Series comparison

-[Qemu-devel] [PULL 0/6] target-arm queue
+[Qemu-devel] [PULL v2 00/48] target-arm queue
-A small set of arm bugfixes for rc1 tomorrow.
+v1->v2 changes: fix a clang warning about bitfields;
 drop a patch from Julia that I accidentally included
 (it will likely be in a future series).
-thanks
+The following changes since commit a8d2b0685681e2f291faaa501efbbd76875f8ec8:
 -- PMM
-The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:
+  Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging (2019-01-18 16:56:15 +0000)
   Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190121
-for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:
+for you to fetch changes up to 0d4bfd7df809863b1f45fad35229fb9419527d06:
-  target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)
+  target/arm: Implement PMSWINC (2019-01-21 10:38:56 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * Fix non-parallel expansion of CASP
+ * hw/char/stm32f2xx_usart: Do not update data register when device is disabled
- * nrf51_gpio: reflect pull-up/pull-down to IRQs
+ * hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node
- * Fix crash if guest tries to enable non-existent PMU counters
+ * target/arm: Allow Aarch32 exception return to switch from Mon->Hyp
- * Add PMUv2 to the Cortex-A15 and Cortex-A7
+ * ftgmac100: implement the new MDIO interface on Aspeed SoC
- * Make pmccntr_op_start/finish static
+ * implement the ARMv8.3-PAuth extension
  * improve emulation of the ARM PMU
 ----------------------------------------------------------------
-Andrew Jones (4):
+Aaron Lindsay (13):
-      target/arm: add PCI_TESTDEV back to default config
+      migration: Add post_save function to VMStateDescription
-      target/arm: fix crash on pmu register access
+      target/arm: Reorganize PMCCNTR accesses
-      target/arm: cortex-a7 and cortex-a15 have pmus
+      target/arm: Swap PMU values before/after migrations
-      target/arm: make pmccntr_op_start/finish static
+      target/arm: Filter cycle counter based on PMCCFILTR_EL0
       target/arm: Allow AArch32 access for PMCCFILTR
       target/arm: Implement PMOVSSET
       target/arm: Define FIELDs for ID_DFR0
       target/arm: Make PMCEID[01]_EL0 64 bit registers, add PMCEID[23]
       target/arm: Add array for supported PMU events, generate PMCEID[01]_EL0
       target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER
       target/arm: PMU: Add instruction and cycle events
       target/arm: PMU: Set PMCR.N to 4
       target/arm: Implement PMSWINC
-Paolo Bonzini (1):
+Alexander Graf (1):
-      nrf51_gpio: reflect pull-up/pull-down to IRQs
+      target/arm: Allow Aarch32 exception return to switch from Mon->Hyp
-Richard Henderson (1):
+Cédric Le Goater (1):
-      target/arm: Fix non-parallel expansion of CASP
+      ftgmac100: implement the new MDIO interface on Aspeed SoC
- target/arm/cpu.h                | 11 -------
+Eric Auger (1):
- hw/gpio/nrf51_gpio.c            | 65 +++++++++++++++++++++++++----------------
+      hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node
  target/arm/cpu.c                |  3 ++
  target/arm/helper.c             |  8 +++--
  target/arm/translate-a64.c      |  2 +-
  default-configs/arm-softmmu.mak |  1 +
 files changed, 51 insertions(+), 39 deletions(-)
+Philippe Mathieu-Daudé (1):
+      hw/char/stm32f2xx_usart: Do not update data register when device is disabled
+Richard Henderson (31):
+      target/arm: Add state for the ARMv8.3-PAuth extension
+      target/arm: Add SCTLR bits through ARMv8.5
+      target/arm: Add PAuth active bit to tbflags
+      target/arm: Introduce raise_exception_ra
+      target/arm: Add PAuth helpers
+      target/arm: Decode PAuth within system hint space
+      target/arm: Rearrange decode in disas_data_proc_1src
+      target/arm: Decode PAuth within disas_data_proc_1src
+      target/arm: Decode PAuth within disas_data_proc_2src
+      target/arm: Move helper_exception_return to helper-a64.c
+      target/arm: Add new_pc argument to helper_exception_return
+      target/arm: Rearrange decode in disas_uncond_b_reg
+      target/arm: Decode PAuth within disas_uncond_b_reg
+      target/arm: Decode Load/store register (pac)
+      target/arm: Move cpu_mmu_index out of line
+      target/arm: Introduce arm_mmu_idx
+      target/arm: Introduce arm_stage1_mmu_idx
+      target/arm: Create ARMVAParameters and helpers
+      target/arm: Merge TBFLAG_AA_TB{0, 1} to TBII
+      target/arm: Export aa64_va_parameters to internals.h
+      target/arm: Add aa64_va_parameters_both
+      target/arm: Decode TBID from TCR
+      target/arm: Reuse aa64_va_parameters for setting tbflags
+      target/arm: Implement pauth_strip
+      target/arm: Implement pauth_auth
+      target/arm: Implement pauth_addpac
+      target/arm: Implement pauth_computepac
+      target/arm: Add PAuth system registers
+      target/arm: Enable PAuth for -cpu max
+      target/arm: Enable PAuth for user-only
+      target/arm: Tidy TBI handling in gen_a64_set_pc
+ target/arm/Makefile.objs    |    1 +
+ include/hw/acpi/acpi-defs.h |    2 +
+ include/migration/vmstate.h |    1 +
+ target/arm/cpu.h            |  244 +++++----
+ target/arm/helper-a64.h     |   14 +
+ target/arm/helper.h         |    1 -
+ target/arm/internals.h      |   77 +++
+ target/arm/translate.h      |    5 +-
+ hw/arm/virt-acpi-build.c    |    1 +
+ hw/char/stm32f2xx_usart.c   |    3 +-
+ hw/net/ftgmac100.c          |   80 ++-
+ migration/vmstate.c         |   13 +-
+ target/arm/cpu.c            |   19 +-
+ target/arm/cpu64.c          |   68 ++-
+ target/arm/helper-a64.c     |  155 ++++++
+ target/arm/helper.c         | 1222 +++++++++++++++++++++++++++++++++----------
+ target/arm/machine.c        |   24 +
+ target/arm/op_helper.c      |  174 +-----
+ target/arm/pauth_helper.c   |  497 ++++++++++++++++++
+ target/arm/translate-a64.c  |  537 ++++++++++++++++---
+ docs/devel/migration.rst    |    9 +-
+files changed, 2515 insertions(+), 632 deletions(-)
+ create mode 100644 target/arm/pauth_helper.c

