Nothing too exciting, but does include the last bits of v8.1M support work.

Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210107' into staging (2021-01-07 20:34:05 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210108

for you to fetch changes up to c9f8511ea8d2b80723af0fea1f716d752c1b5208:

docs/system: arm: Add sabrelite board description (2021-01-08 15:13:39 +0000)

* intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs

* target/arm: Fix MTE0_ACTIVE

* target/arm: Implement v8.1M and Cortex-M55 model

* hw/arm/highbank: Drop dead KVM support code

* util/qemu-timer: Make timer_free() imply timer_del()

* various devices: Use ptimer_free() in finalize function

* docs/system: arm: Add sabrelite board description

* sabrelite: Minor fixes to allow booting U-Boot

Andrew Jones (1):

hw/arm/virt: Remove virt machine state 'smp_cpus'

Bin Meng (4):

hw/misc: imx6_ccm: Update PMU_MISC0 reset value

hw/msic: imx6_ccm: Correct register value for silicon type

hw/arm: sabrelite: Connect the Ethernet PHY at address 6

docs/system: arm: Add sabrelite board description

Edgar E. Iglesias (1):

intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs

Gan Qixin (7):

digic-timer: Use ptimer_free() in the finalize function to avoid memleaks

allwinner-a10-pit: Use ptimer_free() in the finalize function to avoid memleaks

exynos4210_rtc: Use ptimer_free() in the finalize function to avoid memleaks

exynos4210_pwm: Use ptimer_free() in the finalize function to avoid memleaks

mss-timer: Use ptimer_free() in the finalize function to avoid memleaks

musicpal: Use ptimer_free() in the finalize function to avoid memleaks

exynos4210_mct: Use ptimer_free() in the finalize function to avoid memleaks

Peter Maydell (9):

hw/intc/armv7m_nvic: Correct handling of CCR.BFHFNMIGN

target/arm: Correct store of FPSCR value via FPCXT_S

target/arm: Implement FPCXT_NS fp system register

target/arm: Implement Cortex-M55 model

hw/arm/highbank: Drop dead KVM support code

util/qemu-timer: Make timer_free() imply timer_del()

scripts/coccinelle: New script to remove unnecessary timer_del() calls

Remove superfluous timer_del() calls

target/arm: Remove timer_del()/timer_deinit() before timer_free()

From: Andrew Jones <drjones@redhat.com>

virt machine's 'smp_cpus' and machine->smp.cpus must always have the

same value. And, anywhere we have virt machine state we have machine

state. So let's remove the redundancy. Also, to make it easier to see

that machine->smp is the true source for "smp_cpus" and "max_cpus",

avoid passing them in function parameters, preferring instead to get

them from the state.

No functional change intended.

Signed-off-by: Andrew Jones <drjones@redhat.com>

Reviewed-by: David Edmondson <david.edmondson@oracle.com>

Reviewed-by: Ying Fang <fangying1@huawei.com>

Message-id: 20201215174815.51520-1-drjones@redhat.com

[PMM: minor formatting tweak to smp_cpus variable declaration]

include/hw/arm/virt.h | 3 +--

hw/arm/virt-acpi-build.c | 9 +++++----

hw/arm/virt.c | 21 ++++++++++-----------

3 files changed, 16 insertions(+), 17 deletions(-)

#define ACPI_BUILD_TABLE_SIZE 0x20000

-static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)

+static void acpi_dsdt_add_cpus(Aml *scope, VirtMachineState *vms)

{

+ MachineState *ms = MACHINE(vms);

uint16_t i;

- for (i = 0; i < smp_cpus; i++) {

+ for (i = 0; i < ms->smp.cpus; i++) {

Aml *dev = aml_device("C%.03X", i);

aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));

aml_append(dev, aml_name_decl("_UID", aml_int(i)));

@@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

gicd->base_address = cpu_to_le64(memmap[VIRT_GIC_DIST].base);

gicd->version = vms->gic_version;

- for (i = 0; i < vms->smp_cpus; i++) {

+ for (i = 0; i < MACHINE(vms)->smp.cpus; i++) {

AcpiMadtGenericCpuInterface *gicc = acpi_data_push(table_data,

sizeof(*gicc));

ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));

@@ -XXX,XX +XXX,XX @@ build_dsdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

* the RTC ACPI device at all when using UEFI.

