Series comparison

-[Qemu-devel] [PULL 00/17] target-arm queue
+[Qemu-devel] [PULL 0/5] target-arm queue
-v2: dropped a couple of cadence_gem changes to ID regs that
+target-arm queue for rc2. This has 3 Arm related bug fixes,
-caused new clang sanitizer warnings.
+and a couple of non-arm patches which don't have an obviously
 better route into the tree.
+thanks
 -- PMM
-The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:
+The following changes since commit b9e02bb3f98174209dbd5c96858e65a31723221b:
-  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)
+  Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-07-19' into staging (2019-07-22 10:11:28 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190722
-for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:
+for you to fetch changes up to ddb45afbfbc639365d6c934e4e29f6de5e5e2a0e:
-  coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)
+  contrib/elf2dmp: Build download.o with CURL_CFLAGS (2019-07-22 14:07:39 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
+ * target/arm: Add missing break statement for Hypervisor Trap Exception
- * target/arm: Fix aarch64_sve_change_el wrt EL0
+   (fixes handling of SMC insn taken to AArch32 Hyp mode via HCR.TSC)
- * target/arm: Define fields of ISAR registers
+ * hw/arm/fsl-imx6ul.c: Remove dead SMP-related code
- * target/arm: Align cortex-r5 id_isar0
+ * target/arm: Limit ID register assertions to TCG
- * target/arm: Fix cortex-a7 id_isar0
+ * configure: Clarify URL to source downloads
- * net/cadence_gem: Fix various bugs, add support for new
+ * contrib/elf2dmp: Build download.o with CURL_CFLAGS
    features that will be used by the Xilinx Versal board
  * target-arm: powerctl: Enable HVC when starting CPUs to EL2
  * target/arm: Add the Cortex-A72
  * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
  * target/arm: Mask PMOVSR writes based on supported counters
  * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
  * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
 ----------------------------------------------------------------
-Aaron Lindsay (2):
+Peter Maydell (4):
-      target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
+      hw/arm/fsl-imx6ul.c: Remove dead SMP-related code
-      target/arm: Mask PMOVSR writes based on supported counters
+      target/arm: Limit ID register assertions to TCG
       configure: Clarify URL to source downloads
       contrib/elf2dmp: Build download.o with CURL_CFLAGS
-Edgar E. Iglesias (8):
+Philippe Mathieu-Daudé (1):
-      net: cadence_gem: Disable TSU feature bit
+      target/arm: Add missing break statement for Hypervisor Trap Exception
       net: cadence_gem: Use uint32_t for 32bit descriptor words
       net: cadence_gem: Add macro with max number of descriptor words
       net: cadence_gem: Add support for extended descriptors
       net: cadence_gem: Add support for selecting the DMA MemoryRegion
       net: cadence_gem: Implement support for 64bit descriptor addresses
       target-arm: powerctl: Enable HVC when starting CPUs to EL2
       target/arm: Add the Cortex-A72
-Jerome Forissier (1):
+ configure                     |  2 +-
-      hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
+ Makefile                      |  1 -
  contrib/elf2dmp/Makefile.objs |  3 +++
  include/hw/arm/fsl-imx6ul.h   |  2 +-
  hw/arm/fsl-imx6ul.c           | 62 +++++++++++++------------------------------
  hw/arm/mcimx6ul-evk.c         |  2 +-
  target/arm/cpu.c              |  7 +++--
  target/arm/helper.c           |  1 +
 files changed, 30 insertions(+), 50 deletions(-)
-Peter Maydell (2):
-      target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
-      coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
-Richard Henderson (4):
-      target/arm: Fix aarch64_sve_change_el wrt EL0
-      target/arm: Define fields of ISAR registers
-      target/arm: Align cortex-r5 id_isar0
-      target/arm: Fix cortex-a7 id_isar0
- include/hw/net/cadence_gem.h               |   7 +-
- target/arm/cpu.h                           |  95 ++++++++++++++-
- hw/arm/virt.c                              |   4 +
- hw/net/cadence_gem.c                       | 185 ++++++++++++++++++++---------
- target/arm/arm-powerctl.c                  |  10 ++
- target/arm/cpu.c                           |   7 +-
- target/arm/cpu64.c                         |  66 +++++++++-
- target/arm/helper.c                        |  27 +++--
- target/arm/op_helper.c                     |   6 +-
- scripts/coccinelle/inplace-byteswaps.cocci |  65 ++++++++++
-files changed, 402 insertions(+), 70 deletions(-)
- create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci

