[Qemu-devel] [PULL 00/19] target-arm queue

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

First arm pullreq of the 2.13 cycle!

-- PMM

The following changes since commit 4743c23509a51bd4ee85cc272287a41917d1be35:

  Update version for v2.12.0 release (2018-04-24 16:44:55 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180426

for you to fetch changes up to fbf32752663878947de455ff57cb5b9318f14bec:

  xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo (2018-04-26 11:04:40 +0100)

----------------------------------------------------------------
target-arm queue:
 * xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo
 * timer/aspeed: fix vmstate version id
 * hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM
 * hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'
 * hw/arm/highbank: don't make sysram 'nomigrate'
 * hw/arm/raspi: Don't bother setting default_cpu_type
 * PMU emulation: some minor bugfixes and preparation for
   support of other events than just the cycle counter
 * target/arm: Use v7m_stack_read() for reading the frame signature
 * target/arm: Remove stale TODO comment
 * arm: always start from first_cpu when registering loader cpu reset callback
 * device_tree: Increase FDT_MAX_SIZE to 1 MiB

----------------------------------------------------------------
Aaron Lindsay (9):
      target/arm: Check PMCNTEN for whether PMCCNTR is enabled
      target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0
      target/arm: Mask PMU register writes based on PMCR_EL0.N
      target/arm: Fetch GICv3 state directly from CPUARMState
      target/arm: Support multiple EL change hooks
      target/arm: Add pre-EL change hooks
      target/arm: Allow EL change hooks to do IO
      target/arm: Fix bitmask for PMCCFILTR writes
      target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide

Cédric Le Goater (1):
      timer/aspeed: fix vmstate version id

Geert Uytterhoeven (1):
      device_tree: Increase FDT_MAX_SIZE to 1 MiB

Igor Mammedov (1):
      arm: always start from first_cpu when registering loader cpu reset callback

Peter Maydell (6):
      target/arm: Remove stale TODO comment
      target/arm: Use v7m_stack_read() for reading the frame signature
      hw/arm/raspi: Don't bother setting default_cpu_type
      hw/arm/highbank: don't make sysram 'nomigrate'
      hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'
      hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM

Sai Pavan Boddu (1):
      xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo

 target/arm/cpu.h           | 48 +++++++++++++++++-------------
 target/arm/internals.h     | 14 +++++++--
 device_tree.c              |  2 +-
 hw/arm/aspeed.c            |  2 +-
 hw/arm/aspeed_soc.c        |  3 +-
 hw/arm/boot.c              |  2 +-
 hw/arm/highbank.c          |  2 +-
 hw/arm/raspi.c             |  2 --
 hw/intc/arm_gicv3_cpuif.c  | 10 ++-----
 hw/ssi/xilinx_spips.c      |  3 +-
 hw/timer/aspeed_timer.c    |  2 +-
 target/arm/cpu.c           | 37 +++++++++++++++++++----
 target/arm/helper.c        | 73 ++++++++++++++++++++++++++--------------------
 target/arm/op_helper.c     |  8 +++++
 target/arm/translate-a64.c |  6 ++++
 target/arm/translate.c     | 12 ++++++++
 16 files changed, 148 insertions(+), 78 deletions(-)

[Qemu-devel] [PULL 01/19] device_tree: Increase FDT_MAX_SIZE to 1 MiB

[Peter Maydell]

From: Geert Uytterhoeven <geert+renesas@glider.be>

It is not uncommon for a contemporary FDT to be larger than 64 KiB,
leading to failures loading the device tree from sysfs:

    qemu-system-aarch64: qemu_fdt_setprop: Couldn't set ...: FDT_ERR_NOSPACE

Hence increase the limit to 1 MiB, like on PPC.

For reference, the largest arm64 DTB created from the Linux sources is
ca. 75 KiB large (100 KiB when built with symbols/fixup support).

Cc: qemu-stable@nongnu.org
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Message-id: 1523541337-23919-1-git-send-email-geert+renesas@glider.be
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 device_tree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device_tree.c b/device_tree.c
index 19458b32bf..52c3358a55 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -29,7 +29,7 @@
 
 #include <libfdt.h>
 
-#define FDT_MAX_SIZE  0x10000
+#define FDT_MAX_SIZE  0x100000
 
 void *create_device_tree(int *sizep)
 {
-- 
2.17.0

[Qemu-devel] [PULL 02/19] arm: always start from first_cpu when registering loader cpu reset callback

[Peter Maydell]

From: Igor Mammedov <imammedo@redhat.com>

if arm_load_kernel() were passed non first_cpu, QEMU would end up
with partially set do_cpu_reset() callback leaving some CPUs without it.

Make sure that do_cpu_reset() is registered for all CPUs by enumerating
CPUs from first_cpu.

(In practice every board that we have was passing us the first CPU
as the boot CPU, either directly or indirectly, so this wasn't
causing incorrect behaviour.)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added a note that this isn't a behaviour change]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 26184bcd7c..9ae6ab2689 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -1188,7 +1188,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
      * actually loading a kernel, the handler is also responsible for
      * arranging that we start it correctly.
      */
-    for (cs = CPU(cpu); cs; cs = CPU_NEXT(cs)) {
+    for (cs = first_cpu; cs; cs = CPU_NEXT(cs)) {
         qemu_register_reset(do_cpu_reset, ARM_CPU(cs));
     }
 }
-- 
2.17.0

[Qemu-devel] [PULL 03/19] target/arm: Remove stale TODO comment

[Peter Maydell]

Remove a stale TODO comment -- we have now made the arm_ldl_ptw()
and arm_ldq_ptw() functions propagate physical memory read errors
out to their callers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180419142151.9862-1-peter.maydell@linaro.org
---
 target/arm/helper.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index b14fdab140..3ad0371aeb 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8680,13 +8680,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
     return addr;
 }
 
-/* All loads done in the course of a page table walk go through here.
- * TODO: rather than ignoring errors from physical memory reads (which
- * are external aborts in ARM terminology) we should propagate this
- * error out so that we can turn it into a Data Abort if this walk
- * was being done for a CPU load/store or an address translation instruction
- * (but not if it was for a debug access).
- */
+/* All loads done in the course of a page table walk go through here. */
 static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
                             ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
 {
-- 
2.17.0

[Qemu-devel] [PULL 04/19] target/arm: Use v7m_stack_read() for reading the frame signature

[Peter Maydell]

In commit 95695effe8caa552b8f2 we changed the v7M/v8M stack
pop code to use a new v7m_stack_read() function that checks
whether the read should fail due to an MPU or bus abort.
We missed one call though, the one which reads the signature
word for the callee-saved register part of the frame.

Correct the omission.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180419142106.9694-1-peter.maydell@linaro.org
---
 target/arm/helper.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3ad0371aeb..0fa02c31e1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6913,7 +6913,6 @@ static bool v7m_push_stack(ARMCPU *cpu)
 static void do_v7m_exception_exit(ARMCPU *cpu)
 {
     CPUARMState *env = &cpu->env;
-    CPUState *cs = CPU(cpu);
     uint32_t excret;
     uint32_t xpsr;
     bool ufault = false;
@@ -7112,9 +7111,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
             ((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
              (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
             uint32_t expected_sig = 0xfefa125b;
-            uint32_t actual_sig = ldl_phys(cs->as, frameptr);
+            uint32_t actual_sig;
 
-            if (expected_sig != actual_sig) {
+            pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx);
+
+            if (pop_ok && expected_sig != actual_sig) {
                 /* Take a SecureFault on the current stack */
                 env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
                 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
@@ -7125,7 +7126,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
                 return;
             }
 
-            pop_ok =
+            pop_ok = pop_ok &&
                 v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
                 v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
                 v7m_stack_read(cpu, &env->regs[5], frameptr + 0xc, mmu_idx) &&
-- 
2.17.0

[Qemu-devel] [PULL 05/19] target/arm: Check PMCNTEN for whether PMCCNTR is enabled