*/

scope = aml_scope("\\_SB");

- acpi_dsdt_add_cpus(scope, vms->smp_cpus);

+ acpi_dsdt_add_cpus(scope, vms);

acpi_dsdt_add_uart(scope, &memmap[VIRT_UART],

(irqmap[VIRT_UART] + ARM_SPI_BASE));

if (vmc->acpi_expose_flash) {

@@ -XXX,XX +XXX,XX @@ static void fdt_add_timer_nodes(const VirtMachineState *vms)

if (vms->gic_version == VIRT_GIC_VERSION_2) {

irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,

GIC_FDT_IRQ_PPI_CPU_WIDTH,

- (1 << vms->smp_cpus) - 1);

+ (1 << MACHINE(vms)->smp.cpus) - 1);

qemu_fdt_add_subnode(vms->fdt, "/timer");

@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)

int cpu;

int addr_cells = 1;

const MachineState *ms = MACHINE(vms);

+ int smp_cpus = ms->smp.cpus;

/*

* From Documentation/devicetree/bindings/arm/cpus.txt

@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)

* The simplest way to go is to examine affinity IDs of all our CPUs. If

* at least one of them has Aff3 populated, we set #address-cells to 2.

*/

- for (cpu = 0; cpu < vms->smp_cpus; cpu++) {

+ for (cpu = 0; cpu < smp_cpus; cpu++) {

ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));

if (armcpu->mp_affinity & ARM_AFF3_MASK) {

@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)

qemu_fdt_setprop_cell(vms->fdt, "/cpus", "#address-cells", addr_cells);

qemu_fdt_setprop_cell(vms->fdt, "/cpus", "#size-cells", 0x0);

- for (cpu = vms->smp_cpus - 1; cpu >= 0; cpu--) {

+ for (cpu = smp_cpus - 1; cpu >= 0; cpu--) {

char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);

ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));

CPUState *cs = CPU(armcpu);

@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)

qemu_fdt_setprop_string(vms->fdt, nodename, "compatible",

armcpu->dtb_compatible);

- if (vms->psci_conduit != QEMU_PSCI_CONDUIT_DISABLED

- && vms->smp_cpus > 1) {

+ if (vms->psci_conduit != QEMU_PSCI_CONDUIT_DISABLED && smp_cpus > 1) {

qemu_fdt_setprop_string(vms->fdt, nodename,

"enable-method", "psci");

}

@@ -XXX,XX +XXX,XX @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)

if (vms->gic_version == VIRT_GIC_VERSION_2) {

irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,

GIC_FDT_IRQ_PPI_CPU_WIDTH,

- (1 << vms->smp_cpus) - 1);

+ (1 << MACHINE(vms)->smp.cpus) - 1);

}

qemu_fdt_add_subnode(vms->fdt, "/pmu");

@@ -XXX,XX +XXX,XX @@ static void finalize_gic_version(VirtMachineState *vms)

* virt_cpu_post_init() must be called after the CPUs have

* been realized and the GIC has been created.

