Series comparison

-[Qemu-devel] [PULL 00/12] target-arm queue
+[PULL 0/8] target-arm queue
-Not very much here, but several people have fallen over
+The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:
 the vector operation segfault bug, so let's get the fix
 into master.
-thanks
+  Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)
 -- PMM
 The following changes since commit d418238dca7b4e0b124135827ead3076233052b1:
   Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging (2019-05-23 12:57:17 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190523
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321
-for you to fetch changes up to 98e4f4fdb8ea05d840f51f47125924c2bb9df2df:
+for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:
-  hw/arm/exynos4210: QOM'ify the Exynos4210 SoC (2019-05-23 14:47:44 +0100)
+  target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * exynos4210: QOM'ify the Exynos4210 SoC
+ * contrib/elf2dmp: Support Windows Server 2022
- * exynos4210: Add DMA support for the Exynos4210
+ * hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
- * arm_gicv3: Fix writes to ICC_CTLR_EL3
+ * target/arm: Add Neoverse-N1 IMPDEF registers
- * arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
+ * hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
- * target/arm: Fix vector operation segfault
+ * docs/system/arm/cpu-features.rst: Fix formatting
- * target/arm: Minor improvements to BFXIL, EXTR
+ * target/arm: Don't advertise aarch64-pauth.xml to gdb
 ----------------------------------------------------------------
-Alistair Francis (1):
+Chen Baozi (1):
-      target/arm: Fix vector operation segfault
+      target/arm: Add Neoverse-N1 registers
 Guenter Roeck (1):
-      hw/arm/exynos4210: Add DMA support for the Exynos4210
+      hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
-Peter Maydell (5):
+Peter Maydell (3):
-      arm: Move system_clock_scale to armv7m_systick.h
+      hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
-      arm: Remove unnecessary includes of hw/arm/arm.h
+      docs/system/arm/cpu-features.rst: Fix formatting
-      arm: Rename hw/arm/arm.h to hw/arm/boot.h
+      target/arm: Don't advertise aarch64-pauth.xml to gdb
       hw/intc/arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
       hw/intc/arm_gicv3: Fix writes to ICC_CTLR_EL3
-Philippe Mathieu-Daudé (3):
+Viktor Prutyanov (3):
-      hw/arm/exynos4: Remove unuseful debug code
+      contrib/elf2dmp: fix code style
-      hw/arm/exynos4: Use the IEC binary prefix definitions
+      contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
-      hw/arm/exynos4210: QOM'ify the Exynos4210 SoC
+      contrib/elf2dmp: add PE name check and Windows Server 2022 support
-Richard Henderson (2):
+ docs/system/arm/cpu-features.rst |  68 ++++++++++-------------
-      target/arm: Use extract2 for EXTR
+ contrib/elf2dmp/pe.h             | 115 ++++++++++++++++++++++-----------------
-      target/arm: Simplify BFXIL expansion
+ contrib/elf2dmp/addrspace.c      |   1 +
+ contrib/elf2dmp/main.c           | 108 ++++++++++++++++++++++++------------
- include/hw/arm/allwinner-a10.h    |  2 +-
+ hw/char/cadence_uart.c           |   6 +-
- include/hw/arm/aspeed_soc.h       |  1 -
+ hw/usb/imx-usb-phy.c             |  19 ++++++-
- include/hw/arm/bcm2836.h          |  1 -
+ target/arm/cpu64.c               |  69 +++++++++++++++++++++++
- include/hw/arm/{arm.h => boot.h}  | 12 +++------
+ target/arm/gdbstub.c             |   7 +++
- include/hw/arm/exynos4210.h       |  9 +++++--
+files changed, 267 insertions(+), 126 deletions(-)
  include/hw/arm/fsl-imx25.h        |  2 +-
  include/hw/arm/fsl-imx31.h        |  2 +-
  include/hw/arm/fsl-imx6.h         |  2 +-
  include/hw/arm/fsl-imx6ul.h       |  2 +-
  include/hw/arm/fsl-imx7.h         |  2 +-
  include/hw/arm/virt.h             |  2 +-
  include/hw/arm/xlnx-versal.h      |  2 +-
  include/hw/arm/xlnx-zynqmp.h      |  2 +-
  include/hw/timer/armv7m_systick.h | 22 ++++++++++++++++
  hw/arm/armsse.c                   |  2 +-
  hw/arm/armv7m.c                   |  2 +-
  hw/arm/aspeed.c                   |  2 +-
  hw/arm/boot.c                     |  2 +-
  hw/arm/collie.c                   |  2 +-
  hw/arm/exynos4210.c               | 54 ++++++++++++++++++++++++++++++++++++---
  hw/arm/exynos4_boards.c           | 40 ++++++++---------------------
  hw/arm/highbank.c                 |  2 +-
  hw/arm/integratorcp.c             |  2 +-
  hw/arm/mainstone.c                |  2 +-
  hw/arm/microbit.c                 |  2 +-
  hw/arm/mps2-tz.c                  |  2 +-
  hw/arm/mps2.c                     |  2 +-
  hw/arm/msf2-soc.c                 |  1 -
  hw/arm/msf2-som.c                 |  2 +-
  hw/arm/musca.c                    |  2 +-
  hw/arm/musicpal.c                 |  2 +-
  hw/arm/netduino2.c                |  2 +-
  hw/arm/nrf51_soc.c                |  2 +-
  hw/arm/nseries.c                  |  2 +-
  hw/arm/omap1.c                    |  2 +-
  hw/arm/omap2.c                    |  2 +-
  hw/arm/omap_sx1.c                 |  2 +-
  hw/arm/palm.c                     |  2 +-
  hw/arm/raspi.c                    |  2 +-
  hw/arm/realview.c                 |  2 +-
  hw/arm/spitz.c                    |  2 +-
  hw/arm/stellaris.c                |  2 +-
  hw/arm/stm32f205_soc.c            |  2 +-
  hw/arm/strongarm.c                |  2 +-
  hw/arm/tosa.c                     |  2 +-
  hw/arm/versatilepb.c              |  2 +-
  hw/arm/vexpress.c                 |  2 +-
  hw/arm/virt.c                     |  2 +-
  hw/arm/xilinx_zynq.c              |  2 +-
  hw/arm/xlnx-versal.c              |  2 +-
  hw/arm/z2.c                       |  2 +-
  hw/intc/arm_gicv3_cpuif.c         |  6 ++---
  hw/intc/armv7m_nvic.c             |  1 -
  target/arm/arm-semi.c             |  1 -
  target/arm/cpu.c                  |  1 -
  target/arm/cpu64.c                |  1 -
  target/arm/kvm.c                  |  1 -
  target/arm/kvm32.c                |  1 -
  target/arm/kvm64.c                |  1 -
  target/arm/translate-a64.c        | 44 ++++++++++++++++---------------
  target/arm/translate.c            |  4 +--
 files changed, 164 insertions(+), 123 deletions(-)
  rename include/hw/arm/{arm.h => boot.h} (96%)