-New patch
+[Qemu-devel] [PULL 1/5] target/arm: Add missing break statement for Hypervisor Trap Exception
+From: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reported by GCC9 when building with  -Wimplicit-fallthrough=2:
+  target/arm/helper.c: In function ‘arm_cpu_do_interrupt_aarch32_hyp’:
+  target/arm/helper.c:7958:14: error: this statement may fall through [-Werror=implicit-fallthrough=]
+|         addr = 0x14;
+        |         ~~~~~^~~~~~
+  target/arm/helper.c:7959:5: note: here
+|     default:
+        |     ^~~~~~~
+  cc1: all warnings being treated as errors
+Fixes: b9bc21ff9f9
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reported-by: Stefan Weil <sw@weilnetz.de>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20190719111451.12406-1-philmd@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/helper.c | 1 +
+file changed, 1 insertion(+)
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch32_hyp(CPUState *cs)
+         break;
+     case EXCP_HYP_TRAP:
+         addr = 0x14;
++        break;
+     default:
+         cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
+     }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 2/5] hw/arm/fsl-imx6ul.c: Remove dead SMP-related code
+The i.MX6UL always has a single Cortex-A7 CPU (we set FSL_IMX6UL_NUM_CPUS
+to 1 in line with this). This means that all the code in fsl-imx6ul.c to
+handle multiple CPUs is dead code, and Coverity is now complaining that
+it is unreachable (CID 1403008, 1403011).
+Remove the unreachable code and the only-executes-once loops,
+and replace the single-entry cpu[] array in the FSLIMX6ULState
+with a simple cpu member.
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190712115030.26895-1-peter.maydell@linaro.org
+---
+ include/hw/arm/fsl-imx6ul.h |  2 +-
+ hw/arm/fsl-imx6ul.c         | 62 +++++++++++--------------------------
+ hw/arm/mcimx6ul-evk.c       |  2 +-
+files changed, 20 insertions(+), 46 deletions(-)
+diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/arm/fsl-imx6ul.h
++++ b/include/hw/arm/fsl-imx6ul.h
+@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX6ULState {
+     DeviceState    parent_obj;
+     /*< public >*/
+-    ARMCPU             cpu[FSL_IMX6UL_NUM_CPUS];
++    ARMCPU             cpu;
+     A15MPPrivState     a7mpcore;
+     IMXGPTState        gpt[FSL_IMX6UL_NUM_GPTS];
+     IMXEPITState       epit[FSL_IMX6UL_NUM_EPITS];
+diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/fsl-imx6ul.c
++++ b/hw/arm/fsl-imx6ul.c
+@@ -XXX,XX +XXX,XX @@
+ static void fsl_imx6ul_init(Object *obj)
+ {
+-    MachineState *ms = MACHINE(qdev_get_machine());
+     FslIMX6ULState *s = FSL_IMX6UL(obj);
+     char name[NAME_SIZE];
+     int i;
+-    for (i = 0; i < MIN(ms->smp.cpus, FSL_IMX6UL_NUM_CPUS); i++) {
+-        snprintf(name, NAME_SIZE, "cpu%d", i);
+-        object_initialize_child(obj, name, &s->cpu[i], sizeof(s->cpu[i]),
+-                                "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
+-    }
++    object_initialize_child(obj, "cpu0", &s->cpu, sizeof(s->cpu),
++                            "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
+     /*
+      * A7MPCORE
+@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
+     MachineState *ms = MACHINE(qdev_get_machine());
+     FslIMX6ULState *s = FSL_IMX6UL(dev);
+     int i;
+-    qemu_irq irq;
+     char name[NAME_SIZE];
+-    unsigned int smp_cpus = ms->smp.cpus;
++    SysBusDevice *sbd;
++    DeviceState *d;
+-    if (smp_cpus > FSL_IMX6UL_NUM_CPUS) {
+-        error_setg(errp, "%s: Only %d CPUs are supported (%d requested)",
+-                   TYPE_FSL_IMX6UL, FSL_IMX6UL_NUM_CPUS, smp_cpus);
++    if (ms->smp.cpus > 1) {
++        error_setg(errp, "%s: Only a single CPU is supported (%d requested)",
++                   TYPE_FSL_IMX6UL, ms->smp.cpus);
+         return;
+     }
+-    for (i = 0; i < smp_cpus; i++) {
+-        Object *o = OBJECT(&s->cpu[i]);
+-
+-        object_property_set_int(o, QEMU_PSCI_CONDUIT_SMC,
+-                                "psci-conduit", &error_abort);
+-
+-        /* On uniprocessor, the CBAR is set to 0 */
+-        if (smp_cpus > 1) {
+-            object_property_set_int(o, FSL_IMX6UL_A7MPCORE_ADDR,
+-                                    "reset-cbar", &error_abort);
+-        }
+-
+-        if (i) {
+-            /* Secondary CPUs start in PSCI powered-down state */
+-            object_property_set_bool(o, true,
+-                                     "start-powered-off", &error_abort);
+-        }
+-
+-        object_property_set_bool(o, true, "realized", &error_abort);
+-    }
++    object_property_set_int(OBJECT(&s->cpu), QEMU_PSCI_CONDUIT_SMC,
++                            "psci-conduit", &error_abort);
++    object_property_set_bool(OBJECT(&s->cpu), true,
++                             "realized", &error_abort);
+     /*
+      * A7MPCORE
+      */
+-    object_property_set_int(OBJECT(&s->a7mpcore), smp_cpus, "num-cpu",
+-                            &error_abort);
++    object_property_set_int(OBJECT(&s->a7mpcore), 1, "num-cpu", &error_abort);
+     object_property_set_int(OBJECT(&s->a7mpcore),
+                             FSL_IMX6UL_MAX_IRQ + GIC_INTERNAL,
+                             "num-irq", &error_abort);
+@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
+                              &error_abort);
+     sysbus_mmio_map(SYS_BUS_DEVICE(&s->a7mpcore), 0, FSL_IMX6UL_A7MPCORE_ADDR);
+-    for (i = 0; i < smp_cpus; i++) {
+-        SysBusDevice *sbd = SYS_BUS_DEVICE(&s->a7mpcore);
+-        DeviceState  *d   = DEVICE(qemu_get_cpu(i));
++    sbd = SYS_BUS_DEVICE(&s->a7mpcore);
++    d = DEVICE(&s->cpu);
+-        irq = qdev_get_gpio_in(d, ARM_CPU_IRQ);
+-        sysbus_connect_irq(sbd, i, irq);
+-        sysbus_connect_irq(sbd, i + smp_cpus, qdev_get_gpio_in(d, ARM_CPU_FIQ));
