Series comparison

-[Qemu-devel] [PULL 0/6] target-arm queue
+[PULL v2 00/29] target-arm queue
-A small set of arm bugfixes for rc1 tomorrow.
+v2: drop pvpanic-pci patches.
-thanks
+The following changes since commit f1fcb6851aba6dd9838886dc179717a11e344a1c:
 -- PMM
-The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:
+  Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging (2021-01-19 11:57:07 +0000)
   Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210119-1
-for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:
+for you to fetch changes up to b93f4fbdc48283a39089469c44a5529d79dc40a8:
-  target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)
+  docs: Build and install all the docs in a single manual (2021-01-19 15:45:14 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * Fix non-parallel expansion of CASP
+ * Implement IMPDEF pauth algorithm
- * nrf51_gpio: reflect pull-up/pull-down to IRQs
+ * Support ARMv8.4-SEL2
- * Fix crash if guest tries to enable non-existent PMU counters
+ * Fix bug where we were truncating predicate vector lengths in SVE insns
- * Add PMUv2 to the Cortex-A15 and Cortex-A7
+ * npcm7xx_adc-test: Fix memleak in adc_qom_set
- * Make pmccntr_op_start/finish static
+ * target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
  * docs: Build and install all the docs in a single manual
 ----------------------------------------------------------------
-Andrew Jones (4):
+Gan Qixin (1):
-      target/arm: add PCI_TESTDEV back to default config
+      npcm7xx_adc-test: Fix memleak in adc_qom_set
       target/arm: fix crash on pmu register access
       target/arm: cortex-a7 and cortex-a15 have pmus
       target/arm: make pmccntr_op_start/finish static
-Paolo Bonzini (1):
+Peter Maydell (1):
-      nrf51_gpio: reflect pull-up/pull-down to IRQs
+      docs: Build and install all the docs in a single manual
-Richard Henderson (1):
+Philippe Mathieu-Daudé (1):
-      target/arm: Fix non-parallel expansion of CASP
+      target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
- target/arm/cpu.h                | 11 -------
+Richard Henderson (7):
- hw/gpio/nrf51_gpio.c            | 65 +++++++++++++++++++++++++----------------
+      target/arm: Implement an IMPDEF pauth algorithm
- target/arm/cpu.c                |  3 ++
+      target/arm: Add cpu properties to control pauth
- target/arm/helper.c             |  8 +++--
+      target/arm: Use object_property_add_bool for "sve" property
- target/arm/translate-a64.c      |  2 +-
+      target/arm: Introduce PREDDESC field definitions
- default-configs/arm-softmmu.mak |  1 +
+      target/arm: Update PFIRST, PNEXT for pred_desc
-files changed, 51 insertions(+), 39 deletions(-)
+      target/arm: Update ZIP, UZP, TRN for pred_desc
       target/arm: Update REV, PUNPK for pred_desc
+Rémi Denis-Courmont (19):
+      target/arm: remove redundant tests
+      target/arm: add arm_is_el2_enabled() helper
+      target/arm: use arm_is_el2_enabled() where applicable
+      target/arm: use arm_hcr_el2_eff() where applicable
+      target/arm: factor MDCR_EL2 common handling
+      target/arm: Define isar_feature function to test for presence of SEL2
+      target/arm: add 64-bit S-EL2 to EL exception table
+      target/arm: add MMU stage 1 for Secure EL2
+      target/arm: add ARMv8.4-SEL2 system registers
+      target/arm: handle VMID change in secure state
+      target/arm: do S1_ptw_translate() before address space lookup
+      target/arm: translate NS bit in page-walks
+      target/arm: generalize 2-stage page-walk condition
+      target/arm: secure stage 2 translation regime
+      target/arm: set HPFAR_EL2.NS on secure stage 2 faults
+      target/arm: revector to run-time pick target EL
+      target/arm: Implement SCR_EL2.EEL2
+      target/arm: enable Secure EL2 in max CPU
+      target/arm: refactor vae1_tlbmask()
+ docs/conf.py                     |  46 ++++-
+ docs/devel/conf.py               |  15 --
+ docs/index.html.in               |  17 --
+ docs/interop/conf.py             |  28 ---
+ docs/meson.build                 |  64 +++---
+ docs/specs/conf.py               |  16 --
+ docs/system/arm/cpu-features.rst |  21 ++
+ docs/system/conf.py              |  28 ---
+ docs/tools/conf.py               |  37 ----
+ docs/user/conf.py                |  15 --
+ include/qemu/xxhash.h            |  98 +++++++++
+ target/arm/cpu-param.h           |   2 +-
+ target/arm/cpu.h                 | 107 ++++++++--
+ target/arm/internals.h           |  45 +++++
+ target/arm/cpu.c                 |  23 ++-
+ target/arm/cpu64.c               |  65 ++++--
+ target/arm/helper-a64.c          |   8 +-
+ target/arm/helper.c              | 414 ++++++++++++++++++++++++++-------------
+ target/arm/m_helper.c            |   2 +-
+ target/arm/monitor.c             |   1 +
+ target/arm/op_helper.c           |   4 +-
+ target/arm/pauth_helper.c        |  27 ++-
+ target/arm/sve_helper.c          |  33 ++--
+ target/arm/tlb_helper.c          |   3 +
+ target/arm/translate-a64.c       |   4 +
+ target/arm/translate-sve.c       |  31 ++-
+ target/arm/translate.c           |  36 +++-
+ tests/qtest/arm-cpu-features.c   |  13 ++
+ tests/qtest/npcm7xx_adc-test.c   |   1 +
+ .gitlab-ci.yml                   |   4 +-
+files changed, 770 insertions(+), 438 deletions(-)
+ delete mode 100644 docs/devel/conf.py
+ delete mode 100644 docs/index.html.in
+ delete mode 100644 docs/interop/conf.py
+ delete mode 100644 docs/specs/conf.py
+ delete mode 100644 docs/system/conf.py
+ delete mode 100644 docs/tools/conf.py
+ delete mode 100644 docs/user/conf.py

