[Qemu-devel] [PULL 00/13] target-arm queue

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Arm patch queue -- these are all bug fix patches but we might
as well put them in to rc0...

thanks
-- PMM

The following changes since commit 2c8cfc0b52b5a4d123c26c0b5fdf941be24805be:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-03-19 11:44:26 +0000)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180319

for you to fetch changes up to ff72cb6b46b95bb530787add5277c211af3d31c6:

  hw/arm/raspi: Provide spin-loop code for AArch64 CPUs (2018-03-19 18:23:24 +0000)

----------------------------------------------------------------
target-arm queue:
 * fsl-imx6: Fix incorrect Ethernet interrupt defines
 * dump: Update correct kdump phys_base field for AArch64
 * char: i.MX: Add support for "TX complete" interrupt
 * bcm2836/raspi: Fix various bugs resulting in panics trying
   to boot a Debian Linux kernel on raspi3

----------------------------------------------------------------
Andrey Smirnov (2):
      char: i.MX: Simplify imx_update()
      char: i.MX: Add support for "TX complete" interrupt

Guenter Roeck (1):
      fsl-imx6: Swap Ethernet interrupt defines

Peter Maydell (9):
      hw/arm/raspi: Don't do board-setup or secure-boot for raspi3
      hw/arm/boot: assert that secure_boot and secure_board_setup are false for AArch64
      hw/arm/boot: If booting a kernel in EL2, set SCR_EL3.HCE
      hw/arm/bcm2386: Fix parent type of bcm2386
      hw/arm/bcm2836: Rename bcm2836 type/struct to bcm283x
      hw/arm/bcm2836: Create proper bcm2837 device
      hw/arm/bcm2836: Use correct affinity values for BCM2837
      hw/arm/bcm2836: Hardcode correct CPU type
      hw/arm/raspi: Provide spin-loop code for AArch64 CPUs

Wei Huang (1):
      dump: Update correct kdump phys_base field for AArch64

 include/hw/arm/bcm2836.h     | 31 +++++++++++++---
 include/hw/arm/fsl-imx6.h    |  4 +-
 include/hw/char/imx_serial.h |  3 ++
 dump.c                       | 14 +++++--
 hw/arm/bcm2836.c             | 87 +++++++++++++++++++++++++++++++-------------
 hw/arm/boot.c                | 12 ++++++
 hw/arm/raspi.c               | 77 +++++++++++++++++++++++++++++++--------
 hw/char/imx_serial.c         | 44 ++++++++++++++++------
 hw/net/imx_fec.c             | 28 +++++++++++++-
 9 files changed, 237 insertions(+), 63 deletions(-)

[Qemu-devel] [PULL 01/13] fsl-imx6: Swap Ethernet interrupt defines

[Peter Maydell]

From: Guenter Roeck <linux@roeck-us.net>

The sabrelite machine model used by qemu-system-arm is based on the
Freescale/NXP i.MX6Q processor. This SoC has an on-board ethernet
controller which is supported in QEMU using the imx_fec.c module
(actually called imx.enet for this model.)

The include/hw/arm/fsm-imx6.h file defines the interrupt vectors for the
imx.enet device like this:

 #define FSL_IMX6_ENET_MAC_1588_IRQ 118
 #define FSL_IMX6_ENET_MAC_IRQ 119

According to https://www.nxp.com/docs/en/reference-manual/IMX6DQRM.pdf,
page 225, in Table 3-1. ARM Cortex A9 domain interrupt summary,
interrupts are as follows.

150 ENET MAC 0 IRQ
151 ENET MAC 0 1588 Timer interrupt

where

150 - 32 == 118
151 - 32 == 119

In other words, the vector definitions in the fsl-imx6.h file are reversed.

Fixing the interrupts alone causes problems with older Linux kernels:
The Ethernet interface will fail to probe with Linux v4.9 and earlier.
Linux v4.1 and earlier will crash due to a bug in Ethernet driver probe
error handling. This is a Linux kernel problem, not a qemu problem:
the Linux kernel only worked by accident since it requested both interrupts.

For backward compatibility, generate the Ethernet interrupt on both interrupt
lines. This was shown to work from all Linux kernel releases starting with
v3.16.

Link: https://bugs.launchpad.net/qemu/+bug/1753309
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 1520723090-22130-1-git-send-email-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/fsl-imx6.h |  4 ++--
 hw/net/imx_fec.c          | 28 +++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h
index ec6c509d74..06f8aaeda4 100644
--- a/include/hw/arm/fsl-imx6.h
+++ b/include/hw/arm/fsl-imx6.h
@@ -438,8 +438,8 @@ typedef struct FslIMX6State {
 #define FSL_IMX6_HDMI_MASTER_IRQ 115
 #define FSL_IMX6_HDMI_CEC_IRQ 116
 #define FSL_IMX6_MLB150_LOW_IRQ 117
-#define FSL_IMX6_ENET_MAC_1588_IRQ 118
-#define FSL_IMX6_ENET_MAC_IRQ 119
+#define FSL_IMX6_ENET_MAC_IRQ 118
+#define FSL_IMX6_ENET_MAC_1588_IRQ 119
 #define FSL_IMX6_PCIE1_IRQ 120
 #define FSL_IMX6_PCIE2_IRQ 121
 #define FSL_IMX6_PCIE3_IRQ 122
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 9506f9b69f..6e297c5480 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -417,7 +417,33 @@ static void imx_enet_write_bd(IMXENETBufDesc *bd, dma_addr_t addr)
 
 static void imx_eth_update(IMXFECState *s)
 {
-    if (s->regs[ENET_EIR] & s->regs[ENET_EIMR] & ENET_INT_TS_TIMER) {
+    /*
+     * Previous versions of qemu had the ENET_INT_MAC and ENET_INT_TS_TIMER
+     * interrupts swapped. This worked with older versions of Linux (4.14
+     * and older) since Linux associated both interrupt lines with Ethernet
+     * MAC interrupts. Specifically,
+     * - Linux 4.15 and later have separate interrupt handlers for the MAC and
+     *   timer interrupts. Those versions of Linux fail with versions of QEMU
+     *   with swapped interrupt assignments.
+     * - In linux 4.14, both interrupt lines were registered with the Ethernet
+     *   MAC interrupt handler. As a result, all versions of qemu happen to
+     *   work, though that is accidental.
+     * - In Linux 4.9 and older, the timer interrupt was registered directly
+     *   with the Ethernet MAC interrupt handler. The MAC interrupt was
+     *   redirected to a GPIO interrupt to work around erratum ERR006687.
+     *   This was implemented using the SOC's IOMUX block. In qemu, this GPIO
+     *   interrupt never fired since IOMUX is currently not supported in qemu.
+     *   Linux instead received MAC interrupts on the timer interrupt.
+     *   As a result, qemu versions with the swapped interrupt assignment work,
+     *   albeit accidentally, but qemu versions with the correct interrupt
+     *   assignment fail.
+     *
+     * To ensure that all versions of Linux work, generate ENET_INT_MAC
+     * interrrupts on both interrupt lines. This should be changed if and when
+     * qemu supports IOMUX.
+     */
+    if (s->regs[ENET_EIR] & s->regs[ENET_EIMR] &
+        (ENET_INT_MAC | ENET_INT_TS_TIMER)) {
         qemu_set_irq(s->irq[1], 1);
     } else {
         qemu_set_irq(s->irq[1], 0);
-- 
2.16.2

[Qemu-devel] [PULL 02/13] dump: Update correct kdump phys_base field for AArch64

[Peter Maydell]

From: Wei Huang <wei@redhat.com>

For guest kernel that supports KASLR, the load address can change every
time when guest VM runs. To find the physical base address correctly,
current QEMU dump searches VMCOREINFO for the string "NUMBER(phys_base)=".
However this string pattern is only available on x86_64. AArch64 uses a
different field, called "NUMBER(PHYS_OFFSET)=". This patch makes sure
QEMU dump uses the correct string on AArch64.

