Series comparison

-[Qemu-devel] [PULL 00/17] target-arm queue
+[Qemu-devel] [PULL 00/22] target-arm queue
-v2: dropped a couple of cadence_gem changes to ID regs that
+target-arm queue for softfreeze:
-caused new clang sanitizer warnings.
+This has all the big stuff I want to get in for softfreeze;
 there may be one or two smaller patches I pick up later in
 the week.
+thanks
 -- PMM
-The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:
+The following changes since commit 0984a157c1c053394adbf64ed7de97f1aebe6a2d:
-  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)
+  Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2019-03-05 09:33:20 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190305
-for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:
+for you to fetch changes up to 566528f823d1a2e9eb2d7b2ed839547cb31bfc34:
-  coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)
+  hw/arm/stellaris: Implement watchdog timer (2019-03-05 15:55:09 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
+ * Fix PC test for LDM (exception return)
- * target/arm: Fix aarch64_sve_change_el wrt EL0
+ * Implement ARMv8.0-SB
- * target/arm: Define fields of ISAR registers
+ * Implement ARMv8.0-PredInv
- * target/arm: Align cortex-r5 id_isar0
+ * Implement ARMv8.4-CondM
- * target/arm: Fix cortex-a7 id_isar0
+ * Implement ARMv8.5-CondM
- * net/cadence_gem: Fix various bugs, add support for new
+ * Implement ARMv8.5-FRINT
-   features that will be used by the Xilinx Versal board
+ * hw/arm/stellaris: Implement watchdog timer
- * target-arm: powerctl: Enable HVC when starting CPUs to EL2
+ * virt: support more than 255GB of RAM
  * target/arm: Add the Cortex-A72
  * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
  * target/arm: Mask PMOVSR writes based on supported counters
  * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
  * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
 ----------------------------------------------------------------
-Aaron Lindsay (2):
+Eric Auger (9):
-      target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
+      hw/arm/virt: Rename highmem IO regions
-      target/arm: Mask PMOVSR writes based on supported counters
+      hw/arm/virt: Split the memory map description
       hw/boards: Add a MachineState parameter to kvm_type callback
       kvm: add kvm_arm_get_max_vm_ipa_size
       vl: Set machine ram_size, maxram_size and ram_slots earlier
       hw/arm/virt: Dynamic memory map depending on RAM requirements
       hw/arm/virt: Implement kvm_type function for 4.0 machine
       hw/arm/virt: Check the VCPU PA range in TCG mode
       hw/arm/virt: Bump the 255GB initial RAM limit
-Edgar E. Iglesias (8):
+Michel Heily (1):
-      net: cadence_gem: Disable TSU feature bit
+      hw/arm/stellaris: Implement watchdog timer
       net: cadence_gem: Use uint32_t for 32bit descriptor words
       net: cadence_gem: Add macro with max number of descriptor words
       net: cadence_gem: Add support for extended descriptors
       net: cadence_gem: Add support for selecting the DMA MemoryRegion
       net: cadence_gem: Implement support for 64bit descriptor addresses
       target-arm: powerctl: Enable HVC when starting CPUs to EL2
       target/arm: Add the Cortex-A72
-Jerome Forissier (1):
+Richard Henderson (11):
-      hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
+      target/arm: Fix PC test for LDM (exception return)
       target/arm: Split out arm_sctlr
       target/arm: Implement ARMv8.0-SB
       target/arm: Implement ARMv8.0-PredInv
       target/arm: Split helper_msr_i_pstate into 3
       target/arm: Add set/clear_pstate_bits, share gen_ss_advance
       target/arm: Rearrange disas_data_proc_reg
       target/arm: Implement ARMv8.4-CondM
       target/arm: Implement ARMv8.5-CondM
       target/arm: Restructure handle_fp_1src_{single, double}
       target/arm: Implement ARMv8.5-FRINT
-Peter Maydell (2):
+Shameer Kolothum (1):
-      target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
+      hw/arm/boot: introduce fdt_add_memory_node helper
       coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
-Richard Henderson (4):
+ include/hw/arm/virt.h                    |  16 +-
-      target/arm: Fix aarch64_sve_change_el wrt EL0
+ include/hw/boards.h                      |   5 +-
-      target/arm: Define fields of ISAR registers
+ include/hw/watchdog/cmsdk-apb-watchdog.h |   8 +
-      target/arm: Align cortex-r5 id_isar0
+ target/arm/cpu.h                         |  64 ++++-
-      target/arm: Fix cortex-a7 id_isar0
+ target/arm/helper-a64.h                  |   3 +
  target/arm/helper.h                      |   8 +-
  target/arm/internals.h                   |  15 +
  target/arm/kvm_arm.h                     |  13 +
  target/arm/translate.h                   |  34 +++
  accel/kvm/kvm-all.c                      |   2 +-
  hw/arm/boot.c                            |  54 ++--
  hw/arm/stellaris.c                       |  22 +-
  hw/arm/virt-acpi-build.c                 |  10 +-
  hw/arm/virt.c                            | 196 ++++++++++---
  hw/ppc/mac_newworld.c                    |   3 +-
  hw/ppc/mac_oldworld.c                    |   2 +-
  hw/ppc/spapr.c                           |   2 +-
  hw/watchdog/cmsdk-apb-watchdog.c         |  74 ++++-
  linux-user/elfload.c                     |   2 +
  target/arm/cpu.c                         |   2 +
  target/arm/cpu64.c                       |   6 +
  target/arm/helper-a64.c                  |  30 ++
  target/arm/helper.c                      |  63 +++-
  target/arm/kvm.c                         |  10 +
  target/arm/op_helper.c                   |  47 ---
  target/arm/translate-a64.c               | 478 +++++++++++++++++++++++--------
  target/arm/translate.c                   |  35 ++-
  target/arm/vfp_helper.c                  |  96 +++++++
  vl.c                                     |   6 +-
 files changed, 1032 insertions(+), 274 deletions(-)
- include/hw/net/cadence_gem.h               |   7 +-
- target/arm/cpu.h                           |  95 ++++++++++++++-
- hw/arm/virt.c                              |   4 +
- hw/net/cadence_gem.c                       | 185 ++++++++++++++++++++---------
- target/arm/arm-powerctl.c                  |  10 ++
- target/arm/cpu.c                           |   7 +-
- target/arm/cpu64.c                         |  66 +++++++++-
- target/arm/helper.c                        |  27 +++--
- target/arm/op_helper.c                     |   6 +-
- scripts/coccinelle/inplace-byteswaps.cocci |  65 ++++++++++
-files changed, 402 insertions(+), 70 deletions(-)
- create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci

-New patch
+[Qemu-devel] [PULL 01/22] target/arm: Fix PC test for LDM (exception return)
+From: Richard Henderson <richard.henderson@linaro.org>
+Found by inspection: Rn is the base register against which the
+load began; I is the register within the mask being processed.
+The exception return should of course be processed from the loaded PC.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190301202921.21209-1-richard.henderson@linaro.org
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/translate.c | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/target/arm/translate.c b/target/arm/translate.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate.c
++++ b/target/arm/translate.c
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
+                             } else if (i == rn) {
+                                 loaded_var = tmp;
+                                 loaded_base = 1;
+-                            } else if (rn == 15 && exc_return) {
++                            } else if (i == 15 && exc_return) {
+                                 store_pc_exc_ret(s, tmp);
+                             } else {
+                                 store_reg_from_load(s, i, tmp);
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 02/22] target/arm: Split out arm_sctlr
+From: Richard Henderson <richard.henderson@linaro.org>
+Minimize the number of places that will need updating when
+the virtual host extensions are added.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-2-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h    | 26 ++++++++++++++++----------
+ target/arm/helper.c |  8 ++------
+files changed, 18 insertions(+), 16 deletions(-)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ static inline bool arm_sctlr_b(CPUARMState *env)
+         (env->cp15.sctlr_el[1] & SCTLR_B) != 0;
+ }
++static inline uint64_t arm_sctlr(CPUARMState *env, int el)
++{
++    if (el == 0) {
++        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
++        return env->cp15.sctlr_el[1];
++    } else {
++        return env->cp15.sctlr_el[el];
++    }
++}
++
++
+ /* Return true if the processor is in big-endian mode. */
+ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env)
+ {
+-    int cur_el;
+-
+     /* In 32bit endianness is determined by looking at CPSR's E bit */
+     if (!is_a64(env)) {
+         return
+@@ -XXX,XX +XXX,XX @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env)
+             arm_sctlr_b(env) ||
+ #endif
+                 ((env->uncached_cpsr & CPSR_E) ? 1 : 0);
++    } else {
++        int cur_el = arm_current_el(env);
++        uint64_t sctlr = arm_sctlr(env, cur_el);
++
++        return (sctlr & (cur_el ? SCTLR_EE : SCTLR_E0E)) != 0;
+     }
+-
+-    cur_el = arm_current_el(env);
+-
+-    if (cur_el == 0) {
+-        return (env->cp15.sctlr_el[1] & SCTLR_E0E) != 0;
+-    }
+-
+-    return (env->cp15.sctlr_el[cur_el] & SCTLR_EE) != 0;
+ }
+ #include "exec/cpu-all.h"
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
+             flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
+         }
+-        if (current_el == 0) {
+-            /* FIXME: ARMv8.1-VHE S2 translation regime.  */
+-            sctlr = env->cp15.sctlr_el[1];
+-        } else {
+-            sctlr = env->cp15.sctlr_el[current_el];
+-        }
++        sctlr = arm_sctlr(env, current_el);
++
+         if (cpu_isar_feature(aa64_pauth, cpu)) {
+             /*
+              * In order to save space in flags, we record only whether
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 03/22] target/arm: Implement ARMv8.0-SB
+From: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-3-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h           | 10 ++++++++++
+ linux-user/elfload.c       |  1 +
+ target/arm/cpu.c           |  1 +
+ target/arm/cpu64.c         |  2 ++
+ target/arm/translate-a64.c | 14 ++++++++++++++
+ target/arm/translate.c     | 22 ++++++++++++++++++++++
+files changed, 50 insertions(+)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_fhm(const ARMISARegisters *id)
+     return FIELD_EX32(id->id_isar6, ID_ISAR6, FHM) != 0;
+ }
++static inline bool isar_feature_aa32_sb(const ARMISARegisters *id)
++{
++    return FIELD_EX32(id->id_isar6, ID_ISAR6, SB) != 0;
++}
++
+ static inline bool isar_feature_aa32_fp16_arith(const ARMISARegisters *id)
+ {
+     /*
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_pauth(const ARMISARegisters *id)
+              FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0;
+ }
++static inline bool isar_feature_aa64_sb(const ARMISARegisters *id)
++{
++    return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SB) != 0;
++}
++
+ static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id)
+ {
+     /* We always set the AdvSIMD and FP fields identically wrt FP16.  */
+diff --git a/linux-user/elfload.c b/linux-user/elfload.c
+index XXXXXXX..XXXXXXX 100644
+--- a/linux-user/elfload.c
++++ b/linux-user/elfload.c
+@@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void)
+     GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG);
+     GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM);
+     GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT);
++    GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB);
+ #undef GET_FEATURE_ID
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.c
++++ b/target/arm/cpu.c
+@@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj)
+             t = FIELD_DP32(t, ID_ISAR6, JSCVT, 1);
+             t = FIELD_DP32(t, ID_ISAR6, DP, 1);
+             t = FIELD_DP32(t, ID_ISAR6, FHM, 1);
++            t = FIELD_DP32(t, ID_ISAR6, SB, 1);
+             cpu->isar.id_isar6 = t;
+             t = cpu->id_mmfr4;
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         t = FIELD_DP64(t, ID_AA64ISAR1, API, 0);
+         t = FIELD_DP64(t, ID_AA64ISAR1, GPA, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0);
++        t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1);
+         cpu->isar.id_aa64isar1 = t;
+         t = cpu->isar.id_aa64pfr0;
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1);
+         u = FIELD_DP32(u, ID_ISAR6, DP, 1);
+         u = FIELD_DP32(u, ID_ISAR6, FHM, 1);
++        u = FIELD_DP32(u, ID_ISAR6, SB, 1);
+         cpu->isar.id_isar6 = u;
+         /*
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
+         reset_btype(s);
+         gen_goto_tb(s, 0, s->pc);
+         return;
++
++    case 7: /* SB */
++        if (crm != 0 || !dc_isar_feature(aa64_sb, s)) {
++            goto do_unallocated;
++        }
++        /*
++         * TODO: There is no speculation barrier opcode for TCG;
++         * MB and end the TB instead.
++         */
++        tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
++        gen_goto_tb(s, 0, s->pc);
++        return;
++
+     default:
++    do_unallocated:
+         unallocated_encoding(s);
+         return;
+     }
+diff --git a/target/arm/translate.c b/target/arm/translate.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate.c
++++ b/target/arm/translate.c
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
+                  */
+                 gen_goto_tb(s, 0, s->pc & ~1);
+                 return;
++            case 7: /* sb */
++                if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
++                    goto illegal_op;
++                }
++                /*
++                 * TODO: There is no speculation barrier opcode
++                 * for TCG; MB and end the TB instead.
++                 */
++                tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
++                gen_goto_tb(s, 0, s->pc & ~1);
++                return;
+             default:
+                 goto illegal_op;
+             }
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
+                              */
+                             gen_goto_tb(s, 0, s->pc & ~1);
+                             break;
++                        case 7: /* sb */
++                            if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
++                                goto illegal_op;
++                            }
++                            /*
++                             * TODO: There is no speculation barrier opcode
++                             * for TCG; MB and end the TB instead.
++                             */
++                            tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
++                            gen_goto_tb(s, 0, s->pc & ~1);
++                            break;
+                         default:
+                             goto illegal_op;
+                         }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 04/22] target/arm: Implement ARMv8.0-PredInv
+From: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-4-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h    | 13 ++++++++++-
+ target/arm/cpu.c    |  1 +
+ target/arm/cpu64.c  |  2 ++
+ target/arm/helper.c | 55 +++++++++++++++++++++++++++++++++++++++++++++
+files changed, 70 insertions(+), 1 deletion(-)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ void pmu_init(ARMCPU *cpu);
+ #define SCTLR_R       (1U << 9) /* up to v6; RAZ in v7 */
+ #define SCTLR_UMA     (1U << 9) /* v8 onward, AArch64 only */
+ #define SCTLR_F       (1U << 10) /* up to v6 */
+-#define SCTLR_SW      (1U << 10) /* v7, RES0 in v8 */
++#define SCTLR_SW      (1U << 10) /* v7 */
++#define SCTLR_EnRCTX  (1U << 10) /* in v8.0-PredInv */
+ #define SCTLR_Z       (1U << 11) /* in v7, RES1 in v8 */
+ #define SCTLR_EOS     (1U << 11) /* v8.5-ExS */
+ #define SCTLR_I       (1U << 12)
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_sb(const ARMISARegisters *id)
+     return FIELD_EX32(id->id_isar6, ID_ISAR6, SB) != 0;
+ }
++static inline bool isar_feature_aa32_predinv(const ARMISARegisters *id)
++{
++    return FIELD_EX32(id->id_isar6, ID_ISAR6, SPECRES) != 0;
++}
++
+ static inline bool isar_feature_aa32_fp16_arith(const ARMISARegisters *id)
+ {
+     /*
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_sb(const ARMISARegisters *id)
+     return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SB) != 0;
+ }
++static inline bool isar_feature_aa64_predinv(const ARMISARegisters *id)
++{
++    return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SPECRES) != 0;
++}
++
+ static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id)
+ {
+     /* We always set the AdvSIMD and FP fields identically wrt FP16.  */
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.c
++++ b/target/arm/cpu.c
+@@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj)
+             t = FIELD_DP32(t, ID_ISAR6, DP, 1);
+             t = FIELD_DP32(t, ID_ISAR6, FHM, 1);
+             t = FIELD_DP32(t, ID_ISAR6, SB, 1);
++            t = FIELD_DP32(t, ID_ISAR6, SPECRES, 1);
+             cpu->isar.id_isar6 = t;
+             t = cpu->id_mmfr4;
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         t = FIELD_DP64(t, ID_AA64ISAR1, GPA, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0);
+         t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1);
++        t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1);
+         cpu->isar.id_aa64isar1 = t;
+         t = cpu->isar.id_aa64pfr0;
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         u = FIELD_DP32(u, ID_ISAR6, DP, 1);
+         u = FIELD_DP32(u, ID_ISAR6, FHM, 1);
+         u = FIELD_DP32(u, ID_ISAR6, SB, 1);
++        u = FIELD_DP32(u, ID_ISAR6, SPECRES, 1);
+         cpu->isar.id_isar6 = u;
+         /*
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
+ };
+ #endif
++static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
++                                     bool isread)
++{
++    int el = arm_current_el(env);
++
++    if (el == 0) {
++        uint64_t sctlr = arm_sctlr(env, el);
++        if (!(sctlr & SCTLR_EnRCTX)) {
++            return CP_ACCESS_TRAP;
++        }
++    } else if (el == 1) {
++        uint64_t hcr = arm_hcr_el2_eff(env);
++        if (hcr & HCR_NV) {
++            return CP_ACCESS_TRAP_EL2;
++        }
++    }
++    return CP_ACCESS_OK;
++}
++
++static const ARMCPRegInfo predinv_reginfo[] = {
++    { .name = "CFP_RCTX", .state = ARM_CP_STATE_AA64,
++      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 4,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    { .name = "DVP_RCTX", .state = ARM_CP_STATE_AA64,
++      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 5,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    { .name = "CPP_RCTX", .state = ARM_CP_STATE_AA64,
++      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 7,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    /*
++     * Note the AArch32 opcodes have a different OPC1.
++     */
++    { .name = "CFPRCTX", .state = ARM_CP_STATE_AA32,
++      .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 4,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    { .name = "DVPRCTX", .state = ARM_CP_STATE_AA32,
++      .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 5,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    { .name = "CPPRCTX", .state = ARM_CP_STATE_AA32,
++      .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 7,
++      .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
++    REGINFO_SENTINEL
++};
++
+ void register_cp_regs_for_features(ARMCPU *cpu)
+ {
+     /* Register all the coprocessor registers based on feature bits */
+@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
+         define_arm_cp_regs(cpu, pauth_reginfo);
+     }
+ #endif
++
++    /*
++     * While all v8.0 cpus support aarch64, QEMU does have configurations
++     * that do not set ID_AA64ISAR1, e.g. user-only qemu-arm -cpu max,
++     * which will set ID_ISAR6.
++     */
++    if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)
++        ? cpu_isar_feature(aa64_predinv, cpu)
++        : cpu_isar_feature(aa32_predinv, cpu)) {
++        define_arm_cp_regs(cpu, predinv_reginfo);
++    }
+ }
+ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 05/22] target/arm: Split helper_msr_i_pstate into 3
+From: Richard Henderson <richard.henderson@linaro.org>
 The EL0+UMA check is unique to DAIF.  While SPSel had avoided the
 check by nature of already checking EL >= 1, the other post v8.0
 extensions to MSR (imm) allow EL0 and do not require UMA.  Avoid
 the unconditional write to pc and use raise_exception_ra to unwind.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Message-id: 20190301200501.16533-5-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
  target/arm/helper-a64.h    |  3 +++
  target/arm/helper.h        |  1 -
  target/arm/internals.h     | 15 ++++++++++++++
  target/arm/helper-a64.c    | 30 +++++++++++++++++++++++++++
  target/arm/op_helper.c     | 42 --------------------------------------
  target/arm/translate-a64.c | 41 ++++++++++++++++++++++---------------
 files changed, 73 insertions(+), 59 deletions(-)
 diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.h
 +++ b/target/arm/helper-a64.h
@@ -XXX,XX +XXX,XX @@
  DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
  DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
  DEF_HELPER_FLAGS_1(rbit64, TCG_CALL_NO_RWG_SE, i64, i64)
 +DEF_HELPER_2(msr_i_spsel, void, env, i32)
 +DEF_HELPER_2(msr_i_daifset, void, env, i32)
 +DEF_HELPER_2(msr_i_daifclear, void, env, i32)
  DEF_HELPER_3(vfp_cmph_a64, i64, f16, f16, ptr)
  DEF_HELPER_3(vfp_cmpeh_a64, i64, f16, f16, ptr)
  DEF_HELPER_3(vfp_cmps_a64, i64, f32, f32, ptr)
 diff --git a/target/arm/helper.h b/target/arm/helper.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.h
 +++ b/target/arm/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr)
  DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
  DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
 -DEF_HELPER_3(msr_i_pstate, void, env, i32, i32)
  DEF_HELPER_1(clear_pstate_ss, void, env)
  DEF_HELPER_2(get_r13_banked, i32, env, i32)
 diff --git a/target/arm/internals.h b/target/arm/internals.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/internals.h
 +++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
  ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
                                     ARMMMUIdx mmu_idx, bool data);
 +static inline int exception_target_el(CPUARMState *env)
 +{
 +    int target_el = MAX(1, arm_current_el(env));
 +
 +    /*
 +     * No such thing as secure EL1 if EL3 is aarch32,
 +     * so update the target EL to EL3 in this case.
 +     */
 +    if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
 +        target_el = 3;
 +    }
 +
 +    return target_el;
 +}
 +
  #endif
 diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.c
 +++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(rbit64)(uint64_t x)
      return revbit64(x);
  }
 +void HELPER(msr_i_spsel)(CPUARMState *env, uint32_t imm)
 +{
 +    update_spsel(env, imm);
 +}
 +
 +static void daif_check(CPUARMState *env, uint32_t op,
 +                       uint32_t imm, uintptr_t ra)
 +{
 +    /* DAIF update to PSTATE. This is OK from EL0 only if UMA is set.  */
 +    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) {
 +        raise_exception_ra(env, EXCP_UDEF,
 +                           syn_aa64_sysregtrap(0, extract32(op, 0, 3),
 +                                               extract32(op, 3, 3), 4,
 +                                               imm, 0x1f, 0),
 +                           exception_target_el(env), ra);
 +    }
 +}
 +
 +void HELPER(msr_i_daifset)(CPUARMState *env, uint32_t imm)
 +{
 +    daif_check(env, 0x1e, imm, GETPC());
 +    env->daif |= (imm << 6) & PSTATE_DAIF;
 +}
 +
 +void HELPER(msr_i_daifclear)(CPUARMState *env, uint32_t imm)
 +{
 +    daif_check(env, 0x1f, imm, GETPC());
 +    env->daif &= ~((imm << 6) & PSTATE_DAIF);
 +}
 +
  /* Convert a softfloat float_relation_ (as returned by
   * the float*_compare functions) to the correct ARM
   * NZCV flag state.
 diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/op_helper.c
 +++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,
      cpu_loop_exit_restore(cs, ra);
  }
 -static int exception_target_el(CPUARMState *env)
 -{
 -    int target_el = MAX(1, arm_current_el(env));
 -
 -    /* No such thing as secure EL1 if EL3 is aarch32, so update the target EL
 -     * to EL3 in this case.
 -     */
 -    if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
 -        target_el = 3;
 -    }
 -
 -    return target_el;
 -}
 -
  uint32_t HELPER(neon_tbl)(uint32_t ireg, uint32_t def, void *vn,
                            uint32_t maxindex)
  {
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
      return res;
  }
 -void HELPER(msr_i_pstate)(CPUARMState *env, uint32_t op, uint32_t imm)
 -{
 -    /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set.
 -     * Note that SPSel is never OK from EL0; we rely on handle_msr_i()
 -     * to catch that case at translate time.
 -     */
 -    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) {
 -        uint32_t syndrome = syn_aa64_sysregtrap(0, extract32(op, 0, 3),
 -                                                extract32(op, 3, 3), 4,
 -                                                imm, 0x1f, 0);
 -        raise_exception(env, EXCP_UDEF, syndrome, exception_target_el(env));
 -    }
 -
 -    switch (op) {
 -    case 0x05: /* SPSel */
 -        update_spsel(env, imm);
 -        break;
 -    case 0x1e: /* DAIFSet */
 -        env->daif |= (imm << 6) & PSTATE_DAIF;
 -        break;
 -    case 0x1f: /* DAIFClear */
 -        env->daif &= ~((imm << 6) & PSTATE_DAIF);
 -        break;
 -    default:
 -        g_assert_not_reached();
 -    }
 -}
 -
  void HELPER(clear_pstate_ss)(CPUARMState *env)
  {
      env->pstate &= ~PSTATE_SS;
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
  static void handle_msr_i(DisasContext *s, uint32_t insn,
                           unsigned int op1, unsigned int op2, unsigned int crm)
  {
 +    TCGv_i32 t1;
      int op = op1 << 3 | op2;
 +
 +    /* End the TB by default, chaining is ok.  */
 +    s->base.is_jmp = DISAS_TOO_MANY;
 +
      switch (op) {
      case 0x05: /* SPSel */
          if (s->current_el == 0) {
 -            unallocated_encoding(s);
 -            return;
 +            goto do_unallocated;
          }
 -        /* fall through */
 -    case 0x1e: /* DAIFSet */
 -    case 0x1f: /* DAIFClear */
 -    {
 -        TCGv_i32 tcg_imm = tcg_const_i32(crm);
 -        TCGv_i32 tcg_op = tcg_const_i32(op);
 -        gen_a64_set_pc_im(s->pc - 4);
 -        gen_helper_msr_i_pstate(cpu_env, tcg_op, tcg_imm);
 -        tcg_temp_free_i32(tcg_imm);
 -        tcg_temp_free_i32(tcg_op);
 -        /* For DAIFClear, exit the cpu loop to re-evaluate pending IRQs.  */
 -        gen_a64_set_pc_im(s->pc);
 -        s->base.is_jmp = (op == 0x1f ? DISAS_EXIT : DISAS_JUMP);
 +        t1 = tcg_const_i32(crm & PSTATE_SP);
 +        gen_helper_msr_i_spsel(cpu_env, t1);
 +        tcg_temp_free_i32(t1);
          break;
 -    }
 +
 +    case 0x1e: /* DAIFSet */
 +        t1 = tcg_const_i32(crm);
 +        gen_helper_msr_i_daifset(cpu_env, t1);
 +        tcg_temp_free_i32(t1);
 +        break;
 +
 +    case 0x1f: /* DAIFClear */
 +        t1 = tcg_const_i32(crm);
 +        gen_helper_msr_i_daifclear(cpu_env, t1);
 +        tcg_temp_free_i32(t1);
 +        /* For DAIFClear, exit the cpu loop to re-evaluate pending IRQs.  */
 +        s->base.is_jmp = DISAS_UPDATE;
 +        break;
 +
      default:
 +    do_unallocated:
          unallocated_encoding(s);
          return;
      }
 --
 .20.1

