qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PULL 00/14] target-arm queue
@ 2021-07-27 10:47 Peter Maydell
  2021-07-27 10:47 ` [PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid Peter Maydell
                   ` (14 more replies)
  0 siblings, 15 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

arm pullreq for rc1. All minor bugfixes, except for the sve-default-vector-length
patches, which are somewhere between a bugfix and a new feature.

thanks
-- PMM

The following changes since commit c08ccd1b53f488ac86c1f65cf7623dc91acc249a:

  Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210726' into staging (2021-07-27 08:35:01 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210727

for you to fetch changes up to e229a179a503f2aee43a76888cf12fbdfe8a3749:

  hw: aspeed_gpio: Fix memory size (2021-07-27 11:00:00 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/smmuv3: Check 31st bit to see if CD is valid
 * qemu-options.hx: Fix formatting of -machine memory-backend option
 * hw: aspeed_gpio: Fix memory size
 * hw/arm/nseries: Display hexadecimal value with '0x' prefix
 * Add sve-default-vector-length cpu property
 * docs: Update path that mentions deprecated.rst
 * hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
 * hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
 * hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
 * target/arm: Report M-profile alignment faults correctly to the guest
 * target/arm: Add missing 'return's after calling v7m_exception_taken()
 * target/arm: Enforce that M-profile SP low 2 bits are always zero

----------------------------------------------------------------
Joe Komlodi (1):
      hw/arm/smmuv3: Check 31st bit to see if CD is valid

Joel Stanley (1):
      hw: aspeed_gpio: Fix memory size

Mao Zhongyi (1):
      docs: Update path that mentions deprecated.rst

Peter Maydell (7):
      qemu-options.hx: Fix formatting of -machine memory-backend option
      target/arm: Enforce that M-profile SP low 2 bits are always zero
      target/arm: Add missing 'return's after calling v7m_exception_taken()
      target/arm: Report M-profile alignment faults correctly to the guest
      hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
      hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
      hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS

Philippe Mathieu-Daudé (1):
      hw/arm/nseries: Display hexadecimal value with '0x' prefix

Richard Henderson (3):
      target/arm: Correctly bound length in sve_zcr_get_valid_len
      target/arm: Export aarch64_sve_zcr_get_valid_len
      target/arm: Add sve-default-vector-length cpu property

 docs/system/arm/cpu-features.rst | 15 ++++++++++
 configure                        |  2 +-
 hw/arm/smmuv3-internal.h         |  2 +-
 target/arm/cpu.h                 |  5 ++++
 target/arm/internals.h           | 10 +++++++
 hw/arm/nseries.c                 |  2 +-
 hw/gpio/aspeed_gpio.c            |  3 +-
 hw/intc/armv7m_nvic.c            | 40 +++++++++++++++++++--------
 target/arm/cpu.c                 | 14 ++++++++--
 target/arm/cpu64.c               | 60 ++++++++++++++++++++++++++++++++++++++++
 target/arm/gdbstub.c             |  4 +++
 target/arm/helper.c              |  8 ++++--
 target/arm/m_helper.c            | 24 ++++++++++++----
 target/arm/translate.c           |  3 ++
 target/i386/cpu.c                |  2 +-
 MAINTAINERS                      |  2 +-
 qemu-options.hx                  | 30 +++++++++++---------
 17 files changed, 183 insertions(+), 43 deletions(-)


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 02/14] qemu-options.hx: Fix formatting of -machine memory-backend option Peter Maydell
                   ` (13 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

From: Joe Komlodi <joe.komlodi@xilinx.com>

The bit to see if a CD is valid is the last bit of the first word of the CD.

Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>
Message-id: 1626728232-134665-2-git-send-email-joe.komlodi@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3-internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 3dac5766ca3..d1885ae3f25 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -570,7 +570,7 @@ static inline int pa_range(STE *ste)
 
 /* CD fields */
 
-#define CD_VALID(x)   extract32((x)->word[0], 30, 1)
+#define CD_VALID(x)   extract32((x)->word[0], 31, 1)
 #define CD_ASID(x)    extract32((x)->word[1], 16, 16)
 #define CD_TTB(x, sel)                                      \
     ({                                                      \
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 02/14] qemu-options.hx: Fix formatting of -machine memory-backend option
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
  2021-07-27 10:47 ` [PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 03/14] target/arm: Enforce that M-profile SP low 2 bits are always zero Peter Maydell
                   ` (12 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

The documentation of the -machine memory-backend has some minor
formatting errors:
 * Misindentation of the initial line meant that the whole option
   section is incorrectly indented in the HTML output compared to
   the other -machine options
 * The examples weren't indented, which meant that they were formatted
   as plain run-on text including outputting the "::" as text.
 * The a) b) list has no rst-format markup so it is rendered as
   a single run-on paragraph

Fix the formatting.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210719105257.3599-1-peter.maydell@linaro.org
---
 qemu-options.hx | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 99ed5ec5f15..83aa59a920f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -98,28 +98,32 @@ SRST
         Enables or disables ACPI Heterogeneous Memory Attribute Table
         (HMAT) support. The default is off.
 
