[Qemu-devel] [PULL 00/21] target-arm queue

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

target-arm queue: this time around is all small fixes
and changes.

thanks
-- PMM

The following changes since commit fec105c2abda8567ec15230429c41429b5ee307c:

  Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190828-pull-request' into staging (2019-09-03 14:03:15 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190903

for you to fetch changes up to 5e5584c89f36b302c666bc6db535fd3f7ff35ad2:

  target/arm: Don't abort on M-profile exception return in linux-user mode (2019-09-03 16:20:35 +0100)

----------------------------------------------------------------
target-arm queue:
 * Revert and correctly fix refactoring of unallocated_encoding()
 * Take exceptions on ATS instructions when needed
 * aspeed/timer: Provide back-pressure information for short periods
 * memory: Remove unused memory_region_iommu_replay_all()
 * hw/arm/smmuv3: Log a guest error when decoding an invalid STE
 * hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations
 * target/arm: Fix SMMLS argument order
 * hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
 * hw/arm: Correct reference counting for creation of various objects
 * includes: remove stale [smp|max]_cpus externs
 * tcg/README: fix typo
 * atomic_template: fix indentation in GEN_ATOMIC_HELPER
 * include/exec/cpu-defs.h: fix typo
 * target/arm: Free TCG temps in trans_VMOV_64_sp()
 * target/arm: Don't abort on M-profile exception return in linux-user mode

----------------------------------------------------------------
Alex Bennée (2):
      includes: remove stale [smp|max]_cpus externs
      include/exec/cpu-defs.h: fix typo

Andrew Jeffery (1):
      aspeed/timer: Provide back-pressure information for short periods

Emilio G. Cota (2):
      tcg/README: fix typo s/afterwise/afterwards/
      atomic_template: fix indentation in GEN_ATOMIC_HELPER

Eric Auger (3):
      memory: Remove unused memory_region_iommu_replay_all()
      hw/arm/smmuv3: Log a guest error when decoding an invalid STE
      hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations

Peter Maydell (4):
      target/arm: Allow ARMCPRegInfo read/write functions to throw exceptions
      target/arm: Take exceptions on ATS instructions when needed
      target/arm: Free TCG temps in trans_VMOV_64_sp()
      target/arm: Don't abort on M-profile exception return in linux-user mode

Philippe Mathieu-Daudé (6):
      hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
      hw/arm: Use object_initialize_child for correct reference counting
      hw/arm: Use sysbus_init_child_obj for correct reference counting
      hw/arm/fsl-imx: Add the cpu as child of the SoC object
      hw/dma/xilinx_axi: Use object_initialize_child for correct ref. counting
      hw/net/xilinx_axi: Use object_initialize_child for correct ref. counting

Richard Henderson (3):
      Revert "target/arm: Use unallocated_encoding for aarch32"
      target/arm: Factor out unallocated_encoding for aarch32
      target/arm: Fix SMMLS argument order

 accel/tcg/atomic_template.h    |   2 +-
 hw/arm/smmuv3-internal.h       |   1 +
 include/exec/cpu-defs.h        |   2 +-
 include/exec/memory.h          |  10 ----
 include/sysemu/sysemu.h        |   2 -
 target/arm/cpu.h               |   6 ++-
 target/arm/translate-a64.h     |   2 +
 target/arm/translate.h         |   2 -
 hw/arm/allwinner-a10.c         |   3 +-
 hw/arm/cubieboard.c            |   3 +-
 hw/arm/digic.c                 |   3 +-
 hw/arm/exynos4_boards.c        |   4 +-
 hw/arm/fsl-imx25.c             |   4 +-
 hw/arm/fsl-imx31.c             |   4 +-
 hw/arm/fsl-imx6.c              |   3 +-
 hw/arm/fsl-imx6ul.c            |   2 +-
 hw/arm/mcimx7d-sabre.c         |   9 ++--
 hw/arm/mps2-tz.c               |  15 +++---
 hw/arm/musca.c                 |   9 ++--
 hw/arm/smmuv3.c                |  18 ++++---
 hw/arm/xlnx-zynqmp.c           |   8 +--
 hw/dma/xilinx_axidma.c         |  16 +++---
 hw/net/xilinx_axienet.c        |  17 +++----
 hw/timer/aspeed_timer.c        |  17 ++++++-
 memory.c                       |   9 ----
 target/arm/helper.c            | 107 +++++++++++++++++++++++++++++++++++------
 target/arm/translate-a64.c     |  13 +++++
 target/arm/translate-vfp.inc.c |   2 +
 target/arm/translate.c         |  50 +++++++++++++++++--
 tcg/README                     |   2 +-
 30 files changed, 244 insertions(+), 101 deletions(-)

[Qemu-devel] [PULL 01/21] Revert "target/arm: Use unallocated_encoding for aarch32"

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

This reverts commit 3cb36637157088892e9e33ddb1034bffd1251d3b.

Despite the fact that the text for the call to gen_exception_insn
is identical for aarch64 and aarch32, the implementation inside
gen_exception_insn is totally different.

This fixes exceptions raised from aarch64.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190826151536.6771-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.h     |  2 ++
 target/arm/translate.h         |  2 --
 target/arm/translate-a64.c     |  7 +++++++
 target/arm/translate-vfp.inc.c |  3 ++-
 target/arm/translate.c         | 22 ++++++++++------------
 5 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
index 12ad8ac6ed1..9cd2b3d2389 100644
--- a/target/arm/translate-a64.h
+++ b/target/arm/translate-a64.h
@@ -18,6 +18,8 @@
 #ifndef TARGET_ARM_TRANSLATE_A64_H
 #define TARGET_ARM_TRANSLATE_A64_H
 
+void unallocated_encoding(DisasContext *s);
+
 #define unsupported_encoding(s, insn)                                    \
     do {                                                                 \
         qemu_log_mask(LOG_UNIMP,                                         \
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 92ef790be9e..64304c957ee 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -99,8 +99,6 @@ typedef struct DisasCompare {
     bool value_global;
 } DisasCompare;
 
-void unallocated_encoding(DisasContext *s);
-
 /* Share the TCG temporaries common between 32 and 64 bit modes.  */
 extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 extern TCGv_i64 cpu_exclusive_addr;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6fd0b779d37..9183f89ba39 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -338,6 +338,13 @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
     }
 }
 
+void unallocated_encoding(DisasContext *s)
+{
+    /* Unallocated and reserved encodings are uncategorized */
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
+}
+
 static void init_tmp_a64_array(DisasContext *s)
 {
 #ifdef CONFIG_DEBUG_TCG
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index 3e8ea80493b..5065d4524cd 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -108,7 +108,8 @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
 
     if (!s->vfp_enabled && !ignore_vfp_enabled) {
         assert(!arm_dc_feature(s, ARM_FEATURE_M));
-        unallocated_encoding(s);
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                           default_exception_el(s));
         return false;
     }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index cbe19b7a625..2aac9aae681 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1231,13 +1231,6 @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-void unallocated_encoding(DisasContext *s)
-{
-    /* Unallocated and reserved encodings are uncategorized */
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
-}
-
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
@@ -1268,7 +1261,8 @@ static inline void gen_hlt(DisasContext *s, int imm)
         return;
     }
 
-    unallocated_encoding(s);
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
 }
 
 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
@@ -7580,7 +7574,8 @@ static void gen_srs(DisasContext *s,
     }
 
     if (undef) {
-        unallocated_encoding(s);
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                           default_exception_el(s));
         return;
     }
 
@@ -9201,7 +9196,8 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             break;
         default:
         illegal_op:
-            unallocated_encoding(s);
+            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                               default_exception_el(s));
             break;
         }
     }
@@ -10886,7 +10882,8 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
     }
     return;
 illegal_op:
-    unallocated_encoding(s);
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
 }
 
 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
@@ -11709,7 +11706,8 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
     return;
 illegal_op:
 undef:
-    unallocated_encoding(s);
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
 }
 
 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
-- 
2.20.1

[Qemu-devel] [PULL 02/21] target/arm: Factor out unallocated_encoding for aarch32

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Make this a static function private to translate.c.
Thus we can use the same idiom between aarch64 and aarch32
without actually sharing function implementations.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190826151536.6771-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-vfp.inc.c |  3 +--
 target/arm/translate.c         | 22 ++++++++++++----------
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index 5065d4524cd..3e8ea80493b 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -108,8 +108,7 @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
 
     if (!s->vfp_enabled && !ignore_vfp_enabled) {
         assert(!arm_dc_feature(s, ARM_FEATURE_M));
-        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                           default_exception_el(s));
+        unallocated_encoding(s);
         return false;
     }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 2aac9aae681..66311580c05 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1231,6 +1231,13 @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
+static void unallocated_encoding(DisasContext *s)
+{
+    /* Unallocated and reserved encodings are uncategorized */
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
+}
+
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
@@ -1261,8 +1268,7 @@ static inline void gen_hlt(DisasContext *s, int imm)
         return;
     }
 
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
@@ -7574,8 +7580,7 @@ static void gen_srs(DisasContext *s,
     }
 
     if (undef) {
-        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                           default_exception_el(s));
+        unallocated_encoding(s);
         return;
     }
 
@@ -9196,8 +9201,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             break;
         default:
         illegal_op:
-            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                               default_exception_el(s));
+            unallocated_encoding(s);
             break;
         }
     }
@@ -10882,8 +10886,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
     }
     return;
 illegal_op:
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
@@ -11706,8 +11709,7 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
     return;
 illegal_op:
 undef:
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
-- 
2.20.1

[Qemu-devel] [PULL 03/21] target/arm: Allow ARMCPRegInfo read/write functions to throw exceptions

[Peter Maydell]

Currently the only part of an ARMCPRegInfo which is allowed to cause
a CPU exception is the access function, which returns a value indicating
that some flavour of UNDEF should be generated.

For the ATS system instructions, we would like to conditionally
generate exceptions as part of the writefn, because some faults
during the page table walk (like external aborts) should cause
an exception to be raised rather than returning a value.

There are several ways we could do this:
 * plumb the GETPC() value from the top level set_cp_reg/get_cp_reg
   helper functions through into the readfn and writefn hooks
 * add extra readfn_with_ra/writefn_with_ra hooks that take the GETPC()
   value
 * require the ATS instructions to provide a dummy accessfn,
   which serves no purpose except to cause the code generation
   to emit TCG ops to sync the CPU state
 * add an ARM_CP_ flag to mark the ARMCPRegInfo as possibly
   throwing an exception in its read/write hooks, and make the
   codegen sync the CPU state before calling the hooks if the
   flag is set

This patch opts for the last of these, as it is fairly simple
to implement and doesn't require invasive changes like updating
the readfn/writefn hook function prototype signature.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20190816125802.25877-2-peter.maydell@linaro.org
---
 target/arm/cpu.h           | 6 +++++-
 target/arm/translate-a64.c | 6 ++++++
 target/arm/translate.c     | 7 +++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 0981303170a..297ad5e47ad 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2212,6 +2212,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
  * IO indicates that this register does I/O and therefore its accesses
  * need to be surrounded by gen_io_start()/gen_io_end(). In particular,
  * registers which implement clocks or timers require this.
+ * RAISES_EXC is for when the read or write hook might raise an exception;
+ * the generated code will synchronize the CPU state before calling the hook
+ * so that it is safe for the hook to call raise_exception().
  */
 #define ARM_CP_SPECIAL           0x0001
 #define ARM_CP_CONST             0x0002
@@ -2230,10 +2233,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_FPU               0x1000
 #define ARM_CP_SVE               0x2000
 #define ARM_CP_NO_GDB            0x4000
+#define ARM_CP_RAISES_EXC        0x8000
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL          0xffff
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK         0x70ff
+#define ARM_CP_FLAG_MASK         0xf0ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 9183f89ba39..4d09ae6f424 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1714,6 +1714,12 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
         tcg_temp_free_ptr(tmpptr);
         tcg_temp_free_i32(tcg_syn);
         tcg_temp_free_i32(tcg_isread);
+    } else if (ri->type & ARM_CP_RAISES_EXC) {
+        /*
+         * The readfn or writefn might raise an exception;
+         * synchronize the CPU state in case it does.
+         */
+        gen_a64_set_pc_im(s->pc_curr);
     }
 
     /* Handle special cases first */
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 66311580c05..78d93f63cab 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -7191,6 +7191,13 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
             tcg_temp_free_ptr(tmpptr);
             tcg_temp_free_i32(tcg_syn);
             tcg_temp_free_i32(tcg_isread);
+        } else if (ri->type & ARM_CP_RAISES_EXC) {
+            /*
+             * The readfn or writefn might raise an exception;
+             * synchronize the CPU state in case it does.
+             */
+            gen_set_condexec(s);
+            gen_set_pc_im(s, s->pc_curr);
         }
 
         /* Handle special cases first */
-- 
2.20.1

[Qemu-devel] [PULL 04/21] target/arm: Take exceptions on ATS instructions when needed

[Peter Maydell]

The translation table walk for an ATS instruction can result in
various faults.  In general these are just reported back via the
PAR_EL1 fault status fields, but in some cases the architecture
requires that the fault is turned into an exception:
 * synchronous stage 2 faults of any kind during AT S1E0* and
   AT S1E1* instructions executed from NS EL1 fault to EL2 or EL3
 * synchronous external aborts are taken as Data Abort exceptions

(This is documented in the v8A Arm ARM DDI0487A.e D5.2.11 and
G5.13.4.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20190816125802.25877-3-peter.maydell@linaro.org
---
 target/arm/helper.c | 107 +++++++++++++++++++++++++++++++++++++-------
 1 file changed, 92 insertions(+), 15 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7e0d5398ab8..507026c9154 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2946,6 +2946,73 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
     ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
                         &prot, &page_size, &fi, &cacheattrs);
 
