[Qemu-devel] [PULL 0/7] target-arm queue

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

A small set of arm bugfixes for rc0.



The following changes since commit 5853e92207193e967abf5e4c25b4a551c7604725:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20171107' into staging (2017-11-07 12:19:48 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171107

for you to fetch changes up to 8a7348b5d62d7ea16807e6bea54b448a0184bb0f:

  hw/intc/arm_gicv3_its: Don't abort on table save failure (2017-11-07 13:03:52 +0000)

----------------------------------------------------------------
target-arm queue:
 * arm_gicv3_its: Don't abort on table save failure
 * arm_gicv3_its: Fix the VM termination in vm_change_state_handler()
 * translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD
 * hw/arm: Mark the "fsl,imx31/25/6" devices with user_creatable = false
 * arm: implement cache/shareability attribute bits for PAR registers

----------------------------------------------------------------
Andrew Baumann (1):
      arm: implement cache/shareability attribute bits for PAR registers

Eric Auger (1):
      hw/intc/arm_gicv3_its: Don't abort on table save failure

Peter Maydell (1):
      translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD

Shanker Donthineni (1):
      hw/intc/arm_gicv3_its: Fix the VM termination in vm_change_state_handler()

Thomas Huth (3):
      hw/arm: Mark the "fsl,imx6" device with user_creatable = false
      hw/arm: Mark the "fsl,imx25" device with user_creatable = false
      hw/arm: Mark the "fsl,imx31" device with user_creatable = false

 hw/arm/fsl-imx25.c          |   6 +-
 hw/arm/fsl-imx31.c          |   6 +-
 hw/arm/fsl-imx6.c           |   3 +-
 hw/intc/arm_gicv3_its_kvm.c |  12 +--
 target/arm/helper.c         | 178 ++++++++++++++++++++++++++++++++++++++++----
 target/arm/translate.c      |  39 ++++++++--
 6 files changed, 214 insertions(+), 30 deletions(-)

[Qemu-devel] [PULL 1/7] arm: implement cache/shareability attribute bits for PAR registers

[Peter Maydell]

From: Andrew Baumann <Andrew.Baumann@microsoft.com>

On a successful address translation instruction, PAR is supposed to
contain cacheability and shareability attributes determined by the
translation. We previously returned 0 for these bits (in line with the
general strategy of ignoring caches and memory attributes), but some
guest OSes may depend on them.

This patch collects the attribute bits in the page-table walk, and
updates PAR with the correct attributes for all LPAE translations.
Short descriptor formats still return 0 for these bits, as in the
prior implementation.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 20171031223830.4608-1-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 178 +++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 164 insertions(+), 14 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 96113fe..f61fb3e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -19,17 +19,23 @@
 #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
 
 #ifndef CONFIG_USER_ONLY
+/* Cacheability and shareability attributes for a memory access */
+typedef struct ARMCacheAttrs {
+    unsigned int attrs:8; /* as in the MAIR register encoding */
+    unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */
+} ARMCacheAttrs;
+
 static bool get_phys_addr(CPUARMState *env, target_ulong address,
                           MMUAccessType access_type, ARMMMUIdx mmu_idx,
                           hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
                           target_ulong *page_size, uint32_t *fsr,
-                          ARMMMUFaultInfo *fi);
+                          ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs);
 
 static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
                                MMUAccessType access_type, ARMMMUIdx mmu_idx,
                                hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
                                target_ulong *page_size_ptr, uint32_t *fsr,
-                               ARMMMUFaultInfo *fi);
+                               ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs);
 
 /* Security attributes for an address, as returned by v8m_security_lookup. */
 typedef struct V8M_SAttributes {
@@ -2159,9 +2165,10 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
     uint64_t par64;
     MemTxAttrs attrs = {};
     ARMMMUFaultInfo fi = {};
+    ARMCacheAttrs cacheattrs = {};
 
-    ret = get_phys_addr(env, value, access_type, mmu_idx,
-                        &phys_addr, &attrs, &prot, &page_size, &fsr, &fi);
+    ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
+                        &prot, &page_size, &fsr, &fi, &cacheattrs);
     if (extended_addresses_enabled(env)) {
         /* fsr is a DFSR/IFSR value for the long descriptor
          * translation table format, but with WnR always clear.
@@ -2173,7 +2180,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
             if (!attrs.secure) {
                 par64 |= (1 << 9); /* NS */
             }
-            /* We don't set the ATTR or SH fields in the PAR. */
+            par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */
+            par64 |= cacheattrs.shareability << 7; /* SH */
         } else {
             par64 |= 1; /* F */
             par64 |= (fsr & 0x3f) << 1; /* FS */
@@ -6925,7 +6933,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
         return false;
     }
     if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx,
-                      &physaddr, &attrs, &prot, &page_size, &fsr, &fi)) {
+                      &physaddr, &attrs, &prot, &page_size, &fsr, &fi, NULL)) {
         /* the MPU lookup failed */
         env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
@@ -8207,7 +8215,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
         int ret;
 
         ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
-                                 &txattrs, &s2prot, &s2size, fsr, fi);
+                                 &txattrs, &s2prot, &s2size, fsr, fi, NULL);
         if (ret) {
             fi->s2addr = addr;
             fi->stage2 = true;
@@ -8608,11 +8616,41 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
     return true;
 }
 
+/* Translate from the 4-bit stage 2 representation of
+ * memory attributes (without cache-allocation hints) to
+ * the 8-bit representation of the stage 1 MAIR registers
+ * (which includes allocation hints).
+ *
+ * ref: shared/translation/attrs/S2AttrDecode()
+ *      .../S2ConvertAttrsHints()
+ */
+static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs)
+{
+    uint8_t hiattr = extract32(s2attrs, 2, 2);
+    uint8_t loattr = extract32(s2attrs, 0, 2);
+    uint8_t hihint = 0, lohint = 0;
+
+    if (hiattr != 0) { /* normal memory */
+        if ((env->cp15.hcr_el2 & HCR_CD) != 0) { /* cache disabled */
+            hiattr = loattr = 1; /* non-cacheable */
+        } else {
+            if (hiattr != 1) { /* Write-through or write-back */
+                hihint = 3; /* RW allocate */
+            }
+            if (loattr != 1) { /* Write-through or write-back */
+                lohint = 3; /* RW allocate */
+            }
+        }
+    }
+
+    return (hiattr << 6) | (hihint << 4) | (loattr << 2) | lohint;
+}
+
 static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
                                MMUAccessType access_type, ARMMMUIdx mmu_idx,
                                hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
                                target_ulong *page_size_ptr, uint32_t *fsr,
-                               ARMMMUFaultInfo *fi)
+                               ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
 {
     ARMCPU *cpu = arm_env_get_cpu(env);
     CPUState *cs = CPU(cpu);
@@ -8929,6 +8967,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
          */
         txattrs->secure = false;
     }
+
+    if (cacheattrs != NULL) {
+        if (mmu_idx == ARMMMUIdx_S2NS) {
+            cacheattrs->attrs = convert_stage2_attrs(env,
+                                                     extract32(attrs, 0, 4));
+        } else {
+            /* Index into MAIR registers for cache attributes */
+            uint8_t attrindx = extract32(attrs, 0, 3);
+            uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
+            assert(attrindx <= 7);
+            cacheattrs->attrs = extract64(mair, attrindx * 8, 8);
+        }
+        cacheattrs->shareability = extract32(attrs, 6, 2);
+    }
+
     *phys_ptr = descaddr;
     *page_size_ptr = page_size;
     return false;
@@ -9490,6 +9543,93 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
     return false;
 }
 