+-        sysbus_connect_irq(sbd, i + 2 * smp_cpus,
+-                           qdev_get_gpio_in(d, ARM_CPU_VIRQ));
+-        sysbus_connect_irq(sbd, i + 3 * smp_cpus,
+-                           qdev_get_gpio_in(d, ARM_CPU_VFIQ));
+-    }
++    sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(d, ARM_CPU_IRQ));
++    sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(d, ARM_CPU_FIQ));
++    sysbus_connect_irq(sbd, 2, qdev_get_gpio_in(d, ARM_CPU_VIRQ));
++    sysbus_connect_irq(sbd, 3, qdev_get_gpio_in(d, ARM_CPU_VFIQ));
+     /*
+      * A7MPCORE DAP
+diff --git a/hw/arm/mcimx6ul-evk.c b/hw/arm/mcimx6ul-evk.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/mcimx6ul-evk.c
++++ b/hw/arm/mcimx6ul-evk.c
+@@ -XXX,XX +XXX,XX @@ static void mcimx6ul_evk_init(MachineState *machine)
+     }
+     if (!qtest_enabled()) {
+-        arm_load_kernel(&s->soc.cpu[0], &boot_info);
++        arm_load_kernel(&s->soc.cpu, &boot_info);
+     }
+ }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 3/5] target/arm: Limit ID register assertions to TCG
+In arm_cpu_realizefn() we make several assertions about the values of
+guest ID registers:
+ * if the CPU provides AArch32 v7VE or better it must advertise the
+   ARM_DIV feature
+ * if the CPU provides AArch32 A-profile v6 or better it must
+   advertise the Jazelle feature
+These are essentially consistency checks that our ID register
+specifications in cpu.c didn't accidentally miss out a feature,
+because increasingly the TCG emulation gates features on the values
+in ID registers rather than using old-style checks of ARM_FEATURE_FOO
+bits.
+Unfortunately, these asserts can cause problems if we're running KVM,
+because in that case we don't control the values of the ID registers
+-- we read them from the host kernel.  In particular, if the host
+kernel is older than 4.15 then it doesn't expose the ID registers via
+the KVM_GET_ONE_REG ioctl, and we set up dummy values for some
+registers and leave the rest at zero.  (See the comment in
+target/arm/kvm64.c kvm_arm_get_host_cpu_features().) This set of
+dummy values is not sufficient to pass our assertions, and so on
+those kernels running an AArch32 guest on AArch64 will assert.
+We could provide a more sophisticated set of dummy ID registers in
+this case, but that still leaves the possibility of a host CPU which
+reports bogus ID register values that would cause us to assert.  It's
+more robust to only do these ID register checks if we're using TCG,
+as that is the only case where this is truly a QEMU code bug.
+Reported-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20190718125928.20147-1-peter.maydell@linaro.org
+Fixes: https://bugs.launchpad.net/qemu/+bug/1830864
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/cpu.c | 7 +++++--
+file changed, 5 insertions(+), 2 deletions(-)
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu.c
++++ b/target/arm/cpu.c
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
+      * There exist AArch64 cpus without AArch32 support.  When KVM
+      * queries ID_ISAR0_EL1 on such a host, the value is UNKNOWN.
+      * Similarly, we cannot check ID_AA64PFR0 without AArch64 support.
++     * As a general principle, we also do not make ID register
++     * consistency checks anywhere unless using TCG, because only
++     * for TCG would a consistency-check failure be a QEMU bug.
+      */
+     if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+         no_aa32 = !cpu_isar_feature(aa64_aa32, cpu);
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
+          * Presence of EL2 itself is ARM_FEATURE_EL2, and of the
+          * Security Extensions is ARM_FEATURE_EL3.
+          */
+-        assert(no_aa32 || cpu_isar_feature(arm_div, cpu));
++        assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(arm_div, cpu));
+         set_feature(env, ARM_FEATURE_LPAE);
+         set_feature(env, ARM_FEATURE_V7);
+     }
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
+     if (arm_feature(env, ARM_FEATURE_V6)) {
+         set_feature(env, ARM_FEATURE_V5);
+         if (!arm_feature(env, ARM_FEATURE_M)) {
+-            assert(no_aa32 || cpu_isar_feature(jazelle, cpu));
++            assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(jazelle, cpu));
+             set_feature(env, ARM_FEATURE_AUXCR);
+         }
+     }
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 4/5] configure: Clarify URL to source downloads
+If configure detects that it's being run on a source tree which
+is missing git modules, it prints an error messages suggesting
+that the user downloads a correct source archive from the project
+website. However https://www.qemu.org/download/ is a link to a
+page with multiple tabs, with the default being the one telling
+users how to get binaries from their distro. Clarify the URL
+we print to include the #source anchor, so that the browser will
+go directly to the source-tarball instructions.
+Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reviewed-by: Stefan Weil <sw@weilnetz.de>
+Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20190718131659.20783-1-peter.maydell@linaro.org
+Suggested-by: Stefan Weil <sw@weilnetz.de>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ configure | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/configure b/configure
+index XXXXXXX..XXXXXXX 100755
+--- a/configure
++++ b/configure
+@@ -XXX,XX +XXX,XX @@ else
+         echo "to acquire QEMU source archives. Non-GIT builds are only"
+         echo "supported with source archives linked from:"
+         echo
+-        echo "  https://www.qemu.org/download/"
++        echo "  https://www.qemu.org/download/#source"
+         echo
+         echo "Developers working with GIT can use scripts/archive-source.sh"
+         echo "if they need to create valid source archives."
+--
+.20.1