-[Qemu-devel] [PULL 05/12] arm: Remove unnecessary includes of hw/arm/arm.h
+[PULL 1/8] target/arm: Add Neoverse-N1 registers
-The hw/arm/arm.h header now only includes declarations relating
+From: Chen Baozi <chenbaozi@phytium.com.cn>
 to boot.c code, so it is only needed by Arm board or SoC code.
 Remove some unnecessary inclusions of it from target/arm files
 and from hw/intc/armv7m_nvic.c.
+Add implementation defined registers for neoverse-n1 which
+would be accessed by TF-A. Since there is no DSU in Qemu,
+CPUCFR_EL1.SCU bit is set to 1 to avoid DSU registers definition.
+Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
+Message-id: 20230313033936.585669-1-chenbaozi@phytium.com.cn
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190516163857.6430-3-peter.maydell@linaro.org
 ---
- hw/intc/armv7m_nvic.c | 1 -
+ target/arm/cpu64.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
- target/arm/arm-semi.c | 1 -
+file changed, 69 insertions(+)
  target/arm/cpu.c      | 1 -
  target/arm/cpu64.c    | 1 -
  target/arm/kvm.c      | 1 -
  target/arm/kvm32.c    | 1 -
  target/arm/kvm64.c    | 1 -
 files changed, 7 deletions(-)
-diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
-+++ b/hw/intc/armv7m_nvic.c
-@@ -XXX,XX +XXX,XX @@
- #include "cpu.h"
- #include "hw/sysbus.h"
- #include "qemu/timer.h"
--#include "hw/arm/arm.h"
- #include "hw/intc/armv7m_nvic.h"
- #include "target/arm/cpu.h"
- #include "exec/exec-all.h"
-diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/arm-semi.c
-+++ b/target/arm/arm-semi.c
-@@ -XXX,XX +XXX,XX @@
- #else
- #include "qemu-common.h"
- #include "exec/gdbstub.h"
--#include "hw/arm/arm.h"
- #include "qemu/cutils.h"
- #endif
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@
- #if !defined(CONFIG_USER_ONLY)
- #include "hw/loader.h"
- #endif
--#include "hw/arm/arm.h"
- #include "sysemu/sysemu.h"
- #include "sysemu/hw_accel.h"
- #include "kvm_arm.h"
 diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu64.c
 +++ b/target/arm/cpu64.c
 @@ -XXX,XX +XXX,XX @@
- #if !defined(CONFIG_USER_ONLY)
+ #include "qemu/osdep.h"
- #include "hw/loader.h"
+ #include "qapi/error.h"
- #endif
+ #include "cpu.h"
--#include "hw/arm/arm.h"
++#include "cpregs.h"
- #include "sysemu/sysemu.h"
+ #include "qemu/module.h"
  #include "sysemu/kvm.h"
- #include "kvm_arm.h"
+ #include "sysemu/hvf.h"
-diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_a64fx_initfn(Object *obj)
-index XXXXXXX..XXXXXXX 100644
+     /* TODO:  Add A64FX specific HPC extension registers */
---- a/target/arm/kvm.c
+ }
-+++ b/target/arm/kvm.c
-@@ -XXX,XX +XXX,XX @@
++static const ARMCPRegInfo neoverse_n1_cp_reginfo[] = {
- #include "cpu.h"
++    { .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
- #include "trace.h"
++      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
- #include "internals.h"
++      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
--#include "hw/arm/arm.h"
++    { .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
- #include "hw/pci/pci.h"
++      .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
- #include "exec/memattrs.h"
++      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- #include "exec/address-spaces.h"
++    { .name = "ATCR_EL3", .state = ARM_CP_STATE_AA64,
-diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
++      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 7, .opc2 = 0,
-index XXXXXXX..XXXXXXX 100644
++      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
---- a/target/arm/kvm32.c
++    { .name = "ATCR_EL12", .state = ARM_CP_STATE_AA64,
-+++ b/target/arm/kvm32.c
++      .opc0 = 3, .opc1 = 5, .crn = 15, .crm = 7, .opc2 = 0,
-@@ -XXX,XX +XXX,XX @@
++      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- #include "sysemu/kvm.h"
++    { .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
- #include "kvm_arm.h"
++      .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
- #include "internals.h"
++      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
--#include "hw/arm/arm.h"
++    { .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
- #include "qemu/log.h"
++      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
++      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- static inline void set_feature(uint64_t *features, int feature)
++    { .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
++      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
-index XXXXXXX..XXXXXXX 100644
++      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
---- a/target/arm/kvm64.c
++    { .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
-+++ b/target/arm/kvm64.c
++      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
-@@ -XXX,XX +XXX,XX @@
++      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
- #include "sysemu/kvm.h"
++    /*
- #include "kvm_arm.h"
++     * Report CPUCFR_EL1.SCU as 1, as we do not implement the DSU
- #include "internals.h"
++     * (and in particular its system registers).
--#include "hw/arm/arm.h"
++     */
++    { .name = "CPUCFR_EL1", .state = ARM_CP_STATE_AA64,
- static bool have_guest_debug;
++      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
++      .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 4 },
 +    { .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
 +      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0x961563010 },
 +    { .name = "CPUPCR_EL3", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 1,
 +      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "CPUPMR_EL3", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 3,
 +      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "CPUPOR_EL3", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 2,
 +      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "CPUPSELR_EL3", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 0,
 +      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
 +      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "ERXPFGCDN_EL1", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 2,
 +      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "ERXPFGCTL_EL1", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 1,
 +      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +    { .name = "ERXPFGF_EL1", .state = ARM_CP_STATE_AA64,
 +      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
 +      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 +};
 +
 +static void define_neoverse_n1_cp_reginfo(ARMCPU *cpu)
 +{
 +    define_arm_cp_regs(cpu, neoverse_n1_cp_reginfo);
 +}
 +
  static void aarch64_neoverse_n1_initfn(Object *obj)
  {
      ARMCPU *cpu = ARM_CPU(obj);
@@ -XXX,XX +XXX,XX @@ static void aarch64_neoverse_n1_initfn(Object *obj)
      /* From D5.1 AArch64 PMU register summary */
      cpu->isar.reset_pmcr_el0 = 0x410c3000;
 +
 +    define_neoverse_n1_cp_reginfo(cpu);
  }
  static void aarch64_host_initfn(Object *obj)
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 10/12] hw/arm/exynos4: Use the IEC binary prefix definitions
+[PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
+The cadence UART attempts to avoid allowing the guest to set invalid
 baud rate register values in the uart_write() function.  However it
 does the "mask to the size of the register field" and "check for
 invalid values" in the wrong order, which means that a malicious
 guest can get a bogus value into the register by setting also some
 high bits in the value, and cause QEMU to crash by division-by-zero.
-It eases code review, unit is explicit.
+Do the mask before the bounds check instead of afterwards.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Thomas Huth <thuth@redhat.com>
 Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
 Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
 Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Message-id: 20190520214342.13709-3-philmd@redhat.com
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Tested-by: Qiang Liu <cyruscyliu@gmail.com>
 Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
 ---
- hw/arm/exynos4_boards.c | 5 +++--
+ hw/char/cadence_uart.c | 6 ++++--
-file changed, 3 insertions(+), 2 deletions(-)
+file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
+diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/exynos4_boards.c
+--- a/hw/char/cadence_uart.c
-+++ b/hw/arm/exynos4_boards.c
++++ b/hw/char/cadence_uart.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static MemTxResult uart_write(void *opaque, hwaddr offset,
-  */
+         }
+         break;
- #include "qemu/osdep.h"
+     case R_BRGR: /* Baud rate generator */
-+#include "qemu/units.h"
++        value &= 0xffff;
- #include "qapi/error.h"
+         if (value >= 0x01) {
- #include "qemu/error-report.h"
+-            s->r[offset] = value & 0xFFFF;
- #include "qemu-common.h"
++            s->r[offset] = value;
-@@ -XXX,XX +XXX,XX @@ static int exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
+         }
- };
+         break;
+     case R_BDIV:    /* Baud rate divider */
- static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
++        value &= 0xff;
--    [EXYNOS4_BOARD_NURI]     = 0x40000000,
+         if (value >= 0x04) {
--    [EXYNOS4_BOARD_SMDKC210] = 0x40000000,
+-            s->r[offset] = value & 0xFF;
-+    [EXYNOS4_BOARD_NURI]     = 1 * GiB,
++            s->r[offset] = value;
-+    [EXYNOS4_BOARD_SMDKC210] = 1 * GiB,
+         }
- };
+         break;
+     default:
  static struct arm_boot_info exynos4_board_binfo = {
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 02/12] target/arm: Simplify BFXIL expansion
+[PULL 3/8] contrib/elf2dmp: fix code style
-From: Richard Henderson <richard.henderson@linaro.org>
+From: Viktor Prutyanov <viktor@daynix.com>
-The mask implied by the extract is redundant with the one
+Originally elf2dmp were added with some code style issues,
-implied by the deposit.  Also, fix spelling of BFXIL.
+especially in pe.h header, and some were introduced by
 d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Annie Li <annie.li@oracle.com>
-Message-id: 20190514011129.11330-3-richard.henderson@linaro.org
+Message-id: 20230222211246.883679-2-viktor@daynix.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 6 +++---
+ contrib/elf2dmp/pe.h        | 100 ++++++++++++++++++------------------
-file changed, 3 insertions(+), 3 deletions(-)
+ contrib/elf2dmp/addrspace.c |   1 +
  contrib/elf2dmp/main.c      |   9 ++--
 files changed, 57 insertions(+), 53 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/contrib/elf2dmp/pe.h
-+++ b/target/arm/translate-a64.c
++++ b/contrib/elf2dmp/pe.h
-@@ -XXX,XX +XXX,XX @@ static void disas_bitfield(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DOS_HEADER {
-             tcg_gen_extract_i64(tcg_rd, tcg_tmp, ri, len);
+ } __attribute__ ((packed)) IMAGE_DOS_HEADER;
-             return;
-         }
+ typedef struct IMAGE_FILE_HEADER {
--        /* opc == 1, BXFIL fall through to deposit */
+-  uint16_t  Machine;
--        tcg_gen_extract_i64(tcg_tmp, tcg_tmp, ri, len);
+-  uint16_t  NumberOfSections;
-+        /* opc == 1, BFXIL fall through to deposit */
+-  uint32_t  TimeDateStamp;
-+        tcg_gen_shri_i64(tcg_tmp, tcg_tmp, ri);
+-  uint32_t  PointerToSymbolTable;
-         pos = 0;
+-  uint32_t  NumberOfSymbols;
-     } else {
+-  uint16_t  SizeOfOptionalHeader;
-         /* Handle the ri > si case with a deposit
+-  uint16_t  Characteristics;
-@@ -XXX,XX +XXX,XX @@ static void disas_bitfield(DisasContext *s, uint32_t insn)
++    uint16_t  Machine;
-         len = ri;
++    uint16_t  NumberOfSections;
 +    uint32_t  TimeDateStamp;
 +    uint32_t  PointerToSymbolTable;
 +    uint32_t  NumberOfSymbols;
 +    uint16_t  SizeOfOptionalHeader;
 +    uint16_t  Characteristics;
  } __attribute__ ((packed)) IMAGE_FILE_HEADER;
  typedef struct IMAGE_DATA_DIRECTORY {
 -  uint32_t VirtualAddress;
 -  uint32_t Size;
 +    uint32_t VirtualAddress;
 +    uint32_t Size;
  } __attribute__ ((packed)) IMAGE_DATA_DIRECTORY;
  #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
  typedef struct IMAGE_OPTIONAL_HEADER64 {
 -  uint16_t  Magic; /* 0x20b */
 -  uint8_t   MajorLinkerVersion;
 -  uint8_t   MinorLinkerVersion;
 -  uint32_t  SizeOfCode;
 -  uint32_t  SizeOfInitializedData;
 -  uint32_t  SizeOfUninitializedData;
 -  uint32_t  AddressOfEntryPoint;
 -  uint32_t  BaseOfCode;
 -  uint64_t  ImageBase;
 -  uint32_t  SectionAlignment;
 -  uint32_t  FileAlignment;
 -  uint16_t  MajorOperatingSystemVersion;
 -  uint16_t  MinorOperatingSystemVersion;
 -  uint16_t  MajorImageVersion;
 -  uint16_t  MinorImageVersion;
 -  uint16_t  MajorSubsystemVersion;
 -  uint16_t  MinorSubsystemVersion;
 -  uint32_t  Win32VersionValue;
 -  uint32_t  SizeOfImage;
 -  uint32_t  SizeOfHeaders;
 -  uint32_t  CheckSum;
 -  uint16_t  Subsystem;
 -  uint16_t  DllCharacteristics;
 -  uint64_t  SizeOfStackReserve;
 -  uint64_t  SizeOfStackCommit;
 -  uint64_t  SizeOfHeapReserve;
 -  uint64_t  SizeOfHeapCommit;
 -  uint32_t  LoaderFlags;
 -  uint32_t  NumberOfRvaAndSizes;
 -  IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
 +    uint16_t  Magic; /* 0x20b */
 +    uint8_t   MajorLinkerVersion;
 +    uint8_t   MinorLinkerVersion;
 +    uint32_t  SizeOfCode;
 +    uint32_t  SizeOfInitializedData;
 +    uint32_t  SizeOfUninitializedData;
 +    uint32_t  AddressOfEntryPoint;
 +    uint32_t  BaseOfCode;
 +    uint64_t  ImageBase;
 +    uint32_t  SectionAlignment;
 +    uint32_t  FileAlignment;
 +    uint16_t  MajorOperatingSystemVersion;
 +    uint16_t  MinorOperatingSystemVersion;
 +    uint16_t  MajorImageVersion;
 +    uint16_t  MinorImageVersion;
 +    uint16_t  MajorSubsystemVersion;
 +    uint16_t  MinorSubsystemVersion;
 +    uint32_t  Win32VersionValue;
 +    uint32_t  SizeOfImage;
 +    uint32_t  SizeOfHeaders;
 +    uint32_t  CheckSum;
 +    uint16_t  Subsystem;
 +    uint16_t  DllCharacteristics;
 +    uint64_t  SizeOfStackReserve;
 +    uint64_t  SizeOfStackCommit;
 +    uint64_t  SizeOfHeapReserve;
 +    uint64_t  SizeOfHeapCommit;
 +    uint32_t  LoaderFlags;
 +    uint32_t  NumberOfRvaAndSizes;
 +    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
  } __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64;
  typedef struct IMAGE_NT_HEADERS64 {
 -  uint32_t Signature;
 -  IMAGE_FILE_HEADER FileHeader;
 -  IMAGE_OPTIONAL_HEADER64 OptionalHeader;
 +    uint32_t Signature;
 +    IMAGE_FILE_HEADER FileHeader;
 +    IMAGE_OPTIONAL_HEADER64 OptionalHeader;
  } __attribute__ ((packed)) IMAGE_NT_HEADERS64;
  typedef struct IMAGE_DEBUG_DIRECTORY {
 -  uint32_t Characteristics;
 -  uint32_t TimeDateStamp;
 -  uint16_t MajorVersion;
 -  uint16_t MinorVersion;
 -  uint32_t Type;
 -  uint32_t SizeOfData;
 -  uint32_t AddressOfRawData;
 -  uint32_t PointerToRawData;
 +    uint32_t Characteristics;
 +    uint32_t TimeDateStamp;
 +    uint16_t MajorVersion;
 +    uint16_t MinorVersion;
 +    uint32_t Type;
 +    uint32_t SizeOfData;
 +    uint32_t AddressOfRawData;
 +    uint32_t PointerToRawData;
  } __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY;
  #define IMAGE_DEBUG_TYPE_CODEVIEW   2
 diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c
 index XXXXXXX..XXXXXXX 100644
 --- a/contrib/elf2dmp/addrspace.c
 +++ b/contrib/elf2dmp/addrspace.c
@@ -XXX,XX +XXX,XX @@
  static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa)
  {
      size_t i;
 +
      for (i = 0; i < ps->block_nr; i++) {
          if (ps->block[i].paddr <= pa &&
                  pa <= ps->block[i].paddr + ps->block[i].size) {
 diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
 index XXXXXXX..XXXXXXX 100644
 --- a/contrib/elf2dmp/main.c
 +++ b/contrib/elf2dmp/main.c
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
      };
      for (i = 0; i < ps->block_nr; i++) {
 -        h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE;
 +        h.PhysicalMemoryBlock.NumberOfPages +=
 +                ps->block[i].size / ELF2DMP_PAGE_SIZE;
          h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) {
              .BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE,
              .PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE,
          };
      }
--    if (opc == 1) { /* BFM, BXFIL */
+-    h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
-+    if (opc == 1) { /* BFM, BFXIL */
++    h.RequiredDumpSpace +=
-         tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_tmp, pos, len);
++            h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
-     } else {
-         /* SBFM or UBFM: We start with zero, and we haven't modified
+     *hdr = h;
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
  static int fill_context(KDDEBUGGER_DATA64 *kdbg,
          struct va_space *vs, QEMU_Elf *qe)
  {
 -        int i;
 +    int i;
 +
      for (i = 0; i < qe->state_nr; i++) {
          uint64_t Prcb;
          uint64_t Context;
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 12/12] hw/arm/exynos4210: QOM'ify the Exynos4210 SoC
+[PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
+From: Viktor Prutyanov <viktor@daynix.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Move out PE directory search functionality to be reused not only
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+for Debug Directory processing but for arbitrary PE directory.
-Message-id: 20190520214342.13709-5-philmd@redhat.com
 Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
 Reviewed-by: Annie Li <annie.li@oracle.com>
 Message-id: 20230222211246.883679-3-viktor@daynix.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- include/hw/arm/exynos4210.h |  9 +++++++--
+ contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++-----------------
- hw/arm/exynos4210.c         | 28 ++++++++++++++++++++++++----
+file changed, 42 insertions(+), 29 deletions(-)
  hw/arm/exynos4_boards.c     |  9 ++++++---
 files changed, 37 insertions(+), 9 deletions(-)
-diff --git a/include/hw/arm/exynos4210.h b/include/hw/arm/exynos4210.h
+diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/exynos4210.h
+--- a/contrib/elf2dmp/main.c
-+++ b/include/hw/arm/exynos4210.h
++++ b/contrib/elf2dmp/main.c
-@@ -XXX,XX +XXX,XX @@ typedef struct Exynos4210Irq {
+@@ -XXX,XX +XXX,XX @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
- } Exynos4210Irq;
+     return 0;
+ }
- typedef struct Exynos4210State {
-+    /*< private >*/
++static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx,
-+    SysBusDevice parent_obj;
++        void *entry, size_t size, struct va_space *vs)
-+    /*< public >*/
++{
-     ARMCPU *cpu[EXYNOS4210_NCPUS];
++    const char e_magic[2] = "MZ";
-     Exynos4210Irq irqs;
++    const char Signature[4] = "PE\0\0";
-     qemu_irq *irq_table;
++    IMAGE_DOS_HEADER *dos_hdr = start_addr;
-@@ -XXX,XX +XXX,XX @@ typedef struct Exynos4210State {
++    IMAGE_NT_HEADERS64 nt_hdrs;
-     I2CBus *i2c_if[EXYNOS4210_I2C_NUMBER];
++    IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
- } Exynos4210State;
++    IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
++    IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
 +#define TYPE_EXYNOS4210_SOC "exynos4210"
 +#define EXYNOS4210_SOC(obj) \
 +    OBJECT_CHECK(Exynos4210State, obj, TYPE_EXYNOS4210_SOC)
 +
- void exynos4210_write_secondary(ARMCPU *cpu,
++    QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
          const struct arm_boot_info *info);
 -Exynos4210State *exynos4210_init(MemoryRegion *system_mem);
 -
  /* Initialize exynos4210 IRQ subsystem stub */
  qemu_irq *exynos4210_init_irq(Exynos4210Irq *env);
 diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/exynos4210.c
 +++ b/hw/arm/exynos4210.c
@@ -XXX,XX +XXX,XX @@ static void pl330_create(uint32_t base, qemu_irq irq, int nreq)
      sysbus_connect_irq(busdev, 0, irq);
  }
 -Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
 +static void exynos4210_realize(DeviceState *socdev, Error **errp)
  {
 -    Exynos4210State *s = g_new0(Exynos4210State, 1);
 +    Exynos4210State *s = EXYNOS4210_SOC(socdev);
 +    MemoryRegion *system_mem = get_system_memory();
      qemu_irq gate_irq[EXYNOS4210_NCPUS][EXYNOS4210_IRQ_GATE_NINPUTS];
      SysBusDevice *busdev;
      DeviceState *dev;
@@ -XXX,XX +XXX,XX @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
                   qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
      pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
                   qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
 -
 -    return s;
  }
 +
-+static void exynos4210_class_init(ObjectClass *klass, void *data)
++    if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
-+{
++        return 1;
-+    DeviceClass *dc = DEVICE_CLASS(klass);
++    }
 +
-+    dc->realize = exynos4210_realize;
++    if (va_space_rw(vs, base + dos_hdr->e_lfanew,
 +                &nt_hdrs, sizeof(nt_hdrs), 0)) {
 +        return 1;
 +    }
 +
 +    if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
 +            file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
 +        return 1;
 +    }
 +
 +    if (va_space_rw(vs,
 +                base + data_dir[idx].VirtualAddress,
 +                entry, size, 0)) {
 +        return 1;
 +    }
 +
 +    printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx,
 +            (uint32_t)data_dir[idx].VirtualAddress);
 +
 +    return 0;
 +}
 +
-+static const TypeInfo exynos4210_info = {
+ static int write_dump(struct pa_space *ps,
-+    .name = TYPE_EXYNOS4210_SOC,
+         WinDumpHeader64 *hdr, const char *name)
-+    .parent = TYPE_SYS_BUS_DEVICE,
+ {
-+    .instance_size = sizeof(Exynos4210State),
+@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
-+    .class_init = exynos4210_class_init,
+ static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
-+};
+         char *hash, struct va_space *vs)
-+
+ {
-+static void exynos4210_register_types(void)
+-    const char e_magic[2] = "MZ";
-+{
+-    const char Signature[4] = "PE\0\0";
-+    type_register_static(&exynos4210_info);
+     const char sign_rsds[4] = "RSDS";
-+}
+-    IMAGE_DOS_HEADER *dos_hdr = start_addr;
-+
+-    IMAGE_NT_HEADERS64 nt_hdrs;
-+type_init(exynos4210_register_types)
+-    IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
-diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
+-    IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
-index XXXXXXX..XXXXXXX 100644
+-    IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
---- a/hw/arm/exynos4_boards.c
+     IMAGE_DEBUG_DIRECTORY debug_dir;
-+++ b/hw/arm/exynos4_boards.c
+     OMFSignatureRSDS rsds;
-@@ -XXX,XX +XXX,XX @@ typedef enum Exynos4BoardType {
+     char *pdb_name;
- } Exynos4BoardType;
+     size_t pdb_name_sz;
+     size_t i;
- typedef struct Exynos4BoardState {
--    Exynos4210State *soc;
+-    QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
-+    Exynos4210State soc;
+-
-     MemoryRegion dram0_mem;
+-    if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
-     MemoryRegion dram1_mem;
+-        return 1;
- } Exynos4BoardState;
+-    }
-@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,
+-
-     exynos4_boards_init_ram(s, get_system_memory(),
+-    if (va_space_rw(vs, base + dos_hdr->e_lfanew,
-                             exynos4_board_ram_size[board_type]);
+-                &nt_hdrs, sizeof(nt_hdrs), 0)) {
+-        return 1;
--    s->soc = exynos4210_init(get_system_memory());
+-    }
-+    object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
+-
-+    qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
+-    if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
-+    object_property_set_bool(OBJECT(&s->soc), true, "realized",
+-            file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
-+                             &error_fatal);
+-        return 1;
+-    }
-     return s;
+-
- }
+-    printf("Debug Directory RVA = 0x%08"PRIx32"\n",
-@@ -XXX,XX +XXX,XX @@ static void smdkc210_init(MachineState *machine)
+-            (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress);
-                                                       EXYNOS4_BOARD_SMDKC210);
+-
+-    if (va_space_rw(vs,
-     lan9215_init(SMDK_LAN9118_BASE_ADDR,
+-                base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress,
--            qemu_irq_invert(s->soc->irq_table[exynos4210_get_irq(37, 1)]));
+-                &debug_dir, sizeof(debug_dir), 0)) {
-+            qemu_irq_invert(s->soc.irq_table[exynos4210_get_irq(37, 1)]));
++    if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY,
-     arm_load_kernel(ARM_CPU(first_cpu), &exynos4_board_binfo);
++                &debug_dir, sizeof(debug_dir), vs)) {
- }
++        eprintf("Failed to get Debug Directory\n");
          return 1;
      }
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 01/12] target/arm: Use extract2 for EXTR
+[PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support
-From: Richard Henderson <richard.henderson@linaro.org>
+From: Viktor Prutyanov <viktor@daynix.com>
-This is, after all, how we implement extract2 in tcg/aarch64.
+Since its inception elf2dmp has checked MZ signatures within an
 address space above IDT[0] interrupt vector and took first PE image
 found as Windows Kernel.
 But in Windows Server 2022 memory dump this address space range is
 full of invalid PE fragments and the tool must check that PE image
 is 'ntoskrnl.exe' actually.
 So, introduce additional validation by checking image name from
 Export Directory against 'ntoskrnl.exe'.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
-Message-id: 20190514011129.11330-2-richard.henderson@linaro.org
+Reviewed-by: Annie Li <annie.li@oracle.com>
 Message-id: 20230222211246.883679-4-viktor@daynix.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 38 ++++++++++++++++++++------------------
+ contrib/elf2dmp/pe.h   | 15 +++++++++++++++
-file changed, 20 insertions(+), 18 deletions(-)
+ contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++--
 files changed, 41 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/contrib/elf2dmp/pe.h
-+++ b/target/arm/translate-a64.c
++++ b/contrib/elf2dmp/pe.h
-@@ -XXX,XX +XXX,XX @@ static void disas_extract(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_NT_HEADERS64 {
-             } else {
+     IMAGE_OPTIONAL_HEADER64 OptionalHeader;
-                 tcg_gen_ext32u_i64(tcg_rd, cpu_reg(s, rm));
+ } __attribute__ ((packed)) IMAGE_NT_HEADERS64;
-             }
--        } else if (rm == rn) { /* ROR */
++typedef struct IMAGE_EXPORT_DIRECTORY {
--            tcg_rm = cpu_reg(s, rm);
++    uint32_t    Characteristics;
--            if (sf) {
++    uint32_t    TimeDateStamp;
--                tcg_gen_rotri_i64(tcg_rd, tcg_rm, imm);
++    uint16_t    MajorVersion;
--            } else {
++    uint16_t    MinorVersion;
--                TCGv_i32 tmp = tcg_temp_new_i32();
++    uint32_t    Name;
--                tcg_gen_extrl_i64_i32(tmp, tcg_rm);
++    uint32_t    Base;
--                tcg_gen_rotri_i32(tmp, tmp, imm);
++    uint32_t    NumberOfFunctions;
--                tcg_gen_extu_i32_i64(tcg_rd, tmp);
++    uint32_t    NumberOfNames;
--                tcg_temp_free_i32(tmp);
++    uint32_t    AddressOfFunctions;
--            }
++    uint32_t    AddressOfNames;
-         } else {
++    uint32_t    AddressOfNameOrdinals;
--            tcg_rm = read_cpu_reg(s, rm, sf);
++} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY;
 -            tcg_rn = read_cpu_reg(s, rn, sf);
 -            tcg_gen_shri_i64(tcg_rm, tcg_rm, imm);
 -            tcg_gen_shli_i64(tcg_rn, tcg_rn, bitsize - imm);
 -            tcg_gen_or_i64(tcg_rd, tcg_rm, tcg_rn);
 -            if (!sf) {
 -                tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
 +            tcg_rm = cpu_reg(s, rm);
 +            tcg_rn = cpu_reg(s, rn);
 +
-+            if (sf) {
+ typedef struct IMAGE_DEBUG_DIRECTORY {
-+                /* Specialization to ROR happens in EXTRACT2.  */
+     uint32_t Characteristics;
-+                tcg_gen_extract2_i64(tcg_rd, tcg_rm, tcg_rn, imm);
+     uint32_t TimeDateStamp;
-+            } else {
+@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DEBUG_DIRECTORY {
-+                TCGv_i32 t0 = tcg_temp_new_i32();
+ #define IMAGE_DEBUG_TYPE_CODEVIEW   2
  #endif
 +#define IMAGE_FILE_EXPORT_DIRECTORY 0
  #define IMAGE_FILE_DEBUG_DIRECTORY  6
  typedef struct guid_t {
 diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
 index XXXXXXX..XXXXXXX 100644
 --- a/contrib/elf2dmp/main.c
 +++ b/contrib/elf2dmp/main.c
@@ -XXX,XX +XXX,XX @@
  #define SYM_URL_BASE    "https://msdl.microsoft.com/download/symbols/"
  #define PDB_NAME    "ntkrnlmp.pdb"
 +#define PE_NAME     "ntoskrnl.exe"
  #define INITIAL_MXCSR   0x1f80
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
      return fclose(dmp_file);
  }
 +static bool pe_check_export_name(uint64_t base, void *start_addr,
 +        struct va_space *vs)
 +{
 +    IMAGE_EXPORT_DIRECTORY export_dir;
 +    const char *pe_name;
 +
-+                tcg_gen_extrl_i64_i32(t0, tcg_rm);
++    if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY,
-+                if (rm == rn) {
++                &export_dir, sizeof(export_dir), vs)) {
-+                    tcg_gen_rotri_i32(t0, t0, imm);
++        return false;
-+                } else {
++    }
-+                    TCGv_i32 t1 = tcg_temp_new_i32();
++
-+                    tcg_gen_extrl_i64_i32(t1, tcg_rn);
++    pe_name = va_space_resolve(vs, base + export_dir.Name);
-+                    tcg_gen_extract2_i32(t0, t0, t1, imm);
++    if (!pe_name) {
-+                    tcg_temp_free_i32(t1);
++        return false;
-+                }
++    }
-+                tcg_gen_extu_i32_i64(tcg_rd, t0);
++
-+                tcg_temp_free_i32(t0);
++    return !strcmp(pe_name, PE_NAME);
-             }
++}
 +
  static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
          char *hash, struct va_space *vs)
  {
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
      uint64_t KdDebuggerDataBlock;
      KDDEBUGGER_DATA64 *kdbg;
      uint64_t KdVersionBlock;
 +    bool kernel_found = false;
      if (argc != 3) {
          eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]);
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
          }
          if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
 -            break;
 +            if (pe_check_export_name(KernBase, nt_start_addr, &vs)) {
 +                kernel_found = true;
 +                break;
 +            }
          }
      }
+-    if (!nt_start_addr) {
++    if (!kernel_found) {
+         eprintf("Failed to find NT kernel image\n");
+         err = 1;
+         goto out_ps;
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 03/12] target/arm: Fix vector operation segfault
+Deleted patch
-From: Alistair Francis <alistair.francis@wdc.com>
-Commit 89e68b575 "target/arm: Use vector operations for saturation"
-causes this abort() when booting QEMU ARM with a Cortex-A15:
-0x00007ffff4c2382f in raise () at /usr/lib/libc.so.6
-0x00007ffff4c0e672 in abort () at /usr/lib/libc.so.6
-0x00005555559c1839 in disas_neon_data_insn (insn=<optimized out>, s=<optimized out>) at ./target/arm/translate.c:6673
-0x00005555559c1839 in disas_neon_data_insn (s=<optimized out>, insn=<optimized out>) at ./target/arm/translate.c:6386
-0x00005555559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at ./target/arm/translate.c:9289
-0x00005555559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, cpu=<optimized out>) at ./target/arm/translate.c:13612
-0x00005555558d1d39 in translator_loop (ops=0x5555561cc580 <arm_translator_ops>, db=0x7fffe59a9510, cpu=0x55555686a2f0, tb=<optimized out>, max_insns=<optimized out>) at ./accel/tcg/translator.c:96
-0x00005555559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x55555686a2f0, tb=tb@entry=0x7fffd7840080 <code_gen_buffer+126091347>, max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
-0x00005555558d06b9 in tb_gen_code (cpu=cpu@entry=0x55555686a2f0, pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at ./accel/tcg/translate-all.c:1736
-0x00005555558ce467 in tb_find (cf_mask=524288, tb_exit=1, last_tb=0x7fffd783e640 <code_gen_buffer+126084627>, cpu=0x1) at ./accel/tcg/cpu-exec.c:407
-0x00005555558ce467 in cpu_exec (cpu=cpu@entry=0x55555686a2f0) at ./accel/tcg/cpu-exec.c:728
-0x000055555588b0cf in tcg_cpu_exec (cpu=0x55555686a2f0) at ./cpus.c:1431
-0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=0x55555686a2f0) at ./cpus.c:1735
-0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55555686a2f0) at ./cpus.c:1709
-0x0000555555d2629a in qemu_thread_start (args=<optimized out>) at ./util/qemu-thread-posix.c:502
-0x00007ffff4db8a92 in start_thread () at /usr/lib/libpthread.
-This patch ensures that we don't hit the abort() in the second switch
-case in disas_neon_data_insn() as we will return from the first case.
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Tested-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: ad91b397f360b2fc7f4087e476f7df5b04d42ddb.1558021877.git.alistair.francis@wdc.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
-             tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
-                            rn_ofs, rm_ofs, vec_size, vec_size,
-                            (u ? uqadd_op : sqadd_op) + size);
--            break;
-+            return 0;
-         case NEON_3R_VQSUB:
-             tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
-                            rn_ofs, rm_ofs, vec_size, vec_size,
-                            (u ? uqsub_op : sqsub_op) + size);
--            break;
-+            return 0;
-         case NEON_3R_VMUL: /* VMUL */
-             if (u) {
---
-.20.1

