[Qemu-devel] [PULL 00/25] target-arm queue

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

First target-arm pull for 2.9; nothing particularly exciting here.

thanks
-- PMM

The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2016-12-22 19:23:51 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161227

for you to fetch changes up to 91db4642f868cf2e591b62d31a19d35b02ea791e:

  target-arm: Add VBAR support to ARM1176 CPUs (2016-12-27 14:59:30 +0000)

----------------------------------------------------------------
target-arm queue:
 * add VBAR support to ARM1176 CPUs
 * hw/i2c: add NULL check to i2c slave init callbacks
 * pxa2xx.c: fix trailing whitespace
 * aspeed: various cleanups
 * aspeed: add romulus-bmc board
 * virt: add 2.9 machine type
 * gicv3: don't signal Pending+Active interrupts to CPU
 * gicv3: fix incorrect usage of fieldoffset
 * arm: log AArch64 exception returns
 * gicv3: fix aff3 field in typer register
 * aarch64: fix ldst_single_struct on BE hosts
 * aarch64: fix vec_reg_offset on BE hosts
 * arm: fix Cortex-A8 MVFR1 register value
 * cadence_uart: check if receiver timeout counter disabled
 * cadence_uart: check register values on migration

----------------------------------------------------------------
Alastair D'Silva (2):
      hw/arm: remove trailing whitespace
      hw/i2c: Add a NULL check for i2c slave init callbacks

Alistair Francis (1):
      cadence_uart: Check baud rate generator and divider values on migration

Andrew Gacek (1):
      cadence_uart: Check if receiver timeout counter is disabled

Andrew Jones (1):
      hw/intc/arm_gicv3_common: fix aff3 in typer

Cédric Le Goater (13):
      m25p80: add support for the mx66l1g45g
      aspeed: QOMify the CPU object and attach it to the SoC
      aspeed: remove cannot_destroy_with_object_finalize_yet
      aspeed: attach the second SPI controller object to the SoC
      aspeed: extend the board configuration with flash models
      aspeed: add support for the romulus-bmc board
      aspeed: add a memory region for SRAM
      aspeed: add the definitions for the AST2400 A1 SoC
      aspeed: change SoC revision of the palmetto-bmc machine
      aspeed/scu: fix SCU region size
      aspeed/smc: improve segment register support
      aspeed/smc: set the number of flash modules for the FMC controller
      target-arm: Add VBAR support to ARM1176 CPUs

Julian Brown (1):
      Correct value of ARM Cortex-A8 MVFR1 register.

Peter Maydell (4):
      target-arm: Log AArch64 exception returns
      hw/intc/arm_gicv3: Remove incorrect usage of fieldoffset
      hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU
      hw/arm/virt: add 2.9 machine type

Richard Henderson (2):
      target-arm: Fix aarch64 vec_reg_offset
      target-arm: Fix aarch64 disas_ldst_single_struct

 include/hw/arm/aspeed_soc.h  |  4 +-
 include/hw/compat.h          |  3 ++
 include/hw/misc/aspeed_scu.h |  1 +
 target/arm/cpu.h             |  1 +
 hw/arm/aspeed.c              | 70 ++++++++++++++++++++++++++++++--
 hw/arm/aspeed_soc.c          | 95 +++++++++++++++++++++++++++++++++-----------
 hw/arm/pxa2xx.c              |  9 +----
 hw/arm/tosa.c                |  7 ----
 hw/arm/virt.c                | 19 ++++++++-
 hw/arm/z2.c                  |  7 ----
 hw/block/m25p80.c            |  1 +
 hw/char/cadence_uart.c       | 14 +++++--
 hw/i2c/core.c                |  6 ++-
 hw/intc/arm_gicv3.c          |  5 +++
 hw/intc/arm_gicv3_common.c   |  3 +-
 hw/intc/arm_gicv3_cpuif.c    | 13 +++---
 hw/misc/aspeed_scu.c         |  4 +-
 hw/misc/aspeed_sdmc.c        |  3 ++
 hw/ssi/aspeed_smc.c          | 17 ++++----
 hw/timer/ds1338.c            |  6 ---
 target/arm/cpu.c             | 11 ++++-
 target/arm/helper.c          | 19 ++++++---
 target/arm/op_helper.c       |  9 +++++
 target/arm/translate-a64.c   |  7 ++--
 24 files changed, 245 insertions(+), 89 deletions(-)

[Qemu-devel] [PULL 01/25] cadence_uart: Check baud rate generator and divider values on migration

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

The Cadence UART device emulator calculates speed by dividing the
baud rate by a 'baud rate generator' & 'baud rate divider' value.
The device specification defines these register values to be
non-zero and within certain limits. Checks were recently added when
writing to these registers but not when restoring from migration.

This patch adds checks when restoring from migration to avoid divide by
zero errors.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 04ae30ed8ee1758cd2d2af880da4d28f74c67738.1481132150.git.alistair.francis@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/cadence_uart.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 0215d65..dba1c53 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -502,6 +502,13 @@ static int cadence_uart_post_load(void *opaque, int version_id)
 {
     CadenceUARTState *s = opaque;
 
+    /* Ensure these two aren't invalid numbers */
+    if (s->r[R_BRGR] < 1 || s->r[R_BRGR] & ~0xFFFF ||
+        s->r[R_BDIV] <= 3 || s->r[R_BDIV] & ~0xFF) {
+        /* Value is invalid, abort */
+        return 1;
+    }
+
     uart_parameters_setup(s);
     uart_update_status(s);
     return 0;
-- 
2.7.4

[Qemu-devel] [PULL 02/25] cadence_uart: Check if receiver timeout counter is disabled

[Peter Maydell]

From: Andrew Gacek <andrew.gacek@gmail.com>

When register Rcvr_timeout_reg0 (R_RTOR in cadence_uart.c) is set to
0, the receiver timeout counter should be disabled. See page 1801 of
"Zynq-7000 AP SoC Technical Reference Manual". This commit adds a
such a check before setting the receive timeout interrupt.

Signed-off-by: Andrew Gacek <andrew.gacek@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/cadence_uart.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index dba1c53..4dcee57 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -138,9 +138,10 @@ static void fifo_trigger_update(void *opaque)
 {
     CadenceUARTState *s = opaque;
 
-    s->r[R_CISR] |= UART_INTR_TIMEOUT;
-
-    uart_update_status(s);
+    if (s->r[R_RTOR]) {
+        s->r[R_CISR] |= UART_INTR_TIMEOUT;
+        uart_update_status(s);
+    }
 }
 
 static void uart_rx_reset(CadenceUARTState *s)
-- 
2.7.4

[Qemu-devel] [PULL 03/25] Correct value of ARM Cortex-A8 MVFR1 register.

[Peter Maydell]

From: Julian Brown <julian@codesourcery.com>

The value of the MVFR1 (Media and VFP Feature Register 1) register for
the Cortex-A8 appears to be incorrect (according to the TRM, DDI0344K),
with the "full denormal arithmetic" and "propagation of NaN" fields
holding both 0 instead of both 1.

I had a go tracing the history of the use of this value, and it seems
it's always just been wrong in QEMU: maybe it was derived from early
documentation, or guessed based on the use of a "VFP Lite" implementation
in the Cortex-A8.

Depending on the startup/early-boot code in use, this can manifest as
failure to perform denormal arithmetic properly: in our case, selecting
a Cortex-A8 CPU when using QEMU as an instruction-set simulator for
bare-metal GCC testing caused tests using denormal arithmetic to
fail. Problems might be masked (or not occur) when using a full OS kernel
with suitable trap handlers (I'm not sure).

Signed-off-by: Julian Brown <julian@codesourcery.com>
Message-id: 1481130858-31767-1-git-send-email-julian@codesourcery.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 99f0dbe..98e2c68 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1055,7 +1055,7 @@ static void cortex_a8_initfn(Object *obj)
     cpu->midr = 0x410fc080;
     cpu->reset_fpsid = 0x410330c0;
     cpu->mvfr0 = 0x11110222;
-    cpu->mvfr1 = 0x00011100;
+    cpu->mvfr1 = 0x00011111;
     cpu->ctr = 0x82048004;
     cpu->reset_sctlr = 0x00c50078;
     cpu->id_pfr0 = 0x1031;
-- 
2.7.4

[Qemu-devel] [PULL 04/25] target-arm: Fix aarch64 vec_reg_offset

[Peter Maydell]

From: Richard Henderson <rth@twiddle.net>

Since CPUARMState.vfp.regs is not 16 byte aligned, the ^ 8 fixup used
for a big-endian host doesn't do what's intended.  Fix this by adding
in the vfp.regs offset after computing the inter-register offset.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1481085020-2614-2-git-send-email-rth@twiddle.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6dc27a6..ef7601b 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -527,7 +527,7 @@ static inline void assert_fp_access_checked(DisasContext *s)
 static inline int vec_reg_offset(DisasContext *s, int regno,
                                  int element, TCGMemOp size)
 {
-    int offs = offsetof(CPUARMState, vfp.regs[regno * 2]);
+    int offs = 0;
 #ifdef HOST_WORDS_BIGENDIAN
     /* This is complicated slightly because vfp.regs[2n] is
      * still the low half and  vfp.regs[2n+1] the high half
@@ -540,6 +540,7 @@ static inline int vec_reg_offset(DisasContext *s, int regno,
 #else
     offs += element * (1 << size);
 #endif
+    offs += offsetof(CPUARMState, vfp.regs[regno * 2]);
     assert_fp_access_checked(s);
     return offs;
 }
-- 
2.7.4

[Qemu-devel] [PULL 05/25] target-arm: Fix aarch64 disas_ldst_single_struct

[Peter Maydell]

From: Richard Henderson <rth@twiddle.net>

We add s->be_data within do_vec_ld/st.  Adding it here means that
we have the wrong bits set in SIZE for a big-endian host, leading
to g_assert_not_reached in write_vec_element and read_vec_element.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1481085020-2614-3-git-send-email-rth@twiddle.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index ef7601b..f673d93 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2830,9 +2830,9 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
         } else {
             /* Load/store one element per register */
             if (is_load) {
-                do_vec_ld(s, rt, index, tcg_addr, s->be_data + scale);
+                do_vec_ld(s, rt, index, tcg_addr, scale);
             } else {
-                do_vec_st(s, rt, index, tcg_addr, s->be_data + scale);
+                do_vec_st(s, rt, index, tcg_addr, scale);
             }
         }
         tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
-- 
2.7.4

[Qemu-devel] [PULL 06/25] hw/intc/arm_gicv3_common: fix aff3 in typer

[Peter Maydell]

From: Andrew Jones <drjones@redhat.com>

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 20161209143703.29457-1-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_common.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 0f8c4b8..0aa9b9c 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -204,7 +204,8 @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
         /* The CPU mp-affinity property is in MPIDR register format; squash
          * the affinity bytes into 32 bits as the GICR_TYPER has them.
          */
-        cpu_affid = (cpu_affid & 0xFF00000000ULL >> 8) | (cpu_affid & 0xFFFFFF);
+        cpu_affid = ((cpu_affid & 0xFF00000000ULL) >> 8) |
+                     (cpu_affid & 0xFFFFFF);
         s->cpu[i].gicr_typer = (cpu_affid << 32) |
             (1 << 24) |
             (i << 8) |
-- 
2.7.4

[Qemu-devel] [PULL 07/25] target-arm: Log AArch64 exception returns

[Peter Maydell]

We already log exception entry; add logging of the AArch64 exception
return path as well.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 target/arm/op_helper.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index cd94216..ba796d8 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -17,6 +17,7 @@
  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "internals.h"
@@ -972,6 +973,9 @@ void HELPER(exception_return)(CPUARMState *env)
         } else {
             env->regs[15] = env->elr_el[cur_el] & ~0x3;
         }
+        qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
+                      "AArch32 EL%d PC 0x%" PRIx32 "\n",
+                      cur_el, new_el, env->regs[15]);
     } else {
         env->aarch64 = 1;
         pstate_write(env, spsr);
@@ -980,6 +984,9 @@ void HELPER(exception_return)(CPUARMState *env)
         }
         aarch64_restore_sp(env, new_el);
         env->pc = env->elr_el[cur_el];
+        qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
+                      "AArch64 EL%d PC 0x%" PRIx64 "\n",
+                      cur_el, new_el, env->pc);
     }
 
     arm_call_el_change_hook(arm_env_get_cpu(env));
@@ -1002,6 +1009,8 @@ illegal_return:
     if (!arm_singlestep_active(env)) {
         env->pstate &= ~PSTATE_SS;
     }
+    qemu_log_mask(LOG_GUEST_ERROR, "Illegal exception return at EL%d: "
+                  "resuming execution at 0x%" PRIx64 "\n", cur_el, env->pc);
 }
 
 /* Return true if the linked breakpoint entry lbn passes its checks */
-- 
2.7.4

[Qemu-devel] [PULL 08/25] hw/intc/arm_gicv3: Remove incorrect usage of fieldoffset

[Peter Maydell]

In the ARMCPRegInfo definitions for the GICv3 CPU interface
registers, we were trying to use .fieldoffset to specify
the locations of data fields within the GICv3CPUState struct.
This is completely broken, because .fieldoffset is for offsets
into the CPUARMState struct. We didn't notice because we
were only using this for reads to BPR0, AP0R<n>, IGRPEN0
and CTLR_EL3, and Linux doesn't use these registers.

