[Qemu-devel] [PULL 00/31] target-arm queue

[Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

Two major things in this pull:
 * finally getting to the point when we can actually enable TrustZone
   (for 32 bit CPUs); there's more to come next year, notably GIC support,
   but this is now something people can actually use
 * support for passing a command line specified kernel/initrd to firmware
   (ie UEFI) for it to boot

thanks
-- PMM

The following changes since commit 7e58e2ac7778cca3234c33387e49577bb7732714:

  Merge remote-tracking branch 'remotes/gonglei/tags/bootdevice-next-20141222' into staging (2014-12-22 14:52:52 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20141223

for you to fetch changes up to aa351061dbb0e3054db11c00a69395785c4186c8:

  hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware (2014-12-22 23:39:20 +0000)

----------------------------------------------------------------
target-arm queue:
 * enable 32-bit EL3 (TrustZone) for vexpress and virt boards
 * add fw_cfg device to virt board for UEFI firmware config
 * support passing commandline kernel/initrd to firmware

----------------------------------------------------------------
Fabian Aggeler (1):
      target-arm: add cpu feature EL3 to CPUs with Security Extensions

Greg Bellows (15):
      target-arm: Merge EL3 CP15 register lists
      target-arm: Add vexpress class and machine types
      target-arm: Add vexpress a9 & a15 machine objects
      target-arm: Switch to common vexpress machine init
      target-arm: Add vexpress machine secure property
      target-arm: Change vexpress daughterboard init arg
      target-arm: Add virt class and machine types
      target-arm: Add virt machine secure property
      target-arm: Add feature unset function
      target-arm: Add ARMCPU secure property
      target-arm: Add arm_boot_info secure_boot control
      target-arm: Enable CPU has_el3 prop during VE init
      target-arm: Set CPU has_el3 prop during virt init
      target-arm: Breakout integratorcp and versatilepb cpu init
      target-arm: Disable EL3 on unsupported machines

Laszlo Ersek (10):
      fw_cfg: hard separation between the MMIO and I/O port mappings
      fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()
      fw_cfg_mem: max access size and region size are the same for data register
      fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN
      fw_cfg_mem: introduce the "data_width" property
      fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()
      arm: add fw_cfg to "virt" board
      hw/loader: split out load_image_gzipped_buffer()
      hw/arm: pass pristine kernel image to guest firmware over fw_cfg
      hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware

Marcel Apfelbaum (3):
      machine: remove qemu_machine_opts global list
      vl.c: simplified machine_set_property
      vl.c: add HMP help to machine

Paolo Bonzini (1):
      exec: allows 8-byte accesses in subpage_ops

Peter Maydell (1):
      audio: Don't free hw resources until after hw backend is stopped

 audio/audio_template.h    |   2 +-
 exec.c                    |  13 ++-
 hw/arm/boot.c             |  98 +++++++++++++++++-
 hw/arm/exynos4210.c       |  11 ++
 hw/arm/highbank.c         |  12 +++
 hw/arm/integratorcp.c     |  31 +++++-
 hw/arm/realview.c         |  12 +++
 hw/arm/versatilepb.c      |  32 +++++-
 hw/arm/vexpress.c         | 141 ++++++++++++++++++++------
 hw/arm/virt.c             |  97 ++++++++++++++++--
 hw/arm/xilinx_zynq.c      |  12 +++
 hw/core/loader.c          |  30 ++++--
 hw/core/machine.c         |  45 +++++++++
 hw/i386/pc.c              |  11 +-
 hw/nvram/fw_cfg.c         | 250 +++++++++++++++++++++++++++++++++++-----------
 hw/ppc/mac_newworld.c     |   2 +-
 hw/ppc/mac_oldworld.c     |   2 +-
 hw/ppc/spapr.c            |   3 +
 hw/sparc/sun4m.c          |   2 +-
 hw/sparc64/sun4u.c        |   2 +-
 include/hw/arm/arm.h      |   9 ++
 include/hw/loader.h       |   9 ++
 include/hw/nvram/fw_cfg.h |   6 +-
 include/qemu/typedefs.h   |   2 +
 target-arm/cpu-qom.h      |   2 +
 target-arm/cpu.c          |  32 ++++++
 target-arm/helper.c       |  55 +++++-----
 vl.c                      | 117 +++++++---------------
 28 files changed, 803 insertions(+), 237 deletions(-)

[Qemu-devel] [PULL 01/31] audio: Don't free hw resources until after hw backend is stopped

[Peter Maydell]

When stopping an audio voice, call the audio backend's fini
method before calling audio_pcm_hw_free_resources_ rather than
afterwards. This allows backends which use helper threads (like
pulseaudio) to terminate those threads before the conv_buf or
mix_buf are freed and avoids race conditions where the helper
may access a NULL pointer or freed memory.

Cc: qemu-stable@nongnu.org
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418406239-9838-1-git-send-email-peter.maydell@linaro.org
---
 audio/audio_template.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/audio/audio_template.h b/audio/audio_template.h
index 8173188..584e536 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -191,9 +191,9 @@ static void glue (audio_pcm_hw_gc_, TYPE) (HW **hwp)
         audio_detach_capture (hw);
 #endif
         QLIST_REMOVE (hw, entries);
+        glue (hw->pcm_ops->fini_, TYPE) (hw);
         glue (s->nb_hw_voices_, TYPE) += 1;
         glue (audio_pcm_hw_free_resources_ ,TYPE) (hw);
-        glue (hw->pcm_ops->fini_, TYPE) (hw);
         g_free (hw);
         *hwp = NULL;
     }
-- 
1.9.1

[Qemu-devel] [PULL 02/31] target-arm: Merge EL3 CP15 register lists

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Merge of the v8_el2_cp_reginfo and el3_cp_reginfo ARMCPRegInfo lists.
Previously, some EL3 registers were restricted to the ARMv8 list under the
impression that they were not needed on ARMv7.  However, this is not the case
as the ARMv7/32-bit variants rely on the ARMv8/64-bit variants to handle
migration and reset.  For this reason they must always exist.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418406450-14961-1-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 55 +++++++++++++++++++++++------------------------------
 1 file changed, 24 insertions(+), 31 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 96abbed..3ef0f1f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2413,7 +2413,30 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
     REGINFO_SENTINEL
 };
 
-static const ARMCPRegInfo v8_el3_cp_reginfo[] = {
+static const ARMCPRegInfo el3_cp_reginfo[] = {
+    { .name = "SCR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0,
+      .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3),
+      .resetvalue = 0, .writefn = scr_write },
+    { .name = "SCR",  .type = ARM_CP_NO_MIGRATE,
+      .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
+      .access = PL3_RW, .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3),
+      .resetfn = arm_cp_reset_ignore, .writefn = scr_write },
+    { .name = "SDER32_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 1,
+      .access = PL3_RW, .resetvalue = 0,
+      .fieldoffset = offsetof(CPUARMState, cp15.sder) },
+    { .name = "SDER",
+      .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 1,
+      .access = PL3_RW, .resetvalue = 0,
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.sder) },
+      /* TODO: Implement NSACR trapping of secure EL1 accesses to EL3 */
+    { .name = "NSACR", .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
+      .access = PL3_W | PL1_R, .resetvalue = 0,
+      .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
+    { .name = "MVBAR", .cp = 15, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 1,
+      .access = PL3_RW, .writefn = vbar_write, .resetvalue = 0,
+      .fieldoffset = offsetof(CPUARMState, cp15.mvbar) },
     { .name = "SCTLR_EL3", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 0,
       .access = PL3_RW, .raw_writefn = raw_write, .writefn = sctlr_write,
@@ -2451,33 +2474,6 @@ static const ARMCPRegInfo v8_el3_cp_reginfo[] = {
     REGINFO_SENTINEL
 };
 
-static const ARMCPRegInfo el3_cp_reginfo[] = {
-    { .name = "SCR_EL3", .state = ARM_CP_STATE_AA64,
-      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0,
-      .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3),
-      .resetvalue = 0, .writefn = scr_write },
-    { .name = "SCR",  .type = ARM_CP_NO_MIGRATE,
-      .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
-      .access = PL3_RW, .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3),
-      .resetfn = arm_cp_reset_ignore, .writefn = scr_write },
-    { .name = "SDER32_EL3", .state = ARM_CP_STATE_AA64,
-      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 1,
-      .access = PL3_RW, .resetvalue = 0,
-      .fieldoffset = offsetof(CPUARMState, cp15.sder) },
-    { .name = "SDER",
-      .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 1,
-      .access = PL3_RW, .resetvalue = 0,
-      .fieldoffset = offsetoflow32(CPUARMState, cp15.sder) },
-      /* TODO: Implement NSACR trapping of secure EL1 accesses to EL3 */
-    { .name = "NSACR", .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
-      .access = PL3_W | PL1_R, .resetvalue = 0,
-      .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
-    { .name = "MVBAR", .cp = 15, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 1,
-      .access = PL3_RW, .writefn = vbar_write, .resetvalue = 0,
-      .fieldoffset = offsetof(CPUARMState, cp15.mvbar) },
-    REGINFO_SENTINEL
-};
-
 static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri)
 {
     /* Only accessible in EL0 if SCTLR.UCT is set (and only in AArch64,
@@ -3077,9 +3073,6 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         }
     }
     if (arm_feature(env, ARM_FEATURE_EL3)) {
-        if (arm_feature(env, ARM_FEATURE_V8)) {
-            define_arm_cp_regs(cpu, v8_el3_cp_reginfo);
-        }
         define_arm_cp_regs(cpu, el3_cp_reginfo);
     }
     if (arm_feature(env, ARM_FEATURE_MPU)) {
-- 
1.9.1

[Qemu-devel] [PULL 03/31] machine: remove qemu_machine_opts global list

[Peter Maydell]

From: Marcel Apfelbaum <marcel.a@redhat.com>

QEMU has support for options per machine, keeping
a global list of options is no longer necessary.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-2-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/machine.c | 45 +++++++++++++++++++++++++++++
 hw/i386/pc.c      |  7 +++++
 hw/ppc/spapr.c    |  3 ++
 vl.c              | 84 ++++---------------------------------------------------
 4 files changed, 61 insertions(+), 78 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 19d3e3a..a0ae5f9 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -291,48 +291,93 @@ static void machine_initfn(Object *obj)
 
     object_property_add_str(obj, "accel",
                             machine_get_accel, machine_set_accel, NULL);
+    object_property_set_description(obj, "accel",
+                                    "Accelerator list",
+                                    NULL);
     object_property_add_bool(obj, "kernel-irqchip",
                              machine_get_kernel_irqchip,
                              machine_set_kernel_irqchip,
                              NULL);
+    object_property_set_description(obj, "kernel-irqchip",
+                                    "Use KVM in-kernel irqchip",
+                                    NULL);
     object_property_add(obj, "kvm-shadow-mem", "int",
                         machine_get_kvm_shadow_mem,
                         machine_set_kvm_shadow_mem,
                         NULL, NULL, NULL);
+    object_property_set_description(obj, "kvm-shadow-mem",
+                                    "KVM shadow MMU size",
+                                    NULL);
     object_property_add_str(obj, "kernel",
                             machine_get_kernel, machine_set_kernel, NULL);
+    object_property_set_description(obj, "kernel",
+                                    "Linux kernel image file",
+                                    NULL);
     object_property_add_str(obj, "initrd",
                             machine_get_initrd, machine_set_initrd, NULL);
+    object_property_set_description(obj, "initrd",
+                                    "Linux initial ramdisk file",
+                                    NULL);
     object_property_add_str(obj, "append",
                             machine_get_append, machine_set_append, NULL);
+    object_property_set_description(obj, "append",
+                                    "Linux kernel command line",
+                                    NULL);
     object_property_add_str(obj, "dtb",
                             machine_get_dtb, machine_set_dtb, NULL);
+    object_property_set_description(obj, "dtb",
+                                    "Linux kernel device tree file",
+                                    NULL);
     object_property_add_str(obj, "dumpdtb",
                             machine_get_dumpdtb, machine_set_dumpdtb, NULL);
+    object_property_set_description(obj, "dumpdtb",
+                                    "Dump current dtb to a file and quit",
+                                    NULL);
     object_property_add(obj, "phandle-start", "int",
                         machine_get_phandle_start,
                         machine_set_phandle_start,
                         NULL, NULL, NULL);
+    object_property_set_description(obj, "phandle-start",
+                                    "The first phandle ID we may generate dynamically",
+                                    NULL);
     object_property_add_str(obj, "dt-compatible",
                             machine_get_dt_compatible,
                             machine_set_dt_compatible,
                             NULL);
+    object_property_set_description(obj, "dt-compatible",
+                                    "Overrides the \"compatible\" property of the dt root node",
+                                    NULL);
     object_property_add_bool(obj, "dump-guest-core",
                              machine_get_dump_guest_core,
                              machine_set_dump_guest_core,
                              NULL);
+    object_property_set_description(obj, "dump-guest-core",
+                                    "Include guest memory in  a core dump",
+                                    NULL);
     object_property_add_bool(obj, "mem-merge",
                              machine_get_mem_merge,
                              machine_set_mem_merge, NULL);
+    object_property_set_description(obj, "mem-merge",
+                                    "Enable/disable memory merge support",
+                                    NULL);
     object_property_add_bool(obj, "usb",
                              machine_get_usb,
                              machine_set_usb, NULL);
+    object_property_set_description(obj, "usb",
+                                    "Set on/off to enable/disable usb",
+                                    NULL);
     object_property_add_str(obj, "firmware",
                             machine_get_firmware,
                             machine_set_firmware, NULL);
+    object_property_set_description(obj, "firmware",
+                                    "Firmware image",
+                                    NULL);
     object_property_add_bool(obj, "iommu",
                              machine_get_iommu,
                              machine_set_iommu, NULL);
+    object_property_set_description(obj, "iommu",
+                                    "Set on/off to enable/disable Intel IOMMU (VT-d)",
+                                    NULL);
 
