Series comparison

 [PULL 0/2] target-arm queue
-Couple of last-minute things for rc3...
+This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
 we were using uninitialized data for the guarded bit when
 combining stage 1 and stage 2 attrs.
+thanks
 -- PMM
-The following changes since commit d15532d91be177e7528310e0110e39f915779a99:
+The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
-  Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200804' into staging (2020-08-04 11:53:20 +0100)
+  Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200804
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
-for you to fetch changes up to d250bb19ced3b702c7c37731855f6876d0cc7995:
+for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
-  target/arm: Fix decode of LDRA[AB] instructions (2020-08-04 16:40:19 +0100)
+  target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
 ----------------------------------------------------------------
-target-arm queue:
+target-arm: Fix bug where we weren't initializing
- * Fix decode of LDRA[AB] instructions
+            guarded bit state when combining S1/S2 attrs
  * docs/devel: Document decodetree no-overlap groups
 ----------------------------------------------------------------
-Peter Collingbourne (1):
+Richard Henderson (2):
-      target/arm: Fix decode of LDRA[AB] instructions
+      target/arm: PTE bit GP only applies to stage1
       target/arm: Copy guarded bit in combine_cacheattrs
-Richard Henderson (1):
+ target/arm/ptw.c | 11 ++++++-----
-      docs/devel: Document decodetree no-overlap groups
+file changed, 6 insertions(+), 5 deletions(-)
  docs/devel/decodetree.rst  | 29 ++++++++++++++++++-----------
  target/arm/translate-a64.c |  6 ++++--
 files changed, 22 insertions(+), 13 deletions(-)

-[PULL 2/2] target/arm: Fix decode of LDRA[AB] instructions
+[PULL 1/2] target/arm: PTE bit GP only applies to stage1
-From: Peter Collingbourne <pcc@google.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-These instructions use zero as the discriminator, not SP.
+Only perform the extract of GP during the stage1 walk.
-Signed-off-by: Peter Collingbourne <pcc@google.com>
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20200804002849.30268-1-pcc@google.com
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 6 ++++--
+ target/arm/ptw.c | 10 +++++-----
-file changed, 4 insertions(+), 2 deletions(-)
+file changed, 5 insertions(+), 5 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
+         result->f.attrs.secure = false;
      if (s->pauth_active) {
          if (use_key_a) {
 -            gen_helper_autda(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
 +            gen_helper_autda(dirty_addr, cpu_env, dirty_addr,
 +                             new_tmp_a64_zero(s));
          } else {
 -            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
 +            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr,
 +                             new_tmp_a64_zero(s));
          }
      }
+-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
+-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
+-    }
+-
+     if (regime_is_stage2(mmu_idx)) {
+         result->cacheattrs.is_s2_format = true;
+         result->cacheattrs.attrs = extract32(attrs, 2, 4);
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
+         assert(attrindx <= 7);
+         result->cacheattrs.is_s2_format = false;
+         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
++
++        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
++        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
++            result->f.guarded = extract64(attrs, 50, 1); /* GP */
++        }
+     }
+     /*
 --
-.20.1
+.34.1

-[PULL 1/2] docs/devel: Document decodetree no-overlap groups
+[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
 From: Richard Henderson <richard.henderson@linaro.org>
-When support for this feature went in, the update to the
+The guarded bit comes from the stage1 walk.
 documentation was forgotten.
-Fixes: 067e8b0f45d6
+Fixes: Coverity CID 1507929
 Reported-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20200803205708.315829-1-richard.henderson@linaro.org
+Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- docs/devel/decodetree.rst | 29 ++++++++++++++++++-----------
+ target/arm/ptw.c | 1 +
-file changed, 18 insertions(+), 11 deletions(-)
+file changed, 1 insertion(+)
-diff --git a/docs/devel/decodetree.rst b/docs/devel/decodetree.rst
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/docs/devel/decodetree.rst
+--- a/target/arm/ptw.c
-+++ b/docs/devel/decodetree.rst
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ Pattern Groups
+@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
- Syntax::
+     assert(!s1.is_s2_format);
+     ret.is_s2_format = false;
--  group    := '{' ( pat_def | group )+ '}'
++    ret.guarded = s1.guarded;
-+  group            := overlap_group | no_overlap_group
-+  overlap_group    := '{' ( pat_def | group )+ '}'
+     if (s1.attrs == 0xf0) {
-+  no_overlap_group := '[' ( pat_def | group )+ ']'
+         tagged = true;
 -A *group* begins with a lone open-brace, with all subsequent lines
 -indented two spaces, and ending with a lone close-brace.  Groups
 -may be nested, increasing the required indentation of the lines
 -within the nested group to two spaces per nesting level.
 +A *group* begins with a lone open-brace or open-bracket, with all
 +subsequent lines indented two spaces, and ending with a lone
 +close-brace or close-bracket.  Groups may be nested, increasing the
 +required indentation of the lines within the nested group to two
 +spaces per nesting level.
 -Unlike ungrouped patterns, grouped patterns are allowed to overlap.
 -Conflicts are resolved by selecting the patterns in order.  If all
 -of the fixedbits for a pattern match, its translate function will
 -be called.  If the translate function returns false, then subsequent
 -patterns within the group will be matched.
 +Patterns within overlap groups are allowed to overlap.  Conflicts are
 +resolved by selecting the patterns in order.  If all of the fixedbits
 +for a pattern match, its translate function will be called.  If the
 +translate function returns false, then subsequent patterns within the
 +group will be matched.
 +
 +Patterns within no-overlap groups are not allowed to overlap, just
 +the same as ungrouped patterns.  Thus no-overlap groups are intended
 +to be nested inside overlap groups.
  The following example from PA-RISC shows specialization of the *or*
  instruction::
@@ -XXX,XX +XXX,XX @@ instruction::
  When the *cf* field is zero, the instruction has no side effects,
  and may be specialized.  When the *rt* field is zero, the output
  is discarded and so the instruction has no effect.  When the *rt2*
 -field is zero, the operation is ``reg[rt] | 0`` and so encodes
 +field is zero, the operation is ``reg[r1] | 0`` and so encodes
  the canonical register copy operation.
  The output from the generator might look like::
 --
-.20.1
+.34.1

