From 6461d7e2678fe4a71c257da85136c0e776dfd94c Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sat, 10 Mar 2018 15:04:50 -0800 Subject: fsl-imx6: Swap Ethernet interrupt defines The sabrelite machine model used by qemu-system-arm is based on the Freescale/NXP i.MX6Q processor. This SoC has an on-board ethernet controller which is supported in QEMU using the imx_fec.c module (actually called imx.enet for this model.) The include/hw/arm/fsm-imx6.h file defines the interrupt vectors for the imx.enet device like this: #define FSL_IMX6_ENET_MAC_1588_IRQ 118 #define FSL_IMX6_ENET_MAC_IRQ 119 According to https://www.nxp.com/docs/en/reference-manual/IMX6DQRM.pdf, page 225, in Table 3-1. ARM Cortex A9 domain interrupt summary, interrupts are as follows. 150 ENET MAC 0 IRQ 151 ENET MAC 0 1588 Timer interrupt where 150 - 32 == 118 151 - 32 == 119 In other words, the vector definitions in the fsl-imx6.h file are reversed. Fixing the interrupts alone causes problems with older Linux kernels: The Ethernet interface will fail to probe with Linux v4.9 and earlier. Linux v4.1 and earlier will crash due to a bug in Ethernet driver probe error handling. This is a Linux kernel problem, not a qemu problem: the Linux kernel only worked by accident since it requested both interrupts. For backward compatibility, generate the Ethernet interrupt on both interrupt lines. This was shown to work from all Linux kernel releases starting with v3.16. Link: https://bugs.launchpad.net/qemu/+bug/1753309 Signed-off-by: Guenter Roeck Message-id: 1520723090-22130-1-git-send-email-linux@roeck-us.net Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/net/imx_fec.c | 28 +++++++++++++++++++++++++++- include/hw/arm/fsl-imx6.h | 4 ++-- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c index 9506f9b..6e297c5 100644 --- a/hw/net/imx_fec.c +++ b/hw/net/imx_fec.c @@ -417,7 +417,33 @@ static void imx_enet_write_bd(IMXENETBufDesc *bd, dma_addr_t addr) static void imx_eth_update(IMXFECState *s) { - if (s->regs[ENET_EIR] & s->regs[ENET_EIMR] & ENET_INT_TS_TIMER) { + /* + * Previous versions of qemu had the ENET_INT_MAC and ENET_INT_TS_TIMER + * interrupts swapped. This worked with older versions of Linux (4.14 + * and older) since Linux associated both interrupt lines with Ethernet + * MAC interrupts. Specifically, + * - Linux 4.15 and later have separate interrupt handlers for the MAC and + * timer interrupts. Those versions of Linux fail with versions of QEMU + * with swapped interrupt assignments. + * - In linux 4.14, both interrupt lines were registered with the Ethernet + * MAC interrupt handler. As a result, all versions of qemu happen to + * work, though that is accidental. + * - In Linux 4.9 and older, the timer interrupt was registered directly + * with the Ethernet MAC interrupt handler. The MAC interrupt was + * redirected to a GPIO interrupt to work around erratum ERR006687. + * This was implemented using the SOC's IOMUX block. In qemu, this GPIO + * interrupt never fired since IOMUX is currently not supported in qemu. + * Linux instead received MAC interrupts on the timer interrupt. + * As a result, qemu versions with the swapped interrupt assignment work, + * albeit accidentally, but qemu versions with the correct interrupt + * assignment fail. + * + * To ensure that all versions of Linux work, generate ENET_INT_MAC + * interrrupts on both interrupt lines. This should be changed if and when + * qemu supports IOMUX. + */ + if (s->regs[ENET_EIR] & s->regs[ENET_EIMR] & + (ENET_INT_MAC | ENET_INT_TS_TIMER)) { qemu_set_irq(s->irq[1], 1); } else { qemu_set_irq(s->irq[1], 0); diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h index ec6c509..06f8aae 100644 --- a/include/hw/arm/fsl-imx6.h +++ b/include/hw/arm/fsl-imx6.h @@ -438,8 +438,8 @@ typedef struct FslIMX6State { #define FSL_IMX6_HDMI_MASTER_IRQ 115 #define FSL_IMX6_HDMI_CEC_IRQ 116 #define FSL_IMX6_MLB150_LOW_IRQ 117 -#define FSL_IMX6_ENET_MAC_1588_IRQ 118 -#define FSL_IMX6_ENET_MAC_IRQ 119 +#define FSL_IMX6_ENET_MAC_IRQ 118 +#define FSL_IMX6_ENET_MAC_1588_IRQ 119 #define FSL_IMX6_PCIE1_IRQ 120 #define FSL_IMX6_PCIE2_IRQ 121 #define FSL_IMX6_PCIE3_IRQ 122 -- cgit v1.1 From 68cbecfdd7afbfdf9cb06a87a2a297e8a6add7d7 Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Fri, 