     /* Register notifier when init is done for sysbus sanity checks */
     ms->sysbus_notifier.notify = machine_init_notify;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 1ec7290..a3ddb5e 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1805,17 +1805,24 @@ static void pc_machine_initfn(Object *obj)
     object_property_add(obj, PC_MACHINE_MEMHP_REGION_SIZE, "int",
                         pc_machine_get_hotplug_memory_region_size,
                         NULL, NULL, NULL, NULL);
+
     pcms->max_ram_below_4g = 1ULL << 32; /* 4G */
     object_property_add(obj, PC_MACHINE_MAX_RAM_BELOW_4G, "size",
                         pc_machine_get_max_ram_below_4g,
                         pc_machine_set_max_ram_below_4g,
                         NULL, NULL, NULL);
+    object_property_set_description(obj, PC_MACHINE_MAX_RAM_BELOW_4G,
+                                    "Maximum ram below the 4G boundary (32bit boundary)",
+                                    NULL);
 
     pcms->vmport = ON_OFF_AUTO_AUTO;
     object_property_add(obj, PC_MACHINE_VMPORT, "OnOffAuto",
                         pc_machine_get_vmport,
                         pc_machine_set_vmport,
                         NULL, NULL, NULL);
+    object_property_set_description(obj, PC_MACHINE_VMPORT,
+                                    "Enable vmport (pc & q35)",
+                                    NULL);
 
     pcms->enforce_aligned_dimm = true;
     object_property_add_bool(obj, PC_MACHINE_ENFORCE_ALIGNED_DIMM,
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 30de25d..08401e0 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1655,6 +1655,9 @@ static void spapr_machine_initfn(Object *obj)
 {
     object_property_add_str(obj, "kvm-type",
                             spapr_get_kvm_type, spapr_set_kvm_type, NULL);
+    object_property_set_description(obj, "kvm-type",
+                                    "Specifies the KVM virtualization mode (HV, PR)",
+                                    NULL);
 }
 
 static void ppc_cpu_do_nmi_on_cpu(void *arg)
diff --git a/vl.c b/vl.c
index a824a7d..7537be4 100644
--- a/vl.c
+++ b/vl.c
@@ -308,84 +308,12 @@ static QemuOptsList qemu_machine_opts = {
     .merge_lists = true,
     .head = QTAILQ_HEAD_INITIALIZER(qemu_machine_opts.head),
     .desc = {
-        {
-            .name = "type",
-            .type = QEMU_OPT_STRING,
-            .help = "emulated machine"
-        }, {
-            .name = "accel",
-            .type = QEMU_OPT_STRING,
-            .help = "accelerator list",
-        }, {
-            .name = "kernel_irqchip",
-            .type = QEMU_OPT_BOOL,
-            .help = "use KVM in-kernel irqchip",
-        }, {
-            .name = "kvm_shadow_mem",
-            .type = QEMU_OPT_SIZE,
-            .help = "KVM shadow MMU size",
-        }, {
-            .name = "kernel",
-            .type = QEMU_OPT_STRING,
-            .help = "Linux kernel image file",
-        }, {
-            .name = "initrd",
-            .type = QEMU_OPT_STRING,
-            .help = "Linux initial ramdisk file",
-        }, {
-            .name = "append",
-            .type = QEMU_OPT_STRING,
-            .help = "Linux kernel command line",
-        }, {
-            .name = "dtb",
-            .type = QEMU_OPT_STRING,
-            .help = "Linux kernel device tree file",
-        }, {
-            .name = "dumpdtb",
-            .type = QEMU_OPT_STRING,
-            .help = "Dump current dtb to a file and quit",
-        }, {
-            .name = "phandle_start",
-            .type = QEMU_OPT_NUMBER,
-            .help = "The first phandle ID we may generate dynamically",
-        }, {
-            .name = "dt_compatible",
-            .type = QEMU_OPT_STRING,
-            .help = "Overrides the \"compatible\" property of the dt root node",
-        }, {
-            .name = "dump-guest-core",
-            .type = QEMU_OPT_BOOL,
-            .help = "Include guest memory in  a core dump",
-        }, {
-            .name = "mem-merge",
-            .type = QEMU_OPT_BOOL,
-            .help = "enable/disable memory merge support",
-        },{
-            .name = "usb",
-            .type = QEMU_OPT_BOOL,
-            .help = "Set on/off to enable/disable usb",
-        },{
-            .name = "firmware",
-            .type = QEMU_OPT_STRING,
-            .help = "firmware image",
-        },{
-            .name = "kvm-type",
-            .type = QEMU_OPT_STRING,
-            .help = "Specifies the KVM virtualization mode (HV, PR)",
-        },{
-            .name = PC_MACHINE_MAX_RAM_BELOW_4G,
-            .type = QEMU_OPT_SIZE,
-            .help = "maximum ram below the 4G boundary (32bit boundary)",
-        }, {
-            .name = PC_MACHINE_VMPORT,
-            .type = QEMU_OPT_STRING,
-            .help = "Enable vmport (pc & q35)",
-        },{
-            .name = "iommu",
-            .type = QEMU_OPT_BOOL,
-            .help = "Set on/off to enable/disable Intel IOMMU (VT-d)",
-        },
-        { /* End of list */ }
+        /*
+         * no elements => accept any
+         * sanity checking will happen later
+         * when setting machine properties
+         */
+        { }
     },
 };
 
-- 
1.9.1

[Qemu-devel] [PULL 04/31] vl.c: simplified machine_set_property

[Peter Maydell]

From: Marcel Apfelbaum <marcel.a@redhat.com>

Refactored the code to re-use object_property_parse.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-3-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 vl.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/vl.c b/vl.c
index 7537be4..fa7a02c 100644
--- a/vl.c
+++ b/vl.c
@@ -2535,7 +2535,6 @@ static int machine_set_property(const char *name, const char *value,
                                 void *opaque)
 {
     Object *obj = OBJECT(opaque);
-    StringInputVisitor *siv;
     Error *local_err = NULL;
     char *c, *qom_name;
 
@@ -2551,9 +2550,7 @@ static int machine_set_property(const char *name, const char *value,
         }
     }
 
-    siv = string_input_visitor_new(value);
-    object_property_set(obj, string_input_get_visitor(siv), qom_name, &local_err);
-    string_input_visitor_cleanup(siv);
+    object_property_parse(obj, value, qom_name, &local_err);
     g_free(qom_name);
 
     if (local_err) {
-- 
1.9.1

[Qemu-devel] [PULL 05/31] vl.c: add HMP help to machine

[Peter Maydell]

From: Marcel Apfelbaum <marcel.a@redhat.com>

The help is based on the actual machine properties
exposing only the relevant options.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418217570-15517-4-git-send-email-marcel.a@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 vl.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/vl.c b/vl.c
index fa7a02c..bea9656 100644
--- a/vl.c
+++ b/vl.c
@@ -1423,6 +1423,31 @@ MachineInfoList *qmp_query_machines(Error **errp)
     return mach_list;
 }
 
+static int machine_help_func(QemuOpts *opts, MachineState *machine)
+{
+    ObjectProperty *prop;
+
+    if (!qemu_opt_has_help_opt(opts)) {
+        return 0;
+    }
+
+    QTAILQ_FOREACH(prop, &OBJECT(machine)->properties, node) {
+        if (!prop->set) {
+            continue;
+        }
+
+        error_printf("%s.%s=%s", MACHINE_GET_CLASS(machine)->name,
+                     prop->name, prop->type);
+        if (prop->description) {
+            error_printf(" (%s)\n", prop->description);
+        } else {
+            error_printf("\n");
+        }
+    }
+
+    return 1;
+}
+
 /***********************************************************/
 /* main execution loop */
 
@@ -3758,6 +3783,9 @@ int main(int argc, char **argv, char **envp)
 
     current_machine = MACHINE(object_new(object_class_get_name(
                           OBJECT_CLASS(machine_class))));
+    if (machine_help_func(qemu_get_machine_opts(), current_machine)) {
+        exit(0);
+    }
     object_property_add_child(object_get_root(), "machine",
                               OBJECT(current_machine), &error_abort);
     cpu_exec_init_all();
-- 
1.9.1

[Qemu-devel] [PULL 06/31] target-arm: Add vexpress class and machine types

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Adds base Vexpress class and machine objects and infrastructure.  This is in
preparation for switching to the full QEMU object model.  The base vexpress
infrastructure is intended to handle common vexpress details.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 7cbd13f..01046c2 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -157,6 +157,23 @@ static hwaddr motherboard_aseries_map[] = {
 
 typedef struct VEDBoardInfo VEDBoardInfo;
 
+typedef struct {
+    MachineClass parent;
+    VEDBoardInfo *daughterboard;
+} VexpressMachineClass;
+
+typedef struct {
+    MachineState parent;
+} VexpressMachineState;
+
+#define TYPE_VEXPRESS_MACHINE   "vexpress"
+#define VEXPRESS_MACHINE(obj) \
+    OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
+#define VEXPRESS_MACHINE_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(VexpressMachineClass, obj, TYPE_VEXPRESS_MACHINE)
+#define VEXPRESS_MACHINE_CLASS(klass) \
+    OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
+
 typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
                           ram_addr_t ram_size,
                           const char *cpu_model,
@@ -681,6 +698,13 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
+static void vexpress_init(MachineState *machine)
+{
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
+
+    vexpress_common_init(vmc->daughterboard, machine);
+}
+
 static void vexpress_a9_init(MachineState *machine)
 {
     vexpress_common_init(&a9_daughterboard, machine);
@@ -691,6 +715,26 @@ static void vexpress_a15_init(MachineState *machine)
     vexpress_common_init(&a15_daughterboard, machine);
 }
 
+static void vexpress_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_MACHINE;
+    mc->desc = "ARM Versatile Express";
+    mc->init = vexpress_init;
+    mc->block_default_type = IF_SCSI;
+    mc->max_cpus = 4;
+}
+
+static const TypeInfo vexpress_info = {
+    .name = TYPE_VEXPRESS_MACHINE,
+    .parent = TYPE_MACHINE,
+    .abstract = true,
+    .instance_size = sizeof(VexpressMachineState),
+    .class_size = sizeof(VexpressMachineClass),
+    .class_init = vexpress_class_init,
+};
+
 static QEMUMachine vexpress_a9_machine = {
     .name = "vexpress-a9",
     .desc = "ARM Versatile Express for Cortex-A9",
@@ -709,6 +753,7 @@ static QEMUMachine vexpress_a15_machine = {
 
 static void vexpress_machine_init(void)
 {
+    type_register_static(&vexpress_info);
     qemu_register_machine(&vexpress_a9_machine);
     qemu_register_machine(&vexpress_a15_machine);
 }
-- 
1.9.1

[Qemu-devel] [PULL 07/31] target-arm: Add vexpress a9 & a15 machine objects

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Add Vexpress machine objects for the the Cortex A9 & A15 variants.  The older
style QEMUMachine types were replaced with dedicated TypeInfo objects. The new
objects include dedicated class init functions that currently ustilze dedicated
machine init methods.  The previous qemu_register_machine calls were replaced
with the newer type_register_status calls.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 50 ++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 36 insertions(+), 14 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 01046c2..8f22696 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -167,6 +167,8 @@ typedef struct {
 } VexpressMachineState;
 
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
+#define TYPE_VEXPRESS_A9_MACHINE   "vexpress-a9"
+#define TYPE_VEXPRESS_A15_MACHINE   "vexpress-a15"
 #define VEXPRESS_MACHINE(obj) \
     OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
 #define VEXPRESS_MACHINE_GET_CLASS(obj) \
@@ -726,6 +728,30 @@ static void vexpress_class_init(ObjectClass *oc, void *data)
     mc->max_cpus = 4;
 }
 
+static void vexpress_a9_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_A9_MACHINE;
+    mc->desc = "ARM Versatile Express for Cortex-A9";
+    mc->init = vexpress_a9_init;
+
+    vmc->daughterboard = &a9_daughterboard;;
+}
+
+static void vexpress_a15_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VEXPRESS_A15_MACHINE;
+    mc->desc = "ARM Versatile Express for Cortex-A15";
+    mc->init = vexpress_a15_init;
+
+    vmc->daughterboard = &a15_daughterboard;
+}
+
 static const TypeInfo vexpress_info = {
     .name = TYPE_VEXPRESS_MACHINE,
     .parent = TYPE_MACHINE,
@@ -735,27 +761,23 @@ static const TypeInfo vexpress_info = {
     .class_init = vexpress_class_init,
 };
 
-static QEMUMachine vexpress_a9_machine = {
-    .name = "vexpress-a9",
-    .desc = "ARM Versatile Express for Cortex-A9",
-    .init = vexpress_a9_init,
-    .block_default_type = IF_SCSI,
-    .max_cpus = 4,
+static const TypeInfo vexpress_a9_info = {
+    .name = TYPE_VEXPRESS_A9_MACHINE,
+    .parent = TYPE_VEXPRESS_MACHINE,
+    .class_init = vexpress_a9_class_init,
 };
 
-static QEMUMachine vexpress_a15_machine = {
-    .name = "vexpress-a15",
-    .desc = "ARM Versatile Express for Cortex-A15",
-    .init = vexpress_a15_init,
-    .block_default_type = IF_SCSI,
-    .max_cpus = 4,
+static const TypeInfo vexpress_a15_info = {
+    .name = TYPE_VEXPRESS_A15_MACHINE,
+    .parent = TYPE_VEXPRESS_MACHINE,
+    .class_init = vexpress_a15_class_init,
 };
 
 static void vexpress_machine_init(void)
 {
     type_register_static(&vexpress_info);
-    qemu_register_machine(&vexpress_a9_machine);
-    qemu_register_machine(&vexpress_a15_machine);
+    type_register_static(&vexpress_a9_info);
+    type_register_static(&vexpress_a15_info);
 }
 
 machine_init(vexpress_machine_init);
-- 
1.9.1

[Qemu-devel] [PULL 08/31] target-arm: Switch to common vexpress machine init

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Switched the Vexpress machine initialization to use the common function with
the machine pointer to board info.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 26 ++++----------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 8f22696..a03cb52 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -532,9 +532,10 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
     return OBJECT_CHECK(pflash_t, (dev), "cfi.pflash01");
 }
 