+    if (ret) {
+        /*
+         * Some kinds of translation fault must cause exceptions rather
+         * than being reported in the PAR.
+         */
+        int current_el = arm_current_el(env);
+        int target_el;
+        uint32_t syn, fsr, fsc;
+        bool take_exc = false;
+
+        if (fi.s1ptw && current_el == 1 && !arm_is_secure(env)
+            && (mmu_idx == ARMMMUIdx_S1NSE1 || mmu_idx == ARMMMUIdx_S1NSE0)) {
+            /*
+             * Synchronous stage 2 fault on an access made as part of the
+             * translation table walk for AT S1E0* or AT S1E1* insn
+             * executed from NS EL1. If this is a synchronous external abort
+             * and SCR_EL3.EA == 1, then we take a synchronous external abort
+             * to EL3. Otherwise the fault is taken as an exception to EL2,
+             * and HPFAR_EL2 holds the faulting IPA.
+             */
+            if (fi.type == ARMFault_SyncExternalOnWalk &&
+                (env->cp15.scr_el3 & SCR_EA)) {
+                target_el = 3;
+            } else {
+                env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4;
+                target_el = 2;
+            }
+            take_exc = true;
+        } else if (fi.type == ARMFault_SyncExternalOnWalk) {
+            /*
+             * Synchronous external aborts during a translation table walk
+             * are taken as Data Abort exceptions.
+             */
+            if (fi.stage2) {
+                if (current_el == 3) {
+                    target_el = 3;
+                } else {
+                    target_el = 2;
+                }
+            } else {
+                target_el = exception_target_el(env);
+            }
+            take_exc = true;
+        }
+
+        if (take_exc) {
+            /* Construct FSR and FSC using same logic as arm_deliver_fault() */
+            if (target_el == 2 || arm_el_is_aa64(env, target_el) ||
+                arm_s1_regime_using_lpae_format(env, mmu_idx)) {
+                fsr = arm_fi_to_lfsc(&fi);
+                fsc = extract32(fsr, 0, 6);
+            } else {
+                fsr = arm_fi_to_sfsc(&fi);
+                fsc = 0x3f;
+            }
+            /*
+             * Report exception with ESR indicating a fault due to a
+             * translation table walk for a cache maintenance instruction.
+             */
+            syn = syn_data_abort_no_iss(current_el == target_el,
+                                        fi.ea, 1, fi.s1ptw, 1, fsc);
+            env->exception.vaddress = value;
+            env->exception.fsr = fsr;
+            raise_exception(env, EXCP_DATA_ABORT, syn, target_el);
+        }
+    }
+
     if (is_a64(env)) {
         format64 = true;
     } else if (arm_feature(env, ARM_FEATURE_LPAE)) {
@@ -3150,7 +3217,7 @@ static const ARMCPRegInfo vapa_cp_reginfo[] = {
     /* This underdecoding is safe because the reginfo is NO_RAW. */
     { .name = "ATS", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
       .access = PL1_W, .accessfn = ats_access,
-      .writefn = ats_write, .type = ARM_CP_NO_RAW },
+      .writefn = ats_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
 #endif
     REGINFO_SENTINEL
 };
@@ -4283,35 +4350,45 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     /* 64 bit address translation operations */
     { .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0,
-      .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1,
-      .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2,
-      .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
-      .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4,
-      .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S12E1W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 5,
-      .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S12E0R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 6,
-      .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S12E0W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 7,
-      .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     /* AT S1E2* are elsewhere as they UNDEF from EL3 if EL2 is not present */
     { .name = "AT_S1E3R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 0,
-      .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL3_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "AT_S1E3W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 1,
-      .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .access = PL3_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+      .writefn = ats_write64 },
     { .name = "PAR_EL1", .state = ARM_CP_STATE_AA64,
       .type = ARM_CP_ALIAS,
       .opc0 = 3, .opc1 = 0, .crn = 7, .crm = 4, .opc2 = 0,
@@ -4893,11 +4970,11 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
     { .name = "AT_S1E2R", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 0,
       .access = PL2_W, .accessfn = at_s1e2_access,
-      .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .writefn = ats_write64 },
     { .name = "AT_S1E2W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 1,
       .access = PL2_W, .accessfn = at_s1e2_access,
-      .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+      .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .writefn = ats_write64 },
     /* The AArch32 ATS1H* operations are CONSTRAINED UNPREDICTABLE
      * if EL2 is not implemented; we choose to UNDEF. Behaviour at EL3
      * with SCR.NS == 0 outside Monitor mode is UNPREDICTABLE; we choose
@@ -4905,10 +4982,10 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
      */
     { .name = "ATS1HR", .cp = 15, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 0,
       .access = PL2_W,
-      .writefn = ats1h_write, .type = ARM_CP_NO_RAW },
+      .writefn = ats1h_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
     { .name = "ATS1HW", .cp = 15, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 1,
       .access = PL2_W,
-      .writefn = ats1h_write, .type = ARM_CP_NO_RAW },
+      .writefn = ats1h_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
     { .name = "CNTHCTL_EL2", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 1, .opc2 = 0,
       /* ARMv7 requires bit 0 and 1 to reset to 1. ARMv8 defines the
-- 
2.20.1

[Qemu-devel] [PULL 05/21] aspeed/timer: Provide back-pressure information for short periods

[Peter Maydell]

From: Andrew Jeffery <andrew@aj.id.au>

First up: This is not the way the hardware behaves.

However, it helps resolve real-world problems with short periods being
used under Linux. Commit 4451d3f59f2a ("clocksource/drivers/fttmr010:
Fix set_next_event handler") in Linux fixed the timer driver to
correctly schedule the next event for the Aspeed controller, and in
combination with 5daa8212c08e ("ARM: dts: aspeed: Describe random number
device") Linux will now set a timer with a period as low as 1us.

Configuring a qemu timer with such a short period results in spending
time handling the interrupt in the model rather than executing guest
code, leading to noticeable "sticky" behaviour in the guest.

The behaviour of Linux is correct with respect to the hardware, so we
need to improve our handling under emulation. The approach chosen is to
provide back-pressure information by calculating an acceptable minimum
number of ticks to be set on the model. Under Linux an additional read
is added in the timer configuration path to detect back-pressure, which
will never occur on hardware. However if back-pressure is observed, the
driver alerts the clock event subsystem, which then performs its own
next event dilation via a config option - d1748302f70b ("clockevents:
Make minimum delay adjustments configurable")

A minimum period of 5us was experimentally determined on a Lenovo
T480s, which I've increased to 20us for "safety".

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20190704055150.4899-1-clg@kaod.org
[clg: - changed the computation of min_ticks to be done each time the
        timer value is reloaded. It removes the ordering issue of the
        timer and scu reset handlers but is slightly slower ]
      - introduced TIMER_MIN_NS
      - introduced calculate_min_ticks() ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/timer/aspeed_timer.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index ed81d5c44c7..59c2bbeee60 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -44,6 +44,13 @@ enum timer_ctrl_op {
     op_pulse_enable
 };
 
+/*
+ * Minimum value of the reload register to filter out short period
+ * timers which have a noticeable impact in emulation. 5us should be
+ * enough, use 20us for "safety".
+ */
+#define TIMER_MIN_NS (20 * SCALE_US)
+
 /**
  * Avoid mutual references between AspeedTimerCtrlState and AspeedTimer
  * structs, as it's a waste of memory. The ptimer BH callback needs to know
@@ -98,6 +105,14 @@ static inline uint32_t calculate_ticks(struct AspeedTimer *t, uint64_t now_ns)
     return t->reload - MIN(t->reload, ticks);
 }
 
+static uint32_t calculate_min_ticks(AspeedTimer *t, uint32_t value)
+{
+    uint32_t rate = calculate_rate(t);
+    uint32_t min_ticks = muldiv64(TIMER_MIN_NS, rate, NANOSECONDS_PER_SECOND);
+
+    return  value < min_ticks ? min_ticks : value;
+}
+
 static inline uint64_t calculate_time(struct AspeedTimer *t, uint32_t ticks)
 {
     uint64_t delta_ns;
@@ -261,7 +276,7 @@ static void aspeed_timer_set_value(AspeedTimerCtrlState *s, int timer, int reg,
     switch (reg) {
     case TIMER_REG_RELOAD:
         old_reload = t->reload;
-        t->reload = value;
+        t->reload = calculate_min_ticks(t, value);
 
         /* If the reload value was not previously set, or zero, and
          * the current value is valid, try to start the timer if it is
-- 
2.20.1

[Qemu-devel] [PULL 06/21] memory: Remove unused memory_region_iommu_replay_all()

[Peter Maydell]

From: Eric Auger <eric.auger@redhat.com>

memory_region_iommu_replay_all is not used. Remove it.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-id: 20190822172350.12008-2-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/exec/memory.h | 10 ----------
 memory.c              |  9 ---------
 2 files changed, 19 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index fddc2ff48a7..ecca388e69d 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1086,16 +1086,6 @@ void memory_region_register_iommu_notifier(MemoryRegion *mr,
  */
 void memory_region_iommu_replay(IOMMUMemoryRegion *iommu_mr, IOMMUNotifier *n);
 
-/**
- * memory_region_iommu_replay_all: replay existing IOMMU translations
- * to all the notifiers registered.
- *
- * Note: this is not related to record-and-replay functionality.
- *
- * @iommu_mr: the memory region to observe
- */
-void memory_region_iommu_replay_all(IOMMUMemoryRegion *iommu_mr);
-
 /**
  * memory_region_unregister_iommu_notifier: unregister a notifier for
  * changes to IOMMU translation entries.
diff --git a/memory.c b/memory.c
index 7fd93b1d42d..a23ff3cc2ac 100644
--- a/memory.c
+++ b/memory.c
@@ -1922,15 +1922,6 @@ void memory_region_iommu_replay(IOMMUMemoryRegion *iommu_mr, IOMMUNotifier *n)
     }
 }
 
-void memory_region_iommu_replay_all(IOMMUMemoryRegion *iommu_mr)
-{
-    IOMMUNotifier *notifier;
-
-    IOMMU_NOTIFIER_FOREACH(notifier, iommu_mr) {
-        memory_region_iommu_replay(iommu_mr, notifier);
-    }
-}
-
 void memory_region_unregister_iommu_notifier(MemoryRegion *mr,
                                              IOMMUNotifier *n)
 {
-- 
2.20.1

[Qemu-devel] [PULL 07/21] hw/arm/smmuv3: Log a guest error when decoding an invalid STE

[Peter Maydell]

From: Eric Auger <eric.auger@redhat.com>

Log a guest error when encountering an invalid STE.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190822172350.12008-5-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 2eaf07fb5f6..31ac4b15c30 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -320,6 +320,7 @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
     uint32_t config;
 
     if (!STE_VALID(ste)) {
+        qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
         goto bad_ste;
     }
 
-- 
2.20.1

[Qemu-devel] [PULL 08/21] hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations

[Peter Maydell]

From: Eric Auger <eric.auger@redhat.com>

An IOVA/ASID invalidation is notified to all IOMMU Memory Regions
through smmuv3_inv_notifiers_iova/smmuv3_notify_iova.

When the notification occurs it is possible that some of the
PCIe devices associated to the notified regions do not have a
valid stream table entry. In that case we output a LOG_GUEST_ERROR
message, for example:

invalid sid=<SID> (L1STD span=0)
"smmuv3_notify_iova error decoding the configuration for iommu mr=<MR>

This is unfortunate as the user gets the impression that there
are some translation decoding errors whereas there are not.

This patch adds a new field in SMMUEventInfo that tells whether
the detection of an invalid STE must lead to an error report.
invalid_ste_allowed is set before doing the invalidations and
kept unset on actual translation.

The other configuration decoding error messages are kept since if the
STE is valid then the rest of the config must be correct.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20190822172350.12008-6-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3-internal.h |  1 +
 hw/arm/smmuv3.c          | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index b160289cd12..d190181ef1b 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -381,6 +381,7 @@ typedef struct SMMUEventInfo {
     uint32_t sid;
     bool recorded;
     bool record_trans_faults;
+    bool inval_ste_allowed;
     union {
         struct {
             uint32_t ssid;
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 31ac4b15c30..db051dcac87 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -320,7 +320,9 @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
     uint32_t config;
 
     if (!STE_VALID(ste)) {
-        qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
+        if (!event->inval_ste_allowed) {
+            qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
+        }
         goto bad_ste;
     }
 
@@ -407,8 +409,10 @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
 
         if (!span) {
             /* l2ptr is not valid */
-            qemu_log_mask(LOG_GUEST_ERROR,
-                          "invalid sid=%d (L1STD span=0)\n", sid);
+            if (!event->inval_ste_allowed) {
+                qemu_log_mask(LOG_GUEST_ERROR,
+                              "invalid sid=%d (L1STD span=0)\n", sid);
+            }
             event->type = SMMU_EVT_C_BAD_STREAMID;
             return -EINVAL;
         }
@@ -603,7 +607,9 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
     SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
     SMMUv3State *s = sdev->smmu;
     uint32_t sid = smmu_get_sid(sdev);
-    SMMUEventInfo event = {.type = SMMU_EVT_NONE, .sid = sid};
+    SMMUEventInfo event = {.type = SMMU_EVT_NONE,
+                           .sid = sid,
+                           .inval_ste_allowed = false};
     SMMUPTWEventInfo ptw_info = {};
     SMMUTranslationStatus status;
     SMMUState *bs = ARM_SMMU(s);
@@ -796,16 +802,13 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
                                dma_addr_t iova)
 {
     SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
-    SMMUEventInfo event = {};
+    SMMUEventInfo event = {.inval_ste_allowed = true};
     SMMUTransTableInfo *tt;
     SMMUTransCfg *cfg;
     IOMMUTLBEntry entry;
 
     cfg = smmuv3_get_config(sdev, &event);
     if (!cfg) {
-        qemu_log_mask(LOG_GUEST_ERROR,
-                      "%s error decoding the configuration for iommu mr=%s\n",
-                      __func__, mr->parent_obj.name);
         return;
     }
 
-- 
2.20.1

[Qemu-devel] [PULL 09/21] target/arm: Fix SMMLS argument order

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

The previous simplification got the order of operands to the
subtraction wrong.  Since the 64-bit product is the subtrahend,
we must use a 64-bit subtract to properly compute the borrow
from the low-part of the product.