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1523997485-1905-2-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0fa02c31e1..1526724d64 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -994,7 +994,7 @@ static inline bool arm_ccnt_enabled(CPUARMState *env)
 {
     /* This does not support checking PMCCFILTR_EL0 register */
 
-    if (!(env->cp15.c9_pmcr & PMCRE)) {
+    if (!(env->cp15.c9_pmcr & PMCRE) || !(env->cp15.c9_pmcnten & (1 << 31))) {
         return false;
     }
 
-- 
2.17.0

[Qemu-devel] [PULL 06/19] target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

They share the same underlying state

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1523997485-1905-3-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1526724d64..7bf4afa719 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1318,7 +1318,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
       .writefn = pmselr_write, .raw_writefn = raw_write, },
     { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
-      .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
+      .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_ALIAS | ARM_CP_IO,
       .readfn = pmccntr_read, .writefn = pmccntr_write32,
       .accessfn = pmreg_access_ccntr },
     { .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
-- 
2.17.0

[Qemu-devel] [PULL 07/19] target/arm: Mask PMU register writes based on PMCR_EL0.N

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

This is in preparation for enabling counters other than PMCCNTR

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1523997485-1905-5-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7bf4afa719..3238aacaa6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -52,11 +52,6 @@ typedef struct V8M_SAttributes {
 static void v8m_security_lookup(CPUARMState *env, uint32_t address,
                                 MMUAccessType access_type, ARMMMUIdx mmu_idx,
                                 V8M_SAttributes *sattrs);
-
-/* Definitions for the PMCCNTR and PMCR registers */
-#define PMCRD   0x8
-#define PMCRC   0x4
-#define PMCRE   0x1
 #endif
 
 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
@@ -906,6 +901,24 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
     REGINFO_SENTINEL
 };
 
+/* Definitions for the PMU registers */
+#define PMCRN_MASK  0xf800
+#define PMCRN_SHIFT 11
+#define PMCRD   0x8
+#define PMCRC   0x4
+#define PMCRE   0x1
+
+static inline uint32_t pmu_num_counters(CPUARMState *env)
+{
+  return (env->cp15.c9_pmcr & PMCRN_MASK) >> PMCRN_SHIFT;
+}
+
+/* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */
+static inline uint64_t pmu_counter_mask(CPUARMState *env)
+{
+  return (1 << 31) | ((1 << pmu_num_counters(env)) - 1);
+}
+
 static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
                                    bool isread)
 {
@@ -1113,14 +1126,14 @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
                             uint64_t value)
 {
-    value &= (1 << 31);
+    value &= pmu_counter_mask(env);
     env->cp15.c9_pmcnten |= value;
 }
 
 static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                              uint64_t value)
 {
-    value &= (1 << 31);
+    value &= pmu_counter_mask(env);
     env->cp15.c9_pmcnten &= ~value;
 }
 
@@ -1168,14 +1181,14 @@ static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
                              uint64_t value)
 {
     /* We have no event counters so only the C bit can be changed */
-    value &= (1 << 31);
+    value &= pmu_counter_mask(env);
     env->cp15.c9_pminten |= value;
 }
 
 static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                              uint64_t value)
 {
-    value &= (1 << 31);
+    value &= pmu_counter_mask(env);
     env->cp15.c9_pminten &= ~value;
 }
 
-- 
2.17.0

[Qemu-devel] [PULL 08/19] target/arm: Fetch GICv3 state directly from CPUARMState

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

This eliminates the need for fetching it from el_change_hook_opaque, and
allows for supporting multiple el_change_hooks without having to hack
something together to find the registered opaque belonging to GICv3.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1523997485-1905-6-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h          | 10 ----------
 hw/intc/arm_gicv3_cpuif.c | 10 ++--------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 19a0c03f9b..6bd8ff5917 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2902,16 +2902,6 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
 void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
                                  void *opaque);
 
-/**
- * arm_get_el_change_hook_opaque:
- * Return the opaque data that will be used by the el_change_hook
- * for this CPU.
- */
-static inline void *arm_get_el_change_hook_opaque(ARMCPU *cpu)
-{
-    return cpu->el_change_hook_opaque;
-}
-
 /**
  * aa32_vfp_dreg:
  * Return a pointer to the Dn register within env in 32-bit mode.
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 26f5eeda94..cb9a3a542d 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -29,11 +29,7 @@ void gicv3_set_gicv3state(CPUState *cpu, GICv3CPUState *s)
 
 static GICv3CPUState *icc_cs_from_env(CPUARMState *env)
 {
-    /* Given the CPU, find the right GICv3CPUState struct.
-     * Since we registered the CPU interface with the EL change hook as
-     * the opaque pointer, we can just directly get from the CPU to it.
-     */
-    return arm_get_el_change_hook_opaque(arm_env_get_cpu(env));
+    return env->gicv3state;
 }
 
 static bool gicv3_use_ns_bank(CPUARMState *env)
@@ -2615,9 +2611,7 @@ void gicv3_init_cpuif(GICv3State *s)
          * it might be with code translated by CPU 0 but run by CPU 1, in
          * which case we'd get the wrong value.
          * So instead we define the regs with no ri->opaque info, and
-         * get back to the GICv3CPUState from the ARMCPU by reading back
-         * the opaque pointer from the el_change_hook, which we're going
-         * to need to register anyway.
+         * get back to the GICv3CPUState from the CPUARMState.
          */
         define_arm_cp_regs(cpu, gicv3_cpuif_reginfo);
         if (arm_feature(&cpu->env, ARM_FEATURE_EL2)
-- 
2.17.0

[Qemu-devel] [PULL 09/19] target/arm: Support multiple EL change hooks

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1523997485-1905-7-git-send-email-alindsay@codeaurora.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h       | 20 ++++++++++----------
 target/arm/internals.h |  7 ++++---
 target/arm/cpu.c       | 21 ++++++++++++++++-----
 3 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6bd8ff5917..b3def5afad 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -632,12 +632,17 @@ typedef struct CPUARMState {
 } CPUARMState;
 
 /**
- * ARMELChangeHook:
+ * ARMELChangeHookFn:
  * type of a function which can be registered via arm_register_el_change_hook()
  * to get callbacks when the CPU changes its exception level or mode.
  */
-typedef void ARMELChangeHook(ARMCPU *cpu, void *opaque);
-
+typedef void ARMELChangeHookFn(ARMCPU *cpu, void *opaque);
+typedef struct ARMELChangeHook ARMELChangeHook;
+struct ARMELChangeHook {
+    ARMELChangeHookFn *hook;
+    void *opaque;
+    QLIST_ENTRY(ARMELChangeHook) node;
+};
 
 /* These values map onto the return values for
  * QEMU_PSCI_0_2_FN_AFFINITY_INFO */
@@ -826,8 +831,7 @@ struct ARMCPU {
      */
     bool cfgend;
 
-    ARMELChangeHook *el_change_hook;
-    void *el_change_hook_opaque;
+    QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
 
     int32_t node_id; /* NUMA node this CPU belongs to */
 
@@ -2894,12 +2898,8 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
  * CPU changes exception level or mode. The hook function will be
  * passed a pointer to the ARMCPU and the opaque data pointer passed
  * to this function when the hook was registered.
- *
- * Note that we currently only support registering a single hook function,
- * and will assert if this function is called twice.
- * This facility is intended for the use of the GICv3 emulation.
  */
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
                                  void *opaque);
 
 /**
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 8ce944b7a0..6358c2ad5a 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -727,11 +727,12 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                                    int mmu_idx, MemTxAttrs attrs,
                                    MemTxResult response, uintptr_t retaddr);
 
-/* Call the EL change hook if one has been registered */
+/* Call any registered EL change hooks */
 static inline void arm_call_el_change_hook(ARMCPU *cpu)
 {
-    if (cpu->el_change_hook) {
-        cpu->el_change_hook(cpu, cpu->el_change_hook_opaque);
+    ARMELChangeHook *hook, *next;
+    QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
+        hook->hook(cpu, hook->opaque);
     }
 }
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 022d8c5787..1f689f6817 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -55,13 +55,15 @@ static bool arm_cpu_has_work(CPUState *cs)
          | CPU_INTERRUPT_EXITTB);
 }
 
