Some more outstanding target-arm patches; nothing terribly

exciting. Mostly they're mine; I'm trying to reduce the

number of patches I still have in flight, so I've picked

out some of the reviewed patches from a couple of sets I've

sent out and will resend v2 versions of those sets with the

remaining patches with fixes for issues noted in review once

this is in master.

thanks

-- PMM

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2018-08-20 09:48:03 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180820

for you to fetch changes up to b85fad1588e812566f897f747e38da345a7016d6:

hw/dma/pl080: Remove hw_error() if DMA is enabled (2018-08-20 11:24:33 +0100)

* Fix crash on conditional instruction in an IT block

* docs/generic-loader: mention U-Boot and Intel HEX executable formats

* hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset

* imx_serial: Generate interrupt on receive data ready if enabled

* Fix various minor bugs in AArch32 Hyp related coprocessor registers

* Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)

* Implement AArch32 ERET instruction

* hw/arm/virt: Add virt-3.1 machine type

* sdhci: add i.MX SD Stable Clock bit

* Remove now-obsolete MMIO request_ptr APIs

* hw/timer/m48t59: Move away from old_mmio accessors

* hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module

* nvic: Expose NMI line

* hw/dma/pl080: cleanups and new features required for use in MPS boards

Andrew Jones (1):

hw/arm/virt: Add virt-3.1 machine type

Hans-Erik Floryd (2):

imx_serial: Generate interrupt on receive data ready if enabled

sdhci: add i.MX SD Stable Clock bit

Jia He (1):

hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset

Peter Maydell (19):

target/arm: Correct typo in HAMAIR1 regdef name

target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs

target/arm: Implement AArch32 HVBAR

target/arm: Implement AArch32 Hyp FARs

target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2

target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)

target/arm: Implement AArch32 ERET instruction

hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code

memory: Remove MMIO request_ptr APIs

hw/misc: Remove mmio_interface device

hw/timer/m48t59: Move away from old_mmio accessors

hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module

nvic: Expose NMI line

hw/dma/pl080: Allow use as embedded-struct device

hw/dma/pl080: Support all three interrupt lines

hw/dma/pl080: Don't use CPU address space for DMA accesses

hw/dma/pl080: Provide device reset function

hw/dma/pl080: Correct bug in register address decode logic

hw/dma/pl080: Remove hw_error() if DMA is enabled

Roman Kapl (1):

target/arm: Fix crash on conditional instruction in an IT block

Stefan Hajnoczi (1):

docs/generic-loader: mention U-Boot and Intel HEX executable formats

From: Roman Kapl <rka@sysgo.com>

If an instruction is conditional (like CBZ) and it is executed

conditionally (using the ITx instruction), a jump to an undefined

label is generated, and QEMU crashes.

CBZ in IT block is an UNPREDICTABLE behavior, but we should not

crash. Honouring the condition code is allowed by the spec in this

case (constrained unpredictable, ARMv8, section K1.1.7), and matches

what we do for other "UNPREDICTABLE inside an IT block" instructions.

Fix the 'skip on condition' code to create a new label only if it

does not already exist. Previously multiple labels were created, but

only the last one of them was set.

Signed-off-by: Roman Kapl <rka@sysgo.com>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20180816120533.6587-1-rka@sysgo.com

[PMM: fixed ^ 1 being applied to wrong argument, fixed typo]

target/arm/translate.c | 35 +++++++++++++++++++++--------------

1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,

s->base.is_jmp = DISAS_UPDATE;

+/* Generate a label used for skipping this instruction */

+static void arm_gen_condlabel(DisasContext *s)

+ if (!s->condjmp) {

+ s->condlabel = gen_new_label();

+ s->condjmp = 1;

+/* Skip this instruction if the ARM condition is false */

+static void arm_skip_unless(DisasContext *s, uint32_t cond)

+ arm_gen_condlabel(s);

+ arm_gen_test_cc(cond ^ 1, s->condlabel);

static void disas_arm_insn(DisasContext *s, unsigned int insn)

unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;

@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)

if (cond != 0xe) {

/* if not always execute, we generate a conditional jump to

next instruction */

- s->condlabel = gen_new_label();

- arm_gen_test_cc(cond ^ 1, s->condlabel);

- s->condjmp = 1;

+ arm_skip_unless(s, cond);

}

if ((insn & 0x0f900000) == 0x03000000) {

if ((insn & (1 << 21)) == 0) {

@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)

/* Conditional branch. */

op = (insn >> 22) & 0xf;

/* Generate a conditional jump to next instruction. */

- s->condlabel = gen_new_label();

- arm_gen_test_cc(op ^ 1, s->condlabel);

- s->condjmp = 1;

