Patches for rc1: nothing major, just some minor bugfixes and

code cleanups.

The following changes since commit f7e1914adad8885a5d4c70239ab90d901ed97e9f:

Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109' into staging (2020-11-10 09:24:56 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201110

for you to fetch changes up to b6c56c8a9a4064ea783f352f43c5df6231a110fa:

target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check (2020-11-10 11:03:48 +0000)

* hw/arm/Kconfig: ARM_V7M depends on PTIMER

* Minor coding style fixes

* docs: add some notes on the sbsa-ref machine

* hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals

* target/arm: Fix neon VTBL/VTBX for len > 1

* hw/arm/armsse: Correct expansion MPC interrupt lines

* hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ

* hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()

* hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input

* hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary

* hw/arm/nseries: Check return value from load_image_targphys()

* tests/qtest/npcm7xx_rng-test: count runs properly

* target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

Alex Bennée (1):

docs: add some notes on the sbsa-ref machine

AlexChen (1):

ssi: Fix bad printf format specifiers

Andrew Jones (1):

hw/arm/Kconfig: ARM_V7M depends on PTIMER

Havard Skinnemoen (1):

tests/qtest/npcm7xx_rng-test: count runs properly

Peter Maydell (2):

hw/arm/nseries: Check return value from load_image_targphys()

target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

From: Xinhao Zhang <zhangxinhao1@huawei.com>

Fix code style. Operator needs spaces both sides.

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>

Signed-off-by: Kai Deng <dengkai1@huawei.com>

Message-id: 20201103114529.638233-1-zhangxinhao1@huawei.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/arch_dump.c | 8 ++++----

target/arm/arm-semi.c | 8 ++++----

target/arm/helper.c | 2 +-

3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/target/arm/arch_dump.c b/target/arm/arch_dump.c

--- a/target/arm/arch_dump.c

+++ b/target/arm/arch_dump.c

@@ -XXX,XX +XXX,XX @@ static int aarch64_write_elf64_prfpreg(WriteCoreDumpFunction f,

for (i = 0; i < 32; ++i) {

uint64_t *q = aa64_vfp_qreg(env, i);

- note.vfp.vregs[2*i + 0] = cpu_to_dump64(s, q[0]);

- note.vfp.vregs[2*i + 1] = cpu_to_dump64(s, q[1]);

+ note.vfp.vregs[2 * i + 0] = cpu_to_dump64(s, q[0]);

+ note.vfp.vregs[2 * i + 1] = cpu_to_dump64(s, q[1]);

if (s->dump_info.d_endian == ELFDATA2MSB) {

@@ -XXX,XX +XXX,XX @@ static int aarch64_write_elf64_prfpreg(WriteCoreDumpFunction f,

*/

for (i = 0; i < 32; ++i) {

uint64_t tmp = note.vfp.vregs[2*i];

- note.vfp.vregs[2*i] = note.vfp.vregs[2*i+1];

- note.vfp.vregs[2*i+1] = tmp;

+ note.vfp.vregs[2 * i] = note.vfp.vregs[2 * i + 1];

+ note.vfp.vregs[2 * i + 1] = tmp;

diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/arm-semi.c

+++ b/target/arm/arm-semi.c

@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)

if (use_gdb_syscalls()) {

arm_semi_open_guestfd = guestfd;

ret = arm_gdb_syscall(cpu, arm_semi_open_cb, "open,%s,%x,1a4", arg0,

- (int)arg2+1, gdb_open_modeflags[arg1]);

+ (int)arg2 + 1, gdb_open_modeflags[arg1]);

} else {

ret = set_swi_errno(env, open(s, open_modeflags[arg1], 0644));

if (ret == (uint32_t)-1) {

@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)

GET_ARG(1);

if (use_gdb_syscalls()) {

ret = arm_gdb_syscall(cpu, arm_semi_cb, "unlink,%s",

- arg0, (int)arg1+1);

