DO_NOT_MERGE_YET: remaining changes from CHERI-Alliance branch#297
Closed
arichardson wants to merge 288 commits intoCTSRD-CHERI:devfrom
Closed
DO_NOT_MERGE_YET: remaining changes from CHERI-Alliance branch#297arichardson wants to merge 288 commits intoCTSRD-CHERI:devfrom
arichardson wants to merge 288 commits intoCTSRD-CHERI:devfrom
Conversation
qemu-system-riscv64cheri ... -drive if=sd,format=raw,file=card.img
results in this error
qemu-system-riscv64cheri: Drive 'sd0' is already in use because it has
been automatically connected to another device (did you need 'if=none' in
the drive options?)
qemu monitor shows that even without a -drive parameter,
qemu-system-riscv64cheri -M hobgoblin-genesys2
creates sd0 and attaches it
(qemu) info block
none2: [not inserted]
Removable device: not locked, tray closed
floppy0: [not inserted]
Removable device: not locked, tray closed
sd0: [not inserted]
Attached to: /machine/unattached/device[7]
Removable device: not locked, tray closed
(qemu) quit
[martin.kaiser@nb282 qemu]$
Try to work around the problem by using the next available block device
instead of hard-coding bus and unit to 0.
"info qtree" in the monitor now looks like this:
(qemu) info qtree
bus: main-system-bus
type System
...
dev: xlnx.xps-spi, id ""
gpio-out "sysbus-irq" 2
num-ss-bits = 1 (0x1)
mmio 0000000060210000/000000000000007c
bus: spi
type SSI
dev: ssi-sd, id ""
gpio-in "ssi-gpio-cs" 1
bus: sd-bus
type sd-bus
dev: sd-card, id ""
spec_version = 2 (0x2)
drive = "sd0"
spi = false
dev: sd-card, id ""
spec_version = 2 (0x2)
drive = ""
spi = true
The fsbl wants to store capabilities in the sram area. Declare this area as cheri tagmem. Explain why the boot ram area is not usable as cheri tagmem with qemu's current tagmem implementation.
TYPE_HOBGOBLIN_MACHINE is derived from TYPE_MACHINE. Some functions take both MachineState and HobgoblinState pointers as parameters. Drop the MachineState parameter, it is part of HobgoblinState.
Split the setup of the spi bus and the sd card into two separate functions. The sd card uses the spi bus and gpio pins (which we ignore at the moment). If we add gpio setup for the sd card, having a separate sd card setup function makes the code easier to read.
Document the current state of support for the sd card's card detect gpio. We're relying on the defaults of the gpio controller. This seems to work in practice but we should be aware of this when we run into problems.
The initialisation of hobgoblin's memory map makes use of the fact that uninitialised static variables are initialised as 0 or NULL. See https://c-faq.com/decl/initval.html for details. For sections that use the default memory type, we don't have to set type 0 explicitly. If we have memory type 0 and an empty section name, we can also remove the section name. It'll be initialised to NULL. This change was tested by invoking the monitor command "info mtree" in a running qemu. The empty section names are displayed correctly.
Get the class struct from the instance struct of the hobgoblin machine. Pass only the instance as a parameter to hobgoblin_add_id_register.
Hobgoblin is an RV64 platform, and the CODASIP_A730 cpu type which the platform depends on is not defined for rv32 builds, resulting in qemu test-suite failures.
The hobgoblin machine needs virtio mmio transport and uart and ssi-sd emulations. Select these dependencies explicitly. Don't rely on other machines to enable them for us. This issue was discovered during the 6.2 merge. qemu 6.2 introduces a new approach for the default ram region. Some of the risc-v machines do not support this new approach in combination with cheri tagmem. Unfortunately, it is not an option to ignore those machines. The qtest framework runs tests on all configured machines and fails for the machines that conflict with cheri. The most sensible approach is to disable the machines that are not needed for cheri. Disabling those machines made hobgoblin fail because of the missing dependencies.
We've now pulled in the commit that defines RISCV64_BIOS_BIN for all riscv machines. Remove the local define for hobgoblin.
This is a simple emulation of the Codasip TRNG (True Random Number Generator), based on the documentation (version 0.01). There is no distinction between the raw and processed FIFOs, and the FIFO is only one element deep, but these differences from the real hardware shouldn't be visible to most users. The reset value of the CONFIG register is unknown at this point, but as it only affects parts of the low level behavior of hardware which aren't visible to the user this shouldn't matter. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
Add the TRNG (True Random Number Generator) to the Hobgoblin platform. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
Invalidate only operates on the ramblock and only uses the env/vaddr pointers to log things into a CPU's logging buffer. Make a version available that can be called from elsewhere without access to CPUArchState.
The device has a 64k region. Initial implementation contains a features register set to default values. Other registers are initialised to 0, local memory and filter tables not mapped to anything. Implement handling for tag invalidate and tcmo Implement a handler for the tistart, tiend and tcmo registers. tcmo does nothing beyond clearing the activate bit if it was set. the tag invalidate calls the cheri_tag_phys_invalidate_external function to request the tags to be cleared for the given area of physical memory. Place the CMU in the RISCV directory. Whilst other Cherii implementations may benefit from CMU access at present this is only applicable to RiscV with our CMU Make CMU CLEN match the CPU CLEN. The CMU operates on blocks of 8 capabilities, so addresses need to be rounded to cope with this.