-New patch
+[Qemu-devel] [PULL 5/5] contrib/elf2dmp: Build download.o with CURL_CFLAGS
+contrib/elf2dmp has a source file which uses curl/curl.h;
+although we link the final executable with CURL_LIBS, we
+forgot to build this source file with CURL_CFLAGS, so if
+the curl header is in a place that's not already on the
+system include path then it will fail to build.
+Add a line specifying the cflags needed for download.o;
+while we are here, bring the specification of the libs
+into line with this, since using a per-object variable
+setting is preferred over adding them to the final
+executable link line.
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 20190719100955.17180-1-peter.maydell@linaro.org
+---
+ Makefile                      | 1 -
+ contrib/elf2dmp/Makefile.objs | 3 +++
+files changed, 3 insertions(+), 1 deletion(-)
+diff --git a/Makefile b/Makefile
+index XXXXXXX..XXXXXXX 100644
+--- a/Makefile
++++ b/Makefile
+@@ -XXX,XX +XXX,XX @@ ifneq ($(EXESUF),)
+ qemu-ga: qemu-ga$(EXESUF) $(QGA_VSS_PROVIDER) $(QEMU_GA_MSI)
+ endif
+-elf2dmp$(EXESUF): LIBS += $(CURL_LIBS)
+ elf2dmp$(EXESUF): $(elf2dmp-obj-y)
+     $(call LINK, $^)
+diff --git a/contrib/elf2dmp/Makefile.objs b/contrib/elf2dmp/Makefile.objs
+index XXXXXXX..XXXXXXX 100644
+--- a/contrib/elf2dmp/Makefile.objs
++++ b/contrib/elf2dmp/Makefile.objs
+@@ -1 +1,4 @@
+ elf2dmp-obj-y = main.o addrspace.o download.o pdb.o qemu_elf.o
++
++download.o-cflags := $(CURL_CFLAGS)
++download.o-libs   := $(CURL_LIBS)
+--
+.20.1