-static void vexpress_common_init(VEDBoardInfo *daughterboard,
-                                 MachineState *machine)
+static void vexpress_common_init(MachineState *machine)
 {
+    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
+    VEDBoardInfo *daughterboard = vmc->daughterboard;;
     DeviceState *dev, *sysctl, *pl041;
     qemu_irq pic[64];
     uint32_t sys_id;
@@ -700,30 +701,13 @@ static void vexpress_common_init(VEDBoardInfo *daughterboard,
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
-static void vexpress_init(MachineState *machine)
-{
-    VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
-
-    vexpress_common_init(vmc->daughterboard, machine);
-}
-
-static void vexpress_a9_init(MachineState *machine)
-{
-    vexpress_common_init(&a9_daughterboard, machine);
-}
-
-static void vexpress_a15_init(MachineState *machine)
-{
-    vexpress_common_init(&a15_daughterboard, machine);
-}
-
 static void vexpress_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
 
     mc->name = TYPE_VEXPRESS_MACHINE;
     mc->desc = "ARM Versatile Express";
-    mc->init = vexpress_init;
+    mc->init = vexpress_common_init;
     mc->block_default_type = IF_SCSI;
     mc->max_cpus = 4;
 }
@@ -735,7 +719,6 @@ static void vexpress_a9_class_init(ObjectClass *oc, void *data)
 
     mc->name = TYPE_VEXPRESS_A9_MACHINE;
     mc->desc = "ARM Versatile Express for Cortex-A9";
-    mc->init = vexpress_a9_init;
 
     vmc->daughterboard = &a9_daughterboard;;
 }
@@ -747,7 +730,6 @@ static void vexpress_a15_class_init(ObjectClass *oc, void *data)
 
     mc->name = TYPE_VEXPRESS_A15_MACHINE;
     mc->desc = "ARM Versatile Express for Cortex-A15";
-    mc->init = vexpress_a15_init;
 
     vmc->daughterboard = &a15_daughterboard;
 }
-- 
1.9.1

[Qemu-devel] [PULL 09/31] target-arm: Add vexpress machine secure property

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Add "secure" Vexpress machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, Vexpress machines boot into NS/SVC.  When using
the QEMU -bios command line argument, Vexpress machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would disable
security extensions on a -kernel Linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=vexpress-a15,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-5-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index a03cb52..8b05d47 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -164,6 +164,7 @@ typedef struct {
 
 typedef struct {
     MachineState parent;
+    bool secure;
 } VexpressMachineState;
 
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
@@ -701,6 +702,34 @@ static void vexpress_common_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
+static bool vexpress_get_secure(Object *obj, Error **errp)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    return vms->secure;
+}
+
+static void vexpress_set_secure(Object *obj, bool value, Error **errp)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    vms->secure = value;
+}
+
+static void vexpress_instance_init(Object *obj)
+{
+    VexpressMachineState *vms = VEXPRESS_MACHINE(obj);
+
+    /* EL3 is enabled by default on vexpress */
+    vms->secure = true;
+    object_property_add_bool(obj, "secure", vexpress_get_secure,
+                             vexpress_set_secure, NULL);
+    object_property_set_description(obj, "secure",
+                                    "Set on/off to enable/disable the ARM "
+                                    "Security Extensions (TrustZone)",
+                                    NULL);
+}
+
 static void vexpress_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
@@ -739,6 +768,7 @@ static const TypeInfo vexpress_info = {
     .parent = TYPE_MACHINE,
     .abstract = true,
     .instance_size = sizeof(VexpressMachineState),
+    .instance_init = vexpress_instance_init,
     .class_size = sizeof(VexpressMachineClass),
     .class_init = vexpress_class_init,
 };
-- 
1.9.1

[Qemu-devel] [PULL 10/31] target-arm: Change vexpress daughterboard init arg

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Change the Vexpress daughterboard initialization method to take a vexpress
machine state pointer instead of the daughterboard struct pointer.  The machine
state now contains the daughterboard pointer.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-6-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 8b05d47..c63c422 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -177,7 +177,7 @@ typedef struct {
 #define VEXPRESS_MACHINE_CLASS(klass) \
     OBJECT_CLASS_CHECK(VexpressMachineClass, klass, TYPE_VEXPRESS_MACHINE)
 
-typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
+typedef void DBoardInitFn(const VexpressMachineState *machine,
                           ram_addr_t ram_size,
                           const char *cpu_model,
                           qemu_irq *pic);
@@ -252,7 +252,7 @@ static void init_cpus(const char *cpu_model, const char *privdev,
     }
 }
 
-static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
+static void a9_daughterboard_init(const VexpressMachineState *vms,
                                   ram_addr_t ram_size,
                                   const char *cpu_model,
                                   qemu_irq *pic)
@@ -342,7 +342,7 @@ static VEDBoardInfo a9_daughterboard = {
     .init = a9_daughterboard_init,
 };
 
-static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
+static void a15_daughterboard_init(const VexpressMachineState *vms,
                                    ram_addr_t ram_size,
                                    const char *cpu_model,
                                    qemu_irq *pic)
@@ -535,6 +535,7 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
 
 static void vexpress_common_init(MachineState *machine)
 {
+    VexpressMachineState *vms = VEXPRESS_MACHINE(machine);
     VexpressMachineClass *vmc = VEXPRESS_MACHINE_GET_CLASS(machine);
     VEDBoardInfo *daughterboard = vmc->daughterboard;;
     DeviceState *dev, *sysctl, *pl041;
@@ -551,8 +552,7 @@ static void vexpress_common_init(MachineState *machine)
     const hwaddr *map = daughterboard->motherboard_map;
     int i;
 
-    daughterboard->init(daughterboard, machine->ram_size, machine->cpu_model,
-                        pic);
+    daughterboard->init(vms, machine->ram_size, machine->cpu_model, pic);
 
     /*
      * If a bios file was provided, attempt to map it into memory
-- 
1.9.1

[Qemu-devel] [PULL 11/31] target-arm: Add virt class and machine types

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Switch virt qemu machine support to use the newer object type, class, and
instance model.  Added virt TypeInfo with static registration along with virt
specific class and machine structs.  Also added virt class initialization
method.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-7-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 40 ++++++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 314e55b..b6bb914 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -86,6 +86,23 @@ typedef struct VirtBoardInfo {
     uint32_t clock_phandle;
 } VirtBoardInfo;
 
+typedef struct {
+    MachineClass parent;
+    VirtBoardInfo *daughterboard;
+} VirtMachineClass;
+
+typedef struct {
+    MachineState parent;
+} VirtMachineState;
+
+#define TYPE_VIRT_MACHINE   "virt"
+#define VIRT_MACHINE(obj) \
+    OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE)
+#define VIRT_MACHINE_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(VirtMachineClass, obj, TYPE_VIRT_MACHINE)
+#define VIRT_MACHINE_CLASS(klass) \
+    OBJECT_CLASS_CHECK(VirtMachineClass, klass, TYPE_VIRT_MACHINE)
+
 /* Addresses and sizes of our components.
  * 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
  * 128MB..256MB is used for miscellaneous device I/O.
@@ -615,16 +632,27 @@ static void machvirt_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
 }
 
-static QEMUMachine machvirt_a15_machine = {
-    .name = "virt",
-    .desc = "ARM Virtual Machine",
-    .init = machvirt_init,
-    .max_cpus = 8,
+static void virt_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->name = TYPE_VIRT_MACHINE;
+    mc->desc = "ARM Virtual Machine",
+    mc->init = machvirt_init;
+    mc->max_cpus = 8;
+}
+
+static const TypeInfo machvirt_info = {
+    .name = TYPE_VIRT_MACHINE,
+    .parent = TYPE_MACHINE,
+    .instance_size = sizeof(VirtMachineState),
+    .class_size = sizeof(VirtMachineClass),
+    .class_init = virt_class_init,
 };
 
 static void machvirt_machine_init(void)
 {
-    qemu_register_machine(&machvirt_a15_machine);
+    type_register_static(&machvirt_info);
 }
 
 machine_init(machvirt_machine_init);
-- 
1.9.1

[Qemu-devel] [PULL 12/31] target-arm: Add virt machine secure property

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Add "secure" virt machine specific property to allow override of the
default secure state configuration.  By default, when using the QEMU
-kernel command line argument, virt machines boot into NS/SVC.  When using
the QEMU -bios command line argument, virt machines boot into S/SVC.

The secure state can be changed from the default specifying the secure
state as a machine property.  For example, the below command line would disable
security extensions on a -kernel Linux boot:

    aarch64-softmmu/qemu-system-aarch64
        -machine type=virt,secure=off
        -kernel ...

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-8-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b6bb914..73c68c7 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -93,6 +93,7 @@ typedef struct {
 
 typedef struct {
     MachineState parent;
+    bool secure;
 } VirtMachineState;
 
 #define TYPE_VIRT_MACHINE   "virt"
@@ -632,6 +633,34 @@ static void machvirt_init(MachineState *machine)
     arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
 }
 
+static bool virt_get_secure(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->secure;
+}
+
+static void virt_set_secure(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->secure = value;
+}
+
+static void virt_instance_init(Object *obj)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    /* EL3 is enabled by default on virt */
+    vms->secure = true;
+    object_property_add_bool(obj, "secure", virt_get_secure,
+                             virt_set_secure, NULL);
+    object_property_set_description(obj, "secure",
+                                    "Set on/off to enable/disable the ARM "
+                                    "Security Extensions (TrustZone)",
+                                    NULL);
+}
+
 static void virt_class_init(ObjectClass *oc, void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
@@ -646,6 +675,7 @@ static const TypeInfo machvirt_info = {
     .name = TYPE_VIRT_MACHINE,
     .parent = TYPE_MACHINE,
     .instance_size = sizeof(VirtMachineState),
+    .instance_init = virt_instance_init,
     .class_size = sizeof(VirtMachineClass),
     .class_init = virt_class_init,
 };
-- 
1.9.1

[Qemu-devel] [PULL 13/31] target-arm: Add feature unset function

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Add an unset_feature() function to compliment the set_feature() function.  This
will be used to disable functions after they have been enabled during
initialization.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-9-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index d3db279..01afed2 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -327,6 +327,11 @@ static inline void set_feature(CPUARMState *env, int feature)
     env->features |= 1ULL << feature;
 }
 
+static inline void unset_feature(CPUARMState *env, int feature)
+{
+    env->features &= ~(1ULL << feature);
+}
+
 static void arm_cpu_initfn(Object *obj)
 {
     CPUState *cs = CPU(obj);
-- 
1.9.1

[Qemu-devel] [PULL 14/31] target-arm: Add ARMCPU secure property

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Added a "has_el3" state property to the ARMCPU descriptor.  This property
indicates whether the ARMCPU has security extensions enabled (EL3) or not.
By default it is disabled at this time.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-10-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu-qom.h |  2 ++
 target-arm/cpu.c     | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index dcfda7d..ed5a644 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -100,6 +100,8 @@ typedef struct ARMCPU {
     bool start_powered_off;
     /* CPU currently in PSCI powered-off state */
     bool powered_off;
+    /* CPU has security extension */
+    bool has_el3;
 
     /* PSCI conduit used to invoke PSCI methods
      * 0 - disabled, 1 - smc, 2 - hvc
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 01afed2..069e090 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -388,6 +388,9 @@ static Property arm_cpu_reset_hivecs_property =
 static Property arm_cpu_rvbar_property =
             DEFINE_PROP_UINT64("rvbar", ARMCPU, rvbar, 0);
 
+static Property arm_cpu_has_el3_property =
+            DEFINE_PROP_BOOL("has_el3", ARMCPU, has_el3, true);
+
 static void arm_cpu_post_init(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
@@ -407,6 +410,14 @@ static void arm_cpu_post_init(Object *obj)
         qdev_property_add_static(DEVICE(obj), &arm_cpu_rvbar_property,
                                  &error_abort);
     }
+
+    if (arm_feature(&cpu->env, ARM_FEATURE_EL3)) {
+        /* Add the has_el3 state CPU property only if EL3 is allowed.  This will
+         * prevent "has_el3" from existing on CPUs which cannot support EL3.
+         */
+        qdev_property_add_static(DEVICE(obj), &arm_cpu_has_el3_property,
+                                 &error_abort);
+    }
 }
 
 static void arm_cpu_finalizefn(Object *obj)
@@ -476,6 +487,18 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
             cpu->reset_sctlr |= (1 << 13);
     }
 
+    if (!cpu->has_el3) {
+        /* If the has_el3 CPU property is disabled then we need to disable the
+         * feature.
+         */
+        unset_feature(env, ARM_FEATURE_EL3);
+
+        /* Disable the security extension feature bits in the processor feature
+         * register as well.  This is id_pfr1[7:4].
+         */
+        cpu->id_pfr1 &= ~0xf0;
+    }
+
     register_cp_regs_for_features(cpu);
     arm_cpu_register_gdb_regs_for_features(cpu);
 
-- 
1.9.1

[Qemu-devel] [PULL 15/31] target-arm: Add arm_boot_info secure_boot control

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Adds the secure_boot boolean field to the arm_boot_info descriptor.  This
fields is used to indicate whether Linux should boot into secure or non-secure
state if the ARM EL3 feature is enabled.  The default is to leave the CPU in an
unaltered reset state.  On EL3 enabled systems, the reset state is secure and
can be overridden by setting the added field to false.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-11-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c        | 10 ++++++++++
 include/hw/arm/arm.h |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e6a3c5b..c8d1d4e 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -457,6 +457,16 @@ static void do_cpu_reset(void *opaque)
                 env->thumb = info->entry & 1;
             }
         } else {
+            /* If we are booting Linux then we need to check whether we are
+             * booting into secure or non-secure state and adjust the state
+             * accordingly.  Out of reset, ARM is defined to be in secure state
+             * (SCR.NS = 0), we change that here if non-secure boot has been
+             * requested.
+             */
+            if (arm_feature(env, ARM_FEATURE_EL3) && !info->secure_boot) {
+                env->cp15.scr_el3 |= SCR_NS;
+            }
+
             if (CPU(cpu) == first_cpu) {
                 if (env->aarch64) {
                     env->pc = info->loader_start;
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..e5a5d8c 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -37,6 +37,10 @@ struct arm_boot_info {
     hwaddr gic_cpu_if_addr;
     int nb_cpus;
     int board_id;
+    /* ARM machines that support the ARM Security Extensions use this field to
+     * control whether Linux is booted as secure(true) or non-secure(false).
+     */
+    bool secure_boot;
     int (*atag_board)(const struct arm_boot_info *info, void *p);
     /* multicore boards that use the default secondary core boot functions
      * can ignore these two function calls. If the default functions won't
-- 
1.9.1

