target-arm queue for rc2. This has 3 Arm related bug fixes,

and a couple of non-arm patches which don't have an obviously

better route into the tree.

The following changes since commit b9e02bb3f98174209dbd5c96858e65a31723221b:

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-07-19' into staging (2019-07-22 10:11:28 +0100)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190722

for you to fetch changes up to ddb45afbfbc639365d6c934e4e29f6de5e5e2a0e:

contrib/elf2dmp: Build download.o with CURL_CFLAGS (2019-07-22 14:07:39 +0100)

* target/arm: Add missing break statement for Hypervisor Trap Exception

(fixes handling of SMC insn taken to AArch32 Hyp mode via HCR.TSC)

* hw/arm/fsl-imx6ul.c: Remove dead SMP-related code

* target/arm: Limit ID register assertions to TCG

* configure: Clarify URL to source downloads

* contrib/elf2dmp: Build download.o with CURL_CFLAGS

Peter Maydell (4):

hw/arm/fsl-imx6ul.c: Remove dead SMP-related code

target/arm: Limit ID register assertions to TCG

configure: Clarify URL to source downloads

contrib/elf2dmp: Build download.o with CURL_CFLAGS

Philippe Mathieu-Daudé (1):

target/arm: Add missing break statement for Hypervisor Trap Exception

configure | 2 +-

Makefile | 1 -

contrib/elf2dmp/Makefile.objs | 3 +++

include/hw/arm/fsl-imx6ul.h | 2 +-

hw/arm/fsl-imx6ul.c | 62 +++++++++++++------------------------------

hw/arm/mcimx6ul-evk.c | 2 +-

target/arm/cpu.c | 7 +++--

target/arm/helper.c | 1 +

8 files changed, 30 insertions(+), 50 deletions(-)

If configure detects that it's being run on a source tree which

is missing git modules, it prints an error messages suggesting

that the user downloads a correct source archive from the project

website. However https://www.qemu.org/download/ is a link to a

page with multiple tabs, with the default being the one telling

users how to get binaries from their distro. Clarify the URL

we print to include the #source anchor, so that the browser will

go directly to the source-tarball instructions.

Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Thomas Huth <thuth@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Stefan Weil <sw@weilnetz.de>

Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Message-id: 20190718131659.20783-1-peter.maydell@linaro.org

Suggested-by: Stefan Weil <sw@weilnetz.de>

configure | 2 +-

diff --git a/configure b/configure

index XXXXXXX..XXXXXXX 100755

--- a/configure

+++ b/configure

@@ -XXX,XX +XXX,XX @@ else

echo "to acquire QEMU source archives. Non-GIT builds are only"

echo "supported with source archives linked from:"

echo

- echo " https://www.qemu.org/download/"

+ echo " https://www.qemu.org/download/#source"

echo

echo "Developers working with GIT can use scripts/archive-source.sh"

echo "if they need to create valid source archives."

2.20.1

The i.MX6UL always has a single Cortex-A7 CPU (we set FSL_IMX6UL_NUM_CPUS

to 1 in line with this). This means that all the code in fsl-imx6ul.c to

handle multiple CPUs is dead code, and Coverity is now complaining that

it is unreachable (CID 1403008, 1403011).

Remove the unreachable code and the only-executes-once loops,

and replace the single-entry cpu[] array in the FSLIMX6ULState

with a simple cpu member.

include/hw/arm/fsl-imx6ul.h | 2 +-

hw/arm/fsl-imx6ul.c | 62 +++++++++++--------------------------

hw/arm/mcimx6ul-evk.c | 2 +-

3 files changed, 20 insertions(+), 46 deletions(-)

diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h

--- a/include/hw/arm/fsl-imx6ul.h

+++ b/include/hw/arm/fsl-imx6ul.h

@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX6ULState {

DeviceState parent_obj;

/*< public >*/

- ARMCPU cpu[FSL_IMX6UL_NUM_CPUS];

+ ARMCPU cpu;

A15MPPrivState a7mpcore;

IMXGPTState gpt[FSL_IMX6UL_NUM_GPTS];

