINEL
};
+static const ARMCPRegInfo not_v6_cp_reginfo[] = {
+/* Not all pre-v6 cores implemented this WFI, so this is slightly
+ * over-broad.
+ */
+{ .name = WFI_v5, .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
+ .access = PL1_W, .type = ARM_CP_WFI },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo not_v7_cp_reginfo[] = {
+/* Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
+ * is UNPREDICTABLE; we choose to NOP as most implementations do).
+ */
+{ .name = WFI_v6, .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
+ .access = PL1_W, .type = ARM_CP_WFI },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo v6_cp_reginfo[] = {
+/* prefetch by MVA in v6, NOP in v7 */
+{ .name = MVA_prefetch,
+ .cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
+ .access = PL1_W, .type = ARM_CP_NOP },
+{ .name = ISB, .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
+ .access = PL0_W, .type = ARM_CP_NOP },
+{ .name = ISB, .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
+ .access = PL0_W, .type = ARM_CP_NOP },
+{ .name = ISB, .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
+ .access = PL0_W, .type = ARM_CP_NOP },
+REGINFO_SENTINEL
+};
+
static const ARMCPRegInfo v7_cp_reginfo[] = {
/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components
@@ -79,6 +111,9 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = DBGDRAR, .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+/* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
+{ .name = NOP, .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
+ .access = PL1_W, .type = ARM_CP_NOP },
REGINFO_SENTINEL
};
@@ -135,8 +170,15 @@ void register_cp_regs_for_features(ARMCPU *cpu)
}
define_arm_cp_regs(env, cp_reginfo);
+if (arm_feature(env, ARM_FEATURE_V6)) {
+define_arm_cp_regs(env, v6_cp_reginfo);
+} else {
+define_arm_cp_regs(env, not_v6_cp_reginfo);
+}
if (arm_feature(env, ARM_FEATURE_V7)) {
define_arm_cp_regs(env, v7_cp_reginfo);
+} else {
+define_arm_cp_regs(env, not_v7_cp_reginfo);
}
if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
define_arm_cp_regs(env, t2ee_cp_reginfo);
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 6e9d7a3..b51c754 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2541,57 +2541,6 @@ static int disas_cp15_insn(CPUARMState *env,
DisasContext *s, uint32_t insn)
/* cdp */
return 1;
}
-/* We special case a number of cp15 instructions which were used
- * for things which are real instructions in ARMv7. This allows
- * them to work in linux-user mode which doesn't provide functional
- * get_cp15/set_cp15 helpers, and is more efficient anyway.
- */
-switch ((insn 0x0fff0fff)) {
-case 0x0e070f90:
-/* 0,c7,c0,4: Standard v6 WFI (also used in some pre-v6 cores).
- * In v7, this must NOP.
- */
-if (IS_USER(s)) {
-return 1;
-}
-if (!arm_feature(env, ARM_FEATURE_V7)) {
-/* Wait for interrupt. */
-gen_set_pc_im(s-pc);
-s-is_jmp = DISAS_WFI;
-}
-return 0;
-case 0x0e070f58:
-/* 0,c7,c8,2: Not all pre-v6 cores implemented this WFI,
- * so this is slightly over-broad.
- */
-if (!IS_USER(s) !arm_feature(env, ARM_FEATURE_V6)) {
-/* Wait for interrupt. */
-gen_set_pc_im(s-pc);
-s-is_jmp = DISAS_WFI;
-return 0;
-}
-/* Otherwise continue to handle via helper function.
- * In particular, on v7 and some v6 cores this is one of
- * the VA-PA registers.
- */
-break;
-case 0x0e070f3d:
-/* 0,c7,c13,1: prefetch-by-MVA in v6, NOP in v7 */
-if (arm_feature(env, ARM_FEATURE_V6)) {
-return IS_USER(s) ? 1 : 0;
-}
-break;
-case 0x0e070f95: /* 0,c7,c5,4 : ISB */
-case 0x0e070f9a: /* 0,c7,c10,4: DSB */
-case 0x0e070fba: /* 0,c7,c10,5: DMB */
-/* Barriers in both v6 and v7 */
-if (arm_feature(env,
[Qemu-devel] [PATCH 23/32] target-arm: Convert cp15 crn=9 registers
Convert cp15 crn=9 registers (mostly cache lockdown) to the new scheme.
Note that this change makes OMAPCP cores RAZ/WI the whole c9 space. This is
a change from previous behaviour, but a return to the behaviour of commit
c3d2689d when OMAP1 support was first added -- subsequent commits have
clearly accidentally relegated the OMAPCP RAZ condition to only a subset of
the crn=9 space when adding support for other cores.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c| 34 +
target-arm/helper.c | 103 ---
2 files changed, 58 insertions(+), 79 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index c5bedee..31c9820 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -23,6 +23,7 @@
#if !defined(CONFIG_USER_ONLY)
#include hw/loader.h
#endif
+#include sysemu.h
static void cp_reg_reset(void *key, void *value, void *udata)
{
@@ -383,6 +384,14 @@ static void cortex_m3_initfn(Object *obj)
cpu-midr = ARM_CPUID_CORTEXM3;
}
+static const ARMCPRegInfo cortexa8_cp_reginfo[] = {
+{ .name = L2LOCKDOWN, .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = L2AUXCR, .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
static void cortex_a8_initfn(Object *obj)
{
ARMCPU *cpu = ARM_CPU(obj);
@@ -413,6 +422,7 @@ static void cortex_a8_initfn(Object *obj)
cpu-ccsidr[0] = 0xe007e01a; /* 16k L1 dcache. */
cpu-ccsidr[1] = 0x2007e01a; /* 16k L1 icache. */
cpu-ccsidr[2] = 0xf000; /* No L2 icache. */
+define_arm_cp_regs(cpu-env, cortexa8_cp_reginfo);
}
static const ARMCPRegInfo cortexa9_cp_reginfo[] = {
@@ -489,6 +499,29 @@ static void cortex_a9_initfn(Object *obj)
}
}
+#ifndef CONFIG_USER_ONLY
+static int a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+/* Linux wants the number of processors from here.
+ * Might as well set the interrupt-controller bit too.
+ */
+*value = ((smp_cpus - 1) 24) | (1 23);
+return 0;
+}
+#endif
+
+static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
+#ifndef CONFIG_USER_ONLY
+{ .name = L2CTLR, .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
+ .access = PL1_RW, .resetvalue = 0, .readfn = a15_l2ctlr_read,
+ .writefn = arm_cp_write_ignore, },
+#endif
+{ .name = L2ECTLR, .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 3,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
static void cortex_a15_initfn(Object *obj)
{
ARMCPU *cpu = ARM_CPU(obj);
@@ -523,6 +556,7 @@ static void cortex_a15_initfn(Object *obj)
cpu-ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
cpu-ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
cpu-ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+define_arm_cp_regs(cpu-env, cortexa15_cp_reginfo);
}
static void ti925t_initfn(Object *obj)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 0058646..b00410d 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -187,6 +187,16 @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
*/
{ .name = WFI_v6, .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
.access = PL1_W, .type = ARM_CP_WFI },
+/* L1 cache lockdown. Not architectural in v6 and earlier but in practice
+ * implemented in 926, 946, 1026, 1136, 1176 and 11MPCore. StrongARM and
+ * OMAPCP will override this space.
+ */
+{ .name = DLOCKDOWN, .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_data),
+ .resetvalue = 0 },
+{ .name = ILOCKDOWN, .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_insn),
+ .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -708,6 +718,9 @@ static const ARMCPRegInfo omap_cp_reginfo[] = {
{ .name = OMAP_CACHEMAINT, .cp = 15, .crn = 7, .crm = CP_ANY,
.opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
.writefn = omap_cachemaint_write },
+{ .name = C9, .cp = 15, .crn = 9,
+ .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -768,6 +781,14 @@ static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static const ARMCPRegInfo strongarm_cp_reginfo[] = {
+/* Ignore ReadBuffer accesses */
+{ .name = C9_READBUFFER, .cp = 15, .crn = 9,
+ .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -833,6
[Qemu-devel] [PATCH 16/32] target-arm: Convert cp15 crn=13 registers
Convert the cp15 crn=13 registers (FCSEIDR, CONTEXTIDR,
and the ARM946 Trace Process Identifier Register).
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 61 ++-
1 files changed, 31 insertions(+), 30 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 19e27c3..29578be 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -68,6 +68,31 @@ static int dacr_write(CPUARMState *env, const ARMCPRegInfo
*ri, uint64_t value)
return 0;
}
+static int fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+if (env-cp15.c13_fcse != value) {
+/* Unlike real hardware the qemu TLB uses virtual addresses,
+ * not modified virtual addresses, so this causes a TLB flush.
+ */
+tlb_flush(env, 1);
+env-cp15.c13_fcse = value;
+}
+return 0;
+}
+static int contextidr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+if (env-cp15.c13_context != value !arm_feature(env, ARM_FEATURE_MPU)) {
+/* For VMSA (when not using the LPAE long descriptor page table
+ * format) this register includes the ASID, so do a TLB flush.
+ * For PMSA it is purely a process ID and no action is needed.
+ */
+tlb_flush(env, 1);
+}
+env-cp15.c13_context = value;
+return 0;
+}
+
static const ARMCPRegInfo cp_reginfo[] = {
/* DBGDIDR: just RAZ. In particular this means the debug architecture
* version bits will read as a reserved value, which should cause
@@ -80,6 +105,12 @@ static const ARMCPRegInfo cp_reginfo[] = {
.crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
.resetvalue = 0, .writefn = dacr_write },
+{ .name = FCSEIDR, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
+ .resetvalue = 0, .writefn = fcse_write },
+{ .name = CONTEXTIDR, .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 =
1,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
+ .resetvalue = 0, .writefn = contextidr_write },
REGINFO_SENTINEL
};
@@ -1757,27 +1788,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
break;
case 12: /* Reserved. */
goto bad_reg;
-case 13: /* Process ID. */
-switch (op2) {
-case 0:
-/* Unlike real hardware the qemu TLB uses virtual addresses,
- not modified virtual addresses, so this causes a TLB flush.
