Series comparison

-[Qemu-devel] [PULL 0/6] target-arm queue
+[PULL 0/2] target-arm queue
-A small set of arm bugfixes for rc1 tomorrow.
+Couple of last-minute things for rc3...
-thanks
 -- PMM
-The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:
+The following changes since commit d15532d91be177e7528310e0110e39f915779a99:
-  Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)
+  Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200804' into staging (2020-08-04 11:53:20 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200804
-for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:
+for you to fetch changes up to d250bb19ced3b702c7c37731855f6876d0cc7995:
-  target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)
+  target/arm: Fix decode of LDRA[AB] instructions (2020-08-04 16:40:19 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * Fix non-parallel expansion of CASP
+ * Fix decode of LDRA[AB] instructions
- * nrf51_gpio: reflect pull-up/pull-down to IRQs
+ * docs/devel: Document decodetree no-overlap groups
  * Fix crash if guest tries to enable non-existent PMU counters
  * Add PMUv2 to the Cortex-A15 and Cortex-A7
  * Make pmccntr_op_start/finish static
 ----------------------------------------------------------------
-Andrew Jones (4):
+Peter Collingbourne (1):
-      target/arm: add PCI_TESTDEV back to default config
+      target/arm: Fix decode of LDRA[AB] instructions
       target/arm: fix crash on pmu register access
       target/arm: cortex-a7 and cortex-a15 have pmus
       target/arm: make pmccntr_op_start/finish static
 Paolo Bonzini (1):
       nrf51_gpio: reflect pull-up/pull-down to IRQs
 Richard Henderson (1):
-      target/arm: Fix non-parallel expansion of CASP
+      docs/devel: Document decodetree no-overlap groups
- target/arm/cpu.h                | 11 -------
+ docs/devel/decodetree.rst  | 29 ++++++++++++++++++-----------
- hw/gpio/nrf51_gpio.c            | 65 +++++++++++++++++++++++++----------------
+ target/arm/translate-a64.c |  6 ++++--
- target/arm/cpu.c                |  3 ++
+files changed, 22 insertions(+), 13 deletions(-)
  target/arm/helper.c             |  8 +++--
  target/arm/translate-a64.c      |  2 +-
  default-configs/arm-softmmu.mak |  1 +
 files changed, 51 insertions(+), 39 deletions(-)

