* [PULL 0/5] target-arm queue
@ 2020-03-23 17:40 Peter Maydell
2020-03-23 17:40 ` [PULL 1/5] hw/arm/bcm283x: Correct the license text Peter Maydell
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
Just a few minor bugfixes, but we might as well get them in
for rc0 tomorrow.
-- PMM
The following changes since commit 787f82407c5056a8b1097e39e53d01dd1abe406b:
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200323' into staging (2020-03-23 15:38:30 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200323
for you to fetch changes up to 550a04893c2bd4442211b353680b9a6408d94dba:
target/arm: Move computation of index in handle_simd_dupe (2020-03-23 17:22:30 +0000)
----------------------------------------------------------------
target-arm queue:
* target/arm: avoid undefined behaviour shift in watchpoint code
* target/arm: avoid undefined behaviour shift in handle_simd_dupe()
* target/arm: add assert that immh != 0 in disas_simd_shift_imm()
* aspeed/smc: Fix DMA support for AST2600
* hw/arm/bcm283x: Correct the license text ('and' vs 'or')
----------------------------------------------------------------
Cédric Le Goater (1):
aspeed/smc: Fix DMA support for AST2600
Philippe Mathieu-Daudé (1):
hw/arm/bcm283x: Correct the license text
Richard Henderson (3):
target/arm: Rearrange disabled check for watchpoints
target/arm: Assert immh != 0 in disas_simd_shift_imm
target/arm: Move computation of index in handle_simd_dupe
include/hw/arm/bcm2835_peripherals.h | 3 ++-
include/hw/arm/bcm2836.h | 3 ++-
include/hw/char/bcm2835_aux.h | 3 ++-
include/hw/display/bcm2835_fb.h | 3 ++-
include/hw/dma/bcm2835_dma.h | 4 +++-
include/hw/intc/bcm2835_ic.h | 4 +++-
include/hw/intc/bcm2836_control.h | 3 ++-
include/hw/misc/bcm2835_mbox.h | 4 +++-
include/hw/misc/bcm2835_mbox_defs.h | 4 +++-
include/hw/misc/bcm2835_property.h | 4 +++-
hw/arm/aspeed_ast2600.c | 6 ++++++
hw/arm/bcm2835_peripherals.c | 3 ++-
hw/arm/bcm2836.c | 3 ++-
hw/arm/raspi.c | 3 ++-
hw/display/bcm2835_fb.c | 1 -
hw/dma/bcm2835_dma.c | 4 +++-
hw/intc/bcm2835_ic.c | 4 ++--
hw/intc/bcm2836_control.c | 4 +++-
hw/misc/bcm2835_mbox.c | 4 +++-
hw/misc/bcm2835_property.c | 4 +++-
hw/ssi/aspeed_smc.c | 15 +++++++++++++--
target/arm/helper.c | 11 ++++++-----
target/arm/translate-a64.c | 6 +++++-
hw/ssi/trace-events | 1 +
24 files changed, 76 insertions(+), 28 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PULL 1/5] hw/arm/bcm283x: Correct the license text
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
@ 2020-03-23 17:40 ` Peter Maydell
2020-03-23 17:40 ` [PULL 2/5] aspeed/smc: Fix DMA support for AST2600 Peter Maydell
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
From: Philippe Mathieu-Daudé <philmd@redhat.com>
The license is the 'GNU General Public License v2.0 or later',
not 'and':
This program is free software; you can redistribute it and/ori
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
Fix the license comment.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200312213455.15854-1-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/arm/bcm2835_peripherals.h | 3 ++-
include/hw/arm/bcm2836.h | 3 ++-
include/hw/char/bcm2835_aux.h | 3 ++-
include/hw/display/bcm2835_fb.h | 3 ++-
include/hw/dma/bcm2835_dma.h | 4 +++-
include/hw/intc/bcm2835_ic.h | 4 +++-
include/hw/intc/bcm2836_control.h | 3 ++-
include/hw/misc/bcm2835_mbox.h | 4 +++-
include/hw/misc/bcm2835_mbox_defs.h | 4 +++-
include/hw/misc/bcm2835_property.h | 4 +++-
hw/arm/bcm2835_peripherals.c | 3 ++-
hw/arm/bcm2836.c | 3 ++-
hw/arm/raspi.c | 3 ++-
hw/display/bcm2835_fb.c | 1 -
hw/dma/bcm2835_dma.c | 4 +++-
hw/intc/bcm2835_ic.c | 4 ++--
hw/intc/bcm2836_control.c | 4 +++-
