Patches for rc1: nothing major, just some minor bugfixes and

code cleanups.

Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109' into staging (2020-11-10 09:24:56 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201110

for you to fetch changes up to b6c56c8a9a4064ea783f352f43c5df6231a110fa:

target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check (2020-11-10 11:03:48 +0000)

* hw/arm/Kconfig: ARM_V7M depends on PTIMER

* Minor coding style fixes

* docs: add some notes on the sbsa-ref machine

* hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals

* target/arm: Fix neon VTBL/VTBX for len > 1

* hw/arm/armsse: Correct expansion MPC interrupt lines

* hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ

* hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()

* hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input

* hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary

* hw/arm/nseries: Check return value from load_image_targphys()

* tests/qtest/npcm7xx_rng-test: count runs properly

* target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

Alex Bennée (1):

docs: add some notes on the sbsa-ref machine

AlexChen (1):

ssi: Fix bad printf format specifiers

Andrew Jones (1):

hw/arm/Kconfig: ARM_V7M depends on PTIMER

Havard Skinnemoen (1):

tests/qtest/npcm7xx_rng-test: count runs properly

Peter Maydell (2):

hw/arm/nseries: Check return value from load_image_targphys()

target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

From: Andrew Jones <drjones@redhat.com>

commit 32bd322a0134 ("hw/timer/armv7m_systick: Rewrite to use ptimers")

changed armv7m_systick to build on ptimers. Make sure we have ptimers

in the build when building armv7m_systick.

Signed-off-by: Andrew Jones <drjones@redhat.com>

Message-id: 20201104103343.30392-1-drjones@redhat.com

hw/arm/Kconfig | 1 +

1 file changed, 1 insertion(+)

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config ZYNQ

config ARM_V7M

bool

+ select PTIMER

config ALLWINNER_A10

bool

From: Xinhao Zhang <zhangxinhao1@huawei.com>

target/arm/arch_dump.c | 8 ++++----

target/arm/arm-semi.c | 8 ++++----

target/arm/helper.c | 2 +-

3 files changed, 9 insertions(+), 9 deletions(-)

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(usad8)(uint32_t a, uint32_t b)

uint32_t sum;

sum = do_usad(a, b);

sum += do_usad(a >> 8, b >> 8);

- sum += do_usad(a >> 16, b >>16);

+ sum += do_usad(a >> 16, b >> 16);

sum += do_usad(a >> 24, b >> 24);

return sum;

}

From: Xinhao Zhang <zhangxinhao1@huawei.com>

Fix code style. Don't use '#' flag of printf format ('%#') in

format strings, use '0x' prefix instead

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>

Signed-off-by: Kai Deng <dengkai1@huawei.com>

Message-id: 20201103114529.638233-2-zhangxinhao1@huawei.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate-a64.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_fp16(DisasContext *s, uint32_t insn)

gen_helper_advsimd_acgt_f16(tcg_res, tcg_op1, tcg_op2, fpst);

break;

default:

- fprintf(stderr, "%s: insn %#04x, fpop %#2x @ %#" PRIx64 "\n",

+ fprintf(stderr, "%s: insn 0x%04x, fpop 0x%2x @ 0x%" PRIx64 "\n",

__func__, insn, fpopcode, s->pc_curr);

g_assert_not_reached();

}

@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc_fp16(DisasContext *s, uint32_t insn)

case 0x7f: /* FSQRT (vector) */

break;

default:

- fprintf(stderr, "%s: insn %#04x fpop %#2x\n", __func__, insn, fpop);

+ fprintf(stderr, "%s: insn 0x%04x fpop 0x%2x\n", __func__, insn, fpop);

g_assert_not_reached();

From: Xinhao Zhang <zhangxinhao1@huawei.com>

Fix code style. Space required before the open parenthesis '('.

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>

Signed-off-by: Kai Deng <dengkai1@huawei.com>

Message-id: 20201103114529.638233-3-zhangxinhao1@huawei.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate.c | 2 +-

diff --git a/target/arm/translate.c b/target/arm/translate.c

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)

- Hardware watchpoints.

Hardware breakpoints have already been handled and skip this code.