-[Qemu-devel] [PULL 04/12] arm: Move system_clock_scale to armv7m_systick.h
+Deleted patch
-The system_clock_scale global is used only by the armv7m systick
-device; move the extern declaration to the armv7m_systick.h header,
-and expand the comment to explain what it is and that it should
-ideally be replaced with a different approach.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190516163857.6430-2-peter.maydell@linaro.org
----
- include/hw/arm/arm.h              |  4 ----
- include/hw/timer/armv7m_systick.h | 22 ++++++++++++++++++++++
-files changed, 22 insertions(+), 4 deletions(-)
-diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/arm.h
-+++ b/include/hw/arm/arm.h
-@@ -XXX,XX +XXX,XX @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
-                                             const struct arm_boot_info *info,
-                                             hwaddr mvbar_addr);
--/* Multiplication factor to convert from system clock ticks to qemu timer
--   ticks.  */
--extern int system_clock_scale;
--
- #endif /* HW_ARM_H */
-diff --git a/include/hw/timer/armv7m_systick.h b/include/hw/timer/armv7m_systick.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/timer/armv7m_systick.h
-+++ b/include/hw/timer/armv7m_systick.h
-@@ -XXX,XX +XXX,XX @@ typedef struct SysTickState {
-     qemu_irq irq;
- } SysTickState;
-+/*
-+ * Multiplication factor to convert from system clock ticks to qemu timer
-+ * ticks. This should be set (by board code, usually) to a value
-+ * equal to NANOSECONDS_PER_SECOND / frq, where frq is the clock frequency
-+ * in Hz of the CPU.
-+ *
-+ * This value is used by the systick device when it is running in
-+ * its "use the CPU clock" mode (ie when SYST_CSR.CLKSOURCE == 1) to
-+ * set how fast the timer should tick.
-+ *
-+ * TODO: we should refactor this so that rather than using a global
-+ * we use a device property or something similar. This is complicated
-+ * because (a) the property would need to be plumbed through from the
-+ * board code down through various layers to the systick device
-+ * and (b) the property needs to be modifiable after realize, because
-+ * the stellaris board uses this to implement the behaviour where the
-+ * guest can reprogram the PLL registers to downclock the CPU, and the
-+ * systick device needs to react accordingly. Possibly this should
-+ * be deferred until we have a good API for modelling clock trees.
-+ */
-+extern int system_clock_scale;
-+
- #endif
---
-.20.1

-[Qemu-devel] [PULL 06/12] arm: Rename hw/arm/arm.h to hw/arm/boot.h
+Deleted patch
-The header file hw/arm/arm.h now includes only declarations
-relating to hw/arm/boot.c functionality. Rename it accordingly,
-and adjust its header comment.
-The bulk of this commit was created via
- perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h
-In a few cases we can just delete the #include:
-hw/arm/msf2-soc.c, include/hw/arm/aspeed_soc.h and
-include/hw/arm/bcm2836.h did not require it.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190516163857.6430-4-peter.maydell@linaro.org
----
- include/hw/arm/allwinner-a10.h   | 2 +-
- include/hw/arm/aspeed_soc.h      | 1 -
- include/hw/arm/bcm2836.h         | 1 -
- include/hw/arm/{arm.h => boot.h} | 8 ++++----
- include/hw/arm/fsl-imx25.h       | 2 +-
- include/hw/arm/fsl-imx31.h       | 2 +-
- include/hw/arm/fsl-imx6.h        | 2 +-
- include/hw/arm/fsl-imx6ul.h      | 2 +-
- include/hw/arm/fsl-imx7.h        | 2 +-
- include/hw/arm/virt.h            | 2 +-
- include/hw/arm/xlnx-versal.h     | 2 +-
- include/hw/arm/xlnx-zynqmp.h     | 2 +-
- hw/arm/armsse.c                  | 2 +-
- hw/arm/armv7m.c                  | 2 +-
- hw/arm/aspeed.c                  | 2 +-
- hw/arm/boot.c                    | 2 +-
- hw/arm/collie.c                  | 2 +-
- hw/arm/exynos4210.c              | 2 +-
- hw/arm/exynos4_boards.c          | 2 +-
- hw/arm/highbank.c                | 2 +-
- hw/arm/integratorcp.c            | 2 +-
- hw/arm/mainstone.c               | 2 +-
- hw/arm/microbit.c                | 2 +-
- hw/arm/mps2-tz.c                 | 2 +-
- hw/arm/mps2.c                    | 2 +-
- hw/arm/msf2-soc.c                | 1 -
- hw/arm/msf2-som.c                | 2 +-
- hw/arm/musca.c                   | 2 +-
- hw/arm/musicpal.c                | 2 +-
- hw/arm/netduino2.c               | 2 +-
- hw/arm/nrf51_soc.c               | 2 +-
- hw/arm/nseries.c                 | 2 +-
- hw/arm/omap1.c                   | 2 +-
- hw/arm/omap2.c                   | 2 +-
- hw/arm/omap_sx1.c                | 2 +-
- hw/arm/palm.c                    | 2 +-
- hw/arm/raspi.c                   | 2 +-
- hw/arm/realview.c                | 2 +-
- hw/arm/spitz.c                   | 2 +-
- hw/arm/stellaris.c               | 2 +-
- hw/arm/stm32f205_soc.c           | 2 +-
- hw/arm/strongarm.c               | 2 +-
- hw/arm/tosa.c                    | 2 +-
- hw/arm/versatilepb.c             | 2 +-
- hw/arm/vexpress.c                | 2 +-
- hw/arm/virt.c                    | 2 +-
- hw/arm/xilinx_zynq.c             | 2 +-
- hw/arm/xlnx-versal.c             | 2 +-
- hw/arm/z2.c                      | 2 +-
-files changed, 49 insertions(+), 52 deletions(-)
- rename include/hw/arm/{arm.h => boot.h} (98%)
-diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/allwinner-a10.h
-+++ b/include/hw/arm/allwinner-a10.h
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "qemu/error-report.h"
- #include "hw/char/serial.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/timer/allwinner-a10-pit.h"
- #include "hw/intc/allwinner-a10-pic.h"
- #include "hw/net/allwinner_emac.h"
-diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/aspeed_soc.h
-+++ b/include/hw/arm/aspeed_soc.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef ASPEED_SOC_H
- #define ASPEED_SOC_H
--#include "hw/arm/arm.h"
- #include "hw/intc/aspeed_vic.h"
- #include "hw/misc/aspeed_scu.h"
- #include "hw/misc/aspeed_sdmc.h"
-diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/bcm2836.h
-+++ b/include/hw/arm/bcm2836.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef BCM2836_H
- #define BCM2836_H
--#include "hw/arm/arm.h"
- #include "hw/arm/bcm2835_peripherals.h"
- #include "hw/intc/bcm2836_control.h"
-diff --git a/include/hw/arm/arm.h b/include/hw/arm/boot.h
-similarity index 98%
-rename from include/hw/arm/arm.h
-rename to include/hw/arm/boot.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/arm.h
-+++ b/include/hw/arm/boot.h
-@@ -XXX,XX +XXX,XX @@
- /*
-- * Misc ARM declarations
-+ * ARM kernel loader.
-  *
-  * Copyright (c) 2006 CodeSourcery.
-  * Written by Paul Brook
-@@ -XXX,XX +XXX,XX @@
-  *
-  */
--#ifndef HW_ARM_H
--#define HW_ARM_H
-+#ifndef HW_ARM_BOOT_H
-+#define HW_ARM_BOOT_H
- #include "exec/memory.h"
- #include "target/arm/cpu-qom.h"
-@@ -XXX,XX +XXX,XX @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
-                                             const struct arm_boot_info *info,
-                                             hwaddr mvbar_addr);
--#endif /* HW_ARM_H */
-+#endif /* HW_ARM_BOOT_H */
-diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx25.h
-+++ b/include/hw/arm/fsl-imx25.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef FSL_IMX25_H
- #define FSL_IMX25_H
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/intc/imx_avic.h"
- #include "hw/misc/imx25_ccm.h"
- #include "hw/char/imx_serial.h"
-diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx31.h
-+++ b/include/hw/arm/fsl-imx31.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef FSL_IMX31_H
- #define FSL_IMX31_H
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/intc/imx_avic.h"
- #include "hw/misc/imx31_ccm.h"
- #include "hw/char/imx_serial.h"
-diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx6.h
-+++ b/include/hw/arm/fsl-imx6.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef FSL_IMX6_H
- #define FSL_IMX6_H
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/cpu/a9mpcore.h"
- #include "hw/misc/imx6_ccm.h"
- #include "hw/misc/imx6_src.h"
-diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx6ul.h
-+++ b/include/hw/arm/fsl-imx6ul.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef FSL_IMX6UL_H
- #define FSL_IMX6UL_H
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/cpu/a15mpcore.h"
- #include "hw/misc/imx6ul_ccm.h"
- #include "hw/misc/imx6_src.h"
-diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx7.h
-+++ b/include/hw/arm/fsl-imx7.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef FSL_IMX7_H
- #define FSL_IMX7_H
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/cpu/a15mpcore.h"
- #include "hw/intc/imx_gpcv2.h"
- #include "hw/misc/imx7_ccm.h"
-diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/virt.h
-+++ b/include/hw/arm/virt.h
-@@ -XXX,XX +XXX,XX @@
- #include "exec/hwaddr.h"
- #include "qemu/notify.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/block/flash.h"
- #include "sysemu/kvm.h"
- #include "hw/intc/arm_gicv3_common.h"
-diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/xlnx-versal.h
-+++ b/include/hw/arm/xlnx-versal.h
-@@ -XXX,XX +XXX,XX @@
- #define XLNX_VERSAL_H
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/intc/arm_gicv3.h"
- #define TYPE_XLNX_VERSAL "xlnx-versal"
-diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/xlnx-zynqmp.h
-+++ b/include/hw/arm/xlnx-zynqmp.h
-@@ -XXX,XX +XXX,XX @@
- #ifndef XLNX_ZYNQMP_H
- #include "qemu-common.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/intc/arm_gic.h"
- #include "hw/net/cadence_gem.h"
- #include "hw/char/cadence_uart.h"
-diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/armsse.c
-+++ b/hw/arm/armsse.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/sysbus.h"
- #include "hw/registerfields.h"
- #include "hw/arm/armsse.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- /* Format of the System Information block SYS_CONFIG register */
- typedef enum SysConfigFormat {
-diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/armv7m.c
-+++ b/hw/arm/armv7m.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/loader.h"
- #include "elf.h"
- #include "sysemu/qtest.h"
-diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/aspeed.c
-+++ b/hw/arm/aspeed.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "exec/address-spaces.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/aspeed.h"
- #include "hw/arm/aspeed_soc.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/boot.c b/hw/arm/boot.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/boot.c
-+++ b/hw/arm/boot.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include <libfdt.h>
- #include "hw/hw.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/linux-boot-if.h"
- #include "sysemu/kvm.h"
- #include "sysemu/sysemu.h"
-diff --git a/hw/arm/collie.c b/hw/arm/collie.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/collie.c
-+++ b/hw/arm/collie.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/sysbus.h"
- #include "hw/boards.h"
- #include "strongarm.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/block/flash.h"
- #include "exec/address-spaces.h"
- #include "cpu.h"
-diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/exynos4210.c
-+++ b/hw/arm/exynos4210.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/boards.h"
- #include "sysemu/sysemu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/loader.h"
- #include "hw/arm/exynos4210.h"
- #include "hw/sd/sdhci.h"
-diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/exynos4_boards.c
-+++ b/hw/arm/exynos4_boards.c
-@@ -XXX,XX +XXX,XX @@
- #include "sysemu/sysemu.h"
- #include "hw/sysbus.h"
- #include "net/net.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "exec/address-spaces.h"
- #include "hw/arm/exynos4210.h"
- #include "hw/net/lan9118.h"
-diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/highbank.c
-+++ b/hw/arm/highbank.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/loader.h"
- #include "net/net.h"
- #include "sysemu/kvm.h"
-diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/integratorcp.c
-+++ b/hw/arm/integratorcp.c
-@@ -XXX,XX +XXX,XX @@
- #include "cpu.h"
- #include "hw/sysbus.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/misc/arm_integrator_debug.h"
- #include "hw/net/smc91c111.h"
- #include "net/net.h"
-diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/mainstone.c
-+++ b/hw/arm/mainstone.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "hw/hw.h"
- #include "hw/arm/pxa.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "net/net.h"
- #include "hw/net/smc91c111.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/microbit.c b/hw/arm/microbit.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/microbit.c
-+++ b/hw/arm/microbit.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "sysemu/sysemu.h"
- #include "exec/address-spaces.h"
-diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/mps2-tz.c
-+++ b/hw/arm/mps2-tz.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "qemu/error-report.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/armv7m.h"
- #include "hw/or-irq.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/mps2.c
-+++ b/hw/arm/mps2.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "qemu/error-report.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/armv7m.h"
- #include "hw/or-irq.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/msf2-soc.c
-+++ b/hw/arm/msf2-soc.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/units.h"
- #include "qapi/error.h"
- #include "qemu-common.h"
--#include "hw/arm/arm.h"
- #include "exec/address-spaces.h"
- #include "hw/char/serial.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/msf2-som.c
-+++ b/hw/arm/msf2-som.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "qemu/error-report.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "exec/address-spaces.h"
- #include "hw/arm/msf2-soc.h"
- #include "cpu.h"
-diff --git a/hw/arm/musca.c b/hw/arm/musca.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/musca.c
-+++ b/hw/arm/musca.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "exec/address-spaces.h"
- #include "sysemu/sysemu.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/armsse.h"
- #include "hw/boards.h"
- #include "hw/char/pl011.h"
-diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/musicpal.c
-+++ b/hw/arm/musicpal.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "net/net.h"
- #include "sysemu/sysemu.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/netduino2.c b/hw/arm/netduino2.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/netduino2.c
-+++ b/hw/arm/netduino2.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/boards.h"
- #include "qemu/error-report.h"
- #include "hw/arm/stm32f205_soc.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- static void netduino2_init(MachineState *machine)
- {
-diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/nrf51_soc.c
-+++ b/hw/arm/nrf51_soc.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "qemu-common.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/sysbus.h"
- #include "hw/boards.h"
- #include "hw/misc/unimp.h"
-diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/nseries.c
-+++ b/hw/arm/nseries.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/bswap.h"
- #include "sysemu/sysemu.h"
- #include "hw/arm/omap.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/irq.h"
- #include "ui/console.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/omap1.c
-+++ b/hw/arm/omap1.c
-@@ -XXX,XX +XXX,XX @@
- #include "cpu.h"
- #include "hw/boards.h"
- #include "hw/hw.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/omap.h"
- #include "sysemu/sysemu.h"
- #include "hw/arm/soc_dma.h"
-diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/omap2.c
-+++ b/hw/arm/omap2.c
-@@ -XXX,XX +XXX,XX @@
- #include "sysemu/qtest.h"
- #include "hw/boards.h"
- #include "hw/hw.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/omap.h"
- #include "sysemu/sysemu.h"
- #include "qemu/timer.h"
-diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/omap_sx1.c
-+++ b/hw/arm/omap_sx1.c
-@@ -XXX,XX +XXX,XX @@
- #include "ui/console.h"
- #include "hw/arm/omap.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/block/flash.h"
- #include "sysemu/qtest.h"
- #include "exec/address-spaces.h"
-diff --git a/hw/arm/palm.c b/hw/arm/palm.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/palm.c
-+++ b/hw/arm/palm.c
-@@ -XXX,XX +XXX,XX @@
- #include "ui/console.h"
- #include "hw/arm/omap.h"
- #include "hw/boards.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/input/tsc2xxx.h"
- #include "hw/loader.h"
- #include "exec/address-spaces.h"
-diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/raspi.c
-+++ b/hw/arm/raspi.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/error-report.h"
- #include "hw/boards.h"
- #include "hw/loader.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "sysemu/sysemu.h"
- #define SMPBOOT_ADDR    0x300 /* this should leave enough space for ATAGS */
-diff --git a/hw/arm/realview.c b/hw/arm/realview.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/realview.c
-+++ b/hw/arm/realview.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/primecell.h"
- #include "hw/net/lan9118.h"
- #include "hw/net/smc91c111.h"
-diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/spitz.c
-+++ b/hw/arm/spitz.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "hw/hw.h"
- #include "hw/arm/pxa.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "sysemu/sysemu.h"
- #include "hw/pcmcia.h"
- #include "hw/i2c/i2c.h"
-diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/stellaris.c
-+++ b/hw/arm/stellaris.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "hw/sysbus.h"
- #include "hw/ssi/ssi.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "qemu/timer.h"
- #include "hw/i2c/i2c.h"
- #include "net/net.h"
-diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/stm32f205_soc.c
-+++ b/hw/arm/stm32f205_soc.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qapi/error.h"
- #include "qemu-common.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "exec/address-spaces.h"
- #include "hw/arm/stm32f205_soc.h"
-diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/strongarm.c
-+++ b/hw/arm/strongarm.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/sysbus.h"
- #include "strongarm.h"
- #include "qemu/error-report.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "chardev/char-fe.h"
- #include "chardev/char-serial.h"
- #include "sysemu/sysemu.h"
-diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/tosa.c
-+++ b/hw/arm/tosa.c
-@@ -XXX,XX +XXX,XX @@
- #include "qapi/error.h"
- #include "hw/hw.h"
- #include "hw/arm/pxa.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/sharpsl.h"
- #include "hw/pcmcia.h"
- #include "hw/boards.h"
-diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/versatilepb.c
-+++ b/hw/arm/versatilepb.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/net/smc91c111.h"
- #include "net/net.h"
- #include "sysemu/sysemu.h"
-diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/vexpress.c
-+++ b/hw/arm/vexpress.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/primecell.h"
- #include "hw/net/lan9118.h"
- #include "hw/i2c/i2c.h"
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/option.h"
- #include "qapi/error.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/arm/primecell.h"
- #include "hw/arm/virt.h"
- #include "hw/block/flash.h"
-diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/xilinx_zynq.c
-+++ b/hw/arm/xilinx_zynq.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu-common.h"
- #include "cpu.h"
- #include "hw/sysbus.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "net/net.h"
- #include "exec/address-spaces.h"
- #include "sysemu/sysemu.h"
-diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/xlnx-versal.c
-+++ b/hw/arm/xlnx-versal.c
-@@ -XXX,XX +XXX,XX @@
- #include "net/net.h"
- #include "sysemu/sysemu.h"
- #include "sysemu/kvm.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "kvm_arm.h"
- #include "hw/misc/unimp.h"
- #include "hw/intc/arm_gicv3_common.h"
-diff --git a/hw/arm/z2.c b/hw/arm/z2.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/z2.c
-+++ b/hw/arm/z2.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "hw/hw.h"
- #include "hw/arm/pxa.h"
--#include "hw/arm/arm.h"
-+#include "hw/arm/boot.h"
- #include "hw/i2c/i2c.h"
- #include "hw/ssi/ssi.h"
- #include "hw/boards.h"
---
-.20.1

