From 29ecf2de024b386acc72b53b9eb0c3559883d1b6 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 12 Oct 2023 09:34:58 +0200 Subject: hw/arm: Move raspberrypi-fw-defs.h to the include/hw/arm/ folder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file is obviously related to the raspberrypi machine, so it should reside in hw/arm/ instead of hw/misc/. And while we're at it, also adjust the wildcard in MAINTAINERS so that it covers this file, too. Signed-off-by: Thomas Huth Reviewed-by: Alex Bennée Acked-by: Philippe Mathieu-Daudé Message-id: 20231012073458.860187-1-thuth@redhat.com Signed-off-by: Peter Maydell --- hw/misc/bcm2835_property.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 4ed9faa..ff55a4e 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -12,7 +12,7 @@ #include "migration/vmstate.h" #include "hw/irq.h" #include "hw/misc/bcm2835_mbox_defs.h" -#include "hw/misc/raspberrypi-fw-defs.h" +#include "hw/arm/raspberrypi-fw-defs.h" #include "sysemu/dma.h" #include "qemu/log.h" #include "qemu/module.h" -- cgit v1.1 From 213bf5c1613e924f905f2cf9499dcf909db54e3e Mon Sep 17 00:00:00 2001 From: Tong Ho Date: Mon, 2 Oct 2023 22:23:45 -0700 Subject: xlnx-bbram: hw/nvram: Remove deprecated device reset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change implements the ResettableClass interface for the device. Signed-off-by: Tong Ho Reviewed-by: Philippe Mathieu-Daudé Message-id: 20231003052345.199725-1-tong.ho@amd.com Signed-off-by: Peter Maydell --- hw/nvram/xlnx-bbram.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/nvram/xlnx-bbram.c b/hw/nvram/xlnx-bbram.c index c6b484c..e18e777 100644 --- a/hw/nvram/xlnx-bbram.c +++ b/hw/nvram/xlnx-bbram.c @@ -2,6 +2,7 @@ * QEMU model of the Xilinx BBRAM Battery Backed RAM * * Copyright (c) 2014-2021 Xilinx Inc. + * Copyright (c) 2023 Advanced Micro Devices, Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -416,9 +417,9 @@ static RegisterAccessInfo bbram_ctrl_regs_info[] = { } }; -static void bbram_ctrl_reset(DeviceState *dev) +static void bbram_ctrl_reset_hold(Object *obj) { - XlnxBBRam *s = XLNX_BBRAM(dev); + XlnxBBRam *s = XLNX_BBRAM(obj); unsigned int i; for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) { @@ -522,8 +523,9 @@ static Property bbram_ctrl_props[] = { static void bbram_ctrl_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); + ResettableClass *rc = RESETTABLE_CLASS(klass); - dc->reset = bbram_ctrl_reset; + rc->phases.hold = bbram_ctrl_reset_hold; dc->realize = bbram_ctrl_realize; dc->vmsd = &vmstate_bbram_ctrl; device_class_set_props(dc, bbram_ctrl_props); -- cgit v1.1 From 7667b51524c58c73f4fa3ed891bfdfeb870d05be Mon Sep 17 00:00:00 2001 From: Tong Ho Date: Tue, 3 Oct 2023 22:57:13 -0700 Subject: xlnx-zynqmp-efuse: hw/nvram: Remove deprecated device reset This change implements the ResettableClass interface for the device. Signed-off-by: Tong Ho Reviewed-by: Francisco Iglesias Message-id: 20231004055713.324009-1-tong.ho@amd.com Signed-off-by: Peter Maydell --- hw/nvram/xlnx-zynqmp-efuse.