Signed-off-by: Wei Huang <wei@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1520615003-20869-1-git-send-email-wei@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 dump.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/dump.c b/dump.c
index 097e60b2b3..6bdb0dbe23 100644
--- a/dump.c
+++ b/dump.c
@@ -1609,10 +1609,18 @@ static void vmcoreinfo_update_phys_base(DumpState *s)
 
     lines = g_strsplit((char *)vmci, "\n", -1);
     for (i = 0; lines[i]; i++) {
-        if (g_str_has_prefix(lines[i], "NUMBER(phys_base)=")) {
-            if (qemu_strtou64(lines[i] + 18, NULL, 16,
+        const char *prefix = NULL;
+
+        if (s->dump_info.d_machine == EM_X86_64) {
+            prefix = "NUMBER(phys_base)=";
+        } else if (s->dump_info.d_machine == EM_AARCH64) {
+            prefix = "NUMBER(PHYS_OFFSET)=";
+        }
+
+        if (prefix && g_str_has_prefix(lines[i], prefix)) {
+            if (qemu_strtou64(lines[i] + strlen(prefix), NULL, 16,
                               &phys_base) < 0) {
-                warn_report("Failed to read NUMBER(phys_base)=");
+                warn_report("Failed to read %s", prefix);
             } else {
                 s->dump_info.phys_base = phys_base;
             }
-- 
2.16.2

[Qemu-devel] [PULL 03/13] char: i.MX: Simplify imx_update()

[Peter Maydell]

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Code of imx_update() is slightly confusing since the "flags" variable
doesn't really corespond to anything in real hardware and server as a
kitchensink accumulating events normally reported via USR1 and USR2
registers.

Change the code to explicitly evaluate state of interrupts reported
via USR1 and USR2 against corresponding masking bits and use the to
detemine if IRQ line should be asserted or not.

NOTE: Check for UTS1_TXEMPTY being set has been dropped for two
reasons:

    1. Emulation code implements a single character FIFO, so this flag
       will always be set since characters are trasmitted as a part of
       the code emulating "push" into the FIFO

    2. imx_update() is really just a function doing ORing and maksing
       of reported events, so checking for UTS1_TXEMPTY should happen,
       if it's ever really needed should probably happen outside of
       it.

Cc: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org
Cc: Bill Paul <wpaul@windriver.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Message-id: 20180315191141.6789-1-andrew.smirnov@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/imx_serial.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index 70405ccf8b..d1e8586280 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -56,16 +56,24 @@ static const VMStateDescription vmstate_imx_serial = {
 
 static void imx_update(IMXSerialState *s)
 {
-    uint32_t flags;
+    uint32_t usr1;
+    uint32_t usr2;
+    uint32_t mask;
 
-    flags = (s->usr1 & s->ucr1) & (USR1_TRDY|USR1_RRDY);
-    if (s->ucr1 & UCR1_TXMPTYEN) {
-        flags |= (s->uts1 & UTS1_TXEMPTY);
-    } else {
-        flags &= ~USR1_TRDY;
-    }
+    /*
+     * Lucky for us TRDY and RRDY has the same offset in both USR1 and
+     * UCR1, so we can get away with something as simple as the
+     * following:
+     */
+    usr1 = s->usr1 & s->ucr1 & (USR1_TRDY | USR1_RRDY);
+    /*
+     * Bits that we want in USR2 are not as conveniently laid out,
+     * unfortunately.
+     */
+    mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0;
+    usr2 = s->usr2 & mask;
 
-    qemu_set_irq(s->irq, !!flags);
+    qemu_set_irq(s->irq, usr1 || usr2);
 }
 
 static void imx_serial_reset(IMXSerialState *s)
-- 
2.16.2

[Qemu-devel] [PULL 04/13] char: i.MX: Add support for "TX complete" interrupt

[Peter Maydell]

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Add support for "TX complete"/TXDC interrupt generate by real HW since
it is needed to support guests other than Linux.

Based on the patch by Bill Paul as found here:
https://bugs.launchpad.net/qemu/+bug/1753314

Cc: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org
Cc: Bill Paul <wpaul@windriver.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bill Paul <wpaul@windriver.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Message-id: 20180315191141.6789-2-andrew.smirnov@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/char/imx_serial.h |  3 +++
 hw/char/imx_serial.c         | 20 +++++++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
index baeec3183f..5b99cee7cf 100644
--- a/include/hw/char/imx_serial.h
+++ b/include/hw/char/imx_serial.h
@@ -67,6 +67,8 @@
 #define UCR2_RXEN       (1<<1)    /* Receiver enable */
 #define UCR2_SRST       (1<<0)    /* Reset complete */
 
+#define UCR4_TCEN       BIT(3)    /* TX complete interrupt enable */
+
 #define UTS1_TXEMPTY    (1<<6)
 #define UTS1_RXEMPTY    (1<<5)
 #define UTS1_TXFULL     (1<<4)
@@ -95,6 +97,7 @@ typedef struct IMXSerialState {
     uint32_t ubmr;
     uint32_t ubrc;
     uint32_t ucr3;
+    uint32_t ucr4;
 
     qemu_irq irq;
     CharBackend chr;
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index d1e8586280..1e5540472b 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -37,8 +37,8 @@
 
 static const VMStateDescription vmstate_imx_serial = {
     .name = TYPE_IMX_SERIAL,
-    .version_id = 1,
-    .minimum_version_id = 1,
+    .version_id = 2,
+    .minimum_version_id = 2,
     .fields = (VMStateField[]) {
         VMSTATE_INT32(readbuff, IMXSerialState),
         VMSTATE_UINT32(usr1, IMXSerialState),
@@ -50,6 +50,7 @@ static const VMStateDescription vmstate_imx_serial = {
         VMSTATE_UINT32(ubmr, IMXSerialState),
         VMSTATE_UINT32(ubrc, IMXSerialState),
         VMSTATE_UINT32(ucr3, IMXSerialState),
+        VMSTATE_UINT32(ucr4, IMXSerialState),
         VMSTATE_END_OF_LIST()
     },
 };
@@ -71,6 +72,11 @@ static void imx_update(IMXSerialState *s)
      * unfortunately.
      */
     mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0;
+    /*
+     * TCEN and TXDC are both bit 3
+     */
+    mask |= s->ucr4 & UCR4_TCEN;
+
     usr2 = s->usr2 & mask;
 
     qemu_set_irq(s->irq, usr1 || usr2);
@@ -163,6 +169,8 @@ static uint64_t imx_serial_read(void *opaque, hwaddr offset,
         return s->ucr3;
 
     case 0x23: /* UCR4 */
+        return s->ucr4;
+
     case 0x29: /* BRM Incremental */
         return 0x0; /* TODO */
 
@@ -191,8 +199,10 @@ static void imx_serial_write(void *opaque, hwaddr offset,
              * qemu_chr_fe_write and background I/O callbacks */
             qemu_chr_fe_write_all(&s->chr, &ch, 1);
             s->usr1 &= ~USR1_TRDY;
+            s->usr2 &= ~USR2_TXDC;
             imx_update(s);
             s->usr1 |= USR1_TRDY;
+            s->usr2 |= USR2_TXDC;
             imx_update(s);
         }
         break;
@@ -265,8 +275,12 @@ static void imx_serial_write(void *opaque, hwaddr offset,
         s->ucr3 = value & 0xffff;
         break;
 