Replace the .fieldoffset uses with explicit read functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 hw/intc/arm_gicv3_cpuif.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index bca30c4..35e8eb3 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -1118,35 +1118,35 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_bpr[GICV3_G0]),
+      .readfn = icc_bpr_read,
       .writefn = icc_bpr_write,
     },
     { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][0]),
+      .readfn = icc_ap_read,
       .writefn = icc_ap_write,
     },
     { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][1]),
+      .readfn = icc_ap_read,
       .writefn = icc_ap_write,
     },
     { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][2]),
+      .readfn = icc_ap_read,
       .writefn = icc_ap_write,
     },
     { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][3]),
+      .readfn = icc_ap_read,
       .writefn = icc_ap_write,
     },
     /* All the ICC_AP1R*_EL1 registers are banked */
@@ -1275,7 +1275,7 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
       .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL1_RW, .accessfn = gicv3_fiq_access,
-      .fieldoffset = offsetof(GICv3CPUState, icc_igrpen[GICV3_G0]),
+      .readfn = icc_igrpen_read,
       .writefn = icc_igrpen_write,
     },
     /* This register is banked */
@@ -1299,7 +1299,6 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
       .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4,
       .type = ARM_CP_IO | ARM_CP_NO_RAW,
       .access = PL3_RW,
-      .fieldoffset = offsetof(GICv3CPUState, icc_ctlr_el3),
       .readfn = icc_ctlr_el3_read,
       .writefn = icc_ctlr_el3_write,
     },
-- 
2.7.4

[Qemu-devel] [PULL 09/25] hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU

[Peter Maydell]

The GICv3 requires that we only signal Pending interrupts to
the CPU. This category does not include Pending+Active interrupts,
which means we need to check whether the interrupt is Active in
the gicr_int_pending() and gicd_int_pending() functions.

Interrupts are rarely in the Active+Pending state, but KVM
uses this as part of its handling of the virtual timer, so
this bug was causing KVM to go into an infinite loop of
taking the vtimer interrupt when the guest first triggered it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 hw/intc/arm_gicv3.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index 8a6c647..f0c967b 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -54,6 +54,7 @@ static uint32_t gicd_int_pending(GICv3State *s, int irq)
      *  + the PENDING latch is set OR it is level triggered and the input is 1
      *  + its ENABLE bit is set
      *  + the GICD enable bit for its group is set
+     *  + its ACTIVE bit is not set (otherwise it would be Active+Pending)
      * Conveniently we can bulk-calculate this with bitwise operations.
      */
     uint32_t pend, grpmask;
@@ -63,9 +64,11 @@ static uint32_t gicd_int_pending(GICv3State *s, int irq)
     uint32_t group = *gic_bmp_ptr32(s->group, irq);
     uint32_t grpmod = *gic_bmp_ptr32(s->grpmod, irq);
     uint32_t enable = *gic_bmp_ptr32(s->enabled, irq);
+    uint32_t active = *gic_bmp_ptr32(s->active, irq);
 
     pend = pending | (~edge_trigger & level);
     pend &= enable;
+    pend &= ~active;
 
     if (s->gicd_ctlr & GICD_CTLR_DS) {
         grpmod = 0;
@@ -96,12 +99,14 @@ static uint32_t gicr_int_pending(GICv3CPUState *cs)
      *  + the PENDING latch is set OR it is level triggered and the input is 1
      *  + its ENABLE bit is set
      *  + the GICD enable bit for its group is set
+     *  + its ACTIVE bit is not set (otherwise it would be Active+Pending)
      * Conveniently we can bulk-calculate this with bitwise operations.
      */
     uint32_t pend, grpmask, grpmod;
 
     pend = cs->gicr_ipendr0 | (~cs->edge_trigger & cs->level);
     pend &= cs->gicr_ienabler0;
+    pend &= ~cs->gicr_iactiver0;
 
     if (cs->gic->gicd_ctlr & GICD_CTLR_DS) {
         grpmod = 0;
-- 
2.7.4

[Qemu-devel] [PULL 10/25] hw/arm/virt: add 2.9 machine type

[Peter Maydell]

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
---
 include/hw/compat.h |  3 +++
 hw/arm/virt.c       | 19 +++++++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/include/hw/compat.h b/include/hw/compat.h
index 8dfc7a3..4fe44d1 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -1,6 +1,9 @@
 #ifndef HW_COMPAT_H
 #define HW_COMPAT_H
 
+#define HW_COMPAT_2_8 \
+    /* empty */
+
 #define HW_COMPAT_2_7 \
     {\
         .driver   = "virtio-pci",\
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d04e4ac..11c53a5 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1525,7 +1525,7 @@ static void machvirt_machine_init(void)
 }
 type_init(machvirt_machine_init);
 
-static void virt_2_8_instance_init(Object *obj)
+static void virt_2_9_instance_init(Object *obj)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
 
@@ -1558,10 +1558,25 @@ static void virt_2_8_instance_init(Object *obj)
                                     "Valid values are 2, 3 and host", NULL);
 }
 
+static void virt_machine_2_9_options(MachineClass *mc)
+{
+}
+DEFINE_VIRT_MACHINE_AS_LATEST(2, 9)
+
+#define VIRT_COMPAT_2_8 \
+    HW_COMPAT_2_8
+
+static void virt_2_8_instance_init(Object *obj)
+{
+    virt_2_9_instance_init(obj);
+}
+
 static void virt_machine_2_8_options(MachineClass *mc)
 {
+    virt_machine_2_9_options(mc);
+    SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_8);
 }
-DEFINE_VIRT_MACHINE_AS_LATEST(2, 8)
+DEFINE_VIRT_MACHINE(2, 8)
 
 #define VIRT_COMPAT_2_7 \
     HW_COMPAT_2_7
-- 
2.7.4

[Qemu-devel] [PULL 11/25] m25p80: add support for the mx66l1g45g

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Marcin Krzeminski <marcin.krzeminski@nokia.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-3-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/block/m25p80.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index d29ff4c..e3c1166 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -203,6 +203,7 @@ static const FlashPartInfo known_devices[] = {
     { INFO("mx25l25655e", 0xc22619,      0,  64 << 10, 512, 0) },
     { INFO("mx66u51235f", 0xc2253a,      0,  64 << 10, 1024, ER_4K | ER_32K) },
     { INFO("mx66u1g45g",  0xc2253b,      0,  64 << 10, 2048, ER_4K | ER_32K) },
+    { INFO("mx66l1g45g",  0xc2201b,      0,  64 << 10, 2048, ER_4K | ER_32K) },
 
     /* Micron */
     { INFO("n25q032a11",  0x20bb16,      0,  64 << 10,  64, ER_4K) },
-- 
2.7.4

[Qemu-devel] [PULL 12/25] aspeed: QOMify the CPU object and attach it to the SoC

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-4-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/aspeed_soc.h |  2 +-
 hw/arm/aspeed_soc.c         | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 5406b49..6f1b679 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -27,7 +27,7 @@ typedef struct AspeedSoCState {
     DeviceState parent;
 
     /*< public >*/
-    ARMCPU *cpu;
+    ARMCPU cpu;
     MemoryRegion iomem;
     AspeedVICState vic;
     AspeedTimerCtrlState timerctrl;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index e14f5c2..db145e2 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -87,9 +87,13 @@ static void aspeed_soc_init(Object *obj)
 {
     AspeedSoCState *s = ASPEED_SOC(obj);
     AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+    char *cpu_typename;
     int i;
 
-    s->cpu = cpu_arm_init(sc->info->cpu_model);
+    cpu_typename = g_strdup_printf("%s-" TYPE_ARM_CPU, sc->info->cpu_model);
+    object_initialize(&s->cpu, sizeof(s->cpu), cpu_typename);
+    object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
+    g_free(cpu_typename);
 
     object_initialize(&s->vic, sizeof(s->vic), TYPE_ASPEED_VIC);
     object_property_add_child(obj, "vic", OBJECT(&s->vic), NULL);
@@ -146,6 +150,13 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     memory_region_add_subregion_overlap(get_system_memory(),
                                         ASPEED_SOC_IOMEM_BASE, &s->iomem, -1);
 
+    /* CPU */
+    object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+    if (err) {
+        error_propagate(errp, err);
+        return;
+    }
+
     /* VIC */
     object_property_set_bool(OBJECT(&s->vic), true, "realized", &err);
     if (err) {
@@ -154,9 +165,9 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     }
     sysbus_mmio_map(SYS_BUS_DEVICE(&s->vic), 0, ASPEED_SOC_VIC_BASE);
     sysbus_connect_irq(SYS_BUS_DEVICE(&s->vic), 0,
-                       qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
+                       qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_IRQ));
     sysbus_connect_irq(SYS_BUS_DEVICE(&s->vic), 1,
-                       qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
+                       qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_FIQ));
 
     /* Timer */
     object_property_set_bool(OBJECT(&s->timerctrl), true, "realized", &err);
-- 
2.7.4

[Qemu-devel] [PULL 13/25] aspeed: remove cannot_destroy_with_object_finalize_yet

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

With commit ce5b1bbf624b ("exec: move cpu_exec_init() calls to realize
functions"), we can now remove cannot_destroy_with_object_finalize_yet.