-[Qemu-devel] [PULL 1/6] target/arm: Fix non-parallel expansion of CASP
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The second word has been loaded from the unincremented
-address since the first commit.
-Fixes: 44ac14b06fa
-Reported-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Tested-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
-         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
-                             MO_64 | MO_ALIGN_16 | s->be_data);
-         tcg_gen_addi_i64(a2, clean_addr, 8);
--        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
-+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
-         /* Compare the two words, also in memory order.  */
-         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
---
-.20.1

-[Qemu-devel] [PULL 2/6] nrf51_gpio: reflect pull-up/pull-down to IRQs
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-Some drivers do I2C bitbanging by keeping the output to 0 and flipping
-the GPIO direction between input and output (see for example in Linux
-gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
-When the GPIO is set to input, the pull-up resistor brings the output
-to 1, while when the GPIO is set to output, the output driver brings
-the output to 0.
-Implement this for the nRF51 GPIO device model.  First, if both input and
-output are floating, and there is a pull-up or pull-down resistor
-configured, do not just set s->in, but also make any devices listening
-on the output qemu_irq receive that value.  Second, if the pin is
-driven both internally (output pin) and externally you don't get a
-short circuit if both sides drive the pin to the same value.
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-id: 20190317141001.3346-1-pbonzini@redhat.com
-[PMM: wrapped long line]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
-file changed, 40 insertions(+), 25 deletions(-)
-diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/gpio/nrf51_gpio.c
-+++ b/hw/gpio/nrf51_gpio.c
-@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
-     return state;
- }
-+static int pull_value(uint32_t config)
-+{
-+    int pull = extract32(config, 2, 2);
-+    if (pull == NRF51_GPIO_PULLDOWN) {
-+        return 0;
-+    } else if (pull == NRF51_GPIO_PULLUP) {
-+        return 1;
-+    }
-+    return -1;
-+}
-+
- static void update_output_irq(NRF51GPIOState *s, size_t i,
-                               bool connected, bool level)
- {
-@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
- static void update_state(NRF51GPIOState *s)
- {
--    uint32_t pull;
-+    int pull;
-     size_t i;
--    bool connected_out, dir, connected_in, out, input;
-+    bool connected_out, dir, connected_in, out, in, input;
-     for (i = 0; i < NRF51_GPIO_PINS; i++) {
--        pull = extract32(s->cnf[i], 2, 2);
-+        pull = pull_value(s->cnf[i]);
-         dir = extract32(s->cnf[i], 0, 1);
-         connected_in = extract32(s->in_mask, i, 1);
-         out = extract32(s->out, i, 1);
-+        in = extract32(s->in, i, 1);
-         input = !extract32(s->cnf[i], 1, 1);
-         connected_out = is_connected(s->cnf[i], out) && dir;
--        update_output_irq(s, i, connected_out, out);
--
--        /* Pin both driven externally and internally */
--        if (connected_out && connected_in) {
--            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
--        }
--
--        /*
--         * Input buffer disconnected from internal/external drives, so
--         * pull-up/pull-down becomes relevant
--         */
--        if (!input || (input && !connected_in && !connected_out)) {
--            if (pull == NRF51_GPIO_PULLDOWN) {
--                s->in = deposit32(s->in, i, 1, 0);
--            } else if (pull == NRF51_GPIO_PULLUP) {
--                s->in = deposit32(s->in, i, 1, 1);
-+        if (!input) {
-+            if (pull >= 0) {
