Skip to content
Snippets Groups Projects
Select Git revision
  • feature/libtcg-rebase default protected
1 result
Search by author
  • Any Author
  • Anton Anton anjo
1 author
  1. May 01, 2022
  3. Apr 30, 2022
  5. Apr 29, 2022
  7. Apr 28, 2022
    • Richard Henderson's avatar
      Merge tag 'pull-target-arm-20220428' of... · f2283360
      Richard Henderson authored 
      Merge tag 'pull-target-arm-20220428' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * refactor to use tcg_constant where appropriate
 * Advertise support for FEAT_TTL and FEAT_BBM level 2
 * smmuv3: Cache event fault record
 * smmuv3: Add space in guest error message
 * smmuv3: Advertise support for SMMUv3.2-BBML2

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmJqpu4ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3pOQD/9G190+ntJm4Vndz0I6bCDP
# svDrWwsioOJ4q5Pah6517JACkwN5sx0adMGyAeRC3Kcbz5B2141vv9hJOnJmLB1D
# l6KbH8XZaftC0B8fXsPkaH6XEdBHGz6YbOZaLOTwmFqF9d18OFW4d8+CAvfldZRc
# +DYeolEhoL9eLTS16BlXPxb0LajQHhbN1Xdu3t8CGh31C52ZrG4h8cus6YMEDjfA
# rfBthh/2QvVFmDedIfX4QrlImCTs+bTaSkhUBmX6qakWII0QykItgQTEZ8IHEr8/
# QmG+xlkP1MmffyHU3F4inEVXpjCSzula4ycZpNVGsrTHYxLBzsTSD+EzicLHMZSt
# 64tQhLxPjAzC1MEHp7bJHyQXon7REWd6u1jPRlMWTGpZqbMMchBPjFrsxK3YPdvi
# a/8KIulXuX+GjzbOIHnpttIy+U0UrjTEyxjpk+Ay2iZ+U6+hA3i2ni++dzq9dYb6
# IiCl+o29r/7fNaWpG3b38kn9vpxjwAAw+qfwwSqyM+8/KMirgJ8rpEmUPei/h7fy
# vqpNlVxd1+Tzb3ljCXNRriZ05xo5I9LIb+dLAig1orENS7w3SzW/GnM+S7raOwQb
# u9mxNmbQJ1MhkjNC/6wzniBre6EBs31X2GIWeuiWe/js2YFPQC06b1WwIc/bYNUv
# anbECOS34mtxbExFfdlxUQ==
# =IPEn
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Apr 2022 07:38:38 AM PDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20220428' of https://git.linaro.org/people/pmaydell/qemu-arm

: (54 commits)
  hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2
  target/arm: Advertise support for FEAT_BBM level 2
  target/arm: Advertise support for FEAT_TTL
  hw/arm/smmuv3: Add space in guest error message
  hw/arm/smmuv3: Cache event fault record
  target/arm: Use field names for accessing DBGWCRn
  target/arm: Disable cryptographic instructions when neon is disabled
  target/arm: Use tcg_constant for vector descriptor
  target/arm: Use tcg_constant for do_brk{2,3}
  target/arm: Use tcg_constant for predicate descriptors
  target/arm: Use tcg_constant in do_zzi_{sat, ool}, do_fp_imm
  target/arm: Use tcg_constant in SUBR
  target/arm: Use tcg_constant in LD1, ST1
  target/arm: Use tcg_constant in WHILE
  target/arm: Use tcg_constant in do_clast_scalar
  target/arm: Use tcg_constant in {incr, wrap}_last_active
  target/arm: Use tcg_constant in FCPY, CPY
  target/arm: Use tcg_constant in SINCDEC, INCDEC
  target/arm: Use tcg_constant for trans_INDEX_*
  target/arm: Use tcg_constant in trans_CSEL
  ...

Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
      f2283360
    • Peter Maydell's avatar
      hw/arm/smmuv3: Advertise support for SMMUv3.2-BBML2 · f8e7163d
      Peter Maydell authored 
      
The Arm SMMUv3 includes an optional feature equivalent to the CPU
FEAT_BBM, which permits an OS to switch a range of memory between
"covered by a huge page" and "covered by a sequence of normal pages"
without having to engage in the traditional 'break-before-make'
dance. (This is particularly important for the SMMU, because devices
performing I/O through an SMMU are less likely to be able to cope with
the window in the sequence where an access results in a translation
fault.)  The SMMU spec explicitly notes that one of the valid ways to
be a BBM level 2 compliant implementation is:
 * if there are multiple entries in the TLB for an address,
   choose one of them and use it, ignoring the others

Our SMMU TLB implementation (unlike our CPU TLB) does allow multiple
TLB entries for an address, because the translation table level is
part of the SMMUIOTLBKey, and so our IOTLB hashtable can include
entries for the same address where the leaf was at different levels
(i.e. both hugepage and normal page). Our TLB lookup implementation in
smmu_iotlb_lookup() will always find the entry with the lowest level
(i.e. it prefers the hugepage over the normal page) and ignore any
others. TLB invalidation correctly removes all TLB entries matching
the specified address or address range (unless the guest specifies the
leaf level explicitly, in which case it gets what it asked for). So we
can validly advertise support for BBML level 2.

Note that we still can't yet advertise ourselves as an SMMU v3.2,
because v3.2 requires support for the S2FWB feature, which we don't
yet implement.

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: default avatarEric Auger <eric.auger@redhat.com>
Message-id: 20220426160422.2353158-4-peter.maydell@linaro.org
      f8e7163d
    • Peter Maydell's avatar
      target/arm: Advertise support for FEAT_BBM level 2 · 75d08a40
      Peter Maydell authored 
      
The description in the Arm ARM of the requirements of FEAT_BBM is
admirably clear on the guarantees it provides software, but slightly
more obscure on what that means for implementations.  The description
of the equivalent SMMU feature in the SMMU specification (IHI0070D.b
section 3.21.1) is perhaps a bit more detailed and includes some
example valid implementation choices. (The SMMU version of this
feature is slightly tighter than the CPU version: the CPU is permitted
to raise TLB Conflict aborts in some situations that the SMMU may
not. This doesn't matter for QEMU because we don't want to do TLB
Conflict aborts anyway.)

The informal summary of FEAT_BBM is that it is about permitting an OS
to switch a range of memory between "covered by a huge page" and
"covered by a sequence of normal pages" without having to engage in
the 'break-before-make' dance that has traditionally been
necessary. The 'break-before-make' sequence is:

 * replace the old translation table entry with an invalid entry
 * execute a DSB insn
 * execute a broadcast TLB invalidate insn
 * execute a DSB insn
 * write the new translation table entry
 * execute a DSB insn

The point of this is to ensure that no TLB can simultaneously contain
TLB entries for the old and the new entry, which would traditionally
be UNPREDICTABLE (allowing the CPU to generate a TLB Conflict fault
or to use a random mishmash of values from the old and the new
entry).  FEAT_BBM level 2 says "for the specific case where the only
thing that changed is the size of the block, the TLB is guaranteed
not to do weird things even if there are multiple entries for an
address", which means that software can now do:

 * replace old translation table entry with new entry
 * DSB
 * broadcast TLB invalidate
 * DSB

As the SMMU spec notes, valid ways to do this include:

 * if there are multiple entries in the TLB for an address,
   choose one of them and use it, ignoring the others
 * if there are multiple entries in the TLB for an address,
   throw them all out and do a page table walk to get a new one

QEMU's page table walk implementation for Arm CPUs already meets the
requirements for FEAT_BBM level 2. When we cache an entry in our TCG
TLB, we do so only for the specific (non-huge) page that the address
is in, and there is no way for the TLB data structure to ever have
more than one TLB entry for that page. (We handle huge pages only in
that we track what part of the address space is covered by huge pages
so that a TLB invalidate operation for an address in a huge page
results in an invalidation of the whole TLB.) We ignore the Contiguous
bit in page table entries, so we don't have to do anything for the
parts of FEAT_BBM that deal with changis to the Contiguous bit.