Suggested-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1480434248-27138-5-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed_soc.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index db145e2..3a6b91f 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -251,12 +251,6 @@ static void aspeed_soc_class_init(ObjectClass *oc, void *data)
 
     sc->info = (AspeedSoCInfo *) data;
     dc->realize = aspeed_soc_realize;
-
-    /*
-     * Reason: creates an ARM CPU, thus use after free(), see
-     * arm_cpu_class_init()
-     */
-    dc->cannot_destroy_with_object_finalize_yet = true;
 }
 
 static const TypeInfo aspeed_soc_type_info = {
-- 
2.7.4

[Qemu-devel] [PULL 14/25] aspeed: attach the second SPI controller object to the SoC

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-6-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed_soc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 3a6b91f..82e2712 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -124,7 +124,7 @@ static void aspeed_soc_init(Object *obj)
     for (i = 0; i < sc->info->spis_num; i++) {
         object_initialize(&s->spi[i], sizeof(s->spi[i]),
                           sc->info->spi_typename[i]);
-        object_property_add_child(obj, "spi", OBJECT(&s->spi[i]), NULL);
+        object_property_add_child(obj, "spi[*]", OBJECT(&s->spi[i]), NULL);
         qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
     }
 
-- 
2.7.4

[Qemu-devel] [PULL 15/25] aspeed: extend the board configuration with flash models

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Future machine will use different flash models for the FMC and the SPI
controllers.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-7-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index c7206fd..159d562 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -34,6 +34,8 @@ typedef struct AspeedBoardState {
 typedef struct AspeedBoardConfig {
     const char *soc_name;
     uint32_t hw_strap1;
+    const char *fmc_model;
+    const char *spi_model;
 } AspeedBoardConfig;
 
 enum {
@@ -65,8 +67,18 @@ enum {
         ~SCU_HW_STRAP_2ND_BOOT_WDT)
 
 static const AspeedBoardConfig aspeed_boards[] = {
-    [PALMETTO_BMC] = { "ast2400-a0", PALMETTO_BMC_HW_STRAP1 },
-    [AST2500_EVB]  = { "ast2500-a1", AST2500_EVB_HW_STRAP1 },
+    [PALMETTO_BMC] = {
+        .soc_name  = "ast2400-a0",
+        .hw_strap1 = PALMETTO_BMC_HW_STRAP1,
+        .fmc_model = "n25q256a",
+        .spi_model = "mx25l25635e",
+    },
+    [AST2500_EVB]  = {
+        .soc_name  = "ast2500-a1",
+        .hw_strap1 = AST2500_EVB_HW_STRAP1,
+        .fmc_model = "n25q256a",
+        .spi_model = "mx25l25635e",
+    },
 };
 
 static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
@@ -128,8 +140,8 @@ static void aspeed_board_init(MachineState *machine,
     object_property_add_const_link(OBJECT(&bmc->soc), "ram", OBJECT(&bmc->ram),
                                    &error_abort);
 
-    aspeed_board_init_flashes(&bmc->soc.fmc, "n25q256a", &error_abort);
-    aspeed_board_init_flashes(&bmc->soc.spi[0], "mx25l25635e", &error_abort);
+    aspeed_board_init_flashes(&bmc->soc.fmc, cfg->fmc_model, &error_abort);
+    aspeed_board_init_flashes(&bmc->soc.spi[0], cfg->spi_model, &error_abort);
 
     aspeed_board_binfo.kernel_filename = machine->kernel_filename;
     aspeed_board_binfo.initrd_filename = machine->initrd_filename;
-- 
2.7.4

[Qemu-devel] [PULL 16/25] aspeed: add support for the romulus-bmc board

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

The Romulus machine is an OpenPOWER system with an AST2500 SoC for
the BMC and a POWER9 chip for the host. It does not make much
difference for qemu a part from the fact that the FMC controller has
two SPI flash module.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 1480434248-27138-8-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 159d562..3509011 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -41,8 +41,10 @@ typedef struct AspeedBoardConfig {
 enum {
     PALMETTO_BMC,
     AST2500_EVB,
+    ROMULUS_BMC,
 };
 
+/* Palmetto hardware value: 0x120CE416 */
 #define PALMETTO_BMC_HW_STRAP1 (                                        \
         SCU_AST2400_HW_STRAP_DRAM_SIZE(DRAM_SIZE_256MB) |               \
         SCU_AST2400_HW_STRAP_DRAM_CONFIG(2 /* DDR3 with CL=6, CWL=5 */) | \
@@ -56,6 +58,7 @@ enum {
         SCU_HW_STRAP_VGA_SIZE_SET(VGA_16M_DRAM) |                       \
         SCU_AST2400_HW_STRAP_BOOT_MODE(AST2400_SPI_BOOT))
 
+/* AST2500 evb hardware value: 0xF100C2E6 */
 #define AST2500_EVB_HW_STRAP1 ((                                        \
         AST2500_HW_STRAP1_DEFAULTS |                                    \
         SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE |                     \
@@ -66,6 +69,16 @@ enum {
         SCU_HW_STRAP_MAC0_RGMII) &                                      \
         ~SCU_HW_STRAP_2ND_BOOT_WDT)
 
+/* Romulus hardware value: 0xF10AD206 */
+#define ROMULUS_BMC_HW_STRAP1 (                                         \
+        AST2500_HW_STRAP1_DEFAULTS |                                    \
+        SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE |                     \
+        SCU_AST2500_HW_STRAP_GPIO_STRAP_ENABLE |                        \
+        SCU_AST2500_HW_STRAP_UART_DEBUG |                               \
+        SCU_AST2500_HW_STRAP_DDR4_ENABLE |                              \
+        SCU_AST2500_HW_STRAP_ACPI_ENABLE |                              \
+        SCU_HW_STRAP_SPI_MODE(SCU_HW_STRAP_SPI_MASTER))
+
 static const AspeedBoardConfig aspeed_boards[] = {
     [PALMETTO_BMC] = {
         .soc_name  = "ast2400-a0",
@@ -79,6 +92,12 @@ static const AspeedBoardConfig aspeed_boards[] = {
         .fmc_model = "n25q256a",
         .spi_model = "mx25l25635e",
     },
+    [ROMULUS_BMC]  = {
+        .soc_name  = "ast2500-a1",
+        .hw_strap1 = ROMULUS_BMC_HW_STRAP1,
+        .fmc_model = "n25q256a",
+        .spi_model = "mx66l1g45g",
+    },
 };
 
 static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
@@ -200,10 +219,35 @@ static const TypeInfo ast2500_evb_type = {
     .class_init = ast2500_evb_class_init,
 };
 
+static void romulus_bmc_init(MachineState *machine)
+{
+    aspeed_board_init(machine, &aspeed_boards[ROMULUS_BMC]);
+}
+
+static void romulus_bmc_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->desc = "OpenPOWER Romulus BMC (ARM1176)";
+    mc->init = romulus_bmc_init;
+    mc->max_cpus = 1;
+    mc->no_sdcard = 1;
+    mc->no_floppy = 1;
+    mc->no_cdrom = 1;
+    mc->no_parallel = 1;
+}
+
+static const TypeInfo romulus_bmc_type = {
+    .name = MACHINE_TYPE_NAME("romulus-bmc"),
+    .parent = TYPE_MACHINE,
+    .class_init = romulus_bmc_class_init,
+};
+
 static void aspeed_machine_init(void)
 {
     type_register_static(&palmetto_bmc_type);
     type_register_static(&ast2500_evb_type);
+    type_register_static(&romulus_bmc_type);
 }
 
 type_init(aspeed_machine_init)
-- 
2.7.4

[Qemu-devel] [PULL 17/25] aspeed: add a memory region for SRAM

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

The size of the SRAM depends on the SoC model, so use a per-soc
definition when creating the region.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-9-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/aspeed_soc.h |  2 ++
 hw/arm/aspeed_soc.c         | 52 +++++++++++++++++++++++++++++++++++++--------
 2 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 6f1b679..1ab5dea 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -29,6 +29,7 @@ typedef struct AspeedSoCState {
     /*< public >*/
     ARMCPU cpu;
     MemoryRegion iomem;
+    MemoryRegion sram;
     AspeedVICState vic;
     AspeedTimerCtrlState timerctrl;
     AspeedI2CState i2c;
@@ -46,6 +47,7 @@ typedef struct AspeedSoCInfo {
     const char *cpu_model;
     uint32_t silicon_rev;
     hwaddr sdram_base;
+    uint64_t sram_size;
     int spis_num;
     const hwaddr *spi_bases;
     const char *fmc_typename;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 82e2712..233a6b9 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -29,6 +29,7 @@
 #define ASPEED_SOC_VIC_BASE         0x1E6C0000
 #define ASPEED_SOC_SDMC_BASE        0x1E6E0000
 #define ASPEED_SOC_SCU_BASE         0x1E6E2000
+#define ASPEED_SOC_SRAM_BASE        0x1E720000
 #define ASPEED_SOC_TIMER_BASE       0x1E782000
 #define ASPEED_SOC_I2C_BASE         0x1E78A000
 
@@ -47,15 +48,37 @@ static const char *aspeed_soc_ast2500_typenames[] = {
     "aspeed.smc.ast2500-spi1", "aspeed.smc.ast2500-spi2" };
 
 static const AspeedSoCInfo aspeed_socs[] = {
-    { "ast2400-a0", "arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE,
-      1, aspeed_soc_ast2400_spi_bases,
-      "aspeed.smc.fmc", aspeed_soc_ast2400_typenames },
-    { "ast2400",    "arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE,
-      1, aspeed_soc_ast2400_spi_bases,
-     "aspeed.smc.fmc", aspeed_soc_ast2400_typenames },
-    { "ast2500-a1", "arm1176", AST2500_A1_SILICON_REV, AST2500_SDRAM_BASE,
-      2, aspeed_soc_ast2500_spi_bases,
-      "aspeed.smc.ast2500-fmc", aspeed_soc_ast2500_typenames },
+    {
+        .name         = "ast2400-a0",
+        .cpu_model    = "arm926",
+        .silicon_rev  = AST2400_A0_SILICON_REV,
+        .sdram_base   = AST2400_SDRAM_BASE,
+        .sram_size    = 0x8000,
+        .spis_num     = 1,
+        .spi_bases    = aspeed_soc_ast2400_spi_bases,
+        .fmc_typename = "aspeed.smc.fmc",
+        .spi_typename = aspeed_soc_ast2400_typenames,
+    }, {
+        .name         = "ast2400",
+        .cpu_model    = "arm926",
+        .silicon_rev  = AST2400_A0_SILICON_REV,
+        .sdram_base   = AST2400_SDRAM_BASE,
+        .sram_size    = 0x8000,
+        .spis_num     = 1,
+        .spi_bases    = aspeed_soc_ast2400_spi_bases,
+        .fmc_typename = "aspeed.smc.fmc",
+        .spi_typename = aspeed_soc_ast2400_typenames,
+    }, {
+        .name         = "ast2500-a1",
+        .cpu_model    = "arm1176",
+        .silicon_rev  = AST2500_A1_SILICON_REV,
+        .sdram_base   = AST2500_SDRAM_BASE,
+        .sram_size    = 0x9000,
+        .spis_num     = 2,
+        .spi_bases    = aspeed_soc_ast2500_spi_bases,
+        .fmc_typename = "aspeed.smc.ast2500-fmc",
+        .spi_typename = aspeed_soc_ast2500_typenames,
+    },
 };
 
 /*
@@ -157,6 +180,17 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
         return;
     }
 
+    /* SRAM */
+    memory_region_init_ram(&s->sram, OBJECT(dev), "aspeed.sram",
+                           sc->info->sram_size, &err);
+    if (err) {
+        error_propagate(errp, err);
+        return;
+    }
+    vmstate_register_ram_global(&s->sram);
+    memory_region_add_subregion(get_system_memory(), ASPEED_SOC_SRAM_BASE,
+                                &s->sram);
+
     /* VIC */
     object_property_set_bool(OBJECT(&s->vic), true, "realized", &err);
     if (err) {
-- 
2.7.4

[Qemu-devel] [PULL 18/25] aspeed: add the definitions for the AST2400 A1 SoC

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

There is not much differences with the A0 revision apart from the DDR
calibration.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-10-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/misc/aspeed_scu.h |  1 +
 hw/arm/aspeed_soc.c          | 10 ++++++++++
 hw/misc/aspeed_scu.c         |  2 ++
 hw/misc/aspeed_sdmc.c        |  3 +++
 4 files changed, 16 insertions(+)

diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index 14ffc43..bd4ac01 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -32,6 +32,7 @@ typedef struct AspeedSCUState {
 } AspeedSCUState;
 
 #define AST2400_A0_SILICON_REV   0x02000303U
+#define AST2400_A1_SILICON_REV   0x02010303U
 #define AST2500_A0_SILICON_REV   0x04000303U
 #define AST2500_A1_SILICON_REV   0x04010303U
 