+ arg0, (int)arg1 + 1);

} else {

s = lock_user_string(arg0);

if (!s) {

@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)

GET_ARG(3);

if (use_gdb_syscalls()) {

return arm_gdb_syscall(cpu, arm_semi_cb, "rename,%s,%s",

- arg0, (int)arg1+1, arg2, (int)arg3+1);

+ arg0, (int)arg1 + 1, arg2, (int)arg3 + 1);

} else {

char *s2;

s = lock_user_string(arg0);

@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)

GET_ARG(1);

if (use_gdb_syscalls()) {

return arm_gdb_syscall(cpu, arm_semi_cb, "system,%s",

- arg0, (int)arg1+1);

+ arg0, (int)arg1 + 1);

} else {

s = lock_user_string(arg0);

if (!s) {

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(usad8)(uint32_t a, uint32_t b)

uint32_t sum;

sum = do_usad(a, b);

sum += do_usad(a >> 8, b >> 8);

- sum += do_usad(a >> 16, b >>16);

+ sum += do_usad(a >> 16, b >> 16);

sum += do_usad(a >> 24, b >> 24);

return sum;

From: Xinhao Zhang <zhangxinhao1@huawei.com>

Fix code style. Don't use '#' flag of printf format ('%#') in

format strings, use '0x' prefix instead

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>

Signed-off-by: Kai Deng <dengkai1@huawei.com>

Message-id: 20201103114529.638233-2-zhangxinhao1@huawei.com

target/arm/translate-a64.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_fp16(DisasContext *s, uint32_t insn)

gen_helper_advsimd_acgt_f16(tcg_res, tcg_op1, tcg_op2, fpst);

break;

default:

- fprintf(stderr, "%s: insn %#04x, fpop %#2x @ %#" PRIx64 "\n",

+ fprintf(stderr, "%s: insn 0x%04x, fpop 0x%2x @ 0x%" PRIx64 "\n",

__func__, insn, fpopcode, s->pc_curr);

g_assert_not_reached();

}

@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc_fp16(DisasContext *s, uint32_t insn)

case 0x7f: /* FSQRT (vector) */

break;

default:

- fprintf(stderr, "%s: insn %#04x fpop %#2x\n", __func__, insn, fpop);

+ fprintf(stderr, "%s: insn 0x%04x fpop 0x%2x\n", __func__, insn, fpop);

g_assert_not_reached();

From: Xinhao Zhang <zhangxinhao1@huawei.com>

Fix code style. Space required before the open parenthesis '('.

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>

Signed-off-by: Kai Deng <dengkai1@huawei.com>

Message-id: 20201103114529.638233-3-zhangxinhao1@huawei.com

target/arm/translate.c | 2 +-

diff --git a/target/arm/translate.c b/target/arm/translate.c

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)

- Hardware watchpoints.

Hardware breakpoints have already been handled and skip this code.

*/

- switch(dc->base.is_jmp) {

+ switch (dc->base.is_jmp) {

case DISAS_NEXT:

case DISAS_TOO_MANY:

gen_goto_tb(dc, 1, dc->base.pc_next);

From: Alex Bennée <alex.bennee@linaro.org>

We should at least document what this machine is about.

Reviewed-by: Graeme Gregory <graeme@nuviainc.com>

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Message-id: 20201104165254.24822-1-alex.bennee@linaro.org

Cc: Leif Lindholm <leif@nuviainc.com>

Cc: Shashi Mallela <shashi.mallela@linaro.org>

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

[PMM: fixed filename mismatch]

docs/system/arm/sbsa.rst | 32 ++++++++++++++++++++++++++++++++

docs/system/target-arm.rst | 1 +

2 files changed, 33 insertions(+)

create mode 100644 docs/system/arm/sbsa.rst

diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/docs/system/arm/sbsa.rst

@@ -XXX,XX +XXX,XX @@

+Arm Server Base System Architecture Reference board (``sbsa-ref``)

+==================================================================

+

+While the `virt` board is a generic board platform that doesn't match

+any real hardware the `sbsa-ref` board intends to look like real

+hardware. The `Server Base System Architecture

+<https://developer.arm.com/documentation/den0029/latest>` defines a

+minimum base line of hardware support and importantly how the firmware

+reports that to any operating system. It is a static system that

+reports a very minimal DT to the firmware for non-discoverable

+information about components affected by the qemu command line (i.e.