-[Qemu-devel] [PULL 07/12] hw/intc/arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
+Deleted patch
-In ich_vmcr_write() we enforce "writes of BPR fields to less than
-their minimum sets them to the minimum" by doing a "read vbpr and
-write it back" operation.  A typo here meant that we weren't handling
-writes to these fields correctly, because we were reading from VBPR0
-but writing to VBPR1.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190520162809.2677-4-peter.maydell@linaro.org
----
- hw/intc/arm_gicv3_cpuif.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_cpuif.c
-+++ b/hw/intc/arm_gicv3_cpuif.c
-@@ -XXX,XX +XXX,XX @@ static void ich_vmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     /* Enforce "writing BPRs to less than minimum sets them to the minimum"
-      * by reading and writing back the fields.
-      */
--    write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G0));
-+    write_vbpr(cs, GICV3_G0, read_vbpr(cs, GICV3_G0));
-     write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G1));
-     gicv3_cpuif_virt_update(cs);
---
-.20.1

-[Qemu-devel] [PULL 11/12] hw/arm/exynos4210: Add DMA support for the Exynos4210
+[PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
 From: Guenter Roeck <linux@roeck-us.net>
-QEMU already supports pl330. Instantiate it for Exynos4210.
+The i.MX USB Phy driver does not check register ranges, resulting in out of
 bounds accesses if an attempt is made to access non-existing PHY registers.
 Add range check and conditionally report bad accesses to fix the problem.
-Relevant part of Linux arch/arm/boot/dts/exynos4.dtsi:
+While at it, also conditionally log attempted writes to non-existing or
 read-only registers.
-/ {
+Reported-by: Qiang Liu <cyruscyliu@gmail.com>
     soc: soc {
         amba {
             pdma0: pdma@12680000 {
                 compatible = "arm,pl330", "arm,primecell";
                 reg = <0x12680000 0x1000>;
                 interrupts = <GIC_SPI 35 IRQ_TYPE_LEVEL_HIGH>;
                 clocks = <&clock CLK_PDMA0>;
                 clock-names = "apb_pclk";
                 #dma-cells = <1>;
                 #dma-channels = <8>;
                 #dma-requests = <32>;
             };
             pdma1: pdma@12690000 {
                 compatible = "arm,pl330", "arm,primecell";
                 reg = <0x12690000 0x1000>;
                 interrupts = <GIC_SPI 36 IRQ_TYPE_LEVEL_HIGH>;
                 clocks = <&clock CLK_PDMA1>;
                 clock-names = "apb_pclk";
                 #dma-cells = <1>;
                 #dma-channels = <8>;
                 #dma-requests = <32>;
             };
             mdma1: mdma@12850000 {
                 compatible = "arm,pl330", "arm,primecell";
                 reg = <0x12850000 0x1000>;
                 interrupts = <GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>;
                 clocks = <&clock CLK_MDMA>;
                 clock-names = "apb_pclk";
                 #dma-cells = <1>;
                 #dma-channels = <8>;
                 #dma-requests = <1>;
             };
         };
     };
 };
 Signed-off-by: Guenter Roeck <linux@roeck-us.net>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Qiang Liu <cyruscyliu@gmail.com>
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Message-id: 20230316234926.208874-1-linux@roeck-us.net
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Fixes: 0701a5efa015 ("hw/usb: Add basic i.MX USB Phy support")
-Message-id: 20190520214342.13709-4-philmd@redhat.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
 [PMD: Do not set default qdev properties, create the controllers in the SoC
       rather than the board (Peter Maydell), add dtsi in commit message]
 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/arm/exynos4210.c | 26 ++++++++++++++++++++++++++
+ hw/usb/imx-usb-phy.c | 19 +++++++++++++++++--
-file changed, 26 insertions(+)
+file changed, 17 insertions(+), 2 deletions(-)
-diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
+diff --git a/hw/usb/imx-usb-phy.c b/hw/usb/imx-usb-phy.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/exynos4210.c
+--- a/hw/usb/imx-usb-phy.c
-+++ b/hw/arm/exynos4210.c
++++ b/hw/usb/imx-usb-phy.c
 @@ -XXX,XX +XXX,XX @@
- /* EHCI */
+ #include "qemu/osdep.h"
- #define EXYNOS4210_EHCI_BASE_ADDR           0x12580000
+ #include "hw/usb/imx-usb-phy.h"
+ #include "migration/vmstate.h"
-+/* DMA */
++#include "qemu/log.h"
-+#define EXYNOS4210_PL330_BASE0_ADDR         0x12680000
+ #include "qemu/module.h"
-+#define EXYNOS4210_PL330_BASE1_ADDR         0x12690000
-+#define EXYNOS4210_PL330_BASE2_ADDR         0x12850000
+ static const VMStateDescription vmstate_imx_usbphy = {
-+
+@@ -XXX,XX +XXX,XX @@ static uint64_t imx_usbphy_read(void *opaque, hwaddr offset, unsigned size)
- static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
+         value = s->usbphy[index - 3];
-x09, 0x00, 0x00, 0x00 };
+         break;
+     default:
-@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_calc_affinity(int cpu)
+-        value = s->usbphy[index];
-     return (0x9 << ARM_AFF1_SHIFT) | cpu;
++        if (index < USBPHY_MAX) {
- }
++            value = s->usbphy[index];
++        } else {
-+static void pl330_create(uint32_t base, qemu_irq irq, int nreq)
++            qemu_log_mask(LOG_GUEST_ERROR,
-+{
++                          "%s: Read from non-existing USB PHY register 0x%"
-+    SysBusDevice *busdev;
++                          HWADDR_PRIx "\n",
-+    DeviceState *dev;
++                          __func__, offset);
-+
++            value = 0;
-+    dev = qdev_create(NULL, "pl330");
++        }
-+    qdev_prop_set_uint8(dev, "num_periph_req",  nreq);
+         break;
-+    qdev_init_nofail(dev);
+     }
-+    busdev = SYS_BUS_DEVICE(dev);
+     return (uint64_t)value;
-+    sysbus_mmio_map(busdev, 0, base);
+@@ -XXX,XX +XXX,XX @@ static void imx_usbphy_write(void *opaque, hwaddr offset, uint64_t value,
-+    sysbus_connect_irq(busdev, 0, irq);
+         s->usbphy[index - 3] ^= value;
-+}
+         break;
-+
+     default:
- Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
+-        /* Other registers are read-only */
- {
++        /* Other registers are read-only or do not exist */
-     Exynos4210State *s = g_new0(Exynos4210State, 1);
++        qemu_log_mask(LOG_GUEST_ERROR,
-@@ -XXX,XX +XXX,XX @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
++                      "%s: Write to %s USB PHY register 0x%"
-     sysbus_create_simple(TYPE_EXYNOS4210_EHCI, EXYNOS4210_EHCI_BASE_ADDR,
++                      HWADDR_PRIx "\n",
-             s->irq_table[exynos4210_get_irq(28, 3)]);
++                      __func__,
++                      index >= USBPHY_MAX ? "non-existing" : "read-only",
-+    /*** DMA controllers ***/
++                      offset);
-+    pl330_create(EXYNOS4210_PL330_BASE0_ADDR,
+         break;
-+                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(35, 1)]), 32);
+     }
 +    pl330_create(EXYNOS4210_PL330_BASE1_ADDR,
 +                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
 +    pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
 +                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
 +
      return s;
  }
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 09/12] hw/arm/exynos4: Remove unuseful debug code
+[PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
+The markup for the Arm CPU feature documentation is incorrect,
 and results in the HTML not rendering correctly -- the first
 line of each description is rendered in boldface as if it
 were part of the option name.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reformat to match the styling used in cpu-models-x86.rst.inc.
-Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-Message-id: 20190520214342.13709-2-philmd@redhat.com
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1479
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230316105808.1414003-1-peter.maydell@linaro.org
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
 ---
- hw/arm/exynos4_boards.c | 24 ------------------------
+ docs/system/arm/cpu-features.rst | 68 ++++++++++++++------------------
-file changed, 24 deletions(-)
+file changed, 30 insertions(+), 38 deletions(-)
-diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
+diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/exynos4_boards.c
+--- a/docs/system/arm/cpu-features.rst
-+++ b/hw/arm/exynos4_boards.c
++++ b/docs/system/arm/cpu-features.rst
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ are named with the prefix "kvm-".  KVM VCPU features may be probed,
- #include "hw/net/lan9118.h"
+ enabled, and disabled in the same way as other CPU features.  Below is
- #include "hw/boards.h"
+ the list of KVM VCPU features and their descriptions.
--#undef DEBUG
+-  kvm-no-adjvtime          By default kvm-no-adjvtime is disabled.  This
--
+-                           means that by default the virtual time
--//#define DEBUG
+-                           adjustment is enabled (vtime is not *not*
--
+-                           adjusted).
--#ifdef DEBUG
++``kvm-no-adjvtime``
--    #undef PRINT_DEBUG
++  By default kvm-no-adjvtime is disabled.  This means that by default
--    #define  PRINT_DEBUG(fmt, args...) \
++  the virtual time adjustment is enabled (vtime is not *not* adjusted).
--        do { \
--            fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
+-                           When virtual time adjustment is enabled each
--        } while (0)
+-                           time the VM transitions back to running state
--#else
+-                           the VCPU's virtual counter is updated to ensure
--    #define  PRINT_DEBUG(fmt, args...)  do {} while (0)
+-                           stopped time is not counted.  This avoids time
--#endif
+-                           jumps surprising guest OSes and applications,
--
+-                           as long as they use the virtual counter for
- #define SMDK_LAN9118_BASE_ADDR      0x05000000
+-                           timekeeping.  However it has the side effect of
+-                           the virtual and physical counters diverging.
- typedef enum Exynos4BoardType {
+-                           All timekeeping based on the virtual counter
-@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,
+-                           will appear to lag behind any timekeeping that
-     exynos4_board_binfo.gic_cpu_if_addr =
+-                           does not subtract VM stopped time.  The guest
-             EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
+-                           may resynchronize its virtual counter with
+-                           other time sources as needed.
--    PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
++  When virtual time adjustment is enabled each time the VM transitions
--            " kernel_filename: %s\n"
++  back to running state the VCPU's virtual counter is updated to
--            " kernel_cmdline: %s\n"
++  ensure stopped time is not counted.  This avoids time jumps
--            " initrd_filename: %s\n",
++  surprising guest OSes and applications, as long as they use the
--            exynos4_board_ram_size[board_type] / 1048576,
++  virtual counter for timekeeping.  However it has the side effect of
--            exynos4_board_ram_size[board_type],
++  the virtual and physical counters diverging.  All timekeeping based
--            machine->kernel_filename,
++  on the virtual counter will appear to lag behind any timekeeping
--            machine->kernel_cmdline,
++  that does not subtract VM stopped time.  The guest may resynchronize
--            machine->initrd_filename);
++  its virtual counter with other time sources as needed.
--
-     exynos4_boards_init_ram(s, get_system_memory(),
+-                           Enable kvm-no-adjvtime to disable virtual time
-                             exynos4_board_ram_size[board_type]);
+-                           adjustment, also restoring the legacy (pre-5.0)
+-                           behavior.
 +  Enable kvm-no-adjvtime to disable virtual time adjustment, also
 +  restoring the legacy (pre-5.0) behavior.
 -  kvm-steal-time           Since v5.2, kvm-steal-time is enabled by
 -                           default when KVM is enabled, the feature is
 -                           supported, and the guest is 64-bit.
 +``kvm-steal-time``
 +  Since v5.2, kvm-steal-time is enabled by default when KVM is
 +  enabled, the feature is supported, and the guest is 64-bit.
 -                           When kvm-steal-time is enabled a 64-bit guest
 -                           can account for time its CPUs were not running
 -                           due to the host not scheduling the corresponding
 -                           VCPU threads.  The accounting statistics may
 -                           influence the guest scheduler behavior and/or be
 -                           exposed to the guest userspace.
 +  When kvm-steal-time is enabled a 64-bit guest can account for time
 +  its CPUs were not running due to the host not scheduling the
 +  corresponding VCPU threads.  The accounting statistics may influence
 +  the guest scheduler behavior and/or be exposed to the guest
 +  userspace.
  TCG VCPU Features
  =================
@@ -XXX,XX +XXX,XX @@ TCG VCPU Features
  TCG VCPU features are CPU features that are specific to TCG.
  Below is the list of TCG VCPU features and their descriptions.
 -  pauth-impdef             When ``FEAT_Pauth`` is enabled, either the
 -                           *impdef* (Implementation Defined) algorithm
 -                           is enabled or the *architected* QARMA algorithm
 -                           is enabled.  By default the impdef algorithm
 -                           is disabled, and QARMA is enabled.
 +``pauth-impdef``
 +  When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
 +  Defined) algorithm is enabled or the *architected* QARMA algorithm
 +  is enabled.  By default the impdef algorithm is disabled, and QARMA
 +  is enabled.
 -                           The architected QARMA algorithm has good
 -                           cryptographic properties, but can be quite slow
 -                           to emulate.  The impdef algorithm used by QEMU
 -                           is non-cryptographic but significantly faster.
 +  The architected QARMA algorithm has good cryptographic properties,
 +  but can be quite slow to emulate.  The impdef algorithm used by QEMU
 +  is non-cryptographic but significantly faster.
  SVE CPU Properties
  ==================
 --
-.20.1
+.34.1