+/* Combine either inner or outer cacheability attributes for normal
+ * memory, according to table D4-42 and pseudocode procedure
+ * CombineS1S2AttrHints() of ARM DDI 0487B.b (the ARMv8 ARM).
+ *
+ * NB: only stage 1 includes allocation hints (RW bits), leading to
+ * some asymmetry.
+ */
+static uint8_t combine_cacheattr_nibble(uint8_t s1, uint8_t s2)
+{
+    if (s1 == 4 || s2 == 4) {
+        /* non-cacheable has precedence */
+        return 4;
+    } else if (extract32(s1, 2, 2) == 0 || extract32(s1, 2, 2) == 2) {
+        /* stage 1 write-through takes precedence */
+        return s1;
+    } else if (extract32(s2, 2, 2) == 2) {
+        /* stage 2 write-through takes precedence, but the allocation hint
+         * is still taken from stage 1
+         */
+        return (2 << 2) | extract32(s1, 0, 2);
+    } else { /* write-back */
+        return s1;
+    }
+}
+
+/* Combine S1 and S2 cacheability/shareability attributes, per D4.5.4
+ * and CombineS1S2Desc()
+ *
+ * @s1:      Attributes from stage 1 walk
+ * @s2:      Attributes from stage 2 walk
+ */
+static ARMCacheAttrs combine_cacheattrs(ARMCacheAttrs s1, ARMCacheAttrs s2)
+{
+    uint8_t s1lo = extract32(s1.attrs, 0, 4), s2lo = extract32(s2.attrs, 0, 4);
+    uint8_t s1hi = extract32(s1.attrs, 4, 4), s2hi = extract32(s2.attrs, 4, 4);
+    ARMCacheAttrs ret;
+
+    /* Combine shareability attributes (table D4-43) */
+    if (s1.shareability == 2 || s2.shareability == 2) {
+        /* if either are outer-shareable, the result is outer-shareable */
+        ret.shareability = 2;
+    } else if (s1.shareability == 3 || s2.shareability == 3) {
+        /* if either are inner-shareable, the result is inner-shareable */
+        ret.shareability = 3;
+    } else {
+        /* both non-shareable */
+        ret.shareability = 0;
+    }
+
+    /* Combine memory type and cacheability attributes */
+    if (s1hi == 0 || s2hi == 0) {
+        /* Device has precedence over normal */
+        if (s1lo == 0 || s2lo == 0) {
+            /* nGnRnE has precedence over anything */
+            ret.attrs = 0;
+        } else if (s1lo == 4 || s2lo == 4) {
+            /* non-Reordering has precedence over Reordering */
+            ret.attrs = 4;  /* nGnRE */
+        } else if (s1lo == 8 || s2lo == 8) {
+            /* non-Gathering has precedence over Gathering */
+            ret.attrs = 8;  /* nGRE */
+        } else {
+            ret.attrs = 0xc; /* GRE */
+        }
+
+        /* Any location for which the resultant memory type is any
+         * type of Device memory is always treated as Outer Shareable.
+         */
+        ret.shareability = 2;
+    } else { /* Normal memory */
+        /* Outer/inner cacheability combine independently */
+        ret.attrs = combine_cacheattr_nibble(s1hi, s2hi) << 4
+                  | combine_cacheattr_nibble(s1lo, s2lo);
+
+        if (ret.attrs == 0x44) {
+            /* Any location for which the resultant memory type is Normal
+             * Inner Non-cacheable, Outer Non-cacheable is always treated
+             * as Outer Shareable.
+             */
+            ret.shareability = 2;
+        }
+    }
+
+    return ret;
+}
+
+
 /* get_phys_addr - get the physical address for this virtual address
  *
  * Find the physical address corresponding to the given virtual address,
@@ -9514,12 +9654,14 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
  * @prot: set to the permissions for the page containing phys_ptr
  * @page_size: set to the size of the page containing phys_ptr
  * @fsr: set to the DFSR/IFSR value on failure
+ * @fi: set to fault info if the translation fails
+ * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
  */
 static bool get_phys_addr(CPUARMState *env, target_ulong address,
                           MMUAccessType access_type, ARMMMUIdx mmu_idx,
                           hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
                           target_ulong *page_size, uint32_t *fsr,
-                          ARMMMUFaultInfo *fi)
+                          ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
 {
     if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
         /* Call ourselves recursively to do the stage 1 and then stage 2
@@ -9529,10 +9671,11 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
             hwaddr ipa;
             int s2_prot;
             int ret;
+            ARMCacheAttrs cacheattrs2 = {};
 
             ret = get_phys_addr(env, address, access_type,
                                 stage_1_mmu_idx(mmu_idx), &ipa, attrs,
-                                prot, page_size, fsr, fi);
+                                prot, page_size, fsr, fi, cacheattrs);
 
             /* If S1 fails or S2 is disabled, return early.  */
             if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
@@ -9543,10 +9686,17 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
             /* S1 is done. Now do S2 translation.  */
             ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS,
                                      phys_ptr, attrs, &s2_prot,
-                                     page_size, fsr, fi);
+                                     page_size, fsr, fi,
+                                     cacheattrs != NULL ? &cacheattrs2 : NULL);
             fi->s2addr = ipa;
             /* Combine the S1 and S2 perms.  */
             *prot &= s2_prot;
+
+            /* Combine the S1 and S2 cache attributes, if needed */
+            if (!ret && cacheattrs != NULL) {
+                *cacheattrs = combine_cacheattrs(*cacheattrs, cacheattrs2);
+            }
+
             return ret;
         } else {
             /*
@@ -9617,7 +9767,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
 
     if (regime_using_lpae_format(env, mmu_idx)) {
         return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr,
-                                  attrs, prot, page_size, fsr, fi);
+                                  attrs, prot, page_size, fsr, fi, cacheattrs);
     } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
         return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr,
                                 attrs, prot, page_size, fsr, fi);
@@ -9645,7 +9795,7 @@ bool arm_tlb_fill(CPUState *cs, vaddr address,
 
     ret = get_phys_addr(env, address, access_type,
                         core_to_arm_mmu_idx(env, mmu_idx), &phys_addr,
-                        &attrs, &prot, &page_size, fsr, fi);
+                        &attrs, &prot, &page_size, fsr, fi, NULL);
     if (!ret) {
         /* Map a single [sub]page.  */
         phys_addr &= TARGET_PAGE_MASK;
@@ -9674,7 +9824,7 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
     *attrs = (MemTxAttrs) {};
 
     ret = get_phys_addr(env, addr, 0, mmu_idx, &phys_addr,
-                        attrs, &prot, &page_size, &fsr, &fi);
+                        attrs, &prot, &page_size, &fsr, &fi, NULL);
 
     if (ret) {
         return -1;
-- 
2.7.4

[Qemu-devel] [PULL 2/7] hw/arm: Mark the "fsl, imx6" device with user_creatable = false