[Qemu-devel] [PULL 16/31] target-arm: Enable CPU has_el3 prop during VE init

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Adds setting of the CPU has_el3 property based on the vexpress machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during vexpress CPU initialization.  Also enables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-12-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index c63c422..84415c8 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -196,7 +196,7 @@ struct VEDBoardInfo {
 };
 
 static void init_cpus(const char *cpu_model, const char *privdev,
-                      hwaddr periphbase, qemu_irq *pic)
+                      hwaddr periphbase, qemu_irq *pic, bool secure)
 {
     ObjectClass *cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
     DeviceState *dev;
@@ -213,6 +213,10 @@ static void init_cpus(const char *cpu_model, const char *privdev,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        if (!secure) {
+            object_property_set_bool(cpuobj, false, "has_el3", NULL);
+        }
+
         if (object_property_find(cpuobj, "reset-cbar", NULL)) {
             object_property_set_int(cpuobj, periphbase,
                                     "reset-cbar", &error_abort);
@@ -288,7 +292,7 @@ static void a9_daughterboard_init(const VexpressMachineState *vms,
     memory_region_add_subregion(sysmem, 0x60000000, ram);
 
     /* 0x1e000000 A9MPCore (SCU) private memory region */
-    init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic);
+    init_cpus(cpu_model, "a9mpcore_priv", 0x1e000000, pic, vms->secure);
 
     /* Daughterboard peripherals : 0x10020000 .. 0x20000000 */
 
@@ -374,7 +378,7 @@ static void a15_daughterboard_init(const VexpressMachineState *vms,
     memory_region_add_subregion(sysmem, 0x80000000, ram);
 
     /* 0x2c000000 A15MPCore private memory region (GIC) */
-    init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic);
+    init_cpus(cpu_model, "a15mpcore_priv", 0x2c000000, pic, vms->secure);
 
     /* A15 daughterboard peripherals: */
 
@@ -699,6 +703,8 @@ static void vexpress_common_init(MachineState *machine)
     daughterboard->bootinfo.smp_bootreg_addr = map[VE_SYSREGS] + 0x30;
     daughterboard->bootinfo.gic_cpu_if_addr = daughterboard->gic_cpu_if_addr;
     daughterboard->bootinfo.modify_dtb = vexpress_modify_dtb;
+    /* Indicate that when booting Linux we should be in secure state */
+    daughterboard->bootinfo.secure_boot = true;
     arm_load_kernel(ARM_CPU(first_cpu), &daughterboard->bootinfo);
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 17/31] target-arm: Set CPU has_el3 prop during virt init

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Adds setting of the CPU has_el3 property based on the virt machine
secure state property during initialization.  This enables/disables EL3
state during start-up.  Changes include adding an additional secure state
boolean during virt CPU initialization.  Also disables the ARM secure boot
by default.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1418684992-8996-13-git-send-email-greg.bellows@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 73c68c7..a9e13ca 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -547,6 +547,7 @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
 
 static void machvirt_init(MachineState *machine)
 {
+    VirtMachineState *vms = VIRT_MACHINE(machine);
     qemu_irq pic[NUM_IRQS];
     MemoryRegion *sysmem = get_system_memory();
     int n;
@@ -584,6 +585,10 @@ static void machvirt_init(MachineState *machine)
         }
         cpuobj = object_new(object_class_get_name(oc));
 
+        if (!vms->secure) {
+            object_property_set_bool(cpuobj, false, "has_el3", NULL);
+        }
+
         object_property_set_int(cpuobj, QEMU_PSCI_CONDUIT_HVC, "psci-conduit",
                                 NULL);
 
-- 
1.9.1

[Qemu-devel] [PULL 18/31] target-arm: Breakout integratorcp and versatilepb cpu init

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

This commit changes the integratorcp and versatilepb CPU initialization from
using the generic ARM cpu_arm_init function to doing it inline.  This is
necessary in order to allow CPU configuration changes to occur between CPU
instance initialization and realization.  Specifically, this change is in
preparation for disabling CPU EL3 support.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-14-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/integratorcp.c | 19 +++++++++++++++++--
 hw/arm/versatilepb.c  | 20 ++++++++++++++++++--
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index 266ec18..f196189 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -15,6 +15,7 @@
 #include "net/net.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
+#include "qemu/error-report.h"
 
 #define TYPE_INTEGRATOR_CM "integrator_core"
 #define INTEGRATOR_CM(obj) \
@@ -469,6 +470,8 @@ static void integratorcp_init(MachineState *machine)
     const char *kernel_filename = machine->kernel_filename;
     const char *kernel_cmdline = machine->kernel_cmdline;
     const char *initrd_filename = machine->initrd_filename;
+    ObjectClass *cpu_oc;
+    Object *cpuobj;
     ARMCPU *cpu;
     MemoryRegion *address_space_mem = get_system_memory();
     MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -476,16 +479,28 @@ static void integratorcp_init(MachineState *machine)
     qemu_irq pic[32];
     DeviceState *dev;
     int i;
+    Error *err = NULL;
 
     if (!cpu_model) {
         cpu_model = "arm926";
     }
-    cpu = cpu_arm_init(cpu_model);
-    if (!cpu) {
+
+    cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
+    if (!cpu_oc) {
         fprintf(stderr, "Unable to find CPU definition\n");
         exit(1);
     }
 
+    cpuobj = object_new(object_class_get_name(cpu_oc));
+
+    object_property_set_bool(cpuobj, true, "realized", &err);
+    if (err) {
+        error_report("%s", error_get_pretty(err));
+        exit(1);
+    }
+
+    cpu = ARM_CPU(cpuobj);
+
     memory_region_init_ram(ram, NULL, "integrator.ram", ram_size, &error_abort);
     vmstate_register_ram_global(ram);
     /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash.  */
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index e6ef0a2..b74dc15 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -18,6 +18,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "hw/block/flash.h"
+#include "qemu/error-report.h"
 
 #define VERSATILE_FLASH_ADDR 0x34000000
 #define VERSATILE_FLASH_SIZE (64 * 1024 * 1024)
@@ -175,6 +176,8 @@ static struct arm_boot_info versatile_binfo;
 
 static void versatile_init(MachineState *machine, int board_id)
 {
+    ObjectClass *cpu_oc;
+    Object *cpuobj;
     ARMCPU *cpu;
     MemoryRegion *sysmem = get_system_memory();
     MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -189,15 +192,28 @@ static void versatile_init(MachineState *machine, int board_id)
     int n;
     int done_smc = 0;
     DriveInfo *dinfo;
+    Error *err = NULL;
 
     if (!machine->cpu_model) {
         machine->cpu_model = "arm926";
     }
-    cpu = cpu_arm_init(machine->cpu_model);
-    if (!cpu) {
+
+    cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, machine->cpu_model);
+    if (!cpu_oc) {
         fprintf(stderr, "Unable to find CPU definition\n");
         exit(1);
     }
+
+    cpuobj = object_new(object_class_get_name(cpu_oc));
+
+    object_property_set_bool(cpuobj, true, "realized", &err);
+    if (err) {
+        error_report("%s", error_get_pretty(err));
+        exit(1);
+    }
+
+    cpu = ARM_CPU(cpuobj);
+
     memory_region_init_ram(ram, NULL, "versatile.ram", machine->ram_size,
                            &error_abort);
     vmstate_register_ram_global(ram);
-- 
1.9.1

[Qemu-devel] [PULL 19/31] target-arm: Disable EL3 on unsupported machines

[Peter Maydell]

From: Greg Bellows <greg.bellows@linaro.org>

Disables the CPU ARM_FEATURE_EL3 featuere on machine models that can be
configured to use Cortex-A9, Cortex-A15, and ARM1176 but don't officially
support EL3.  This preserves backwards compatibility.

Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-15-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4210.c   | 11 +++++++++++
 hw/arm/highbank.c     | 12 ++++++++++++
 hw/arm/integratorcp.c | 12 ++++++++++++
 hw/arm/realview.c     | 12 ++++++++++++
 hw/arm/versatilepb.c  | 12 ++++++++++++
 hw/arm/xilinx_zynq.c  | 12 ++++++++++++
 6 files changed, 71 insertions(+)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 582794c..97dafca 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -152,6 +152,17 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        /* By default A9 CPUs have EL3 enabled.  This board does not currently
+         * support EL3 so the CPU EL3 property is disabled before realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         s->cpu[n] = ARM_CPU(cpuobj);
         object_property_set_int(cpuobj, EXYNOS4210_SMP_PRIVATE_BASE_ADDR,
                                 "reset-cbar", &error_abort);
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 30f744a..f67570a 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -241,6 +241,18 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
         cpuobj = object_new(object_class_get_name(oc));
         cpu = ARM_CPU(cpuobj);
 
+        /* By default A9 and A15 CPUs have EL3 enabled.  This board does not
+         * currently support EL3 so the CPU EL3 property is disabled before
+         * realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         if (object_property_find(cpuobj, "reset-cbar", NULL)) {
             object_property_set_int(cpuobj, MPCORE_PERIPHBASE,
                                     "reset-cbar", &error_abort);
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index f196189..8c48b68 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -493,6 +493,18 @@ static void integratorcp_init(MachineState *machine)
 
     cpuobj = object_new(object_class_get_name(cpu_oc));
 
+    /* By default ARM1176 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(cpuobj, "has_el3", NULL)) {
+        object_property_set_bool(cpuobj, false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_bool(cpuobj, true, "realized", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index d41ec97..66e51ef 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -101,6 +101,18 @@ static void realview_init(MachineState *machine,
         Object *cpuobj = object_new(object_class_get_name(cpu_oc));
         Error *err = NULL;
 
+        /* By default A9,A15 and ARM1176 CPUs have EL3 enabled.  This board
+         * does not currently support EL3 so the CPU EL3 property is disabled
+         * before realization.
+         */
+        if (object_property_find(cpuobj, "has_el3", NULL)) {
+            object_property_set_bool(cpuobj, false, "has_el3", &err);
+            if (err) {
+                error_report("%s", error_get_pretty(err));
+                exit(1);
+            }
+        }
+
         if (is_pb && is_mpcore) {
             object_property_set_int(cpuobj, periphbase, "reset-cbar", &err);
             if (err) {
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index b74dc15..6c4c2e7 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -206,6 +206,18 @@ static void versatile_init(MachineState *machine, int board_id)
 
     cpuobj = object_new(object_class_get_name(cpu_oc));
 
+    /* By default ARM1176 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(cpuobj, "has_el3", NULL)) {
+        object_property_set_bool(cpuobj, false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_bool(cpuobj, true, "realized", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index b590392..06e6e24 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -126,6 +126,18 @@ static void zynq_init(MachineState *machine)
 
     cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
 
+    /* By default A9 CPUs have EL3 enabled.  This board does not
+     * currently support EL3 so the CPU EL3 property is disabled before
+     * realization.
+     */
+    if (object_property_find(OBJECT(cpu), "has_el3", NULL)) {
+        object_property_set_bool(OBJECT(cpu), false, "has_el3", &err);
+        if (err) {
+            error_report("%s", error_get_pretty(err));
+            exit(1);
+        }
+    }
+
     object_property_set_int(OBJECT(cpu), ZYNQ_BOARD_MIDR, "midr", &err);
     if (err) {
         error_report("%s", error_get_pretty(err));
-- 
1.9.1

[Qemu-devel] [PULL 20/31] target-arm: add cpu feature EL3 to CPUs with Security Extensions

[Peter Maydell]

From: Fabian Aggeler <aggelerf@ethz.ch>

Set ARM_FEATURE_EL3 feature for CPUs that implement Security Extensions.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1418684992-8996-16-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 069e090..285947f 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -668,6 +668,7 @@ static void arm1176_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
     set_feature(&cpu->env, ARM_FEATURE_CACHE_DIRTY_REG);
     set_feature(&cpu->env, ARM_FEATURE_CACHE_BLOCK_OPS);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->midr = 0x410fb767;
     cpu->reset_fpsid = 0x410120b5;
     cpu->mvfr0 = 0x11111111;
@@ -756,6 +757,7 @@ static void cortex_a8_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_NEON);
     set_feature(&cpu->env, ARM_FEATURE_THUMB2EE);
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->midr = 0x410fc080;
     cpu->reset_fpsid = 0x410330c0;
     cpu->mvfr0 = 0x11110222;
@@ -823,6 +825,7 @@ static void cortex_a9_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_VFP_FP16);
     set_feature(&cpu->env, ARM_FEATURE_NEON);
     set_feature(&cpu->env, ARM_FEATURE_THUMB2EE);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     /* Note that A9 supports the MP extensions even for
      * A9UP and single-core A9MP (which are both different
      * and valid configurations; we don't model A9UP).
@@ -890,6 +893,7 @@ static void cortex_a15_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_LPAE);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
     cpu->midr = 0x412fc0f1;
     cpu->reset_fpsid = 0x410430f0;
-- 
1.9.1

[Qemu-devel] [PULL 21/31] fw_cfg: hard separation between the MMIO and I/O port mappings

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

We are going to introduce a wide data register for fw_cfg, but only for
the MMIO mapped device. The wide data register will also require the
tightening of endiannesses.

However we don't want to touch the I/O port mapped fw_cfg device at all.

Currently QEMU provides a single fw_cfg device type that can handle both
I/O port and MMIO mapping. This flexibility is not actually exploited by
any board in the tree, but it renders restricting the above changes to
MMIO very hard.

Therefore, let's derive two classes from TYPE_FW_CFG: TYPE_FW_CFG_IO and
TYPE_FW_CFG_MEM.

TYPE_FW_CFG_IO incorporates the base I/O port and the related combined
MemoryRegion. (NB: all boards in the tree that use the I/O port mapped
flavor opt for the combined mapping; that is, when the data port overlays
the high address byte of the selector port. Therefore we can drop the
capability to map those I/O ports separately.)

TYPE_FW_CFG_MEM incorporates the base addresses for the MMIO selector and
data registers, and their respective MemoryRegions.

The "realize" and "props" class members are specific to each new derived
class, and become unused for the base class. The base class retains the
"reset" member and the "vmsd" member, because the reset functionality and
the set of migrated data are not specific to the mapping.