hw/misc/bcm2835_mbox.c | 4 +++-
hw/misc/bcm2835_property.c | 4 +++-
19 files changed, 45 insertions(+), 20 deletions(-)
diff --git a/include/hw/arm/bcm2835_peripherals.h b/include/hw/arm/bcm2835_peripherals.h
index 7859281e11b..2e8655a7c2d 100644
--- a/include/hw/arm/bcm2835_peripherals.h
+++ b/include/hw/arm/bcm2835_peripherals.h
@@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_PERIPHERALS_H
diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index 92a6544816b..024af8aae4f 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2836_H
diff --git a/include/hw/char/bcm2835_aux.h b/include/hw/char/bcm2835_aux.h
index cdbf7e3e37e..934acf9c813 100644
--- a/include/hw/char/bcm2835_aux.h
+++ b/include/hw/char/bcm2835_aux.h
@@ -2,7 +2,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_AUX_H
diff --git a/include/hw/display/bcm2835_fb.h b/include/hw/display/bcm2835_fb.h
index 228988ba056..2246be74d83 100644
--- a/include/hw/display/bcm2835_fb.h
+++ b/include/hw/display/bcm2835_fb.h
@@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_FB_H
diff --git a/include/hw/dma/bcm2835_dma.h b/include/hw/dma/bcm2835_dma.h
index 91ed8d05d16..a6747842b76 100644
--- a/include/hw/dma/bcm2835_dma.h
+++ b/include/hw/dma/bcm2835_dma.h
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_DMA_H
diff --git a/include/hw/intc/bcm2835_ic.h b/include/hw/intc/bcm2835_ic.h
index fb75fa0064e..392ded1cb33 100644
--- a/include/hw/intc/bcm2835_ic.h
+++ b/include/hw/intc/bcm2835_ic.h
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_IC_H
diff --git a/include/hw/intc/bcm2836_control.h b/include/hw/intc/bcm2836_control.h
index de061b8929a..2c22405686b 100644
--- a/include/hw/intc/bcm2836_control.h
+++ b/include/hw/intc/bcm2836_control.h
@@ -8,7 +8,8 @@
* ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti
* Added basic IRQ_TIMER interrupt support
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2836_CONTROL_H
diff --git a/include/hw/misc/bcm2835_mbox.h b/include/hw/misc/bcm2835_mbox.h
index 7e8f3ce86de..57f95cc35ea 100644
--- a/include/hw/misc/bcm2835_mbox.h
+++ b/include/hw/misc/bcm2835_mbox.h
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_MBOX_H
diff --git a/include/hw/misc/bcm2835_mbox_defs.h b/include/hw/misc/bcm2835_mbox_defs.h
index a18e520b22f..9670bf33a03 100644
--- a/include/hw/misc/bcm2835_mbox_defs.h
+++ b/include/hw/misc/bcm2835_mbox_defs.h
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_MBOX_DEFS_H
diff --git a/include/hw/misc/bcm2835_property.h b/include/hw/misc/bcm2835_property.h
index 11be0dbeac7..b321f224990 100644
--- a/include/hw/misc/bcm2835_property.h
+++ b/include/hw/misc/bcm2835_property.h
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#ifndef BCM2835_PROPERTY_H
diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c
index 17207ae07e3..edcaa4916d0 100644
--- a/hw/arm/bcm2835_peripherals.c
+++ b/hw/arm/bcm2835_peripherals.c
@@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 38e2941baba..43022b83f5f 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -5,7 +5,8 @@
* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft
* Written by Andrew Baumann
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index acd2bb794d1..fe3b9bc78bb 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -8,7 +8,8 @@
* Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
* Upstream code cleanup (c) 2018 Pekka Enberg
*
- * This code is licensed under the GNU GPLv2 and later.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c
index d6bf3374a67..c6263808a27 100644
--- a/hw/display/bcm2835_fb.c
+++ b/hw/display/bcm2835_fb.c
@@ -1,7 +1,6 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.