+ arm_skip_unless(s, op);

/* offset[11:1] = insn[10:0] */

offset = (insn & 0x7ff) << 1;

@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)

case 1: case 3: case 9: case 11: /* czb */

rm = insn & 7;

tmp = load_reg(s, rm);

- s->condlabel = gen_new_label();

- s->condjmp = 1;

+ arm_gen_condlabel(s);

if (insn & (1 << 11))

tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);

else

@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)

break;

}

/* generate a conditional jump to next instruction */

- s->condlabel = gen_new_label();

- arm_gen_test_cc(cond ^ 1, s->condlabel);

- s->condjmp = 1;

+ arm_skip_unless(s, cond);

/* jump to the offset */

val = (uint32_t)s->pc + 2;

@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)

uint32_t cond = dc->condexec_cond;

if (cond != 0x0e) { /* Skip conditional when condition is AL. */

- dc->condlabel = gen_new_label();

- arm_gen_test_cc(cond ^ 1, dc->condlabel);

- dc->condjmp = 1;

+ arm_skip_unless(dc, cond);

}

}

2.18.0

From: Stefan Hajnoczi <stefanha@redhat.com>

The generic loader device supports the U-Boot and Intel HEX executable

formats in addition to the document raw and ELF formats. Reword the

documentation to include these formats and explain how various options

depend on the executable format.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Message-id: 20180816145554.9814-1-stefanha@redhat.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

docs/generic-loader.txt | 20 ++++++++++----------

1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/generic-loader.txt b/docs/generic-loader.txt

--- a/docs/generic-loader.txt

+++ b/docs/generic-loader.txt

@@ -XXX,XX +XXX,XX @@ An example of setting CPU 0's PC to 0x8000 is:

Loading Files

-------------

-The loader device also allows files to be loaded into memory. It can load raw

-files and ELF executable files. Raw files are loaded verbatim. ELF executable

-files are loaded by an ELF loader. The syntax is shown below:

+The loader device also allows files to be loaded into memory. It can load ELF,

+U-Boot, and Intel HEX executable formats as well as raw images. The syntax is

+shown below:

-device loader,file=<file>[,addr=<addr>][,cpu-num=<cpu-num>][,force-raw=<raw>]

<file> - A file to be loaded into memory

- <addr> - The addr in memory that the file should be loaded. This is

- ignored if you are using an ELF (unless force-raw is true).

- This is required if you aren't loading an ELF.

+ <addr> - The memory address where the file should be loaded. This is

+ required for raw images and ignored for non-raw files.

<cpu-num> - This specifies the CPU that should be used. This is an

optional argument and will cause the CPU's PC to be set to

- where the image is stored or in the case of an ELF file to

- the value in the header. This option should only be used

- for the boot image.

+ the memory address where the raw file is loaded or the entry

+ point specified in the executable format header. This option

+ should only be used for the boot image.

This will also cause the image to be written to the specified

CPU's address space. If not specified, the default is CPU 0.

<force-raw> - Setting force-raw=on forces the file to be treated as a raw

- image. This can be used to load ELF files as if they were raw.

+ image. This can be used to load supported executable formats

+ as if they were raw.

All values are parsed using the standard QemuOps parsing. This allows the user

to specify any values in any format supported. By default the values

2.18.0

From: Jia He <hejianet@gmail.com>

In scripts/arch-run.bash of kvm-unit-tests, it will check the qemu

output log with:

if [ -z "$(echo "$errors" | grep -vi warning)" ]; then

Thus without the warning prefix, all of the test fail.

Since it is not unrecoverable error in kvm_arm_its_reset for

current implementation, downgrading the report from error to

warn makes sense.

Signed-off-by: Jia He <jia.he@hxt-semitech.com>

Message-id: 1531969910-32843-1-git-send-email-jia.he@hxt-semitech.com

hw/intc/arm_gicv3_its_kvm.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

@@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_reset(DeviceState *dev)

- error_report("ITS KVM: full reset is not supported by the host kernel");

+ warn_report("ITS KVM: full reset is not supported by the host kernel");

if (!kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,

GITS_CTLR)) {

2.18.0

ARMv7VE introduced the ERET instruction, which is necessary to

return from an exception taken to Hyp mode. Implement this.

In A32 encoding it is a completely new encoding; in T32 it

is an adjustment of the behaviour of the existing

"SUBS PC, LR, #<imm8>" instruction.