Couple of last-minute things for rc3...

-- PMM

The following changes since commit d15532d91be177e7528310e0110e39f915779a99:

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200804' into staging (2020-08-04 11:53:20 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200804

for you to fetch changes up to d250bb19ced3b702c7c37731855f6876d0cc7995:

target/arm: Fix decode of LDRA[AB] instructions (2020-08-04 16:40:19 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix decode of LDRA[AB] instructions
 * docs/devel: Document decodetree no-overlap groups

----------------------------------------------------------------
Peter Collingbourne (1):
      target/arm: Fix decode of LDRA[AB] instructions

Richard Henderson (1):
      docs/devel: Document decodetree no-overlap groups

docs/devel/decodetree.rst  | 29 ++++++++++++++++++-----------
 target/arm/translate-a64.c |  6 ++++--
 2 files changed, 22 insertions(+), 13 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

When support for this feature went in, the update to the
documentation was forgotten.

Fixes: 067e8b0f45d6
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200803205708.315829-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/devel/decodetree.rst | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/docs/devel/decodetree.rst b/docs/devel/decodetree.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/decodetree.rst
+++ b/docs/devel/decodetree.rst
@@ -XXX,XX +XXX,XX @@ Pattern Groups
 
 Syntax::
 
-  group    := '{' ( pat_def | group )+ '}'
+  group            := overlap_group | no_overlap_group
+  overlap_group    := '{' ( pat_def | group )+ '}'
+  no_overlap_group := '[' ( pat_def | group )+ ']'
 
-A *group* begins with a lone open-brace, with all subsequent lines
-indented two spaces, and ending with a lone close-brace.  Groups
-may be nested, increasing the required indentation of the lines
-within the nested group to two spaces per nesting level.
+A *group* begins with a lone open-brace or open-bracket, with all
+subsequent lines indented two spaces, and ending with a lone
+close-brace or close-bracket.  Groups may be nested, increasing the
+required indentation of the lines within the nested group to two
+spaces per nesting level.
 
-Unlike ungrouped patterns, grouped patterns are allowed to overlap.
-Conflicts are resolved by selecting the patterns in order.  If all
-of the fixedbits for a pattern match, its translate function will
-be called.  If the translate function returns false, then subsequent
-patterns within the group will be matched.
+Patterns within overlap groups are allowed to overlap.  Conflicts are
+resolved by selecting the patterns in order.  If all of the fixedbits
+for a pattern match, its translate function will be called.  If the
+translate function returns false, then subsequent patterns within the
+group will be matched.
+
+Patterns within no-overlap groups are not allowed to overlap, just
+the same as ungrouped patterns.  Thus no-overlap groups are intended
+to be nested inside overlap groups.
 
 The following example from PA-RISC shows specialization of the *or*
 instruction::
@@ -XXX,XX +XXX,XX @@ instruction::
 When the *cf* field is zero, the instruction has no side effects,
 and may be specialized.  When the *rt* field is zero, the output
 is discarded and so the instruction has no effect.  When the *rt2*
-field is zero, the operation is ``reg[rt] | 0`` and so encodes
+field is zero, the operation is ``reg[r1] | 0`` and so encodes
 the canonical register copy operation.
 
 The output from the generator might look like::
-- 
2.20.1

From: Peter Collingbourne <pcc@google.com>

These instructions use zero as the discriminator, not SP.

Signed-off-by: Peter Collingbourne <pcc@google.com>
Message-id: 20200804002849.30268-1-pcc@google.com
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
 
     if (s->pauth_active) {
         if (use_key_a) {
-            gen_helper_autda(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
+            gen_helper_autda(dirty_addr, cpu_env, dirty_addr,
+                             new_tmp_a64_zero(s));
         } else {
-            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr, cpu_X[31]);
+            gen_helper_autdb(dirty_addr, cpu_env, dirty_addr,
+                             new_tmp_a64_zero(s));
         }
     }
 
-- 
2.20.1

This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
we were using uninitialized data for the guarded bit when
combining stage 1 and stage 2 attrs.

thanks
-- PMM

The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:

Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410

for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:

target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)

----------------------------------------------------------------
target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

----------------------------------------------------------------
Richard Henderson (2):
      target/arm: PTE bit GP only applies to stage1
      target/arm: Copy guarded bit in combine_cacheattrs

target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1