From f58b39d2d5b6dea1a757e1dc7d67a44eac1c4f9c Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 14 Jul 2016 16:51:36 +0100 Subject: [PATCH 01/11] virtio-mmio: format transport base address in BusClass.get_dev_path At the moment the following QEMU command line triggers an assertion failure (minimal reproducer by Cole): qemu-system-aarch64 \ -machine virt-2.6,accel=tcg \ -nodefaults \ -no-user-config \ -nographic -monitor stdio \ -device virtio-scsi-device,id=scsi0 \ -device virtio-scsi-device,id=scsi1 \ -drive file=foo.img,format=raw,if=none,id=d0 \ -device scsi-hd,bus=scsi0.0,drive=d0 \ -drive file=foo.img,format=raw,if=none,id=d1 \ -device scsi-hd,bus=scsi1.0,drive=d1 qemu-system-aarch64: migration/savevm.c:615: vmstate_register_with_alias_id: Assertion `!se->compat || se->instance_id == 0' failed. The reason is that the vmstate sections for the two scsi-hd devices are not uniquely identifiable by name. The direct parent buses of the scsi-hd devices -- scsi0.0 and scsi1.0 -- support the BusClass.get_dev_path member function. scsibus_get_dev_path() formats a device path prefix with the help of its topologically parent bus, and then appends the chan:id:lun triplet to it. For both scsi-hd devices, this triplet is 0:0:0. (Here we use "device path" in the QEMU migration sense, for vmstate section identification, not in the OFW or UEFI device path senses.) The virtio-scsi HBA is plugged into the virtio-mmio bus (implemented by the internal VirtIOMMIOProxy device). This bus class (TYPE_VIRTIO_MMIO_BUS) inherits, as its get_dev_path() member function, the virtio_bus_get_dev_path() method from its parent class (TYPE_VIRTIO_BUS). virtio_bus_get_dev_path() does not format any kind of device address on its own; "virtio addresses" are transport-specific. Therefore virtio_bus_get_dev_path() asks the topologically parent bus of the proxy object (implementing the specific virtio transport) to format the address of the proxy object. (For virtio-pci devices (where the proxy is an instance of VirtIOPCIProxy, plugged into a PCI bus), this ends up in pcibus_get_dev_path().) However, VirtIOMMIOProxy is usually (in practice: always) plugged into "main-system-bus", the singleton TYPE_SYSTEM_BUS object. This BusClass does not support formatting QEMU vmstate device paths at all (as SysBusDevice objects can have zero or more IO ports and zero or more MMIO regions). Hence the formatting request delegated from virtio_bus_get_dev_path() gets answered with NULL. The end result is that the two scsi-hd devices end up with the same device path "0:0:0", which triggers the assert. We can solve this by recognizing that virtio-mmio transports are distinguished from each other by their base addresses in MMIO address space. Implement virtio_mmio_bus_get_dev_path() as follows: (1) The virtio device whose devpath is to be formatted resides on a virtio-mmio bus that is implemented by a VirtIOMMIOProxy object. Ask the parent bus of VirtIOMMIOProxy to format the device path of VirtIOMMIOProxy, as a path prefix. (This is identical to what virtio_bus_get_dev_path() does.) (2) Append the base address of VirtIOMMIOProxy to the device path, such as: - virtio-mmio@000000000a003e00, - virtio-mmio@000000000a003c00. Given that these device paths are placed in the migration stream, step (2) above, if done unconditionally, would break migration. So make that step conditional on a new VirtIOMMIOProxy property, which is enabled for 2.7 machine types and later. Cc: "Michael S. Tsirkin" Cc: Cole Robinson Cc: Dr. David Alan Gilbert Cc: Kevin Zhao Cc: Peter Maydell Cc: Tom Hanson Reported-by: Kevin Zhao Reviewed-by: Andrew Jones Signed-off-by: Laszlo Ersek Message-id: 1467739394-28357-1-git-send-email-lersek@redhat.com Fixes: https://bugs.launchpad.net/qemu/+bug/1594239 Signed-off-by: Laszlo Ersek Signed-off-by: Peter Maydell --- hw/virtio/virtio-mmio.c | 49 +++++++++++++++++++++++++++++++++++++++++ include/hw/compat.h | 6 ++++- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c index eb84b74532..13798b3cb8 100644 --- a/hw/virtio/virtio-mmio.c +++ b/hw/virtio/virtio-mmio.c @@ -91,6 +91,7 @@ typedef struct { VirtioBusState bus; bool ioeventfd_disabled; bool ioeventfd_started; + bool format_transport_address; } VirtIOMMIOProxy; static bool virtio_mmio_ioeventfd_started(DeviceState *d) @@ -469,6 +470,12 @@ assign_error: /* virtio-mmio device */ +static Property virtio_mmio_properties[] = { + DEFINE_PROP_BOOL("format_transport_address", VirtIOMMIOProxy, + format_transport_address, true), + DEFINE_PROP_END_OF_LIST(), +}; + static void virtio_mmio_realizefn(DeviceState *d, Error **errp) { VirtIOMMIOProxy *proxy = VIRTIO_MMIO(d); @@ -489,6 +496,7 @@ static void virtio_mmio_class_init(ObjectClass *klass, void *data) dc->realize = virtio_mmio_realizefn; dc->reset = virtio_mmio_reset; set_bit(DEVICE_CATEGORY_MISC, dc->categories); + dc->props = virtio_mmio_properties; } static const TypeInfo virtio_mmio_info = { @@ -500,6 +508,46 @@ static const TypeInfo virtio_mmio_info = { /* virtio-mmio-bus. */ +static char *virtio_mmio_bus_get_dev_path(DeviceState *dev) +{ + BusState *virtio_mmio_bus; + VirtIOMMIOProxy *virtio_mmio_proxy; + char *proxy_path; + SysBusDevice *proxy_sbd; + char *path; + + virtio_mmio_bus = qdev_get_parent_bus(dev); + virtio_mmio_proxy = VIRTIO_MMIO(virtio_mmio_bus->parent); + proxy_path = qdev_get_dev_path(DEVICE(virtio_mmio_proxy)); + + /* + * If @format_transport_address is false, then we just perform the same as + * virtio_bus_get_dev_path(): we delegate the address formatting for the + * device on the virtio-mmio bus to the bus that the virtio-mmio proxy + * (i.e., the device that implements the virtio-mmio bus) resides on. In + * this case the base address of the virtio-mmio transport will be + * invisible. + */ + if (!virtio_mmio_proxy->format_transport_address) { + return proxy_path; + } + + /* Otherwise, we append the base address of the transport. */ + proxy_sbd = SYS_BUS_DEVICE(virtio_mmio_proxy); + assert(proxy_sbd->num_mmio == 1); + assert(proxy_sbd->mmio[0].memory == &virtio_mmio_proxy->iomem); + + if (proxy_path) { + path = g_strdup_printf("%s/virtio-mmio@" TARGET_FMT_plx, proxy_path, + proxy_sbd->mmio[0].addr); + } else { + path = g_strdup_printf("virtio-mmio@" TARGET_FMT_plx, + proxy_sbd->mmio[0].addr); + } + g_free(proxy_path); + return path; +} + static void virtio_mmio_bus_class_init(ObjectClass *klass, void *data) { BusClass *bus_class = BUS_CLASS(klass); @@ -516,6 +564,7 @@ static void virtio_mmio_bus_class_init(ObjectClass *klass, void *data) k->ioeventfd_assign = virtio_mmio_ioeventfd_assign; k->has_variable_vring_alignment = true; bus_class->max_dev = 1; + bus_class->get_dev_path = virtio_mmio_bus_get_dev_path; } static const TypeInfo virtio_mmio_bus_info = { diff --git a/include/hw/compat.h b/include/hw/compat.h index 636befedb4..9914e7a59e 100644 --- a/include/hw/compat.h +++ b/include/hw/compat.h @@ -2,7 +2,11 @@ #define HW_COMPAT_H #define HW_COMPAT_2_6 \ - /* empty */ + {\ + .driver = "virtio-mmio",\ + .property = "format_transport_address",\ + .value = "off",\ + }, #define HW_COMPAT_2_5 \ {\ From 56215da394e9b784d425bc27cb826baf16c18b0d Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko Date: Thu, 14 Jul 2016 16:51:36 +0100 Subject: [PATCH 02/11] Revert "hw/ptimer: Perform counter wrap around if timer already expired" Software should see timer counter wraparound only after IRQ being triggered. This fixes regression introduced by the commit 5a50307 ("hw/ptimer: Perform counter wrap around if timer already expired"), resulting in monotonic timer jumping backwards on SPARC emulated machine running NetBSD guest OS, as reported by Mark Cave-Ayland. Signed-off-by: Dmitry Osipenko Message-id: 20160708132206.2080-1-digetx@gmail.com Signed-off-by: Peter Maydell --- hw/core/ptimer.