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
                                  void *opaque)
 {
-    /* We currently only support registering a single hook function */
-    assert(!cpu->el_change_hook);
-    cpu->el_change_hook = hook;
-    cpu->el_change_hook_opaque = opaque;
+    ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1);
+
+    entry->hook = hook;
+    entry->opaque = opaque;
+
+    QLIST_INSERT_HEAD(&cpu->el_change_hooks, entry, node);
 }
 
 static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
@@ -552,6 +554,8 @@ static void arm_cpu_initfn(Object *obj)
     cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
                                          g_free, g_free);
 
+    QLIST_INIT(&cpu->el_change_hooks);
+
 #ifndef CONFIG_USER_ONLY
     /* Our inbound IRQ and FIQ lines */
     if (kvm_enabled()) {
@@ -713,7 +717,14 @@ static void arm_cpu_post_init(Object *obj)
 static void arm_cpu_finalizefn(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
+    ARMELChangeHook *hook, *next;
+
     g_hash_table_destroy(cpu->cp_regs);
+
+    QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
+        QLIST_REMOVE(hook, node);
+        g_free(hook);
+    }
 }
 
 static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
-- 
2.17.0

[Qemu-devel] [PULL 10/19] target/arm: Add pre-EL change hooks

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

Because the design of the PMU requires that the counter values be
converted between their delta and guest-visible forms for mode
filtering, an additional hook which occurs before the EL is changed is
necessary.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1523997485-1905-8-git-send-email-alindsay@codeaurora.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h       | 22 +++++++++++++++++++---
 target/arm/internals.h |  7 +++++++
 target/arm/cpu.c       | 16 ++++++++++++++++
 target/arm/helper.c    | 14 ++++++++------
 target/arm/op_helper.c |  8 ++++++++
 5 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b3def5afad..b9b47f4b22 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -831,6 +831,7 @@ struct ARMCPU {
      */
     bool cfgend;
 
+    QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks;
     QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
 
     int32_t node_id; /* NUMA node this CPU belongs to */
@@ -2893,14 +2894,29 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
 #endif
 
 /**
- * arm_register_el_change_hook:
- * Register a hook function which will be called back whenever this
+ * arm_register_pre_el_change_hook:
+ * Register a hook function which will be called immediately before this
  * CPU changes exception level or mode. The hook function will be
  * passed a pointer to the ARMCPU and the opaque data pointer passed
  * to this function when the hook was registered.
+ *
+ * Note that if a pre-change hook is called, any registered post-change hooks
+ * are guaranteed to subsequently be called.
  */
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
+void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
                                  void *opaque);
+/**
+ * arm_register_el_change_hook:
+ * Register a hook function which will be called immediately after this
+ * CPU changes exception level or mode. The hook function will be
+ * passed a pointer to the ARMCPU and the opaque data pointer passed
+ * to this function when the hook was registered.
+ *
+ * Note that any registered hooks registered here are guaranteed to be called
+ * if pre-change hooks have been.
+ */
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void
+        *opaque);
 
 /**
  * aa32_vfp_dreg:
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 6358c2ad5a..dc9357766c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -728,6 +728,13 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                                    MemTxResult response, uintptr_t retaddr);
 
 /* Call any registered EL change hooks */
+static inline void arm_call_pre_el_change_hook(ARMCPU *cpu)
+{
+    ARMELChangeHook *hook, *next;
+    QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) {
+        hook->hook(cpu, hook->opaque);
+    }
+}
 static inline void arm_call_el_change_hook(ARMCPU *cpu)
 {
     ARMELChangeHook *hook, *next;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 1f689f6817..d175c5e94f 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -55,6 +55,17 @@ static bool arm_cpu_has_work(CPUState *cs)
          | CPU_INTERRUPT_EXITTB);
 }
 
+void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
+                                 void *opaque)
+{
+    ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1);
+
+    entry->hook = hook;
+    entry->opaque = opaque;
+
+    QLIST_INSERT_HEAD(&cpu->pre_el_change_hooks, entry, node);
+}
+
 void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
                                  void *opaque)
 {
@@ -554,6 +565,7 @@ static void arm_cpu_initfn(Object *obj)
     cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
                                          g_free, g_free);
 
+    QLIST_INIT(&cpu->pre_el_change_hooks);
     QLIST_INIT(&cpu->el_change_hooks);
 
 #ifndef CONFIG_USER_ONLY
@@ -721,6 +733,10 @@ static void arm_cpu_finalizefn(Object *obj)
 
     g_hash_table_destroy(cpu->cp_regs);
 
+    QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) {
+        QLIST_REMOVE(hook, node);
+        g_free(hook);
+    }
     QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
         QLIST_REMOVE(hook, node);
         g_free(hook);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3238aacaa6..81e88f255b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8249,6 +8249,14 @@ void arm_cpu_do_interrupt(CPUState *cs)
         return;
     }
 
+    /* Hooks may change global state so BQL should be held, also the
+     * BQL needs to be held for any modification of
+     * cs->interrupt_request.
+     */
+    g_assert(qemu_mutex_iothread_locked());
+
+    arm_call_pre_el_change_hook(cpu);
+
     assert(!excp_is_internal(cs->exception_index));
     if (arm_el_is_aa64(env, new_el)) {
         arm_cpu_do_interrupt_aarch64(cs);
@@ -8256,12 +8264,6 @@ void arm_cpu_do_interrupt(CPUState *cs)
         arm_cpu_do_interrupt_aarch32(cs);
     }
 
-    /* Hooks may change global state so BQL should be held, also the
-     * BQL needs to be held for any modification of
-     * cs->interrupt_request.
-     */
-    g_assert(qemu_mutex_iothread_locked());
-
     arm_call_el_change_hook(cpu);
 
     if (!kvm_enabled()) {
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 84f08bf815..f728f25e4b 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -511,6 +511,10 @@ void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask)
 /* Write the CPSR for a 32-bit exception return */
 void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
 {
+    qemu_mutex_lock_iothread();
+    arm_call_pre_el_change_hook(arm_env_get_cpu(env));
+    qemu_mutex_unlock_iothread();
+
     cpsr_write(env, val, CPSR_ERET_MASK, CPSRWriteExceptionReturn);
 
     /* Generated code has already stored the new PC value, but
@@ -1028,6 +1032,10 @@ void HELPER(exception_return)(CPUARMState *env)
         goto illegal_return;
     }
 
+    qemu_mutex_lock_iothread();
+    arm_call_pre_el_change_hook(arm_env_get_cpu(env));
+    qemu_mutex_unlock_iothread();
+
     if (!return_to_aa64) {
         env->aarch64 = 0;
         /* We do a raw CPSR write because aarch64_sync_64_to_32()
-- 
2.17.0

[Qemu-devel] [PULL 11/19] target/arm: Allow EL change hooks to do IO

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

During code generation, surround CPSR writes and exception returns which
call the EL change hooks with gen_io_start/end. The immediate need is
for the PMU to access the clock and icount during EL change to support
mode filtering.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1523997485-1905-9-git-send-email-alindsay@codeaurora.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c |  6 ++++++
 target/arm/translate.c     | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c91329249d..bff4e13bf6 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1930,7 +1930,13 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
             unallocated_encoding(s);
             return;
         }
+        if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+            gen_io_start();
+        }
         gen_helper_exception_return(cpu_env);
+        if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+            gen_io_end();
+        }
         /* Must exit loop to check un-masked IRQs */
         s->base.is_jmp = DISAS_EXIT;
         return;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index db1ce6510a..9bc2ce1a0b 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4548,7 +4548,13 @@ static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
      * appropriately depending on the new Thumb bit, so it must
      * be called after storing the new PC.
      */
+    if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+        gen_io_start();
+    }
     gen_helper_cpsr_write_eret(cpu_env, cpsr);
+    if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+        gen_io_end();
+    }
     tcg_temp_free_i32(cpsr);
     /* Must exit loop to check un-masked IRQs */
     s->base.is_jmp = DISAS_EXIT;
@@ -9843,7 +9849,13 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 if (exc_return) {
                     /* Restore CPSR from SPSR.  */
                     tmp = load_cpu_field(spsr);
+                    if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+                        gen_io_start();
+                    }
                     gen_helper_cpsr_write_eret(cpu_env, tmp);
+                    if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+                        gen_io_end();
+                    }
                     tcg_temp_free_i32(tmp);
                     /* Must exit loop to check un-masked IRQs */
                     s->base.is_jmp = DISAS_EXIT;
-- 
2.17.0