Fixes: 5f8cd06ebcf5 ("target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR")
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190829013258.16102-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 78d93f63cab..cfebd35d268 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8831,7 +8831,16 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                         if (rd != 15) {
                             tmp3 = load_reg(s, rd);
                             if (insn & (1 << 6)) {
-                                tcg_gen_sub_i32(tmp, tmp, tmp3);
+                                /*
+                                 * For SMMLS, we need a 64-bit subtract.
+                                 * Borrow caused by a non-zero multiplicand
+                                 * lowpart, and the correct result lowpart
+                                 * for rounding.
+                                 */
+                                TCGv_i32 zero = tcg_const_i32(0);
+                                tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
+                                                 tmp2, tmp);
+                                tcg_temp_free_i32(zero);
                             } else {
                                 tcg_gen_add_i32(tmp, tmp, tmp3);
                             }
@@ -10075,7 +10084,14 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                     if (insn & (1 << 20)) {
                         tcg_gen_add_i32(tmp, tmp, tmp3);
                     } else {
-                        tcg_gen_sub_i32(tmp, tmp, tmp3);
+                        /*
+                         * For SMMLS, we need a 64-bit subtract.
+                         * Borrow caused by a non-zero multiplicand lowpart,
+                         * and the correct result lowpart for rounding.
+                         */
+                        TCGv_i32 zero = tcg_const_i32(0);
+                        tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
+                        tcg_temp_free_i32(zero);
                     }
                     tcg_temp_free_i32(tmp3);
                 }
-- 
2.20.1

[Qemu-devel] [PULL 10/21] hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Commit ba1ba5cca introduce the ARM_CPU_TYPE_NAME() macro.
Unify the code base by use it in all places.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/allwinner-a10.c | 3 ++-
 hw/arm/cubieboard.c    | 3 ++-
 hw/arm/digic.c         | 3 ++-
 hw/arm/fsl-imx25.c     | 2 +-
 hw/arm/fsl-imx31.c     | 2 +-
 hw/arm/fsl-imx6.c      | 3 ++-
 hw/arm/fsl-imx6ul.c    | 2 +-
 hw/arm/xlnx-zynqmp.c   | 8 ++++----
 8 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
index 73810a44402..118032c8c72 100644
--- a/hw/arm/allwinner-a10.c
+++ b/hw/arm/allwinner-a10.c
@@ -30,7 +30,8 @@ static void aw_a10_init(Object *obj)
     AwA10State *s = AW_A10(obj);
 
     object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
-                            "cortex-a8-" TYPE_ARM_CPU, &error_abort, NULL);
+                            ARM_CPU_TYPE_NAME("cortex-a8"),
+                            &error_abort, NULL);
 
     sysbus_init_child_obj(obj, "intc", &s->intc, sizeof(s->intc),
                           TYPE_AW_A10_PIC);
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
index 38e0ca0f533..ed8d2333a07 100644
--- a/hw/arm/cubieboard.c
+++ b/hw/arm/cubieboard.c
@@ -81,7 +81,8 @@ static void cubieboard_init(MachineState *machine)
 
 static void cubieboard_machine_init(MachineClass *mc)
 {
-    mc->desc = "cubietech cubieboard";
+    mc->desc = "cubietech cubieboard (Cortex-A9)";
+    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a9");
     mc->init = cubieboard_init;
     mc->block_default_type = IF_IDE;
     mc->units_per_default_bus = 1;
diff --git a/hw/arm/digic.c b/hw/arm/digic.c
index 4f524658756..22434a65a28 100644
--- a/hw/arm/digic.c
+++ b/hw/arm/digic.c
@@ -37,7 +37,8 @@ static void digic_init(Object *obj)
     int i;
 
     object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
-                            "arm946-" TYPE_ARM_CPU, &error_abort, NULL);
+                            ARM_CPU_TYPE_NAME("arm946"),
+                            &error_abort, NULL);
 
     for (i = 0; i < DIGIC4_NB_TIMERS; i++) {
 #define DIGIC_TIMER_NAME_MLEN    11
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
index 532d088298b..2b2fdb203a2 100644
--- a/hw/arm/fsl-imx25.c
+++ b/hw/arm/fsl-imx25.c
@@ -36,7 +36,7 @@ static void fsl_imx25_init(Object *obj)
     FslIMX25State *s = FSL_IMX25(obj);
     int i;
 
-    object_initialize(&s->cpu, sizeof(s->cpu), "arm926-" TYPE_ARM_CPU);
+    object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm926"));
 
     sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
                           TYPE_IMX_AVIC);
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 1a37a7b997c..6760de3c8c1 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -33,7 +33,7 @@ static void fsl_imx31_init(Object *obj)
     FslIMX31State *s = FSL_IMX31(obj);
     int i;
 
-    object_initialize(&s->cpu, sizeof(s->cpu), "arm1136-" TYPE_ARM_CPU);
+    object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm1136"));
 
     sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
                           TYPE_IMX_AVIC);
diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
index 8c397ef04ba..552145b24ec 100644
--- a/hw/arm/fsl-imx6.c
+++ b/hw/arm/fsl-imx6.c
@@ -43,7 +43,8 @@ static void fsl_imx6_init(Object *obj)
     for (i = 0; i < MIN(ms->smp.cpus, FSL_IMX6_NUM_CPUS); i++) {
         snprintf(name, NAME_SIZE, "cpu%d", i);
         object_initialize_child(obj, name, &s->cpu[i], sizeof(s->cpu[i]),
-                                "cortex-a9-" TYPE_ARM_CPU, &error_abort, NULL);
+                                ARM_CPU_TYPE_NAME("cortex-a9"),
+                                &error_abort, NULL);
     }
 
     sysbus_init_child_obj(obj, "a9mpcore", &s->a9mpcore, sizeof(s->a9mpcore),
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
index b074177a71d..c405b68d1dd 100644
--- a/hw/arm/fsl-imx6ul.c
+++ b/hw/arm/fsl-imx6ul.c
@@ -34,7 +34,7 @@ static void fsl_imx6ul_init(Object *obj)
     int i;
 
     object_initialize_child(obj, "cpu0", &s->cpu, sizeof(s->cpu),
-                            "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
+                            ARM_CPU_TYPE_NAME("cortex-a7"), &error_abort, NULL);
 
     /*
      * A7MPCORE
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 0f587e63d35..fb03c60ebb8 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -196,8 +196,8 @@ static void xlnx_zynqmp_create_rpu(MachineState *ms, XlnxZynqMPState *s,
 
         object_initialize_child(OBJECT(&s->rpu_cluster), "rpu-cpu[*]",
                                 &s->rpu_cpu[i], sizeof(s->rpu_cpu[i]),
-                                "cortex-r5f-" TYPE_ARM_CPU, &error_abort,
-                                NULL);
+                                ARM_CPU_TYPE_NAME("cortex-r5f"),
+                                &error_abort, NULL);
 
         name = object_get_canonical_path_component(OBJECT(&s->rpu_cpu[i]));
         if (strcmp(name, boot_cpu)) {
@@ -237,8 +237,8 @@ static void xlnx_zynqmp_init(Object *obj)
     for (i = 0; i < num_apus; i++) {
         object_initialize_child(OBJECT(&s->apu_cluster), "apu-cpu[*]",
                                 &s->apu_cpu[i], sizeof(s->apu_cpu[i]),
-                                "cortex-a53-" TYPE_ARM_CPU, &error_abort,
-                                NULL);
+                                ARM_CPU_TYPE_NAME("cortex-a53"),
+                                &error_abort, NULL);
     }
 
     sysbus_init_child_obj(obj, "gic", &s->gic, sizeof(s->gic),
-- 
2.20.1

[Qemu-devel] [PULL 11/21] hw/arm: Use object_initialize_child for correct reference counting

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

As explained in commit aff39be0ed97:

  Both functions, object_initialize() and object_property_add_child()
  increase the reference counter of the new object, so one of the
  references has to be dropped afterwards to get the reference
  counting right. Otherwise the child object will not be properly
  cleaned up when the parent gets destroyed.
  Thus let's use now object_initialize_child() instead to get the
  reference counting here right.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/mcimx7d-sabre.c |  9 ++++-----
 hw/arm/mps2-tz.c       | 15 +++++++--------
 hw/arm/musca.c         |  9 +++++----
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/hw/arm/mcimx7d-sabre.c b/hw/arm/mcimx7d-sabre.c
index 97b8bb788a1..78b87c502fc 100644
--- a/hw/arm/mcimx7d-sabre.c
+++ b/hw/arm/mcimx7d-sabre.c
@@ -30,7 +30,6 @@ static void mcimx7d_sabre_init(MachineState *machine)
 {
     static struct arm_boot_info boot_info;
     MCIMX7Sabre *s = g_new0(MCIMX7Sabre, 1);
-    Object *soc;
     int i;
 
     if (machine->ram_size > FSL_IMX7_MMDC_SIZE) {
@@ -49,10 +48,10 @@ static void mcimx7d_sabre_init(MachineState *machine)
         .nb_cpus = machine->smp.cpus,
     };
 
-    object_initialize(&s->soc, sizeof(s->soc), TYPE_FSL_IMX7);
-    soc = OBJECT(&s->soc);
-    object_property_add_child(OBJECT(machine), "soc", soc, &error_fatal);
-    object_property_set_bool(soc, true, "realized", &error_fatal);
+    object_initialize_child(OBJECT(machine), "soc",
+                            &s->soc, sizeof(s->soc),
+                            TYPE_FSL_IMX7, &error_fatal, NULL);
+    object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_fatal);
 
     memory_region_allocate_system_memory(&s->ram, NULL, "mcimx7d-sabre.ram",
                                          machine->ram_size);
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index d85dc2c4bd8..6b24aaacded 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -427,10 +427,10 @@ static void mps2tz_common_init(MachineState *machine)
     /* The sec_resp_cfg output from the IoTKit must be split into multiple
      * lines, one for each of the PPCs we create here, plus one per MSC.
      */
-    object_initialize(&mms->sec_resp_splitter, sizeof(mms->sec_resp_splitter),
-                      TYPE_SPLIT_IRQ);
-    object_property_add_child(OBJECT(machine), "sec-resp-splitter",
-                              OBJECT(&mms->sec_resp_splitter), &error_abort);
+    object_initialize_child(OBJECT(machine), "sec-resp-splitter",
+                            &mms->sec_resp_splitter,
+                            sizeof(mms->sec_resp_splitter),
+                            TYPE_SPLIT_IRQ, &error_abort, NULL);
     object_property_set_int(OBJECT(&mms->sec_resp_splitter),
                             ARRAY_SIZE(mms->ppc) + ARRAY_SIZE(mms->msc),
                             "num-lines", &error_fatal);
@@ -465,10 +465,9 @@ static void mps2tz_common_init(MachineState *machine)
      * Tx, Rx and "combined" IRQs are sent to the NVIC separately.
      * Create the OR gate for this.
      */
-    object_initialize(&mms->uart_irq_orgate, sizeof(mms->uart_irq_orgate),
-                      TYPE_OR_IRQ);
-    object_property_add_child(OBJECT(mms), "uart-irq-orgate",
-                              OBJECT(&mms->uart_irq_orgate), &error_abort);
+    object_initialize_child(OBJECT(mms), "uart-irq-orgate",
+                            &mms->uart_irq_orgate, sizeof(mms->uart_irq_orgate),
+                            TYPE_OR_IRQ, &error_abort, NULL);
     object_property_set_int(OBJECT(&mms->uart_irq_orgate), 10, "num-lines",
                             &error_fatal);
     object_property_set_bool(OBJECT(&mms->uart_irq_orgate), true,
diff --git a/hw/arm/musca.c b/hw/arm/musca.c
index ddd8842732c..68db4b5b387 100644
--- a/hw/arm/musca.c
+++ b/hw/arm/musca.c
@@ -424,10 +424,11 @@ static void musca_init(MachineState *machine)
      * The sec_resp_cfg output from the SSE-200 must be split into multiple
      * lines, one for each of the PPCs we create here.
      */
-    object_initialize(&mms->sec_resp_splitter, sizeof(mms->sec_resp_splitter),
-                      TYPE_SPLIT_IRQ);
-    object_property_add_child(OBJECT(machine), "sec-resp-splitter",
-                              OBJECT(&mms->sec_resp_splitter), &error_fatal);
+    object_initialize_child(OBJECT(machine), "sec-resp-splitter",
+                            &mms->sec_resp_splitter,
+                            sizeof(mms->sec_resp_splitter),
+                            TYPE_SPLIT_IRQ, &error_fatal, NULL);
+
     object_property_set_int(OBJECT(&mms->sec_resp_splitter),
                             ARRAY_SIZE(mms->ppc), "num-lines", &error_fatal);
     object_property_set_bool(OBJECT(&mms->sec_resp_splitter), true,
-- 
2.20.1

[Qemu-devel] [PULL 12/21] hw/arm: Use sysbus_init_child_obj for correct reference counting

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Both object_initialize() and qdev_set_parent_bus() increase the
reference counter of the new object, so one of the references has
to be dropped afterwards to get the reference counting right.
In machine model code this refcount leak is not particularly
problematic because (unlike devices) machines will never be
created on demand via QMP, and they are never destroyed.
But in any case let's use the new sysbus_init_child_obj() instead
to get the reference counting here right.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-4-philmd@redhat.com
[PMM: rewrote commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4_boards.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index f69358a5ba8..2781d8bd419 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -131,8 +131,8 @@ exynos4_boards_init_common(MachineState *machine,
     exynos4_boards_init_ram(s, get_system_memory(),
                             exynos4_board_ram_size[board_type]);
 
-    object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
-    qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
+    sysbus_init_child_obj(OBJECT(machine), "soc",
+                          &s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
     object_property_set_bool(OBJECT(&s->soc), true, "realized",
                              &error_fatal);
 
-- 
2.20.1

[Qemu-devel] [PULL 13/21] hw/arm/fsl-imx: Add the cpu as child of the SoC object

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Child properties form the composition tree. All objects need to be
a child of another object. Objects can only be a child of one object.