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c index 05b0c276eb..30829ee97b 100644 --- a/hw/core/ptimer.c +++ b/hw/core/ptimer.c @@ -93,7 +93,7 @@ uint64_t ptimer_get_count(ptimer_state *s) bool oneshot = (s->enabled == 2); /* Figure out the current counter value. */ - if (s->period == 0 || (expired && (oneshot || use_icount))) { + if (expired) { /* Prevent timer underflowing if it should already have triggered. */ counter = 0; @@ -120,7 +120,7 @@ uint64_t ptimer_get_count(ptimer_state *s) backwards. */ - rem = expired ? now - next : next - now; + rem = next - now; div = period; clz1 = clz64(rem); @@ -140,11 +140,6 @@ uint64_t ptimer_get_count(ptimer_state *s) div += 1; } counter = rem / div; - - if (expired && counter != 0) { - /* Wrap around periodic counter. */ - counter = s->limit - (counter - 1) % s->limit; - } } } else { counter = s->delta; From 7069532e3b944c25707d4f69998e68a739eabff9 Mon Sep 17 00:00:00 2001 From: Vijay Date: Thu, 14 Jul 2016 16:51:36 +0100 Subject: [PATCH 03/11] target-arm: Use Neon for zero checking Use Neon instructions to perform zero checking of buffer. This is helps in reducing total migration time. Use case: Idle VM live migration with 4 VCPUS and 8GB ram running CentOS 7. Without Neon, the Total migration time is 3.5 Sec Migration status: completed total time: 3560 milliseconds downtime: 33 milliseconds setup: 5 milliseconds transferred ram: 297907 kbytes throughput: 685.76 mbps remaining ram: 0 kbytes total ram: 8519872 kbytes duplicate: 2062760 pages skipped: 0 pages normal: 69808 pages normal bytes: 279232 kbytes dirty sync count: 3 With Neon, the total migration time is 2.9 Sec Migration status: completed total time: 2960 milliseconds downtime: 65 milliseconds setup: 4 milliseconds transferred ram: 299869 kbytes throughput: 830.19 mbps remaining ram: 0 kbytes total ram: 8519872 kbytes duplicate: 2064313 pages skipped: 0 pages normal: 70294 pages normal bytes: 281176 kbytes dirty sync count: 3 Signed-off-by: Vijaya Kumar K Signed-off-by: Suresh Acked-by: Paolo Bonzini Message-id: 1467190029-694-2-git-send-email-vijayak@cavium.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- util/cutils.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/util/cutils.c b/util/cutils.c index 5830a688dc..7505fdaa81 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -184,6 +184,13 @@ int qemu_fdatasync(int fd) #define SPLAT(p) _mm_set1_epi8(*(p)) #define ALL_EQ(v1, v2) (_mm_movemask_epi8(_mm_cmpeq_epi8(v1, v2)) == 0xFFFF) #define VEC_OR(v1, v2) (_mm_or_si128(v1, v2)) +#elif defined(__aarch64__) +#include "arm_neon.h" +#define VECTYPE uint64x2_t +#define ALL_EQ(v1, v2) \ + ((vgetq_lane_u64(v1, 0) == vgetq_lane_u64(v2, 0)) && \ + (vgetq_lane_u64(v1, 1) == vgetq_lane_u64(v2, 1))) +#define VEC_OR(v1, v2) ((v1) | (v2)) #else #define VECTYPE unsigned long #define SPLAT(p) (*(p) * (~0UL / 255)) From c8efd802c40ed7f06eeebd4c8f7ff558424d7225 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 14 Jul 2016 16:51:37 +0100 Subject: [PATCH 04/11] gic: provide defines for v2/v3 targetlist sizes Signed-off-by: Andrew Jones Message-id: 1467378129-23302-2-git-send-email-drjones@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- include/hw/intc/arm_gic.h | 3 +++ include/hw/intc/arm_gicv3_common.h | 3 +++ 2 files changed, 6 insertions(+) diff --git a/include/hw/intc/arm_gic.h b/include/hw/intc/arm_gic.h index 0971e37710..42bb535fd4 100644 --- a/include/hw/intc/arm_gic.h +++ b/include/hw/intc/arm_gic.h @@ -23,6 +23,9 @@ #include "arm_gic_common.h" +/* Number of SGI target-list bits */ +#define GIC_TARGETLIST_BITS 8 + #define TYPE_ARM_GIC "arm_gic" #define ARM_GIC(obj) \ OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC) diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h index f72e49922f..341a3118f0 100644 --- a/include/hw/intc/arm_gicv3_common.h +++ b/include/hw/intc/arm_gicv3_common.h @@ -35,6 +35,9 @@ #define GICV3_MAXIRQ 1020 #define GICV3_MAXSPI (GICV3_MAXIRQ - GIC_INTERNAL) +/* Number of SGI target-list bits */ +#define GICV3_TARGETLIST_BITS 16 + /* Minimum BPR for Secure, or when security not enabled */ #define GIC_MIN_BPR 0 /* Minimum BPR for Nonsecure when security is enabled */ From 95eb49c8a302f8adf5e360bca026af1c5ef21716 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 14 Jul 2016 16:51:37 +0100 Subject: [PATCH 05/11] hw/arm/virt: tcg: adjust MPIDR like KVM KVM adjusts the MPIDR of guest vcpus based on the architecture of the host, 32-bit vs. 64-bit, and, for 64-bit, also on the type of GIC the guest is using. To be consistent and improve SGI efficiency we make the same adjustments for TCG as 64-bit KVM hosts. We neglect to add consistency with 32-bit KVM hosts, as that would reduce SGI efficiency and KVM is expected to change. As MPIDR is a system register, and thus guest visible, we only make adjustments for current and later versioned machines. Signed-off-by: Andrew Jones Message-id: 1467378129-23302-3-git-send-email-drjones@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/virt.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 4dafd42be8..a193b5a95b 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -52,7 +52,8 @@ #include "hw/arm/sysbus-fdt.h" #include "hw/platform-bus.h" #include "hw/arm/fdt.h" -#include "hw/intc/arm_gic_common.h" +#include "hw/intc/arm_gic.h" +#include "hw/intc/arm_gicv3_common.h" #include "kvm_arm.h" #include "hw/smbios/smbios.h" #include "qapi/visitor.h" @@ -82,6 +83,7 @@ typedef struct VirtBoardInfo { typedef struct { MachineClass parent; VirtBoardInfo *daughterboard; + bool disallow_affinity_adjustment; } VirtMachineClass; typedef struct { @@ -1165,6 +1167,7 @@ void virt_guest_info_machine_done(Notifier *notifier, void *data) static void machvirt_init(MachineState *machine) { VirtMachineState *vms = VIRT_MACHINE(machine); + VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(machine); qemu_irq pic[NUM_IRQS]; MemoryRegion *sysmem = get_system_memory(); MemoryRegion *secure_sysmem = NULL; @@ -1181,6 +1184,7 @@ static void machvirt_init(MachineState *machine) CPUClass *cc; Error *err = NULL; bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); + uint8_t clustersz; if (!cpu_model) { cpu_model = "cortex-a15"; @@ -1226,8 +1230,10 @@ static void machvirt_init(MachineState *machine) */ if (gic_version == 3) { virt_max_cpus = vbi->memmap[VIRT_GIC_REDIST].size / 0x20000; + clustersz = GICV3_TARGETLIST_BITS; } else { virt_max_cpus = GIC_NCPU; + clustersz = GIC_TARGETLIST_BITS; } if (max_cpus > virt_max_cpus) { @@ -1281,6 +1287,20 @@ static void machvirt_init(MachineState *machine) for (n = 0; n < smp_cpus; n++) { Object *cpuobj = object_new(typename); + if (!vmc->disallow_affinity_adjustment) { + /* Adjust MPIDR like 64-bit KVM hosts, which incorporate the + * GIC's target-list limitations. 