The new functions fw_cfg_init_io() and fw_cfg_init_mem() expose the
possible mappings in separation. For now fw_cfg_init() is retained as a
compatibility shim that enforces the above assumptions.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/fw_cfg.c         | 177 ++++++++++++++++++++++++++++++++--------------
 include/hw/nvram/fw_cfg.h |   2 +
 include/qemu/typedefs.h   |   2 +
 3 files changed, 126 insertions(+), 55 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index c4b78ed..ab7bfff 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -32,10 +32,16 @@
 
 #define FW_CFG_SIZE 2
 #define FW_CFG_DATA_SIZE 1
-#define TYPE_FW_CFG "fw_cfg"
 #define FW_CFG_NAME "fw_cfg"
 #define FW_CFG_PATH "/machine/" FW_CFG_NAME
-#define FW_CFG(obj) OBJECT_CHECK(FWCfgState, (obj), TYPE_FW_CFG)
+
+#define TYPE_FW_CFG     "fw_cfg"
+#define TYPE_FW_CFG_IO  "fw_cfg_io"
+#define TYPE_FW_CFG_MEM "fw_cfg_mem"
+
+#define FW_CFG(obj)     OBJECT_CHECK(FWCfgState,    (obj), TYPE_FW_CFG)
+#define FW_CFG_IO(obj)  OBJECT_CHECK(FWCfgIoState,  (obj), TYPE_FW_CFG_IO)
+#define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM)
 
 typedef struct FWCfgEntry {
     uint32_t len;
@@ -50,8 +56,6 @@ struct FWCfgState {
     SysBusDevice parent_obj;
     /*< public >*/
 
-    MemoryRegion ctl_iomem, data_iomem, comb_iomem;
-    uint32_t ctl_iobase, data_iobase;
     FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
     FWCfgFiles *files;
     uint16_t cur_entry;
@@ -59,6 +63,23 @@ struct FWCfgState {
     Notifier machine_ready;
 };
 
+struct FWCfgIoState {
+    /*< private >*/
+    FWCfgState parent_obj;
+    /*< public >*/
+
+    MemoryRegion comb_iomem;
+    uint32_t iobase;
+};
+
+struct FWCfgMemState {
+    /*< private >*/
+    FWCfgState parent_obj;
+    /*< public >*/
+
+    MemoryRegion ctl_iomem, data_iomem;
+};
+
 #define JPG_FILE 0
 #define BMP_FILE 1
 
@@ -560,19 +581,11 @@ static void fw_cfg_machine_ready(struct Notifier *n, void *data)
     qemu_register_reset(fw_cfg_machine_reset, s);
 }
 
-FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
-                        hwaddr ctl_addr, hwaddr data_addr)
-{
-    DeviceState *dev;
-    SysBusDevice *d;
-    FWCfgState *s;
 
-    dev = qdev_create(NULL, TYPE_FW_CFG);
-    qdev_prop_set_uint32(dev, "ctl_iobase", ctl_port);
-    qdev_prop_set_uint32(dev, "data_iobase", data_port);
-    d = SYS_BUS_DEVICE(dev);
 
-    s = FW_CFG(dev);
+static void fw_cfg_init1(DeviceState *dev)
+{
+    FWCfgState *s = FW_CFG(dev);
 
     assert(!object_resolve_path(FW_CFG_PATH, NULL));
 
@@ -580,12 +593,6 @@ FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
 
     qdev_init_nofail(dev);
 
-    if (ctl_addr) {
-        sysbus_mmio_map(d, 0, ctl_addr);
-    }
-    if (data_addr) {
-        sysbus_mmio_map(d, 1, data_addr);
-    }
     fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
     fw_cfg_add_bytes(s, FW_CFG_UUID, qemu_uuid, 16);
     fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)(display_type == DT_NOGRAPHIC));
@@ -596,48 +603,48 @@ FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
 
     s->machine_ready.notify = fw_cfg_machine_ready;
     qemu_add_machine_init_done_notifier(&s->machine_ready);
-
-    return s;
 }
 
-static void fw_cfg_initfn(Object *obj)
+FWCfgState *fw_cfg_init_io(uint32_t iobase)
 {
-    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
-    FWCfgState *s = FW_CFG(obj);
+    DeviceState *dev;
 
-    memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops, s,
-                          "fwcfg.ctl", FW_CFG_SIZE);
-    sysbus_init_mmio(sbd, &s->ctl_iomem);
-    memory_region_init_io(&s->data_iomem, OBJECT(s), &fw_cfg_data_mem_ops, s,
-                          "fwcfg.data", FW_CFG_DATA_SIZE);
-    sysbus_init_mmio(sbd, &s->data_iomem);
-    /* In case ctl and data overlap: */
-    memory_region_init_io(&s->comb_iomem, OBJECT(s), &fw_cfg_comb_mem_ops, s,
-                          "fwcfg", FW_CFG_SIZE);
+    dev = qdev_create(NULL, TYPE_FW_CFG_IO);
+    qdev_prop_set_uint32(dev, "iobase", iobase);
+    fw_cfg_init1(dev);
+
+    return FW_CFG(dev);
 }
 
-static void fw_cfg_realize(DeviceState *dev, Error **errp)
+FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
 {
-    FWCfgState *s = FW_CFG(dev);
-    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+    DeviceState *dev;
+    SysBusDevice *sbd;
 
-    if (s->ctl_iobase + 1 == s->data_iobase) {
-        sysbus_add_io(sbd, s->ctl_iobase, &s->comb_iomem);
-    } else {
-        if (s->ctl_iobase) {
-            sysbus_add_io(sbd, s->ctl_iobase, &s->ctl_iomem);
-        }
-        if (s->data_iobase) {
-            sysbus_add_io(sbd, s->data_iobase, &s->data_iomem);
-        }
+    dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
+    fw_cfg_init1(dev);
+
+    sbd = SYS_BUS_DEVICE(dev);
+    sysbus_mmio_map(sbd, 0, ctl_addr);
+    sysbus_mmio_map(sbd, 1, data_addr);
+
+    return FW_CFG(dev);
+}
+
+
+FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
+                        hwaddr crl_addr, hwaddr data_addr)
+{
+    if (ctl_port + 1 == data_port && crl_addr == 0 && data_addr == 0) {
+        return fw_cfg_init_io(ctl_port);
     }
+    if (ctl_port == 0 && data_port == 0 && crl_addr != 0 && data_addr != 0) {
+        return fw_cfg_init_mem(crl_addr, data_addr);
+    }
+    assert(false);
+    return NULL;
 }
 
-static Property fw_cfg_properties[] = {
-    DEFINE_PROP_UINT32("ctl_iobase", FWCfgState, ctl_iobase, -1),
-    DEFINE_PROP_UINT32("data_iobase", FWCfgState, data_iobase, -1),
-    DEFINE_PROP_END_OF_LIST(),
-};
 
 FWCfgState *fw_cfg_find(void)
 {
@@ -648,23 +655,83 @@ static void fw_cfg_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
 
-    dc->realize = fw_cfg_realize;
     dc->reset = fw_cfg_reset;
     dc->vmsd = &vmstate_fw_cfg;
-    dc->props = fw_cfg_properties;
 }
 
 static const TypeInfo fw_cfg_info = {
     .name          = TYPE_FW_CFG,
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(FWCfgState),
-    .instance_init = fw_cfg_initfn,
     .class_init    = fw_cfg_class_init,
 };
 
+
+static Property fw_cfg_io_properties[] = {
+    DEFINE_PROP_UINT32("iobase", FWCfgIoState, iobase, -1),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void fw_cfg_io_realize(DeviceState *dev, Error **errp)
+{
+    FWCfgIoState *s = FW_CFG_IO(dev);
+    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+    memory_region_init_io(&s->comb_iomem, OBJECT(s), &fw_cfg_comb_mem_ops,
+                          FW_CFG(s), "fwcfg", FW_CFG_SIZE);
+    sysbus_add_io(sbd, s->iobase, &s->comb_iomem);
+}
+
+static void fw_cfg_io_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+
+    dc->realize = fw_cfg_io_realize;
+    dc->props = fw_cfg_io_properties;
+}
+
+static const TypeInfo fw_cfg_io_info = {
+    .name          = TYPE_FW_CFG_IO,
+    .parent        = TYPE_FW_CFG,
+    .instance_size = sizeof(FWCfgIoState),
+    .class_init    = fw_cfg_io_class_init,
+};
+
+
+static void fw_cfg_mem_realize(DeviceState *dev, Error **errp)
+{
+    FWCfgMemState *s = FW_CFG_MEM(dev);
+    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+    memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops,
+                          FW_CFG(s), "fwcfg.ctl", FW_CFG_SIZE);
+    sysbus_init_mmio(sbd, &s->ctl_iomem);
+
+    memory_region_init_io(&s->data_iomem, OBJECT(s), &fw_cfg_data_mem_ops,
+                          FW_CFG(s), "fwcfg.data", FW_CFG_DATA_SIZE);
+    sysbus_init_mmio(sbd, &s->data_iomem);
+}
+
+static void fw_cfg_mem_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+
+    dc->realize = fw_cfg_mem_realize;
+}
+
+static const TypeInfo fw_cfg_mem_info = {
+    .name          = TYPE_FW_CFG_MEM,
+    .parent        = TYPE_FW_CFG,
+    .instance_size = sizeof(FWCfgMemState),
+    .class_init    = fw_cfg_mem_class_init,
+};
+
+
 static void fw_cfg_register_types(void)
 {
     type_register_static(&fw_cfg_info);
+    type_register_static(&fw_cfg_io_info);
+    type_register_static(&fw_cfg_mem_info);
 }
 
 type_init(fw_cfg_register_types)
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 56e1ed7..fcc88ea 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -80,6 +80,8 @@ void *fw_cfg_modify_file(FWCfgState *s, const char *filename, void *data,
                          size_t len);
 FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
                         hwaddr crl_addr, hwaddr data_addr);
+FWCfgState *fw_cfg_init_io(uint32_t iobase);
+FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr);
 
 FWCfgState *fw_cfg_find(void);
 
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 57ff47f..f2bbaaf 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -22,6 +22,8 @@ typedef struct DisplayState DisplayState;
 typedef struct DisplaySurface DisplaySurface;
 typedef struct DriveInfo DriveInfo;
 typedef struct EventNotifier EventNotifier;
+typedef struct FWCfgIoState FWCfgIoState;
+typedef struct FWCfgMemState FWCfgMemState;
 typedef struct FWCfgState FWCfgState;
 typedef struct HCIInfo HCIInfo;
 typedef struct I2CBus I2CBus;
-- 
1.9.1

[Qemu-devel] [PULL 22/31] fw_cfg: move boards to fw_cfg_init_io() / fw_cfg_init_mem()

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

This allows us to drop the fw_cfg_init() shim and to enforce the possible
mappings at compile time.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i386/pc.c              |  4 ++--
 hw/nvram/fw_cfg.c         | 14 --------------
 hw/ppc/mac_newworld.c     |  2 +-
 hw/ppc/mac_oldworld.c     |  2 +-
 hw/sparc/sun4m.c          |  2 +-
 hw/sparc64/sun4u.c        |  2 +-
 include/hw/nvram/fw_cfg.h |  2 --
 7 files changed, 6 insertions(+), 22 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index a3ddb5e..e07f1fa 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -649,7 +649,7 @@ static FWCfgState *bochs_bios_init(void)
     int i, j;
     unsigned int apic_id_limit = pc_apic_id_limit(max_cpus);
 
-    fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
+    fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
     /* FW_CFG_MAX_CPUS is a bit confusing/problematic on x86:
      *
      * SeaBIOS needs FW_CFG_MAX_CPUS for CPU hotplug, but the CPU hotplug
@@ -1170,7 +1170,7 @@ FWCfgState *xen_load_linux(const char *kernel_filename,
 
     assert(kernel_filename != NULL);
 
-    fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
+    fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
     rom_set_fw(fw_cfg);
 
     load_linux(fw_cfg, kernel_filename, initrd_filename,
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index ab7bfff..c48bc6e 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -632,20 +632,6 @@ FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
 }
 
 
-FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
-                        hwaddr crl_addr, hwaddr data_addr)
-{
-    if (ctl_port + 1 == data_port && crl_addr == 0 && data_addr == 0) {
-        return fw_cfg_init_io(ctl_port);
-    }
-    if (ctl_port == 0 && data_port == 0 && crl_addr != 0 && data_addr != 0) {
-        return fw_cfg_init_mem(crl_addr, data_addr);
-    }
-    assert(false);
-    return NULL;
-}
-
-
 FWCfgState *fw_cfg_find(void)
 {
     return FW_CFG(object_resolve_path(FW_CFG_PATH, NULL));
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index ee1ed8a..b60a832 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -454,7 +454,7 @@ static void ppc_core99_init(MachineState *machine)
     pmac_format_nvram_partition(nvr, 0x2000);
     /* No PCI init: the BIOS will do it */
 
-    fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+    fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
     fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
     fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
     fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 15109c2..c7224d7 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -313,7 +313,7 @@ static void ppc_heathrow_init(MachineState *machine)
 
     /* No PCI init: the BIOS will do it */
 
-    fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+    fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
     fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
     fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
     fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index df259ad..ecd9dc1 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -1084,7 +1084,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
         ecc_init(hwdef->ecc_base, slavio_irq[28],
                  hwdef->ecc_version);
 
-    fw_cfg = fw_cfg_init(0, 0, CFG_ADDR, CFG_ADDR + 2);
+    fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
     fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
     fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
     fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index acac8f9..3ff5bd8 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -892,7 +892,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
                            graphic_width, graphic_height, graphic_depth,
                            (uint8_t *)&nd_table[0].macaddr);
 
-    fw_cfg = fw_cfg_init(BIOS_CFG_IOPORT, BIOS_CFG_IOPORT + 1, 0, 0);
+    fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
     fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
     fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
     fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index fcc88ea..a99586e 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -78,8 +78,6 @@ void fw_cfg_add_file_callback(FWCfgState *s, const char *filename,
                               void *data, size_t len);
 void *fw_cfg_modify_file(FWCfgState *s, const char *filename, void *data,
                          size_t len);
-FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
-                        hwaddr crl_addr, hwaddr data_addr);
 FWCfgState *fw_cfg_init_io(uint32_t iobase);
 FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr);
 
-- 
1.9.1

[Qemu-devel] [PULL 23/31] fw_cfg_mem: max access size and region size are the same for data register

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

Make it clear that the maximum access size to the MMIO data register
determines the full size of the memory region.

Currently the max access size is 1.

