arm pullreq for rc1. All minor bugfixes, except for the sve-default-vector-length

patches, which are somewhere between a bugfix and a new feature.

Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210726' into staging (2021-07-27 08:35:01 +0100)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210727

for you to fetch changes up to e229a179a503f2aee43a76888cf12fbdfe8a3749:

hw: aspeed_gpio: Fix memory size (2021-07-27 11:00:00 +0100)

* hw/arm/smmuv3: Check 31st bit to see if CD is valid

* qemu-options.hx: Fix formatting of -machine memory-backend option

* hw: aspeed_gpio: Fix memory size

* hw/arm/nseries: Display hexadecimal value with '0x' prefix

* Add sve-default-vector-length cpu property

* docs: Update path that mentions deprecated.rst

* hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS

* hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING

* hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts

* target/arm: Report M-profile alignment faults correctly to the guest

* target/arm: Add missing 'return's after calling v7m_exception_taken()

* target/arm: Enforce that M-profile SP low 2 bits are always zero

Joe Komlodi (1):

hw/arm/smmuv3: Check 31st bit to see if CD is valid

hw: aspeed_gpio: Fix memory size

Mao Zhongyi (1):

docs: Update path that mentions deprecated.rst

qemu-options.hx: Fix formatting of -machine memory-backend option

target/arm: Enforce that M-profile SP low 2 bits are always zero

target/arm: Add missing 'return's after calling v7m_exception_taken()

target/arm: Report M-profile alignment faults correctly to the guest

hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts

hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING

hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS

Philippe Mathieu-Daudé (1):

hw/arm/nseries: Display hexadecimal value with '0x' prefix

From: Joe Komlodi <joe.komlodi@xilinx.com>

The bit to see if a CD is valid is the last bit of the first word of the CD.

Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>

Message-id: 1626728232-134665-2-git-send-email-joe.komlodi@xilinx.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/smmuv3-internal.h | 2 +-

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h

--- a/hw/arm/smmuv3-internal.h

+++ b/hw/arm/smmuv3-internal.h

@@ -XXX,XX +XXX,XX @@ static inline int pa_range(STE *ste)

/* CD fields */

-#define CD_VALID(x) extract32((x)->word[0], 30, 1)

+#define CD_VALID(x) extract32((x)->word[0], 31, 1)

#define CD_ASID(x) extract32((x)->word[1], 16, 16)

#define CD_TTB(x, sel) \

({ \

The documentation of the -machine memory-backend has some minor

formatting errors:

* Misindentation of the initial line meant that the whole option

section is incorrectly indented in the HTML output compared to

the other -machine options

* The examples weren't indented, which meant that they were formatted

as plain run-on text including outputting the "::" as text.

* The a) b) list has no rst-format markup so it is rendered as

a single run-on paragraph

Fix the formatting.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Igor Mammedov <imammedo@redhat.com>

Message-id: 20210719105257.3599-1-peter.maydell@linaro.org

---

qemu-options.hx | 30 +++++++++++++++++-------------

1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx

--- a/qemu-options.hx

+++ b/qemu-options.hx

@@ -XXX,XX +XXX,XX @@ SRST

Enables or disables ACPI Heterogeneous Memory Attribute Table

(HMAT) support. The default is off.

- ``memory-backend='id'``

+ ``memory-backend='id'``

An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options.

Allows to use a memory backend as main RAM.

For example:

::

- -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on

- -machine memory-backend=pc.ram

- -m 512M

+ -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on

+ -machine memory-backend=pc.ram

+ -m 512M

Migration compatibility note:

- a) as backend id one shall use value of 'default-ram-id', advertised by

- machine type (available via ``query-machines`` QMP command), if migration

- to/from old QEMU (<5.0) is expected.

- b) for machine types 4.0 and older, user shall

- use ``x-use-canonical-path-for-ramblock-id=off`` backend option

- if migration to/from old QEMU (<5.0) is expected.

+

+ * as backend id one shall use value of 'default-ram-id', advertised by

+ machine type (available via ``query-machines`` QMP command), if migration

+ to/from old QEMU (<5.0) is expected.