-[Qemu-devel] [PULL 1/6] target/arm: Fix non-parallel expansion of CASP
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The second word has been loaded from the unincremented
-address since the first commit.
-Fixes: 44ac14b06fa
-Reported-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Tested-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
-         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
-                             MO_64 | MO_ALIGN_16 | s->be_data);
-         tcg_gen_addi_i64(a2, clean_addr, 8);
--        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
-+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
-         /* Compare the two words, also in memory order.  */
-         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
---
-.20.1

-[Qemu-devel] [PULL 2/6] nrf51_gpio: reflect pull-up/pull-down to IRQs
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-Some drivers do I2C bitbanging by keeping the output to 0 and flipping
-the GPIO direction between input and output (see for example in Linux
-gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
-When the GPIO is set to input, the pull-up resistor brings the output
-to 1, while when the GPIO is set to output, the output driver brings
-the output to 0.
-Implement this for the nRF51 GPIO device model.  First, if both input and
-output are floating, and there is a pull-up or pull-down resistor
-configured, do not just set s->in, but also make any devices listening
-on the output qemu_irq receive that value.  Second, if the pin is
-driven both internally (output pin) and externally you don't get a
-short circuit if both sides drive the pin to the same value.
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-id: 20190317141001.3346-1-pbonzini@redhat.com
-[PMM: wrapped long line]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
-file changed, 40 insertions(+), 25 deletions(-)
-diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/gpio/nrf51_gpio.c
-+++ b/hw/gpio/nrf51_gpio.c
-@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
-     return state;
- }
-+static int pull_value(uint32_t config)
-+{
-+    int pull = extract32(config, 2, 2);
-+    if (pull == NRF51_GPIO_PULLDOWN) {
-+        return 0;
-+    } else if (pull == NRF51_GPIO_PULLUP) {
-+        return 1;
-+    }
-+    return -1;
-+}
-+
- static void update_output_irq(NRF51GPIOState *s, size_t i,
-                               bool connected, bool level)
- {
-@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
- static void update_state(NRF51GPIOState *s)
- {
--    uint32_t pull;
-+    int pull;
-     size_t i;
--    bool connected_out, dir, connected_in, out, input;
-+    bool connected_out, dir, connected_in, out, in, input;
-     for (i = 0; i < NRF51_GPIO_PINS; i++) {
--        pull = extract32(s->cnf[i], 2, 2);
-+        pull = pull_value(s->cnf[i]);
-         dir = extract32(s->cnf[i], 0, 1);
-         connected_in = extract32(s->in_mask, i, 1);
-         out = extract32(s->out, i, 1);
-+        in = extract32(s->in, i, 1);
-         input = !extract32(s->cnf[i], 1, 1);
-         connected_out = is_connected(s->cnf[i], out) && dir;
--        update_output_irq(s, i, connected_out, out);
--
--        /* Pin both driven externally and internally */
--        if (connected_out && connected_in) {
--            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
--        }
--
--        /*
--         * Input buffer disconnected from internal/external drives, so
--         * pull-up/pull-down becomes relevant
--         */
--        if (!input || (input && !connected_in && !connected_out)) {
--            if (pull == NRF51_GPIO_PULLDOWN) {
--                s->in = deposit32(s->in, i, 1, 0);
--            } else if (pull == NRF51_GPIO_PULLUP) {