-[Qemu-devel] [PULL 08/12] hw/intc/arm_gicv3: Fix writes to ICC_CTLR_EL3
+[PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb
-The ICC_CTLR_EL3 register includes some bits which are aliases
+Unfortunately a bug in older versions of gdb means that they will
-of bits in the ICC_CTLR_EL1(S) and (NS) registers. QEMU chooses
+crash if QEMU sends them the aarch64-pauth.xml.  This bug is fixed in
-to keep those bits in the cs->icc_ctlr_el1[] struct fields.
+gdb commit 1ba3a3222039eb25, and there are plans to backport that to
-Unfortunately a missing '~' in the code to update the bits
+affected gdb release branches, but since the bug affects gdb 9
-in those fields meant that writing to ICC_CTLR_EL3 would corrupt
+through 12 it is very widely deployed (for instance by distros).
-the ICC_CLTR_EL1 register values.
 It is not currently clear what the best way to deal with this is; it
 has been proposed to define a new XML feature name that old gdb will
 ignore but newer gdb can handle.  Since QEMU's 8.0 release is
 imminent and at least one of our CI runners is now falling over this,
 disable the pauth XML for the moment.  We can follow up with a more
 considered fix either in time for 8.0 or else for the 8.1 release.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190520162809.2677-5-peter.maydell@linaro.org
 ---
- hw/intc/arm_gicv3_cpuif.c | 4 ++--
+ target/arm/gdbstub.c | 7 +++++++
-file changed, 2 insertions(+), 2 deletions(-)
+file changed, 7 insertions(+)
-diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
+diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_cpuif.c
+--- a/target/arm/gdbstub.c
-+++ b/hw/intc/arm_gicv3_cpuif.c
++++ b/target/arm/gdbstub.c
-@@ -XXX,XX +XXX,XX @@ static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
+@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
-     trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value);
+                                      aarch64_gdb_set_fpu_reg,
+, "aarch64-fpu.xml", 0);
-     /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */
+         }
--    cs->icc_ctlr_el1[GICV3_NS] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
++#if 0
-+    cs->icc_ctlr_el1[GICV3_NS] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
++        /*
-     if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) {
++         * GDB versions 9 through 12 have a bug which means they will
-         cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE;
++         * crash if they see this XML from QEMU; disable it for the 8.0
-     }
++         * release, pending a better solution.
-@@ -XXX,XX +XXX,XX @@ static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
++         */
-         cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR;
+         if (isar_feature_aa64_pauth(&cpu->isar)) {
-     }
+             gdb_register_coprocessor(cs, aarch64_gdb_get_pauth_reg,
+                                      aarch64_gdb_set_pauth_reg,
--    cs->icc_ctlr_el1[GICV3_S] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
+, "aarch64-pauth.xml", 0);
-+    cs->icc_ctlr_el1[GICV3_S] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
+         }
-     if (value & ICC_CTLR_EL3_EOIMODE_EL1S) {
++#endif
-         cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE;
+ #endif
-     }
+     } else {
          if (arm_feature(env, ARM_FEATURE_NEON)) {
 --
-.20.1
+.34.1

Not very much here, but several people have fallen over
the vector operation segfault bug, so let's get the fix
into master.

thanks
-- PMM

The following changes since commit d418238dca7b4e0b124135827ead3076233052b1:

Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging (2019-05-23 12:57:17 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190523

for you to fetch changes up to 98e4f4fdb8ea05d840f51f47125924c2bb9df2df:

hw/arm/exynos4210: QOM'ify the Exynos4210 SoC (2019-05-23 14:47:44 +0100)

----------------------------------------------------------------
target-arm queue:
 * exynos4210: QOM'ify the Exynos4210 SoC
 * exynos4210: Add DMA support for the Exynos4210
 * arm_gicv3: Fix writes to ICC_CTLR_EL3
 * arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
 * target/arm: Fix vector operation segfault
 * target/arm: Minor improvements to BFXIL, EXTR

----------------------------------------------------------------
Alistair Francis (1):
      target/arm: Fix vector operation segfault

Guenter Roeck (1):
      hw/arm/exynos4210: Add DMA support for the Exynos4210

Peter Maydell (5):
      arm: Move system_clock_scale to armv7m_systick.h
      arm: Remove unnecessary includes of hw/arm/arm.h
      arm: Rename hw/arm/arm.h to hw/arm/boot.h
      hw/intc/arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
      hw/intc/arm_gicv3: Fix writes to ICC_CTLR_EL3

Philippe Mathieu-Daudé (3):
      hw/arm/exynos4: Remove unuseful debug code
      hw/arm/exynos4: Use the IEC binary prefix definitions
      hw/arm/exynos4210: QOM'ify the Exynos4210 SoC

Richard Henderson (2):
      target/arm: Use extract2 for EXTR
      target/arm: Simplify BFXIL expansion

include/hw/arm/allwinner-a10.h    |  2 +-
 include/hw/arm/aspeed_soc.h       |  1 -
 include/hw/arm/bcm2836.h          |  1 -
 include/hw/arm/{arm.h => boot.h}  | 12 +++------
 include/hw/arm/exynos4210.h       |  9 +++++--
 include/hw/arm/fsl-imx25.h        |  2 +-
 include/hw/arm/fsl-imx31.h        |  2 +-
 include/hw/arm/fsl-imx6.h         |  2 +-
 include/hw/arm/fsl-imx6ul.h       |  2 +-
 include/hw/arm/fsl-imx7.h         |  2 +-
 include/hw/arm/virt.h             |  2 +-
 include/hw/arm/xlnx-versal.h      |  2 +-
 include/hw/arm/xlnx-zynqmp.h      |  2 +-
 include/hw/timer/armv7m_systick.h | 22 ++++++++++++++++
 hw/arm/armsse.c                   |  2 +-
 hw/arm/armv7m.c                   |  2 +-
 hw/arm/aspeed.c                   |  2 +-
 hw/arm/boot.c                     |  2 +-
 hw/arm/collie.c                   |  2 +-
 hw/arm/exynos4210.c               | 54 ++++++++++++++++++++++++++++++++++++---
 hw/arm/exynos4_boards.c           | 40 ++++++++---------------------
 hw/arm/highbank.c                 |  2 +-
 hw/arm/integratorcp.c             |  2 +-
 hw/arm/mainstone.c                |  2 +-
 hw/arm/microbit.c                 |  2 +-
 hw/arm/mps2-tz.c                  |  2 +-
 hw/arm/mps2.c                     |  2 +-
 hw/arm/msf2-soc.c                 |  1 -
 hw/arm/msf2-som.c                 |  2 +-
 hw/arm/musca.c                    |  2 +-
 hw/arm/musicpal.c                 |  2 +-
 hw/arm/netduino2.c                |  2 +-
 hw/arm/nrf51_soc.c                |  2 +-
 hw/arm/nseries.c                  |  2 +-
 hw/arm/omap1.c                    |  2 +-
 hw/arm/omap2.c                    |  2 +-
 hw/arm/omap_sx1.c                 |  2 +-
 hw/arm/palm.c                     |  2 +-
 hw/arm/raspi.c                    |  2 +-
 hw/arm/realview.c                 |  2 +-
 hw/arm/spitz.c                    |  2 +-
 hw/arm/stellaris.c                |  2 +-
 hw/arm/stm32f205_soc.c            |  2 +-
 hw/arm/strongarm.c                |  2 +-
 hw/arm/tosa.c                     |  2 +-
 hw/arm/versatilepb.c              |  2 +-
 hw/arm/vexpress.c                 |  2 +-
 hw/arm/virt.c                     |  2 +-
 hw/arm/xilinx_zynq.c              |  2 +-
 hw/arm/xlnx-versal.c              |  2 +-
 hw/arm/z2.c                       |  2 +-
 hw/intc/arm_gicv3_cpuif.c         |  6 ++---
 hw/intc/armv7m_nvic.c             |  1 -
 target/arm/arm-semi.c             |  1 -
 target/arm/cpu.c                  |  1 -
 target/arm/cpu64.c                |  1 -
 target/arm/kvm.c                  |  1 -
 target/arm/kvm32.c                |  1 -
 target/arm/kvm64.c                |  1 -
 target/arm/translate-a64.c        | 44 ++++++++++++++++---------------
 target/arm/translate.c            |  4 +--
 61 files changed, 164 insertions(+), 123 deletions(-)
 rename include/hw/arm/{arm.h => boot.h} (96%)

From: Richard Henderson <richard.henderson@linaro.org>

This is, after all, how we implement extract2 in tcg/aarch64.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190514011129.11330-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 38 ++++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_extract(DisasContext *s, uint32_t insn)
             } else {
                 tcg_gen_ext32u_i64(tcg_rd, cpu_reg(s, rm));
             }
-        } else if (rm == rn) { /* ROR */
-            tcg_rm = cpu_reg(s, rm);
-            if (sf) {
-                tcg_gen_rotri_i64(tcg_rd, tcg_rm, imm);
-            } else {
-                TCGv_i32 tmp = tcg_temp_new_i32();
-                tcg_gen_extrl_i64_i32(tmp, tcg_rm);
-                tcg_gen_rotri_i32(tmp, tmp, imm);
-                tcg_gen_extu_i32_i64(tcg_rd, tmp);
-                tcg_temp_free_i32(tmp);
-            }
         } else {
-            tcg_rm = read_cpu_reg(s, rm, sf);
-            tcg_rn = read_cpu_reg(s, rn, sf);
-            tcg_gen_shri_i64(tcg_rm, tcg_rm, imm);
-            tcg_gen_shli_i64(tcg_rn, tcg_rn, bitsize - imm);
-            tcg_gen_or_i64(tcg_rd, tcg_rm, tcg_rn);
-            if (!sf) {
-                tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
+            tcg_rm = cpu_reg(s, rm);
+            tcg_rn = cpu_reg(s, rn);
+
+            if (sf) {
+                /* Specialization to ROR happens in EXTRACT2.  */
+                tcg_gen_extract2_i64(tcg_rd, tcg_rm, tcg_rn, imm);
+            } else {
+                TCGv_i32 t0 = tcg_temp_new_i32();
+
+                tcg_gen_extrl_i64_i32(t0, tcg_rm);
+                if (rm == rn) {
+                    tcg_gen_rotri_i32(t0, t0, imm);
+                } else {
+                    TCGv_i32 t1 = tcg_temp_new_i32();
+                    tcg_gen_extrl_i64_i32(t1, tcg_rn);
+                    tcg_gen_extract2_i32(t0, t0, t1, imm);
+                    tcg_temp_free_i32(t1);
+                }
+                tcg_gen_extu_i32_i64(tcg_rd, t0);
+                tcg_temp_free_i32(t0);
             }
         }
     }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The mask implied by the extract is redundant with the one
implied by the deposit.  Also, fix spelling of BFXIL.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190514011129.11330-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

From: Alistair Francis <alistair.francis@wdc.com>

Commit 89e68b575 "target/arm: Use vector operations for saturation"
causes this abort() when booting QEMU ARM with a Cortex-A15:

0  0x00007ffff4c2382f in raise () at /usr/lib/libc.so.6
1  0x00007ffff4c0e672 in abort () at /usr/lib/libc.so.6
2  0x00005555559c1839 in disas_neon_data_insn (insn=<optimized out>, s=<optimized out>) at ./target/arm/translate.c:6673
3  0x00005555559c1839 in disas_neon_data_insn (s=<optimized out>, insn=<optimized out>) at ./target/arm/translate.c:6386
4  0x00005555559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at ./target/arm/translate.c:9289
5  0x00005555559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, cpu=<optimized out>) at ./target/arm/translate.c:13612
6  0x00005555558d1d39 in translator_loop (ops=0x5555561cc580 <arm_translator_ops>, db=0x7fffe59a9510, cpu=0x55555686a2f0, tb=<optimized out>, max_insns=<optimized out>) at ./accel/tcg/translator.c:96
7  0x00005555559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x55555686a2f0, tb=tb@entry=0x7fffd7840080 <code_gen_buffer+126091347>, max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
8  0x00005555558d06b9 in tb_gen_code (cpu=cpu@entry=0x55555686a2f0, pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at ./accel/tcg/translate-all.c:1736
9  0x00005555558ce467 in tb_find (cf_mask=524288, tb_exit=1, last_tb=0x7fffd783e640 <code_gen_buffer+126084627>, cpu=0x1) at ./accel/tcg/cpu-exec.c:407
10 0x00005555558ce467 in cpu_exec (cpu=cpu@entry=0x55555686a2f0) at ./accel/tcg/cpu-exec.c:728
11 0x000055555588b0cf in tcg_cpu_exec (cpu=0x55555686a2f0) at ./cpus.c:1431
12 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=0x55555686a2f0) at ./cpus.c:1735
13 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55555686a2f0) at ./cpus.c:1709
14 0x0000555555d2629a in qemu_thread_start (args=<optimized out>) at ./util/qemu-thread-posix.c:502
15 0x00007ffff4db8a92 in start_thread () at /usr/lib/libpthread.

