Handful of bugfixes for rc2. None of these are particularly critical

or exciting.

The following changes since commit 45a150aa2b3492acf6691c7bdbeb25a8545d8345:

Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-08-03' into staging (2020-08-03 15:13:49 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200803

for you to fetch changes up to 13557fd392890cbd985bceba7f717e01efd674b8:

hw/timer/imx_epit: Avoid assertion when CR.SWR is written (2020-08-03 17:56:11 +0100)

* hw/timer/imx_epit: Avoid assertion when CR.SWR is written

* netduino2, netduinoplus2, microbit: set system_clock_scale so that

SysTick running on the CPU clock works

* target/arm: Avoid maybe-uninitialized warning with gcc 4.9

* target/arm: Fix AddPAC error indication

* Make AIRCR.SYSRESETREQ actually reset the system for the

microbit, mps2-*, musca-*, netduino* boards

Kaige Li (1):

target/arm: Avoid maybe-uninitialized warning with gcc 4.9

Peter Maydell (6):

hw/arm/netduino2, netduinoplus2: Set system_clock_scale

include/hw/irq.h: New function qemu_irq_is_connected()

hw/intc/armv7m_nvic: Provide default "reset the system" behaviour for SYSRESETREQ

msf2-soc, stellaris: Don't wire up SYSRESETREQ

hw/arm/nrf51_soc: Set system_clock_scale

hw/timer/imx_epit: Avoid assertion when CR.SWR is written

Richard Henderson (1):

target/arm: Fix AddPAC error indication

include/hw/arm/armv7m.h | 4 +++-

include/hw/irq.h | 18 ++++++++++++++++++

hw/arm/msf2-soc.c | 11 -----------

hw/arm/netduino2.c | 10 ++++++++++

hw/arm/netduinoplus2.c | 10 ++++++++++

hw/arm/nrf51_soc.c | 5 +++++

hw/arm/stellaris.c | 12 ------------

hw/intc/armv7m_nvic.c | 17 ++++++++++++++++-

hw/timer/imx_epit.c | 13 ++++++++++---

target/arm/pauth_helper.c | 6 +++++-

target/arm/translate-a64.c | 2 +-

tests/tcg/aarch64/pauth-5.c | 33 +++++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 2 +-

13 files changed, 112 insertions(+), 31 deletions(-)

create mode 100644 tests/tcg/aarch64/pauth-5.c

The MSF2 SoC model and the Stellaris board code both wire

SYSRESETREQ up to a function that just invokes

qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

This is now the default action that the NVIC does if the line is

not connected, so we can delete the handling code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Message-id: 20200728103744.6909-4-peter.maydell@linaro.org

---

hw/arm/msf2-soc.c | 11 -----------

hw/arm/stellaris.c | 12 ------------

2 files changed, 23 deletions(-)

diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c

--- a/hw/arm/msf2-soc.c

+++ b/hw/arm/msf2-soc.c

@@ -XXX,XX +XXX,XX @@

#include "hw/irq.h"

#include "hw/arm/msf2-soc.h"

#include "hw/misc/unimp.h"

-#include "sysemu/runstate.h"

#include "sysemu/sysemu.h"

#define MSF2_TIMER_BASE 0x40004000

@@ -XXX,XX +XXX,XX @@ static const int spi_irq[MSF2_NUM_SPIS] = { 2, 3 };

static const int uart_irq[MSF2_NUM_UARTS] = { 10, 11 };

static const int timer_irq[MSF2_NUM_TIMERS] = { 14, 15 };

-static void do_sys_reset(void *opaque, int n, int level)

-{

- if (level) {

- qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

- }

-}

-

static void m2sxxx_soc_initfn(Object *obj)

MSF2State *s = MSF2_SOC(obj);

@@ -XXX,XX +XXX,XX @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, Error **errp)

- qdev_connect_gpio_out_named(DEVICE(&s->armv7m.nvic), "SYSRESETREQ", 0,

- qemu_allocate_irq(&do_sys_reset, NULL, 0));

-

system_clock_scale = NANOSECONDS_PER_SECOND / s->m3clk;

for (i = 0; i < MSF2_NUM_UARTS; i++) {

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c

--- a/hw/arm/stellaris.c

+++ b/hw/arm/stellaris.c

@@ -XXX,XX +XXX,XX @@

#include "hw/boards.h"

#include "qemu/log.h"

#include "exec/address-spaces.h"

-#include "sysemu/runstate.h"

#include "sysemu/sysemu.h"

#include "hw/arm/armv7m.h"

#include "hw/char/pl011.h"

@@ -XXX,XX +XXX,XX @@ static void stellaris_adc_init(Object *obj)

qdev_init_gpio_in(dev, stellaris_adc_trigger, 1);

2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The definition of top_bit used in this function is one higher

than that used in the Arm ARM psuedo-code, which put the error

indication at top_bit - 1 at the wrong place, which meant that

it wasn't visible to Auth.

Fixing the definition of top_bit requires more changes, because

its most common use is for the count of bits in top_bit:bot_bit,

which would then need to be computed as top_bit - bot_bit + 1.

For now, prefer the minimal fix to the error indication alone.