-[Qemu-devel] [PULL 6/6] target/arm: make pmccntr_op_start/finish static
+[PULL 1/2] docs/devel: Document decodetree no-overlap groups
-From: Andrew Jones <drjones@redhat.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-These functions are not used outside helper.c
+When support for this feature went in, the update to the
 documentation was forgotten.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
+Fixes: 067e8b0f45d6
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20190322162333.17159-4-drjones@redhat.com
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Message-id: 20200803205708.315829-1-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h    | 11 -----------
+ docs/devel/decodetree.rst | 29 ++++++++++++++++++-----------
- target/arm/helper.c |  4 ++--
+file changed, 18 insertions(+), 11 deletions(-)
 files changed, 2 insertions(+), 13 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/docs/devel/decodetree.rst b/docs/devel/decodetree.rst
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/docs/devel/decodetree.rst
-+++ b/target/arm/cpu.h
++++ b/docs/devel/decodetree.rst
-@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ Pattern Groups
- int cpu_arm_signal_handler(int host_signum, void *pinfo,
-                            void *puc);
+ Syntax::
--/**
+-  group    := '{' ( pat_def | group )+ '}'
-- * pmccntr_op_start/finish
++  group            := overlap_group | no_overlap_group
-- * @env: CPUARMState
++  overlap_group    := '{' ( pat_def | group )+ '}'
-- *
++  no_overlap_group := '[' ( pat_def | group )+ ']'
-- * Convert the counter in the PMCCNTR between its delta form (the typical mode
-- * when it's enabled) and the guest-visible value. These two calls must always
+-A *group* begins with a lone open-brace, with all subsequent lines
-- * surround any action which might affect the counter.
+-indented two spaces, and ending with a lone close-brace.  Groups
-- */
+-may be nested, increasing the required indentation of the lines
--void pmccntr_op_start(CPUARMState *env);
+-within the nested group to two spaces per nesting level.
--void pmccntr_op_finish(CPUARMState *env);
++A *group* begins with a lone open-brace or open-bracket, with all
--
++subsequent lines indented two spaces, and ending with a lone
- /**
++close-brace or close-bracket.  Groups may be nested, increasing the
-  * pmu_op_start/finish
++required indentation of the lines within the nested group to two
-  * @env: CPUARMState
++spaces per nesting level.
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
+-Unlike ungrouped patterns, grouped patterns are allowed to overlap.
---- a/target/arm/helper.c
+-Conflicts are resolved by selecting the patterns in order.  If all
-+++ b/target/arm/helper.c
+-of the fixedbits for a pattern match, its translate function will
-@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
+-be called.  If the translate function returns false, then subsequent
-  * etc. can be done logically. This is essentially a no-op if the counter is
+-patterns within the group will be matched.
-  * not enabled at the time of the call.
++Patterns within overlap groups are allowed to overlap.  Conflicts are
-  */
++resolved by selecting the patterns in order.  If all of the fixedbits
--void pmccntr_op_start(CPUARMState *env)
++for a pattern match, its translate function will be called.  If the
-+static void pmccntr_op_start(CPUARMState *env)
++translate function returns false, then subsequent patterns within the
- {
++group will be matched.
-     uint64_t cycles = cycles_get_count(env);
++
++Patterns within no-overlap groups are not allowed to overlap, just
-@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
++the same as ungrouped patterns.  Thus no-overlap groups are intended
-  * guest-visible count. A call to pmccntr_op_finish should follow every call to
++to be nested inside overlap groups.
-  * pmccntr_op_start.
-  */
+ The following example from PA-RISC shows specialization of the *or*
--void pmccntr_op_finish(CPUARMState *env)
+ instruction::
-+static void pmccntr_op_finish(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ instruction::
- {
+ When the *cf* field is zero, the instruction has no side effects,
-     if (pmu_counter_enabled(env, 31)) {
+ and may be specialized.  When the *rt* field is zero, the output
- #ifndef CONFIG_USER_ONLY
+ is discarded and so the instruction has no effect.  When the *rt2*
 -field is zero, the operation is ``reg[rt] | 0`` and so encodes
 +field is zero, the operation is ``reg[r1] | 0`` and so encodes
  the canonical register copy operation.
  The output from the generator might look like::
 --
 .20.1

-[Qemu-devel] [PULL 1/6] target/arm: Fix non-parallel expansion of CASP
+[PULL 2/2] target/arm: Fix decode of LDRA[AB] instructions
-From: Richard Henderson <richard.henderson@linaro.org>
+From: Peter Collingbourne <pcc@google.com>
-The second word has been loaded from the unincremented
+These instructions use zero as the discriminator, not SP.
 address since the first commit.
-Fixes: 44ac14b06fa
+Signed-off-by: Peter Collingbourne <pcc@google.com>
-Reported-by: Alex Bennée <alex.bennee@linaro.org>
+Message-id: 20200804002849.30268-1-pcc@google.com
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Tested-by: Alex Bennée <alex.bennee@linaro.org>
 Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 2 +-
+ target/arm/translate-a64.c | 6 ++++--
-file changed, 1 insertion(+), 1 deletion(-)
+file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
+@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
-         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
-                             MO_64 | MO_ALIGN_16 | s->be_data);
+     if (s->pauth_active) {
-         tcg_gen_addi_i64(a2, clean_addr, 8);
+         if (use_key_a) {
--        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
+-            gen_helper_autda(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
-+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
++            gen_helper_autda(dirty_addr, cpu_env, dirty_addr,
++                             new_tmp_a64_zero(s));
-         /* Compare the two words, also in memory order.  */
+         } else {
-         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
+-            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
 +            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr,
 +                             new_tmp_a64_zero(s));
          }
      }
 --
 .20.1