This patch ensures that we don't hit the abort() in the second switch
case in disas_neon_data_insn() as we will return from the first case.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: ad91b397f360b2fc7f4087e476f7df5b04d42ddb.1558021877.git.alistair.francis@wdc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
             tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
                            rn_ofs, rm_ofs, vec_size, vec_size,
                            (u ? uqadd_op : sqadd_op) + size);
-            break;
+            return 0;
 
         case NEON_3R_VQSUB:
             tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
                            rn_ofs, rm_ofs, vec_size, vec_size,
                            (u ? uqsub_op : sqsub_op) + size);
-            break;
+            return 0;
 
         case NEON_3R_VMUL: /* VMUL */
             if (u) {
-- 
2.20.1

The system_clock_scale global is used only by the armv7m systick
device; move the extern declaration to the armv7m_systick.h header,
and expand the comment to explain what it is and that it should
ideally be replaced with a different approach.

diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -XXX,XX +XXX,XX @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
                                             const struct arm_boot_info *info,
                                             hwaddr mvbar_addr);
 
-/* Multiplication factor to convert from system clock ticks to qemu timer
-   ticks.  */
-extern int system_clock_scale;
-
 #endif /* HW_ARM_H */
diff --git a/include/hw/timer/armv7m_systick.h b/include/hw/timer/armv7m_systick.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/timer/armv7m_systick.h
+++ b/include/hw/timer/armv7m_systick.h
@@ -XXX,XX +XXX,XX @@ typedef struct SysTickState {
     qemu_irq irq;
 } SysTickState;
 
+/*
+ * Multiplication factor to convert from system clock ticks to qemu timer
+ * ticks. This should be set (by board code, usually) to a value
+ * equal to NANOSECONDS_PER_SECOND / frq, where frq is the clock frequency
+ * in Hz of the CPU.
+ *
+ * This value is used by the systick device when it is running in
+ * its "use the CPU clock" mode (ie when SYST_CSR.CLKSOURCE == 1) to
+ * set how fast the timer should tick.
+ *
+ * TODO: we should refactor this so that rather than using a global
+ * we use a device property or something similar. This is complicated
+ * because (a) the property would need to be plumbed through from the
+ * board code down through various layers to the systick device
+ * and (b) the property needs to be modifiable after realize, because
+ * the stellaris board uses this to implement the behaviour where the
+ * guest can reprogram the PLL registers to downclock the CPU, and the
+ * systick device needs to react accordingly. Possibly this should
+ * be deferred until we have a good API for modelling clock trees.
+ */
+extern int system_clock_scale;
+
 #endif
-- 
2.20.1

The hw/arm/arm.h header now only includes declarations relating
to boot.c code, so it is only needed by Arm board or SoC code.
Remove some unnecessary inclusions of it from target/arm files
and from hw/intc/armv7m_nvic.c.

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -XXX,XX +XXX,XX @@
 #include "cpu.h"
 #include "hw/sysbus.h"
 #include "qemu/timer.h"
-#include "hw/arm/arm.h"
 #include "hw/intc/armv7m_nvic.h"
 #include "target/arm/cpu.h"
 #include "exec/exec-all.h"
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/arm-semi.c
+++ b/target/arm/arm-semi.c
@@ -XXX,XX +XXX,XX @@
 #else
 #include "qemu-common.h"
 #include "exec/gdbstub.h"
-#include "hw/arm/arm.h"
 #include "qemu/cutils.h"
 #endif
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/loader.h"
 #endif
-#include "hw/arm/arm.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/hw_accel.h"
 #include "kvm_arm.h"
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/loader.h"
 #endif
-#include "hw/arm/arm.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@
 #include "cpu.h"
 #include "trace.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 #include "hw/pci/pci.h"
 #include "exec/memattrs.h"
 #include "exec/address-spaces.h"
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 #include "qemu/log.h"
 
 static inline void set_feature(uint64_t *features, int feature)
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 
 static bool have_guest_debug;
 
-- 
2.20.1

The header file hw/arm/arm.h now includes only declarations
relating to hw/arm/boot.c functionality. Rename it accordingly,
and adjust its header comment.

The bulk of this commit was created via
 perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h

In a few cases we can just delete the #include:
hw/arm/msf2-soc.c, include/hw/arm/aspeed_soc.h and
include/hw/arm/bcm2836.h did not require it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190516163857.6430-4-peter.maydell@linaro.org
---
 include/hw/arm/allwinner-a10.h   | 2 +-
 include/hw/arm/aspeed_soc.h      | 1 -
 include/hw/arm/bcm2836.h         | 1 -
 include/hw/arm/{arm.h => boot.h} | 8 ++++----
 include/hw/arm/fsl-imx25.h       | 2 +-
 include/hw/arm/fsl-imx31.h       | 2 +-
 include/hw/arm/fsl-imx6.h        | 2 +-
 include/hw/arm/fsl-imx6ul.h      | 2 +-
 include/hw/arm/fsl-imx7.h        | 2 +-
 include/hw/arm/virt.h            | 2 +-
 include/hw/arm/xlnx-versal.h     | 2 +-
 include/hw/arm/xlnx-zynqmp.h     | 2 +-
 hw/arm/armsse.c                  | 2 +-
 hw/arm/armv7m.c                  | 2 +-
 hw/arm/aspeed.c                  | 2 +-
 hw/arm/boot.c                    | 2 +-
 hw/arm/collie.c                  | 2 +-
 hw/arm/exynos4210.c              | 2 +-
 hw/arm/exynos4_boards.c          | 2 +-
 hw/arm/highbank.c                | 2 +-
 hw/arm/integratorcp.c            | 2 +-
 hw/arm/mainstone.c               | 2 +-
 hw/arm/microbit.c                | 2 +-
 hw/arm/mps2-tz.c                 | 2 +-
 hw/arm/mps2.c                    | 2 +-
 hw/arm/msf2-soc.c                | 1 -
 hw/arm/msf2-som.c                | 2 +-
 hw/arm/musca.c                   | 2 +-
 hw/arm/musicpal.c                | 2 +-
 hw/arm/netduino2.c               | 2 +-
 hw/arm/nrf51_soc.c               | 2 +-
 hw/arm/nseries.c                 | 2 +-
 hw/arm/omap1.c                   | 2 +-
 hw/arm/omap2.c                   | 2 +-
 hw/arm/omap_sx1.c                | 2 +-
 hw/arm/palm.c                    | 2 +-
 hw/arm/raspi.c                   | 2 +-
 hw/arm/realview.c                | 2 +-
 hw/arm/spitz.c                   | 2 +-
 hw/arm/stellaris.c               | 2 +-
 hw/arm/stm32f205_soc.c           | 2 +-
 hw/arm/strongarm.c               | 2 +-
 hw/arm/tosa.c                    | 2 +-
 hw/arm/versatilepb.c             | 2 +-
 hw/arm/vexpress.c                | 2 +-
 hw/arm/virt.c                    | 2 +-
 hw/arm/xilinx_zynq.c             | 2 +-
 hw/arm/xlnx-versal.c             | 2 +-
 hw/arm/z2.c                      | 2 +-
 49 files changed, 49 insertions(+), 52 deletions(-)
 rename include/hw/arm/{arm.h => boot.h} (98%)

diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "qemu/error-report.h"
 #include "hw/char/serial.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/allwinner-a10-pic.h"
 #include "hw/net/allwinner_emac.h"
diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -XXX,XX +XXX,XX @@
 #ifndef ASPEED_SOC_H
 #define ASPEED_SOC_H
 
-#include "hw/arm/arm.h"
 #include "hw/intc/aspeed_vic.h"
 #include "hw/misc/aspeed_scu.h"
 #include "hw/misc/aspeed_sdmc.h"
diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -XXX,XX +XXX,XX @@
 #ifndef BCM2836_H
 #define BCM2836_H
 
-#include "hw/arm/arm.h"
 #include "hw/arm/bcm2835_peripherals.h"
 #include "hw/intc/bcm2836_control.h"
 
diff --git a/include/hw/arm/arm.h b/include/hw/arm/boot.h
similarity index 98%
rename from include/hw/arm/arm.h
rename to include/hw/arm/boot.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/boot.h
@@ -XXX,XX +XXX,XX @@
 /*
- * Misc ARM declarations
+ * ARM kernel loader.
  *
  * Copyright (c) 2006 CodeSourcery.
  * Written by Paul Brook
@@ -XXX,XX +XXX,XX @@
  *
  */
 
-#ifndef HW_ARM_H
-#define HW_ARM_H
+#ifndef HW_ARM_BOOT_H
+#define HW_ARM_BOOT_H
 
 #include "exec/memory.h"
 #include "target/arm/cpu-qom.h"
@@ -XXX,XX +XXX,XX @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
                                             const struct arm_boot_info *info,
                                             hwaddr mvbar_addr);
 
-#endif /* HW_ARM_H */
+#endif /* HW_ARM_BOOT_H */
diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx25.h
+++ b/include/hw/arm/fsl-imx25.h
@@ -XXX,XX +XXX,XX @@
 #ifndef FSL_IMX25_H
 #define FSL_IMX25_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/imx_avic.h"
 #include "hw/misc/imx25_ccm.h"
 #include "hw/char/imx_serial.h"
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx31.h
+++ b/include/hw/arm/fsl-imx31.h
@@ -XXX,XX +XXX,XX @@
 #ifndef FSL_IMX31_H
 #define FSL_IMX31_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/imx_avic.h"
 #include "hw/misc/imx31_ccm.h"
 #include "hw/char/imx_serial.h"
diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx6.h
+++ b/include/hw/arm/fsl-imx6.h
@@ -XXX,XX +XXX,XX @@
 #ifndef FSL_IMX6_H
 #define FSL_IMX6_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/cpu/a9mpcore.h"
 #include "hw/misc/imx6_ccm.h"
 #include "hw/misc/imx6_src.h"
diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx6ul.h
+++ b/include/hw/arm/fsl-imx6ul.h
@@ -XXX,XX +XXX,XX @@
 #ifndef FSL_IMX6UL_H
 #define FSL_IMX6UL_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/cpu/a15mpcore.h"
 #include "hw/misc/imx6ul_ccm.h"
 #include "hw/misc/imx6_src.h"
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx7.h
+++ b/include/hw/arm/fsl-imx7.h
@@ -XXX,XX +XXX,XX @@
 #ifndef FSL_IMX7_H
 #define FSL_IMX7_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/cpu/a15mpcore.h"
 #include "hw/intc/imx_gpcv2.h"
 #include "hw/misc/imx7_ccm.h"
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -XXX,XX +XXX,XX @@
 #include "exec/hwaddr.h"
 #include "qemu/notify.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/block/flash.h"
 #include "sysemu/kvm.h"
 #include "hw/intc/arm_gicv3_common.h"
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/xlnx-versal.h
+++ b/include/hw/arm/xlnx-versal.h
@@ -XXX,XX +XXX,XX @@
 #define XLNX_VERSAL_H
 
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/arm_gicv3.h"
 
 #define TYPE_XLNX_VERSAL "xlnx-versal"
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -XXX,XX +XXX,XX @@
 #ifndef XLNX_ZYNQMP_H
 
 #include "qemu-common.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/arm_gic.h"
 #include "hw/net/cadence_gem.h"
 #include "hw/char/cadence_uart.h"
diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/armsse.c
+++ b/hw/arm/armsse.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/sysbus.h"
 #include "hw/registerfields.h"
 #include "hw/arm/armsse.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 
 /* Format of the System Information block SYS_CONFIG register */
 typedef enum SysConfigFormat {
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/loader.h"
 #include "elf.h"
 #include "sysemu/qtest.h"
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "exec/address-spaces.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/aspeed.h"
 #include "hw/arm/aspeed_soc.h"
 #include "hw/boards.h"
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include <libfdt.h>
 #include "hw/hw.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/linux-boot-if.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/sysbus.h"
 #include "hw/boards.h"
 #include "strongarm.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/block/flash.h"
 #include "exec/address-spaces.h"
 #include "cpu.h"
diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/boards.h"
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/loader.h"
 #include "hw/arm/exynos4210.h"
 #include "hw/sd/sdhci.h"
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
 #include "net/net.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "exec/address-spaces.h"
 #include "hw/arm/exynos4210.h"
 #include "hw/net/lan9118.h"
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/loader.h"
 #include "net/net.h"
 #include "sysemu/kvm.h"
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -XXX,XX +XXX,XX @@
 #include "cpu.h"
 #include "hw/sysbus.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/misc/arm_integrator_debug.h"
 #include "hw/net/smc91c111.h"
 #include "net/net.h"
diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mainstone.c
+++ b/hw/arm/mainstone.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/arm/pxa.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "net/net.h"
 #include "hw/net/smc91c111.h"
 #include "hw/boards.h"
diff --git a/hw/arm/microbit.c b/hw/arm/microbit.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/microbit.c
+++ b/hw/arm/microbit.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
 
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/armv7m.h"
 #include "hw/or-irq.h"
 #include "hw/boards.h"
diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mps2.c
+++ b/hw/arm/mps2.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/armv7m.h"
 #include "hw/or-irq.h"
 #include "hw/boards.h"
diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/msf2-soc.c
+++ b/hw/arm/msf2-soc.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
-#include "hw/arm/arm.h"
 #include "exec/address-spaces.h"
 #include "hw/char/serial.h"
 #include "hw/boards.h"
diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/msf2-som.c
+++ b/hw/arm/msf2-som.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "exec/address-spaces.h"
 #include "hw/arm/msf2-soc.h"
 #include "cpu.h"
diff --git a/hw/arm/musca.c b/hw/arm/musca.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/musca.c
+++ b/hw/arm/musca.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/armsse.h"
 #include "hw/boards.h"
 #include "hw/char/pl011.h"
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "net/net.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
diff --git a/hw/arm/netduino2.c b/hw/arm/netduino2.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/netduino2.c
+++ b/hw/arm/netduino2.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/boards.h"
 #include "qemu/error-report.h"
 #include "hw/arm/stm32f205_soc.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 
 static void netduino2_init(MachineState *machine)
 {
diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/sysbus.h"
 #include "hw/boards.h"
 #include "hw/misc/unimp.h"
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/bswap.h"
 #include "sysemu/sysemu.h"
 #include "hw/arm/omap.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/irq.h"
 #include "ui/console.h"
 #include "hw/boards.h"
diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -XXX,XX +XXX,XX @@
 #include "cpu.h"
 #include "hw/boards.h"
 #include "hw/hw.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/omap.h"
 #include "sysemu/sysemu.h"
 #include "hw/arm/soc_dma.h"
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/qtest.h"
 #include "hw/boards.h"
 #include "hw/hw.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/omap.h"
 #include "sysemu/sysemu.h"
 #include "qemu/timer.h"
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/omap_sx1.c
+++ b/hw/arm/omap_sx1.c
@@ -XXX,XX +XXX,XX @@
 #include "ui/console.h"
 #include "hw/arm/omap.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/block/flash.h"
 #include "sysemu/qtest.h"
 #include "exec/address-spaces.h"
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/palm.c
+++ b/hw/arm/palm.c
@@ -XXX,XX +XXX,XX @@
 #include "ui/console.h"
 #include "hw/arm/omap.h"
 #include "hw/boards.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/input/tsc2xxx.h"
 #include "hw/loader.h"
 #include "exec/address-spaces.h"
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/error-report.h"
 #include "hw/boards.h"
 #include "hw/loader.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "sysemu/sysemu.h"
 
 #define SMPBOOT_ADDR    0x300 /* this should leave enough space for ATAGS */
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/primecell.h"
 #include "hw/net/lan9118.h"
 #include "hw/net/smc91c111.h"
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/arm/pxa.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "sysemu/sysemu.h"
 #include "hw/pcmcia.h"
 #include "hw/i2c/i2c.h"
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "hw/sysbus.h"
 #include "hw/ssi/ssi.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "qemu/timer.h"
 #include "hw/i2c/i2c.h"
 #include "net/net.h"
diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/stm32f205_soc.c
+++ b/hw/arm/stm32f205_soc.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "exec/address-spaces.h"
 #include "hw/arm/stm32f205_soc.h"
 
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/sysbus.h"
 #include "strongarm.h"
 #include "qemu/error-report.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "chardev/char-fe.h"
 #include "chardev/char-serial.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/arm/pxa.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/sharpsl.h"
 #include "hw/pcmcia.h"
 #include "hw/boards.h"
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/net/smc91c111.h"
 #include "net/net.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/primecell.h"
 #include "hw/net/lan9118.h"
 #include "hw/i2c/i2c.h"
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/option.h"
 #include "qapi/error.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/primecell.h"
 #include "hw/arm/virt.h"
 #include "hw/block/flash.h"
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "net/net.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/xlnx-versal.c
+++ b/hw/arm/xlnx-versal.c
@@ -XXX,XX +XXX,XX @@
 #include "net/net.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "kvm_arm.h"
 #include "hw/misc/unimp.h"
 #include "hw/intc/arm_gicv3_common.h"
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/arm/pxa.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/i2c/i2c.h"
 #include "hw/ssi/ssi.h"
 #include "hw/boards.h"
-- 
2.20.1

In ich_vmcr_write() we enforce "writes of BPR fields to less than
their minimum sets them to the minimum" by doing a "read vbpr and
write it back" operation.  A typo here meant that we weren't handling
writes to these fields correctly, because we were reading from VBPR0
but writing to VBPR1.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520162809.2677-4-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_cpuif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

The ICC_CTLR_EL3 register includes some bits which are aliases
of bits in the ICC_CTLR_EL1(S) and (NS) registers. QEMU chooses
to keep those bits in the cs->icc_ctlr_el1[] struct fields.
Unfortunately a missing '~' in the code to update the bits
in those fields meant that writing to ICC_CTLR_EL3 would corrupt
the ICC_CLTR_EL1 register values.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520162809.2677-5-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_cpuif.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
     trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value);
 
     /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */
-    cs->icc_ctlr_el1[GICV3_NS] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
+    cs->icc_ctlr_el1[GICV3_NS] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
     if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) {
         cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE;
     }
@@ -XXX,XX +XXX,XX @@ static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
         cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR;
     }
 
-    cs->icc_ctlr_el1[GICV3_S] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
+    cs->icc_ctlr_el1[GICV3_S] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
     if (value & ICC_CTLR_EL3_EOIMODE_EL1S) {
         cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE;
     }
-- 
2.20.1

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4_boards.c | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/net/lan9118.h"
 #include "hw/boards.h"
 
-#undef DEBUG
-
-//#define DEBUG
-
-#ifdef DEBUG
-    #undef PRINT_DEBUG
-    #define  PRINT_DEBUG(fmt, args...) \
-        do { \
-            fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
-        } while (0)
-#else
-    #define  PRINT_DEBUG(fmt, args...)  do {} while (0)
-#endif
-
 #define SMDK_LAN9118_BASE_ADDR      0x05000000
 
 typedef enum Exynos4BoardType {
@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,
     exynos4_board_binfo.gic_cpu_if_addr =
             EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
 
-    PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
-            " kernel_filename: %s\n"
-            " kernel_cmdline: %s\n"
-            " initrd_filename: %s\n",
-            exynos4_board_ram_size[board_type] / 1048576,
-            exynos4_board_ram_size[board_type],
-            machine->kernel_filename,
-            machine->kernel_cmdline,
-            machine->initrd_filename);
-
     exynos4_boards_init_ram(s, get_system_memory(),
                             exynos4_board_ram_size[board_type]);
 
-- 
2.20.1

From: Philippe Mathieu-Daudé <philmd@redhat.com>

It eases code review, unit is explicit.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4_boards.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -XXX,XX +XXX,XX @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "qemu-common.h"
@@ -XXX,XX +XXX,XX @@ static int exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
 };
 
 static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
-    [EXYNOS4_BOARD_NURI]     = 0x40000000,
-    [EXYNOS4_BOARD_SMDKC210] = 0x40000000,
+    [EXYNOS4_BOARD_NURI]     = 1 * GiB,
+    [EXYNOS4_BOARD_SMDKC210] = 1 * GiB,
 };
 
 static struct arm_boot_info exynos4_board_binfo = {
-- 
2.20.1

From: Guenter Roeck <linux@roeck-us.net>

QEMU already supports pl330. Instantiate it for Exynos4210.

