Series comparison

-[Qemu-devel] [PULL 00/21] target-arm queue
+[PULL 0/7] target-arm queue
-target-arm queue: mostly just cleanup/minor stuff, but this does
+A last small test of bug fixes before rc1.
 include the raspi3 board model.
+thanks
 -- PMM
-The following changes since commit 9f9c53368b219a9115eddb39f0ff5ad19c977134:
+The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:
-  Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2018-02-15 10:14:11 +0000)
+  Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)
 are available in the Git repository at:
-  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717
-for you to fetch changes up to e545f0f9be1f9e60951017c1e6558216732cc14e:
+for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4:
-  target/arm: Implement v8M MSPLIM and PSPLIM registers (2018-02-15 13:48:11 +0000)
+  hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * aspeed: code cleanup to use unimplemented_device
+ * hw/arm/sbsa-ref: set 'slots' property of xhci
- * add 'raspi3' RaspberryPi 3 machine model
+ * linux-user: Remove pointless NULL check in clock_adjtime handling
- * more SVE prep work
+ * ptw: Fix S1_ptw_translate() debug path
- * v8M: add minor missing registers
+ * ptw: Account for FEAT_RME when applying {N}SW, SA bits
- * v7M: fix bug where we weren't migrating v7m.other_sp
+ * accel/tcg: Zero-pad PC in TCG CPU exec trace lines
- * v7M: fix bugs in handling of interrupt registers for
+ * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
    external interrupts beyond 32
 ----------------------------------------------------------------
-Pekka Enberg (3):
+Peter Maydell (5):
-      bcm2836: Make CPU type configurable
+      linux-user: Remove pointless NULL check in clock_adjtime handling
-      raspi: Raspberry Pi 3 support
+      target/arm/ptw.c: Add comments to S1Translate struct fields
-      raspi: Add "raspi3" machine type
+      target/arm: Fix S1_ptw_translate() debug path
       target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
       accel/tcg: Zero-pad PC in TCG CPU exec trace lines
-Peter Maydell (11):
+Tong Ho (1):
-      hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
+      hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
       hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
       hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
       hw/intc/armv7m_nvic: Implement v8M CPPWR register
       hw/intc/armv7m_nvic: Implement cache ID registers
       hw/intc/armv7m_nvic: Implement SCR
       target/arm: Implement writing to CONTROL_NS for v8M
       hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
       target/arm: Add AIRCR to vmstate struct
       target/arm: Migrate v7m.other_sp
       target/arm: Implement v8M MSPLIM and PSPLIM registers
-Philippe Mathieu-Daudé (2):
+Yuquan Wang (1):
-      hw/arm/aspeed: directly map the serial device to the system address space
+      hw/arm/sbsa-ref: set 'slots' property of xhci
       hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io
-Richard Henderson (5):
+ accel/tcg/cpu-exec.c      |  4 +--
-      target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
+ accel/tcg/translate-all.c |  2 +-
-      target/arm: Enforce FP access to FPCR/FPSR
+ hw/arm/sbsa-ref.c         |  1 +
-      target/arm: Suppress TB end for FPCR/FPSR
+ hw/nvram/xlnx-efuse.c     | 11 ++++--
-      target/arm: Enforce access to ZCR_EL at translation
+ linux-user/syscall.c      | 12 +++----
-      target/arm: Handle SVE registers when using clear_vec_high
+ target/arm/ptw.c          | 90 +++++++++++++++++++++++++++++++++++++++++------
+files changed, 98 insertions(+), 22 deletions(-)
  include/hw/arm/aspeed_soc.h |   1 -
  include/hw/arm/bcm2836.h    |   1 +
  target/arm/cpu.h            |  71 ++++++++++++-----
  target/arm/internals.h      |   6 ++
  hw/arm/aspeed_soc.c         |  35 ++-------
  hw/arm/bcm2836.c            |  17 +++--
  hw/arm/raspi.c              |  57 +++++++++++---
  hw/intc/armv7m_nvic.c       |  98 ++++++++++++++++++------
  target/arm/cpu.c            |  28 +++++++
  target/arm/helper.c         |  84 +++++++++++++++-----
  target/arm/machine.c        |  84 ++++++++++++++++++++
  target/arm/translate-a64.c  | 181 ++++++++++++++++++++------------------------
 files changed, 452 insertions(+), 211 deletions(-)

-[Qemu-devel] [PULL 01/21] hw/arm/aspeed: directly map the serial device to the system address space
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(qemu) info mtree
- address-space: cpu-memory-0
-   0000000000000000-ffffffffffffffff (prio 0, i/o): system
-     0000000000000000-0000000007ffffff (prio 0, rom): aspeed.boot_rom
-     000000001e600000-000000001e7fffff (prio -1, i/o): aspeed_soc.io
--      000000001e784000-000000001e78401f (prio 0, i/o): serial
-     000000001e620000-000000001e6200ff (prio 0, i/o): aspeed.smc.ast2500-fmc
-     000000001e630000-000000001e6300ff (prio 0, i/o): aspeed.smc.ast2500-spi1
-     [...]
-     000000001e720000-000000001e728fff (prio 0, ram): aspeed.sram
-     000000001e782000-000000001e782fff (prio 0, i/o): aspeed.timer
-+    000000001e784000-000000001e78401f (prio 0, i/o): serial
-     000000001e785000-000000001e78501f (prio 0, i/o): aspeed.wdt
-     000000001e785020-000000001e78503f (prio 0, i/o): aspeed.wdt
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: Cédric Le Goater <clg@kaod.org>
-Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
-Message-id: 20180209085755.30414-2-f4bug@amsat.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/aspeed_soc.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/aspeed_soc.c
-+++ b/hw/arm/aspeed_soc.c
-@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
-     /* UART - attach an 8250 to the IO space as our UART5 */
-     if (serial_hds[0]) {
-         qemu_irq uart5 = qdev_get_gpio_in(DEVICE(&s->vic), uart_irqs[4]);
--        serial_mm_init(&s->iomem, ASPEED_SOC_UART_5_BASE, 2,
-+        serial_mm_init(get_system_memory(),
-+                       ASPEED_SOC_IOMEM_BASE + ASPEED_SOC_UART_5_BASE, 2,
-                        uart5, 38400, serial_hds[0], DEVICE_LITTLE_ENDIAN);
-     }
---
-.16.1

-[Qemu-devel] [PULL 02/21] hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(qemu) info mtree
- address-space: cpu-memory-0
-   0000000000000000-ffffffffffffffff (prio 0, i/o): system
-     0000000000000000-0000000007ffffff (prio 0, rom): aspeed.boot_rom
--    000000001e600000-000000001e7fffff (prio -1, i/o): aspeed_soc.io
-+    000000001e600000-000000001e7fffff (prio -1000, i/o): aspeed_soc.io
-     000000001e620000-000000001e6200ff (prio 0, i/o): aspeed.smc.ast2500-fmc
-     000000001e630000-000000001e6300ff (prio 0, i/o): aspeed.smc.ast2500-spi1
-     000000001e631000-000000001e6310ff (prio 0, i/o): aspeed.smc.ast2500-spi2
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: Cédric Le Goater <clg@kaod.org>
-Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
-Message-id: 20180209085755.30414-3-f4bug@amsat.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/arm/aspeed_soc.h |  1 -
- hw/arm/aspeed_soc.c         | 32 +++-----------------------------
-files changed, 3 insertions(+), 30 deletions(-)
-diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/aspeed_soc.h
-+++ b/include/hw/arm/aspeed_soc.h
-@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSoCState {
-     /*< public >*/
-     ARMCPU cpu;
--    MemoryRegion iomem;
-     MemoryRegion sram;
-     AspeedVICState vic;
-     AspeedTimerCtrlState timerctrl;
-diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/aspeed_soc.c
-+++ b/hw/arm/aspeed_soc.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "exec/address-spaces.h"
-+#include "hw/misc/unimp.h"
- #include "hw/arm/aspeed_soc.h"
- #include "hw/char/serial.h"
- #include "qemu/log.h"
-@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
-     },
- };
--/*
-- * IO handlers: simply catch any reads/writes to IO addresses that aren't
-- * handled by a device mapping.
-- */
--
--static uint64_t aspeed_soc_io_read(void *p, hwaddr offset, unsigned size)
--{
--    qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
--                  __func__, offset, size);
--    return 0;
--}
--
--static void aspeed_soc_io_write(void *opaque, hwaddr offset, uint64_t value,
--                unsigned size)
--{
--    qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64 " [%u]\n",
--                  __func__, offset, value, size);
--}
--
--static const MemoryRegionOps aspeed_soc_io_ops = {
--    .read = aspeed_soc_io_read,
--    .write = aspeed_soc_io_write,
--    .endianness = DEVICE_LITTLE_ENDIAN,
--};
--
- static void aspeed_soc_init(Object *obj)
- {
-     AspeedSoCState *s = ASPEED_SOC(obj);
-@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
-     Error *err = NULL, *local_err = NULL;
-     /* IO space */
--    memory_region_init_io(&s->iomem, NULL, &aspeed_soc_io_ops, NULL,
--            "aspeed_soc.io", ASPEED_SOC_IOMEM_SIZE);
--    memory_region_add_subregion_overlap(get_system_memory(),
--                                        ASPEED_SOC_IOMEM_BASE, &s->iomem, -1);
-+    create_unimplemented_device("aspeed_soc.io",
-+                                ASPEED_SOC_IOMEM_BASE, ASPEED_SOC_IOMEM_SIZE);
-     /* CPU */
-     object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
---
-.16.1

-[Qemu-devel] [PULL 03/21] bcm2836: Make CPU type configurable
+Deleted patch
-From: Pekka Enberg <penberg@iki.fi>
-This patch adds a "cpu-type" property to BCM2836 SoC in preparation for
-reusing the code for the Raspberry Pi 3, which has a different processor
-model.
-Signed-off-by: Pekka Enberg <penberg@iki.fi>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/arm/bcm2836.h |  1 +
- hw/arm/bcm2836.c         | 17 +++++++++--------
- hw/arm/raspi.c           |  3 +++
-files changed, 13 insertions(+), 8 deletions(-)
-diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/bcm2836.h
-+++ b/include/hw/arm/bcm2836.h
-@@ -XXX,XX +XXX,XX @@ typedef struct BCM2836State {
-     DeviceState parent_obj;
-     /*< public >*/
-+    char *cpu_type;
-     uint32_t enabled_cpus;
-     ARMCPU cpus[BCM2836_NCPUS];
-diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/bcm2836.c
-+++ b/hw/arm/bcm2836.c
-@@ -XXX,XX +XXX,XX @@
- static void bcm2836_init(Object *obj)
- {
-     BCM2836State *s = BCM2836(obj);
--    int n;
--
--    for (n = 0; n < BCM2836_NCPUS; n++) {
--        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
--                          "cortex-a15-" TYPE_ARM_CPU);
--        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
--                                  &error_abort);
--    }
-     object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL);
-     object_property_add_child(obj, "control", OBJECT(&s->control), NULL);
-@@ -XXX,XX +XXX,XX @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
-     /* common peripherals from bcm2835 */
-+    obj = OBJECT(dev);
-+    for (n = 0; n < BCM2836_NCPUS; n++) {
-+        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
-+                          s->cpu_type);
-+        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
-+                                  &error_abort);
-+    }
-+
-     obj = object_property_get_link(OBJECT(dev), "ram", &err);
-     if (obj == NULL) {
-         error_setg(errp, "%s: required ram link not found: %s",
-@@ -XXX,XX +XXX,XX @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
- }
- static Property bcm2836_props[] = {
-+    DEFINE_PROP_STRING("cpu-type", BCM2836State, cpu_type),
-     DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, BCM2836_NCPUS),
-     DEFINE_PROP_END_OF_LIST()
- };
-diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/raspi.c
-+++ b/hw/arm/raspi.c
-@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
-     /* Setup the SOC */
-     object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram),
-                                    &error_abort);
-+    object_property_set_str(OBJECT(&s->soc), machine->cpu_type, "cpu-type",
-+                            &error_abort);
-     object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
-                             &error_abort);
-     object_property_set_int(OBJECT(&s->soc), 0xa21041, "board-rev",
-@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)
-     mc->no_parallel = 1;
-     mc->no_floppy = 1;
-     mc->no_cdrom = 1;
-+    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
-     mc->max_cpus = BCM2836_NCPUS;
-     mc->min_cpus = BCM2836_NCPUS;
-     mc->default_cpus = BCM2836_NCPUS;
---
-.16.1