--                s->in = deposit32(s->in, i, 1, 1);
-+        if (!input) {
-+            if (pull >= 0) {
-+                /* Input buffer disconnected from external drives */
-+                s->in = deposit32(s->in, i, 1, pull);
-+            }
-+        } else {
-+            if (connected_out && connected_in && out != in) {
-+                /* Pin both driven externally and internally */
-+                qemu_log_mask(LOG_GUEST_ERROR,
-+                              "GPIO pin %zu short circuited\n", i);
-+            }
-+            if (!connected_in) {
-+                /*
-+                 * Floating input: the output stimulates IN if connected,
-+                 * otherwise pull-up/pull-down resistors put a value on both
-+                 * IN and OUT.
-+                 */
-+                if (pull >= 0 && !connected_out) {
-+                    connected_out = true;
-+                    out = pull;
-+                }
-+                if (connected_out) {
-+                    s->in = deposit32(s->in, i, 1, out);
-+                }
-             }
-         }
--
--        /* Self stimulation through internal output driver */
--        if (connected_out && !connected_in && input) {
--            s->in = deposit32(s->in, i, 1, out);
--        }
-+        update_output_irq(s, i, connected_out, out);
-     }
--
- }
- /*
---
-.20.1

-[Qemu-devel] [PULL 3/6] target/arm: add PCI_TESTDEV back to default config
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-In the kconfig shuffle arm lost pci-testdev which is used by
-kvm-unit-tests. Let's add it back.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Message-id: 20190322163059.9716-1-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- default-configs/arm-softmmu.mak | 1 +
-file changed, 1 insertion(+)
-diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
-index XXXXXXX..XXXXXXX 100644
---- a/default-configs/arm-softmmu.mak
-+++ b/default-configs/arm-softmmu.mak
-@@ -XXX,XX +XXX,XX @@
- CONFIG_PCI=y
- CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_TESTDEV=y
- CONFIG_VGA=y
- CONFIG_NAND=y
- CONFIG_ECC=y
---
-.20.1

-[Qemu-devel] [PULL 4/6] target/arm: fix crash on pmu register access
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-Fix a QEMU NULL derefence that occurs when the guest attempts to
-enable PMU counters with a non-v8 cpu model or a v8 cpu model
-which has not configured a PMU.
-Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-2-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
-     int el = arm_current_el(env);
-     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
-+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
-+        return false;
-+    }
-+
-     if (!arm_feature(env, ARM_FEATURE_EL2) ||
-             (counter < hpmn || counter == 31)) {
-         e = env->cp15.c9_pmcr & PMCRE;
---
-.20.1

-[Qemu-devel] [PULL 5/6] target/arm: cortex-a7 and cortex-a15 have pmus
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
-them in ID_DFR0. Let's allow them to function. This also enables
-the pmu cpu property to work with these cpu types, i.e. we can
-now do '-cpu cortex-a15,pmu=off' to remove the pmu.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-3-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.c | 3 +++
-file changed, 3 insertions(+)
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
- #endif
-     } else {
-         cpu->id_aa64dfr0 &= ~0xf00;
-+        cpu->id_dfr0 &= ~(0xf << 24);
-         cpu->pmceid0 = 0;
-         cpu->pmceid1 = 0;
-     }
-@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
-     cpu->midr = 0x410fc075;
-     cpu->reset_fpsid = 0x41023075;
-@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
-     cpu->midr = 0x412fc0f1;
-     cpu->reset_fpsid = 0x410430f0;
---
-.20.1