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 233a6b9..d111d2e 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -59,6 +59,16 @@ static const AspeedSoCInfo aspeed_socs[] = {
         .fmc_typename = "aspeed.smc.fmc",
         .spi_typename = aspeed_soc_ast2400_typenames,
     }, {
+        .name         = "ast2400-a1",
+        .cpu_model    = "arm926",
+        .silicon_rev  = AST2400_A1_SILICON_REV,
+        .sdram_base   = AST2400_SDRAM_BASE,
+        .sram_size    = 0x8000,
+        .spis_num     = 1,
+        .spi_bases    = aspeed_soc_ast2400_spi_bases,
+        .fmc_typename = "aspeed.smc.fmc",
+        .spi_typename = aspeed_soc_ast2400_typenames,
+    }, {
         .name         = "ast2400",
         .cpu_model    = "arm926",
         .silicon_rev  = AST2400_A0_SILICON_REV,
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index b1f3e6f..34e8638 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -231,6 +231,7 @@ static void aspeed_scu_reset(DeviceState *dev)
 
     switch (s->silicon_rev) {
     case AST2400_A0_SILICON_REV:
+    case AST2400_A1_SILICON_REV:
         reset = ast2400_a0_resets;
         break;
     case AST2500_A0_SILICON_REV:
@@ -249,6 +250,7 @@ static void aspeed_scu_reset(DeviceState *dev)
 
 static uint32_t aspeed_silicon_revs[] = {
     AST2400_A0_SILICON_REV,
+    AST2400_A1_SILICON_REV,
     AST2500_A0_SILICON_REV,
     AST2500_A1_SILICON_REV,
 };
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
index 8830dc0..5f3ac0b 100644
--- a/hw/misc/aspeed_sdmc.c
+++ b/hw/misc/aspeed_sdmc.c
@@ -119,6 +119,7 @@ static void aspeed_sdmc_write(void *opaque, hwaddr addr, uint64_t data,
         /* Make sure readonly bits are kept */
         switch (s->silicon_rev) {
         case AST2400_A0_SILICON_REV:
+        case AST2400_A1_SILICON_REV:
             data &= ~ASPEED_SDMC_READONLY_MASK;
             break;
         case AST2500_A0_SILICON_REV:
@@ -193,6 +194,7 @@ static void aspeed_sdmc_reset(DeviceState *dev)
     /* Set ram size bit and defaults values */
     switch (s->silicon_rev) {
     case AST2400_A0_SILICON_REV:
+    case AST2400_A1_SILICON_REV:
         s->regs[R_CONF] |=
             ASPEED_SDMC_VGA_COMPAT |
             ASPEED_SDMC_DRAM_SIZE(s->ram_bits);
@@ -224,6 +226,7 @@ static void aspeed_sdmc_realize(DeviceState *dev, Error **errp)
 
     switch (s->silicon_rev) {
     case AST2400_A0_SILICON_REV:
+    case AST2400_A1_SILICON_REV:
         s->ram_bits = ast2400_rambits(s);
         break;
     case AST2500_A0_SILICON_REV:
-- 
2.7.4

[Qemu-devel] [PULL 19/25] aspeed: change SoC revision of the palmetto-bmc machine

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

The palmetto BMC machine uses a AST2400 revision A1 SoC.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-11-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 3509011..bc70b38 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -81,7 +81,7 @@ enum {
 
 static const AspeedBoardConfig aspeed_boards[] = {
     [PALMETTO_BMC] = {
-        .soc_name  = "ast2400-a0",
+        .soc_name  = "ast2400-a1",
         .hw_strap1 = PALMETTO_BMC_HW_STRAP1,
         .fmc_model = "n25q256a",
         .spi_model = "mx25l25635e",
-- 
2.7.4

[Qemu-devel] [PULL 20/25] aspeed/scu: fix SCU region size

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 1480434248-27138-12-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/misc/aspeed_scu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 34e8638..95022d3 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -86,7 +86,7 @@
 #define BMC_DEV_ID           TO_REG(0x1A4)
 
 #define PROT_KEY_UNLOCK 0x1688A8A8
-#define SCU_IO_REGION_SIZE 0x20000
+#define SCU_IO_REGION_SIZE 0x1000
 
 static const uint32_t ast2400_a0_resets[ASPEED_SCU_NR_REGS] = {
      [SYS_RST_CTRL]    = 0xFFCFFEDCU,
-- 
2.7.4

[Qemu-devel] [PULL 21/25] aspeed/smc: improve segment register support

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

The HW does not enforce all the rules in the specs and allows a few
"curious" setups like zero size segments and overlaps. So change the
model to be in sync but keep the warnings which are always interesting
for debug.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 1480434248-27138-13-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/aspeed_smc.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 6e8403e..78f5aed 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -253,7 +253,8 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs,
         qemu_log_mask(LOG_GUEST_ERROR,
                       "%s: Tried to change CS0 start address to 0x%"
                       HWADDR_PRIx "\n", s->ctrl->name, seg.addr);
-        return;
+        seg.addr = s->ctrl->flash_window_base;
+        new = aspeed_smc_segment_to_reg(&seg);
     }
 
     /*
@@ -267,8 +268,10 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs,
         s->ctrl->segments[cs].size) {
         qemu_log_mask(LOG_GUEST_ERROR,
                       "%s: Tried to change CS%d end address to 0x%"
-                      HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr);
-        return;
+                      HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr + seg.size);
+        seg.size = s->ctrl->segments[cs].addr + s->ctrl->segments[cs].size -
+            seg.addr;
+        new = aspeed_smc_segment_to_reg(&seg);
     }
 
     /* Keep the segment in the overall flash window */
@@ -281,16 +284,14 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs,
     }
 
     /* Check start address vs. alignment */
-    if (seg.addr % seg.size) {
+    if (seg.size && !QEMU_IS_ALIGNED(seg.addr, seg.size)) {
         qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is not "
                       "aligned : [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n",
                       s->ctrl->name, cs, seg.addr, seg.addr + seg.size);
     }
 
-    /* And segments should not overlap */
-    if (aspeed_smc_flash_overlap(s, &seg, cs)) {
-        return;
-    }
+    /* And segments should not overlap (in the specs) */
+    aspeed_smc_flash_overlap(s, &seg, cs);
 
     /* All should be fine now to move the region */
     memory_region_transaction_begin();
-- 
2.7.4

[Qemu-devel] [PULL 22/25] aspeed/smc: set the number of flash modules for the FMC controller

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Add a new configuration field at the board level and propagate the
value using the "num-cs" property of the FMC controller model.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1480434248-27138-14-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed.c     | 6 ++++++
 hw/arm/aspeed_soc.c | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index bc70b38..40c1383 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -36,6 +36,7 @@ typedef struct AspeedBoardConfig {
     uint32_t hw_strap1;
     const char *fmc_model;
     const char *spi_model;
+    uint32_t num_cs;
 } AspeedBoardConfig;
 
 enum {
@@ -85,18 +86,21 @@ static const AspeedBoardConfig aspeed_boards[] = {
         .hw_strap1 = PALMETTO_BMC_HW_STRAP1,
         .fmc_model = "n25q256a",
         .spi_model = "mx25l25635e",
+        .num_cs    = 1,
     },
     [AST2500_EVB]  = {
         .soc_name  = "ast2500-a1",
         .hw_strap1 = AST2500_EVB_HW_STRAP1,
         .fmc_model = "n25q256a",
         .spi_model = "mx25l25635e",
+        .num_cs    = 1,
     },
     [ROMULUS_BMC]  = {
         .soc_name  = "ast2500-a1",
         .hw_strap1 = ROMULUS_BMC_HW_STRAP1,
         .fmc_model = "n25q256a",
         .spi_model = "mx66l1g45g",
+        .num_cs    = 2,
     },
 };
 
@@ -143,6 +147,8 @@ static void aspeed_board_init(MachineState *machine,
                            &error_abort);
     object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap1, "hw-strap1",
                             &error_abort);
+    object_property_set_int(OBJECT(&bmc->soc), cfg->num_cs, "num-cs",
+                            &error_abort);
     object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
                              &error_abort);
 
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index d111d2e..b3e7f07 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -153,6 +153,8 @@ static void aspeed_soc_init(Object *obj)
     object_initialize(&s->fmc, sizeof(s->fmc), sc->info->fmc_typename);
     object_property_add_child(obj, "fmc", OBJECT(&s->fmc), NULL);
     qdev_set_parent_bus(DEVICE(&s->fmc), sysbus_get_default());
+    object_property_add_alias(obj, "num-cs", OBJECT(&s->fmc), "num-cs",
+                              &error_abort);
 
     for (i = 0; i < sc->info->spis_num; i++) {
         object_initialize(&s->spi[i], sizeof(s->spi[i]),
@@ -250,10 +252,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     sysbus_connect_irq(SYS_BUS_DEVICE(&s->i2c), 0,
                        qdev_get_gpio_in(DEVICE(&s->vic), 12));
 
-    /* FMC */
-    object_property_set_int(OBJECT(&s->fmc), 1, "num-cs", &err);
-    object_property_set_bool(OBJECT(&s->fmc), true, "realized", &local_err);
-    error_propagate(&err, local_err);
+    /* FMC, The number of CS is set at the board level */
+    object_property_set_bool(OBJECT(&s->fmc), true, "realized", &err);
     if (err) {
         error_propagate(errp, err);
         return;
-- 
2.7.4

[Qemu-devel] [PULL 23/25] hw/arm: remove trailing whitespace

[Peter Maydell]

From: Alastair D'Silva <alastair@d-silva.org>

Remove trailing whitespace in hw/arm/pxa2xx.c

Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Message-id: 20161202054617.6749-3-alastair@au1.ibm.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/pxa2xx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 21ea1d6..8aa0f8a 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -2070,7 +2070,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
     }
     if (!revision)
         revision = "pxa270";
-    
+
     s->cpu = cpu_arm_init(revision);
     if (s->cpu == NULL) {
         fprintf(stderr, "Unable to find CPU definition\n");
-- 
2.7.4

[Qemu-devel] [PULL 24/25] hw/i2c: Add a NULL check for i2c slave init callbacks

[Peter Maydell]

From: Alastair D'Silva <alastair@d-silva.org>

Add a NULL check for i2c slave init callbacks, so that we no longer
need to implement empty init functions.

Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Message-id: 20161202054617.6749-4-alastair@au1.ibm.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: squashed in later tweak from Alistair to if() phrasing]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/pxa2xx.c   | 7 -------
 hw/arm/tosa.c     | 7 -------
 hw/arm/z2.c       | 7 -------
 hw/i2c/core.c     | 6 +++++-
 hw/timer/ds1338.c | 6 ------
 5 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 8aa0f8a..bdcf6bc 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -1449,17 +1449,10 @@ static const VMStateDescription vmstate_pxa2xx_i2c = {
     }
 };
 
-static int pxa2xx_i2c_slave_init(I2CSlave *i2c)
-{
-    /* Nothing to do.  */
-    return 0;
-}
-
 static void pxa2xx_i2c_slave_class_init(ObjectClass *klass, void *data)
 {
     I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-    k->init = pxa2xx_i2c_slave_init;
     k->event = pxa2xx_i2c_event;
     k->recv = pxa2xx_i2c_rx;
     k->send = pxa2xx_i2c_tx;
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 1ee12f4..39d9dbb 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -202,12 +202,6 @@ static int tosa_dac_recv(I2CSlave *s)
     return -1;
 }
 
-static int tosa_dac_init(I2CSlave *i2c)
-{
-    /* Nothing to do.  */
-    return 0;
-}
-
 static void tosa_tg_init(PXA2xxState *cpu)
 {
     I2CBus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
@@ -275,7 +269,6 @@ static void tosa_dac_class_init(ObjectClass *klass, void *data)
 {
     I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-    k->init = tosa_dac_init;
     k->event = tosa_dac_event;
     k->recv = tosa_dac_recv;
     k->send = tosa_dac_send;
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index 68a92f3..b3a6bbd 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -263,12 +263,6 @@ static int aer915_recv(I2CSlave *slave)
     return retval;
 }
 
-static int aer915_init(I2CSlave *i2c)
-{
-    /* Nothing to do.  */
-    return 0;
-}
-
 static VMStateDescription vmstate_aer915_state = {
     .name = "aer915",
     .version_id = 1,
@@ -285,7 +279,6 @@ static void aer915_class_init(ObjectClass *klass, void *data)
     DeviceClass *dc = DEVICE_CLASS(klass);
     I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-    k->init = aer915_init;
     k->event = aer915_event;
     k->recv = aer915_recv;
     k->send = aer915_send;
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index abd4c4c..e40781e 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -260,7 +260,11 @@ static int i2c_slave_qdev_init(DeviceState *dev)
     I2CSlave *s = I2C_SLAVE(dev);
     I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
 
-    return sc->init(s);
+    if (sc->init) {
+        return sc->init(s);
+    }
+
+    return 0;
 }
 
 DeviceState *i2c_create_slave(I2CBus *bus, const char *name, uint8_t addr)
diff --git a/hw/timer/ds1338.c b/hw/timer/ds1338.c
index 0112949..f5d04dd 100644
--- a/hw/timer/ds1338.c
+++ b/hw/timer/ds1338.c
@@ -198,11 +198,6 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
     return 0;
 }
 
-static int ds1338_init(I2CSlave *i2c)
-{
-    return 0;
-}
-
 static void ds1338_reset(DeviceState *dev)
 {
     DS1338State *s = DS1338(dev);
@@ -220,7 +215,6 @@ static void ds1338_class_init(ObjectClass *klass, void *data)
     DeviceClass *dc = DEVICE_CLASS(klass);
     I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-    k->init = ds1338_init;
     k->event = ds1338_event;
     k->recv = ds1338_recv;
     k->send = ds1338_send;
-- 
2.7.4

[Qemu-devel] [PULL 25/25] target-arm: Add VBAR support to ARM1176 CPUs

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

ARM1176 CPUs have TrustZone support and can use the Vector Base
Address Register, but currently, qemu only adds VBAR support to ARMv7
CPUs. Fix this by adding a new feature ARM_FEATURE_VBAR which can used
for ARMv7 and ARM1176 CPUs.

The VBAR feature is always set for ARMv7 because some legacy boards
require it even if this is not architecturally correct.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1481810970-9692-1-git-send-email-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    |  1 +
 target/arm/cpu.c    |  9 +++++++++
 target/arm/helper.c | 19 +++++++++++++------
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ca5c849..ab119e6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1125,6 +1125,7 @@ enum arm_features {
     ARM_FEATURE_V8_PMULL, /* implements PMULL part of v8 Crypto Extensions */
     ARM_FEATURE_THUMB_DSP, /* DSP insns supported in the Thumb encodings */
     ARM_FEATURE_PMU, /* has PMU support */
+    ARM_FEATURE_VBAR, /* has cp15 VBAR */
 };
 
 static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 98e2c68..f5cb30a 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -597,6 +597,11 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
         } else {
             set_feature(env, ARM_FEATURE_V6);
         }
+
+        /* Always define VBAR for V7 CPUs even if it doesn't exist in
+         * non-EL3 configs. This is needed by some legacy boards.
+         */
+        set_feature(env, ARM_FEATURE_VBAR);
     }
     if (arm_feature(env, ARM_FEATURE_V6K)) {
         set_feature(env, ARM_FEATURE_V6);
@@ -721,6 +726,10 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
         }
     }
 
+    if (arm_feature(env, ARM_FEATURE_EL3)) {
+        set_feature(env, ARM_FEATURE_VBAR);
+    }
+
     register_cp_regs_for_features(cpu);
     arm_cpu_register_gdb_regs_for_features(cpu);
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b5b65ca..8dcabbf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1252,12 +1252,6 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS,
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
       .writefn = pmintenclr_write },
-    { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
-      .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
-      .access = PL1_RW, .writefn = vbar_write,
-      .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
-                             offsetof(CPUARMState, cp15.vbar_ns) },
-      .resetvalue = 0 },
     { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
       .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
@@ -5094,6 +5088,19 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         }
     }
 
+    if (arm_feature(env, ARM_FEATURE_VBAR)) {
+        ARMCPRegInfo vbar_cp_reginfo[] = {
+            { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
+              .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
+              .access = PL1_RW, .writefn = vbar_write,
+              .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
+                                     offsetof(CPUARMState, cp15.vbar_ns) },
+              .resetvalue = 0 },
+            REGINFO_SENTINEL
+        };
+        define_arm_cp_regs(cpu, vbar_cp_reginfo);
+    }
+
     /* Generic registers whose values depend on the implementation */
     {
         ARMCPRegInfo sctlr = {
-- 
2.7.4

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 27 December 2016 at 15:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> First target-arm pull for 2.9; nothing particularly exciting here.
>
> thanks
> -- PMM
>
> The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2016-12-22 19:23:51 +0000)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161227
>
> for you to fetch changes up to 91db4642f868cf2e591b62d31a19d35b02ea791e:
>
>   target-arm: Add VBAR support to ARM1176 CPUs (2016-12-27 14:59:30 +0000)
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 20 August 2018 at 11:31, Peter Maydell <peter.maydell@linaro.org> wrote:
> Some more outstanding target-arm patches; nothing terribly
> exciting. Mostly they're mine; I'm trying to reduce the
> number of patches I still have in flight, so I've picked
> out some of the reviewed patches from a couple of sets I've
> sent out and will resend v2 versions of those sets with the
> remaining patches with fixes for issues noted in review once
> this is in master.
>
> thanks
> -- PMM
>
>
> The following changes since commit adaec191bfb31e12d40af8ab1b869f5b40d61ee9:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2018-08-20 09:48:03 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180820
>
> for you to fetch changes up to b85fad1588e812566f897f747e38da345a7016d6:
>
>   hw/dma/pl080: Remove hw_error() if DMA is enabled (2018-08-20 11:24:33 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Fix crash on conditional instruction in an IT block
>  * docs/generic-loader: mention U-Boot and Intel HEX executable formats
>  * hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
>  * imx_serial: Generate interrupt on receive data ready if enabled
>  * Fix various minor bugs in AArch32 Hyp related coprocessor registers
>  * Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
>  * Implement AArch32 ERET instruction
>  * hw/arm/virt: Add virt-3.1 machine type
>  * sdhci: add i.MX SD Stable Clock bit
>  * Remove now-obsolete MMIO request_ptr APIs
>  * hw/timer/m48t59: Move away from old_mmio accessors
>  * hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
>  * nvic: Expose NMI line
>  * hw/dma/pl080: cleanups and new features required for use in MPS boards
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

Some more outstanding target-arm patches; nothing terribly
exciting. Mostly they're mine; I'm trying to reduce the
number of patches I still have in flight, so I've picked
out some of the reviewed patches from a couple of sets I've
sent out and will resend v2 versions of those sets with the
remaining patches with fixes for issues noted in review once
this is in master.

thanks
-- PMM


The following changes since commit adaec191bfb31e12d40af8ab1b869f5b40d61ee9:

  Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2018-08-20 09:48:03 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180820

for you to fetch changes up to b85fad1588e812566f897f747e38da345a7016d6:

  hw/dma/pl080: Remove hw_error() if DMA is enabled (2018-08-20 11:24:33 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix crash on conditional instruction in an IT block
 * docs/generic-loader: mention U-Boot and Intel HEX executable formats
 * hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
 * imx_serial: Generate interrupt on receive data ready if enabled
 * Fix various minor bugs in AArch32 Hyp related coprocessor registers
 * Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
 * Implement AArch32 ERET instruction
 * hw/arm/virt: Add virt-3.1 machine type
 * sdhci: add i.MX SD Stable Clock bit
 * Remove now-obsolete MMIO request_ptr APIs
 * hw/timer/m48t59: Move away from old_mmio accessors
 * hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
 * nvic: Expose NMI line
 * hw/dma/pl080: cleanups and new features required for use in MPS boards

----------------------------------------------------------------
Andrew Jones (1):
      hw/arm/virt: Add virt-3.1 machine type

Hans-Erik Floryd (2):
      imx_serial: Generate interrupt on receive data ready if enabled
      sdhci: add i.MX SD Stable Clock bit

Jia He (1):
      hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset

Peter Maydell (19):
      target/arm: Correct typo in HAMAIR1 regdef name
      target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
      target/arm: Implement AArch32 HVBAR
      target/arm: Implement AArch32 Hyp FARs
      target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
      target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
      target/arm: Implement AArch32 ERET instruction
      hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
      memory: Remove MMIO request_ptr APIs
      hw/misc: Remove mmio_interface device
      hw/timer/m48t59: Move away from old_mmio accessors
      hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
      nvic: Expose NMI line
      hw/dma/pl080: Allow use as embedded-struct device
      hw/dma/pl080: Support all three interrupt lines
      hw/dma/pl080: Don't use CPU address space for DMA accesses
      hw/dma/pl080: Provide device reset function
      hw/dma/pl080: Correct bug in register address decode logic
      hw/dma/pl080: Remove hw_error() if DMA is enabled

Roman Kapl (1):
      target/arm: Fix crash on conditional instruction in an IT block

Stefan Hajnoczi (1):
      docs/generic-loader: mention U-Boot and Intel HEX executable formats

 docs/generic-loader.txt                  |  20 +-
 Makefile.objs                            |   1 +
 hw/misc/Makefile.objs                    |   1 -
 hw/watchdog/Makefile.objs                |   1 +
 hw/sd/sdhci-internal.h                   |   2 +
 include/exec/memory.h                    |  35 ----
 include/hw/char/imx_serial.h             |   1 +
 include/hw/dma/pl080.h                   |  71 +++++++
 include/hw/misc/mmio_interface.h         |  49 -----
 include/hw/watchdog/cmsdk-apb-watchdog.h |  59 ++++++
 hw/arm/armv7m.c                          |   1 +
 hw/arm/realview.c                        |   8 +-
 hw/arm/versatilepb.c                     |   9 +-
 hw/arm/virt.c                            |  23 ++-
 hw/char/imx_serial.c                     |   3 +-
 hw/dma/pl080.c                           | 113 ++++++-----
 hw/intc/arm_gicv3_its_kvm.c              |   2 +-
 hw/intc/armv7m_nvic.c                    |  19 ++
 hw/misc/mmio_interface.c                 | 135 -------------
 hw/sd/sdhci.c                            |   8 +
 hw/ssi/xilinx_spips.c                    |  46 -----
 hw/timer/m48t59.c                        |  59 ++----
 hw/watchdog/cmsdk-apb-watchdog.c         | 326 +++++++++++++++++++++++++++++++
 memory.c                                 | 110 -----------
 target/arm/helper.c                      |  36 +++-
 target/arm/op_helper.c                   |  22 +--
 target/arm/translate.c                   |  76 +++++--
 MAINTAINERS                              |   3 +
 default-configs/arm-softmmu.mak          |   1 +
 hw/intc/trace-events                     |   1 +
 hw/watchdog/trace-events                 |   6 +
 31 files changed, 717 insertions(+), 530 deletions(-)
 create mode 100644 include/hw/dma/pl080.h
 delete mode 100644 include/hw/misc/mmio_interface.h
 create mode 100644 include/hw/watchdog/cmsdk-apb-watchdog.h
 delete mode 100644 hw/misc/mmio_interface.c
 create mode 100644 hw/watchdog/cmsdk-apb-watchdog.c
 create mode 100644 hw/watchdog/trace-events

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 31 May 2018 at 17:00, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue. This has the "plumb txattrs through various
> bits of exec.c" patches, and a collection of bug fixes from
> various people.
>
> v2: fix compile error on arm hosts...
>
> thanks
> -- PMM
>
>
> The following changes since commit a3ac12fba028df90f7b3dbec924995c126c41022:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging (2018-05-31 11:12:36 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180531-1
>
> for you to fetch changes up to 2f15b79280cf71b7991dfd3f0312a1797630e376:
>
>   KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice (2018-05-31 16:32:35 +0100)
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

target-arm queue. This has the "plumb txattrs through various
bits of exec.c" patches, and a collection of bug fixes from
various people.