- */
-if (env-cp15.c13_fcse != val)
- tlb_flush(env, 1);
-env-cp15.c13_fcse = val;
-break;
-case 1:
-/* This changes the ASID, so do a TLB flush. */
-if (env-cp15.c13_context != val
- !arm_feature(env, ARM_FEATURE_MPU))
- tlb_flush(env, 0);
-env-cp15.c13_context = val;
-break;
-default:
-goto bad_reg;
-}
-break;
case 15: /* Implementation specific. */
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
if (op2 == 0 crm == 1) {
@@ -2059,15 +2069,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
case 11: /* TCM DMA control. */
case 12: /* Reserved. */
goto bad_reg;
-case 13: /* Process ID. */
-switch (op2) {
-case 0:
-return env-cp15.c13_fcse;
-case 1:
-return env-cp15.c13_context;
-default:
-goto bad_reg;
-}
case 15: /* Implementation specific. */
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
if (op2 == 0 crm == 1)
--
1.7.1
[Qemu-devel] [PATCH 20/32] target-arm: Convert cp15 VA-PA translation registers
Convert the cp15 VA-PA translation registers (a subset of
the crn=7 regs) to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 108 ++
1 files changed, 65 insertions(+), 43 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 32fa49a..58923db 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -4,6 +4,13 @@
#include host-utils.h
#include sysemu.h
+#ifndef CONFIG_USER_ONLY
+static inline int get_phys_addr(CPUARMState *env, uint32_t address,
+int access_type, int is_user,
+uint32_t *phys_ptr, int *prot,
+target_ulong *page_size);
+#endif
+
void cpu_state_reset(CPUARMState *env)
{
cpu_reset(ENV_GET_CPU(env));
@@ -422,6 +429,61 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int par_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+if (arm_feature(env, ARM_FEATURE_V7)) {
+env-cp15.c7_par = value 0xf6ff;
+} else {
+env-cp15.c7_par = value 0xf1ff;
+}
+return 0;
+}
+
+#ifndef CONFIG_USER_ONLY
+/* get_phys_addr() isn't present for user-mode-only targets */
+static int ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+uint32_t phys_addr;
+target_ulong page_size;
+int prot;
+int ret, is_user = ri-opc2 2;
+int access_type = ri-opc2 1;
+
+if (ri-opc2 4) {
+/* Other states are only available with TrustZone */
+return EXCP_UDEF;
+}
+ret = get_phys_addr(env, value, access_type, is_user,
+phys_addr, prot, page_size);
+if (ret == 0) {
+/* We do not set any attribute bits in the PAR */
+if (page_size == (1 24)
+ arm_feature(env, ARM_FEATURE_V7)) {
+env-cp15.c7_par = (phys_addr 0xff00) | 1 1;
+} else {
+env-cp15.c7_par = phys_addr 0xf000;
+}
+} else {
+env-cp15.c7_par = ((ret (10 1)) 5) |
+((ret (12 1)) 6) |
+((ret 0xf) 1) | 1;
+}
+return 0;
+}
+#endif
+
+static const ARMCPRegInfo vapa_cp_reginfo[] = {
+{ .name = PAR, .cp = 15, .crn = 7, .crm = 4, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.c7_par),
+ .writefn = par_write },
+#ifndef CONFIG_USER_ONLY
+{ .name = ATS, .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
+ .access = PL1_W, .writefn = ats_write },
+#endif
+REGINFO_SENTINEL
+};
+
/* Return basic MPU access permission bits. */
static uint32_t simple_mpu_ap_bits(uint32_t val)
{
@@ -679,6 +741,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
define_arm_cp_regs(env, generic_timer_cp_reginfo);
}
+if (arm_feature(env, ARM_FEATURE_VAPA)) {
+define_arm_cp_regs(env, vapa_cp_reginfo);
+}
if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
define_arm_cp_regs(env, omap_cp_reginfo);
}
@@ -1825,46 +1890,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
if (op1 != 0) {
goto bad_reg;
}
-/* No cache, so nothing to do except VA-PA translations. */
-if (arm_feature(env, ARM_FEATURE_VAPA)) {
-switch (crm) {
-case 4:
-if (arm_feature(env, ARM_FEATURE_V7)) {
-env-cp15.c7_par = val 0xf6ff;
-} else {
-env-cp15.c7_par = val 0xf1ff;
-}
-break;
-case 8: {
-uint32_t phys_addr;
-target_ulong page_size;
-int prot;
-int ret, is_user = op2 2;
-int access_type = op2 1;
-
-if (op2 4) {
-/* Other states are only available with TrustZone */
-goto bad_reg;
-}
-ret = get_phys_addr(env, val, access_type, is_user,
-phys_addr, prot, page_size);
-if (ret == 0) {
-/* We do not set any attribute bits in the PAR */
-if (page_size == (1 24)
- arm_feature(env, ARM_FEATURE_V7)) {
-env-cp15.c7_par = (phys_addr 0xff00) | 1 1;
-} else {
-env-cp15.c7_par = phys_addr 0xf000;
-}
-} else {
-env-cp15.c7_par = ((ret (10 1)) 5) |
- ((ret (12 1)) 6) |
- ((ret 0xf) 1) | 1;
-}
-break;
-}
-}
-}
break;
case 9:
[Qemu-devel] [PATCH 30/32] target-arm: Move block cache ops to new cp15 framework
Move the v6 optional block cache ops to the new cp15 framework.
This includes only providing them on the CPUs which implemented
them, rather than the previous blunderbuss approach of making
all MCRR instructions on all CPUs act as NOPs.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 13 +
target-arm/translate.c |7 +--
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ef99d1c..aef2e26 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -815,6 +815,19 @@ static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
/* We never have a a block transfer operation in progress */
{ .name = BXSR, .cp = 15, .crn = 7, .crm = 12, .opc1 = 0, .opc2 = 4,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+/* The cache ops themselves: these all NOP for QEMU */
+{ .name = IICR, .cp = 15, .crm = 5, .opc1 = 0,
+ .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
+{ .name = IDCR, .cp = 15, .crm = 6, .opc1 = 0,
+ .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
+{ .name = CDCR, .cp = 15, .crm = 12, .opc1 = 0,
+ .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
+{ .name = PIR, .cp = 15, .crm = 12, .opc1 = 1,
+ .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
+{ .name = PDR, .cp = 15, .crm = 12, .opc1 = 2,
+ .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
+{ .name = CIDCR, .cp = 15, .crm = 14, .opc1 = 0,
+ .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
REGINFO_SENTINEL
};
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 6f7932f..09e2165 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2451,12 +2451,7 @@ static int disas_cp15_insn(CPUARMState *env,
DisasContext *s, uint32_t insn)
return 1;
if ((insn (1 25)) == 0) {
-if (insn (1 20)) {
-/* mrrc */
-return 1;
-}
-/* mcrr. Used for block cache operations, so implement as no-op. */
-return 0;
+return 1;
}
if ((insn (1 4)) == 0) {
/* cdp */
--
1.7.1
[Qemu-devel] [PATCH 20/20] block: Avoid compiler warning for w64
The MinGW-w64 compiler complains about a non-void function
which does not return a value.
This is not true, but we can help the compiler to
see that by rewriting the code.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
block/raw-win32.c |6 ++
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/block/raw-win32.c b/block/raw-win32.c
index e4b0b75..a420f73 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -335,12 +335,10 @@ static int find_device_type(BlockDriverState *bs, const
char *filename)
return FTYPE_HARDDISK;
case DRIVE_CDROM:
return FTYPE_CD;
-default:
-return FTYPE_FILE;
}
-} else {
-return FTYPE_FILE;
}
+
+return FTYPE_FILE;
}
static int hdev_probe_device(const char *filename)
--
1.7.0.4
[Qemu-devel] [Bug 982321] Re: User mode arm qemu segfault
Patch submitted: http://patchwork.ozlabs.org/patch/152614/ Sorry and thanks for reporting! ** Changed in: qemu Status: New = In Progress ** Changed in: qemu Assignee: (unassigned) = Andreas Färber (afaerber) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/982321 Title: User mode arm qemu segfault Status in QEMU: In Progress Bug description: The full error is attached. Fixed by downgrading to 0bcd08b3522e4feffe3111e7c8145f62d32cc1fb Did some regression testing and found that this commit is the problem: dec9c2d4306d7b4f8482ac42dc468ed2a61d is the first bad commit commit dec9c2d4306d7b4f8482ac42dc468ed2a61d Author: Andreas F��rber afaer...@suse.de Date: Thu Mar 29 04:50:31 2012 + target-arm: Minimalistic CPU QOM'ification Introduce only one non-abstract type TYPE_ARM_CPU and do not touch cp15 registers to not interfere with Peter's ongoing remodelling. Embed CPUARMState as first (additional) field of ARMCPU. Let CPUClass::reset() call cpu_state_reset() for now. Signed-off-by: Andreas F��rber afaer...@suse.de Signed-off-by: Peter Maydell peter.mayd...@linaro.org :100644 100644 44b2e83e6f1d392161b459f582989dede6dc62c3 6e8b997bc5b78262d6ea822138839d1a9e7bb3f3 MMakefile.target :04 04 fe4fbaf514bb3121d6c320b5cd63b855e040fc38 fe2555ad071f036eb4173347ff2f887f23e7d633 Mtarget-arm To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/982321/+subscriptions
[Qemu-devel] [PATCH 04/20] w64: Fix data types in cpu-all.h, exec.c
w64 needs uintptr_t instead of unsigned long.
