[Qemu-devel] [PULL 00/13] target-arm queue

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Flushing the target-arm queue for softfreeze. I still have stuff
in my to-review queue but it mostly looked too RFC-ish/otherwise
not really 2.5 material, or just needs a bit more time on list for
review.

thanks
-- PMM



The following changes since commit c49d3411faae8ffaab8f7e5db47405a008411c10:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' into staging (2015-10-13 10:42:06 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151016

for you to fetch changes up to 5d98bf8f38c17a348ab6e8af196088cd4953acd0:

  target-arm: Fix CPU breakpoint handling (2015-10-16 14:48:56 +0100)

----------------------------------------------------------------
target-arm queue:
 * break TBs after ISB instructions
 * more support code for future implementation of EL2 and 64-bit EL3
 * tell guest if KVM is enabled in SMBIOS version string
 * implement OSLAR/OSLSR system registers
 * provide better help text for Sharp PDA machine names
 * rename imx25_pdk to imx25-pdk (since it has never been released
   with the underscore-version name)
 * fix MMIO writes in zynq_slcr
 * implement MDCR_EL2
 * virt: allow the guest to configure PCI BARs with zero PCI addresses
 * fix breakpoint handling code

----------------------------------------------------------------
Alexander Gordeev (1):
      hw/arm/virt: Allow zero address for PCI IO space

Andrew Jones (1):
      hw/arm/virt: smbios: inform guest of kvm

Davorin Mista (1):
      target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs

Peter Crosthwaite (2):
      arm: imx25-pdk: Fix machine name
      misc: zynq_slcr: Fix MMIO writes

Ryo ONODERA (1):
      target-arm: Provide model numbers for Sharp PDAs

Sergey Fedorov (4):
      target-arm: Add MDCR_EL2
      target-arm: implement arm_debug_target_el()
      target-arm: Fix GDB breakpoint handling
      target-arm: Fix CPU breakpoint handling

Sergey Sorokin (2):
      target-arm: Break the TB after ISB to execute self-modified code correctly
      target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL

Stefan Weil (1):
      target-arm: Add missing 'static' attribute

 hw/arm/collie.c            |  2 +-
 hw/arm/imx25_pdk.c         |  2 +-
 hw/arm/spitz.c             |  8 +++----
 hw/arm/tosa.c              |  2 +-
 hw/arm/virt.c              |  8 ++++++-
 hw/misc/zynq_slcr.c        |  8 +++----
 target-arm/cpu.h           | 30 +++++++++++++++++++----
 target-arm/helper.c        | 60 +++++++++++++++++++++++++++++++++++++++++-----
 target-arm/helper.h        |  2 ++
 target-arm/op_helper.c     | 35 ++++++++++++++++++---------
 target-arm/translate-a64.c | 25 ++++++++++++++-----
 target-arm/translate.c     | 36 ++++++++++++++++++++++------
 tests/ds1338-test.c        |  2 +-
 13 files changed, 173 insertions(+), 47 deletions(-)

[Qemu-devel] [PULL 01/13] target-arm: Add missing 'static' attribute

[Peter Maydell]

From: Stefan Weil <sw@weilnetz.de>

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1443213733-9807-1-git-send-email-sw@weilnetz.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 8367997..584f6df 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5194,7 +5194,7 @@ void switch_mode(CPUARMState *env, int mode)
  *        BIT IRQ     IMO      Non-secure         Secure
  *        EL3 FIQ  RW FMO   EL0 EL1 EL2 EL3   EL0 EL1 EL2 EL3
  */
-const int8_t target_el_table[2][2][2][2][2][4] = {
+static const int8_t target_el_table[2][2][2][2][2][4] = {
     {{{{/* 0   0   0   0 */{ 1,  1,  2, -1 },{ 3, -1, -1,  3 },},
        {/* 0   0   0   1 */{ 2,  2,  2, -1 },{ 3, -1, -1,  3 },},},
       {{/* 0   0   1   0 */{ 1,  1,  2, -1 },{ 3, -1, -1,  3 },},
-- 
1.9.1

[Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly

[Peter Maydell]

From: Sergey Sorokin <afarallax@yandex.ru>

If any store instruction writes the code inside the same TB
after this store insn, the execution of the TB must be stopped
to execute new code correctly.
As described in ARMv8 manual D3.4.6 self-modifying code must do an
IC invalidation to be valid, and an ISB after it. So it's enough to end
the TB after ISB instruction on the code translation.
Also this TB break is necessary to take any pending interrupts immediately
after an ISB (as required by ARMv8 ARM D1.14.4).

Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
[PMM: tweaked commit message and comments slightly]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c        |  6 +++++-
 target-arm/translate-a64.c |  8 +++++++-
 target-arm/translate.c     | 17 +++++++++++++++--
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 584f6df..b498670 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -657,8 +657,12 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
     { .name = "MVA_prefetch",
       .cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NOP },
+    /* We need to break the TB after ISB to execute self-modifying code
+     * correctly and also to take any pending interrupts immediately.
+     * So use arm_cp_write_ignore() function instead of ARM_CP_NOP flag.
+     */
     { .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
-      .access = PL0_W, .type = ARM_CP_NOP },
+      .access = PL0_W, .type = ARM_CP_NO_RAW, .writefn = arm_cp_write_ignore },
     { .name = "DSB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
       .access = PL0_W, .type = ARM_CP_NOP },
     { .name = "DMB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e65e309..a4580c0 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1230,9 +1230,15 @@ static void handle_sync(DisasContext *s, uint32_t insn,
         return;
     case 4: /* DSB */
     case 5: /* DMB */
-    case 6: /* ISB */
         /* We don't emulate caches so barriers are no-ops */
         return;
+    case 6: /* ISB */
+        /* We need to break the TB after this insn to execute
+         * a self-modified code correctly and also to take
+         * any pending interrupts immediately.
+         */
+        s->is_jmp = DISAS_UPDATE;
+        return;
     default:
         unallocated_encoding(s);
         return;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 22c3587..1273000 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7720,10 +7720,16 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 return;
             case 4: /* dsb */
             case 5: /* dmb */
-            case 6: /* isb */
                 ARCH(7);
                 /* We don't emulate caches so these are a no-op.  */
                 return;
+            case 6: /* isb */
+                /* We need to break the TB after this insn to execute
+                 * self-modifying code correctly and also to take
+                 * any pending interrupts immediately.
+                 */
+                gen_lookup_tb(s);
+                return;
             default:
                 goto illegal_op;
             }
@@ -10030,9 +10036,16 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
                             break;
                         case 4: /* dsb */
                         case 5: /* dmb */
-                        case 6: /* isb */
                             /* These execute as NOPs.  */
                             break;
+                        case 6: /* isb */
+                            /* We need to break the TB after this insn
+                             * to execute self-modifying code correctly
+                             * and also to take any pending interrupts
+                             * immediately.
+                             */
+                            gen_lookup_tb(s);
+                            break;
                         default:
                             goto illegal_op;
                         }
-- 
1.9.1

[Qemu-devel] [PULL 03/13] target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL

[Peter Maydell]

From: Sergey Sorokin <afarallax@yandex.ru>

It is incorrect to call arm_el_is_aa64() function for unimplemented EL.
This patch fixes several attempts to do so.

Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
[PMM: Reworked several of the comments to be more verbose.]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    | 11 ++++++++---
 target-arm/helper.c | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 493f9d0..5fb0479 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1016,11 +1016,11 @@ static inline bool access_secure_reg(CPUARMState *env)
  */
 #define A32_BANKED_CURRENT_REG_GET(_env, _regname)        \
     A32_BANKED_REG_GET((_env), _regname,                \
-                       ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))))
+                       (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)))
 
 #define A32_BANKED_CURRENT_REG_SET(_env, _regname, _val)                       \
     A32_BANKED_REG_SET((_env), _regname,                                    \
-                       ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))),  \
+                       (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)), \
                        (_val))
 
 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf);
@@ -1587,7 +1587,12 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
      * interrupt.
      */
     if ((target_el > cur_el) && (target_el != 1)) {
-        if (arm_el_is_aa64(env, 3) || ((scr || hcr) && (!secure))) {
+        /* ARM_FEATURE_AARCH64 enabled means the highest EL is AArch64.
+         * This code currently assumes that EL2 is not implemented
+         * (and so that highest EL will be 3 and the target_el also 3).
+         */
+        if (arm_feature(env, ARM_FEATURE_AARCH64) ||
+            ((scr || hcr) && (!secure))) {
             unmasked = 1;
         }
     }
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b498670..b2d78b0 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5224,11 +5224,22 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
                                  uint32_t cur_el, bool secure)
 {
     CPUARMState *env = cs->env_ptr;
-    int rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+    int rw;
     int scr;
     int hcr;
     int target_el;
-    int is64 = arm_el_is_aa64(env, 3);
+    /* Is the highest EL AArch64? */
+    int is64 = arm_feature(env, ARM_FEATURE_AARCH64);
+
+    if (arm_feature(env, ARM_FEATURE_EL3)) {
+        rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+    } else {
+        /* Either EL2 is the highest EL (and so the EL2 register width
+         * is given by is64); or there is no EL2 or EL3, in which case
+         * the value of 'rw' does not affect the table lookup anyway.
+         */
+        rw = is64;
+    }
 
     switch (excp_idx) {
     case EXCP_IRQ:
-- 
1.9.1

[Qemu-devel] [PULL 04/13] hw/arm/virt: smbios: inform guest of kvm

[Peter Maydell]

From: Andrew Jones <drjones@redhat.com>

ARM/AArch64 KVM guests don't have any way to identify
themselves as KVM guests (x86 guests use a CPUID leaf). Now, we
could discuss all sorts of reasons why guests shouldn't need to
know that, but then there's always some case where it'd be
nice... Anyway, now that we have SMBIOS tables in ARM guests,
it's easy for the guest to know that it's a QEMU instance. This
patch takes that one step further, also identifying KVM, when
appropriate. Again, we could debate why generally nothing
should care whether it's of type QEMU or QEMU/KVM, but again,
sometimes it's nice to know...

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Message-id: 1443017892-15567-1-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d25d6cf..5ac5178 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -884,12 +884,17 @@ static void virt_build_smbios(VirtGuestInfo *guest_info)
     FWCfgState *fw_cfg = guest_info->fw_cfg;
     uint8_t *smbios_tables, *smbios_anchor;
     size_t smbios_tables_len, smbios_anchor_len;
+    const char *product = "QEMU Virtual Machine";
 
     if (!fw_cfg) {
         return;
     }
 
-    smbios_set_defaults("QEMU", "QEMU Virtual Machine",
+    if (kvm_enabled()) {
+        product = "KVM Virtual Machine";
+    }
+
+    smbios_set_defaults("QEMU", product,
                         "1.0", false, true, SMBIOS_ENTRY_POINT_30);
 
     smbios_get_tables(NULL, 0, &smbios_tables, &smbios_tables_len,
-- 
1.9.1

[Qemu-devel] [PULL 05/13] target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs

[Peter Maydell]

From: Davorin Mista <davorin.mista@aggios.com>

Added oslar_write function to OSLAR_EL1 sysreg, using a status variable
in ARMCPUState.cp15 struct (oslsr_el1). This variable is also linked
to the newly added read-only OSLSR_EL1 register.

Linux reads from this register during its suspend/resume procedure.

Signed-off-by: Davorin Mista <davorin.mista@aggios.com>
[PMM: folded a long line and tweaked a comment]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |  1 +
 target-arm/helper.c | 25 +++++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 5fb0479..d1b5bc1 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -379,6 +379,7 @@ typedef struct CPUARMState {
         uint64_t dbgwvr[16]; /* watchpoint value registers */
         uint64_t dbgwcr[16]; /* watchpoint control registers */
         uint64_t mdscr_el1;
+        uint64_t oslsr_el1; /* OS Lock Status */
         /* If the counter is enabled, this stores the last time the counter
          * was reset. Otherwise it stores the counter value
          */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b2d78b0..403a30e 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3568,6 +3568,23 @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri)
     return CP_ACCESS_OK;
 }
 
+static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                        uint64_t value)
+{
+    /* Writes to OSLAR_EL1 may update the OS lock status, which can be
+     * read via a bit in OSLSR_EL1.
+     */
+    int oslock;
+
+    if (ri->state == ARM_CP_STATE_AA32) {
+        oslock = (value == 0xC5ACCE55);
+    } else {
+        oslock = value & 1;
+    }
+
+    env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
+}
+
 static const ARMCPRegInfo debug_cp_reginfo[] = {
     /* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
      * debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
@@ -3596,10 +3613,14 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
       .type = ARM_CP_ALIAS,
       .access = PL1_R,
       .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
-    /* We define a dummy WI OSLAR_EL1, because Linux writes to it. */
     { .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
       .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
-      .access = PL1_W, .type = ARM_CP_NOP },
+      .access = PL1_W, .type = ARM_CP_NO_RAW,
+      .writefn = oslar_write },
+    { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
+      .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
+      .access = PL1_R, .resetvalue = 10,
+      .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
     /* Dummy OSDLR_EL1: 32-bit Linux will read this */
     { .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
       .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
-- 
1.9.1

[Qemu-devel] [PULL 06/13] target-arm: Provide model numbers for Sharp PDAs

[Peter Maydell]

From: Ryo ONODERA <ryo_on@yk.rim.or.jp>

* For Collie, Akita, Spitz, Borzoi, Terrier and Tosa PDAs, provide
  model numbers and manufacturer (Sharp) information.