9 Mar 2018 12:03:23 -0500 Subject: dump: Update correct kdump phys_base field for AArch64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For guest kernel that supports KASLR, the load address can change every time when guest VM runs. To find the physical base address correctly, current QEMU dump searches VMCOREINFO for the string "NUMBER(phys_base)=". However this string pattern is only available on x86_64. AArch64 uses a different field, called "NUMBER(PHYS_OFFSET)=". This patch makes sure QEMU dump uses the correct string on AArch64. Signed-off-by: Wei Huang Reviewed-by: Marc-André Lureau Message-id: 1520615003-20869-1-git-send-email-wei@redhat.com Signed-off-by: Peter Maydell --- dump.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/dump.c b/dump.c index 097e60b..6bdb0db 100644 --- a/dump.c +++ b/dump.c @@ -1609,10 +1609,18 @@ static void vmcoreinfo_update_phys_base(DumpState *s) lines = g_strsplit((char *)vmci, "\n", -1); for (i = 0; lines[i]; i++) { - if (g_str_has_prefix(lines[i], "NUMBER(phys_base)=")) { - if (qemu_strtou64(lines[i] + 18, NULL, 16, + const char *prefix = NULL; + + if (s->dump_info.d_machine == EM_X86_64) { + prefix = "NUMBER(phys_base)="; + } else if (s->dump_info.d_machine == EM_AARCH64) { + prefix = "NUMBER(PHYS_OFFSET)="; + } + + if (prefix && g_str_has_prefix(lines[i], prefix)) { + if (qemu_strtou64(lines[i] + strlen(prefix), NULL, 16, &phys_base) < 0) { - warn_report("Failed to read NUMBER(phys_base)="); + warn_report("Failed to read %s", prefix); } else { s->dump_info.phys_base = phys_base; } -- cgit v1.1 From 824e4a12f3de76d3efb3229027a04c1fd69244d5 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 15 Mar 2018 12:11:40 -0700 Subject: char: i.MX: Simplify imx_update() Code of imx_update() is slightly confusing since the "flags" variable doesn't really corespond to anything in real hardware and server as a kitchensink accumulating events normally reported via USR1 and USR2 registers. Change the code to explicitly evaluate state of interrupts reported via USR1 and USR2 against corresponding masking bits and use the to detemine if IRQ line should be asserted or not. NOTE: Check for UTS1_TXEMPTY being set has been dropped for two reasons: 1. Emulation code implements a single character FIFO, so this flag will always be set since characters are trasmitted as a part of the code emulating "push" into the FIFO 2. imx_update() is really just a function doing ORing and maksing of reported events, so checking for UTS1_TXEMPTY should happen, if it's ever really needed should probably happen outside of it. Cc: qemu-devel@nongnu.org Cc: qemu-arm@nongnu.org Cc: Bill Paul Cc: Peter Maydell Signed-off-by: Andrey Smirnov Message-id: 20180315191141.6789-1-andrew.smirnov@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/char/imx_serial.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c index 70405cc..d1e8586 100644 --- a/hw/char/imx_serial.c +++ b/hw/char/imx_serial.c @@ -56,16 +56,24 @@ static const VMStateDescription vmstate_imx_serial = { static void imx_update(IMXSerialState *s) { - uint32_t flags; + uint32_t usr1; + uint32_t usr2; + uint32_t mask; - flags = (s->usr1 & s->ucr1) & (USR1_TRDY|USR1_RRDY); - if (s->ucr1 & UCR1_TXMPTYEN) { - flags |= (s->uts1 & UTS1_TXEMPTY); - } else { - flags &= ~USR1_TRDY; - } + /* + * Lucky for us TRDY and RRDY has the same offset in both USR1 and + * UCR1, so we can get away with something as simple as the + * following: + */ + usr1 = s->usr1 & s->ucr1 & (USR1_TRDY | USR1_RRDY); + /* + * Bits that we want in USR2 are not as conveniently laid out, + * unfortunately. + */ + mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0; + usr2 = s->usr2 & mask; - qemu_set_irq(s->irq, !!flags); + qemu_set_irq(s->irq, usr1 || usr2); } static void imx_serial_reset(IMXSerialState *s) -- cgit v1.1 From 46d3fb634cb0e44c6cf0ed3a996d6996f3818c2d Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 15 Mar 2018 12:11:41 -0700 Subject: char: i.MX: Add support for "TX complete" interrupt Add support for "TX complete"/TXDC interrupt generate by real HW since it is needed to support guests other than Linux. Based on the patch by Bill Paul as found here: https://bugs.launchpad.net/qemu/+bug/1753314 Cc: qemu-devel@nongnu.org Cc: qemu-arm@nongnu.org Cc: Bill Paul Cc: Peter Maydell Signed-off-by: Bill Paul Signed-off-by: Andrey Smirnov Message-id: 20180315191141.6789-2-andrew.smirnov@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/char/imx_serial.c | 20 +++++++++++++++++--- include/hw/char/imx_serial.h | 3 +++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c index d1e8586..1e55404 100644 --- a/hw/char/imx_serial.c +++ b/hw/char/imx_serial.c @@ -37,8 +37,8 @@ static const VMStateDescription vmstate_imx_serial = { .name = TYPE_IMX_SERIAL, - .version_id = 1, - .minimum_version_id = 1, + .version_id = 2, + .minimum_version_id = 2, .fields = (VMStateField[]) { VMSTATE_INT32(readbuff, IMXSerialState), VMSTATE_UINT32(usr1, IMXSerialState), @@ -50,6 +50,7 @@ static const VMStateDescription vmstate_imx_serial = { VMSTATE_UINT32(ubmr, IMXSerialState), VMSTATE_UINT32(ubrc, IMXSerialState), VMSTATE_UINT32(ucr3, IMXSerialState), + VMSTATE_UINT32(ucr4, IMXSerialState), VMSTATE_END_OF_LIST() }, }; @@ -71,6 +72,11 @@ static void imx_update(IMXSerialState *s) * unfortunately. */ mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0; + /* + * TCEN and TXDC are both bit 3 + */ + mask |= s->ucr4 & UCR4_TCEN; + usr2 = s->usr2 & mask; qemu_set_irq(s->irq, usr1 || usr2); @@ -163,6 +169,8 @@ static uint64_t imx_serial_read(void *opaque, hwaddr offset, return s->ucr3; case 0x23: /* UCR4 */ + return s->ucr4; + case 0x29: /* BRM Incremental */ return 0x0; /* TODO */ @@ -191,8 +199,10 @@ static void imx_serial_write(void *opaque, hwaddr offset, * qemu_chr_fe_write and background I/O callbacks */ qemu_chr_fe_write_all(&s->chr, &ch, 1); s->usr1 &= ~USR1_TRDY; + s->usr2 &= ~USR2_TXDC; imx_update(s); s->usr1 |= USR1_TRDY; + s->usr2 |= USR2_TXDC; imx_update(s); } break; @@ -265,8 +275,12 @@ static void imx_serial_write(void *opaque, hwaddr offset, s->ucr3 = value & 0xffff; break; - case 0x2d: /* UTS1 */ case 0x23: /* UCR4 */ + s->ucr4 = value & 0xffff; + imx_update(s); + break; + + case 0x2d: /* UTS1 */ qemu_log_mask(LOG_UNIMP, "[%s]%s: Unimplemented reg 0x%" HWADDR_PRIx "\n", TYPE_IMX_SERIAL, __func__, offset); /* TODO */ diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h index baeec31..5b99cee 100644 --- a/include/hw/char/imx_serial.h +++ b/include/hw/char/imx_serial.h @@ -67,6 +67,8 @@ #define UCR2_RXEN (1<<1) /* Receiver enable */ #define UCR2_SRST (1<<0) /* Reset complete */ +#define UCR4_TCEN BIT(3) /* TX complete interrupt enable */ + #define UTS1_TXEMPTY (1<<6) #define UTS1_RXEMPTY (1<<5) #define UTS1_TXFULL (1<<4) @@ -95,6 +97,7 @@ typedef struct IMXSerialState { uint32_t ubmr; uint32_t ubrc; uint32_t ucr3; + uint32_t ucr4; qemu_irq irq; CharBackend chr; -- cgit v1.1 From 01e02f5aa74315f81b62872a50fe1b3e96dd00df Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:50 +0000 Subject: hw/arm/raspi: Don't do board-setup or secure-boot for raspi3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For the rpi1 and 2 we want to boot the Linux kernel via some custom setup code that makes sure that the SMC instruction acts as a no-op, because it's used for cache maintenance. The rpi3 boots AArch64 kernels, which don't need SMC for cache maintenance and always expect to be booted non-secure. Don't fill in the aarch32-specific parts of the binfo struct. Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-2-peter.maydell@linaro.org --- hw/arm/raspi.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index a378814..1ac0737 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -82,10 +82,19 @@ static void setup_boot(MachineState *machine, int version, size_t ram_size) binfo.board_id = raspi_boardid[version]; binfo.ram_size = ram_size; binfo.nb_cpus = smp_cpus; - binfo.board_setup_addr = BOARDSETUP_ADDR; - binfo.write_board_setup = write_board_setup; - binfo.secure_board_setup = true; - binfo.secure_boot = true; + + if (version <= 2) { + /* The rpi1 and 2 require some custom setup code to run in Secure + * mode before booting a kernel (to set up the SMC vectors so + * that we get a no-op SMC; this is used by Linux to call the + * firmware for some cache maintenance operations. + * The rpi3 doesn't need this. + */ + binfo.board_setup_addr = BOARDSETUP_ADDR; + binfo.write_board_setup = write_board_setup; + binfo.secure_board_setup = true; + binfo.secure_boot = true; + } /* Pi2 and Pi3 requires SMP setup */ if (version >= 2) { -- cgit v1.1 From 43118f4351c1c430aa5c32aed80dcfe0b525a1f0 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:51 +0000 Subject: hw/arm/boot: assert that secure_boot and secure_board_setup are false for AArch64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add some assertions that if we're about to boot an AArch64 kernel, the board code has not mistakenly set either secure_boot or secure_board_setup. It doesn't make sense to set secure_boot, because all AArch64 kernels must be booted in non-secure mode. It might in theory make sense to set secure_board_setup, but we don't currently support that, because only the AArch32 bootloader[] code calls this hook; bootloader_aarch64[] does not. Since we don't have a current need for this functionality, just assert that we don't try to use it. If it's needed we'll add it later. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-3-peter.maydell@linaro.org --- hw/arm/boot.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 196c7fb..e21a92f 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -720,6 +720,13 @@ static void do_cpu_reset(void *opaque) } else { env->pstate = PSTATE_MODE_EL1h; } + /* AArch64 kernels never boot in secure mode */ + assert(!info->secure_boot); + /* This hook is only supported for AArch32 currently: + * bootloader_aarch64[] will not call the hook, and + * the code above has already dropped us into EL2 or EL1. + */ + assert(!info->secure_board_setup); } /* Set to non-secure if not a secure boot */ -- cgit v1.1 From bda816f08abde5b1681b4e3ba55e42871dad96fc Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:52 +0000 Subject: hw/arm/boot: If booting a kernel in EL2, set SCR_EL3.HCE If we're directly booting a Linux kernel and the CPU supports both EL3 and EL2, we start the kernel in EL2, as it expects. We must also set the SCR_EL3.HCE bit in this situation, so that the HVC instruction is enabled rather than UNDEFing. Otherwise at least some kernels will panic when trying to initialize KVM in the guest. Signed-off-by: Peter Maydell Message-id: 20180313153458.26822-4-peter.maydell@linaro.org --- hw/arm/boot.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index e21a92f..9319b12 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -729,6 +729,11 @@ static void do_cpu_reset(void *opaque) assert(!info->secure_board_setup); } + if (arm_feature(env, ARM_FEATURE_EL2)) { + /* If we have EL2 then Linux expects the HVC insn to work */ + env->cp15.scr_el3 |= SCR_HCE; + } + /* Set to non-secure if not a secure boot */ if (!info->secure_boot && (cs != first_cpu || !info->secure_board_setup)) { -- cgit v1.1 From 3d260cf3c6375c641106c71dd6cf9b638b73847b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:53 +0000 Subject: hw/arm/bcm2386: Fix parent type of bcm2386 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The TypeInfo and state struct for bcm2386 disagree about what the parent class is -- the TypeInfo says it's TYPE_SYS_BUS_DEVICE, but the BCM2386State struct only defines the parent_obj field as DeviceState. This would have caused problems if anything actually tried to treat the object as a TYPE_SYS_BUS_DEVICE. Fix the TypeInfo to use TYPE_DEVICE as the parent, since we don't need any of the additional functionality TYPE_SYS_BUS_DEVICE provides. Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-5-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 40e8b25..9266f27 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -165,7 +165,7 @@ static void bcm2836_class_init(ObjectClass *oc, void *data) static const TypeInfo bcm2836_type_info = { .name = TYPE_BCM2836, - .parent = TYPE_SYS_BUS_DEVICE, + .parent = TYPE_DEVICE, .instance_size = sizeof(BCM2836State), .instance_init = bcm2836_init, .class_init = bcm2836_class_init, -- cgit v1.1 From 926dcdf073a2f9cf8f8d4d71b35110544dae2b40 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:54 +0000 Subject: hw/arm/bcm2836: Rename bcm2836 type/struct to bcm283x MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Our BCM2836 type is really a generic one that can be any of the bcm283x family. Rename it accordingly. We change only the names which are visible via the header file to the rest of the QEMU code, leaving private function names in bcm2836.c as they are. This is a preliminary to making bcm283x be an abstract parent class to specific types for the bcm2836 and bcm2837. Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-6-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 17 +++++++++-------- hw/arm/raspi.c | 16 ++++++++-------- include/hw/arm/bcm2836.h | 12 ++++++------ 3 files changed, 23 insertions(+), 22 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 9266f27..1d19086 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -25,7 +25,7 @@ static void bcm2836_init(Object *obj) { - BCM2836State *s = BCM2836(obj); + BCM283XState *s = BCM283X(obj); object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL); object_property_add_child(obj, "control", OBJECT(&s->control), NULL); @@ -44,7 +44,7 @@ static void bcm2836_init(Object *obj) static void bcm2836_realize(DeviceState *dev, Error **errp) { - BCM2836State *s = BCM2836(dev); + BCM283XState *s = BCM283X(dev); Object *obj; Error *err = NULL; int n; @@ -52,7 +52,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) /* common peripherals from bcm2835 */ obj = OBJECT(dev); - for (n = 0; n < BCM2836_NCPUS; n++) { + for (n = 0; n < BCM283X_NCPUS; n++) { object_initialize(&s->cpus[n], sizeof(s->cpus[n]), s->cpu_type); object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]), @@ -102,7 +102,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) sysbus_connect_irq(SYS_BUS_DEVICE(&s->peripherals), 1, qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-fiq", 0)); - for (n = 0; n < BCM2836_NCPUS; n++) { + for (n = 0; n < BCM283X_NCPUS; n++) { /* Mirror bcm2836, which has clusterid set to 0xf * TODO: this should be converted to a property of ARM_CPU */ @@ -150,8 +150,9 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) } static Property bcm2836_props[] = { - DEFINE_PROP_STRING("cpu-type", BCM2836State, cpu_type), - DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, BCM2836_NCPUS), + DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type), + DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus, + BCM283X_NCPUS), DEFINE_PROP_END_OF_LIST() }; @@ -164,9 +165,9 @@ static void bcm2836_class_init(ObjectClass *oc, void *data) } static const TypeInfo bcm2836_type_info = { - .name = TYPE_BCM2836, + .name = TYPE_BCM283X, .parent = TYPE_DEVICE, - .instance_size = sizeof(BCM2836State), + .instance_size = sizeof(BCM283XState), .instance_init = bcm2836_init, .class_init = bcm2836_class_init, }; diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 1ac0737..58c6e80 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -32,7 +32,7 @@ static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44}; typedef struct RasPiState { - BCM2836State soc; + BCM283XState soc; MemoryRegion ram; } RasPiState; @@ -136,7 +136,7 @@ static void raspi_init(MachineState *machine, int version) BusState *bus; DeviceState *carddev; - object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM2836); + object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM283X); object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), &error_abort); @@ -189,9 +189,9 @@ static void raspi2_machine_init(MachineClass *mc) mc->no_floppy = 1; mc->no_cdrom = 1; mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"); - mc->max_cpus = BCM2836_NCPUS; - mc->min_cpus = BCM2836_NCPUS; - mc->default_cpus = BCM2836_NCPUS; + mc->max_cpus = BCM283X_NCPUS; + mc->min_cpus = BCM283X_NCPUS; + mc->default_cpus = BCM283X_NCPUS; mc->default_ram_size = 1024 * 1024 * 1024; mc->ignore_memory_transaction_failures = true; }; @@ -212,9 +212,9 @@ static void raspi3_machine_init(MachineClass *mc) mc->no_floppy = 1; mc->no_cdrom = 1; mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53"); - mc->max_cpus = BCM2836_NCPUS; - mc->min_cpus = BCM2836_NCPUS; - mc->default_cpus = BCM2836_NCPUS; + mc->max_cpus = BCM283X_NCPUS; + mc->min_cpus = BCM283X_NCPUS; + mc->default_cpus = BCM283X_NCPUS; mc->default_ram_size = 1024 * 1024 * 1024; } DEFINE_MACHINE("raspi3", raspi3_machine_init) diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h index 4758b4a..9a10a76 100644 --- a/include/hw/arm/bcm2836.h +++ b/include/hw/arm/bcm2836.h @@ -15,12 +15,12 @@ #include "hw/arm/bcm2835_peripherals.h" #include "hw/intc/bcm2836_control.h" -#define TYPE_BCM2836 "bcm2836" -#define BCM2836(obj) OBJECT_CHECK(BCM2836State, (obj), TYPE_BCM2836) +#define TYPE_BCM283X "bcm283x" +#define BCM283X(obj) OBJECT_CHECK(BCM283XState, (obj), TYPE_BCM283X) -#define BCM2836_NCPUS 4 +#define BCM283X_NCPUS 4 -typedef struct BCM2836State { +typedef struct BCM283XState { /*< private >*/ DeviceState parent_obj; /*< public >*/ @@ -28,9 +28,9 @@ typedef struct BCM2836State { char *cpu_type; uint32_t enabled_cpus; - ARMCPU cpus[BCM2836_NCPUS]; + ARMCPU cpus[BCM283X_NCPUS]; BCM2836ControlState control; BCM2835PeripheralState peripherals; -} BCM2836State; +} BCM283XState; #endif /* BCM2836_H */ -- cgit v1.1 From 0fd74f03ed7e8c95279a9af2b684dd65713ca03f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:55 +0000 Subject: hw/arm/bcm2836: Create proper bcm2837 device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The bcm2837 is pretty similar to the bcm2836, but it does have some differences. Notably, the MPIDR affinity aff1 values it sets for the CPUs are 0x0, rather than the 0xf that the bcm2836 uses, and if this is wrong Linux will not boot. Rather than trying to have one device with properties that configure it differently for the two cases, create two separate QOM devices for the two SoCs. We use the same approach as hw/arm/aspeed_soc.c and share code and have a data table that might differ per-SoC. For the moment the two types don't actually have different behaviour. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-7-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 37 ++++++++++++++++++++++++++++++++----- hw/arm/raspi.c | 3 ++- include/hw/arm/bcm2836.h | 19 +++++++++++++++++++ 3 files changed, 53 insertions(+), 6 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 1d19086..07d2705 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -23,6 +23,19 @@ /* "QA7" (Pi2) interrupt controller and mailboxes etc. */ #define BCM2836_CONTROL_BASE 0x40000000 +struct BCM283XInfo { + const char *name; +}; + +static const BCM283XInfo bcm283x_socs[] = { + { + .name = TYPE_BCM2836, + }, + { + .name = TYPE_BCM2837, + }, +}; + static void bcm2836_init(Object *obj) { BCM283XState *s = BCM283X(obj); @@ -156,25 +169,39 @@ static Property bcm2836_props[] = { DEFINE_PROP_END_OF_LIST() }; -static void bcm2836_class_init(ObjectClass *oc, void *data) +static void bcm283x_class_init(ObjectClass *oc, void *data) { DeviceClass *dc = DEVICE_CLASS(oc); + BCM283XClass *bc = BCM283X_CLASS(oc); - dc->props = bcm2836_props; + bc->info = data; dc->realize = bcm2836_realize; + dc->props = bcm2836_props; } -static const TypeInfo bcm2836_type_info = { +static const TypeInfo bcm283x_type_info = { .name = TYPE_BCM283X, .parent = TYPE_DEVICE, .instance_size = sizeof(BCM283XState), .instance_init = bcm2836_init, - .class_init = bcm2836_class_init, + .class_size = sizeof(BCM283XClass), + .abstract = true, }; static void bcm2836_register_types(void) { - type_register_static(&bcm2836_type_info); + int i; + + type_register_static(&bcm283x_type_info); + for (i = 0; i < ARRAY_SIZE(bcm283x_socs); i++) { + TypeInfo ti = { + .name = bcm283x_socs[i].name, + .parent = TYPE_BCM283X, + .class_init = bcm283x_class_init, + .class_data = (void *) &bcm283x_socs[i], + }; + type_register(&ti); + } } type_init(bcm2836_register_types) diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 58c6e80..f588720 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -136,7 +136,8 @@ static void raspi_init(MachineState *machine, int version) BusState *bus; DeviceState *carddev; - object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM283X); + object_initialize(&s->soc, sizeof(s->soc), + version == 3 ? TYPE_BCM2837 : TYPE_BCM2836); object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), &error_abort); diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h index 9a10a76..9324839 100644 --- a/include/hw/arm/bcm2836.h +++ b/include/hw/arm/bcm2836.h @@ -20,6 +20,13 @@ #define BCM283X_NCPUS 4 +/* These type names are for specific SoCs; other than instantiating + * them, code using these devices should always handle them via the + * BCM283x base class, so they have no BCM2836(obj) etc macros. + */ +#define TYPE_BCM2836 "bcm2836" +#define