+cpus and memory). As a result it must have a firmware specifically

+built to expect a certain hardware layout (as you would in a real

+machine).

+

+It is intended to be a machine for developing firmware and testing

+standards compliance with operating systems.

+

+Supported devices

+"""""""""""""""""

+

+The sbsa-ref board supports:

+

+ - A configurable number of AArch64 CPUs

+ - GIC version 3

+ - System bus AHCI controller

+ - System bus EHCI controller

+ - CDROM and hard disc on AHCI bus

+ - E1000E ethernet card on PCIe bus

+ - VGA display adaptor on PCIe bus

+ - A generic SBSA watchdog device

+

diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst

--- a/docs/system/target-arm.rst

+++ b/docs/system/target-arm.rst

@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running

arm/mps2

arm/musca

arm/realview

+ arm/sbsa

arm/versatile

arm/vexpress

arm/aspeed

When using a Cortex-A15, the Virt machine does not use any

MPCore peripherals. Remove the dependency.

Message-id: 20201107114852.271922-1-philmd@redhat.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/Kconfig | 1 -

1 file changed, 1 deletion(-)

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config ARM_VIRT

imply VFIO_PLATFORM

imply VFIO_XGMAC

imply TPM_TIS_SYSBUS

- select A15MPCORE

select ACPI

select ARM_SMMUV3

select GPIO_KEY

From: Richard Henderson <richard.henderson@linaro.org>

The helper function did not get updated when we reorganized

the vector register file for SVE. Since then, the neon dregs

are non-sequential and cannot be simply indexed.

At the same time, make the helper function operate on 64-bit

quantities so that we do not have to call it twice.

Fixes: c39c2b9043e

Reported-by: Ard Biesheuvel <ardb@kernel.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

[PMM: use aa32_vfp_dreg() rather than opencoding]

Message-id: 20201105171126.88014-1-richard.henderson@linaro.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/helper.h | 2 +-

target/arm/op_helper.c | 23 +++++++++--------

target/arm/translate-neon.c.inc | 44 +++++++++++----------------------

3 files changed, 29 insertions(+), 40 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h

--- a/target/arm/helper.h

+++ b/target/arm/helper.h

@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(rsqrte_f32, TCG_CALL_NO_RWG, f32, f32, ptr)

DEF_HELPER_FLAGS_2(rsqrte_f64, TCG_CALL_NO_RWG, f64, f64, ptr)

DEF_HELPER_FLAGS_1(recpe_u32, TCG_CALL_NO_RWG, i32, i32)

DEF_HELPER_FLAGS_1(rsqrte_u32, TCG_CALL_NO_RWG, i32, i32)

-DEF_HELPER_FLAGS_4(neon_tbl, TCG_CALL_NO_RWG, i32, i32, i32, ptr, i32)

+DEF_HELPER_FLAGS_4(neon_tbl, TCG_CALL_NO_RWG, i64, env, i32, i64, i64)

DEF_HELPER_3(shl_cc, i32, env, i32, i32)

DEF_HELPER_3(shr_cc, i32, env, i32, i32)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/op_helper.c

+++ b/target/arm/op_helper.c

@@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,

cpu_loop_exit_restore(cs, ra);

}

-uint32_t HELPER(neon_tbl)(uint32_t ireg, uint32_t def, void *vn,

- uint32_t maxindex)

+uint64_t HELPER(neon_tbl)(CPUARMState *env, uint32_t desc,

+ uint64_t ireg, uint64_t def)

