From 6b0407805d46bbeba70f4be426285d0a0e669750 Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Fri, 10 Feb 2017 17:40:28 +0000 Subject: [PATCH 01/12] target-arm: Add support for PMU register PMSELR_EL0 This patch adds support for AArch64 register PMSELR_EL0. The existing PMSELR definition is revised accordingly. Signed-off-by: Wei Huang Reviewed-by: Peter Maydell [PMM: Moved #ifndef CONFIG_USER_ONLY to cover new regdefs] Message-id: 1486504171-26807-2-git-send-email-wei@redhat.com Signed-off-by: Peter Maydell --- target/arm/cpu.h | 1 + target/arm/helper.c | 27 +++++++++++++++++++++------ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index c0b3832d74..7e609f7a99 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -309,6 +309,7 @@ typedef struct CPUARMState { uint32_t c9_pmovsr; /* perf monitor overflow status */ uint32_t c9_pmxevtyper; /* perf monitor event type */ uint32_t c9_pmuserenr; /* perf monitor user enable */ + uint64_t c9_pmselr; /* perf monitor counter selection register */ uint32_t c9_pminten; /* perf monitor interrupt enables */ union { /* Memory attribute redirection */ struct { diff --git a/target/arm/helper.c b/target/arm/helper.c index c23df1b133..42803d41e2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -975,6 +975,17 @@ static uint64_t pmccntr_read(CPUARMState *env, const ARMCPRegInfo *ri) return total_ticks - env->cp15.c15_ccnt; } +static void pmselr_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + /* The value of PMSELR.SEL affects the behavior of PMXEVTYPER and + * PMXEVCNTR. We allow [0..31] to be written to PMSELR here; in the + * meanwhile, we check PMSELR.SEL when PMXEVTYPER and PMXEVCNTR are + * accessed. + */ + env->cp15.c9_pmselr = value & 0x1f; +} + static void pmccntr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -1194,13 +1205,17 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { /* Unimplemented so WI. */ { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4, .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP }, - /* Since we don't implement any events, writing to PMSELR is UNPREDICTABLE. - * We choose to RAZ/WI. - */ - { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5, - .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0, - .accessfn = pmreg_access }, #ifndef CONFIG_USER_ONLY + { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5, + .access = PL0_RW, .type = ARM_CP_ALIAS, + .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr), + .accessfn = pmreg_access, .writefn = pmselr_write, + .raw_writefn = raw_write}, + { .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5, + .access = PL0_RW, .accessfn = pmreg_access, + .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr), + .writefn = pmselr_write, .raw_writefn = raw_write, }, { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0, .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO, .readfn = pmccntr_read, .writefn = pmccntr_write32, From fdb8665672ded05f650d18f8b62d5c8524b4385b Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Fri, 10 Feb 2017 17:40:28 +0000 Subject: [PATCH 02/12] target-arm: Add support for AArch64 PMU register PMXEVTYPER_EL0 In order to support Linux perf, which uses PMXEVTYPER register, this patch adds read/write access support for PMXEVTYPER. The access is CONSTRAINED UNPREDICTABLE when PMSELR is not 0x1f. Additionally this patch adds support for PMXEVTYPER_EL0. Signed-off-by: Wei Huang Message-id: 1486504171-26807-3-git-send-email-wei@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/cpu.h | 1 - target/arm/helper.c | 30 +++++++++++++++++++++++++----- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 7e609f7a99..edc1f761ce 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -307,7 +307,6 @@ typedef struct CPUARMState { uint64_t c9_pmcr; /* performance monitor control register */ uint64_t c9_pmcnten; /* perf monitor counter enables */ uint32_t c9_pmovsr; /* perf monitor overflow status */ - uint32_t c9_pmxevtyper; /* perf monitor event type */ uint32_t c9_pmuserenr; /* perf monitor user enable */ uint64_t c9_pmselr; /* perf monitor counter selection register */ uint32_t c9_pminten; /* perf monitor interrupt enables */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 42803d41e2..b837d36bde 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1054,7 +1054,25 @@ static void pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri, static void pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - env->cp15.c9_pmxevtyper = value & 0xff; + /* Attempts to access PMXEVTYPER are CONSTRAINED UNPREDICTABLE when + * PMSELR value is equal to or greater than the number of implemented + * counters, but not equal to 0x1f. We opt to behave as a RAZ/WI. + */ + if (env->cp15.c9_pmselr == 0x1f) { + pmccfiltr_write(env, ri, value); + } +} + +static uint64_t pmxevtyper_read(CPUARMState *env, const ARMCPRegInfo *ri) +{ + /* We opt to behave as a RAZ/WI when attempts to access PMXEVTYPER + * are CONSTRAINED UNPREDICTABLE. See comments in pmxevtyper_write(). + */ + if (env->cp15.c9_pmselr == 0x1f) { + return env->cp15.pmccfiltr_el0; + } else { + return 0; + } } static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -1234,10 +1252,12 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, cp15.pmccfiltr_el0), .resetvalue = 0, }, { .