Someone who instantiates a cmu object will have to configure its instance. The config settings like ram size, location are not constant and not known at compile time. It's common practice in qemu to use properties for such settings. This patch defines the required properties for cmu configuration.
Each cmu object contains an invalidate_region pointer that points to the tag clearing function. Initialise this pointer when a cmu object is created. For non-cheri builds, we still have to keep the cmu simulation around. (TARGET_CHERI can't be checked from Kconfig files...) We decided to set invalidate_region to NULL if cheri is not supported.
Update hobgoblin_add_memory_area to return the memory region that has just been added. On cheri systems, the returned region will be linked to a cmu instance.
Instantiate CMU peripherals that control the sram and the two dram regions. Connect them to the sysbus. Use a similar approach as for other memory mapped peripherals.
The invalidate_region function pointer should be part of the class struct. It is identical for all instances of the cmu class.
Add overflow checks for the parameters of c->invalidate_region(). These parameters are based on the contents of the tistart and tiend registers. The guest software may set them to arbitrary values that are unrelated to the address range of the cmu's ram region. cheri_tag_phys_invalidate_external assumes that its start and length parameters are valid and lie within the tag memory region. It's simple to overflow the subtractions and make qemu crash in cheri_tag_phys_invalidate_external. Use the compiler's builtin functions for overflow checks. They are supported by gcc and clang and allow for generating efficient code.
The CMU could be accessed from either a 32 or 64bit arch so accesses need to be able to cope with <64bit reads/writes.
Add a simulation of the Codasip Hobgoblin Non-Volatile Emulator Block.
It consists of two registers (status, config) and an nvram area of 0xC00 bytes.
The caller must provide the nvram content as a binary file. We use
memory-backend-file to convert the file into a memory region.
Unfortunately, memory-backend-file requires that the input file's length
is a multiple of the host memory's page size (usually 4k). This isn't
easy to change without breaking other parts of qemu. For now, we add 1k
padding after the actual nvram image. The padding is stripped before
mapping the file.
As most users are not interested in nvemu, leaving nvemu unconfigured
should not prevent qemu from starting. If no nvram image file is given on
the command line, the nvemu device can't be realized. This error is
ignored during hobgoblin setup.
Here's a sample run that adds padding to the nvram image and passes it to
qemu:
[martin.kaiser@nb282 qemu]$ dd if=/dev/zero of=./null_bytes bs=1K count=1 && \
cat ./nvw.bin ./null_bytes > ./tmp_image && \
./build/qemu-system-riscv64cheri -smp 1 -cpu codasip-a730,m_flip=off \
-M hobgoblin-genesys2,boot-from-rom=true -nographic \
-bios ./test_rom.bin \
-global hobgoblin-nvemu.memdev=mb0 \
-object memory-backend-file,id=mb0,size=0x1000,mem-path=./tmp_image
1+0 records in
1+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 0.000222637 s, 4.6 MB/s
info: __________ ____ ___ _____ ________
info: / ____/ __ \/ __ \/ | / ___// _/ __ \
info: / / / / / / / / / /| | \__ \ / // /_/ /
info: / /___/ /_/ / /_/ / ___ |___/ // // ____/
info: \____/\____/_____/_/__|_/____/___/_/_
info: / ___// __ )_ __/ ____/ ___/_ __/
info: \__ \/ __ |/ / / __/ \__ \ / /
info: ___/ / /_/ // / / /___ ___/ // /
info: /____/_____//_/ /_____//____//_/
info: =========================================
/shared_home/repo/src/firmware/test/test.c:163:test_memset_zero:PASS
...
/shared_home/repo/src/firmware/test/test.c:202:test_sb_get_auth_enable:PASS
-----------------------
39 Tests 0 Failures 0 Ignored
OK
error: Exit called with exitcode (0)
QEMU: Terminated
[martin.kaiser@nb282 qemu]$
To simplify the addition of new boards, change the initialization of the hobgoblin machine classes to use a single function which takes a parameter describing anything which is machine specific. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
The existing code partly supports 64 addresses, even when it shouldn't: - addresses within the descriptor are always treated as 64 bit - the CURDESC_MSB and TAILDESC_MSB registers can be read/written, but should be read only zero (potentially breaking 64 bit auto detection), however they have no effect. Fix this by adding a new "64bit" property. When this is clear: - the NXTDESC_MSB and BUFFER_ADDRESS_MSB fields in the descriptor are ignored - writes to the CURDESC_MSB and TAILDESC_MSB registers are ignored When set, full 64 bit support is provided. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
Linux probes for 64 bit support by first checking that the ID register has major revision (bits 31-24) of at least 9. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
For transmitted packets, check the stream control word to see whether full transmit checksum offloading has been requested, and if so fill in IP and TCP/UDP checksums. On the receive size, we assume checking has already been performed, and so just need to set the flags to indicate that the checks passed. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
This has been removed from the FPGA platforms. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
While 128 MiB (0x08000000) of address space is reserved, only 512 KiB (0x00080000) is populated. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
Add dram and dram_banks fields to the concrete HobgoblinClass, and remove DRAM from the generic Hobgoblin memmap array. This gives more flexibility in initialising the system's DRAM. Fix the proFPGA's DRAM memory map, as it only has a single bank for DRAM (at 0x20_00000000). Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
The Xilinx axi-dma device device now needs to know whether it is attached to a 64 bit bus. Signed-off-by: Stuart Menefy <stuart.menefy@codasip.com>
… of interest. Make the gitlab script just archive the binary. Remove the tar command export the qemu-system-riscv64 binary as the package artifact
Add 32bit cheri as a target package and save it as an artifact.