-    case 0x2d: /* UTS1 */
     case 0x23: /* UCR4 */
+        s->ucr4 = value & 0xffff;
+        imx_update(s);
+        break;
+
+    case 0x2d: /* UTS1 */
         qemu_log_mask(LOG_UNIMP, "[%s]%s: Unimplemented reg 0x%"
                       HWADDR_PRIx "\n", TYPE_IMX_SERIAL, __func__, offset);
         /* TODO */
-- 
2.16.2

[Qemu-devel] [PULL 05/13] hw/arm/raspi: Don't do board-setup or secure-boot for raspi3

[Peter Maydell]

For the rpi1 and 2 we want to boot the Linux kernel via some
custom setup code that makes sure that the SMC instruction
acts as a no-op, because it's used for cache maintenance.
The rpi3 boots AArch64 kernels, which don't need SMC for
cache maintenance and always expect to be booted non-secure.
Don't fill in the aarch32-specific parts of the binfo struct.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-2-peter.maydell@linaro.org
---
 hw/arm/raspi.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index a37881433c..1ac0737149 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -82,10 +82,19 @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
     binfo.board_id = raspi_boardid[version];
     binfo.ram_size = ram_size;
     binfo.nb_cpus = smp_cpus;
-    binfo.board_setup_addr = BOARDSETUP_ADDR;
-    binfo.write_board_setup = write_board_setup;
-    binfo.secure_board_setup = true;
-    binfo.secure_boot = true;
+
+    if (version <= 2) {
+        /* The rpi1 and 2 require some custom setup code to run in Secure
+         * mode before booting a kernel (to set up the SMC vectors so
+         * that we get a no-op SMC; this is used by Linux to call the
+         * firmware for some cache maintenance operations.
+         * The rpi3 doesn't need this.
+         */
+        binfo.board_setup_addr = BOARDSETUP_ADDR;
+        binfo.write_board_setup = write_board_setup;
+        binfo.secure_board_setup = true;
+        binfo.secure_boot = true;
+    }
 
     /* Pi2 and Pi3 requires SMP setup */
     if (version >= 2) {
-- 
2.16.2

[Qemu-devel] [PULL 06/13] hw/arm/boot: assert that secure_boot and secure_board_setup are false for AArch64

[Peter Maydell]

Add some assertions that if we're about to boot an AArch64 kernel,
the board code has not mistakenly set either secure_boot or
secure_board_setup. It doesn't make sense to set secure_boot,
because all AArch64 kernels must be booted in non-secure mode.

It might in theory make sense to set secure_board_setup, but
we don't currently support that, because only the AArch32
bootloader[] code calls this hook; bootloader_aarch64[] does not.
Since we don't have a current need for this functionality, just
assert that we don't try to use it. If it's needed we'll add
it later.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-3-peter.maydell@linaro.org
---
 hw/arm/boot.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 196c7fb242..e21a92f972 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -720,6 +720,13 @@ static void do_cpu_reset(void *opaque)
                     } else {
                         env->pstate = PSTATE_MODE_EL1h;
                     }
+                    /* AArch64 kernels never boot in secure mode */
+                    assert(!info->secure_boot);
+                    /* This hook is only supported for AArch32 currently:
+                     * bootloader_aarch64[] will not call the hook, and
+                     * the code above has already dropped us into EL2 or EL1.
+                     */
+                    assert(!info->secure_board_setup);
                 }
 
                 /* Set to non-secure if not a secure boot */
-- 
2.16.2

[Qemu-devel] [PULL 07/13] hw/arm/boot: If booting a kernel in EL2, set SCR_EL3.HCE

[Peter Maydell]

If we're directly booting a Linux kernel and the CPU supports both
EL3 and EL2, we start the kernel in EL2, as it expects. We must also
set the SCR_EL3.HCE bit in this situation, so that the HVC
instruction is enabled rather than UNDEFing. Otherwise at least some
kernels will panic when trying to initialize KVM in the guest.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180313153458.26822-4-peter.maydell@linaro.org
---
 hw/arm/boot.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e21a92f972..9319b12fcd 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -729,6 +729,11 @@ static void do_cpu_reset(void *opaque)
                     assert(!info->secure_board_setup);
                 }
 
+                if (arm_feature(env, ARM_FEATURE_EL2)) {
+                    /* If we have EL2 then Linux expects the HVC insn to work */
+                    env->cp15.scr_el3 |= SCR_HCE;
+                }
+
                 /* Set to non-secure if not a secure boot */
                 if (!info->secure_boot &&
                     (cs != first_cpu || !info->secure_board_setup)) {
-- 
2.16.2

[Qemu-devel] [PULL 08/13] hw/arm/bcm2386: Fix parent type of bcm2386

[Peter Maydell]

The TypeInfo and state struct for bcm2386 disagree about what the
parent class is -- the TypeInfo says it's TYPE_SYS_BUS_DEVICE,
but the BCM2386State struct only defines the parent_obj field
as DeviceState. This would have caused problems if anything
actually tried to treat the object as a TYPE_SYS_BUS_DEVICE.
Fix the TypeInfo to use TYPE_DEVICE as the parent, since we don't
need any of the additional functionality TYPE_SYS_BUS_DEVICE
provides.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-5-peter.maydell@linaro.org
---
 hw/arm/bcm2836.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 40e8b25a46..9266f27c14 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -165,7 +165,7 @@ static void bcm2836_class_init(ObjectClass *oc, void *data)
 
 static const TypeInfo bcm2836_type_info = {
     .name = TYPE_BCM2836,
-    .parent = TYPE_SYS_BUS_DEVICE,
+    .parent = TYPE_DEVICE,
     .instance_size = sizeof(BCM2836State),
     .instance_init = bcm2836_init,
     .class_init = bcm2836_class_init,
-- 
2.16.2

[Qemu-devel] [PULL 09/13] hw/arm/bcm2836: Rename bcm2836 type/struct to bcm283x

[Peter Maydell]

Our BCM2836 type is really a generic one that can be any of
the bcm283x family. Rename it accordingly. We change only
the names which are visible via the header file to the
rest of the QEMU code, leaving private function names
in bcm2836.c as they are.

This is a preliminary to making bcm283x be an abstract
parent class to specific types for the bcm2836 and bcm2837.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-6-peter.maydell@linaro.org
---
 include/hw/arm/bcm2836.h | 12 ++++++------
 hw/arm/bcm2836.c         | 17 +++++++++--------
 hw/arm/raspi.c           | 16 ++++++++--------
 3 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index 4758b4ae54..9a10a76631 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -15,12 +15,12 @@
 #include "hw/arm/bcm2835_peripherals.h"
 #include "hw/intc/bcm2836_control.h"
 
-#define TYPE_BCM2836 "bcm2836"
-#define BCM2836(obj) OBJECT_CHECK(BCM2836State, (obj), TYPE_BCM2836)
+#define TYPE_BCM283X "bcm283x"
+#define BCM283X(obj) OBJECT_CHECK(BCM283XState, (obj), TYPE_BCM283X)
 
-#define BCM2836_NCPUS 4
+#define BCM283X_NCPUS 4
 
-typedef struct BCM2836State {
+typedef struct BCM283XState {
     /*< private >*/
     DeviceState parent_obj;
     /*< public >*/
@@ -28,9 +28,9 @@ typedef struct BCM2836State {
     char *cpu_type;
     uint32_t enabled_cpus;
 
-    ARMCPU cpus[BCM2836_NCPUS];
+    ARMCPU cpus[BCM283X_NCPUS];
     BCM2836ControlState control;
     BCM2835PeripheralState peripherals;
-} BCM2836State;
+} BCM283XState;
 