-[Qemu-devel] [PULL 2/6] nrf51_gpio: reflect pull-up/pull-down to IRQs
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-Some drivers do I2C bitbanging by keeping the output to 0 and flipping
-the GPIO direction between input and output (see for example in Linux
-gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
-When the GPIO is set to input, the pull-up resistor brings the output
-to 1, while when the GPIO is set to output, the output driver brings
-the output to 0.
-Implement this for the nRF51 GPIO device model.  First, if both input and
-output are floating, and there is a pull-up or pull-down resistor
-configured, do not just set s->in, but also make any devices listening
-on the output qemu_irq receive that value.  Second, if the pin is
-driven both internally (output pin) and externally you don't get a
-short circuit if both sides drive the pin to the same value.
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-id: 20190317141001.3346-1-pbonzini@redhat.com
-[PMM: wrapped long line]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
-file changed, 40 insertions(+), 25 deletions(-)
-diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/gpio/nrf51_gpio.c
-+++ b/hw/gpio/nrf51_gpio.c
-@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
-     return state;
- }
-+static int pull_value(uint32_t config)
-+{
-+    int pull = extract32(config, 2, 2);
-+    if (pull == NRF51_GPIO_PULLDOWN) {
-+        return 0;
-+    } else if (pull == NRF51_GPIO_PULLUP) {
-+        return 1;
-+    }
-+    return -1;
-+}
-+
- static void update_output_irq(NRF51GPIOState *s, size_t i,
-                               bool connected, bool level)
- {
-@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
- static void update_state(NRF51GPIOState *s)
- {
--    uint32_t pull;
-+    int pull;
-     size_t i;
--    bool connected_out, dir, connected_in, out, input;
-+    bool connected_out, dir, connected_in, out, in, input;
-     for (i = 0; i < NRF51_GPIO_PINS; i++) {
--        pull = extract32(s->cnf[i], 2, 2);
-+        pull = pull_value(s->cnf[i]);
-         dir = extract32(s->cnf[i], 0, 1);
-         connected_in = extract32(s->in_mask, i, 1);
-         out = extract32(s->out, i, 1);
-+        in = extract32(s->in, i, 1);
-         input = !extract32(s->cnf[i], 1, 1);
-         connected_out = is_connected(s->cnf[i], out) && dir;
--        update_output_irq(s, i, connected_out, out);
--
--        /* Pin both driven externally and internally */
--        if (connected_out && connected_in) {
--            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
--        }
--
--        /*
--         * Input buffer disconnected from internal/external drives, so
--         * pull-up/pull-down becomes relevant
--         */
--        if (!input || (input && !connected_in && !connected_out)) {
--            if (pull == NRF51_GPIO_PULLDOWN) {
--                s->in = deposit32(s->in, i, 1, 0);
--            } else if (pull == NRF51_GPIO_PULLUP) {
--                s->in = deposit32(s->in, i, 1, 1);
-+        if (!input) {
-+            if (pull >= 0) {
-+                /* Input buffer disconnected from external drives */
-+                s->in = deposit32(s->in, i, 1, pull);
-+            }
-+        } else {
-+            if (connected_out && connected_in && out != in) {
-+                /* Pin both driven externally and internally */
-+                qemu_log_mask(LOG_GUEST_ERROR,
-+                              "GPIO pin %zu short circuited\n", i);
-+            }
-+            if (!connected_in) {
-+                /*
-+                 * Floating input: the output stimulates IN if connected,
-+                 * otherwise pull-up/pull-down resistors put a value on both
-+                 * IN and OUT.
-+                 */
-+                if (pull >= 0 && !connected_out) {
-+                    connected_out = true;
-+                    out = pull;
-+                }
-+                if (connected_out) {
-+                    s->in = deposit32(s->in, i, 1, out);
-+                }
-             }
-         }
--
--        /* Self stimulation through internal output driver */
--        if (connected_out && !connected_in && input) {
--            s->in = deposit32(s->in, i, 1, out);
--        }
-+        update_output_irq(s, i, connected_out, out);
-     }
--
- }
- /*
---
-.20.1

-[Qemu-devel] [PULL 3/6] target/arm: add PCI_TESTDEV back to default config
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-In the kconfig shuffle arm lost pci-testdev which is used by
-kvm-unit-tests. Let's add it back.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Message-id: 20190322163059.9716-1-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- default-configs/arm-softmmu.mak | 1 +
-file changed, 1 insertion(+)
-diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
-index XXXXXXX..XXXXXXX 100644
---- a/default-configs/arm-softmmu.mak
-+++ b/default-configs/arm-softmmu.mak
-@@ -XXX,XX +XXX,XX @@
- CONFIG_PCI=y
- CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_TESTDEV=y
- CONFIG_VGA=y
- CONFIG_NAND=y
- CONFIG_ECC=y
---
-.20.1