v2: dropped a couple of cadence_gem changes to ID regs that
caused new clang sanitizer warnings.

-- PMM

The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1

for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:

coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
 * target/arm: Fix aarch64_sve_change_el wrt EL0
 * target/arm: Define fields of ISAR registers
 * target/arm: Align cortex-r5 id_isar0
 * target/arm: Fix cortex-a7 id_isar0
 * net/cadence_gem: Fix various bugs, add support for new
   features that will be used by the Xilinx Versal board
 * target-arm: powerctl: Enable HVC when starting CPUs to EL2
 * target/arm: Add the Cortex-A72
 * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
 * target/arm: Mask PMOVSR writes based on supported counters
 * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
 * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

----------------------------------------------------------------
Aaron Lindsay (2):
      target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
      target/arm: Mask PMOVSR writes based on supported counters

Edgar E. Iglesias (8):
      net: cadence_gem: Disable TSU feature bit
      net: cadence_gem: Use uint32_t for 32bit descriptor words
      net: cadence_gem: Add macro with max number of descriptor words
      net: cadence_gem: Add support for extended descriptors
      net: cadence_gem: Add support for selecting the DMA MemoryRegion
      net: cadence_gem: Implement support for 64bit descriptor addresses
      target-arm: powerctl: Enable HVC when starting CPUs to EL2
      target/arm: Add the Cortex-A72

Jerome Forissier (1):
      hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART

Peter Maydell (2):
      target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
      coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls

Richard Henderson (4):
      target/arm: Fix aarch64_sve_change_el wrt EL0
      target/arm: Define fields of ISAR registers
      target/arm: Align cortex-r5 id_isar0
      target/arm: Fix cortex-a7 id_isar0

include/hw/net/cadence_gem.h               |   7 +-
 target/arm/cpu.h                           |  95 ++++++++++++++-
 hw/arm/virt.c                              |   4 +
 hw/net/cadence_gem.c                       | 185 ++++++++++++++++++++---------
 target/arm/arm-powerctl.c                  |  10 ++
 target/arm/cpu.c                           |   7 +-
 target/arm/cpu64.c                         |  66 +++++++++-
 target/arm/helper.c                        |  27 +++--
 target/arm/op_helper.c                     |   6 +-
 scripts/coccinelle/inplace-byteswaps.cocci |  65 ++++++++++
 10 files changed, 402 insertions(+), 70 deletions(-)
 create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci

target-arm queue for rc2. This has 3 Arm related bug fixes,
and a couple of non-arm patches which don't have an obviously
better route into the tree.

thanks
-- PMM

The following changes since commit b9e02bb3f98174209dbd5c96858e65a31723221b:

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-07-19' into staging (2019-07-22 10:11:28 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190722

for you to fetch changes up to ddb45afbfbc639365d6c934e4e29f6de5e5e2a0e:

contrib/elf2dmp: Build download.o with CURL_CFLAGS (2019-07-22 14:07:39 +0100)

----------------------------------------------------------------
target-arm queue:
 * target/arm: Add missing break statement for Hypervisor Trap Exception
   (fixes handling of SMC insn taken to AArch32 Hyp mode via HCR.TSC)
 * hw/arm/fsl-imx6ul.c: Remove dead SMP-related code
 * target/arm: Limit ID register assertions to TCG
 * configure: Clarify URL to source downloads
 * contrib/elf2dmp: Build download.o with CURL_CFLAGS