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/nvram/xlnx-zynqmp-efuse.c b/hw/nvram/xlnx-zynqmp-efuse.c index 228ba0b..3db5f98 100644 --- a/hw/nvram/xlnx-zynqmp-efuse.c +++ b/hw/nvram/xlnx-zynqmp-efuse.c @@ -2,6 +2,7 @@ * QEMU model of the ZynqMP eFuse * * Copyright (c) 2015 Xilinx Inc. + * Copyright (c) 2023 Advanced Micro Devices, Inc. * * Written by Edgar E. Iglesias * @@ -769,9 +770,9 @@ static void zynqmp_efuse_register_reset(RegisterInfo *reg) register_reset(reg); } -static void zynqmp_efuse_reset(DeviceState *dev) +static void zynqmp_efuse_reset_hold(Object *obj) { - XlnxZynqMPEFuse *s = XLNX_ZYNQMP_EFUSE(dev); + XlnxZynqMPEFuse *s = XLNX_ZYNQMP_EFUSE(obj); unsigned int i; for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) { @@ -837,8 +838,9 @@ static Property zynqmp_efuse_props[] = { static void zynqmp_efuse_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); + ResettableClass *rc = RESETTABLE_CLASS(klass); - dc->reset = zynqmp_efuse_reset; + rc->phases.hold = zynqmp_efuse_reset_hold; dc->realize = zynqmp_efuse_realize; dc->vmsd = &vmstate_efuse; device_class_set_props(dc, zynqmp_efuse_props); -- cgit v1.1 From 51244b5911483d12a4cde26b1facd19c8600751d Mon Sep 17 00:00:00 2001 From: Tong Ho Date: Tue, 3 Oct 2023 22:53:39 -0700 Subject: xlnx-versal-efuse: hw/nvram: Remove deprecated device reset This change implements the ResettableClass interface for the device. Signed-off-by: Tong Ho Reviewed-by: Francisco Iglesias Message-id: 20231004055339.323833-1-tong.ho@amd.com Signed-off-by: Peter Maydell --- hw/nvram/xlnx-versal-efuse-ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/nvram/xlnx-versal-efuse-ctrl.c b/hw/nvram/xlnx-versal-efuse-ctrl.c index b35ba65..beb5661 100644 --- a/hw/nvram/xlnx-versal-efuse-ctrl.c +++ b/hw/nvram/xlnx-versal-efuse-ctrl.c @@ -2,6 +2,7 @@ * QEMU model of the Versal eFuse controller * * Copyright (c) 2020 Xilinx Inc. + * Copyright (c) 2023 Advanced Micro Devices, Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -657,9 +658,9 @@ static void efuse_ctrl_register_reset(RegisterInfo *reg) register_reset(reg); } -static void efuse_ctrl_reset(DeviceState *dev) +static void efuse_ctrl_reset_hold(Object *obj) { - XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev); + XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj); unsigned int i; for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) { @@ -749,8 +750,9 @@ static Property efuse_ctrl_props[] = { static void efuse_ctrl_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); + ResettableClass *rc = RESETTABLE_CLASS(klass); - dc->reset = efuse_ctrl_reset; + rc->phases.hold = efuse_ctrl_reset_hold; dc->realize = efuse_ctrl_realize; dc->vmsd = &vmstate_efuse_ctrl; device_class_set_props(dc, efuse_ctrl_props); -- cgit v1.1 From 9036e917f8357f4e5965ebfecdab5964d40e6a40 Mon Sep 17 00:00:00 2001 From: Leif Lindholm Date: Tue, 19 Sep 2023 10:02:27 +0100 Subject: {include/}hw/arm: refactor virt PPI logic GIC Private Peripheral Interrupts (PPI) are defined as GIC INTID 16-31. As in, PPI0 is INTID16 .. PPI15 is INTID31. Arm's Base System Architecture specification (BSA) lists the mandated and recommended private interrupt IDs by INTID, not by PPI index. But current definitions in virt define them by PPI index, complicating cross referencing. Meanwhile, the PPI(x) macro counterintuitively adds 16 to the input value, converting a PPI index to an INTID. Resolve this by redefining the BSA-allocated PPIs by their INTIDs, and replacing the PPI(x) macro with an INTID_TO_PPI(x) one where required. Signed-off-by: Leif Lindholm Message-id: 20230919090229.188092-2-quic_llindhol@quicinc.