For other hosts, nothing changes.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
cpu-all.h |8
exec.c|6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/cpu-all.h b/cpu-all.h
index 58420be..f7d6867 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -299,10 +299,10 @@ extern unsigned long reserved_va;
#define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
#define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1)
TARGET_PAGE_MASK)
-/* ??? These should be the larger of unsigned long and target_ulong. */
-extern unsigned long qemu_real_host_page_size;
-extern unsigned long qemu_host_page_size;
-extern unsigned long qemu_host_page_mask;
+/* ??? These should be the larger of uintptr_t and target_ulong. */
+extern uintptr_t qemu_real_host_page_size;
+extern uintptr_t qemu_host_page_size;
+extern uintptr_t qemu_host_page_mask;
#define HOST_PAGE_ALIGN(addr) (((addr) + qemu_host_page_size - 1)
qemu_host_page_mask)
diff --git a/exec.c b/exec.c
index 68b8a6a..3dda2ca 100644
--- a/exec.c
+++ b/exec.c
@@ -177,9 +177,9 @@ typedef struct PageDesc {
#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
-unsigned long qemu_real_host_page_size;
-unsigned long qemu_host_page_size;
-unsigned long qemu_host_page_mask;
+uintptr_t qemu_real_host_page_size;
+uintptr_t qemu_host_page_size;
+uintptr_t qemu_host_page_mask;
/* This is a multi-level map on the virtual address space.
The bottom level has pointers to PageDesc. */
--
1.7.0.4
[Qemu-devel] [PATCH 19/32] target-arm: Convert cp15 MMU TLB control
Convert cp15 MMU TLB control (crn=8) to new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 63 ++
1 files changed, 43 insertions(+), 20 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 6a7ac5b..32fa49a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -93,6 +93,38 @@ static int contextidr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
return 0;
}
+static int tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate all (TLBIALL) */
+tlb_flush(env, 1);
+return 0;
+}
+
+static int tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
+tlb_flush_page(env, value TARGET_PAGE_MASK);
+return 0;
+}
+
+static int tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate by ASID (TLBIASID) */
+tlb_flush(env, value == 0);
+return 0;
+}
+
+static int tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
+tlb_flush_page(env, value TARGET_PAGE_MASK);
+return 0;
+}
+
static const ARMCPRegInfo cp_reginfo[] = {
/* DBGDIDR: just RAZ. In particular this means the debug architecture
* version bits will read as a reserved value, which should cause
@@ -116,6 +148,17 @@ static const ARMCPRegInfo cp_reginfo[] = {
*/
{ .name = TLB_LOCKDOWN, .cp = 15, .crn = 10, .crm = CP_ANY,
.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_NOP },
+/* MMU TLB control. Note that the wildcarding means we cover not just
+ * the unified TLB ops but also the dside/iside/inner-shareable variants.
+ */
+{ .name = TLBIALL, .cp = 15, .crn = 8, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = 0, .access = PL1_W, .writefn = tlbiall_write, },
+{ .name = TLBIMVA, .cp = 15, .crn = 8, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = 1, .access = PL1_W, .writefn = tlbimva_write, },
+{ .name = TLBIASID, .cp = 15, .crn = 8, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = 2, .access = PL1_W, .writefn = tlbiasid_write, },
+{ .name = TLBIMVAA, .cp = 15, .crn = 8, .crm = CP_ANY,
+ .opc1 = CP_ANY, .opc2 = 3, .access = PL1_W, .writefn = tlbimvaa_write, },
REGINFO_SENTINEL
};
@@ -1823,24 +1866,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
}
}
break;
-case 8: /* MMU TLB control. */
-switch (op2) {
-case 0: /* Invalidate all (TLBIALL) */
-tlb_flush(env, 1);
-break;
-case 1: /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
-tlb_flush_page(env, val TARGET_PAGE_MASK);
-break;
-case 2: /* Invalidate by ASID (TLBIASID) */
-tlb_flush(env, val == 0);
-break;
-case 3: /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
-tlb_flush_page(env, val TARGET_PAGE_MASK);
-break;
-default:
-goto bad_reg;
-}
-break;
case 9:
if (arm_feature(env, ARM_FEATURE_OMAPCP))
break;
@@ -2053,8 +2078,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
/* FIXME: Should only clear Z flag if destination is r15. */
env-ZF = 0;
return 0;
-case 8: /* MMU TLB control. */
-goto bad_reg;
case 9:
switch (crm) {
case 0: /* Cache lockdown */
--
1.7.1
[Qemu-devel] [PATCH 26/32] target-arm: Convert cp15 cache ID registers
Convert the cp15 cache ID registers to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c|2 -
target-arm/cpu.h|2 -
target-arm/helper.c | 61 +++---
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index f5a392b..d7863fe 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -77,8 +77,6 @@ static void arm_cpu_reset(CPUState *s)
env-vfp.xregs[ARM_VFP_MVFR0] = cpu-mvfr0;
env-vfp.xregs[ARM_VFP_MVFR1] = cpu-mvfr1;
env-cp15.c0_cachetype = cpu-ctr;
-env-cp15.c0_clid = cpu-clidr;
-memcpy(env-cp15.c0_ccsid, cpu-ccsidr, ARRAY_SIZE(cpu-ccsidr));
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env-iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 26bce2e..850e0d6 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -108,8 +108,6 @@ typedef struct CPUARMState {
struct {
uint32_t c0_cpuid;
uint32_t c0_cachetype;
-uint32_t c0_ccsid[16]; /* Cache size. */
-uint32_t c0_clid; /* Cache level. */
uint32_t c0_cssel; /* Cache size selection. */
uint32_t c1_sys; /* System control register. */
uint32_t c1_coproc; /* Coprocessor access register. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b16ab07..c13a483 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -197,6 +197,9 @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
{ .name = ILOCKDOWN, .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_insn),
.resetvalue = 0 },
+/* v6 doesn't have the cache ID registers but Linux reads them anyway */
+{ .name = DUMMY, .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = CP_ANY,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -326,6 +329,21 @@ static int pmintenclr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
return 0;
}
+static int ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t *value)
+{
+ARMCPU *cpu = arm_env_get_cpu(env);
+*value = cpu-ccsidr[env-cp15.c0_cssel];
+return 0;
+}
+
+static int csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+env-cp15.c0_cssel = value 0xf;
+return 0;
+}
+
static const ARMCPRegInfo v7_cp_reginfo[] = {
/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components
@@ -396,6 +414,16 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
{ .name = SCR, .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
.resetvalue = 0, },
+{ .name = CCSIDR, .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
+ .access = PL1_R, .readfn = ccsidr_read },
+{ .name = CSSELR, .cp = 15, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
+ .writefn = csselr_write, .resetvalue = 0 },
+/* Auxiliary ID register: this actually has an IMPDEF value but for now
+ * just RAZ for all cores:
+ */
+{ .name = AIDR, .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 7,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -900,7 +928,12 @@ void register_cp_regs_for_features(ARMCPU *cpu)
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr),
.readfn = pmreg_read, .writefn = pmcr_write
};
+ARMCPRegInfo clidr = {
+.name = CLIDR, .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 =
1,
+.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu-clidr
+};
define_one_arm_cp_reg(env, pmcr);
+define_one_arm_cp_reg(env, clidr);
define_arm_cp_regs(env, v7_cp_reginfo);
} else {
define_arm_cp_regs(env, not_v7_cp_reginfo);
@@ -2037,11 +2070,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
break;
if (arm_feature(env, ARM_FEATURE_OMAPCP))
break;
-if (arm_feature(env, ARM_FEATURE_V7)
- op1 == 2 crm == 0 op2 == 0) {
-env-cp15.c0_cssel = val 0xf;
-break;
-}
goto bad_reg;
case 4: /* Reserved. */
goto bad_reg;
@@ -2109,29 +2137,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t
insn)
default:
goto bad_reg;
}
-case 1:
-/* These registers aren't documented on arm11 cores. However
- Linux looks at them anyway. */
-if (!arm_feature(env, ARM_FEATURE_V6))
-goto bad_reg;
-if (crm != 0)
-goto bad_reg;
-if
[Qemu-devel] [PATCH 07/32] target-arm: Convert debug registers to cp_reginfo
Convert the cp14 debug registers (DBGDIDR, DBGDRAR, DBGDSAR) to the
cp_reginfo scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c| 25 +
target-arm/translate.c | 28
2 files changed, 25 insertions(+), 28 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 325fbab..7dfee7a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -61,6 +61,27 @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf,
int reg)
return 0;
}
+static const ARMCPRegInfo cp_reginfo[] = {
+/* DBGDIDR: just RAZ. In particular this means the debug architecture
+ * version bits will read as a reserved value, which should cause
+ * Linux to not try to use the debug hardware.