-     ``memory-backend='id'``
+    ``memory-backend='id'``
         An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options.
         Allows to use a memory backend as main RAM.
 
         For example:
         ::
-        -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
-        -machine memory-backend=pc.ram
-        -m 512M
+
+            -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
+            -machine memory-backend=pc.ram
+            -m 512M
 
         Migration compatibility note:
-        a) as backend id one shall use value of 'default-ram-id', advertised by
-        machine type (available via ``query-machines`` QMP command), if migration
-        to/from old QEMU (<5.0) is expected.
-        b) for machine types 4.0 and older, user shall
-        use ``x-use-canonical-path-for-ramblock-id=off`` backend option
-        if migration to/from old QEMU (<5.0) is expected.
+
+        * as backend id one shall use value of 'default-ram-id', advertised by
+          machine type (available via ``query-machines`` QMP command), if migration
+          to/from old QEMU (<5.0) is expected.
+        * for machine types 4.0 and older, user shall
+          use ``x-use-canonical-path-for-ramblock-id=off`` backend option
+          if migration to/from old QEMU (<5.0) is expected.
+
         For example:
         ::
-        -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
-        -machine memory-backend=pc.ram
-        -m 512M
+
+            -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
+            -machine memory-backend=pc.ram
+            -m 512M
 ERST
 
 HXCOMM Deprecated by -machine
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 03/14] target/arm: Enforce that M-profile SP low 2 bits are always zero
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
  2021-07-27 10:47 ` [PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid Peter Maydell
  2021-07-27 10:47 ` [PULL 02/14] qemu-options.hx: Fix formatting of -machine memory-backend option Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 04/14] target/arm: Add missing 'return's after calling v7m_exception_taken() Peter Maydell
                   ` (11 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

For M-profile, unlike A-profile, the low 2 bits of SP are defined to be
RES0H, which is to say that they must be hardwired to zero so that
guest attempts to write non-zero values to them are ignored.

Implement this behaviour by masking out the low bits:
 * for writes to r13 by the gdbstub
 * for writes to any of the various flavours of SP via MSR
 * for writes to r13 via store_reg() in generated code

Note that all the direct uses of cpu_R[] in translate.c are in places
where the register is definitely not r13 (usually because that has
been checked for as an UNDEFINED or UNPREDICTABLE case and handled as
UNDEF).

All the other writes to regs[13] in C code are either:
 * A-profile only code
 * writes of values we can guarantee to be aligned, such as
   - writes of previous-SP-value plus or minus a 4-aligned constant
   - writes of the value in an SP limit register (which we already
     enforce to be aligned)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-2-peter.maydell@linaro.org
---
 target/arm/gdbstub.c   |  4 ++++
 target/arm/m_helper.c  | 14 ++++++++------
 target/arm/translate.c |  3 +++
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index a8fff2a3d09..826601b3415 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -84,6 +84,10 @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
 
     if (n < 16) {
         /* Core integer register.  */
+        if (n == 13 && arm_feature(env, ARM_FEATURE_M)) {
+            /* M profile SP low bits are always 0 */
+            tmp &= ~3;
+        }
         env->regs[n] = tmp;
         return 4;
     }
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 7a1e35ab5b6..f9a9cb466c9 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2563,13 +2563,13 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
             if (!env->v7m.secure) {
                 return;
             }
-            env->v7m.other_ss_msp = val;
+            env->v7m.other_ss_msp = val & ~3;
             return;
         case 0x89: /* PSP_NS */
             if (!env->v7m.secure) {
                 return;
             }
-            env->v7m.other_ss_psp = val;
+            env->v7m.other_ss_psp = val & ~3;
             return;
         case 0x8a: /* MSPLIM_NS */
             if (!env->v7m.secure) {
@@ -2638,6 +2638,8 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
 
             limit = is_psp ? env->v7m.psplim[false] : env->v7m.msplim[false];
 
