| Message ID | 1410582564-27687-11-git-send-email-edgar.iglesias@gmail.com |
|---|---|
| State | New |
| Headers | show |
On 13 September 2014 05:29, Edgar E. Iglesias <edgar.iglesias@gmail.com> wrote: > From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> > > Acked-by: Greg Bellows <greg.bellows@linaro.org> > Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> > --- > cpu-exec.c | 12 ++++++++++++ > target-arm/cpu.c | 29 ++++++++++++++++++----------- > target-arm/cpu.h | 36 +++++++++++++++++++++++++++++++++--- > target-arm/helper-a64.c | 2 ++ > target-arm/helper.c | 4 ++++ > target-arm/internals.h | 2 ++ > 6 files changed, 71 insertions(+), 14 deletions(-) > > diff --git a/cpu-exec.c b/cpu-exec.c > index d017588..6203ba5 100644 > --- a/cpu-exec.c > +++ b/cpu-exec.c > @@ -616,6 +616,18 @@ int cpu_exec(CPUArchState *env) > cc->do_interrupt(cpu); > next_tb = 0; > } > + if (interrupt_request & CPU_INTERRUPT_VIRQ > + && arm_excp_unmasked(cpu, EXCP_VIRQ)) { > + cpu->exception_index = EXCP_VIRQ; > + cc->do_interrupt(cpu); > + next_tb = 0; > + } > + if (interrupt_request & CPU_INTERRUPT_VFIQ > + && arm_excp_unmasked(cpu, EXCP_VFIQ)) { > + cpu->exception_index = EXCP_VFIQ; > + cc->do_interrupt(cpu); > + next_tb = 0; > + } NB that this is going to conflict with RTH's patches to refactor this cpu-exec.c ifdef ladder, though not in a very hard to fix up way. > #elif defined(TARGET_UNICORE32) > if (interrupt_request & CPU_INTERRUPT_HARD > && !(env->uncached_asr & ASR_I)) { > diff --git a/target-arm/cpu.c b/target-arm/cpu.c > index 7ea12bd..d7adcb2 100644 > --- a/target-arm/cpu.c > +++ b/target-arm/cpu.c > @@ -41,7 +41,9 @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value) > static bool arm_cpu_has_work(CPUState *cs) > { > return cs->interrupt_request & > - (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB); > + (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD > + | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ > + | CPU_INTERRUPT_EXITTB); > } > > static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque) > @@ -193,20 +195,22 @@ static void arm_cpu_set_irq(void *opaque, int irq, int level) > { > ARMCPU *cpu = opaque; > CPUState *cs = CPU(cpu); > + static const int mask[] = { > + [ARM_CPU_IRQ] = CPU_INTERRUPT_HARD, > + [ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ, > + [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ, > + [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ > + }; > > switch (irq) { > case ARM_CPU_IRQ: > - if (level) { > - cpu_interrupt(cs, CPU_INTERRUPT_HARD); > - } else { > - cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); > - } > - break; > case ARM_CPU_FIQ: > + case ARM_CPU_VIRQ: > + case ARM_CPU_VFIQ: > if (level) { > - cpu_interrupt(cs, CPU_INTERRUPT_FIQ); > + cpu_interrupt(cs, mask[irq]); > } else { > - cpu_reset_interrupt(cs, CPU_INTERRUPT_FIQ); > + cpu_reset_interrupt(cs, mask[irq]); > } It seems like a bad idea to inject the VIRQ and VFIQ interrupts if the CPU doesn't implement them (ie if it doesn't implement EL2). We should probably hw_error() this case. (At least, that's what we'll do if we get one when KVM is enabled, so we might as well be consistent...) > break; > default: > @@ -256,9 +260,12 @@ static void arm_cpu_initfn(Object *obj) > #ifndef CONFIG_USER_ONLY > /* Our inbound IRQ and FIQ lines */ > if (kvm_enabled()) { > - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 2); > + /* VIRQ and VFIQ are unused with KVM but we add them to maintain > + * the same interface as non-KVM CPUs. > + */ > + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 4); > } else { > - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 2); > + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 4); > } > > cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE, > diff --git a/target-arm/cpu.h b/target-arm/cpu.h > index a5123f8..0333de1 100644 > --- a/target-arm/cpu.h > +++ b/target-arm/cpu.h > @@ -53,6 +53,8 @@ > #define EXCP_STREX 10 > #define EXCP_HVC 11 /* HyperVisor Call */ > #define EXCP_SMC 12 /* Secure Monitor Call */ > +#define EXCP_VIRQ 13 > +#define EXCP_VFIQ 14 > > #define ARMV7M_EXCP_RESET 1 > #define ARMV7M_EXCP_NMI 2 > @@ -67,6 +69,8 @@ > > /* ARM-specific interrupt pending bits. */ > #define CPU_INTERRUPT_FIQ CPU_INTERRUPT_TGT_EXT_1 > +#define CPU_INTERRUPT_VIRQ CPU_INTERRUPT_TGT_EXT_2 > +#define CPU_INTERRUPT_VFIQ CPU_INTERRUPT_TGT_EXT_3 > > /* The usual mapping for an AArch64 system register to its AArch32 > * counterpart is for the 32 bit world to have access to the lower > @@ -82,9 +86,12 @@ > #define offsetofhigh32(S, M) (offsetof(S, M) + sizeof(uint32_t)) > #endif > > -/* Meanings of the ARMCPU object's two inbound GPIO lines */ > +/* Meanings of the ARMCPU object's four inbound GPIO lines */ > #define ARM_CPU_IRQ 0 > #define ARM_CPU_FIQ 1 > +#define ARM_CPU_VIRQ 2 > +#define ARM_CPU_VFIQ 3 > + > Spurious extra blank line. > typedef void ARMWriteCPFunc(void *opaque, int cp_info, > int srcreg, int operand, uint32_t value); > @@ -1184,6 +1191,18 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) > * EL2 if we are in NS EL0/1. > */ > bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2; > + /* ARMv7-M interrupt return works by loading a magic value > + * into the PC. On real hardware the load causes the > + * return to occur. The qemu implementation performs the > + * jump normally, then does the exception return when the > + * CPU tries to execute code at the magic address. > + * This will cause the magic PC value to be pushed to > + * the stack if an interrupt occurred at the wrong time. > + * We avoid this by disabling interrupts when > + * pc contains a magic address. > + */ > + bool irq_unmasked = !(env->daif & PSTATE_I) > + && (!IS_M(env) || env->regs[15] < 0xfffffff0); > > /* Don't take exceptions if they target a lower EL. */ > if (cur_el > target_el) { > @@ -1200,8 +1219,19 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) > if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) { > return true; > } > - return !(env->daif & PSTATE_I) > - && (!IS_M(env) || env->regs[15] < 0xfffffff0); > + return irq_unmasked; > + case EXCP_VFIQ: > + if (!secure && !(env->cp15.hcr_el2 & HCR_FMO)) { > + /* VFIQs are only taken when hypervized and non-secure. */ > + return false; > + } > + return !(env->daif & PSTATE_F); > + case EXCP_VIRQ: > + if (!secure && !(env->cp15.hcr_el2 & HCR_IMO)) { > + /* VIRQs are only taken when hypervized and non-secure. */ > + return false; > + } > + return irq_unmasked; > default: > g_assert_not_reached(); > } > diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c > index 996dfea..bd16fe3 100644 > --- a/target-arm/helper-a64.c > +++ b/target-arm/helper-a64.c > @@ -481,9 +481,11 @@ void aarch64_cpu_do_interrupt(CPUState *cs) > env->cp15.esr_el[new_el] = env->exception.syndrome; > break; > case EXCP_IRQ: > + case EXCP_VIRQ: > addr += 0x80; > break; > case EXCP_FIQ: > + case EXCP_VFIQ: > addr += 0x100; > break; > default: > diff --git a/target-arm/helper.c b/target-arm/helper.c > index 3a9d1fc..2f7b6e6 100644 > --- a/target-arm/helper.c > +++ b/target-arm/helper.c > @@ -3697,6 +3697,10 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx) > } > break; > } > + case EXCP_VIRQ: > + case EXCP_VFIQ: > + target_el = 1; > + break; > } > return target_el; > } > diff --git a/target-arm/internals.h b/target-arm/internals.h > index e15ae57..1e98102 100644 > --- a/target-arm/internals.h > +++ b/target-arm/internals.h > @@ -55,6 +55,8 @@ static const char * const excnames[] = { > [EXCP_STREX] = "QEMU intercept of STREX", > [EXCP_HVC] = "Hypervisor Call", > [EXCP_SMC] = "Secure Monitor Call", > + [EXCP_VIRQ] = "Virtual IRQ", > + [EXCP_VFIQ] = "Virtual FIQ", > }; > > static inline void arm_log_exception(int idx) > -- > 1.9.1 Where is the code to generate VIRQ and VFIQ based on HCR_EL2.VI and VF ? thanks -- PMM