IMXEPITState epit[FSL_IMX6UL_NUM_EPITS];

diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/fsl-imx6ul.c

+++ b/hw/arm/fsl-imx6ul.c

@@ -XXX,XX +XXX,XX @@

static void fsl_imx6ul_init(Object *obj)

{

- MachineState *ms = MACHINE(qdev_get_machine());

FslIMX6ULState *s = FSL_IMX6UL(obj);

char name[NAME_SIZE];

int i;

- for (i = 0; i < MIN(ms->smp.cpus, FSL_IMX6UL_NUM_CPUS); i++) {

- snprintf(name, NAME_SIZE, "cpu%d", i);

- object_initialize_child(obj, name, &s->cpu[i], sizeof(s->cpu[i]),

- "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);

- }

+ object_initialize_child(obj, "cpu0", &s->cpu, sizeof(s->cpu),

+ "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);

* A7MPCORE

@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)

MachineState *ms = MACHINE(qdev_get_machine());

FslIMX6ULState *s = FSL_IMX6UL(dev);

int i;

- qemu_irq irq;

char name[NAME_SIZE];

- unsigned int smp_cpus = ms->smp.cpus;

+ SysBusDevice *sbd;

+ DeviceState *d;

- if (smp_cpus > FSL_IMX6UL_NUM_CPUS) {

- error_setg(errp, "%s: Only %d CPUs are supported (%d requested)",

- TYPE_FSL_IMX6UL, FSL_IMX6UL_NUM_CPUS, smp_cpus);

+ if (ms->smp.cpus > 1) {

+ error_setg(errp, "%s: Only a single CPU is supported (%d requested)",

+ TYPE_FSL_IMX6UL, ms->smp.cpus);

return;

- for (i = 0; i < smp_cpus; i++) {

- Object *o = OBJECT(&s->cpu[i]);

- object_property_set_int(o, QEMU_PSCI_CONDUIT_SMC,

- "psci-conduit", &error_abort);

- /* On uniprocessor, the CBAR is set to 0 */

- if (smp_cpus > 1) {

- object_property_set_int(o, FSL_IMX6UL_A7MPCORE_ADDR,

- "reset-cbar", &error_abort);

- }

-

- if (i) {

- /* Secondary CPUs start in PSCI powered-down state */

- object_property_set_bool(o, true,

- "start-powered-off", &error_abort);

- }

-

- object_property_set_bool(o, true, "realized", &error_abort);

- }

+ object_property_set_int(OBJECT(&s->cpu), QEMU_PSCI_CONDUIT_SMC,

+ "psci-conduit", &error_abort);

+ object_property_set_bool(OBJECT(&s->cpu), true,

+ "realized", &error_abort);

/*

* A7MPCORE

*/

- object_property_set_int(OBJECT(&s->a7mpcore), smp_cpus, "num-cpu",

- &error_abort);

+ object_property_set_int(OBJECT(&s->a7mpcore), 1, "num-cpu", &error_abort);

object_property_set_int(OBJECT(&s->a7mpcore),

FSL_IMX6UL_MAX_IRQ + GIC_INTERNAL,

"num-irq", &error_abort);

@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)

&error_abort);

sysbus_mmio_map(SYS_BUS_DEVICE(&s->a7mpcore), 0, FSL_IMX6UL_A7MPCORE_ADDR);

- for (i = 0; i < smp_cpus; i++) {

- SysBusDevice *sbd = SYS_BUS_DEVICE(&s->a7mpcore);

- DeviceState *d = DEVICE(qemu_get_cpu(i));

+ sbd = SYS_BUS_DEVICE(&s->a7mpcore);

+ d = DEVICE(&s->cpu);

- irq = qdev_get_gpio_in(d, ARM_CPU_IRQ);

- sysbus_connect_irq(sbd, i, irq);

- sysbus_connect_irq(sbd, i + smp_cpus, qdev_get_gpio_in(d, ARM_CPU_FIQ));

- sysbus_connect_irq(sbd, i + 2 * smp_cpus,

- qdev_get_gpio_in(d, ARM_CPU_VIRQ));