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1, - .access = PL0_RW, - .fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper), - .accessfn = pmreg_access, .writefn = pmxevtyper_write, - .raw_writefn = raw_write }, + .access = PL0_RW, .type = ARM_CP_NO_RAW, .accessfn = pmreg_access, + .writefn = pmxevtyper_write, .readfn = pmxevtyper_read }, + { .name = "PMXEVTYPER_EL0", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 1, + .access = PL0_RW, .type = ARM_CP_NO_RAW, .accessfn = pmreg_access, + .writefn = pmxevtyper_write, .readfn = pmxevtyper_read }, /* Unimplemented, RAZ/WI. */ { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2, .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0, From e6ec54571e424bb1d6e50e32fe317c616cde3e05 Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Fri, 10 Feb 2017 17:40:28 +0000 Subject: [PATCH 03/12] target-arm: Add support for PMU register PMINTENSET_EL1 This patch adds access support for PMINTENSET_EL1. Signed-off-by: Wei Huang Reviewed-by: Peter Maydell Message-id: 1486504171-26807-4-git-send-email-wei@redhat.com Signed-off-by: Peter Maydell --- target/arm/cpu.h | 2 +- target/arm/helper.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index edc1f761ce..0956a54e89 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -309,7 +309,7 @@ typedef struct CPUARMState { uint32_t c9_pmovsr; /* perf monitor overflow status */ uint32_t c9_pmuserenr; /* perf monitor user enable */ uint64_t c9_pmselr; /* perf monitor counter selection register */ - uint32_t c9_pminten; /* perf monitor interrupt enables */ + uint64_t c9_pminten; /* perf monitor interrupt enables */ union { /* Memory attribute redirection */ struct { #ifdef HOST_WORDS_BIGENDIAN diff --git a/target/arm/helper.c b/target/arm/helper.c index b837d36bde..5358ac6054 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1275,9 +1275,17 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .writefn = pmuserenr_write, .raw_writefn = raw_write }, { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1, .access = PL1_RW, .accessfn = access_tpm, - .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), + .type = ARM_CP_ALIAS, + .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pminten), .resetvalue = 0, .writefn = pmintenset_write, .raw_writefn = raw_write }, + { .name = "PMINTENSET_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 1, + .access = PL1_RW, .accessfn = access_tpm, + .type = ARM_CP_IO, + .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), + .writefn = pmintenset_write, .raw_writefn = raw_write, + .resetvalue = 0x0 }, { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2, .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS, .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), From d6f02ce3b8a43ddd8f83553fe754a34b26fb273f Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Fri, 10 Feb 2017 17:40:28 +0000 Subject: [PATCH 04/12] target-arm: Enable vPMU support under TCG mode This patch contains several fixes to enable vPMU under TCG mode. It first removes the checking of kvm_enabled() while unsetting ARM_FEATURE_PMU. With it, the .pmu option can be used to turn on/off vPMU under TCG mode. Secondly the PMU node of DT table is now created under TCG. The last fix is to disable the masking of PMUver field of ID_AA64DFR0_EL1. Signed-off-by: Wei Huang Reviewed-by: Peter Maydell Message-id: 1486504171-26807-5-git-send-email-wei@redhat.com Signed-off-by: Peter Maydell --- hw/arm/virt.c | 2 +- target/arm/cpu.c | 2 +- target/arm/helper.c | 7 +------ 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 1f216cf3b1..8eef143a5b 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -471,7 +471,7 @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms) CPU_FOREACH(cpu) { armcpu = ARM_CPU(cpu); if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU) || - !kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ))) { + (kvm_enabled() && !kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ)))) { return; } } diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 4ee250cec6..4a069f6985 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -781,7 +781,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) unset_feature(env, ARM_FEATURE_EL2); } - if (!cpu->has_pmu || !kvm_enabled()) { + if (!cpu->has_pmu) { cpu->has_pmu = false; unset_feature(env, ARM_FEATURE_PMU); } diff --git a/target/arm/helper.c b/target/arm/helper.c index 5358ac6054..47250bcf16 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4633,12 +4633,7 @@ void register_cp_regs_for_features(ARMCPU *cpu) { .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, - /* We mask out the PMUVer field, because we don't currently - * implement the PMU. Not advertising it prevents the guest - * from trying to use it and getting UNDEFs on registers we - * don't implement. - */ - .resetvalue = cpu->id_aa64dfr0 & ~0xf00 }, + .resetvalue = cpu->id_aa64dfr0 }, { .