[Peter Maydell]

From: Thomas Huth <thuth@redhat.com>

This device causes QEMU to abort if the user tries to instantiate it:

$ qemu-system-aarch64 -M sabrelite -smp 1,maxcpus=2 -device fsl,,imx6
Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222:
qemu-system-aarch64: -device fsl,,imx6: Device 'serial0' is in use
Aborted (core dumped)

The device uses serial_hds[] directly in its realize function, so it
can not be instantiated again by the user.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1509519537-6964-2-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/fsl-imx6.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
index 26fd214..59ef33e 100644
--- a/hw/arm/fsl-imx6.c
+++ b/hw/arm/fsl-imx6.c
@@ -440,8 +440,9 @@ static void fsl_imx6_class_init(ObjectClass *oc, void *data)
     DeviceClass *dc = DEVICE_CLASS(oc);
 
     dc->realize = fsl_imx6_realize;
-
     dc->desc = "i.MX6 SOC";
+    /* Reason: Uses serial_hds[] in the realize() function */
+    dc->user_creatable = false;
 }
 
 static const TypeInfo fsl_imx6_type_info = {
-- 
2.7.4

[Qemu-devel] [PULL 3/7] hw/arm: Mark the "fsl, imx25" device with user_creatable = false

[Peter Maydell]

From: Thomas Huth <thuth@redhat.com>

QEMU currently crashes when the user tries to instantiate the fsl,imx25
device manually:

$ aarch64-softmmu/qemu-system-aarch64 -S -M imx25-pdk -device fsl,,imx25
**
ERROR:/home/thuth/devel/qemu/tcg/tcg.c:538:tcg_register_thread:
 assertion failed: (n < max_cpus)

The imx25-pdk board (which is the one that uses this CPU type) only
supports one CPU, and the realize function of the "fsl,imx25" device
also uses serial_hds[] directly, so this device clearly can not be
instantiated twice and thus we should mark it with user_creatable = 0.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1509519537-6964-3-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/fsl-imx25.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
index 3b97ece..cb988a6 100644
--- a/hw/arm/fsl-imx25.c
+++ b/hw/arm/fsl-imx25.c
@@ -288,8 +288,12 @@ static void fsl_imx25_class_init(ObjectClass *oc, void *data)
     DeviceClass *dc = DEVICE_CLASS(oc);
 
     dc->realize = fsl_imx25_realize;
-
     dc->desc = "i.MX25 SOC";
+    /*
+     * Reason: uses serial_hds in realize and the imx25 board does not
+     * support multiple CPUs
+     */
+    dc->user_creatable = false;
 }
 
 static const TypeInfo fsl_imx25_type_info = {
-- 
2.7.4

[Qemu-devel] [PULL 4/7] hw/arm: Mark the "fsl, imx31" device with user_creatable = false

[Peter Maydell]

From: Thomas Huth <thuth@redhat.com>

QEMU currently crashes when the user tries to instantiate the fsl,imx31
device manually:

$ aarch64-softmmu/qemu-system-aarch64 -M kzm -device fsl,,imx31
**
ERROR:/home/thuth/devel/qemu/tcg/tcg.c:538:tcg_register_thread:
 assertion failed: (n < max_cpus)
Aborted (core dumped)

The kzm board (which is the one that uses this CPU type) only supports
one CPU, and the realize function of the "fsl,imx31" device also uses
serial_hds[] directly, so this device clearly can not be instantiated
twice and thus we should mark it with user_creatable = false.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1509519537-6964-4-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/fsl-imx31.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 0f2ebe8..3eee83d 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -260,8 +260,12 @@ static void fsl_imx31_class_init(ObjectClass *oc, void *data)
     DeviceClass *dc = DEVICE_CLASS(oc);
 
     dc->realize = fsl_imx31_realize;
-
     dc->desc = "i.MX31 SOC";
+    /*
+     * Reason: uses serial_hds in realize and the kzm board does not
+     * support multiple CPUs
+     */
+    dc->user_creatable = false;
 }
 
 static const TypeInfo fsl_imx31_type_info = {
-- 
2.7.4

[Qemu-devel] [PULL 5/7] translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD

[Peter Maydell]

For AArch32 LDREXD and STREXD, architecturally the 32-bit word at the
lowest address is always Rt and the one at addr+4 is Rt2, even if the
CPU is big-endian. Our implementation does these with a single
64-bit store, so if we're big-endian then we need to put the two
32-bit halves together in the opposite order to little-endian,
so that they end up in the right places. We were trying to do
this with the gen_aa32_frob64() function, but that is not correct
for the usermode emulator, because there there is a distinction
between "load a 64 bit value" (which does a BE 64-bit access
and doesn't need swapping) and "load two 32 bit values as one
64 bit access" (where we still need to do the swapping, like
system mode BE32).