Respect this with the i.MX SoC, to get a cleaner composition tree.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-5-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/fsl-imx25.c | 4 +++-
 hw/arm/fsl-imx31.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
index 2b2fdb203a2..3cb5a8fdfd7 100644
--- a/hw/arm/fsl-imx25.c
+++ b/hw/arm/fsl-imx25.c
@@ -36,7 +36,9 @@ static void fsl_imx25_init(Object *obj)
     FslIMX25State *s = FSL_IMX25(obj);
     int i;
 
-    object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm926"));
+    object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
+                            ARM_CPU_TYPE_NAME("arm926"),
+                            &error_abort, NULL);
 
     sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
                           TYPE_IMX_AVIC);
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 6760de3c8c1..55e90d104bc 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -33,7 +33,9 @@ static void fsl_imx31_init(Object *obj)
     FslIMX31State *s = FSL_IMX31(obj);
     int i;
 
-    object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm1136"));
+    object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
+                            ARM_CPU_TYPE_NAME("arm1136"),
+                            &error_abort, NULL);
 
     sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
                           TYPE_IMX_AVIC);
-- 
2.20.1

[Qemu-devel] [PULL 14/21] hw/dma/xilinx_axi: Use object_initialize_child for correct ref. counting

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

As explained in commit aff39be0ed97:

  Both functions, object_initialize() and object_property_add_child()
  increase the reference counter of the new object, so one of the
  references has to be dropped afterwards to get the reference
  counting right. Otherwise the child object will not be properly
  cleaned up when the parent gets destroyed.
  Thus let's use now object_initialize_child() instead to get the
  reference counting here right.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-6-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/dma/xilinx_axidma.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/dma/xilinx_axidma.c b/hw/dma/xilinx_axidma.c
index d176df6d449..a254275b64e 100644
--- a/hw/dma/xilinx_axidma.c
+++ b/hw/dma/xilinx_axidma.c
@@ -566,14 +566,14 @@ static void xilinx_axidma_init(Object *obj)
     XilinxAXIDMA *s = XILINX_AXI_DMA(obj);
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 
-    object_initialize(&s->rx_data_dev, sizeof(s->rx_data_dev),
-                      TYPE_XILINX_AXI_DMA_DATA_STREAM);
-    object_initialize(&s->rx_control_dev, sizeof(s->rx_control_dev),
-                      TYPE_XILINX_AXI_DMA_CONTROL_STREAM);
-    object_property_add_child(OBJECT(s), "axistream-connected-target",
-                              (Object *)&s->rx_data_dev, &error_abort);
-    object_property_add_child(OBJECT(s), "axistream-control-connected-target",
-                              (Object *)&s->rx_control_dev, &error_abort);
+    object_initialize_child(OBJECT(s), "axistream-connected-target",
+                            &s->rx_data_dev, sizeof(s->rx_data_dev),
+                            TYPE_XILINX_AXI_DMA_DATA_STREAM, &error_abort,
+                            NULL);
+    object_initialize_child(OBJECT(s), "axistream-control-connected-target",
+                            &s->rx_control_dev, sizeof(s->rx_control_dev),
+                            TYPE_XILINX_AXI_DMA_CONTROL_STREAM, &error_abort,
+                            NULL);
 
     sysbus_init_irq(sbd, &s->streams[0].irq);
     sysbus_init_irq(sbd, &s->streams[1].irq);
-- 
2.20.1

[Qemu-devel] [PULL 15/21] hw/net/xilinx_axi: Use object_initialize_child for correct ref. counting

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

As explained in commit aff39be0ed97:

  Both functions, object_initialize() and object_property_add_child()
  increase the reference counter of the new object, so one of the
  references has to be dropped afterwards to get the reference
  counting right. Otherwise the child object will not be properly
  cleaned up when the parent gets destroyed.
  Thus let's use now object_initialize_child() instead to get the
  reference counting here right.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-7-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/net/xilinx_axienet.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
index d8716a1f737..2c8c065401a 100644
--- a/hw/net/xilinx_axienet.c
+++ b/hw/net/xilinx_axienet.c
@@ -994,15 +994,14 @@ static void xilinx_enet_init(Object *obj)
     XilinxAXIEnet *s = XILINX_AXI_ENET(obj);
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 
-    object_initialize(&s->rx_data_dev, sizeof(s->rx_data_dev),
-                      TYPE_XILINX_AXI_ENET_DATA_STREAM);
-    object_initialize(&s->rx_control_dev, sizeof(s->rx_control_dev),
-                      TYPE_XILINX_AXI_ENET_CONTROL_STREAM);
-    object_property_add_child(OBJECT(s), "axistream-connected-target",
-                              (Object *)&s->rx_data_dev, &error_abort);
-    object_property_add_child(OBJECT(s), "axistream-control-connected-target",
-                              (Object *)&s->rx_control_dev, &error_abort);
-
+    object_initialize_child(OBJECT(s), "axistream-connected-target",
+                            &s->rx_data_dev, sizeof(s->rx_data_dev),
+                            TYPE_XILINX_AXI_ENET_DATA_STREAM, &error_abort,
+                            NULL);
+    object_initialize_child(OBJECT(s), "axistream-control-connected-target",
+                            &s->rx_control_dev, sizeof(s->rx_control_dev),
+                            TYPE_XILINX_AXI_ENET_CONTROL_STREAM, &error_abort,
+                            NULL);
     sysbus_init_irq(sbd, &s->irq);
 
     memory_region_init_io(&s->iomem, OBJECT(s), &enet_ops, s, "enet", 0x40000);
-- 
2.20.1

[Qemu-devel] [PULL 16/21] includes: remove stale [smp|max]_cpus externs

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

Commit a5e0b3311 removed these in favour of querying machine
properties. Remove the extern declarations as well.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190828165307.18321-6-alex.bennee@linaro.org
Cc: Like Xu <like.xu@linux.intel.com>
Message-Id: <20190711130546.18578-1-alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/sysemu/sysemu.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index d2c38f611a3..44f18eb7394 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -42,8 +42,6 @@ extern const char *keyboard_layout;
 extern int win2k_install_hack;
 extern int alt_grab;
 extern int ctrl_grab;
-extern int smp_cpus;
-extern unsigned int max_cpus;
 extern int cursor_hide;
 extern int graphic_rotate;
 extern int no_quit;
-- 
2.20.1

[Qemu-devel] [PULL 17/21] tcg/README: fix typo s/afterwise/afterwards/

[Peter Maydell]

From: "Emilio G. Cota" <cota@braap.org>

Afterwise is "wise after the fact", as in "hindsight".
Here we meant "afterwards" (as in "subsequently"). Fix it.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-7-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 tcg/README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/README b/tcg/README
index 21fcdf737ff..ef9be5ba90e 100644
--- a/tcg/README
+++ b/tcg/README
@@ -101,7 +101,7 @@ This can be overridden using the following function modifiers:
   canonical locations before calling the helper.
 - TCG_CALL_NO_WRITE_GLOBALS means that the helper does not modify any globals.
   They will only be saved to their canonical location before calling helpers,
-  but they won't be reloaded afterwise.
+  but they won't be reloaded afterwards.
 - TCG_CALL_NO_SIDE_EFFECTS means that the call to the function is removed if
   the return value is not used.
 
-- 
2.20.1

[Qemu-devel] [PULL 18/21] atomic_template: fix indentation in GEN_ATOMIC_HELPER

[Peter Maydell]

From: "Emilio G. Cota" <cota@braap.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-8-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 accel/tcg/atomic_template.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index 5aaf1862539..df9c8388178 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -284,7 +284,7 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
 
 #define GEN_ATOMIC_HELPER(X)                                        \
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,       \
-                 ABI_TYPE val EXTRA_ARGS)                           \
+                        ABI_TYPE val EXTRA_ARGS)                    \
 {                                                                   \
     ATOMIC_MMU_DECLS;                                               \
     DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;                           \
-- 
2.20.1

[Qemu-devel] [PULL 19/21] include/exec/cpu-defs.h: fix typo

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-10-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/exec/cpu-defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 189709b6deb..be946ba1ce5 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -231,7 +231,7 @@ typedef struct CPUTLB { } CPUTLB;
 #endif  /* !CONFIG_USER_ONLY && CONFIG_TCG */
 
 /*
- * This structure must be placed in ArchCPU immedately
+ * This structure must be placed in ArchCPU immediately
  * before CPUArchState, as a field named "neg".
  */
 typedef struct CPUNegativeOffsetState {
-- 
2.20.1

[Qemu-devel] [PULL 20/21] target/arm: Free TCG temps in trans_VMOV_64_sp()

[Peter Maydell]

The function neon_store_reg32() doesn't free the TCG temp that it
is passed, so the caller must do that. We got this right in most
places but forgot to free the TCG temps in trans_VMOV_64_sp().

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190827121931.26836-1-peter.maydell@linaro.org
---
 target/arm/translate-vfp.inc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index 3e8ea80493b..9ae980bef63 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -880,8 +880,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a)
         /* gpreg to fpreg */
         tmp = load_reg(s, a->rt);
         neon_store_reg32(tmp, a->vm);
+        tcg_temp_free_i32(tmp);
         tmp = load_reg(s, a->rt2);
         neon_store_reg32(tmp, a->vm + 1);
+        tcg_temp_free_i32(tmp);
     }
 
     return true;
-- 
2.20.1

[Qemu-devel] [PULL 21/21] target/arm: Don't abort on M-profile exception return in linux-user mode

[Peter Maydell]

An attempt to do an exception-return (branch to one of the magic
addresses) in linux-user mode for M-profile should behave like
a normal branch, because linux-user mode is always going to be
in 'handler' mode. This used to work, but we broke it when we added
support for the M-profile security extension in commit d02a8698d7ae2bfed.

In that commit we allowed even handler-mode calls to magic return
values to be checked for and dealt with by causing an
EXCP_EXCEPTION_EXIT exception to be taken, because this is
needed for the FNC_RETURN return-from-non-secure-function-call
handling. For system mode we added a check in do_v7m_exception_exit()
to make any spurious calls from Handler mode behave correctly, but
forgot that linux-user mode would also be affected.

How an attempted return-from-non-secure-function-call in linux-user
mode should be handled is not clear -- on real hardware it would
result in return to secure code (not to the Linux kernel) which
could then handle the error in any way it chose. For QEMU we take
the simple approach of treating this erroneous return the same way
it would be handled on a CPU without the security extensions --
treat it as a normal branch.

The upshot of all this is that for linux-user mode we should never
do any of the bx_excret magic, so the code change is simple.

This ought to be a weird corner case that only affects broken guest
code (because Linux user processes should never be attempting to do
exception returns or NS function returns), except that the code that
assigns addresses in RAM for the process and stack in our linux-user
code does not attempt to avoid this magic address range, so
legitimate code attempting to return to a trampoline routine on the
stack can fall into this case. This change fixes those programs,
but we should also look at restricting the range of memory we
use for M-profile linux-user guests to the area that would be
real RAM in hardware.

Cc: qemu-stable@nongnu.org
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190822131534.16602-1-peter.maydell@linaro.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1840922
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index cfebd35d268..615859e23c5 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -915,10 +915,27 @@ static inline void gen_bx(DisasContext *s, TCGv_i32 var)
     store_cpu_field(var, thumb);
 }
 
-/* Set PC and Thumb state from var. var is marked as dead.
+/*
+ * Set PC and Thumb state from var. var is marked as dead.
  * For M-profile CPUs, include logic to detect exception-return
  * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
  * and BX reg, and no others, and happens only for code in Handler mode.
+ * The Security Extension also requires us to check for the FNC_RETURN
+ * which signals a function return from non-secure state; this can happen
+ * in both Handler and Thread mode.
+ * To avoid having to do multiple comparisons in inline generated code,
+ * we make the check we do here loose, so it will match for EXC_RETURN
+ * in Thread mode. For system emulation do_v7m_exception_exit() checks
+ * for these spurious cases and returns without doing anything (giving
+ * the same behaviour as for a branch to a non-magic address).
+ *
+ * In linux-user mode it is unclear what the right behaviour for an
+ * attempted FNC_RETURN should be, because in real hardware this will go
+ * directly to Secure code (ie not the Linux kernel) which will then treat
+ * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
+ * attempt behave the way it would on a CPU without the security extension,
+ * which is to say "like a normal branch". That means we can simply treat
+ * all branches as normal with no magic address behaviour.
  */
 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
 {
@@ -926,10 +943,12 @@ static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
      * s->base.is_jmp that we need to do the rest of the work later.
      */
     gen_bx(s, var);
+#ifndef CONFIG_USER_ONLY
     if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
         (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
         s->base.is_jmp = DISAS_BX_EXCRET;
     }
+#endif
 }
 
 static inline void gen_bx_excret_final_code(DisasContext *s)
-- 
2.20.1

Re: [Qemu-devel] [PULL 12/21] hw/arm: Use sysbus_init_child_obj for correct reference counting

[Philippe Mathieu-Daudé]

On 9/3/19 5:36 PM, Peter Maydell wrote:
> From: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> Both object_initialize() and qdev_set_parent_bus() increase the
> reference counter of the new object, so one of the references has
> to be dropped afterwards to get the reference counting right.
> In machine model code this refcount leak is not particularly
> problematic because (unlike devices) machines will never be
> created on demand via QMP, and they are never destroyed.
> But in any case let's use the new sysbus_init_child_obj() instead
> to get the reference counting here right.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Message-id: 20190823143249.8096-4-philmd@redhat.com
> [PMM: rewrote commit message]

Thank you very much Peter!

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/arm/exynos4_boards.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
> index f69358a5ba8..2781d8bd419 100644
> --- a/hw/arm/exynos4_boards.c
> +++ b/hw/arm/exynos4_boards.c
> @@ -131,8 +131,8 @@ exynos4_boards_init_common(MachineState *machine,
>      exynos4_boards_init_ram(s, get_system_memory(),
>                              exynos4_board_ram_size[board_type]);
>  
> -    object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
> -    qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
> +    sysbus_init_child_obj(OBJECT(machine), "soc",
> +                          &s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
>      object_property_set_bool(OBJECT(&s->soc), true, "realized",
>                               &error_fatal);

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On Tue, 3 Sep 2019 at 16:36, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> target-arm queue: this time around is all small fixes
> and changes.
>
> thanks
> -- PMM
>
> The following changes since commit fec105c2abda8567ec15230429c41429b5ee307c:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190828-pull-request' into staging (2019-09-03 14:03:15 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190903
>
> for you to fetch changes up to 5e5584c89f36b302c666bc6db535fd3f7ff35ad2:
>
>   target/arm: Don't abort on M-profile exception return in linux-user mode (2019-09-03 16:20:35 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Revert and correctly fix refactoring of unallocated_encoding()
>  * Take exceptions on ATS instructions when needed
>  * aspeed/timer: Provide back-pressure information for short periods
>  * memory: Remove unused memory_region_iommu_replay_all()
>  * hw/arm/smmuv3: Log a guest error when decoding an invalid STE
>  * hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations
>  * target/arm: Fix SMMLS argument order
>  * hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
>  * hw/arm: Correct reference counting for creation of various objects
>  * includes: remove stale [smp|max]_cpus externs
>  * tcg/README: fix typo
>  * atomic_template: fix indentation in GEN_ATOMIC_HELPER
>  * include/exec/cpu-defs.h: fix typo
>  * target/arm: Free TCG temps in trans_VMOV_64_sp()
>  * target/arm: Don't abort on M-profile exception return in linux-user mode
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.