- sysbus_connect_irq(sbd, i + 3 * smp_cpus,

- qdev_get_gpio_in(d, ARM_CPU_VFIQ));

- }

+ sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(d, ARM_CPU_IRQ));

+ sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(d, ARM_CPU_FIQ));

+ sysbus_connect_irq(sbd, 2, qdev_get_gpio_in(d, ARM_CPU_VIRQ));

+ sysbus_connect_irq(sbd, 3, qdev_get_gpio_in(d, ARM_CPU_VFIQ));

/*

* A7MPCORE DAP

diff --git a/hw/arm/mcimx6ul-evk.c b/hw/arm/mcimx6ul-evk.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/mcimx6ul-evk.c

+++ b/hw/arm/mcimx6ul-evk.c

@@ -XXX,XX +XXX,XX @@ static void mcimx6ul_evk_init(MachineState *machine)

}

if (!qtest_enabled()) {

- arm_load_kernel(&s->soc.cpu[0], &boot_info);

+ arm_load_kernel(&s->soc.cpu, &boot_info);

}

}

2.20.1

In arm_cpu_realizefn() we make several assertions about the values of

guest ID registers:

* if the CPU provides AArch32 v7VE or better it must advertise the

ARM_DIV feature

* if the CPU provides AArch32 A-profile v6 or better it must

advertise the Jazelle feature

These are essentially consistency checks that our ID register

specifications in cpu.c didn't accidentally miss out a feature,

because increasingly the TCG emulation gates features on the values

in ID registers rather than using old-style checks of ARM_FEATURE_FOO

bits.

Unfortunately, these asserts can cause problems if we're running KVM,

because in that case we don't control the values of the ID registers

-- we read them from the host kernel. In particular, if the host

kernel is older than 4.15 then it doesn't expose the ID registers via

the KVM_GET_ONE_REG ioctl, and we set up dummy values for some

registers and leave the rest at zero. (See the comment in

target/arm/kvm64.c kvm_arm_get_host_cpu_features().) This set of

dummy values is not sufficient to pass our assertions, and so on

those kernels running an AArch32 guest on AArch64 will assert.

We could provide a more sophisticated set of dummy ID registers in

this case, but that still leaves the possibility of a host CPU which

reports bogus ID register values that would cause us to assert. It's

more robust to only do these ID register checks if we're using TCG,

as that is the only case where this is truly a QEMU code bug.

Reported-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Tested-by: Laszlo Ersek <lersek@redhat.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Message-id: 20190718125928.20147-1-peter.maydell@linaro.org

Fixes: https://bugs.launchpad.net/qemu/+bug/1830864

target/arm/cpu.c | 7 +++++--

1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c

--- a/target/arm/cpu.c

+++ b/target/arm/cpu.c

@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)

* There exist AArch64 cpus without AArch32 support. When KVM

* queries ID_ISAR0_EL1 on such a host, the value is UNKNOWN.

* Similarly, we cannot check ID_AA64PFR0 without AArch64 support.

+ * As a general principle, we also do not make ID register

+ * consistency checks anywhere unless using TCG, because only

+ * for TCG would a consistency-check failure be a QEMU bug.

*/

if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {

no_aa32 = !cpu_isar_feature(aa64_aa32, cpu);

@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)

* Presence of EL2 itself is ARM_FEATURE_EL2, and of the

* Security Extensions is ARM_FEATURE_EL3.

*/

- assert(no_aa32 || cpu_isar_feature(arm_div, cpu));

+ assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(arm_div, cpu));

set_feature(env, ARM_FEATURE_LPAE);

set_feature(env, ARM_FEATURE_V7);

@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)

if (arm_feature(env, ARM_FEATURE_V6)) {

set_feature(env, ARM_FEATURE_V5);

if (!arm_feature(env, ARM_FEATURE_M)) {

- assert(no_aa32 || cpu_isar_feature(jazelle, cpu));

+ assert(!tcg_enabled() || no_aa32 || cpu_isar_feature(jazelle, cpu));

set_feature(env, ARM_FEATURE_AUXCR);

}

}

2.20.1