32-bit KVM hosts currently + * always create clusters of 4 CPUs, but that is expected to + * change when they gain support for gicv3. When KVM is enabled + * it will override the changes we make here, therefore our + * purposes are to make TCG consistent (with 64-bit KVM hosts) + * and to improve SGI efficiency. + */ + uint8_t aff1 = n / clustersz; + uint8_t aff0 = n % clustersz; + object_property_set_int(cpuobj, (aff1 << ARM_AFF1_SHIFT) | aff0, + "mp-affinity", NULL); + } if (!vms->secure) { object_property_set_bool(cpuobj, false, "has_el3", NULL); @@ -1507,7 +1527,10 @@ static void virt_2_6_instance_init(Object *obj) static void virt_machine_2_6_options(MachineClass *mc) { + VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc)); + virt_machine_2_7_options(mc); SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_6); + vmc->disallow_affinity_adjustment = true; } DEFINE_VIRT_MACHINE(2, 6) From 541ef8c2e73fb99d173b125bef7c262fdd2fe33c Mon Sep 17 00:00:00 2001 From: Sergey Sorokin Date: Thu, 14 Jul 2016 16:51:37 +0100 Subject: [PATCH 06/11] target-arm: Add missed AArch32 TLBI sytem registers Some PL2 related TLBI system registers are missed in AArch32 implementation. The patch fixes it. Signed-off-by: Sergey Sorokin Message-id: 1468328885-3217862-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target-arm/helper.c | 139 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index 1f9cdacc59..bdb842cc45 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -572,6 +572,102 @@ static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri, } } +static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *cs = ENV_GET_CPU(env); + + tlb_flush_by_mmuidx(cs, ARMMMUIdx_S12NSE1, ARMMMUIdx_S12NSE0, + ARMMMUIdx_S2NS, -1); +} + +static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *other_cs; + + CPU_FOREACH(other_cs) { + tlb_flush_by_mmuidx(other_cs, ARMMMUIdx_S12NSE1, + ARMMMUIdx_S12NSE0, ARMMMUIdx_S2NS, -1); + } +} + +static void tlbiipas2_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + /* Invalidate by IPA. This has to invalidate any structures that + * contain only stage 2 translation information, but does not need + * to apply to structures that contain combined stage 1 and stage 2 + * translation information. + * This must NOP if EL2 isn't implemented or SCR_EL3.NS is zero. + */ + CPUState *cs = ENV_GET_CPU(env); + uint64_t pageaddr; + + if (!arm_feature(env, ARM_FEATURE_EL2) || !(env->cp15.scr_el3 & SCR_NS)) { + return; + } + + pageaddr = sextract64(value << 12, 0, 40); + + tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdx_S2NS, -1); +} + +static void tlbiipas2_is_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *other_cs; + uint64_t pageaddr; + + if (!arm_feature(env, ARM_FEATURE_EL2) || !(env->cp15.scr_el3 & SCR_NS)) { + return; + } + + pageaddr = sextract64(value << 12, 0, 40); + + CPU_FOREACH(other_cs) { + tlb_flush_page_by_mmuidx(other_cs, pageaddr, ARMMMUIdx_S2NS, -1); + } +} + +static void tlbiall_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *cs = ENV_GET_CPU(env); + + tlb_flush_by_mmuidx(cs, ARMMMUIdx_S1E2, -1); +} + +static void tlbiall_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *other_cs; + + CPU_FOREACH(other_cs) { + tlb_flush_by_mmuidx(other_cs, ARMMMUIdx_S1E2, -1); + } +} + +static void tlbimva_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *cs = ENV_GET_CPU(env); + uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12); + + tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdx_S1E2, -1); +} + +static void tlbimva_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + CPUState *other_cs; + uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12); + + CPU_FOREACH(other_cs) { + tlb_flush_page_by_mmuidx(other_cs, pageaddr, ARMMMUIdx_S1E2, -1); + } +} + static const ARMCPRegInfo cp_reginfo[] = { /* Define the secure and non-secure FCSE identifier CP registers * separately because there is no secure bank in V8 (no _EL3). This allows @@ -3273,6 +3369,29 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .type = ARM_CP_NO_RAW, .access = PL1_W, .writefn = tlbimva_write }, { .name = "TLBIMVAAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 7, .type = ARM_CP_NO_RAW, .access = PL1_W, .writefn = tlbimvaa_write }, + { .name = "TLBIMVALH", .cp = 15, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 5, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbimva_hyp_write }, + { .name = "TLBIMVALHIS", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 3, .opc2 = 5, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbimva_hyp_is_write }, + { .name = "TLBIIPAS2", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 4, .opc2 = 1, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiipas2_write }, + { .name = "TLBIIPAS2IS", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 0, .opc2 = 1, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiipas2_is_write }, + { .name = "TLBIIPAS2L", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 4, .opc2 = 5, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiipas2_write }, + { .name = "TLBIIPAS2LIS", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 0, .opc2 = 5, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiipas2_is_write }, /* 32 bit cache operations */ { .name = "ICIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0, .type = ARM_CP_NOP, .access = PL1_W }, @@ -3605,6 +3724,26 @@ static const ARMCPRegInfo el2_cp_reginfo[] = { { .name = "HTTBR", .cp = 15, .opc1 = 4, .crm = 2, .access = PL2_RW, .type = ARM_CP_64BIT | ARM_CP_ALIAS, .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el[2]) }, + { .name = "TLBIALLNSNH", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 4, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiall_nsnh_write }, + { .name = "TLBIALLNSNHIS", + .cp = 15, .opc1 = 4, .crn = 8, .crm = 3, .opc2 = 4, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiall_nsnh_is_write }, + { .name = "TLBIALLH", .cp = 15, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 0, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiall_hyp_write }, + { .name = "TLBIALLHIS", .cp = 15, .opc1 = 4, .crn = 8, .crm = 3, .opc2 = 0, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbiall_hyp_is_write }, + { .name = "TLBIMVAH", .cp = 15, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 1, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbimva_hyp_write }, + { .name = "TLBIMVAHIS", .cp = 15, .opc1 = 4, .crn = 8, .crm = 3, .opc2 = 1, + .type = ARM_CP_NO_RAW, .access = PL2_W, + .writefn = tlbimva_hyp_is_write }, { .name = "TLBI_ALLE2", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 0, .type = ARM_CP_NO_RAW, .access = PL2_W, From fe8477052831a78ba9de37d008bd81550bc8cf25 Mon Sep 17 00:00:00 2001 From: Marcin Krzeminski Date: Thu, 14 Jul 2016 16:51:38 +0100 Subject: [PATCH 07/11] m25p80: Fix QIOR/DIOR handling for Winbond MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Winbond also support continuous read mode, but as an opposite for other flash type read mode clock cycles are included to dummy cycles number. This path add proper handling of read mode byte and update needed dummy cycles. QPI mode and dummy cycles configuration are not supported. Signed-off-by: Marcin Krzeminski Reviewed-by: Cédric Le Goater Message-id: 1467809036-6986-1-git-send-email-marcin.krzeminski@nokia.com Signed-off-by: Peter Maydell --- hw/block/m25p80.