To ease following guest accesses to the Bonito64 chipset,
map its I/O range as UnimplementedDevice.
We can now see the accesses to unimplemented peripheral
using the '-d unimp' command line option.
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-9-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peripherals are mapped at physical address on busses.
Only CPU/IOMMU can use virtual addresses.
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-8-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Ease the kconfig selection by introducing CONFIG_PCI_BONITO to select
the Bonito North Bridge.
Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20200510210128.18343-6-f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
I submitted the MIPS/fuloong2e support about ten years ago, and
after that I became a MIPS kernel developer. Last year, Philippe
Mathieu- Daudé asked me that whether I can be a reviewer of
MIPS/fuloong2e, and I promised that I will do some QEMU work in
the next year (i.e., 2020 and later). I think now (and also in
future) I can have some spare time, so I can finally do some real
work on QEMU/MIPS. And if possible, I hope I can be a co-maintainer
of MIPS/fuloong2e.
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1586337380-25217-3-git-send-email-chenhc@lemote.com>
[PMD: Added Jiaxun Yang as reviewer]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200510210128.18343-2-f4bug@amsat.org>
The Fuloong machine never had to use "audio/audio.h", remove it.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Message-id: 20200515084209.9419-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The buffer is the captured input to pass to backends.
As we should not modify it, mark the argument const.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505132603.8575-3-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The samples are the input to convert to u64. As we should
not modify them, mark the argument const.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505132603.8575-2-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 571a8c522e caused the HMP wavcapture command to segfault when
processing audio data in audio_pcm_sw_write(), where a NULL
sw->hw->pcm_ops is dereferenced. This fix checks that the pointer is
valid before dereferincing it. A similar fix is also made in the
parallel function audio_pcm_sw_read().
Fixes: 571a8c522e (audio: split ctl_* functions into enable_* and
volume_*)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200521172931.121903-1-brogers@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The code in CONV_NATURAL_FLOAT() and CLIP_NATURAL_FLOAT()
seems to use the constant 2^31-0.5 to convert float to integer
and back. But the float type lacks the required precision and
the constant used for the conversion is 2^31. This is equiva-
lent to a [-1.f, 1.f] <-> [INT32_MIN, INT32_MAX + 1] mapping.
This patch explicitly writes down the used constant. The
compiler generated code doesn't change.
The constant 2^31 has an exact float representation and the
clang 10 compiler stops complaining about an implicit int to
float conversion with a changed value.
A few notes:
- The conversion of 1.f to INT32_MAX + 1 doesn't overflow. The
type of the destination variable is int64_t.
- At a later stage one of the clip_* functions in
audio/mixeng_template.h limits INT32_MAX + 1 to the integer
range.
- The clip_natural_float_* functions in audio/mixeng.c convert
INT32_MAX and INT32_MAX + 1 to 1.f.
Buglink: https://bugs.launchpad.net/bugs/1878627
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200523201712.23908-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit adds a new audiodev backend to allow QEMU to use JACK as
both an audio sink and source.
Signed-off-by: Geoffrey McRae <geoff@hostfission.com>
Message-Id: <20200512101603.E3DB73A038E@moya.office.hostfission.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use the generic AUDIO_HOST_ENDIANNESS definition instead
of a custom one.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200505100750.27332-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
A guest user may set channel frame count via es1370_write()
such that, in es1370_transfer_audio(), total frame count
'size' is lesser than the number of frames that are processed
'cnt'.
int cnt = d->frame_cnt >> 16;
int size = d->frame_cnt & 0xffff;
if (size < cnt), it results in incorrect calculations leading
to OOB access issue(s). Add check to avoid it.
Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20200514200608.1744203-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When updating the PFLASH file contents, we should check for a
possible failure of blk_pwrite(). Similar to commit 3a688294e.
Reported-by: Coverity (CID 1357678 CHECKED_RETURN)
Signed-off-by: Mansour Ahmadi <mansourweb@gmail.com>
Message-Id: <20200408003552.58095-1-mansourweb@gmail.com>
[PMD: Add missing "qemu/error-report.h" include and TODO comment]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Rename the 'reset_flash' as 'mode_read_array' to make explicit we
do not reset the device, we simply set its internal state machine
in the READ_ARRAY mode. We do not reset the status register error
bits, as a device reset would do.