+            val &= ~0x3;
+
             if (val < limit) {
                 raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());
             }
@@ -2660,16 +2662,16 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
         break;
     case 8: /* MSP */
         if (v7m_using_psp(env)) {
-            env->v7m.other_sp = val;
+            env->v7m.other_sp = val & ~3;
         } else {
-            env->regs[13] = val;
+            env->regs[13] = val & ~3;
         }
         break;
     case 9: /* PSP */
         if (v7m_using_psp(env)) {
-            env->regs[13] = val;
+            env->regs[13] = val & ~3;
         } else {
-            env->v7m.other_sp = val;
+            env->v7m.other_sp = val & ~3;
         }
         break;
     case 10: /* MSPLIM */
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 351afa43a29..80c282669f0 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -291,6 +291,9 @@ void store_reg(DisasContext *s, int reg, TCGv_i32 var)
          */
         tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
         s->base.is_jmp = DISAS_JUMP;
+    } else if (reg == 13 && arm_dc_feature(s, ARM_FEATURE_M)) {
+        /* For M-profile SP bits [1:0] are always zero */
+        tcg_gen_andi_i32(var, var, ~3);
     }
     tcg_gen_mov_i32(cpu_R[reg], var);
     tcg_temp_free_i32(var);
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 04/14] target/arm: Add missing 'return's after calling v7m_exception_taken()
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (2 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 03/14] target/arm: Enforce that M-profile SP low 2 bits are always zero Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 05/14] target/arm: Report M-profile alignment faults correctly to the guest Peter Maydell
                   ` (10 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

In do_v7m_exception_exit(), we perform various checks as part of
performing the exception return.  If one of these checks fails, the
architecture requires that we take an appropriate exception on the
existing stackframe.  We implement this by calling
v7m_exception_taken() to set up to take the new exception, and then
immediately returning from do_v7m_exception_exit() without proceeding
any further with the unstack-and-exception-return process.

In a couple of checks that are new in v8.1M, we forgot the "return"
statement, with the effect that if bad code in the guest tripped over
these checks we would set up to take a UsageFault exception but then
blunder on trying to also unstack and return from the original
exception, with the probable result that the guest would crash.

Add the missing return statements.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-3-peter.maydell@linaro.org
---
 target/arm/m_helper.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index f9a9cb466c9..f352346a964 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -1554,6 +1554,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
                     qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
                         "stackframe: NSACR prevents clearing FPU registers\n");
                     v7m_exception_taken(cpu, excret, true, false);
+                    return;
                 } else if (!cpacr_pass) {
                     armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
                                             exc_secure);
@@ -1561,6 +1562,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
                     qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
                         "stackframe: CPACR prevents clearing FPU registers\n");
                     v7m_exception_taken(cpu, excret, true, false);
+                    return;
                 }
             }
             /* Clear s0..s15, FPSCR and VPR */
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 05/14] target/arm: Report M-profile alignment faults correctly to the guest
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (3 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 04/14] target/arm: Add missing 'return's after calling v7m_exception_taken() Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 06/14] hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts Peter Maydell
                   ` (9 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

For M-profile, we weren't reporting alignment faults triggered by the
generic TCG code correctly to the guest.  These get passed into
arm_v7m_cpu_do_interrupt() as an EXCP_DATA_ABORT with an A-profile
style exception.fsr value of 1.  We didn't check for this, and so
they fell through into the default of "assume this is an MPU fault"
and were reported to the guest as a data access violation MPU fault.

Report these alignment faults as UsageFaults which set the UNALIGNED
bit in the UFSR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-4-peter.maydell@linaro.org
---
 target/arm/m_helper.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index f352346a964..20761c94877 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2248,6 +2248,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
         env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
         break;
     case EXCP_UNALIGNED:
+        /* Unaligned faults reported by M-profile aware code */
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
         env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;
         break;
@@ -2320,6 +2321,13 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
             }
             armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
             break;
+        case 0x1: /* Alignment fault reported by generic code */
+            qemu_log_mask(CPU_LOG_INT,
+                          "...really UsageFault with UFSR.UNALIGNED\n");
+            env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;
+            armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
+                                    env->v7m.secure);
+            break;
         default:
             /*
              * All other FSR values are either MPU faults or "can't happen
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 06/14] hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (4 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 05/14] target/arm: Report M-profile alignment faults correctly to the guest Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 07/14] hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING Peter Maydell
                   ` (8 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

The ISCR.ISRPENDING bit is set when an external interrupt is pending.
This is true whether that external interrupt is enabled or not.
This means that we can't use 's->vectpending == 0' as a shortcut to
"ISRPENDING is zero", because s->vectpending indicates only the
highest priority pending enabled interrupt.

