From patchwork Thu Sep 12 16:30:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Aleksandar Markovic X-Patchwork-Id: 173723 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:ce:0:0:0:0 with SMTP id r14csp2374485ilq; Thu, 12 Sep 2019 09:34:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqynCS2N1/UQVfBotoGT426HbThQifYlabc0pUNcT6Mk3PxWvIwhsk8hvncPJHUpdbk3/FMy X-Received: by 2002:a0c:fba6:: with SMTP id m6mr19747385qvp.54.1568306040590; Thu, 12 Sep 2019 09:34:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568306040; cv=none; d=google.com; s=arc-20160816; b=V+OEJacXsFY2AZc/KJA+/MVXpkFQWf2Asz4dHCeQyvFCvsuGlLorNweqmoo8u4RKeN cFWei8xsj86tYDeY0VEVG5XMHtbj63VqAAu443cnl8+DmMtmfluCjwawiFGY/b/vZTh9 5OLzAT10ki0SKqhF9dZ2P3YcdAsz1OepX1UrYtP6QxtNHURTbxdZqH5/56eDKohuWJEn soIh0M3C2HsHiaH+7I5KzdAHizl9siDCQB8MC2WNNo2KaQDzkA51hGOzYYTRjkPubbV/ k9MZuxvF44DIfMLRhQIkI0VY2fAY+O8E3Q9a+ZqbDJTMaFkVz2OxbdTbO0yb7U6hXBB1 2flQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from; bh=gWL0Go19/mFRTwAX3YNlTFJSPAq1fe/qmOY+tN+itek=; b=Yh01q9HP670/gWtTsDsPJR+GxrmIcR6TbwiiXQ8AHYNIBPC1WNp5ZstVnF4Kxp3kD/ QUrl7UX5VxXj6blXS4/NShQMyazTDkIXG0GmuWp26TORqZJl+GfN6F+tvRA/ET8dx6br 4fpauNNgFmxB7mDLT7t5lfonlZsFR5FfMT6IrCT3UVIs5bjAYuvXFB8qCORG4iuszwop c0cX3reLb2a0acVSQ5KblSTMKOd4RfVr2J4YfD0L7WL3Y6lOIA8HvPu+p2Az70/famQb 3/QSauGNru7p1BFQUAlReEZK9S8twbOEzsn5LShsGMYEv6VjmFKlNNm6uFRplnS3+DjK R3Ag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 70si13472876qte.223.2019.09.12.09.34.00 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 12 Sep 2019 09:34:00 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:36952 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8S2h-0005t2-Dn for patch@linaro.org; Thu, 12 Sep 2019 12:33:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57194) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8S0g-0005p7-Br for qemu-devel@nongnu.org; Thu, 12 Sep 2019 12:31:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i8S0e-0006K5-TB for qemu-devel@nongnu.org; Thu, 12 Sep 2019 12:31:54 -0400 Received: from mx2.rt-rk.com ([89.216.37.149]:37112 helo=mail.rt-rk.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i8S0e-00061q-Ho for qemu-devel@nongnu.org; Thu, 12 Sep 2019 12:31:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.rt-rk.com (Postfix) with ESMTP id A5F771A1E25; Thu, 12 Sep 2019 18:30:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at rt-rk.com Received: from rtrkw774-lin.domain.local (rtrkw774-lin.domain.local [10.10.13.43]) by mail.rt-rk.com (Postfix) with ESMTPSA id 7D6FB1A1E6B; Thu, 12 Sep 2019 18:30:46 +0200 (CEST) From: Aleksandar Markovic To: qemu-devel@nongnu.org Date: Thu, 12 Sep 2019 18:30:37 +0200 Message-Id: <1568305840-12550-2-git-send-email-aleksandar.markovic@rt-rk.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1568305840-12550-1-git-send-email-aleksandar.markovic@rt-rk.com> References: <1568305840-12550-1-git-send-email-aleksandar.markovic@rt-rk.com> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 89.216.37.149 Subject: [Qemu-devel] [PULL 1/4] hw/mips/mips_jazz: Override do_transaction_failed hook X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, amarkovic@wavecomp.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell The MIPS Jazz ('magnum' and 'pica61') boards have some code which overrides the CPU's do_unassigned_access hook, so they can intercept it and not raise exceptions on data accesses to invalid addresses, only for instruction fetches. We want to switch MIPS over to using the do_transaction_failed hook instead, so add an intercept for that as well, and make the board code install whichever hook the CPU is actually using. Once we've changed the CPU implementation we can remove the redundant code for the old hook. Note: I am suspicious that the behaviour as implemented here may not be what the hardware really does. It was added in commit 54e755588cf1e90f0b14 to restore the behaviour that was broken by commit c658b94f6e8c206c59d. But prior to commit c658b94f6e8c206c59d every MIPS board generated exceptions for instruction access to invalid addresses but not for data accesses; and other boards, notably Malta, were fixed by making all invalid accesses behave as reads-as-zero (see the call to