*/

-static void virt_cpu_post_init(VirtMachineState *vms, int max_cpus,

- MemoryRegion *sysmem)

+static void virt_cpu_post_init(VirtMachineState *vms, MemoryRegion *sysmem)

+ int max_cpus = MACHINE(vms)->smp.max_cpus;

bool aarch64, pmu, steal_time;

CPUState *cpu;

- vms->smp_cpus = smp_cpus;

-

if (vms->virt && kvm_enabled()) {

error_report("mach-virt: KVM does not support providing "

"Virtualization extensions to the guest CPU");

create_gic(vms);

- virt_cpu_post_init(vms, possible_cpus->len, sysmem);

+ virt_cpu_post_init(vms, sysmem);

fdt_add_pmu_nodes(vms);

From: Richard Henderson <richard.henderson@linaro.org>

target/arm/helper.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,

if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV)

&& tbid

&& !(env->pstate & PSTATE_TCO)

- && (sctlr & SCTLR_TCF0)

+ && (sctlr & SCTLR_TCF)

&& allocation_tag_access_enabled(env, 0, sctlr)) {

flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1);

}

The CCR is a register most of whose bits are banked between security

states but where BFHFNMIGN is not, and we keep it in the non-secure

entry of the v7m.ccr[] array. The logic which tries to handle this

bit fails to implement the "RAZ/WI from Nonsecure if AIRCR.BFHFNMINS

is zero" requirement; correct the omission.

Message-id: 20201210201433.26262-2-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 15 +++++++++++++++

1 file changed, 15 insertions(+)

*/

val = cpu->env.v7m.ccr[attrs.secure];

val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;

+ /* BFHFNMIGN is RAZ/WI from NS if AIRCR.BFHFNMINS is 0 */

+ if (!attrs.secure) {

+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ val &= ~R_V7M_CCR_BFHFNMIGN_MASK;

+ }

+ }

return val;

case 0xd24: /* System Handler Control and State (SHCSR) */

if (!arm_feature(&cpu->env, ARM_FEATURE_V7)) {

@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,

(cpu->env.v7m.ccr[M_REG_NS] & ~R_V7M_CCR_BFHFNMIGN_MASK)

| (value & R_V7M_CCR_BFHFNMIGN_MASK);

value &= ~R_V7M_CCR_BFHFNMIGN_MASK;

+ } else {

+ /*

+ * BFHFNMIGN is RAZ/WI from NS if AIRCR.BFHFNMINS is 0, so

+ * preserve the state currently in the NS element of the array

+ */

+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ value &= ~R_V7M_CCR_BFHFNMIGN_MASK;

+ value |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;

+ }

cpu->env.v7m.ccr[attrs.secure] = value;

In commit 64f863baeedc8659 we implemented the v8.1M FPCXT_S register,

but we got the write behaviour wrong. On read, this register reads

bits [27:0] of FPSCR plus the CONTROL.SFPA bit. On write, it doesn't

just write back those bits -- it writes a value to the whole FPSCR,

whose upper 4 bits are zeroes.

We also incorrectly implemented the write-to-FPSCR as a simple store

to vfp.xregs; this skips the "update the softfloat flags" part of

the vfp_set_fpscr helper so the value would read back correctly but

not actually take effect.

Fix both of these things by doing a complete write to the FPSCR

using the helper function.

Message-id: 20201210201433.26262-3-peter.maydell@linaro.org

target/arm/translate-vfp.c.inc | 12 ++++++------

1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc

--- a/target/arm/translate-vfp.c.inc

+++ b/target/arm/translate-vfp.c.inc

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

}

case ARM_VFP_FPCXT_S:

{

- TCGv_i32 sfpa, control, fpscr;

- /* Set FPSCR[27:0] and CONTROL.SFPA from value */

+ TCGv_i32 sfpa, control;

+ /*

+ * Set FPSCR and CONTROL.SFPA from value; the new FPSCR takes

+ * bits [27:0] from value and zeroes bits [31:28].