----------------------------------------------------------------
Peter Maydell (4):
      hw/arm/fsl-imx6ul.c: Remove dead SMP-related code
      target/arm: Limit ID register assertions to TCG
      configure: Clarify URL to source downloads
      contrib/elf2dmp: Build download.o with CURL_CFLAGS

Philippe Mathieu-Daudé (1):
      target/arm: Add missing break statement for Hypervisor Trap Exception

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Reported by GCC9 when building with  -Wimplicit-fallthrough=2:

target/arm/helper.c: In function ‘arm_cpu_do_interrupt_aarch32_hyp’:
  target/arm/helper.c:7958:14: error: this statement may fall through [-Werror=implicit-fallthrough=]
   7958 |         addr = 0x14;
        |         ~~~~~^~~~~~
  target/arm/helper.c:7959:5: note: here
   7959 |     default:
        |     ^~~~~~~
  cc1: all warnings being treated as errors

Fixes: b9bc21ff9f9
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reported-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190719111451.12406-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch32_hyp(CPUState *cs)
         break;
     case EXCP_HYP_TRAP:
         addr = 0x14;
+        break;
     default:
         cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
     }
-- 
2.20.1

The i.MX6UL always has a single Cortex-A7 CPU (we set FSL_IMX6UL_NUM_CPUS
to 1 in line with this). This means that all the code in fsl-imx6ul.c to
handle multiple CPUs is dead code, and Coverity is now complaining that
it is unreachable (CID 1403008, 1403011).

Remove the unreachable code and the only-executes-once loops,
and replace the single-entry cpu[] array in the FSLIMX6ULState
with a simple cpu member.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190712115030.26895-1-peter.maydell@linaro.org
---
 include/hw/arm/fsl-imx6ul.h |  2 +-
 hw/arm/fsl-imx6ul.c         | 62 +++++++++++--------------------------
 hw/arm/mcimx6ul-evk.c       |  2 +-
 3 files changed, 20 insertions(+), 46 deletions(-)

diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx6ul.h
+++ b/include/hw/arm/fsl-imx6ul.h
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX6ULState {
     DeviceState    parent_obj;
 
     /*< public >*/
-    ARMCPU             cpu[FSL_IMX6UL_NUM_CPUS];
+    ARMCPU             cpu;
     A15MPPrivState     a7mpcore;
     IMXGPTState        gpt[FSL_IMX6UL_NUM_GPTS];
     IMXEPITState       epit[FSL_IMX6UL_NUM_EPITS];
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/fsl-imx6ul.c
+++ b/hw/arm/fsl-imx6ul.c
@@ -XXX,XX +XXX,XX @@
 
 static void fsl_imx6ul_init(Object *obj)
 {
-    MachineState *ms = MACHINE(qdev_get_machine());
     FslIMX6ULState *s = FSL_IMX6UL(obj);
     char name[NAME_SIZE];
     int i;
 
-    for (i = 0; i < MIN(ms->smp.cpus, FSL_IMX6UL_NUM_CPUS); i++) {
-        snprintf(name, NAME_SIZE, "cpu%d", i);
-        object_initialize_child(obj, name, &s->cpu[i], sizeof(s->cpu[i]),
-                                "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
-    }
+    object_initialize_child(obj, "cpu0", &s->cpu, sizeof(s->cpu),
+                            "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
 
     /*
      * A7MPCORE
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
     MachineState *ms = MACHINE(qdev_get_machine());
     FslIMX6ULState *s = FSL_IMX6UL(dev);
     int i;
-    qemu_irq irq;
     char name[NAME_SIZE];
-    unsigned int smp_cpus = ms->smp.cpus;
+    SysBusDevice *sbd;
+    DeviceState *d;
 
-    if (smp_cpus > FSL_IMX6UL_NUM_CPUS) {
-        error_setg(errp, "%s: Only %d CPUs are supported (%d requested)",
-                   TYPE_FSL_IMX6UL, FSL_IMX6UL_NUM_CPUS, smp_cpus);
+    if (ms->smp.cpus > 1) {
+        error_setg(errp, "%s: Only a single CPU is supported (%d requested)",
+                   TYPE_FSL_IMX6UL, ms->smp.cpus);
         return;
     }
 