+ */
+{ .name = DBGDIDR, .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo v7_cp_reginfo[] = {
+/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
+ * debug components
+ */
+{ .name = DBGDRAR, .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = DBGDRAR, .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
void register_cp_regs_for_features(ARMCPU *cpu)
{
/* Register all the coprocessor registers based on feature bits */
@@ -70,6 +91,10 @@ void register_cp_regs_for_features(ARMCPU *cpu)
return;
}
+define_arm_cp_regs(env, cp_reginfo);
+if (arm_feature(env, ARM_FEATURE_V7)) {
+define_arm_cp_regs(env, v7_cp_reginfo);
+}
}
CPUARMState *cpu_arm_init(const char *cpu_model)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index a0cfbaa..8b71a1a 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -6364,34 +6364,6 @@ static int disas_cp14_read(CPUARMState * env,
DisasContext *s, uint32_t insn)
int rt = (insn 12) 0xf;
TCGv tmp;
-/* Minimal set of debug registers, since we don't support debug */
-if (op1 == 0 crn == 0 op2 == 0) {
-switch (crm) {
-case 0:
-/* DBGDIDR: just RAZ. In particular this means the
- * debug architecture version bits will read as
- * a reserved value, which should cause Linux to
- * not try to use the debug hardware.
- */
-tmp = tcg_const_i32(0);
-store_reg(s, rt, tmp);
-return 0;
-case 1:
-case 2:
-/* DBGDRAR and DBGDSAR: v7 only. Always RAZ since we
- * don't implement memory mapped debug components
- */
-if (ENABLE_ARCH_7) {
-tmp = tcg_const_i32(0);
-store_reg(s, rt, tmp);
-return 0;
-}
-break;
-default:
-break;
-}
-}
-
if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
if (op1 == 6 crn == 0 crm == 0 op2 == 0) {
/* TEECR */
--
1.7.1
[Qemu-devel] [PATCH 13/32] target-arm: Convert cp15 c3 register
Convert the cp15 c3 register (MMU domain access control
or MPU write buffer control). NB that this is horribly
underdecoded for modern cores (should be crn=3,crm=0,
opc1=0,opc2=0) but this change preserves the existing
QEMU behaviour.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/helper.c | 18 --
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 620e652..a682fab 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -61,6 +61,13 @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf,
int reg)
return 0;
}
+static int dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+env-cp15.c3 = value;
+tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
+return 0;
+}
+
static const ARMCPRegInfo cp_reginfo[] = {
/* DBGDIDR: just RAZ. In particular this means the debug architecture
* version bits will read as a reserved value, which should cause
@@ -68,6 +75,11 @@ static const ARMCPRegInfo cp_reginfo[] = {
*/
{ .name = DBGDIDR, .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+/* MMU Domain access control / MPU write buffer control */
+{ .name = DACR, .cp = 15,
+ .crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
+ .resetvalue = 0, .writefn = dacr_write },
REGINFO_SENTINEL
};
@@ -1539,10 +1551,6 @@ void HELPER(set_cp15)(CPUARMState *env, uint32_t insn,
uint32_t val)
}
}
break;
-case 3: /* MMU Domain access control / MPU write buffer control. */
-env-cp15.c3 = val;
-tlb_flush(env, 1); /* Flush TLB as domain not tracked in TLB */
-break;
case 4: /* Reserved. */
goto bad_reg;
case 5: /* MMU Fault status / MPU access permission. */
@@ -1930,8 +1938,6 @@ uint32_t HELPER(get_cp15)(CPUARMState *env, uint32_t insn)
goto bad_reg;
}
}
-case 3: /* MMU Domain access control / MPU write buffer control. */
-return env-cp15.c3;
case 4: /* Reserved. */
goto bad_reg;
case 5: /* MMU Fault status / MPU access permission. */
--
1.7.1
[Qemu-devel] [PATCH 13/20] w64: Fix type cast in os_host_main_loop_wait
Casting a pointer to an integer must use (DWORD_PTR) instead of (DWORD).
This also matches the definition of 'fd' (gint for w32, gint64 for w64).
Signed-off-by: Stefan Weil s...@weilnetz.de
---
main-loop.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/main-loop.c b/main-loop.c
index 1ebdc4b..4887c73 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -430,7 +430,7 @@ static int os_host_main_loop_wait(int timeout)
g_assert(n_poll_fds = ARRAY_SIZE(poll_fds));
for (i = 0; i w-num; i++) {
-poll_fds[n_poll_fds + i].fd = (DWORD) w-events[i];
+poll_fds[n_poll_fds + i].fd = (DWORD_PTR)w-events[i];
poll_fds[n_poll_fds + i].events = G_IO_IN;
}
--
1.7.0.4
[Qemu-devel] [PATCH 15/20] target-ppc: Fix type casts for w64 (uintptr_t)
This changes nothing for other hosts.
Cc: Alexander Graf ag...@suse.de
Signed-off-by: Stefan Weil s...@weilnetz.de
---
target-ppc/translate_init.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index b1f8785..ff5b61a 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -9504,12 +9504,12 @@ enum {
static inline int is_indirect_opcode (void *handler)
{
-return ((unsigned long)handler 0x03) == PPC_INDIRECT;
+return ((uintptr_t)handler 0x03) == PPC_INDIRECT;
}
static inline opc_handler_t **ind_table(void *handler)
{
-return (opc_handler_t **)((unsigned long)handler ~3);
+return (opc_handler_t **)((uintptr_t)handler ~3);
}
/* Instruction table creation */
@@ -9528,7 +9528,7 @@ static int create_new_table (opc_handler_t **table,
unsigned char idx)
tmp = malloc(0x20 * sizeof(opc_handler_t));
fill_new_table(tmp, 0x20);
-table[idx] = (opc_handler_t *)((unsigned long)tmp | PPC_INDIRECT);
+table[idx] = (opc_handler_t *)((uintptr_t)tmp | PPC_INDIRECT);
return 0;
}
--
1.7.0.4
[Qemu-devel] [PATCH 18/32] target-arm: Convert cp15 crn=15 registers
Convert the cp15 crn=15 (implementation specific) registers
to the new scheme.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/cpu.c| 40 ++-
target-arm/cpu.h|1 +
target-arm/helper.c | 202 ++-
3 files changed, 126 insertions(+), 117 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 083da3e..cf59e08 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -71,7 +71,6 @@ static void arm_cpu_reset(CPUState *s)
memset(env, 0, offsetof(CPUARMState, breakpoints));
g_hash_table_foreach(env-cp_regs, cp_reg_reset, env);
-env-cp15.c15_config_base_address = cpu-reset_cbar;
env-cp15.c0_cpuid = cpu-midr;
env-vfp.xregs[ARM_VFP_FPSID] = cpu-reset_fpsid;
env-vfp.xregs[ARM_VFP_MVFR0] = cpu-mvfr0;
@@ -92,7 +91,6 @@ static void arm_cpu_reset(CPUState *s)
env-cp15.c0_c2[3] = cpu-id_isar3;
env-cp15.c0_c2[4] = cpu-id_isar4;
env-cp15.c0_c2[5] = cpu-id_isar5;
-env-cp15.c15_i_min = 0xff0;
env-cp15.c0_clid = cpu-clidr;
memcpy(env-cp15.c0_ccsid, cpu-ccsidr, ARRAY_SIZE(cpu-ccsidr));
@@ -392,6 +390,35 @@ static void cortex_a8_initfn(Object *obj)
cpu-ccsidr[2] = 0xf000; /* No L2 icache. */
}
+static const ARMCPRegInfo cortexa9_cp_reginfo[] = {
+/* power_control should be set to maximum latency. Again,
+ * default to 0 and set by private hook
+ */
+{ .name = A9_PWRCTL, .cp = 15, .crn = 15, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.c15_power_control) },
+{ .name = A9_DIAG, .cp = 15, .crn = 15, .crm = 0, .opc1 = 0, .opc2 = 1,
+ .access = PL1_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.c15_diagnostic) },
+{ .name = A9_PWRDIAG, .cp = 15, .crn = 15, .crm = 0, .opc1 = 0, .opc2 =
2,
+ .access = PL1_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.c15_power_diagnostic) },
+{ .name = NEONBUSY, .cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0,
+ .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
+/* TLB lockdown control */
+{ .name = TLB_LOCKR, .cp = 15, .crn = 15, .crm = 4, .opc1 = 5, .opc2 = 2,
+ .access = PL1_W, .resetvalue = 0, .type = ARM_CP_NOP },
+{ .name = TLB_LOCKW, .cp = 15, .crn = 15, .crm = 4, .opc1 = 5, .opc2 = 4,
+ .access = PL1_W, .resetvalue = 0, .type = ARM_CP_NOP },
+{ .name = TLB_VA, .cp = 15, .crn = 15, .crm = 5, .opc1 = 5, .opc2 = 2,
+ .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
+{ .name = TLB_PA, .cp = 15, .crn = 15, .crm = 6, .opc1 = 5, .opc2 = 2,
+ .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
+{ .name = TLB_ATTR, .cp = 15, .crn = 15, .crm = 7, .opc1 = 5, .opc2 = 2,
+ .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
+REGINFO_SENTINEL
+};
+
static void cortex_a9_initfn(Object *obj)
{
ARMCPU *cpu = ARM_CPU(obj);
@@ -426,6 +453,15 @@ static void cortex_a9_initfn(Object *obj)
cpu-clidr = (1 27) | (2 24) | 3;
cpu-ccsidr[0] = 0xe00fe015; /* 16k L1 dcache. */
cpu-ccsidr[1] = 0x200fe015; /* 16k L1 icache. */
+{
+ARMCPRegInfo cbar = {
+.name = CBAR, .cp = 15, .crn = 15, .crm = 0, .opc1 = 4,
+.opc2 = 0, .access = PL1_R|PL3_W, .resetvalue = cpu-reset_cbar,
+.fieldoffset = offsetof(CPUARMState, cp15.c15_config_base_address)
+};
+define_one_arm_cp_reg(cpu-env, cbar);
+define_arm_cp_regs(cpu-env, cortexa9_cp_reginfo);
+}
}
static void cortex_a15_initfn(Object *obj)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c23c760..4df35e2 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -383,6 +383,7 @@ enum arm_features {
ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
+ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
};
static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 463ae4f..6a7ac5b 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -498,10 +498,91 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
REGINFO_SENTINEL
};
+static int omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+env-cp15.c15_ticonfig = value 0xe7;
+/* The OS_TYPE bit in this register changes the reported CPUID! */
+env-cp15.c0_cpuid = (value (1 5)) ?