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, From 054bb7b215d621d7b3bba16f40bf3291ef4f430b Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 05/12] target-arm: Declare virtio-mmio as dma-coherent in dt QEMU emulated hardware is always dma coherent with its guest. We do annotate that correctly on the PCI host controller, but left out virtio-mmio. Recent kernels have started to interpret that flag rather than take dma coherency as granted with virtio-mmio. While that is considered a kernel bug, as it breaks previously working systems, it showed that our dt description is incomplete. This patch adds the respective marker that allows guest OSs to evaluate that our virtio-mmio devices are indeed cache coherent. Signed-off-by: Alexander Graf Reviewed-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel Message-id: 1486644810-33181-2-git-send-email-agraf@suse.de Signed-off-by: Peter Maydell --- hw/arm/vexpress.c | 1 + hw/arm/virt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c index 58760f40ca..e05756846e 100644 --- a/hw/arm/vexpress.c +++ b/hw/arm/vexpress.c @@ -452,6 +452,7 @@ static int add_virtio_mmio_node(void *fdt, uint32_t acells, uint32_t scells, acells, addr, scells, size); qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", intc); qemu_fdt_setprop_cells(fdt, nodename, "interrupts", 0, irq, 1); + qemu_fdt_setprop(fdt, nodename, "dma-coherent", NULL, 0); g_free(nodename); if (rc) { return -1; diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 8eef143a5b..d20e627600 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -797,6 +797,7 @@ static void create_virtio_devices(const VirtMachineState *vms, qemu_irq *pic) qemu_fdt_setprop_cells(vms->fdt, nodename, "interrupts", GIC_FDT_IRQ_TYPE_SPI, irq, GIC_FDT_IRQ_FLAGS_EDGE_LO_HI); + qemu_fdt_setprop(vms->fdt, nodename, "dma-coherent", NULL, 0); g_free(nodename); } } From 76266d9913961922415ce46b628e4ad706a1ef08 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 06/12] hw/arm/virt: Declare virtio-mmio as dma cache coherent in ACPI Virtio-mmio devices can directly access guest memory and do so in cache coherent fashion. Tell the guest about that fact when it's using ACPI. Signed-off-by: Alexander Graf Reviewed-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel Reviewed-by: Shannon Zhao Message-id: 1486644810-33181-3-git-send-email-agraf@suse.de Signed-off-by: Peter Maydell --- hw/arm/virt-acpi-build.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index 07a10aca40..8955a9d384 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -135,6 +135,7 @@ static void acpi_dsdt_add_virtio(Aml *scope, Aml *dev = aml_device("VR%02u", i); aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0005"))); aml_append(dev, aml_name_decl("_UID", aml_int(i))); + aml_append(dev, aml_name_decl("_CCA", aml_int(1))); Aml *crs = aml_resource_template(); aml_append(crs, aml_memory32_fixed(base, size, AML_READ_WRITE)); From 3b5c492b1c728f90b17520be74c4d74c9797c55c Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 07/12] hw/arm/virt: Declare fwcfg as dma cache coherent in ACPI Fw-cfg recently learned how to directly access guest memory and does so in cache coherent fashion. Tell the guest about that fact when it's using ACPI. Signed-off-by: Alexander Graf Reviewed-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel Reviewed-by: Shannon Zhao Message-id: 1486644810-33181-4-git-send-email-agraf@suse.de Signed-off-by: Peter Maydell --- hw/arm/virt-acpi-build.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index 8955a9d384..0835e59bb2 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -90,6 +90,7 @@ static void acpi_dsdt_add_fw_cfg(Aml *scope, const MemMapEntry *fw_cfg_memmap) aml_append(dev, aml_name_decl("_HID", aml_string("QEMU0002"))); /* device present, functioning, decoding, not shown in UI */ aml_append(dev, aml_name_decl("_STA", aml_int(0xB))); + aml_append(dev, aml_name_decl("_CCA", aml_int(1))); Aml *crs = aml_resource_template(); aml_append(crs, aml_memory32_fixed(fw_cfg_memmap->base, From 14efdb5cb3540d5ada51b81b70ec18ce95ae1642 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 08/12] hw/arm/virt: Declare fwcfg as dma cache coherent in dt Fw-cfg recently learned how to directly access guest memory and does so in cache coherent fashion. Tell the guest about that fact when it's using DT. Signed-off-by: Alexander Graf Reviewed-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel Reviewed-by: Shannon Zhao Message-id: 1486644810-33181-5-git-send-email-agraf@suse.de Signed-off-by: Peter Maydell --- hw/arm/virt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index d20e627600..f3440f2ccb 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -929,6 +929,7 @@ static FWCfgState *create_fw_cfg(const VirtMachineState *vms, AddressSpace *as) "compatible", "qemu,fw-cfg-mmio"); qemu_fdt_setprop_sized_cells(vms->fdt, nodename, "reg", 2, base, 2, size); + qemu_fdt_setprop(vms->fdt, nodename, "dma-coherent", NULL, 0); g_free(nodename); return fw_cfg; } From 0c7209bee805bcc974cf16cd567c8865db5d1ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 09/12] aspeed: check for negative values returned by blk_getlength() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit write_boot_rom() does not check for negative values. This is more a problem for coverity than the actual code as the size of the flash device is checked when the m25p80 object is created. If there is anything wrong with the backing file, we should not even reach that path. Signed-off-by: Cédric Le Goater Message-id: 1486648058-520-2-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/aspeed.