- * This code is licensed under the GNU GPLv2 and later.
*
* Heavily based on milkymist-vgafb.c, copyright terms below:
* QEMU model of the Milkymist VGA framebuffer.
diff --git a/hw/dma/bcm2835_dma.c b/hw/dma/bcm2835_dma.c
index ccff5ed55b2..4cd9dab745a 100644
--- a/hw/dma/bcm2835_dma.c
+++ b/hw/dma/bcm2835_dma.c
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c
index 05bd28e4f9d..53ab8f58810 100644
--- a/hw/intc/bcm2835_ic.c
+++ b/hw/intc/bcm2835_ic.c
@@ -1,7 +1,6 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
* Refactoring for Pi2 Copyright (c) 2015, Microsoft. Written by Andrew Baumann.
- * This code is licensed under the GNU GPLv2 and later.
* Heavily based on pl190.c, copyright terms below:
*
* Arm PrimeCell PL190 Vector Interrupt Controller
@@ -9,7 +8,8 @@
* Copyright (c) 2006 CodeSourcery.
* Written by Paul Brook
*
- * This code is licensed under the GPL.
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c
index 61f884ff9e7..53dba0080ca 100644
--- a/hw/intc/bcm2836_control.c
+++ b/hw/intc/bcm2836_control.c
@@ -4,7 +4,6 @@
* Written by Andrew Baumann
*
* Based on bcm2835_ic.c (Raspberry Pi emulation) (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
*
* At present, only implements interrupt routing, and mailboxes (i.e.,
* not PMU interrupt, or AXI counters).
@@ -13,6 +12,9 @@
*
* Ref:
* https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/misc/bcm2835_mbox.c b/hw/misc/bcm2835_mbox.c
index 77d2d80706c..2afa06a7464 100644
--- a/hw/misc/bcm2835_mbox.c
+++ b/hw/misc/bcm2835_mbox.c
@@ -1,11 +1,13 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
*
* This file models the system mailboxes, which are used for
* communication with low-bandwidth GPU peripherals. Refs:
* https://github.com/raspberrypi/firmware/wiki/Mailboxes
* https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
index df91280dfcc..3e228ca0ae4 100644
--- a/hw/misc/bcm2835_property.c
+++ b/hw/misc/bcm2835_property.c
@@ -1,6 +1,8 @@
/*
* Raspberry Pi emulation (c) 2012 Gregory Estrade
- * This code is licensed under the GNU GPLv2 and later.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PULL 2/5] aspeed/smc: Fix DMA support for AST2600
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
2020-03-23 17:40 ` [PULL 1/5] hw/arm/bcm283x: Correct the license text Peter Maydell
@ 2020-03-23 17:40 ` Peter Maydell
2020-03-23 17:40 ` [PULL 3/5] target/arm: Rearrange disabled check for watchpoints Peter Maydell
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
From: Cédric Le Goater <clg@kaod.org>
Recent firmwares uses SPI DMA transfers in U-Boot to load the
different images (kernel, initrd, dtb) in the SoC DRAM. The AST2600
FMC model is missing the masks to be applied on the DMA registers
which resulted in incorrect values. Fix that and wire the SPI
controllers which have DMA support on the AST2600.