-New patch
+[Qemu-devel] [PULL 06/22] target/arm: Add set/clear_pstate_bits, share gen_ss_advance
+From: Richard Henderson <richard.henderson@linaro.org>
+We do not need an out-of-line helper for manipulating bits in pstate.
+While changing things, share the implementation of gen_ss_advance.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-6-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/helper.h        |  2 --
+ target/arm/translate.h     | 34 ++++++++++++++++++++++++++++++++++
+ target/arm/op_helper.c     |  5 -----
+ target/arm/translate-a64.c | 11 -----------
+ target/arm/translate.c     | 11 -----------
+files changed, 34 insertions(+), 29 deletions(-)
+diff --git a/target/arm/helper.h b/target/arm/helper.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.h
++++ b/target/arm/helper.h
+@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr)
+ DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
+ DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
+-DEF_HELPER_1(clear_pstate_ss, void, env)
+-
+ DEF_HELPER_2(get_r13_banked, i32, env, i32)
+ DEF_HELPER_3(set_r13_banked, void, env, i32, i32)
+diff --git a/target/arm/translate.h b/target/arm/translate.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate.h
++++ b/target/arm/translate.h
+@@ -XXX,XX +XXX,XX @@ static inline TCGv_i32 get_ahp_flag(void)
+     return ret;
+ }
++/* Set bits within PSTATE.  */
++static inline void set_pstate_bits(uint32_t bits)
++{
++    TCGv_i32 p = tcg_temp_new_i32();
++
++    tcg_debug_assert(!(bits & CACHED_PSTATE_BITS));
++
++    tcg_gen_ld_i32(p, cpu_env, offsetof(CPUARMState, pstate));
++    tcg_gen_ori_i32(p, p, bits);
++    tcg_gen_st_i32(p, cpu_env, offsetof(CPUARMState, pstate));
++    tcg_temp_free_i32(p);
++}
++
++/* Clear bits within PSTATE.  */
++static inline void clear_pstate_bits(uint32_t bits)
++{
++    TCGv_i32 p = tcg_temp_new_i32();
++
++    tcg_debug_assert(!(bits & CACHED_PSTATE_BITS));
++
++    tcg_gen_ld_i32(p, cpu_env, offsetof(CPUARMState, pstate));
++    tcg_gen_andi_i32(p, p, ~bits);
++    tcg_gen_st_i32(p, cpu_env, offsetof(CPUARMState, pstate));
++    tcg_temp_free_i32(p);
++}
++
++/* If the singlestep state is Active-not-pending, advance to Active-pending. */
++static inline void gen_ss_advance(DisasContext *s)
++{
++    if (s->ss_active) {
++        s->pstate_ss = 0;
++        clear_pstate_bits(PSTATE_SS);
++    }
++}
+ /* Vector operations shared between ARM and AArch64.  */
+ extern const GVecGen3 bsl_op;
+diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/op_helper.c
++++ b/target/arm/op_helper.c
+@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
+     return res;
+ }
+-void HELPER(clear_pstate_ss)(CPUARMState *env)
+-{
+-    env->pstate &= ~PSTATE_SS;
+-}
+-
+ void HELPER(pre_hvc)(CPUARMState *env)
+ {
+     ARMCPU *cpu = arm_env_get_cpu(env);
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset,
+     s->base.is_jmp = DISAS_NORETURN;
+ }
+-static void gen_ss_advance(DisasContext *s)
+-{
+-    /* If the singlestep state is Active-not-pending, advance to
+-     * Active-pending.
+-     */
+-    if (s->ss_active) {
+-        s->pstate_ss = 0;
+-        gen_helper_clear_pstate_ss(cpu_env);
+-    }
+-}
+-
+ static void gen_step_complete_exception(DisasContext *s)
+ {
+     /* We just completed step of an insn. Move from Active-not-pending
+diff --git a/target/arm/translate.c b/target/arm/translate.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate.c
++++ b/target/arm/translate.c
+@@ -XXX,XX +XXX,XX @@ static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
+     tcg_temp_free_i32(tcg_excp);
+ }
+-static void gen_ss_advance(DisasContext *s)
+-{
+-    /* If the singlestep state is Active-not-pending, advance to
+-     * Active-pending.
+-     */
+-    if (s->ss_active) {
+-        s->pstate_ss = 0;
+-        gen_helper_clear_pstate_ss(cpu_env);
+-    }
+-}
+-
+ static void gen_step_complete_exception(DisasContext *s)
+ {
+     /* We just completed step of an insn. Move from Active-not-pending
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 07/22] target/arm: Rearrange disas_data_proc_reg
+From: Richard Henderson <richard.henderson@linaro.org>
+This decoding more closely matches the ARMv8.4 Table C4-6,
+Encoding table for Data Processing - Register Group.
+In particular, op2 == 0 is now more than just Add/sub (with carry).
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-7-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/translate-a64.c | 98 ++++++++++++++++++++++----------------
+file changed, 57 insertions(+), 41 deletions(-)
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void disas_data_proc_3src(DisasContext *s, uint32_t insn)
+ }
+ /* Add/subtract (with carry)
+- *  31 30 29 28 27 26 25 24 23 22 21  20  16  15   10  9    5 4   0
+- * +--+--+--+------------------------+------+---------+------+-----+
+- * |sf|op| S| 1  1  0  1  0  0  0  0 |  rm  | opcode2 |  Rn  |  Rd |
+- * +--+--+--+------------------------+------+---------+------+-----+
+- *                                            [000000]
++ *  31 30 29 28 27 26 25 24 23 22 21  20  16  15       10  9    5 4   0
++ * +--+--+--+------------------------+------+-------------+------+-----+
++ * |sf|op| S| 1  1  0  1  0  0  0  0 |  rm  | 0 0 0 0 0 0 |  Rn  |  Rd |
++ * +--+--+--+------------------------+------+-------------+------+-----+
+  */
+ static void disas_adc_sbc(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn)
+     unsigned int sf, op, setflags, rm, rn, rd;
+     TCGv_i64 tcg_y, tcg_rn, tcg_rd;
+-    if (extract32(insn, 10, 6) != 0) {
+-        unallocated_encoding(s);
+-        return;
+-    }
+-
+     sf = extract32(insn, 31, 1);
+     op = extract32(insn, 30, 1);
+     setflags = extract32(insn, 29, 1);
+@@ -XXX,XX +XXX,XX @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
+     }
+ }
+-/* Data processing - register */
++/*
++ * Data processing - register
++ *  31  30 29  28      25    21  20  16      10         0
++ * +--+---+--+---+-------+-----+-------+-------+---------+
++ * |  |op0|  |op1| 1 0 1 | op2 |       |  op3  |         |
++ * +--+---+--+---+-------+-----+-------+-------+---------+
++ */
+ static void disas_data_proc_reg(DisasContext *s, uint32_t insn)
+ {
+-    switch (extract32(insn, 24, 5)) {
+-    case 0x0a: /* Logical (shifted register) */
+-        disas_logic_reg(s, insn);
+-        break;
+-    case 0x0b: /* Add/subtract */
+-        if (insn & (1 << 21)) { /* (extended register) */
+-            disas_add_sub_ext_reg(s, insn);
++    int op0 = extract32(insn, 30, 1);
++    int op1 = extract32(insn, 28, 1);
++    int op2 = extract32(insn, 21, 4);
++    int op3 = extract32(insn, 10, 6);
++
++    if (!op1) {
++        if (op2 & 8) {
++            if (op2 & 1) {
++                /* Add/sub (extended register) */
++                disas_add_sub_ext_reg(s, insn);
++            } else {
++                /* Add/sub (shifted register) */
++                disas_add_sub_reg(s, insn);
++            }
+         } else {
+-            disas_add_sub_reg(s, insn);
++            /* Logical (shifted register) */
++            disas_logic_reg(s, insn);
+         }
+-        break;
+-    case 0x1b: /* Data-processing (3 source) */
+-        disas_data_proc_3src(s, insn);
+-        break;
+-    case 0x1a:
+-        switch (extract32(insn, 21, 3)) {
+-        case 0x0: /* Add/subtract (with carry) */
++        return;
++    }
++
++    switch (op2) {
++    case 0x0:
++        switch (op3) {
++        case 0x00: /* Add/subtract (with carry) */
+             disas_adc_sbc(s, insn);
+             break;
+-        case 0x2: /* Conditional compare */
+-            disas_cc(s, insn); /* both imm and reg forms */
+-            break;
+-        case 0x4: /* Conditional select */
+-            disas_cond_select(s, insn);
+-            break;
+-        case 0x6: /* Data-processing */
+-            if (insn & (1 << 30)) { /* (1 source) */
+-                disas_data_proc_1src(s, insn);
+-            } else {            /* (2 source) */
+-                disas_data_proc_2src(s, insn);
+-            }
+-            break;
++
+         default:
+-            unallocated_encoding(s);
+-            break;
++            goto do_unallocated;
+         }
+         break;
++
++    case 0x2: /* Conditional compare */
++        disas_cc(s, insn); /* both imm and reg forms */
++        break;
++
++    case 0x4: /* Conditional select */
++        disas_cond_select(s, insn);
++        break;
++
++    case 0x6: /* Data-processing */
++        if (op0) {    /* (1 source) */
++            disas_data_proc_1src(s, insn);
++        } else {      /* (2 source) */
++            disas_data_proc_2src(s, insn);
++        }
++        break;
++    case 0x8 ... 0xf: /* (3 source) */
++        disas_data_proc_3src(s, insn);
++        break;
++
+     default:
++    do_unallocated:
+         unallocated_encoding(s);
+         break;
+     }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 08/22] target/arm: Implement ARMv8.4-CondM
+From: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-8-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+[PMM: fixed up block comment style]
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h           |  5 ++
+ linux-user/elfload.c       |  1 +
+ target/arm/cpu64.c         |  1 +
+ target/arm/translate-a64.c | 99 +++++++++++++++++++++++++++++++++++++-
+files changed, 105 insertions(+), 1 deletion(-)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_fhm(const ARMISARegisters *id)
+     return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, FHM) != 0;
+ }
++static inline bool isar_feature_aa64_condm_4(const ARMISARegisters *id)
++{
++    return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) != 0;
++}
++
+ static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
+ {
+     return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
+diff --git a/linux-user/elfload.c b/linux-user/elfload.c
+index XXXXXXX..XXXXXXX 100644
+--- a/linux-user/elfload.c
++++ b/linux-user/elfload.c
+@@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void)
+     GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM);
+     GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT);
+     GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB);
++    GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM);
+ #undef GET_FEATURE_ID
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
++        t = FIELD_DP64(t, ID_AA64ISAR0, TS, 1);
+         cpu->isar.id_aa64isar0 = t;
+         t = cpu->isar.id_aa64isar1;
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
+     s->base.is_jmp = DISAS_TOO_MANY;
+     switch (op) {
++    case 0x00: /* CFINV */
++        if (crm != 0 || !dc_isar_feature(aa64_condm_4, s)) {
++            goto do_unallocated;
++        }
++        tcg_gen_xori_i32(cpu_CF, cpu_CF, 1);
++        s->base.is_jmp = DISAS_NEXT;
++        break;
++
+     case 0x05: /* SPSel */
+         if (s->current_el == 0) {
+             goto do_unallocated;
+@@ -XXX,XX +XXX,XX @@ static void gen_get_nzcv(TCGv_i64 tcg_rt)
+ }
+ static void gen_set_nzcv(TCGv_i64 tcg_rt)
+-
+ {
+     TCGv_i32 nzcv = tcg_temp_new_i32();
+@@ -XXX,XX +XXX,XX @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn)
+     }
+ }
++/*
++ * Rotate right into flags
++ *  31 30 29                21       15          10      5  4      0
++ * +--+--+--+-----------------+--------+-----------+------+--+------+
++ * |sf|op| S| 1 1 0 1 0 0 0 0 |  imm6  | 0 0 0 0 1 |  Rn  |o2| mask |
++ * +--+--+--+-----------------+--------+-----------+------+--+------+
++ */
++static void disas_rotate_right_into_flags(DisasContext *s, uint32_t insn)
++{
++    int mask = extract32(insn, 0, 4);
++    int o2 = extract32(insn, 4, 1);
++    int rn = extract32(insn, 5, 5);
++    int imm6 = extract32(insn, 15, 6);
++    int sf_op_s = extract32(insn, 29, 3);
++    TCGv_i64 tcg_rn;
++    TCGv_i32 nzcv;
++
++    if (sf_op_s != 5 || o2 != 0 || !dc_isar_feature(aa64_condm_4, s)) {
++        unallocated_encoding(s);
++        return;
++    }
++
++    tcg_rn = read_cpu_reg(s, rn, 1);
++    tcg_gen_rotri_i64(tcg_rn, tcg_rn, imm6);
++
++    nzcv = tcg_temp_new_i32();
++    tcg_gen_extrl_i64_i32(nzcv, tcg_rn);
++
++    if (mask & 8) { /* N */
++        tcg_gen_shli_i32(cpu_NF, nzcv, 31 - 3);
++    }
++    if (mask & 4) { /* Z */
++        tcg_gen_not_i32(cpu_ZF, nzcv);
++        tcg_gen_andi_i32(cpu_ZF, cpu_ZF, 4);
++    }
++    if (mask & 2) { /* C */
++        tcg_gen_extract_i32(cpu_CF, nzcv, 1, 1);
++    }
++    if (mask & 1) { /* V */
++        tcg_gen_shli_i32(cpu_VF, nzcv, 31 - 0);
++    }
++
++    tcg_temp_free_i32(nzcv);
++}
++
++/*
++ * Evaluate into flags
++ *  31 30 29                21        15   14        10      5  4      0
++ * +--+--+--+-----------------+---------+----+---------+------+--+------+
++ * |sf|op| S| 1 1 0 1 0 0 0 0 | opcode2 | sz | 0 0 1 0 |  Rn  |o3| mask |
++ * +--+--+--+-----------------+---------+----+---------+------+--+------+
++ */
++static void disas_evaluate_into_flags(DisasContext *s, uint32_t insn)
++{
++    int o3_mask = extract32(insn, 0, 5);
++    int rn = extract32(insn, 5, 5);
++    int o2 = extract32(insn, 15, 6);
++    int sz = extract32(insn, 14, 1);
++    int sf_op_s = extract32(insn, 29, 3);
++    TCGv_i32 tmp;
++    int shift;
++
++    if (sf_op_s != 1 || o2 != 0 || o3_mask != 0xd ||
++        !dc_isar_feature(aa64_condm_4, s)) {
++        unallocated_encoding(s);
++        return;
++    }
++    shift = sz ? 16 : 24;  /* SETF16 or SETF8 */
++
++    tmp = tcg_temp_new_i32();
++    tcg_gen_extrl_i64_i32(tmp, cpu_reg(s, rn));
++    tcg_gen_shli_i32(cpu_NF, tmp, shift);
++    tcg_gen_shli_i32(cpu_VF, tmp, shift - 1);
++    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
++    tcg_gen_xor_i32(cpu_VF, cpu_VF, cpu_NF);
++    tcg_temp_free_i32(tmp);
++}
++
+ /* Conditional compare (immediate / register)
+  *  31 30 29 28 27 26 25 24 23 22 21  20    16 15  12  11  10  9   5  4 3   0
+  * +--+--+--+------------------------+--------+------+----+--+------+--+-----+
+@@ -XXX,XX +XXX,XX @@ static void disas_data_proc_reg(DisasContext *s, uint32_t insn)
+             disas_adc_sbc(s, insn);
+             break;
++        case 0x01: /* Rotate right into flags */
++        case 0x21:
++            disas_rotate_right_into_flags(s, insn);
++            break;
++
++        case 0x02: /* Evaluate into flags */
++        case 0x12:
++        case 0x22:
++        case 0x32:
++            disas_evaluate_into_flags(s, insn);
++            break;
++
+         default:
+             goto do_unallocated;
+         }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 09/22] target/arm: Implement ARMv8.5-CondM
+From: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-9-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h           |  5 ++++
+ target/arm/cpu64.c         |  2 +-
+ target/arm/translate-a64.c | 58 ++++++++++++++++++++++++++++++++++++++
+files changed, 64 insertions(+), 1 deletion(-)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_condm_4(const ARMISARegisters *id)
+     return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) != 0;
+ }
++static inline bool isar_feature_aa64_condm_5(const ARMISARegisters *id)
++{
++    return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2;
++}
++
+ static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
+ {
+     return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
+-        t = FIELD_DP64(t, ID_AA64ISAR0, TS, 1);
++        t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */
+         cpu->isar.id_aa64isar0 = t;
+         t = cpu->isar.id_aa64isar1;
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
+     }
+ }
++static void gen_xaflag(void)
++{
++    TCGv_i32 z = tcg_temp_new_i32();
++
++    tcg_gen_setcondi_i32(TCG_COND_EQ, z, cpu_ZF, 0);
++
++    /*
++     * (!C & !Z) << 31
++     * (!(C | Z)) << 31
++     * ~((C | Z) << 31)