+ */

tmp = loadfn(s, opaque);

sfpa = tcg_temp_new_i32();

tcg_gen_shri_i32(sfpa, tmp, 31);

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

tcg_gen_deposit_i32(control, control, sfpa,

R_V7M_CONTROL_SFPA_SHIFT, 1);

store_cpu_field(control, v7m.control[M_REG_S]);

- fpscr = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);

- tcg_gen_andi_i32(fpscr, fpscr, FPCR_NZCV_MASK);

tcg_gen_andi_i32(tmp, tmp, ~FPCR_NZCV_MASK);

- tcg_gen_or_i32(fpscr, fpscr, tmp);

- store_cpu_field(fpscr, vfp.xregs[ARM_VFP_FPSCR]);

+ gen_helper_vfp_set_fpscr(cpu_env, tmp);

tcg_temp_free_i32(tmp);

tcg_temp_free_i32(sfpa);

break;

Implement the v8.1M FPCXT_NS floating-point system register. This is

a little more complicated than FPCXT_S, because it has specific

handling for "current FP state is inactive", and it only wants to do

PreserveFPState(), not the full set of actions done by

ExecuteFPCheck() which vfp_access_check() implements.

Message-id: 20201210201433.26262-4-peter.maydell@linaro.org

target/arm/translate-vfp.c.inc | 102 ++++++++++++++++++++++++++++++++-

1 file changed, 99 insertions(+), 3 deletions(-)

diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc

--- a/target/arm/translate-vfp.c.inc

+++ b/target/arm/translate-vfp.c.inc

@@ -XXX,XX +XXX,XX @@ static FPSysRegCheckResult fp_sysreg_checks(DisasContext *s, int regno)

}

break;

case ARM_VFP_FPCXT_S:

+ case ARM_VFP_FPCXT_NS:

if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {

return false;

}

@@ -XXX,XX +XXX,XX @@ static FPSysRegCheckResult fp_sysreg_checks(DisasContext *s, int regno)

return FPSysRegCheckFailed;

}

- if (!vfp_access_check(s)) {

+ /*

+ * FPCXT_NS is a special case: it has specific handling for

+ * "current FP state is inactive", and must do the PreserveFPState()

+ * but not the usual full set of actions done by ExecuteFPCheck().

+ * So we don't call vfp_access_check() and the callers must handle this.

+ */

+ if (regno != ARM_VFP_FPCXT_NS && !vfp_access_check(s)) {

return FPSysRegCheckDone;

}

-

return FPSysRegCheckContinue;

}

+static void gen_branch_fpInactive(DisasContext *s, TCGCond cond,

+ TCGLabel *label)

+{

+ /*

+ * FPCXT_NS is a special case: it has specific handling for

+ * "current FP state is inactive", and must do the PreserveFPState()

+ * but not the usual full set of actions done by ExecuteFPCheck().

+ * We don't have a TB flag that matches the fpInactive check, so we

+ * do it at runtime as we don't expect FPCXT_NS accesses to be frequent.

+ *

+ * Emit code that checks fpInactive and does a conditional

+ * branch to label based on it:

+ * if cond is TCG_COND_NE then branch if fpInactive != 0 (ie if inactive)

+ * if cond is TCG_COND_EQ then branch if fpInactive == 0 (ie if active)

+ */

+ assert(cond == TCG_COND_EQ || cond == TCG_COND_NE);

+

+ /* fpInactive = FPCCR_NS.ASPEN == 1 && CONTROL.FPCA == 0 */

+ TCGv_i32 aspen, fpca;

+ aspen = load_cpu_field(v7m.fpccr[M_REG_NS]);

+ fpca = load_cpu_field(v7m.control[M_REG_S]);

+ tcg_gen_andi_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);

+ tcg_gen_xori_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);

+ tcg_gen_andi_i32(fpca, fpca, R_V7M_CONTROL_FPCA_MASK);

+ tcg_gen_or_i32(fpca, fpca, aspen);

+ tcg_gen_brcondi_i32(tcg_invert_cond(cond), fpca, 0, label);

+ tcg_temp_free_i32(aspen);

+ tcg_temp_free_i32(fpca);

+}

+

static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

fp_sysreg_loadfn *loadfn,

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

{

/* Do a write to an M-profile floating point system register */

TCGv_i32 tmp;