-+                /* Input buffer disconnected from external drives */
-+                s->in = deposit32(s->in, i, 1, pull);
-+            }
-+        } else {
-+            if (connected_out && connected_in && out != in) {
-+                /* Pin both driven externally and internally */
-+                qemu_log_mask(LOG_GUEST_ERROR,
-+                              "GPIO pin %zu short circuited\n", i);
-+            }
-+            if (!connected_in) {
-+                /*
-+                 * Floating input: the output stimulates IN if connected,
-+                 * otherwise pull-up/pull-down resistors put a value on both
-+                 * IN and OUT.
-+                 */
-+                if (pull >= 0 && !connected_out) {
-+                    connected_out = true;
-+                    out = pull;
-+                }
-+                if (connected_out) {
-+                    s->in = deposit32(s->in, i, 1, out);
-+                }
-             }
-         }
--
--        /* Self stimulation through internal output driver */
--        if (connected_out && !connected_in && input) {
--            s->in = deposit32(s->in, i, 1, out);
--        }
-+        update_output_irq(s, i, connected_out, out);
-     }
--
- }
- /*
---
-.20.1

-[Qemu-devel] [PULL 3/6] target/arm: add PCI_TESTDEV back to default config
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-In the kconfig shuffle arm lost pci-testdev which is used by
-kvm-unit-tests. Let's add it back.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Message-id: 20190322163059.9716-1-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- default-configs/arm-softmmu.mak | 1 +
-file changed, 1 insertion(+)
-diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
-index XXXXXXX..XXXXXXX 100644
---- a/default-configs/arm-softmmu.mak
-+++ b/default-configs/arm-softmmu.mak
-@@ -XXX,XX +XXX,XX @@
- CONFIG_PCI=y
- CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_TESTDEV=y
- CONFIG_VGA=y
- CONFIG_NAND=y
- CONFIG_ECC=y
---
-.20.1

-[Qemu-devel] [PULL 4/6] target/arm: fix crash on pmu register access
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-Fix a QEMU NULL derefence that occurs when the guest attempts to
-enable PMU counters with a non-v8 cpu model or a v8 cpu model
-which has not configured a PMU.
-Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-2-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
-     int el = arm_current_el(env);
-     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
-+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
-+        return false;
-+    }
-+
-     if (!arm_feature(env, ARM_FEATURE_EL2) ||
-             (counter < hpmn || counter == 31)) {
-         e = env->cp15.c9_pmcr & PMCRE;
---
-.20.1

-[Qemu-devel] [PULL 5/6] target/arm: cortex-a7 and cortex-a15 have pmus
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
-them in ID_DFR0. Let's allow them to function. This also enables
-the pmu cpu property to work with these cpu types, i.e. we can
-now do '-cpu cortex-a15,pmu=off' to remove the pmu.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-3-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.c | 3 +++
-file changed, 3 insertions(+)
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
- #endif
-     } else {
-         cpu->id_aa64dfr0 &= ~0xf00;
-+        cpu->id_dfr0 &= ~(0xf << 24);
-         cpu->pmceid0 = 0;
-         cpu->pmceid1 = 0;
-     }
-@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
-     cpu->midr = 0x410fc075;
-     cpu->reset_fpsid = 0x41023075;
-@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
-     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-     set_feature(&cpu->env, ARM_FEATURE_EL2);
-     set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
-     cpu->midr = 0x412fc0f1;
-     cpu->reset_fpsid = 0x410430f0;
---
-.20.1