-[Qemu-devel] [PULL 05/21] raspi: Add "raspi3" machine type
+[PULL 1/7] hw/arm/sbsa-ref: set 'slots' property of xhci
-From: Pekka Enberg <penberg@iki.fi>
+From: Yuquan Wang <wangyuquan1236@phytium.com.cn>
-This patch adds a "raspi3" machine type, which can now be selected as
+This extends the slots of xhci to 64, since the default xhci_sysbus
-the machine to run on by users via the "-M" command line option to QEMU.
+just supports one slot.
-The machine type does *not* ignore memory transaction failures so we
+Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn>
-likely need to add some dummy devices later when people run something
+Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
-more complicated than what I'm using for testing.
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-Signed-off-by: Pekka Enberg <penberg@iki.fi>
+Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-[PMM: added #ifdef TARGET_AARCH64 so we don't provide the 64-bit
+Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn
  board in the 32-bit only arm-softmmu build.]
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/arm/raspi.c | 23 +++++++++++++++++++++++
+ hw/arm/sbsa-ref.c | 1 +
-file changed, 23 insertions(+)
+file changed, 1 insertion(+)
-diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
+diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/raspi.c
+--- a/hw/arm/sbsa-ref.c
-+++ b/hw/arm/raspi.c
++++ b/hw/arm/sbsa-ref.c
-@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)
+@@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms)
-     mc->ignore_memory_transaction_failures = true;
+     hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;
- };
+     int irq = sbsa_ref_irqmap[SBSA_XHCI];
- DEFINE_MACHINE("raspi2", raspi2_machine_init)
+     DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
-+
++    qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
-+#ifdef TARGET_AARCH64
-+static void raspi3_init(MachineState *machine)
+     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-+{
+     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
 +    raspi_init(machine, 3);
 +}
 +
 +static void raspi3_machine_init(MachineClass *mc)
 +{
 +    mc->desc = "Raspberry Pi 3";
 +    mc->init = raspi3_init;
 +    mc->block_default_type = IF_SD;
 +    mc->no_parallel = 1;
 +    mc->no_floppy = 1;
 +    mc->no_cdrom = 1;
 +    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
 +    mc->max_cpus = BCM2836_NCPUS;
 +    mc->min_cpus = BCM2836_NCPUS;
 +    mc->default_cpus = BCM2836_NCPUS;
 +    mc->default_ram_size = 1024 * 1024 * 1024;
 +}
 +DEFINE_MACHINE("raspi3", raspi3_machine_init)
 +#endif
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 12/21] hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
+[PULL 2/7] linux-user: Remove pointless NULL check in clock_adjtime handling
-The PENDNMISET/CLR bits in the ICSR should be RAZ/WI from
+In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to
-NonSecure state if the AIRCR.BFHFNMINS bit is zero. We had
+the address of the local variable htx.  This means it can never be
-misimplemented this as making the bits RAZ/WI from both
+NULL, but later in the code we check it for NULL anyway.  Coverity
-Secure and NonSecure states. Fix this bug by checking
+complains about this (CID 1507683) because the NULL check comes after
-attrs.secure so that Secure code can pend and unpend NMIs.
+a call to clock_adjtime() that assumes it is non-NULL.
 Since phtx is always &htx, and is used only in three places, it's not
 really necessary.  Remove it, bringing the code structure in to line
 with that for TARGET_NR_clock_adjtime64, which already uses a simple
 '&htx' when it wants a pointer to 'htx'.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-3-peter.maydell@linaro.org
+Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org
 ---
- hw/intc/armv7m_nvic.c | 6 +++---
+ linux-user/syscall.c | 12 +++++-------
-file changed, 3 insertions(+), 3 deletions(-)
+file changed, 5 insertions(+), 7 deletions(-)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
+--- a/linux-user/syscall.c
-+++ b/hw/intc/armv7m_nvic.c
++++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
+@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
  #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
      case TARGET_NR_clock_adjtime:
          {
 -            struct timex htx, *phtx = &htx;
 +            struct timex htx;
 -            if (target_to_host_timex(phtx, arg2) != 0) {
 +            if (target_to_host_timex(&htx, arg2) != 0) {
                  return -TARGET_EFAULT;
              }
 -            ret = get_errno(clock_adjtime(arg1, phtx));
 -            if (!is_error(ret) && phtx) {
 -                if (host_to_target_timex(arg2, phtx) != 0) {
 -                    return -TARGET_EFAULT;
 -                }
 +            ret = get_errno(clock_adjtime(arg1, &htx));
 +            if (!is_error(ret) && host_to_target_timex(arg2, &htx)) {
 +                return -TARGET_EFAULT;
              }
          }
-         /* NMIPENDSET */
+         return ret;
 -        if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
 -            s->vectors[ARMV7M_EXCP_NMI].pending) {
 +        if ((attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))
 +            && s->vectors[ARMV7M_EXCP_NMI].pending) {
              val |= (1 << 31);
          }
          /* ISRPREEMPT: RES0 when halting debug not implemented */
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
          break;
      }
      case 0xd04: /* Interrupt Control State (ICSR) */
 -        if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
 +        if (attrs.secure || cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
              if (value & (1 << 31)) {
                  armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
              } else if (value & (1 << 30) &&
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 21/21] target/arm: Implement v8M MSPLIM and PSPLIM registers
+[PULL 3/7] target/arm/ptw.c: Add comments to S1Translate struct fields
-The v8M architecture includes hardware support for enforcing
+Add comments to the in_* fields in the S1Translate struct
-stack pointer limits. We don't implement this behaviour yet,
+that explain what they're doing.
 but provide the MSPLIM and PSPLIM stack pointer limit registers
 as reads-as-written, so that when we do implement the checks
 in future this won't break guest migration.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-12-peter.maydell@linaro.org
+Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org
 ---
- target/arm/cpu.h     |  2 ++
+ target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++
- target/arm/helper.c  | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+file changed, 40 insertions(+)
  target/arm/machine.c | 21 +++++++++++++++++++++
 files changed, 69 insertions(+)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/ptw.c
-+++ b/target/arm/cpu.h
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
+@@ -XXX,XX +XXX,XX @@
-         uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
+ #endif
-         uint32_t csselr[M_REG_NUM_BANKS];
-         uint32_t scr[M_REG_NUM_BANKS];
+ typedef struct S1Translate {
-+        uint32_t msplim[M_REG_NUM_BANKS];
++    /*
-+        uint32_t psplim[M_REG_NUM_BANKS];
++     * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk.
-     } v7m;
++     * Together with in_space, specifies the architectural translation regime.
++     */
-     /* Information associated with an exception about to be taken:
+     ARMMMUIdx in_mmu_idx;
-diff --git a/target/arm/helper.c b/target/arm/helper.c
++    /*
-index XXXXXXX..XXXXXXX 100644
++     * in_ptw_idx: specifies which mmuidx to use for the actual
---- a/target/arm/helper.c
++     * page table descriptor load operations. This will be one of the
-+++ b/target/arm/helper.c
++     * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes.
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
-                 return 0;
++     * this field is updated accordingly.
-             }
++     */
-             return env->v7m.other_ss_psp;
+     ARMMMUIdx in_ptw_idx;
-+        case 0x8a: /* MSPLIM_NS */
++    /*
-+            if (!env->v7m.secure) {
++     * in_space: the security space for this walk. This plus
-+                return 0;
++     * the in_mmu_idx specify the architectural translation regime.
-+            }
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
-+            return env->v7m.msplim[M_REG_NS];
++     * this field is updated accordingly.
-+        case 0x8b: /* PSPLIM_NS */
++     *
-+            if (!env->v7m.secure) {
++     * Note that the security space for the in_ptw_idx may be different
-+                return 0;
++     * from that for the in_mmu_idx. We do not need to explicitly track
-+            }
++     * the in_ptw_idx security space because:
-+            return env->v7m.psplim[M_REG_NS];
++     *  - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx
-         case 0x90: /* PRIMASK_NS */
++     *    itself specifies the security space
-             if (!env->v7m.secure) {
++     *  - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security
-                 return 0;
++     *    space used for ptw reads is the same as that of the security
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
++     *    space of the stage 1 translation for all cases except where
-         return v7m_using_psp(env) ? env->v7m.other_sp : env->regs[13];
++     *    stage 1 is Secure; in that case the only possibilities for
-     case 9: /* PSP */
++     *    the ptw read are Secure and NonSecure, and the in_ptw_idx
-         return v7m_using_psp(env) ? env->regs[13] : env->v7m.other_sp;
++     *    value being Stage2 vs Stage2_S distinguishes those.
-+    case 10: /* MSPLIM */
++     */
-+        if (!arm_feature(env, ARM_FEATURE_V8)) {
+     ARMSecuritySpace in_space;
-+            goto bad_reg;
++    /*
-+        }
++     * in_secure: whether the translation regime is a Secure one.
-+        return env->v7m.msplim[env->v7m.secure];
++     * This is always equal to arm_space_is_secure(in_space).
-+    case 11: /* PSPLIM */
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
-+        if (!arm_feature(env, ARM_FEATURE_V8)) {
++     * this field is updated accordingly.
-+            goto bad_reg;
++     */
-+        }
+     bool in_secure;
-+        return env->v7m.psplim[env->v7m.secure];
++    /*
-     case 16: /* PRIMASK */
++     * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug
-         return env->v7m.primask[env->v7m.secure];
++     * accesses will not update the guest page table access flags
-     case 17: /* BASEPRI */
++     * and will not change the state of the softmmu TLBs.
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
++     */
-     case 19: /* FAULTMASK */
+     bool in_debug;
-         return env->v7m.faultmask[env->v7m.secure];
+     /*
-     default:
+      * If this is stage 2 of a stage 1+2 page table walk, then this must
 +    bad_reg:
          qemu_log_mask(LOG_GUEST_ERROR, "Attempt to read unknown special"
                                         " register %d\n", reg);
          return 0;
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
              }
              env->v7m.other_ss_psp = val;
              return;
 +        case 0x8a: /* MSPLIM_NS */
 +            if (!env->v7m.secure) {
 +                return;
 +            }
 +            env->v7m.msplim[M_REG_NS] = val & ~7;
 +            return;
 +        case 0x8b: /* PSPLIM_NS */
 +            if (!env->v7m.secure) {
 +                return;
 +            }
 +            env->v7m.psplim[M_REG_NS] = val & ~7;
 +            return;
          case 0x90: /* PRIMASK_NS */
              if (!env->v7m.secure) {
                  return;
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
              env->v7m.other_sp = val;
          }
          break;
 +    case 10: /* MSPLIM */
 +        if (!arm_feature(env, ARM_FEATURE_V8)) {
 +            goto bad_reg;
 +        }
 +        env->v7m.msplim[env->v7m.secure] = val & ~7;
 +        break;
 +    case 11: /* PSPLIM */
 +        if (!arm_feature(env, ARM_FEATURE_V8)) {
 +            goto bad_reg;
 +        }
 +        env->v7m.psplim[env->v7m.secure] = val & ~7;
 +        break;
      case 16: /* PRIMASK */
          env->v7m.primask[env->v7m.secure] = val & 1;
          break;
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
          env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
          break;
      default:
 +    bad_reg:
          qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"
                                         " register %d\n", reg);
          return;
 diff --git a/target/arm/machine.c b/target/arm/machine.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/machine.c
 +++ b/target/arm/machine.c
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_other_sp = {
      }
  };
 +static bool m_v8m_needed(void *opaque)
 +{
 +    ARMCPU *cpu = opaque;
 +    CPUARMState *env = &cpu->env;
 +
 +    return arm_feature(env, ARM_FEATURE_M) && arm_feature(env, ARM_FEATURE_V8);
 +}
 +
 +static const VMStateDescription vmstate_m_v8m = {
 +    .name = "cpu/m/v8m",
 +    .version_id = 1,
 +    .minimum_version_id = 1,
 +    .needed = m_v8m_needed,
 +    .fields = (VMStateField[]) {
 +        VMSTATE_UINT32_ARRAY(env.v7m.msplim, ARMCPU, M_REG_NUM_BANKS),
 +        VMSTATE_UINT32_ARRAY(env.v7m.psplim, ARMCPU, M_REG_NUM_BANKS),
 +        VMSTATE_END_OF_LIST()
 +    }
 +};
 +
  static const VMStateDescription vmstate_m = {
      .name = "cpu/m",
      .version_id = 4,
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {
          &vmstate_m_csselr,
          &vmstate_m_scr,
          &vmstate_m_other_sp,
 +        &vmstate_m_v8m,
          NULL
      }
  };
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 10/21] target/arm: Handle SVE registers when using clear_vec_high
+[PULL 4/7] target/arm: Fix S1_ptw_translate() debug path
-From: Richard Henderson <richard.henderson@linaro.org>
+In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate()
 so that the debug-access "call get_phys_addr_*" codepath is used both
 when S1 is doing ptw reads from stage 2 and when it is doing ptw
 reads from physical memory.  However, we didn't update the
 calculation of s2ptw->in_space and s2ptw->in_secure to account for
 the "ptw reads from physical memory" case.  This meant that debug
 accesses when in Secure state broke.
-When storing to an AdvSIMD FP register, all of the high
+Create a new function S2_security_space() which returns the
-bits of the SVE register are zeroed.  Therefore, call it
+correct security space to use for the ptw load, and use it to
-more often with is_q as a parameter.
+determine the correct .in_secure and .in_space fields for the
 stage 2 lookup for the ptw load.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
-Message-id: 20180211205848.4568-6-richard.henderson@linaro.org
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org
 Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate")
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 162 +++++++++++++++++----------------------------
+ target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++-----
-file changed, 62 insertions(+), 100 deletions(-)
+file changed, 32 insertions(+), 5 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)
+@@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
-     return v;
+     }
  }
-+/* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).
++static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space,
-+ * If SVE is not enabled, then there are only 128 bits in the vector.
++                                          ARMMMUIdx s2_mmu_idx)
 + */
 +static void clear_vec_high(DisasContext *s, bool is_q, int rd)
 +{
-+    unsigned ofs = fp_reg_offset(s, rd, MO_64);