*/

- switch(dc->base.is_jmp) {

+ switch (dc->base.is_jmp) {

case DISAS_NEXT:

case DISAS_TOO_MANY:

gen_goto_tb(dc, 1, dc->base.pc_next);

From: Alex Bennée <alex.bennee@linaro.org>

We should at least document what this machine is about.

docs/system/arm/sbsa.rst | 32 ++++++++++++++++++++++++++++++++

docs/system/target-arm.rst | 1 +

2 files changed, 33 insertions(+)

create mode 100644 docs/system/arm/sbsa.rst

diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/docs/system/arm/sbsa.rst

@@ -XXX,XX +XXX,XX @@

+Arm Server Base System Architecture Reference board (``sbsa-ref``)

+==================================================================

+

+While the `virt` board is a generic board platform that doesn't match

+any real hardware the `sbsa-ref` board intends to look like real

+hardware. The `Server Base System Architecture

+<https://developer.arm.com/documentation/den0029/latest>` defines a

+minimum base line of hardware support and importantly how the firmware

+reports that to any operating system. It is a static system that

+reports a very minimal DT to the firmware for non-discoverable

+information about components affected by the qemu command line (i.e.

+cpus and memory). As a result it must have a firmware specifically

+built to expect a certain hardware layout (as you would in a real

+machine).

+

+It is intended to be a machine for developing firmware and testing

+standards compliance with operating systems.

+

+Supported devices

+"""""""""""""""""

+

+The sbsa-ref board supports:

+

+ - A configurable number of AArch64 CPUs

+ - GIC version 3

+ - System bus AHCI controller

+ - System bus EHCI controller

+ - CDROM and hard disc on AHCI bus

+ - E1000E ethernet card on PCIe bus

+ - VGA display adaptor on PCIe bus

+ - A generic SBSA watchdog device

+

diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst

--- a/docs/system/target-arm.rst

+++ b/docs/system/target-arm.rst

@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running

arm/mps2

arm/musca

arm/realview

+ arm/sbsa

arm/versatile

arm/vexpress

arm/aspeed

From: Philippe Mathieu-Daudé <philmd@redhat.com>

hw/arm/Kconfig | 1 -

1 file changed, 1 deletion(-)

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config ARM_VIRT

imply VFIO_PLATFORM

imply VFIO_XGMAC

imply TPM_TIS_SYSBUS

- select A15MPCORE

select ACPI

select ARM_SMMUV3

select GPIO_KEY

From: Richard Henderson <richard.henderson@linaro.org>

The helper function did not get updated when we reorganized

the vector register file for SVE. Since then, the neon dregs

are non-sequential and cannot be simply indexed.

At the same time, make the helper function operate on 64-bit

quantities so that we do not have to call it twice.

Fixes: c39c2b9043e

Reported-by: Ard Biesheuvel <ardb@kernel.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

[PMM: use aa32_vfp_dreg() rather than opencoding]

Message-id: 20201105171126.88014-1-richard.henderson@linaro.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

target/arm/helper.h | 2 +-

target/arm/op_helper.c | 23 +++++++++--------

target/arm/translate-neon.c.inc | 44 +++++++++++----------------------

3 files changed, 29 insertions(+), 40 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h

--- a/target/arm/helper.h

+++ b/target/arm/helper.h

@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(rsqrte_f32, TCG_CALL_NO_RWG, f32, f32, ptr)

DEF_HELPER_FLAGS_2(rsqrte_f64, TCG_CALL_NO_RWG, f64, f64, ptr)

DEF_HELPER_FLAGS_1(recpe_u32, TCG_CALL_NO_RWG, i32, i32)

DEF_HELPER_FLAGS_1(rsqrte_u32, TCG_CALL_NO_RWG, i32, i32)

-DEF_HELPER_FLAGS_4(neon_tbl, TCG_CALL_NO_RWG, i32, i32, i32, ptr, i32)

+DEF_HELPER_FLAGS_4(neon_tbl, TCG_CALL_NO_RWG, i64, env, i32, i64, i64)

DEF_HELPER_3(shl_cc, i32, env, i32, i32)

DEF_HELPER_3(shr_cc, i32, env, i32, i32)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c

--- a/target/arm/op_helper.c

+++ b/target/arm/op_helper.c

@@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,

cpu_loop_exit_restore(cs, ra);

}

-uint32_t HELPER(neon_tbl)(uint32_t ireg, uint32_t def, void *vn,

- uint32_t maxindex)