-- PMM

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On Thu, 21 Feb 2019 at 18:57, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm queue -- mostly the first slice of my Musca patches.
>
> thanks
> -- PMM
>
> The following changes since commit fc3dbb90f2eb069801bfb4cfe9cbc83cf9c5f4a9:
>
>   Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging (2019-02-21 13:09:33 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190221
>
> for you to fetch changes up to 3733f80308d2a7f23f5e39b039e0547aba6c07f1:
>
>   hw/arm/armsse: Make 0x5... alias region work for per-CPU devices (2019-02-21 18:17:48 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Model the Arm "Musca" development boards: "musca-a" and "musca-b1"
>  * Implement the ARMv8.3-JSConv extension
>  * v8M MPU should use background region as default, not always
>  * Stop unintentional sign extension in pmu_init
>
> ----------------------------------------------------------------

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

Arm queue -- mostly the first slice of my Musca patches.

thanks
-- PMM

The following changes since commit fc3dbb90f2eb069801bfb4cfe9cbc83cf9c5f4a9:

  Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging (2019-02-21 13:09:33 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190221

for you to fetch changes up to 3733f80308d2a7f23f5e39b039e0547aba6c07f1:

  hw/arm/armsse: Make 0x5... alias region work for per-CPU devices (2019-02-21 18:17:48 +0000)

----------------------------------------------------------------
target-arm queue:
 * Model the Arm "Musca" development boards: "musca-a" and "musca-b1"
 * Implement the ARMv8.3-JSConv extension
 * v8M MPU should use background region as default, not always
 * Stop unintentional sign extension in pmu_init

----------------------------------------------------------------
Aaron Lindsay OS (1):
      target/arm: Stop unintentional sign extension in pmu_init

Peter Maydell (16):
      hw/arm/armsse: Fix memory leak in error-exit path
      target/arm: v8M MPU should use background region as default, not always
      hw/misc/tz-ppc: Support having unused ports in the middle of the range
      hw/timer/pl031: Allow use as an embedded-struct device
      hw/timer/pl031: Convert to using trace events
      hw/char/pl011: Allow use as an embedded-struct device
      hw/char/pl011: Support all interrupt lines
      hw/char/pl011: Use '0x' prefix when logging hex numbers
      hw/arm/armsse: Document SRAM_ADDR_WIDTH property in header comment
      hw/arm/armsse: Allow boards to specify init-svtor
      hw/arm/musca.c: Implement models of the Musca-A and -B1 boards
      hw/arm/musca: Add PPCs
      hw/arm/musca: Add MPCs
      hw/arm/musca: Wire up PL031 RTC
      hw/arm/musca: Wire up PL011 UARTs
      hw/arm/armsse: Make 0x5... alias region work for per-CPU devices

Richard Henderson (4):
      target/arm: Restructure disas_fp_int_conv
      target/arm: Split out vfp_helper.c
      target/arm: Rearrange Floating-point data-processing (2 regs)
      target/arm: Implement ARMv8.3-JSConv

 hw/arm/Makefile.objs            |    1 +
 target/arm/Makefile.objs        |    2 +-
 include/hw/arm/armsse.h         |    7 +-
 include/hw/char/pl011.h         |   34 ++
 include/hw/misc/tz-ppc.h        |    8 +-
 include/hw/timer/pl031.h        |   44 ++
 target/arm/cpu.h                |   10 +
 target/arm/helper.h             |    3 +
 hw/arm/armsse.c                 |   44 +-
 hw/arm/musca.c                  |  669 ++++++++++++++++++++++
 hw/char/pl011.c                 |   81 +--
 hw/misc/tz-ppc.c                |   32 ++
 hw/timer/pl031.c                |   80 ++-
 target/arm/cpu.c                |    1 +
 target/arm/cpu64.c              |    2 +
 target/arm/helper.c             | 1072 +----------------------------------
 target/arm/translate-a64.c      |  120 ++--
 target/arm/translate.c          |  237 ++++----
 target/arm/vfp_helper.c         | 1176 +++++++++++++++++++++++++++++++++++++++
 MAINTAINERS                     |    7 +
 default-configs/arm-softmmu.mak |    1 +
 hw/timer/trace-events           |    6 +
 22 files changed, 2307 insertions(+), 1330 deletions(-)
 create mode 100644 include/hw/timer/pl031.h
 create mode 100644 hw/arm/musca.c
 create mode 100644 target/arm/vfp_helper.c

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 10 May 2018 at 18:44, Peter Maydell <peter.maydell@linaro.org> wrote:
> The following changes since commit e5cd695266c5709308aa95b1baae499e4b5d4544:
>
>   Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging (2018-05-08 17:05:58 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180510
>
> for you to fetch changes up to 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3:
>
>   target/arm: Clear SVE high bits for FMOV (2018-05-10 18:10:58 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * hw/arm/iotkit.c: fix minor memory leak
>  * softfloat: fix wrong-exception-flags bug for multiply-add corner case
>  * arm: isolate and clean up DTB generation
>  * implement Arm v8.1-Atomics extension
>  * Fix some bugs and missing instructions in the v8.2-FP16 extension
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180510174519.11264-1-peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 00/21] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]            patchew/20180502221552.3873-1-richard.henderson@linaro.org -> patchew/20180502221552.3873-1-richard.henderson@linaro.org
 t [tag update]            patchew/20180503115620.10596-1-edgar.iglesias@gmail.com -> patchew/20180503115620.10596-1-edgar.iglesias@gmail.com
 t [tag update]            patchew/20180509165530.29561-1-mreitz@redhat.com -> patchew/20180509165530.29561-1-mreitz@redhat.com
 t [tag update]            patchew/20180510094206.15354-1-alex.bennee@linaro.org -> patchew/20180510094206.15354-1-alex.bennee@linaro.org
 t [tag update]            patchew/20180510140141.12120-1-peter.maydell@linaro.org -> patchew/20180510140141.12120-1-peter.maydell@linaro.org
 t [tag update]            patchew/20180510140934.22855-1-peter.maydell@linaro.org -> patchew/20180510140934.22855-1-peter.maydell@linaro.org
 t [tag update]            patchew/20180510143618.23673-1-peter.maydell@linaro.org -> patchew/20180510143618.23673-1-peter.maydell@linaro.org
 * [new tag]               patchew/20180510174519.11264-1-peter.maydell@linaro.org -> patchew/20180510174519.11264-1-peter.maydell@linaro.org
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
ccdba81c4b target/arm: Clear SVE high bits for FMOV
64003f64f0 target/arm: Fix float16 to/from int16
600be1201a target/arm: Implement vector shifted FCVT for fp16
0f941356c9 target/arm: Implement vector shifted SCVF/UCVF for fp16
3ded533d22 target/arm: Enable ARM_FEATURE_V8_ATOMICS for user-only
9d58b9b45c target/arm: Implement CAS and CASP
51a26a9014 target/arm: Fill in disas_ldst_atomic
de4ccb142c target/arm: Introduce ARM_FEATURE_V8_ATOMICS and initial decode
3b7e02239c target/riscv: Use new atomic min/max expanders
d8820204cf tcg: Use GEN_ATOMIC_HELPER_FN for opposite endian atomic add
587522510f tcg: Introduce atomic helpers for integer min/max
adbe86c2cb target/xtensa: Use new min/max expanders
9f9ed0f8b4 target/arm: Use new min/max expanders
0386c2a4f5 tcg: Introduce helpers for integer min/max
7a13cbc1df atomic.h: Work around gcc spurious "unused value" warning
704fd2643a make sure that we aren't overwriting mc->get_hotplug_handler by accident
e35977cfc3 arm/boot: split load_dtb() from arm_load_kernel()
b46a5f4740 platform-bus-device: use device plug callback instead of machine_done notifier
318eae8151 pc: simplify MachineClass::get_hotplug_handler handling
d99828cef6 softfloat: Handle default NaN mode after pickNaNMulAdd, not before
058260b178 hw/arm/iotkit.c: fix minor memory leak

=== OUTPUT BEGIN ===
Checking PATCH 1/21: hw/arm/iotkit.c: fix minor memory leak...
Checking PATCH 2/21: softfloat: Handle default NaN mode after pickNaNMulAdd, not before...
Checking PATCH 3/21: pc: simplify MachineClass::get_hotplug_handler handling...
Checking PATCH 4/21: platform-bus-device: use device plug callback instead of machine_done notifier...
Checking PATCH 5/21: arm/boot: split load_dtb() from arm_load_kernel()...
Checking PATCH 6/21: make sure that we aren't overwriting mc->get_hotplug_handler by accident...
Checking PATCH 7/21: atomic.h: Work around gcc spurious "unused value" warning...
Checking PATCH 8/21: tcg: Introduce helpers for integer min/max...
Checking PATCH 9/21: target/arm: Use new min/max expanders...
Checking PATCH 10/21: target/xtensa: Use new min/max expanders...
Checking PATCH 11/21: tcg: Introduce atomic helpers for integer min/max...
ERROR: memory barrier without comment
#58: FILE: accel/tcg/atomic_template.h:137:
+    smp_mb();                                                       \

ERROR: memory barrier without comment
#98: FILE: accel/tcg/atomic_template.h:285:
+    smp_mb();                                                       \

total: 2 errors, 0 warnings, 236 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 12/21: tcg: Use GEN_ATOMIC_HELPER_FN for opposite endian atomic add...
Checking PATCH 13/21: target/riscv: Use new atomic min/max expanders...
Checking PATCH 14/21: target/arm: Introduce ARM_FEATURE_V8_ATOMICS and initial decode...
Checking PATCH 15/21: target/arm: Fill in disas_ldst_atomic...
Checking PATCH 16/21: target/arm: Implement CAS and CASP...
Checking PATCH 17/21: target/arm: Enable ARM_FEATURE_V8_ATOMICS for user-only...
Checking PATCH 18/21: target/arm: Implement vector shifted SCVF/UCVF for fp16...
Checking PATCH 19/21: target/arm: Implement vector shifted FCVT for fp16...
Checking PATCH 20/21: target/arm: Fix float16 to/from int16...
ERROR: spaces required around that '*' (ctx:WxV)
#47: FILE: target/arm/helper.c:11434:
+static float16 do_postscale_fp16(float64 f, int shift, float_status *fpst)
                                                                     ^

total: 1 errors, 0 warnings, 83 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 21/21: target/arm: Clear SVE high bits for FMOV...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

The following changes since commit e5cd695266c5709308aa95b1baae499e4b5d4544:

  Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging (2018-05-08 17:05:58 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180510

for you to fetch changes up to 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3:

  target/arm: Clear SVE high bits for FMOV (2018-05-10 18:10:58 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/iotkit.c: fix minor memory leak
 * softfloat: fix wrong-exception-flags bug for multiply-add corner case
 * arm: isolate and clean up DTB generation
 * implement Arm v8.1-Atomics extension
 * Fix some bugs and missing instructions in the v8.2-FP16 extension

----------------------------------------------------------------
Igor Mammedov (4):
      pc: simplify MachineClass::get_hotplug_handler handling
      platform-bus-device: use device plug callback instead of machine_done notifier
      arm/boot: split load_dtb() from arm_load_kernel()
      make sure that we aren't overwriting mc->get_hotplug_handler by accident

Peter Maydell (3):
      hw/arm/iotkit.c: fix minor memory leak
      softfloat: Handle default NaN mode after pickNaNMulAdd, not before
      atomic.h: Work around gcc spurious "unused value" warning

Richard Henderson (14):
      tcg: Introduce helpers for integer min/max
      target/arm: Use new min/max expanders
      target/xtensa: Use new min/max expanders
      tcg: Introduce atomic helpers for integer min/max
      tcg: Use GEN_ATOMIC_HELPER_FN for opposite endian atomic add
      target/riscv: Use new atomic min/max expanders
      target/arm: Introduce ARM_FEATURE_V8_ATOMICS and initial decode
      target/arm: Fill in disas_ldst_atomic
      target/arm: Implement CAS and CASP
      target/arm: Enable ARM_FEATURE_V8_ATOMICS for user-only
      target/arm: Implement vector shifted SCVF/UCVF for fp16
      target/arm: Implement vector shifted FCVT for fp16
      target/arm: Fix float16 to/from int16
      target/arm: Clear SVE high bits for FMOV

 accel/tcg/atomic_template.h | 112 ++++++----
 accel/tcg/tcg-runtime.h     |   8 +
 hw/ppc/e500.h               |   5 +
 include/hw/arm/arm.h        |  45 +++-
 include/hw/arm/sysbus-fdt.h |  37 +---
 include/hw/arm/virt.h       |   1 +
 include/hw/i386/pc.h        |   8 -
 include/hw/platform-bus.h   |   4 +-
 include/qemu/atomic.h       |   2 +-
 target/arm/cpu.h            |   1 +
 target/arm/helper-a64.h     |   2 +
 target/arm/helper.h         |   4 +-
 tcg/tcg-op.h                |  50 +++++
 tcg/tcg.h                   |   8 +
 fpu/softfloat.c             |  52 +++--
 hw/arm/boot.c               |  72 ++-----
 hw/arm/iotkit.c             |   1 +
 hw/arm/sysbus-fdt.c         |  64 +-----
 hw/arm/virt.c               |  96 ++++++---
 hw/core/platform-bus.c      |  29 +--
 hw/i386/pc.c                |   7 +-
 hw/ppc/e500.c               |  38 ++--
 hw/ppc/e500plat.c           |  32 +++
 hw/ppc/spapr.c              |   1 +
 hw/s390x/s390-virtio-ccw.c  |   1 +
 linux-user/elfload.c        |   1 +
 target/arm/cpu64.c          |   1 +
 target/arm/helper-a64.c     |  43 ++++
 target/arm/helper.c         |  53 ++++-
 target/arm/translate-a64.c  | 490 +++++++++++++++++++++++++++++++++-----------
 target/riscv/translate.c    |  72 ++-----
 target/xtensa/translate.c   |  50 +++--
 tcg/tcg-op.c                |  48 +++++
 33 files changed, 934 insertions(+), 504 deletions(-)

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

target-arm queue: mostly just cleanup/minor stuff, but this does
include the raspi3 board model.