Signed-off-by: Ryo ONODERA <ryo_on@yk.rim.or.jp>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/collie.c | 2 +-
 hw/arm/spitz.c  | 8 ++++----
 hw/arm/tosa.c   | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index 4e6541e..9991c0c 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -60,7 +60,7 @@ static void collie_init(MachineState *machine)
 
 static void collie_machine_init(MachineClass *mc)
 {
-    mc->desc = "Collie PDA (SA-1110)";
+    mc->desc = "Sharp SL-5500 (Collie) PDA (SA-1110)";
     mc->init = collie_init;
 }
 
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index 2af03be..8d3cc0b 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -976,7 +976,7 @@ static void akitapda_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
-    mc->desc = "Akita PDA (PXA270)";
+    mc->desc = "Sharp SL-C1000 (Akita) PDA (PXA270)";
     mc->init = akita_init;
 }
 
@@ -990,7 +990,7 @@ static void spitzpda_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
-    mc->desc = "Spitz PDA (PXA270)";
+    mc->desc = "Sharp SL-C3000 (Spitz) PDA (PXA270)";
     mc->init = spitz_init;
 }
 
@@ -1004,7 +1004,7 @@ static void borzoipda_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
-    mc->desc = "Borzoi PDA (PXA270)";
+    mc->desc = "Sharp SL-C3100 (Borzoi) PDA (PXA270)";
     mc->init = borzoi_init;
 }
 
@@ -1018,7 +1018,7 @@ static void terrierpda_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
-    mc->desc = "Terrier PDA (PXA270)";
+    mc->desc = "Sharp SL-C3200 (Terrier) PDA (PXA270)";
     mc->init = terrier_init;
 }
 
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 51d0b89..02814d7 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -254,7 +254,7 @@ static void tosa_init(MachineState *machine)
 
 static void tosapda_machine_init(MachineClass *mc)
 {
-    mc->desc = "Tosa PDA (PXA255)";
+    mc->desc = "Sharp SL-6000 (Tosa) PDA (PXA255)";
     mc->init = tosa_init;
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 07/13] arm: imx25-pdk: Fix machine name

[Peter Maydell]

From: Peter Crosthwaite <crosthwaitepeter@gmail.com>

ARM uses dashes instead of underscores for machine names. Fix imx25_pdk
which has not seen a release yet (so there is no legacy yet).

Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1444445785-3648-1-git-send-email-crosthwaite.peter@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Added change to tests/ds1338-test.c to use new machine name]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/imx25_pdk.c  | 2 +-
 tests/ds1338-test.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/imx25_pdk.c b/hw/arm/imx25_pdk.c
index 4250114..59a4c11 100644
--- a/hw/arm/imx25_pdk.c
+++ b/hw/arm/imx25_pdk.c
@@ -151,4 +151,4 @@ static void imx25_pdk_machine_init(MachineClass *mc)
     mc->init = imx25_pdk_init;
 }
 
-DEFINE_MACHINE("imx25_pdk", imx25_pdk_machine_init)
+DEFINE_MACHINE("imx25-pdk", imx25_pdk_machine_init)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
index a7fb415..7d513d8 100644
--- a/tests/ds1338-test.c
+++ b/tests/ds1338-test.c
@@ -61,7 +61,7 @@ int main(int argc, char **argv)
 
     g_test_init(&argc, &argv, NULL);
 
-    s = qtest_start("-display none -machine imx25_pdk");
+    s = qtest_start("-display none -machine imx25-pdk");
     i2c = imx_i2c_create(IMX25_I2C_0_BASE);
     addr = DS1338_ADDR;
 
-- 
1.9.1

[Qemu-devel] [PULL 08/13] misc: zynq_slcr: Fix MMIO writes

[Peter Maydell]

From: Peter Crosthwaite <crosthwaitepeter@gmail.com>

The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.

While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.

Cc: qemu-stable@nongnu.org
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/misc/zynq_slcr.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
index 964f253..3d78708 100644
--- a/hw/misc/zynq_slcr.c
+++ b/hw/misc/zynq_slcr.c
@@ -393,12 +393,12 @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
         return;
     }
 
-    if (!s->regs[LOCKSTA]) {
-        s->regs[offset / 4] = val;
-    } else {
-        DB_PRINT("SCLR registers are locked. Unlock them first\n");
+    if (s->regs[LOCKSTA]) {
+        qemu_log_mask(LOG_GUEST_ERROR,
+                      "SCLR registers are locked. Unlock them first\n");
         return;
     }
+    s->regs[offset] = val;
 
     switch (offset) {
     case PSS_RST_CTRL:
-- 
1.9.1

[Qemu-devel] [PULL 09/13] target-arm: Add MDCR_EL2

[Peter Maydell]

From: Sergey Fedorov <serge.fdrv@gmail.com>

Add the MDCR_EL2 register. We don't implement any of
the debug-related traps this register controls yet, so
currently it simply reads back as written.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1444383794-16767-1-git-send-email-serge.fdrv@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked commit message; moved non-dummy definition from
debug_cp_reginfo to el2_cp_reginfo.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |  1 +
 target-arm/helper.c | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index d1b5bc1..e555122 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -380,6 +380,7 @@ typedef struct CPUARMState {
         uint64_t dbgwcr[16]; /* watchpoint control registers */
         uint64_t mdscr_el1;
         uint64_t oslsr_el1; /* OS Lock Status */
+        uint64_t mdcr_el2;
         /* If the counter is enabled, this stores the last time the counter
          * was reset. Otherwise it stores the counter value
          */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 403a30e..e7fda37 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3227,6 +3227,9 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
     { .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 1,
       .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
     REGINFO_SENTINEL
 };
 
@@ -3448,6 +3451,15 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .resetvalue = 0,
       .writefn = gt_hyp_ctl_write, .raw_writefn = raw_write },
 #endif
+    /* The only field of MDCR_EL2 that has a defined architectural reset value
+     * is MDCR_EL2.HPMN which should reset to the value of PMCR_EL0.N; but we
+     * don't impelment any PMU event counters, so using zero as a reset
+     * value for MDCR_EL2 is okay
+     */
+    { .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1,
+      .access = PL2_RW, .resetvalue = 0,
+      .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el2), },
     REGINFO_SENTINEL
 };
 
-- 
1.9.1

[Qemu-devel] [PULL 10/13] hw/arm/virt: Allow zero address for PCI IO space

[Peter Maydell]

From: Alexander Gordeev <agordeev@redhat.com>

Currently PCI IO address 0 is not allowed even though
the IO space starts from 0. This update makes  PCI IO
address 0 usable.

CC: Peter Maydell <peter.maydell@linaro.org>
CC: Andrew Jones <drjones@redhat.com>
Signed-off-by: Alexander Gordeev <agordeev@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 5ac5178..4e7160c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1162,6 +1162,7 @@ static void virt_class_init(ObjectClass *oc, void *data)
     mc->has_dynamic_sysbus = true;
     mc->block_default_type = IF_VIRTIO;
     mc->no_cdrom = 1;
+    mc->pci_allow_0_address = true;
 }
 
 static const TypeInfo machvirt_info = {
-- 
1.9.1

[Qemu-devel] [PULL 11/13] target-arm: implement arm_debug_target_el()

[Peter Maydell]