Uploads the binaries to gitlab using the generic package registry. We use version 0.0.1 as we currently have no numbered version scheme. Each package build (which occurs on a nightly schedule) will replace the binaries in the package registry with the latest.
…une flag it defaults to, Gitlab defaults to fetching with --quiet --prune. Which results in tags being stripped off and affects the output of git describe which is used in the build to decorate the version information. In addition it does a shallow fetch with a depth of 20, which means the tags we are interested in are not present. Instead we now do a fetch with no depth specified Resolves ESWIM-18
As the version information isn't specifically needed here just remove it.
Add the qemu-img tool to the artifacts and to the package that is generated by the nightly build. qemu-img is needed for the secure boot firmware.
Create a package in the Package Registry if we push a git tag.
Use the correct syntax to check if CI_COMMIT_TAG is defined or not. We saw that the tag_build job was running for untagged versions. Fortunately, the final curl statements failed due to the empty CI_COMMIT_TAG - and we did not end up with tons of useless "packages". Fixes: 6548724 (".gitlab-ci.yml: create package from tags")
Use a single job to build qemu for all architectures in which we're interested. Our current setup clones a new git repository for each architecture, this is not needed. Keep some binaries from the build job as short-lived artifacts. They can be picked up by the packaging jobs afterwards. Move the build configuration into a yaml anchor. This way, the configuration can be shared between all jobs that have to configure a build. Move the architecture specific build jobs to the test stage. For now, we keep running the tests that these jobs create. (These jobs will be deleted after we refactored the tests.)
During the "nightly build", we can reuse the results of the build stage. All we have to do is upload them to the package repository. Rename nightly_build to nightly_upload and use the build artifacts. Make sure that the build runs during as part of a scheduled pipeline. Define a variable for the target directory to simplify the upload commands.
Simplify the job to upload a tagged release. Reuse the artifacts from the previous build job. Make sure that this job is run for a tagged commit.
Remove the scripts/riscv_cheri/package script. It is not used any more. (It was used by the package jobs in ci/cd. These jobs are now using the artifacts from the build jobs instead of calling the package script.)
Both tag_upload and nightly_upload use the same sequence of curl commands to upload binaries to the package registry. Move these commands into a yaml anchor and share them between the two jobs.
Create a separate job to run ninja test (meson test). Start the tests via ninja, this falls back to meson from a git submodule if no system meson is installed. meson test requires the results of a complete build. As we don't want to keep several GB of artifcats from the build job, we have to bite the bullet and run a compilation before the tests. For the tests, we want to provide the results as artifact even when some tests failed (by default, artifacts are created only for successful jobs).
Remove the architecture-specific test jobs. They all run meson test, this is now covered by a new job. Additionally, the riscv64 cheri test job runs the bakewell and newlib tests. These tests will be run from the avocado framework in future. While at it, remove global variables that were used for test and build jobs. They are no longer needed.
Remove the test scripts which are no longer needed. We'll trigger the bakewell and newlib tests via the avocado framework.
Paul fixed the aarch64-softmmu build. Add this target to ci/cd to make sure that we don't break it in the future.
Avoid a mixture of single and double quotes in otherwise identical statements. (The difference is that within double quotes, variables are expanded. Text in single quotes is processed as is.)
We observed timeouts when running the qtest suite on the gitlab runners. It's possible to extend the test timeouts by calling meson test -t <factor> If we invoke the tests via ninja test, we can't pass any parameters Switch the the submodule meson, always ignore the system meson. Run the tests via meson test and use 30x the original timeouts.
Disable l2tp, oss, alsa and tmp. These features were added after the 6.0 release, we don't need them for cheri risc-v.
Keep the testlog.txt that's produced by "meson test". The .txt is easier to read than the .xml when tracking down test failures.
Add a CI job that runs the Morello testsuite. Provide the results as txt and xml. Allow this job to fail. Switch to the new docker environment for building qemu in order to get virtualenv Create a virtualenv and add pytest to is as part of the test.
The qemu branch will be passed as the QEMU_BRANCH variable.
We do not expect any failures in the pipeline. Any expected failures are handled in the test harness so we should expect all tests to pass at this level.
Add a new build step for a qemu debug build. Move the common configure arguments into global variables. Use mkdir -p to avoid failures if the directory already exists. Co-developed-by: Martin Kaiser <martin.kaiser@codasip.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.