Fixes: 63ff0ca94cb

Reported-by: Derrick McKee <derrick.mckee@gmail.com>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20200728195706.11087-1-richard.henderson@linaro.org

[PMM: added comment about the divergence from the pseudocode]

target/arm/pauth_helper.c | 6 +++++-

tests/tcg/aarch64/pauth-5.c | 33 +++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 2 +-

3 files changed, 39 insertions(+), 2 deletions(-)

create mode 100644 tests/tcg/aarch64/pauth-5.c

diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c

--- a/target/arm/pauth_helper.c

+++ b/target/arm/pauth_helper.c

@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,

*/

test = sextract64(ptr, bot_bit, top_bit - bot_bit);

if (test != 0 && test != -1) {

- pac ^= MAKE_64BIT_MASK(top_bit - 1, 1);

+ /*

+ * Note that our top_bit is one greater than the pseudocode's

+ * version, hence "- 2" here.

+ */

+ pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);

}

/*

diff --git a/tests/tcg/aarch64/pauth-5.c b/tests/tcg/aarch64/pauth-5.c

+++ b/tests/tcg/aarch64/pauth-5.c

+#include <assert.h>

+static int x;

+int main()

+{

+ int *p0 = &x, *p1, *p2, *p3;

+ unsigned long salt = 0;

+ /*

+ * With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so

+ * a 1/128 chance of auth = pac(ptr,key,salt) producing zero.

+ * Find a salt that creates auth != 0.

+ */

+ do {

+ salt++;

+ asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));

+ } while (p0 == p1);

+ /*

+ * This pac must fail, because the input pointer bears an encryption,

+ * and so is not properly extended within bits [55:47]. This will

+ * toggle bit 54 in the output...

+ */

+ asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));

+ /* ... so that the aut must fail, setting bit 53 in the output ... */

+ asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));

+ /* ... which means this equality must not hold. */

+ assert(p3 != p0);

+ return 0;

diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target

index XXXXXXX..XXXXXXX 100644

--- a/tests/tcg/aarch64/Makefile.target

+++ b/tests/tcg/aarch64/Makefile.target

@@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt

# Pauth Tests

ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_3),)

-AARCH64_TESTS += pauth-1 pauth-2 pauth-4

+AARCH64_TESTS += pauth-1 pauth-2 pauth-4 pauth-5

pauth-%: CFLAGS += -march=armv8.3-a

run-pauth-%: QEMU_OPTS += -cpu max

run-plugin-pauth-%: QEMU_OPTS += -cpu max

2.20.1

From: Kaige Li <likaige@loongson.cn>

GCC version 4.9.4 isn't clever enough to figure out that all

execution paths in disas_ldst() that use 'fn' will have initialized

it first, and so it warns:

/home/LiKaige/qemu/target/arm/translate-a64.c: In function ‘disas_ldst’:

/home/LiKaige/qemu/target/arm/translate-a64.c:3392:5: error: ‘fn’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

fn(cpu_reg(s, rt), clean_addr, tcg_rs, get_mem_index(s),

^

/home/LiKaige/qemu/target/arm/translate-a64.c:3318:22: note: ‘fn’ was declared here

AtomicThreeOpFn *fn;

^

Make it happy by initializing the variable to NULL.

Signed-off-by: Kaige Li <likaige@loongson.cn>

Message-id: 1596110248-7366-2-git-send-email-likaige@loongson.cn

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

[PMM: Clean up commit message and note which gcc version this was]

target/arm/translate-a64.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,

bool r = extract32(insn, 22, 1);

bool a = extract32(insn, 23, 1);

TCGv_i64 tcg_rs, clean_addr;

- AtomicThreeOpFn *fn;

+ AtomicThreeOpFn *fn = NULL;

if (is_vector || !dc_isar_feature(aa64_atomics, s)) {

unallocated_encoding(s);

2.20.1

The imx_epit device has a software-controllable reset triggered by

setting the SWR bit in the CR register. An error in commit cc2722ec83ad9

means that we will end up assert()ing if the guest does this, because

the code in imx_epit_write() starts ptimer transactions, and then

imx_epit_reset() also starts ptimer transactions, triggering

"ptimer_transaction_begin: Assertion `!s->in_transaction' failed".

The cleanest way to avoid this double-transaction is to move the

start-transaction for the CR write handling down below the check of

the SWR bit.

Message-id: 20200727154550.3409-1-peter.maydell@linaro.org

hw/timer/imx_epit.c | 13 ++++++++++---

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c

--- a/hw/timer/imx_epit.c

+++ b/hw/timer/imx_epit.c

@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,

switch (offset >> 2) {

case 0: /* CR */

- ptimer_transaction_begin(s->timer_cmp);

- ptimer_transaction_begin(s->timer_reload);

oldcr = s->cr;

s->cr = value & 0x03ffffff;

if (s->cr & CR_SWR) {

/* handle the reset */

imx_epit_reset(DEVICE(s));

- } else {

+ /*

+ * TODO: could we 'break' here? following operations appear

+ * to duplicate the work imx_epit_reset() already did.

+ */

+ }

+

+ ptimer_transaction_begin(s->timer_cmp);

+ ptimer_transaction_begin(s->timer_reload);

+

+ if (!(s->cr & CR_SWR)) {

imx_epit_set_freq(s);

2.20.1