+ARM_CPUID_TI915T : ARM_CPUID_TI925T;
+return 0;
+}
+
+static int omap_threadid_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+env-cp15.c15_threadid = value 0x;
+return 0;
+}
+
+static int omap_wfi_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t
Re: [Qemu-devel] [Qemu-ppc] [PATCH] target-ppc: Init dcache and icache size for e500 user mode
Am 13.04.2012 14:00, schrieb Meador Inge:
On 04/13/2012 06:40 AM, Andreas Färber wrote:
Am 12.04.2012 19:24, schrieb Scott Wood:
On 04/12/2012 11:59 AM, Andreas Färber wrote:
Am 10.04.2012 22:04, schrieb Meador Inge:
commit f7aa558396dd0f6b7a2b22c05cb503c655854102 pulled the dcache and
icache
line size initialization inside of a '#if !defined(CONFIG_USER_ONLY)'
block.
This is not correct because instructions like 'dcbz' need the dcache size
initialized even for user mode.
Signed-off-by: Meador Inge mead...@codesourcery.com
Looks okay and compiles,
Reviewed-by: Andreas Färber afaer...@suse.de
Scott, are you planning to review this e500 patch? Or should I go ahead
and apply?
I'm OK with it, though it may make more sense for USER_ONLY to just pick
an arbitrary cache line size (probably 32) than to try to imitate a
specific core.
[...]
Scott's suggestion would avoid some #ifdef'ery so I'd prefer that if
possible. I'm planning for a PULL later today, so let me know.
Sounds good to me. I think the #ifdef stuff is gross, but I wasn't sure of
way
around it.
Not seeing a follow-up yet I've applied the following change to ppc-next:
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 86a915c..ba4b84d 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -4462,36 +4462,32 @@ static void init_proc_e500 (CPUPPCState *env,
int version)
spr_read_spefscr, spr_write_spefscr,
0x);
/* Memory management */
-#if !defined(CONFIG_USER_ONLY)
+#if defined(CONFIG_USER_ONLY)
+env-dcache_line_size = 32;
+env-icache_line_size = 32;
+#else /* !defined(CONFIG_USER_ONLY) */
env-nb_pids = 3;
env-nb_ways = 2;
env-id_tlbs = 0;
-#endif
switch (version) {
case fsl_e500v1:
/* e500v1 */
-#if !defined(CONFIG_USER_ONLY)
tlbncfg[0] = gen_tlbncfg(2, 1, 1, 0, 256);
tlbncfg[1] = gen_tlbncfg(16, 1, 9, TLBnCFG_AVAIL |
TLBnCFG_IPROT, 16);
-#endif
env-dcache_line_size = 32;
env-icache_line_size = 32;
break;
case fsl_e500v2:
/* e500v2 */
-#if !defined(CONFIG_USER_ONLY)
tlbncfg[0] = gen_tlbncfg(4, 1, 1, 0, 512);
tlbncfg[1] = gen_tlbncfg(16, 1, 12, TLBnCFG_AVAIL |
TLBnCFG_IPROT, 16);
-#endif
env-dcache_line_size = 32;
env-icache_line_size = 32;
break;
case fsl_e500mc:
/* e500mc */
-#if !defined(CONFIG_USER_ONLY)
tlbncfg[0] = gen_tlbncfg(4, 1, 1, 0, 512);
tlbncfg[1] = gen_tlbncfg(64, 1, 12, TLBnCFG_AVAIL |
TLBnCFG_IPROT, 64);
-#endif
env-dcache_line_size = 64;
env-icache_line_size = 64;
l1cfg0 |= 0x100; /* 64 byte cache block size */
@@ -4499,6 +4495,7 @@ static void init_proc_e500 (CPUPPCState *env, int
version)
default:
cpu_abort(env, Unknown CPU: TARGET_FMT_lx \n,
env-spr[SPR_PVR]);
}
+#endif
gen_spr_BookE206(env, 0x00DF, tlbncfg);
/* XXX : not implemented */
spr_register(env, SPR_HID0, HID0,
http://repo.or.cz/w/qemu/agraf.git/shortlog/refs/heads/ppc-next
Thanks everyone,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH 1/3] Use uintptr_t for various op related functions
On 04/09/2012 03:17 PM, Blue Swirl wrote: Use uintptr_t instead of void * or unsigned long in several op related functions, env-mem_io_pc and GETPC() macro. Signed-off-by: Blue Swirl blauwir...@gmail.com Reviewed-by: Richard Henderson r...@twiddle.net r~
[Qemu-devel] [PATCH 06/20] w32: Move defines for socket specific errors to qemu-os-win32.h
As those defines are only used for w32, they should be in the header file for w32. All files which include slirp.h or qemu_socket.h also include qemu-os-win32.h. Signed-off-by: Stefan Weil s...@weilnetz.de --- qemu-os-win32.h | 26 ++ qemu_socket.h |6 -- slirp/slirp.h | 12 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index 8eda4bd..b6533c0 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -30,6 +30,32 @@ #include winsock2.h #include main-loop.h +/* Workaround for older versions of MinGW. */ +#ifndef ECONNREFUSED +# define ECONNREFUSED WSAECONNREFUSED +#endif +#ifndef EINPROGRESS +# define EINPROGRESS WSAEINPROGRESS +#endif +#ifndef EHOSTUNREACH +# define EHOSTUNREACH WSAEHOSTUNREACH +#endif +#ifndef EINTR +# define EINTRWSAEINTR +#endif +#ifndef EINPROGRESS +# define EINPROGRESS WSAEINPROGRESS +#endif +#ifndef ENETUNREACH +# define ENETUNREACH WSAENETUNREACH +#endif +#ifndef ENOTCONN +# define ENOTCONN WSAENOTCONN +#endif +#ifndef EWOULDBLOCK +# define EWOULDBLOCK WSAEWOULDBLOCK +#endif + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); diff --git a/qemu_socket.h b/qemu_socket.h index 51ad210..a5d0a84 100644 --- a/qemu_socket.h +++ b/qemu_socket.h @@ -8,12 +8,6 @@ #include ws2tcpip.h #define socket_error() WSAGetLastError() -#undef EWOULDBLOCK -#undef EINTR -#undef EINPROGRESS -#define EWOULDBLOCK WSAEWOULDBLOCK -#define EINTR WSAEINTR -#define EINPROGRESS WSAEINPROGRESS int inet_aton(const char *cp, struct in_addr *ia); diff --git a/slirp/slirp.h b/slirp/slirp.h index 46bfe46..f2c5eca 100644 --- a/slirp/slirp.h +++ b/slirp/slirp.h @@ -15,18 +15,6 @@ typedef char *caddr_t; # include sys/timeb.h # include iphlpapi.h -# undef EWOULDBLOCK -# undef EINPROGRESS -# undef ENOTCONN -# undef EHOSTUNREACH -# undef ENETUNREACH -# undef ECONNREFUSED -# define EWOULDBLOCK WSAEWOULDBLOCK -# define EINPROGRESS WSAEINPROGRESS -# define ENOTCONN WSAENOTCONN -# define EHOSTUNREACH WSAEHOSTUNREACH -# define ENETUNREACH WSAENETUNREACH -# define ECONNREFUSED WSAECONNREFUSED #else # define ioctlsocket ioctl # define closesocket(s) close(s) -- 1.7.0.4
[Qemu-devel] [PATCH 08/20] w64: Undefine macro SYS_OPEN (fixes a compiler warning)
This could also be done in arm-semi.c, but doing it here keeps more w64 related code in one place. Signed-off-by: Stefan Weil s...@weilnetz.de --- qemu-os-win32.h |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index 753679b..99e8423 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -65,6 +65,10 @@ # define setjmp(env) _setjmp(env, NULL) #endif +/* MinGW-w64 defines SYS_OPEN in stdio.h, + * but arm-semi.c uses a different definition. */ +#undef SYS_OPEN + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); -- 1.7.0.4
Re: [Qemu-devel] [PATCH 08/36] vmstate: machine.c is only compiled for !CONFIG_USER_ONLY
Am 21.03.2012 20:20, schrieb Peter Maydell: On 19 March 2012 22:57, Juan Quintela quint...@redhat.com wrote: Signed-off-by: Juan Quintela quint...@redhat.com --- target-ppc/machine.c |8 1 files changed, 0 insertions(+), 8 deletions(-) Could we give this patch a more informative commit message, please? In particular it doesn't actually say that this is fixing a ppc-only problem. My suggestion: ===begin=== target-ppc/machine.c: Drop unnecessary ifdefs machine.c is only compiled for softmmu targets, so checks for !defined(CONFIG_USER_ONLY) are unnecessary and can be dropped. ===endit=== Thanks, applied with the suggested commit message to ppc-next: http://repo.or.cz/w/qemu/agraf.git/shortlog/refs/heads/ppc-next Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH 0/3] qtest patches
The first patch is the same as before.
The second patch is not 100% optimal as we could anticipate for
example KVM/ARM or some future qtests which need BIOS or kernel, but
it works for now.
I tested the targets like this:
$ for f in obj-amd64/*-softmmu/qemu-system-*; do echo $f; ./$f -qtest
stdio -machine accel=qtest -rtc clock=vm -display none; done
obj-amd64/alpha-softmmu/qemu-system-alpha
[I 1334507425.471227] OPENED
^Cobj-amd64/arm-softmmu/qemu-system-arm
[I 1334507426.789659] OPENED
^Cobj-amd64/cris-softmmu/qemu-system-cris
[I 1334507428.044708] OPENED
^Cobj-amd64/i386-softmmu/qemu-system-i386
etc.