From: Sergey Fedorov <serge.fdrv@gmail.com>

Implement debug exception routing according to ARM ARM D2.3.1 Pseudocode
description of routing debug exceptions.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index e555122..3daa7f5 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1702,7 +1702,22 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
  */
 static inline int arm_debug_target_el(CPUARMState *env)
 {
-    return 1;
+    bool secure = arm_is_secure(env);
+    bool route_to_el2 = false;
+
+    if (arm_feature(env, ARM_FEATURE_EL2) && !secure) {
+        route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
+                       env->cp15.mdcr_el2 & (1 << 8);
+    }
+
+    if (route_to_el2) {
+        return 2;
+    } else if (arm_feature(env, ARM_FEATURE_EL3) &&
+               !arm_el_is_aa64(env, 3) && secure) {
+        return 3;
+    } else {
+        return 1;
+    }
 }
 
 static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
-- 
1.9.1

[Qemu-devel] [PULL 12/13] target-arm: Fix GDB breakpoint handling

[Peter Maydell]

From: Sergey Fedorov <serge.fdrv@gmail.com>

GDB breakpoints have higher priority so they have to be checked first.
Should GDB breakpoint match, just return from the debug exception
handler.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/op_helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 1425a1d..67b18c0 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -897,6 +897,12 @@ void arm_debug_excp_handler(CPUState *cs)
             }
         }
     } else {
+        uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
+
+        if (cpu_breakpoint_test(cs, pc, BP_GDB)) {
+            return;
+        }
+
         if (check_breakpoints(cpu)) {
             bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
             if (extended_addresses_enabled(env)) {
-- 
1.9.1

[Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling

[Peter Maydell]

From: Sergey Fedorov <serge.fdrv@gmail.com>

A QEMU breakpoint match is not definitely an architectural breakpoint
match. If an exception is generated unconditionally during translation,
it is hardly possible to ignore it in the debug exception handler.

Generate a call to a helper to check CPU breakpoints and raise an
exception only if any breakpoint matches architecturally.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.h        |  2 ++
 target-arm/op_helper.c     | 29 ++++++++++++++++++-----------
 target-arm/translate-a64.c | 17 ++++++++++++-----
 target-arm/translate.c     | 19 ++++++++++++++-----
 4 files changed, 46 insertions(+), 21 deletions(-)

diff --git a/target-arm/helper.h b/target-arm/helper.h
index 827b33d..c2a85c7 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -54,6 +54,8 @@ DEF_HELPER_1(yield, void, env)
 DEF_HELPER_1(pre_hvc, void, env)
 DEF_HELPER_2(pre_smc, void, env, i32)
 
+DEF_HELPER_1(check_breakpoints, void, env)
+
 DEF_HELPER_3(cpsr_write, void, env, i32, i32)
 DEF_HELPER_1(cpsr_read, i32, env)
 
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 67b18c0..7929c71 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -867,6 +867,15 @@ static bool check_breakpoints(ARMCPU *cpu)
     return false;
 }
 
+void HELPER(check_breakpoints)(CPUARMState *env)
+{
+    ARMCPU *cpu = arm_env_get_cpu(env);
+
+    if (check_breakpoints(cpu)) {
+        HELPER(exception_internal(env, EXCP_DEBUG));
+    }
+}
+
 void arm_debug_excp_handler(CPUState *cs)
 {
     /* Called by core code when a watchpoint or breakpoint fires;
@@ -898,23 +907,21 @@ void arm_debug_excp_handler(CPUState *cs)
         }
     } else {
         uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
+        bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
 
         if (cpu_breakpoint_test(cs, pc, BP_GDB)) {
             return;
         }
 
-        if (check_breakpoints(cpu)) {
-            bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
-            if (extended_addresses_enabled(env)) {
-                env->exception.fsr = (1 << 9) | 0x22;
-            } else {
-                env->exception.fsr = 0x2;
-            }
-            /* FAR is UNKNOWN, so doesn't need setting */
-            raise_exception(env, EXCP_PREFETCH_ABORT,
-                            syn_breakpoint(same_el),
-                            arm_debug_target_el(env));
+        if (extended_addresses_enabled(env)) {
+            env->exception.fsr = (1 << 9) | 0x22;
+        } else {
+            env->exception.fsr = 0x2;
         }
+        /* FAR is UNKNOWN, so doesn't need setting */
+        raise_exception(env, EXCP_PREFETCH_ABORT,
+                        syn_breakpoint(same_el),
+                        arm_debug_target_el(env));
     }
 }
 
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a4580c0..19f9d8d 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11090,11 +11090,18 @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb)
             CPUBreakpoint *bp;
             QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
                 if (bp->pc == dc->pc) {
-                    gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
-                    /* Advance PC so that clearing the breakpoint will
-                       invalidate this TB.  */
-                    dc->pc += 2;
-                    goto done_generating;
+                    if (bp->flags & BP_CPU) {
+                        gen_helper_check_breakpoints(cpu_env);
+                        /* End the TB early; it likely won't be executed */
+                        dc->is_jmp = DISAS_UPDATE;
+                    } else {
+                        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+                        /* Advance PC so that clearing the breakpoint will
+                           invalidate this TB.  */
+                        dc->pc += 4;
+                        goto done_generating;
+                    }
+                    break;
                 }
             }
         }
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 1273000..9f1d740 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11342,11 +11342,20 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
             CPUBreakpoint *bp;
             QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
                 if (bp->pc == dc->pc) {
-                    gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
-                    /* Advance PC so that clearing the breakpoint will
-                       invalidate this TB.  */
-                    dc->pc += 2;
-                    goto done_generating;
+                    if (bp->flags & BP_CPU) {
+                        gen_helper_check_breakpoints(cpu_env);
+                        /* End the TB early; it's likely not going to be executed */
+                        dc->is_jmp = DISAS_UPDATE;
+                    } else {
+                        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+                        /* Advance PC so that clearing the breakpoint will
+                           invalidate this TB.  */
+                        /* TODO: Advance PC by correct instruction length to
+                         * avoid disassembler error messages */
+                        dc->pc += 2;
+                        goto done_generating;
+                    }
+                    break;
                 }
             }
         }
-- 
1.9.1

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 16 October 2015 at 14:57, Peter Maydell <peter.maydell@linaro.org> wrote:
> Flushing the target-arm queue for softfreeze. I still have stuff
> in my to-review queue but it mostly looked too RFC-ish/otherwise
> not really 2.5 material, or just needs a bit more time on list for
> review.
>
> thanks
> -- PMM
>
>
>
> The following changes since commit c49d3411faae8ffaab8f7e5db47405a008411c10:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' into staging (2015-10-13 10:42:06 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151016
>
> for you to fetch changes up to 5d98bf8f38c17a348ab6e8af196088cd4953acd0:
>
>   target-arm: Fix CPU breakpoint handling (2015-10-16 14:48:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * break TBs after ISB instructions
>  * more support code for future implementation of EL2 and 64-bit EL3
>  * tell guest if KVM is enabled in SMBIOS version string
>  * implement OSLAR/OSLSR system registers
>  * provide better help text for Sharp PDA machine names
>  * rename imx25_pdk to imx25-pdk (since it has never been released
>    with the underscore-version name)
>  * fix MMIO writes in zynq_slcr
>  * implement MDCR_EL2
>  * virt: allow the guest to configure PCI BARs with zero PCI addresses
>  * fix breakpoint handling code
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling

[Sergey Fedorov]