Remove the incorrect optimization so that if there is no pending
enabled interrupt we fall through to scanning through the whole
interrupt array.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-5-peter.maydell@linaro.org
---
 hw/intc/armv7m_nvic.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 94fe00235af..2aba2136822 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -127,15 +127,14 @@ static bool nvic_isrpending(NVICState *s)
 {
     int irq;
 
-    /* We can shortcut if the highest priority pending interrupt
-     * happens to be external or if there is nothing pending.
+    /*
+     * We can shortcut if the highest priority pending interrupt
+     * happens to be external; if not we need to check the whole
+     * vectors[] array.
      */
     if (s->vectpending > NVIC_FIRST_IRQ) {
         return true;
     }
-    if (s->vectpending == 0) {
-        return false;
-    }
 
     for (irq = NVIC_FIRST_IRQ; irq < s->num_irq; irq++) {
         if (s->vectors[irq].pending) {
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 07/14] hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (5 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 06/14] hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 08/14] hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS Peter Maydell
                   ` (7 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

The VECTPENDING field in the ICSR is 9 bits wide, in bits [20:12] of
the register.  We were incorrectly masking it to 8 bits, so it would
report the wrong value if the pending exception was greater than 256.
Fix the bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-6-peter.maydell@linaro.org
---
 hw/intc/armv7m_nvic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 2aba2136822..c9149a3b221 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1039,7 +1039,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
         /* VECTACTIVE */
         val = cpu->env.v7m.exception;
         /* VECTPENDING */
-        val |= (s->vectpending & 0xff) << 12;
+        val |= (s->vectpending & 0x1ff) << 12;
         /* ISRPENDING - set if any external IRQ is pending */
         if (nvic_isrpending(s)) {
             val |= (1 << 22);
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 08/14] hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (6 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 07/14] hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 09/14] docs: Update path that mentions deprecated.rst Peter Maydell
                   ` (6 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

In Arm v8.1M the VECTPENDING field in the ICSR has new behaviour: if
the register is accessed NonSecure and the highest priority pending
enabled exception (that would be returned in the VECTPENDING field)
targets Secure, then the VECTPENDING field must read 1 rather than
the exception number of the pending exception. Implement this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-7-peter.maydell@linaro.org
---
 hw/intc/armv7m_nvic.c | 31 ++++++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index c9149a3b221..1e7ddcb94cb 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -804,6 +804,16 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
     nvic_irq_update(s);
 }
 
+static bool vectpending_targets_secure(NVICState *s)
+{
+    /* Return true if s->vectpending targets Secure state */
+    if (s->vectpending_is_s_banked) {
+        return true;
+    }
+    return !exc_is_banked(s->vectpending) &&
+        exc_targets_secure(s, s->vectpending);
+}
+
 void armv7m_nvic_get_pending_irq_info(void *opaque,
                                       int *pirq, bool *ptargets_secure)
 {
@@ -813,12 +823,7 @@ void armv7m_nvic_get_pending_irq_info(void *opaque,
 
     assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
 
-    if (s->vectpending_is_s_banked) {
-        targets_secure = true;
-    } else {
-        targets_secure = !exc_is_banked(pending) &&
-            exc_targets_secure(s, pending);
-    }
+    targets_secure = vectpending_targets_secure(s);
 
     trace_nvic_get_pending_irq_info(pending, targets_secure);
 
@@ -1039,7 +1044,19 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
         /* VECTACTIVE */
         val = cpu->env.v7m.exception;
         /* VECTPENDING */
-        val |= (s->vectpending & 0x1ff) << 12;
+        if (s->vectpending) {
+            /*
+             * From v8.1M VECTPENDING must read as 1 if accessed as
+             * NonSecure and the highest priority pending and enabled
+             * exception targets Secure.
+             */
+            int vp = s->vectpending;
+            if (!attrs.secure && arm_feature(&cpu->env, ARM_FEATURE_V8_1M) &&
+                vectpending_targets_secure(s)) {
+                vp = 1;
+            }
+            val |= (vp & 0x1ff) << 12;
+        }
         /* ISRPENDING - set if any external IRQ is pending */
         if (nvic_isrpending(s)) {
             val |= (1 << 22);
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 09/14] docs: Update path that mentions deprecated.rst
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (7 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 08/14] hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 10/14] target/arm: Correctly bound length in sve_zcr_get_valid_len Peter Maydell
                   ` (5 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>