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

Reviewed-by: Luc Michel <luc.michel@greensocs.com>

Message-id: 20180814124254.5229-10-peter.maydell@linaro.org

target/arm/translate.c | 31 +++++++++++++++++++++++++++++--

1 file changed, 29 insertions(+), 2 deletions(-)

@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)

tcg_temp_free_i32(tmp2);

store_reg(s, rd, tmp);

break;

+ case 0x6: /* ERET */

+ if (op1 != 3) {

+ goto illegal_op;

+ }

+ if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {

+ goto illegal_op;

+ }

+ if ((insn & 0x000fff0f) != 0x0000000e) {

+ /* UNPREDICTABLE; we choose to UNDEF */

+ goto illegal_op;

+ }

+ if (s->current_el == 2) {

+ tmp = load_cpu_field(elr_el[2]);

+ } else {

+ tmp = load_reg(s, 14);

+ }

+ gen_exception_return(s, tmp);

+ break;

case 7:

{

int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);

@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)

if (rn != 14 || rd != 15) {

goto illegal_op;

}

- tmp = load_reg(s, rn);

- tcg_gen_subi_i32(tmp, tmp, insn & 0xff);

+ if (s->current_el == 2) {

+ /* ERET from Hyp uses ELR_Hyp, not LR */

+ if (insn & 0xff) {

+ goto illegal_op;

+ }

+ tmp = load_cpu_field(elr_el[2]);

+ } else {

+ tmp = load_reg(s, rn);

+ tcg_gen_subi_i32(tmp, tmp, insn & 0xff);

+ }

gen_exception_return(s, tmp);

break;

case 6: /* MRS */

2.18.0

From: Andrew Jones <drjones@redhat.com>

Signed-off-by: Andrew Jones <drjones@redhat.com>

Reviewed-by: Igor Mammedov <imammedo@redhat.com>

hw/arm/virt.c | 23 +++++++++++++++++------

1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c

--- a/hw/arm/virt.c

+++ b/hw/arm/virt.c

@@ -XXX,XX +XXX,XX @@ static void machvirt_machine_init(void)

}

type_init(machvirt_machine_init);

-#define VIRT_COMPAT_2_12 \

- HW_COMPAT_2_12

-static void virt_3_0_instance_init(Object *obj)

+static void virt_3_1_instance_init(Object *obj)

{

VirtMachineState *vms = VIRT_MACHINE(obj);

VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);

@@ -XXX,XX +XXX,XX @@ static void virt_3_0_instance_init(Object *obj)

vms->irqmap = a15irqmap;

-static void virt_machine_3_0_options(MachineClass *mc)

+static void virt_machine_3_1_options(MachineClass *mc)

{

}

-DEFINE_VIRT_MACHINE_AS_LATEST(3, 0)

+DEFINE_VIRT_MACHINE_AS_LATEST(3, 1)

+

+static void virt_3_0_instance_init(Object *obj)

+{

+ virt_3_1_instance_init(obj);

+}

+

+static void virt_machine_3_0_options(MachineClass *mc)

+{

+ virt_machine_3_1_options(mc);

+}

+DEFINE_VIRT_MACHINE(3, 0)

+

+#define VIRT_COMPAT_2_12 \

+ HW_COMPAT_2_12

static void virt_2_12_instance_init(Object *obj)

{

2.18.0

From: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>

Add the ESDHC PRSSTAT_SDSTB bit, using the value of SDHC_CLOCK_INT_STABLE.

Freescale recommends checking this bit when changing clock frequency.

Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>

Message-id: 1534507843-4251-1-git-send-email-hans-erik.floryd@rt-labs.com

[PMM: fixed indentation]

hw/sd/sdhci-internal.h | 2 ++

hw/sd/sdhci.c | 8 ++++++++

2 files changed, 10 insertions(+)

diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h

--- a/hw/sd/sdhci-internal.h

+++ b/hw/sd/sdhci-internal.h

@@ -XXX,XX +XXX,XX @@ extern const VMStateDescription sdhci_vmstate;

#define ESDHC_CTRL_4BITBUS (0x1 << 1)

#define ESDHC_CTRL_8BITBUS (0x2 << 1)

+#define ESDHC_PRNSTS_SDSTB (1 << 3)

+

#endif

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/sd/sdhci.c

+++ b/hw/sd/sdhci.c

@@ -XXX,XX +XXX,XX @@ static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size)

break;

+ case SDHC_PRNSTS:

+ /* Add SDSTB (SD Clock Stable) bit to PRNSTS */

+ ret = sdhci_read(opaque, offset, size) & ~ESDHC_PRNSTS_SDSTB;

+ if (s->clkcon & SDHC_CLOCK_INT_STABLE) {

+ ret |= ESDHC_PRNSTS_SDSTB;

+ }

+ break;

+

case ESDHC_DLL_CTRL:

case ESDHC_TUNE_CTRL_STATUS:

case ESDHC_UNDOCUMENTED_REG27:

2.18.0