This patch doesn't change behavior.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/fw_cfg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index c48bc6e..8deb860 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -31,7 +31,6 @@
 #include "qemu/config-file.h"
 
 #define FW_CFG_SIZE 2
-#define FW_CFG_DATA_SIZE 1
 #define FW_CFG_NAME "fw_cfg"
 #define FW_CFG_PATH "/machine/" FW_CFG_NAME
 
@@ -694,7 +693,8 @@ static void fw_cfg_mem_realize(DeviceState *dev, Error **errp)
     sysbus_init_mmio(sbd, &s->ctl_iomem);
 
     memory_region_init_io(&s->data_iomem, OBJECT(s), &fw_cfg_data_mem_ops,
-                          FW_CFG(s), "fwcfg.data", FW_CFG_DATA_SIZE);
+                          FW_CFG(s), "fwcfg.data",
+                          fw_cfg_data_mem_ops.valid.max_access_size);
     sysbus_init_mmio(sbd, &s->data_iomem);
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 24/31] fw_cfg_mem: flip ctl_mem_ops and data_mem_ops to DEVICE_BIG_ENDIAN

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

The standalone selector port (fw_cfg_ctl_mem_ops) is only used by big
endian guests to date (*), hence this change doesn't regress them. Paolo
and Alex have suggested / requested an explicit DEVICE_BIG_ENDIAN setting
here, for clarity.

(*) git grep -l fw_cfg_init_mem

    hw/nvram/fw_cfg.c
    hw/ppc/mac_newworld.c
    hw/ppc/mac_oldworld.c
    hw/sparc/sun4m.c
    include/hw/nvram/fw_cfg.h

The standalone data port (fw_cfg_data_mem_ops) has max_access_size 1 (for
now), hence changing its endianness doesn't change behavior for existing
guest code.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/fw_cfg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 8deb860..910ae14 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -332,14 +332,14 @@ static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
 
 static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
     .write = fw_cfg_ctl_mem_write,
-    .endianness = DEVICE_NATIVE_ENDIAN,
+    .endianness = DEVICE_BIG_ENDIAN,
     .valid.accepts = fw_cfg_ctl_mem_valid,
 };
 
 static const MemoryRegionOps fw_cfg_data_mem_ops = {
     .read = fw_cfg_data_mem_read,
     .write = fw_cfg_data_mem_write,
-    .endianness = DEVICE_NATIVE_ENDIAN,
+    .endianness = DEVICE_BIG_ENDIAN,
     .valid = {
         .min_access_size = 1,
         .max_access_size = 1,
-- 
1.9.1

[Qemu-devel] [PULL 25/31] exec: allows 8-byte accesses in subpage_ops

[Peter Maydell]

From: Paolo Bonzini <pbonzini@redhat.com>

Otherwise fw_cfg accesses are split into 4-byte ones before they reach the
fw_cfg ops / handlers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 exec.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index c2ed10a..9c3f304 100644
--- a/exec.c
+++ b/exec.c
@@ -1768,7 +1768,7 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
                              unsigned len)
 {
     subpage_t *subpage = opaque;
-    uint8_t buf[4];
+    uint8_t buf[8];
 
 #if defined(DEBUG_SUBPAGE)
     printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
@@ -1782,6 +1782,8 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
         return lduw_p(buf);
     case 4:
         return ldl_p(buf);
+    case 8:
+        return ldq_p(buf);
     default:
         abort();
     }
@@ -1791,7 +1793,7 @@ static void subpage_write(void *opaque, hwaddr addr,
                           uint64_t value, unsigned len)
 {
     subpage_t *subpage = opaque;
-    uint8_t buf[4];
+    uint8_t buf[8];
 
 #if defined(DEBUG_SUBPAGE)
     printf("%s: subpage %p len %u addr " TARGET_FMT_plx
@@ -1808,6 +1810,9 @@ static void subpage_write(void *opaque, hwaddr addr,
     case 4:
         stl_p(buf, value);
         break;
+    case 8:
+        stq_p(buf, value);
+        break;
     default:
         abort();
     }
@@ -1830,6 +1835,10 @@ static bool subpage_accepts(void *opaque, hwaddr addr,
 static const MemoryRegionOps subpage_ops = {
     .read = subpage_read,
     .write = subpage_write,
+    .impl.min_access_size = 1,
+    .impl.max_access_size = 8,
+    .valid.min_access_size = 1,
+    .valid.max_access_size = 8,
     .valid.accepts = subpage_accepts,
     .endianness = DEVICE_NATIVE_ENDIAN,
 };
-- 
1.9.1

[Qemu-devel] [PULL 26/31] fw_cfg_mem: introduce the "data_width" property

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

The "data_width" property is capable of changing the maximum valid access
size to the MMIO data register, and resizes the memory region similarly,
at device realization time.

The default value of "data_memwidth" is set so that we don't yet diverge
from "fw_cfg_data_mem_ops".

Most of the fw_cfg_mem users will stick with the default, and for them we
should continue using the statically allocated "fw_cfg_data_mem_ops". This
is beneficial for debugging because gdb can resolve pointers referencing
static objects to the names of those objects.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/fw_cfg.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 74 insertions(+), 5 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 910ae14..2950d68 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -77,6 +77,8 @@ struct FWCfgMemState {
     /*< public >*/
 
     MemoryRegion ctl_iomem, data_iomem;
+    uint32_t data_width;
+    MemoryRegionOps wide_data_ops;
 };
 
 #define JPG_FILE 0
@@ -284,13 +286,58 @@ static uint8_t fw_cfg_read(FWCfgState *s)
 static uint64_t fw_cfg_data_mem_read(void *opaque, hwaddr addr,
                                      unsigned size)
 {
-    return fw_cfg_read(opaque);
+    FWCfgState *s = opaque;
+    uint8_t buf[8];
+    unsigned i;
+
+    for (i = 0; i < size; ++i) {
+        buf[i] = fw_cfg_read(s);
+    }
+    switch (size) {
+    case 1:
+        return buf[0];
+    case 2:
+        return lduw_he_p(buf);
+    case 4:
+        return (uint32_t)ldl_he_p(buf);
+    case 8:
+        return ldq_he_p(buf);
+    }
+    abort();
 }
 
 static void fw_cfg_data_mem_write(void *opaque, hwaddr addr,
                                   uint64_t value, unsigned size)
 {
-    fw_cfg_write(opaque, (uint8_t)value);
+    FWCfgState *s = opaque;
+    uint8_t buf[8];
+    unsigned i;
+
+    switch (size) {
+    case 1:
+        buf[0] = value;
+        break;
+    case 2:
+        stw_he_p(buf, value);
+        break;
+    case 4:
+        stl_he_p(buf, value);
+        break;
+    case 8:
+        stq_he_p(buf, value);
+        break;
+    default:
+        abort();
+    }
+    for (i = 0; i < size; ++i) {
+        fw_cfg_write(s, buf[i]);
+    }
+}
+
+static bool fw_cfg_data_mem_valid(void *opaque, hwaddr addr,
+                                  unsigned size, bool is_write)
+{
+    return addr == 0;
 }
 
 static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
@@ -343,6 +390,7 @@ static const MemoryRegionOps fw_cfg_data_mem_ops = {
     .valid = {
         .min_access_size = 1,
         .max_access_size = 1,
+        .accepts = fw_cfg_data_mem_valid,
     },
 };
 
@@ -621,6 +669,9 @@ FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
     SysBusDevice *sbd;
 
     dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
+    qdev_prop_set_uint32(dev, "data_width",
+                         fw_cfg_data_mem_ops.valid.max_access_size);
+
     fw_cfg_init1(dev);
 
     sbd = SYS_BUS_DEVICE(dev);
@@ -683,18 +734,35 @@ static const TypeInfo fw_cfg_io_info = {
 };
 
 
+static Property fw_cfg_mem_properties[] = {
+    DEFINE_PROP_UINT32("data_width", FWCfgMemState, data_width, -1),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
 static void fw_cfg_mem_realize(DeviceState *dev, Error **errp)
 {
     FWCfgMemState *s = FW_CFG_MEM(dev);
     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+    const MemoryRegionOps *data_ops = &fw_cfg_data_mem_ops;
 
     memory_region_init_io(&s->ctl_iomem, OBJECT(s), &fw_cfg_ctl_mem_ops,
                           FW_CFG(s), "fwcfg.ctl", FW_CFG_SIZE);
     sysbus_init_mmio(sbd, &s->ctl_iomem);
 
-    memory_region_init_io(&s->data_iomem, OBJECT(s), &fw_cfg_data_mem_ops,
-                          FW_CFG(s), "fwcfg.data",
-                          fw_cfg_data_mem_ops.valid.max_access_size);
+    if (s->data_width > data_ops->valid.max_access_size) {
+        /* memberwise copy because the "old_mmio" member is const */
+        s->wide_data_ops.read       = data_ops->read;
+        s->wide_data_ops.write      = data_ops->write;
+        s->wide_data_ops.endianness = data_ops->endianness;
+        s->wide_data_ops.valid      = data_ops->valid;
+        s->wide_data_ops.impl       = data_ops->impl;
+
+        s->wide_data_ops.valid.max_access_size = s->data_width;
+        s->wide_data_ops.impl.max_access_size  = s->data_width;
+        data_ops = &s->wide_data_ops;
+    }
+    memory_region_init_io(&s->data_iomem, OBJECT(s), data_ops, FW_CFG(s),
+                          "fwcfg.data", data_ops->valid.max_access_size);
     sysbus_init_mmio(sbd, &s->data_iomem);
 }
 
@@ -703,6 +771,7 @@ static void fw_cfg_mem_class_init(ObjectClass *klass, void *data)
     DeviceClass *dc = DEVICE_CLASS(klass);
 
     dc->realize = fw_cfg_mem_realize;
+    dc->props = fw_cfg_mem_properties;
 }
 
 static const TypeInfo fw_cfg_mem_info = {
-- 
1.9.1

[Qemu-devel] [PULL 27/31] fw_cfg_mem: expose the "data_width" property with fw_cfg_init_mem_wide()

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

We rebase fw_cfg_init_mem() to the new function for compatibility with
current callers.

The behavior of the (big endian) multi-byte data reads is best shown
with a qtest session.  Here, we are reading the first six bytes of
the UUID

    $ arm-softmmu/qemu-system-arm -M virt -machine accel=qtest \
         -qtest stdio -uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8
>>> writew 0x9020008 0x0200
<<< OK
>>> readl 0x9020000
<<< OK 0x000000004600cb32

Remember this is big endian.  On big endian machines, it is stored
directly as 0x46 0x00 0xcb 0x32.

On a little endian machine, we have to first swap it, so that it becomes
0x32cb0046.  When written to memory, it becomes 0x46 0x00 0xcb 0x32
again.

Reading byte-by-byte works too, of course:

>>> readb 0x9020000
<<< OK 0x0000000000000038
>>> readb 0x9020000
<<< OK 0x00000000000000ec

Here only a single byte is read at a time, so they are read in order
similar to the 1-byte data port that is already in PPC and SPARC
machines.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-8-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/fw_cfg.c         | 12 +++++++++---
 include/hw/nvram/fw_cfg.h |  2 ++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 2950d68..fcdf821 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -663,14 +663,14 @@ FWCfgState *fw_cfg_init_io(uint32_t iobase)
     return FW_CFG(dev);
 }
 
-FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
+FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr, hwaddr data_addr,
+                                 uint32_t data_width)
 {
     DeviceState *dev;
     SysBusDevice *sbd;
 
     dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
-    qdev_prop_set_uint32(dev, "data_width",
-                         fw_cfg_data_mem_ops.valid.max_access_size);
+    qdev_prop_set_uint32(dev, "data_width", data_width);
 
     fw_cfg_init1(dev);
 
@@ -681,6 +681,12 @@ FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
     return FW_CFG(dev);
 }
 
+FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
+{
+    return fw_cfg_init_mem_wide(ctl_addr, data_addr,
+                                fw_cfg_data_mem_ops.valid.max_access_size);
+}
+
 
 FWCfgState *fw_cfg_find(void)
 {
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index a99586e..6d8a8ac 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -80,6 +80,8 @@ void *fw_cfg_modify_file(FWCfgState *s, const char *filename, void *data,
                          size_t len);
 FWCfgState *fw_cfg_init_io(uint32_t iobase);
 FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr);
+FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr, hwaddr data_addr,
+                                 uint32_t data_width);
 
 FWCfgState *fw_cfg_find(void);
 
-- 
1.9.1

[Qemu-devel] [PULL 28/31] arm: add fw_cfg to "virt" board

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

fw_cfg already supports exposure over MMIO (used in ppc/mac_newworld.c,
ppc/mac_oldworld.c, sparc/sun4m.c); we can easily add it to the "virt"
board.

Because MMIO access is slow on ARM KVM, we enable the guest, with
fw_cfg_init_mem_wide(), to transfer up to 8 bytes with a single access.
This has been measured to speed up transfers up to 7.5-fold, relative to
single byte data access, on both ARM KVM and x86_64 TCG.

The MMIO register block of fw_cfg is advertized in the device tree. As
base address we pick 0x09020000, which conforms to the comment preceding
"a15memmap": it falls in the miscellaneous device I/O range 128MB..256MB,
and it is aligned at 64KB. The DTB properties follow the documentation in
the Linux source file "Documentation/devicetree/bindings/arm/fw-cfg.txt".

fw_cfg automatically exports a number of files to the guest; for example,
"bootorder" (see fw_cfg_machine_reset()).

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-9-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a9e13ca..183bf20 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -68,6 +68,7 @@ enum {
     VIRT_UART,
     VIRT_MMIO,
     VIRT_RTC,
+    VIRT_FW_CFG,
 };
 
 typedef struct MemMapEntry {
@@ -125,6 +126,7 @@ static const MemMapEntry a15memmap[] = {
     [VIRT_GIC_CPU] =    { 0x08010000, 0x00010000 },
     [VIRT_UART] =       { 0x09000000, 0x00001000 },
     [VIRT_RTC] =        { 0x09010000, 0x00001000 },
+    [VIRT_FW_CFG] =     { 0x09020000, 0x0000000a },
     [VIRT_MMIO] =       { 0x0a000000, 0x00000200 },
     /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
     /* 0x10000000 .. 0x40000000 reserved for PCI */
@@ -537,6 +539,23 @@ static void create_flash(const VirtBoardInfo *vbi)
     g_free(nodename);
 }
 
+static void create_fw_cfg(const VirtBoardInfo *vbi)
+{
+    hwaddr base = vbi->memmap[VIRT_FW_CFG].base;
+    hwaddr size = vbi->memmap[VIRT_FW_CFG].size;
+    char *nodename;
+
+    fw_cfg_init_mem_wide(base + 8, base, 8);
+
+    nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
+    qemu_fdt_add_subnode(vbi->fdt, nodename);
+    qemu_fdt_setprop_string(vbi->fdt, nodename,
+                            "compatible", "qemu,fw-cfg-mmio");
+    qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
+                                 2, base, 2, size);
+    g_free(nodename);
+}
+
 static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
 {
     const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;
@@ -627,6 +646,8 @@ static void machvirt_init(MachineState *machine)
      */
     create_virtio_devices(vbi, pic);
 
+    create_fw_cfg(vbi);
+
     vbi->bootinfo.ram_size = machine->ram_size;
     vbi->bootinfo.kernel_filename = machine->kernel_filename;
     vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline;
-- 
1.9.1

[Qemu-devel] [PULL 29/31] hw/loader: split out load_image_gzipped_buffer()

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

In the next patch we'd like to reuse the image decompression facility
without installing the output as a ROM at a specific guest-phys address.