++    /*
-+    unsigned vsz = vec_full_reg_size(s);
++     * Return the security space to use for stage 2 when doing
-+
++     * the S1 page table descriptor load.
-+    if (!is_q) {
++     */
-+        TCGv_i64 tcg_zero = tcg_const_i64(0);
++    if (regime_is_stage2(s2_mmu_idx)) {
-+        tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);
++        /*
-+        tcg_temp_free_i64(tcg_zero);
++         * The security space for ptw reads is almost always the same
-+    }
++         * as that of the security space of the stage 1 translation.
-+    if (vsz > 16) {
++         * The only exception is when stage 1 is Secure; in that case
-+        tcg_gen_gvec_dup8i(ofs + 16, vsz - 16, vsz - 16, 0);
++         * the ptw read might be to the Secure or the NonSecure space
 +         * (but never Realm or Root), and the s2_mmu_idx tells us which.
 +         * Root translations are always single-stage.
 +         */
 +        if (s1_space == ARMSS_Secure) {
 +            return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S);
 +        } else {
 +            assert(s2_mmu_idx != ARMMMUIdx_Stage2_S);
 +            assert(s1_space != ARMSS_Root);
 +            return s1_space;
 +        }
 +    } else {
 +        /* ptw loads are from phys: the mmu idx itself says which space */
 +        return arm_phys_to_space(s2_mmu_idx);
 +    }
 +}
 +
- static void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)
+ /* Translate a S1 pagetable walk through S2 if needed.  */
  static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
                               hwaddr addr, ARMMMUFaultInfo *fi)
  {
--    TCGv_i64 tcg_zero = tcg_const_i64(0);
+-    ARMSecuritySpace space = ptw->in_space;
-+    unsigned ofs = fp_reg_offset(s, reg, MO_64);
+     bool is_secure = ptw->in_secure;
+     ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
--    tcg_gen_st_i64(v, cpu_env, fp_reg_offset(s, reg, MO_64));
+     ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
--    tcg_gen_st_i64(tcg_zero, cpu_env, fp_reg_hi_offset(s, reg));
+@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
--    tcg_temp_free_i64(tcg_zero);
+          * From gdbstub, do not use softmmu so that we don't modify the
-+    tcg_gen_st_i64(v, cpu_env, ofs);
+          * state of the cpu at all, including softmmu tlb contents.
-+    clear_vec_high(s, false, reg);
+          */
- }
++        ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx);
+         S1Translate s2ptw = {
- static void write_fp_sreg(DisasContext *s, int reg, TCGv_i32 v)
+             .in_mmu_idx = s2_mmu_idx,
-@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
+             .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
+-            .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
-     tcg_temp_free_i64(tmplo);
+-            .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
-     tcg_temp_free_i64(tmphi);
+-                         : space == ARMSS_Realm ? ARMSS_Realm
-+
+-                         : ARMSS_NonSecure),
-+    clear_vec_high(s, true, destidx);
++            .in_secure = arm_space_is_secure(s2_space),
- }
++            .in_space = s2_space,
+             .in_debug = true,
- /*
+         };
-@@ -XXX,XX +XXX,XX @@ static void write_vec_element_i32(DisasContext *s, TCGv_i32 tcg_src,
+         GetPhysAddrResult s2 = { };
      }
  }
 -/* Clear the high 64 bits of a 128 bit vector (in general non-quad
 - * vector ops all need to do this).
 - */
 -static void clear_vec_high(DisasContext *s, int rd)
 -{
 -    TCGv_i64 tcg_zero = tcg_const_i64(0);
 -
 -    write_vec_element(s, tcg_zero, rd, 1, MO_64);
 -    tcg_temp_free_i64(tcg_zero);
 -}
 -
  /* Store from vector register to memory */
  static void do_vec_st(DisasContext *s, int srcidx, int element,
                        TCGv_i64 tcg_addr, int size)
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
                      /* For non-quad operations, setting a slice of the low
                       * 64 bits of the register clears the high 64 bits (in
                       * the ARM ARM pseudocode this is implicit in the fact
 -                     * that 'rval' is a 64 bit wide variable). We optimize
 -                     * by noticing that we only need to do this the first
 -                     * time we touch a register.
 +                     * that 'rval' is a 64 bit wide variable).
 +                     * For quad operations, we might still need to zero the
 +                     * high bits of SVE.  We optimize by noticing that we only
 +                     * need to do this the first time we touch a register.
                       */
 -                    if (!is_q && e == 0 && (r == 0 || xs == selem - 1)) {
 -                        clear_vec_high(s, tt);
 +                    if (e == 0 && (r == 0 || xs == selem - 1)) {
 +                        clear_vec_high(s, is_q, tt);
                      }
                  }
                  tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
              write_vec_element(s, tcg_tmp, rt, 0, MO_64);
              if (is_q) {
                  write_vec_element(s, tcg_tmp, rt, 1, MO_64);
 -            } else {
 -                clear_vec_high(s, rt);
              }
              tcg_temp_free_i64(tcg_tmp);
 +            clear_vec_high(s, is_q, rt);
          } else {
              /* Load/store one element per register */
              if (is_load) {
@@ -XXX,XX +XXX,XX @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool is_scalar, bool is_q,
      }
      if (!is_q) {
 -        clear_vec_high(s, rd);
          write_vec_element(s, tcg_final, rd, 0, MO_64);
      } else {
          write_vec_element(s, tcg_final, rd, 1, MO_64);
@@ -XXX,XX +XXX,XX @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool is_scalar, bool is_q,
      tcg_temp_free_i64(tcg_rd);
      tcg_temp_free_i32(tcg_rd_narrowed);
      tcg_temp_free_i64(tcg_final);
 -    return;
 +
 +    clear_vec_high(s, is_q, rd);
  }
  /* SQSHLU, UQSHL, SQSHL: saturating left shifts */
@@ -XXX,XX +XXX,XX @@ static void handle_simd_qshl(DisasContext *s, bool scalar, bool is_q,
              tcg_temp_free_i64(tcg_op);
          }
          tcg_temp_free_i64(tcg_shift);
 -
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 +        clear_vec_high(s, is_q, rd);
      } else {
          TCGv_i32 tcg_shift = tcg_const_i32(shift);
          static NeonGenTwoOpEnvFn * const fns[2][2][3] = {
@@ -XXX,XX +XXX,XX @@ static void handle_simd_qshl(DisasContext *s, bool scalar, bool is_q,
          }
          tcg_temp_free_i32(tcg_shift);
 -        if (!is_q && !scalar) {
 -            clear_vec_high(s, rd);
 +        if (!scalar) {
 +            clear_vec_high(s, is_q, rd);
          }
      }
  }
@@ -XXX,XX +XXX,XX @@ static void handle_simd_intfp_conv(DisasContext *s, int rd, int rn,
          }
      }
 -    if (!is_double && elements == 2) {
 -        clear_vec_high(s, rd);
 -    }
 -
      tcg_temp_free_i64(tcg_int);
      tcg_temp_free_ptr(tcg_fpst);
      tcg_temp_free_i32(tcg_shift);
 +
 +    clear_vec_high(s, elements << size == 16, rd);
  }
  /* UCVTF/SCVTF - Integer to FP conversion */
@@ -XXX,XX +XXX,XX @@ static void handle_simd_shift_fpint_conv(DisasContext *s, bool is_scalar,
              write_vec_element(s, tcg_op, rd, pass, MO_64);
              tcg_temp_free_i64(tcg_op);
          }
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 +        clear_vec_high(s, is_q, rd);
      } else {
          int maxpass = is_scalar ? 1 : is_q ? 4 : 2;
          for (pass = 0; pass < maxpass; pass++) {
@@ -XXX,XX +XXX,XX @@ static void handle_simd_shift_fpint_conv(DisasContext *s, bool is_scalar,
              }
              tcg_temp_free_i32(tcg_op);
          }
 -        if (!is_q && !is_scalar) {
 -            clear_vec_high(s, rd);
 +        if (!is_scalar) {
 +            clear_vec_high(s, is_q, rd);
          }
      }
@@ -XXX,XX +XXX,XX @@ static void handle_3same_float(DisasContext *s, int size, int elements,
      tcg_temp_free_ptr(fpst);
 -    if ((elements << size) < 4) {
 -        /* scalar, or non-quad vector op */
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, elements * (size ? 8 : 4) > 8, rd);
  }
  /* AdvSIMD scalar three same
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_fcmp_zero(DisasContext *s, int opcode,
              }
              write_vec_element(s, tcg_res, rd, pass, MO_64);
          }
 -        if (is_scalar) {
 -            clear_vec_high(s, rd);
 -        }
 -
          tcg_temp_free_i64(tcg_res);
          tcg_temp_free_i64(tcg_zero);
          tcg_temp_free_i64(tcg_op);
 +
 +        clear_vec_high(s, !is_scalar, rd);
      } else {
          TCGv_i32 tcg_op = tcg_temp_new_i32();
          TCGv_i32 tcg_zero = tcg_const_i32(0);
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_fcmp_zero(DisasContext *s, int opcode,
          tcg_temp_free_i32(tcg_res);
          tcg_temp_free_i32(tcg_zero);
          tcg_temp_free_i32(tcg_op);
 -        if (!is_q && !is_scalar) {
 -            clear_vec_high(s, rd);
 +        if (!is_scalar) {
 +            clear_vec_high(s, is_q, rd);
          }
      }
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_reciprocal(DisasContext *s, int opcode,
              }
              write_vec_element(s, tcg_res, rd, pass, MO_64);
          }
 -        if (is_scalar) {
 -            clear_vec_high(s, rd);
 -        }
 -
          tcg_temp_free_i64(tcg_res);
          tcg_temp_free_i64(tcg_op);
 +        clear_vec_high(s, !is_scalar, rd);
      } else {
          TCGv_i32 tcg_op = tcg_temp_new_i32();
          TCGv_i32 tcg_res = tcg_temp_new_i32();
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_reciprocal(DisasContext *s, int opcode,
          }
          tcg_temp_free_i32(tcg_res);
          tcg_temp_free_i32(tcg_op);
 -        if (!is_q && !is_scalar) {
 -            clear_vec_high(s, rd);
 +        if (!is_scalar) {
 +            clear_vec_high(s, is_q, rd);
          }
      }
      tcg_temp_free_ptr(fpst);
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_narrow(DisasContext *s, bool scalar,
          write_vec_element_i32(s, tcg_res[pass], rd, destelt + pass, MO_32);
          tcg_temp_free_i32(tcg_res[pass]);
      }
 -    if (!is_q) {
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, is_q, rd);
  }
  /* Remaining saturating accumulating ops */
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_satacc(DisasContext *s, bool is_scalar, bool is_u,
              }
              write_vec_element(s, tcg_rd, rd, pass, MO_64);
          }
 -        if (is_scalar) {
 -            clear_vec_high(s, rd);
 -        }
 -
          tcg_temp_free_i64(tcg_rd);
          tcg_temp_free_i64(tcg_rn);
 +        clear_vec_high(s, !is_scalar, rd);
      } else {
          TCGv_i32 tcg_rn = tcg_temp_new_i32();
          TCGv_i32 tcg_rd = tcg_temp_new_i32();
@@ -XXX,XX +XXX,XX @@ static void handle_2misc_satacc(DisasContext *s, bool is_scalar, bool is_u,
              }
              write_vec_element_i32(s, tcg_rd, rd, pass, MO_32);
          }
 -
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 -
          tcg_temp_free_i32(tcg_rd);
          tcg_temp_free_i32(tcg_rn);
 +        clear_vec_high(s, is_q, rd);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void handle_vec_simd_shri(DisasContext *s, bool is_q, bool is_u,
      tcg_temp_free_i64(tcg_round);
   done:
 -    if (!is_q) {
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, is_q, rd);
  }
  static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
@@ -XXX,XX +XXX,XX @@ static void handle_vec_simd_shrn(DisasContext *s, bool is_q,
      }
      if (!is_q) {
 -        clear_vec_high(s, rd);
          write_vec_element(s, tcg_final, rd, 0, MO_64);
      } else {
          write_vec_element(s, tcg_final, rd, 1, MO_64);
      }
 -
      if (round) {
          tcg_temp_free_i64(tcg_round);
      }
      tcg_temp_free_i64(tcg_rn);
      tcg_temp_free_i64(tcg_rd);
      tcg_temp_free_i64(tcg_final);
 -    return;
 +
 +    clear_vec_high(s, is_q, rd);
  }
@@ -XXX,XX +XXX,XX @@ static void handle_3rd_narrowing(DisasContext *s, int is_q, int is_u, int size,
          write_vec_element_i32(s, tcg_res[pass], rd, pass + part, MO_32);
          tcg_temp_free_i32(tcg_res[pass]);
      }
 -    if (!is_q) {
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, is_q, rd);
  }
  static void handle_pmull_64(DisasContext *s, int is_q, int rd, int rn, int rm)
@@ -XXX,XX +XXX,XX @@ static void handle_simd_3same_pair(DisasContext *s, int is_q, int u, int opcode,
              write_vec_element_i32(s, tcg_res[pass], rd, pass, MO_32);
              tcg_temp_free_i32(tcg_res[pass]);
          }
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 +        clear_vec_high(s, is_q, rd);
      }
      if (fpst) {
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
              tcg_temp_free_i32(tcg_op2);
          }
      }
 -
 -    if (!is_q) {
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, is_q, rd);
  }
  /* AdvSIMD three same
@@ -XXX,XX +XXX,XX @@ static void handle_rev(DisasContext *s, int opcode, bool u,
              write_vec_element(s, tcg_tmp, rd, i, grp_size);
              tcg_temp_free_i64(tcg_tmp);
          }
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 +        clear_vec_high(s, is_q, rd);
      } else {
          int revmask = (1 << grp_size) - 1;
          int esize = 8 << size;
@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
              tcg_temp_free_i32(tcg_op);
          }
      }
 -    if (!is_q) {
 -        clear_vec_high(s, rd);
 -    }
 +    clear_vec_high(s, is_q, rd);
      if (need_rmode) {
          gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
              tcg_temp_free_i64(tcg_res);
          }
 -        if (is_scalar) {
 -            clear_vec_high(s, rd);
 -        }
 -
          tcg_temp_free_i64(tcg_idx);
 +        clear_vec_high(s, !is_scalar, rd);
      } else if (!is_long) {
          /* 32 bit floating point, or 16 or 32 bit integer.
           * For the 16 bit scalar case we use the usual Neon helpers and
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
          }
          tcg_temp_free_i32(tcg_idx);
 -
 -        if (!is_q) {
 -            clear_vec_high(s, rd);
 -        }
 +        clear_vec_high(s, is_q, rd);
      } else {
          /* long ops: 16x16->32 or 32x32->64 */
          TCGv_i64 tcg_res[2];
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
              }
              tcg_temp_free_i64(tcg_idx);
 -            if (is_scalar) {
 -                clear_vec_high(s, rd);
 -            }
 +            clear_vec_high(s, !is_scalar, rd);
          } else {
              TCGv_i32 tcg_idx = tcg_temp_new_i32();
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 20/21] target/arm: Migrate v7m.other_sp
+[PULL 5/7] target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
-In commit abc24d86cc0364f we accidentally broke migration of
+In get_phys_addr_twostage() the code that applies the effects of
-the stack pointer value for the mode (process, handler) the CPU
+VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure.
-is not currently running as. (The commit correctly removed the
+Now we also have f.attrs.space for FEAT_RME, we need to keep the two
-no-longer-used v7m.current_sp flag from the VMState but also
+in sync.
 deleted the still very much in use v7m.other_sp SP value field.)
-Add a subsection to migrate it again. (We don't need to care
+These bits only have an effect for Secure space translations, not
-about trying to retain compatibility with pre-abc24d86cc0364f
+for Root, so use the input in_space field to determine whether to
-versions of QEMU, because that commit bumped the version_id
+apply them rather than the input is_secure. This doesn't actually
-and we've since bumped it again a couple of times.)
+make a difference because Root translations are never two-stage,