{

- uint32_t val, shift;

- uint64_t *table = vn;

+ uint64_t tmp, val = 0;

+ uint32_t maxindex = ((desc & 3) + 1) * 8;

+ uint32_t base_reg = desc >> 2;

+ uint32_t shift, index, reg;

- val = 0;

- for (shift = 0; shift < 32; shift += 8) {

- uint32_t index = (ireg >> shift) & 0xff;

+ for (shift = 0; shift < 64; shift += 8) {

+ index = (ireg >> shift) & 0xff;

if (index < maxindex) {

- uint32_t tmp = (table[index >> 3] >> ((index & 7) << 3)) & 0xff;

- val |= tmp << shift;

+ reg = base_reg + (index >> 3);

+ tmp = *aa32_vfp_dreg(env, reg);

+ tmp = ((tmp >> ((index & 7) << 3)) & 0xff) << shift;

} else {

- val |= def & (0xff << shift);

+ tmp = def & (0xffull << shift);

}

+ val |= tmp;

return val;

}

diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-neon.c.inc

+++ b/target/arm/translate-neon.c.inc

@@ -XXX,XX +XXX,XX @@ static bool trans_VEXT(DisasContext *s, arg_VEXT *a)

static bool trans_VTBL(DisasContext *s, arg_VTBL *a)

{

- int n;

- TCGv_i32 tmp, tmp2, tmp3, tmp4;

- TCGv_ptr ptr1;

+ TCGv_i64 val, def;

+ TCGv_i32 desc;

if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {

return false;

@@ -XXX,XX +XXX,XX @@ static bool trans_VTBL(DisasContext *s, arg_VTBL *a)

return true;

}

- n = a->len + 1;

- if ((a->vn + n) > 32) {

+ if ((a->vn + a->len + 1) > 32) {

/*

* This is UNPREDICTABLE; we choose to UNDEF to avoid the

* helper function running off the end of the register file.

*/

return false;

}

- n <<= 3;

- tmp = tcg_temp_new_i32();

- if (a->op) {

- read_neon_element32(tmp, a->vd, 0, MO_32);

- } else {

- tcg_gen_movi_i32(tmp, 0);

- }

- tmp2 = tcg_temp_new_i32();

- read_neon_element32(tmp2, a->vm, 0, MO_32);

- ptr1 = vfp_reg_ptr(true, a->vn);

- tmp4 = tcg_const_i32(n);

- gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp4);

+ desc = tcg_const_i32((a->vn << 2) | a->len);

+ def = tcg_temp_new_i64();

if (a->op) {

- read_neon_element32(tmp, a->vd, 1, MO_32);

+ read_neon_element64(def, a->vd, 0, MO_64);

} else {

- tcg_gen_movi_i32(tmp, 0);

+ tcg_gen_movi_i64(def, 0);

}

- tmp3 = tcg_temp_new_i32();

- read_neon_element32(tmp3, a->vm, 1, MO_32);

- gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp4);

- tcg_temp_free_i32(tmp);

- tcg_temp_free_i32(tmp4);

- tcg_temp_free_ptr(ptr1);

+ val = tcg_temp_new_i64();

+ read_neon_element64(val, a->vm, 0, MO_64);

- write_neon_element32(tmp2, a->vd, 0, MO_32);

- write_neon_element32(tmp3, a->vd, 1, MO_32);

- tcg_temp_free_i32(tmp2);

- tcg_temp_free_i32(tmp3);

+ gen_helper_neon_tbl(val, cpu_env, desc, val, def);

+ write_neon_element64(val, a->vd, 0, MO_64);

+ tcg_temp_free_i64(def);

+ tcg_temp_free_i64(val);

+ tcg_temp_free_i32(desc);

return true;

}

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

We can use one MPC per SRAM bank, but we currently only wire the

IRQ from the first expansion MPC to the IRQ splitter. Fix that.