-[Qemu-devel] [PULL 6/6] target/arm: make pmccntr_op_start/finish static
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-These functions are not used outside helper.c
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-4-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h    | 11 -----------
- target/arm/helper.c |  4 ++--
-files changed, 2 insertions(+), 13 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
- int cpu_arm_signal_handler(int host_signum, void *pinfo,
-                            void *puc);
--/**
-- * pmccntr_op_start/finish
-- * @env: CPUARMState
-- *
-- * Convert the counter in the PMCCNTR between its delta form (the typical mode
-- * when it's enabled) and the guest-visible value. These two calls must always
-- * surround any action which might affect the counter.
-- */
--void pmccntr_op_start(CPUARMState *env);
--void pmccntr_op_finish(CPUARMState *env);
--
- /**
-  * pmu_op_start/finish
-  * @env: CPUARMState
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
-  * etc. can be done logically. This is essentially a no-op if the counter is
-  * not enabled at the time of the call.
-  */
--void pmccntr_op_start(CPUARMState *env)
-+static void pmccntr_op_start(CPUARMState *env)
- {
-     uint64_t cycles = cycles_get_count(env);
-@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
-  * guest-visible count. A call to pmccntr_op_finish should follow every call to
-  * pmccntr_op_start.
-  */
--void pmccntr_op_finish(CPUARMState *env)
-+static void pmccntr_op_finish(CPUARMState *env)
- {
-     if (pmu_counter_enabled(env, 31)) {
- #ifndef CONFIG_USER_ONLY
---
-.20.1

A small set of arm bugfixes for rc1 tomorrow.

thanks
-- PMM

The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:

Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325

for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:

target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix non-parallel expansion of CASP
 * nrf51_gpio: reflect pull-up/pull-down to IRQs
 * Fix crash if guest tries to enable non-existent PMU counters
 * Add PMUv2 to the Cortex-A15 and Cortex-A7
 * Make pmccntr_op_start/finish static

----------------------------------------------------------------
Andrew Jones (4):
      target/arm: add PCI_TESTDEV back to default config
      target/arm: fix crash on pmu register access
      target/arm: cortex-a7 and cortex-a15 have pmus
      target/arm: make pmccntr_op_start/finish static

Paolo Bonzini (1):
      nrf51_gpio: reflect pull-up/pull-down to IRQs

Richard Henderson (1):
      target/arm: Fix non-parallel expansion of CASP

From: Richard Henderson <richard.henderson@linaro.org>

The second word has been loaded from the unincremented
address since the first commit.

Fixes: 44ac14b06fa
Reported-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
                             MO_64 | MO_ALIGN_16 | s->be_data);
         tcg_gen_addi_i64(a2, clean_addr, 8);
-        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
 
         /* Compare the two words, also in memory order.  */
         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
-- 
2.20.1

From: Paolo Bonzini <pbonzini@redhat.com>

Some drivers do I2C bitbanging by keeping the output to 0 and flipping
the GPIO direction between input and output (see for example in Linux
gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
When the GPIO is set to input, the pull-up resistor brings the output
to 1, while when the GPIO is set to output, the output driver brings
the output to 0.

Implement this for the nRF51 GPIO device model.  First, if both input and
output are floating, and there is a pull-up or pull-down resistor
configured, do not just set s->in, but also make any devices listening
on the output qemu_irq receive that value.  Second, if the pin is
driven both internally (output pin) and externally you don't get a
short circuit if both sides drive the pin to the same value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190317141001.3346-1-pbonzini@redhat.com
[PMM: wrapped long line]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 25 deletions(-)

diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/gpio/nrf51_gpio.c
+++ b/hw/gpio/nrf51_gpio.c
@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
     return state;
 }
 