++     * ~-(C | Z)
++     * (C | Z) - 1
++     */
++    tcg_gen_or_i32(cpu_NF, cpu_CF, z);
++    tcg_gen_subi_i32(cpu_NF, cpu_NF, 1);
++
++    /* !(Z & C) */
++    tcg_gen_and_i32(cpu_ZF, z, cpu_CF);
++    tcg_gen_xori_i32(cpu_ZF, cpu_ZF, 1);
++
++    /* (!C & Z) << 31 -> -(Z & ~C) */
++    tcg_gen_andc_i32(cpu_VF, z, cpu_CF);
++    tcg_gen_neg_i32(cpu_VF, cpu_VF);
++
++    /* C | Z */
++    tcg_gen_or_i32(cpu_CF, cpu_CF, z);
++
++    tcg_temp_free_i32(z);
++}
++
++static void gen_axflag(void)
++{
++    tcg_gen_sari_i32(cpu_VF, cpu_VF, 31);         /* V ? -1 : 0 */
++    tcg_gen_andc_i32(cpu_CF, cpu_CF, cpu_VF);     /* C & !V */
++
++    /* !(Z | V) -> !(!ZF | V) -> ZF & !V -> ZF & ~VF */
++    tcg_gen_andc_i32(cpu_ZF, cpu_ZF, cpu_VF);
++
++    tcg_gen_movi_i32(cpu_NF, 0);
++    tcg_gen_movi_i32(cpu_VF, 0);
++}
++
+ /* MSR (immediate) - move immediate to processor state field */
+ static void handle_msr_i(DisasContext *s, uint32_t insn,
+                          unsigned int op1, unsigned int op2, unsigned int crm)
+@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
+         s->base.is_jmp = DISAS_NEXT;
+         break;
++    case 0x01: /* XAFlag */
++        if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) {
++            goto do_unallocated;
++        }
++        gen_xaflag();
++        s->base.is_jmp = DISAS_NEXT;
++        break;
++
++    case 0x02: /* AXFlag */
++        if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) {
++            goto do_unallocated;
++        }
++        gen_axflag();
++        s->base.is_jmp = DISAS_NEXT;
++        break;
++
+     case 0x05: /* SPSel */
+         if (s->current_el == 0) {
+             goto do_unallocated;
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 10/22] target/arm: Restructure handle_fp_1src_{single, double}
+From: Richard Henderson <richard.henderson@linaro.org>
+This will allow sharing code that adjusts rmode beyond
+the existing users.
+Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-10-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/translate-a64.c | 90 +++++++++++++++++++++-----------------
+file changed, 49 insertions(+), 41 deletions(-)
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn)
+ /* Floating-point data-processing (1 source) - single precision */
+ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn)
+ {
++    void (*gen_fpst)(TCGv_i32, TCGv_i32, TCGv_ptr);
++    TCGv_i32 tcg_op, tcg_res;
+     TCGv_ptr fpst;
+-    TCGv_i32 tcg_op;
+-    TCGv_i32 tcg_res;
++    int rmode = -1;
+-    fpst = get_fpstatus_ptr(false);
+     tcg_op = read_fp_sreg(s, rn);
+     tcg_res = tcg_temp_new_i32();
+     switch (opcode) {
+     case 0x0: /* FMOV */
+         tcg_gen_mov_i32(tcg_res, tcg_op);
+-        break;
++        goto done;
+     case 0x1: /* FABS */
+         gen_helper_vfp_abss(tcg_res, tcg_op);
+-        break;
++        goto done;
+     case 0x2: /* FNEG */
+         gen_helper_vfp_negs(tcg_res, tcg_op);
+-        break;
++        goto done;
+     case 0x3: /* FSQRT */
+         gen_helper_vfp_sqrts(tcg_res, tcg_op, cpu_env);
+-        break;
++        goto done;
+     case 0x8: /* FRINTN */
+     case 0x9: /* FRINTP */
+     case 0xa: /* FRINTM */
+     case 0xb: /* FRINTZ */
+     case 0xc: /* FRINTA */
+-    {
+-        TCGv_i32 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(opcode & 7));
+-
+-        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
+-        gen_helper_rints(tcg_res, tcg_op, fpst);
+-
+-        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
+-        tcg_temp_free_i32(tcg_rmode);
++        rmode = arm_rmode_to_sf(opcode & 7);
++        gen_fpst = gen_helper_rints;
+         break;
+-    }
+     case 0xe: /* FRINTX */
+-        gen_helper_rints_exact(tcg_res, tcg_op, fpst);
++        gen_fpst = gen_helper_rints_exact;
+         break;
+     case 0xf: /* FRINTI */
+-        gen_helper_rints(tcg_res, tcg_op, fpst);
++        gen_fpst = gen_helper_rints;
+         break;
+     default:
+-        abort();
++        g_assert_not_reached();
+     }
+-    write_fp_sreg(s, rd, tcg_res);
+-
++    fpst = get_fpstatus_ptr(false);
++    if (rmode >= 0) {
++        TCGv_i32 tcg_rmode = tcg_const_i32(rmode);
++        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
++        gen_fpst(tcg_res, tcg_op, fpst);
++        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
++        tcg_temp_free_i32(tcg_rmode);
++    } else {
++        gen_fpst(tcg_res, tcg_op, fpst);
++    }
+     tcg_temp_free_ptr(fpst);
++
++ done:
++    write_fp_sreg(s, rd, tcg_res);
+     tcg_temp_free_i32(tcg_op);
+     tcg_temp_free_i32(tcg_res);
+ }
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn)
+ /* Floating-point data-processing (1 source) - double precision */
+ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn)
+ {
++    void (*gen_fpst)(TCGv_i64, TCGv_i64, TCGv_ptr);
++    TCGv_i64 tcg_op, tcg_res;
+     TCGv_ptr fpst;
+-    TCGv_i64 tcg_op;
+-    TCGv_i64 tcg_res;
++    int rmode = -1;
+     switch (opcode) {
+     case 0x0: /* FMOV */
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn)
+         return;
+     }
+-    fpst = get_fpstatus_ptr(false);
+     tcg_op = read_fp_dreg(s, rn);
+     tcg_res = tcg_temp_new_i64();
+     switch (opcode) {
+     case 0x1: /* FABS */
+         gen_helper_vfp_absd(tcg_res, tcg_op);
+-        break;
++        goto done;
+     case 0x2: /* FNEG */
+         gen_helper_vfp_negd(tcg_res, tcg_op);
+-        break;
++        goto done;
+     case 0x3: /* FSQRT */
+         gen_helper_vfp_sqrtd(tcg_res, tcg_op, cpu_env);
+-        break;
++        goto done;
+     case 0x8: /* FRINTN */
+     case 0x9: /* FRINTP */
+     case 0xa: /* FRINTM */
+     case 0xb: /* FRINTZ */
+     case 0xc: /* FRINTA */
+-    {
+-        TCGv_i32 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(opcode & 7));
+-
+-        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
+-        gen_helper_rintd(tcg_res, tcg_op, fpst);
+-
+-        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
+-        tcg_temp_free_i32(tcg_rmode);
++        rmode = arm_rmode_to_sf(opcode & 7);
++        gen_fpst = gen_helper_rintd;
+         break;
+-    }
+     case 0xe: /* FRINTX */
+-        gen_helper_rintd_exact(tcg_res, tcg_op, fpst);
++        gen_fpst = gen_helper_rintd_exact;
+         break;
+     case 0xf: /* FRINTI */
+-        gen_helper_rintd(tcg_res, tcg_op, fpst);
++        gen_fpst = gen_helper_rintd;
+         break;
+     default:
+-        abort();
++        g_assert_not_reached();
+     }
+-    write_fp_dreg(s, rd, tcg_res);
+-
++    fpst = get_fpstatus_ptr(false);
++    if (rmode >= 0) {
++        TCGv_i32 tcg_rmode = tcg_const_i32(rmode);
++        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
++        gen_fpst(tcg_res, tcg_op, fpst);
++        gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
++        tcg_temp_free_i32(tcg_rmode);
++    } else {
++        gen_fpst(tcg_res, tcg_op, fpst);
++    }
+     tcg_temp_free_ptr(fpst);
++
++ done:
++    write_fp_dreg(s, rd, tcg_res);
+     tcg_temp_free_i64(tcg_op);
+     tcg_temp_free_i64(tcg_res);
+ }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 11/22] target/arm: Implement ARMv8.5-FRINT
+From: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190301200501.16533-11-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.h           |  5 ++
+ target/arm/helper.h        |  5 ++
+ target/arm/cpu64.c         |  1 +
+ target/arm/translate-a64.c | 71 ++++++++++++++++++++++++++--
+ target/arm/vfp_helper.c    | 96 ++++++++++++++++++++++++++++++++++++++
+files changed, 173 insertions(+), 5 deletions(-)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_predinv(const ARMISARegisters *id)
+     return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SPECRES) != 0;
+ }
++static inline bool isar_feature_aa64_frint(const ARMISARegisters *id)
++{
++    return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FRINTTS) != 0;
++}
++
+ static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id)
+ {
+     /* We always set the AdvSIMD and FP fields identically wrt FP16.  */
+diff --git a/target/arm/helper.h b/target/arm/helper.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.h
++++ b/target/arm/helper.h
+@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_fmlal_idx_a32, TCG_CALL_NO_RWG,
+ DEF_HELPER_FLAGS_5(gvec_fmlal_idx_a64, TCG_CALL_NO_RWG,
+                    void, ptr, ptr, ptr, ptr, i32)
++DEF_HELPER_FLAGS_2(frint32_s, TCG_CALL_NO_RWG, f32, f32, ptr)
++DEF_HELPER_FLAGS_2(frint64_s, TCG_CALL_NO_RWG, f32, f32, ptr)
++DEF_HELPER_FLAGS_2(frint32_d, TCG_CALL_NO_RWG, f64, f64, ptr)
++DEF_HELPER_FLAGS_2(frint64_d, TCG_CALL_NO_RWG, f64, f64, ptr)
++
+ #ifdef TARGET_AARCH64
+ #include "helper-a64.h"
+ #include "helper-sve.h"
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+         t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0);
+         t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1);
+         t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1);
++        t = FIELD_DP64(t, ID_AA64ISAR1, FRINTTS, 1);
+         cpu->isar.id_aa64isar1 = t;
+         t = cpu->isar.id_aa64pfr0;
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn)
+     case 0xf: /* FRINTI */
+         gen_fpst = gen_helper_rints;
+         break;
++    case 0x10: /* FRINT32Z */
++        rmode = float_round_to_zero;
++        gen_fpst = gen_helper_frint32_s;
++        break;
++    case 0x11: /* FRINT32X */
++        gen_fpst = gen_helper_frint32_s;
++        break;
++    case 0x12: /* FRINT64Z */
++        rmode = float_round_to_zero;
++        gen_fpst = gen_helper_frint64_s;
++        break;
++    case 0x13: /* FRINT64X */
++        gen_fpst = gen_helper_frint64_s;
++        break;
+     default:
+         g_assert_not_reached();
+     }
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn)
+     case 0xf: /* FRINTI */
+         gen_fpst = gen_helper_rintd;
+         break;
++    case 0x10: /* FRINT32Z */
++        rmode = float_round_to_zero;
++        gen_fpst = gen_helper_frint32_d;
++        break;
++    case 0x11: /* FRINT32X */
++        gen_fpst = gen_helper_frint32_d;
++        break;
++    case 0x12: /* FRINT64Z */
++        rmode = float_round_to_zero;
++        gen_fpst = gen_helper_frint64_d;
++        break;
++    case 0x13: /* FRINT64X */
++        gen_fpst = gen_helper_frint64_d;
++        break;
+     default:
+         g_assert_not_reached();
+     }
+@@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn)
+         handle_fp_fcvt(s, opcode, rd, rn, dtype, type);
+         break;
+     }
++
++    case 0x10 ... 0x13: /* FRINT{32,64}{X,Z} */
++        if (type > 1 || !dc_isar_feature(aa64_frint, s)) {
++            unallocated_encoding(s);
++            return;
++        }
++        /* fall through */
+     case 0x0 ... 0x3:
+     case 0x8 ... 0xc:
+     case 0xe ... 0xf:
+@@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn)
+             if (!fp_access_check(s)) {
+                 return;
+             }
+-
+             handle_fp_1src_single(s, opcode, rd, rn);
+             break;
+         case 1:
+             if (!fp_access_check(s)) {
+                 return;
+             }
+-
+             handle_fp_1src_double(s, opcode, rd, rn);
+             break;
+         case 3:
+@@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn)
+             if (!fp_access_check(s)) {
+                 return;
+             }
+-
+             handle_fp_1src_half(s, opcode, rd, rn);
+             break;
+         default:
+             unallocated_encoding(s);
+         }
+         break;
++
+     default:
+         unallocated_encoding(s);
+         break;
+@@ -XXX,XX +XXX,XX @@ static void handle_2misc_64(DisasContext *s, int opcode, bool u,
+     case 0x59: /* FRINTX */
+         gen_helper_rintd_exact(tcg_rd, tcg_rn, tcg_fpstatus);
+         break;
++    case 0x1e: /* FRINT32Z */
++    case 0x5e: /* FRINT32X */
++        gen_helper_frint32_d(tcg_rd, tcg_rn, tcg_fpstatus);
++        break;
++    case 0x1f: /* FRINT64Z */
++    case 0x5f: /* FRINT64X */
++        gen_helper_frint64_d(tcg_rd, tcg_rn, tcg_fpstatus);
++        break;
+     default:
+         g_assert_not_reached();
+     }
+@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
+         }
+         break;
+     case 0xc ... 0xf:
+-    case 0x16 ... 0x1d:
+-    case 0x1f:
++    case 0x16 ... 0x1f:
+     {
+         /* Floating point: U, size[1] and opcode indicate operation;
+          * size[0] indicates single or double precision.
+@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
+             }
+             need_fpstatus = true;
+             break;
++        case 0x1e: /* FRINT32Z */
++        case 0x1f: /* FRINT64Z */
++            need_rmode = true;
++            rmode = FPROUNDING_ZERO;
++            /* fall through */
++        case 0x5e: /* FRINT32X */
++        case 0x5f: /* FRINT64X */
++            need_fpstatus = true;
++            if ((size == 3 && !is_q) || !dc_isar_feature(aa64_frint, s)) {
++                unallocated_encoding(s);
++                return;
++            }
++            break;
+         default:
+             unallocated_encoding(s);
+             return;
+@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
+                 case 0x7c: /* URSQRTE */
+                     gen_helper_rsqrte_u32(tcg_res, tcg_op, tcg_fpstatus);
+                     break;
++                case 0x1e: /* FRINT32Z */
++                case 0x5e: /* FRINT32X */
++                    gen_helper_frint32_s(tcg_res, tcg_op, tcg_fpstatus);
++                    break;
++                case 0x1f: /* FRINT64Z */
++                case 0x5f: /* FRINT64X */
++                    gen_helper_frint64_s(tcg_res, tcg_op, tcg_fpstatus);
++                    break;
+                 default:
+                     g_assert_not_reached();
+                 }
+diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/vfp_helper.c
++++ b/target/arm/vfp_helper.c
+@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vjcvt)(float64 value, CPUARMState *env)
+     return result;
+ }
++
++/* Round a float32 to an integer that fits in int32_t or int64_t.  */
++static float32 frint_s(float32 f, float_status *fpst, int intsize)
++{
++    int old_flags = get_float_exception_flags(fpst);
++    uint32_t exp = extract32(f, 23, 8);
++
++    if (unlikely(exp == 0xff)) {
++        /* NaN or Inf.  */
++        goto overflow;
++    }
++
++    /* Round and re-extract the exponent.  */
++    f = float32_round_to_int(f, fpst);
++    exp = extract32(f, 23, 8);
++
++    /* Validate the range of the result.  */
++    if (exp < 126 + intsize) {
++        /* abs(F) <= INT{N}_MAX */
++        return f;
++    }
++    if (exp == 126 + intsize) {
++        uint32_t sign = extract32(f, 31, 1);
++        uint32_t frac = extract32(f, 0, 23);
++        if (sign && frac == 0) {
++            /* F == INT{N}_MIN */
++            return f;
++        }
++    }
++
++ overflow:
++    /*
++     * Raise Invalid and return INT{N}_MIN as a float.  Revert any
++     * inexact exception float32_round_to_int may have raised.
++     */
++    set_float_exception_flags(old_flags | float_flag_invalid, fpst);
++    return (0x100u + 126u + intsize) << 23;
++}
++
++float32 HELPER(frint32_s)(float32 f, void *fpst)
++{
++    return frint_s(f, fpst, 32);
++}
++
++float32 HELPER(frint64_s)(float32 f, void *fpst)
++{
++    return frint_s(f, fpst, 64);
++}
++
++/* Round a float64 to an integer that fits in int32_t or int64_t.  */
++static float64 frint_d(float64 f, float_status *fpst, int intsize)
++{
++    int old_flags = get_float_exception_flags(fpst);
++    uint32_t exp = extract64(f, 52, 11);
++
++    if (unlikely(exp == 0x7ff)) {
++        /* NaN or Inf.  */
++        goto overflow;
++    }
++
++    /* Round and re-extract the exponent.  */
++    f = float64_round_to_int(f, fpst);