[Qemu-devel] [PULL 12/19] target/arm: Fix bitmask for PMCCFILTR writes

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

It was shifted to the left one bit too few.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1523997485-1905-10-git-send-email-alindsay@codeaurora.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 81e88f255b..85c289f3b9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1119,7 +1119,7 @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                             uint64_t value)
 {
     pmccntr_sync(env);
-    env->cp15.pmccfiltr_el0 = value & 0x7E000000;
+    env->cp15.pmccfiltr_el0 = value & 0xfc000000;
     pmccntr_sync(env);
 }
 
-- 
2.17.0

[Qemu-devel] [PULL 13/19] target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide

[Peter Maydell]

From: Aaron Lindsay <alindsay@codeaurora.org>

This is a bug fix to ensure 64-bit reads of these registers don't read
adjacent data.

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Message-id: 1523997485-1905-13-git-send-email-alindsay@codeaurora.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 4 ++--
 target/arm/helper.c | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b9b47f4b22..44e6b77151 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -367,8 +367,8 @@ typedef struct CPUARMState {
         uint32_t c9_data;
         uint64_t c9_pmcr; /* performance monitor control register */
         uint64_t c9_pmcnten; /* perf monitor counter enables */
-        uint32_t c9_pmovsr; /* perf monitor overflow status */
-        uint32_t c9_pmuserenr; /* perf monitor user enable */
+        uint64_t c9_pmovsr; /* perf monitor overflow status */
+        uint64_t c9_pmuserenr; /* perf monitor user enable */
         uint64_t c9_pmselr; /* perf monitor counter selection register */
         uint64_t c9_pminten; /* perf monitor interrupt enables */
         union { /* Memory attribute redirection */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 85c289f3b9..52a88e0297 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1305,7 +1305,8 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
       .writefn = pmcntenclr_write },
     { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
-      .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
+      .access = PL0_RW,
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr),
       .accessfn = pmreg_access,
       .writefn = pmovsr_write,
       .raw_writefn = raw_write },
@@ -1360,7 +1361,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .accessfn = pmreg_access_xevcntr },
     { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
       .access = PL0_R | PL1_RW, .accessfn = access_tpm,
-      .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmuserenr),
       .resetvalue = 0,
       .writefn = pmuserenr_write, .raw_writefn = raw_write },
     { .name = "PMUSERENR_EL0", .state = ARM_CP_STATE_AA64,
-- 
2.17.0

[Qemu-devel] [PULL 14/19] hw/arm/raspi: Don't bother setting default_cpu_type

[Peter Maydell]

In commit 210f47840dd62, we changed the bcm2836 SoC object to
always create a CPU of the correct type for that SoC model. This
makes the default_cpu_type settings in the MachineClass structs
for the raspi2 and raspi3 boards redundant. We didn't change
those at the time because it would have meant a temporary
regression in a corner case of error handling if the user
requested a non-existing CPU type. The -cpu parse handling
changes in 2278b93941d42c3 mean that it no longer implicitly
depends on default_cpu_type for this to work, so we can now
delete the redundant default_cpu_type fields.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180420155547.9497-1-peter.maydell@linaro.org
---
 hw/arm/raspi.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 955a7c4e80..66899c28dc 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -226,7 +226,6 @@ static void raspi2_machine_init(MachineClass *mc)
     mc->no_parallel = 1;
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
-    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
     mc->max_cpus = BCM283X_NCPUS;
     mc->min_cpus = BCM283X_NCPUS;
     mc->default_cpus = BCM283X_NCPUS;
@@ -249,7 +248,6 @@ static void raspi3_machine_init(MachineClass *mc)
     mc->no_parallel = 1;
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
-    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
     mc->max_cpus = BCM283X_NCPUS;
     mc->min_cpus = BCM283X_NCPUS;
     mc->default_cpus = BCM283X_NCPUS;
-- 
2.17.0

[Qemu-devel] [PULL 15/19] hw/arm/highbank: don't make sysram 'nomigrate'

[Peter Maydell]

Currently we use memory_region_init_ram_nomigrate() to create
the "highbank.sysram" memory region, and we don't manually
register it with vmstate_register_ram(). This currently
means that its contents are migrated but as a ram block
whose name is the empty string; in future it may mean they
are not migrated at all. Use memory_region_init_ram() instead.

Note that this is a cross-version migration compatibility
break for the "highbank" and "midway" machines.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180420124835.7268-2-peter.maydell@linaro.org
---
 hw/arm/highbank.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 1742cf6f6c..88326d1bfd 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -291,7 +291,7 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
     memory_region_add_subregion(sysmem, 0, dram);
 
     sysram = g_new(MemoryRegion, 1);
-    memory_region_init_ram_nomigrate(sysram, NULL, "highbank.sysram", 0x8000,
+    memory_region_init_ram(sysram, NULL, "highbank.sysram", 0x8000,
                            &error_fatal);
     memory_region_add_subregion(sysmem, 0xfff88000, sysram);
     if (bios_name != NULL) {
-- 
2.17.0

[Qemu-devel] [PULL 16/19] hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'

[Peter Maydell]

Currently we use memory_region_init_ram_nomigrate() to create
the "aspeed.boot_rom" memory region, and we don't manually
register it with vmstate_register_ram(). This currently
means that its contents are migrated but as a ram block
whose name is the empty string; in future it may mean they
are not migrated at all. Use memory_region_init_ram() instead.

Note that would be a cross-version migration compatibility break
for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines,
but migration is currently broken for them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180420124835.7268-3-peter.maydell@linaro.org
---
 hw/arm/aspeed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 7088c907bd..aecb3c1e75 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -225,7 +225,7 @@ static void aspeed_board_init(MachineState *machine,
          * SoC and 128MB for the AST2500 SoC, which is twice as big as
          * needed by the flash modules of the Aspeed machines.
          */
-        memory_region_init_rom_nomigrate(boot_rom, OBJECT(bmc), "aspeed.boot_rom",
+        memory_region_init_rom(boot_rom, OBJECT(bmc), "aspeed.boot_rom",
                                fl->size, &error_abort);
         memory_region_add_subregion(get_system_memory(), FIRMWARE_ADDR,
                                     boot_rom);
-- 
2.17.0

[Qemu-devel] [PULL 17/19] hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM

[Peter Maydell]

Currently we use vmstate_register_ram_global() for the SRAM;
this is not a good idea for devices, because it means that
you can only ever create one instance of the device, as
the second instance would get a RAM block name clash.
Instead, use memory_region_init_ram(), which automatically
registers the RAM block with a local-to-the-device name.

Note that this would be a cross-version migration compatibility break
for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines,
but migration is currently broken for them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180420124835.7268-4-peter.maydell@linaro.org
---
 hw/arm/aspeed_soc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 30d25f8b06..407f10d0d4 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -186,13 +186,12 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     }
 
     /* SRAM */
-    memory_region_init_ram_nomigrate(&s->sram, OBJECT(dev), "aspeed.sram",
+    memory_region_init_ram(&s->sram, OBJECT(dev), "aspeed.sram",
                            sc->info->sram_size, &err);
     if (err) {
         error_propagate(errp, err);
         return;
     }
-    vmstate_register_ram_global(&s->sram);
     memory_region_add_subregion(get_system_memory(), ASPEED_SOC_SRAM_BASE,
                                 &s->sram);
 
-- 
2.17.0

[Qemu-devel] [PULL 18/19] timer/aspeed: fix vmstate version id

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

commit 1d3e65aa7ac5 ("hw/timer: Add value matching support to
aspeed_timer") increased the vmstate version of aspeed.timer because
the state had changed, but it also bumped the version of the
VMSTATE_STRUCT_ARRAY under the aspeed.timerctrl which did not need to.