v2: fix compile error on arm hosts...

thanks
-- PMM


The following changes since commit a3ac12fba028df90f7b3dbec924995c126c41022:

  Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging (2018-05-31 11:12:36 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180531-1

for you to fetch changes up to 2f15b79280cf71b7991dfd3f0312a1797630e376:

  KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice (2018-05-31 16:32:35 +0100)

----------------------------------------------------------------
target-arm queue:
 * target/arm: Honour FPCR.FZ in FRECPX
 * MAINTAINERS: Add entries for newer MPS2 boards and devices
 * hw/intc/arm_gicv3: Fix APxR<n> register dispatching
 * arm_gicv3_kvm: fix bug in writing zero bits back to the in-kernel
   GIC state
 * tcg: Fix helper function vs host abi for float16
 * arm: fix qemu crash on startup with -bios option
 * arm: fix malloc type mismatch
 * xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
 * Correct CPACR reset value for v7 cores
 * memory.h: Improve IOMMU related documentation
 * exec: Plumb transaction attributes through various functions in
   preparation for allowing IOMMUs to see them
 * vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY
 * ARM: ACPI: Fix use-after-free due to memory realloc
 * KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice

----------------------------------------------------------------
Francisco Iglesias (1):
      xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors

Igor Mammedov (1):
      arm: fix qemu crash on startup with -bios option

Jan Kiszka (1):
      hw/intc/arm_gicv3: Fix APxR<n> register dispatching

Paolo Bonzini (1):
      arm: fix malloc type mismatch

Peter Maydell (17):
      target/arm: Honour FPCR.FZ in FRECPX
      MAINTAINERS: Add entries for newer MPS2 boards and devices
      Correct CPACR reset value for v7 cores
      memory.h: Improve IOMMU related documentation
      Make tb_invalidate_phys_addr() take a MemTxAttrs argument
      Make address_space_translate{, _cached}() take a MemTxAttrs argument
      Make address_space_map() take a MemTxAttrs argument
      Make address_space_access_valid() take a MemTxAttrs argument
      Make flatview_extend_translation() take a MemTxAttrs argument
      Make memory_region_access_valid() take a MemTxAttrs argument
      Make MemoryRegion valid.accepts callback take a MemTxAttrs argument
      Make flatview_access_valid() take a MemTxAttrs argument
      Make flatview_translate() take a MemTxAttrs argument
      Make address_space_get_iotlb_entry() take a MemTxAttrs argument
      Make flatview_do_translate() take a MemTxAttrs argument
      Make address_space_translate_iommu take a MemTxAttrs argument
      vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY

Richard Henderson (1):
      tcg: Fix helper function vs host abi for float16

Shannon Zhao (3):
      arm_gicv3_kvm: increase clroffset accordingly
      ARM: ACPI: Fix use-after-free due to memory realloc
      KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice

 include/exec/exec-all.h        |   5 +-
 include/exec/helper-head.h     |   2 +-
 include/exec/memory-internal.h |   3 +-
 include/exec/memory.h          | 128 +++++++++++++++++++++++++++++++++++------
 include/migration/vmstate.h    |   3 +
 include/sysemu/dma.h           |   6 +-
 accel/tcg/translate-all.c      |   4 +-
 exec.c                         |  95 ++++++++++++++++++------------
 hw/arm/boot.c                  |  18 +++---
 hw/arm/virt-acpi-build.c       |  20 +++++--
 hw/dma/xlnx-zdma.c             |  10 +++-
 hw/hppa/dino.c                 |   3 +-
 hw/intc/arm_gic_kvm.c          |   1 -
 hw/intc/arm_gicv3_cpuif.c      |  12 ++--
 hw/intc/arm_gicv3_kvm.c        |   2 +-
 hw/nvram/fw_cfg.c              |  12 ++--
 hw/s390x/s390-pci-inst.c       |   3 +-
 hw/scsi/esp.c                  |   3 +-
 hw/vfio/common.c               |   3 +-
 hw/virtio/vhost.c              |   3 +-
 hw/xen/xen_pt_msi.c            |   3 +-
 memory.c                       |  12 ++--
 memory_ldst.inc.c              |  18 +++---
 target/arm/gdbstub.c           |   3 +-
 target/arm/helper-a64.c        |  41 +++++++------
 target/arm/helper.c            |  90 ++++++++++++++++-------------
 target/arm/kvm.c               |   3 +-
 target/ppc/mmu-hash64.c        |   3 +-
 target/riscv/helper.c          |   2 +-
 target/s390x/diag.c            |   6 +-
 target/s390x/excp_helper.c     |   3 +-
 target/s390x/mmu_helper.c      |   3 +-
 target/s390x/sigp.c            |   3 +-
 target/xtensa/op_helper.c      |   3 +-
 MAINTAINERS                    |   9 ++-
 35 files changed, 355 insertions(+), 183 deletions(-)

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180531142357.904-1-peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 00/25] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   fe817a8a0d..a3ac12fba0  master     -> master
 t [tag update]            patchew/1527736557-11084-1-git-send-email-zhaoshenglong@huawei.com -> patchew/1527736557-11084-1-git-send-email-zhaoshenglong@huawei.com
 * [new tag]               patchew/20180531142357.904-1-peter.maydell@linaro.org -> patchew/20180531142357.904-1-peter.maydell@linaro.org
Switched to a new branch 'test'
a487bba092 KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice
5a3bf5043e ARM: ACPI: Fix use-after-free due to memory realloc
676e28bdf5 vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY
d7aae0ee61 Make address_space_translate_iommu take a MemTxAttrs argument
12bb5f653d Make flatview_do_translate() take a MemTxAttrs argument
8a6e14496d Make address_space_get_iotlb_entry() take a MemTxAttrs argument
9cac582143 Make flatview_translate() take a MemTxAttrs argument
55db02aca6 Make flatview_access_valid() take a MemTxAttrs argument
f87f897086 Make MemoryRegion valid.accepts callback take a MemTxAttrs argument
9aa53aa0d4 Make memory_region_access_valid() take a MemTxAttrs argument
7b418bb6cf Make flatview_extend_translation() take a MemTxAttrs argument
377f13129d Make address_space_access_valid() take a MemTxAttrs argument
0649977ea0 Make address_space_map() take a MemTxAttrs argument
aa2f49abf1 Make address_space_translate{, _cached}() take a MemTxAttrs argument
105bf37846 Make tb_invalidate_phys_addr() take a MemTxAttrs argument
73b69cf0cd memory.h: Improve IOMMU related documentation
0031fdaa47 Correct CPACR reset value for v7 cores
0926c82acb xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
48374ca065 arm: fix malloc type mismatch
427a2da078 arm: fix qemu crash on startup with -bios option
fe5e7fe927 tcg: Fix helper function vs host abi for float16
726e508937 arm_gicv3_kvm: increase clroffset accordingly
b6fb16391d hw/intc/arm_gicv3: Fix APxR<n> register dispatching
420d87bf34 MAINTAINERS: Add entries for newer MPS2 boards and devices
101898757f target/arm: Honour FPCR.FZ in FRECPX

=== OUTPUT BEGIN ===
Checking PATCH 1/25: target/arm: Honour FPCR.FZ in FRECPX...
Checking PATCH 2/25: MAINTAINERS: Add entries for newer MPS2 boards and devices...
Checking PATCH 3/25: hw/intc/arm_gicv3: Fix APxR<n> register dispatching...
Checking PATCH 4/25: arm_gicv3_kvm: increase clroffset accordingly...
Checking PATCH 5/25: tcg: Fix helper function vs host abi for float16...
ERROR: space prohibited before that close parenthesis ')'
#242: FILE: target/arm/helper.c:11367:
+    CONV_FTOI(vfp_to##name##p, ftype, fsz, sign, )        \

ERROR: space prohibited before that close parenthesis ')'
#251: FILE: target/arm/helper.c:11370:
+FLOAT_CONVS(si, h, uint32_t, 16, )

ERROR: space prohibited before that close parenthesis ')'
#252: FILE: target/arm/helper.c:11371:
+FLOAT_CONVS(si, s, float32, 32, )

ERROR: space prohibited before that close parenthesis ')'
#253: FILE: target/arm/helper.c:11372:
+FLOAT_CONVS(si, d, float64, 64, )

total: 4 errors, 0 warnings, 312 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/25: arm: fix qemu crash on startup with -bios option...
Checking PATCH 7/25: arm: fix malloc type mismatch...
Checking PATCH 8/25: xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors...
Checking PATCH 9/25: Correct CPACR reset value for v7 cores...
Checking PATCH 10/25: memory.h: Improve IOMMU related documentation...
Checking PATCH 11/25: Make tb_invalidate_phys_addr() take a MemTxAttrs argument...
Checking PATCH 12/25: Make address_space_translate{, _cached}() take a MemTxAttrs argument...
Checking PATCH 13/25: Make address_space_map() take a MemTxAttrs argument...
Checking PATCH 14/25: Make address_space_access_valid() take a MemTxAttrs argument...
Checking PATCH 15/25: Make flatview_extend_translation() take a MemTxAttrs argument...
Checking PATCH 16/25: Make memory_region_access_valid() take a MemTxAttrs argument...
Checking PATCH 17/25: Make MemoryRegion valid.accepts callback take a MemTxAttrs argument...
Checking PATCH 18/25: Make flatview_access_valid() take a MemTxAttrs argument...
Checking PATCH 19/25: Make flatview_translate() take a MemTxAttrs argument...
Checking PATCH 20/25: Make address_space_get_iotlb_entry() take a MemTxAttrs argument...
Checking PATCH 21/25: Make flatview_do_translate() take a MemTxAttrs argument...
Checking PATCH 22/25: Make address_space_translate_iommu take a MemTxAttrs argument...
WARNING: line over 80 characters
#35: FILE: exec.c:492:
+                                                         AddressSpace **target_as,

total: 0 errors, 1 warnings, 32 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 23/25: vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY...
Checking PATCH 24/25: ARM: ACPI: Fix use-after-free due to memory realloc...
Checking PATCH 25/25: KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 31 May 2018 at 15:23, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue. This has the "plumb txattrs through various
> bits of exec.c" patches, and a collection of bug fixes from
> various people.
>
> thanks
> -- PMM
>
>
>
> The following changes since commit a3ac12fba028df90f7b3dbec924995c126c41022:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging (2018-05-31 11:12:36 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180531
>
> for you to fetch changes up to 49d1dca0520ea71bc21867fab6647f474fcf857b:
>
>   KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice (2018-05-31 14:52:53 +0100)
>

Patch "Make address_space_translate{, _cached}() take a MemTxAttrs argument"
needs this squashed into it:

--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -664,7 +664,8 @@ int kvm_arch_fixup_msi_route(struct
kvm_irq_routing_entry *route,
     /* MSI doorbell address is translated by an IOMMU */

     rcu_read_lock();
-    mr = address_space_translate(as, address, &xlat, &len, true);
+    mr = address_space_translate(as, address, &xlat, &len, true,
+                                 MEMTXATTRS_UNSPECIFIED);
     if (!mr) {
         goto unlock;
     }


to avoid a compile failure on arm hosts.