+uint64_t HELPER(neon_tbl)(CPUARMState *env, uint32_t desc,

+ uint64_t ireg, uint64_t def)

{

- uint32_t val, shift;

- uint64_t *table = vn;

+ uint64_t tmp, val = 0;

+ uint32_t maxindex = ((desc & 3) + 1) * 8;

+ uint32_t base_reg = desc >> 2;

+ uint32_t shift, index, reg;

- val = 0;

- for (shift = 0; shift < 32; shift += 8) {

- uint32_t index = (ireg >> shift) & 0xff;

+ for (shift = 0; shift < 64; shift += 8) {

+ index = (ireg >> shift) & 0xff;

if (index < maxindex) {

- uint32_t tmp = (table[index >> 3] >> ((index & 7) << 3)) & 0xff;

- val |= tmp << shift;

+ reg = base_reg + (index >> 3);

+ tmp = *aa32_vfp_dreg(env, reg);

+ tmp = ((tmp >> ((index & 7) << 3)) & 0xff) << shift;

} else {

- val |= def & (0xff << shift);

+ tmp = def & (0xffull << shift);

}

+ val |= tmp;

}

return val;

}

diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-neon.c.inc

+++ b/target/arm/translate-neon.c.inc

@@ -XXX,XX +XXX,XX @@ static bool trans_VEXT(DisasContext *s, arg_VEXT *a)

static bool trans_VTBL(DisasContext *s, arg_VTBL *a)

{

- int n;

- TCGv_i32 tmp, tmp2, tmp3, tmp4;

- TCGv_ptr ptr1;

+ TCGv_i64 val, def;

+ TCGv_i32 desc;

if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {

return false;

@@ -XXX,XX +XXX,XX @@ static bool trans_VTBL(DisasContext *s, arg_VTBL *a)

return true;

}

- n = a->len + 1;

- if ((a->vn + n) > 32) {

+ if ((a->vn + a->len + 1) > 32) {

/*

* This is UNPREDICTABLE; we choose to UNDEF to avoid the

* helper function running off the end of the register file.

*/

return false;

}

- n <<= 3;

- tmp = tcg_temp_new_i32();

- if (a->op) {

- read_neon_element32(tmp, a->vd, 0, MO_32);

- } else {

- tcg_gen_movi_i32(tmp, 0);

- }

- tmp2 = tcg_temp_new_i32();

- read_neon_element32(tmp2, a->vm, 0, MO_32);

- ptr1 = vfp_reg_ptr(true, a->vn);

- tmp4 = tcg_const_i32(n);

- gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp4);

+ desc = tcg_const_i32((a->vn << 2) | a->len);

+ def = tcg_temp_new_i64();

if (a->op) {

- read_neon_element32(tmp, a->vd, 1, MO_32);

+ read_neon_element64(def, a->vd, 0, MO_64);

} else {

- tcg_gen_movi_i32(tmp, 0);

+ tcg_gen_movi_i64(def, 0);

}

- tmp3 = tcg_temp_new_i32();

- read_neon_element32(tmp3, a->vm, 1, MO_32);

- gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp4);

- tcg_temp_free_i32(tmp);

- tcg_temp_free_i32(tmp4);

- tcg_temp_free_ptr(ptr1);

+ val = tcg_temp_new_i64();

+ read_neon_element64(val, a->vm, 0, MO_64);

- write_neon_element32(tmp2, a->vd, 0, MO_32);

- write_neon_element32(tmp3, a->vd, 1, MO_32);

- tcg_temp_free_i32(tmp2);

- tcg_temp_free_i32(tmp3);

+ gen_helper_neon_tbl(val, cpu_env, desc, val, def);

+ write_neon_element64(val, a->vd, 0, MO_64);

+

+ tcg_temp_free_i64(def);

+ tcg_temp_free_i64(val);

+ tcg_temp_free_i32(desc);

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

We can use one MPC per SRAM bank, but we currently only wire the

IRQ from the first expansion MPC to the IRQ splitter. Fix that.