Fixes: https://bugs.launchpad.net/qemu/+bug/1725267
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1509622400-13351-1-git-send-email-peter.maydell@linaro.org
---
 target/arm/translate.c | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index df57dbb..4afb0c8 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -7903,9 +7903,27 @@ static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
         TCGv_i32 tmp2 = tcg_temp_new_i32();
         TCGv_i64 t64 = tcg_temp_new_i64();
 
-        gen_aa32_ld_i64(s, t64, addr, get_mem_index(s), opc);
+        /* For AArch32, architecturally the 32-bit word at the lowest
+         * address is always Rt and the one at addr+4 is Rt2, even if
+         * the CPU is big-endian. That means we don't want to do a
+         * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
+         * for an architecturally 64-bit access, but instead do a
+         * 64-bit access using MO_BE if appropriate and then split
+         * the two halves.
+         * This only makes a difference for BE32 user-mode, where
+         * frob64() must not flip the two halves of the 64-bit data
+         * but this code must treat BE32 user-mode like BE32 system.
+         */
+        TCGv taddr = gen_aa32_addr(s, addr, opc);
+
+        tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
+        tcg_temp_free(taddr);
         tcg_gen_mov_i64(cpu_exclusive_val, t64);
-        tcg_gen_extr_i64_i32(tmp, tmp2, t64);
+        if (s->be_data == MO_BE) {
+            tcg_gen_extr_i64_i32(tmp2, tmp, t64);
+        } else {
+            tcg_gen_extr_i64_i32(tmp, tmp2, t64);
+        }
         tcg_temp_free_i64(t64);
 
         store_reg(s, rt2, tmp2);
@@ -7954,15 +7972,26 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
         TCGv_i64 n64 = tcg_temp_new_i64();
 
         t2 = load_reg(s, rt2);
-        tcg_gen_concat_i32_i64(n64, t1, t2);
+        /* For AArch32, architecturally the 32-bit word at the lowest
+         * address is always Rt and the one at addr+4 is Rt2, even if
+         * the CPU is big-endian. Since we're going to treat this as a
+         * single 64-bit BE store, we need to put the two halves in the
+         * opposite order for BE to LE, so that they end up in the right
+         * places.
+         * We don't want gen_aa32_frob64() because that does the wrong
+         * thing for BE32 usermode.
+         */
+        if (s->be_data == MO_BE) {
+            tcg_gen_concat_i32_i64(n64, t2, t1);
+        } else {
+            tcg_gen_concat_i32_i64(n64, t1, t2);
+        }
         tcg_temp_free_i32(t2);
-        gen_aa32_frob64(s, n64);
 
         tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
                                    get_mem_index(s), opc);
         tcg_temp_free_i64(n64);
 
-        gen_aa32_frob64(s, o64);
         tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
         tcg_gen_extrl_i64_i32(t0, o64);
 
-- 
2.7.4

[Qemu-devel] [PULL 6/7] hw/intc/arm_gicv3_its: Fix the VM termination in vm_change_state_handler()

[Peter Maydell]

From: Shanker Donthineni <shankerd@codeaurora.org>

The commit cddafd8f353d ("hw/intc/arm_gicv3_its: Implement state save
/restore") breaks the backward compatibility with the older kernels
where vITS save/restore support is not available. The vmstate function
vm_change_state_handler() should not be registered if the running kernel
doesn't support ITS save/restore feature. Otherwise VM instance will be
killed whenever vmstate callback function is invoked.

Observed a virtual machine shutdown with QEMU-2.10+linux-4.11 when testing
the reboot command "virsh reboot <domain> --mode acpi" instead of reboot.

KVM Error: 'KVM_SET_DEVICE_ATTR failed: Group 4 attr 0x00000000000001'

Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1509712671-16299-1-git-send-email-shankerd@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_its_kvm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index 39903d5..9b00ce5 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -111,13 +111,13 @@ static void kvm_arm_its_realize(DeviceState *dev, Error **errp)
             error_free(s->migration_blocker);
             return;
         }
+    } else {
+        qemu_add_vm_change_state_handler(vm_change_state_handler, s);
     }
 
     kvm_msi_use_devid = true;
     kvm_gsi_direct_mapping = false;
     kvm_msi_via_irqfd_allowed = kvm_irqfds_enabled();
-
-    qemu_add_vm_change_state_handler(vm_change_state_handler, s);
 }
 
 /**
-- 
2.7.4

[Qemu-devel] [PULL 7/7] hw/intc/arm_gicv3_its: Don't abort on table save failure

[Peter Maydell]

From: Eric Auger <eric.auger@redhat.com>

The ITS is not fully properly reset at the moment. Caches are
not emptied.

After a reset, in case we attempt to save the state before
the bound devices have registered their MSIs and after the
1st level table has been allocated by the ITS driver
(device BASER is valid), the first level entries are still
invalid. If the device cache is not empty (devices registered
before the reset), vgic_its_save_device_tables fails with -EINVAL.
This causes a QEMU abort().

Cc: qemu-stable@nongnu.org
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: wanghaibin <wanghaibin.wang@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_its_kvm.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index 9b00ce5..6fb45df 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -64,20 +64,16 @@ static void vm_change_state_handler(void *opaque, int running,
 {
     GICv3ITSState *s = (GICv3ITSState *)opaque;
     Error *err = NULL;
-    int ret;
 
     if (running) {
         return;
     }
 
-    ret = kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
-                            KVM_DEV_ARM_ITS_SAVE_TABLES, NULL, true, &err);
+    kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
+                      KVM_DEV_ARM_ITS_SAVE_TABLES, NULL, true, &err);
     if (err) {
         error_report_err(err);
     }
-    if (ret < 0 && ret != -EFAULT) {
-        abort();
-    }
 }
 
 static void kvm_arm_its_realize(DeviceState *dev, Error **errp)
-- 
2.7.4

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 7 November 2017 at 13:35, Peter Maydell <peter.maydell@linaro.org> wrote:
> A small set of arm bugfixes for rc0.
>
>
>
> The following changes since commit 5853e92207193e967abf5e4c25b4a551c7604725:
>
>   Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20171107' into staging (2017-11-07 12:19:48 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171107
>
> for you to fetch changes up to 8a7348b5d62d7ea16807e6bea54b448a0184bb0f:
>
>   hw/intc/arm_gicv3_its: Don't abort on table save failure (2017-11-07 13:03:52 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * arm_gicv3_its: Don't abort on table save failure
>  * arm_gicv3_its: Fix the VM termination in vm_change_state_handler()
>  * translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD
>  * hw/arm: Mark the "fsl,imx31/25/6" devices with user_creatable = false
>  * arm: implement cache/shareability attribute bits for PAR registers
>
> ----------------------------------------------------------------
> Andrew Baumann (1):
>       arm: implement cache/shareability attribute bits for PAR registers
>
> Eric Auger (1):
>       hw/intc/arm_gicv3_its: Don't abort on table save failure
>
> Peter Maydell (1):
>       translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD
>
> Shanker Donthineni (1):
>       hw/intc/arm_gicv3_its: Fix the VM termination in vm_change_state_handler()
>
> Thomas Huth (3):
>       hw/arm: Mark the "fsl,imx6" device with user_creatable = false
>       hw/arm: Mark the "fsl,imx25" device with user_creatable = false
>       hw/arm: Mark the "fsl,imx31" device with user_creatable = false