On Thu, Sep 25, 2014 at 08:36:41PM +0100, Peter Maydell wrote: > On 13 September 2014 05:29, Edgar E. Iglesias <edgar.iglesias@gmail.com> wrote: > > From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> > > > > Acked-by: Greg Bellows <greg.bellows@linaro.org> > > Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> > > --- > > cpu-exec.c | 12 ++++++++++++ > > target-arm/cpu.c | 29 ++++++++++++++++++----------- > > target-arm/cpu.h | 36 +++++++++++++++++++++++++++++++++--- > > target-arm/helper-a64.c | 2 ++ > > target-arm/helper.c | 4 ++++ > > target-arm/internals.h | 2 ++ > > 6 files changed, 71 insertions(+), 14 deletions(-) > > > > diff --git a/cpu-exec.c b/cpu-exec.c > > index d017588..6203ba5 100644 > > --- a/cpu-exec.c > > +++ b/cpu-exec.c > > @@ -616,6 +616,18 @@ int cpu_exec(CPUArchState *env) > > cc->do_interrupt(cpu); > > next_tb = 0; > > } > > + if (interrupt_request & CPU_INTERRUPT_VIRQ > > + && arm_excp_unmasked(cpu, EXCP_VIRQ)) { > > + cpu->exception_index = EXCP_VIRQ; > > + cc->do_interrupt(cpu); > > + next_tb = 0; > > + } > > + if (interrupt_request & CPU_INTERRUPT_VFIQ > > + && arm_excp_unmasked(cpu, EXCP_VFIQ)) { > > + cpu->exception_index = EXCP_VFIQ; > > + cc->do_interrupt(cpu); > > + next_tb = 0; > > + } > > NB that this is going to conflict with RTH's > patches to refactor this cpu-exec.c ifdef ladder, > though not in a very hard to fix up way. Right, thanks for the heads up. > > #elif defined(TARGET_UNICORE32) > > if (interrupt_request & CPU_INTERRUPT_HARD > > && !(env->uncached_asr & ASR_I)) { > > diff --git a/target-arm/cpu.c b/target-arm/cpu.c > > index 7ea12bd..d7adcb2 100644 > > --- a/target-arm/cpu.c > > +++ b/target-arm/cpu.c > > @@ -41,7 +41,9 @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value) > > static bool arm_cpu_has_work(CPUState *cs) > > { > > return cs->interrupt_request & > > - (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB); > > + (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD > > + | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ > > + | CPU_INTERRUPT_EXITTB); > > } > > > > static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque) > > @@ -193,20 +195,22 @@ static void arm_cpu_set_irq(void *opaque, int irq, int level) > > { > > ARMCPU *cpu = opaque; > > CPUState *cs = CPU(cpu); > > + static const int mask[] = { > > + [ARM_CPU_IRQ] = CPU_INTERRUPT_HARD, > > + [ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ, > > + [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ, > > + [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ > > + }; > > > > switch (irq) { > > case ARM_CPU_IRQ: > > - if (level) { > > - cpu_interrupt(cs, CPU_INTERRUPT_HARD); > > - } else { > > - cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); > > - } > > - break; > > case ARM_CPU_FIQ: > > + case ARM_CPU_VIRQ: > > + case ARM_CPU_VFIQ: > > if (level) { > > - cpu_interrupt(cs, CPU_INTERRUPT_FIQ); > > + cpu_interrupt(cs, mask[irq]); > > } else { > > - cpu_reset_interrupt(cs, CPU_INTERRUPT_FIQ); > > + cpu_reset_interrupt(cs, mask[irq]); > > } > > It seems like a bad idea to inject the VIRQ and VFIQ > interrupts if the CPU doesn't implement them (ie if > it doesn't implement EL2). We should probably hw_error() > this case. (At least, that's what we'll do if we get one > when KVM is enabled, so we might as well be consistent...) Sounds good. > > > break; > > default: > > @@ -256,9 +260,12 @@ static void arm_cpu_initfn(Object *obj) > > #ifndef CONFIG_USER_ONLY > > /* Our inbound IRQ and FIQ lines */ > > if (kvm_enabled()) { > > - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 2); > > + /* VIRQ and VFIQ are unused with KVM but we add them to maintain > > + * the same interface as non-KVM CPUs. > > + */ > > + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 4); > > } else { > > - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 2); > > + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 4); > > } > > > > cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE, > > diff --git a/target-arm/cpu.h b/target-arm/cpu.h > > index a5123f8..0333de1 100644 > > --- a/target-arm/cpu.h > > +++ b/target-arm/cpu.h > > @@ -53,6 +53,8 @@ > > #define EXCP_STREX 10 > > #define EXCP_HVC 11 /* HyperVisor Call */ > > #define EXCP_SMC 12 /* Secure Monitor Call */ > > +#define EXCP_VIRQ 13 > > +#define EXCP_VFIQ 14 > > > > #define ARMV7M_EXCP_RESET 1 > > #define ARMV7M_EXCP_NMI 2 > > @@ -67,6 +69,8 @@ > > > > /* ARM-specific interrupt pending bits. */ > > #define CPU_INTERRUPT_FIQ CPU_INTERRUPT_TGT_EXT_1 > > +#define CPU_INTERRUPT_VIRQ CPU_INTERRUPT_TGT_EXT_2 > > +#define CPU_INTERRUPT_VFIQ CPU_INTERRUPT_TGT_EXT_3 > > > > /* The usual mapping for an AArch64 system register to its AArch32 > > * counterpart is for the 32 bit world to have access to the lower > > @@ -82,9 +86,12 @@ > > #define offsetofhigh32(S, M) (offsetof(S, M) + sizeof(uint32_t)) > > #endif > > > > -/* Meanings of the ARMCPU object's two inbound GPIO lines */ > > +/* Meanings of the ARMCPU object's four inbound GPIO lines */ > > #define ARM_CPU_IRQ 0 > > #define ARM_CPU_FIQ 1 > > +#define ARM_CPU_VIRQ 2 > > +#define ARM_CPU_VFIQ 3 > > + > > > > Spurious extra blank line. Removed. > > > typedef void ARMWriteCPFunc(void *opaque, int cp_info, > > int srcreg, int operand, uint32_t value); > > @@ -1184,6 +1191,18 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) > > * EL2 if we are in NS EL0/1. > > */ > > bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2; > > + /* ARMv7-M interrupt return works by loading a magic value > > + * into the PC. On real hardware the load causes the > > + * return to occur. The qemu implementation performs the > > + * jump normally, then does the exception return when the > > + * CPU tries to execute code at the magic address. > > + * This will cause the magic PC value to be pushed to > > + * the stack if an interrupt occurred at the wrong time. > > + * We avoid this by disabling interrupts when > > + * pc contains a magic address. > > + */ > > + bool irq_unmasked = !(env->daif & PSTATE_I) > > + && (!IS_M(env) || env->regs[15] < 0xfffffff0); > > > > /* Don't take exceptions if they target a lower EL. */ > > if (cur_el > target_el) { > > @@ -1200,8 +1219,19 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) > > if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) { > > return true; > > } > > - return !(env->daif & PSTATE_I) > > - && (!IS_M(env) || env->regs[15] < 0xfffffff0); > > + return irq_unmasked; > > + case EXCP_VFIQ: > > + if (!secure && !(env->cp15.hcr_el2 & HCR_FMO)) { > > + /* VFIQs are only taken when hypervized and non-secure. */ > > + return false; > > + } > > + return !(env->daif & PSTATE_F); > > + case EXCP_VIRQ: > > + if (!secure && !