 #endif /* BCM2836_H */
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 9266f27c14..1d1908654b 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -25,7 +25,7 @@
 
 static void bcm2836_init(Object *obj)
 {
-    BCM2836State *s = BCM2836(obj);
+    BCM283XState *s = BCM283X(obj);
 
     object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL);
     object_property_add_child(obj, "control", OBJECT(&s->control), NULL);
@@ -44,7 +44,7 @@ static void bcm2836_init(Object *obj)
 
 static void bcm2836_realize(DeviceState *dev, Error **errp)
 {
-    BCM2836State *s = BCM2836(dev);
+    BCM283XState *s = BCM283X(dev);
     Object *obj;
     Error *err = NULL;
     int n;
@@ -52,7 +52,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
     /* common peripherals from bcm2835 */
 
     obj = OBJECT(dev);
-    for (n = 0; n < BCM2836_NCPUS; n++) {
+    for (n = 0; n < BCM283X_NCPUS; n++) {
         object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
                           s->cpu_type);
         object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
@@ -102,7 +102,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
     sysbus_connect_irq(SYS_BUS_DEVICE(&s->peripherals), 1,
         qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-fiq", 0));
 
-    for (n = 0; n < BCM2836_NCPUS; n++) {
+    for (n = 0; n < BCM283X_NCPUS; n++) {
         /* Mirror bcm2836, which has clusterid set to 0xf
          * TODO: this should be converted to a property of ARM_CPU
          */
@@ -150,8 +150,9 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 }
 
 static Property bcm2836_props[] = {
-    DEFINE_PROP_STRING("cpu-type", BCM2836State, cpu_type),
-    DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, BCM2836_NCPUS),
+    DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type),
+    DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus,
+                       BCM283X_NCPUS),
     DEFINE_PROP_END_OF_LIST()
 };
 
@@ -164,9 +165,9 @@ static void bcm2836_class_init(ObjectClass *oc, void *data)
 }
 
 static const TypeInfo bcm2836_type_info = {
-    .name = TYPE_BCM2836,
+    .name = TYPE_BCM283X,
     .parent = TYPE_DEVICE,
-    .instance_size = sizeof(BCM2836State),
+    .instance_size = sizeof(BCM283XState),
     .instance_init = bcm2836_init,
     .class_init = bcm2836_class_init,
 };
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 1ac0737149..58c6e80a17 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -32,7 +32,7 @@
 static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
 
 typedef struct RasPiState {
-    BCM2836State soc;
+    BCM283XState soc;
     MemoryRegion ram;
 } RasPiState;
 
@@ -136,7 +136,7 @@ static void raspi_init(MachineState *machine, int version)
     BusState *bus;
     DeviceState *carddev;
 
-    object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM2836);
+    object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM283X);
     object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
                               &error_abort);
 
@@ -189,9 +189,9 @@ static void raspi2_machine_init(MachineClass *mc)
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
     mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
-    mc->max_cpus = BCM2836_NCPUS;
-    mc->min_cpus = BCM2836_NCPUS;
-    mc->default_cpus = BCM2836_NCPUS;
+    mc->max_cpus = BCM283X_NCPUS;
+    mc->min_cpus = BCM283X_NCPUS;
+    mc->default_cpus = BCM283X_NCPUS;
     mc->default_ram_size = 1024 * 1024 * 1024;
     mc->ignore_memory_transaction_failures = true;
 };
@@ -212,9 +212,9 @@ static void raspi3_machine_init(MachineClass *mc)
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
     mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
-    mc->max_cpus = BCM2836_NCPUS;
-    mc->min_cpus = BCM2836_NCPUS;
-    mc->default_cpus = BCM2836_NCPUS;
+    mc->max_cpus = BCM283X_NCPUS;
+    mc->min_cpus = BCM283X_NCPUS;
+    mc->default_cpus = BCM283X_NCPUS;
     mc->default_ram_size = 1024 * 1024 * 1024;
 }
 DEFINE_MACHINE("raspi3", raspi3_machine_init)
-- 
2.16.2

[Qemu-devel] [PULL 10/13] hw/arm/bcm2836: Create proper bcm2837 device

[Peter Maydell]

The bcm2837 is pretty similar to the bcm2836, but it does have
some differences. Notably, the MPIDR affinity aff1 values it
sets for the CPUs are 0x0, rather than the 0xf that the bcm2836
uses, and if this is wrong Linux will not boot.

Rather than trying to have one device with properties that
configure it differently for the two cases, create two
separate QOM devices for the two SoCs. We use the same approach
as hw/arm/aspeed_soc.c and share code and have a data table
that might differ per-SoC. For the moment the two types don't
actually have different behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-7-peter.maydell@linaro.org
---
 include/hw/arm/bcm2836.h | 19 +++++++++++++++++++
 hw/arm/bcm2836.c         | 37 ++++++++++++++++++++++++++++++++-----
 hw/arm/raspi.c           |  3 ++-
 3 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index 9a10a76631..93248399ba 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -20,6 +20,13 @@
 
 #define BCM283X_NCPUS 4
 
+/* These type names are for specific SoCs; other than instantiating
+ * them, code using these devices should always handle them via the
+ * BCM283x base class, so they have no BCM2836(obj) etc macros.
+ */
+#define TYPE_BCM2836 "bcm2836"
+#define TYPE_BCM2837 "bcm2837"
+
 typedef struct BCM283XState {
     /*< private >*/
     DeviceState parent_obj;
@@ -33,4 +40,16 @@ typedef struct BCM283XState {
     BCM2835PeripheralState peripherals;
 } BCM283XState;
 
+typedef struct BCM283XInfo BCM283XInfo;
+
+typedef struct BCM283XClass {
+    DeviceClass parent_class;
+    const BCM283XInfo *info;
+} BCM283XClass;
+
+#define BCM283X_CLASS(klass) \
+    OBJECT_CLASS_CHECK(BCM283XClass, (klass), TYPE_BCM283X)
+#define BCM283X_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(BCM283XClass, (obj), TYPE_BCM283X)
+
 #endif /* BCM2836_H */
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 1d1908654b..07d2705f96 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -23,6 +23,19 @@
 /* "QA7" (Pi2) interrupt controller and mailboxes etc. */
 #define BCM2836_CONTROL_BASE    0x40000000
 
+struct BCM283XInfo {
+    const char *name;
+};
+
+static const BCM283XInfo bcm283x_socs[] = {
+    {
+        .name = TYPE_BCM2836,
+    },
+    {
+        .name = TYPE_BCM2837,
+    },
+};
+
 static void bcm2836_init(Object *obj)
 {
     BCM283XState *s = BCM283X(obj);
@@ -156,25 +169,39 @@ static Property bcm2836_props[] = {
     DEFINE_PROP_END_OF_LIST()
 };
 
-static void bcm2836_class_init(ObjectClass *oc, void *data)
+static void bcm283x_class_init(ObjectClass *oc, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(oc);
+    BCM283XClass *bc = BCM283X_CLASS(oc);
 
-    dc->props = bcm2836_props;
+    bc->info = data;
     dc->realize = bcm2836_realize;
+    dc->props = bcm2836_props;
 }
 
-static const TypeInfo bcm2836_type_info = {
+static const TypeInfo bcm283x_type_info = {
     .name = TYPE_BCM283X,
     .parent = TYPE_DEVICE,
     .instance_size = sizeof(BCM283XState),
     .instance_init = bcm2836_init,
-    .class_init = bcm2836_class_init,
+    .class_size = sizeof(BCM283XClass),
+    .abstract = true,
 };
 
 static void bcm2836_register_types(void)
 {
-    type_register_static(&bcm2836_type_info);
+    int i;
+
+    type_register_static(&bcm283x_type_info);
+    for (i = 0; i < ARRAY_SIZE(bcm283x_socs); i++) {
+        TypeInfo ti = {
+            .name = bcm283x_socs[i].name,
+            .parent = TYPE_BCM283X,
+            .class_init = bcm283x_class_init,
+            .class_data = (void *) &bcm283x_socs[i],
+        };
+        type_register(&ti);
+    }
 }
 
 type_init(bcm2836_register_types)
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 58c6e80a17..f588720138 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -136,7 +136,8 @@ static void raspi_init(MachineState *machine, int version)
     BusState *bus;
     DeviceState *carddev;
 
-    object_initialize(&s->soc, sizeof(s->soc), TYPE_BCM283X);
+    object_initialize(&s->soc, sizeof(s->soc),
+                      version == 3 ? TYPE_BCM2837 : TYPE_BCM2836);
     object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
                               &error_abort);
 
-- 
2.16.2

[Qemu-devel] [PULL 11/13] hw/arm/bcm2836: Use correct affinity values for BCM2837

[Peter Maydell]

The BCM2837 sets the Aff1 field of the MPIDR affinity values for the
CPUs to 0, whereas the BCM2836 uses 0xf. Set this correctly, as it
is required for Linux to boot.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-8-peter.maydell@linaro.org
---
 hw/arm/bcm2836.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 07d2705f96..d775a33969 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -25,14 +25,17 @@
 
 struct BCM283XInfo {
     const char *name;
+    int clusterid;
 };
 
 static const BCM283XInfo bcm283x_socs[] = {
     {
         .name = TYPE_BCM2836,
+        .clusterid = 0xf,
     },
     {
         .name = TYPE_BCM2837,
+        .clusterid = 0x0,
     },
 };
 
@@ -58,6 +61,8 @@ static void bcm2836_init(Object *obj)
 static void bcm2836_realize(DeviceState *dev, Error **errp)
 {
     BCM283XState *s = BCM283X(dev);
+    BCM283XClass *bc = BCM283X_GET_CLASS(dev);
+    const BCM283XInfo *info = bc->info;
     Object *obj;
     Error *err = NULL;
     int n;
@@ -116,10 +121,8 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
         qdev_get_gpio_in_named(DEVICE(&s->control), "gpu-fiq", 0));
 
     for (n = 0; n < BCM283X_NCPUS; n++) {
-        /* Mirror bcm2836, which has clusterid set to 0xf
-         * TODO: this should be converted to a property of ARM_CPU
-         */
-        s->cpus[n].mp_affinity = 0xF00 | n;
+        /* TODO: this should be converted to a property of ARM_CPU */
+        s->cpus[n].mp_affinity = (info->clusterid << 8) | n;
 
         /* set periphbase/CBAR value for CPU-local registers */
         object_property_set_int(OBJECT(&s->cpus[n]),
-- 
2.16.2

[Qemu-devel] [PULL 12/13] hw/arm/bcm2836: Hardcode correct CPU type

[Peter Maydell]

Now we have separate types for BCM2386 and BCM2387, we might as well
just hard-code the CPU type they use rather than having it passed
through as an object property. This then lets us put the initialization
of the CPU object in init rather than realize.

Note that this change means that it's no longer possible on
the command line to use -cpu to ask for a different kind of
CPU than the SoC supports. This was never a supported thing to
do anyway; we were just not sanity-checking the command line.

This does require us to only build the bcm2837 object on
TARGET_AARCH64 configs, since otherwise it won't instantiate
due to the missing cortex-a53 device and "make check" will fail.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-9-peter.maydell@linaro.org
---
 hw/arm/bcm2836.c | 24 +++++++++++++++---------
 hw/arm/raspi.c   |  2 --
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index d775a33969..3e7e8ca791 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -25,23 +25,38 @@
 
 struct BCM283XInfo {
     const char *name;
+    const char *cpu_type;
     int clusterid;
 };
 
 static const BCM283XInfo bcm283x_socs[] = {
     {
         .name = TYPE_BCM2836,
+        .cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"),
         .clusterid = 0xf,
     },
+#ifdef TARGET_AARCH64
     {
         .name = TYPE_BCM2837,
+        .cpu_type = ARM_CPU_TYPE_NAME("cortex-a53"),
         .clusterid = 0x0,
     },
+#endif
 };
 
 static void bcm2836_init(Object *obj)
 {
     BCM283XState *s = BCM283X(obj);
+    BCM283XClass *bc = BCM283X_GET_CLASS(obj);
+    const BCM283XInfo *info = bc->info;
+    int n;
+
+    for (n = 0; n < BCM283X_NCPUS; n++) {
+        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
+                          info->cpu_type);
+        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
+                                  &error_abort);
+    }
 
     object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL);
     object_property_add_child(obj, "control", OBJECT(&s->control), NULL);
@@ -69,14 +84,6 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 
     /* common peripherals from bcm2835 */
 
-    obj = OBJECT(dev);
-    for (n = 0; n < BCM283X_NCPUS; n++) {
-        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
-                          s->cpu_type);
-        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
-                                  &error_abort);
-    }
-
     obj = object_property_get_link(OBJECT(dev), "ram", &err);
     if (obj == NULL) {
         error_setg(errp, "%s: required ram link not found: %s",
@@ -166,7 +173,6 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 }
 
 static Property bcm2836_props[] = {
-    DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type),
     DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus,
                        BCM283X_NCPUS),
     DEFINE_PROP_END_OF_LIST()
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index f588720138..ae15997669 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -150,8 +150,6 @@ static void raspi_init(MachineState *machine, int version)
     /* Setup the SOC */
     object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram),
                                    &error_abort);
-    object_property_set_str(OBJECT(&s->soc), machine->cpu_type, "cpu-type",
-                            &error_abort);
     object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
                             &error_abort);
     int board_rev = version == 3 ? 0xa02082 : 0xa21041;
-- 
2.16.2

[Qemu-devel] [PULL 13/13] hw/arm/raspi: Provide spin-loop code for AArch64 CPUs

[Peter Maydell]

The raspi3 has AArch64 CPUs, which means that our smpboot
code for keeping the secondary CPUs in a pen needs to have
a version for A64 as well as A32. Without this, the
secondary CPUs go into an infinite loop of taking undefined
instruction exceptions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180313153458.26822-10-peter.maydell@linaro.org
---
 hw/arm/raspi.c | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index ae15997669..06f1e08ca9 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -27,6 +27,7 @@
 #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
 #define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */
 #define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */
+#define SPINTABLE_ADDR  0xd8 /* Pi 3 bootloader spintable */
 
 /* Table of Linux board IDs for different Pi versions */
 static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
@@ -63,6 +64,40 @@ static void write_smpboot(ARMCPU *cpu, const struct arm_boot_info *info)
                        info->smp_loader_start);
 }
 