TYPE_BCM2837 "bcm2837" + typedef struct BCM283XState { /*< private >*/ DeviceState parent_obj; @@ -33,4 +40,16 @@ typedef struct BCM283XState { BCM2835PeripheralState peripherals; } BCM283XState; +typedef struct BCM283XInfo BCM283XInfo; + +typedef struct BCM283XClass { + DeviceClass parent_class; + const BCM283XInfo *info; +} BCM283XClass; + +#define BCM283X_CLASS(klass) \ + OBJECT_CLASS_CHECK(BCM283XClass, (klass), TYPE_BCM283X) +#define BCM283X_GET_CLASS(obj) \ + OBJECT_GET_CLASS(BCM283XClass, (obj), TYPE_BCM283X) + #endif /* BCM2836_H */ -- cgit v1.1 From 1bcb4d16bb0b4ad2fdde8802ccd0598cdf020fc7 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:56 +0000 Subject: hw/arm/bcm2836: Use correct affinity values for BCM2837 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The BCM2837 sets the Aff1 field of the MPIDR affinity values for the CPUs to 0, whereas the BCM2836 uses 0xf. Set this correctly, as it is required for Linux to boot. Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-8-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 07d2705..d775a33 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -25,14 +25,17 @@ struct BCM283XInfo { const char *name; + int clusterid; }; static const BCM283XInfo bcm283x_socs[] = { { .name = TYPE_BCM2836, + .clusterid = 0xf, }, { .name = TYPE_BCM2837, + .clusterid = 0x0, }, }; @@ -58,6 +61,8 @@ static void bcm2836_init(Object *obj) static void bcm2836_realize(DeviceState *dev, Error **errp) { BCM283XState *s = BCM283X(dev); + BCM283XClass *bc = BCM283X_GET_CLASS(dev); + const BCM283XInfo *info = bc->info; Object *obj; Error *err = NULL; int n; @@ -116,10 +121,8 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-fiq", 0)); for (n = 0; n < BCM283X_NCPUS; n++) { - /* Mirror bcm2836, which has clusterid set to 0xf - * TODO: this should be converted to a property of ARM_CPU - */ - s->cpus[n].mp_affinity = 0xF00 | n; + /* TODO: this should be converted to a property of ARM_CPU */ + s->cpus[n].mp_affinity = (info->clusterid << 8) | n; /* set periphbase/CBAR value for CPU-local registers */ object_property_set_int(OBJECT(&s->cpus[n]), -- cgit v1.1 From 210f47840dd62dcdb6ee87b2c6062f322f7e0363 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:57 +0000 Subject: hw/arm/bcm2836: Hardcode correct CPU type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now we have separate types for BCM2386 and BCM2387, we might as well just hard-code the CPU type they use rather than having it passed through as an object property. This then lets us put the initialization of the CPU object in init rather than realize. Note that this change means that it's no longer possible on the command line to use -cpu to ask for a different kind of CPU than the SoC supports. This was never a supported thing to do anyway; we were just not sanity-checking the command line. This does require us to only build the bcm2837 object on TARGET_AARCH64 configs, since otherwise it won't instantiate due to the missing cortex-a53 device and "make check" will fail. Signed-off-by: Peter Maydell Reviewed-by: Andrew Baumann Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-9-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 24 +++++++++++++++--------- hw/arm/raspi.c | 2 -- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index d775a33..3e7e8ca 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -25,23 +25,38 @@ struct BCM283XInfo { const char *name; + const char *cpu_type; int clusterid; }; static const BCM283XInfo bcm283x_socs[] = { { .name = TYPE_BCM2836, + .cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"), .clusterid = 0xf, }, +#ifdef TARGET_AARCH64 { .name = TYPE_BCM2837, + .cpu_type = ARM_CPU_TYPE_NAME("cortex-a53"), .clusterid = 0x0, }, +#endif }; static void bcm2836_init(Object *obj) { BCM283XState *s = BCM283X(obj); + BCM283XClass *bc = BCM283X_GET_CLASS(obj); + const BCM283XInfo *info = bc->info; + int n; + + for (n = 0; n < BCM283X_NCPUS; n++) { + object_initialize(&s->cpus[n], sizeof(s->cpus[n]), + info->cpu_type); + object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]), + &error_abort); + } object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL); object_property_add_child(obj, "control", OBJECT(&s->control), NULL); @@ -69,14 +84,6 