qemu
qemu copied to clipboard
Xilinx
arm: cp15 support
Initially reported at https://gitlab.com/qemu-project/qemu/-/issues/1245 but closed there as fork-dependent. Also reported to GDB at https://sourceware.org/bugzilla/show_bug.cgi?id=29675
Environment
I am running qemu-system-xilinx-aarch64 on Debian, as part of the Zephyr SDK version 0.15.
$ qemu-system-xilinx-aarch64 --version
QEMU emulator version 5.1.0 (v2.6.0-35778-ge40b634b24-dirty)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
The command line I start qemu with is:
$ qemu-system-xilinx-aarch64 -nographic -machine arm-generic-fdt-7series -dtb /home/.../zephyr/boards/arm/qemu_cortex_a9/fdt-zynq7000s.dtb -pidfile qemu.pid -chardev stdio,id=con,mux=on -serial chardev:con -mon chardev=con,mode=readline -icount shift=3,align=off,sleep=on -rtc clock=vm -device loader,file=/home/.../build/zephyr/zephyr.elf,cpu-num=0 -s -S
What I want to do
Using low vector base address (not hivecs), I want to set the vector base address VBAR to point to the memory location of the exception vector, in my case 0x100000.
Here is the disassembly of the code that should be setting VBAR to 0x100000 (access through coprocessor cp15):
(gdb) disas
Dump of assembler code for function z_arm_prep_c:
=> 0x001060ec <+0>: ldr r3, [pc, #24] ; 0x10610c <z_arm_prep_c+32>
0x001060f0 <+4>: push {r4, lr}
0x001060f4 <+8>: bic r3, r3, #31
0x001060f8 <+12>: mcr 15, 0, r3, cr12, cr0, {0}
0x001060fc <+16>: isb sy
0x00106100 <+20>: bl 0x1083e4 <z_bss_zero>
0x00106104 <+24>: bl 0x1070dc <z_arm_interrupt_init>
The issue
After executing the code above, VBAR seems to remain clear:
(gdb) info register VBAR
VBAR 0x0 0
From what I have gathered reading Peter Maydell's reply to this email from 2013, VBAR is not implemented because qemu is a non-TrustZone model. Is this correct?
After some tests, I get the impression that VBAR does work, it's just a gdb issue. Any confirmation?
Thanks in advance,