Fixes: bcaa8ddd081c ("aspeed/smc: Add AST2600 support")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20200320053923.20565-1-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/aspeed_ast2600.c | 6 ++++++
hw/ssi/aspeed_smc.c | 15 +++++++++++++--
hw/ssi/trace-events | 1 +
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 446b44d31cf..1a869e09b96 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -411,6 +411,12 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, Error **errp)
/* SPI */
for (i = 0; i < sc->spis_num; i++) {
+ object_property_set_link(OBJECT(&s->spi[i]), OBJECT(s->dram_mr),
+ "dram", &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
object_property_set_int(OBJECT(&s->spi[i]), 1, "num-cs", &err);
object_property_set_bool(OBJECT(&s->spi[i]), true, "realized",
&local_err);
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 9d5c696d5a1..2edccef2d54 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -364,6 +364,8 @@ static const AspeedSMCController controllers[] = {
.flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE,
.flash_window_size = 0x10000000,
.has_dma = true,
+ .dma_flash_mask = 0x0FFFFFFC,
+ .dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment,
@@ -379,7 +381,9 @@ static const AspeedSMCController controllers[] = {
.segments = aspeed_segments_ast2600_spi1,
.flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE,
.flash_window_size = 0x10000000,
- .has_dma = false,
+ .has_dma = true,
+ .dma_flash_mask = 0x0FFFFFFC,
+ .dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment,
@@ -395,7 +399,9 @@ static const AspeedSMCController controllers[] = {
.segments = aspeed_segments_ast2600_spi2,
.flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE,
.flash_window_size = 0x10000000,
- .has_dma = false,
+ .has_dma = true,
+ .dma_flash_mask = 0x0FFFFFFC,
+ .dma_dram_mask = 0x3FFFFFFC,
.nregs = ASPEED_SMC_R_MAX,
.segment_to_reg = aspeed_2600_smc_segment_to_reg,
.reg_to_segment = aspeed_2600_smc_reg_to_segment,
@@ -1135,6 +1141,11 @@ static void aspeed_smc_dma_rw(AspeedSMCState *s)
MemTxResult result;
uint32_t data;
+ trace_aspeed_smc_dma_rw(s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE ?
+ "write" : "read",
+ s->regs[R_DMA_FLASH_ADDR],
+ s->regs[R_DMA_DRAM_ADDR],
+ s->regs[R_DMA_LEN]);
while (s->regs[R_DMA_LEN]) {
if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) {
data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR],
diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events
index 0a70629801a..0ea498de910 100644
--- a/hw/ssi/trace-events
+++ b/hw/ssi/trace-events
@@ -6,5 +6,6 @@ aspeed_smc_do_snoop(int cs, int index, int dummies, int data) "CS%d index:0x%x d
aspeed_smc_flash_write(int cs, uint64_t addr, uint32_t size, uint64_t data, int mode) "CS%d @0x%" PRIx64 " size %u: 0x%" PRIx64" mode:%d"
aspeed_smc_read(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64
aspeed_smc_dma_checksum(uint32_t addr, uint32_t data) "0x%08x: 0x%08x"
+aspeed_smc_dma_rw(const char *dir, uint32_t flash_addr, uint32_t dram_addr, uint32_t size) "%s flash:@0x%08x dram:@0x%08x size:0x%08x"
aspeed_smc_write(uint64_t addr, uint32_t size, uint64_t data) "@0x%" PRIx64 " size %u: 0x%" PRIx64
aspeed_smc_flash_select(int cs, const char *prefix) "CS%d %sselect"
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PULL 3/5] target/arm: Rearrange disabled check for watchpoints
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
2020-03-23 17:40 ` [PULL 1/5] hw/arm/bcm283x: Correct the license text Peter Maydell
2020-03-23 17:40 ` [PULL 2/5] aspeed/smc: Fix DMA support for AST2600 Peter Maydell
@ 2020-03-23 17:40 ` Peter Maydell
2020-03-23 17:40 ` [PULL 4/5] target/arm: Assert immh != 0 in disas_simd_shift_imm Peter Maydell
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Coverity rightly notes that ctz32(bas) on 0 will return 32,
which makes the len calculation a BAD_SHIFT.
A value of 0 in DBGWCR<n>_EL1.BAS is reserved. Simply move
the existing check we have for this case.
Reported-by: Coverity (CID 1421964)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200320160622.8040-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d2ec2c53510..b7b6887241d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6340,17 +6340,18 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
int bas = extract64(wcr, 5, 8);
int basstart;
- if (bas == 0) {
- /* This must act as if the watchpoint is disabled */
- return;
- }
-
if (extract64(wvr, 2, 1)) {
/* Deprecated case of an only 4-aligned address. BAS[7:4] are
* ignored, and BAS[3:0] define which bytes to watch.
*/
bas &= 0xf;
}
+
+ if (bas == 0) {
+ /* This must act as if the watchpoint is disabled */
+ return;
+ }
+
/* The BAS bits are supposed to be programmed to indicate a contiguous
* range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
* we fire for each byte in the word/doubleword addressed by the WVR.