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-5-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The command 0x00 is used by this model since its origin (commit
05ee37ebf6). In this commit the command is described with a
amusing '/* ??? */' comment, probably meaning 'FIXME'.
switch (cmd) {
case 0x00: /* ??? */
...
This comment survived 12 years because the 0x00 value is indeed
not specified by the CFI open standard (as of this commit).
The 'cmd' field is transfered during migration. To keep the
migration feature working with older QEMU version, we have to
take a lot of care with migrated field. We figured out it is
too late to remove a non-specified value from this model
(this would make migration review very complex). It is however
not too late to improve the documentation.
Add few comments to remember this is a special value related
to QEMU, and we won't find information about it on the CFI
spec.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-3-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The 'CFI02' NOR flash was introduced in commit 29133e9a0f, with
timing modelled. One year later, the CFI01 model was introduced
(commit 05ee37ebf6) based on the CFI02 model. As noted in the
header, "It does not support timings". 12 years later, we never
had to model the device timings. Time to remove the unused timer,
we can still add it back if required.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
[Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html]
Message-Id: <20190716221555.11145-2-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* tests/acceptance: Add a test for the canon-a1100 machine
* docs/system: Document some of the Arm development boards
* linux-user: make BKPT insn cause SIGTRAP, not be a syscall
* target/arm: Remove unused GEN_NEON_INTEGER_OP macro
* fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
* hw/arm: Use qemu_log_mask() instead of hw_error() in various places
* ARM: PL061: Introduce N_GPIOS
* target/arm: Improve clear_vec_high() usage
* target/arm: Allow user-mode code to write CPSR.E via MSR
* linux-user/arm: Reset CPSR_E when entering a signal handler
* linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl7G7SwZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3qlND/0bnTGXns6FdYfWahEchgzJ
2C3LbE7ELund+vmn8BQX+TNsxC3sypbNa0HTx5uiAaRt3ohD6f/lYmvKjGkLJJ0l
g/6KQNXz2Tru5uB3wXWJuSQhX5qEei4EAHoHLo5lseslQq8pF8xpZvkj7P6TYJGp
ReEd48OPQJwrs6nlHahQkLX1TveDGNI/GTvUxVG6wTXZnYP6+/LK71yCZDplaKFb
j2vD7Q9kgFBHmjRiBMvYRhxQXRMnRe+5Y4khDSyiQdZId+2zD0PkxoL6qujSU0Ty
/P6vWzqdn66n3nD86PzthuWT2294xdsKGx6+otxIsJevMlZxZ7jNP/z7eJEIEvMI
Pqd28iStpdheiU2siM0NwunRWyr+c/zX6J1KYGBFrVFb869eePaDmIrn0AGKOh9S
IEO4n7t+M+IkYbc5RfdU2UhE2ubijLDrWnm/mZ7cCd7jT3SwPitVLqtcQWYFI0fL
GUEJlRstsuSXTWI4g5Cwpuv6U90sc/sIERAVW5qP45FoSnhRaK3+ySzmlTTqZ+jq
k8xywFjAijITplrvsbIsN0Y074PHFiOuk6e+FXaCyBOc9TA9sZKQUNk/XLuYzhYr
86jSELIt+YHrpHwxkplrvO+3MvqV95+6AU77cuNAC9O2E5HgE4SPE4RnfRTG8ULj
FtzVM8JOjCLKha+oAD9ucA==
=bh3x
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200521-1' into staging
target-arm queue:
* tests/acceptance: Add a test for the canon-a1100 machine
* docs/system: Document some of the Arm development boards
* linux-user: make BKPT insn cause SIGTRAP, not be a syscall
* target/arm: Remove unused GEN_NEON_INTEGER_OP macro
* fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
* hw/arm: Use qemu_log_mask() instead of hw_error() in various places
* ARM: PL061: Introduce N_GPIOS
* target/arm: Improve clear_vec_high() usage
* target/arm: Allow user-mode code to write CPSR.E via MSR
* linux-user/arm: Reset CPSR_E when entering a signal handler
* linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
# gpg: Signature made Thu 21 May 2020 22:05:48 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20200521-1: (29 commits)
linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
linux-user/arm: Reset CPSR_E when entering a signal handler
target/arm: Allow user-mode code to write CPSR.E via MSR
target/arm: Use clear_vec_high more effectively
target/arm: Use tcg_gen_gvec_mov for clear_vec_high
ARM: PL061: Introduce N_GPIOS
hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
hw/arm/fsl-imx7: Connect watchdog interrupts
hw/arm/fsl-imx7: Instantiate various unimplemented devices
hw/arm/fsl-imx6ul: Connect watchdog interrupts
hw/arm/fsl-imx6: Connect watchdog interrupts
hw/arm/fsl-imx31: Wire up watchdog
hw/arm/fsl-imx25: Wire up watchdog
hw/watchdog: Implement full i.MX watchdog support
hw: Move i.MX watchdog driver to hw/watchdog
target/arm: Remove unused GEN_NEON_INTEGER_OP macro
linux-user/arm: Fix identification of syscall numbers