Change back this version to fix migration.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20180423101433.17759-1-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/timer/aspeed_timer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 50acbf530a..1e31e22b6f 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -504,7 +504,7 @@ static const VMStateDescription vmstate_aspeed_timer_state = {
         VMSTATE_UINT32(ctrl, AspeedTimerCtrlState),
         VMSTATE_UINT32(ctrl2, AspeedTimerCtrlState),
         VMSTATE_STRUCT_ARRAY(timers, AspeedTimerCtrlState,
-                             ASPEED_TIMER_NR_TIMERS, 2, vmstate_aspeed_timer,
+                             ASPEED_TIMER_NR_TIMERS, 1, vmstate_aspeed_timer,
                              AspeedTimer),
         VMSTATE_END_OF_LIST()
     }
-- 
2.17.0

[Qemu-devel] [PULL 19/19] xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo

[Peter Maydell]

From: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>

SNOOP_NONE state handle is moved above in the if ladder, as it's same
as SNOOP_STRIPPING during data cycles.

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 1524119244-1240-1-git-send-email-saipava@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/xilinx_spips.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 426f971311..03f5faee4b 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -616,7 +616,8 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
         if (fifo8_is_empty(&s->tx_fifo)) {
             xilinx_spips_update_ixr(s);
             return;
-        } else if (s->snoop_state == SNOOP_STRIPING) {
+        } else if (s->snoop_state == SNOOP_STRIPING ||
+                   s->snoop_state == SNOOP_NONE) {
             for (i = 0; i < num_effective_busses(s); ++i) {
                 tx_rx[i] = fifo8_pop(&s->tx_fifo);
             }
-- 
2.17.0

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 26 April 2018 at 11:46, Peter Maydell <peter.maydell@linaro.org> wrote:
> First arm pullreq of the 2.13 cycle!
>
> -- PMM
>
> The following changes since commit 4743c23509a51bd4ee85cc272287a41917d1be35:
>
>   Update version for v2.12.0 release (2018-04-24 16:44:55 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180426
>
> for you to fetch changes up to fbf32752663878947de455ff57cb5b9318f14bec:
>
>   xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo (2018-04-26 11:04:40 +0100)
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 15/19] hw/arm/highbank: don't make sysram 'nomigrate'

[Michael Clark]

On Thu, Apr 26, 2018 at 10:47 PM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> Currently we use memory_region_init_ram_nomigrate() to create
> the "highbank.sysram" memory region, and we don't manually
> register it with vmstate_register_ram(). This currently
> means that its contents are migrated but as a ram block
> whose name is the empty string; in future it may mean they
> are not migrated at all. Use memory_region_init_ram() instead.
>

It is self evident that memory_region_init_ram() implies normal migration.


> Note that this is a cross-version migration compatibility
> break for the "highbank" and "midway" machines.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>

Reviewed-by: Michael Clark <mjc@sifive.com>


> Message-id: 20180420124835.7268-2-peter.maydell@linaro.org
> ---
>  hw/arm/highbank.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
> index 1742cf6f6c..88326d1bfd 100644
> --- a/hw/arm/highbank.c
> +++ b/hw/arm/highbank.c
> @@ -291,7 +291,7 @@ static void calxeda_init(MachineState *machine, enum
> cxmachines machine_id)
>      memory_region_add_subregion(sysmem, 0, dram);
>
>      sysram = g_new(MemoryRegion, 1);
> -    memory_region_init_ram_nomigrate(sysram, NULL, "highbank.sysram",
> 0x8000,
> +    memory_region_init_ram(sysram, NULL, "highbank.sysram", 0x8000,
>                             &error_fatal);
>      memory_region_add_subregion(sysmem, 0xfff88000, sysram);
>

magic constants are better as #define or enum but there is a lot of code
that already does this, and that would be a separate change. It's peeking
through in the diff context :-D


>      if (bios_name != NULL) {
> --
> 2.17.0
>
>
>

Re: [Qemu-devel] [PULL 15/19] hw/arm/highbank: don't make sysram 'nomigrate'

[Peter Maydell]

On 26 April 2018 at 23:03, Michael Clark <mjc@sifive.com> wrote:
>
>
> On Thu, Apr 26, 2018 at 10:47 PM, Peter Maydell <peter.maydell@linaro.org>
> wrote:
>>
>> Currently we use memory_region_init_ram_nomigrate() to create
>> the "highbank.sysram" memory region, and we don't manually
>> register it with vmstate_register_ram(). This currently
>> means that its contents are migrated but as a ram block
>> whose name is the empty string; in future it may mean they
>> are not migrated at all. Use memory_region_init_ram() instead.
>
>
> It is self evident that memory_region_init_ram() implies normal migration.

Yes; using the _nomigrate functions in these files looks odd
but it only looks odd as a result of a refactor we did.

Previously we had:
 * memory_region_init_ram() -- doesn't register the ram for migration
 * everybody has to manually call vmstate_register_ram()
Then we refactored so that:
 * the old memory_region_init_ram() is renamed to _nomigrate()
 * a new memory_region_init_ram() does that plus calls
   vmstate_register_ram() for you
 * callsites that were doing both calls got automatically rewritten
   to call the new memory_region_init_ram()
 * callsites that forgot the vmstate_register_ram() got rewritten
   to call memory_region_init_ram_nomigrate()

So board code that was previously making an easy and hard-to-spot
mistake (forgetting to call vmstate_register_ram()) got rewritten
so the mistake is more obvious (calling memory_region_init_ram_nomigrate
for no good reason).

thanks
-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

Latest set of arm patches. I may end up doing another pullreq at the
end of the week, but this is big enough to send out, plus it has
several instances of "let me take the first N patches in your series"
in it, so getting those into master makes patch respins for those
submitters easier.

thanks
-- PMM

The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:

  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016

for you to fetch changes up to bdaffef4bb0729a74c7a325dba5c61d8cd8f464f:

  coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 16:16:42 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
 * target/arm: Fix aarch64_sve_change_el wrt EL0
 * target/arm: Define fields of ISAR registers
 * target/arm: Align cortex-r5 id_isar0
 * target/arm: Fix cortex-a7 id_isar0
 * net/cadence_gem: Fix various bugs, add support for new
   features that will be used by the Xilinx Versal board
 * target-arm: powerctl: Enable HVC when starting CPUs to EL2
 * target/arm: Add the Cortex-A72
 * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
 * target/arm: Mask PMOVSR writes based on supported counters
 * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
 * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

----------------------------------------------------------------
Aaron Lindsay (2):
      target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
      target/arm: Mask PMOVSR writes based on supported counters

Edgar E. Iglesias (10):
      net: cadence_gem: Disable TSU feature bit
      net: cadence_gem: Announce availability of priority queues
      net: cadence_gem: Use uint32_t for 32bit descriptor words
      net: cadence_gem: Add macro with max number of descriptor words
      net: cadence_gem: Add support for extended descriptors
      net: cadence_gem: Add support for selecting the DMA MemoryRegion
      net: cadence_gem: Implement support for 64bit descriptor addresses
      net: cadence_gem: Announce 64bit addressing support
      target-arm: powerctl: Enable HVC when starting CPUs to EL2
      target/arm: Add the Cortex-A72

Jerome Forissier (1):
      hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART

Peter Maydell (2):
      target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
      coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