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index ca8c12c0f8..9828ee61d5 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -149,6 +149,7 @@ typedef struct FlashPartInfo { */ #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1 +#define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1 static const FlashPartInfo known_devices[] = { /* Atmel -- some are (confusingly) marketed as "DataFlash" */ @@ -777,7 +778,7 @@ static void decode_dio_read_cmd(Flash *s) /* Dummy cycles modeled with bytes writes instead of bits */ switch (get_man(s)) { case MAN_WINBOND: - s->needed_bytes += 8; + s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; break; case MAN_SPANSION: s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; @@ -816,7 +817,8 @@ static void decode_qio_read_cmd(Flash *s) /* Dummy cycles modeled with bytes writes instead of bits */ switch (get_man(s)) { case MAN_WINBOND: - s->needed_bytes += 8; + s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; + s->needed_bytes += 4; break; case MAN_SPANSION: s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; From 2ddfa2817b7f2be4f7ef0fd4806e06aaced9e6ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 14 Jul 2016 16:51:38 +0100 Subject: [PATCH 08/11] hw/misc: fix typo in Aspeed SCU hw-strap2 property name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric Le Goater Message-id: 1467994016-11678-2-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/misc/aspeed_scu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c index 23f51752b0..b61c05ea4d 100644 --- a/hw/misc/aspeed_scu.c +++ b/hw/misc/aspeed_scu.c @@ -255,7 +255,7 @@ static const VMStateDescription vmstate_aspeed_scu = { static Property aspeed_scu_properties[] = { DEFINE_PROP_UINT32("silicon-rev", AspeedSCUState, silicon_rev, 0), DEFINE_PROP_UINT32("hw-strap1", AspeedSCUState, hw_strap1, 0), - DEFINE_PROP_UINT32("hw-strap2", AspeedSCUState, hw_strap1, 0), + DEFINE_PROP_UINT32("hw-strap2", AspeedSCUState, hw_strap2, 0), DEFINE_PROP_END_OF_LIST(), }; From 97c2ed5dbdda978e29618f356f11caa99a7df601 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 14 Jul 2016 16:51:38 +0100 Subject: [PATCH 09/11] ast2400: replace aspeed_smc_is_implemented() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit aspeed_smc_is_implemented() filters invalid registers in a peculiar way. Let's remove it and open code the if conditions. It serves the same purpose, the aesthetic is better, and new registers can easily be added. Signed-off-by: Cédric Le Goater Message-id: 1467994016-11678-3-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/ssi/aspeed_smc.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index a371e302d4..854474b642 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -281,12 +281,6 @@ static void aspeed_smc_reset(DeviceState *d) aspeed_smc_update_cs(s); } -static bool aspeed_smc_is_implemented(AspeedSMCState *s, hwaddr addr) -{ - return (addr == s->r_conf || addr == s->r_timings || addr == s->r_ce_ctrl || - (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs)); -} - static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) { AspeedSMCState *s = ASPEED_SMC(opaque); @@ -300,13 +294,16 @@ static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) return 0; } - if (!aspeed_smc_is_implemented(s, addr)) { + if (addr == s->r_conf || + addr == s->r_timings || + addr == s->r_ce_ctrl || + (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs)) { + return s->regs[addr]; + } else { qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", - __func__, addr); + __func__, addr); return 0; } - - return s->regs[addr]; } static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data, @@ -324,20 +321,18 @@ static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data, return; } - if (!aspeed_smc_is_implemented(s, addr)) { + if (addr == s->r_conf || + addr == s->r_timings || + addr == s->r_ce_ctrl) { + s->regs[addr] = value; + } else if (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs) { + s->regs[addr] = value; + aspeed_smc_update_cs(s); + } else { qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", __func__, addr); return; } - - /* - * Not much to do apart from storing the value and set the cs - * lines if the