++    exp = extract64(f, 52, 11);
++
++    /* Validate the range of the result.  */
++    if (exp < 1022 + intsize) {
++        /* abs(F) <= INT{N}_MAX */
++        return f;
++    }
++    if (exp == 1022 + intsize) {
++        uint64_t sign = extract64(f, 63, 1);
++        uint64_t frac = extract64(f, 0, 52);
++        if (sign && frac == 0) {
++            /* F == INT{N}_MIN */
++            return f;
++        }
++    }
++
++ overflow:
++    /*
++     * Raise Invalid and return INT{N}_MIN as a float.  Revert any
++     * inexact exception float64_round_to_int may have raised.
++     */
++    set_float_exception_flags(old_flags | float_flag_invalid, fpst);
++    return (uint64_t)(0x800 + 1022 + intsize) << 52;
++}
++
++float64 HELPER(frint32_d)(float64 f, void *fpst)
++{
++    return frint_d(f, fpst, 32);
++}
++
++float64 HELPER(frint64_d)(float64 f, void *fpst)
++{
++    return frint_d(f, fpst, 64);
++}
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 12/22] hw/arm/boot: introduce fdt_add_memory_node helper
+From: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
+We introduce an helper to create a memory node.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190304101339.25970-2-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/arm/boot.c | 54 ++++++++++++++++++++++++++++++++-------------------
+file changed, 34 insertions(+), 20 deletions(-)
+diff --git a/hw/arm/boot.c b/hw/arm/boot.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/boot.c
++++ b/hw/arm/boot.c
+@@ -XXX,XX +XXX,XX @@ static void set_kernel_args_old(const struct arm_boot_info *info,
+     }
+ }
++static int fdt_add_memory_node(void *fdt, uint32_t acells, hwaddr mem_base,
++                               uint32_t scells, hwaddr mem_len,
++                               int numa_node_id)
++{
++    char *nodename;
++    int ret;
++
++    nodename = g_strdup_printf("/memory@%" PRIx64, mem_base);
++    qemu_fdt_add_subnode(fdt, nodename);
++    qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
++    ret = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg", acells, mem_base,
++                                       scells, mem_len);
++    if (ret < 0) {
++        goto out;
++    }
++
++    /* only set the NUMA ID if it is specified */
++    if (numa_node_id >= 0) {
++        ret = qemu_fdt_setprop_cell(fdt, nodename,
++                                    "numa-node-id", numa_node_id);
++    }
++out:
++    g_free(nodename);
++    return ret;
++}
++
+ static void fdt_add_psci_node(void *fdt)
+ {
+     uint32_t cpu_suspend_fn;
+@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
+     void *fdt = NULL;
+     int size, rc, n = 0;
+     uint32_t acells, scells;
+-    char *nodename;
+     unsigned int i;
+     hwaddr mem_base, mem_len;
+     char **node_path;
+@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
+         mem_base = binfo->loader_start;
+         for (i = 0; i < nb_numa_nodes; i++) {
+             mem_len = numa_info[i].node_mem;
+-            nodename = g_strdup_printf("/memory@%" PRIx64, mem_base);
+-            qemu_fdt_add_subnode(fdt, nodename);
+-            qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
+-            rc = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg",
+-                                              acells, mem_base,
+-                                              scells, mem_len);
++            rc = fdt_add_memory_node(fdt, acells, mem_base,
++                                     scells, mem_len, i);
+             if (rc < 0) {
+-                fprintf(stderr, "couldn't set %s/reg for node %d\n", nodename,
+-                        i);
++                fprintf(stderr, "couldn't add /memory@%"PRIx64" node\n",
++                        mem_base);
+                 goto fail;
+             }
+-            qemu_fdt_setprop_cell(fdt, nodename, "numa-node-id", i);
+             mem_base += mem_len;
+-            g_free(nodename);
+         }
+     } else {
+-        nodename = g_strdup_printf("/memory@%" PRIx64, binfo->loader_start);
+-        qemu_fdt_add_subnode(fdt, nodename);
+-        qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
+-
+-        rc = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg",
+-                                          acells, binfo->loader_start,
+-                                          scells, binfo->ram_size);
++        rc = fdt_add_memory_node(fdt, acells, binfo->loader_start,
++                                 scells, binfo->ram_size, -1);
+         if (rc < 0) {
+-            fprintf(stderr, "couldn't set %s reg\n", nodename);
++            fprintf(stderr, "couldn't add /memory@%"PRIx64" node\n",
++                    binfo->loader_start);
+             goto fail;
+         }
+-        g_free(nodename);
+     }
+     rc = fdt_path_offset(fdt, "/chosen");
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 13/22] hw/arm/virt: Rename highmem IO regions
+From: Eric Auger <eric.auger@redhat.com>
+In preparation for a split of the memory map into a static
+part and a dynamic part floating after the RAM, let's rename the
+regions located after the RAM
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-3-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ include/hw/arm/virt.h    |  8 ++++----
+ hw/arm/virt-acpi-build.c | 10 ++++++----
+ hw/arm/virt.c            | 33 ++++++++++++++++++---------------
+files changed, 28 insertions(+), 23 deletions(-)
+diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/arm/virt.h
++++ b/include/hw/arm/virt.h
+@@ -XXX,XX +XXX,XX @@ enum {
+     VIRT_GIC_VCPU,
+     VIRT_GIC_ITS,
+     VIRT_GIC_REDIST,
+-    VIRT_GIC_REDIST2,
++    VIRT_HIGH_GIC_REDIST2,
+     VIRT_SMMU,
+     VIRT_UART,
+     VIRT_MMIO,
+@@ -XXX,XX +XXX,XX @@ enum {
+     VIRT_PCIE_MMIO,
+     VIRT_PCIE_PIO,
+     VIRT_PCIE_ECAM,
+-    VIRT_PCIE_ECAM_HIGH,
++    VIRT_HIGH_PCIE_ECAM,
+     VIRT_PLATFORM_BUS,
+-    VIRT_PCIE_MMIO_HIGH,
++    VIRT_HIGH_PCIE_MMIO,
+     VIRT_GPIO,
+     VIRT_SECURE_UART,
+     VIRT_SECURE_MEM,
+@@ -XXX,XX +XXX,XX @@ typedef struct {
+     int psci_conduit;
+ } VirtMachineState;
+-#define VIRT_ECAM_ID(high) (high ? VIRT_PCIE_ECAM_HIGH : VIRT_PCIE_ECAM)
++#define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM)
+ #define TYPE_VIRT_MACHINE   MACHINE_TYPE_NAME("virt")
+ #define VIRT_MACHINE(obj) \
+diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt-acpi-build.c
++++ b/hw/arm/virt-acpi-build.c
+@@ -XXX,XX +XXX,XX @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry *memmap,
+                      size_pio));
+     if (use_highmem) {
+-        hwaddr base_mmio_high = memmap[VIRT_PCIE_MMIO_HIGH].base;
+-        hwaddr size_mmio_high = memmap[VIRT_PCIE_MMIO_HIGH].size;
++        hwaddr base_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].base;
++        hwaddr size_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].size;
+         aml_append(rbuf,
+             aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED,
+@@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
+             gicr = acpi_data_push(table_data, sizeof(*gicr));
+             gicr->type = ACPI_APIC_GENERIC_REDISTRIBUTOR;
+             gicr->length = sizeof(*gicr);
+-            gicr->base_address = cpu_to_le64(memmap[VIRT_GIC_REDIST2].base);
+-            gicr->range_length = cpu_to_le32(memmap[VIRT_GIC_REDIST2].size);
++            gicr->base_address =
++                cpu_to_le64(memmap[VIRT_HIGH_GIC_REDIST2].base);
++            gicr->range_length =
++                cpu_to_le32(memmap[VIRT_HIGH_GIC_REDIST2].size);
+         }
+         if (its_class_name() && !vmc->no_its) {
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@ static const MemMapEntry a15memmap[] = {
+     [VIRT_PCIE_ECAM] =          { 0x3f000000, 0x01000000 },
+     [VIRT_MEM] =                { 0x40000000, RAMLIMIT_BYTES },
+     /* Additional 64 MB redist region (can contain up to 512 redistributors) */
+-    [VIRT_GIC_REDIST2] =        { 0x4000000000ULL, 0x4000000 },
+-    [VIRT_PCIE_ECAM_HIGH] =     { 0x4010000000ULL, 0x10000000 },
++    [VIRT_HIGH_GIC_REDIST2] =   { 0x4000000000ULL, 0x4000000 },
++    [VIRT_HIGH_PCIE_ECAM] =     { 0x4010000000ULL, 0x10000000 },
+     /* Second PCIe window, 512GB wide at the 512GB boundary */
+-    [VIRT_PCIE_MMIO_HIGH] =   { 0x8000000000ULL, 0x8000000000ULL },
++    [VIRT_HIGH_PCIE_MMIO] =     { 0x8000000000ULL, 0x8000000000ULL },
+ };
+ static const int a15irqmap[] = {
+@@ -XXX,XX +XXX,XX @@ static void fdt_add_gic_node(VirtMachineState *vms)
+, vms->memmap[VIRT_GIC_REDIST].size);
+         } else {
+             qemu_fdt_setprop_sized_cells(vms->fdt, nodename, "reg",
+-                                         2, vms->memmap[VIRT_GIC_DIST].base,
+-                                         2, vms->memmap[VIRT_GIC_DIST].size,
+-                                         2, vms->memmap[VIRT_GIC_REDIST].base,
+-                                         2, vms->memmap[VIRT_GIC_REDIST].size,
+-                                         2, vms->memmap[VIRT_GIC_REDIST2].base,
+-                                         2, vms->memmap[VIRT_GIC_REDIST2].size);
++                                 2, vms->memmap[VIRT_GIC_DIST].base,
++                                 2, vms->memmap[VIRT_GIC_DIST].size,
++                                 2, vms->memmap[VIRT_GIC_REDIST].base,
++                                 2, vms->memmap[VIRT_GIC_REDIST].size,
++                                 2, vms->memmap[VIRT_HIGH_GIC_REDIST2].base,
++                                 2, vms->memmap[VIRT_HIGH_GIC_REDIST2].size);
+         }
+         if (vms->virt) {
+@@ -XXX,XX +XXX,XX @@ static void create_gic(VirtMachineState *vms, qemu_irq *pic)
+         if (nb_redist_regions == 2) {
+             uint32_t redist1_capacity =
+-                        vms->memmap[VIRT_GIC_REDIST2].size / GICV3_REDIST_SIZE;
++                    vms->memmap[VIRT_HIGH_GIC_REDIST2].size / GICV3_REDIST_SIZE;
+             qdev_prop_set_uint32(gicdev, "redist-region-count[1]",
+                 MIN(smp_cpus - redist0_count, redist1_capacity));
+@@ -XXX,XX +XXX,XX @@ static void create_gic(VirtMachineState *vms, qemu_irq *pic)
+     if (type == 3) {
+         sysbus_mmio_map(gicbusdev, 1, vms->memmap[VIRT_GIC_REDIST].base);
+         if (nb_redist_regions == 2) {
+-            sysbus_mmio_map(gicbusdev, 2, vms->memmap[VIRT_GIC_REDIST2].base);
++            sysbus_mmio_map(gicbusdev, 2,
++                            vms->memmap[VIRT_HIGH_GIC_REDIST2].base);
+         }
+     } else {
+         sysbus_mmio_map(gicbusdev, 1, vms->memmap[VIRT_GIC_CPU].base);
+@@ -XXX,XX +XXX,XX @@ static void create_pcie(VirtMachineState *vms, qemu_irq *pic)
+ {
+     hwaddr base_mmio = vms->memmap[VIRT_PCIE_MMIO].base;
+     hwaddr size_mmio = vms->memmap[VIRT_PCIE_MMIO].size;
+-    hwaddr base_mmio_high = vms->memmap[VIRT_PCIE_MMIO_HIGH].base;
+-    hwaddr size_mmio_high = vms->memmap[VIRT_PCIE_MMIO_HIGH].size;
++    hwaddr base_mmio_high = vms->memmap[VIRT_HIGH_PCIE_MMIO].base;
++    hwaddr size_mmio_high = vms->memmap[VIRT_HIGH_PCIE_MMIO].size;
+     hwaddr base_pio = vms->memmap[VIRT_PCIE_PIO].base;
+     hwaddr size_pio = vms->memmap[VIRT_PCIE_PIO].size;
+     hwaddr base_ecam, size_ecam;
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+      * many redistributors we can fit into the memory map.
+      */
+     if (vms->gic_version == 3) {
+-        virt_max_cpus = vms->memmap[VIRT_GIC_REDIST].size / GICV3_REDIST_SIZE;
+-        virt_max_cpus += vms->memmap[VIRT_GIC_REDIST2].size / GICV3_REDIST_SIZE;
++        virt_max_cpus =
++            vms->memmap[VIRT_GIC_REDIST].size / GICV3_REDIST_SIZE;
++        virt_max_cpus +=
++            vms->memmap[VIRT_HIGH_GIC_REDIST2].size / GICV3_REDIST_SIZE;
+     } else {
+         virt_max_cpus = GIC_NCPU;
+     }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 14/22] hw/arm/virt: Split the memory map description
+From: Eric Auger <eric.auger@redhat.com>
+In the prospect to introduce an extended memory map supporting more
+RAM, let's split the memory map array into two parts:
+- the former a15memmap, renamed base_memmap, contains regions below
+  and including the RAM. MemMapEntries initialized in this array
+  have a static size and base address.
+- extended_memmap, only initialized with entries located after the
+  RAM. MemMapEntries initialized in this array only get their size
+  initialized. Their base address is dynamically computed depending
+  on the the top of the RAM, with same alignment as their size.
+Eventually base_memmap entries are copied into the extended_memmap
+array. Using two separate arrays however clarifies which entries
+are statically allocated and those which are dynamically allocated.
+This new split will allow to grow the RAM size without changing the
+description of the high IO entries.
+We introduce a new virt_set_memmap() helper function which
+"freezes" the memory map. We call it in machvirt_init as
+memory attributes of the machine are not yet set when
+virt_instance_init() gets called.
+The memory map is unchanged (the top of the initial RAM still is
+GiB). Then come the high IO regions with same layout as before.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-4-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ include/hw/arm/virt.h | 13 +++++++----
+ hw/arm/virt.c         | 50 +++++++++++++++++++++++++++++++++++++------
+files changed, 53 insertions(+), 10 deletions(-)
+diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/arm/virt.h
++++ b/include/hw/arm/virt.h
+@@ -XXX,XX +XXX,XX @@ enum {
+     VIRT_GIC_VCPU,
+     VIRT_GIC_ITS,
+     VIRT_GIC_REDIST,
+-    VIRT_HIGH_GIC_REDIST2,
+     VIRT_SMMU,
+     VIRT_UART,
+     VIRT_MMIO,
+@@ -XXX,XX +XXX,XX @@ enum {
+     VIRT_PCIE_MMIO,
+     VIRT_PCIE_PIO,
+     VIRT_PCIE_ECAM,
+-    VIRT_HIGH_PCIE_ECAM,
+     VIRT_PLATFORM_BUS,
+-    VIRT_HIGH_PCIE_MMIO,
+     VIRT_GPIO,
+     VIRT_SECURE_UART,
+     VIRT_SECURE_MEM,
++    VIRT_LOWMEMMAP_LAST,
++};
++
++/* indices of IO regions located after the RAM */
++enum {
++    VIRT_HIGH_GIC_REDIST2 =  VIRT_LOWMEMMAP_LAST,
++    VIRT_HIGH_PCIE_ECAM,
++    VIRT_HIGH_PCIE_MMIO,
+ };
+ typedef enum VirtIOMMUType {
+@@ -XXX,XX +XXX,XX @@ typedef struct {
+     int32_t gic_version;
+     VirtIOMMUType iommu;
+     struct arm_boot_info bootinfo;
+-    const MemMapEntry *memmap;
++    MemMapEntry *memmap;
+     const int *irqmap;
+     int smp_cpus;
+     void *fdt;
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@
+  */
+ #include "qemu/osdep.h"
++#include "qemu/units.h"
+ #include "qapi/error.h"
+ #include "hw/sysbus.h"
+ #include "hw/arm/arm.h"
+@@ -XXX,XX +XXX,XX @@
+  * Note that devices should generally be placed at multiples of 0x10000,
+  * to accommodate guests using 64K pages.
+  */
+-static const MemMapEntry a15memmap[] = {
++static const MemMapEntry base_memmap[] = {
+     /* Space up to 0x8000000 is reserved for a boot ROM */
+     [VIRT_FLASH] =              {          0, 0x08000000 },
+     [VIRT_CPUPERIPHS] =         { 0x08000000, 0x00020000 },
+@@ -XXX,XX +XXX,XX @@ static const MemMapEntry a15memmap[] = {
+     [VIRT_PCIE_PIO] =           { 0x3eff0000, 0x00010000 },
+     [VIRT_PCIE_ECAM] =          { 0x3f000000, 0x01000000 },
+     [VIRT_MEM] =                { 0x40000000, RAMLIMIT_BYTES },
++};
++
++/*
++ * Highmem IO Regions: This memory map is floating, located after the RAM.
++ * Each MemMapEntry base (GPA) will be dynamically computed, depending on the
++ * top of the RAM, so that its base get the same alignment as the size,
++ * ie. a 512GiB entry will be aligned on a 512GiB boundary. If there is
++ * less than 256GiB of RAM, the floating area starts at the 256GiB mark.
++ * Note the extended_memmap is sized so that it eventually also includes the
++ * base_memmap entries (VIRT_HIGH_GIC_REDIST2 index is greater than the last
++ * index of base_memmap).