Richard Henderson (4):
      target/arm: Fix aarch64_sve_change_el wrt EL0
      target/arm: Define fields of ISAR registers
      target/arm: Align cortex-r5 id_isar0
      target/arm: Fix cortex-a7 id_isar0

 include/hw/net/cadence_gem.h               |   7 +-
 target/arm/cpu.h                           |  95 +++++++++++++-
 hw/arm/virt.c                              |   4 +
 hw/net/cadence_gem.c                       | 192 +++++++++++++++++++++--------
 target/arm/arm-powerctl.c                  |  10 ++
 target/arm/cpu.c                           |   7 +-
 target/arm/cpu64.c                         |  66 +++++++++-
 target/arm/helper.c                        |  27 ++--
 target/arm/op_helper.c                     |   6 +-
 scripts/coccinelle/inplace-byteswaps.cocci |  65 ++++++++++
 10 files changed, 408 insertions(+), 71 deletions(-)
 create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 12 May 2015 at 12:03, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> v2 of the pull, fixing a silly compile failure on ARM hosts.
> ----------------------------------------------------------------
> target-arm queue:
>  * Support TZ and grouping in the GIC
>  * hw/sd: sd_reset cleanup
>  * armv7m_nvic: fix bug in systick device
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

v2 of the pull, fixing a silly compile failure on ARM hosts.
Diff is:

--- a/hw/intc/arm_gic_kvm.c
+++ b/hw/intc/arm_gic_kvm.c
@@ -353,8 +353,8 @@ static void kvm_arm_gic_put(GICState *s)
      * Distributor State
      */
 
-    /* s->ctlr -> GICD_CTLR */
-    reg = s->ctlr;
+    /* s->enabled -> GICD_CTLR */
+    reg = s->enabled;
     kvm_gicd_access(s, 0x0, 0, &reg, true);
 
     /* Sanity checking on GICD_TYPER and s->num_irq, s->num_cpu */
@@ -453,9 +453,9 @@ static void kvm_arm_gic_get(GICState *s)
      * Distributor State
      */
 
-    /* GICD_CTLR -> s->ctlr */
+    /* GICD_CTLR -> s->enabled */
     kvm_gicd_access(s, 0x0, 0, &reg, false);
-    s->ctlr = reg;
+    s->enabled = reg & 1;
 
     /* Sanity checking on GICD_TYPER -> s->num_irq, s->num_cpu */
     kvm_gicd_access(s, 0x4, 0, &reg, false);

so I'm not going to resend all the patches, just this cover letter.

-- PMM

The following changes since commit 19fbe5084c1da6af95177c86e4cab64241d479a8:

  Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging (2015-05-12 10:40:31 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150512

for you to fetch changes up to 5ae79fe825bedc89db8b6bde9d0ed0bb5d59558c:

  hw/arm/highbank.c: Wire FIQ between CPU <> GIC (2015-05-12 11:57:19 +0100)

----------------------------------------------------------------
target-arm queue:
 * Support TZ and grouping in the GIC
 * hw/sd: sd_reset cleanup
 * armv7m_nvic: fix bug in systick device

----------------------------------------------------------------
Adrian Huang (1):
      armv7m_nvic: systick: Reload the RELOAD value and count down only if ENABLE bit is set

Fabian Aggeler (12):
      hw/intc/arm_gic: Create outbound FIQ lines
      hw/intc/arm_gic: Add Security Extensions property
      hw/intc/arm_gic: Add Interrupt Group Registers
      hw/intc/arm_gic: Make ICDDCR/GICD_CTLR banked
      hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked
      hw/intc/arm_gic: Make ICCICR/GICC_CTLR banked
      hw/intc/arm_gic: Implement Non-secure view of RPR
      hw/intc/arm_gic: Restrict priority view
      hw/intc/arm_gic: Handle grouping for GICC_HPPIR
      hw/intc/arm_gic: Change behavior of EOIR writes
      hw/intc/arm_gic: Change behavior of IAR writes
      hw/arm/vexpress.c: Wire FIQ between CPU <> GIC

Greg Bellows (1):
      hw/arm/virt.c: Wire FIQ between CPU <> GIC

Peter Maydell (5):
      hw/sd: Don't pass BlockBackend to sd_reset()
      hw/intc/arm_gic: Switch to read/write callbacks with tx attributes
      hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn state
      hw/intc/arm_gic: Add grouping support to gic_update()
      hw/arm/highbank.c: Wire FIQ between CPU <> GIC

 hw/arm/highbank.c                |   3 +
 hw/arm/vexpress.c                |   2 +
 hw/arm/virt.c                    |   2 +
 hw/intc/arm_gic.c                | 469 ++++++++++++++++++++++++++++++++-------
 hw/intc/arm_gic_common.c         |  22 +-
 hw/intc/arm_gic_kvm.c            |  59 +++--
 hw/intc/armv7m_nvic.c            |  17 +-
 hw/intc/gic_internal.h           |  29 ++-
 hw/sd/sd.c                       |  17 +-
 include/hw/intc/arm_gic_common.h |  24 +-
 10 files changed, 513 insertions(+), 131 deletions(-)

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 12 May 2015 at 09:10, Peter Crosthwaite <peter.crosthwaite@xilinx.com> wrote:
> On Tue, May 12, 2015 at 1:01 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> I could have sworn I'd tested that. Will fix & respin...
>>
>
> Feel like grabbing the new Zynq series (v9) with it? :)

Maybe. I was going to except for that last minute issue in v8.
No real issue with doing two pullreqs, though; in some
ways that's better than one large one.

-- PMM

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Crosthwaite]

On Tue, May 12, 2015 at 1:01 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 11 May 2015 at 14:40, Peter Maydell <peter.maydell@linaro.org> wrote:
>> This is mostly the GIC TZ changes, with a couple of other
>> minor bugfixes.
>>
>> -- PMM
>>
>> The following changes since commit b951cda21d6b232f138ccf008e12bce8ddc95465:
>>
>>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-05-11 12:01:09 +0100)
>>
>> are available in the git repository at:
>>
>>
>>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150511
>>
>> for you to fetch changes up to 49855cdaed78f66f501df6e18b8b3b7012cea2eb:
>>
>>   hw/arm/highbank.c: Wire FIQ between CPU <> GIC (2015-05-11 14:28:54 +0100)
>
> Oops:
>
> hw/intc/arm_gic_kvm.c: In function ‘kvm_arm_gic_put’:
> hw/intc/arm_gic_kvm.c:357:12: error: ‘GICState’ has no member named ‘enabled’
> hw/intc/arm_gic_kvm.c: In function ‘kvm_arm_gic_get’:
> hw/intc/arm_gic_kvm.c:458:6: error: ‘GICState’ has no member named ‘enabled’
>
> I could have sworn I'd tested that. Will fix & respin...
>

Feel like grabbing the new Zynq series (v9) with it? :)

Regards,
Peter

> -- PMM
>

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 11 May 2015 at 14:40, Peter Maydell <peter.maydell@linaro.org> wrote:
> This is mostly the GIC TZ changes, with a couple of other
> minor bugfixes.
>
> -- PMM
>
> The following changes since commit b951cda21d6b232f138ccf008e12bce8ddc95465:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-05-11 12:01:09 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150511
>
> for you to fetch changes up to 49855cdaed78f66f501df6e18b8b3b7012cea2eb:
>
>   hw/arm/highbank.c: Wire FIQ between CPU <> GIC (2015-05-11 14:28:54 +0100)

Oops:

hw/intc/arm_gic_kvm.c: In function ‘kvm_arm_gic_put’:
hw/intc/arm_gic_kvm.c:357:12: error: ‘GICState’ has no member named ‘enabled’
hw/intc/arm_gic_kvm.c: In function ‘kvm_arm_gic_get’:
hw/intc/arm_gic_kvm.c:458:6: error: ‘GICState’ has no member named ‘enabled’

I could have sworn I'd tested that. Will fix & respin...

-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

This is mostly the GIC TZ changes, with a couple of other
minor bugfixes.

