As promised, more Arm patches. The big thing in here is the

MPS2-AN521 board model.

The following changes since commit cfe6c547690b06fbce54a6d0f7b05dd7f18e36ea:

Merge remote-tracking branch 'remotes/xanclic/tags/pull-block-2019-01-31' into staging (2019-01-31 19:26:09 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190201

for you to fetch changes up to 7743b70ffe7a8ce168adce2cf50ad156b1fefb8c:

tests/microbit-test: Add tests for nRF51 NVMC (2019-02-01 15:32:17 +0000)

* New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard

* Fix various places where we failed to UNDEF invalid A64 instructions

* Don't UNDEF a valid FCMLA on 32-bit inputs

* Fix some bugs in the newly-added PAuth implementation

* microbit: Implement NVMC non-volatile memory controller

Aaron Lindsay OS (2):

target/arm: Send interrupts on PMU counter overflow

target/arm: Add a timer to predict PMU counter overflow

Julia Suvorova (1):

arm: Clarify the logic of set_pc()

Peter Maydell (33):

armv7m: Don't assume the NVIC's CPU is CPU 0

armv7m: Make cpu object a child of the armv7m container

armv7m: Pass through start-powered-off CPU property

hw/arm/iotkit: Rename IoTKit to ARMSSE

hw/arm/iotkit: Refactor into abstract base class and subclass

hw/arm/iotkit: Rename 'iotkit' local variables and functions

hw/arm/iotkit: Rename files to hw/arm/armsse.[ch]

hw/misc/iotkit-secctl: Support 4 internal MPCs

hw/arm/armsse: Make number of SRAM banks parameterised

hw/arm/armsse: Make SRAM bank size configurable

hw/arm/armsse: Support dual-CPU configuration

hw/arm/armsse: Give each CPU its own view of memory

hw/arm/armsse: Put each CPU in its own cluster object

iotkit-sysinfo: Make SYS_VERSION and SYS_CONFIG configurable

hw/arm/armsse: Add unimplemented-device stubs for MHUs

hw/arm/armsse: Add unimplemented-device stubs for PPUs

hw/arm/armsse: Add unimplemented-device stub for cache control registers

hw/arm/armsse: Add unimplemented-device stub for CPU local control registers

hw/misc/armsse-cpuid: Implement SSE-200 CPU_IDENTITY register block

hw/arm/armsse: Add CPU_IDENTITY block to SSE-200

hw/arm/armsse: Add SSE-200 model

hw/arm/mps2-tz: Add IRQ infrastructure to support SSE-200

hw/arm/mps2-tz: Add mps2-an521 model

target/arm/translate-a64: Don't underdecode system instructions

target/arm/translate-a64: Don't underdecode PRFM

target/arm/translate-a64: Don't underdecode SIMD ld/st multiple

target/arm/translate-a64: Don't underdecode SIMD ld/st single

target/arm/translate-a64: Don't underdecode add/sub extended register

target/arm/translate-a64: Don't underdecode FP insns

target/arm/translate-a64: Don't underdecode SDOT and UDOT

exec.c: Don't reallocate IOMMUNotifiers that are in use

target/arm/translate-a64: Fix FCMLA decoding error

target/arm/translate-a64: Fix mishandling of size in FCMLA decode

Remi Denis-Courmont (2):

target/arm: fix AArch64 virtual address space size

target/arm: fix decoding of B{,L}RA{A,B}

Richard Henderson (5):

target/arm: Enable API, APK bits in SCR, HCR

target/arm: Always enable pac keys for user-only

aarch64-linux-user: Update HWCAP bits from linux 5.0-rc1

aarch64-linux-user: Enable HWCAP bits for PAuth

linux-user: Initialize aarch64 pac keys

Steffen Görtz (3):

hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories

arm: Instantiate NRF51 special NVM's and NVMC

tests/microbit-test: Add tests for nRF51 NVMC

kumar sourav (1):