In addition, expose LOAD_IMAGE_MAX_GUNZIP_BYTES, because that's a
straightforward "max_sz" argument for the new load_image_gzipped_buffer().

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-10-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/loader.c    | 30 +++++++++++++++++++++---------
 include/hw/loader.h |  9 +++++++++
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 7527fd3..f2b34da 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -614,14 +614,9 @@ int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
                             NULL, NULL);
 }
 
-/* This simply prevents g_malloc in the function below from allocating
- * a huge amount of memory, by placing a limit on the maximum
- * uncompressed image size that load_image_gzipped will read.
- */
-#define LOAD_IMAGE_MAX_GUNZIP_BYTES (256 << 20)
-
-/* Load a gzip-compressed kernel. */
-int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
+/* Load a gzip-compressed kernel to a dynamically allocated buffer. */
+int load_image_gzipped_buffer(const char *filename, uint64_t max_sz,
+                              uint8_t **buffer)
 {
     uint8_t *compressed_data = NULL;
     uint8_t *data = NULL;
@@ -653,8 +648,11 @@ int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
         goto out;
     }
 
-    rom_add_blob_fixed(filename, data, bytes, addr);
+    /* trim to actual size and return to caller */
+    *buffer = g_realloc(data, bytes);
     ret = bytes;
+    /* ownership has been transferred to caller */
+    data = NULL;
 
  out:
     g_free(compressed_data);
@@ -662,6 +660,20 @@ int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
     return ret;
 }
 
+/* Load a gzip-compressed kernel. */
+int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
+{
+    int bytes;
+    uint8_t *data;
+
+    bytes = load_image_gzipped_buffer(filename, max_sz, &data);
+    if (bytes != -1) {
+        rom_add_blob_fixed(filename, data, bytes, addr);
+        g_free(data);
+    }
+    return bytes;
+}
+
 /*
  * Functions for reboot-persistent memory regions.
  *  - used for vga bios and option roms.
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 6481639..8997620 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -16,6 +16,15 @@ int load_image(const char *filename, uint8_t *addr); /* deprecated */
 ssize_t load_image_size(const char *filename, void *addr, size_t size);
 int load_image_targphys(const char *filename, hwaddr,
                         uint64_t max_sz);
+
+/* This is the limit on the maximum uncompressed image size that
+ * load_image_gzipped_buffer() and load_image_gzipped() will read. It prevents
+ * g_malloc() in those functions from allocating a huge amount of memory.
+ */
+#define LOAD_IMAGE_MAX_GUNZIP_BYTES (256 << 20)
+
+int load_image_gzipped_buffer(const char *filename, uint64_t max_sz,
+                              uint8_t **buffer);
 int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz);
 
 #define ELF_LOAD_FAILED       -1
-- 
1.9.1

[Qemu-devel] [PULL 30/31] hw/arm: pass pristine kernel image to guest firmware over fw_cfg

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

Introduce the new boolean field "arm_boot_info.firmware_loaded". When this
field is set, it means that the portion of guest DRAM that the VCPU
normally starts to execute, or the pflash chip that the VCPU normally
starts to execute, has been populated by board-specific code with
full-fledged guest firmware code, before the board calls
arm_load_kernel().

Simultaneously, "arm_boot_info.firmware_loaded" guarantees that the board
code has set up the global firmware config instance, for arm_load_kernel()
to find with fw_cfg_find().

Guest kernel (-kernel) and guest firmware (-bios, -pflash) has always been
possible to specify independently on the command line. The following cases
should be considered:

nr  -bios    -pflash  -kernel  description
             unit#0
--  -------  -------  -------  -------------------------------------------
1   present  present  absent   Board code rejects this case, -bios and
    present  present  present  -pflash unit#0 are exclusive. Left intact
                               by this patch.

2   absent   absent   present  Traditional kernel loading, with qemu's
                               minimal board firmware. Left intact by this
                               patch.

3   absent   present  absent   Preexistent case for booting guest firmware
    present  absent   absent   loaded with -bios or -pflash. Left intact
                               by this patch.

4   absent   absent   absent   Preexistent case for not loading any
                               firmware or kernel up-front. Left intact by
                               this patch.

5   present  absent   present  New case introduced by this patch: kernel
    absent   present  present  image is passed to externally loaded
                               firmware in unmodified form, using fw_cfg.

An easy way to see that this patch doesn't interfere with existing cases
is to realize that "info->firmware_loaded" is constant zero at this point.
Which makes the "outer" condition unchanged, and the "inner" condition
(with the fw_cfg-related code) dead.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-11-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c        | 88 +++++++++++++++++++++++++++++++++++++++++++++++++---
 include/hw/arm/arm.h |  5 +++
 2 files changed, 88 insertions(+), 5 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index c8d1d4e..52ebd8b 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -488,6 +488,55 @@ static void do_cpu_reset(void *opaque)
     }
 }
 
+/**
+ * load_image_to_fw_cfg() - Load an image file into an fw_cfg entry identified
+ *                          by key.
+ * @fw_cfg:         The firmware config instance to store the data in.
+ * @size_key:       The firmware config key to store the size of the loaded
+ *                  data under, with fw_cfg_add_i32().
+ * @data_key:       The firmware config key to store the loaded data under,
+ *                  with fw_cfg_add_bytes().
+ * @image_name:     The name of the image file to load. If it is NULL, the
+ *                  function returns without doing anything.
+ * @try_decompress: Whether the image should be decompressed (gunzipped) before
+ *                  adding it to fw_cfg. If decompression fails, the image is
+ *                  loaded as-is.
+ *
+ * In case of failure, the function prints an error message to stderr and the
+ * process exits with status 1.
+ */
+static void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key,
+                                 uint16_t data_key, const char *image_name,
+                                 bool try_decompress)
+{
+    size_t size = -1;
+    uint8_t *data;
+
+    if (image_name == NULL) {
+        return;
+    }
+
+    if (try_decompress) {
+        size = load_image_gzipped_buffer(image_name,
+                                         LOAD_IMAGE_MAX_GUNZIP_BYTES, &data);
+    }
+
+    if (size == (size_t)-1) {
+        gchar *contents;
+        gsize length;
+
+        if (!g_file_get_contents(image_name, &contents, &length, NULL)) {
+            fprintf(stderr, "failed to load \"%s\"\n", image_name);
+            exit(1);
+        }
+        size = length;
+        data = (uint8_t *)contents;
+    }
+
+    fw_cfg_add_i32(fw_cfg, size_key, size);
+    fw_cfg_add_bytes(fw_cfg, data_key, data, size);
+}
+
 void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
 {
     CPUState *cs;
@@ -510,19 +559,48 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
     }
 
     /* Load the kernel.  */
-    if (!info->kernel_filename) {
+    if (!info->kernel_filename || info->firmware_loaded) {
 
         if (have_dtb(info)) {
-            /* If we have a device tree blob, but no kernel to supply it to,
-             * copy it to the base of RAM for a bootloader to pick up.
+            /* If we have a device tree blob, but no kernel to supply it to (or
+             * the kernel is supposed to be loaded by the bootloader), copy the
+             * DTB to the base of RAM for the bootloader to pick up.
              */
             if (load_dtb(info->loader_start, info, 0) < 0) {
                 exit(1);
             }
         }
 
-        /* If no kernel specified, do nothing; we will start from address 0
-         * (typically a boot ROM image) in the same way as hardware.
+        if (info->kernel_filename) {
+            FWCfgState *fw_cfg;
+            bool try_decompressing_kernel;
+
+            fw_cfg = fw_cfg_find();
+            try_decompressing_kernel = arm_feature(&cpu->env,
+                                                   ARM_FEATURE_AARCH64);
+
+            /* Expose the kernel, the command line, and the initrd in fw_cfg.
+             * We don't process them here at all, it's all left to the
+             * firmware.
+             */
+            load_image_to_fw_cfg(fw_cfg,
+                                 FW_CFG_KERNEL_SIZE, FW_CFG_KERNEL_DATA,
+                                 info->kernel_filename,
+                                 try_decompressing_kernel);
+            load_image_to_fw_cfg(fw_cfg,
+                                 FW_CFG_INITRD_SIZE, FW_CFG_INITRD_DATA,
+                                 info->initrd_filename, false);
+
+            if (info->kernel_cmdline) {
+                fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
+                               strlen(info->kernel_cmdline) + 1);
+                fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA,
+                                  info->kernel_cmdline);
+            }
+        }
+
+        /* We will start from address 0 (typically a boot ROM image) in the
+         * same way as hardware.
          */
         return;
     }
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index e5a5d8c..c4bf56d 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -70,6 +70,11 @@ struct arm_boot_info {
     hwaddr initrd_start;
     hwaddr initrd_size;
     hwaddr entry;
+
+    /* Boot firmware has been loaded, typically at address 0, with -bios or
+     * -pflash. It also implies that fw_cfg_find() will succeed.
+     */
+    bool firmware_loaded;
 };
 void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info);
 
-- 
1.9.1

[Qemu-devel] [PULL 31/31] hw/arm/virt: enable passing of EFI-stubbed kernel to guest UEFI firmware

[Peter Maydell]

From: Laszlo Ersek <lersek@redhat.com>

The virt board already ensures mutual exclusion between -bios and -pflash
unit#0; we only need to set "bootinfo.firmware_loaded", introduced in the
previous patch, if either of those options was used to load the guest
firmware.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1419250305-31062-12-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 183bf20..2353440 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -656,6 +656,7 @@ static void machvirt_init(MachineState *machine)
     vbi->bootinfo.board_id = -1;
     vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base;
     vbi->bootinfo.get_dtb = machvirt_dtb;
+    vbi->bootinfo.firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
     arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
 }
 
-- 
1.9.1

Re: [Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

On 23 December 2014 at 13:53, Peter Maydell <peter.maydell@linaro.org> wrote:
> Two major things in this pull:
>  * finally getting to the point when we can actually enable TrustZone
>    (for 32 bit CPUs); there's more to come next year, notably GIC support,
>    but this is now something people can actually use
>  * support for passing a command line specified kernel/initrd to firmware
>    (ie UEFI) for it to boot

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

On 8 June 2018 at 13:44, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: aspeed patches from Cédric, and
> cleanup and sd card patches from Philippe.
>
> thanks
> -- PMM
>
> The following changes since commit bac5ba3dc5da706f52c149fa6c0bd1dc96899bec:
>
>   Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging (2018-06-08 10:26:16 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180608
>
> for you to fetch changes up to 113f31c06c6bf16451892b2459d83c9b9c5e9844:
>
>   sdcard: Disable CMD19/CMD23 for Spec v2 (2018-06-08 13:15:34 +0100)
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

target-arm queue: aspeed patches from Cédric, and
cleanup and sd card patches from Philippe.

thanks
-- PMM 

The following changes since commit bac5ba3dc5da706f52c149fa6c0bd1dc96899bec:

  Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging (2018-06-08 10:26:16 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180608

for you to fetch changes up to 113f31c06c6bf16451892b2459d83c9b9c5e9844:

  sdcard: Disable CMD19/CMD23 for Spec v2 (2018-06-08 13:15:34 +0100)

----------------------------------------------------------------
target-arm queue:
 * arm_gicv3_kvm: fix migration of registers corresponding to
   IRQs 992 to 1020 in the KVM GIC
 * aspeed: remove ignore_memory_transaction_failures on all boards
 * aspeed: add support for the witherspoon-bmc board
 * aspeed: add an I2C RTC device and EEPROM I2C devices
 * aspeed: add the pc9552 chips to the witherspoon machine
 * ftgmac100: fix various bugs
 * hw/arm: Remove the deprecated xlnx-ep108 machine
 * hw/i2c: Add trace events
 * add missing '\n' on various qemu_log() logging strings
 * sdcard: clean up spec version support so we report the
   right spec version to the guest and only implement the
   commands that are supposed to be present in that version

----------------------------------------------------------------
Cédric Le Goater (11):
      aspeed: remove ignore_memory_transaction_failures on all boards
      aspeed: add support for the witherspoon-bmc board
      aspeed: add an I2C RTC device to all machines
      smbus: add a smbus_eeprom_init_one() routine
      aspeed: Add EEPROM I2C devices
      misc: add pca9552 LED blinker model
      aspeed: add the pc9552 chips to the witherspoon machine
      ftgmac100: compute maximum frame size depending on the protocol
      ftgmac100: add IEEE 802.1Q VLAN support
      ftgmac100: fix multicast hash routine
      ftgmac100: remove check on runt messages

Philippe Mathieu-Daudé (18):
      hw/i2c: Add trace events
      hw/sd/milkymist-memcard: Add trailing '\n' to qemu_log() call
      hw/digic: Add trailing '\n' to qemu_log() calls
      xilinx-dp: Add trailing '\n' to qemu_log() call
      ppc/pnv: Add trailing '\n' to qemu_log() calls
      hw/core/register: Add trailing '\n' to qemu_log() call
      hw/mips/boston: Add trailing '\n' to qemu_log() calls
      stellaris: Add trailing '\n' to qemu_log() calls
      target/arm: Add trailing '\n' to qemu_log() calls
      target/m68k: Add trailing '\n' to qemu_log() call
      RISC-V: Add trailing '\n' to qemu_log() calls
      target/xtensa: Add trailing '\n' to qemu_log() calls
      sdcard: Update the Configuration Register (SCR) to Spec Version 1.10
      sdcard: Allow commands valid in SPI mode
      sdcard: Add a 'spec_version' property, default to Spec v2.00
      sdcard: Disable SEND_IF_COND (CMD8) for Spec v1
      sdcard: Reflect when the Spec v3 is supported in the Config Register (SCR)
      sdcard: Disable CMD19/CMD23 for Spec v2