Missed in commit f3478392 "docs: Move deprecation, build
and license info out of system/"

Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723065828.1336760-1-maozhongyi@cmss.chinamobile.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 configure         | 2 +-
 target/i386/cpu.c | 2 +-
 MAINTAINERS       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 69cef688612..79e2ddc74e0 100755
--- a/configure
+++ b/configure
@@ -5230,7 +5230,7 @@ fi
 
 if test -n "${deprecated_features}"; then
     echo "Warning, deprecated features enabled."
-    echo "Please see docs/system/deprecated.rst"
+    echo "Please see docs/about/deprecated.rst"
     echo "  features: ${deprecated_features}"
 fi
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index edb97ebbbee..34a7ce865bb 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4110,7 +4110,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
  * none", but this is just for compatibility while libvirt isn't
  * adapted to resolve CPU model versions before creating VMs.
  * See "Runnability guarantee of CPU models" at
- * docs/system/deprecated.rst.
+ * docs/about/deprecated.rst.
  */
 X86CPUVersion default_cpu_version = 1;
 
diff --git a/MAINTAINERS b/MAINTAINERS
index 445f7fe2d19..42ac45c3e50 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3439,7 +3439,7 @@ F: contrib/gitdm/*
 
 Incompatible changes
 R: libvir-list@redhat.com
-F: docs/system/deprecated.rst
+F: docs/about/deprecated.rst
 
 Build System
 ------------
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 10/14] target/arm: Correctly bound length in sve_zcr_get_valid_len
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (8 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 09/14] docs: Update path that mentions deprecated.rst Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 11/14] target/arm: Export aarch64_sve_zcr_get_valid_len Peter Maydell
                   ` (4 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

From: Richard Henderson <richard.henderson@linaro.org>

Currently, our only caller is sve_zcr_len_for_el, which has
already masked the length extracted from ZCR_ELx, so the
masking done here is a nop.  But we will shortly have uses
from other locations, where the length will be unmasked.

Saturate the length to ARM_MAX_VQ instead of truncating to
the low 4 bits.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0c07ca98376..8c1d8dbce36 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6461,7 +6461,9 @@ static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
 {
     uint32_t end_len;
 
-    end_len = start_len &= 0xf;
+    start_len = MIN(start_len, ARM_MAX_VQ - 1);
+    end_len = start_len;
+
     if (!test_bit(start_len, cpu->sve_vq_map)) {
         end_len = find_last_bit(cpu->sve_vq_map, start_len);
         assert(end_len < start_len);
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 11/14] target/arm: Export aarch64_sve_zcr_get_valid_len
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (9 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 10/14] target/arm: Correctly bound length in sve_zcr_get_valid_len Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:47 ` [PULL 12/14] target/arm: Add sve-default-vector-length cpu property Peter Maydell
                   ` (3 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

From: Richard Henderson <richard.henderson@linaro.org>

Rename from sve_zcr_get_valid_len and make accessible
from outside of helper.c.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h | 10 ++++++++++
 target/arm/helper.c    |  4 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 11a72013f51..cd2ea8a3883 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -177,6 +177,16 @@ void arm_translate_init(void);
 void arm_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb);
 #endif /* CONFIG_TCG */
 
+/**
+ * aarch64_sve_zcr_get_valid_len:
+ * @cpu: cpu context
+ * @start_len: maximum len to consider
+ *
+ * Return the maximum supported sve vector length <= @start_len.
+ * Note that both @start_len and the return value are in units
+ * of ZCR_ELx.LEN, so the vector bit length is (x + 1) * 128.
+ */
+uint32_t aarch64_sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len);
 
 enum arm_fprounding {
     FPROUNDING_TIEEVEN,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8c1d8dbce36..155d8bf2399 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6457,7 +6457,7 @@ int sve_exception_el(CPUARMState *env, int el)
     return 0;
 }
 
-static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
+uint32_t aarch64_sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
 {
     uint32_t end_len;
 
@@ -6489,7 +6489,7 @@ uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
         zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
     }
 
-    return sve_zcr_get_valid_len(cpu, zcr_len);
+    return aarch64_sve_zcr_get_valid_len(cpu, zcr_len);
 }
 
 static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 12/14] target/arm: Add sve-default-vector-length cpu property
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (10 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 11/14] target/arm: Export aarch64_sve_zcr_get_valid_len Peter Maydell
@ 2021-07-27 10:47 ` Peter Maydell
  2021-07-27 10:48 ` [PULL 13/14] hw/arm/nseries: Display hexadecimal value with '0x' prefix Peter Maydell
                   ` (2 subsequent siblings)
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:47 UTC (permalink / raw)
  To: qemu-devel