+ * for machine types 4.0 and older, user shall

+ use ``x-use-canonical-path-for-ramblock-id=off`` backend option

+ if migration to/from old QEMU (<5.0) is expected.

+

For example:

::

- -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off

- -machine memory-backend=pc.ram

- -m 512M

+

+ -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off

+ -machine memory-backend=pc.ram

+ -m 512M

ERST

HXCOMM Deprecated by -machine

For M-profile, unlike A-profile, the low 2 bits of SP are defined to be

RES0H, which is to say that they must be hardwired to zero so that

guest attempts to write non-zero values to them are ignored.

Implement this behaviour by masking out the low bits:

* for writes to r13 by the gdbstub

* for writes to any of the various flavours of SP via MSR

* for writes to r13 via store_reg() in generated code

Note that all the direct uses of cpu_R[] in translate.c are in places

where the register is definitely not r13 (usually because that has

been checked for as an UNDEFINED or UNPREDICTABLE case and handled as

UNDEF).

All the other writes to regs[13] in C code are either:

* A-profile only code

* writes of values we can guarantee to be aligned, such as

- writes of previous-SP-value plus or minus a 4-aligned constant

- writes of the value in an SP limit register (which we already

enforce to be aligned)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Message-id: 20210723162146.5167-2-peter.maydell@linaro.org

target/arm/gdbstub.c | 4 ++++

target/arm/m_helper.c | 14 ++++++++------

target/arm/translate.c | 3 +++

3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c

--- a/target/arm/gdbstub.c

+++ b/target/arm/gdbstub.c

@@ -XXX,XX +XXX,XX @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)

if (n < 16) {

/* Core integer register. */

+ if (n == 13 && arm_feature(env, ARM_FEATURE_M)) {

+ /* M profile SP low bits are always 0 */

+ tmp &= ~3;

+ }

env->regs[n] = tmp;

return 4;

}

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/m_helper.c

+++ b/target/arm/m_helper.c

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

if (!env->v7m.secure) {

return;

}

- env->v7m.other_ss_msp = val;

+ env->v7m.other_ss_msp = val & ~3;

return;

case 0x89: /* PSP_NS */

if (!env->v7m.secure) {

return;

}

- env->v7m.other_ss_psp = val;

+ env->v7m.other_ss_psp = val & ~3;

return;

case 0x8a: /* MSPLIM_NS */

if (!env->v7m.secure) {

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

limit = is_psp ? env->v7m.psplim[false] : env->v7m.msplim[false];

+ val &= ~0x3;

+

if (val < limit) {

raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());

}

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

break;

case 8: /* MSP */

if (v7m_using_psp(env)) {

- env->v7m.other_sp = val;

+ env->v7m.other_sp = val & ~3;

} else {

- env->regs[13] = val;

+ env->regs[13] = val & ~3;

}

break;

case 9: /* PSP */

if (v7m_using_psp(env)) {

- env->regs[13] = val;

+ env->regs[13] = val & ~3;

} else {

- env->v7m.other_sp = val;

+ env->v7m.other_sp = val & ~3;

}

break;

case 10: /* MSPLIM */

diff --git a/target/arm/translate.c b/target/arm/translate.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ void store_reg(DisasContext *s, int reg, TCGv_i32 var)

*/

tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);

s->base.is_jmp = DISAS_JUMP;

+ } else if (reg == 13 && arm_dc_feature(s, ARM_FEATURE_M)) {

+ /* For M-profile SP bits [1:0] are always zero */

+ tcg_gen_andi_i32(var, var, ~3);

}

tcg_gen_mov_i32(cpu_R[reg], var);

tcg_temp_free_i32(var);

In do_v7m_exception_exit(), we perform various checks as part of

performing the exception return. If one of these checks fails, the

architecture requires that we take an appropriate exception on the

existing stackframe. We implement this by calling

v7m_exception_taken() to set up to take the new exception, and then

immediately returning from do_v7m_exception_exit() without proceeding

any further with the unstack-and-exception-return process.

