Hi; this target-arm pull request has a collection of generally

fairly minor bugs to sneak in before 3.0 rc0 tomorrow...

The following changes since commit a98ff0ec2ba3538dd766b349518ee18d03942ed8:

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180709' into staging (2018-07-09 11:00:45 +0100)

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180709

for you to fetch changes up to 8fad0a65582c0a6e324580f45516461e9b6aa439:

hw/net/dp8393x: don't make prom region 'nomigrate' (2018-07-09 14:51:35 +0100)

* hw/net/dp8393x: don't make prom region 'nomigrate'

* boards.h: Remove doc comment reference to nonexistent function

* hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'

* target/arm: Fix do_predset for large VL

* tcg: Restrict check_size_impl to multiples of the line size

* target/arm: Suppress Coverity warning for PRF

* hw/timer/cmsdk-apb-timer: fix minor corner-case bugs and

suppress spurious warnings when running Linux's timer driver

* hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr

Eric Auger (1):

hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mr

Guenter Roeck (1):

hw/timer/cmsdk-apb-timer: Correctly identify and set one-shot mode

Peter Maydell (5):

ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option

hw/timer/cmsdk-apb-timer: Correct ptimer policy settings

hw/timer/cmsdk-apb-timer: run or stop timer on writes to RELOAD and VALUE

boards.h: Remove doc comment reference to nonexistent function

hw/net/dp8393x: don't make prom region 'nomigrate'

Philippe Mathieu-Daudé (1):

hw/sd/omap_mmc: Split 'pseudo-reset' from 'power-on-reset'

Use MAKE_64BIT_MASK instead of open-coding. Remove an odd

vector size check that is unlikely to be more profitable

than 3 64-bit integer stores. Correct the iteration for WORD

to avoid writing too much data.

Fixes RISU tests of PTRUE for VL 256.

Message-id: 20180705191929.30773-3-richard.henderson@linaro.org

target/arm/translate-sve.c | 10 ++--------

1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c

--- a/target/arm/translate-sve.c

+++ b/target/arm/translate-sve.c

@@ -XXX,XX +XXX,XX @@ static bool do_predset(DisasContext *s, int esz, int rd, int pat, bool setflag)

setsz = numelem << esz;

lastword = word = pred_esz_masks[esz];

if (setsz % 64) {

- lastword &= ~(-1ull << (setsz % 64));

+ lastword &= MAKE_64BIT_MASK(0, setsz % 64);

}

}

@@ -XXX,XX +XXX,XX @@ static bool do_predset(DisasContext *s, int esz, int rd, int pat, bool setflag)

tcg_gen_gvec_dup64i(ofs, oprsz, maxsz, word);

goto done;

}

- if (oprsz * 8 == setsz + 8) {

- tcg_gen_gvec_dup64i(ofs, oprsz, maxsz, word);

- tcg_gen_movi_i64(t, 0);

- tcg_gen_st_i64(t, cpu_env, ofs + oprsz - 8);

- goto done;

- }

}

setsz /= 8;

fullsz /= 8;

tcg_gen_movi_i64(t, word);

- for (i = 0; i < setsz; i += 8) {

+ for (i = 0; i < QEMU_ALIGN_DOWN(setsz, 8); i += 8) {

tcg_gen_st_i64(t, cpu_env, ofs + i);

}

if (lastword != word) {

2.17.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

DeviceClass::reset models a "cold power-on" reset which can

also be used to powercycle a device; but there is no "hot reset"

(a.k.a. soft-reset) method available.

The OMAP MMC Power-Up Control bit is not designed to powercycle

a card, but to disable it without powering it off (pseudo-reset):

Multimedia Card (MMC/SD/SDIO) Interface [SPRU765A]

MMC_CON[11] Power-Up Control (POW)

This bit must be set to 1 before any valid transaction to either

MMC/SD or SPI memory cards.

When 1, the card is considered powered-up and the controller core

is enabled.

When 0, the card is considered powered-down (system dependent),

and the controller core logic is in pseudo-reset state. This is,

the MMC_STAT flags and the FIFO pointers are reset, any access to

MMC_DATA[DATA] has no effect, a write into the MMC.CMD register

is ignored, and a setting of MMC_SPI[STR] to 1 is ignored.

By splitting the 'pseudo-reset' code out of the 'power-on' reset

function, this patch fixes a latent bug in omap_mmc_write(MMC_CON)i

recently exposed by ecd219f7abb.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20180706162155.8432-2-f4bug@amsat.org

hw/sd/omap_mmc.c | 14 +++++++++++---

1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c

--- a/hw/sd/omap_mmc.c

+++ b/hw/sd/omap_mmc.c

@@ -XXX,XX +XXX,XX @@

/*

* OMAP on-chip MMC/SD host emulation.