+ TCGLabel *lab_end = NULL;

switch (fp_sysreg_checks(s, regno)) {

case FPSysRegCheckFailed:

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

tcg_temp_free_i32(tmp);

break;

}

+ case ARM_VFP_FPCXT_NS:

+ lab_end = gen_new_label();

+ /* fpInactive case: write is a NOP, so branch to end */

+ gen_branch_fpInactive(s, TCG_COND_NE, lab_end);

+ /* !fpInactive: PreserveFPState(), and reads same as FPCXT_S */

+ gen_preserve_fp_state(s);

+ /* fall through */

case ARM_VFP_FPCXT_S:

{

TCGv_i32 sfpa, control;

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,

default:

g_assert_not_reached();

}

+ if (lab_end) {

+ gen_set_label(lab_end);

+ }

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,

/* Do a read from an M-profile floating point system register */

TCGv_i32 tmp;

+ TCGLabel *lab_end = NULL;

+ bool lookup_tb = false;

switch (fp_sysreg_checks(s, regno)) {

case FPSysRegCheckFailed:

@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,

fpscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);

gen_helper_vfp_set_fpscr(cpu_env, fpscr);

tcg_temp_free_i32(fpscr);

- gen_lookup_tb(s);

+ lookup_tb = true;

+ break;

+ }

+ case ARM_VFP_FPCXT_NS:

+ {

+ TCGv_i32 control, sfpa, fpscr, fpdscr, zero;

+ TCGLabel *lab_active = gen_new_label();

+ lookup_tb = true;

+ gen_branch_fpInactive(s, TCG_COND_EQ, lab_active);

+ /* fpInactive case: reads as FPDSCR_NS */

+ TCGv_i32 tmp = load_cpu_field(v7m.fpdscr[M_REG_NS]);

+ storefn(s, opaque, tmp);

+ lab_end = gen_new_label();

+ tcg_gen_br(lab_end);

+ gen_set_label(lab_active);

+ /* !fpInactive: Reads the same as FPCXT_S, but side effects differ */

+ gen_preserve_fp_state(s);

+ tmp = tcg_temp_new_i32();

+ sfpa = tcg_temp_new_i32();

+ fpscr = tcg_temp_new_i32();

+ gen_helper_vfp_get_fpscr(fpscr, cpu_env);

+ tcg_gen_andi_i32(tmp, fpscr, ~FPCR_NZCV_MASK);

+ control = load_cpu_field(v7m.control[M_REG_S]);

+ tcg_gen_andi_i32(sfpa, control, R_V7M_CONTROL_SFPA_MASK);

+ tcg_gen_shli_i32(sfpa, sfpa, 31 - R_V7M_CONTROL_SFPA_SHIFT);

+ tcg_gen_or_i32(tmp, tmp, sfpa);

+ tcg_temp_free_i32(control);

+ /* Store result before updating FPSCR, in case it faults */

+ storefn(s, opaque, tmp);

+ /* If SFPA is zero then set FPSCR from FPDSCR_NS */

+ fpdscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);

+ zero = tcg_const_i32(0);

+ tcg_gen_movcond_i32(TCG_COND_EQ, fpscr, sfpa, zero, fpdscr, fpscr);

+ gen_helper_vfp_set_fpscr(cpu_env, fpscr);

+ tcg_temp_free_i32(zero);

+ tcg_temp_free_i32(sfpa);

+ tcg_temp_free_i32(fpdscr);

+ tcg_temp_free_i32(fpscr);

break;

}

default:

g_assert_not_reached();

}

+ if (lab_end) {

+ gen_set_label(lab_end);

+ }

+ if (lookup_tb) {

+ gen_lookup_tb(s);

+ }

return true;

Now that we have implemented all the features needed by the v8.1M

architecture, we can add the model of the Cortex-M55. This is the

configuration without MVE support; we'll add MVE later.