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 31 July 2017 at 13:22, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM queue for 2.10: all M profile bugfixes...
>
> thanks
> -- PMM
>
> The following changes since commit 25dd0e77898c3e10796d4cbeb35e8af5ba6ce975:
>
>   Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging (2017-07-31 11:27:43 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170731
>
> for you to fetch changes up to 89cbc3778a3d61761e2231e740269218c9a8a41d:
>
>   hw/mps2_scc: fix incorrect properties (2017-07-31 13:11:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fix broken properties on MPS2 SCC device
>  * fix MPU trace handling of write vs exec
>  * fix MPU M profile bugs:
>    - not handling system space or PPB region correctly
>    - not resetting state
>    - not migrating MPU_RNR
>
> ----------------------------------------------------------------
> Peter Maydell (6):
>       target/arm: Correct MPU trace handling of write vs execute
>       target/arm: Don't do MPU lookups for addresses in M profile PPB region
>       target/arm: Don't allow guest to make System space executable for M profile
>       target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
>       target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
>       target/arm: Migrate MPU_RNR register state for M profile cores
>
> Philippe Mathieu-Daudé (1):
>       hw/mps2_scc: fix incorrect properties

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

ARM queue for 2.10: all M profile bugfixes...

thanks
-- PMM

The following changes since commit 25dd0e77898c3e10796d4cbeb35e8af5ba6ce975:

  Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging (2017-07-31 11:27:43 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170731

for you to fetch changes up to 89cbc3778a3d61761e2231e740269218c9a8a41d:

  hw/mps2_scc: fix incorrect properties (2017-07-31 13:11:56 +0100)

----------------------------------------------------------------
target-arm queue:
 * fix broken properties on MPS2 SCC device
 * fix MPU trace handling of write vs exec
 * fix MPU M profile bugs:
   - not handling system space or PPB region correctly
   - not resetting state
   - not migrating MPU_RNR

----------------------------------------------------------------
Peter Maydell (6):
      target/arm: Correct MPU trace handling of write vs execute
      target/arm: Don't do MPU lookups for addresses in M profile PPB region
      target/arm: Don't allow guest to make System space executable for M profile
      target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
      target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
      target/arm: Migrate MPU_RNR register state for M profile cores

Philippe Mathieu-Daudé (1):
      hw/mps2_scc: fix incorrect properties

 target/arm/cpu.h      |  3 +--
 hw/intc/armv7m_nvic.c | 14 +++++-----
 hw/misc/mps2-scc.c    |  4 +--
 target/arm/cpu.c      | 14 ++++++++++
 target/arm/helper.c   | 71 ++++++++++++++++++++++++++++++++++-----------------
 target/arm/machine.c  | 30 +++++++++++++++++++++-
 6 files changed, 101 insertions(+), 35 deletions(-)

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 10 November 2015 at 17:12, Peter Crosthwaite
<crosthwaitepeter@gmail.com> wrote:
> On Tue, Nov 10, 2015 at 8:38 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 10 November 2015 at 13:51, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> A small set of ARM patches, notably fixing bugs in breakpoint
>>> and singlestep code, and repairing the long-broken highbank model.
>>>
>>> The only other ARM thing I have on my radar for 2.5 is the Zynq
>>> ADC controller, which I'll send separately if it makes it before
>>> the freeze deadline.
>>>
>
> It is on list I think. I don't see further review:
>
> [PATCH for-2.5 v4 1/1] hw/misc: Add support for ADC controller in
> Xilinx Zynq 7000

Ah yes, found it -- not sure why my search didn't turn it up earlier.

thanks
-- PMM

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Crosthwaite]

On Tue, Nov 10, 2015 at 8:38 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 10 November 2015 at 13:51, Peter Maydell <peter.maydell@linaro.org> wrote:
>> A small set of ARM patches, notably fixing bugs in breakpoint
>> and singlestep code, and repairing the long-broken highbank model.
>>
>> The only other ARM thing I have on my radar for 2.5 is the Zynq
>> ADC controller, which I'll send separately if it makes it before
>> the freeze deadline.
>>

It is on list I think. I don't see further review:

[PATCH for-2.5 v4 1/1] hw/misc: Add support for ADC controller in
Xilinx Zynq 7000

Regards,
Peter

>> thanks
>> -- PMM
>>
>> The following changes since commit a8b4f9585a0bf5186fca793ce2c5d754cd8ec49a:
>>
>>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' into staging (2015-11-10 09:39:24 +0000)
>>
>> are available in the git repository at:
>>
>>
>>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151110
>>
>> for you to fetch changes up to 577bf808958d06497928c639efaa473bf8c5e099:
>>
>>   target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code (2015-11-10 13:37:33 +0000)
>>
>> ----------------------------------------------------------------
>> target-arm queue:
>>  * fix bugs in gdb singlestep handling and breakpoints
>>  * minor code cleanup in arm_gic
>>  * clean up error messages in hw/arm/virt
>>  * fix highbank kernel booting by adding a board-setup blob
>>
>
> Applied, thanks.
>
> -- PMM
>

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 10 November 2015 at 13:51, Peter Maydell <peter.maydell@linaro.org> wrote:
> A small set of ARM patches, notably fixing bugs in breakpoint
> and singlestep code, and repairing the long-broken highbank model.
>
> The only other ARM thing I have on my radar for 2.5 is the Zynq
> ADC controller, which I'll send separately if it makes it before
> the freeze deadline.
>
> thanks
> -- PMM
>
> The following changes since commit a8b4f9585a0bf5186fca793ce2c5d754cd8ec49a:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' into staging (2015-11-10 09:39:24 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151110
>
> for you to fetch changes up to 577bf808958d06497928c639efaa473bf8c5e099:
>
>   target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code (2015-11-10 13:37:33 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fix bugs in gdb singlestep handling and breakpoints
>  * minor code cleanup in arm_gic
>  * clean up error messages in hw/arm/virt
>  * fix highbank kernel booting by adding a board-setup blob
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

A small set of ARM patches, notably fixing bugs in breakpoint
and singlestep code, and repairing the long-broken highbank model.