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/virt-acpi-build.c | 12 ++++++------ hw/arm/virt.c | 24 ++++++++++++++---------- 2 files changed, 20 insertions(+), 16 deletions(-) (limited to 'hw') diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index 6b67423..9ce136c 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -601,21 +601,21 @@ build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms) * The interrupt values are the same with the device tree when adding 16 */ /* Secure EL1 timer GSIV */ - build_append_int_noprefix(table_data, ARCH_TIMER_S_EL1_IRQ + 16, 4); + build_append_int_noprefix(table_data, ARCH_TIMER_S_EL1_IRQ, 4); /* Secure EL1 timer Flags */ build_append_int_noprefix(table_data, irqflags, 4); /* Non-Secure EL1 timer GSIV */ - build_append_int_noprefix(table_data, ARCH_TIMER_NS_EL1_IRQ + 16, 4); + build_append_int_noprefix(table_data, ARCH_TIMER_NS_EL1_IRQ, 4); /* Non-Secure EL1 timer Flags */ build_append_int_noprefix(table_data, irqflags | 1UL << 2, /* Always-on Capability */ 4); /* Virtual timer GSIV */ - build_append_int_noprefix(table_data, ARCH_TIMER_VIRT_IRQ + 16, 4); + build_append_int_noprefix(table_data, ARCH_TIMER_VIRT_IRQ, 4); /* Virtual Timer Flags */ build_append_int_noprefix(table_data, irqflags, 4); /* Non-Secure EL2 timer GSIV */ - build_append_int_noprefix(table_data, ARCH_TIMER_NS_EL2_IRQ + 16, 4); + build_append_int_noprefix(table_data, ARCH_TIMER_NS_EL2_IRQ, 4); /* Non-Secure EL2 timer Flags */ build_append_int_noprefix(table_data, irqflags, 4); /* CntReadBase Physical address */ @@ -729,9 +729,9 @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms) for (i = 0; i < MACHINE(vms)->smp.cpus; i++) { ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i)); uint64_t physical_base_address = 0, gich = 0, gicv = 0; - uint32_t vgic_interrupt = vms->virt ? PPI(ARCH_GIC_MAINT_IRQ) : 0; + uint32_t vgic_interrupt = vms->virt ? ARCH_GIC_MAINT_IRQ : 0; uint32_t pmu_interrupt = arm_feature(&armcpu->env, ARM_FEATURE_PMU) ? - PPI(VIRTUAL_PMU_IRQ) : 0; + VIRTUAL_PMU_IRQ : 0; if (vms->gic_version == VIRT_GIC_VERSION_2) { physical_base_address = memmap[VIRT_GIC_CPU].base; diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 15e7424..ebc9f3f 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -366,10 +366,14 @@ static void fdt_add_timer_nodes(const VirtMachineState *vms) } qemu_fdt_setprop(ms->fdt, "/timer", "always-on", NULL, 0); qemu_fdt_setprop_cells(ms->fdt, "/timer", "interrupts", - GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_S_EL1_IRQ, irqflags, - GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL1_IRQ, irqflags, - GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_VIRT_IRQ, irqflags, - GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL2_IRQ, irqflags); + GIC_FDT_IRQ_TYPE_PPI, + INTID_TO_PPI(ARCH_TIMER_S_EL1_IRQ), irqflags, + GIC_FDT_IRQ_TYPE_PPI, + INTID_TO_PPI(ARCH_TIMER_NS_EL1_IRQ), irqflags, + GIC_FDT_IRQ_TYPE_PPI, + INTID_TO_PPI(ARCH_TIMER_VIRT_IRQ), irqflags, + GIC_FDT_IRQ_TYPE_PPI, + INTID_TO_PPI(ARCH_TIMER_NS_EL2_IRQ), irqflags); } static void fdt_add_cpu_nodes(const VirtMachineState *vms) @@ -800,7 +804,7 @@ static void create_gic(VirtMachineState *vms, MemoryRegion *mem) */ for (i = 0; i < smp_cpus; i++) { DeviceState *cpudev = DEVICE(qemu_get_cpu(i)); - int ppibase = NUM_IRQS + i * GIC_INTERNAL + GIC_NR_SGIS; + int intidbase = NUM_IRQS + i * GIC_INTERNAL; /* Mapping from the output timer irq lines from the CPU to the * GIC PPI inputs we use for the virt board. */ @@ -814,22 +818,22 @@ static void create_gic(VirtMachineState *vms, MemoryRegion *mem) for (unsigned irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) { qdev_connect_gpio_out(cpudev, irq, qdev_get_gpio_in(vms->gic, - ppibase + timer_irq[irq])); + intidbase + timer_irq[irq])); } if (vms->gic_version != VIRT_GIC_VERSION_2) { qemu_irq irq = qdev_get_gpio_in(vms->gic, - ppibase + ARCH_GIC_MAINT_IRQ); + intidbase + ARCH_GIC_MAINT_IRQ); qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0, irq); } else