From: Richard Henderson <richard.henderson@linaro.org>

Mirror the behavour of /proc/sys/abi/sve_default_vector_length
under the real linux kernel.  We have no way of passing along
a real default across exec like the kernel can, but this is a
decent way of adjusting the startup vector length of a process.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/482
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-4-richard.henderson@linaro.org
[PMM: tweaked docs formatting, document -1 special-case,
 added fixup patch from RTH mentioning QEMU's maximum veclen.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/system/arm/cpu-features.rst | 15 ++++++++
 target/arm/cpu.h                 |  5 +++
 target/arm/cpu.c                 | 14 ++++++--
 target/arm/cpu64.c               | 60 ++++++++++++++++++++++++++++++++
 4 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index c455442eaf5..11dce5c6037 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -376,3 +376,18 @@ verbose command lines.  However, the recommended way to select vector
 lengths is to explicitly enable each desired length.  Therefore only
 example's (1), (4), and (6) exhibit recommended uses of the properties.
 
+SVE User-mode Default Vector Length Property
+--------------------------------------------
+
+For qemu-aarch64, the cpu property ``sve-default-vector-length=N`` is
+defined to mirror the Linux kernel parameter file
+``/proc/sys/abi/sve_default_vector_length``.  The default length, ``N``,
+is in units of bytes and must be between 16 and 8192.
+If not specified, the default vector length is 64.
+
+If the default length is larger than the maximum vector length enabled,
+the actual vector length will be reduced.  Note that the maximum vector
+length supported by QEMU is 256.
+
+If this property is set to ``-1`` then the default vector length
+is set to the maximum possible length.
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index be9a4dceae1..9f0a5f84d50 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1006,6 +1006,11 @@ struct ARMCPU {
     /* Used to set the maximum vector length the cpu will support.  */
     uint32_t sve_max_vq;
 
+#ifdef CONFIG_USER_ONLY
+    /* Used to set the default vector length at process start. */
+    uint32_t sve_default_vq;
+#endif
+
     /*
      * In sve_vq_map each set bit is a supported vector length of
      * (bit-number + 1) * 16 bytes, i.e. each bit number + 1 is the vector
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 752b15bb797..2866dd76588 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -201,7 +201,8 @@ static void arm_cpu_reset(DeviceState *dev)
         env->cp15.cpacr_el1 = deposit64(env->cp15.cpacr_el1, 16, 2, 3);
         /* with reasonable vector length */
         if (cpu_isar_feature(aa64_sve, cpu)) {
-            env->vfp.zcr_el[1] = MIN(cpu->sve_max_vq - 1, 3);
+            env->vfp.zcr_el[1] =
+                aarch64_sve_zcr_get_valid_len(cpu, cpu->sve_default_vq - 1);
         }
         /*
          * Enable TBI0 but not TBI1.
@@ -1051,7 +1052,16 @@ static void arm_cpu_initfn(Object *obj)
     QLIST_INIT(&cpu->pre_el_change_hooks);
     QLIST_INIT(&cpu->el_change_hooks);
 
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_USER_ONLY
+# ifdef TARGET_AARCH64
+    /*
+     * The linux kernel defaults to 512-bit vectors, when sve is supported.
+     * See documentation for /proc/sys/abi/sve_default_vector_length, and
+     * our corresponding sve-default-vector-length cpu property.
+     */
+    cpu->sve_default_vq = 4;
+# endif
+#else
     /* Our inbound IRQ and FIQ lines */
     if (kvm_enabled()) {
         /* VIRQ and VFIQ are unused with KVM but we add them to maintain
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index c7a1626bec2..c690318a9b6 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -559,6 +559,59 @@ static void cpu_arm_set_sve(Object *obj, bool value, Error **errp)
     cpu->isar.id_aa64pfr0 = t;
 }
 