-- PMM

The following changes since commit b951cda21d6b232f138ccf008e12bce8ddc95465:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-05-11 12:01:09 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150511

for you to fetch changes up to 49855cdaed78f66f501df6e18b8b3b7012cea2eb:

  hw/arm/highbank.c: Wire FIQ between CPU <> GIC (2015-05-11 14:28:54 +0100)

----------------------------------------------------------------
target-arm queue:
 * Support TZ and grouping in the GIC
 * hw/sd: sd_reset cleanup
 * armv7m_nvic: fix bug in systick device

----------------------------------------------------------------
Adrian Huang (1):
      armv7m_nvic: systick: Reload the RELOAD value and count down only if ENABLE bit is set

Fabian Aggeler (12):
      hw/intc/arm_gic: Create outbound FIQ lines
      hw/intc/arm_gic: Add Security Extensions property
      hw/intc/arm_gic: Add Interrupt Group Registers
      hw/intc/arm_gic: Make ICDDCR/GICD_CTLR banked
      hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked
      hw/intc/arm_gic: Make ICCICR/GICC_CTLR banked
      hw/intc/arm_gic: Implement Non-secure view of RPR
      hw/intc/arm_gic: Restrict priority view
      hw/intc/arm_gic: Handle grouping for GICC_HPPIR
      hw/intc/arm_gic: Change behavior of EOIR writes
      hw/intc/arm_gic: Change behavior of IAR writes
      hw/arm/vexpress.c: Wire FIQ between CPU <> GIC

Greg Bellows (1):
      hw/arm/virt.c: Wire FIQ between CPU <> GIC

Peter Maydell (5):
      hw/sd: Don't pass BlockBackend to sd_reset()
      hw/intc/arm_gic: Switch to read/write callbacks with tx attributes
      hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn state
      hw/intc/arm_gic: Add grouping support to gic_update()
      hw/arm/highbank.c: Wire FIQ between CPU <> GIC

 hw/arm/highbank.c                |   3 +
 hw/arm/vexpress.c                |   2 +
 hw/arm/virt.c                    |   2 +
 hw/intc/arm_gic.c                | 469 ++++++++++++++++++++++++++++++++-------
 hw/intc/arm_gic_common.c         |  22 +-
 hw/intc/arm_gic_kvm.c            |  51 +++--
 hw/intc/armv7m_nvic.c            |  17 +-
 hw/intc/gic_internal.h           |  29 ++-
 hw/sd/sd.c                       |  17 +-
 include/hw/intc/arm_gic_common.h |  24 +-
 10 files changed, 509 insertions(+), 127 deletions(-)

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 29 September 2014 19:26, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM pullreq: nothing fantastically exciting, but getting the
> EL2/EL3 patchset in ought to help with ongoing TZ work.
>
> -- PMM
>
>
> The following changes since commit 70556264a89a268efba1d7e8e341adcdd7881eb4:
>
>   libqos: use microseconds instead of iterations for virtio timeout (2014-09-29 17:31:11 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140929
>
> for you to fetch changes up to 136e67e9b50b61fb03fedcea5c4fbe74cf44fdcc:
>
>   target-arm: Add support for VIRQ and VFIQ (2014-09-29 18:48:51 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * more EL2/EL3 preparation work
>  * don't handle c15_cpar changes via tb_flush()
>  * fix some unused function warnings in ARM devices
>  * build the GDB XML for 32 bit CPUs into qemu-*-aarch64
>  * implement guest breakpoint support
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

ARM pullreq: nothing fantastically exciting, but getting the
EL2/EL3 patchset in ought to help with ongoing TZ work.

-- PMM


The following changes since commit 70556264a89a268efba1d7e8e341adcdd7881eb4:

  libqos: use microseconds instead of iterations for virtio timeout (2014-09-29 17:31:11 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140929

for you to fetch changes up to 136e67e9b50b61fb03fedcea5c4fbe74cf44fdcc:

  target-arm: Add support for VIRQ and VFIQ (2014-09-29 18:48:51 +0100)

----------------------------------------------------------------
target-arm:
 * more EL2/EL3 preparation work
 * don't handle c15_cpar changes via tb_flush()
 * fix some unused function warnings in ARM devices
 * build the GDB XML for 32 bit CPUs into qemu-*-aarch64
 * implement guest breakpoint support

----------------------------------------------------------------
Edgar E. Iglesias (11):
      target-arm: Add HCR_EL2
      target-arm: Add SCR_EL3
      target-arm: A64: Refactor aarch64_cpu_do_interrupt
      target-arm: Break out exception masking to a separate func
      target-arm: Don't take interrupts targeting lower ELs
      target-arm: A64: Correct updates to FAR and ESR on exceptions
      target-arm: A64: Emulate the HVC insn
      target-arm: Add a Hypervisor Trap exception type
      target-arm: A64: Emulate the SMC insn
      target-arm: Add IRQ and FIQ routing to EL2 and 3
      target-arm: Add support for VIRQ and VFIQ

Peter Maydell (8):
      target-arm: Implement setting guest breakpoints
      target-arm: Implement handling of breakpoint firing
      configure: Build GDB XML for 32 bit ARM CPUs into qemu aarch64 binaries
      hw/display/blizzard.c: Delete unused function blizzard_rgb2yuv
      hw/intc/imx_avic.c: Remove unused function imx_avic_set_prio()
      hw/display/pxa2xx_lcd.c: Remove unused function pxa2xx_dma_rdst_set
      hw/input/tsc210x.c: Delete unused array tsc2101_rates
      target-arm: Don't handle c15_cpar changes via tb_flush()

 configure                  |   2 +-
 hw/display/blizzard.c      |   8 --
 hw/display/pxa2xx_lcd.c    |   8 --
 hw/input/tsc210x.c         |  30 ------
 hw/intc/imx_avic.c         |   9 --
 target-arm/cpu.c           |  60 +++++++----
 target-arm/cpu.h           | 138 +++++++++++++++++++++++-
 target-arm/helper-a64.c    |  32 +++---
 target-arm/helper.c        | 258 +++++++++++++++++++++++++++++++++++++++++++--
 target-arm/helper.h        |   2 +
 target-arm/internals.h     |  30 ++++++
 target-arm/machine.c       |   1 +
 target-arm/op_helper.c     | 143 ++++++++++++++++++++++---
 target-arm/translate-a64.c |  44 ++++++--
 target-arm/translate.c     |  40 +++----
 target-arm/translate.h     |   2 +
 16 files changed, 662 insertions(+), 145 deletions(-)

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 19 August 2014 19:09, Peter Maydell <peter.maydell@linaro.org> wrote:
> Flushing my queue of reviewed ARM patches: single step,
> plus a collection of straightforward patches from other
> people.
>
> thanks
> -- PMM
>
>
> The following changes since commit 0e4a77370594c91dd126f9872893ed473374cc72:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2014-08-19 13:00:57 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140819
>
> for you to fetch changes up to 14a906f755f77b325666d67e071c572478d06067:
>
>   arm: stellaris: Remove misleading address_space_mem var (2014-08-19 19:02:40 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * fix preferred return address for A64 BRK insn
>  * implement AArch64 single-stepping
>  * support loading gzip compressed AArch64 kernels
>  * use correct PSCI function IDs in the DT when KVM uses PSCI 0.2
>  * minor cleanups
>
> ----------------------------------------------------------------
> Christoffer Dall (2):
>       target-arm: Rename QEMU PSCI v0.1 definitions
>       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
>
> Peter Crosthwaite (3):
>       arm: cortex-a9: Fix cache-line size and associativity
>       arm: armv7m: Rename address_space_mem -> system_memory
>       arm: stellaris: Remove misleading address_space_mem var
>
> Peter Maydell (12):
>       target-arm: Fix return address for A64 BRK instructions
>       target-arm: Collect up the debug cp register definitions
>       target-arm: Allow STATE_BOTH reginfo descriptions for more than cp14
>       target-arm: Provide both 32 and 64 bit versions of debug registers
>       target-arm: Adjust debug ID registers per-CPU
>       target-arm: Don't allow AArch32 to access RES0 CPSR bits
>       target-arm: Correctly handle PSTATE.SS when taking exception to AArch32
>       target-arm: Set PSTATE.SS correctly on exception return from AArch64
>       target-arm: A64: Avoid duplicate exit_tb(0) in non-linked goto_tb
>       target-arm: Implement ARMv8 single-step handling for A64 code
>       target-arm: Implement ARMv8 single-stepping for AArch32 code
>       target-arm: Implement MDSCR_EL1 as having state
>
> Richard W.M. Jones (2):
>       loader: Add load_image_gzipped function.
>       aarch64: Allow -kernel option to take a gzip-compressed kernel.