-[Qemu-devel] [PULL 6/6] target/arm: make pmccntr_op_start/finish static
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-These functions are not used outside helper.c
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190322162333.17159-4-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h    | 11 -----------
- target/arm/helper.c |  4 ++--
-files changed, 2 insertions(+), 13 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
- int cpu_arm_signal_handler(int host_signum, void *pinfo,
-                            void *puc);
--/**
-- * pmccntr_op_start/finish
-- * @env: CPUARMState
-- *
-- * Convert the counter in the PMCCNTR between its delta form (the typical mode
-- * when it's enabled) and the guest-visible value. These two calls must always
-- * surround any action which might affect the counter.
-- */
--void pmccntr_op_start(CPUARMState *env);
--void pmccntr_op_finish(CPUARMState *env);
--
- /**
-  * pmu_op_start/finish
-  * @env: CPUARMState
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
-  * etc. can be done logically. This is essentially a no-op if the counter is
-  * not enabled at the time of the call.
-  */
--void pmccntr_op_start(CPUARMState *env)
-+static void pmccntr_op_start(CPUARMState *env)
- {
-     uint64_t cycles = cycles_get_count(env);
-@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
-  * guest-visible count. A call to pmccntr_op_finish should follow every call to
-  * pmccntr_op_start.
-  */
--void pmccntr_op_finish(CPUARMState *env)
-+static void pmccntr_op_finish(CPUARMState *env)
- {
-     if (pmu_counter_enabled(env, 31)) {
- #ifndef CONFIG_USER_ONLY
---
-.20.1

A small set of arm bugfixes for rc1 tomorrow.

thanks
-- PMM

The following changes since commit c442b7b4a7ae8696bcdf46091d781bd9052731be:

Merge remote-tracking branch 'remotes/elmarco/tags/slirp-pull-request' into staging (2019-03-25 07:59:40 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190325

for you to fetch changes up to f2b2f53f6429b5abd7cd86bd65747f5f13e195eb:

target/arm: make pmccntr_op_start/finish static (2019-03-25 14:16:47 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix non-parallel expansion of CASP
 * nrf51_gpio: reflect pull-up/pull-down to IRQs
 * Fix crash if guest tries to enable non-existent PMU counters
 * Add PMUv2 to the Cortex-A15 and Cortex-A7
 * Make pmccntr_op_start/finish static

----------------------------------------------------------------
Andrew Jones (4):
      target/arm: add PCI_TESTDEV back to default config
      target/arm: fix crash on pmu register access
      target/arm: cortex-a7 and cortex-a15 have pmus
      target/arm: make pmccntr_op_start/finish static

Paolo Bonzini (1):
      nrf51_gpio: reflect pull-up/pull-down to IRQs

Richard Henderson (1):
      target/arm: Fix non-parallel expansion of CASP

From: Richard Henderson <richard.henderson@linaro.org>

The second word has been loaded from the unincremented
address since the first commit.

Fixes: 44ac14b06fa
Reported-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190322234302.12770-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
         tcg_gen_qemu_ld_i64(d1, clean_addr, memidx,
                             MO_64 | MO_ALIGN_16 | s->be_data);
         tcg_gen_addi_i64(a2, clean_addr, 8);
-        tcg_gen_qemu_ld_i64(d2, clean_addr, memidx, MO_64 | s->be_data);
+        tcg_gen_qemu_ld_i64(d2, a2, memidx, MO_64 | s->be_data);
 
         /* Compare the two words, also in memory order.  */
         tcg_gen_setcond_i64(TCG_COND_EQ, c1, d1, s1);
-- 
2.20.1

From: Paolo Bonzini <pbonzini@redhat.com>

Some drivers do I2C bitbanging by keeping the output to 0 and flipping
the GPIO direction between input and output (see for example in Linux
gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
When the GPIO is set to input, the pull-up resistor brings the output
to 1, while when the GPIO is set to output, the output driver brings
the output to 0.