In a couple of checks that are new in v8.1M, we forgot the "return"

statement, with the effect that if bad code in the guest tripped over

these checks we would set up to take a UsageFault exception but then

blunder on trying to also unstack and return from the original

exception, with the probable result that the guest would crash.

Add the missing return statements.

target/arm/m_helper.c | 2 ++

1 file changed, 2 insertions(+)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c

--- a/target/arm/m_helper.c

+++ b/target/arm/m_helper.c

@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)

qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "

"stackframe: NSACR prevents clearing FPU registers\n");

v7m_exception_taken(cpu, excret, true, false);

+ return;

} else if (!cpacr_pass) {

armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,

exc_secure);

@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)

qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "

"stackframe: CPACR prevents clearing FPU registers\n");

v7m_exception_taken(cpu, excret, true, false);

+ return;

}

}

/* Clear s0..s15, FPSCR and VPR */

For M-profile, we weren't reporting alignment faults triggered by the

generic TCG code correctly to the guest. These get passed into

arm_v7m_cpu_do_interrupt() as an EXCP_DATA_ABORT with an A-profile

style exception.fsr value of 1. We didn't check for this, and so

they fell through into the default of "assume this is an MPU fault"

and were reported to the guest as a data access violation MPU fault.

Report these alignment faults as UsageFaults which set the UNALIGNED

bit in the UFSR.

Message-id: 20210723162146.5167-4-peter.maydell@linaro.org

target/arm/m_helper.c | 8 ++++++++

1 file changed, 8 insertions(+)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c

--- a/target/arm/m_helper.c

+++ b/target/arm/m_helper.c

@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)

env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;

break;

case EXCP_UNALIGNED:

+ /* Unaligned faults reported by M-profile aware code */

armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);

env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;

break;

@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)

}

armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);

break;

+ case 0x1: /* Alignment fault reported by generic code */

+ qemu_log_mask(CPU_LOG_INT,

+ "...really UsageFault with UFSR.UNALIGNED\n");

+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;

+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,

+ env->v7m.secure);

+ break;

default:

/*

* All other FSR values are either MPU faults or "can't happen

The ISCR.ISRPENDING bit is set when an external interrupt is pending.

This is true whether that external interrupt is enabled or not.

This means that we can't use 's->vectpending == 0' as a shortcut to

"ISRPENDING is zero", because s->vectpending indicates only the

highest priority pending enabled interrupt.

Remove the incorrect optimization so that if there is no pending

enabled interrupt we fall through to scanning through the whole

interrupt array.

Message-id: 20210723162146.5167-5-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 9 ++++-----

1 file changed, 4 insertions(+), 5 deletions(-)

@@ -XXX,XX +XXX,XX @@ static bool nvic_isrpending(NVICState *s)

{

int irq;

- /* We can shortcut if the highest priority pending interrupt

- * happens to be external or if there is nothing pending.

+ /*

+ * We can shortcut if the highest priority pending interrupt

+ * happens to be external; if not we need to check the whole

+ * vectors[] array.

if (s->vectpending > NVIC_FIRST_IRQ) {

return true;

}

- if (s->vectpending == 0) {

- return false;

- }

for (irq = NVIC_FIRST_IRQ; irq < s->num_irq; irq++) {

if (s->vectors[irq].pending) {

The VECTPENDING field in the ICSR is 9 bits wide, in bits [20:12] of

the register. We were incorrectly masking it to 8 bits, so it would

report the wrong value if the pending exception was greater than 256.

Fix the bug.

Message-id: 20210723162146.5167-6-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

/* VECTACTIVE */

val = cpu->env.v7m.exception;

/* VECTPENDING */

- val |= (s->vectpending & 0xff) << 12;

+ val |= (s->vectpending & 0x1ff) << 12;

/* ISRPENDING - set if any external IRQ is pending */

if (nvic_isrpending(s)) {

val |= (1 << 22);

In Arm v8.1M the VECTPENDING field in the ICSR has new behaviour: if

the register is accessed NonSecure and the highest priority pending

enabled exception (that would be returned in the VECTPENDING field)

targets Secure, then the VECTPENDING field must read 1 rather than

the exception number of the pending exception. Implement this.