Fixes: bb75e16d5e6 ("hw/arm/iotkit: Wire up MPC interrupt lines")

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-2-f4bug@amsat.org

hw/arm/armsse.c | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c

--- a/hw/arm/armsse.c

+++ b/hw/arm/armsse.c

@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)

qdev_get_gpio_in(dev_splitter, 0));

qdev_connect_gpio_out(dev_splitter, 0,

qdev_get_gpio_in_named(dev_secctl,

- "mpc_status", 0));

+ "mpc_status",

+ i - IOTS_NUM_EXP_MPC));

}

qdev_connect_gpio_out(dev_splitter, 1,

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The system configuration controller (SYSCFG) doesn't have

any output IRQ (and the INTC input #71 belongs to the UART6).

Remove the invalid code.

Fixes: db635521a02 ("stm32f205: Add the stm32f205 SoC")

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-3-f4bug@amsat.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

include/hw/misc/stm32f2xx_syscfg.h | 2 --

hw/arm/stm32f205_soc.c | 1 -

hw/misc/stm32f2xx_syscfg.c | 2 --

3 files changed, 5 deletions(-)

diff --git a/include/hw/misc/stm32f2xx_syscfg.h b/include/hw/misc/stm32f2xx_syscfg.h

--- a/include/hw/misc/stm32f2xx_syscfg.h

+++ b/include/hw/misc/stm32f2xx_syscfg.h

@@ -XXX,XX +XXX,XX @@ struct STM32F2XXSyscfgState {

uint32_t syscfg_exticr3;

uint32_t syscfg_exticr4;

uint32_t syscfg_cmpcr;

-

- qemu_irq irq;

#endif /* HW_STM32F2XX_SYSCFG_H */

diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c

--- a/hw/arm/stm32f205_soc.c

+++ b/hw/arm/stm32f205_soc.c

@@ -XXX,XX +XXX,XX @@ static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)

busdev = SYS_BUS_DEVICE(dev);

sysbus_mmio_map(busdev, 0, 0x40013800);

- sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(armv7m, 71));

/* Attach UART (uses USART registers) and USART controllers */

for (i = 0; i < STM_NUM_USARTS; i++) {

diff --git a/hw/misc/stm32f2xx_syscfg.c b/hw/misc/stm32f2xx_syscfg.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/stm32f2xx_syscfg.c

+++ b/hw/misc/stm32f2xx_syscfg.c

@@ -XXX,XX +XXX,XX @@ static void stm32f2xx_syscfg_init(Object *obj)

STM32F2XXSyscfgState *s = STM32F2XX_SYSCFG(obj);

- sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);

-

memory_region_init_io(&s->mmio, obj, &stm32f2xx_syscfg_ops, s,

TYPE_STM32F2XX_SYSCFG, 0x400);

sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->mmio);

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

omap2420_mpu_init() introduced in commit 827df9f3c5f ("Add basic

OMAP2 chip support") takes care of creating the 3 UARTs.

Then commit 58a26b477e9 ("Emulate a serial bluetooth HCI with H4+

extensions and attach to n8x0's UART") added n8x0_uart_setup()

which create the UART and connects it to an IRQ output,

overwritting the existing peripheral and its IRQ connection.

This is incorrect.

Fortunately we don't need to fix this, because commit 6da68df7f9b

("hw/arm/nseries: Replace the bluetooth chardev with a "null"

chardev") removed the use of this peripheral. We can simply

remove the code.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-4-f4bug@amsat.org

hw/arm/nseries.c | 11 -----------

1 file changed, 11 deletions(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c

--- a/hw/arm/nseries.c

+++ b/hw/arm/nseries.c

@@ -XXX,XX +XXX,XX @@ static void n8x0_cbus_setup(struct n800_s *s)

cbus_attach(cbus, s->tahvo = tahvo_init(tahvo_irq, 1));

}

-static void n8x0_uart_setup(struct n800_s *s)

-{

- Chardev *radio = qemu_chr_new("bt-dummy-uart", "null", NULL);

- /*

- * Note: We used to connect N8X0_BT_RESET_GPIO and N8X0_BT_WKUP_GPIO

- * here, but this code has been removed with the bluetooth backend.