On 16.10.2015 16:58, Peter Maydell wrote:
> From: Sergey Fedorov <serge.fdrv@gmail.com>
>
> A QEMU breakpoint match is not definitely an architectural breakpoint
> match. If an exception is generated unconditionally during translation,
> it is hardly possible to ignore it in the debug exception handler.
>
> Generate a call to a helper to check CPU breakpoints and raise an
> exception only if any breakpoint matches architecturally.
>
> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target-arm/helper.h        |  2 ++
>  target-arm/op_helper.c     | 29 ++++++++++++++++++-----------
>  target-arm/translate-a64.c | 17 ++++++++++++-----
>  target-arm/translate.c     | 19 ++++++++++++++-----
>  4 files changed, 46 insertions(+), 21 deletions(-)
>
(snip)
> diff --git a/target-arm/translate.c b/target-arm/translate.c
> index 1273000..9f1d740 100644
> --- a/target-arm/translate.c
> +++ b/target-arm/translate.c
> @@ -11342,11 +11342,20 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
>              CPUBreakpoint *bp;
>              QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
>                  if (bp->pc == dc->pc) {
> -                    gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
> -                    /* Advance PC so that clearing the breakpoint will
> -                       invalidate this TB.  */
> -                    dc->pc += 2;
> -                    goto done_generating;
> +                    if (bp->flags & BP_CPU) {
> +                        gen_helper_check_breakpoints(cpu_env);
> +                        /* End the TB early; it's likely not going to be executed */
> +                        dc->is_jmp = DISAS_UPDATE;
> +                    } else {
> +                        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
> +                        /* Advance PC so that clearing the breakpoint will
> +                           invalidate this TB.  */
> +                        /* TODO: Advance PC by correct instruction length to
> +                         * avoid disassembler error messages */
> +                        dc->pc += 2;
> +                        goto done_generating;
> +                    }
> +                    break;
>                  }
>              }
>          }

It turns out that this change introduced an issue which can be
illustrated by the following test:

cat >test.s <<EOF
.text
.global _start
_start:
adr r0, bp
mcr p14, 0, r0, c0, c0, 4 // DBGBVR0
mov r0, #1
orr r0, r0, #(0xf << 5)
mcr p14, 0, r0, c0, c0, 5 // DBGBCR0
bp:
nop
wfi
b .
EOF

arm-linux-gnueabi-as -o test.o test.s
arm-linux-gnueabi-ld -Ttext=0x40000000 -o test.elf test.o
./qemu-system-arm -nographic -machine virt -cpu cortex-a15 -kernel \
test.elf -D qemu.log -d in_asm,exec -singlestep

Actually, that is the same test as in
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02715.html but
for AArch32.

Running this test QEMU hangs executing code at the address where
breakpoint is set:

----------------
IN:
0x40000000:  e28f000c      add  r0, pc, #12     ; 0xc

Trace 0x7f7c8bdc0028 [40000000]
----------------
IN:
0x40000004:  ee000e90      mcr  14, 0, r0, cr0, cr0, {4}

Trace 0x7f7c8bdc0070 [40000004]
----------------
IN:
0x40000008:  e3a00001      mov  r0, #1  ; 0x1

Trace 0x7f7c8bdc00b0 [40000008]
----------------
IN:
0x4000000c:  e3800e1e      orr  r0, r0, #480    ; 0x1e0

Trace 0x7f7c8bdc00f0 [4000000c]
----------------
IN:
0x40000010:  ee000eb0      mcr  14, 0, r0, cr0, cr0, {5}

Trace 0x7f7c8bdc0140 [40000010]
----------------
IN:
0x40000014:  e1a00000      nop                  (mov r0,r0)

Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
...

I can conclude that it is due to 'dc->is_jmp = DISAS_UPDATE'. With the
following patch everything is okay:

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 9f1d740..b55c5c2 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11345,7 +11345,6 @@ void gen_intermediate_code(CPUARMState *env,
TranslationBlock *tb)
                     if (bp->flags & BP_CPU) {
                         gen_helper_check_breakpoints(cpu_env);
                         /* End the TB early; it's likely not going to
be executed */
-                        dc->is_jmp = DISAS_UPDATE;
                     } else {
                         gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
                         /* Advance PC so that clearing the breakpoint will


As far as I understand, we can't do this in target-arm/translate.c
before dc->pc is advanced properly because CPU state's PC doesn't get
updated as in target-arm/translate-a64.c. Compare:

target-arm/translate.c:

        case
DISAS_JUMP:                                                                                              

        case
DISAS_UPDATE:                                                                                            

            /* indicate that the hash table must be used to find the
next TB */                                       
           
tcg_gen_exit_tb(0);                                                                                       

           
break;                                                                                                    



target-arm/translate-a64.c:

        case DISAS_UPDATE:
            gen_a64_set_pc_im(dc->pc);
            /* fall through */
        case DISAS_JUMP:
            /* indicate that the hash table must be used to find the
next TB */
            tcg_gen_exit_tb(0);
            break;

I think we could fix this problem by cleaning up DISAS_UPDATE usage in
target-arm/translate.c and implementing PC update as in
target-arm/translate-a64.c. I could prepare a patch for that.

Another problem, I think, is that we should somehow restore the CPU
state before raising an exception from check_breakpoints() helper. But
so far I have no idea how to fix this...

Any suggestions are highly appreciated :)

Best regards,
Sergey

Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling

[Peter Maydell]

On 21 October 2015 at 19:15, Sergey Fedorov <serge.fdrv@gmail.com> wrote:
> On 16.10.2015 16:58, Peter Maydell wrote:
>> From: Sergey Fedorov <serge.fdrv@gmail.com>
>>
>> A QEMU breakpoint match is not definitely an architectural breakpoint
>> match. If an exception is generated unconditionally during translation,
>> it is hardly possible to ignore it in the debug exception handler.
>>
>> Generate a call to a helper to check CPU breakpoints and raise an
>> exception only if any breakpoint matches architecturally.
>>
>> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---

> It turns out that this change introduced an issue which can be
> illustrated by the following test:

> I think we could fix this problem by cleaning up DISAS_UPDATE usage in
> target-arm/translate.c and implementing PC update as in
> target-arm/translate-a64.c. I could prepare a patch for that.
>
> Another problem, I think, is that we should somehow restore the CPU
> state before raising an exception from check_breakpoints() helper. But
> so far I have no idea how to fix this...

Hi, Sergey -- how are you doing with the fix for this? It would
be good to get it in and tested soon, because hardfreeze is next
week.