Fixes: bb75e16d5e6 ("hw/arm/iotkit: Wire up MPC interrupt lines")

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-2-f4bug@amsat.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/armsse.c | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c

--- a/hw/arm/armsse.c

+++ b/hw/arm/armsse.c

@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)

qdev_get_gpio_in(dev_splitter, 0));

qdev_connect_gpio_out(dev_splitter, 0,

qdev_get_gpio_in_named(dev_secctl,

- "mpc_status", 0));

+ "mpc_status",

+ i - IOTS_NUM_EXP_MPC));

}

qdev_connect_gpio_out(dev_splitter, 1,

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The system configuration controller (SYSCFG) doesn't have

any output IRQ (and the INTC input #71 belongs to the UART6).

Remove the invalid code.

Fixes: db635521a02 ("stm32f205: Add the stm32f205 SoC")

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-3-f4bug@amsat.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

include/hw/misc/stm32f2xx_syscfg.h | 2 --

hw/arm/stm32f205_soc.c | 1 -

hw/misc/stm32f2xx_syscfg.c | 2 --

3 files changed, 5 deletions(-)

diff --git a/include/hw/misc/stm32f2xx_syscfg.h b/include/hw/misc/stm32f2xx_syscfg.h

--- a/include/hw/misc/stm32f2xx_syscfg.h

+++ b/include/hw/misc/stm32f2xx_syscfg.h

@@ -XXX,XX +XXX,XX @@ struct STM32F2XXSyscfgState {

uint32_t syscfg_exticr3;

uint32_t syscfg_exticr4;

uint32_t syscfg_cmpcr;

-

- qemu_irq irq;

};

#endif /* HW_STM32F2XX_SYSCFG_H */

diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c

--- a/hw/arm/stm32f205_soc.c

+++ b/hw/arm/stm32f205_soc.c

@@ -XXX,XX +XXX,XX @@ static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)

}

busdev = SYS_BUS_DEVICE(dev);

sysbus_mmio_map(busdev, 0, 0x40013800);

- sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(armv7m, 71));

/* Attach UART (uses USART registers) and USART controllers */

for (i = 0; i < STM_NUM_USARTS; i++) {

diff --git a/hw/misc/stm32f2xx_syscfg.c b/hw/misc/stm32f2xx_syscfg.c

--- a/hw/misc/stm32f2xx_syscfg.c

+++ b/hw/misc/stm32f2xx_syscfg.c

@@ -XXX,XX +XXX,XX @@ static void stm32f2xx_syscfg_init(Object *obj)

{

STM32F2XXSyscfgState *s = STM32F2XX_SYSCFG(obj);

- sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);

-

memory_region_init_io(&s->mmio, obj, &stm32f2xx_syscfg_ops, s,

TYPE_STM32F2XX_SYSCFG, 0x400);

sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->mmio);

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

hw/arm/nseries.c | 11 -----------

1 file changed, 11 deletions(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c

--- a/hw/arm/nseries.c

+++ b/hw/arm/nseries.c

@@ -XXX,XX +XXX,XX @@ static void n8x0_cbus_setup(struct n800_s *s)

cbus_attach(cbus, s->tahvo = tahvo_init(tahvo_irq, 1));

-static void n8x0_uart_setup(struct n800_s *s)

-{

- Chardev *radio = qemu_chr_new("bt-dummy-uart", "null", NULL);

- /*

- * Note: We used to connect N8X0_BT_RESET_GPIO and N8X0_BT_WKUP_GPIO

- * here, but this code has been removed with the bluetooth backend.

- */

- omap_uart_attach(s->mpu->uart[BT_UART], radio);

-}

-

static void n8x0_usb_setup(struct n800_s *s)

{

SysBusDevice *dev;

@@ -XXX,XX +XXX,XX @@ static void n8x0_init(MachineState *machine,

n8x0_spi_setup(s);

n8x0_dss_setup(s);

n8x0_cbus_setup(s);

- n8x0_uart_setup(s);

if (machine_usb(machine)) {

n8x0_usb_setup(s);

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The MusicPal board code connects both of the IRQ outputs of the UART

to the same INTC qemu_irq. Connecting two qemu_irqs outputs directly

to the same input is not valid as it produces subtly wrong behaviour

(for instance if both the IRQ lines are high, and then one goes

low, the INTC input will see this as a high-to-low transition

even though the second IRQ line should still be holding it high).

This kind of wiring needs an explicitly created OR gate; add one.

Inspired-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-5-f4bug@amsat.org