++ */
++static MemMapEntry extended_memmap[] = {
+     /* Additional 64 MB redist region (can contain up to 512 redistributors) */
+-    [VIRT_HIGH_GIC_REDIST2] =   { 0x4000000000ULL, 0x4000000 },
+-    [VIRT_HIGH_PCIE_ECAM] =     { 0x4010000000ULL, 0x10000000 },
+-    /* Second PCIe window, 512GB wide at the 512GB boundary */
+-    [VIRT_HIGH_PCIE_MMIO] =     { 0x8000000000ULL, 0x8000000000ULL },
++    [VIRT_HIGH_GIC_REDIST2] =   { 0x0, 64 * MiB },
++    [VIRT_HIGH_PCIE_ECAM] =     { 0x0, 256 * MiB },
++    /* Second PCIe window */
++    [VIRT_HIGH_PCIE_MMIO] =     { 0x0, 512 * GiB },
+ };
+ static const int a15irqmap[] = {
+@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
+     return arm_cpu_mp_affinity(idx, clustersz);
+ }
++static void virt_set_memmap(VirtMachineState *vms)
++{
++    hwaddr base;
++    int i;
++
++    vms->memmap = extended_memmap;
++
++    for (i = 0; i < ARRAY_SIZE(base_memmap); i++) {
++        vms->memmap[i] = base_memmap[i];
++    }
++
++    base = 256 * GiB; /* Top of the legacy initial RAM region */
++
++    for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
++        hwaddr size = extended_memmap[i].size;
++
++        base = ROUND_UP(base, size);
++        vms->memmap[i].base = base;
++        vms->memmap[i].size = size;
++        base += size;
++    }
++}
++
+ static void machvirt_init(MachineState *machine)
+ {
+     VirtMachineState *vms = VIRT_MACHINE(machine);
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
+     bool aarch64 = true;
++    virt_set_memmap(vms);
++
+     /* We can probe only here because during property set
+      * KVM is not available yet
+      */
+@@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj)
+                                     "Valid values are none and smmuv3",
+                                     NULL);
+-    vms->memmap = a15memmap;
+     vms->irqmap = a15irqmap;
+ }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 15/22] hw/boards: Add a MachineState parameter to kvm_type callback
+From: Eric Auger <eric.auger@redhat.com>
+On ARM, the kvm_type will be resolved by querying the KVMState.
+Let's add the MachineState handle to the callback so that we
+can retrieve the  KVMState handle. in kvm_init, when the callback
+is called, the kvm_state variable is not yet set.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Acked-by: David Gibson <david@gibson.dropbear.id.au>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-5-eric.auger@redhat.com
+[ppc parts]
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ include/hw/boards.h   | 5 ++++-
+ accel/kvm/kvm-all.c   | 2 +-
+ hw/ppc/mac_newworld.c | 3 +--
+ hw/ppc/mac_oldworld.c | 2 +-
+ hw/ppc/spapr.c        | 2 +-
+files changed, 8 insertions(+), 6 deletions(-)
+diff --git a/include/hw/boards.h b/include/hw/boards.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/boards.h
++++ b/include/hw/boards.h
+@@ -XXX,XX +XXX,XX @@ typedef struct {
+  *    should instead use "unimplemented-device" for all memory ranges where
+  *    the guest will attempt to probe for a device that QEMU doesn't
+  *    implement and a stub device is required.
++ * @kvm_type:
++ *    Return the type of KVM corresponding to the kvm-type string option or
++ *    computed based on other criteria such as the host kernel capabilities.
+  */
+ struct MachineClass {
+     /*< private >*/
+@@ -XXX,XX +XXX,XX @@ struct MachineClass {
+     void (*init)(MachineState *state);
+     void (*reset)(void);
+     void (*hot_add_cpu)(const int64_t id, Error **errp);
+-    int (*kvm_type)(const char *arg);
++    int (*kvm_type)(MachineState *machine, const char *arg);
+     BlockInterfaceType block_default_type;
+     int units_per_default_bus;
+diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/kvm/kvm-all.c
++++ b/accel/kvm/kvm-all.c
+@@ -XXX,XX +XXX,XX @@ static int kvm_init(MachineState *ms)
+     kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
+     if (mc->kvm_type) {
+-        type = mc->kvm_type(kvm_type);
++        type = mc->kvm_type(ms, kvm_type);
+     } else if (kvm_type) {
+         ret = -EINVAL;
+         fprintf(stderr, "Invalid argument kvm-type=%s\n", kvm_type);
+diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/ppc/mac_newworld.c
++++ b/hw/ppc/mac_newworld.c
+@@ -XXX,XX +XXX,XX @@ static char *core99_fw_dev_path(FWPathProvider *p, BusState *bus,
+     return NULL;
+ }
+-
+-static int core99_kvm_type(const char *arg)
++static int core99_kvm_type(MachineState *machine, const char *arg)
+ {
+     /* Always force PR KVM */
+     return 2;
+diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/ppc/mac_oldworld.c
++++ b/hw/ppc/mac_oldworld.c
+@@ -XXX,XX +XXX,XX @@ static char *heathrow_fw_dev_path(FWPathProvider *p, BusState *bus,
+     return NULL;
+ }
+-static int heathrow_kvm_type(const char *arg)
++static int heathrow_kvm_type(MachineState *machine, const char *arg)
+ {
+     /* Always force PR KVM */
+     return 2;
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/ppc/spapr.c
++++ b/hw/ppc/spapr.c
+@@ -XXX,XX +XXX,XX @@ static void spapr_machine_init(MachineState *machine)
+     }
+ }
+-static int spapr_kvm_type(const char *vm_type)
++static int spapr_kvm_type(MachineState *machine, const char *vm_type)
+ {
+     if (!vm_type) {
+         return 0;
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 16/22] kvm: add kvm_arm_get_max_vm_ipa_size
+From: Eric Auger <eric.auger@redhat.com>
+Add the kvm_arm_get_max_vm_ipa_size() helper that returns the
+number of bits in the IPA address space supported by KVM.
+This capability needs to be known to create the VM with a
+specific IPA max size (kvm_type passed along KVM_CREATE_VM ioctl.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-6-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/kvm_arm.h | 13 +++++++++++++
+ target/arm/kvm.c     | 10 ++++++++++
+files changed, 23 insertions(+)
+diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm_arm.h
++++ b/target/arm/kvm_arm.h
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf);
+  */
+ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
++/**
++ * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the
++ * IPA address space supported by KVM
++ *
++ * @ms: Machine state handle
++ */
++int kvm_arm_get_max_vm_ipa_size(MachineState *ms);
++
+ /**
+  * kvm_arm_sync_mpstate_to_kvm
+  * @cpu: ARMCPU
+@@ -XXX,XX +XXX,XX @@ static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
+     cpu->host_cpu_probe_failed = true;
+ }
++static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
++{
++    return -ENOENT;
++}
++
+ static inline int kvm_arm_vgic_probe(void)
+ {
+     return 0;
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -XXX,XX +XXX,XX @@
+ #include "qemu/error-report.h"
+ #include "sysemu/sysemu.h"
+ #include "sysemu/kvm.h"
++#include "sysemu/kvm_int.h"
+ #include "kvm_arm.h"
+ #include "cpu.h"
+ #include "trace.h"
+@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
+     env->features = arm_host_cpu_features.features;
+ }
++int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
++{
++    KVMState *s = KVM_STATE(ms->accelerator);
++    int ret;
++
++    ret = kvm_check_extension(s, KVM_CAP_ARM_VM_IPA_SIZE);
++    return ret > 0 ? ret : 40;
++}
++
+ int kvm_arch_init(MachineState *ms, KVMState *s)
+ {
+     /* For ARM interrupt delivery is always asynchronous,
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 17/22] vl: Set machine ram_size, maxram_size and ram_slots earlier
+From: Eric Auger <eric.auger@redhat.com>
+The machine RAM attributes will need to be analyzed during the
+configure_accelerator() process. especially kvm_type() arm64
+machine callback will use them to know how many IPA/GPA bits are
+needed to model the whole RAM range. So let's assign those machine
+state fields before calling configure_accelerator.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-7-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ vl.c | 6 +++---
+file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/vl.c b/vl.c
+index XXXXXXX..XXXXXXX 100644
+--- a/vl.c
++++ b/vl.c
+@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp)
+     machine_opts = qemu_get_machine_opts();
+     qemu_opt_foreach(machine_opts, machine_set_property, current_machine,
+                      &error_fatal);
++    current_machine->ram_size = ram_size;
++    current_machine->maxram_size = maxram_size;
++    current_machine->ram_slots = ram_slots;
+     configure_accelerator(current_machine, argv[0]);
+@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp)
+     replay_checkpoint(CHECKPOINT_INIT);
+     qdev_machine_init();
+-    current_machine->ram_size = ram_size;
+-    current_machine->maxram_size = maxram_size;
+-    current_machine->ram_slots = ram_slots;
+     current_machine->boot_order = boot_order;
+     /* parse features once if machine provides default cpu_type */
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 18/22] hw/arm/virt: Dynamic memory map depending on RAM requirements
+From: Eric Auger <eric.auger@redhat.com>
+Up to now the memory map has been static and the high IO region
+base has always been 256GiB.
+This patch modifies the virt_set_memmap() function, which freezes
+the memory map, so that the high IO range base becomes floating,
+located after the initial RAM and the device memory.
+The function computes
+- the base of the device memory,
+- the size of the device memory,
+- the high IO region base
+- the highest GPA used in the memory map.
+Entries of the high IO region are assigned a base address. The
+device memory is initialized.
+The highest GPA used in the memory map will be used at VM creation
+to choose the requested IPA size.
+Setting all the existing highmem IO regions beyond the RAM
+allows to have a single contiguous RAM region (initial RAM and
+possible hotpluggable device memory). That way we do not need
+to do invasive changes in the EDK2 FW to support a dynamic
+RAM base.
+Still the user cannot request an initial RAM size greater than 255GB.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-8-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ include/hw/arm/virt.h |  1 +
+ hw/arm/virt.c         | 52 ++++++++++++++++++++++++++++++++++++++-----
+files changed, 47 insertions(+), 6 deletions(-)
+diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/arm/virt.h
++++ b/include/hw/arm/virt.h
+@@ -XXX,XX +XXX,XX @@ typedef struct {
+     uint32_t msi_phandle;
+     uint32_t iommu_phandle;
+     int psci_conduit;
++    hwaddr highest_gpa;
+ } VirtMachineState;
+ #define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM)
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@
+ #include "qapi/visitor.h"
+ #include "standard-headers/linux/input.h"
+ #include "hw/arm/smmuv3.h"
++#include "hw/acpi/acpi.h"
+ #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
+     static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
+@@ -XXX,XX +XXX,XX @@
+  * of a terabyte of RAM will be doing it on a host with more than a
+  * terabyte of physical address space.)
+  */
+-#define RAMLIMIT_GB 255
+-#define RAMLIMIT_BYTES (RAMLIMIT_GB * 1024ULL * 1024 * 1024)
++#define LEGACY_RAMLIMIT_GB 255
++#define LEGACY_RAMLIMIT_BYTES (LEGACY_RAMLIMIT_GB * GiB)
+ /* Addresses and sizes of our components.
+  * 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
+@@ -XXX,XX +XXX,XX @@ static const MemMapEntry base_memmap[] = {
+     [VIRT_PCIE_MMIO] =          { 0x10000000, 0x2eff0000 },
+     [VIRT_PCIE_PIO] =           { 0x3eff0000, 0x00010000 },
+     [VIRT_PCIE_ECAM] =          { 0x3f000000, 0x01000000 },
+-    [VIRT_MEM] =                { 0x40000000, RAMLIMIT_BYTES },
++    /* Actual RAM size depends on initial RAM and device memory settings */
++    [VIRT_MEM] =                { GiB, LEGACY_RAMLIMIT_BYTES },
+ };
+ /*
+@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
+ static void virt_set_memmap(VirtMachineState *vms)
+ {
+-    hwaddr base;
++    MachineState *ms = MACHINE(vms);
++    hwaddr base, device_memory_base, device_memory_size;
+     int i;
+     vms->memmap = extended_memmap;
+@@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms)
+         vms->memmap[i] = base_memmap[i];
+     }
+-    base = 256 * GiB; /* Top of the legacy initial RAM region */
++    if (ms->ram_slots > ACPI_MAX_RAM_SLOTS) {
++        error_report("unsupported number of memory slots: %"PRIu64,
++                     ms->ram_slots);
++        exit(EXIT_FAILURE);
++    }
++
++    /*
++     * We compute the base of the high IO region depending on the
++     * amount of initial and device memory. The device memory start/size
++     * is aligned on 1GiB. We never put the high IO region below 256GiB
++     * so that if maxram_size is < 255GiB we keep the legacy memory map.
++     * The device region size assumes 1GiB page max alignment per slot.
++     */
++    device_memory_base =
++        ROUND_UP(vms->memmap[VIRT_MEM].base + ms->ram_size, GiB);
++    device_memory_size = ms->maxram_size - ms->ram_size + ms->ram_slots * GiB;
++
++    /* Base address of the high IO region */
++    base = device_memory_base + ROUND_UP(device_memory_size, GiB);
++    if (base < device_memory_base) {
++        error_report("maxmem/slots too huge");
++        exit(EXIT_FAILURE);
++    }
++    if (base < vms->memmap[VIRT_MEM].base + LEGACY_RAMLIMIT_BYTES) {
++        base = vms->memmap[VIRT_MEM].base + LEGACY_RAMLIMIT_BYTES;
++    }
+     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
+         hwaddr size = extended_memmap[i].size;
+@@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms)
+         vms->memmap[i].size = size;
+         base += size;
+     }
++    vms->highest_gpa = base - 1;
++    if (device_memory_size > 0) {
++        ms->device_memory = g_malloc0(sizeof(*ms->device_memory));
++        ms->device_memory->base = device_memory_base;
++        memory_region_init(&ms->device_memory->mr, OBJECT(vms),
++                           "device-memory", device_memory_size);
++    }
+ }
+ static void machvirt_init(MachineState *machine)
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     vms->smp_cpus = smp_cpus;
+     if (machine->ram_size > vms->memmap[VIRT_MEM].size) {
+-        error_report("mach-virt: cannot model more than %dGB RAM", RAMLIMIT_GB);
++        error_report("mach-virt: cannot model more than %dGB RAM",
++                     LEGACY_RAMLIMIT_GB);
+         exit(1);
+     }
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     memory_region_allocate_system_memory(ram, NULL, "mach-virt.ram",
+                                          machine->ram_size);
+     memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base, ram);
++    if (machine->device_memory) {
++        memory_region_add_subregion(sysmem, machine->device_memory->base,
++                                    &machine->device_memory->mr);
++    }
+     create_flash(vms, sysmem, secure_sysmem ? secure_sysmem : sysmem);
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 19/22] hw/arm/virt: Implement kvm_type function for 4.0 machine
+From: Eric Auger <eric.auger@redhat.com>
+This patch implements the machine class kvm_type() callback.
+It returns the number of bits requested to implement the whole GPA
+range including the RAM and IO regions located beyond.
+The returned value is passed though the KVM_CREATE_VM ioctl and
+this allows KVM to set the stage2 tables dynamically.
+To compute the highest GPA used in the memory map, kvm_type()
+must freeze the memory map by calling virt_set_memmap().
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-9-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/arm/virt.c | 39 ++++++++++++++++++++++++++++++++++++++-
+file changed, 38 insertions(+), 1 deletion(-)
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
+     bool aarch64 = true;
+-    virt_set_memmap(vms);
++    /*
++     * In accelerated mode, the memory map is computed earlier in kvm_type()