+static void write_smpboot64(ARMCPU *cpu, const struct arm_boot_info *info)
+{
+    /* Unlike the AArch32 version we don't need to call the board setup hook.
+     * The mechanism for doing the spin-table is also entirely different.
+     * We must have four 64-bit fields at absolute addresses
+     * 0xd8, 0xe0, 0xe8, 0xf0 in RAM, which are the flag variables for
+     * our CPUs, and which we must ensure are zero initialized before
+     * the primary CPU goes into the kernel. We put these variables inside
+     * a rom blob, so that the reset for ROM contents zeroes them for us.
+     */
+    static const uint32_t smpboot[] = {
+        0xd2801b05, /*        mov     x5, 0xd8 */
+        0xd53800a6, /*        mrs     x6, mpidr_el1 */
+        0x924004c6, /*        and     x6, x6, #0x3 */
+        0xd503205f, /* spin:  wfe */
+        0xf86678a4, /*        ldr     x4, [x5,x6,lsl #3] */
+        0xb4ffffc4, /*        cbz     x4, spin */
+        0xd2800000, /*        mov     x0, #0x0 */
+        0xd2800001, /*        mov     x1, #0x0 */
+        0xd2800002, /*        mov     x2, #0x0 */
+        0xd2800003, /*        mov     x3, #0x0 */
+        0xd61f0080, /*        br      x4 */
+    };
+
+    static const uint64_t spintables[] = {
+        0, 0, 0, 0
+    };
+
+    rom_add_blob_fixed("raspi_smpboot", smpboot, sizeof(smpboot),
+                       info->smp_loader_start);
+    rom_add_blob_fixed("raspi_spintables", spintables, sizeof(spintables),
+                       SPINTABLE_ADDR);
+}
+
 static void write_board_setup(ARMCPU *cpu, const struct arm_boot_info *info)
 {
     arm_write_secure_board_setup_dummy_smc(cpu, info, MVBAR_ADDR);
@@ -99,7 +134,11 @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
     /* Pi2 and Pi3 requires SMP setup */
     if (version >= 2) {
         binfo.smp_loader_start = SMPBOOT_ADDR;
-        binfo.write_secondary_boot = write_smpboot;
+        if (version == 2) {
+            binfo.write_secondary_boot = write_smpboot;
+        } else {
+            binfo.write_secondary_boot = write_smpboot64;
+        }
         binfo.secondary_cpu_reset_hook = reset_secondary;
     }
 
-- 
2.16.2

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 19 March 2018 at 18:34, Peter Maydell <peter.maydell@linaro.org> wrote:
> Arm patch queue -- these are all bug fix patches but we might
> as well put them in to rc0...
>
> thanks
> -- PMM
>
> The following changes since commit 2c8cfc0b52b5a4d123c26c0b5fdf941be24805be:
>
>   Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-03-19 11:44:26 +0000)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180319
>
> for you to fetch changes up to ff72cb6b46b95bb530787add5277c211af3d31c6:
>
>   hw/arm/raspi: Provide spin-loop code for AArch64 CPUs (2018-03-19 18:23:24 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fsl-imx6: Fix incorrect Ethernet interrupt defines
>  * dump: Update correct kdump phys_base field for AArch64
>  * char: i.MX: Add support for "TX complete" interrupt
>  * bcm2836/raspi: Fix various bugs resulting in panics trying
>    to boot a Debian Linux kernel on raspi3
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 12 October 2017 at 17:03, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue:
>  * mostly my latest v8M stuff, plus a couple of minor patches
>
> The following changes since commit a0b261db8c030813e30a39eae47359ac2a37f7e2:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging (2017-10-12 10:02:09 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171012
>
> for you to fetch changes up to cf5f7937b05c84d5565134f058c00cd48304a117:
>
>   nvic: Fix miscalculation of offsets into ITNS array (2017-10-12 16:33:16 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * v8M: SG, BLXNS, secure-return
>  * v8M: fixes for coverity issues in previous patches
>  * arm: fix armv7m_init() declaration to match definition
>  * watchdog/aspeed: fix variable type to store reload value
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

target-arm queue:
 * mostly my latest v8M stuff, plus a couple of minor patches

The following changes since commit a0b261db8c030813e30a39eae47359ac2a37f7e2:

  Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging (2017-10-12 10:02:09 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171012

for you to fetch changes up to cf5f7937b05c84d5565134f058c00cd48304a117:

  nvic: Fix miscalculation of offsets into ITNS array (2017-10-12 16:33:16 +0100)

----------------------------------------------------------------
target-arm queue:
 * v8M: SG, BLXNS, secure-return
 * v8M: fixes for coverity issues in previous patches
 * arm: fix armv7m_init() declaration to match definition
 * watchdog/aspeed: fix variable type to store reload value

----------------------------------------------------------------
Cédric Le Goater (1):
      watchdog/aspeed: fix variable type to store reload value

Igor Mammedov (1):
      arm: fix armv7m_init() declaration to match definition

Peter Maydell (11):
      target/arm: Add M profile secure MMU index values to get_a32_user_mem_index()
      target/arm: Implement SG instruction
      target/arm: Implement BLXNS
      target/arm: Implement secure function return
      target-arm: Don't check for "Thumb2 or M profile" for not-Thumb1
      target/arm: Pull Thumb insn word loads up to top level
      target-arm: Simplify insn_crosses_page()
      target/arm: Support some Thumb insns being always unconditional
      target/arm: Implement SG instruction corner cases
      nvic: Add missing 'break'
      nvic: Fix miscalculation of offsets into ITNS array

 include/hw/arm/arm.h     |   2 +-
 target/arm/helper.h      |   1 +
 target/arm/internals.h   |   8 ++
 hw/intc/armv7m_nvic.c    |   5 +-
 hw/watchdog/wdt_aspeed.c |   4 +-
 target/arm/helper.c      | 306 ++++++++++++++++++++++++++++++++++++++++++++--
 target/arm/translate.c   | 310 ++++++++++++++++++++++++++++++++---------------
 7 files changed, 521 insertions(+), 115 deletions(-)

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PULL 00/13] target-arm queue
Message-id: 1486492645-27803-1-git-send-email-peter.maydell@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/1486454676-29112-1-git-send-email-bharata@linux.vnet.ibm.com -> patchew/1486454676-29112-1-git-send-email-bharata@linux.vnet.ibm.com
 * [new tag]         patchew/1486492645-27803-1-git-send-email-peter.maydell@linaro.org -> patchew/1486492645-27803-1-git-send-email-peter.maydell@linaro.org
 - [tag update]      patchew/20170203160651.19917-1-dgilbert@redhat.com -> patchew/20170203160651.19917-1-dgilbert@redhat.com
 - [tag update]      patchew/20170206112953.16993-1-berrange@redhat.com -> patchew/20170206112953.16993-1-berrange@redhat.com
 - [tag update]      patchew/20170207135211.15870-1-marcandre.lureau@redhat.com -> patchew/20170207135211.15870-1-marcandre.lureau@redhat.com
Switched to a new branch 'test'
42d6adc stellaris: Use the 'unimplemented' device for parts we don't implement
437dc39 hw/misc: New "unimplemented" sysbus device
cf763a0 stellaris: Document memory map and which SoC devices are unimplemented
f9d8179 target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
9a7aa9e target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
9d362c5 arm: Correctly handle watchpoints for BE32 CPUs
a454865 Fix Thumb-1 BE32 execution and disassembly.
753a1d2 target/arm: Add cfgend parameter for ARM CPU selection.
7ddb3c4 hw/arm/integratorcp: Support specifying features via -cpu
49b034d sd: sdhci: check data length during dma_memory_read
0ae81e4 aspeed: add a watchdog controller
d7e9de5 wdt: Add Aspeed watchdog device model
e677809 integratorcp: adding vmstate for save/restore