 but it's a little clearer.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-11-peter.maydell@linaro.org
+Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org
 ---
- target/arm/machine.c | 11 +++++++++++
+ target/arm/ptw.c | 13 ++++++++-----
-file changed, 11 insertions(+)
+file changed, 8 insertions(+), 5 deletions(-)
-diff --git a/target/arm/machine.c b/target/arm/machine.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/machine.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/machine.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_scr = {
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-     }
+     hwaddr ipa;
- };
+     int s1_prot, s1_lgpgsz;
+     bool is_secure = ptw->in_secure;
-+static const VMStateDescription vmstate_m_other_sp = {
++    ARMSecuritySpace in_space = ptw->in_space;
-+    .name = "cpu/m/other-sp",
+     bool ret, ipa_secure;
-+    .version_id = 1,
+     ARMCacheAttrs cacheattrs1;
-+    .minimum_version_id = 1,
+     ARMSecuritySpace ipa_space;
-+    .fields = (VMStateField[]) {
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-+        VMSTATE_UINT32(env.v7m.other_sp, ARMCPU),
+      * Check if IPA translates to secure or non-secure PA space.
-+        VMSTATE_END_OF_LIST()
+      * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
       */
 -    result->f.attrs.secure =
 -        (is_secure
 -         && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
 -         && (ipa_secure
 -             || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))));
 +    if (in_space == ARMSS_Secure) {
 +        result->f.attrs.secure =
 +            !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
 +            && (ipa_secure
 +                || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)));
 +        result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure);
 +    }
-+};
-+
+     return false;
- static const VMStateDescription vmstate_m = {
+ }
      .name = "cpu/m",
      .version_id = 4,
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {
          &vmstate_m_faultmask_primask,
          &vmstate_m_csselr,
          &vmstate_m_scr,
 +        &vmstate_m_other_sp,
          NULL
      }
  };
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 09/21] target/arm: Enforce access to ZCR_EL at translation
+[PULL 6/7] accel/tcg: Zero-pad PC in TCG CPU exec trace lines
-From: Richard Henderson <richard.henderson@linaro.org>
+In commit f0a08b0913befbd we changed the type of the PC from
 target_ulong to vaddr.  In doing so we inadvertently dropped the
 zero-padding on the PC in trace lines (the second item inside the []
 in these lines).  They used to look like this on AArch64, for
 instance:
-This also makes sure that we get the correct ordering of
+Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000]
 SVE vs FP exceptions.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+and now they look like this:
-Message-id: 20180211205848.4568-5-richard.henderson@linaro.org
+Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 and if the PC happens to be somewhere low like 0x5000
 then the field is shown as /5000/.
 This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier,
 depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64
 with no width specifier.
 Restore the zero-padding by adding an 016 width specifier to
 this tracing and a couple of others that were similarly recently
 changed to use VADDR_PRIx without a width specifier.
 We can't unfortunately restore the "32-bit guests are padded to
 hex digits and 64-bit guests to 16 hex digits" behaviour so
 easily.
 Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr")
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Anton Johansson <anjo@rev.ng>
+Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org
 ---
- target/arm/cpu.h           |  3 ++-
+ accel/tcg/cpu-exec.c      | 4 ++--
- target/arm/internals.h     |  6 ++++++
+ accel/tcg/translate-all.c | 2 +-
- target/arm/helper.c        | 22 ++++------------------
+files changed, 3 insertions(+), 3 deletions(-)
  target/arm/translate-a64.c | 16 ++++++++++++++++
 files changed, 28 insertions(+), 19 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/accel/tcg/cpu-exec.c
-+++ b/target/arm/cpu.h
++++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
+@@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu,
- #define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
+     if (qemu_log_in_addr_range(pc)) {
- #define ARM_LAST_SPECIAL         ARM_CP_DC_ZVA
+         qemu_log_mask(CPU_LOG_EXEC,
- #define ARM_CP_FPU               0x1000
+                       "Trace %d: %p [%08" PRIx64
-+#define ARM_CP_SVE               0x2000
+-                      "/%" VADDR_PRIx "/%08x/%08x] %s\n",
- /* Used only as a terminator for ARMCPRegInfo lists */
++                      "/%016" VADDR_PRIx "/%08x/%08x] %s\n",
- #define ARM_CP_SENTINEL          0xffff
+                       cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
- /* Mask of only the flag bits in a type field */
+                       tb->flags, tb->cflags, lookup_symbol(pc));
--#define ARM_CP_FLAG_MASK         0x10ff
-+#define ARM_CP_FLAG_MASK         0x30ff
+@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
+         if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
- /* Valid values for ARMCPRegInfo state field, indicating which of
+             vaddr pc = log_pc(cpu, last_tb);
-  * the AArch32 and AArch64 execution states this register is visible in.
+             if (qemu_log_in_addr_range(pc)) {
-diff --git a/target/arm/internals.h b/target/arm/internals.h
+-                qemu_log("Stopped execution of TB chain before %p [%"
 +                qemu_log("Stopped execution of TB chain before %p [%016"
                           VADDR_PRIx "] %s\n",
                           last_tb->tc.ptr, pc, lookup_symbol(pc));
              }
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
+--- a/accel/tcg/translate-all.c
-+++ b/target/arm/internals.h
++++ b/accel/tcg/translate-all.c
-@@ -XXX,XX +XXX,XX @@ enum arm_exception_class {
+@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
-     EC_AA64_HVC               = 0x16,
+     if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
-     EC_AA64_SMC               = 0x17,
+         vaddr pc = log_pc(cpu, tb);
-     EC_SYSTEMREGISTERTRAP     = 0x18,
+         if (qemu_log_in_addr_range(pc)) {
-+    EC_SVEACCESSTRAP          = 0x19,
+-            qemu_log("cpu_io_recompile: rewound execution of TB to %"
-     EC_INSNABORT              = 0x20,
++            qemu_log("cpu_io_recompile: rewound execution of TB to %016"
-     EC_INSNABORT_SAME_EL      = 0x21,
+                      VADDR_PRIx "\n", pc);
-     EC_PCALIGNMENT            = 0x22,
+         }
@@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)
          | (cv << 24) | (cond << 20);
  }
 +static inline uint32_t syn_sve_access_trap(void)
 +{
 +    return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
 +}
 +
  static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
  {
      return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static int sve_exception_el(CPUARMState *env)
      return 0;
  }
 -static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,
 -                                 bool isread)
 -{
 -    switch (sve_exception_el(env)) {
 -    case 3:
 -        return CP_ACCESS_TRAP_EL3;
 -    case 2:
 -        return CP_ACCESS_TRAP_EL2;
 -    case 1:
 -        return CP_ACCESS_TRAP;
 -    }
 -    return CP_ACCESS_OK;
 -}
 -
  static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                        uint64_t value)
  {
@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
  static const ARMCPRegInfo zcr_el1_reginfo = {
      .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
      .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
 -    .access = PL1_RW, .accessfn = zcr_access,
 +    .access = PL1_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
      .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
      .writefn = zcr_write, .raw_writefn = raw_write
  };
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {
  static const ARMCPRegInfo zcr_el2_reginfo = {
      .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
 -    .access = PL2_RW, .accessfn = zcr_access,
 +    .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
      .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
      .writefn = zcr_write, .raw_writefn = raw_write
  };
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {
  static const ARMCPRegInfo zcr_no_el2_reginfo = {
      .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
 -    .access = PL2_RW,
 +    .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
      .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
  };
  static const ARMCPRegInfo zcr_el3_reginfo = {
      .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
      .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
 -    .access = PL3_RW, .accessfn = zcr_access,
 +    .access = PL3_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
      .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
      .writefn = zcr_write, .raw_writefn = raw_write
  };
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)
      return false;
  }
 +/* Check that SVE access is enabled.  If it is, return true.
 + * If not, emit code to generate an appropriate exception and return false.
 + */
 +static inline bool sve_access_check(DisasContext *s)
 +{
 +    if (s->sve_excp_el) {
 +        gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),
 +                           s->sve_excp_el);
 +        return false;
 +    }
 +    return true;
 +}
 +
  /*
   * This utility function is for doing register extension with an
   * optional shift. You will likely want to pass a temporary for the
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
      default:
          break;
      }
 +    if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
 +        return;
 +    }
      if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
          return;
      }
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 04/21] raspi: Raspberry Pi 3 support
+[PULL 7/7] hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
-From: Pekka Enberg <penberg@iki.fi>
+From: Tong Ho <tong.ho@amd.com>
-This patch adds Raspberry Pi 3 support to hw/arm/raspi.c. The
+Add a check in the bit-set operation to write the backstore
-differences to Pi 2 are:
+only if the affected bit is 0 before.
- - Firmware address
+With this in place, there will be no need for callers to
- - Board ID
+do the checking in order to avoid unnecessary writes.
  - Board revision
-The CPU is different too, but that's going to be configured as part of
+Signed-off-by: Tong Ho <tong.ho@amd.com>
-the machine default CPU when we introduce a new machine type.
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
-The patch was written from scratch by me but the logic is similar to
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Zoltán Baldaszti's previous work, which I used as a reference (with
 permission from the author):
   https://github.com/bztsrc/qemu-raspi3
 Signed-off-by: Pekka Enberg <penberg@iki.fi>
 [PMM: fixed trailing whitespace on one line]
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/arm/raspi.c | 31 +++++++++++++++++++++----------
+ hw/nvram/xlnx-efuse.c | 11 +++++++++--
-file changed, 21 insertions(+), 10 deletions(-)
+file changed, 9 insertions(+), 2 deletions(-)
-diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
+diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/raspi.c
+--- a/hw/nvram/xlnx-efuse.c
-+++ b/hw/arm/raspi.c
++++ b/hw/nvram/xlnx-efuse.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k)
-  * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft
-  * Written by Andrew Baumann
+ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
-  *
+ {
-+ * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
++    uint32_t set, *row;
-+ * Upstream code cleanup (c) 2018 Pekka Enberg
++
-+ *
+     if (efuse_ro_bits_find(s, bit)) {
-  * This code is licensed under the GNU GPLv2 and later.
+         g_autofree char *path = object_get_canonical_path(OBJECT(s));
-  */
+@@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
-@@ -XXX,XX +XXX,XX @@
+         return false;
- #define SMPBOOT_ADDR    0x300 /* this should leave enough space for ATAGS */
+     }
- #define MVBAR_ADDR      0x400 /* secure vectors */
- #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
+-    s->fuse32[bit / 32] |= 1 << (bit % 32);
--#define FIRMWARE_ADDR   0x8000 /* Pi loads kernel.img here by default */
+-    efuse_bdrv_sync(s, bit);
-+#define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */
++    /* Avoid back-end write unless there is a real update */
-+#define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */
++    row = &s->fuse32[bit / 32];
++    set = 1 << (bit % 32);
- /* Table of Linux board IDs for different Pi versions */
++    if (!(set & *row)) {
--static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43};
++        *row |= set;
-+static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
++        efuse_bdrv_sync(s, bit);
++    }
- typedef struct RasPiState {
+     return true;
      BCM2836State soc;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
      binfo.secure_board_setup = true;
      binfo.secure_boot = true;
 -    /* Pi2 requires SMP setup */
 -    if (version == 2) {
 +    /* Pi2 and Pi3 requires SMP setup */
 +    if (version >= 2) {
          binfo.smp_loader_start = SMPBOOT_ADDR;
          binfo.write_secondary_boot = write_smpboot;
          binfo.secondary_cpu_reset_hook = reset_secondary;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
       * the normal Linux boot process
       */
      if (machine->firmware) {
 +        hwaddr firmware_addr = version == 3 ? FIRMWARE_ADDR_3 : FIRMWARE_ADDR_2;
          /* load the firmware image (typically kernel.img) */
 -        r = load_image_targphys(machine->firmware, FIRMWARE_ADDR,
 -                                ram_size - FIRMWARE_ADDR);
 +        r = load_image_targphys(machine->firmware, firmware_addr,
 +                                ram_size - firmware_addr);
          if (r < 0) {
              error_report("Failed to load firmware from %s", machine->firmware);
              exit(1);
          }
 -        binfo.entry = FIRMWARE_ADDR;
 +        binfo.entry = firmware_addr;
          binfo.firmware_loaded = true;
      } else {
          binfo.kernel_filename = machine->kernel_filename;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
      arm_load_kernel(ARM_CPU(first_cpu), &binfo);
  }
--static void raspi2_init(MachineState *machine)
-+static void raspi_init(MachineState *machine, int version)
- {
-     RasPiState *s = g_new0(RasPiState, 1);
-     uint32_t vcram_size;
-@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
-                             &error_abort);
-     object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
-                             &error_abort);
--    object_property_set_int(OBJECT(&s->soc), 0xa21041, "board-rev",
-+    int board_rev = version == 3 ? 0xa02082 : 0xa21041;
-+    object_property_set_int(OBJECT(&s->soc), board_rev, "board-rev",
-                             &error_abort);
-     object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort);
-@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
-     vcram_size = object_property_get_uint(OBJECT(&s->soc), "vcram-size",
-                                           &error_abort);
--    setup_boot(machine, 2, machine->ram_size - vcram_size);
-+    setup_boot(machine, version, machine->ram_size - vcram_size);
-+}
-+
-+static void raspi2_init(MachineState *machine)
-+{
-+    raspi_init(machine, 2);
- }
- static void raspi2_machine_init(MachineClass *mc)
 --
-.16.1
+.34.1