-    for (i = 0; i < smp_cpus; i++) {
-        Object *o = OBJECT(&s->cpu[i]);
-
-        object_property_set_int(o, QEMU_PSCI_CONDUIT_SMC,
-                                "psci-conduit", &error_abort);
-
-        /* On uniprocessor, the CBAR is set to 0 */
-        if (smp_cpus > 1) {
-            object_property_set_int(o, FSL_IMX6UL_A7MPCORE_ADDR,
-                                    "reset-cbar", &error_abort);
-        }
-
-        if (i) {
-            /* Secondary CPUs start in PSCI powered-down state */
-            object_property_set_bool(o, true,
-                                     "start-powered-off", &error_abort);
-        }
-
-        object_property_set_bool(o, true, "realized", &error_abort);
-    }
+    object_property_set_int(OBJECT(&s->cpu), QEMU_PSCI_CONDUIT_SMC,
+                            "psci-conduit", &error_abort);
+    object_property_set_bool(OBJECT(&s->cpu), true,
+                             "realized", &error_abort);
 
     /*
      * A7MPCORE
      */
-    object_property_set_int(OBJECT(&s->a7mpcore), smp_cpus, "num-cpu",
-                            &error_abort);
+    object_property_set_int(OBJECT(&s->a7mpcore), 1, "num-cpu", &error_abort);
     object_property_set_int(OBJECT(&s->a7mpcore),
                             FSL_IMX6UL_MAX_IRQ + GIC_INTERNAL,
                             "num-irq", &error_abort);
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
                              &error_abort);
     sysbus_mmio_map(SYS_BUS_DEVICE(&s->a7mpcore), 0, FSL_IMX6UL_A7MPCORE_ADDR);
 
-    for (i = 0; i < smp_cpus; i++) {
-        SysBusDevice *sbd = SYS_BUS_DEVICE(&s->a7mpcore);
-        DeviceState  *d   = DEVICE(qemu_get_cpu(i));
+    sbd = SYS_BUS_DEVICE(&s->a7mpcore);
+    d = DEVICE(&s->cpu);
 
-        irq = qdev_get_gpio_in(d, ARM_CPU_IRQ);
-        sysbus_connect_irq(sbd, i, irq);
-        sysbus_connect_irq(sbd, i + smp_cpus, qdev_get_gpio_in(d, ARM_CPU_FIQ));
-        sysbus_connect_irq(sbd, i + 2 * smp_cpus,
-                           qdev_get_gpio_in(d, ARM_CPU_VIRQ));
-        sysbus_connect_irq(sbd, i + 3 * smp_cpus,
-                           qdev_get_gpio_in(d, ARM_CPU_VFIQ));
-    }
+    sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(d, ARM_CPU_IRQ));
+    sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(d, ARM_CPU_FIQ));
+    sysbus_connect_irq(sbd, 2, qdev_get_gpio_in(d, ARM_CPU_VIRQ));
+    sysbus_connect_irq(sbd, 3, qdev_get_gpio_in(d, ARM_CPU_VFIQ));
 
     /*
      * A7MPCORE DAP
diff --git a/hw/arm/mcimx6ul-evk.c b/hw/arm/mcimx6ul-evk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mcimx6ul-evk.c
+++ b/hw/arm/mcimx6ul-evk.c
@@ -XXX,XX +XXX,XX @@ static void mcimx6ul_evk_init(MachineState *machine)
     }
 
     if (!qtest_enabled()) {
-        arm_load_kernel(&s->soc.cpu[0], &boot_info);
+        arm_load_kernel(&s->soc.cpu, &boot_info);
     }
 }
 
-- 
2.20.1

In arm_cpu_realizefn() we make several assertions about the values of
guest ID registers:
 * if the CPU provides AArch32 v7VE or better it must advertise the
   ARM_DIV feature
 * if the CPU provides AArch32 A-profile v6 or better it must
   advertise the Jazelle feature

These are essentially consistency checks that our ID register
specifications in cpu.c didn't accidentally miss out a feature,
because increasingly the TCG emulation gates features on the values
in ID registers rather than using old-style checks of ARM_FEATURE_FOO
bits.

Unfortunately, these asserts can cause problems if we're running KVM,
because in that case we don't control the values of the ID registers
-- we read them from the host kernel.  In particular, if the host
kernel is older than 4.15 then it doesn't expose the ID registers via
the KVM_GET_ONE_REG ioctl, and we set up dummy values for some
registers and leave the rest at zero.  (See the comment in
target/arm/kvm64.c kvm_arm_get_host_cpu_features().) This set of
dummy values is not sufficient to pass our assertions, and so on
those kernels running an AArch32 guest on AArch64 will assert.