+#ifdef CONFIG_USER_ONLY
+/* Mirror linux /proc/sys/abi/sve_default_vector_length. */
+static void cpu_arm_set_sve_default_vec_len(Object *obj, Visitor *v,
+                                            const char *name, void *opaque,
+                                            Error **errp)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+    int32_t default_len, default_vq, remainder;
+
+    if (!visit_type_int32(v, name, &default_len, errp)) {
+        return;
+    }
+
+    /* Undocumented, but the kernel allows -1 to indicate "maximum". */
+    if (default_len == -1) {
+        cpu->sve_default_vq = ARM_MAX_VQ;
+        return;
+    }
+
+    default_vq = default_len / 16;
+    remainder = default_len % 16;
+
+    /*
+     * Note that the 512 max comes from include/uapi/asm/sve_context.h
+     * and is the maximum architectural width of ZCR_ELx.LEN.
+     */
+    if (remainder || default_vq < 1 || default_vq > 512) {
+        error_setg(errp, "cannot set sve-default-vector-length");
+        if (remainder) {
+            error_append_hint(errp, "Vector length not a multiple of 16\n");
+        } else if (default_vq < 1) {
+            error_append_hint(errp, "Vector length smaller than 16\n");
+        } else {
+            error_append_hint(errp, "Vector length larger than %d\n",
+                              512 * 16);
+        }
+        return;
+    }
+
+    cpu->sve_default_vq = default_vq;
+}
+
+static void cpu_arm_get_sve_default_vec_len(Object *obj, Visitor *v,
+                                            const char *name, void *opaque,
+                                            Error **errp)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+    int32_t value = cpu->sve_default_vq * 16;
+
+    visit_type_int32(v, name, &value, errp);
+}
+#endif
+
 void aarch64_add_sve_properties(Object *obj)
 {
     uint32_t vq;
@@ -571,6 +624,13 @@ void aarch64_add_sve_properties(Object *obj)
         object_property_add(obj, name, "bool", cpu_arm_get_sve_vq,
                             cpu_arm_set_sve_vq, NULL, NULL);
     }
+
+#ifdef CONFIG_USER_ONLY
+    /* Mirror linux /proc/sys/abi/sve_default_vector_length. */
+    object_property_add(obj, "sve-default-vector-length", "int32",
+                        cpu_arm_get_sve_default_vec_len,
+                        cpu_arm_set_sve_default_vec_len, NULL, NULL);
+#endif
 }
 
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 13/14] hw/arm/nseries: Display hexadecimal value with '0x' prefix
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (11 preceding siblings ...)
  2021-07-27 10:47 ` [PULL 12/14] target/arm: Add sve-default-vector-length cpu property Peter Maydell
@ 2021-07-27 10:48 ` Peter Maydell
  2021-07-27 10:48 ` [PULL 14/14] hw: aspeed_gpio: Fix memory size Peter Maydell
  2021-07-27 17:05 ` [PULL 00/14] target-arm queue Peter Maydell
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:48 UTC (permalink / raw)
  To: qemu-devel

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210726150953.1218690-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/nseries.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index 906c915df78..af3164c5519 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -692,7 +692,7 @@ static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int len)
     default:
     bad_cmd:
         qemu_log_mask(LOG_GUEST_ERROR,
-                      "%s: unknown command %02x\n", __func__, s->cmd);
+                      "%s: unknown command 0x%02x\n", __func__, s->cmd);
         break;
     }
 
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [PULL 14/14] hw: aspeed_gpio: Fix memory size
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (12 preceding siblings ...)
  2021-07-27 10:48 ` [PULL 13/14] hw/arm/nseries: Display hexadecimal value with '0x' prefix Peter Maydell
@ 2021-07-27 10:48 ` Peter Maydell
  2021-07-27 17:05 ` [PULL 00/14] target-arm queue Peter Maydell
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 10:48 UTC (permalink / raw)
  To: qemu-devel

From: Joel Stanley <joel@jms.id.au>

The macro used to calculate the maximum memory size of the MMIO region
had a mistake, causing all GPIO models to create a mapping of 0x9D8.
The intent was to have it be 0x9D8 - 0x800.

This extra size doesn't matter on ast2400 and ast2500, which have a 4KB
region set aside for the GPIO controller.

On the ast2600 the 3.3V and 1.8V GPIO controllers are 2KB apart, so the
regions would overlap. Worse was the 1.8V controller would map over the
top of the following peripheral, which happens to be the RTC.

The mmio region used by each device is a maximum of 2KB, so avoid the
calculations and hard code this as the maximum.

