[Qemu-commits] [qemu/qemu] 628fc7: target/arm: Fix LD1W and LDFF1W (scal

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 628fc7: target/arm: Fix LD1W and LDFF1W (scal

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 628fc7: target/arm: Fix LD1W and LDFF1W (scalar plus vecto...
Date:	Tue, 17 Jul 2018 01:54:08 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 628fc75f3a3bb115de3b445c1a18547c44613cfe
      
https://github.com/qemu/qemu/commit/628fc75f3a3bb115de3b445c1a18547c44613cfe
  Author: Richard Henderson <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M target/arm/sve_helper.c

  Log Message:
  -----------
  target/arm: Fix LD1W and LDFF1W (scalar plus vector)

'I' was being double-incremented; correctly within the inner loop
and incorrectly within the outer loop.

Signed-off-by: Richard Henderson <address@hidden>
Reviewed-by: Laurent Desnogues <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 333b9c8a684c58f6711521e446e4b26de5addadc
      
https://github.com/qemu/qemu/commit/333b9c8a684c58f6711521e446e4b26de5addadc
  Author: Andrew Jeffery <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M hw/misc/aspeed_scu.c
    M include/hw/misc/aspeed_scu.h

  Log Message:
  -----------
  aspeed: Implement write-1-{set, clear} for AST2500 strapping

The AST2500 SoC family changes the runtime behaviour of the hardware
strapping register (SCU70) to write-1-set/write-1-clear, with
write-1-clear implemented on the "read-only" SoC revision register
(SCU7C). For the the AST2400, the hardware strapping is
runtime-configured with read-modify-write semantics.

Signed-off-by: Andrew Jeffery <address@hidden>
Reviewed-by: Joel Stanley <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: ee03cca88ec2e4cd1ffd319764cced1cab707ee2
      
https://github.com/qemu/qemu/commit/ee03cca88ec2e4cd1ffd319764cced1cab707ee2
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M hw/intc/arm_gic.c

  Log Message:
  -----------
  hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()

In gic_deactivate_irq() the interrupt number comes from the guest
(on a write to the GICC_DIR register), so we need to sanity check
that it isn't out of range before we use it as an array index.
Handle this in a similar manner to the check we do in
gic_complete_irq() for the GICC_EOI register.

The array overrun is not disastrous because the calling code
uses (value & 0x3ff) to extract the interrupt field, so the
only out-of-range values possible are 1020..1023, which allow
overrunning only from irq_state[] into the following
irq_target[] array which the guest can already manipulate.

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Luc Michel <address@hidden>
Message-id: address@hidden


  Commit: 7995206d057409cff9d4e850bdc8296c8fc21d38
      
https://github.com/qemu/qemu/commit/7995206d057409cff9d4e850bdc8296c8fc21d38
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M hw/intc/arm_gic.c

  Log Message:
  -----------
  hw/intc/arm_gic: Fix handling of GICD_ITARGETSR

The GICD_ITARGETSR implementation still has some 11MPCore behaviour
that we were incorrectly using in our GICv1 and GICv2 implementations
for the case where the interrupt number is less than GIC_INTERNAL.
The desired behaviour here is:
 * for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
   CPU doing the read for irqs 29..31
 * for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
   number matching the CPU doing the read for all irqs < 32

Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
is an 11MPCore GIC.

Reported-by: Jan Kiszka <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Luc Michel <address@hidden>
Message-id: address@hidden


  Commit: cccf96c3d4263125e6d2c23ad264001ca2e6fffa
      
https://github.com/qemu/qemu/commit/cccf96c3d4263125e6d2c23ad264001ca2e6fffa
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M hw/arm/bcm2836.c

  Log Message:
  -----------
  hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false

These devices are currently causing some problems when a user is trying
to hot-plug or introspect them during runtime. Since these devices can
not be instantiated by the user at all (they need to be wired up in code
instead), we should mark them with user_creatable = false anyway, then we
avoid at least the crashes with the hot-plugging. The introspection problem
will be handled by a separate patch.

Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 65e9f27f22ba273672a1960cabad0e6aae0fbba2
      
https://github.com/qemu/qemu/commit/65e9f27f22ba273672a1960cabad0e6aae0fbba2
  Author: Guenter Roeck <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M hw/char/bcm2835_aux.c

  Log Message:
  -----------
  bcm2835_aux: Swap RX and TX interrupt assignments

RX and TX interrupt bits were reversed, resulting in an endless sequence
of serial interupts in the emulated system and the following repeated
error message when booting Linux.

serial8250: too much work for irq61

This results in a boot failure most of the time.