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PULL 4/5] target/arm: Assert immh != 0 in disas_simd_shift_imm
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2020-03-23 17:40 ` [PULL 3/5] target/arm: Rearrange disabled check for watchpoints Peter Maydell
@ 2020-03-23 17:40 ` Peter Maydell
2020-03-23 17:40 ` [PULL 5/5] target/arm: Move computation of index in handle_simd_dupe Peter Maydell
2020-03-23 20:54 ` [PULL 0/5] target-arm queue Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Coverity raised a shed-load of errors cascading from inferring
that clz32(immh) might yield 32, from immh might be 0.
While immh cannot be 0 from encoding, it is not obvious even to
a human how we've checked that: via the filtering provided by
data_proc_simd[].
Reported-by: Coverity (CID 1421923, and more)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200320160622.8040-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate-a64.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 8fffb52203d..032478614c4 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10405,6 +10405,9 @@ static void disas_simd_shift_imm(DisasContext *s, uint32_t insn)
bool is_u = extract32(insn, 29, 1);
bool is_q = extract32(insn, 30, 1);
+ /* data_proc_simd[] has sent immh == 0 to disas_simd_mod_imm. */
+ assert(immh != 0);
+
switch (opcode) {
case 0x08: /* SRI */
if (!is_u) {
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PULL 5/5] target/arm: Move computation of index in handle_simd_dupe
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2020-03-23 17:40 ` [PULL 4/5] target/arm: Assert immh != 0 in disas_simd_shift_imm Peter Maydell
@ 2020-03-23 17:40 ` Peter Maydell
2020-03-23 20:54 ` [PULL 0/5] target-arm queue Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 17:40 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Coverity reports a BAD_SHIFT with ctz32(imm5), with imm5 == 0.
This is an invalid encoding, but we diagnose that just below
by rejecting size > 3. Avoid the warning by sinking the
computation of index below the check.
Reported-by: Coverity (CID 1421965)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200320160622.8040-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate-a64.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 032478614c4..7580e463674 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7422,7 +7422,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
int imm5)
{
int size = ctz32(imm5);
- int index = imm5 >> (size + 1);
+ int index;
if (size > 3 || (size == 3 && !is_q)) {
unallocated_encoding(s);
@@ -7433,6 +7433,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
return;
}
+ index = imm5 >> (size + 1);
tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd),
vec_reg_offset(s, rn, index, size),
is_q ? 16 : 8, vec_full_reg_size(s));
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PULL 0/5] target-arm queue
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2020-03-23 17:40 ` [PULL 5/5] target/arm: Move computation of index in handle_simd_dupe Peter Maydell
@ 2020-03-23 20:54 ` Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2020-03-23 20:54 UTC (permalink / raw)
To: QEMU Developers
On Mon, 23 Mar 2020 at 17:40, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Just a few minor bugfixes, but we might as well get them in
> for rc0 tomorrow.
>
> -- PMM
>
> The following changes since commit 787f82407c5056a8b1097e39e53d01dd1abe406b:
>
> Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200323' into staging (2020-03-23 15:38:30 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200323
>
> for you to fetch changes up to 550a04893c2bd4442211b353680b9a6408d94dba:
>
> target/arm: Move computation of index in handle_simd_dupe (2020-03-23 17:22:30 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * target/arm: avoid undefined behaviour shift in watchpoint code
> * target/arm: avoid undefined behaviour shift in handle_simd_dupe()
> * target/arm: add assert that immh != 0 in disas_simd_shift_imm()
> * aspeed/smc: Fix DMA support for AST2600
> * hw/arm/bcm283x: Correct the license text ('and' vs 'or')
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-03-23 20:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-23 17:40 [PULL 0/5] target-arm queue Peter Maydell
2020-03-23 17:40 ` [PULL 1/5] hw/arm/bcm283x: Correct the license text Peter Maydell
2020-03-23 17:40 ` [PULL 2/5] aspeed/smc: Fix DMA support for AST2600 Peter Maydell
2020-03-23 17:40 ` [PULL 3/5] target/arm: Rearrange disabled check for watchpoints Peter Maydell
2020-03-23 17:40 ` [PULL 4/5] target/arm: Assert immh != 0 in disas_simd_shift_imm Peter Maydell
2020-03-23 17:40 ` [PULL 5/5] target/arm: Move computation of index in handle_simd_dupe Peter Maydell
2020-03-23 20:54 ` [PULL 0/5] target-arm queue Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).