Shannon Zhao (1):
      arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

Thomas Huth (1):
      hw/arm: Remove the deprecated xlnx-ep108 machine

 Makefile.objs                      |   1 +
 hw/misc/Makefile.objs              |   1 +
 tests/Makefile.include             |   2 +
 include/hw/i2c/smbus.h             |   1 +
 include/hw/intc/arm_gicv3_common.h |   1 +
 include/hw/misc/pca9552.h          |  32 +++++
 include/hw/misc/pca9552_regs.h     |  32 +++++
 include/hw/net/ftgmac100.h         |   7 +-
 include/hw/sd/sd.h                 |   6 +
 tests/libqos/i2c.h                 |   2 +
 hw/arm/aspeed.c                    |  88 +++++++++++++-
 hw/arm/stellaris.c                 |  11 +-
 hw/arm/xlnx-zcu102.c               |  62 +---------
 hw/char/digic-uart.c               |   4 +-
 hw/core/register.c                 |   2 +-
 hw/display/xlnx_dp.c               |   4 +-
 hw/i2c/core.c                      |  25 ++--
 hw/i2c/smbus_eeprom.c              |  16 ++-
 hw/intc/arm_gicv3_common.c         |  79 ++++++++++++
 hw/intc/arm_gicv3_kvm.c            |  38 ++++++
 hw/mips/boston.c                   |   8 +-
 hw/misc/pca9552.c                  | 240 +++++++++++++++++++++++++++++++++++++
 hw/net/ftgmac100.c                 |  64 ++++++----
 hw/ppc/pnv_core.c                  |   4 +-
 hw/sd/milkymist-memcard.c          |   2 +-
 hw/sd/sd.c                         |  50 +++++---
 hw/timer/digic-timer.c             |   4 +-
 target/arm/helper.c                |   4 +-
 target/m68k/translate.c            |   2 +-
 target/riscv/op_helper.c           |   6 +-
 target/xtensa/translate.c          |   6 +-
 tests/pca9552-test.c               | 116 ++++++++++++++++++
 tests/tmp105-test.c                |   2 -
 default-configs/arm-softmmu.mak    |   1 +
 hw/i2c/trace-events                |   7 ++
 qemu-doc.texi                      |   5 -
 36 files changed, 788 insertions(+), 147 deletions(-)
 create mode 100644 include/hw/misc/pca9552.h
 create mode 100644 include/hw/misc/pca9552_regs.h
 create mode 100644 hw/misc/pca9552.c
 create mode 100644 tests/pca9552-test.c
 create mode 100644 hw/i2c/trace-events

Re: [Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

On 21 September 2017 at 17:41, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM queue: mostly patches from me, but also the Smartfusion2 board.
>
> thanks
> -- PMM
>
> The following changes since commit 9ee660e7c138595224b65ddc1c5712549f0a278c:
>
>   Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170921' into staging (2017-09-21 14:40:32 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170921
>
> for you to fetch changes up to 6d262dcb7d108eda93813574c2061398084dc795:
>
>   msf2: Add Emcraft's Smartfusion2 SOM kit (2017-09-21 16:36:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * more preparatory work for v8M support
>  * convert some omap devices away from old_mmio
>  * remove out of date ARM ARM section references in comments
>  * add the Smartfusion2 board

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

ARM queue: mostly patches from me, but also the Smartfusion2 board.

thanks
-- PMM

The following changes since commit 9ee660e7c138595224b65ddc1c5712549f0a278c:

  Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170921' into staging (2017-09-21 14:40:32 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170921

for you to fetch changes up to 6d262dcb7d108eda93813574c2061398084dc795:

  msf2: Add Emcraft's Smartfusion2 SOM kit (2017-09-21 16:36:56 +0100)

----------------------------------------------------------------
target-arm queue:
 * more preparatory work for v8M support
 * convert some omap devices away from old_mmio
 * remove out of date ARM ARM section references in comments
 * add the Smartfusion2 board

----------------------------------------------------------------
Peter Maydell (26):
      target/arm: Implement MSR/MRS access to NS banked registers
      nvic: Add banked exception states
      nvic: Add cached vectpending_is_s_banked state
      nvic: Add cached vectpending_prio state
      nvic: Implement AIRCR changes for v8M
      nvic: Make ICSR.RETTOBASE handle banked exceptions
      nvic: Implement NVIC_ITNS<n> registers
      nvic: Handle banked exceptions in nvic_recompute_state()
      nvic: Make set_pending and clear_pending take a secure parameter
      nvic: Make SHPR registers banked
      nvic: Compare group priority for escalation to HF
      nvic: In escalation to HardFault, support HF not being priority -1
      nvic: Implement v8M changes to fixed priority exceptions
      nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear
      nvic: Handle v8M changes in nvic_exec_prio()
      target/arm: Handle banking in negative-execution-priority check in cpu_mmu_index()
      nvic: Make ICSR banked for v8M
      nvic: Make SHCSR banked for v8M
      nvic: Support banked exceptions in acknowledge and complete
      target/arm: Remove out of date ARM ARM section references in A64 decoder
      hw/arm/palm.c: Don't use old_mmio for static_ops
      hw/gpio/omap_gpio.c: Don't use old_mmio
      hw/timer/omap_synctimer.c: Don't use old_mmio
      hw/timer/omap_gptimer: Don't use old_mmio
      hw/i2c/omap_i2c.c: Don't use old_mmio
      hw/arm/omap2.c: Don't use old_mmio

Subbaraya Sundeep (5):
      msf2: Add Smartfusion2 System timer
      msf2: Microsemi Smartfusion2 System Register block
      msf2: Add Smartfusion2 SPI controller
      msf2: Add Smartfusion2 SoC
      msf2: Add Emcraft's Smartfusion2 SOM kit

 hw/arm/Makefile.objs            |   1 +
 hw/misc/Makefile.objs           |   1 +
 hw/ssi/Makefile.objs            |   1 +
 hw/timer/Makefile.objs          |   1 +
 include/hw/arm/msf2-soc.h       |  67 +++
 include/hw/intc/armv7m_nvic.h   |  33 +-
 include/hw/misc/msf2-sysreg.h   |  77 ++++
 include/hw/ssi/mss-spi.h        |  58 +++
 include/hw/timer/mss-timer.h    |  64 +++
 target/arm/cpu.h                |  62 ++-
 hw/arm/msf2-soc.c               | 238 +++++++++++
 hw/arm/msf2-som.c               | 105 +++++
 hw/arm/omap2.c                  |  49 ++-
 hw/arm/palm.c                   |  30 +-
 hw/gpio/omap_gpio.c             |  26 +-
 hw/i2c/omap_i2c.c               |  44 +-
 hw/intc/armv7m_nvic.c           | 913 ++++++++++++++++++++++++++++++++++------
 hw/misc/msf2-sysreg.c           | 160 +++++++
 hw/ssi/mss-spi.c                | 404 ++++++++++++++++++
 hw/timer/mss-timer.c            | 289 +++++++++++++
 hw/timer/omap_gptimer.c         |  49 ++-
 hw/timer/omap_synctimer.c       |  35 +-
 target/arm/cpu.c                |   7 +
 target/arm/helper.c             | 142 ++++++-
 target/arm/translate-a64.c      | 227 +++++-----
 default-configs/arm-softmmu.mak |   1 +
 hw/intc/trace-events            |  13 +-
 hw/misc/trace-events            |   5 +
 28 files changed, 2735 insertions(+), 367 deletions(-)
 create mode 100644 include/hw/arm/msf2-soc.h
 create mode 100644 include/hw/misc/msf2-sysreg.h
 create mode 100644 include/hw/ssi/mss-spi.h
 create mode 100644 include/hw/timer/mss-timer.h
 create mode 100644 hw/arm/msf2-soc.c
 create mode 100644 hw/arm/msf2-som.c
 create mode 100644 hw/misc/msf2-sysreg.c
 create mode 100644 hw/ssi/mss-spi.c
 create mode 100644 hw/timer/mss-timer.c

Re: [Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

On 7 September 2017 at 14:27, Peter Maydell <peter.maydell@linaro.org> wrote:
> Second ARM pull request of this week; this one has my next
> set of v8M patches and a handful of more minor stuff from
> other people.
>
> thanks
> -- PMM
>
> The following changes since commit 8ee5f9b3ecc94e3eb7a8235f4b2c3ec9024807f6:
>
>   Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2017-09-07 10:45:18 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170907
>
> for you to fetch changes up to c99a55d38dd5b5131f3fcbbaf41828a09ee62544:
>
>   target/arm: Add Jazelle feature (2017-09-07 13:54:55 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * cleanups converting to DEFINE_PROP_LINK
>  * allwinner-a10: mark as not user-creatable
>  * initial patches working towards ARMv8M support
>  * implement generating aborts on memory transaction failures
>  * make BXJ behave correctly (ie not UNDEF) on ARMv6-and-later

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/31] target-arm queue

[Peter Maydell]

Second ARM pull request of this week; this one has my next
set of v8M patches and a handful of more minor stuff from
other people.

thanks
-- PMM

The following changes since commit 8ee5f9b3ecc94e3eb7a8235f4b2c3ec9024807f6:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2017-09-07 10:45:18 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170907

for you to fetch changes up to c99a55d38dd5b5131f3fcbbaf41828a09ee62544:

  target/arm: Add Jazelle feature (2017-09-07 13:54:55 +0100)

----------------------------------------------------------------
target-arm:
 * cleanups converting to DEFINE_PROP_LINK
 * allwinner-a10: mark as not user-creatable
 * initial patches working towards ARMv8M support
 * implement generating aborts on memory transaction failures
 * make BXJ behave correctly (ie not UNDEF) on ARMv6-and-later

----------------------------------------------------------------
Fam Zheng (6):
      armv7m: Convert bitband.source-memory to DEFINE_PROP_LINK
      armv7m: Convert armv7m.memory to DEFINE_PROP_LINK
      gicv3: Convert to DEFINE_PROP_LINK
      xlnx_zynqmp: Convert to DEFINE_PROP_LINK
      xilinx_axienet: Convert to DEFINE_PROP_LINK
      xilinx_axidma: Convert to DEFINE_PROP_LINK

Peter Maydell (23):
      target/arm: Implement ARMv8M's PMSAv8 registers
      target/arm: Implement new PMSAv8 behaviour
      target/arm: Add state field, feature bit and migration for v8M secure state
      target/arm: Register second AddressSpace for secure v8M CPUs
      target/arm: Add MMU indexes for secure v8M
      target/arm: Make BASEPRI register banked for v8M
      target/arm: Make PRIMASK register banked for v8M
      target/arm: Make FAULTMASK register banked for v8M
      target/arm: Make CONTROL register banked for v8M
      nvic: Add NS alias SCS region
      target/arm: Make VTOR register banked for v8M
      target/arm: Make MPU_MAIR0, MPU_MAIR1 registers banked for v8M
      target/arm: Make MPU_RBAR, MPU_RLAR banked for v8M
      target/arm: Make MPU_RNR register banked for v8M
      target/arm: Make MPU_CTRL register banked for v8M
      target/arm: Make CCR register banked for v8M
      target/arm: Make MMFAR banked for v8M
      target/arm: Make CFSR register banked for v8M
      target/arm: Move regime_is_secure() to target/arm/internals.h
      target/arm: Implement BXNS, and banked stack pointers
      boards.h: Define new flag ignore_memory_transaction_failures
      hw/arm: Set ignore_memory_transaction_failures for most ARM boards
      target/arm: Implement new do_transaction_failed hook

Portia Stephens (1):
      target/arm: Add Jazelle feature

Thomas Huth (1):
      hw/arm/allwinner-a10: Mark the allwinner-a10 device with user_creatable = false

 include/hw/boards.h           |  11 ++
 include/hw/intc/armv7m_nvic.h |   1 +
 include/qom/cpu.h             |   7 +-
 target/arm/cpu.h              | 101 ++++++++++++--
 target/arm/helper.h           |   2 +
 target/arm/internals.h        |  36 +++++
 target/arm/translate.h        |   1 +
 hw/arm/allwinner-a10.c        |   2 +
 hw/arm/armv7m.c               |  16 +--
 hw/arm/aspeed.c               |   3 +
 hw/arm/collie.c               |   1 +
 hw/arm/cubieboard.c           |   1 +
 hw/arm/digic_boards.c         |   1 +
 hw/arm/exynos4_boards.c       |   2 +
 hw/arm/gumstix.c              |   2 +
 hw/arm/highbank.c             |   2 +
 hw/arm/imx25_pdk.c            |   1 +
 hw/arm/integratorcp.c         |   1 +
 hw/arm/kzm.c                  |   1 +
 hw/arm/mainstone.c            |   1 +
 hw/arm/musicpal.c             |   1 +
 hw/arm/netduino2.c            |   1 +
 hw/arm/nseries.c              |   2 +
 hw/arm/omap_sx1.c             |   2 +
 hw/arm/palm.c                 |   1 +
 hw/arm/raspi.c                |   1 +
 hw/arm/realview.c             |   4 +
 hw/arm/sabrelite.c            |   1 +
 hw/arm/spitz.c                |   4 +
 hw/arm/stellaris.c            |   2 +
 hw/arm/tosa.c                 |   1 +
 hw/arm/versatilepb.c          |   2 +
 hw/arm/vexpress.c             |   1 +
 hw/arm/xilinx_zynq.c          |   1 +
 hw/arm/xlnx-ep108.c           |   2 +
 hw/arm/xlnx-zynqmp.c          |   7 +-
 hw/arm/z2.c                   |   1 +
 hw/dma/xilinx_axidma.c        |  16 +--
 hw/intc/arm_gicv3_its_kvm.c   |  19 +--
 hw/intc/armv7m_nvic.c         | 291 ++++++++++++++++++++++++++++++++------
 hw/net/xilinx_axienet.c       |  16 +--
 qom/cpu.c                     |  16 +++
 target/arm/cpu.c              |  88 +++++++++---
 target/arm/helper.c           | 315 +++++++++++++++++++++++++++++++++---------
 target/arm/machine.c          | 105 ++++++++++++--
 target/arm/op_helper.c        |  43 ++++++
 target/arm/translate.c        |  54 +++++++-
 scripts/device-crash-test     |   1 -
 48 files changed, 978 insertions(+), 213 deletions(-)