(env->cp15.hcr_el2 & HCR_IMO)) { > > + /* VIRQs are only taken when hypervized and non-secure. */ > > + return false; > > + } > > + return irq_unmasked; > > default: > > g_assert_not_reached(); > > } > > diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c > > index 996dfea..bd16fe3 100644 > > --- a/target-arm/helper-a64.c > > +++ b/target-arm/helper-a64.c > > @@ -481,9 +481,11 @@ void aarch64_cpu_do_interrupt(CPUState *cs) > > env->cp15.esr_el[new_el] = env->exception.syndrome; > > break; > > case EXCP_IRQ: > > + case EXCP_VIRQ: > > addr += 0x80; > > break; > > case EXCP_FIQ: > > + case EXCP_VFIQ: > > addr += 0x100; > > break; > > default: > > diff --git a/target-arm/helper.c b/target-arm/helper.c > > index 3a9d1fc..2f7b6e6 100644 > > --- a/target-arm/helper.c > > +++ b/target-arm/helper.c > > @@ -3697,6 +3697,10 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx) > > } > > break; > > } > > + case EXCP_VIRQ: > > + case EXCP_VFIQ: > > + target_el = 1; > > + break; > > } > > return target_el; > > } > > diff --git a/target-arm/internals.h b/target-arm/internals.h > > index e15ae57..1e98102 100644 > > --- a/target-arm/internals.h > > +++ b/target-arm/internals.h > > @@ -55,6 +55,8 @@ static const char * const excnames[] = { > > [EXCP_STREX] = "QEMU intercept of STREX", > > [EXCP_HVC] = "Hypervisor Call", > > [EXCP_SMC] = "Secure Monitor Call", > > + [EXCP_VIRQ] = "Virtual IRQ", > > + [EXCP_VFIQ] = "Virtual FIQ", > > }; > > > > static inline void arm_log_exception(int idx) > > -- > > 1.9.1 > > Where is the code to generate VIRQ and VFIQ based on > HCR_EL2.VI and VF ? I've scoped that out as future work (mentioned in the cover-letter). Best regards, Edgar
diff --git a/cpu-exec.c b/cpu-exec.c index d017588..6203ba5 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -616,6 +616,18 @@ int cpu_exec(CPUArchState *env) cc->do_interrupt(cpu); next_tb = 0; } + if (interrupt_request & CPU_INTERRUPT_VIRQ + && arm_excp_unmasked(cpu, EXCP_VIRQ)) { + cpu->exception_index = EXCP_VIRQ; + cc->do_interrupt(cpu); + next_tb = 0; + } + if (interrupt_request & CPU_INTERRUPT_VFIQ + && arm_excp_unmasked(cpu, EXCP_VFIQ)) { + cpu->exception_index = EXCP_VFIQ; + cc->do_interrupt(cpu); + next_tb = 0; + } #elif defined(TARGET_UNICORE32) if (interrupt_request & CPU_INTERRUPT_HARD && !(env->uncached_asr & ASR_I)) { diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 7ea12bd..d7adcb2 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -41,7 +41,9 @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value) static bool arm_cpu_has_work(CPUState *cs) { return cs->interrupt_request & - (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB); + (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD + | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ + | CPU_INTERRUPT_EXITTB); } static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque) @@ -193,20 +195,22 @@ static void arm_cpu_set_irq(void *opaque, int irq, int level) { ARMCPU *cpu = opaque; CPUState *cs = CPU(cpu); + static const int mask[] = { + [ARM_CPU_IRQ] = CPU_INTERRUPT_HARD, + [ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ, + [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ, + [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ + }; switch (irq) { case ARM_CPU_IRQ: - if (level) { - cpu_interrupt(cs, CPU_INTERRUPT_HARD); - } else { - cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); - } - break; case ARM_CPU_FIQ: + case ARM_CPU_VIRQ: + case ARM_CPU_VFIQ: if (level) { - cpu_interrupt(cs, CPU_INTERRUPT_FIQ); + cpu_interrupt(cs, mask[irq]); } else { - cpu_reset_interrupt(cs, CPU_INTERRUPT_FIQ); + cpu_reset_interrupt(cs, mask[irq]); } break; default: @@ -256,9 +260,12 @@ static void arm_cpu_initfn(Object *obj) #ifndef CONFIG_USER_ONLY /* Our inbound IRQ and FIQ lines */ if (kvm_enabled()) { - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 2); + /* VIRQ and VFIQ are unused with KVM but we add them to maintain + * the same interface as non-KVM CPUs. + */ + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 4); } else { - qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 2); + qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 4); } cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE, diff --git a/target-arm/cpu.h b/target-arm/cpu.h index a5123f8..0333de1 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -53,6 +53,8 @@ #define EXCP_STREX 10 #define EXCP_HVC 11 /* HyperVisor Call */ #define EXCP_SMC 12 /* Secure Monitor Call */ +#define EXCP_VIRQ 13 +#define EXCP_VFIQ 14 #define ARMV7M_EXCP_RESET 1 #define ARMV7M_EXCP_NMI 2 @@ -67,6 +69,8 @@ /* ARM-specific interrupt pending bits. */ #define CPU_INTERRUPT_FIQ CPU_INTERRUPT_TGT_EXT_1 +#define CPU_INTERRUPT_VIRQ CPU_INTERRUPT_TGT_EXT_2 +#define CPU_INTERRUPT_VFIQ CPU_INTERRUPT_TGT_EXT_3 /* The usual mapping for an AArch64 system register to its AArch32 * counterpart is for the 32 bit world to have access to the lower @@ -82,9 +86,12 @@ #define offsetofhigh32(S, M) (offsetof(S, M) + sizeof(uint32_t)) #endif -/* Meanings of the ARMCPU object's two inbound GPIO lines */ +/* Meanings of the ARMCPU object's four inbound GPIO lines */ #define ARM_CPU_IRQ 0 #define ARM_CPU_FIQ 1 +#define ARM_CPU_VIRQ 2 +#define ARM_CPU_VFIQ 3 + typedef void ARMWriteCPFunc(void *opaque, int cp_info, int srcreg, int operand, uint32_t value); @@ -1184,6 +1191,18 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) * EL2 if we are in NS EL0/1. */ bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2; + /* ARMv7-M interrupt return works by loading a magic value + * into the PC. On real hardware the load causes the + * return to occur. The qemu implementation performs the + * jump normally, then does the exception return when the + * CPU tries to execute code at the magic address. + * This will cause the magic PC value to be pushed to + * the stack if an interrupt occurred at the wrong time. + * We avoid this by disabling interrupts when + * pc contains a magic address. + */ + bool irq_unmasked = !(env->daif & PSTATE_I) + && (!IS_M(env) || env->regs[15] < 0xfffffff0); /* Don't take exceptions if they target a lower EL. */ if (cur_el > target_el) { @@ -1200,8 +1219,19 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx) if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) { return true; } - return !(env->daif & PSTATE_I) - && (!IS_M(env) || env->regs[15] < 0xfffffff0); + return irq_unmasked; + case EXCP_VFIQ: + if (!secure && !(env->cp15.hcr_el2 & HCR_FMO)) { + /* VFIQs are only taken when hypervized and non-secure. */ + return false; + } + return !(env->daif & PSTATE_F); + case EXCP_VIRQ: + if (!secure && !(env->cp15.hcr_el2 & HCR_IMO)) { + /* VIRQs are only taken when hypervized and non-secure. */ + return false; + } + return irq_unmasked; default: g_assert_not_reached(); } diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c index 996dfea..bd16fe3 100644 --- a/target-arm/helper-a64.c +++ b/target-arm/helper-a64.c @@ -481,9 +481,11 @@ void aarch64_cpu_do_interrupt(CPUState *cs) env->cp15.esr_el[new_el] = env->exception.syndrome; break; case EXCP_IRQ: + case EXCP_VIRQ: addr += 0x80; break; case EXCP_FIQ: + case EXCP_VFIQ: addr += 0x100; break; default: diff --git a/target-arm/helper.c b/target-arm/helper.c index 3a9d1fc..2f7b6e6 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3697,6 +3697,10 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx) } break; } + case EXCP_VIRQ: + case EXCP_VFIQ: + target_el = 1; + break; } return target_el; } diff --git a/target-arm/internals.h b/target-arm/internals.h index e15ae57..1e98102 100644 --- a/target-arm/internals.h +++ b/target-arm/internals.h @@ -55,6 +55,8 @@ static const char * const excnames[] = { [EXCP_STREX] = "QEMU intercept of STREX", [EXCP_HVC] = "Hypervisor Call", [EXCP_SMC] = "Secure Monitor Call", + [EXCP_VIRQ] = "Virtual IRQ", + [EXCP_VFIQ] = "Virtual FIQ", }; static inline void arm_log_exception(int idx)