if (vms->virt) { qemu_irq irq = qdev_get_gpio_in(vms->gic, - ppibase + ARCH_GIC_MAINT_IRQ); + intidbase + ARCH_GIC_MAINT_IRQ); sysbus_connect_irq(gicbusdev, i + 4 * smp_cpus, irq); } qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0, - qdev_get_gpio_in(vms->gic, ppibase + qdev_get_gpio_in(vms->gic, intidbase + VIRTUAL_PMU_IRQ)); sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ)); @@ -1989,7 +1993,7 @@ static void virt_cpu_post_init(VirtMachineState *vms, MemoryRegion *sysmem) if (pmu) { assert(arm_feature(&ARM_CPU(cpu)->env, ARM_FEATURE_PMU)); if (kvm_irqchip_in_kernel()) { - kvm_arm_pmu_set_irq(cpu, PPI(VIRTUAL_PMU_IRQ)); + kvm_arm_pmu_set_irq(cpu, VIRTUAL_PMU_IRQ); } kvm_arm_pmu_init(cpu); } -- cgit v1.1 From d40ab068c07d924af5001ba4670651696ec9664e Mon Sep 17 00:00:00 2001 From: Leif Lindholm Date: Tue, 19 Sep 2023 10:02:29 +0100 Subject: hw/arm/sbsa-ref: use bsa.h for PPI definitions Use the private peripheral interrupt definitions from bsa.h instead of defining them locally. Refactor to use the INTIDs defined there instead of the PPI# used previously. Signed-off-by: Leif Lindholm Message-id: 20230919090229.188092-4-quic_llindhol@quicinc.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/sbsa-ref.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'hw') diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 3c7dfcd..e8a8261 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -2,6 +2,7 @@ * ARM SBSA Reference Platform emulation * * Copyright (c) 2018 Linaro Limited + * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. * Written by Hongbo Zhang * * This program is free software; you can redistribute it and/or modify it @@ -30,6 +31,7 @@ #include "exec/hwaddr.h" #include "kvm_arm.h" #include "hw/arm/boot.h" +#include "hw/arm/bsa.h" #include "hw/arm/fdt.h" #include "hw/arm/smmuv3.h" #include "hw/block/flash.h" @@ -55,14 +57,6 @@ #define NUM_SMMU_IRQS 4 #define NUM_SATA_PORTS 6 -#define VIRTUAL_PMU_IRQ 7 -#define ARCH_GIC_MAINT_IRQ 9 -#define ARCH_TIMER_VIRT_IRQ 11 -#define ARCH_TIMER_S_EL1_IRQ 13 -#define ARCH_TIMER_NS_EL1_IRQ 14 -#define ARCH_TIMER_NS_EL2_IRQ 10 -#define ARCH_TIMER_NS_EL2_VIRT_IRQ 12 - enum { SBSA_FLASH, SBSA_MEM, @@ -479,7 +473,7 @@ static void create_gic(SBSAMachineState *sms, MemoryRegion *mem) */ for (i = 0; i < smp_cpus; i++) { DeviceState *cpudev = DEVICE(qemu_get_cpu(i)); - int ppibase = NUM_IRQS + i * GIC_INTERNAL + GIC_NR_SGIS; + int intidbase = NUM_IRQS + i * GIC_INTERNAL; int irq; /* * Mapping from the output timer irq lines from the CPU to the @@ -496,14 +490,17 @@ static void create_gic(SBSAMachineState *sms, MemoryRegion *mem) for (irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) { qdev_connect_gpio_out(cpudev, irq, qdev_get_gpio_in(sms->gic, - ppibase + timer_irq[irq])); + intidbase + timer_irq[irq])); } qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0, - qdev_get_gpio_in(sms->gic, ppibase + qdev_get_gpio_in(sms->gic, + intidbase + ARCH_GIC_MAINT_IRQ)); + qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0, - qdev_get_gpio_in(sms->gic, ppibase + qdev_get_gpio_in(sms->gic, + intidbase + VIRTUAL_PMU_IRQ)); sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ)); -- cgit v1.1 From cbaf9404f031a39342dee4d3183488a763f149e4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2023 15:57:03 +0100 Subject: hw/arm/smmuv3: Update ID register bit field definitions Update the SMMUv3 ID register bit field definitions to the set in the most recent specification (IHI0700 F.a). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Mostafa Saleh Reviewed-by: Eric Auger Message-id: 20230914145705.1648377-2-peter.maydell@linaro.org --- hw/arm/smmuv3-internal.h | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'hw') diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index 648c2e3..6076025 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -38,33 +38,71 @@ REG32(IDR0, 0x0) FIELD(IDR0, S1P, 1 , 1) FIELD(IDR0, TTF, 2 , 2) FIELD(IDR0, COHACC, 4 , 1) + FIELD(IDR0, BTM, 5 , 1) + FIELD(IDR0, HTTU, 6 , 2) + FIELD(IDR0, DORMHINT, 8 , 1) + FIELD(IDR0, HYP, 9 , 1) + FIELD(IDR0, ATS, 10, 1) + FIELD(IDR0, NS1ATS, 11, 1) FIELD(IDR0, ASID16, 12, 1) + FIELD(IDR0, MSI, 13, 1) + FIELD(IDR0, SEV, 14, 1) + FIELD(IDR0, ATOS, 15, 1) + FIELD(IDR0, PRI, 16, 1) + FIELD(IDR0, VMW, 17, 1) FIELD(IDR0, VMID16, 18, 1) + FIELD(IDR0, CD2L, 19, 1) + FIELD(IDR0, VATOS, 20, 1) FIELD(IDR0, TTENDIAN, 21, 2) + FIELD(IDR0, ATSRECERR, 23, 1) FIELD(IDR0, STALL_MODEL, 24, 2) FIELD(IDR0, TERM_MODEL, 26, 1) FIELD(IDR0, STLEVEL, 27, 2) + FIELD(IDR0, RME_IMPL, 30, 1) REG32(IDR1, 0x4) FIELD(IDR1, SIDSIZE, 0 , 6) + FIELD(IDR1, SSIDSIZE, 6 , 5) + FIELD(IDR1, PRIQS, 11, 5) FIELD(IDR1, EVENTQS, 16, 5) FIELD(IDR1, CMDQS, 21, 5) + FIELD(IDR1, ATTR_PERMS_OVR, 26, 1) + FIELD(IDR1, ATTR_TYPES_OVR, 27, 1) + FIELD(IDR1, REL, 28, 1) + FIELD(IDR1, QUEUES_PRESET, 29, 1) + FIELD(IDR1, TABLES_PRESET, 30, 1) + FIELD(IDR1, ECMDQ, 31, 1) #define SMMU_IDR1_SIDSIZE 16 #define SMMU_CMDQS 19 #define SMMU_EVENTQS 19 REG32(IDR2, 0x8) + FIELD(IDR2, BA_VATOS, 0, 10) + REG32(IDR3, 0xc) FIELD(IDR3, HAD, 2, 1); + FIELD(IDR3, PBHA, 3, 1); + FIELD(IDR3, XNX, 4, 1); + FIELD(IDR3, PPS, 5, 1); + FIELD(IDR3, MPAM, 7, 1); + FIELD(IDR3, FWB, 8, 1); + FIELD(IDR3, STT, 9, 1); FIELD(IDR3, RIL, 10, 1); FIELD(IDR3, BBML, 11, 2); + FIELD(IDR3, E0PD, 13, 1); + FIELD(IDR3, PTWNNC, 14, 1); + FIELD(IDR3, DPT, 15, 1); + REG32(IDR4, 0x10) + REG32(IDR5, 0x14) FIELD(IDR5, OAS, 0, 3); FIELD(IDR5, GRAN4K, 4, 1); FIELD(IDR5, GRAN16K, 5, 1); FIELD(IDR5, GRAN64K, 6, 1); + FIELD(IDR5, VAX, 10, 2); + FIELD(IDR5, STALL_MAX, 16, 16); #define SMMU_IDR5_OAS 4 -- cgit v1.1 From 27fd85d35b7bb05a7b939bf36de33b6aa68005f6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2023 15:57:04 +0100 Subject: hw/arm/smmuv3: Sort ID register setting into field order In smmuv3_init_regs() when we set the various bits in the ID registers, we do this almost in order of the fields in the registers, but not quite. Move the initialization of SMMU_IDR3.RIL and SMMU_IDR5.OAS into their correct places. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Mostafa Saleh Reviewed-by: Eric Auger Message-id: 20230914145705.1648377-3-peter.maydell@linaro.org --- hw/arm/smmuv3.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 6f2b2bd..f03d583 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -278,15 +278,15 @@ static void smmuv3_init_regs(SMMUv3State *s) s->idr[1] = FIELD_DP32(s->idr[1], IDR1, EVENTQS, SMMU_EVENTQS); s->idr[1] = FIELD_DP32(s->idr[1], IDR1, CMDQS, SMMU_CMDQS); - s->idr[3] = FIELD_DP32(s->idr[3], IDR3, RIL, 1); s->idr[3] = FIELD_DP32(s->idr[3], IDR3, HAD, 1); + s->idr[3] = FIELD_DP32(s->idr[3], IDR3, RIL, 1); s->idr[3] = FIELD_DP32(s->idr[3], IDR3, BBML, 2); + s->idr[5] = FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS); /* 44 bits */ /* 4K, 16K and 64K granule support */ s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN4K, 1); s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN16K, 1); s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN64K, 1); - s->idr[5] = FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS); /* 