-- PMM

The following changes since commit 9f9c53368b219a9115eddb39f0ff5ad19c977134:

  Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2018-02-15 10:14:11 +0000)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215

for you to fetch changes up to e545f0f9be1f9e60951017c1e6558216732cc14e:

  target/arm: Implement v8M MSPLIM and PSPLIM registers (2018-02-15 13:48:11 +0000)

----------------------------------------------------------------
target-arm queue:
 * aspeed: code cleanup to use unimplemented_device
 * add 'raspi3' RaspberryPi 3 machine model
 * more SVE prep work
 * v8M: add minor missing registers
 * v7M: fix bug where we weren't migrating v7m.other_sp
 * v7M: fix bugs in handling of interrupt registers for
   external interrupts beyond 32

----------------------------------------------------------------
Pekka Enberg (3):
      bcm2836: Make CPU type configurable
      raspi: Raspberry Pi 3 support
      raspi: Add "raspi3" machine type

Peter Maydell (11):
      hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
      hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
      hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
      hw/intc/armv7m_nvic: Implement v8M CPPWR register
      hw/intc/armv7m_nvic: Implement cache ID registers
      hw/intc/armv7m_nvic: Implement SCR
      target/arm: Implement writing to CONTROL_NS for v8M
      hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
      target/arm: Add AIRCR to vmstate struct
      target/arm: Migrate v7m.other_sp
      target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):
      hw/arm/aspeed: directly map the serial device to the system address space
      hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):
      target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
      target/arm: Enforce FP access to FPCR/FPSR
      target/arm: Suppress TB end for FPCR/FPSR
      target/arm: Enforce access to ZCR_EL at translation
      target/arm: Handle SVE registers when using clear_vec_high

 include/hw/arm/aspeed_soc.h |   1 -
 include/hw/arm/bcm2836.h    |   1 +
 target/arm/cpu.h            |  71 ++++++++++++-----
 target/arm/internals.h      |   6 ++
 hw/arm/aspeed_soc.c         |  35 ++-------
 hw/arm/bcm2836.c            |  17 +++--
 hw/arm/raspi.c              |  57 +++++++++++---
 hw/intc/armv7m_nvic.c       |  98 ++++++++++++++++++------
 target/arm/cpu.c            |  28 +++++++
 target/arm/helper.c         |  84 +++++++++++++++-----
 target/arm/machine.c        |  84 ++++++++++++++++++++
 target/arm/translate-a64.c  | 181 ++++++++++++++++++++------------------------
 12 files changed, 452 insertions(+), 211 deletions(-)

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 25 January 2018 at 13:43, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm queue built up to a point where it seems worth sending:
> various bug fixes, plus RTH's refactoring in preparation for SVE.
>
> thanks
> -- PMM
>
>
> The following changes since commit 0f79bfe38a2cf0f43c7ea4959da7f8ebd7858f3d:
>
>   Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-2.12-pull-request' into staging (2018-01-25 09:53:53 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180125
>
> for you to fetch changes up to 24da047af0e99a83fcc0d50b86c0f2627f7418b3:
>
>   pl110: Implement vertical compare/next base interrupts (2018-01-25 11:45:30 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * target/arm: Fix address truncation in 64-bit pagetable walks
>  * i.MX: Fix FEC/ENET receive functions
>  * target/arm: preparatory refactoring for SVE emulation
>  * hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active and pending"
>  * hw/intc/arm_gic: Fix C_RPR value on idle priority
>  * hw/intc/arm_gic: Fix group priority computation for group 1 IRQs
>  * hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1
>  * hw/arm/virt: Check that the CPU realize method succeeded
>  * sdhci: fix a NULL pointer dereference due to uninitialized AddressSpace object
>  * xilinx_spips: Correct usage of an uninitialized local variable
>  * pl110: Implement vertical compare/next base interrupts
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1516887809-6265-1-git-send-email-peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 00/21] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]               patchew/1516887809-6265-1-git-send-email-peter.maydell@linaro.org -> patchew/1516887809-6265-1-git-send-email-peter.maydell@linaro.org
Switched to a new branch 'test'
a7ead1ca00 pl110: Implement vertical compare/next base interrupts
f66ce5c2c3 xilinx_spips: Correct usage of an uninitialized local variable
d88421481d sdhci: fix a NULL pointer dereference due to uninitialized AddresSpace object
7564bd6dfb hw/arm/virt: Check that the CPU realize method succeeded
18db7a35b4 hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1
157a918a47 hw/intc/arm_gic: Fix group priority computation for group 1 IRQs
a896e5197e hw/intc/arm_gic: Fix C_RPR value on idle priority
ed702de6c2 hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active and pending"
0c5df69251 target/arm: Simplify fp_exception_el for user-only
0901e742d2 target/arm: Hoist store to flags output in cpu_get_tb_cpu_state
30d076c766 target/arm: Move cpu_get_tb_cpu_state out of line
9bc4918ade target/arm: Add ARM_FEATURE_SVE
9afce6e002 vmstate: Add VMSTATE_UINT64_SUB_ARRAY
911f6046fd target/arm: Add aa{32, 64}_vfp_{dreg, qreg} helpers
768420eeb2 target/arm: Change the type of vfp.regs
d2beafabf0 target/arm: Use pointers in neon tbl helper
e00821354c target/arm: Use pointers in neon zip/uzp helpers
ac24cb1f18 target/arm: Use pointers in crypto helpers
df207ebf53 target/arm: Mark disas_set_insn_syndrome inline
a13bffeacc i.MX: Fix FEC/ENET receive funtions
cc82dfe8c8 target/arm: Fix 32-bit address truncation

=== OUTPUT BEGIN ===
Checking PATCH 1/21: target/arm: Fix 32-bit address truncation...
Checking PATCH 2/21: i.MX: Fix FEC/ENET receive funtions...
Checking PATCH 3/21: target/arm: Mark disas_set_insn_syndrome inline...
Checking PATCH 4/21: target/arm: Use pointers in crypto helpers...
Checking PATCH 5/21: target/arm: Use pointers in neon zip/uzp helpers...
ERROR: trailing whitespace
#321: FILE: target/arm/translate.c:4691:
+    $

total: 1 errors, 0 warnings, 373 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/21: target/arm: Use pointers in neon tbl helper...
Checking PATCH 7/21: target/arm: Change the type of vfp.regs...
Checking PATCH 8/21: target/arm: Add aa{32, 64}_vfp_{dreg, qreg} helpers...
ERROR: spaces required around that '*' (ctx:VxV)
#88: FILE: target/arm/arch_dump.c:104:
+        note.vfp.vregs[2*i + 0] = cpu_to_dump64(s, q[0]);
                         ^

ERROR: spaces required around that '*' (ctx:VxV)
#89: FILE: target/arm/arch_dump.c:105:
+        note.vfp.vregs[2*i + 1] = cpu_to_dump64(s, q[1]);
                         ^

total: 2 errors, 0 warnings, 327 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/21: vmstate: Add VMSTATE_UINT64_SUB_ARRAY...
Checking PATCH 10/21: target/arm: Add ARM_FEATURE_SVE...
Checking PATCH 11/21: target/arm: Move cpu_get_tb_cpu_state out of line...
Checking PATCH 12/21: target/arm: Hoist store to flags output in cpu_get_tb_cpu_state...
Checking PATCH 13/21: target/arm: Simplify fp_exception_el for user-only...
Checking PATCH 14/21: hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active and pending"...
Checking PATCH 15/21: hw/intc/arm_gic: Fix C_RPR value on idle priority...
Checking PATCH 16/21: hw/intc/arm_gic: Fix group priority computation for group 1 IRQs...
Checking PATCH 17/21: hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1...
Checking PATCH 18/21: hw/arm/virt: Check that the CPU realize method succeeded...
Checking PATCH 19/21: sdhci: fix a NULL pointer dereference due to uninitialized AddresSpace object...
Checking PATCH 20/21: xilinx_spips: Correct usage of an uninitialized local variable...
Checking PATCH 21/21: pl110: Implement vertical compare/next base interrupts...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

Arm queue built up to a point where it seems worth sending:
various bug fixes, plus RTH's refactoring in preparation for SVE.

thanks
-- PMM
 
 
The following changes since commit 0f79bfe38a2cf0f43c7ea4959da7f8ebd7858f3d:

  Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-2.12-pull-request' into staging (2018-01-25 09:53:53 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180125

for you to fetch changes up to 24da047af0e99a83fcc0d50b86c0f2627f7418b3:

  pl110: Implement vertical compare/next base interrupts (2018-01-25 11:45:30 +0000)

----------------------------------------------------------------
target-arm queue:
 * target/arm: Fix address truncation in 64-bit pagetable walks
 * i.MX: Fix FEC/ENET receive functions
 * target/arm: preparatory refactoring for SVE emulation
 * hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active and pending"
 * hw/intc/arm_gic: Fix C_RPR value on idle priority
 * hw/intc/arm_gic: Fix group priority computation for group 1 IRQs
 * hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1
 * hw/arm/virt: Check that the CPU realize method succeeded
 * sdhci: fix a NULL pointer dereference due to uninitialized AddressSpace object
 * xilinx_spips: Correct usage of an uninitialized local variable
 * pl110: Implement vertical compare/next base interrupts

----------------------------------------------------------------
Ard Biesheuvel (1):
      target/arm: Fix 32-bit address truncation

Francisco Iglesias (1):
      xilinx_spips: Correct usage of an uninitialized local variable

Jean-Christophe Dubois (1):
      i.MX: Fix FEC/ENET receive funtions

Linus Walleij (1):
      pl110: Implement vertical compare/next base interrupts

Luc MICHEL (4):
      hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active and pending"
      hw/intc/arm_gic: Fix C_RPR value on idle priority
      hw/intc/arm_gic: Fix group priority computation for group 1 IRQs
      hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1

Peter Maydell (1):
      hw/arm/virt: Check that the CPU realize method succeeded

Philippe Mathieu-Daudé (1):
      sdhci: fix a NULL pointer dereference due to uninitialized AddresSpace object

Richard Henderson (11):
      target/arm: Mark disas_set_insn_syndrome inline
      target/arm: Use pointers in crypto helpers
      target/arm: Use pointers in neon zip/uzp helpers
      target/arm: Use pointers in neon tbl helper
      target/arm: Change the type of vfp.regs
      target/arm: Add aa{32, 64}_vfp_{dreg, qreg} helpers
      vmstate: Add VMSTATE_UINT64_SUB_ARRAY
      target/arm: Add ARM_FEATURE_SVE
      target/arm: Move cpu_get_tb_cpu_state out of line
      target/arm: Hoist store to flags output in cpu_get_tb_cpu_state
      target/arm: Simplify fp_exception_el for user-only

 include/hw/sd/sdhci.h       |   1 +
 include/migration/vmstate.h |   9 ++-
 target/arm/cpu.h            | 157 ++++++++-----------------------------
 target/arm/helper.h         |  46 +++++------
 target/arm/translate.h      |   2 +-
 hw/arm/virt.c               |   2 +-
 hw/display/pl110.c          |  30 +++++++-
 hw/intc/arm_gic.c           |  25 +++++-
 hw/net/imx_fec.c            |   8 +-
 hw/sd/sdhci.c               |   1 +
 hw/ssi/xilinx_spips.c       |  18 ++++-
 linux-user/signal.c         |  22 +++---
 target/arm/arch_dump.c      |   8 +-
 target/arm/crypto_helper.c  | 184 +++++++++++++++++---------------------------
 target/arm/helper-a64.c     |   5 +-
 target/arm/helper.c         | 164 +++++++++++++++++++++++++++++++++++----
 target/arm/kvm32.c          |   4 +-
 target/arm/kvm64.c          |  31 +++-----
 target/arm/machine.c        |   2 +-
 target/arm/neon_helper.c    | 162 ++++++++++++++++++++------------------
 target/arm/op_helper.c      |  17 ++--
 target/arm/translate-a64.c  | 100 ++++++++++++------------
 target/arm/translate.c      | 134 +++++++++++++++++---------------
 23 files changed, 607 insertions(+), 525 deletions(-)

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 28 February 2017 at 17:15, Peter Maydell <peter.maydell@linaro.org> wrote:
> Second lot of ARM changes to sneak in before freeze:
>  * fixed version of the raspi2 sd controller patches
>  * GICv3 save/restore
>  * v7M QOMify
>
> I've also included the Linux header update patches stolen
> from Paolo's pullreq since it hasn't quite hit master yet.
>
> thanks
> -- PMM
>
> The following changes since commit 1bbe5dc66b770d7bedd1d51d7935da948a510dd6:
>
>   Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170228' into staging (2017-02-28 14:50:17 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170228-1
>
> for you to fetch changes up to 1eeb5c7deacbfb4d4cad17590a16a99f3d85eabb:
>
>   bcm2835: add sdhost and gpio controllers (2017-02-28 17:10:00 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * raspi2: add gpio controller and sdhost controller, with
>    the wiring so the guest can switch which controller the
>    SD card is attached to
>    (this is sufficient to get raspbian kernels to boot)
>  * GICv3: support state save/restore from KVM
>  * update Linux headers to 4.11
>  * refactor and QOMify the ARMv7M container object

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

Second lot of ARM changes to sneak in before freeze:
 * fixed version of the raspi2 sd controller patches
 * GICv3 save/restore
 * v7M QOMify

I've also included the Linux header update patches stolen
from Paolo's pullreq since it hasn't quite hit master yet.

