[Qemu-devel] [PULL 0/6] target-arm queue

[Qemu-devel] [PULL 0/6] target-arm queue

[Peter Maydell]

A set of small bugfixes for arm for 3.0; the "migration was
broken" fixes for SMMUv3 and v7M NVIC with security extensions
are the most significant.

thanks
-- PMM

The following changes since commit 6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging (2018-07-30 09:55:47 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180730

for you to fetch changes up to 0261fb805c00a6f97d143235e7b06b0906bdf898:

  target/arm: Remove duplicate 'host' entry in '-cpu ?' output (2018-07-30 15:07:08 +0100)

----------------------------------------------------------------
target-arm queue:
 * arm/smmuv3: Fix broken VM state migration
 * armv7m_nvic: Fix broken VM state migration
 * hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
 * hw/arm/iotkit: Fix IRQ number for timer1
 * hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
 * target/arm: Remove duplicate 'host' entry in '-cpu ?' output

----------------------------------------------------------------
Dr. David Alan Gilbert (1):
      arm/smmuv3: Fix missing VMSD terminator

Geert Uytterhoeven (1):
      hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()

Peter Maydell (3):
      armv7m_nvic: Fix m-security subsection name
      hw/arm/iotkit: Fix IRQ number for timer1
      hw/misc/tz-mpc: Zero the LUT on initialization, not just reset

Philippe Mathieu-Daudé (1):
      target/arm: Remove duplicate 'host' entry in '-cpu ?' output

 hw/arm/iotkit.c       | 2 +-
 hw/arm/smmuv3.c       | 1 +
 hw/arm/sysbus-fdt.c   | 1 +
 hw/intc/armv7m_nvic.c | 2 +-
 hw/misc/tz-mpc.c      | 2 +-
 target/arm/helper.c   | 6 ------
 6 files changed, 5 insertions(+), 9 deletions(-)

[Qemu-devel] [PULL 1/6] arm/smmuv3: Fix missing VMSD terminator

[Peter Maydell]

From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

The 'vmstate_smmuv3_queue' is missing the end-of-list marker.

Fixes: 10a83cb9887
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20180727135406.15132-1-dgilbert@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: dropped stray blank line]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 39fbcbf577c..bb6a24e9b84 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -1414,6 +1414,7 @@ static const VMStateDescription vmstate_smmuv3_queue = {
         VMSTATE_UINT32(prod, SMMUQueue),
         VMSTATE_UINT32(cons, SMMUQueue),
         VMSTATE_UINT8(log2size, SMMUQueue),
+        VMSTATE_END_OF_LIST(),
     },
 };
 
-- 
2.17.1

[Qemu-devel] [PULL 2/6] hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()

[Peter Maydell]

From: Geert Uytterhoeven <geert+renesas@glider.be>

When copy_properties_from_host() ignores the error for an optional
property, it frees the error, but fails to reset it.

Hence if two or more optional properties are missing, an assertion is
triggered:

    util/error.c:57: error_setv: Assertion `*errp == NULL' failed.

Fis this by resetting err to NULL after ignoring the error.

Fixes: 9481cf2e5f2f2bb6 ("hw/arm/sysbus-fdt: helpers for clock node generation")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Message-id: 20180725113000.11014-1-geert+renesas@glider.be
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/sysbus-fdt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
index 0d4c75702c3..43d6a7bb48d 100644
--- a/hw/arm/sysbus-fdt.c
+++ b/hw/arm/sysbus-fdt.c
@@ -107,6 +107,7 @@ static void copy_properties_from_host(HostProperty *props, int nb_props,
                 /* mandatory property not found: bail out */
                 exit(1);
             }
+            err = NULL;
         }
     }
 }
-- 
2.17.1

[Qemu-devel] [PULL 3/6] armv7m_nvic: Fix m-security subsection name

[Peter Maydell]

The vmstate save/load code insists that subsections of a VMState must
have names which include their parent VMState's name as a leading
substring.  Unfortunately it neither documents this nor checks it on
device init or state save, but instead fails state load with a
confusing error message ("Missing section footer for armv7m_nvic").

Fix the name of the m-security subsection of the NVIC, so that
state save/load works correctly for the security-enabled NVIC.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180727113854.20283-2-peter.maydell@linaro.org
---
 hw/intc/armv7m_nvic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 6be7fc5266d..cd1e7f17299 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -2064,7 +2064,7 @@ static int nvic_security_post_load(void *opaque, int version_id)
 }
 
 static const VMStateDescription vmstate_nvic_security = {
-    .name = "nvic/m-security",
+    .name = "armv7m_nvic/m-security",
     .version_id = 1,
     .minimum_version_id = 1,
     .needed = nvic_security_needed,
-- 
2.17.1

[Qemu-devel] [PULL 4/6] hw/arm/iotkit: Fix IRQ number for timer1

[Peter Maydell]