-[Qemu-devel] [PULL 4/6] target/arm: fix crash on pmu register access
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-Fix a QEMU NULL derefence that occurs when the guest attempts to
-enable PMU counters with a non-v8 cpu model or a v8 cpu model
-which has not configured a PMU.
-Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-2-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
-     int el = arm_current_el(env);
-     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
-+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
-+        return false;
-+    }
-+
-     if (!arm_feature(env, ARM_FEATURE_EL2) ||
-             (counter < hpmn || counter == 31)) {
-         e = env->cp15.c9_pmcr & PMCRE;
---
-.20.1

-[Qemu-devel] [PULL 5/6] target/arm: cortex-a7 and cortex-a15 have pmus
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
-them in ID_DFR0. Let's allow them to function. This also enables
-the pmu cpu property to work with these cpu types, i.e. we can
-now do '-cpu cortex-a15,pmu=off' to remove the pmu.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-3-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.c | 3 +++
-file changed, 3 insertions(+)
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
- #endif
-     } else {
-         cpu->id_aa64dfr0 &= ~0xf00;
-+        cpu->id_dfr0 &= ~(0xf << 24);
-         cpu->pmceid0 = 0;
-         cpu->pmceid1 = 0;
-     }
-@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
-     cpu->midr = 0x410fc075;
-     cpu->reset_fpsid = 0x41023075;
-@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
-     cpu->midr = 0x412fc0f1;
-     cpu->reset_fpsid = 0x410430f0;
---
-.20.1

A small set of arm bugfixes for rc1 tomorrow.

thanks
-- PMM

The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:

Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325

for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:

target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix non-parallel expansion of CASP
 * nrf51_gpio: reflect pull-up/pull-down to IRQs
 * Fix crash if guest tries to enable non-existent PMU counters
 * Add PMUv2 to the Cortex-A15 and Cortex-A7
 * Make pmccntr_op_start/finish static

----------------------------------------------------------------
Andrew Jones (4):
      target/arm: add PCI_TESTDEV back to default config
      target/arm: fix crash on pmu register access
      target/arm: cortex-a7 and cortex-a15 have pmus
      target/arm: make pmccntr_op_start/finish static

Paolo Bonzini (1):
      nrf51_gpio: reflect pull-up/pull-down to IRQs

Richard Henderson (1):
      target/arm: Fix non-parallel expansion of CASP

From: Richard Henderson <richard.henderson@linaro.org>

The second word has been loaded from the unincremented
address since the first commit.

Fixes: 44ac14b06fa
Reported-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
                             MO_64 | MO_ALIGN_16 | s->be_data);
         tcg_gen_addi_i64(a2, clean_addr, 8);
-        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
 
         /* Compare the two words, also in memory order.  */
         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
-- 
2.20.1

From: Paolo Bonzini <pbonzini@redhat.com>

Some drivers do I2C bitbanging by keeping the output to 0 and flipping
the GPIO direction between input and output (see for example in Linux
gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
When the GPIO is set to input, the pull-up resistor brings the output
to 1, while when the GPIO is set to output, the output driver brings
the output to 0.

Implement this for the nRF51 GPIO device model.  First, if both input and
output are floating, and there is a pull-up or pull-down resistor
configured, do not just set s->in, but also make any devices listening
on the output qemu_irq receive that value.  Second, if the pin is
driven both internally (output pin) and externally you don't get a
short circuit if both sides drive the pin to the same value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190317141001.3346-1-pbonzini@redhat.com
[PMM: wrapped long line]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 25 deletions(-)

diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/gpio/nrf51_gpio.c
+++ b/hw/gpio/nrf51_gpio.c
@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
     return state;
 }
 