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Arm signal-handling code has some parts ifdeffed with a
TARGET_CONFIG_CPU_32, which is always defined. This is a leftover
from when this code's structure was based on the Linux kernel
signal handling code, where it was intended to support 26-bit
Arm CPUs. The kernel dropped its CONFIG_CPU_32 in kernel commit
4da8b8208eded0ba21e3 in 2009.
QEMU has never had 26-bit CPU support and is unlikely to ever
add it; we certainly aren't going to support 26-bit Linux
binaries via linux-user mode. The ifdef is just unhelpful
noise, so remove it entirely.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200518143014.20689-1-peter.maydell@linaro.org
This fixes signal handlers running with the wrong endianness if the
interrupted code used SETEND to dynamically switch endianness.
Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200511131117.2486486-1-amanieu@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Using the MSR instruction to write to CPSR.E is deprecated, but it is
required to work from any mode including unprivileged code. We were
incorrectly forbidding usermode code from writing it because
CPSR_USER did not include the CPSR_E bit.
We use CPSR_USER in only three places:
* as the mask of what to allow userspace MSR to write to CPSR
* when deciding what bits a linux-user signal-return should be
able to write from the sigcontext structure
* in target_user_copy_regs() when we set up the initial
registers for the linux-user process
In the first two cases not being able to update CPSR.E is a bug, and
in the third case it doesn't matter because CPSR.E is always 0 there.
So we can fix both bugs by adding CPSR_E to CPSR_USER.
Because the cpsr_write() in restore_sigcontext() is now changing
a CPSR bit which is cached in hflags, we need to add an
arm_rebuild_hflags() call there; the callsite in
target_user_copy_regs() was already rebuilding hflags for other
reasons.
(The recommended way to change CPSR.E is to use the 'SETEND'
instruction, which we do correctly allow from usermode code.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200518142801.20503-1-peter.maydell@linaro.org
Do not explicitly store zero to the NEON high part
when we can pass !is_q to clear_vec_high.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200519212453.28494-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The 8-byte store for the end a !is_q operation can be
merged with the other stores. Use a no-op vector move
to trigger the expand_clr portion of tcg_gen_gvec_mov.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200519212453.28494-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a definition for the number of GPIO lines controlled by a PL061
instance, and use it instead of the hardcoded magic value 8.
Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200519085143.1376-1-geert+renesas@glider.be
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.
When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().
Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00"
Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4,
the default value on the APB bus is 0.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.
When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.
When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.
When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
i.MX7 supports watchdog pretimeout interupts. With this commit,
the watchdog in mcimx7d-sabre is fully operational, including
pretimeout support.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-9-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid
crashes when booting mainline Linux.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-8-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With this commit, the watchdog on mcimx6ul-evk is fully operational,
including pretimeout support.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-7-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With this patch applied, the watchdog in the sabrelite emulation
is fully operational, including pretimeout support.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-6-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With this patch, the watchdog on i.MX31 emulations is fully operational.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-5-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With this commit, the watchdog on imx25-pdk is fully operational,
including pretimeout support.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-4-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement full support for the watchdog in i.MX systems.