=== OUTPUT BEGIN ===
Checking PATCH 1/13: integratorcp: adding vmstate for save/restore...
Checking PATCH 2/13: wdt: Add Aspeed watchdog device model...
Checking PATCH 3/13: aspeed: add a watchdog controller...
Checking PATCH 4/13: sd: sdhci: check data length during dma_memory_read...
Checking PATCH 5/13: hw/arm/integratorcp: Support specifying features via -cpu...
Checking PATCH 6/13: target/arm: Add cfgend parameter for ARM CPU selection....
Checking PATCH 7/13: Fix Thumb-1 BE32 execution and disassembly....
ERROR: code indent should never use tabs
#44: FILE: include/disas/bfd.h:298:
+#define INSN_ARM_BE32^I0x00010000$

total: 1 errors, 0 warnings, 77 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 8/13: arm: Correctly handle watchpoints for BE32 CPUs...
ERROR: space prohibited between function name and open parenthesis '('
#49: FILE: include/qom/cpu.h:200:
+    vaddr (*adjust_watchpoint_address)(CPUState *cpu, vaddr addr, int len);

total: 1 errors, 0 warnings, 88 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/13: target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode...
Checking PATCH 10/13: target/arm: A32, T32: Create Instruction Syndromes for Data Aborts...
Checking PATCH 11/13: stellaris: Document memory map and which SoC devices are unimplemented...
Checking PATCH 12/13: hw/misc: New "unimplemented" sysbus device...
Checking PATCH 13/13: stellaris: Use the 'unimplemented' device for parts we don't implement...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 7 February 2017 at 18:37, Peter Maydell <peter.maydell@linaro.org> wrote:
> A random mix of items here, nothing very major.
>
> thanks
> -- PMM
>
>
> The following changes since commit d0dff238a87fa81393ed72754d4dc8b09e50b08b:
>
>   Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' into staging (2017-02-07 15:29:26 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170207
>
> for you to fetch changes up to 7727b832886fafbdec7299eb7773dc9071bf4cdd:
>
>   stellaris: Use the 'unimplemented' device for parts we don't implement (2017-02-07 18:30:00 +0000)
>
> ----------------------------------------------------------------
> target-arm:
>  * new "unimplemented" device for stubbing out devices in a
>    system model so accesses can be logged
>  * stellaris: document the SoC memory map
>  * arm: create instruction syndromes for AArch32 data aborts
>  * arm: Correctly handle watchpoints for BE32 CPUs
>  * Fix Thumb-1 BE32 execution and disassembly
>  * arm: Add cfgend parameter for ARM CPU selection
>  * sd: sdhci: check data length during dma_memory_read
>  * aspeed: add a watchdog controller
>  * integratorcp: adding vmstate for save/restore

Clang complains about unused functions; will squash in:

diff --git a/target/arm/translate.c b/target/arm/translate.c
index a14f74c..4436d8f 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -982,7 +982,7 @@ static inline void
gen_aa32_ld##SUFF##_iss(DisasContext *s,              \
                                            TCGv_i32 a32, int index,      \
                                            ISSInfo issinfo)              \
 {                                                                        \
-    gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);               \
+    gen_aa32_ld##SUFF(s, val, a32, index);                               \
     disas_set_da_iss(s, OPC, issinfo);                                   \
 }

@@ -997,7 +997,7 @@ static inline void
gen_aa32_st##SUFF##_iss(DisasContext *s,              \
                                            TCGv_i32 a32, int index,      \
                                            ISSInfo issinfo)              \
 {                                                                        \
-    gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);               \
+    gen_aa32_st##SUFF(s, val, a32, index);                               \
     disas_set_da_iss(s, OPC, issinfo | ISSIsWrite);                      \
 }


(which avoids the problem by having the _iss() versions of the
function call the non-iss versions rather than duplicating
their function body; seems like better code anyway.)

thanks
-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

A random mix of items here, nothing very major.

thanks
-- PMM


The following changes since commit d0dff238a87fa81393ed72754d4dc8b09e50b08b:

  Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' into staging (2017-02-07 15:29:26 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170207

for you to fetch changes up to 7727b832886fafbdec7299eb7773dc9071bf4cdd:

  stellaris: Use the 'unimplemented' device for parts we don't implement (2017-02-07 18:30:00 +0000)

----------------------------------------------------------------
target-arm:
 * new "unimplemented" device for stubbing out devices in a
   system model so accesses can be logged
 * stellaris: document the SoC memory map
 * arm: create instruction syndromes for AArch32 data aborts
 * arm: Correctly handle watchpoints for BE32 CPUs
 * Fix Thumb-1 BE32 execution and disassembly
 * arm: Add cfgend parameter for ARM CPU selection
 * sd: sdhci: check data length during dma_memory_read
 * aspeed: add a watchdog controller
 * integratorcp: adding vmstate for save/restore

----------------------------------------------------------------
Cédric Le Goater (2):
      wdt: Add Aspeed watchdog device model
      aspeed: add a watchdog controller

Julian Brown (4):
      hw/arm/integratorcp: Support specifying features via -cpu
      target/arm: Add cfgend parameter for ARM CPU selection.
      Fix Thumb-1 BE32 execution and disassembly.
      arm: Correctly handle watchpoints for BE32 CPUs

Pavel Dovgalyuk (1):
      integratorcp: adding vmstate for save/restore

Peter Maydell (5):
      target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
      target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
      stellaris: Document memory map and which SoC devices are unimplemented
      hw/misc: New "unimplemented" sysbus device
      stellaris: Use the 'unimplemented' device for parts we don't implement

Prasad J Pandit (1):
      sd: sdhci: check data length during dma_memory_read

 hw/misc/Makefile.objs            |   2 +
 hw/watchdog/Makefile.objs        |   1 +
 include/disas/bfd.h              |   7 ++
 include/hw/arm/aspeed_soc.h      |   2 +
 include/hw/misc/unimp.h          |  39 +++++++
 include/hw/watchdog/wdt_aspeed.h |  32 ++++++
 include/qom/cpu.h                |   3 +
 target/arm/arm_ldst.h            |  10 +-
 target/arm/cpu.h                 |   7 ++
 target/arm/internals.h           |   5 +
 target/arm/translate.h           |  14 +++
 disas.c                          |   1 +
 exec.c                           |   1 +
 hw/arm/aspeed_soc.c              |  13 +++
 hw/arm/integratorcp.c            |  78 +++++++++++++-
 hw/arm/stellaris.c               |  48 +++++++++
 hw/misc/unimp.c                  | 107 +++++++++++++++++++
 hw/sd/sdhci.c                    |   2 +-
 hw/watchdog/wdt_aspeed.c         | 225 +++++++++++++++++++++++++++++++++++++++
 qom/cpu.c                        |   6 ++
 target/arm/cpu.c                 |  39 +++++++
 target/arm/op_helper.c           |  22 ++++
 target/arm/translate-a64.c       |  14 ---
 target/arm/translate.c           | 193 ++++++++++++++++++++++++---------
 24 files changed, 801 insertions(+), 70 deletions(-)
 create mode 100644 include/hw/misc/unimp.h
 create mode 100644 include/hw/watchdog/wdt_aspeed.h
 create mode 100644 hw/misc/unimp.c
 create mode 100644 hw/watchdog/wdt_aspeed.c

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 3 November 2015 at 14:13, Peter Maydell <peter.maydell@linaro.org> wrote:
> Here's the target-arm queue for 2.5: a few minor cleanups, one or
> two small new features, and a pile of bug fixes.
>
> Still on my to-review list for 2.5:
>  * the breakpoint/singlestep fixes
>  * highbank boot blob patchset
>  * zynq ADC controller (maybe)
>
> so I expect to do another pullreq before rc0.
>
> thanks
> -- PMM
>
> The following changes since commit 130d0bc6594d0cc6591d00312841891b3c187b07:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20151103-1' into staging (2015-11-03 10:20:04 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151103
>
> for you to fetch changes up to 5d9c1756140d680e66e5b45005a1fb7078b74ee1:
>
>   ARM: ACPI: Fix MPIDR value in ACPI table (2015-11-03 13:49:42 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * code cleanup to use symbolic constants for register bank numbers
>  * fix direct booting of modern Linux kernels on xilinx_zynq by setting
>    SCLR values to what the kernel expects firmware to have done
>  * implement SYSRESETREQ for ARMv7M CPU (stellaris boards)
>  * update MAINTAINERS to mention new qemu-arm mailing list
>  * clean up display of PSTATE in AArch64 debug logs
>  * report Secure/Nonsecure status in CPU debug logs
>  * fix a missing _CCA attribute in ACPI tables
>  * add support for GICv3 to ACPI tables
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Here's the target-arm queue for 2.5: a few minor cleanups, one or
two small new features, and a pile of bug fixes.