We could provide a more sophisticated set of dummy ID registers in
this case, but that still leaves the possibility of a host CPU which
reports bogus ID register values that would cause us to assert.  It's
more robust to only do these ID register checks if we're using TCG,
as that is the only case where this is truly a QEMU code bug.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190718125928.20147-1-peter.maydell@linaro.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1830864
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
      * There exist AArch64 cpus without AArch32 support.  When KVM
      * queries ID_ISAR0_EL1 on such a host, the value is UNKNOWN.
      * Similarly, we cannot check ID_AA64PFR0 without AArch64 support.
+     * As a general principle, we also do not make ID register
+     * consistency checks anywhere unless using TCG, because only
+     * for TCG would a consistency-check failure be a QEMU bug.
      */
     if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
         no_aa32 = !cpu_isar_feature(aa64_aa32, cpu);
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
          * Presence of EL2 itself is ARM_FEATURE_EL2, and of the
          * Security Extensions is ARM_FEATURE_EL3.
          */
-        assert(no_aa32 || cpu_isar_feature(arm_div, cpu));
+        assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(arm_div, cpu));
         set_feature(env, ARM_FEATURE_LPAE);
         set_feature(env, ARM_FEATURE_V7);
     }
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
     if (arm_feature(env, ARM_FEATURE_V6)) {
         set_feature(env, ARM_FEATURE_V5);
         if (!arm_feature(env, ARM_FEATURE_M)) {
-            assert(no_aa32 || cpu_isar_feature(jazelle, cpu));
+            assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(jazelle, cpu));
             set_feature(env, ARM_FEATURE_AUXCR);
         }
     }
-- 
2.20.1

If configure detects that it's being run on a source tree which
is missing git modules, it prints an error messages suggesting
that the user downloads a correct source archive from the project
website. However https://www.qemu.org/download/ is a link to a
page with multiple tabs, with the default being the one telling
users how to get binaries from their distro. Clarify the URL
we print to include the #source anchor, so that the browser will
go directly to the source-tarball instructions.

Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190718131659.20783-1-peter.maydell@linaro.org
Suggested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index XXXXXXX..XXXXXXX 100755
--- a/configure
+++ b/configure
@@ -XXX,XX +XXX,XX @@ else
         echo "to acquire QEMU source archives. Non-GIT builds are only"
         echo "supported with source archives linked from:"
         echo
-        echo "  https://www.qemu.org/download/"
+        echo "  https://www.qemu.org/download/#source"
         echo
         echo "Developers working with GIT can use scripts/archive-source.sh"
         echo "if they need to create valid source archives."
-- 
2.20.1

contrib/elf2dmp has a source file which uses curl/curl.h;
although we link the final executable with CURL_LIBS, we
forgot to build this source file with CURL_CFLAGS, so if
the curl header is in a place that's not already on the
system include path then it will fail to build.

Add a line specifying the cflags needed for download.o;
while we are here, bring the specification of the libs
into line with this, since using a per-object variable
setting is preferred over adding them to the final
executable link line.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20190719100955.17180-1-peter.maydell@linaro.org
---
 Makefile                      | 1 -
 contrib/elf2dmp/Makefile.objs | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index XXXXXXX..XXXXXXX 100644
--- a/Makefile
+++ b/Makefile
@@ -XXX,XX +XXX,XX @@ ifneq ($(EXESUF),)
 qemu-ga: qemu-ga$(EXESUF) $(QGA_VSS_PROVIDER) $(QEMU_GA_MSI)
 endif
 
-elf2dmp$(EXESUF): LIBS += $(CURL_LIBS)
 elf2dmp$(EXESUF): $(elf2dmp-obj-y)
 	$(call LINK, $^)
 
diff --git a/contrib/elf2dmp/Makefile.objs b/contrib/elf2dmp/Makefile.objs
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/Makefile.objs
+++ b/contrib/elf2dmp/Makefile.objs
@@ -1 +1,4 @@
 elf2dmp-obj-y = main.o addrspace.o download.o pdb.o qemu_elf.o
+
+download.o-cflags := $(CURL_CFLAGS)
+download.o-libs   := $(CURL_LIBS)
-- 
2.20.1