Fixes: 36d737ee82b2 ("hw/gpio: Add in AST2600 specific implementation")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Rashmica Gupta <rashmica.g@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20210713065854.134634-2-joel@jms.id.au
[PMM: fix autocorrect error in commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/gpio/aspeed_gpio.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
index 6ae0116be70..b3dec444800 100644
--- a/hw/gpio/aspeed_gpio.c
+++ b/hw/gpio/aspeed_gpio.c
@@ -207,7 +207,6 @@
 #define GPIO_1_8V_MEM_SIZE            0x9D8
 #define GPIO_1_8V_REG_ARRAY_SIZE      ((GPIO_1_8V_MEM_SIZE - \
                                       GPIO_1_8V_REG_OFFSET) >> 2)
-#define GPIO_MAX_MEM_SIZE           MAX(GPIO_3_6V_MEM_SIZE, GPIO_1_8V_MEM_SIZE)
 
 static int aspeed_evaluate_irq(GPIOSets *regs, int gpio_prev_high, int gpio)
 {
@@ -849,7 +848,7 @@ static void aspeed_gpio_realize(DeviceState *dev, Error **errp)
     }
 
     memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_gpio_ops, s,
-            TYPE_ASPEED_GPIO, GPIO_MAX_MEM_SIZE);
+            TYPE_ASPEED_GPIO, 0x800);
 
     sysbus_init_mmio(sbd, &s->iomem);
 }
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 16+ messages in thread

* Re: [PULL 00/14] target-arm queue
  2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
                   ` (13 preceding siblings ...)
  2021-07-27 10:48 ` [PULL 14/14] hw: aspeed_gpio: Fix memory size Peter Maydell
@ 2021-07-27 17:05 ` Peter Maydell
  14 siblings, 0 replies; 16+ messages in thread
From: Peter Maydell @ 2021-07-27 17:05 UTC (permalink / raw)
  To: QEMU Developers

On Tue, 27 Jul 2021 at 11:48, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> arm pullreq for rc1. All minor bugfixes, except for the sve-default-vector-length
> patches, which are somewhere between a bugfix and a new feature.
>
> thanks
> -- PMM
>
> The following changes since commit c08ccd1b53f488ac86c1f65cf7623dc91acc249a:
>
>   Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210726' into staging (2021-07-27 08:35:01 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210727
>
> for you to fetch changes up to e229a179a503f2aee43a76888cf12fbdfe8a3749:
>
>   hw: aspeed_gpio: Fix memory size (2021-07-27 11:00:00 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * hw/arm/smmuv3: Check 31st bit to see if CD is valid
>  * qemu-options.hx: Fix formatting of -machine memory-backend option
>  * hw: aspeed_gpio: Fix memory size
>  * hw/arm/nseries: Display hexadecimal value with '0x' prefix
>  * Add sve-default-vector-length cpu property
>  * docs: Update path that mentions deprecated.rst
>  * hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
>  * hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
>  * hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
>  * target/arm: Report M-profile alignment faults correctly to the guest
>  * target/arm: Add missing 'return's after calling v7m_exception_taken()
>  * target/arm: Enforce that M-profile SP low 2 bits are always zero
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.1
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2021-07-27 17:11 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-27 10:47 [PULL 00/14] target-arm queue Peter Maydell
2021-07-27 10:47 ` [PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid Peter Maydell
2021-07-27 10:47 ` [PULL 02/14] qemu-options.hx: Fix formatting of -machine memory-backend option Peter Maydell
2021-07-27 10:47 ` [PULL 03/14] target/arm: Enforce that M-profile SP low 2 bits are always zero Peter Maydell
2021-07-27 10:47 ` [PULL 04/14] target/arm: Add missing 'return's after calling v7m_exception_taken() Peter Maydell
2021-07-27 10:47 ` [PULL 05/14] target/arm: Report M-profile alignment faults correctly to the guest Peter Maydell
2021-07-27 10:47 ` [PULL 06/14] hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts Peter Maydell
2021-07-27 10:47 ` [PULL 07/14] hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING Peter Maydell
2021-07-27 10:47 ` [PULL 08/14] hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS Peter Maydell
2021-07-27 10:47 ` [PULL 09/14] docs: Update path that mentions deprecated.rst Peter Maydell
2021-07-27 10:47 ` [PULL 10/14] target/arm: Correctly bound length in sve_zcr_get_valid_len Peter Maydell
2021-07-27 10:47 ` [PULL 11/14] target/arm: Export aarch64_sve_zcr_get_valid_len Peter Maydell
2021-07-27 10:47 ` [PULL 12/14] target/arm: Add sve-default-vector-length cpu property Peter Maydell
2021-07-27 10:48 ` [PULL 13/14] hw/arm/nseries: Display hexadecimal value with '0x' prefix Peter Maydell
2021-07-27 10:48 ` [PULL 14/14] hw: aspeed_gpio: Fix memory size Peter Maydell
2021-07-27 17:05 ` [PULL 00/14] target-arm queue Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).