Implement this for the nRF51 GPIO device model.  First, if both input and
output are floating, and there is a pull-up or pull-down resistor
configured, do not just set s->in, but also make any devices listening
on the output qemu_irq receive that value.  Second, if the pin is
driven both internally (output pin) and externally you don't get a
short circuit if both sides drive the pin to the same value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190317141001.3346-1-pbonzini@redhat.com
[PMM: wrapped long line]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/gpio/nrf51_gpio.c | 65 +++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 25 deletions(-)

diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/gpio/nrf51_gpio.c
+++ b/hw/gpio/nrf51_gpio.c
@@ -XXX,XX +XXX,XX @@ static bool is_connected(uint32_t config, uint32_t level)
     return state;
 }
 
+static int pull_value(uint32_t config)
+{
+    int pull = extract32(config, 2, 2);
+    if (pull == NRF51_GPIO_PULLDOWN) {
+        return 0;
+    } else if (pull == NRF51_GPIO_PULLUP) {
+        return 1;
+    }
+    return -1;
+}
+
 static void update_output_irq(NRF51GPIOState *s, size_t i,
                               bool connected, bool level)
 {
@@ -XXX,XX +XXX,XX @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
 
 static void update_state(NRF51GPIOState *s)
 {
-    uint32_t pull;
+    int pull;
     size_t i;
-    bool connected_out, dir, connected_in, out, input;
+    bool connected_out, dir, connected_in, out, in, input;
 
     for (i = 0; i < NRF51_GPIO_PINS; i++) {
-        pull = extract32(s->cnf[i], 2, 2);
+        pull = pull_value(s->cnf[i]);
         dir = extract32(s->cnf[i], 0, 1);
         connected_in = extract32(s->in_mask, i, 1);
         out = extract32(s->out, i, 1);
+        in = extract32(s->in, i, 1);
         input = !extract32(s->cnf[i], 1, 1);
         connected_out = is_connected(s->cnf[i], out) && dir;
 
-        update_output_irq(s, i, connected_out, out);
-
-        /* Pin both driven externally and internally */
-        if (connected_out && connected_in) {
-            qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", i);
-        }
-
-        /*
-         * Input buffer disconnected from internal/external drives, so
-         * pull-up/pull-down becomes relevant
-         */
-        if (!input || (input && !connected_in && !connected_out)) {
-            if (pull == NRF51_GPIO_PULLDOWN) {
-                s->in = deposit32(s->in, i, 1, 0);
-            } else if (pull == NRF51_GPIO_PULLUP) {
-                s->in = deposit32(s->in, i, 1, 1);
+        if (!input) {
+            if (pull >= 0) {
+                /* Input buffer disconnected from external drives */
+                s->in = deposit32(s->in, i, 1, pull);
+            }
+        } else {
+            if (connected_out && connected_in && out != in) {
+                /* Pin both driven externally and internally */
+                qemu_log_mask(LOG_GUEST_ERROR,
+                              "GPIO pin %zu short circuited\n", i);
+            }
+            if (!connected_in) {
+                /*
+                 * Floating input: the output stimulates IN if connected,
+                 * otherwise pull-up/pull-down resistors put a value on both
+                 * IN and OUT.
+                 */
+                if (pull >= 0 && !connected_out) {
+                    connected_out = true;
+                    out = pull;
+                }
+                if (connected_out) {
+                    s->in = deposit32(s->in, i, 1, out);
+                }
             }
         }
-
-        /* Self stimulation through internal output driver */
-        if (connected_out && !connected_in && input) {
-            s->in = deposit32(s->in, i, 1, out);
-        }
+        update_output_irq(s, i, connected_out, out);
     }
-
 }
 
 /*
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.

Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
     int el = arm_current_el(env);
     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
 
+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
+        return false;
+    }
+
     if (!arm_feature(env, ARM_FEATURE_EL2) ||
             (counter < hpmn || counter == 31)) {
         e = env->cp15.c9_pmcr & PMCRE;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise
them in ID_DFR0. Let's allow them to function. This also enables
the pmu cpu property to work with these cpu types, i.e. we can
now do '-cpu cortex-a15,pmu=off' to remove the pmu.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-3-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 #endif
     } else {
         cpu->id_aa64dfr0 &= ~0xf00;
+        cpu->id_dfr0 &= ~(0xf << 24);
         cpu->pmceid0 = 0;
         cpu->pmceid1 = 0;
     }
@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A7;
     cpu->midr = 0x410fc075;
     cpu->reset_fpsid = 0x41023075;
@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
     set_feature(&cpu->env, ARM_FEATURE_EL2);
     set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
     cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
     cpu->midr = 0x412fc0f1;
     cpu->reset_fpsid = 0x410430f0;
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