+static int pull_value(uint32_t config)
+{
+    int pull = extract32(config, 2, 2);
+    if (pull == NRF51_GPIO_PULLDOWN) {
+        return 0;
+    } else if (pull == NRF51_GPIO_PULLUP) {
+        return 1;
+    }
+    return -1;
+}
+
 static void update_output_irq(NRF51GPIOState *s, size_t i,
                               bool connected, bool level)
 {
@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
 
 static void update_state(NRF51GPIOState *s)
 {
-    uint32_t pull;
+    int pull;
     size_t i;
-    bool connected_out, dir, connected_in, out, input;
+    bool connected_out, dir, connected_in, out, in, input;
 
     for (i = 0; i < NRF51_GPIO_PINS; i++) {
-        pull = extract32(s->cnf[i], 2, 2);
+        pull = pull_value(s->cnf[i]);
         dir = extract32(s->cnf[i], 0, 1);
         connected_in = extract32(s->in_mask, i, 1);
         out = extract32(s->out, i, 1);
+        in = extract32(s->in, i, 1);
         input = !extract32(s->cnf[i], 1, 1);
         connected_out = is_connected(s->cnf[i], out) && dir;
 
-        update_output_irq(s, i, connected_out, out);
-
-        /* Pin both driven externally and internally */
-        if (connected_out && connected_in) {
-            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
-        }
-
-        /*
-         * Input buffer disconnected from internal/external drives, so
-         * pull-up/pull-down becomes relevant
-         */
-        if (!input || (input && !connected_in && !connected_out)) {
-            if (pull == NRF51_GPIO_PULLDOWN) {
-                s->in = deposit32(s->in, i, 1, 0);
-            } else if (pull == NRF51_GPIO_PULLUP) {
-                s->in = deposit32(s->in, i, 1, 1);
+        if (!input) {
+            if (pull >= 0) {
+                /* Input buffer disconnected from external drives */
+                s->in = deposit32(s->in, i, 1, pull);
+            }
+        } else {
+            if (connected_out && connected_in && out != in) {
+                /* Pin both driven externally and internally */
+                qemu_log_mask(LOG_GUEST_ERROR,
+                              "GPIO pin %zu short circuited\n", i);
+            }
+            if (!connected_in) {
+                /*
+                 * Floating input: the output stimulates IN if connected,
+                 * otherwise pull-up/pull-down resistors put a value on both
+                 * IN and OUT.
+                 */
+                if (pull >= 0 && !connected_out) {
+                    connected_out = true;
+                    out = pull;
+                }
+                if (connected_out) {
+                    s->in = deposit32(s->in, i, 1, out);
+                }
             }
         }
-
-        /* Self stimulation through internal output driver */
-        if (connected_out && !connected_in && input) {
-            s->in = deposit32(s->in, i, 1, out);
-        }
+        update_output_irq(s, i, connected_out, out);
     }
-
 }
 
 /*
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.

Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
     int el = arm_current_el(env);
     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
 
+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
+        return false;
+    }
+
     if (!arm_feature(env, ARM_FEATURE_EL2) ||
             (counter < hpmn || counter == 31)) {
         e = env->cp15.c9_pmcr & PMCRE;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
them in ID_DFR0. Let's allow them to function. This also enables
the pmu cpu property to work with these cpu types, i.e. we can
now do '-cpu cortex-a15,pmu=off' to remove the pmu.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-3-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 #endif
     } else {
         cpu->id_aa64dfr0 &= ~0xf00;
+        cpu->id_dfr0 &= ~(0xf << 24);
         cpu->pmceid0 = 0;
         cpu->pmceid1 = 0;
     }
@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
     cpu->midr = 0x410fc075;
     cpu->reset_fpsid = 0x41023075;
@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
     cpu->midr = 0x412fc0f1;
     cpu->reset_fpsid = 0x410430f0;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

These functions are not used outside helper.c

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-4-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 11 -----------
 target/arm/helper.c |  4 ++--
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
 int cpu_arm_signal_handler(int host_signum, void *pinfo,
                            void *puc);
 
-/**
- * pmccntr_op_start/finish
- * @env: CPUARMState
- *
- * Convert the counter in the PMCCNTR between its delta form (the typical mode
- * when it's enabled) and the guest-visible value. These two calls must always
- * surround any action which might affect the counter.
- */
-void pmccntr_op_start(CPUARMState *env);
-void pmccntr_op_finish(CPUARMState *env);
-
 /**
  * pmu_op_start/finish
  * @env: CPUARMState
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
  * etc. can be done logically. This is essentially a no-op if the counter is
  * not enabled at the time of the call.
  */
-void pmccntr_op_start(CPUARMState *env)
+static void pmccntr_op_start(CPUARMState *env)
 {
     uint64_t cycles = cycles_get_count(env);
 
@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
  * guest-visible count. A call to pmccntr_op_finish should follow every call to
  * pmccntr_op_start.
  */
-void pmccntr_op_finish(CPUARMState *env)
+static void pmccntr_op_finish(CPUARMState *env)
 {
     if (pmu_counter_enabled(env, 31)) {
 #ifndef CONFIG_USER_ONLY
-- 
2.20.1

Couple of last-minute things for rc3...