The third patch is only limited to Sparc hosts, for PPC we would need
to enable PCI bridging etc. first.
Blue Swirl (3):
qtest: add register fuzzing to RTC test
qtest: enable qtest for most targets
qtest: add m48t59 tests for Sparc
hw/an5206.c |4 +-
hw/axis_dev88.c |4 +
hw/collie.c |3 +
hw/exynos4_boards.c |8 +-
hw/highbank.c |3 +
hw/integratorcp.c |3 +
hw/mainstone.c |3 +
hw/mcf5208.c|3 +
hw/mips_fulong2e.c | 49 +--
hw/mips_jazz.c | 31 ---
hw/mips_malta.c | 88 ++-
hw/mips_mipssim.c | 39 +
hw/musicpal.c |3 +
hw/omap_sx1.c |2 +-
hw/palm.c |2 +-
hw/realview.c |3 +
hw/s390-virtio.c| 68 ---
hw/shix.c | 28 +++---
hw/spitz.c |3 +
hw/tosa.c |3 +
hw/versatilepb.c|3 +
hw/vexpress.c |4 +-
hw/xilinx_zynq.c|3 +
target-alpha/translate.c|4 +-
target-cris/translate.c |5 +-
target-m68k/helper.c|2 +-
target-microblaze/translate.c |3 +-
target-mips/translate.c |4 +-
target-sh4/translate.c |4 +-
target-sparc/cpu.c |4 +-
tests/Makefile |5 ++
tests/{rtc-test.c = m48t59-test.c} | 162 +--
tests/rtc-test.c| 17
33 files changed, 329 insertions(+), 241 deletions(-)
copy tests/{rtc-test.c = m48t59-test.c} (64%)
--
1.7.10
[Qemu-devel] [PATCH 1/3] qtest: add register fuzzing to RTC test
Signed-off-by: Blue Swirl blauwir...@gmail.com
---
tests/rtc-test.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/tests/rtc-test.c b/tests/rtc-test.c
index 983a980..f23ac3a 100644
--- a/tests/rtc-test.c
+++ b/tests/rtc-test.c
@@ -240,6 +240,22 @@ static void alarm_time(void)
g_assert(cmos_read(RTC_REG_C) == 0);
}
+/* success if no crash or abort */
+static void fuzz_registers(void)
+{
+unsigned int i;
+
+for (i = 0; i 1000; i++) {
+uint8_t reg, val;
+
+reg = (uint8_t)g_test_rand_int_range(0, 16);
+val = (uint8_t)g_test_rand_int_range(0, 256);
+
+cmos_write(reg, val);
+cmos_read(reg);
+}
+}
+
int main(int argc, char **argv)
{
QTestState *s = NULL;
@@ -253,6 +269,7 @@ int main(int argc, char **argv)
qtest_add_func(/rtc/bcd/check-time, bcd_check_time);
qtest_add_func(/rtc/dec/check-time, dec_check_time);
qtest_add_func(/rtc/alarm-time, alarm_time);
+qtest_add_func(/rtc/fuzz-registers, fuzz_registers);
ret = g_test_run();
if (s) {
--
1.7.10
From 67838b63ef8c748bf70e44a23d6bd71cfd48f8fd Mon Sep 17 00:00:00 2001
Message-Id:
67838b63ef8c748bf70e44a23d6bd71cfd48f8fd.1334506880.git.blauwir...@gmail.com
From: Blue Swirl blauwir...@gmail.com
Date: Sun, 15 Apr 2012 07:36:49 +
Subject: [PATCH 1/3] qtest: add register fuzzing to RTC test
Signed-off-by: Blue Swirl blauwir...@gmail.com
---
tests/rtc-test.c | 17 +
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/tests/rtc-test.c b/tests/rtc-test.c
index 983a980..f23ac3a 100644
--- a/tests/rtc-test.c
+++ b/tests/rtc-test.c
@@ -240,6 +240,22 @@ static void alarm_time(void)
g_assert(cmos_read(RTC_REG_C) == 0);
}
+/* success if no crash or abort */
+static void fuzz_registers(void)
+{
+unsigned int i;
+
+for (i = 0; i 1000; i++) {
+uint8_t reg, val;
+
+reg = (uint8_t)g_test_rand_int_range(0, 16);
+val = (uint8_t)g_test_rand_int_range(0, 256);
+
+cmos_write(reg, val);
+cmos_read(reg);
+}
+}
+
int main(int argc, char **argv)
{
QTestState *s = NULL;
@@ -253,6 +269,7 @@ int main(int argc, char **argv)
qtest_add_func(/rtc/bcd/check-time, bcd_check_time);
qtest_add_func(/rtc/dec/check-time, dec_check_time);
qtest_add_func(/rtc/alarm-time, alarm_time);
+qtest_add_func(/rtc/fuzz-registers, fuzz_registers);
ret = g_test_run();
if (s) {
--
1.7.2.5
[Qemu-devel] [PATCH 3/3] qtest: add m48t59 tests for Sparc
Add simple m48t59 qtests, enable test only for Sparc32
and Sparc64. On PPC, the device is behind PCI bus.
Signed-off-by: Blue Swirl blauwir...@gmail.com
---
tests/Makefile |5 +
tests/m48t59-test.c | 259 +++
2 files changed, 264 insertions(+)
create mode 100644 tests/m48t59-test.c
diff --git a/tests/Makefile b/tests/Makefile
index baf1d70..04a8050 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -20,6 +20,10 @@ check-block-$(CONFIG_POSIX) += tests/qemu-iotests-quick.sh
# really in libqtest, not in the testcases themselves.
check-qtest-i386-y = tests/rtc-test
check-qtest-x86_64-y = $(check-qtest-i386-y)
+#check-qtest-ppc-y = tests/m48t59-test
+#check-qtest-ppc64-y = tests/m48t59-test
+check-qtest-sparc-y = tests/m48t59-test
+check-qtest-sparc64-y = tests/m48t59-test
GENERATED_HEADERS += tests/test-qapi-types.h tests/test-qapi-visit.h
tests/test-qmp-commands.h
@@ -64,6 +68,7 @@ tests/test-qmp-input-strict$(EXESUF):
tests/test-qmp-input-strict.o $(test-qapi-
tests/test-qmp-commands$(EXESUF): tests/test-qmp-commands.o
tests/test-qmp-marshal.o $(test-qapi-obj-y)
tests/rtc-test$(EXESUF): tests/rtc-test.o $(trace-obj-y)
+tests/m48t59-test$(EXESUF): tests/m48t59-test.o $(trace-obj-y)
# QTest rules
diff --git a/tests/m48t59-test.c b/tests/m48t59-test.c
new file mode 100644
index 000..5179681
--- /dev/null
+++ b/tests/m48t59-test.c
@@ -0,0 +1,259 @@
+/*
+ * QTest testcase for the M48T59 and M48T08 real-time clocks
+ *
+ * Based on MC146818 RTC test:
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ * Anthony Liguori aligu...@us.ibm.com
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+#include libqtest.h
+
+#include glib.h
+#include stdio.h
+#include string.h
+#include stdlib.h
+#include unistd.h
+
+#define RTC_SECONDS 0x9
+#define RTC_MINUTES 0xa
+#define RTC_HOURS 0xb
+
+#define RTC_DAY_OF_WEEK 0xc
+#define RTC_DAY_OF_MONTH0xd
+#define RTC_MONTH 0xe
+#define RTC_YEAR0xf
+
+static uint32_t base;
+static uint16_t reg_base = 0x1ff0; /* 0x7f0 for m48t02 */
+static int base_year;
+static bool use_mmio;
+
+static uint8_t cmos_read_mmio(uint8_t reg)
+{
+uint8_t data;
+
+memread(base + (uint32_t)reg_base + (uint32_t)reg, data, 1);
+return data;
+}
+
+static void cmos_write_mmio(uint8_t reg, uint8_t val)
+{
+uint8_t data = val;
+
+memwrite(base + (uint32_t)reg_base + (uint32_t)reg, data, 1);
+}
+
+static uint8_t cmos_read_ioio(uint8_t reg)
+{
+outw(base + 0, reg_base + (uint16_t)reg);
+return inb(base + 3);
+}
+
+static void cmos_write_ioio(uint8_t reg, uint8_t val)
+{
+outw(base + 0, reg_base + (uint16_t)reg);
+outb(base + 3, val);
+}
+
+static uint8_t cmos_read(uint8_t reg)
+{
+if (use_mmio) {
+return cmos_read_mmio(reg);
+} else {
+return cmos_read_ioio(reg);
+}
+}
+
+static void cmos_write(uint8_t reg, uint8_t val)
+{
+if (use_mmio) {
+cmos_write_mmio(reg, val);
+} else {
+cmos_write_ioio(reg, val);
+}
+}
+
+static int bcd2dec(int value)
+{
+return (((value 4) 0x0F) * 10) + (value 0x0F);
+}
+
+static int tm_cmp(struct tm *lhs, struct tm *rhs)
+{
+time_t a, b;
+struct tm d1, d2;
+
+memcpy(d1, lhs, sizeof(d1));
+memcpy(d2, rhs, sizeof(d2));
+
+a = mktime(d1);
+b = mktime(d2);
+
+if (a b) {
+return -1;
+} else if (a b) {
+return 1;
+}
+
+return 0;
+}
+
+#if 0
+static void print_tm(struct tm *tm)
+{
+printf(%04d-%02d-%02d %02d:%02d:%02d %+02ld\n,
+ tm-tm_year + 1900, tm-tm_mon + 1, tm-tm_mday,
+ tm-tm_hour, tm-tm_min, tm-tm_sec, tm-tm_gmtoff);
+}
+#endif
+
+static void cmos_get_date_time(struct tm *date)
+{
+int sec, min, hour, mday, mon, year;
+time_t ts;
+struct tm dummy;
+
+sec = cmos_read(RTC_SECONDS);
+min = cmos_read(RTC_MINUTES);
+hour = cmos_read(RTC_HOURS);
+mday = cmos_read(RTC_DAY_OF_MONTH);
+mon = cmos_read(RTC_MONTH);
+year = cmos_read(RTC_YEAR);
+
+sec = bcd2dec(sec);
+min = bcd2dec(min);
+hour = bcd2dec(hour);
+mday = bcd2dec(mday);
+mon = bcd2dec(mon);
+year = bcd2dec(year);
+
+ts = time(NULL);
+localtime_r(ts, dummy);
+
+date-tm_isdst = dummy.tm_isdst;
+date-tm_sec = sec;
+date-tm_min = min;
+date-tm_hour = hour;
+date-tm_mday = mday;
+date-tm_mon = mon - 1;
+date-tm_year = base_year + year - 1900;
+date-tm_gmtoff = 0;
+
+ts = mktime(date);
+}
+
+static void check_time(int wiggle)
+{
+struct tm start, date[4], end;
+struct tm *datep;