Still on my to-review list for 2.5:
 * the breakpoint/singlestep fixes
 * highbank boot blob patchset
 * zynq ADC controller (maybe)

so I expect to do another pullreq before rc0.

thanks
-- PMM

The following changes since commit 130d0bc6594d0cc6591d00312841891b3c187b07:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20151103-1' into staging (2015-11-03 10:20:04 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151103

for you to fetch changes up to 5d9c1756140d680e66e5b45005a1fb7078b74ee1:

  ARM: ACPI: Fix MPIDR value in ACPI table (2015-11-03 13:49:42 +0000)

----------------------------------------------------------------
target-arm queue:
 * code cleanup to use symbolic constants for register bank numbers
 * fix direct booting of modern Linux kernels on xilinx_zynq by setting
   SCLR values to what the kernel expects firmware to have done
 * implement SYSRESETREQ for ARMv7M CPU (stellaris boards)
 * update MAINTAINERS to mention new qemu-arm mailing list
 * clean up display of PSTATE in AArch64 debug logs
 * report Secure/Nonsecure status in CPU debug logs
 * fix a missing _CCA attribute in ACPI tables
 * add support for GICv3 to ACPI tables

----------------------------------------------------------------
Graeme Gregory (1):
      hw/arm/virt-acpi-build: _CCA attribute is compulsory

Michael Davidsaver (3):
      armv7-m: Return DeviceState* from armv7m_init()
      armv7-m: Implement SYSRESETREQ
      arm: stellaris: exit on external reset request

Peter Crosthwaite (3):
      arm: boot: Adjust indentation of FIXUP comments
      arm: boot: Add board specific setup code API
      arm: xilinx_zynq: Add linux pre-boot

Peter Maydell (3):
      MAINTAINERS: Add new qemu-arm mailing list to ARM related entries
      target-arm: Bring AArch64 debug CPU display of PSTATE into line with AArch32
      target-arm: Report S/NS status in the CPU debug logs

Shannon Zhao (2):
      hw/arm/virt-acpi-build: Add GICC ACPI subtable for GICv3
      ARM: ACPI: Fix MPIDR value in ACPI table

Soren Brinkmann (1):
      target-arm: Add and use symbolic names for register banks

 MAINTAINERS                | 23 +++++++++++++++++++++++
 hw/arm/armv7m.c            |  9 ++-------
 hw/arm/boot.c              | 36 +++++++++++++++++++++++++++---------
 hw/arm/stellaris.c         | 41 ++++++++++++++++++++++++++++++-----------
 hw/arm/stm32f205_soc.c     | 15 ++++++++-------
 hw/arm/virt-acpi-build.c   | 33 +++++++++++++++++++--------------
 hw/arm/xilinx_zynq.c       | 42 ++++++++++++++++++++++++++++++++++++++++++
 hw/intc/armv7m_nvic.c      |  9 ++++++++-
 include/hw/arm/arm.h       | 12 +++++++++++-
 target-arm/helper.c        | 37 ++++++++++++++++++++++---------------
 target-arm/internals.h     | 16 +++++++++++++---
 target-arm/kvm32.c         | 34 +++++++++++++++++-----------------
 target-arm/op_helper.c     |  8 ++++----
 target-arm/translate-a64.c | 17 ++++++++++++++---
 target-arm/translate.c     | 12 +++++++++++-
 15 files changed, 251 insertions(+), 93 deletions(-)

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 16 October 2015 at 14:57, Peter Maydell <peter.maydell@linaro.org> wrote:
> Flushing the target-arm queue for softfreeze. I still have stuff
> in my to-review queue but it mostly looked too RFC-ish/otherwise
> not really 2.5 material, or just needs a bit more time on list for
> review.
>
> thanks
> -- PMM
>
>
>
> The following changes since commit c49d3411faae8ffaab8f7e5db47405a008411c10:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' into staging (2015-10-13 10:42:06 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151016
>
> for you to fetch changes up to 5d98bf8f38c17a348ab6e8af196088cd4953acd0:
>
>   target-arm: Fix CPU breakpoint handling (2015-10-16 14:48:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * break TBs after ISB instructions
>  * more support code for future implementation of EL2 and 64-bit EL3
>  * tell guest if KVM is enabled in SMBIOS version string
>  * implement OSLAR/OSLSR system registers
>  * provide better help text for Sharp PDA machine names
>  * rename imx25_pdk to imx25-pdk (since it has never been released
>    with the underscore-version name)
>  * fix MMIO writes in zynq_slcr
>  * implement MDCR_EL2
>  * virt: allow the guest to configure PCI BARs with zero PCI addresses
>  * fix breakpoint handling code
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Flushing the target-arm queue for softfreeze. I still have stuff
in my to-review queue but it mostly looked too RFC-ish/otherwise
not really 2.5 material, or just needs a bit more time on list for
review.

thanks
-- PMM



The following changes since commit c49d3411faae8ffaab8f7e5db47405a008411c10:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' into staging (2015-10-13 10:42:06 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151016

for you to fetch changes up to 5d98bf8f38c17a348ab6e8af196088cd4953acd0:

  target-arm: Fix CPU breakpoint handling (2015-10-16 14:48:56 +0100)

----------------------------------------------------------------
target-arm queue:
 * break TBs after ISB instructions
 * more support code for future implementation of EL2 and 64-bit EL3
 * tell guest if KVM is enabled in SMBIOS version string
 * implement OSLAR/OSLSR system registers
 * provide better help text for Sharp PDA machine names
 * rename imx25_pdk to imx25-pdk (since it has never been released
   with the underscore-version name)
 * fix MMIO writes in zynq_slcr
 * implement MDCR_EL2
 * virt: allow the guest to configure PCI BARs with zero PCI addresses
 * fix breakpoint handling code

----------------------------------------------------------------
Alexander Gordeev (1):
      hw/arm/virt: Allow zero address for PCI IO space

Andrew Jones (1):
      hw/arm/virt: smbios: inform guest of kvm

Davorin Mista (1):
      target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs

Peter Crosthwaite (2):
      arm: imx25-pdk: Fix machine name
      misc: zynq_slcr: Fix MMIO writes

Ryo ONODERA (1):
      target-arm: Provide model numbers for Sharp PDAs

Sergey Fedorov (4):
      target-arm: Add MDCR_EL2
      target-arm: implement arm_debug_target_el()
      target-arm: Fix GDB breakpoint handling
      target-arm: Fix CPU breakpoint handling

Sergey Sorokin (2):
      target-arm: Break the TB after ISB to execute self-modified code correctly
      target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL

Stefan Weil (1):
      target-arm: Add missing 'static' attribute

 hw/arm/collie.c            |  2 +-
 hw/arm/imx25_pdk.c         |  2 +-
 hw/arm/spitz.c             |  8 +++----
 hw/arm/tosa.c              |  2 +-
 hw/arm/virt.c              |  8 ++++++-
 hw/misc/zynq_slcr.c        |  8 +++----
 target-arm/cpu.h           | 30 +++++++++++++++++++----
 target-arm/helper.c        | 60 +++++++++++++++++++++++++++++++++++++++++-----
 target-arm/helper.h        |  2 ++
 target-arm/op_helper.c     | 35 ++++++++++++++++++---------
 target-arm/translate-a64.c | 25 ++++++++++++++-----
 target-arm/translate.c     | 36 ++++++++++++++++++++++------
 tests/ds1338-test.c        |  2 +-
 13 files changed, 173 insertions(+), 47 deletions(-)