- */

- omap_uart_attach(s->mpu->uart[BT_UART], radio);

-}

-

static void n8x0_usb_setup(struct n800_s *s)

SysBusDevice *dev;

@@ -XXX,XX +XXX,XX @@ static void n8x0_init(MachineState *machine,

n8x0_spi_setup(s);

n8x0_dss_setup(s);

n8x0_cbus_setup(s);

- n8x0_uart_setup(s);

if (machine_usb(machine)) {

n8x0_usb_setup(s);

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The MusicPal board code connects both of the IRQ outputs of the UART

to the same INTC qemu_irq. Connecting two qemu_irqs outputs directly

to the same input is not valid as it produces subtly wrong behaviour

(for instance if both the IRQ lines are high, and then one goes

low, the INTC input will see this as a high-to-low transition

even though the second IRQ line should still be holding it high).

This kind of wiring needs an explicitly created OR gate; add one.

Inspired-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-5-f4bug@amsat.org

hw/arm/musicpal.c | 17 +++++++++++++----

hw/arm/Kconfig | 1 +

2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c

--- a/hw/arm/musicpal.c

+++ b/hw/arm/musicpal.c

@@ -XXX,XX +XXX,XX @@

#include "ui/console.h"

#include "hw/i2c/i2c.h"

#include "hw/irq.h"

+#include "hw/or-irq.h"

#include "hw/audio/wm8750.h"

#include "sysemu/block-backend.h"

#include "sysemu/runstate.h"

@@ -XXX,XX +XXX,XX @@

#define MP_TIMER4_IRQ 7

#define MP_EHCI_IRQ 8

#define MP_ETH_IRQ 9

-#define MP_UART1_IRQ 11

-#define MP_UART2_IRQ 11

+#define MP_UART_SHARED_IRQ 11

#define MP_GPIO_IRQ 12

#define MP_RTC_IRQ 28

#define MP_AUDIO_IRQ 30

@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)

ARMCPU *cpu;

qemu_irq pic[32];

DeviceState *dev;

+ DeviceState *uart_orgate;

DeviceState *i2c_dev;

DeviceState *lcd_dev;

DeviceState *key_dev;

@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)

pic[MP_TIMER2_IRQ], pic[MP_TIMER3_IRQ],

pic[MP_TIMER4_IRQ], NULL);

- serial_mm_init(address_space_mem, MP_UART1_BASE, 2, pic[MP_UART1_IRQ],

+ /* Logically OR both UART IRQs together */

+ uart_orgate = DEVICE(object_new(TYPE_OR_IRQ));

+ object_property_set_int(OBJECT(uart_orgate), "num-lines", 2, &error_fatal);

+ qdev_realize_and_unref(uart_orgate, NULL, &error_fatal);

+ qdev_connect_gpio_out(DEVICE(uart_orgate), 0, pic[MP_UART_SHARED_IRQ]);

+

+ serial_mm_init(address_space_mem, MP_UART1_BASE, 2,

+ qdev_get_gpio_in(uart_orgate, 0),

1825000, serial_hd(0), DEVICE_NATIVE_ENDIAN);

- serial_mm_init(address_space_mem, MP_UART2_BASE, 2, pic[MP_UART2_IRQ],

+ serial_mm_init(address_space_mem, MP_UART2_BASE, 2,

+ qdev_get_gpio_in(uart_orgate, 1),

1825000, serial_hd(1), DEVICE_NATIVE_ENDIAN);