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index a92c2f1c36..ac9cbd66b7 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -113,9 +113,19 @@ static void write_boot_rom(DriveInfo *dinfo, hwaddr addr, size_t rom_size, { BlockBackend *blk = blk_by_legacy_dinfo(dinfo); uint8_t *storage; + int64_t size; - if (rom_size > blk_getlength(blk)) { - rom_size = blk_getlength(blk); + /* The block backend size should have already been 'validated' by + * the creation of the m25p80 object. + */ + size = blk_getlength(blk); + if (size <= 0) { + error_setg(errp, "failed to get flash size"); + return; + } + + if (rom_size > size) { + rom_size = size; } storage = g_new0(uint8_t, rom_size); From 93bf276d5f47c7b743d40a92b881c53acc882525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 10/12] aspeed: remove useless comment on controller segment size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The flash devices used for the FMC controller (BMC firmware) are well defined for each Aspeed machine and are all smaller than the default mapping window size, at least for CE0 which is the chip the SoC boots from. Signed-off-by: Cédric Le Goater Reviewed-by: Philippe Mathieu-Daudé Message-id: 1486648058-520-3-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell --- hw/arm/aspeed.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index ac9cbd66b7..283c038814 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -148,10 +148,6 @@ static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype, DriveInfo *dinfo = drive_get_next(IF_MTD); qemu_irq cs_line; - /* - * FIXME: check that we are not using a flash module exceeding - * the controller segment size - */ fl->flash = ssi_create_slave_no_init(s->spi, flashtype); if (dinfo) { qdev_prop_set_drive(fl->flash, "drive", blk_by_legacy_dinfo(dinfo), @@ -210,7 +206,9 @@ static void aspeed_board_init(MachineState *machine, /* * create a ROM region using the default mapping window size of - * the flash module. + * the flash module. The window size is 64MB for the AST2400 + * SoC and 128MB for the AST2500 SoC, which is twice as big as + * needed by the flash modules of the Aspeed machines. */ memory_region_init_rom(boot_rom, OBJECT(bmc), "aspeed.boot_rom", fl->size, &error_abort); From 1a6d4fc27d75839b6a0325ef258560fded6ec7d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Fri, 10 Feb 2017 17:40:29 +0000 Subject: [PATCH 11/12] aspeed/smc: handle dummies only in fast read mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit HW works fine in normal read mode with dummy bytes being set. So let's check this case to not transfer bytes. Signed-off-by: Cédric Le Goater Message-id: 1486648058-520-4-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell --- hw/ssi/aspeed_smc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index 087b29e8da..70177078a8 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -536,10 +536,13 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) /* * Use fake transfers to model dummy bytes. The value should * be configured to some non-zero value in fast read mode and - * zero in read mode. + * zero in read mode. But, as the HW allows inconsistent + * settings, let's check for fast read mode. */ - for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) { - ssi_transfer(fl->controller->spi, 0xFF); + if (aspeed_smc_flash_mode(fl) == CTRL_FREADMODE) { + for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) { + ssi_transfer(fl->controller->spi, 0xFF); + } } for (i = 0; i < size; i++) { From b4cc583f0285a2e1e78621dfba142f00ca47414a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Fri, 10 Feb 2017 17:40:30 +0000 Subject: [PATCH 12/12] aspeed/smc: use a modulo to check segment limits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The size of a segment is not necessarily a power of 2. Signed-off-by: Cédric Le Goater Reviewed-by: Philippe Mathieu-Daudé Message-id: 1486648058-520-5-git-send-email-clg@kaod.org Signed-off-by: Peter Maydell --- hw/ssi/aspeed_smc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index 70177078a8..cb515730c5 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -475,15 +475,15 @@ static uint32_t aspeed_smc_check_segment_addr(const AspeedSMCFlash *fl, AspeedSegments seg; aspeed_smc_reg_to_segment(s->regs[R_SEG_ADDR0 + fl->id], &seg); - if ((addr & (seg.size - 1)) != addr) { + if ((addr % seg.size) != addr) { qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid address 0x%08x for CS%d segment : " "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", s->ctrl->name, addr, fl->id, seg.addr, seg.addr + seg.size); + addr %= seg.size; } - addr &= seg.size - 1; return addr; }