+time_t ts;
+
+/*
+ * This check assumes a few things. First, we cannot guarantee that we get
+ * a consistent reading from the wall clock because we may hit an edge of
+ * the clock while reading. To work
[Qemu-devel] [PATCH semi-urgent v2] linux-user: Fix exit syscall with QOM CPU
For QOM'ified CPUs we cannot g_free() CPUArchState, we must object_delete() the object it is embedded into. Fixes LP#982321 (invalid free() while executing pacman with qemu-arm). Reported-by: Serge Schneider se...@xecdesign.com Reported-by: Russell Keith Davis russ...@russelldavis.org Signed-off-by: Andreas Färber afaer...@suse.de Reviewed-by: Peter Maydell peter.mayd...@linaro.org Tested-by: Serge Schneider se...@xecdesign.com Tested-by: Russell Keith Davis russ...@russelldavis.org --- Blue, can you please apply this fix before more targets get converted and run into regressions? Thanks! (ppc PULL coming up) linux-user/syscall.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 8a92162..7128618 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5045,7 +5045,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, NULL, NULL, 0); } thread_env = NULL; +#ifdef ENV_GET_CPU + object_delete(OBJECT(ENV_GET_CPU(cpu_env))); +#else g_free(cpu_env); +#endif g_free(ts); pthread_exit(NULL); } -- 1.7.7
Re: [Qemu-devel] [PATCH 08/20] w64: Undefine macro SYS_OPEN (fixes a compiler warning)
On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote: This could also be done in arm-semi.c, but doing it here keeps more w64 related code in one place. This is just papering over the bug, it could show up with a different OS. The right fix is to change arm-semi.c to prefix the #defines with TARGET_ or QEMU_ so they no longer clash with system definitions. Signed-off-by: Stefan Weil s...@weilnetz.de --- qemu-os-win32.h | 4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index 753679b..99e8423 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -65,6 +65,10 @@ # define setjmp(env) _setjmp(env, NULL) #endif +/* MinGW-w64 defines SYS_OPEN in stdio.h, + * but arm-semi.c uses a different definition. */ +#undef SYS_OPEN + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); -- 1.7.0.4
Re: [Qemu-devel] [PATCH 07/20] w64: Fix definition of setjmp
On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote: The default definition of setjmp which is implemented in MinGW-w64 cannot be used with programs like QEMU which call longjmp from code without structured exception handling (SEH). We're currently compiling QEMU with -no-seh, is that correct for Mingw64? This code therefore disables stack unwinding. We could also implement SEH for QEMU's generated JIT code, but that is much more difficult. Stack unwinding would also cost execution time. Signed-off-by: Stefan Weil s...@weilnetz.de --- qemu-os-win32.h | 9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index b6533c0..753679b 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -56,6 +56,15 @@ # define EWOULDBLOCK WSAEWOULDBLOCK #endif +#if defined(_WIN64) +/* On w64, setjmp is implemented by _setjmp which needs a second parameter. + * If this parameter is NULL, longjump does no stack unwinding. + * That is what we need for QEMU. Passing the value of register rsp (default) + * lets longjmp try a stack unwinding which will crash with generated code. */ +# undef setjmp +# define setjmp(env) _setjmp(env, NULL) +#endif + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); -- 1.7.0.4
Re: [Qemu-devel] [PATCH 10/20] softmmu: Use uintptr_t for physaddr
On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote:
Variable physaddr is a host address which should be represented by
data type 'uintptr_t'.
As you note, the name is wrong and should be fixed, for example
'hostaddr' or 'raw_ptr' would be better. If you need to revisit the
series, please consider changing the name too since it would not
change the patch much.
This is needed for w64 and changes nothing for other hosts.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
softmmu_header.h | 9 +++--
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/softmmu_header.h b/softmmu_header.h
index 6b72093..edc7826 100644
--- a/softmmu_header.h
+++ b/softmmu_header.h
@@ -99,7 +99,6 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX),
MEMSUFFIX)(ENV_PARAM
int page_index;
RES_TYPE res;
target_ulong addr;
- unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -111,7 +110,7 @@ glue(glue(glue(CPU_PREFIX, ld), USUFFIX),
MEMSUFFIX)(ENV_PARAM
addr,
mmu_idx);
} else {
- physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+ uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
res = glue(glue(ld, USUFFIX), _raw)((uint8_t *)physaddr);
}
return res;
@@ -124,7 +123,6 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
{
int res, page_index;
target_ulong addr;
- unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -135,7 +133,7 @@ glue(glue(glue(CPU_PREFIX, lds), SUFFIX),
MEMSUFFIX)(ENV_PARAM
res = (DATA_STYPE)glue(glue(glue(HELPER_PREFIX, ld), SUFFIX),
MMUSUFFIX)(ENV_VAR addr, mmu_idx);
} else {
- physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+ uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
res = glue(glue(lds, SUFFIX), _raw)((uint8_t *)physaddr);
}
return res;
@@ -152,7 +150,6 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
{
int page_index;
target_ulong addr;
- unsigned long physaddr;
int mmu_idx;
addr = ptr;
@@ -163,7 +160,7 @@ glue(glue(glue(CPU_PREFIX, st), SUFFIX),
MEMSUFFIX)(ENV_PARAM target_ulong ptr,
glue(glue(glue(HELPER_PREFIX, st), SUFFIX), MMUSUFFIX)(ENV_VAR addr,
v,
mmu_idx);
} else {
- physaddr = addr + env-tlb_table[mmu_idx][page_index].addend;
+ uintptr_t physaddr = addr +
env-tlb_table[mmu_idx][page_index].addend;
glue(glue(st, SUFFIX), _raw)((uint8_t *)physaddr, v);
}
}
--
1.7.0.4
Re: [Qemu-devel] [PATCH 07/20] w64: Fix definition of setjmp
Am 15.04.2012 19:02, schrieb Blue Swirl: On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote: The default definition of setjmp which is implemented in MinGW-w64 cannot be used with programs like QEMU which call longjmp from code without structured exception handling (SEH). We're currently compiling QEMU with -no-seh, is that correct for Mingw64? Yes, that's correct. This code in configure is used for w32 and for w64: # Use ASLR, no-SEH and DEP if available if test $mingw32 = yes ; then for flag in --dynamicbase --no-seh --nxcompat; do if $ld --help 2/dev/null | grep .$flag /dev/null 2/dev/null ; then LDFLAGS=-Wl,$flag $LDFLAGS fi done fi See resulting file: bin/debug/w64/config-host.mak:LDFLAGS=-Wl,--nxcompat -Wl,--no-seh -Wl,--dynamicbase -Wl,--warn-common -m64 -g Regards, Stefan W.
Re: [Qemu-devel] [PATCH 20/20] block: Avoid compiler warning for w64
On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote:
The MinGW-w64 compiler complains about a non-void function
which does not return a value.
This is not true, but we can help the compiler to
see that by rewriting the code.
Signed-off-by: Stefan Weil s...@weilnetz.de
---
block/raw-win32.c | 6 ++
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/block/raw-win32.c b/block/raw-win32.c
index e4b0b75..a420f73 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -335,12 +335,10 @@ static int find_device_type(BlockDriverState *bs, const
char *filename)
return FTYPE_HARDDISK;
case DRIVE_CDROM:
return FTYPE_CD;
- default:
- return FTYPE_FILE;
If these DRIVE_ constants are enums (or later changed to such), a
compiler may complain about missing default case. I'd prefer then to
keep 'default:', but add 'break;' in place of the return. Would this
work in your case too?
}
- } else {
- return FTYPE_FILE;
}
+
+ return FTYPE_FILE;
This and else change is fine.