/* Register flash */

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config MUSCA

config MUSICPAL

bool

+ select OR_IRQ

select BITBANG_I2C

select MARVELL_88W8618

select PTIMER

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

We don't need to fill the full pic[] array if we only use

few of the interrupt lines. Directly call qdev_get_gpio_in()

when necessary.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20201107193403.436146-6-f4bug@amsat.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/musicpal.c | 25 +++++++++++++------------

1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c

--- a/hw/arm/musicpal.c

+++ b/hw/arm/musicpal.c

@@ -XXX,XX +XXX,XX @@ static struct arm_boot_info musicpal_binfo = {

static void musicpal_init(MachineState *machine)

{

ARMCPU *cpu;

- qemu_irq pic[32];

DeviceState *dev;

+ DeviceState *pic;

DeviceState *uart_orgate;

DeviceState *i2c_dev;

DeviceState *lcd_dev;

@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)

&error_fatal);

memory_region_add_subregion(address_space_mem, MP_SRAM_BASE, sram);

- dev = sysbus_create_simple(TYPE_MV88W8618_PIC, MP_PIC_BASE,

+ pic = sysbus_create_simple(TYPE_MV88W8618_PIC, MP_PIC_BASE,

qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));

- for (i = 0; i < 32; i++) {

- pic[i] = qdev_get_gpio_in(dev, i);

- }

- sysbus_create_varargs(TYPE_MV88W8618_PIT, MP_PIT_BASE, pic[MP_TIMER1_IRQ],

- pic[MP_TIMER2_IRQ], pic[MP_TIMER3_IRQ],

- pic[MP_TIMER4_IRQ], NULL);

+ sysbus_create_varargs(TYPE_MV88W8618_PIT, MP_PIT_BASE,

+ qdev_get_gpio_in(pic, MP_TIMER1_IRQ),

+ qdev_get_gpio_in(pic, MP_TIMER2_IRQ),

+ qdev_get_gpio_in(pic, MP_TIMER3_IRQ),

+ qdev_get_gpio_in(pic, MP_TIMER4_IRQ), NULL);

/* Logically OR both UART IRQs together */

uart_orgate = DEVICE(object_new(TYPE_OR_IRQ));

object_property_set_int(OBJECT(uart_orgate), "num-lines", 2, &error_fatal);

qdev_realize_and_unref(uart_orgate, NULL, &error_fatal);

- qdev_connect_gpio_out(DEVICE(uart_orgate), 0, pic[MP_UART_SHARED_IRQ]);

+ qdev_connect_gpio_out(DEVICE(uart_orgate), 0,

+ qdev_get_gpio_in(pic, MP_UART_SHARED_IRQ));

serial_mm_init(address_space_mem, MP_UART1_BASE, 2,

qdev_get_gpio_in(uart_orgate, 0),

@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)

OBJECT(get_system_memory()), &error_fatal);

sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);

sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, MP_ETH_BASE);

- sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[MP_ETH_IRQ]);

+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,

+ qdev_get_gpio_in(pic, MP_ETH_IRQ));

sysbus_create_simple("mv88w8618_wlan", MP_WLAN_BASE, NULL);

sysbus_create_simple(TYPE_MUSICPAL_MISC, MP_MISC_BASE, NULL);

dev = sysbus_create_simple(TYPE_MUSICPAL_GPIO, MP_GPIO_BASE,

- pic[MP_GPIO_IRQ]);

+ qdev_get_gpio_in(pic, MP_GPIO_IRQ));

i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);

i2c = (I2CBus *)qdev_get_child_bus(i2c_dev, "i2c");

@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)

NULL);

sysbus_realize_and_unref(s, &error_fatal);

sysbus_mmio_map(s, 0, MP_AUDIO_BASE);

- sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]);

+ sysbus_connect_irq(s, 0, qdev_get_gpio_in(pic, MP_AUDIO_IRQ));

musicpal_binfo.ram_size = MP_RAM_DEFAULT_SIZE;

arm_load_kernel(cpu, machine, &musicpal_binfo);