The only other ARM thing I have on my radar for 2.5 is the Zynq
ADC controller, which I'll send separately if it makes it before
the freeze deadline.

thanks
-- PMM

The following changes since commit a8b4f9585a0bf5186fca793ce2c5d754cd8ec49a:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' into staging (2015-11-10 09:39:24 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151110

for you to fetch changes up to 577bf808958d06497928c639efaa473bf8c5e099:

  target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code (2015-11-10 13:37:33 +0000)

----------------------------------------------------------------
target-arm queue:
 * fix bugs in gdb singlestep handling and breakpoints
 * minor code cleanup in arm_gic
 * clean up error messages in hw/arm/virt
 * fix highbank kernel booting by adding a board-setup blob

----------------------------------------------------------------
Andrew Jones (1):
      hw/arm/virt: error_report cleanups

Peter Crosthwaite (3):
      arm: boot: Add secure_board_setup flag
      arm: highbank: Defeature CPU override
      arm: highbank: Implement PSCI and dummy monitor

Sergey Fedorov (2):
      target-arm: Fix gdb singlestep handling in arm_debug_excp_handler()
      target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code

Wei Huang (1):
      hw/intc/arm_gic: Remove the definition of NUM_CPU

 hw/arm/boot.c          | 10 +++++-
 hw/arm/highbank.c      | 91 +++++++++++++++++++++++++++++++++++++-------------
 hw/arm/virt.c          | 10 +++---
 hw/intc/arm_gic.c      |  8 ++---
 include/hw/arm/arm.h   |  6 ++++
 target-arm/op_helper.c |  8 ++++-
 target-arm/translate.c | 25 ++++++++------
 7 files changed, 111 insertions(+), 47 deletions(-)

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 23 September 2015 at 17:31, Peter Maydell <peter.maydell@linaro.org> wrote:
> Try number 2 with format string fix...
>
> -- PMM
>
> The following changes since commit fefa4b128de06cec6d513f00ee61e8208aed4a87:
>
>   Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150923.0' into staging (2015-09-23 21:39:46 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150924
>
> for you to fetch changes up to 85b4d5dae12580ecdd446c0f71afa04a95641c91:
>
>   MAINTAINERS: update Allwinner A10 maintainer (2015-09-24 01:29:37 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * support VGICv3 in KVM
>  * fix bug in ACPI table entries for flash devices in virt board
>  * update Allwinner entry in MAINTAINERS
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Pavel Fedin]

 Hello!

 Thank you very much for your support and cooperation. I am back from my vacation and continuing my
work on live migration. Actually i already have working code, but need to settle down kernel API
first.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

Try number 2 with format string fix...

-- PMM

The following changes since commit fefa4b128de06cec6d513f00ee61e8208aed4a87:

  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150923.0' into staging (2015-09-23 21:39:46 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150924

for you to fetch changes up to 85b4d5dae12580ecdd446c0f71afa04a95641c91:

  MAINTAINERS: update Allwinner A10 maintainer (2015-09-24 01:29:37 +0100)

----------------------------------------------------------------
target-arm queue:
 * support VGICv3 in KVM
 * fix bug in ACPI table entries for flash devices in virt board
 * update Allwinner entry in MAINTAINERS

----------------------------------------------------------------
Beniamino Galvani (1):
      MAINTAINERS: update Allwinner A10 maintainer

Pavel Fedin (4):
      intc/gic: Extract some reusable vGIC code
      arm_kvm: Do not assume particular GIC type in kvm_arch_irqchip_create()
      hw/intc: Initial implementation of vGICv3
      hw/arm/virt: Add gic-version option to virt machine

Shannon Zhao (1):
      hw/arm/virt-acpi-build: Fix wrong size of flash in ACPI table

Shlomo Pongratz (1):
      hw/intc: Implement GIC-500 base class

 MAINTAINERS                        |   6 +-
 hw/arm/virt-acpi-build.c           |  56 ++++++++------
 hw/arm/virt.c                      | 124 ++++++++++++++++++++++++------
 hw/intc/Makefile.objs              |   2 +
 hw/intc/arm_gic_kvm.c              |  98 ++++++++----------------
 hw/intc/arm_gicv3_common.c         | 140 ++++++++++++++++++++++++++++++++++
 hw/intc/arm_gicv3_kvm.c            | 149 +++++++++++++++++++++++++++++++++++++
 hw/intc/vgic_common.h              |  35 +++++++++
 include/hw/acpi/acpi-defs.h        |   9 +++
 include/hw/arm/virt-acpi-build.h   |   1 +
 include/hw/arm/virt.h              |   4 +-
 include/hw/intc/arm_gicv3_common.h |  68 +++++++++++++++++
 include/sysemu/kvm.h               |  26 +++++++
 kvm-all.c                          |  34 +++++++++
 target-arm/kvm.c                   |  19 +++--
 target-arm/kvm_arm.h               |  19 +++++
 target-arm/machine.c               |  18 +++++
 17 files changed, 686 insertions(+), 122 deletions(-)
 create mode 100644 hw/intc/arm_gicv3_common.c
 create mode 100644 hw/intc/arm_gicv3_kvm.c
 create mode 100644 hw/intc/vgic_common.h
 create mode 100644 include/hw/intc/arm_gicv3_common.h

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 23 September 2015 at 14:43, Peter Maydell <peter.maydell@linaro.org> wrote:
> A small pullreq, but I don't have anything else pending and I wanted
> to get the GICv3 patches in this week.
>
> -- PMM
>
>
> The following changes since commit 684bb5770ec5d72a66620f64fc5d9672bf8d3509:
>
>   Merge remote-tracking branch 'remotes/dgibson/tags/spapr-next-20150923' into staging (2015-09-23 16:52:54 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150923-1
>
> for you to fetch changes up to 5d23e959fc6c8604d3c19b39b71c5a1effb2c347:
>
>   MAINTAINERS: update Allwinner A10 maintainer (2015-09-23 22:37:40 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * support VGICv3 in KVM
>  * fix bug in ACPI table entries for flash devices in virt board
>  * update Allwinner entry in MAINTAINERS
>
> ----------------------------------------------------------------

Minor fixup required to get it to compile on 32-bit:

--- a/kvm-all.c
+++ b/kvm-all.c
@@ -2036,7 +2036,7 @@ void kvm_device_access(int fd, int group, uint64_t attr,
                            &kvmattr);
     if (err < 0) {
         error_report("KVM_%s_DEVICE_ATTR failed: %s\n"
-                     "Group %d attr 0x%016zX", write ? "SET" : "GET",
+                     "Group %d attr 0x%016" PRIx64 , write ? "SET" : "GET",
                      strerror(-err), group, attr);
         abort();
     }


-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

A small pullreq, but I don't have anything else pending and I wanted
to get the GICv3 patches in this week.