-[Qemu-devel] [PULL 06/21] target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180211205848.4568-2-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
- static const ARMCPRegInfo zcr_el1_reginfo = {
-     .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
-     .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
--    .access = PL1_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
-+    .access = PL1_RW, .accessfn = zcr_access,
-     .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
-     .writefn = zcr_write, .raw_writefn = raw_write
- };
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {
- static const ARMCPRegInfo zcr_el2_reginfo = {
-     .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
-     .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
--    .access = PL2_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
-+    .access = PL2_RW, .accessfn = zcr_access,
-     .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
-     .writefn = zcr_write, .raw_writefn = raw_write
- };
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {
- static const ARMCPRegInfo zcr_no_el2_reginfo = {
-     .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
-     .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
--    .access = PL2_RW, .type = ARM_CP_64BIT,
-+    .access = PL2_RW,
-     .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
- };
- static const ARMCPRegInfo zcr_el3_reginfo = {
-     .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
-     .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
--    .access = PL3_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
-+    .access = PL3_RW, .accessfn = zcr_access,
-     .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
-     .writefn = zcr_write, .raw_writefn = raw_write
- };
---
-.16.1

-[Qemu-devel] [PULL 07/21] target/arm: Enforce FP access to FPCR/FPSR
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180211205848.4568-3-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h           | 35 ++++++++++++++++++-----------------
- target/arm/helper.c        |  6 ++++--
- target/arm/translate-a64.c |  3 +++
-files changed, 25 insertions(+), 19 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
- }
- /* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
-- * special-behaviour cp reg and bits [15..8] indicate what behaviour
-+ * special-behaviour cp reg and bits [11..8] indicate what behaviour
-  * it has. Otherwise it is a simple cp reg, where CONST indicates that
-  * TCG can assume the value to be constant (ie load at translate time)
-  * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
-  * need to be surrounded by gen_io_start()/gen_io_end(). In particular,
-  * registers which implement clocks or timers require this.
-  */
--#define ARM_CP_SPECIAL 1
--#define ARM_CP_CONST 2
--#define ARM_CP_64BIT 4
--#define ARM_CP_SUPPRESS_TB_END 8
--#define ARM_CP_OVERRIDE 16
--#define ARM_CP_ALIAS 32
--#define ARM_CP_IO 64
--#define ARM_CP_NO_RAW 128
--#define ARM_CP_NOP (ARM_CP_SPECIAL | (1 << 8))
--#define ARM_CP_WFI (ARM_CP_SPECIAL | (2 << 8))
--#define ARM_CP_NZCV (ARM_CP_SPECIAL | (3 << 8))
--#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4 << 8))
--#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | (5 << 8))
--#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
-+#define ARM_CP_SPECIAL           0x0001
-+#define ARM_CP_CONST             0x0002
-+#define ARM_CP_64BIT             0x0004
-+#define ARM_CP_SUPPRESS_TB_END   0x0008
-+#define ARM_CP_OVERRIDE          0x0010
-+#define ARM_CP_ALIAS             0x0020
-+#define ARM_CP_IO                0x0040
-+#define ARM_CP_NO_RAW            0x0080
-+#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
-+#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
-+#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
-+#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
-+#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
-+#define ARM_LAST_SPECIAL         ARM_CP_DC_ZVA
-+#define ARM_CP_FPU               0x1000
- /* Used only as a terminator for ARMCPRegInfo lists */
--#define ARM_CP_SENTINEL 0xffff
-+#define ARM_CP_SENTINEL          0xffff
- /* Mask of only the flag bits in a type field */
--#define ARM_CP_FLAG_MASK 0xff
-+#define ARM_CP_FLAG_MASK         0x10ff
- /* Valid values for ARMCPRegInfo state field, indicating which of
-  * the AArch32 and AArch64 execution states this register is visible in.
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-       .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
-     { .name = "FPCR", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
--      .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
-+      .access = PL0_RW, .type = ARM_CP_FPU,
-+      .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
-     { .name = "FPSR", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
--      .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
-+      .access = PL0_RW, .type = ARM_CP_FPU,
-+      .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
-     { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
-       .access = PL0_R, .type = ARM_CP_NO_RAW,
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-     default:
-         break;
-     }
-+    if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
-+        return;
-+    }
-     if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-         gen_io_start();
---
-.16.1