+static int pull_value(uint32_t config)
+{
+    int pull = extract32(config, 2, 2);
+    if (pull == NRF51_GPIO_PULLDOWN) {
+        return 0;
+    } else if (pull == NRF51_GPIO_PULLUP) {
+        return 1;
+    }
+    return -1;
+}
+
 static void update_output_irq(NRF51GPIOState *s, size_t i,
                               bool connected, bool level)
 {
@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
 
 static void update_state(NRF51GPIOState *s)
 {
-    uint32_t pull;
+    int pull;
     size_t i;
-    bool connected_out, dir, connected_in, out, input;
+    bool connected_out, dir, connected_in, out, in, input;
 
     for (i = 0; i < NRF51_GPIO_PINS; i++) {
-        pull = extract32(s->cnf[i], 2, 2);
+        pull = pull_value(s->cnf[i]);
         dir = extract32(s->cnf[i], 0, 1);
         connected_in = extract32(s->in_mask, i, 1);
         out = extract32(s->out, i, 1);
+        in = extract32(s->in, i, 1);
         input = !extract32(s->cnf[i], 1, 1);
         connected_out = is_connected(s->cnf[i], out) && dir;
 
-        update_output_irq(s, i, connected_out, out);
-
-        /* Pin both driven externally and internally */
-        if (connected_out && connected_in) {
-            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
-        }
-
-        /*
-         * Input buffer disconnected from internal/external drives, so
-         * pull-up/pull-down becomes relevant
-         */
-        if (!input || (input && !connected_in && !connected_out)) {
-            if (pull == NRF51_GPIO_PULLDOWN) {
-                s->in = deposit32(s->in, i, 1, 0);
-            } else if (pull == NRF51_GPIO_PULLUP) {
-                s->in = deposit32(s->in, i, 1, 1);
+        if (!input) {
+            if (pull >= 0) {
+                /* Input buffer disconnected from external drives */
+                s->in = deposit32(s->in, i, 1, pull);
+            }
+        } else {
+            if (connected_out && connected_in && out != in) {
+                /* Pin both driven externally and internally */
+                qemu_log_mask(LOG_GUEST_ERROR,
+                              "GPIO pin %zu short circuited\n", i);
+            }
+            if (!connected_in) {
+                /*
+                 * Floating input: the output stimulates IN if connected,
+                 * otherwise pull-up/pull-down resistors put a value on both
+                 * IN and OUT.
+                 */
+                if (pull >= 0 && !connected_out) {
+                    connected_out = true;
+                    out = pull;
+                }
+                if (connected_out) {
+                    s->in = deposit32(s->in, i, 1, out);
+                }
             }
         }
-
-        /* Self stimulation through internal output driver */
-        if (connected_out && !connected_in && input) {
-            s->in = deposit32(s->in, i, 1, out);
-        }
+        update_output_irq(s, i, connected_out, out);
     }
-
 }
 
 /*
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.

Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
     int el = arm_current_el(env);
     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
 
+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
+        return false;
+    }
+
     if (!arm_feature(env, ARM_FEATURE_EL2) ||
             (counter < hpmn || counter == 31)) {
         e = env->cp15.c9_pmcr & PMCRE;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
them in ID_DFR0. Let's allow them to function. This also enables
the pmu cpu property to work with these cpu types, i.e. we can
now do '-cpu cortex-a15,pmu=off' to remove the pmu.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-3-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 #endif
     } else {
         cpu->id_aa64dfr0 &= ~0xf00;
+        cpu->id_dfr0 &= ~(0xf << 24);
         cpu->pmceid0 = 0;
         cpu->pmceid1 = 0;
     }
@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
     cpu->midr = 0x410fc075;
     cpu->reset_fpsid = 0x41023075;
@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
     cpu->midr = 0x412fc0f1;
     cpu->reset_fpsid = 0x410430f0;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

These functions are not used outside helper.c

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-4-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 11 -----------
 target/arm/helper.c |  4 ++--
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
 int cpu_arm_signal_handler(int host_signum, void *pinfo,
                            void *puc);
 
-/**
- * pmccntr_op_start/finish
- * @env: CPUARMState
- *
- * Convert the counter in the PMCCNTR between its delta form (the typical mode
- * when it's enabled) and the guest-visible value. These two calls must always
- * surround any action which might affect the counter.
- */
-void pmccntr_op_start(CPUARMState *env);
-void pmccntr_op_finish(CPUARMState *env);
-
 /**
  * pmu_op_start/finish
  * @env: CPUARMState
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
  * etc. can be done logically. This is essentially a no-op if the counter is
  * not enabled at the time of the call.
  */
-void pmccntr_op_start(CPUARMState *env)
+static void pmccntr_op_start(CPUARMState *env)
 {
     uint64_t cycles = cycles_get_count(env);
 