empty_slot_init() in mips_malta_init()). Hardware that raises exceptions for instruction access and not data access seems to me to be an unlikely design, and it's possible that the right way to emulate this is to make the Jazz boards do what we did with Malta (or some variation of that). Nonetheless, since I don't have access to real hardware to test against I have taken the approach of "make QEMU continue to behave the same way it did before this commit". I have updated the comment to correct the parts that are no longer accurate and note that the hardware might behave differently. The test case for the need for the hook-hijacking is in https://bugs.launchpad.net/qemu/+bug/1245924 That BIOS will boot OK either with this overriding of both hooks, or with a simple "global memory region to ignore bad accesses of all types", so it doesn't provide evidence either way, unfortunately. Signed-off-by: Peter Maydell Signed-off-by: Aleksandar Markovic Reviewed-by: Philippe Mathieu-Daudé Tested-by: Hervé Poussineau Message-Id: <20190802160458.25681-2-peter.maydell@linaro.org> --- hw/mips/mips_jazz.c | 54 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 46 insertions(+), 8 deletions(-) -- 2.7.4 diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c index 388c15c..1a8e847 100644 --- a/hw/mips/mips_jazz.c +++ b/hw/mips/mips_jazz.c @@ -123,6 +123,28 @@ static void mips_jazz_do_unassigned_access(CPUState *cpu, hwaddr addr, (*real_do_unassigned_access)(cpu, addr, is_write, is_exec, opaque, size); } +static void (*real_do_transaction_failed)(CPUState *cpu, hwaddr physaddr, + vaddr addr, unsigned size, + MMUAccessType access_type, + int mmu_idx, MemTxAttrs attrs, + MemTxResult response, + uintptr_t retaddr); + +static void mips_jazz_do_transaction_failed(CPUState *cs, hwaddr physaddr, + vaddr addr, unsigned size, + MMUAccessType access_type, + int mmu_idx, MemTxAttrs attrs, + MemTxResult response, + uintptr_t retaddr) +{ + if (access_type != MMU_INST_FETCH) { + /* ignore invalid access (ie do not raise exception) */ + return; + } + (*real_do_transaction_failed)(cs, physaddr, addr, size, access_type, + mmu_idx, attrs, response, retaddr); +} + static void mips_jazz_init(MachineState *machine, enum jazz_model_e jazz_model) { @@ -157,16 +179,32 @@ static void mips_jazz_init(MachineState *machine, env = &cpu->env; qemu_register_reset(main_cpu_reset, cpu); - /* Chipset returns 0 in invalid reads and do not raise data exceptions. + /* + * Chipset returns 0 in invalid reads and do not raise data exceptions. * However, we can't simply add a global memory region to catch - * everything, as memory core directly call unassigned_mem_read/write - * on some invalid accesses, which call do_unassigned_access on the - * CPU, which raise an exception. - * Handle that case by hijacking the do_unassigned_access method on - * the CPU, and do not raise exceptions for data access. */ + * everything, as this would make all accesses including instruction + * accesses be ignored and not raise exceptions. + * So instead we hijack either the do_unassigned_access method or + * the do_transaction_failed method on the CPU, and do not raise exceptions + * for data access. + * + * NOTE: this behaviour of raising exceptions for bad instruction + * fetches but not bad data accesses was added in commit 54e755588cf1e9 + * to restore behaviour broken by c658b94f6e8c206, but it is not clear + * whether the real hardware behaves this way. It is possible that + * real hardware ignores bad instruction fetches as well -- if so then + * we could replace this hijacking of CPU methods with a simple global + * memory region that catches all memory accesses, as we do on Malta. + */ cc = CPU_GET_CLASS(cpu); - real_do_unassigned_access = cc->do_unassigned_access; - cc->do_unassigned_access = mips_jazz_do_unassigned_access; + if (cc->do_unassigned_access) { + real_do_unassigned_access = cc->do_unassigned_access; + cc->do_unassigned_access = mips_jazz_do_unassigned_access; + } + if (cc->do_transaction_failed) { + real_do_transaction_failed = cc->do_transaction_failed; + cc->do_transaction_failed = mips_jazz_do_transaction_failed; + } /* allocate RAM */ memory_region_allocate_system_memory(ram, NULL, "mips_jazz.ram",