thanks
-- PMM

The following changes since commit 1bbe5dc66b770d7bedd1d51d7935da948a510dd6:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170228' into staging (2017-02-28 14:50:17 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170228-1

for you to fetch changes up to 1eeb5c7deacbfb4d4cad17590a16a99f3d85eabb:

  bcm2835: add sdhost and gpio controllers (2017-02-28 17:10:00 +0000)

----------------------------------------------------------------
target-arm queue:
 * raspi2: add gpio controller and sdhost controller, with
   the wiring so the guest can switch which controller the
   SD card is attached to
   (this is sufficient to get raspbian kernels to boot)
 * GICv3: support state save/restore from KVM
 * update Linux headers to 4.11
 * refactor and QOMify the ARMv7M container object

----------------------------------------------------------------
Clement Deschamps (3):
      hw/sd: add card-reparenting function
      bcm2835_gpio: add bcm2835 gpio controller
      bcm2835: add sdhost and gpio controllers

Paolo Bonzini (2):
      update-linux-headers: update for 4.11
      update Linux headers to 4.11

Peter Maydell (12):
      armv7m: Abstract out the "load kernel" code
      armv7m: Move NVICState struct definition into header
      armv7m: QOMify the armv7m container
      armv7m: Use QOMified armv7m object in armv7m_init()
      armv7m: Make ARMv7M object take memory region link
      armv7m: Make NVIC expose a memory region rather than mapping itself
      armv7m: Make bitband device take the address space to access
      armv7m: Don't put core v7M devices under CONFIG_STELLARIS
      armv7m: Split systick out from NVIC
      stm32f205: Create armv7m object without using armv7m_init()
      stm32f205: Rename 'nvic' local to 'armv7m'
      qdev: Have qdev_set_parent_bus() handle devices already on a bus

Vijaya Kumar K (4):
      hw/intc/arm_gicv3_kvm: Add ICC_SRE_EL1 register to vmstate
      hw/intc/arm_gicv3_kvm: Implement get/put functions
      target-arm: Add GICv3CPUState in CPUARMState struct
      hw/intc/arm_gicv3_kvm: Reset GICv3 cpu interface registers

 hw/gpio/Makefile.objs                              |   1 +
 hw/intc/Makefile.objs                              |   2 +-
 hw/timer/Makefile.objs                             |   1 +
 hw/intc/gicv3_internal.h                           |   3 +
 include/hw/arm/arm.h                               |  12 +
 include/hw/arm/armv7m.h                            |  63 +++
 include/hw/arm/armv7m_nvic.h                       |  62 ++
 include/hw/arm/bcm2835_peripherals.h               |   4 +
 include/hw/arm/stm32f205_soc.h                     |   4 +-
 include/hw/gpio/bcm2835_gpio.h                     |  39 ++
 include/hw/intc/arm_gicv3_common.h                 |   1 +
 include/hw/sd/sd.h                                 |  11 +
 include/hw/timer/armv7m_systick.h                  |  34 ++
 include/standard-headers/asm-x86/hyperv.h          |   8 +
 include/standard-headers/linux/input-event-codes.h |   2 +-
 include/standard-headers/linux/pci_regs.h          |  25 +
 include/standard-headers/linux/virtio_ids.h        |   1 +
 linux-headers/asm-arm/kvm.h                        |  15 +
 linux-headers/asm-arm/unistd-common.h              | 357 ++++++++++++
 linux-headers/asm-arm/unistd-eabi.h                |   5 +
 linux-headers/asm-arm/unistd-oabi.h                |  17 +
 linux-headers/asm-arm/unistd.h                     | 419 +-------------
 linux-headers/asm-arm64/kvm.h                      |  13 +
 linux-headers/asm-powerpc/kvm.h                    |  27 +
 linux-headers/asm-powerpc/unistd.h                 |   1 +
 linux-headers/asm-x86/kvm_para.h                   |  13 +-
 linux-headers/linux/kvm.h                          |  24 +-
 linux-headers/linux/kvm_para.h                     |   2 +
 linux-headers/linux/userfaultfd.h                  |  67 ++-
 linux-headers/linux/vfio.h                         |  10 +
 target/arm/cpu.h                                   |   2 +
 hw/arm/armv7m.c                                    | 379 ++++++++-----
 hw/arm/bcm2835_peripherals.c                       |  43 +-
 hw/arm/netduino2.c                                 |   7 +-
 hw/arm/stm32f205_soc.c                             |  28 +-
 hw/core/qdev.c                                     |  14 +
 hw/gpio/bcm2835_gpio.c                             | 353 ++++++++++++
 hw/intc/arm_gicv3_common.c                         |  38 ++
 hw/intc/arm_gicv3_cpuif.c                          |   8 +
 hw/intc/arm_gicv3_kvm.c                            | 629 ++++++++++++++++++++-
 hw/intc/armv7m_nvic.c                              | 214 ++-----
 hw/sd/core.c                                       |  27 +
 hw/timer/armv7m_systick.c                          | 240 ++++++++
 default-configs/arm-softmmu.mak                    |   2 +
 hw/timer/trace-events                              |   6 +
 scripts/update-linux-headers.sh                    |  13 +-
 46 files changed, 2479 insertions(+), 767 deletions(-)
 create mode 100644 include/hw/arm/armv7m.h
 create mode 100644 include/hw/arm/armv7m_nvic.h
 create mode 100644 include/hw/gpio/bcm2835_gpio.h
 create mode 100644 include/hw/timer/armv7m_systick.h
 create mode 100644 linux-headers/asm-arm/unistd-common.h
 create mode 100644 linux-headers/asm-arm/unistd-eabi.h
 create mode 100644 linux-headers/asm-arm/unistd-oabi.h
 create mode 100644 hw/gpio/bcm2835_gpio.c
 create mode 100644 hw/timer/armv7m_systick.c

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 9 January 2017 at 11:53, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: nothing hugely exciting here, the
> bulk is Andrew's virt-acpi-build refactorings.
>
> thanks
> -- PMM
>
> The following changes since commit ffe22bf51065dd33022cf91f77a821d1f11c250d:
>
>   Merge remote-tracking branch 'remotes/gonglei/tags/cryptodev-next-20161224' into staging (2017-01-06 15:18:09 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170109
>
> for you to fetch changes up to 556899fc1965d82f5c4a3ba6a0be3b1193e2c4b2:
>
>   hw/ssi/imx_spi.c: Remove MSGDATA register support (2017-01-09 11:50:23 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * i2c: Allow I2C devices to NAK start events
>  * hw/char: QOM'ify exynos4210_uart.c
>  * clean up and refactor virt-acpi-build.c
>  * virt-acpi-build: Don't incorrectly claim architectural timer
>    to be edge-triggered
>  * m25p80: Don't let rogue SPI controllers cause buffer overruns
>  * imx_spi: Remove broken MSGDATA register support
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

target-arm queue: nothing hugely exciting here, the
bulk is Andrew's virt-acpi-build refactorings.

thanks
-- PMM

The following changes since commit ffe22bf51065dd33022cf91f77a821d1f11c250d:

  Merge remote-tracking branch 'remotes/gonglei/tags/cryptodev-next-20161224' into staging (2017-01-06 15:18:09 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170109

for you to fetch changes up to 556899fc1965d82f5c4a3ba6a0be3b1193e2c4b2:

  hw/ssi/imx_spi.c: Remove MSGDATA register support (2017-01-09 11:50:23 +0000)

----------------------------------------------------------------
target-arm queue:
 * i2c: Allow I2C devices to NAK start events
 * hw/char: QOM'ify exynos4210_uart.c
 * clean up and refactor virt-acpi-build.c
 * virt-acpi-build: Don't incorrectly claim architectural timer
   to be edge-triggered
 * m25p80: Don't let rogue SPI controllers cause buffer overruns
 * imx_spi: Remove broken MSGDATA register support

----------------------------------------------------------------
Andrew Jones (14):
      hw/arm/virt-acpi-build: add all missing cpu_to_le's
      hw/arm/virt-acpi-build: name GIC CPU Interface Structure appropriately
      hw/arm/virt-acpi-build: gtdt: improve flag naming
      hw/arm/virt-acpi-build: fadt: improve flag naming
      hw/arm/virt: parameter passing cleanups
      hw/arm/virt: use VirtMachineState.gic_version
      hw/arm/virt: eliminate struct VirtGuestInfoState
      hw/arm/virt: remove include/hw/arm/virt-acpi-build.h
      hw/arm/virt: move VirtMachineState/Class to virt.h
      hw/arm/virt: pass VirtMachineState instead of VirtGuestInfo
      hw/arm/virt-acpi-build: remove redundant members from VirtGuestInfo
      hw/arm/virt-acpi-build: don't save VirtGuestInfo on AcpiBuildState
      hw/arm/virt: remove VirtGuestInfo
      hw/arm/virt-acpi-build: Don't incorrectly claim architectural timer to be edge-triggered

Corey Minyard (1):
      i2c: Allow I2C devices to NAK start events

Jean-Christophe Dubois (2):
      m25p80: don't let rogue SPI controllers cause buffer overruns
      hw/ssi/imx_spi.c: Remove MSGDATA register support

Peter Maydell (3):
      hw/arm/virt: Merge VirtBoardInfo and VirtMachineState
      hw/arm/virt: Rename 'vbi' variables to 'vms'
      hw/arm/virt: Don't incorrectly claim architectural timer to be edge-triggered

xiaoqiang zhao (1):
      hw/char: QOM'ify exynos4210_uart.c

 include/hw/acpi/acpi-defs.h      |  33 +-
 include/hw/arm/virt-acpi-build.h |  47 ---
 include/hw/arm/virt.h            |  41 ++-
 include/hw/i2c/i2c.h             |  16 +-
 hw/arm/pxa2xx.c                  |   4 +-
 hw/arm/tosa.c                    |   4 +-
 hw/arm/virt-acpi-build.c         | 134 ++++----
 hw/arm/virt.c                    | 691 ++++++++++++++++++---------------------
 hw/arm/z2.c                      |   4 +-
 hw/audio/wm8750.c                |   4 +-
 hw/block/m25p80.c                |  29 +-
 hw/char/exynos4210_uart.c        |  16 +-
 hw/display/ssd0303.c             |   4 +-
 hw/gpio/max7310.c                |   4 +-
 hw/i2c/core.c                    |  31 +-
 hw/i2c/i2c-ddc.c                 |   4 +-
 hw/i2c/smbus.c                   |  13 +-
 hw/input/lm832x.c                |   4 +-
 hw/misc/tmp105.c                 |   3 +-
 hw/ssi/imx_spi.c                 |  11 +-
 hw/timer/ds1338.c                |   4 +-
 hw/timer/twl92230.c              |   4 +-
 MAINTAINERS                      |   2 -
 23 files changed, 572 insertions(+), 535 deletions(-)
 delete mode 100644 include/hw/arm/virt-acpi-build.h

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 16 March 2016 at 17:18, Peter Maydell <peter.maydell@linaro.org> wrote:
> Here's the target-arm queue; I'm a bit hesitant about the late-landing
> various new board/SoC patches, but they won't affect anybody who isn't
> trying to use those boards, so I think it's OK.
>
> (There are a few other patches on list which I definitely want to
> get in before rc0 but they need a bit more review time I think.)
>
> thanks
> -- PMM
>
>
> The following changes since commit 0ebc03bc065329eaefb6493f5fa7df08df528f2a:
>
>   util/base64.c: Clean includes (2016-03-16 12:48:11 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160316
>
> for you to fetch changes up to 10b27d1ab391dbf36f92e1a33179662082401d7a:
>
>   sd: Fix "info qtree" on boards with SD cards (2016-03-16 17:12:46 +0000)

Respin with fix now applied to master.

-- PMM

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 16 March 2016 at 17:18, Peter Maydell <peter.maydell@linaro.org> wrote:
> Here's the target-arm queue; I'm a bit hesitant about the late-landing
> various new board/SoC patches, but they won't affect anybody who isn't
> trying to use those boards, so I think it's OK.
>
> (There are a few other patches on list which I definitely want to
> get in before rc0 but they need a bit more review time I think.)
>
> thanks
> -- PMM
>
>
> The following changes since commit 0ebc03bc065329eaefb6493f5fa7df08df528f2a:
>
>   util/base64.c: Clean includes (2016-03-16 12:48:11 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160316
>
> for you to fetch changes up to 10b27d1ab391dbf36f92e1a33179662082401d7a:
>
>   sd: Fix "info qtree" on boards with SD cards (2016-03-16 17:12:46 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * loader: Fix incorrect parameter name in load_image_mr()
>  * Implement MRS (banked) and MSR (banked) instructions
>  * virt: Implement versioning for machine model
>  * i.MX: some initial patches preparing for i.MX6 support
>  * new ASPEED AST2400 SoC and palmetto-bmc machine
>  * bcm2835: add some more raspi2 devices
>  * sd: fix segfault running "info qtree"

Some versions of gcc appear to give false positive 'may be used
uninitialized' warnings about the msr/mrs code:

/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c: In
function ‘gen_msr_banked
.isra.45’:
/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c:4321:17:
error: ‘tgtmode’ ma
y be used uninitialized in this function [-Werror=maybe-uninitialized]
     tcg_tgtmode = tcg_const_i32(tgtmode);
                 ^
/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c:4322:15:
error: ‘regno’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
     tcg_regno = tcg_const_i32(regno);
               ^
/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c: In
function ‘gen_mrs_banked.isra.48’:
/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c:4343:17:
error: ‘tgtmode’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
     tcg_tgtmode = tcg_const_i32(tgtmode);
                 ^
/home/petmay01/linaro/qemu-for-merges/target-arm/translate.c:4344:15:
error: ‘regno’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
     tcg_regno = tcg_const_i32(regno);
               ^

Fixup:
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -4308,7 +4308,7 @@ undef:
 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
 {
     TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
-    int tgtmode, regno;
+    int tgtmode = 0, regno = 0;

     if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
         return;
@@ -4330,7 +4330,7 @@ static void gen_msr_banked(DisasContext *s, int
r, int sysm, int rn)
 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
 {
     TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
-    int tgtmode, regno;
+    int tgtmode = 0, regno = 0;

     if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
         return;

which I'll squash into the appropriate patch and respin.

thanks
-- PMM

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

Here's the target-arm queue; I'm a bit hesitant about the late-landing
various new board/SoC patches, but they won't affect anybody who isn't
trying to use those boards, so I think it's OK.