hw/arm/nrf51_soc: set object owner in memory_region_init_ram

hw/arm/Makefile.objs | 2 +-

hw/misc/Makefile.objs | 1 +

hw/nvram/Makefile.objs | 1 +

include/hw/arm/{iotkit.h => armsse.h} | 113 ++-

include/hw/arm/armv7m.h | 1 +

include/hw/arm/nrf51_soc.h | 2 +

include/hw/misc/armsse-cpuid.h | 41 ++

include/hw/misc/iotkit-secctl.h | 6 +-

include/hw/misc/iotkit-sysinfo.h | 6 +

include/hw/nvram/nrf51_nvm.h | 64 ++

include/qom/cpu.h | 16 +-

linux-user/aarch64/target_syscall.h | 2 +

target/arm/cpu.h | 12 +-

exec.c | 10 +-

hw/arm/armsse.c | 1241 +++++++++++++++++++++++++++++++++

hw/arm/armv7m.c | 23 +-

hw/arm/boot.c | 4 -

hw/arm/iotkit.c | 759 --------------------

hw/arm/mps2-tz.c | 121 +++-

hw/arm/nrf51_soc.c | 44 +-

hw/intc/armv7m_nvic.c | 3 +-

hw/misc/armsse-cpuid.c | 134 ++++

hw/misc/iotkit-secctl.c | 5 +-

hw/misc/iotkit-sysinfo.c | 15 +-

hw/nvram/nrf51_nvm.c | 388 +++++++++++

linux-user/aarch64/cpu_loop.c | 31 +-

linux-user/elfload.c | 10 +

target/arm/arm-powerctl.c | 3 -

target/arm/cpu.c | 41 +-

target/arm/cpu64.c | 75 --

target/arm/helper.c | 139 +++-

target/arm/translate-a64.c | 59 +-

tests/microbit-test.c | 108 +++

MAINTAINERS | 6 +-

default-configs/arm-softmmu.mak | 3 +-

hw/misc/trace-events | 4 +

36 files changed, 2552 insertions(+), 941 deletions(-)

rename include/hw/arm/{iotkit.h => armsse.h} (53%)

create mode 100644 include/hw/misc/armsse-cpuid.h

create mode 100644 include/hw/nvram/nrf51_nvm.h

create mode 100644 hw/arm/armsse.c

delete mode 100644 hw/arm/iotkit.c

create mode 100644 hw/misc/armsse-cpuid.c

create mode 100644 hw/nvram/nrf51_nvm.c

The SSE-200 has 4 banks of SRAM, each with its own internal

Memory Protection Controller. The interrupt status for these

extra MPCs appears in the same security controller SECMPCINTSTATUS

register as the MPC for the IoTKit's single SRAM bank. Enhance the

iotkit-secctl device to allow 4 MPCs. (If the particular IoTKit/SSE

variant in use does not have all 4 MPCs then the unused inputs will

simply result in the SECMPCINTSTATUS bits being zero as required.)

The hardcoded constant "1"s in armsse.c indicate the actual number

of SRAM MPCs the IoTKit has, and will be replaced in the following

commit.

include/hw/misc/iotkit-secctl.h | 6 +++---

hw/arm/armsse.c | 6 +++---

hw/misc/iotkit-secctl.c | 5 +++--

3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/hw/misc/iotkit-secctl.h b/include/hw/misc/iotkit-secctl.h

--- a/include/hw/misc/iotkit-secctl.h

+++ b/include/hw/misc/iotkit-secctl.h

@@ -XXX,XX +XXX,XX @@

* + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_enable

* + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_clear

* + named GPIO inputs ahb_ppcexp{0,1,2,3}_irq_status

- * Controlling the MPC in the IoTKit:

- * + named GPIO input mpc_status

+ * Controlling the (up to) 4 MPCs in the IoTKit/SSE:

+ * + named GPIO inputs mpc_status[0..3]

* Controlling each of the 16 expansion MPCs which a system using the IoTKit

* might provide:

* + named GPIO inputs mpcexp_status[0..15]

@@ -XXX,XX +XXX,XX @@

#define IOTS_NUM_APB_EXP_PPC 4

#define IOTS_NUM_AHB_EXP_PPC 4

#define IOTS_NUM_EXP_MPC 16

-#define IOTS_NUM_MPC 1

+#define IOTS_NUM_MPC 4

#define IOTS_NUM_EXP_MSC 16

typedef struct IoTKitSecCtl IoTKitSecCtl;

diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c

--- a/hw/arm/armsse.c

+++ b/hw/arm/armsse.c

@@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj)

sizeof(s->mpc_irq_orgate), TYPE_OR_IRQ,

&error_abort, NULL);