-[Qemu-devel] [PULL 08/21] target/arm: Suppress TB end for FPCR/FPSR
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Nothing in either register affects the TB.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180211205848.4568-4-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-       .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
-     { .name = "FPCR", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
--      .access = PL0_RW, .type = ARM_CP_FPU,
-+      .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,
-       .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
-     { .name = "FPSR", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
--      .access = PL0_RW, .type = ARM_CP_FPU,
-+      .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,
-       .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
-     { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
-       .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
---
-.16.1

-[Qemu-devel] [PULL 11/21] hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
+Deleted patch
-Instead of hardcoding the values of M profile ID registers in the
-NVIC, use the fields in the CPU struct. This will allow us to
-give different M profile CPU types different ID register values.
-This commit includes the addition of the missing ID_ISAR5,
-which exists as RES0 in both v7M and v8M.
-(The values of the ID registers might be wrong for the M4 --
-this commit leaves the behaviour there unchanged.)
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-2-peter.maydell@linaro.org
----
- hw/intc/armv7m_nvic.c | 30 ++++++++++++++++--------------
- target/arm/cpu.c      | 28 ++++++++++++++++++++++++++++
-files changed, 44 insertions(+), 14 deletions(-)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
-                       "Aux Fault status registers unimplemented\n");
-         return 0;
-     case 0xd40: /* PFR0.  */
--        return 0x00000030;
--    case 0xd44: /* PRF1.  */
--        return 0x00000200;
-+        return cpu->id_pfr0;
-+    case 0xd44: /* PFR1.  */
-+        return cpu->id_pfr1;
-     case 0xd48: /* DFR0.  */
--        return 0x00100000;
-+        return cpu->id_dfr0;
-     case 0xd4c: /* AFR0.  */
--        return 0x00000000;
-+        return cpu->id_afr0;
-     case 0xd50: /* MMFR0.  */
--        return 0x00000030;
-+        return cpu->id_mmfr0;
-     case 0xd54: /* MMFR1.  */
--        return 0x00000000;
-+        return cpu->id_mmfr1;
-     case 0xd58: /* MMFR2.  */
--        return 0x00000000;
-+        return cpu->id_mmfr2;
-     case 0xd5c: /* MMFR3.  */
--        return 0x00000000;
-+        return cpu->id_mmfr3;
-     case 0xd60: /* ISAR0.  */
--        return 0x01141110;
-+        return cpu->id_isar0;
-     case 0xd64: /* ISAR1.  */
--        return 0x02111000;
-+        return cpu->id_isar1;
-     case 0xd68: /* ISAR2.  */
--        return 0x21112231;
-+        return cpu->id_isar2;
-     case 0xd6c: /* ISAR3.  */
--        return 0x01111110;
-+        return cpu->id_isar3;
-     case 0xd70: /* ISAR4.  */
--        return 0x01310102;
-+        return cpu->id_isar4;
-+    case 0xd74: /* ISAR5.  */
-+        return cpu->id_isar5;
-     /* TODO: Implement debug registers.  */
-     case 0xd90: /* MPU_TYPE */
-         /* Unified MPU; if the MPU is not present this value is zero */
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static void cortex_m3_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_M);
-     cpu->midr = 0x410fc231;
-     cpu->pmsav7_dregion = 8;
-+    cpu->id_pfr0 = 0x00000030;
-+    cpu->id_pfr1 = 0x00000200;
-+    cpu->id_dfr0 = 0x00100000;
-+    cpu->id_afr0 = 0x00000000;
-+    cpu->id_mmfr0 = 0x00000030;
-+    cpu->id_mmfr1 = 0x00000000;
-+    cpu->id_mmfr2 = 0x00000000;
-+    cpu->id_mmfr3 = 0x00000000;
-+    cpu->id_isar0 = 0x01141110;
-+    cpu->id_isar1 = 0x02111000;
-+    cpu->id_isar2 = 0x21112231;
-+    cpu->id_isar3 = 0x01111110;
-+    cpu->id_isar4 = 0x01310102;
-+    cpu->id_isar5 = 0x00000000;
- }
- static void cortex_m4_initfn(Object *obj)
-@@ -XXX,XX +XXX,XX @@ static void cortex_m4_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
-     cpu->midr = 0x410fc240; /* r0p0 */
-     cpu->pmsav7_dregion = 8;
-+    cpu->id_pfr0 = 0x00000030;
-+    cpu->id_pfr1 = 0x00000200;
-+    cpu->id_dfr0 = 0x00100000;
-+    cpu->id_afr0 = 0x00000000;
-+    cpu->id_mmfr0 = 0x00000030;
-+    cpu->id_mmfr1 = 0x00000000;
-+    cpu->id_mmfr2 = 0x00000000;
-+    cpu->id_mmfr3 = 0x00000000;
-+    cpu->id_isar0 = 0x01141110;
-+    cpu->id_isar1 = 0x02111000;
-+    cpu->id_isar2 = 0x21112231;
-+    cpu->id_isar3 = 0x01111110;
-+    cpu->id_isar4 = 0x01310102;
-+    cpu->id_isar5 = 0x00000000;
- }
- static void arm_v7m_class_init(ObjectClass *oc, void *data)
---
-.16.1

-[Qemu-devel] [PULL 13/21] hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
+Deleted patch
-For M profile cores, cache maintenance operations are done by
-writing to special registers in the system register space.
-For QEMU, cache operations are always NOPs, since we don't
-implement the cache. Implementing these explicitly avoids
-a spurious LOG_GUEST_ERROR when the guest uses them.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-4-peter.maydell@linaro.org
----
- hw/intc/armv7m_nvic.c | 12 ++++++++++++
-file changed, 12 insertions(+)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
-         }
-         break;
-     }
-+    case 0xf50: /* ICIALLU */
-+    case 0xf58: /* ICIMVAU */
-+    case 0xf5c: /* DCIMVAC */
-+    case 0xf60: /* DCISW */
-+    case 0xf64: /* DCCMVAU */
-+    case 0xf68: /* DCCMVAC */
-+    case 0xf6c: /* DCCSW */
-+    case 0xf70: /* DCCIMVAC */
-+    case 0xf74: /* DCCISW */
-+    case 0xf78: /* BPIALL */
-+        /* Cache and branch predictor maintenance: for QEMU these always NOP */
-+        break;
-     default:
-     bad_offset:
-         qemu_log_mask(LOG_GUEST_ERROR,
---
-.16.1

-[Qemu-devel] [PULL 14/21] hw/intc/armv7m_nvic: Implement v8M CPPWR register
+Deleted patch
-The Coprocessor Power Control Register (CPPWR) is new in v8M.
-It allows software to control whether coprocessors are allowed
-to power down and lose their state. QEMU doesn't have any
-notion of power control, so we choose the IMPDEF option of
-making the whole register RAZ/WI (indicating that no coprocessors
-can ever power down and lose state).
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-5-peter.maydell@linaro.org
----
- hw/intc/armv7m_nvic.c | 14 ++++++++++++++
-file changed, 14 insertions(+)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
-     switch (offset) {
-     case 4: /* Interrupt Control Type.  */
-         return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
-+    case 0xc: /* CPPWR */
-+        if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
-+            goto bad_offset;
-+        }
-+        /* We make the IMPDEF choice that nothing can ever go into a
-+         * non-retentive power state, which allows us to RAZ/WI this.
-+         */
-+        return 0;
-     case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
-     {
-         int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
-@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
-     ARMCPU *cpu = s->cpu;
-     switch (offset) {
-+    case 0xc: /* CPPWR */
-+        if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
-+            goto bad_offset;
-+        }
-+        /* Make the IMPDEF choice to RAZ/WI this. */
-+        break;
-     case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
-     {
-         int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
---
-.16.1

-[Qemu-devel] [PULL 15/21] hw/intc/armv7m_nvic: Implement cache ID registers
+Deleted patch
-M profile cores have a similar setup for cache ID registers
-to A profile:
- * Cache Level ID Register (CLIDR) is a fixed value
- * Cache Type Register (CTR) is a fixed value
- * Cache Size ID Registers (CCSIDR) are a bank of registers;
-   which one you see is selected by the Cache Size Selection
-   Register (CSSELR)
-The only difference is that they're in the NVIC memory mapped
-register space rather than being coprocessor registers.
-Implement the M profile view of them.
-Since neither Cortex-M3 nor Cortex-M4 implement caches,
-we don't need to update their init functions and can leave
-the ctr/clidr/ccsidr[] fields in their ARMCPU structs at zero.
-Newer cores (like the Cortex-M33) will want to be able to
-set these ID registers to non-zero values, though.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-6-peter.maydell@linaro.org
----
- target/arm/cpu.h      | 26 ++++++++++++++++++++++++++
- hw/intc/armv7m_nvic.c | 16 ++++++++++++++++
- target/arm/machine.c  | 36 ++++++++++++++++++++++++++++++++++++
-files changed, 78 insertions(+)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
-         uint32_t faultmask[M_REG_NUM_BANKS];
-         uint32_t aircr; /* only holds r/w state if security extn implemented */
-         uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
-+        uint32_t csselr[M_REG_NUM_BANKS];
-     } v7m;
-     /* Information associated with an exception about to be taken:
-@@ -XXX,XX +XXX,XX @@ FIELD(V7M_MPU_CTRL, ENABLE, 0, 1)
- FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1)
- FIELD(V7M_MPU_CTRL, PRIVDEFENA, 2, 1)
-+/* v7M CLIDR bits */
-+FIELD(V7M_CLIDR, CTYPE_ALL, 0, 21)
-+FIELD(V7M_CLIDR, LOUIS, 21, 3)
-+FIELD(V7M_CLIDR, LOC, 24, 3)
-+FIELD(V7M_CLIDR, LOUU, 27, 3)
-+FIELD(V7M_CLIDR, ICB, 30, 2)
-+
-+FIELD(V7M_CSSELR, IND, 0, 1)
-+FIELD(V7M_CSSELR, LEVEL, 1, 3)
-+/* We use the combination of InD and Level to index into cpu->ccsidr[];
-+ * define a mask for this and check that it doesn't permit running off
-+ * the end of the array.
-+ */
-+FIELD(V7M_CSSELR, INDEX, 0, 4)
-+
-+QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
-+
- /* If adding a feature bit which corresponds to a Linux ELF
-  * HWCAP bit, remember to update the feature-bit-to-hwcap
-  * mapping in linux-user/elfload.c:get_elf_hwcap().
-@@ -XXX,XX +XXX,XX @@ static inline int arm_debug_target_el(CPUARMState *env)
-     }
- }
-+static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
-+{
-+    /* If all the CLIDR.Ctypem bits are 0 there are no caches, and
-+     * CSSELR is RAZ/WI.
-+     */
-+    return (cpu->clidr & R_V7M_CLIDR_CTYPE_ALL_MASK) != 0;
-+}
-+
- static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
- {
-     if (arm_is_secure(env)) {
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
-         return cpu->id_isar4;
-     case 0xd74: /* ISAR5.  */
-         return cpu->id_isar5;
-+    case 0xd78: /* CLIDR */
-+        return cpu->clidr;
-+    case 0xd7c: /* CTR */
-+        return cpu->ctr;
-+    case 0xd80: /* CSSIDR */
-+    {
-+        int idx = cpu->env.v7m.csselr[attrs.secure] & R_V7M_CSSELR_INDEX_MASK;
-+        return cpu->ccsidr[idx];
-+    }
-+    case 0xd84: /* CSSELR */
-+        return cpu->env.v7m.csselr[attrs.secure];
-     /* TODO: Implement debug registers.  */
-     case 0xd90: /* MPU_TYPE */
-         /* Unified MPU; if the MPU is not present this value is zero */
-@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
-         qemu_log_mask(LOG_UNIMP,
-                       "NVIC: Aux fault status registers unimplemented\n");
-         break;
-+    case 0xd84: /* CSSELR */
-+        if (!arm_v7m_csselr_razwi(cpu)) {
-+            cpu->env.v7m.csselr[attrs.secure] = value & R_V7M_CSSELR_INDEX_MASK;
-+        }
-+        break;
-     case 0xd90: /* MPU_TYPE */
-         return; /* RO */
-     case 0xd94: /* MPU_CTRL */
-diff --git a/target/arm/machine.c b/target/arm/machine.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/machine.c
-+++ b/target/arm/machine.c
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_faultmask_primask = {
-     }
- };
-+/* CSSELR is in a subsection because we didn't implement it previously.
-+ * Migration from an old implementation will leave it at zero, which
-+ * is OK since the only CPUs in the old implementation make the
-+ * register RAZ/WI.
-+ * Since there was no version of QEMU which implemented the CSSELR for
-+ * just non-secure, we transfer both banks here rather than putting
-+ * the secure banked version in the m-security subsection.
-+ */
-+static bool csselr_vmstate_validate(void *opaque, int version_id)
-+{
-+    ARMCPU *cpu = opaque;
-+
-+    return cpu->env.v7m.csselr[M_REG_NS] <= R_V7M_CSSELR_INDEX_MASK
-+        && cpu->env.v7m.csselr[M_REG_S] <= R_V7M_CSSELR_INDEX_MASK;
-+}
-+
-+static bool m_csselr_needed(void *opaque)
-+{
-+    ARMCPU *cpu = opaque;
-+
-+    return !arm_v7m_csselr_razwi(cpu);
-+}
-+
-+static const VMStateDescription vmstate_m_csselr = {
-+    .name = "cpu/m/csselr",
-+    .version_id = 1,
-+    .minimum_version_id = 1,
-+    .needed = m_csselr_needed,
-+    .fields = (VMStateField[]) {
-+        VMSTATE_UINT32_ARRAY(env.v7m.csselr, ARMCPU, M_REG_NUM_BANKS),
-+        VMSTATE_VALIDATE("CSSELR is valid", csselr_vmstate_validate),
-+        VMSTATE_END_OF_LIST()
-+    }
-+};
-+
- static const VMStateDescription vmstate_m = {
-     .name = "cpu/m",
-     .version_id = 4,
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {
-     },
-     .subsections = (const VMStateDescription*[]) {
-         &vmstate_m_faultmask_primask,
-+        &vmstate_m_csselr,
-         NULL
-     }
- };
---
-.16.1