Pretimeout support is optional because the watchdog hardware
on i.MX31 does not support pretimeouts.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-3-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added Property array terminator entry]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
In preparation for a full implementation, move i.MX watchdog driver
from hw/misc to hw/watchdog. While at it, add the watchdog files
to MAINTAINERS.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-2-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The GEN_NEON_INTEGER_OP macro is no longer used; remove it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Our code to identify syscall numbers has some issues:
* for Thumb mode, we never need the immediate value from the insn,
but we always read it anyway
* bad immediate values in the svc insn should cause a SIGILL, but we
were abort()ing instead (via "goto error")
We can fix both these things by refactoring the code that identifies
the syscall number to more closely follow the kernel COMPAT_OABI code:
* for Thumb it is always r7
* for Arm, if the immediate value is 0, then this is an EABI call
with the syscall number in r7
* otherwise, we XOR the immediate value with 0x900000
(ARM_SYSCALL_BASE for QEMU; __NR_OABI_SYSCALL_BASE in the kernel),
which converts valid syscall immediates into the desired value,
and puts all invalid immediates in the range 0x100000 or above
* then we can just let the existing "value too large, deliver
SIGILL" case handle invalid numbers, and drop the 'goto error'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200420212206.12776-5-peter.maydell@linaro.org
The kernel has different handling for syscalls with invalid
numbers that are in the "arm-specific" range 0x9f0000 and up:
* 0x9f0000..0x9f07ff return -ENOSYS if not implemented
* other out of range syscalls cause a SIGILL
(see the kernel's arch/arm/kernel/traps.c:arm_syscall())
Implement this distinction. (Note that our code doesn't look
quite like the kernel's, because we have removed the
0x900000 prefix by this point, whereas the kernel retains
it in arm_syscall().)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200420212206.12776-4-peter.maydell@linaro.org
We incorrectly treat SVC 0xf0002 as a cacheflush request (which is a
NOP for QEMU). This is the wrong syscall number, because in the
svc-immediate OABI syscall numbers are all offset by the
ARM_SYSCALL_BASE value and so the correct insn is SVC 0x9f0002.
(This is handled further down in the code with the other Arm-specific
syscalls like NR_breakpoint.)
When this code was initially added in commit 6f1f31c069 in
2004, ARM_NR_cacheflush was defined as (ARM_SYSCALL_BASE + 0xf0000 + 2)
so the value in the comparison took account of the extra 0x900000
offset. In commit fbb4a2e371 in 2008, the ARM_SYSCALL_BASE
was removed from the definition of ARM_NR_cacheflush and handling
for this group of syscalls was added below the point where we subtract
ARM_SYSCALL_BASE from the SVC immediate value. However that commit
forgot to remove the now-obsolete earlier handling code.
Remove the spurious ARM_NR_cacheflush condition.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200420212206.12776-3-peter.maydell@linaro.org
In linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly
to EXCP_SWI, which means that if the guest executes a BKPT insn then
QEMU will perform a syscall for it (which syscall depends on what
value happens to be in r7...). The correct behaviour is that the
guest process should take a SIGTRAP.
This code has been like this (more or less) since commit
06c949e62a in 2006 which added BKPT in the first place. This is
probably because at the time the same code path was used to handle
both Linux syscalls and semihosting calls, and (on M profile) BKPT
with a suitable magic number is used for semihosting calls. But
these days we've moved handling of semihosting out to an entirely
different codepath, so we can fix this bug by simply removing this
handling of EXCP_BKPT and instead making it deliver a SIGTRAP like
EXCP_DEBUG (as we do already on aarch64).
Reported-by: <omerg681@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200420212206.12776-2-peter.maydell@linaro.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1873898
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Provide a minimal documentation of the Musca boards.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200507151819.28444-6-peter.maydell@linaro.org
Add basic documentation of the MPS2 board models.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200507151819.28444-5-peter.maydell@linaro.org
Provide a minimal documentation of the Versatile Express boards
(vexpress-a9, vexpress-a15).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200507151819.28444-4-peter.maydell@linaro.org
Sort the board index into alphabetical order. (Note that we need to
sort alphabetically by the title text of each file, which isn't the
same ordering as sorting by the filename.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200507151819.28444-3-peter.maydell@linaro.org
Add 'Arm' to the Integrator/CP document title, for consistency with
the titling of the other documentation of Arm devboard models
(versatile, realview).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200507151819.28444-2-peter.maydell@linaro.org