-- PMM


The following changes since commit 684bb5770ec5d72a66620f64fc5d9672bf8d3509:

  Merge remote-tracking branch 'remotes/dgibson/tags/spapr-next-20150923' into staging (2015-09-23 16:52:54 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150923-1

for you to fetch changes up to 5d23e959fc6c8604d3c19b39b71c5a1effb2c347:

  MAINTAINERS: update Allwinner A10 maintainer (2015-09-23 22:37:40 +0100)

----------------------------------------------------------------
target-arm queue:
 * support VGICv3 in KVM
 * fix bug in ACPI table entries for flash devices in virt board
 * update Allwinner entry in MAINTAINERS

----------------------------------------------------------------
Beniamino Galvani (1):
      MAINTAINERS: update Allwinner A10 maintainer

Pavel Fedin (4):
      intc/gic: Extract some reusable vGIC code
      arm_kvm: Do not assume particular GIC type in kvm_arch_irqchip_create()
      hw/intc: Initial implementation of vGICv3
      hw/arm/virt: Add gic-version option to virt machine

Shannon Zhao (1):
      hw/arm/virt-acpi-build: Fix wrong size of flash in ACPI table

Shlomo Pongratz (1):
      hw/intc: Implement GIC-500 base class

 MAINTAINERS                        |   6 +-
 hw/arm/virt-acpi-build.c           |  56 ++++++++------
 hw/arm/virt.c                      | 124 ++++++++++++++++++++++++------
 hw/intc/Makefile.objs              |   2 +
 hw/intc/arm_gic_kvm.c              |  98 ++++++++----------------
 hw/intc/arm_gicv3_common.c         | 140 ++++++++++++++++++++++++++++++++++
 hw/intc/arm_gicv3_kvm.c            | 149 +++++++++++++++++++++++++++++++++++++
 hw/intc/vgic_common.h              |  35 +++++++++
 include/hw/acpi/acpi-defs.h        |   9 +++
 include/hw/arm/virt-acpi-build.h   |   1 +
 include/hw/arm/virt.h              |   4 +-
 include/hw/intc/arm_gicv3_common.h |  68 +++++++++++++++++
 include/sysemu/kvm.h               |  26 +++++++
 kvm-all.c                          |  34 +++++++++
 target-arm/kvm.c                   |  19 +++--
 target-arm/kvm_arm.h               |  19 +++++
 target-arm/machine.c               |  18 +++++
 17 files changed, 686 insertions(+), 122 deletions(-)
 create mode 100644 hw/intc/arm_gicv3_common.c
 create mode 100644 hw/intc/arm_gicv3_kvm.c
 create mode 100644 hw/intc/vgic_common.h
 create mode 100644 include/hw/intc/arm_gicv3_common.h

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 6 July 2015 at 10:59, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue before hardfreeze: these are pretty much all
> bugfixes.
>
> -- PMM
>
> The following changes since commit f50a1640fb82708a5d528dee1ace42a224b95b15:
>
>   Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging (2015-07-05 20:35:47 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150706
>
> for you to fetch changes up to 257621a9566054472d1d55a819880d0f9da02bda:
>
>   arm_mptimer: Respect IT bit state (2015-07-06 10:26:35 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * TLBI ALLEI1IS should operate on all CPUs, not just this one
>  * Fix interval interrupt of cadence ttc in decrement mode
>  * Implement YIELD insn to yield in ARM and Thumb translators
>  * ARM GIC: reset all registers
>  * arm_mptimer: fix timer shutdown and mode change
>  * arm_mptimer: respect IT bit state

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

target-arm queue before hardfreeze: these are pretty much all
bugfixes.

-- PMM

The following changes since commit f50a1640fb82708a5d528dee1ace42a224b95b15:

  Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging (2015-07-05 20:35:47 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150706

for you to fetch changes up to 257621a9566054472d1d55a819880d0f9da02bda:

  arm_mptimer: Respect IT bit state (2015-07-06 10:26:35 +0100)

----------------------------------------------------------------
target-arm queue:
 * TLBI ALLEI1IS should operate on all CPUs, not just this one
 * Fix interval interrupt of cadence ttc in decrement mode
 * Implement YIELD insn to yield in ARM and Thumb translators
 * ARM GIC: reset all registers
 * arm_mptimer: fix timer shutdown and mode change
 * arm_mptimer: respect IT bit state

----------------------------------------------------------------
Dmitry Osipenko (2):
      arm_mptimer: Fix timer shutdown and mode change
      arm_mptimer: Respect IT bit state

Johannes Schlatow (1):
      Fix interval interrupt of cadence ttc when timer is in decrement mode

Peter Maydell (3):
      target-arm: Split DISAS_YIELD from DISAS_WFE
      target-arm: Implement YIELD insn to yield in ARM and Thumb translators
      hw/intc/arm_gic_common.c: Reset all registers

Sergey Fedorov (1):
      target-arm: fix write helper for TLBI ALLE1IS

 hw/intc/arm_gic_common.c   | 21 ++++++++++++++++++---
 hw/timer/arm_mptimer.c     | 13 ++++++++++---
 hw/timer/cadence_ttc.c     |  9 ++++-----
 target-arm/helper.c        |  2 +-
 target-arm/helper.h        |  1 +
 target-arm/op_helper.c     | 18 +++++++++++++++---
 target-arm/translate-a64.c |  6 ++++++
 target-arm/translate.c     |  7 +++++++
 target-arm/translate.h     |  1 +
 9 files changed, 63 insertions(+), 15 deletions(-)

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 26 June 2015 at 14:31, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: a few new features, but all minor stuff.
>
> thanks
> -- PMM
>
>
> The following changes since commit ccb0c7e122db72d3a5da798c6414d4912bba828f:
>
>   Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150626' into staging (2015-06-26 11:32:58 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150626
>
> for you to fetch changes up to 4e2c0b2a4ab810c8989e181a010e75aeaa1c55f3:
>
>   hw/arm/virt: Make block devices default to virtio (2015-06-26 14:22:37 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Change the virt board's default interface type for block devices to virtio
>  * Improve some error messages that will now be triggered by some incorrect
>    but previously worked-by-accident command lines
>  * Print ELR if we're doing debug logging of AArch64 exception entry
>  * Handle the "completely empty semihosting commandline" correctly for
>    softmmu (we already did for linux-user)
>  * Add GICv2m description to ACPI tables for virt board
>  * Fix some incorrect table revision entries in virt board ACPI tables
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

target-arm queue: a few new features, but all minor stuff.

thanks
-- PMM


The following changes since commit ccb0c7e122db72d3a5da798c6414d4912bba828f:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150626' into staging (2015-06-26 11:32:58 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150626

for you to fetch changes up to 4e2c0b2a4ab810c8989e181a010e75aeaa1c55f3:

  hw/arm/virt: Make block devices default to virtio (2015-06-26 14:22:37 +0100)

----------------------------------------------------------------
target-arm queue:
 * Change the virt board's default interface type for block devices to virtio
 * Improve some error messages that will now be triggered by some incorrect
   but previously worked-by-accident command lines
 * Print ELR if we're doing debug logging of AArch64 exception entry
 * Handle the "completely empty semihosting commandline" correctly for
   softmmu (we already did for linux-user)
 * Add GICv2m description to ACPI tables for virt board
 * Fix some incorrect table revision entries in virt board ACPI tables

----------------------------------------------------------------
Liviu Ionescu (1):
      target-arm: default empty semihosting cmdline

Peter Maydell (3):
      qdev-properties-system: Change set_pointer's parse callback to use Error
      qdev-properties-system: Improve error message for drive assignment conflict
      hw/arm/virt: Make block devices default to virtio