I've also had a report that this patch broke gdbstub single-stepping,
which might be the same underlying cause.

thanks
-- PMM

Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling

[Sergey Fedorov]

On 02.11.2015 14:09, Peter Maydell wrote:
> On 21 October 2015 at 19:15, Sergey Fedorov <serge.fdrv@gmail.com> wrote:
>> On 16.10.2015 16:58, Peter Maydell wrote:
>>> From: Sergey Fedorov <serge.fdrv@gmail.com>
>>>
>>> A QEMU breakpoint match is not definitely an architectural breakpoint
>>> match. If an exception is generated unconditionally during translation,
>>> it is hardly possible to ignore it in the debug exception handler.
>>>
>>> Generate a call to a helper to check CPU breakpoints and raise an
>>> exception only if any breakpoint matches architecturally.
>>>
>>> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
>>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>> ---
>> It turns out that this change introduced an issue which can be
>> illustrated by the following test:
>> I think we could fix this problem by cleaning up DISAS_UPDATE usage in
>> target-arm/translate.c and implementing PC update as in
>> target-arm/translate-a64.c. I could prepare a patch for that.
>>
>> Another problem, I think, is that we should somehow restore the CPU
>> state before raising an exception from check_breakpoints() helper. But
>> so far I have no idea how to fix this...
> Hi, Sergey -- how are you doing with the fix for this? It would
> be good to get it in and tested soon, because hardfreeze is next
> week.
>
> I've also had a report that this patch broke gdbstub single-stepping,
> which might be the same underlying cause.

Hi Peter,

The patch for DISAS_UPDATE is almost ready. Basically, all I need is to
prepare a commit message. But I'm not sure how to deal with CPU state
restoring issue. Also it's a strange thing about gdbstub single-stepping
I'm going to look at it.

Best,
Sergey

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 19 March 2018 at 18:34, Peter Maydell <peter.maydell@linaro.org> wrote:
> Arm patch queue -- these are all bug fix patches but we might
> as well put them in to rc0...
>
> thanks
> -- PMM
>
> The following changes since commit 2c8cfc0b52b5a4d123c26c0b5fdf941be24805be:
>
>   Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-03-19 11:44:26 +0000)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180319
>
> for you to fetch changes up to ff72cb6b46b95bb530787add5277c211af3d31c6:
>
>   hw/arm/raspi: Provide spin-loop code for AArch64 CPUs (2018-03-19 18:23:24 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fsl-imx6: Fix incorrect Ethernet interrupt defines
>  * dump: Update correct kdump phys_base field for AArch64
>  * char: i.MX: Add support for "TX complete" interrupt
>  * bcm2836/raspi: Fix various bugs resulting in panics trying
>    to boot a Debian Linux kernel on raspi3
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Arm patch queue -- these are all bug fix patches but we might
as well put them in to rc0...

thanks
-- PMM

The following changes since commit 2c8cfc0b52b5a4d123c26c0b5fdf941be24805be:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-03-19 11:44:26 +0000)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180319

for you to fetch changes up to ff72cb6b46b95bb530787add5277c211af3d31c6:

  hw/arm/raspi: Provide spin-loop code for AArch64 CPUs (2018-03-19 18:23:24 +0000)

----------------------------------------------------------------
target-arm queue:
 * fsl-imx6: Fix incorrect Ethernet interrupt defines
 * dump: Update correct kdump phys_base field for AArch64
 * char: i.MX: Add support for "TX complete" interrupt
 * bcm2836/raspi: Fix various bugs resulting in panics trying
   to boot a Debian Linux kernel on raspi3

----------------------------------------------------------------
Andrey Smirnov (2):
      char: i.MX: Simplify imx_update()
      char: i.MX: Add support for "TX complete" interrupt

Guenter Roeck (1):
      fsl-imx6: Swap Ethernet interrupt defines

Peter Maydell (9):
      hw/arm/raspi: Don't do board-setup or secure-boot for raspi3
      hw/arm/boot: assert that secure_boot and secure_board_setup are false for AArch64
      hw/arm/boot: If booting a kernel in EL2, set SCR_EL3.HCE
      hw/arm/bcm2386: Fix parent type of bcm2386
      hw/arm/bcm2836: Rename bcm2836 type/struct to bcm283x
      hw/arm/bcm2836: Create proper bcm2837 device
      hw/arm/bcm2836: Use correct affinity values for BCM2837
      hw/arm/bcm2836: Hardcode correct CPU type
      hw/arm/raspi: Provide spin-loop code for AArch64 CPUs

Wei Huang (1):
      dump: Update correct kdump phys_base field for AArch64

 include/hw/arm/bcm2836.h     | 31 +++++++++++++---
 include/hw/arm/fsl-imx6.h    |  4 +-
 include/hw/char/imx_serial.h |  3 ++
 dump.c                       | 14 +++++--
 hw/arm/bcm2836.c             | 87 +++++++++++++++++++++++++++++++-------------
 hw/arm/boot.c                | 12 ++++++
 hw/arm/raspi.c               | 77 +++++++++++++++++++++++++++++++--------
 hw/char/imx_serial.c         | 44 ++++++++++++++++------
 hw/net/imx_fec.c             | 28 +++++++++++++-
 9 files changed, 237 insertions(+), 63 deletions(-)

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 12 October 2017 at 17:03, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue:
>  * mostly my latest v8M stuff, plus a couple of minor patches
>
> The following changes since commit a0b261db8c030813e30a39eae47359ac2a37f7e2:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging (2017-10-12 10:02:09 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171012
>
> for you to fetch changes up to cf5f7937b05c84d5565134f058c00cd48304a117:
>
>   nvic: Fix miscalculation of offsets into ITNS array (2017-10-12 16:33:16 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * v8M: SG, BLXNS, secure-return
>  * v8M: fixes for coverity issues in previous patches
>  * arm: fix armv7m_init() declaration to match definition
>  * watchdog/aspeed: fix variable type to store reload value
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

target-arm queue:
 * mostly my latest v8M stuff, plus a couple of minor patches

The following changes since commit a0b261db8c030813e30a39eae47359ac2a37f7e2:

  Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging (2017-10-12 10:02:09 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171012

for you to fetch changes up to cf5f7937b05c84d5565134f058c00cd48304a117:

  nvic: Fix miscalculation of offsets into ITNS array (2017-10-12 16:33:16 +0100)

----------------------------------------------------------------
target-arm queue:
 * v8M: SG, BLXNS, secure-return
 * v8M: fixes for coverity issues in previous patches
 * arm: fix armv7m_init() declaration to match definition
 * watchdog/aspeed: fix variable type to store reload value

----------------------------------------------------------------
Cédric Le Goater (1):
      watchdog/aspeed: fix variable type to store reload value

Igor Mammedov (1):
      arm: fix armv7m_init() declaration to match definition

Peter Maydell (11):
      target/arm: Add M profile secure MMU index values to get_a32_user_mem_index()
      target/arm: Implement SG instruction
      target/arm: Implement BLXNS
      target/arm: Implement secure function return
      target-arm: Don't check for "Thumb2 or M profile" for not-Thumb1
      target/arm: Pull Thumb insn word loads up to top level
      target-arm: Simplify insn_crosses_page()
      target/arm: Support some Thumb insns being always unconditional
      target/arm: Implement SG instruction corner cases
      nvic: Add missing 'break'
      nvic: Fix miscalculation of offsets into ITNS array

 include/hw/arm/arm.h     |   2 +-
 target/arm/helper.h      |   1 +
 target/arm/internals.h   |   8 ++
 hw/intc/armv7m_nvic.c    |   5 +-
 hw/watchdog/wdt_aspeed.c |   4 +-
 target/arm/helper.c      | 306 ++++++++++++++++++++++++++++++++++++++++++++--
 target/arm/translate.c   | 310 ++++++++++++++++++++++++++++++++---------------
 7 files changed, 521 insertions(+), 115 deletions(-)