Message-id: 20210723162146.5167-7-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 31 ++++++++++++++++++++++++-------

1 file changed, 24 insertions(+), 7 deletions(-)

@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_acknowledge_irq(void *opaque)

nvic_irq_update(s);

}

+static bool vectpending_targets_secure(NVICState *s)

+{

+ /* Return true if s->vectpending targets Secure state */

+ if (s->vectpending_is_s_banked) {

+ return true;

+ }

+ return !exc_is_banked(s->vectpending) &&

+ exc_targets_secure(s, s->vectpending);

+}

+

void armv7m_nvic_get_pending_irq_info(void *opaque,

int *pirq, bool *ptargets_secure)

{

@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_get_pending_irq_info(void *opaque,

assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);

- if (s->vectpending_is_s_banked) {

- targets_secure = true;

- } else {

- targets_secure = !exc_is_banked(pending) &&

- exc_targets_secure(s, pending);

- }

+ targets_secure = vectpending_targets_secure(s);

trace_nvic_get_pending_irq_info(pending, targets_secure);

@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)

/* VECTACTIVE */

val = cpu->env.v7m.exception;

/* VECTPENDING */

- val |= (s->vectpending & 0x1ff) << 12;

+ if (s->vectpending) {

+ /*

+ * From v8.1M VECTPENDING must read as 1 if accessed as

+ * NonSecure and the highest priority pending and enabled

+ * exception targets Secure.

+ */

+ int vp = s->vectpending;

+ if (!attrs.secure && arm_feature(&cpu->env, ARM_FEATURE_V8_1M) &&

+ vectpending_targets_secure(s)) {

+ vp = 1;

+ }

+ val |= (vp & 0x1ff) << 12;

+ }

/* ISRPENDING - set if any external IRQ is pending */

if (nvic_isrpending(s)) {

val |= (1 << 22);

From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>

Missed in commit f3478392 "docs: Move deprecation, build

and license info out of system/"

Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>

configure | 2 +-

target/i386/cpu.c | 2 +-

MAINTAINERS | 2 +-

3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure b/configure

index XXXXXXX..XXXXXXX 100755

--- a/configure

+++ b/configure

@@ -XXX,XX +XXX,XX @@ fi

if test -n "${deprecated_features}"; then

echo "Warning, deprecated features enabled."

- echo "Please see docs/system/deprecated.rst"

+ echo "Please see docs/about/deprecated.rst"

echo " features: ${deprecated_features}"

fi

diff --git a/target/i386/cpu.c b/target/i386/cpu.c

--- a/target/i386/cpu.c

+++ b/target/i386/cpu.c

@@ -XXX,XX +XXX,XX @@ static const X86CPUDefinition builtin_x86_defs[] = {

* none", but this is just for compatibility while libvirt isn't

* adapted to resolve CPU model versions before creating VMs.

* See "Runnability guarantee of CPU models" at

- * docs/system/deprecated.rst.

+ * docs/about/deprecated.rst.

*/

X86CPUVersion default_cpu_version = 1;

diff --git a/MAINTAINERS b/MAINTAINERS

--- a/MAINTAINERS

+++ b/MAINTAINERS

@@ -XXX,XX +XXX,XX @@ F: contrib/gitdm/*

Incompatible changes

R: libvir-list@redhat.com

-F: docs/system/deprecated.rst

+F: docs/about/deprecated.rst

Build System

------------

From: Richard Henderson <richard.henderson@linaro.org>

target/arm/helper.c | 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)

@@ -XXX,XX +XXX,XX @@ static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)

{

uint32_t end_len;

- end_len = start_len &= 0xf;

+ start_len = MIN(start_len, ARM_MAX_VQ - 1);

+ end_len = start_len;

if (!test_bit(start_len, cpu->sve_vq_map)) {

end_len = find_last_bit(cpu->sve_vq_map, start_len);

assert(end_len < start_len);

From: Richard Henderson <richard.henderson@linaro.org>

Rename from sve_zcr_get_valid_len and make accessible