Relevant part of Linux arch/arm/boot/dts/exynos4.dtsi:

/ {
    soc: soc {
        amba {
            pdma0: pdma@12680000 {
                compatible = "arm,pl330", "arm,primecell";
                reg = <0x12680000 0x1000>;
                interrupts = <GIC_SPI 35 IRQ_TYPE_LEVEL_HIGH>;
                clocks = <&clock CLK_PDMA0>;
                clock-names = "apb_pclk";
                #dma-cells = <1>;
                #dma-channels = <8>;
                #dma-requests = <32>;
            };
            pdma1: pdma@12690000 {
                compatible = "arm,pl330", "arm,primecell";
                reg = <0x12690000 0x1000>;
                interrupts = <GIC_SPI 36 IRQ_TYPE_LEVEL_HIGH>;
                clocks = <&clock CLK_PDMA1>;
                clock-names = "apb_pclk";
                #dma-cells = <1>;
                #dma-channels = <8>;
                #dma-requests = <32>;
            };
            mdma1: mdma@12850000 {
                compatible = "arm,pl330", "arm,primecell";
                reg = <0x12850000 0x1000>;
                interrupts = <GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>;
                clocks = <&clock CLK_MDMA>;
                clock-names = "apb_pclk";
                #dma-cells = <1>;
                #dma-channels = <8>;
                #dma-requests = <1>;
            };
        };
    };
};

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520214342.13709-4-philmd@redhat.com
[PMD: Do not set default qdev properties, create the controllers in the SoC
      rather than the board (Peter Maydell), add dtsi in commit message]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4210.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -XXX,XX +XXX,XX @@
 /* EHCI */
 #define EXYNOS4210_EHCI_BASE_ADDR           0x12580000
 
+/* DMA */
+#define EXYNOS4210_PL330_BASE0_ADDR         0x12680000
+#define EXYNOS4210_PL330_BASE1_ADDR         0x12690000
+#define EXYNOS4210_PL330_BASE2_ADDR         0x12850000
+
 static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
                                     0x09, 0x00, 0x00, 0x00 };
 
@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_calc_affinity(int cpu)
     return (0x9 << ARM_AFF1_SHIFT) | cpu;
 }
 
+static void pl330_create(uint32_t base, qemu_irq irq, int nreq)
+{
+    SysBusDevice *busdev;
+    DeviceState *dev;
+
+    dev = qdev_create(NULL, "pl330");
+    qdev_prop_set_uint8(dev, "num_periph_req",  nreq);
+    qdev_init_nofail(dev);
+    busdev = SYS_BUS_DEVICE(dev);
+    sysbus_mmio_map(busdev, 0, base);
+    sysbus_connect_irq(busdev, 0, irq);
+}
+
 Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
 {
     Exynos4210State *s = g_new0(Exynos4210State, 1);
@@ -XXX,XX +XXX,XX @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
     sysbus_create_simple(TYPE_EXYNOS4210_EHCI, EXYNOS4210_EHCI_BASE_ADDR,
             s->irq_table[exynos4210_get_irq(28, 3)]);
 
+    /*** DMA controllers ***/
+    pl330_create(EXYNOS4210_PL330_BASE0_ADDR,
+                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(35, 1)]), 32);
+    pl330_create(EXYNOS4210_PL330_BASE1_ADDR,
+                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
+    pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
+                 qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
+
     return s;
 }
-- 
2.20.1

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-5-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/exynos4210.h |  9 +++++++--
 hw/arm/exynos4210.c         | 28 ++++++++++++++++++++++++----
 hw/arm/exynos4_boards.c     |  9 ++++++---
 3 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/include/hw/arm/exynos4210.h b/include/hw/arm/exynos4210.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/exynos4210.h
+++ b/include/hw/arm/exynos4210.h
@@ -XXX,XX +XXX,XX @@ typedef struct Exynos4210Irq {
 } Exynos4210Irq;
 
 typedef struct Exynos4210State {
+    /*< private >*/
+    SysBusDevice parent_obj;
+    /*< public >*/
     ARMCPU *cpu[EXYNOS4210_NCPUS];
     Exynos4210Irq irqs;
     qemu_irq *irq_table;
@@ -XXX,XX +XXX,XX @@ typedef struct Exynos4210State {
     I2CBus *i2c_if[EXYNOS4210_I2C_NUMBER];
 } Exynos4210State;
 
+#define TYPE_EXYNOS4210_SOC "exynos4210"
+#define EXYNOS4210_SOC(obj) \
+    OBJECT_CHECK(Exynos4210State, obj, TYPE_EXYNOS4210_SOC)
+
 void exynos4210_write_secondary(ARMCPU *cpu,
         const struct arm_boot_info *info);
 
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem);
-
 /* Initialize exynos4210 IRQ subsystem stub */
 qemu_irq *exynos4210_init_irq(Exynos4210Irq *env);
 
diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -XXX,XX +XXX,XX @@ static void pl330_create(uint32_t base, qemu_irq irq, int nreq)
     sysbus_connect_irq(busdev, 0, irq);
 }
 
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
+static void exynos4210_realize(DeviceState *socdev, Error **errp)
 {
-    Exynos4210State *s = g_new0(Exynos4210State, 1);
+    Exynos4210State *s = EXYNOS4210_SOC(socdev);
+    MemoryRegion *system_mem = get_system_memory();
     qemu_irq gate_irq[EXYNOS4210_NCPUS][EXYNOS4210_IRQ_GATE_NINPUTS];
     SysBusDevice *busdev;
     DeviceState *dev;
@@ -XXX,XX +XXX,XX @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
                  qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
     pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
                  qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
-
-    return s;
 }
+
+static void exynos4210_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+
+    dc->realize = exynos4210_realize;
+}
+
+static const TypeInfo exynos4210_info = {
+    .name = TYPE_EXYNOS4210_SOC,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(Exynos4210State),
+    .class_init = exynos4210_class_init,
+};
+
+static void exynos4210_register_types(void)
+{
+    type_register_static(&exynos4210_info);
+}
+
+type_init(exynos4210_register_types)
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -XXX,XX +XXX,XX @@ typedef enum Exynos4BoardType {
 } Exynos4BoardType;
 
 typedef struct Exynos4BoardState {
-    Exynos4210State *soc;
+    Exynos4210State soc;
     MemoryRegion dram0_mem;
     MemoryRegion dram1_mem;
 } Exynos4BoardState;
@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,
     exynos4_boards_init_ram(s, get_system_memory(),
                             exynos4_board_ram_size[board_type]);
 
-    s->soc = exynos4210_init(get_system_memory());
+    object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
+    qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
+    object_property_set_bool(OBJECT(&s->soc), true, "realized",
+                             &error_fatal);
 
     return s;
 }
@@ -XXX,XX +XXX,XX @@ static void smdkc210_init(MachineState *machine)
                                                       EXYNOS4_BOARD_SMDKC210);
 
     lan9215_init(SMDK_LAN9118_BASE_ADDR,
-            qemu_irq_invert(s->soc->irq_table[exynos4210_get_irq(37, 1)]));
+            qemu_irq_invert(s->soc.irq_table[exynos4210_get_irq(37, 1)]));
     arm_load_kernel(ARM_CPU(first_cpu), &exynos4_board_binfo);
 }
 
-- 
2.20.1

The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:

Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321

for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:

target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)

----------------------------------------------------------------
target-arm queue:
 * contrib/elf2dmp: Support Windows Server 2022
 * hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
 * target/arm: Add Neoverse-N1 IMPDEF registers
 * hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
 * docs/system/arm/cpu-features.rst: Fix formatting
 * target/arm: Don't advertise aarch64-pauth.xml to gdb

----------------------------------------------------------------
Chen Baozi (1):
      target/arm: Add Neoverse-N1 registers

Guenter Roeck (1):
      hw/usb/imx: Fix out of bounds access in imx_usbphy_read()

Peter Maydell (3):
      hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
      docs/system/arm/cpu-features.rst: Fix formatting
      target/arm: Don't advertise aarch64-pauth.xml to gdb

Viktor Prutyanov (3):
      contrib/elf2dmp: fix code style
      contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
      contrib/elf2dmp: add PE name check and Windows Server 2022 support

docs/system/arm/cpu-features.rst |  68 ++++++++++-------------
 contrib/elf2dmp/pe.h             | 115 ++++++++++++++++++++++-----------------
 contrib/elf2dmp/addrspace.c      |   1 +
 contrib/elf2dmp/main.c           | 108 ++++++++++++++++++++++++------------
 hw/char/cadence_uart.c           |   6 +-
 hw/usb/imx-usb-phy.c             |  19 ++++++-
 target/arm/cpu64.c               |  69 +++++++++++++++++++++++
 target/arm/gdbstub.c             |   7 +++
 8 files changed, 267 insertions(+), 126 deletions(-)

From: Chen Baozi <chenbaozi@phytium.com.cn>

Add implementation defined registers for neoverse-n1 which
would be accessed by TF-A. Since there is no DSU in Qemu,
CPUCFR_EL1.SCU bit is set to 1 to avoid DSU registers definition.

Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230313033936.585669-1-chenbaozi@phytium.com.cn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu64.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "cpregs.h"
 #include "qemu/module.h"
 #include "sysemu/kvm.h"
 #include "sysemu/hvf.h"
@@ -XXX,XX +XXX,XX @@ static void aarch64_a64fx_initfn(Object *obj)
     /* TODO:  Add A64FX specific HPC extension registers */
 }
 
+static const ARMCPRegInfo neoverse_n1_cp_reginfo[] = {
+    { .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ATCR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 7, .opc2 = 0,
+      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ATCR_EL12", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 5, .crn = 15, .crm = 7, .opc2 = 0,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    /*
+     * Report CPUCFR_EL1.SCU as 1, as we do not implement the DSU
+     * (and in particular its system registers).
+     */
+    { .name = "CPUCFR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
+      .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 4 },
+    { .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0x961563010 },
+    { .name = "CPUPCR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 1,
+      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUPMR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 3,
+      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUPOR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 2,
+      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUPSELR_EL3", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 0,
+      .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ERXPFGCDN_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 2,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ERXPFGCTL_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 1,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "ERXPFGF_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+};
+
+static void define_neoverse_n1_cp_reginfo(ARMCPU *cpu)
+{
+    define_arm_cp_regs(cpu, neoverse_n1_cp_reginfo);
+}
+
 static void aarch64_neoverse_n1_initfn(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
@@ -XXX,XX +XXX,XX @@ static void aarch64_neoverse_n1_initfn(Object *obj)
 
     /* From D5.1 AArch64 PMU register summary */
     cpu->isar.reset_pmcr_el0 = 0x410c3000;
+
+    define_neoverse_n1_cp_reginfo(cpu);
 }
 
 static void aarch64_host_initfn(Object *obj)
-- 
2.34.1

The cadence UART attempts to avoid allowing the guest to set invalid
baud rate register values in the uart_write() function.  However it
does the "mask to the size of the register field" and "check for
invalid values" in the wrong order, which means that a malicious
guest can get a bogus value into the register by setting also some
high bits in the value, and cause QEMU to crash by division-by-zero.

Do the mask before the bounds check instead of afterwards.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
---
 hw/char/cadence_uart.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -XXX,XX +XXX,XX @@ static MemTxResult uart_write(void *opaque, hwaddr offset,
         }
         break;
     case R_BRGR: /* Baud rate generator */
+        value &= 0xffff;
         if (value >= 0x01) {
-            s->r[offset] = value & 0xFFFF;
+            s->r[offset] = value;
         }
         break;
     case R_BDIV:    /* Baud rate divider */
+        value &= 0xff;
         if (value >= 0x04) {
-            s->r[offset] = value & 0xFF;
+            s->r[offset] = value;
         }
         break;
     default:
-- 
2.34.1

From: Viktor Prutyanov <viktor@daynix.com>

Originally elf2dmp were added with some code style issues,
especially in pe.h header, and some were introduced by
2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now.

Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-2-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 contrib/elf2dmp/pe.h        | 100 ++++++++++++++++++------------------
 contrib/elf2dmp/addrspace.c |   1 +
 contrib/elf2dmp/main.c      |   9 ++--
 3 files changed, 57 insertions(+), 53 deletions(-)

diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/pe.h
+++ b/contrib/elf2dmp/pe.h
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DOS_HEADER {
 } __attribute__ ((packed)) IMAGE_DOS_HEADER;
 
 typedef struct IMAGE_FILE_HEADER {
-  uint16_t  Machine;
-  uint16_t  NumberOfSections;
-  uint32_t  TimeDateStamp;
-  uint32_t  PointerToSymbolTable;
-  uint32_t  NumberOfSymbols;
-  uint16_t  SizeOfOptionalHeader;
-  uint16_t  Characteristics;
+    uint16_t  Machine;
+    uint16_t  NumberOfSections;
+    uint32_t  TimeDateStamp;
+    uint32_t  PointerToSymbolTable;
+    uint32_t  NumberOfSymbols;
+    uint16_t  SizeOfOptionalHeader;
+    uint16_t  Characteristics;
 } __attribute__ ((packed)) IMAGE_FILE_HEADER;
 
 typedef struct IMAGE_DATA_DIRECTORY {
-  uint32_t VirtualAddress;
-  uint32_t Size;
+    uint32_t VirtualAddress;
+    uint32_t Size;
 } __attribute__ ((packed)) IMAGE_DATA_DIRECTORY;
 