Qemu command line used to reproduce the problem:

        qemu-system-aarch64 -M raspi3 -m 1024 \
        -kernel arch/arm64/boot/Image \
        --append "rdinit=/sbin/init console=ttyS1,115200"
        -initrd rootfs.cpio \
        -dtb arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb \
        -nographic -monitor null -serial null -serial stdio

This is with arm64:defconfig. The root file system was generated using
buildroot.

NB that this error likely arises from an erratum in the
BCM2835 datasheet where the TX and RX bits were swapped
in the AU_MU_IER_REG description (but correct for IIR):
 https://elinux.org/BCM2835_datasheet_errata#p12

Signed-off-by: Guenter Roeck <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
[PMM: added NB about datasheet]
Signed-off-by: Peter Maydell <address@hidden>


  Commit: b493ccf1fc82674ef73564b3c61e309105c9336b
      
https://github.com/qemu/qemu/commit/b493ccf1fc82674ef73564b3c61e309105c9336b
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M accel/tcg/cputlb.c

  Log Message:
  -----------
  accel/tcg: Use correct test when looking in victim TLB for code

In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden


  Commit: 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7
      
https://github.com/qemu/qemu/commit/3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M accel/tcg/cputlb.c

  Log Message:
  -----------
  accel/tcg: Assert that tlb fill gave us a valid TLB entry

In commit 4b1a3e1e34ad97 we added a check for whether the TLB entry
we had following a tlb_fill had the INVALID bit set.  This could
happen in some circumstances because a stale or wrong TLB entry was
pulled out of the victim cache.  However, after commit
68fea038553039e (which prevents stale entries being in the victim
cache) and the previous commit (which ensures we don't incorrectly
hit in the victim cache)) this should never be possible.

Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
condition, and instead assert that the tlb fill procedure has given
us a valid TLB entry (or longjumped out with a guest exception).

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden


  Commit: 1310df8b99cd40b5277911506c045b35e6e7f640
      
https://github.com/qemu/qemu/commit/1310df8b99cd40b5277911506c045b35e6e7f640
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-16 (Mon, 16 Jul 2018)

  Changed paths:
    M accel/tcg/cputlb.c
    M hw/arm/bcm2836.c
    M hw/char/bcm2835_aux.c
    M hw/intc/arm_gic.c
    M hw/misc/aspeed_scu.c
    M include/hw/misc/aspeed_scu.h
    M target/arm/sve_helper.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180716' 
into staging

target-arm queue:
 * accel/tcg: Use correct test when looking in victim TLB for code
 * bcm2835_aux: Swap RX and TX interrupt assignments
 * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = 
false
 * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
 * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
 * aspeed: Implement write-1-{set, clear} for AST2500 strapping
 * target/arm: Fix LD1W and LDFF1W (scalar plus vector)

# gpg: Signature made Mon 16 Jul 2018 17:38:36 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <address@hidden>"
# gpg:                 aka "Peter Maydell <address@hidden>"
# gpg:                 aka "Peter Maydell <address@hidden>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180716:
  accel/tcg: Assert that tlb fill gave us a valid TLB entry
  accel/tcg: Use correct test when looking in victim TLB for code
  bcm2835_aux: Swap RX and TX interrupt assignments
  hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
  hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
  hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
  aspeed: Implement write-1-{set, clear} for AST2500 strapping
  target/arm: Fix LD1W and LDFF1W (scalar plus vector)

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/102ad0a80f51...1310df8b99cd
      **NOTE:** This service been marked for deprecation: 
https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 628fc7: target/arm: Fix LD1W and LDFF1W (scalar plus vecto..., GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] 1f214e: qapi: Do not expose "allow-preconfig" in query-qmp...
Next by Date: [Qemu-commits] [qemu/qemu] bb23a7: qga: fix 'driver' leak in guest-get-fsinfo
Previous by thread: [Qemu-commits] [qemu/qemu] 1f214e: qapi: Do not expose "allow-preconfig" in query-qmp...
Next by thread: [Qemu-commits] [qemu/qemu] bb23a7: qga: fix 'driver' leak in guest-get-fsinfo
Index(es):
- Date
- Thread