Shannon Zhao (2):
      hw/arm/virt-acpi-build: Fix table revision and some comments
      hw/arm/virt-acpi-build: Add GICv2m description in ACPI MADT table

Soren Brinkmann (1):
      target-arm: A64: Print ELR when taking exceptions

 hw/arm/virt-acpi-build.c         | 22 ++++++++++++++++-----
 hw/arm/virt.c                    |  2 ++
 hw/core/qdev-properties-system.c | 42 +++++++++++++++++++++++++++-------------
 include/hw/acpi/acpi-defs.h      | 12 ++++++++++++
 target-arm/arm-semi.c            | 11 +++++++++--
 target-arm/helper-a64.c          |  2 ++
 6 files changed, 71 insertions(+), 20 deletions(-)

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 16 March 2015 at 12:40, Peter Maydell <peter.maydell@linaro.org> wrote:
> Last batch of bugfixes before hardfreeze...
>
> -- PMM
>
> The following changes since commit f421f05754ac5aabe15f12051390204116408b00:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-1.8.1-20150316-1' into staging (2015-03-16 10:58:11 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150316
>
> for you to fetch changes up to b8d43285a4db12156c40ba6fdbd8002c383fcbca:
>
>   linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs (2015-03-16 12:30:47 +0000)

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

Last batch of bugfixes before hardfreeze...

-- PMM

The following changes since commit f421f05754ac5aabe15f12051390204116408b00:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-seabios-1.8.1-20150316-1' into staging (2015-03-16 10:58:11 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150316

for you to fetch changes up to b8d43285a4db12156c40ba6fdbd8002c383fcbca:

  linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs (2015-03-16 12:30:47 +0000)

----------------------------------------------------------------
target-arm queue:
 * fix handling of execute-never bits in page table walks
 * tell kernel to initialize KVM GIC in realize function
 * fix handling of STM (user) with r15 in register list
 * ignore low bit of PC in M-profile exception return
 * fix linux-user get/set_tls syscalls on CPUs with TZ

----------------------------------------------------------------
Andrew Jones (3):
      target-arm: convert check_ap to ap_to_rw_prot
      target-arm: fix get_phys_addr_v6/SCTLR_AFE access check
      target-arm: get_phys_addr_lpae: more xn control

Eric Auger (1):
      hw/intc/arm_gic: Initialize the vgic in the realize function

Mikhail Ilyin (1):
      linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs

Peter Maydell (2):
      target-arm: Fix handling of STM (user) with r15 in register list
      target-arm: Ignore low bit of PC in M-profile exception return

 hw/intc/arm_gic_kvm.c       |   7 ++
 linux-user/arm/target_cpu.h |  15 ++-
 linux-user/main.c           |   2 +-
 target-arm/helper.c         | 222 ++++++++++++++++++++++++++++++++------------
 target-arm/translate.c      |  18 ++--
 5 files changed, 197 insertions(+), 67 deletions(-)

Re: [Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

On 4 November 2014 12:30, Peter Maydell <peter.maydell@linaro.org> wrote:
> Last handful of patches before hardfreeze; these are just
> refactoring/cleanup, but I'd like to get them in to avoid
> clashes and merge conflicts with other series like TZ.
>
> thanks
> -- PMM
>
> The following changes since commit 949ca9e479c381a63ddb257adca1a6f0c44d898e:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-11-03 22:51:08 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20141104
>
> for you to fetch changes up to 9fae24f55496ea178e9e8e351f82a02f34ddaf4d:
>
>   target-arm: Correct condition for taking VIRQ and VFIQ (2014-11-04 12:05:23 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * avoid passing CPU env pointer around in A32/T32 decoders
>  * split M profile exception masking out from A/R profile
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

Last handful of patches before hardfreeze; these are just
refactoring/cleanup, but I'd like to get them in to avoid
clashes and merge conflicts with other series like TZ.

thanks
-- PMM

The following changes since commit 949ca9e479c381a63ddb257adca1a6f0c44d898e:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-11-03 22:51:08 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20141104

for you to fetch changes up to 9fae24f55496ea178e9e8e351f82a02f34ddaf4d:

  target-arm: Correct condition for taking VIRQ and VFIQ (2014-11-04 12:05:23 +0000)

----------------------------------------------------------------
target-arm queue:
 * avoid passing CPU env pointer around in A32/T32 decoders
 * split M profile exception masking out from A/R profile

----------------------------------------------------------------
Peter Maydell (7):
      target-arm/translate.c: Use arm_dc_feature() in ENABLE_ARCH_ macros
      target-arm/translate.c: Use arm_dc_feature() rather than arm_feature()
      target-arm/translate.c: Don't use IS_M()
      target-arm/translate.c: Don't pass CPUARMState around in the decoder
      target-arm/translate.c: Don't pass CPUARMState * to disas_arm_insn()
      target-arm: Separate out M profile cpu_exec_interrupt handling
      target-arm: Correct condition for taking VIRQ and VFIQ

 target-arm/cpu.c       |  49 +++++++--
 target-arm/cpu.h       |  20 +---
 target-arm/translate.c | 280 +++++++++++++++++++++++++++----------------------
 3 files changed, 197 insertions(+), 152 deletions(-)

[Qemu-devel] [PULL 0/7] target-arm queue

[Peter Maydell]

Hi; these are the pending target-arm patches I'd like to get in for 1.0;
a couple of minor ones plus the A15 insn work. Please pull.

PS: I'm not sure who the best person to cc on target-arm pull requests
is; any suggestions?

thanks
-- PMM

The following changes since commit cfce6d8934243871c4dc6d0c5248b0b27a1b8d80:

  i8259: Move to hw library (2011-10-16 11:11:56 +0000)

are available in the git repository at:
  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

Christophe LYON (1):
      rsqrte_f32: No need to copy sign bit.

Dmitry Koshelev (1):
      target-arm/machine.c: Restore VFP registers correctly

Peter Maydell (5):
      target-arm: v6 media multiply space: UNDEF on unassigned encodings
      target-arm: Rename ARM_FEATURE_DIV to _THUMB_DIV
      target-arm: Add ARM UDIV/SDIV support
      softfloat: Implement fused multiply-add
      target-arm: Implement VFPv4 fused multiply-accumulate insns

 fpu/softfloat-specialize.h |  178 ++++++++++++++++++
 fpu/softfloat.c            |  427 ++++++++++++++++++++++++++++++++++++++++++++
 fpu/softfloat.h            |   14 ++
 target-arm/cpu.h           |    4 +-
 target-arm/helper.c        |   24 ++-
 target-arm/helper.h        |    3 +
 target-arm/machine.c       |    2 +-
 target-arm/translate.c     |  118 ++++++++++++-
 8 files changed, 759 insertions(+), 11 deletions(-)