 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
 
 typedef struct IMAGE_OPTIONAL_HEADER64 {
-  uint16_t  Magic; /* 0x20b */
-  uint8_t   MajorLinkerVersion;
-  uint8_t   MinorLinkerVersion;
-  uint32_t  SizeOfCode;
-  uint32_t  SizeOfInitializedData;
-  uint32_t  SizeOfUninitializedData;
-  uint32_t  AddressOfEntryPoint;
-  uint32_t  BaseOfCode;
-  uint64_t  ImageBase;
-  uint32_t  SectionAlignment;
-  uint32_t  FileAlignment;
-  uint16_t  MajorOperatingSystemVersion;
-  uint16_t  MinorOperatingSystemVersion;
-  uint16_t  MajorImageVersion;
-  uint16_t  MinorImageVersion;
-  uint16_t  MajorSubsystemVersion;
-  uint16_t  MinorSubsystemVersion;
-  uint32_t  Win32VersionValue;
-  uint32_t  SizeOfImage;
-  uint32_t  SizeOfHeaders;
-  uint32_t  CheckSum;
-  uint16_t  Subsystem;
-  uint16_t  DllCharacteristics;
-  uint64_t  SizeOfStackReserve;
-  uint64_t  SizeOfStackCommit;
-  uint64_t  SizeOfHeapReserve;
-  uint64_t  SizeOfHeapCommit;
-  uint32_t  LoaderFlags;
-  uint32_t  NumberOfRvaAndSizes;
-  IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+    uint16_t  Magic; /* 0x20b */
+    uint8_t   MajorLinkerVersion;
+    uint8_t   MinorLinkerVersion;
+    uint32_t  SizeOfCode;
+    uint32_t  SizeOfInitializedData;
+    uint32_t  SizeOfUninitializedData;
+    uint32_t  AddressOfEntryPoint;
+    uint32_t  BaseOfCode;
+    uint64_t  ImageBase;
+    uint32_t  SectionAlignment;
+    uint32_t  FileAlignment;
+    uint16_t  MajorOperatingSystemVersion;
+    uint16_t  MinorOperatingSystemVersion;
+    uint16_t  MajorImageVersion;
+    uint16_t  MinorImageVersion;
+    uint16_t  MajorSubsystemVersion;
+    uint16_t  MinorSubsystemVersion;
+    uint32_t  Win32VersionValue;
+    uint32_t  SizeOfImage;
+    uint32_t  SizeOfHeaders;
+    uint32_t  CheckSum;
+    uint16_t  Subsystem;
+    uint16_t  DllCharacteristics;
+    uint64_t  SizeOfStackReserve;
+    uint64_t  SizeOfStackCommit;
+    uint64_t  SizeOfHeapReserve;
+    uint64_t  SizeOfHeapCommit;
+    uint32_t  LoaderFlags;
+    uint32_t  NumberOfRvaAndSizes;
+    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
 } __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64;
 
 typedef struct IMAGE_NT_HEADERS64 {
-  uint32_t Signature;
-  IMAGE_FILE_HEADER FileHeader;
-  IMAGE_OPTIONAL_HEADER64 OptionalHeader;
+    uint32_t Signature;
+    IMAGE_FILE_HEADER FileHeader;
+    IMAGE_OPTIONAL_HEADER64 OptionalHeader;
 } __attribute__ ((packed)) IMAGE_NT_HEADERS64;
 
 typedef struct IMAGE_DEBUG_DIRECTORY {
-  uint32_t Characteristics;
-  uint32_t TimeDateStamp;
-  uint16_t MajorVersion;
-  uint16_t MinorVersion;
-  uint32_t Type;
-  uint32_t SizeOfData;
-  uint32_t AddressOfRawData;
-  uint32_t PointerToRawData;
+    uint32_t Characteristics;
+    uint32_t TimeDateStamp;
+    uint16_t MajorVersion;
+    uint16_t MinorVersion;
+    uint32_t Type;
+    uint32_t SizeOfData;
+    uint32_t AddressOfRawData;
+    uint32_t PointerToRawData;
 } __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY;
 
 #define IMAGE_DEBUG_TYPE_CODEVIEW   2
diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/addrspace.c
+++ b/contrib/elf2dmp/addrspace.c
@@ -XXX,XX +XXX,XX @@
 static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa)
 {
     size_t i;
+
     for (i = 0; i < ps->block_nr; i++) {
         if (ps->block[i].paddr <= pa &&
                 pa <= ps->block[i].paddr + ps->block[i].size) {
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
     };
 
     for (i = 0; i < ps->block_nr; i++) {
-        h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE;
+        h.PhysicalMemoryBlock.NumberOfPages +=
+                ps->block[i].size / ELF2DMP_PAGE_SIZE;
         h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) {
             .BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE,
             .PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE,
         };
     }
 
-    h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
+    h.RequiredDumpSpace +=
+            h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
 
     *hdr = h;
 
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
 static int fill_context(KDDEBUGGER_DATA64 *kdbg,
         struct va_space *vs, QEMU_Elf *qe)
 {
-        int i;
+    int i;
+
     for (i = 0; i < qe->state_nr; i++) {
         uint64_t Prcb;
         uint64_t Context;
-- 
2.34.1

From: Viktor Prutyanov <viktor@daynix.com>

Move out PE directory search functionality to be reused not only
for Debug Directory processing but for arbitrary PE directory.

Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-3-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++-----------------
 1 file changed, 42 insertions(+), 29 deletions(-)

diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -XXX,XX +XXX,XX @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
     return 0;
 }
 
+static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx,
+        void *entry, size_t size, struct va_space *vs)
+{
+    const char e_magic[2] = "MZ";
+    const char Signature[4] = "PE\0\0";
+    IMAGE_DOS_HEADER *dos_hdr = start_addr;
+    IMAGE_NT_HEADERS64 nt_hdrs;
+    IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
+    IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
+    IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
+
+    QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
+
+    if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
+        return 1;
+    }
+
+    if (va_space_rw(vs, base + dos_hdr->e_lfanew,
+                &nt_hdrs, sizeof(nt_hdrs), 0)) {
+        return 1;
+    }
+
+    if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
+            file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
+        return 1;
+    }
+
+    if (va_space_rw(vs,
+                base + data_dir[idx].VirtualAddress,
+                entry, size, 0)) {
+        return 1;
+    }
+
+    printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx,
+            (uint32_t)data_dir[idx].VirtualAddress);
+
+    return 0;
+}
+
 static int write_dump(struct pa_space *ps,
         WinDumpHeader64 *hdr, const char *name)
 {
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
 static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
         char *hash, struct va_space *vs)
 {
-    const char e_magic[2] = "MZ";
-    const char Signature[4] = "PE\0\0";
     const char sign_rsds[4] = "RSDS";
-    IMAGE_DOS_HEADER *dos_hdr = start_addr;
-    IMAGE_NT_HEADERS64 nt_hdrs;
-    IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
-    IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
-    IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
     IMAGE_DEBUG_DIRECTORY debug_dir;
     OMFSignatureRSDS rsds;
     char *pdb_name;
     size_t pdb_name_sz;
     size_t i;
 
-    QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
-
-    if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
-        return 1;
-    }
-
-    if (va_space_rw(vs, base + dos_hdr->e_lfanew,
-                &nt_hdrs, sizeof(nt_hdrs), 0)) {
-        return 1;
-    }
-
-    if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
-            file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
-        return 1;
-    }
-
-    printf("Debug Directory RVA = 0x%08"PRIx32"\n",
-            (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress);
-
-    if (va_space_rw(vs,
-                base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress,
-                &debug_dir, sizeof(debug_dir), 0)) {
+    if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY,
+                &debug_dir, sizeof(debug_dir), vs)) {
+        eprintf("Failed to get Debug Directory\n");
         return 1;
     }
 
-- 
2.34.1

From: Viktor Prutyanov <viktor@daynix.com>

Since its inception elf2dmp has checked MZ signatures within an
address space above IDT[0] interrupt vector and took first PE image
found as Windows Kernel.
But in Windows Server 2022 memory dump this address space range is
full of invalid PE fragments and the tool must check that PE image
is 'ntoskrnl.exe' actually.
So, introduce additional validation by checking image name from
Export Directory against 'ntoskrnl.exe'.

Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-4-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 contrib/elf2dmp/pe.h   | 15 +++++++++++++++
 contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++--
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/pe.h
+++ b/contrib/elf2dmp/pe.h
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_NT_HEADERS64 {
     IMAGE_OPTIONAL_HEADER64 OptionalHeader;
 } __attribute__ ((packed)) IMAGE_NT_HEADERS64;
 
+typedef struct IMAGE_EXPORT_DIRECTORY {
+    uint32_t    Characteristics;
+    uint32_t    TimeDateStamp;
+    uint16_t    MajorVersion;
+    uint16_t    MinorVersion;
+    uint32_t    Name;
+    uint32_t    Base;
+    uint32_t    NumberOfFunctions;
+    uint32_t    NumberOfNames;
+    uint32_t    AddressOfFunctions;
+    uint32_t    AddressOfNames;
+    uint32_t    AddressOfNameOrdinals;
+} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY;
+
 typedef struct IMAGE_DEBUG_DIRECTORY {
     uint32_t Characteristics;
     uint32_t TimeDateStamp;
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DEBUG_DIRECTORY {
 #define IMAGE_DEBUG_TYPE_CODEVIEW   2
 #endif
 
+#define IMAGE_FILE_EXPORT_DIRECTORY 0
 #define IMAGE_FILE_DEBUG_DIRECTORY  6
 
 typedef struct guid_t {
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index XXXXXXX..XXXXXXX 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -XXX,XX +XXX,XX @@
 
 #define SYM_URL_BASE    "https://msdl.microsoft.com/download/symbols/"
 #define PDB_NAME    "ntkrnlmp.pdb"
+#define PE_NAME     "ntoskrnl.exe"
 
 #define INITIAL_MXCSR   0x1f80
 
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
     return fclose(dmp_file);
 }
 
+static bool pe_check_export_name(uint64_t base, void *start_addr,
+        struct va_space *vs)
+{
+    IMAGE_EXPORT_DIRECTORY export_dir;
+    const char *pe_name;
+
+    if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY,
+                &export_dir, sizeof(export_dir), vs)) {
+        return false;
+    }
+
+    pe_name = va_space_resolve(vs, base + export_dir.Name);
+    if (!pe_name) {
+        return false;
+    }
+
+    return !strcmp(pe_name, PE_NAME);
+}
+
 static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
         char *hash, struct va_space *vs)
 {
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
     uint64_t KdDebuggerDataBlock;
     KDDEBUGGER_DATA64 *kdbg;
     uint64_t KdVersionBlock;
+    bool kernel_found = false;
 
     if (argc != 3) {
         eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]);
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
         }
 
         if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
-            break;
+            if (pe_check_export_name(KernBase, nt_start_addr, &vs)) {
+                kernel_found = true;
+                break;
+            }
         }
     }
 
-    if (!nt_start_addr) {
+    if (!kernel_found) {
         eprintf("Failed to find NT kernel image\n");
         err = 1;
         goto out_ps;
-- 
2.34.1

From: Guenter Roeck <linux@roeck-us.net>

The i.MX USB Phy driver does not check register ranges, resulting in out of
bounds accesses if an attempt is made to access non-existing PHY registers.
Add range check and conditionally report bad accesses to fix the problem.

While at it, also conditionally log attempted writes to non-existing or
read-only registers.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-id: 20230316234926.208874-1-linux@roeck-us.net
Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
Fixes: 0701a5efa015 ("hw/usb: Add basic i.MX USB Phy support")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/usb/imx-usb-phy.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/hw/usb/imx-usb-phy.c b/hw/usb/imx-usb-phy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/usb/imx-usb-phy.c
+++ b/hw/usb/imx-usb-phy.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "hw/usb/imx-usb-phy.h"
 #include "migration/vmstate.h"
+#include "qemu/log.h"
 #include "qemu/module.h"
 
 static const VMStateDescription vmstate_imx_usbphy = {
@@ -XXX,XX +XXX,XX @@ static uint64_t imx_usbphy_read(void *opaque, hwaddr offset, unsigned size)
         value = s->usbphy[index - 3];
         break;
     default:
-        value = s->usbphy[index];
+        if (index < USBPHY_MAX) {
+            value = s->usbphy[index];
+        } else {
+            qemu_log_mask(LOG_GUEST_ERROR,
+                          "%s: Read from non-existing USB PHY register 0x%"
+                          HWADDR_PRIx "\n",
+                          __func__, offset);
+            value = 0;
+        }
         break;
     }
     return (uint64_t)value;
@@ -XXX,XX +XXX,XX @@ static void imx_usbphy_write(void *opaque, hwaddr offset, uint64_t value,
         s->usbphy[index - 3] ^= value;
         break;
     default:
-        /* Other registers are read-only */
+        /* Other registers are read-only or do not exist */
+        qemu_log_mask(LOG_GUEST_ERROR,
+                      "%s: Write to %s USB PHY register 0x%"
+                      HWADDR_PRIx "\n",
+                      __func__,
+                      index >= USBPHY_MAX ? "non-existing" : "read-only",
+                      offset);
         break;
     }
 }
-- 
2.34.1

The markup for the Arm CPU feature documentation is incorrect,
and results in the HTML not rendering correctly -- the first
line of each description is rendered in boldface as if it
were part of the option name.

Reformat to match the styling used in cpu-models-x86.rst.inc.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1479
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230316105808.1414003-1-peter.maydell@linaro.org
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
---
 docs/system/arm/cpu-features.rst | 68 ++++++++++++++------------------
 1 file changed, 30 insertions(+), 38 deletions(-)

diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -XXX,XX +XXX,XX @@ are named with the prefix "kvm-".  KVM VCPU features may be probed,
 enabled, and disabled in the same way as other CPU features.  Below is
 the list of KVM VCPU features and their descriptions.
 
-  kvm-no-adjvtime          By default kvm-no-adjvtime is disabled.  This
-                           means that by default the virtual time
-                           adjustment is enabled (vtime is not *not*
-                           adjusted).
+``kvm-no-adjvtime``
+  By default kvm-no-adjvtime is disabled.  This means that by default
+  the virtual time adjustment is enabled (vtime is not *not* adjusted).
 
-                           When virtual time adjustment is enabled each
-                           time the VM transitions back to running state
-                           the VCPU's virtual counter is updated to ensure
-                           stopped time is not counted.  This avoids time
-                           jumps surprising guest OSes and applications,
-                           as long as they use the virtual counter for
-                           timekeeping.  However it has the side effect of
-                           the virtual and physical counters diverging.
-                           All timekeeping based on the virtual counter
-                           will appear to lag behind any timekeeping that
-                           does not subtract VM stopped time.  The guest
-                           may resynchronize its virtual counter with
-                           other time sources as needed.
+  When virtual time adjustment is enabled each time the VM transitions
+  back to running state the VCPU's virtual counter is updated to
+  ensure stopped time is not counted.  This avoids time jumps
+  surprising guest OSes and applications, as long as they use the
+  virtual counter for timekeeping.  However it has the side effect of
+  the virtual and physical counters diverging.  All timekeeping based
+  on the virtual counter will appear to lag behind any timekeeping
+  that does not subtract VM stopped time.  The guest may resynchronize
+  its virtual counter with other time sources as needed.
 
-                           Enable kvm-no-adjvtime to disable virtual time
-                           adjustment, also restoring the legacy (pre-5.0)
-                           behavior.
+  Enable kvm-no-adjvtime to disable virtual time adjustment, also
+  restoring the legacy (pre-5.0) behavior.
 
-  kvm-steal-time           Since v5.2, kvm-steal-time is enabled by
-                           default when KVM is enabled, the feature is
-                           supported, and the guest is 64-bit.
+``kvm-steal-time``
+  Since v5.2, kvm-steal-time is enabled by default when KVM is
+  enabled, the feature is supported, and the guest is 64-bit.
 
-                           When kvm-steal-time is enabled a 64-bit guest
-                           can account for time its CPUs were not running
-                           due to the host not scheduling the corresponding
-                           VCPU threads.  The accounting statistics may
-                           influence the guest scheduler behavior and/or be
-                           exposed to the guest userspace.
+  When kvm-steal-time is enabled a 64-bit guest can account for time
+  its CPUs were not running due to the host not scheduling the
+  corresponding VCPU threads.  The accounting statistics may influence
+  the guest scheduler behavior and/or be exposed to the guest
+  userspace.
 
 TCG VCPU Features
 =================
@@ -XXX,XX +XXX,XX @@ TCG VCPU Features
 TCG VCPU features are CPU features that are specific to TCG.
 Below is the list of TCG VCPU features and their descriptions.
 
-  pauth-impdef             When ``FEAT_Pauth`` is enabled, either the
-                           *impdef* (Implementation Defined) algorithm
-                           is enabled or the *architected* QARMA algorithm
-                           is enabled.  By default the impdef algorithm
-                           is disabled, and QARMA is enabled.
+``pauth-impdef``
+  When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
+  Defined) algorithm is enabled or the *architected* QARMA algorithm
+  is enabled.  By default the impdef algorithm is disabled, and QARMA
+  is enabled.
 
-                           The architected QARMA algorithm has good
-                           cryptographic properties, but can be quite slow
-                           to emulate.  The impdef algorithm used by QEMU
-                           is non-cryptographic but significantly faster.
+  The architected QARMA algorithm has good cryptographic properties,
+  but can be quite slow to emulate.  The impdef algorithm used by QEMU
+  is non-cryptographic but significantly faster.
 
 SVE CPU Properties
 ==================
-- 
2.34.1

Unfortunately a bug in older versions of gdb means that they will
crash if QEMU sends them the aarch64-pauth.xml.  This bug is fixed in
gdb commit 1ba3a3222039eb25, and there are plans to backport that to
affected gdb release branches, but since the bug affects gdb 9
through 12 it is very widely deployed (for instance by distros).

It is not currently clear what the best way to deal with this is; it
has been proposed to define a new XML feature name that old gdb will
ignore but newer gdb can handle.  Since QEMU's 8.0 release is
imminent and at least one of our CI runners is now falling over this,
disable the pauth XML for the moment.  We can follow up with a more
considered fix either in time for 8.0 or else for the 8.1 release.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/gdbstub.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
                                      aarch64_gdb_set_fpu_reg,
                                      34, "aarch64-fpu.xml", 0);
         }
+#if 0
+        /*
+         * GDB versions 9 through 12 have a bug which means they will
+         * crash if they see this XML from QEMU; disable it for the 8.0
+         * release, pending a better solution.
+         */
         if (isar_feature_aa64_pauth(&cpu->isar)) {
             gdb_register_coprocessor(cs, aarch64_gdb_get_pauth_reg,
                                      aarch64_gdb_set_pauth_reg,
                                      4, "aarch64-pauth.xml", 0);
         }
+#endif
 #endif
     } else {
         if (arm_feature(env, ARM_FEATURE_NEON)) {
-- 
2.34.1