- for (i = 0; i < ARRAY_SIZE(s->mpc_irq_splitter); i++) {

+ for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) {

char *name = g_strdup_printf("mpc-irq-splitter-%d", i);

SplitIRQ *splitter = &s->mpc_irq_splitter[i];

@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)

/* We must OR together lines from the MPC splitters to go to the NVIC */

object_property_set_int(OBJECT(&s->mpc_irq_orgate),

- IOTS_NUM_EXP_MPC + IOTS_NUM_MPC, "num-lines", &err);

+ IOTS_NUM_EXP_MPC + 1, "num-lines", &err);

if (err) {

error_propagate(errp, err);

return;

@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)

}

/* Wire up the splitters for the MPC IRQs */

- for (i = 0; i < IOTS_NUM_EXP_MPC + IOTS_NUM_MPC; i++) {

+ for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) {

SplitIRQ *splitter = &s->mpc_irq_splitter[i];

DeviceState *dev_splitter = DEVICE(splitter);

diff --git a/hw/misc/iotkit-secctl.c b/hw/misc/iotkit-secctl.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/iotkit-secctl.c

+++ b/hw/misc/iotkit-secctl.c

@@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_mpc_status(void *opaque, int n, int level)

{

IoTKitSecCtl *s = IOTKIT_SECCTL(opaque);

- s->mpcintstatus = deposit32(s->mpcintstatus, 0, 1, !!level);

+ s->mpcintstatus = deposit32(s->mpcintstatus, n, 1, !!level);

static void iotkit_secctl_mpcexp_status(void *opaque, int n, int level)

@@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_init(Object *obj)

qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);

qdev_init_gpio_out_named(dev, &s->nsc_cfg_irq, "nsc_cfg", 1);

- qdev_init_gpio_in_named(dev, iotkit_secctl_mpc_status, "mpc_status", 1);

+ qdev_init_gpio_in_named(dev, iotkit_secctl_mpc_status, "mpc_status",

+ IOTS_NUM_MPC);

qdev_init_gpio_in_named(dev, iotkit_secctl_mpcexp_status,

"mpcexp_status", IOTS_NUM_EXP_MPC);

2.20.1

Add a model of the MPS2 FPGA image described in Application Note

AN521. This is identical to the AN505 image, except that it uses

the SSE-200 rather than the IoTKit and so has two Cortex-M33 CPUs.

hw/arm/mps2-tz.c | 38 ++++++++++++++++++++++++++++++++++++--

1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c

--- a/hw/arm/mps2-tz.c

+++ b/hw/arm/mps2-tz.c

@@ -XXX,XX +XXX,XX @@

* as seen by the guest depend significantly on the FPGA image.

* This source file covers the following FPGA images, for TrustZone cores:

* "mps2-an505" -- Cortex-M33 as documented in ARM Application Note AN505

+ * "mps2-an521" -- Dual Cortex-M33 as documented in Application Note AN521

*

* Links to the TRM for the board itself and to the various Application

* Notes which document the FPGA images can be found here:

@@ -XXX,XX +XXX,XX @@

* http://infocenter.arm.com/help/topic/com.arm.doc.100112_0200_06_en/versatile_express_cortex_m_prototyping_systems_v2m_mps2_and_v2m_mps2plus_technical_reference_100112_0200_06_en.pdf

* Application Note AN505:

* http://infocenter.arm.com/help/topic/com.arm.doc.dai0505b/index.html

+ * Application Note AN521:

+ * http://infocenter.arm.com/help/topic/com.arm.doc.dai0521c/index.html

*

* The AN505 defers to the Cortex-M33 processor ARMv8M IoT Kit FVP User Guide

* (ARM ECM0601256) for the details of some of the device layout:

* http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html

+ * Similarly, the AN521 uses the SSE-200, and the SSE-200 TRM defines

+ * most of the device layout:

+ * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf

+ *

#include "qemu/osdep.h"

@@ -XXX,XX +XXX,XX @@ typedef struct {

MachineClass parent;

MPS2TZFPGAType fpga_type;

uint32_t scc_id;

+ const char *armsse_type;