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) /* common peripherals from bcm2835 */ - obj = OBJECT(dev); - for (n = 0; n < BCM283X_NCPUS; n++) { - object_initialize(&s->cpus[n], sizeof(s->cpus[n]), - s->cpu_type); - object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]), - &error_abort); - } - obj = object_property_get_link(OBJECT(dev), "ram", &err); if (obj == NULL) { error_setg(errp, "%s: required ram link not found: %s", @@ -166,7 +173,6 @@ static void bcm2836_realize(DeviceState *dev, Error **errp) } static Property bcm2836_props[] = { - DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type), DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus, BCM283X_NCPUS), DEFINE_PROP_END_OF_LIST() diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index f588720..ae15997 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -150,8 +150,6 @@ static void raspi_init(MachineState *machine, int version) /* Setup the SOC */ object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram), &error_abort); - object_property_set_str(OBJECT(&s->soc), machine->cpu_type, "cpu-type", - &error_abort); object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus", &error_abort); int board_rev = version == 3 ? 0xa02082 : 0xa21041; -- cgit v1.1 From ff72cb6b46b95bb530787add5277c211af3d31c6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 Mar 2018 15:34:58 +0000 Subject: hw/arm/raspi: Provide spin-loop code for AArch64 CPUs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The raspi3 has AArch64 CPUs, which means that our smpboot code for keeping the secondary CPUs in a pen needs to have a version for A64 as well as A32. Without this, the secondary CPUs go into an infinite loop of taking undefined instruction exceptions. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180313153458.26822-10-peter.maydell@linaro.org --- hw/arm/raspi.c | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index ae15997..06f1e08 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -27,6 +27,7 @@ #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */ #define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */ #define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */ +#define SPINTABLE_ADDR 0xd8 /* Pi 3 bootloader spintable */ /* Table of Linux board IDs for different Pi versions */ static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44}; @@ -63,6 +64,40 @@ static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info) info->smp_loader_start); } +static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info) +{ + /* Unlike the AArch32 version we don't need to call the board setup hook. + * The mechanism for doing the spin-table is also entirely different. + * We must have four 64-bit fields at absolute addresses + * 0xd8, 0xe0, 0xe8, 0xf0 in RAM, which are the flag variables for + * our CPUs, and which we must ensure are zero initialized before + * the primary CPU goes into the kernel. We put these variables inside + * a rom blob, so that the reset for ROM contents zeroes them for us. + */ + static const uint32_t smpboot[] = { + 0xd2801b05, /* mov x5, 0xd8 */ + 0xd53800a6, /* mrs x6, mpidr_el1 */ + 0x924004c6, /* and x6, x6, #0x3 */ + 0xd503205f, /* spin: wfe */ + 0xf86678a4, /* ldr x4, [x5,x6,lsl #3] */ + 0xb4ffffc4, /* cbz x4, spin */ + 0xd2800000, /* mov x0, #0x0 */ + 0xd2800001, /* mov x1, #0x0 */ + 0xd2800002, /* mov x2, #0x0 */ + 0xd2800003, /* mov x3, #0x0 */ + 0xd61f0080, /* br x4 */ + }; + + static const uint64_t spintables[] = { + 0, 0, 0, 0 + }; + + rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot), + info->smp_loader_start); + rom_add_blob_fixed("raspi_spintables", spintables, sizeof(spintables), + SPINTABLE_ADDR); +} + static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info) { arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR); @@ -99,7 +134,11 @@ static void setup_boot(MachineState *machine, int version, size_t ram_size) /* Pi2 and Pi3 requires SMP setup */ if (version >= 2) { binfo.smp_loader_start = SMPBOOT_ADDR; - binfo.write_secondary_boot = write_smpboot; + if (version == 2) { + binfo.write_secondary_boot = write_smpboot; + } else { + binfo.write_secondary_boot = write_smpboot64; + } binfo.secondary_cpu_reset_hook = reset_secondary; } -- cgit v1.1