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PULL 00/13] target-arm queue
Message-id: 1486492645-27803-1-git-send-email-peter.maydell@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/1486454676-29112-1-git-send-email-bharata@linux.vnet.ibm.com -> patchew/1486454676-29112-1-git-send-email-bharata@linux.vnet.ibm.com
 * [new tag]         patchew/1486492645-27803-1-git-send-email-peter.maydell@linaro.org -> patchew/1486492645-27803-1-git-send-email-peter.maydell@linaro.org
 - [tag update]      patchew/20170203160651.19917-1-dgilbert@redhat.com -> patchew/20170203160651.19917-1-dgilbert@redhat.com
 - [tag update]      patchew/20170206112953.16993-1-berrange@redhat.com -> patchew/20170206112953.16993-1-berrange@redhat.com
 - [tag update]      patchew/20170207135211.15870-1-marcandre.lureau@redhat.com -> patchew/20170207135211.15870-1-marcandre.lureau@redhat.com
Switched to a new branch 'test'
42d6adc stellaris: Use the 'unimplemented' device for parts we don't implement
437dc39 hw/misc: New "unimplemented" sysbus device
cf763a0 stellaris: Document memory map and which SoC devices are unimplemented
f9d8179 target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
9a7aa9e target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
9d362c5 arm: Correctly handle watchpoints for BE32 CPUs
a454865 Fix Thumb-1 BE32 execution and disassembly.
753a1d2 target/arm: Add cfgend parameter for ARM CPU selection.
7ddb3c4 hw/arm/integratorcp: Support specifying features via -cpu
49b034d sd: sdhci: check data length during dma_memory_read
0ae81e4 aspeed: add a watchdog controller
d7e9de5 wdt: Add Aspeed watchdog device model
e677809 integratorcp: adding vmstate for save/restore

=== OUTPUT BEGIN ===
Checking PATCH 1/13: integratorcp: adding vmstate for save/restore...
Checking PATCH 2/13: wdt: Add Aspeed watchdog device model...
Checking PATCH 3/13: aspeed: add a watchdog controller...
Checking PATCH 4/13: sd: sdhci: check data length during dma_memory_read...
Checking PATCH 5/13: hw/arm/integratorcp: Support specifying features via -cpu...
Checking PATCH 6/13: target/arm: Add cfgend parameter for ARM CPU selection....
Checking PATCH 7/13: Fix Thumb-1 BE32 execution and disassembly....
ERROR: code indent should never use tabs
#44: FILE: include/disas/bfd.h:298:
+#define INSN_ARM_BE32^I0x00010000$

total: 1 errors, 0 warnings, 77 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 8/13: arm: Correctly handle watchpoints for BE32 CPUs...
ERROR: space prohibited between function name and open parenthesis '('
#49: FILE: include/qom/cpu.h:200:
+    vaddr (*adjust_watchpoint_address)(CPUState *cpu, vaddr addr, int len);

total: 1 errors, 0 warnings, 88 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/13: target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode...
Checking PATCH 10/13: target/arm: A32, T32: Create Instruction Syndromes for Data Aborts...
Checking PATCH 11/13: stellaris: Document memory map and which SoC devices are unimplemented...
Checking PATCH 12/13: hw/misc: New "unimplemented" sysbus device...
Checking PATCH 13/13: stellaris: Use the 'unimplemented' device for parts we don't implement...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 7 February 2017 at 18:37, Peter Maydell <peter.maydell@linaro.org> wrote:
> A random mix of items here, nothing very major.
>
> thanks
> -- PMM
>
>
> The following changes since commit d0dff238a87fa81393ed72754d4dc8b09e50b08b:
>
>   Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' into staging (2017-02-07 15:29:26 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170207
>
> for you to fetch changes up to 7727b832886fafbdec7299eb7773dc9071bf4cdd:
>
>   stellaris: Use the 'unimplemented' device for parts we don't implement (2017-02-07 18:30:00 +0000)
>
> ----------------------------------------------------------------
> target-arm:
>  * new "unimplemented" device for stubbing out devices in a
>    system model so accesses can be logged
>  * stellaris: document the SoC memory map
>  * arm: create instruction syndromes for AArch32 data aborts
>  * arm: Correctly handle watchpoints for BE32 CPUs
>  * Fix Thumb-1 BE32 execution and disassembly
>  * arm: Add cfgend parameter for ARM CPU selection
>  * sd: sdhci: check data length during dma_memory_read
>  * aspeed: add a watchdog controller
>  * integratorcp: adding vmstate for save/restore

Clang complains about unused functions; will squash in:

diff --git a/target/arm/translate.c b/target/arm/translate.c
index a14f74c..4436d8f 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -982,7 +982,7 @@ static inline void
gen_aa32_ld##SUFF##_iss(DisasContext *s,              \
                                            TCGv_i32 a32, int index,      \
                                            ISSInfo issinfo)              \
 {                                                                        \
-    gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);               \
+    gen_aa32_ld##SUFF(s, val, a32, index);                               \
     disas_set_da_iss(s, OPC, issinfo);                                   \
 }

@@ -997,7 +997,7 @@ static inline void
gen_aa32_st##SUFF##_iss(DisasContext *s,              \
                                            TCGv_i32 a32, int index,      \
                                            ISSInfo issinfo)              \
 {                                                                        \
-    gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);               \
+    gen_aa32_st##SUFF(s, val, a32, index);                               \
     disas_set_da_iss(s, OPC, issinfo | ISSIsWrite);                      \
 }


(which avoids the problem by having the _iss() versions of the
function call the non-iss versions rather than duplicating
their function body; seems like better code anyway.)

thanks
-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

A random mix of items here, nothing very major.

thanks
-- PMM


The following changes since commit d0dff238a87fa81393ed72754d4dc8b09e50b08b:

  Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' into staging (2017-02-07 15:29:26 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170207

for you to fetch changes up to 7727b832886fafbdec7299eb7773dc9071bf4cdd:

  stellaris: Use the 'unimplemented' device for parts we don't implement (2017-02-07 18:30:00 +0000)

----------------------------------------------------------------
target-arm:
 * new "unimplemented" device for stubbing out devices in a
   system model so accesses can be logged
 * stellaris: document the SoC memory map
 * arm: create instruction syndromes for AArch32 data aborts
 * arm: Correctly handle watchpoints for BE32 CPUs
 * Fix Thumb-1 BE32 execution and disassembly
 * arm: Add cfgend parameter for ARM CPU selection
 * sd: sdhci: check data length during dma_memory_read
 * aspeed: add a watchdog controller
 * integratorcp: adding vmstate for save/restore

----------------------------------------------------------------
Cédric Le Goater (2):
      wdt: Add Aspeed watchdog device model
      aspeed: add a watchdog controller

Julian Brown (4):
      hw/arm/integratorcp: Support specifying features via -cpu
      target/arm: Add cfgend parameter for ARM CPU selection.
      Fix Thumb-1 BE32 execution and disassembly.
      arm: Correctly handle watchpoints for BE32 CPUs