} MPS2TZMachineClass;

typedef struct {

@@ -XXX,XX +XXX,XX @@ typedef struct {

#define TYPE_MPS2TZ_MACHINE "mps2tz"

#define TYPE_MPS2TZ_AN505_MACHINE MACHINE_TYPE_NAME("mps2-an505")

+#define TYPE_MPS2TZ_AN521_MACHINE MACHINE_TYPE_NAME("mps2-an521")

#define MPS2TZ_MACHINE(obj) \

OBJECT_CHECK(MPS2TZMachineState, obj, TYPE_MPS2TZ_MACHINE)

@@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine)

}

sysbus_init_child_obj(OBJECT(machine), "iotkit", &mms->iotkit,

- sizeof(mms->iotkit), TYPE_IOTKIT);

+ sizeof(mms->iotkit), mmc->armsse_type);

iotkitdev = DEVICE(&mms->iotkit);

object_property_set_link(OBJECT(&mms->iotkit), OBJECT(system_memory),

"memory", &error_abort);

@@ -XXX,XX +XXX,XX @@ static void mps2tz_class_init(ObjectClass *oc, void *data)

IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(oc);

mc->init = mps2tz_common_init;

- mc->max_cpus = 1;

iic->check = mps2_tz_idau_check;

@@ -XXX,XX +XXX,XX @@ static void mps2tz_an505_class_init(ObjectClass *oc, void *data)

MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc);

mc->desc = "ARM MPS2 with AN505 FPGA image for Cortex-M33";

+ mc->default_cpus = 1;

+ mc->min_cpus = mc->default_cpus;

+ mc->max_cpus = mc->default_cpus;

mmc->fpga_type = FPGA_AN505;

mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33");

mmc->scc_id = 0x41045050;

+ mmc->armsse_type = TYPE_IOTKIT;

+static void mps2tz_an521_class_init(ObjectClass *oc, void *data)

+{

+ MachineClass *mc = MACHINE_CLASS(oc);

+ MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc);

+

+ mc->desc = "ARM MPS2 with AN521 FPGA image for dual Cortex-M33";

+ mc->default_cpus = 2;

+ mc->min_cpus = mc->default_cpus;

+ mc->max_cpus = mc->default_cpus;

+ mmc->fpga_type = FPGA_AN521;

+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33");

+ mmc->scc_id = 0x41045210;

+ mmc->armsse_type = TYPE_SSE200;

}

static const TypeInfo mps2tz_info = {

@@ -XXX,XX +XXX,XX @@ static const TypeInfo mps2tz_an505_info = {

.class_init = mps2tz_an505_class_init,

};

+static const TypeInfo mps2tz_an521_info = {

+ .name = TYPE_MPS2TZ_AN521_MACHINE,

+ .parent = TYPE_MPS2TZ_MACHINE,

+ .class_init = mps2tz_an521_class_init,

+};

+

static void mps2tz_machine_init(void)

{

type_register_static(&mps2tz_info);

type_register_static(&mps2tz_an505_info);

+ type_register_static(&mps2tz_an521_info);

}

type_init(mps2tz_machine_init);

2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Initialize the keys to a non-zero value on process start.

@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)

}

}

+static uint64_t arm_rand64(void)

+{

+ int shift = 64 - clz64(RAND_MAX);

+ int i, n = 64 / shift + (64 % shift != 0);

+ uint64_t ret = 0;

+

+ for (i = 0; i < n; i++) {

+ ret = (ret << shift) | rand();

+ }

+ return ret;

+}

+

+void arm_init_pauth_key(ARMPACKey *key)

+{

+ key->lo = arm_rand64();

+ key->hi = arm_rand64();

+}

+

void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)

2.20.1

The Arm SSE-200 Subsystem for Embedded is a revised and

extended version of the older IoTKit SoC. Prepare for

adding a model of it by refactoring the IoTKit code into

an abstract base class which contains the functionality,

driven by a class data block specific to each subclass.