-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

target-arm queue. This has the "plumb txattrs through various
bits of exec.c" patches, and a collection of bug fixes from
various people.

thanks
-- PMM



The following changes since commit a3ac12fba028df90f7b3dbec924995c126c41022:

  Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging (2018-05-31 11:12:36 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180531

for you to fetch changes up to 49d1dca0520ea71bc21867fab6647f474fcf857b:

  KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice (2018-05-31 14:52:53 +0100)

----------------------------------------------------------------
target-arm queue:
 * target/arm: Honour FPCR.FZ in FRECPX
 * MAINTAINERS: Add entries for newer MPS2 boards and devices
 * hw/intc/arm_gicv3: Fix APxR<n> register dispatching
 * arm_gicv3_kvm: fix bug in writing zero bits back to the in-kernel
   GIC state
 * tcg: Fix helper function vs host abi for float16
 * arm: fix qemu crash on startup with -bios option
 * arm: fix malloc type mismatch
 * xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors
 * Correct CPACR reset value for v7 cores
 * memory.h: Improve IOMMU related documentation
 * exec: Plumb transaction attributes through various functions in
   preparation for allowing IOMMUs to see them
 * vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY
 * ARM: ACPI: Fix use-after-free due to memory realloc
 * KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice

----------------------------------------------------------------
Francisco Iglesias (1):
      xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors

Igor Mammedov (1):
      arm: fix qemu crash on startup with -bios option

Jan Kiszka (1):
      hw/intc/arm_gicv3: Fix APxR<n> register dispatching

Paolo Bonzini (1):
      arm: fix malloc type mismatch

Peter Maydell (17):
      target/arm: Honour FPCR.FZ in FRECPX
      MAINTAINERS: Add entries for newer MPS2 boards and devices
      Correct CPACR reset value for v7 cores
      memory.h: Improve IOMMU related documentation
      Make tb_invalidate_phys_addr() take a MemTxAttrs argument
      Make address_space_translate{, _cached}() take a MemTxAttrs argument
      Make address_space_map() take a MemTxAttrs argument
      Make address_space_access_valid() take a MemTxAttrs argument
      Make flatview_extend_translation() take a MemTxAttrs argument
      Make memory_region_access_valid() take a MemTxAttrs argument
      Make MemoryRegion valid.accepts callback take a MemTxAttrs argument
      Make flatview_access_valid() take a MemTxAttrs argument
      Make flatview_translate() take a MemTxAttrs argument
      Make address_space_get_iotlb_entry() take a MemTxAttrs argument
      Make flatview_do_translate() take a MemTxAttrs argument
      Make address_space_translate_iommu take a MemTxAttrs argument
      vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY

Richard Henderson (1):
      tcg: Fix helper function vs host abi for float16

Shannon Zhao (3):
      arm_gicv3_kvm: increase clroffset accordingly
      ARM: ACPI: Fix use-after-free due to memory realloc
      KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice

 include/exec/exec-all.h        |   5 +-
 include/exec/helper-head.h     |   2 +-
 include/exec/memory-internal.h |   3 +-
 include/exec/memory.h          | 128 +++++++++++++++++++++++++++++++++++------
 include/migration/vmstate.h    |   3 +
 include/sysemu/dma.h           |   6 +-
 accel/tcg/translate-all.c      |   4 +-
 exec.c                         |  95 ++++++++++++++++++------------
 hw/arm/boot.c                  |  18 +++---
 hw/arm/virt-acpi-build.c       |  20 +++++--
 hw/dma/xlnx-zdma.c             |  10 +++-
 hw/hppa/dino.c                 |   3 +-
 hw/intc/arm_gic_kvm.c          |   1 -
 hw/intc/arm_gicv3_cpuif.c      |  12 ++--
 hw/intc/arm_gicv3_kvm.c        |   2 +-
 hw/nvram/fw_cfg.c              |  12 ++--
 hw/s390x/s390-pci-inst.c       |   3 +-
 hw/scsi/esp.c                  |   3 +-
 hw/vfio/common.c               |   3 +-
 hw/virtio/vhost.c              |   3 +-
 hw/xen/xen_pt_msi.c            |   3 +-
 memory.c                       |  12 ++--
 memory_ldst.inc.c              |  18 +++---
 target/arm/gdbstub.c           |   3 +-
 target/arm/helper-a64.c        |  41 +++++++------
 target/arm/helper.c            |  90 ++++++++++++++++-------------
 target/ppc/mmu-hash64.c        |   3 +-
 target/riscv/helper.c          |   2 +-
 target/s390x/diag.c            |   6 +-
 target/s390x/excp_helper.c     |   3 +-
 target/s390x/mmu_helper.c      |   3 +-
 target/s390x/sigp.c            |   3 +-
 target/xtensa/op_helper.c      |   3 +-
 MAINTAINERS                    |   9 ++-
 34 files changed, 353 insertions(+), 182 deletions(-)

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 9 March 2018 at 17:25, Peter Maydell <peter.maydell@linaro.org> wrote:
> Arm pullreq for the 2.12 codefreeze...
>
> thanks
> -- PMM
>
> The following changes since commit b39b61e410022f96ceb53d4381d25cba5126ac44:
>
>   memory: fix flatview_access_valid RCU read lock/unlock imbalance (2018-03-09 15:55:20 +0000)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180309
>
> for you to fetch changes up to 076a0fc32a73a9b960e0f73f04a531bc1bd94308:
>
>   MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard) (2018-03-09 17:09:45 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board
>  * Report the correct core count in A53 L2CTLR on the ZynqMP board
>  * linux-user: preliminary SVE support work (signal handling)
>  * hw/arm/boot: fix memory leak in case of error loading ELF file
>  * hw/arm/boot: avoid reading off end of buffer if passed very
>    small image file
>  * hw/arm: Use more CONFIG switches for the object files
>  * target/arm: Add "-cpu max" support
>  * hw/arm/virt: Support -machine gic-version=max
>  * hw/sd: improve debug tracing
>  * hw/sd: sdcard: Add the Tuning Command (CMD 19)
>  * MAINTAINERS: add Philippe as odd-fixes maintainer for SD
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

Arm pullreq for the 2.12 codefreeze...

thanks
-- PMM

The following changes since commit b39b61e410022f96ceb53d4381d25cba5126ac44:

  memory: fix flatview_access_valid RCU read lock/unlock imbalance (2018-03-09 15:55:20 +0000)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180309

for you to fetch changes up to 076a0fc32a73a9b960e0f73f04a531bc1bd94308:

  MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard) (2018-03-09 17:09:45 +0000)

----------------------------------------------------------------
target-arm queue:
 * i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board
 * Report the correct core count in A53 L2CTLR on the ZynqMP board
 * linux-user: preliminary SVE support work (signal handling)
 * hw/arm/boot: fix memory leak in case of error loading ELF file
 * hw/arm/boot: avoid reading off end of buffer if passed very
   small image file
 * hw/arm: Use more CONFIG switches for the object files
 * target/arm: Add "-cpu max" support
 * hw/arm/virt: Support -machine gic-version=max
 * hw/sd: improve debug tracing
 * hw/sd: sdcard: Add the Tuning Command (CMD 19)
 * MAINTAINERS: add Philippe as odd-fixes maintainer for SD

----------------------------------------------------------------
Alistair Francis (2):
      target/arm: Add a core count property
      hw/arm: Set the core count for Xilinx's ZynqMP

Andrey Smirnov (3):
      pci: Add support for Designware IP block
      i.MX: Add i.MX7 SOC implementation.
      Implement support for i.MX7 Sabre board

Marc-André Lureau (2):
      arm: fix load ELF error leak
      arm: avoid heap-buffer-overflow in load_aarch64_image

Peter Maydell (6):
      target/arm: Query host CPU features on-demand at instance init
      target/arm: Move definition of 'host' cpu type into cpu.c
      target/arm: Add "-cpu max" support
      target/arm: Make 'any' CPU just an alias for 'max'
      hw/arm/virt: Add "max" to the list of CPU types "virt" supports
      hw/arm/virt: Support -machine gic-version=max

Philippe Mathieu-Daudé (6):
      sdcard: Do not trace CMD55, except when we already expect an ACMD
      sdcard: Display command name when tracing CMD/ACMD
      sdcard: Display which protocol is used when tracing (SD or SPI)
      sdcard: Add the Tuning Command (CMD19)
      sdhci: Fix a typo in comment
      MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard)

Richard Henderson (5):
      linux-user: Implement aarch64 PR_SVE_SET/GET_VL
      aarch64-linux-user: Split out helpers for guest signal handling
      aarch64-linux-user: Remove struct target_aux_context
      aarch64-linux-user: Add support for EXTRA signal frame records
      aarch64-linux-user: Add support for SVE signal frame records

Thomas Huth (1):
      hw/arm: Use more CONFIG switches for the object files

 hw/arm/Makefile.objs                |  31 +-
 hw/pci-host/Makefile.objs           |   2 +
 hw/sd/Makefile.objs                 |   2 +-
 hw/sd/sdmmc-internal.h              |  24 ++
 include/hw/arm/fsl-imx7.h           | 222 +++++++++++
 include/hw/pci-host/designware.h    | 102 +++++
 include/hw/pci/pci_ids.h            |   2 +
 linux-user/aarch64/target_syscall.h |   3 +
 target/arm/cpu-qom.h                |   2 +
 target/arm/cpu.h                    |  11 +
 target/arm/kvm_arm.h                |  35 +-
 hw/arm/boot.c                       |   4 +-
 hw/arm/fsl-imx7.c                   | 582 ++++++++++++++++++++++++++++
 hw/arm/mcimx7d-sabre.c              |  90 +++++
 hw/arm/virt.c                       |  30 +-
 hw/arm/xlnx-zynqmp.c                |   2 +
 hw/pci-host/designware.c            | 754 ++++++++++++++++++++++++++++++++++++
 hw/sd/sd.c                          |  55 ++-
 hw/sd/sdhci.c                       |   4 +-
 hw/sd/sdmmc-internal.c              |  72 ++++
 linux-user/signal.c                 | 415 ++++++++++++++++----
 linux-user/syscall.c                |  27 ++
 target/arm/cpu.c                    | 103 ++++-
 target/arm/cpu64.c                  | 113 ++++--
 target/arm/kvm.c                    |  53 +--
 target/arm/kvm32.c                  |   8 +-
 target/arm/kvm64.c                  |   8 +-
 MAINTAINERS                         |   8 +
 default-configs/arm-softmmu.mak     |   9 +
 hw/sd/trace-events                  |   8 +-
 30 files changed, 2583 insertions(+), 198 deletions(-)
 create mode 100644 include/hw/arm/fsl-imx7.h
 create mode 100644 include/hw/pci-host/designware.h
 create mode 100644 hw/arm/fsl-imx7.c
 create mode 100644 hw/arm/mcimx7d-sabre.c
 create mode 100644 hw/pci-host/designware.c
 create mode 100644 hw/sd/sdmmc-internal.c

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 17 October 2016 at 19:40, Peter Maydell <peter.maydell@linaro.org> wrote:
> Random mix of stuff here, nothing in particular
> very large. Includes a fix for the regression running
> Thumb userspace code.
>
> thanks
> -- PMM
>
>
> The following changes since commit 0975b8b823a888d474fa33821dfe84e6904db197:
>
>   Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging (2016-10-17 16:17:51 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161017
>
> for you to fetch changes up to 041ac05672993ff33a15f8017c0f729ca6dfad73:
>
>   hw/char/pl011: Add trace events (2016-10-17 19:32:44 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * target-arm: kvm: use AddressSpace-specific listener
>  * aspeed: add SMC controllers
>  * hw/arm/boot: allow using a command line specified dtb without a kernel
>  * hw/dma/pl080: Fix bad bit mask
>  * hw/intc/arm_gic_kvm: Fix build on aarch64 with some compilers
>  * hw/arm/virt: fix ACPI tables for ITS
>  * tests: add a m25p80 test
>  * tests: cleanup ptimer-test
>  * pxa2xx: Auto-assign name for i2c bus in i2c_init_bus
>  * target-arm: handle tagged addresses in A64 code
>  * target-arm: Fix masking of PC lower bits when doing exception returns
>  * target-arm: Implement dummy MDCCINT_EL1
>  * target-arm: Add trace events for the generic timers
>  * hw/intc/arm_gicv3: Fix ICC register tracepoints
>  * hw/char/pl011: Add trace events