(There are a few other patches on list which I definitely want to
get in before rc0 but they need a bit more review time I think.)

thanks
-- PMM


The following changes since commit 0ebc03bc065329eaefb6493f5fa7df08df528f2a:

  util/base64.c: Clean includes (2016-03-16 12:48:11 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160316

for you to fetch changes up to 10b27d1ab391dbf36f92e1a33179662082401d7a:

  sd: Fix "info qtree" on boards with SD cards (2016-03-16 17:12:46 +0000)

----------------------------------------------------------------
target-arm queue:
 * loader: Fix incorrect parameter name in load_image_mr()
 * Implement MRS (banked) and MSR (banked) instructions
 * virt: Implement versioning for machine model
 * i.MX: some initial patches preparing for i.MX6 support
 * new ASPEED AST2400 SoC and palmetto-bmc machine
 * bcm2835: add some more raspi2 devices
 * sd: fix segfault running "info qtree"

----------------------------------------------------------------
Andrew Baumann (2):
      bcm2835_peripherals: enable sdhci pending-insert quirk for raspberry pi
      bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block

Andrew Jeffery (4):
      hw/timer: Add ASPEED timer device model
      hw/intc: Add (new) ASPEED VIC device model
      hw/arm: Add ASPEED AST2400 SoC model
      hw/arm: Add palmetto-bmc machine

Grégory ESTRADE (3):
      bcm2835_fb: add framebuffer device for Raspberry Pi
      bcm2835_property: implement framebuffer control/configuration properties
      bcm2835_dma: add emulation of Raspberry Pi DMA controller

Jean-Christophe Dubois (6):
      i.MX: Allow GPT timer to rollover.
      i.MX: Rename CCM NOCLK to CLK_NONE for naming consistency.
      i.MX: Remove CCM useless clock computation handling.
      i.MX: Add the CLK_IPG_HIGH clock
      i.MX: Add i.MX6 CCM and ANALOG device.
      i.MX: Add missing descriptions in devices.

Jens Wiklander (1):
      loader: Fix incorrect parameter name in load_image_mr() macro

Peter Maydell (2):
      target-arm: Implement MRS (banked) and MSR (banked) instructions
      sd: Fix "info qtree" on boards with SD cards

Sergey Sorokin (1):
      target-arm: Fix translation level on early translation faults

Wei Huang (2):
      arm: virt: Add an abstract ARM virt machine type
      arm: virt: Move machine class init code to the abstract machine type

 default-configs/arm-softmmu.mak      |   1 +
 hw/arm/Makefile.objs                 |   1 +
 hw/arm/ast2400.c                     | 137 +++++++
 hw/arm/bcm2835_peripherals.c         | 103 ++++-
 hw/arm/bcm2836.c                     |   2 +
 hw/arm/fsl-imx25.c                   |   1 +
 hw/arm/fsl-imx31.c                   |   1 +
 hw/arm/palmetto-bmc.c                |  65 +++
 hw/arm/raspi.c                       |  12 +-
 hw/arm/virt.c                        |  57 ++-
 hw/char/Makefile.objs                |   1 +
 hw/char/bcm2835_aux.c                | 316 ++++++++++++++
 hw/display/Makefile.objs             |   1 +
 hw/display/bcm2835_fb.c              | 424 +++++++++++++++++++
 hw/dma/Makefile.objs                 |   1 +
 hw/dma/bcm2835_dma.c                 | 408 ++++++++++++++++++
 hw/i2c/imx_i2c.c                     |   1 +
 hw/intc/Makefile.objs                |   1 +
 hw/intc/aspeed_vic.c                 | 339 +++++++++++++++
 hw/misc/Makefile.objs                |   1 +
 hw/misc/bcm2835_property.c           | 139 ++++++-
 hw/misc/imx25_ccm.c                  |  29 +-
 hw/misc/imx31_ccm.c                  |  35 +-
 hw/misc/imx6_ccm.c                   | 774 +++++++++++++++++++++++++++++++++++
 hw/net/imx_fec.c                     |   1 +
 hw/sd/sd.c                           |   6 +-
 hw/timer/Makefile.objs               |   1 +
 hw/timer/aspeed_timer.c              | 449 ++++++++++++++++++++
 hw/timer/imx_epit.c                  |   8 +-
 hw/timer/imx_gpt.c                   |  43 +-
 include/hw/arm/ast2400.h             |  35 ++
 include/hw/arm/bcm2835_peripherals.h |   6 +
 include/hw/char/bcm2835_aux.h        |  33 ++
 include/hw/display/bcm2835_fb.h      |  47 +++
 include/hw/dma/bcm2835_dma.h         |  47 +++
 include/hw/intc/aspeed_vic.h         |  48 +++
 include/hw/loader.h                  |   2 +-
 include/hw/misc/bcm2835_property.h   |   5 +-
 include/hw/misc/imx6_ccm.h           | 197 +++++++++
 include/hw/misc/imx_ccm.h            |  10 +-
 include/hw/timer/aspeed_timer.h      |  59 +++
 target-arm/helper.c                  |  22 +-
 target-arm/helper.h                  |   3 +
 target-arm/op_helper.c               | 120 ++++++
 target-arm/translate.c               | 246 ++++++++++-
 trace-events                         |  16 +
 46 files changed, 4114 insertions(+), 140 deletions(-)
 create mode 100644 hw/arm/ast2400.c
 create mode 100644 hw/arm/palmetto-bmc.c
 create mode 100644 hw/char/bcm2835_aux.c
 create mode 100644 hw/display/bcm2835_fb.c
 create mode 100644 hw/dma/bcm2835_dma.c
 create mode 100644 hw/intc/aspeed_vic.c
 create mode 100644 hw/misc/imx6_ccm.c
 create mode 100644 hw/timer/aspeed_timer.c
 create mode 100644 include/hw/arm/ast2400.h
 create mode 100644 include/hw/char/bcm2835_aux.h
 create mode 100644 include/hw/display/bcm2835_fb.h
 create mode 100644 include/hw/dma/bcm2835_dma.h
 create mode 100644 include/hw/intc/aspeed_vic.h
 create mode 100644 include/hw/misc/imx6_ccm.h
 create mode 100644 include/hw/timer/aspeed_timer.h

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 18 May 2015 at 20:15, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: mostly the new Xilinx board, plus a handful
> of other minor things.
>
> -- PMM
>
>
> The following changes since commit 385057cbec9b4a0eb6150330c572e875ed714965:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-05-15' into staging (2015-05-15 17:51:20 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150518-3
>
> for you to fetch changes up to 18084b2f71b22b3ec3bf4828b8cb83d1d39e8502:
>
>   target-arm: Remove unneeded '+' (2015-05-18 20:04:19 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * New board model: xlnx-ep108
>  * Some more preparation for AArch64 EL2/EL3
>  * Fix bugs in access checking for generic counter registers
>  * Remove a stray '+' sign
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

target-arm queue: mostly the new Xilinx board, plus a handful
of other minor things.

-- PMM


The following changes since commit 385057cbec9b4a0eb6150330c572e875ed714965:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-05-15' into staging (2015-05-15 17:51:20 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150518-3

for you to fetch changes up to 18084b2f71b22b3ec3bf4828b8cb83d1d39e8502:

  target-arm: Remove unneeded '+' (2015-05-18 20:04:19 +0100)

----------------------------------------------------------------
target-arm:
 * New board model: xlnx-ep108
 * Some more preparation for AArch64 EL2/EL3
 * Fix bugs in access checking for generic counter registers
 * Remove a stray '+' sign

----------------------------------------------------------------
Edgar E. Iglesias (3):
      target-arm: Correct accessfn for CNTP_{CT}VAL_EL0
      target-arm: Correct accessfn for CNTV_TVAL_EL0
      target-arm: Remove unneeded '+'

Greg Bellows (3):
      target-arm: Add TTBR regime function and use
      target-arm: Add EL3 and EL2 TCR checking
      target-arm: Add WFx syndrome function

Peter Crosthwaite (14):
      target-arm: cpu64: generalise name of A57 regs
      target-arm: cpu64: Add support for Cortex-A53
      arm: Introduce Xilinx ZynqMP SoC
      arm: xlnx-zynqmp: Add GIC
      arm: xlnx-zynqmp: Connect CPU Timers to GIC
      net: cadence_gem: Clean up variable names
      net: cadence_gem: Split state struct and type into header
      arm: xlnx-zynqmp: Add GEM support
      char: cadence_uart: Clean up variable names
      char: cadence_uart: Split state struct and type into header
      arm: xlnx-zynqmp: Add UART support
      arm: Add xlnx-ep108 machine
      arm: xlnx-ep108: Add external RAM
      arm: xlnx-ep108: Add bootloading

Timothy Baldwin (1):
      linux-user/arm: Correct TARGET_NR_timerfd to TARGET_NR_timerfd_create

 default-configs/aarch64-softmmu.mak |   2 +-
 hw/arm/Makefile.objs                |   1 +
 hw/arm/xlnx-ep108.c                 |  82 ++++++++++++++
 hw/arm/xlnx-zynqmp.c                | 211 ++++++++++++++++++++++++++++++++++++
 hw/char/cadence_uart.c              | 115 ++++++++------------
 hw/net/cadence_gem.c                |  95 +++++-----------
 include/hw/arm/xlnx-zynqmp.h        |  58 ++++++++++
 include/hw/char/cadence_uart.h      |  53 +++++++++
 include/hw/net/cadence_gem.h        |  73 +++++++++++++
 linux-user/arm/syscall_nr.h         |   2 +-
 target-arm/cpu64.c                  |  61 ++++++++++-
 target-arm/helper.c                 |  75 +++++++++----
 target-arm/internals.h              |   6 +
 13 files changed, 671 insertions(+), 163 deletions(-)
 create mode 100644 hw/arm/xlnx-ep108.c
 create mode 100644 hw/arm/xlnx-zynqmp.c
 create mode 100644 include/hw/arm/xlnx-zynqmp.h
 create mode 100644 include/hw/char/cadence_uart.h
 create mode 100644 include/hw/net/cadence_gem.h

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

Hi; this is my target-arm queue. Contents:
 * my 'get rid of arm_pic' series
 * generic timer support for A15
 * a few other minor fixes

To avoid potential conflicts between a target-arm pullreq
and an arm-devs pullreq, I've just put all these ARM related
patches in the same tree even though a few of them could
strictly speaking have gone into an arm-devs tree. (I'd
actually prefer to combine target-arm.next and arm-devs.next
into a single tree in future, since I think some of the admin
reasons for the original split have now gone away. Let me know
if this is going to be a problem and I'll maintain the split.)

Please pull.

thanks
--PMM


The following changes since commit f202039811d8746b0586d2fd5f61de6c8cf68056:

  Open up 1.7 development branch (2013-08-15 15:41:13 -0500)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20130820

for you to fetch changes up to 230058106ab26de9b876158dbe27d60719f01f51:

  hw/timer/imx_epit: Simplify and fix imx_epit implementation (2013-08-20 14:54:32 +0100)

----------------------------------------------------------------
target-arm queue

----------------------------------------------------------------
Peter Chubb (1):
      hw/timer/imx_epit: Simplify and fix imx_epit implementation

Peter Maydell (20):
      target-arm: Implement 'int' loglevel
      target-arm: Make IRQ and FIQ gpio lines on the CPU object
      hw/arm/armv7m: Don't use arm_pic_init_cpu()
      hw/arm/exynos4210: Don't use arm_pic_init_cpu()
      hw/arm/highbank: Don't use arm_pic_init_cpu()
      hw/arm/integratorcp: Don't use arm_pic_init_cpu()
      hw/arm/kzm: Don't use arm_pic_init_cpu()
      hw/arm/musicpal: Don't use arm_pic_init_cpu()
      hw/arm/omap*: Don't use arm_pic_init_cpu()
      hw/arm/realview: Don't use arm_pic_init_cpu()
      hw/arm/strongarm: Don't use arm_pic_init_cpu()
      hw/arm/versatilepb: Don't use arm_pic_init_cpu()
      hw/arm/vexpress: Don't use arm_pic_init_cpu()
      hw/arm/xilinx_zynq: Don't use arm_pic_init_cpu()
      hw/arm/pic_cpu: Remove the now-unneeded arm_pic_init_cpu()
      target-arm: Allow raw_read() and raw_write() to handle 64 bit regs
      target-arm: Support coprocessor registers which do I/O
      target-arm: Implement the generic timer
      hw/cpu/a15mpcore: Wire generic timer outputs to GIC inputs
      default-configs: Fix A9MP and A15MP config names

 default-configs/arm-softmmu.mak |    4 +-
 hw/arm/Makefile.objs            |    2 +-
 hw/arm/armv7m.c                 |    5 +-
 hw/arm/exynos4210.c             |   16 +-
 hw/arm/highbank.c               |    4 +-
 hw/arm/integratorcp.c           |    7 +-
 hw/arm/kzm.c                    |    8 +-
 hw/arm/musicpal.c               |    4 +-
 hw/arm/omap1.c                  |    8 +-
 hw/arm/omap2.c                  |    8 +-
 hw/arm/pic_cpu.c                |   68 ---------
 hw/arm/realview.c               |    4 +-
 hw/arm/strongarm.c              |    6 +-
 hw/arm/versatilepb.c            |    7 +-
 hw/arm/vexpress.c               |    8 +-
 hw/arm/xilinx_zynq.c            |    7 +-
 hw/cpu/Makefile.objs            |    4 +-
 hw/cpu/a15mpcore.c              |   18 +++
 hw/timer/imx_epit.c             |   94 +++++-------
 include/hw/arm/arm.h            |    5 -
 target-arm/cpu-qom.h            |    9 ++
 target-arm/cpu.c                |   67 +++++++++
 target-arm/cpu.h                |   27 +++-
 target-arm/helper.c             |  310 ++++++++++++++++++++++++++++++++++++++-
 target-arm/machine.c            |    8 +-
 target-arm/translate.c          |   16 +-
 26 files changed, 514 insertions(+), 210 deletions(-)
 delete mode 100644 hw/arm/pic_cpu.c