-[Qemu-devel] [PULL 16/21] hw/intc/armv7m_nvic: Implement SCR
+Deleted patch
-We were previously making the system control register (SCR)
-just RAZ/WI. Although we don't implement the functionality
-this register controls, we should at least provide the state,
-including the banked state for v8M.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-7-peter.maydell@linaro.org
----
- target/arm/cpu.h      |  7 +++++++
- hw/intc/armv7m_nvic.c | 12 ++++++++----
- target/arm/machine.c  | 12 ++++++++++++
-files changed, 27 insertions(+), 4 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
-         uint32_t aircr; /* only holds r/w state if security extn implemented */
-         uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
-         uint32_t csselr[M_REG_NUM_BANKS];
-+        uint32_t scr[M_REG_NUM_BANKS];
-     } v7m;
-     /* Information associated with an exception about to be taken:
-@@ -XXX,XX +XXX,XX @@ FIELD(V7M_CCR, STKALIGN, 9, 1)
- FIELD(V7M_CCR, DC, 16, 1)
- FIELD(V7M_CCR, IC, 17, 1)
-+/* V7M SCR bits */
-+FIELD(V7M_SCR, SLEEPONEXIT, 1, 1)
-+FIELD(V7M_SCR, SLEEPDEEP, 2, 1)
-+FIELD(V7M_SCR, SLEEPDEEPS, 3, 1)
-+FIELD(V7M_SCR, SEVONPEND, 4, 1)
-+
- /* V7M AIRCR bits */
- FIELD(V7M_AIRCR, VECTRESET, 0, 1)
- FIELD(V7M_AIRCR, VECTCLRACTIVE, 1, 1)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
-         }
-         return val;
-     case 0xd10: /* System Control.  */
--        /* TODO: Implement SLEEPONEXIT.  */
--        return 0;
-+        return cpu->env.v7m.scr[attrs.secure];
-     case 0xd14: /* Configuration Control.  */
-         /* The BFHFNMIGN bit is the only non-banked bit; we
-          * keep it in the non-secure copy of the register.
-@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
-         }
-         break;
-     case 0xd10: /* System Control.  */
--        /* TODO: Implement control registers.  */
--        qemu_log_mask(LOG_UNIMP, "NVIC: SCR unimplemented\n");
-+        /* We don't implement deep-sleep so these bits are RAZ/WI.
-+         * The other bits in the register are banked.
-+         * QEMU's implementation ignores SEVONPEND and SLEEPONEXIT, which
-+         * is architecturally permitted.
-+         */
-+        value &= ~(R_V7M_SCR_SLEEPDEEP_MASK | R_V7M_SCR_SLEEPDEEPS_MASK);
-+        cpu->env.v7m.scr[attrs.secure] = value;
-         break;
-     case 0xd14: /* Configuration Control.  */
-         /* Enforce RAZ/WI on reserved and must-RAZ/WI bits */
-diff --git a/target/arm/machine.c b/target/arm/machine.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/machine.c
-+++ b/target/arm/machine.c
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_csselr = {
-     }
- };
-+static const VMStateDescription vmstate_m_scr = {
-+    .name = "cpu/m/scr",
-+    .version_id = 1,
-+    .minimum_version_id = 1,
-+    .fields = (VMStateField[]) {
-+        VMSTATE_UINT32(env.v7m.scr[M_REG_NS], ARMCPU),
-+        VMSTATE_END_OF_LIST()
-+    }
-+};
-+
- static const VMStateDescription vmstate_m = {
-     .name = "cpu/m",
-     .version_id = 4,
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {
-     .subsections = (const VMStateDescription*[]) {
-         &vmstate_m_faultmask_primask,
-         &vmstate_m_csselr,
-+        &vmstate_m_scr,
-         NULL
-     }
- };
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = {
-         VMSTATE_UINT32(env.sau.rnr, ARMCPU),
-         VMSTATE_VALIDATE("SAU_RNR is valid", sau_rnr_vmstate_validate),
-         VMSTATE_UINT32(env.sau.ctrl, ARMCPU),
-+        VMSTATE_UINT32(env.v7m.scr[M_REG_S], ARMCPU),
-         VMSTATE_END_OF_LIST()
-     }
- };
---
-.16.1

-[Qemu-devel] [PULL 17/21] target/arm: Implement writing to CONTROL_NS for v8M
+Deleted patch
-In commit 50f11062d4c896 we added support for MSR/MRS access
-to the NS banked special registers, but we forgot to implement
-the support for writing to CONTROL_NS. Correct the omission.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-8-peter.maydell@linaro.org
----
- target/arm/helper.c | 10 ++++++++++
-file changed, 10 insertions(+)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
-             }
-             env->v7m.faultmask[M_REG_NS] = val & 1;
-             return;
-+        case 0x94: /* CONTROL_NS */
-+            if (!env->v7m.secure) {
-+                return;
-+            }
-+            write_v7m_control_spsel_for_secstate(env,
-+                                                 val & R_V7M_CONTROL_SPSEL_MASK,
-+                                                 M_REG_NS);
-+            env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK;
-+            env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK;
-+            return;
-         case 0x98: /* SP_NS */
-         {
-             /* This gives the non-secure SP selected based on whether we're
---
-.16.1

-[Qemu-devel] [PULL 18/21] hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
+Deleted patch
-In many of the NVIC registers relating to interrupts, we
-have to convert from a byte offset within a register set
-into the number of the first interrupt which is affected.
-We were getting this wrong for:
- * reads of NVIC_ISPR<n>, NVIC_ISER<n>, NVIC_ICPR<n>, NVIC_ICER<n>,
-   NVIC_IABR<n> -- in all these cases we were missing the "* 8"
-   needed to convert from the byte offset to the interrupt number
-   (since all these registers use one bit per interrupt)
- * writes of NVIC_IPR<n> had the opposite problem of a spurious
-   "* 8" (since these registers use one byte per interrupt)
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20180209165810.6668-9-peter.maydell@linaro.org
----
- hw/intc/armv7m_nvic.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
-         /* fall through */
-     case 0x180 ... 0x1bf: /* NVIC Clear enable */
-         val = 0;
--        startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */
-+        startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ; /* vector # */
-         for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
-             if (s->vectors[startvec + i].enabled &&
-@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
-         /* fall through */
-     case 0x280 ... 0x2bf: /* NVIC Clear pend */
-         val = 0;
--        startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */
-+        startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */
-         for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
-             if (s->vectors[startvec + i].pending &&
-                 (attrs.secure || s->itns[startvec + i])) {
-@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
-         break;
-     case 0x300 ... 0x33f: /* NVIC Active */
-         val = 0;
--        startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */
-+        startvec = 8 * (offset - 0x300) + NVIC_FIRST_IRQ; /* vector # */
-         for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
-             if (s->vectors[startvec + i].active &&
-@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
-     case 0x300 ... 0x33f: /* NVIC Active */
-         return MEMTX_OK; /* R/O */
-     case 0x400 ... 0x5ef: /* NVIC Priority */
--        startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
-+        startvec = (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
-         for (i = 0; i < size && startvec + i < s->num_irq; i++) {
-             if (attrs.secure || s->itns[startvec + i]) {
---
-.16.1

-[Qemu-devel] [PULL 19/21] target/arm: Add AIRCR to vmstate struct
+Deleted patch
-In commit commit 3b2e934463121 we added support for the AIRCR
-register holding state, but forgot to add it to the vmstate
-structs. Since it only holds r/w state if the security extension
-is implemented, we can just add it to vmstate_m_security.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20180209165810.6668-10-peter.maydell@linaro.org
----
- target/arm/machine.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/target/arm/machine.c b/target/arm/machine.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/machine.c
-+++ b/target/arm/machine.c
-@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = {
-         VMSTATE_VALIDATE("SAU_RNR is valid", sau_rnr_vmstate_validate),
-         VMSTATE_UINT32(env.sau.ctrl, ARMCPU),
-         VMSTATE_UINT32(env.v7m.scr[M_REG_S], ARMCPU),
-+        /* AIRCR is not secure-only, but our implementation is R/O if the
-+         * security extension is unimplemented, so we migrate it here.
-+         */
-+        VMSTATE_UINT32(env.v7m.aircr, ARMCPU),
-         VMSTATE_END_OF_LIST()
-     }
- };
---
-.16.1

target-arm queue: mostly just cleanup/minor stuff, but this does
include the raspi3 board model.