These functions are not used outside helper.c

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-4-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 11 -----------
 target/arm/helper.c |  4 ++--
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool is_a64(CPUARMState *env)
 int cpu_arm_signal_handler(int host_signum, void *pinfo,
                            void *puc);
 
-/**
- * pmccntr_op_start/finish
- * @env: CPUARMState
- *
- * Convert the counter in the PMCCNTR between its delta form (the typical mode
- * when it's enabled) and the guest-visible value. These two calls must always
- * surround any action which might affect the counter.
- */
-void pmccntr_op_start(CPUARMState *env);
-void pmccntr_op_finish(CPUARMState *env);
-
 /**
  * pmu_op_start/finish
  * @env: CPUARMState
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void pmu_update_irq(CPUARMState *env)
  * etc. can be done logically. This is essentially a no-op if the counter is
  * not enabled at the time of the call.
  */
-void pmccntr_op_start(CPUARMState *env)
+static void pmccntr_op_start(CPUARMState *env)
 {
     uint64_t cycles = cycles_get_count(env);
 
@@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env)
  * guest-visible count. A call to pmccntr_op_finish should follow every call to
  * pmccntr_op_start.
  */
-void pmccntr_op_finish(CPUARMState *env)
+static void pmccntr_op_finish(CPUARMState *env)
 {
     if (pmu_counter_enabled(env, 31)) {
 #ifndef CONFIG_USER_ONLY
-- 
2.20.1

v2: drop pvpanic-pci patches.

The following changes since commit f1fcb6851aba6dd9838886dc179717a11e344a1c:

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging (2021-01-19 11:57:07 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210119-1

for you to fetch changes up to b93f4fbdc48283a39089469c44a5529d79dc40a8:

docs: Build and install all the docs in a single manual (2021-01-19 15:45:14 +0000)

----------------------------------------------------------------
target-arm queue:
 * Implement IMPDEF pauth algorithm
 * Support ARMv8.4-SEL2
 * Fix bug where we were truncating predicate vector lengths in SVE insns
 * npcm7xx_adc-test: Fix memleak in adc_qom_set
 * target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
 * docs: Build and install all the docs in a single manual

----------------------------------------------------------------
Gan Qixin (1):
      npcm7xx_adc-test: Fix memleak in adc_qom_set

Peter Maydell (1):
      docs: Build and install all the docs in a single manual

Philippe Mathieu-Daudé (1):
      target/arm/m_helper: Silence GCC 10 maybe-uninitialized error

Richard Henderson (7):
      target/arm: Implement an IMPDEF pauth algorithm
      target/arm: Add cpu properties to control pauth
      target/arm: Use object_property_add_bool for "sve" property
      target/arm: Introduce PREDDESC field definitions
      target/arm: Update PFIRST, PNEXT for pred_desc
      target/arm: Update ZIP, UZP, TRN for pred_desc
      target/arm: Update REV, PUNPK for pred_desc

Rémi Denis-Courmont (19):
      target/arm: remove redundant tests
      target/arm: add arm_is_el2_enabled() helper
      target/arm: use arm_is_el2_enabled() where applicable
      target/arm: use arm_hcr_el2_eff() where applicable
      target/arm: factor MDCR_EL2 common handling
      target/arm: Define isar_feature function to test for presence of SEL2
      target/arm: add 64-bit S-EL2 to EL exception table
      target/arm: add MMU stage 1 for Secure EL2
      target/arm: add ARMv8.4-SEL2 system registers
      target/arm: handle VMID change in secure state
      target/arm: do S1_ptw_translate() before address space lookup
      target/arm: translate NS bit in page-walks
      target/arm: generalize 2-stage page-walk condition
      target/arm: secure stage 2 translation regime
      target/arm: set HPFAR_EL2.NS on secure stage 2 faults
      target/arm: revector to run-time pick target EL
      target/arm: Implement SCR_EL2.EEL2
      target/arm: enable Secure EL2 in max CPU
      target/arm: refactor vae1_tlbmask()