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

Random mix of stuff here, nothing in particular
very large. Includes a fix for the regression running
Thumb userspace code.

thanks
-- PMM


The following changes since commit 0975b8b823a888d474fa33821dfe84e6904db197:

  Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging (2016-10-17 16:17:51 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161017

for you to fetch changes up to 041ac05672993ff33a15f8017c0f729ca6dfad73:

  hw/char/pl011: Add trace events (2016-10-17 19:32:44 +0100)

----------------------------------------------------------------
target-arm:
 * target-arm: kvm: use AddressSpace-specific listener
 * aspeed: add SMC controllers
 * hw/arm/boot: allow using a command line specified dtb without a kernel
 * hw/dma/pl080: Fix bad bit mask
 * hw/intc/arm_gic_kvm: Fix build on aarch64 with some compilers
 * hw/arm/virt: fix ACPI tables for ITS
 * tests: add a m25p80 test
 * tests: cleanup ptimer-test
 * pxa2xx: Auto-assign name for i2c bus in i2c_init_bus
 * target-arm: handle tagged addresses in A64 code
 * target-arm: Fix masking of PC lower bits when doing exception returns
 * target-arm: Implement dummy MDCCINT_EL1
 * target-arm: Add trace events for the generic timers
 * hw/intc/arm_gicv3: Fix ICC register tracepoints
 * hw/char/pl011: Add trace events

----------------------------------------------------------------
Alistair Francis (1):
      docs/generic-loader: Update the document

Andrew Jones (2):
      hw/arm/virt-acpi-build: fix MADT generation
      hw/arm/virt: no ITS on older machine types

Christopher Covington (1):
      hw/intc/arm_gic_kvm: Fix build on aarch64

Cédric Le Goater (7):
      aspeed: rename the smc object to fmc
      aspeed: move the flash module mapping address under the controller definition
      aspeed: extend the number of host SPI controllers
      aspeed: add support for the AST2500 SoC SMC controllers
      aspeed: create mapping regions for the maximum number of slaves
      aspeed: add support for the SMC segment registers
      tests: add a m25p80 test

Michael Olbrich (1):
      hw/arm/boot: allow using a command line specified dtb without a kernel

Paolo Bonzini (2):
      target-arm: kvm: use AddressSpace-specific listener
      tests: cleanup ptimer-test

Peter Maydell (5):
      Fix masking of PC lower bits when doing exception returns
      target-arm: Implement dummy MDCCINT_EL1
      target-arm: Add trace events for the generic timers
      hw/intc/arm_gicv3: Fix ICC register tracepoints
      hw/char/pl011: Add trace events

Rutuja Shah (1):
      Reducing stack frame size in stream_process_mem2s()

Thomas Hanson (3):
      target-arm: Infrastucture changes to enable handling of tagged address loading into PC
      target-arm: Code changes to implement overwrite of tag field on PC load
      target-arm: Comments added to identify cases in a switch

Thomas Huth (1):
      hw/dma/pl080: Fix bad bit mask (PL080_CONF_M1 | PL080_CONF_M1)

Vijay Kumar B (1):
      pxa2xx: Auto-assign name for i2c bus in i2c_init_bus.

 Makefile.objs                    |   1 +
 docs/generic-loader.txt          |  22 ++--
 hw/arm/aspeed.c                  |   4 +-
 hw/arm/aspeed_soc.c              |  74 ++++++++----
 hw/arm/boot.c                    |   4 +-
 hw/arm/pxa2xx.c                  |   2 +-
 hw/arm/virt-acpi-build.c         |  14 +--
 hw/arm/virt.c                    |  15 ++-
 hw/char/pl011.c                  |  71 +++++++----
 hw/char/trace-events             |   9 ++
 hw/dma/pl080.c                   |   2 +-
 hw/dma/xilinx_axidma.c           |   8 +-
 hw/intc/arm_gic_kvm.c            |  14 ---
 hw/intc/arm_gicv3_cpuif.c        |  23 ++--
 hw/intc/trace-events             |  14 +--
 hw/ssi/aspeed_smc.c              | 194 ++++++++++++++++++++++++++++--
 include/hw/arm/aspeed_soc.h      |  10 +-
 include/hw/arm/virt-acpi-build.h |   1 +
 include/hw/ssi/aspeed_smc.h      |   3 +-
 stubs/vmstate.c                  |   5 -
 target-arm/cpu.h                 |  52 +++++++-
 target-arm/helper.c              |  74 +++++++++++-
 target-arm/kvm.c                 |   3 +-
 target-arm/op_helper.c           |   7 ++
 target-arm/trace-events          |  10 ++
 target-arm/translate-a64.c       |  90 ++++++++++++--
 target-arm/translate.c           |  29 +++--
 target-arm/translate.h           |   2 +
 tests/Makefile.include           |   7 +-
 tests/m25p80-test.c              | 252 +++++++++++++++++++++++++++++++++++++++
 tests/ptimer-test-stubs.c        |   7 ++
 tests/ptimer-test.c              |  22 ++--
 vl.c                             |   5 -
 33 files changed, 882 insertions(+), 168 deletions(-)
 create mode 100644 target-arm/trace-events
 create mode 100644 tests/m25p80-test.c

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 17 December 2015 at 13:40, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 17 December 2015 at 11:49, Peter Maydell <peter.maydell@linaro.org> wrote:
>> First target-arm pull for 2.6. I have a bunch more stuff in my
>> to-review queue, but this is big enough for a pull already.
>>
>> -- PMM
>>
>> The following changes since commit fc77eb20d78e303ef11482288e185d856431f02f:
>>
>>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20151215-1' into staging (2015-12-17 11:10:03 +0000)
>>
>> are available in the git repository at:
>>
>>
>>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151217
>
> Updated:
>
> git://git.linaro.org/people/pmaydell/qemu-arm.git
> tags/pull-target-arm-20151217-1
>
> to fix a build issue due to including a linux header directly
> rather than the standard-includes/linux local version.

Fixed version applied.

-- PMM

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 17 December 2015 at 11:49, Peter Maydell <peter.maydell@linaro.org> wrote:
> First target-arm pull for 2.6. I have a bunch more stuff in my
> to-review queue, but this is big enough for a pull already.
>
> -- PMM
>
> The following changes since commit fc77eb20d78e303ef11482288e185d856431f02f:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20151215-1' into staging (2015-12-17 11:10:03 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151217

Updated:

git://git.linaro.org/people/pmaydell/qemu-arm.git
tags/pull-target-arm-20151217-1

to fix a build issue due to including a linux header directly
rather than the standard-includes/linux local version.

thanks
-- PMM

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

First target-arm pull for 2.6. I have a bunch more stuff in my
to-review queue, but this is big enough for a pull already.

-- PMM

The following changes since commit fc77eb20d78e303ef11482288e185d856431f02f:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20151215-1' into staging (2015-12-17 11:10:03 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151217

for you to fetch changes up to bfd177422efba77882be7e289459ea93ca9c85fa:

  i.MX: Add an i.MX25 specific CCM class/instance (2015-12-17 11:46:32 +0000)

----------------------------------------------------------------
target-arm queue:
 * i.MX CCM patches
 * support guest debug for AArch64 KVM
 * support power button on virt board via GPIO
 * clean up AArch32 singlestep code
 * raise exception on misaligned LDREX operands
 * soc-dma: use hwaddr instead of target_ulong in printf
 * explicitly mark some ARM device loads as little-endian
 * i.MX: add support for lower and upper interrupt in GPIO

----------------------------------------------------------------
Alex Bennée (6):
      target-arm: kvm64 - introduce kvm_arm_init_debug()
      target-arm: kvm - implement software breakpoints
      target-arm: kvm - support for single step
      target-arm: kvm - add support for HW assisted debug
      target-arm: kvm - re-inject guest debug exceptions
      tests/guest-debug: introduce basic gdbstub tests

Andrew Baumann (1):
      target-arm: raise exception on misaligned LDREX operands

Igor Mammedov (1):
      acpi: extend aml_interrupt() to support multiple irqs

Jean-Christophe Dubois (5):
      i.MX: add support for lower and upper interrupt in GPIO.
      i.MX: Fix i.MX31 default/reset configuration
      i.MX: rename i.MX CCM get_clock() function and CLK ID enum names
      i.MX: Split the CCM class into an abstract base class and a concrete class
      i.MX: Add an i.MX25 specific CCM class/instance

Paolo Bonzini (2):
      arm: explicitly mark device loads as little-endian
      arm: soc-dma: use hwaddr instead of target_ulong in printf

Sergey Fedorov (1):
      target-arm: Fix and improve AA32 singlestep translation completion code

Shannon Zhao (8):
      ARM: Virt: Add a GPIO controller
      ARM: ACPI: Add GPIO controller in ACPI DSDT table
      ARM: ACPI: Add power button device in ACPI DSDT table
      ACPI: Add GPIO Connection Descriptor
      ACPI: Add aml_gpio_int() wrapper for GPIO Interrupt Connection
      ARM: ACPI: Add _E03 for Power Button
      ARM: Virt: Add QEMU powerdown notifier and hook it to GPIO Pin 3
      ARM: Virt: Add gpio-keys node for Poweroff using DT

Xiao Guangrong (1):
      acpi: support serialized method

 hw/acpi/aml-build.c               | 127 ++++++++++-
 hw/arm/fsl-imx25.c                |   6 +-
 hw/arm/fsl-imx31.c                |   6 +-
 hw/arm/virt-acpi-build.c          |  77 +++++--
 hw/arm/virt.c                     |  60 +++++
 hw/display/omap_lcd_template.h    |   4 +-
 hw/display/pxa2xx_lcd.c           |   8 +-
 hw/dma/soc_dma.c                  |  39 ++--
 hw/gpio/imx_gpio.c                |  12 +-
 hw/i386/acpi-build.c              |  41 ++--
 hw/misc/Makefile.objs             |   2 +
 hw/misc/imx25_ccm.c               | 341 ++++++++++++++++++++++++++++
 hw/misc/imx31_ccm.c               | 392 ++++++++++++++++++++++++++++++++
 hw/misc/imx_ccm.c                 | 231 ++-----------------
 hw/timer/imx_epit.c               |  20 +-
 hw/timer/imx_gpt.c                |  16 +-
 include/hw/acpi/aml-build.h       |  37 ++-
 include/hw/arm/fsl-imx25.h        |   4 +-
 include/hw/arm/fsl-imx31.h        |   4 +-
 include/hw/arm/virt.h             |   1 +
 include/hw/gpio/imx_gpio.h        |   3 +-
 include/hw/misc/imx25_ccm.h       |  79 +++++++
 include/hw/misc/imx31_ccm.h       |  66 ++++++
 include/hw/misc/imx_ccm.h         |  75 +++---
 include/hw/timer/imx_epit.h       |   5 +-
 include/hw/timer/imx_gpt.h        |   5 +-
 target-arm/cpu.c                  |   1 +
 target-arm/helper-a64.c           |  12 +-
 target-arm/helper.c               |   8 +
 target-arm/internals.h            |   7 +
 target-arm/kvm.c                  |  65 +++---
 target-arm/kvm32.c                |  47 ++++
 target-arm/kvm64.c                | 464 ++++++++++++++++++++++++++++++++++++++
 target-arm/kvm_arm.h              |  30 +++
 target-arm/op_helper.c            |  40 +++-
 target-arm/translate.c            |  76 +++----
 tests/guest-debug/test-gdbstub.py | 176 +++++++++++++++
 37 files changed, 2141 insertions(+), 446 deletions(-)
 create mode 100644 hw/misc/imx25_ccm.c
 create mode 100644 hw/misc/imx31_ccm.c
 create mode 100644 include/hw/misc/imx25_ccm.h
 create mode 100644 include/hw/misc/imx31_ccm.h
 create mode 100644 tests/guest-debug/test-gdbstub.py