(This is the same approach used by the existing bcm283x

SoC family implementation.)

include/hw/arm/iotkit.h | 22 +++++++++++++++++-----

hw/arm/iotkit.c | 34 +++++++++++++++++++++++++++++-----

2 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/include/hw/arm/iotkit.h b/include/hw/arm/iotkit.h

--- a/include/hw/arm/iotkit.h

+++ b/include/hw/arm/iotkit.h

#include "hw/or-irq.h"

#include "hw/core/split-irq.h"

-#define TYPE_ARMSSE "iotkit"

+#define TYPE_ARMSSE "arm-sse"

#define ARMSSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARMSSE)

- * For the moment TYPE_IOTKIT is a synonym for TYPE_ARMSSE (and the

- * latter's underlying name is left as "iotkit"); in a later

- * commit it will become a subclass of TYPE_ARMSSE.

+ * These type names are for specific IoTKit subsystems; other than

+ * instantiating them, code using these devices should always handle

+ * them via the ARMSSE base class, so they have no IOTKIT() etc macros.

*/

-#define TYPE_IOTKIT TYPE_ARMSSE

+#define TYPE_IOTKIT "iotkit"

/* We have an IRQ splitter and an OR gate input for each external PPC

* and the 2 internal PPCs

@@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE {

uint32_t mainclk_frq;

} ARMSSE;

+typedef struct ARMSSEInfo ARMSSEInfo;

+

+typedef struct ARMSSEClass {

+ DeviceClass parent_class;

+ const ARMSSEInfo *info;

+} ARMSSEClass;

+

+#define ARMSSE_CLASS(klass) \

+ OBJECT_CLASS_CHECK(ARMSSEClass, (klass), TYPE_ARMSSE)

+#define ARMSSE_GET_CLASS(obj) \

+ OBJECT_GET_CLASS(ARMSSEClass, (obj), TYPE_ARMSSE)

+

#endif

diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/iotkit.c

+++ b/hw/arm/iotkit.c

@@ -XXX,XX +XXX,XX @@

#include "hw/arm/iotkit.h"

#include "hw/arm/arm.h"

+struct ARMSSEInfo {

+ const char *name;

+};

+

+static const ARMSSEInfo armsse_variants[] = {

+ {

+ .name = TYPE_IOTKIT,

+ },

+};

+

/* Clock frequency in HZ of the 32KHz "slow clock" */

#define S32KCLK (32 * 1000)

@@ -XXX,XX +XXX,XX @@ static void iotkit_class_init(ObjectClass *klass, void *data)

{

DeviceClass *dc = DEVICE_CLASS(klass);

IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass);

+ ARMSSEClass *asc = ARMSSE_CLASS(klass);

dc->realize = iotkit_realize;

dc->vmsd = &iotkit_vmstate;

dc->props = iotkit_properties;

dc->reset = iotkit_reset;

iic->check = iotkit_idau_check;

+ asc->info = data;

}

-static const TypeInfo iotkit_info = {

+static const TypeInfo armsse_info = {

.name = TYPE_ARMSSE,

.parent = TYPE_SYS_BUS_DEVICE,

.instance_size = sizeof(ARMSSE),

.instance_init = iotkit_init,

- .class_init = iotkit_class_init,

+ .abstract = true,

.interfaces = (InterfaceInfo[]) {

{ TYPE_IDAU_INTERFACE },

{ }

}

};

-static void iotkit_register_types(void)

+static void armsse_register_types(void)

{

- type_register_static(&iotkit_info);

+ int i;

+

+ type_register_static(&armsse_info);

+

+ for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) {

+ TypeInfo ti = {

+ .name = armsse_variants[i].name,

+ .parent = TYPE_ARMSSE,

+ .class_init = iotkit_class_init,

+ .class_data = (void *)&armsse_variants[i],

+ };

+ type_register(&ti);

+ }

}

-type_init(iotkit_register_types);

+type_init(armsse_register_types);

2.20.1

From: Aaron Lindsay OS <aaron@os.amperecomputing.com>

Make PMU overflow interrupts more accurate by using a timer to predict

when they will overflow rather than waiting for an event to occur which

allows us to otherwise check them.

Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>

target/arm/cpu.h | 10 +++++++

target/arm/cpu.c | 12 ++++++++

target/arm/helper.c | 72 +++++++++++++++++++++++++++++++++++++++++++--

3 files changed, 92 insertions(+), 2 deletions(-)

@@ -XXX,XX +XXX,XX @@ struct ARMCPU {

/* Timers used by the generic (architected) timer */

QEMUTimer *gt_timer[NUM_GTIMERS];