-- PMM

The following changes since commit 9f9c53368b219a9115eddb39f0ff5ad19c977134:

Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2018-02-15 10:14:11 +0000)

are available in the Git repository at:

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215

for you to fetch changes up to e545f0f9be1f9e60951017c1e6558216732cc14e:

target/arm: Implement v8M MSPLIM and PSPLIM registers (2018-02-15 13:48:11 +0000)

----------------------------------------------------------------
target-arm queue:
 * aspeed: code cleanup to use unimplemented_device
 * add 'raspi3' RaspberryPi 3 machine model
 * more SVE prep work
 * v8M: add minor missing registers
 * v7M: fix bug where we weren't migrating v7m.other_sp
 * v7M: fix bugs in handling of interrupt registers for
   external interrupts beyond 32

----------------------------------------------------------------
Pekka Enberg (3):
      bcm2836: Make CPU type configurable
      raspi: Raspberry Pi 3 support
      raspi: Add "raspi3" machine type

Peter Maydell (11):
      hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
      hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
      hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
      hw/intc/armv7m_nvic: Implement v8M CPPWR register
      hw/intc/armv7m_nvic: Implement cache ID registers
      hw/intc/armv7m_nvic: Implement SCR
      target/arm: Implement writing to CONTROL_NS for v8M
      hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
      target/arm: Add AIRCR to vmstate struct
      target/arm: Migrate v7m.other_sp
      target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):
      hw/arm/aspeed: directly map the serial device to the system address space
      hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):
      target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
      target/arm: Enforce FP access to FPCR/FPSR
      target/arm: Suppress TB end for FPCR/FPSR
      target/arm: Enforce access to ZCR_EL at translation
      target/arm: Handle SVE registers when using clear_vec_high

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

(qemu) info mtree
 address-space: cpu-memory-0
   0000000000000000-ffffffffffffffff (prio 0, i/o): system
     0000000000000000-0000000007ffffff (prio 0, rom): aspeed.boot_rom
     000000001e600000-000000001e7fffff (prio -1, i/o): aspeed_soc.io
-      000000001e784000-000000001e78401f (prio 0, i/o): serial
     000000001e620000-000000001e6200ff (prio 0, i/o): aspeed.smc.ast2500-fmc
     000000001e630000-000000001e6300ff (prio 0, i/o): aspeed.smc.ast2500-spi1
     [...]
     000000001e720000-000000001e728fff (prio 0, ram): aspeed.sram
     000000001e782000-000000001e782fff (prio 0, i/o): aspeed.timer
+    000000001e784000-000000001e78401f (prio 0, i/o): serial
     000000001e785000-000000001e78501f (prio 0, i/o): aspeed.wdt
     000000001e785020-000000001e78503f (prio 0, i/o): aspeed.wdt

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 20180209085755.30414-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/aspeed_soc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     /* UART - attach an 8250 to the IO space as our UART5 */
     if (serial_hds[0]) {
         qemu_irq uart5 = qdev_get_gpio_in(DEVICE(&s->vic), uart_irqs[4]);
-        serial_mm_init(&s->iomem, ASPEED_SOC_UART_5_BASE, 2,
+        serial_mm_init(get_system_memory(),
+                       ASPEED_SOC_IOMEM_BASE + ASPEED_SOC_UART_5_BASE, 2,
                        uart5, 38400, serial_hds[0], DEVICE_LITTLE_ENDIAN);
     }
 
-- 
2.16.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Message-id: 20180209085755.30414-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/aspeed_soc.h |  1 -
 hw/arm/aspeed_soc.c         | 32 +++-----------------------------
 2 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSoCState {
 
     /*< public >*/
     ARMCPU cpu;
-    MemoryRegion iomem;
     MemoryRegion sram;
     AspeedVICState vic;
     AspeedTimerCtrlState timerctrl;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "exec/address-spaces.h"
+#include "hw/misc/unimp.h"
 #include "hw/arm/aspeed_soc.h"
 #include "hw/char/serial.h"
 #include "qemu/log.h"
@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
     },
 };
 
-/*
- * IO handlers: simply catch any reads/writes to IO addresses that aren't
- * handled by a device mapping.
- */
-
-static uint64_t aspeed_soc_io_read(void *p, hwaddr offset, unsigned size)
-{
-    qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
-                  __func__, offset, size);
-    return 0;
-}
-
-static void aspeed_soc_io_write(void *opaque, hwaddr offset, uint64_t value,
-                unsigned size)
-{
-    qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64 " [%u]\n",
-                  __func__, offset, value, size);
-}
-
-static const MemoryRegionOps aspeed_soc_io_ops = {
-    .read = aspeed_soc_io_read,
-    .write = aspeed_soc_io_write,
-    .endianness = DEVICE_LITTLE_ENDIAN,
-};
-
 static void aspeed_soc_init(Object *obj)
 {
     AspeedSoCState *s = ASPEED_SOC(obj);
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
     Error *err = NULL, *local_err = NULL;
 
     /* IO space */
-    memory_region_init_io(&s->iomem, NULL, &aspeed_soc_io_ops, NULL,
-            "aspeed_soc.io", ASPEED_SOC_IOMEM_SIZE);
-    memory_region_add_subregion_overlap(get_system_memory(),
-                                        ASPEED_SOC_IOMEM_BASE, &s->iomem, -1);
+    create_unimplemented_device("aspeed_soc.io",
+                                ASPEED_SOC_IOMEM_BASE, ASPEED_SOC_IOMEM_SIZE);
 
     /* CPU */
     object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
-- 
2.16.1

From: Pekka Enberg <penberg@iki.fi>

This patch adds a "cpu-type" property to BCM2836 SoC in preparation for
reusing the code for the Raspberry Pi 3, which has a different processor
model.

Signed-off-by: Pekka Enberg <penberg@iki.fi>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/bcm2836.h |  1 +
 hw/arm/bcm2836.c         | 17 +++++++++--------
 hw/arm/raspi.c           |  3 +++
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -XXX,XX +XXX,XX @@ typedef struct BCM2836State {
     DeviceState parent_obj;
     /*< public >*/
 
+    char *cpu_type;
     uint32_t enabled_cpus;
 
     ARMCPU cpus[BCM2836_NCPUS];
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -XXX,XX +XXX,XX @@
 static void bcm2836_init(Object *obj)
 {
     BCM2836State *s = BCM2836(obj);
-    int n;
-
-    for (n = 0; n < BCM2836_NCPUS; n++) {
-        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
-                          "cortex-a15-" TYPE_ARM_CPU);
-        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
-                                  &error_abort);
-    }
 
     object_initialize(&s->control, sizeof(s->control), TYPE_BCM2836_CONTROL);
     object_property_add_child(obj, "control", OBJECT(&s->control), NULL);
@@ -XXX,XX +XXX,XX @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 
     /* common peripherals from bcm2835 */
 
+    obj = OBJECT(dev);
+    for (n = 0; n < BCM2836_NCPUS; n++) {
+        object_initialize(&s->cpus[n], sizeof(s->cpus[n]),
+                          s->cpu_type);
+        object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpus[n]),
+                                  &error_abort);
+    }
+
     obj = object_property_get_link(OBJECT(dev), "ram", &err);
     if (obj == NULL) {
         error_setg(errp, "%s: required ram link not found: %s",
@@ -XXX,XX +XXX,XX @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 }
 
 static Property bcm2836_props[] = {
+    DEFINE_PROP_STRING("cpu-type", BCM2836State, cpu_type),
     DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, BCM2836_NCPUS),
     DEFINE_PROP_END_OF_LIST()
 };
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
     /* Setup the SOC */
     object_property_add_const_link(OBJECT(&s->soc), "ram", OBJECT(&s->ram),
                                    &error_abort);
+    object_property_set_str(OBJECT(&s->soc), machine->cpu_type, "cpu-type",
+                            &error_abort);
     object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
                             &error_abort);
     object_property_set_int(OBJECT(&s->soc), 0xa21041, "board-rev",
@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)
     mc->no_parallel = 1;
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
+    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
     mc->max_cpus = BCM2836_NCPUS;
     mc->min_cpus = BCM2836_NCPUS;
     mc->default_cpus = BCM2836_NCPUS;
-- 
2.16.1

From: Pekka Enberg <penberg@iki.fi>

This patch adds Raspberry Pi 3 support to hw/arm/raspi.c. The
differences to Pi 2 are:

- Firmware address
 - Board ID
 - Board revision

The CPU is different too, but that's going to be configured as part of
the machine default CPU when we introduce a new machine type.

The patch was written from scratch by me but the logic is similar to
Zoltán Baldaszti's previous work, which I used as a reference (with
permission from the author):

https://github.com/bztsrc/qemu-raspi3

Signed-off-by: Pekka Enberg <penberg@iki.fi>
[PMM: fixed trailing whitespace on one line]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/raspi.c | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -XXX,XX +XXX,XX @@
  * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft
  * Written by Andrew Baumann
  *
+ * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
+ * Upstream code cleanup (c) 2018 Pekka Enberg
+ *
  * This code is licensed under the GNU GPLv2 and later.
  */
 
@@ -XXX,XX +XXX,XX @@
 #define SMPBOOT_ADDR    0x300 /* this should leave enough space for ATAGS */
 #define MVBAR_ADDR      0x400 /* secure vectors */
 #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
-#define FIRMWARE_ADDR   0x8000 /* Pi loads kernel.img here by default */
+#define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */
+#define FIRMWARE_ADDR_3 0x80000 /* Pi 3 loads kernel.img here by default */
 
 /* Table of Linux board IDs for different Pi versions */
-static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43};
+static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
 
 typedef struct RasPiState {
     BCM2836State soc;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
     binfo.secure_board_setup = true;
     binfo.secure_boot = true;
 
-    /* Pi2 requires SMP setup */
-    if (version == 2) {
+    /* Pi2 and Pi3 requires SMP setup */
+    if (version >= 2) {
         binfo.smp_loader_start = SMPBOOT_ADDR;
         binfo.write_secondary_boot = write_smpboot;
         binfo.secondary_cpu_reset_hook = reset_secondary;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
      * the normal Linux boot process
      */
     if (machine->firmware) {
+        hwaddr firmware_addr = version == 3 ? FIRMWARE_ADDR_3 : FIRMWARE_ADDR_2;
         /* load the firmware image (typically kernel.img) */
-        r = load_image_targphys(machine->firmware, FIRMWARE_ADDR,
-                                ram_size - FIRMWARE_ADDR);
+        r = load_image_targphys(machine->firmware, firmware_addr,
+                                ram_size - firmware_addr);
         if (r < 0) {
             error_report("Failed to load firmware from %s", machine->firmware);
             exit(1);
         }
 
-        binfo.entry = FIRMWARE_ADDR;
+        binfo.entry = firmware_addr;
         binfo.firmware_loaded = true;
     } else {
         binfo.kernel_filename = machine->kernel_filename;
@@ -XXX,XX +XXX,XX @@ static void setup_boot(MachineState *machine, int version, size_t ram_size)
     arm_load_kernel(ARM_CPU(first_cpu), &binfo);
 }
 
-static void raspi2_init(MachineState *machine)
+static void raspi_init(MachineState *machine, int version)
 {
     RasPiState *s = g_new0(RasPiState, 1);
     uint32_t vcram_size;
@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
                             &error_abort);
     object_property_set_int(OBJECT(&s->soc), smp_cpus, "enabled-cpus",
                             &error_abort);
-    object_property_set_int(OBJECT(&s->soc), 0xa21041, "board-rev",
+    int board_rev = version == 3 ? 0xa02082 : 0xa21041;
+    object_property_set_int(OBJECT(&s->soc), board_rev, "board-rev",
                             &error_abort);
     object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_abort);
 
@@ -XXX,XX +XXX,XX @@ static void raspi2_init(MachineState *machine)
 
     vcram_size = object_property_get_uint(OBJECT(&s->soc), "vcram-size",
                                           &error_abort);
-    setup_boot(machine, 2, machine->ram_size - vcram_size);
+    setup_boot(machine, version, machine->ram_size - vcram_size);
+}
+
+static void raspi2_init(MachineState *machine)
+{
+    raspi_init(machine, 2);
 }
 
 static void raspi2_machine_init(MachineClass *mc)
-- 
2.16.1

From: Pekka Enberg <penberg@iki.fi>

This patch adds a "raspi3" machine type, which can now be selected as
the machine to run on by users via the "-M" command line option to QEMU.

The machine type does *not* ignore memory transaction failures so we
likely need to add some dummy devices later when people run something
more complicated than what I'm using for testing.

Signed-off-by: Pekka Enberg <penberg@iki.fi>
[PMM: added #ifdef TARGET_AARCH64 so we don't provide the 64-bit
 board in the 32-bit only arm-softmmu build.]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/raspi.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)
     mc->ignore_memory_transaction_failures = true;
 };
 DEFINE_MACHINE("raspi2", raspi2_machine_init)
+
+#ifdef TARGET_AARCH64
+static void raspi3_init(MachineState *machine)
+{
+    raspi_init(machine, 3);
+}
+
+static void raspi3_machine_init(MachineClass *mc)
+{
+    mc->desc = "Raspberry Pi 3";
+    mc->init = raspi3_init;
+    mc->block_default_type = IF_SD;
+    mc->no_parallel = 1;
+    mc->no_floppy = 1;
+    mc->no_cdrom = 1;
+    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
+    mc->max_cpus = BCM2836_NCPUS;
+    mc->min_cpus = BCM2836_NCPUS;
+    mc->default_cpus = BCM2836_NCPUS;
+    mc->default_ram_size = 1024 * 1024 * 1024;
+}
+DEFINE_MACHINE("raspi3", raspi3_machine_init)
+#endif
-- 
2.16.1