}
static int hdev_probe_device(const char *filename)
--
1.7.0.4
Re: [Qemu-devel] [PATCH 08/20] w64: Undefine macro SYS_OPEN (fixes a compiler warning)
Am 15.04.2012 19:00, schrieb Blue Swirl: On Sun, Apr 15, 2012 at 14:13, Stefan Weils...@weilnetz.de wrote: This could also be done in arm-semi.c, but doing it here keeps more w64 related code in one place. This is just papering over the bug, it could show up with a different OS. The right fix is to change arm-semi.c to prefix the #defines with TARGET_ or QEMU_ so they no longer clash with system definitions. This patch is not strictly needed for the w64 port, because it only fixes a compiler warning (and w64 does not set -Werror). I agree that modifying arm-semi.c is the better solution. Paul, do you want to fix that yourself, or do you have any preference for the prefix (then I can send a patch)? Signed-off-by: Stefan Weils...@weilnetz.de --- qemu-os-win32.h |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/qemu-os-win32.h b/qemu-os-win32.h index 753679b..99e8423 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -65,6 +65,10 @@ # define setjmp(env) _setjmp(env, NULL) #endif +/* MinGW-w64 defines SYS_OPEN in stdio.h, + * but arm-semi.c uses a different definition. */ +#undef SYS_OPEN + /* Declaration of ffs() is missing in MinGW's strings.h. */ int ffs(int i); -- 1.7.0.4
Re: [Qemu-devel] [PATCH 07/20] w64: Fix definition of setjmp
On Sun, Apr 15, 2012 at 17:09, Stefan Weil s...@weilnetz.de wrote: Am 15.04.2012 19:02, schrieb Blue Swirl: On Sun, Apr 15, 2012 at 14:13, Stefan Weil s...@weilnetz.de wrote: The default definition of setjmp which is implemented in MinGW-w64 cannot be used with programs like QEMU which call longjmp from code without structured exception handling (SEH). We're currently compiling QEMU with -no-seh, is that correct for Mingw64? Yes, that's correct. This code in configure is used for w32 and for w64: # Use ASLR, no-SEH and DEP if available if test $mingw32 = yes ; then for flag in --dynamicbase --no-seh --nxcompat; do if $ld --help 2/dev/null | grep .$flag /dev/null 2/dev/null ; then LDFLAGS=-Wl,$flag $LDFLAGS fi done fi See resulting file: bin/debug/w64/config-host.mak:LDFLAGS=-Wl,--nxcompat -Wl,--no-seh -Wl,--dynamicbase -Wl,--warn-common -m64 -g Yes, but I meant that since Mingw64 uses SEH, does -Wl,--no-seh conflict with Mingw64 SEH usage somehow? If yes, should we disable no-seh for Mingw64 and could we also use plain setjmp() then? Regards, Stefan W.
Re: [Qemu-devel] [PATCH 20/20] block: Avoid compiler warning for w64
Am 15.04.2012 19:13, schrieb Blue Swirl:
On Sun, Apr 15, 2012 at 14:13, Stefan Weils...@weilnetz.de wrote:
The MinGW-w64 compiler complains about a non-void function
which does not return a value.
This is not true, but we can help the compiler to
see that by rewriting the code.
Signed-off-by: Stefan Weils...@weilnetz.de
---
block/raw-win32.c |6 ++
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/block/raw-win32.c b/block/raw-win32.c
index e4b0b75..a420f73 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -335,12 +335,10 @@ static int find_device_type(BlockDriverState *bs, const
char *filename)
return FTYPE_HARDDISK;
case DRIVE_CDROM:
return FTYPE_CD;
-default:
-return FTYPE_FILE;
If these DRIVE_ constants are enums (or later changed to such), a
compiler may complain about missing default case. I'd prefer then to
keep 'default:', but add 'break;' in place of the return. Would this
work in your case too?
}
-} else {
-return FTYPE_FILE;
}
+
+return FTYPE_FILE;
This and else change is fine.
This patch is not strictly needed for w64 because it only fixes a
compiler warning, so I'll remove it from this patch series.
Introducing an enum (also for block/raw-posix.c) and re-writing
the switch statement can be done by separate patches.
Regards,
Stefan W.
Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/3] pseries: Fix RTAS based config access
Am 15.04.2012 12:16, schrieb Michael S. Tsirkin:
On Mon, Apr 02, 2012 at 02:17:35PM +1000, David Gibson wrote:
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin m...@redhat.com
No objections from me :) But pls note I have no idea about RTAS.
Noted a couple of apparent typos below.
Thanks, applied (with typos fixed) to ppc-next:
http://repo.or.cz/w/qemu/agraf.git/shortlog/refs/heads/ppc-next
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [Qemu-ppc] [PATCH 4/4] pseries: Implement automatic PAPR VIO address allocation
Am 04.04.2012 07:02, schrieb David Gibson:
PAPR virtual IO (VIO) devices require a unique, but otherwise arbitrary,
address used as a token to the hypercalls which manipulate them.
Currently the pseries machine code does an ok job of allocating these
addresses when the legacy -net nic / -serial and so forth options are used
but will fail to allocate them properly when using -device.
Specifically, you can use -device if all addresses are explicitly assigned.
Without explicit assignment, only one VIO device of each type (network,
console, SCSI) will be assigned properly, any further ones will attempt
to take the same address leading to a fatal error.
This patch fixes the situation by adding a proper address allocator to the
VIO bus code. This is used both by -device and the legacy options and
default devices. Addresses can still be explicitly assigned with -device
options if desired.
This patch changes the (guest visible) numbering of VIO devices, but since
their addresses are discovered using the device tree and already differ
from the numbering found on existing PowerVM systems, this does not break
compatibility.
Signed-off-by: David Gibson da...@gibson.dropbear.id.au
---
hw/spapr.c |7 ++---
hw/spapr_llan.c |5 +--
hw/spapr_vio.c | 74
--
hw/spapr_vio.h | 13 -
hw/spapr_vscsi.c |5 +--
hw/spapr_vty.c |5 +--
6 files changed, 59 insertions(+), 50 deletions(-)
Reviewed-by: Andreas Färber afaer...@suse.de
Technically this change looks okay but I'd appreciate a second reviewer
as to what side-effects this change in numbering might have, so I'm
leaving this one to Alex.
Andreas
diff --git a/hw/spapr.c b/hw/spapr.c
index bfaf260..cca20f9 100644
--- a/hw/spapr.c
+++ b/hw/spapr.c
@@ -631,8 +631,7 @@ static void ppc_spapr_init(ram_addr_t ram_size,
for (i = 0; i MAX_SERIAL_PORTS; i++) {
if (serial_hds[i]) {
-spapr_vty_create(spapr-vio_bus, SPAPR_VTY_BASE_ADDRESS + i,
- serial_hds[i]);
+spapr_vty_create(spapr-vio_bus, serial_hds[i]);
}
}
@@ -650,14 +649,14 @@ static void ppc_spapr_init(ram_addr_t ram_size,
}
if (strcmp(nd-model, ibmveth) == 0) {
-spapr_vlan_create(spapr-vio_bus, 0x1000 + i, nd);
+spapr_vlan_create(spapr-vio_bus, nd);
} else {
pci_nic_init_nofail(nd_table[i], nd-model, NULL);
}
}
for (i = 0; i = drive_get_max_bus(IF_SCSI); i++) {
-spapr_vscsi_create(spapr-vio_bus, 0x2000 + i);
+spapr_vscsi_create(spapr-vio_bus);
}
if (rma_size (MIN_RMA_SLOF 20)) {
diff --git a/hw/spapr_llan.c b/hw/spapr_llan.c
index 32dce17..a0020e9 100644
--- a/hw/spapr_llan.c
+++ b/hw/spapr_llan.c
@@ -195,12 +195,11 @@ static int spapr_vlan_init(VIOsPAPRDevice *sdev)
return 0;
}
-void spapr_vlan_create(VIOsPAPRBus *bus, uint32_t reg, NICInfo *nd)
+void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd)
{
DeviceState *dev;
dev = qdev_create(bus-bus, spapr-vlan);
-qdev_prop_set_uint32(dev, reg, reg);
qdev_set_nic_properties(dev, nd);
@@ -473,7 +472,7 @@ static target_ulong h_multicast_ctrl(CPUPPCState *env,
sPAPREnvironment *spapr,
}
static Property spapr_vlan_properties[] = {
-DEFINE_SPAPR_PROPERTIES(VIOsPAPRVLANDevice, sdev, 0x1000, 0x1000),
+DEFINE_SPAPR_PROPERTIES(VIOsPAPRVLANDevice, sdev, 0x1000),
DEFINE_NIC_PROPERTIES(VIOsPAPRVLANDevice, nicconf),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/hw/spapr_vio.c b/hw/spapr_vio.c
index 97d029a..1411f84 100644
--- a/hw/spapr_vio.c
+++ b/hw/spapr_vio.c
@@ -620,41 +620,35 @@ static void rtas_quiesce(sPAPREnvironment *spapr,
uint32_t token,
rtas_st(rets, 0, 0);
}
-static int spapr_vio_check_reg(VIOsPAPRDevice *sdev)
+static void spapr_vio_busdev_reset(void *opaque)
{
-VIOsPAPRDevice *other_sdev;
-DeviceState *qdev;
-VIOsPAPRBus *sbus;
+VIOsPAPRDevice *dev = (VIOsPAPRDevice *)opaque;
+
+if (dev-crq.qsize) {
+free_crq(dev);
+}
+}
-sbus = DO_UPCAST(VIOsPAPRBus, bus, sdev-qdev.parent_bus);
+static VIOsPAPRDevice *reg_conflict(VIOsPAPRDevice *dev)
+{
+VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev-qdev.parent_bus);
+DeviceState *qdev;
+VIOsPAPRDevice *other;
/*
- * Check two device aren't given clashing addresses by the user (or some
- * other mechanism). We have to open code this because we have to check
- * for matches with devices other than us.
+ * Check for a device other than the given one which is already
+ * using the requested address. We have to open code this because
+ * the given dev might already be in the list.
*/
-QTAILQ_FOREACH(qdev, sbus-bus.children, sibling) {
-