FEAT_BBM level 2 also requires that the nT bit in block descriptors
must be ignored; since commit 39a1fd25 we do this.

It's therefore safe for QEMU to advertise FEAT_BBM level 2 by
setting ID_AA64MMFR2_EL1.BBM to 2.

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Message-id: 20220426160422.2353158-3-peter.maydell@linaro.org
      75d08a40
    • Peter Maydell's avatar
      target/arm: Advertise support for FEAT_TTL · f81c60c2
      Peter Maydell authored 
      
The Arm FEAT_TTL architectural feature allows the guest to provide an
optional hint in an AArch64 TLB invalidate operation about which
translation table level holds the leaf entry for the address being
invalidated.  QEMU's TLB implementation doesn't need that hint, and
we correctly ignore the (previously RES0) bits in TLB invalidate
operation values that are now used for the TTL field.  So we can
simply advertise support for it in our 'max' CPU.

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Message-id: 20220426160422.2353158-2-peter.maydell@linaro.org
      f81c60c2
    • Jean-Philippe Brucker's avatar
      hw/arm/smmuv3: Add space in guest error message · 264a3b2e
      Jean-Philippe Brucker authored 
      
Make the translation error message prettier by adding a missing space
before the parenthesis.

Signed-off-by: default avatarJean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: default avatarEric Auger <eric.auger@redhat.com>
Message-id: 20220427111543.124620-2-jean-philippe@linaro.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      264a3b2e
    • Jean-Philippe Brucker's avatar
      hw/arm/smmuv3: Cache event fault record · ced71694
      Jean-Philippe Brucker authored 
      
The Record bit in the Context Descriptor tells the SMMU to report fault
events to the event queue. Since we don't cache the Record bit at the
moment, access faults from a cached Context Descriptor are never
reported. Store the Record bit in the cached SMMUTransCfg.

Fixes: 9bde7f06 ("hw/arm/smmuv3: Implement translate callback")
Signed-off-by: default avatarJean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: default avatarEric Auger <eric.auger@redhat.com>
Message-id: 20220427111543.124620-1-jean-philippe@linaro.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      ced71694
    • Richard Henderson's avatar
      target/arm: Use field names for accessing DBGWCRn · 8b7a5bbe
      Richard Henderson authored 
      
While defining these names, use the correct field width of 5 not 4 for
DBGWCR.MASK.  This typo prevented setting a watchpoint larger than 32k.

Reported-by: default avatarChris Howard <cvz185@web.de>
Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: default avatarAlex Bennée <alex.bennee@linaro.org>
Message-id: 20220427051926.295223-1-richard.henderson@linaro.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      8b7a5bbe
    • Damien Hedde's avatar
      target/arm: Disable cryptographic instructions when neon is disabled · eb851c11
      Damien Hedde authored 
      
As of now, cryptographic instructions ISAR fields are never cleared so
we can end up with a cpu with cryptographic instructions but no
floating-point/neon instructions which is not a possible configuration
according to Arm specifications.

In QEMU, we have 3 kinds of cpus regarding cryptographic instructions:
+ no support
+ cortex-a57/a72: cryptographic extension is optional,
  floating-point/neon is not.
+ cortex-a53: crytographic extension is optional as well as
  floating-point/neon. But cryptographic requires
  floating-point/neon support.

Therefore we can safely clear the ISAR fields when neon is disabled.

Note that other Arm cpus seem to follow this. For example cortex-a55 is
like cortex-a53 and cortex-a76/cortex-a710 are like cortex-a57/a72.

Signed-off-by: default avatarDamien Hedde <damien.hedde@greensocs.com>
Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Message-id: 20220427090117.6954-1-damien.hedde@greensocs.com
[PMM: fixed commit message typos]
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      eb851c11
    • Richard Henderson's avatar
      target/arm: Use tcg_constant for vector descriptor · c6a59b55
      Richard Henderson authored 
      
Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Message-id: 20220426163043.100432-48-richard.henderson@linaro.org
Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      c6a59b55