[Qemu-devel] [PATCH 00/18] Fix exception handling and msr/mrs access

[Michael Davidsaver]

This series grew from a previous incorrect patch attempting to fix some 
incorrect behavior.  After spending some time going through the arch. ref. 
manual for v7-M I think I understand better how this should work and have made 
a number of changes which actually improve the situation.

These changes have not yet been cross checked against real hardware, and I 
therefore don't consider them mergeable.  It's gotten big enough though that 
I'd like to get some feedback.

I think the changes in this series effect only ARMv7-M specific code with the 
exception of removing references to NVIC from the GIC code.

* Add unprivileged access case for MRS/MSR instructions
* Priority based exception masking with PRIMASK, FAULTMASK, and BASEPRI.
* Auto-clear FAULTMASK on exception return (except NMI)
* Validation and consistency checking on exception return
* Exception priorities using PRIGROUP
* Exception escalation to HardFault when priority permits
* Escalation to unrecoverable exception otherwise (though the action is not 
correct, see below)
* Correct calculation of the RETTOBASE field of ICSR
* Remove the need for the armv7m.hack MemoryRegion to catch exception returns
* Fill in previously unimplemented HFSR, CFSR, and CCR registers

This series removes the dependence of the NVIC code on the GIC.  The GIC 
doesn't have the concept of PRIGROUP to change the size of the group priority 
field.  Also, there are a lot of cases in this code which I don't understand 
and worry about breaking.  Now that I have things working (I think), I could 
look at recombining them if this is desired.

Some additional state is also added to v7m in struct CPUARMState so that all 
the information needed
in arm_v7m_cpu_exec_interrupt() is found in one place.  I started by having 
this state split between CPU and struct nvic_state, but found this confusing.  
Some guidance would be helpful.

I add a pointer to ARMCPU* in struct nvic_state which is populated in 
armv7m_nvic_realize().  I think this is reasonable given the tight coupling 
between NVIC and CPU, but it does look ugly.

At the moment I've left the action of an unrecoverable exception to call 
cpu_abort().  I'm not sure of the value of implementing the actual defined 
behavior in the context of QEMU.

I've tried to add VMState as appropriate, but have not tested it.

I looked briefly at qtest, but can't quite see how to use it given the need to 
execute code to test most of the exception behavior.  Is something like this 
feasible at present?

Regards,
Michael


Michael Davidsaver (18):
  armv7m: MRS/MSR handle unprivileged access
  armv7m: Undo armv7m.hack
  armv7m: Complain about incorrect exception table entries.
  armv7m: Explicit error for bad vector table
  armv7m: expand NVIC state
  armv7m: new NVIC utility functions
  armv7m: Update NVIC registers
  armv7m: fix RETTOBASE
  armv7m: NVIC update vmstate
  armv7m: NVIC initialization
  armv7m: fix I and F flag handling
  armv7m: simpler/faster exception start
  armv7m: implement CFSR and HFSR
  armv7m: auto-clear FAULTMASK
  arm: gic: Remove references to NVIC
  armv7m: check exception return consistency
  armv7m: implement CCR
  armv7m: prevent unprivileged write to STIR

 hw/arm/armv7m.c          |   8 -
 hw/intc/arm_gic.c        |  14 +-
 hw/intc/arm_gic_common.c |  23 +-
 hw/intc/armv7m_nvic.c    | 777 ++++++++++++++++++++++++++++++++++++-----------
 hw/intc/gic_internal.h   |   7 +-
 target-arm/cpu.c         |  44 +--
 target-arm/cpu.h         |  35 ++-
 target-arm/helper.c      | 222 ++++++++++----
 target-arm/machine.c     |   7 +-
 9 files changed, 843 insertions(+), 294 deletions(-)

-- 
2.1.4