Pavel Dovgalyuk (1):
      integratorcp: adding vmstate for save/restore

Peter Maydell (5):
      target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
      target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
      stellaris: Document memory map and which SoC devices are unimplemented
      hw/misc: New "unimplemented" sysbus device
      stellaris: Use the 'unimplemented' device for parts we don't implement

Prasad J Pandit (1):
      sd: sdhci: check data length during dma_memory_read

 hw/misc/Makefile.objs            |   2 +
 hw/watchdog/Makefile.objs        |   1 +
 include/disas/bfd.h              |   7 ++
 include/hw/arm/aspeed_soc.h      |   2 +
 include/hw/misc/unimp.h          |  39 +++++++
 include/hw/watchdog/wdt_aspeed.h |  32 ++++++
 include/qom/cpu.h                |   3 +
 target/arm/arm_ldst.h            |  10 +-
 target/arm/cpu.h                 |   7 ++
 target/arm/internals.h           |   5 +
 target/arm/translate.h           |  14 +++
 disas.c                          |   1 +
 exec.c                           |   1 +
 hw/arm/aspeed_soc.c              |  13 +++
 hw/arm/integratorcp.c            |  78 +++++++++++++-
 hw/arm/stellaris.c               |  48 +++++++++
 hw/misc/unimp.c                  | 107 +++++++++++++++++++
 hw/sd/sdhci.c                    |   2 +-
 hw/watchdog/wdt_aspeed.c         | 225 +++++++++++++++++++++++++++++++++++++++
 qom/cpu.c                        |   6 ++
 target/arm/cpu.c                 |  39 +++++++
 target/arm/op_helper.c           |  22 ++++
 target/arm/translate-a64.c       |  14 ---
 target/arm/translate.c           | 193 ++++++++++++++++++++++++---------
 24 files changed, 801 insertions(+), 70 deletions(-)
 create mode 100644 include/hw/misc/unimp.h
 create mode 100644 include/hw/watchdog/wdt_aspeed.h
 create mode 100644 hw/misc/unimp.c
 create mode 100644 hw/watchdog/wdt_aspeed.c

Re: [Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

On 3 November 2015 at 14:13, Peter Maydell <peter.maydell@linaro.org> wrote:
> Here's the target-arm queue for 2.5: a few minor cleanups, one or
> two small new features, and a pile of bug fixes.
>
> Still on my to-review list for 2.5:
>  * the breakpoint/singlestep fixes
>  * highbank boot blob patchset
>  * zynq ADC controller (maybe)
>
> so I expect to do another pullreq before rc0.
>
> thanks
> -- PMM
>
> The following changes since commit 130d0bc6594d0cc6591d00312841891b3c187b07:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20151103-1' into staging (2015-11-03 10:20:04 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151103
>
> for you to fetch changes up to 5d9c1756140d680e66e5b45005a1fb7078b74ee1:
>
>   ARM: ACPI: Fix MPIDR value in ACPI table (2015-11-03 13:49:42 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * code cleanup to use symbolic constants for register bank numbers
>  * fix direct booting of modern Linux kernels on xilinx_zynq by setting
>    SCLR values to what the kernel expects firmware to have done
>  * implement SYSRESETREQ for ARMv7M CPU (stellaris boards)
>  * update MAINTAINERS to mention new qemu-arm mailing list
>  * clean up display of PSTATE in AArch64 debug logs
>  * report Secure/Nonsecure status in CPU debug logs
>  * fix a missing _CCA attribute in ACPI tables
>  * add support for GICv3 to ACPI tables
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/13] target-arm queue

[Peter Maydell]

Here's the target-arm queue for 2.5: a few minor cleanups, one or
two small new features, and a pile of bug fixes.

Still on my to-review list for 2.5:
 * the breakpoint/singlestep fixes
 * highbank boot blob patchset
 * zynq ADC controller (maybe)

so I expect to do another pullreq before rc0.

thanks
-- PMM

The following changes since commit 130d0bc6594d0cc6591d00312841891b3c187b07:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20151103-1' into staging (2015-11-03 10:20:04 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151103

for you to fetch changes up to 5d9c1756140d680e66e5b45005a1fb7078b74ee1:

  ARM: ACPI: Fix MPIDR value in ACPI table (2015-11-03 13:49:42 +0000)

----------------------------------------------------------------
target-arm queue:
 * code cleanup to use symbolic constants for register bank numbers
 * fix direct booting of modern Linux kernels on xilinx_zynq by setting
   SCLR values to what the kernel expects firmware to have done
 * implement SYSRESETREQ for ARMv7M CPU (stellaris boards)
 * update MAINTAINERS to mention new qemu-arm mailing list
 * clean up display of PSTATE in AArch64 debug logs
 * report Secure/Nonsecure status in CPU debug logs
 * fix a missing _CCA attribute in ACPI tables
 * add support for GICv3 to ACPI tables

----------------------------------------------------------------
Graeme Gregory (1):
      hw/arm/virt-acpi-build: _CCA attribute is compulsory

Michael Davidsaver (3):
      armv7-m: Return DeviceState* from armv7m_init()
      armv7-m: Implement SYSRESETREQ
      arm: stellaris: exit on external reset request

Peter Crosthwaite (3):
      arm: boot: Adjust indentation of FIXUP comments
      arm: boot: Add board specific setup code API
      arm: xilinx_zynq: Add linux pre-boot

Peter Maydell (3):
      MAINTAINERS: Add new qemu-arm mailing list to ARM related entries
      target-arm: Bring AArch64 debug CPU display of PSTATE into line with AArch32
      target-arm: Report S/NS status in the CPU debug logs

Shannon Zhao (2):
      hw/arm/virt-acpi-build: Add GICC ACPI subtable for GICv3
      ARM: ACPI: Fix MPIDR value in ACPI table

Soren Brinkmann (1):
      target-arm: Add and use symbolic names for register banks

 MAINTAINERS                | 23 +++++++++++++++++++++++
 hw/arm/armv7m.c            |  9 ++-------
 hw/arm/boot.c              | 36 +++++++++++++++++++++++++++---------
 hw/arm/stellaris.c         | 41 ++++++++++++++++++++++++++++++-----------
 hw/arm/stm32f205_soc.c     | 15 ++++++++-------
 hw/arm/virt-acpi-build.c   | 33 +++++++++++++++++++--------------
 hw/arm/xilinx_zynq.c       | 42 ++++++++++++++++++++++++++++++++++++++++++
 hw/intc/armv7m_nvic.c      |  9 ++++++++-
 include/hw/arm/arm.h       | 12 +++++++++++-
 target-arm/helper.c        | 37 ++++++++++++++++++++++---------------
 target-arm/internals.h     | 16 +++++++++++++---
 target-arm/kvm32.c         | 34 +++++++++++++++++-----------------
 target-arm/op_helper.c     |  8 ++++----
 target-arm/translate-a64.c | 17 ++++++++++++++---
 target-arm/translate.c     | 12 +++++++++++-
 15 files changed, 251 insertions(+), 93 deletions(-)