44 bits */ s->cmdq.base = deposit64(s->cmdq.base, 0, 5, SMMU_CMDQS); s->cmdq.prod = 0; -- cgit v1.1 From 4cdd146d8bb72117b10ff22afe3a730dc4df4913 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2023 15:57:05 +0100 Subject: hw/arm/smmuv3: Advertise SMMUv3.1-XNX feature The SMMUv3.1-XNX feature is mandatory for an SMMUv3.1 if S2P is supported, so we should theoretically have implemented it as part of the recent S2P work. Fortunately, for us the implementation is a no-op. This feature is about interpretation of the stage 2 page table descriptor XN bits, which control execute permissions. For QEMU, the permission bits passed to an IOMMU (via MemTxAttrs and IOMMUAccessFlags) only indicate read and write; we do not distinguish data reads from instruction reads outside the CPU proper. In the SMMU architecture's terms, our interconnect between the client device and the SMMU doesn't have the ability to convey the INST attribute, and we therefore use the default value of "data" for this attribute. We also do not support the bits in the Stream Table Entry that can override the on-the-bus transaction attribute permissions (we do not set SMMU_IDR1.ATTR_PERMS_OVR=1). These two things together mean that for our implementation, it never has to deal with transactions with the INST attribute, and so it can correctly ignore the XN bits entirely. So we already implement FEAT_XNX's "XN field is now 2 bits, not 1" behaviour to the extent that we need to. Advertise the presence of the feature in SMMU_IDR3.XNX. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Mostafa Saleh Reviewed-by: Eric Auger Message-id: 20230914145705.1648377-4-peter.maydell@linaro.org --- hw/arm/smmuv3.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'hw') diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index f03d583..c3871ae 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -279,6 +279,10 @@ static void smmuv3_init_regs(SMMUv3State *s) s->idr[1] = FIELD_DP32(s->idr[1], IDR1, CMDQS, SMMU_CMDQS); s->idr[3] = FIELD_DP32(s->idr[3], IDR3, HAD, 1); + if (FIELD_EX32(s->idr[0], IDR0, S2P)) { + /* XNX is a stage-2-specific feature */ + s->idr[3] = FIELD_DP32(s->idr[3], IDR3, XNX, 1); + } s->idr[3] = FIELD_DP32(s->idr[3], IDR3, RIL, 1); s->idr[3] = FIELD_DP32(s->idr[3], IDR3, BBML, 2); -- cgit v1.1 From 3a45f4f5376cad9489e1608f2e4960fd34805546 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 26 Sep 2023 16:56:19 +0100 Subject: target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL The code for powering on a CPU in arm-powerctl.c has two separate use cases: * emulation of a real hardware power controller * emulation of firmware interfaces (primarily PSCI) with CPU on/off APIs For the first case, we only need to reset the CPU and set its starting PC and X0. For the second case, because we're emulating the firmware we need to ensure that it's in the state that the firmware provides. In particular, when we reset to a lower EL than the highest one we are emulating, we need to put the CPU into a state that permits correct running at that lower EL. We already do a little of this in arm-powerctl.c (for instance we set SCR_HCE to enable the HVC insn) but we don't do enough of it. This means that in the case where we are emulating EL3 but also providing emulated PSCI the guest will crash when a secondary core tries to use a feature that needs an SCR_EL3 bit to be set, such as MTE or PAuth. The hw/arm/boot.c code also has to support this "start guest code in an EL that's lower than the highest emulated EL" case in order to do direct guest kernel booting; it has all the necessary initialization code to set the SCR_EL3 bits. Pull the relevant boot.c code out into a separate function so we can share it between there and arm-powerctl.c. This refactoring has a few code changes that look like they might be behaviour changes but aren't: * if info->secure_boot is false and info->secure_board_setup is true, then the old code would start the first CPU in Hyp mode but without changing SCR.NS and NSACR.