++     * to create a VM with the right number of IPA bits.
++     */
++    if (!vms->memmap) {
++        virt_set_memmap(vms);
++    }
+     /* We can probe only here because during property set
+      * KVM is not available yet
+@@ -XXX,XX +XXX,XX @@ static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
+     return NULL;
+ }
++/*
++ * for arm64 kvm_type [7-0] encodes the requested number of bits
++ * in the IPA address space
++ */
++static int virt_kvm_type(MachineState *ms, const char *type_str)
++{
++    VirtMachineState *vms = VIRT_MACHINE(ms);
++    int max_vm_pa_size = kvm_arm_get_max_vm_ipa_size(ms);
++    int requested_pa_size;
++
++    /* we freeze the memory map to compute the highest gpa */
++    virt_set_memmap(vms);
++
++    requested_pa_size = 64 - clz64(vms->highest_gpa);
++
++    if (requested_pa_size > max_vm_pa_size) {
++        error_report("-m and ,maxmem option values "
++                     "require an IPA range (%d bits) larger than "
++                     "the one supported by the host (%d bits)",
++                     requested_pa_size, max_vm_pa_size);
++       exit(1);
++    }
++    /*
++     * By default we return 0 which corresponds to an implicit legacy
++     * 40b IPA setting. Otherwise we return the actual requested PA
++     * logsize
++     */
++    return requested_pa_size > 40 ? requested_pa_size : 0;
++}
++
+ static void virt_machine_class_init(ObjectClass *oc, void *data)
+ {
+     MachineClass *mc = MACHINE_CLASS(oc);
+@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
+     mc->cpu_index_to_instance_props = virt_cpu_index_to_props;
+     mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
+     mc->get_default_cpu_node_id = virt_get_default_cpu_node_id;
++    mc->kvm_type = virt_kvm_type;
+     assert(!mc->get_hotplug_handler);
+     mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
+     hc->plug = virt_machine_device_plug_cb;
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 20/22] hw/arm/virt: Check the VCPU PA range in TCG mode
+From: Eric Auger <eric.auger@redhat.com>
+We are about to allow the memory map to grow beyond 1TB and
+potentially overshoot the VCPU AA64MMFR0.PARANGE.
+In aarch64 mode and when highmem is set, let's check the VCPU
+PA range is sufficient to address the highest GPA of the memory
+map.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-10-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/arm/virt.c | 17 +++++++++++++++++
+file changed, 17 insertions(+)
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@
+ #include "standard-headers/linux/input.h"
+ #include "hw/arm/smmuv3.h"
+ #include "hw/acpi/acpi.h"
++#include "target/arm/internals.h"
+ #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
+     static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     fdt_add_timer_nodes(vms);
+     fdt_add_cpu_nodes(vms);
++   if (!kvm_enabled()) {
++        ARMCPU *cpu = ARM_CPU(first_cpu);
++        bool aarch64 = object_property_get_bool(OBJECT(cpu), "aarch64", NULL);
++
++        if (aarch64 && vms->highmem) {
++            int requested_pa_size, pamax = arm_pamax(cpu);
++
++            requested_pa_size = 64 - clz64(vms->highest_gpa);
++            if (pamax < requested_pa_size) {
++                error_report("VCPU supports less PA bits (%d) than requested "
++                            "by the memory map (%d)", pamax, requested_pa_size);
++                exit(1);
++            }
++        }
++    }
++
+     memory_region_allocate_system_memory(ram, NULL, "mach-virt.ram",
+                                          machine->ram_size);
+     memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base, ram);
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 21/22] hw/arm/virt: Bump the 255GB initial RAM limit
+From: Eric Auger <eric.auger@redhat.com>
+Now we have the extended memory map (high IO regions beyond the
+scalable RAM) and dynamic IPA range support at KVM/ARM level
+we can bump the legacy 255GB initial RAM limit. The actual maximum
+RAM size now depends on the physical CPU and host kernel, in
+accelerated mode. In TCG mode, it depends on the VCPU
+AA64MMFR0.PARANGE.
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20190304101339.25970-11-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/arm/virt.c | 21 +--------------------
+file changed, 1 insertion(+), 20 deletions(-)
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -XXX,XX +XXX,XX @@
+ #define PLATFORM_BUS_NUM_IRQS 64
+-/* RAM limit in GB. Since VIRT_MEM starts at the 1GB mark, this means
+- * RAM can go up to the 256GB mark, leaving 256GB of the physical
+- * address space unallocated and free for future use between 256G and 512G.
+- * If we need to provide more RAM to VMs in the future then we need to:
+- *  * allocate a second bank of RAM starting at 2TB and working up
+- *  * fix the DT and ACPI table generation code in QEMU to correctly
+- *    report two split lumps of RAM to the guest
+- *  * fix KVM in the host kernel to allow guests with >40 bit address spaces
+- * (We don't want to fill all the way up to 512GB with RAM because
+- * we might want it for non-RAM purposes later. Conversely it seems
+- * reasonable to assume that anybody configuring a VM with a quarter
+- * of a terabyte of RAM will be doing it on a host with more than a
+- * terabyte of physical address space.)
+- */
++/* Legacy RAM limit in GB (< version 4.0) */
+ #define LEGACY_RAMLIMIT_GB 255
+ #define LEGACY_RAMLIMIT_BYTES (LEGACY_RAMLIMIT_GB * GiB)
+@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     vms->smp_cpus = smp_cpus;
+-    if (machine->ram_size > vms->memmap[VIRT_MEM].size) {
+-        error_report("mach-virt: cannot model more than %dGB RAM",
+-                     LEGACY_RAMLIMIT_GB);
+-        exit(1);
+-    }
+-
+     if (vms->virt && kvm_enabled()) {
+         error_report("mach-virt: KVM does not support providing "
+                      "Virtualization extensions to the guest CPU");
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 22/22] hw/arm/stellaris: Implement watchdog timer
+From: Michel Heily <michelheily@gmail.com>
 Implement the watchdog timer for the stellaris boards.
 This device is a close variant of the CMSDK APB watchdog
 device, so we can model it by subclassing that device and
 tweaking the behaviour of some of its registers.
 Signed-off-by: Michel Heily <michelheily@gmail.com>
 Reviewed-by: Peter Maydell <petser.maydell@linaro.org>
 [PMM: rewrote commit message, fixed a few checkpatch nits,
  added comment giving the URL of the spec for the Stellaris
  variant of the watchdog device]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
  include/hw/watchdog/cmsdk-apb-watchdog.h |  8 +++
  hw/arm/stellaris.c                       | 22 ++++++-
  hw/watchdog/cmsdk-apb-watchdog.c         | 74 +++++++++++++++++++++++-
 files changed, 100 insertions(+), 4 deletions(-)
 diff --git a/include/hw/watchdog/cmsdk-apb-watchdog.h b/include/hw/watchdog/cmsdk-apb-watchdog.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/watchdog/cmsdk-apb-watchdog.h
 +++ b/include/hw/watchdog/cmsdk-apb-watchdog.h
@@ -XXX,XX +XXX,XX @@
  #define CMSDK_APB_WATCHDOG(obj) OBJECT_CHECK(CMSDKAPBWatchdog, (obj), \
                                                TYPE_CMSDK_APB_WATCHDOG)
 +/*
 + * This shares the same struct (and cast macro) as the base
 + * cmsdk-apb-watchdog device.
 + */
 +#define TYPE_LUMINARY_WATCHDOG "luminary-watchdog"
 +
  typedef struct CMSDKAPBWatchdog {
      /*< private >*/
      SysBusDevice parent_obj;
@@ -XXX,XX +XXX,XX @@ typedef struct CMSDKAPBWatchdog {
      MemoryRegion iomem;
      qemu_irq wdogint;
      uint32_t wdogclk_frq;
 +    bool is_luminary;
      struct ptimer_state *timer;
      uint32_t control;
@@ -XXX,XX +XXX,XX @@ typedef struct CMSDKAPBWatchdog {
      uint32_t itcr;
      uint32_t itop;
      uint32_t resetstatus;
 +    const uint32_t *id;
  } CMSDKAPBWatchdog;
  #endif
 diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/stellaris.c
 +++ b/hw/arm/stellaris.c
@@ -XXX,XX +XXX,XX @@
  #include "sysemu/sysemu.h"
  #include "hw/arm/armv7m.h"
  #include "hw/char/pl011.h"
 +#include "hw/watchdog/cmsdk-apb-watchdog.h"
  #include "hw/misc/unimp.h"
  #include "cpu.h"
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
       * Stellaris LM3S6965 Microcontroller Data Sheet (rev I)
       * http://www.ti.com/lit/ds/symlink/lm3s6965.pdf
       *
 -     * 40000000 wdtimer (unimplemented)
 +     * 40000000 wdtimer
       * 40002000 i2c (unimplemented)
       * 40004000 GPIO
       * 40005000 GPIO
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
      stellaris_sys_init(0x400fe000, qdev_get_gpio_in(nvic, 28),
                         board, nd_table[0].macaddr.a);
 +
 +    if (board->dc1 & (1 << 3)) { /* watchdog present */
 +        dev = qdev_create(NULL, TYPE_LUMINARY_WATCHDOG);
 +
 +        /* system_clock_scale is valid now */
 +        uint32_t mainclk = NANOSECONDS_PER_SECOND / system_clock_scale;
 +        qdev_prop_set_uint32(dev, "wdogclk-frq", mainclk);
 +
 +        qdev_init_nofail(dev);
 +        sysbus_mmio_map(SYS_BUS_DEVICE(dev),
 +                        0,
 +                        0x40000000u);
 +        sysbus_connect_irq(SYS_BUS_DEVICE(dev),
 +                           0,
 +                           qdev_get_gpio_in(nvic, 18));
 +    }
 +
 +
      for (i = 0; i < 7; i++) {
          if (board->dc4 & (1 << i)) {
              gpio_dev[i] = sysbus_create_simple("pl061_luminary", gpio_addr[i],
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
      /* Add dummy regions for the devices we don't implement yet,
       * so guest accesses don't cause unlogged crashes.
       */
 -    create_unimplemented_device("wdtimer", 0x40000000, 0x1000);
      create_unimplemented_device("i2c-0", 0x40002000, 0x1000);
      create_unimplemented_device("i2c-2", 0x40021000, 0x1000);
      create_unimplemented_device("PWM", 0x40028000, 0x1000);
 diff --git a/hw/watchdog/cmsdk-apb-watchdog.c b/hw/watchdog/cmsdk-apb-watchdog.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/watchdog/cmsdk-apb-watchdog.c
 +++ b/hw/watchdog/cmsdk-apb-watchdog.c
@@ -XXX,XX +XXX,XX @@
   * System Design Kit (CMSDK) and documented in the Cortex-M System
   * Design Kit Technical Reference Manual (ARM DDI0479C):
   * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
 + *
 + * We also support the variant of this device found in the TI
 + * Stellaris/Luminary boards and documented in:
 + * http://www.ti.com/lit/ds/symlink/lm3s6965.pdf
   */
  #include "qemu/osdep.h"
@@ -XXX,XX +XXX,XX @@ REG32(WDOGINTCLR, 0xc)
  REG32(WDOGRIS, 0x10)
      FIELD(WDOGRIS, INT, 0, 1)
  REG32(WDOGMIS, 0x14)
 +REG32(WDOGTEST, 0x418) /* only in Stellaris/Luminary version of the device */
  REG32(WDOGLOCK, 0xc00)
  #define WDOG_UNLOCK_VALUE 0x1ACCE551
  REG32(WDOGITCR, 0xf00)
@@ -XXX,XX +XXX,XX @@ REG32(CID2, 0xff8)
  REG32(CID3, 0xffc)
  /* PID/CID values */
 -static const int watchdog_id[] = {
 +static const uint32_t cmsdk_apb_watchdog_id[] = {
 x04, 0x00, 0x00, 0x00, /* PID4..PID7 */
 x24, 0xb8, 0x1b, 0x00, /* PID0..PID3 */
 x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */
  };
 +static const uint32_t luminary_watchdog_id[] = {
 +    0x00, 0x00, 0x00, 0x00, /* PID4..PID7 */
 +    0x05, 0x18, 0x18, 0x01, /* PID0..PID3 */
 +    0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */
 +};
 +
  static bool cmsdk_apb_watchdog_intstatus(CMSDKAPBWatchdog *s)
  {
      /* Return masked interrupt status */
@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_update(CMSDKAPBWatchdog *s)
      bool wdogres;
      if (s->itcr) {
 +        /*
 +         * Not checking that !s->is_luminary since s->itcr can't be written
 +         * when s->is_luminary in the first place.
 +         */
          wdogint = s->itop & R_WDOGITOP_WDOGINT_MASK;
          wdogres = s->itop & R_WDOGITOP_WDOGRES_MASK;
      } else {
@@ -XXX,XX +XXX,XX @@ static uint64_t cmsdk_apb_watchdog_read(void *opaque, hwaddr offset,
          r = s->lock;
          break;
      case A_WDOGITCR:
 +        if (s->is_luminary) {
 +            goto bad_offset;
 +        }
          r = s->itcr;
          break;
      case A_PID4 ... A_CID3:
 -        r = watchdog_id[(offset - A_PID4) / 4];
 +        r = s->id[(offset - A_PID4) / 4];
          break;
      case A_WDOGINTCLR:
      case A_WDOGITOP:
 +        if (s->is_luminary) {
 +            goto bad_offset;
 +        }
          qemu_log_mask(LOG_GUEST_ERROR,
                        "CMSDK APB watchdog read: read of WO offset %x\n",
                        (int)offset);
          r = 0;
          break;
 +    case A_WDOGTEST:
 +        if (!s->is_luminary) {
 +            goto bad_offset;
 +        }
 +        qemu_log_mask(LOG_UNIMP,
 +                      "Luminary watchdog read: stall not implemented\n");
 +        r = 0;
 +        break;
      default:
 +bad_offset:
          qemu_log_mask(LOG_GUEST_ERROR,
                        "CMSDK APB watchdog read: bad offset %x\n", (int)offset);
          r = 0;
@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset,
          ptimer_run(s->timer, 0);
          break;
      case A_WDOGCONTROL:
 +        if (s->is_luminary && 0 != (R_WDOGCONTROL_INTEN_MASK & s->control)) {
 +            /*
 +             * The Luminary version of this device ignores writes to
 +             * this register after the guest has enabled interrupts
 +             * (so they can only be disabled again via reset).
 +             */
 +            break;
 +        }
          s->control = value & R_WDOGCONTROL_VALID_MASK;
          cmsdk_apb_watchdog_update(s);
          break;
@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset,
          s->lock = (value != WDOG_UNLOCK_VALUE);
          break;
      case A_WDOGITCR:
 +        if (s->is_luminary) {
 +            goto bad_offset;
 +        }
          s->itcr = value & R_WDOGITCR_VALID_MASK;
          cmsdk_apb_watchdog_update(s);
          break;
      case A_WDOGITOP:
 +        if (s->is_luminary) {
 +            goto bad_offset;
 +        }
          s->itop = value & R_WDOGITOP_VALID_MASK;
          cmsdk_apb_watchdog_update(s);
          break;
@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset,
                        "CMSDK APB watchdog write: write to RO offset 0x%x\n",
                        (int)offset);
          break;
 +    case A_WDOGTEST:
 +        if (!s->is_luminary) {
 +            goto bad_offset;
 +        }
 +        qemu_log_mask(LOG_UNIMP,
 +                      "Luminary watchdog write: stall not implemented\n");
 +        break;
      default:
 +bad_offset:
          qemu_log_mask(LOG_GUEST_ERROR,
                        "CMSDK APB watchdog write: bad offset 0x%x\n",
                        (int)offset);
@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_init(Object *obj)
                            s, "cmsdk-apb-watchdog", 0x1000);
      sysbus_init_mmio(sbd, &s->iomem);
      sysbus_init_irq(sbd, &s->wdogint);
 +
 +    s->is_luminary = false;
 +    s->id = cmsdk_apb_watchdog_id;
  }
  static void cmsdk_apb_watchdog_realize(DeviceState *dev, Error **errp)
@@ -XXX,XX +XXX,XX @@ static const TypeInfo cmsdk_apb_watchdog_info = {
      .class_init = cmsdk_apb_watchdog_class_init,
  };
 +static void luminary_watchdog_init(Object *obj)
 +{
 +    CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(obj);
 +
 +    s->is_luminary = true;
 +    s->id = luminary_watchdog_id;
 +}
 +
 +static const TypeInfo luminary_watchdog_info = {
 +    .name = TYPE_LUMINARY_WATCHDOG,
 +    .parent = TYPE_CMSDK_APB_WATCHDOG,
 +    .instance_init = luminary_watchdog_init
 +};
 +
  static void cmsdk_apb_watchdog_register_types(void)
  {
      type_register_static(&cmsdk_apb_watchdog_info);
 +    type_register_static(&luminary_watchdog_info);
  }
  type_init(cmsdk_apb_watchdog_register_types);
 --
 .20.1