-- PMM

The following changes since commit d15532d91be177e7528310e0110e39f915779a99:

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200804' into staging (2020-08-04 11:53:20 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200804

for you to fetch changes up to d250bb19ced3b702c7c37731855f6876d0cc7995:

target/arm: Fix decode of LDRA[AB] instructions (2020-08-04 16:40:19 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix decode of LDRA[AB] instructions
 * docs/devel: Document decodetree no-overlap groups

----------------------------------------------------------------
Peter Collingbourne (1):
      target/arm: Fix decode of LDRA[AB] instructions

Richard Henderson (1):
      docs/devel: Document decodetree no-overlap groups

docs/devel/decodetree.rst  | 29 ++++++++++++++++++-----------
 target/arm/translate-a64.c |  6 ++++--
 2 files changed, 22 insertions(+), 13 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

When support for this feature went in, the update to the
documentation was forgotten.

Fixes: 067e8b0f45d6
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200803205708.315829-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/devel/decodetree.rst | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/docs/devel/decodetree.rst b/docs/devel/decodetree.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/decodetree.rst
+++ b/docs/devel/decodetree.rst
@@ -XXX,XX +XXX,XX @@ Pattern Groups
 
 Syntax::
 
-  group    := '{' ( pat_def | group )+ '}'
+  group            := overlap_group | no_overlap_group
+  overlap_group    := '{' ( pat_def | group )+ '}'
+  no_overlap_group := '[' ( pat_def | group )+ ']'
 
-A *group* begins with a lone open-brace, with all subsequent lines
-indented two spaces, and ending with a lone close-brace.  Groups
-may be nested, increasing the required indentation of the lines
-within the nested group to two spaces per nesting level.
+A *group* begins with a lone open-brace or open-bracket, with all
+subsequent lines indented two spaces, and ending with a lone
+close-brace or close-bracket.  Groups may be nested, increasing the
+required indentation of the lines within the nested group to two
+spaces per nesting level.
 
-Unlike ungrouped patterns, grouped patterns are allowed to overlap.
-Conflicts are resolved by selecting the patterns in order.  If all
-of the fixedbits for a pattern match, its translate function will
-be called.  If the translate function returns false, then subsequent
-patterns within the group will be matched.
+Patterns within overlap groups are allowed to overlap.  Conflicts are
+resolved by selecting the patterns in order.  If all of the fixedbits
+for a pattern match, its translate function will be called.  If the
+translate function returns false, then subsequent patterns within the
+group will be matched.
+
+Patterns within no-overlap groups are not allowed to overlap, just
+the same as ungrouped patterns.  Thus no-overlap groups are intended
+to be nested inside overlap groups.
 
 The following example from PA-RISC shows specialization of the *or*
 instruction::
@@ -XXX,XX +XXX,XX @@ instruction::
 When the *cf* field is zero, the instruction has no side effects,
 and may be specialized.  When the *rt* field is zero, the output
 is discarded and so the instruction has no effect.  When the *rt2*
-field is zero, the operation is ``reg[rt] | 0`` and so encodes
+field is zero, the operation is ``reg[r1] | 0`` and so encodes
 the canonical register copy operation.
 
 The output from the generator might look like::
-- 
2.20.1

From: Peter Collingbourne <pcc@google.com>

These instructions use zero as the discriminator, not SP.

Signed-off-by: Peter Collingbourne <pcc@google.com>
Message-id: 20200804002849.30268-1-pcc@google.com
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
 
     if (s->pauth_active) {
         if (use_key_a) {
-            gen_helper_autda(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
+            gen_helper_autda(dirty_addr, cpu_env, dirty_addr,
+                             new_tmp_a64_zero(s));
         } else {
-            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
+            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr,
+                             new_tmp_a64_zero(s));
         }
     }
 
-- 
2.20.1