@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
  * guest-visible count. A call to pmccntr_op_finish should follow every call to
  * pmccntr_op_start.
  */
-void pmccntr_op_finish(CPUARMState *env)
+static void pmccntr_op_finish(CPUARMState *env)
 {
     if (pmu_counter_enabled(env, 31)) {
 #ifndef CONFIG_USER_ONLY
-- 
2.20.1

v1->v2 changes: fix a clang warning about bitfields;
drop a patch from Julia that I accidentally included
(it will likely be in a future series).

The following changes since commit a8d2b0685681e2f291faaa501efbbd76875f8ec8:

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging (2019-01-18 16:56:15 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190121

for you to fetch changes up to 0d4bfd7df809863b1f45fad35229fb9419527d06:

target/arm: Implement PMSWINC (2019-01-21 10:38:56 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/char/stm32f2xx_usart: Do not update data register when device is disabled
 * hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node
 * target/arm: Allow Aarch32 exception return to switch from Mon->Hyp
 * ftgmac100: implement the new MDIO interface on Aspeed SoC
 * implement the ARMv8.3-PAuth extension
 * improve emulation of the ARM PMU

----------------------------------------------------------------
Aaron Lindsay (13):
      migration: Add post_save function to VMStateDescription
      target/arm: Reorganize PMCCNTR accesses
      target/arm: Swap PMU values before/after migrations
      target/arm: Filter cycle counter based on PMCCFILTR_EL0
      target/arm: Allow AArch32 access for PMCCFILTR
      target/arm: Implement PMOVSSET
      target/arm: Define FIELDs for ID_DFR0
      target/arm: Make PMCEID[01]_EL0 64 bit registers, add PMCEID[23]
      target/arm: Add array for supported PMU events, generate PMCEID[01]_EL0
      target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER
      target/arm: PMU: Add instruction and cycle events
      target/arm: PMU: Set PMCR.N to 4
      target/arm: Implement PMSWINC

Alexander Graf (1):
      target/arm: Allow Aarch32 exception return to switch from Mon->Hyp

Cédric Le Goater (1):
      ftgmac100: implement the new MDIO interface on Aspeed SoC

Eric Auger (1):
      hw/arm/virt-acpi-build: Set COHACC override flag in IORT SMMUv3 node

Philippe Mathieu-Daudé (1):
      hw/char/stm32f2xx_usart: Do not update data register when device is disabled

Richard Henderson (31):
      target/arm: Add state for the ARMv8.3-PAuth extension
      target/arm: Add SCTLR bits through ARMv8.5
      target/arm: Add PAuth active bit to tbflags
      target/arm: Introduce raise_exception_ra
      target/arm: Add PAuth helpers
      target/arm: Decode PAuth within system hint space
      target/arm: Rearrange decode in disas_data_proc_1src
      target/arm: Decode PAuth within disas_data_proc_1src
      target/arm: Decode PAuth within disas_data_proc_2src
      target/arm: Move helper_exception_return to helper-a64.c
      target/arm: Add new_pc argument to helper_exception_return
      target/arm: Rearrange decode in disas_uncond_b_reg
      target/arm: Decode PAuth within disas_uncond_b_reg
      target/arm: Decode Load/store register (pac)
      target/arm: Move cpu_mmu_index out of line
      target/arm: Introduce arm_mmu_idx
      target/arm: Introduce arm_stage1_mmu_idx
      target/arm: Create ARMVAParameters and helpers
      target/arm: Merge TBFLAG_AA_TB{0, 1} to TBII
      target/arm: Export aa64_va_parameters to internals.h
      target/arm: Add aa64_va_parameters_both
      target/arm: Decode TBID from TCR
      target/arm: Reuse aa64_va_parameters for setting tbflags
      target/arm: Implement pauth_strip
      target/arm: Implement pauth_auth
      target/arm: Implement pauth_addpac
      target/arm: Implement pauth_computepac
      target/arm: Add PAuth system registers
      target/arm: Enable PAuth for -cpu max
      target/arm: Enable PAuth for user-only
      target/arm: Tidy TBI handling in gen_a64_set_pc