register is a controlling one. - */ - s->regs[addr] = value; - if (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs) { - aspeed_smc_update_cs(s); - } } static const MemoryRegionOps aspeed_smc_ops = { From 2e1f05020b80677f66b14277b7b1e8d4bb175640 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 14 Jul 2016 16:51:38 +0100 Subject: [PATCH 10/11] ast2400: pretend DMAs are done for U-boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit U-boot does SPI timing calibration using DMA tranfers. To let the initialization continue, we fake success by setting the DMA status of the Interrupt Control Register. For the moment, DMA support is not required as it is not used in normal operation. Signed-off-by: Cédric Le Goater Message-id: 1467994016-11678-4-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/ssi/aspeed_smc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index 854474b642..d319e04a27 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -273,6 +273,9 @@ static void aspeed_smc_reset(DeviceState *d) memset(s->regs, 0, sizeof s->regs); + /* Pretend DMA is done (u-boot initialization) */ + s->regs[R_INTR_CTRL] = INTR_CTRL_DMA_STATUS; + /* Unselect all slaves */ for (i = 0; i < s->num_cs; ++i) { s->regs[s->r_ctrl0 + i] |= CTRL_CE_STOP_ACTIVE; @@ -297,6 +300,7 @@ static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) if (addr == s->r_conf || addr == s->r_timings || addr == s->r_ce_ctrl || + addr == R_INTR_CTRL || (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs)) { return s->regs[addr]; } else { From 79a9f323a80b802ca98895d1c2d4aaf23cff815a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 14 Jul 2016 16:51:39 +0100 Subject: [PATCH 11/11] ast2400: externalize revision numbers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit AST2400_A0_SILICON_REV is defined twice. Fix this by including the definition in the header file as well as the routine to check if a silicon revision is supported. It will useful to reuse in other controllers. Let's add also AST2500_A0_SILICON_REV for future use. Signed-off-by: Cédric Le Goater Message-id: 1467994016-11678-5-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/ast2400.c | 2 -- hw/misc/aspeed_scu.c | 4 +--- include/hw/misc/aspeed_scu.h | 5 +++++ 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c index 0555843620..326fdb36ee 100644 --- a/hw/arm/ast2400.c +++ b/hw/arm/ast2400.c @@ -34,8 +34,6 @@ #define AST2400_FMC_FLASH_BASE 0x20000000 #define AST2400_SPI_FLASH_BASE 0x30000000 -#define AST2400_A0_SILICON_REV 0x02000303 - static const int uart_irqs[] = { 9, 32, 33, 34, 10 }; static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, }; diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c index b61c05ea4d..c7e2c8263f 100644 --- a/hw/misc/aspeed_scu.c +++ b/hw/misc/aspeed_scu.c @@ -88,8 +88,6 @@ #define PROT_KEY_UNLOCK 0x1688A8A8 #define SCU_IO_REGION_SIZE 0x20000 -#define AST2400_A0_SILICON_REV 0x02000303U - static const uint32_t ast2400_a0_resets[ASPEED_SCU_NR_REGS] = { [SYS_RST_CTRL] = 0xFFCFFEDCU, [CLK_SEL] = 0xF3F40000U, @@ -212,7 +210,7 @@ static void aspeed_scu_reset(DeviceState *dev) static uint32_t aspeed_silicon_revs[] = { AST2400_A0_SILICON_REV, }; -static bool is_supported_silicon_rev(uint32_t silicon_rev) +bool is_supported_silicon_rev(uint32_t silicon_rev) { int i; diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h index 6b8e46f85f..fdfd982288 100644 --- a/include/hw/misc/aspeed_scu.h +++ b/include/hw/misc/aspeed_scu.h @@ -31,4 +31,9 @@ typedef struct AspeedSCUState { uint32_t hw_strap2; } AspeedSCUState; +#define AST2400_A0_SILICON_REV 0x02000303U +#define AST2500_A0_SILICON_REV 0x04000303U + +extern bool is_supported_silicon_rev(uint32_t silicon_rev); + #endif /* ASPEED_SCU_H */