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

Flushing my queue of reviewed ARM patches: single step,
plus a collection of straightforward patches from other
people.

thanks
-- PMM


The following changes since commit 0e4a77370594c91dd126f9872893ed473374cc72:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2014-08-19 13:00:57 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140819

for you to fetch changes up to 14a906f755f77b325666d67e071c572478d06067:

  arm: stellaris: Remove misleading address_space_mem var (2014-08-19 19:02:40 +0100)

----------------------------------------------------------------
target-arm:
 * fix preferred return address for A64 BRK insn
 * implement AArch64 single-stepping
 * support loading gzip compressed AArch64 kernels
 * use correct PSCI function IDs in the DT when KVM uses PSCI 0.2
 * minor cleanups

----------------------------------------------------------------
Christoffer Dall (2):
      target-arm: Rename QEMU PSCI v0.1 definitions
      arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2

Peter Crosthwaite (3):
      arm: cortex-a9: Fix cache-line size and associativity
      arm: armv7m: Rename address_space_mem -> system_memory
      arm: stellaris: Remove misleading address_space_mem var

Peter Maydell (12):
      target-arm: Fix return address for A64 BRK instructions
      target-arm: Collect up the debug cp register definitions
      target-arm: Allow STATE_BOTH reginfo descriptions for more than cp14
      target-arm: Provide both 32 and 64 bit versions of debug registers
      target-arm: Adjust debug ID registers per-CPU
      target-arm: Don't allow AArch32 to access RES0 CPSR bits
      target-arm: Correctly handle PSTATE.SS when taking exception to AArch32
      target-arm: Set PSTATE.SS correctly on exception return from AArch64
      target-arm: A64: Avoid duplicate exit_tb(0) in non-linked goto_tb
      target-arm: Implement ARMv8 single-step handling for A64 code
      target-arm: Implement ARMv8 single-stepping for AArch32 code
      target-arm: Implement MDSCR_EL1 as having state

Richard W.M. Jones (2):
      loader: Add load_image_gzipped function.
      aarch64: Allow -kernel option to take a gzip-compressed kernel.

 hw/arm/armv7m.c            |   8 +--
 hw/arm/boot.c              |   7 +++
 hw/arm/stellaris.c         |   3 +-
 hw/arm/virt.c              |  31 ++++++++--
 hw/core/loader.c           |  48 +++++++++++++++
 include/hw/arm/arm.h       |   2 +-
 include/hw/loader.h        |   1 +
 target-arm/cpu-qom.h       |   1 +
 target-arm/cpu.c           |   7 ++-
 target-arm/cpu.h           | 115 ++++++++++++++++++++++++++++++++++-
 target-arm/cpu64.c         |   1 +
 target-arm/helper.c        | 145 +++++++++++++++++++++++++++++++--------------
 target-arm/helper.h        |   1 +
 target-arm/internals.h     |   6 ++
 target-arm/kvm-consts.h    |  49 +++++++++++----
 target-arm/op_helper.c     |  27 ++++++++-
 target-arm/translate-a64.c |  98 +++++++++++++++++++++++++++---
 target-arm/translate.c     |  89 +++++++++++++++++++++++++---
 target-arm/translate.h     |  12 ++++
 19 files changed, 563 insertions(+), 88 deletions(-)

Re: [Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

On 9 June 2014 16:10, Peter Maydell <peter.maydell@linaro.org> wrote:
> Whoops. Resend of previous pull but with the PD0/PD1 patch dropped.
> I haven't re-transmitted the individual patchmails.
>
> The following changes since commit 4a331bb33bdf112ba95470e5d6ea3561b049c280:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging (2014-06-09 15:00:21 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140609-1
>
> for you to fetch changes up to 3b1a41381254f6080b5cfeb149c28a9237d42a0b:
>
>   target-arm: Delete unused iwmmxt_msadb helper (2014-06-09 16:06:12 +0100)
>
> ----------------------------------------------------------------
> ----------------------------------------------------------------
> target-arm queue:
>  * support -bios option in vexpress boards
>  * register the Cortex-A57 impdef system registers
>  * fix handling of UXN bit in ARMv8 page tables
>  * complete support of crypto insns in A32/T32
>  * implement CRC and crypto insns in A64
>  * fix bugs in generic timer control register

Applied this version; thanks.

-- PMM

[Qemu-devel] [PULL 00/19] target-arm queue

[Peter Maydell]

Whoops. Resend of previous pull but with the PD0/PD1 patch dropped.
I haven't re-transmitted the individual patchmails.

The following changes since commit 4a331bb33bdf112ba95470e5d6ea3561b049c280:

  Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging (2014-06-09 15:00:21 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140609-1

for you to fetch changes up to 3b1a41381254f6080b5cfeb149c28a9237d42a0b:

  target-arm: Delete unused iwmmxt_msadb helper (2014-06-09 16:06:12 +0100)

----------------------------------------------------------------
----------------------------------------------------------------
target-arm queue:
 * support -bios option in vexpress boards
 * register the Cortex-A57 impdef system registers
 * fix handling of UXN bit in ARMv8 page tables
 * complete support of crypto insns in A32/T32
 * implement CRC and crypto insns in A64
 * fix bugs in generic timer control register

----------------------------------------------------------------

----------------------------------------------------------------
Ard Biesheuvel (1):
      target-arm: add support for v8 SHA1 and SHA256 instructions

Fabian Aggeler (1):
      target-arm: Prepare cpreg writefns/readfns for EL3/SecExt

Grant Likely (1):
      vexpress: Add support for the -bios flag to provide firmware

Ian Campbell (1):
      target-arm: Correct handling of UXN bit in ARMv8 LPAE page tables

Peter Maydell (15):
      target-arm/cpu64.c: Actually register Cortex-A57 impdef registers
      target-arm: Allow 3reg_wide undefreq to encode more bad size options
      target-arm: add support for v8 VMULL.P64 instruction
      target-arm: A64: Use PMULL feature bit for PMULL
      target-arm: arm_any_initfn() should never set ARM_FEATURE_AARCH64
      target-arm: Remove unnecessary setting of feature bits
      target-arm: Clean up handling of ARMv8 optional feature bits
      target-arm: VFPv4 implies half-precision extension
      target-arm: A64: Implement CRC instructions
      target-arm: A32/T32: Mask CRC value in calling code, not helper
      target-arm: A64: Implement AES instructions
      target-arm: A64: Implement 3-register SHA instructions
      target-arm: A64: Implement two-register SHA instructions
      target-arm: Fix errors in writes to generic timer control registers
      target-arm: Delete unused iwmmxt_msadb helper

 hw/arm/vexpress.c          |  13 +++
 linux-user/elfload.c       |   9 +-
 target-arm/cpu.c           |  13 +--
 target-arm/cpu.h           |   3 +
 target-arm/cpu64.c         |  15 ++-
 target-arm/crypto_helper.c | 257 +++++++++++++++++++++++++++++++++++++++++++--
 target-arm/helper-a64.c    |  60 +++++------
 target-arm/helper-a64.h    |   4 +-
 target-arm/helper.c        |  76 ++++++--------
 target-arm/helper.h        |  14 ++-
 target-arm/iwmmxt_helper.c |   9 --
 target-arm/neon_helper.c   |  30 ++++++
 target-arm/translate-a64.c | 211 ++++++++++++++++++++++++++++++++++++-
 target-arm/translate.c     | 144 ++++++++++++++++++++++---
 14 files changed, 731 insertions(+), 127 deletions(-)