*

+ * Datasheet: TI Multimedia Card (MMC/SD/SDIO) Interface (SPRU765A)

+ *

* Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>

*

* This program is free software; you can redistribute it and/or

@@ -XXX,XX +XXX,XX @@ static void omap_mmc_update(void *opaque)

omap_mmc_interrupts_update(s);

+static void omap_mmc_pseudo_reset(struct omap_mmc_s *host)

+ host->status = 0;

+ host->fifo_len = 0;

void omap_mmc_reset(struct omap_mmc_s *host)

host->last_cmd = 0;

@@ -XXX,XX +XXX,XX @@ void omap_mmc_reset(struct omap_mmc_s *host)

host->dw = 0;

host->mode = 0;

host->enable = 0;

- host->status = 0;

host->mask = 0;

host->cto = 0;

host->dto = 0;

- host->fifo_len = 0;

host->blen = 0;

host->blen_counter = 0;

host->nblk = 0;

@@ -XXX,XX +XXX,XX @@ void omap_mmc_reset(struct omap_mmc_s *host)

qemu_set_irq(host->coverswitch, host->cdet_state);

host->clkdiv = 0;

+ omap_mmc_pseudo_reset(host);

+

/* Since we're still using the legacy SD API the card is not plugged

* into any bus, and we must reset it manually. When omap_mmc is

* QOMified this must move into the QOM reset function.

@@ -XXX,XX +XXX,XX @@ static void omap_mmc_write(void *opaque, hwaddr offset,

if (s->dw != 0 && s->lines < 4)

printf("4-bit SD bus enabled\n");

if (!s->enable)

- omap_mmc_reset(s);

+ omap_mmc_pseudo_reset(s);

break;

case 0x10:    /* MMC_STAT */

2.17.1

From: Eric Auger <eric.auger@redhat.com>

smmu_iommu_mr() aims at returning the IOMMUMemoryRegion corresponding

to a given sid. The function extracts both the PCIe bus number and

the devfn to return this data. Current computation of devfn is wrong

as it only returns the PCIe function instead of slot | function.

Fixes 32cfd7f39e08 ("hw/arm/smmuv3: Cache/invalidate config data")

Signed-off-by: Eric Auger <eric.auger@redhat.com>

Message-id: 1530775623-32399-1-git-send-email-eric.auger@redhat.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

include/hw/arm/smmu-common.h | 1 +

hw/arm/smmu-common.c | 2 +-

2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h

--- a/include/hw/arm/smmu-common.h

+++ b/include/hw/arm/smmu-common.h

#define SMMU_PCI_BUS_MAX 256

#define SMMU_PCI_DEVFN_MAX 256

+#define SMMU_PCI_DEVFN(sid) (sid & 0xFF)

#define SMMU_MAX_VA_BITS 48

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmu-common.c

+++ b/hw/arm/smmu-common.c

@@ -XXX,XX +XXX,XX @@ IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid)

bus_n = PCI_BUS_NUM(sid);

smmu_bus = smmu_find_smmu_pcibus(s, bus_n);

if (smmu_bus) {

- devfn = sid & 0x7;

+ devfn = SMMU_PCI_DEVFN(sid);

smmu = smmu_bus->pbdev[devfn];

if (smmu) {

return &smmu->iommu;

2.17.1

The CMSDK timer behaviour is that an interrupt is triggered when the

counter counts down from 1 to 0; however one is not triggered if the

counter is manually set to 0 by a guest write to the counter register.

Currently ptimer can't handle this; add a policy option to allow

a ptimer user to request this behaviour.

include/hw/ptimer.h | 9 +++++++++

hw/core/ptimer.c | 22 +++++++++++++++++++++-

tests/ptimer-test.c | 25 +++++++++++++++++++------

3 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/include/hw/ptimer.h b/include/hw/ptimer.h

--- a/include/hw/ptimer.h

+++ b/include/hw/ptimer.h

@@ -XXX,XX +XXX,XX @@

* not the one less. */

#define PTIMER_POLICY_NO_COUNTER_ROUND_DOWN (1 << 4)

+/*

+ * Starting to run with a zero counter, or setting the counter to "0" via

+ * ptimer_set_count() or ptimer_set_limit() will not trigger the timer

+ * (though it will cause a reload). Only a counter decrement to "0"

+ * will cause a trigger. Not compatible with NO_IMMEDIATE_TRIGGER;

+ * ptimer_init() will assert() that you don't set both.

+ */

+#define PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT (1 << 5)

+

/* ptimer.c */

typedef struct ptimer_state ptimer_state;

typedef void (*ptimer_cb)(void *opaque);

diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/core/ptimer.c

+++ b/hw/core/ptimer.c

@@ -XXX,XX +XXX,XX @@ static void ptimer_reload(ptimer_state *s, int delta_adjust)

uint32_t period_frac = s->period_frac;

uint64_t period = s->period;

uint64_t delta = s->delta;

+ bool suppress_trigger = false;

- if (delta == 0 && !(s->policy_mask & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)) {

+ /*

+ * Note that if delta_adjust is 0 then we must be here because of

+ * a count register write or timer start, not because of timer expiry.

+ * In that case the policy might require us to suppress the timer trigger

+ * that we would otherwise generate for a zero delta.

+ */

+ if (delta_adjust == 0 &&

+ (s->policy_mask & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT)) {

+ suppress_trigger = true;

+ }

+ if (delta == 0 && !(s->policy_mask & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)

+ && !suppress_trigger) {

ptimer_trigger(s);

}

@@ -XXX,XX +XXX,XX @@ ptimer_state *ptimer_init(QEMUBH *bh, uint8_t policy_mask)

s->bh = bh;

s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ptimer_tick, s);

s->policy_mask = policy_mask;

+

+ /*

+ * These two policies are incompatible -- trigger-on-decrement implies

+ * a timer trigger when the count becomes 0, but no-immediate-trigger

+ * implies a trigger when the count stops being 0.

+ */

+ assert(!((policy_mask & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT) &&

+ (policy_mask & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)));

return s;

}

diff --git a/tests/ptimer-test.c b/tests/ptimer-test.c

index XXXXXXX..XXXXXXX 100644

--- a/tests/ptimer-test.c

+++ b/tests/ptimer-test.c

@@ -XXX,XX +XXX,XX @@ static void check_periodic(gconstpointer arg)

bool no_immediate_trigger = (*policy & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER);

bool no_immediate_reload = (*policy & PTIMER_POLICY_NO_IMMEDIATE_RELOAD);

bool no_round_down = (*policy & PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);

+ bool trig_only_on_dec = (*policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT);

triggered = false;

@@ -XXX,XX +XXX,XX @@ static void check_periodic(gconstpointer arg)

g_assert_cmpuint(ptimer_get_count(ptimer), ==,

no_immediate_reload ? 0 : 10);

- if (no_immediate_trigger) {

+ if (no_immediate_trigger || trig_only_on_dec) {

g_assert_false(triggered);

} else {

g_assert_true(triggered);

@@ -XXX,XX +XXX,XX @@ static void check_run_with_delta_0(gconstpointer arg)

bool no_immediate_trigger = (*policy & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER);

bool no_immediate_reload = (*policy & PTIMER_POLICY_NO_IMMEDIATE_RELOAD);

bool no_round_down = (*policy & PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);

+ bool trig_only_on_dec = (*policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT);

triggered = false;

@@ -XXX,XX +XXX,XX @@ static void check_run_with_delta_0(gconstpointer arg)

g_assert_cmpuint(ptimer_get_count(ptimer), ==,

no_immediate_reload ? 0 : 99);

- if (no_immediate_trigger) {

+ if (no_immediate_trigger || trig_only_on_dec) {

g_assert_false(triggered);

} else {

g_assert_true(triggered);

@@ -XXX,XX +XXX,XX @@ static void check_run_with_delta_0(gconstpointer arg)

g_assert_cmpuint(ptimer_get_count(ptimer), ==,

no_immediate_reload ? 0 : 99);

- if (no_immediate_trigger) {

+ if (no_immediate_trigger || trig_only_on_dec) {

g_assert_false(triggered);

} else {

g_assert_true(triggered);

@@ -XXX,XX +XXX,XX @@ static void check_periodic_with_load_0(gconstpointer arg)

ptimer_state *ptimer = ptimer_init(bh, *policy);

bool continuous_trigger = (*policy & PTIMER_POLICY_CONTINUOUS_TRIGGER);

bool no_immediate_trigger = (*policy & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER);

+ bool trig_only_on_dec = (*policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT);

triggered = false;

@@ -XXX,XX +XXX,XX @@ static void check_periodic_with_load_0(gconstpointer arg)

g_assert_cmpuint(ptimer_get_count(ptimer), ==, 0);

- if (no_immediate_trigger) {

+ if (no_immediate_trigger || trig_only_on_dec) {

g_assert_false(triggered);

} else {

g_assert_true(triggered);

@@ -XXX,XX +XXX,XX @@ static void check_oneshot_with_load_0(gconstpointer arg)

QEMUBH *bh = qemu_bh_new(ptimer_trigger, NULL);

ptimer_state *ptimer = ptimer_init(bh, *policy);

bool no_immediate_trigger = (*policy & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER);

+ bool trig_only_on_dec = (*policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT);

triggered = false;

@@ -XXX,XX +XXX,XX @@ static void check_oneshot_with_load_0(gconstpointer arg)

g_assert_cmpuint(ptimer_get_count(ptimer), ==, 0);

- if (no_immediate_trigger) {

+ if (no_immediate_trigger || trig_only_on_dec) {

g_assert_false(triggered);

} else {

g_assert_true(triggered);

@@ -XXX,XX +XXX,XX @@ static void add_ptimer_tests(uint8_t policy)

g_strlcat(policy_name, "no_counter_rounddown,", 256);

}

+ if (policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT) {

+ g_strlcat(policy_name, "trigger_only_on_decrement,", 256);

g_test_add_data_func_full(

tmp = g_strdup_printf("/ptimer/set_count policy=%s", policy_name),

g_memdup(&policy, 1), check_set_count, g_free);

@@ -XXX,XX +XXX,XX @@ static void add_ptimer_tests(uint8_t policy)

static void add_all_ptimer_policies_comb_tests(void)

{

- int last_policy = PTIMER_POLICY_NO_COUNTER_ROUND_DOWN;

+ int last_policy = PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT;

int policy = PTIMER_POLICY_DEFAULT;

for (; policy < (last_policy << 1); policy++) {

+ if ((policy & PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT) &&

+ (policy & PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)) {

+ /* Incompatible policy flag settings -- don't try to test them */

+ continue;

+ }

add_ptimer_tests(policy);

}

}

2.17.1

From: Richard Henderson <richard.henderson@linaro.org>

Normally this is automatic in the size restrictions that are placed

on vector sizes coming from the implementation. However, for the

legitimate size tuple [oprsz=8, maxsz=32], we need to clear the final

24 bytes of the vector register. Without this check, do_dup selects

TCG_TYPE_V128 and clears only 16 bytes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

Tested-by: Alex Bennée <alex.bennee@linaro.org>

Message-id: 20180705191929.30773-2-richard.henderson@linaro.org

tcg/tcg-op-gvec.c | 7 +++++--

1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c

--- a/tcg/tcg-op-gvec.c

+++ b/tcg/tcg-op-gvec.c

@@ -XXX,XX +XXX,XX @@ void tcg_gen_gvec_4_ptr(uint32_t dofs, uint32_t aofs, uint32_t bofs,

in units of LNSZ. This limits the expansion of inline code. */

static inline bool check_size_impl(uint32_t oprsz, uint32_t lnsz)

{

- uint32_t lnct = oprsz / lnsz;

- return lnct >= 1 && lnct <= MAX_UNROLL;

+ if (oprsz % lnsz == 0) {

+ uint32_t lnct = oprsz / lnsz;

+ return lnct >= 1 && lnct <= MAX_UNROLL;

+ }

+ return false;

}

static void expand_clr(uint32_t dofs, uint32_t maxsz);

2.17.1

From: Richard Henderson <richard.henderson@linaro.org>

These instructions must perform the sve_access_check, but

since they are implemented as NOPs there is no generated

code to elide when the access check fails.

Fixes: Coverity issues 1393780 & 1393779.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate-sve.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c

--- a/target/arm/translate-sve.c

+++ b/target/arm/translate-sve.c

@@ -XXX,XX +XXX,XX @@ static bool trans_ST1_zpiz(DisasContext *s, arg_ST1_zpiz *a, uint32_t insn)

static bool trans_PRF(DisasContext *s, arg_PRF *a, uint32_t insn)

/* Prefetch is a nop within QEMU. */

- sve_access_check(s);

+ (void)sve_access_check(s);

return true;

}

@@ -XXX,XX +XXX,XX @@ static bool trans_PRF_rr(DisasContext *s, arg_PRF_rr *a, uint32_t insn)

return false;

}

/* Prefetch is a nop within QEMU. */

- sve_access_check(s);

+ (void)sve_access_check(s);

return true;

}

2.17.1