v2: dropped a couple of cadence_gem changes to ID regs that
caused new clang sanitizer warnings.

-- PMM

The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1

for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:

coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
 * target/arm: Fix aarch64_sve_change_el wrt EL0
 * target/arm: Define fields of ISAR registers
 * target/arm: Align cortex-r5 id_isar0
 * target/arm: Fix cortex-a7 id_isar0
 * net/cadence_gem: Fix various bugs, add support for new
   features that will be used by the Xilinx Versal board
 * target-arm: powerctl: Enable HVC when starting CPUs to EL2
 * target/arm: Add the Cortex-A72
 * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
 * target/arm: Mask PMOVSR writes based on supported counters
 * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
 * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

----------------------------------------------------------------
Aaron Lindsay (2):
      target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
      target/arm: Mask PMOVSR writes based on supported counters

Edgar E. Iglesias (8):
      net: cadence_gem: Disable TSU feature bit
      net: cadence_gem: Use uint32_t for 32bit descriptor words
      net: cadence_gem: Add macro with max number of descriptor words
      net: cadence_gem: Add support for extended descriptors
      net: cadence_gem: Add support for selecting the DMA MemoryRegion
      net: cadence_gem: Implement support for 64bit descriptor addresses
      target-arm: powerctl: Enable HVC when starting CPUs to EL2
      target/arm: Add the Cortex-A72

Jerome Forissier (1):
      hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART

Peter Maydell (2):
      target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
      coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

Richard Henderson (4):
      target/arm: Fix aarch64_sve_change_el wrt EL0
      target/arm: Define fields of ISAR registers
      target/arm: Align cortex-r5 id_isar0
      target/arm: Fix cortex-a7 id_isar0

include/hw/net/cadence_gem.h               |   7 +-
 target/arm/cpu.h                           |  95 ++++++++++++++-
 hw/arm/virt.c                              |   4 +
 hw/net/cadence_gem.c                       | 185 ++++++++++++++++++++---------
 target/arm/arm-powerctl.c                  |  10 ++
 target/arm/cpu.c                           |   7 +-
 target/arm/cpu64.c                         |  66 +++++++++-
 target/arm/helper.c                        |  27 +++--
 target/arm/op_helper.c                     |   6 +-
 scripts/coccinelle/inplace-byteswaps.cocci |  65 ++++++++++
 10 files changed, 402 insertions(+), 70 deletions(-)
 create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci

target-arm queue for softfreeze:
This has all the big stuff I want to get in for softfreeze;
there may be one or two smaller patches I pick up later in
the week.

thanks
-- PMM

The following changes since commit 0984a157c1c053394adbf64ed7de97f1aebe6a2d:

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2019-03-05 09:33:20 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190305

for you to fetch changes up to 566528f823d1a2e9eb2d7b2ed839547cb31bfc34:

hw/arm/stellaris: Implement watchdog timer (2019-03-05 15:55:09 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix PC test for LDM (exception return)
 * Implement ARMv8.0-SB
 * Implement ARMv8.0-PredInv
 * Implement ARMv8.4-CondM
 * Implement ARMv8.5-CondM
 * Implement ARMv8.5-FRINT
 * hw/arm/stellaris: Implement watchdog timer
 * virt: support more than 255GB of RAM

----------------------------------------------------------------
Eric Auger (9):
      hw/arm/virt: Rename highmem IO regions
      hw/arm/virt: Split the memory map description
      hw/boards: Add a MachineState parameter to kvm_type callback
      kvm: add kvm_arm_get_max_vm_ipa_size
      vl: Set machine ram_size, maxram_size and ram_slots earlier
      hw/arm/virt: Dynamic memory map depending on RAM requirements
      hw/arm/virt: Implement kvm_type function for 4.0 machine
      hw/arm/virt: Check the VCPU PA range in TCG mode
      hw/arm/virt: Bump the 255GB initial RAM limit

Michel Heily (1):
      hw/arm/stellaris: Implement watchdog timer

Richard Henderson (11):
      target/arm: Fix PC test for LDM (exception return)
      target/arm: Split out arm_sctlr
      target/arm: Implement ARMv8.0-SB
      target/arm: Implement ARMv8.0-PredInv
      target/arm: Split helper_msr_i_pstate into 3
      target/arm: Add set/clear_pstate_bits, share gen_ss_advance
      target/arm: Rearrange disas_data_proc_reg
      target/arm: Implement ARMv8.4-CondM
      target/arm: Implement ARMv8.5-CondM
      target/arm: Restructure handle_fp_1src_{single, double}
      target/arm: Implement ARMv8.5-FRINT

Shameer Kolothum (1):
      hw/arm/boot: introduce fdt_add_memory_node helper