{CP11,CP10}. This was wrong behaviour because there's no such thing as Secure Hyp mode. The new code will leave the CPU in SVC. (There is no board which sets secure_boot to false and secure_board_setup to true, so this isn't a behaviour change for any of our boards.) * we don't explicitly clear SCR.NS when arm-powerctl.c does a CPU-on to EL3. This was a no-op because CPU reset will reset to NS == 0. And some real behaviour changes: * we no longer set HCR_EL2.RW when booting into EL2: the guest can and should do that themselves before dropping into their EL1 code. (arm-powerctl and boot did this differently; I opted to use the logic from arm-powerctl, which only sets HCR_EL2.RW when it's directly starting the guest in EL1, because it's more correct, and I don't expect guests to be accidentally depending on our having set the RW bit for them.) * if we are booting a CPU into AArch32 Secure SVC then we won't set SCR.HCE any more. This affects only the vexpress-a15 and raspi2b machine types. Guests booting in this case will either: - be able to set SCR.HCE themselves as part of moving from Secure SVC into NS Hyp mode - will move from Secure SVC to NS SVC, and won't care about behaviour of the HVC insn - will stay in Secure SVC, and won't care about HVC * on an arm-powerctl CPU-on we will now set the SCR bits for pauth/mte/sve/sme/hcx/fgt features The first two of these are very minor and I don't expect guest code to trip over them, so I didn't judge it worth convoluting the code in an attempt to keep exactly the same boot.c behaviour. The third change fixes issue 1899. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1899 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20230926155619.4028618-1-peter.maydell@linaro.org --- hw/arm/boot.c | 95 +++++++++++++++-------------------------------------------- 1 file changed, 23 insertions(+), 72 deletions(-) (limited to 'hw') diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 24fa169..84ea6a8 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -722,84 +722,35 @@ static void do_cpu_reset(void *opaque) cpu_set_pc(cs, entry); } else { - /* If we are booting Linux then we need to check whether we are - * booting into secure or non-secure state and adjust the state - * accordingly. Out of reset, ARM is defined to be in secure state - * (SCR.NS = 0), we change that here if non-secure boot has been - * requested. + /* + * If we are booting Linux then we might need to do so at: + * - AArch64 NS EL2 or NS EL1 + * - AArch32 Secure SVC (EL3) + * - AArch32 NS Hyp (EL2) + * - AArch32 NS SVC (EL1) + * Configure the CPU in the way boot firmware would do to + * drop us down to the appropriate level. */ - if (arm_feature(env, ARM_FEATURE_EL3)) { - /* AArch64 is defined to come out of reset into EL3 if enabled. - * If we are booting Linux then we need to adjust our EL as - * Linux expects us to be in EL2 or EL1. AArch32 resets into - * SVC, which Linux expects, so no privilege/exception level to - * adjust. - */ - if (env->aarch64) { - env->cp15.scr_el3 |= SCR_RW; - if (arm_feature(env, ARM_FEATURE_EL2)) { - env->cp15.hcr_el2 |= HCR_RW; - env->pstate = PSTATE_MODE_EL2h; - } else { - env->pstate = PSTATE_MODE_EL1h; - } - if (cpu_isar_feature(aa64_pauth, cpu)) { - env->cp15.scr_el3 |= SCR_API | SCR_APK; - } - if (cpu_isar_feature(aa64_mte, cpu)) { - env->cp15.scr_el3 |= SCR_ATA; - } - if (cpu_isar_feature(aa64_sve, cpu)) { - env->cp15.cptr_el[3] |= R_CPTR_EL3_EZ_MASK; - env->vfp.zcr_el[3] = 0xf; - } - if (cpu_isar_feature(aa64_sme, cpu)) { - env->cp15.cptr_el[3] |= R_CPTR_EL3_ESM_MASK; - env->cp15.scr_el3 |= SCR_ENTP2; - env->vfp.smcr_el[3] = 0xf; - } - if (cpu_isar_feature(aa64_hcx, cpu)) { - env->cp15.scr_el3 |= SCR_HXEN; - } - if (cpu_isar_feature(aa64_fgt, cpu)) { - env->cp15.scr_el3 |= SCR_FGTEN; - } + int target_el = arm_feature(env, ARM_FEATURE_EL2) ? 2 : 1; - /* AArch64 kernels never boot in secure mode */ - assert(!info->secure_boot); - /* This hook is only supported for AArch32 currently: - * bootloader_aarch64[] will not call the hook, and - * the code above has already dropped us into EL2 or EL1. - */ - assert(!info->secure_board_setup); - } - - if (arm_feature(env, ARM_FEATURE_EL2)) { - /* If we have EL2 then Linux expects the HVC insn to work */ - env->cp15.scr_el3 |= SCR_HCE; - } - - /* Set to non-secure if not a secure boot */ - if (!info->secure_boot && - (cs != first_cpu || !info->secure_board_setup)) { - /* Linux expects non-secure state */ - env->cp15.scr_el3 |= SCR_NS; - /* Set NSACR.{CP11,CP10} so NS can access the FPU */ - env->cp15.nsacr |= 3 << 10; - } - } - - if (!env->aarch64 && !info->secure_boot && - arm_feature(env, ARM_FEATURE_EL2)) { + if (env->aarch64) { /* - * This is an AArch32 boot not to Secure state, and - * we have Hyp mode available, so boot the kernel into - * Hyp mode. This is not how the CPU comes out of reset, - * so we need to manually put it there. + * AArch64 kernels never boot in secure mode, and we don't + * support the secure_board_setup hook for AArch64. */ - cpsr_write(env, ARM_CPU_MODE_HYP, CPSR_M, CPSRWriteRaw); + assert(!info->secure_boot); + assert(!info->secure_board_setup); + } else { + if (arm_feature(env, ARM_FEATURE_EL3) && + (info->secure_boot || + (info->secure_board_setup && cs == first_cpu))) { + /* Start this CPU in Secure SVC */ + target_el = 3; + } } + arm_emulate_firmware_reset(cs, target_el); + if (cs == first_cpu) { AddressSpace *as = arm_boot_address_space(cpu, info); -- cgit v1.1 From 9ef2629712680e70cbf39d8b6cb1ec0e0e2e72fa Mon Sep 17 00:00:00 2001 From: Chris Rauer Date: Fri, 22 Sep 2023 18:14:11 +0000 Subject: hw/timer/npcm7xx_timer: Prevent timer from counting down past zero The counter register is only 24-bits and counts down. If the timer is running but the qtimer to reset it hasn't fired off yet, there is a chance the regster read can return an invalid result. Signed-off-by: Chris Rauer Message-id: 20230922181411.2697135-1-crauer@google.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/timer/npcm7xx_timer.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'hw') diff --git a/hw/timer/npcm7xx_timer.c b/hw/timer/npcm7xx_timer.c index 32f5e02..a8bd93a 100644 --- a/hw/timer/npcm7xx_timer.c +++ b/hw/timer/npcm7xx_timer.c @@ -138,6 +138,9 @@ static int64_t npcm7xx_timer_count_to_ns(NPCM7xxTimer *t, uint32_t count) /* Convert a time interval in nanoseconds to a timer cycle count. */ static uint32_t npcm7xx_timer_ns_to_count(NPCM7xxTimer *t, int64_t ns) { + if (ns < 0) { + return 0; + } return clock_ns_to_ticks(t->ctrl->clock, ns) / npcm7xx_tcsr_prescaler(t->tcsr); } -- cgit v1.1