A cut-and-paste error meant we were incorrectly wiring up the timer1
IRQ to IRQ3. IRQ3 is the interrupt for timer0 -- move timer0 to
IRQ4 where it belongs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180727113854.20283-3-peter.maydell@linaro.org
---
 hw/arm/iotkit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c
index c76d3ed7435..8cadc8b1608 100644
--- a/hw/arm/iotkit.c
+++ b/hw/arm/iotkit.c
@@ -382,7 +382,7 @@ static void iotkit_realize(DeviceState *dev, Error **errp)
         return;
     }
     sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer1), 0,
-                       qdev_get_gpio_in(DEVICE(&s->armv7m), 3));
+                       qdev_get_gpio_in(DEVICE(&s->armv7m), 4));
     mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer1), 0);
     object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[1]", &err);
     if (err) {
-- 
2.17.1

[Qemu-devel] [PULL 5/6] hw/misc/tz-mpc: Zero the LUT on initialization, not just reset

[Peter Maydell]

In the tz-mpc device we allocate a data block for the LUT,
which we then clear to zero in the device's reset method.
This is conceptually fine, but unfortunately results in a
valgrind complaint about use of uninitialized data on startup:

==30906== Conditional jump or move depends on uninitialised value(s)
==30906==    at 0x503609: tz_mpc_translate (tz-mpc.c:439)
==30906==    by 0x3F3D90: address_space_translate_iommu (exec.c:511)
==30906==    by 0x3F3FF8: flatview_do_translate (exec.c:584)
==30906==    by 0x3F4292: flatview_translate (exec.c:644)
==30906==    by 0x3F2120: address_space_translate (memory.h:1962)
==30906==    by 0x3FB753: address_space_ldl_internal (memory_ldst.inc.c:36)
==30906==    by 0x3FB8A6: address_space_ldl (memory_ldst.inc.c:80)
==30906==    by 0x619037: ldl_phys (memory_ldst_phys.inc.h:25)
==30906==    by 0x61985D: arm_cpu_reset (cpu.c:255)
==30906==    by 0x98791B: cpu_reset (cpu.c:249)
==30906==    by 0x57FFDB: armv7m_reset (armv7m.c:265)
==30906==    by 0x7B1775: qemu_devices_reset (reset.c:69)

This is because of a reset ordering problem -- the TZ MPC
resets after the CPU, but an M-profile CPU's reset function
includes memory loads to get the initial PC and SP, which
then go through an MPC that hasn't yet been reset.

The simplest fix for this is to zero the LUT when we
initialize the data, which will result in the MPC's
translate function giving the right answers for these
early memory accesses.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20180724153616.32352-1-peter.maydell@linaro.org
---
 hw/misc/tz-mpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/tz-mpc.c b/hw/misc/tz-mpc.c
index 8316079b4bf..e0c58ba37ec 100644
--- a/hw/misc/tz-mpc.c
+++ b/hw/misc/tz-mpc.c
@@ -547,7 +547,7 @@ static void tz_mpc_realize(DeviceState *dev, Error **errp)
     address_space_init(&s->blocked_io_as, &s->blocked_io,
                        "tz-mpc-blocked-io");
 
-    s->blk_lut = g_new(uint32_t, s->blk_max);
+    s->blk_lut = g_new0(uint32_t, s->blk_max);
 }
 
 static int tz_mpc_post_load(void *opaque, int version_id)
-- 
2.17.1

[Qemu-devel] [PULL 6/6] target/arm: Remove duplicate 'host' entry in '-cpu ?' output

[Peter Maydell]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Since 86f0a186d6f the TYPE_ARM_HOST_CPU is only compiled when CONFIG_KVM
is enabled.

Remove the now redundant special-case introduced in a96c0514ab7, to avoid:

  $ qemu-system-aarch64 -machine virt -cpu \? | fgrep host
  host
  host (only available in KVM mode)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180727132311.2777-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 22d812240af..66afb08ee0f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5591,12 +5591,6 @@ void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
     (*cpu_fprintf)(f, "Available CPUs:\n");
     g_slist_foreach(list, arm_cpu_list_entry, &s);
     g_slist_free(list);
-#ifdef CONFIG_KVM
-    /* The 'host' CPU type is dynamically registered only if KVM is
-     * enabled, so we have to special-case it here:
-     */
-    (*cpu_fprintf)(f, "  host (only available in KVM mode)\n");
-#endif
 }
 
 static void arm_cpu_add_definition(gpointer data, gpointer user_data)
-- 
2.17.1

Re: [Qemu-devel] [PULL 0/6] target-arm queue

[Peter Maydell]

On 30 July 2018 at 15:17, Peter Maydell <peter.maydell@linaro.org> wrote:
> A set of small bugfixes for arm for 3.0; the "migration was
> broken" fixes for SMMUv3 and v7M NVIC with security extensions
> are the most significant.
>
> thanks
> -- PMM
>
> The following changes since commit 6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging (2018-07-30 09:55:47 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180730
>
> for you to fetch changes up to 0261fb805c00a6f97d143235e7b06b0906bdf898:
>
>   target/arm: Remove duplicate 'host' entry in '-cpu ?' output (2018-07-30 15:07:08 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * arm/smmuv3: Fix broken VM state migration
>  * armv7m_nvic: Fix broken VM state migration
>  * hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
>  * hw/arm/iotkit: Fix IRQ number for timer1
>  * hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
>  * target/arm: Remove duplicate 'host' entry in '-cpu ?' output
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM