Series comparison

-[PULL 00/12] target-arm queue
+[PULL 0/7] target-arm queue
-The following changes since commit 6eeea6725a70e6fcb5abba0764496bdab07ddfb3:
+A last small test of bug fixes before rc1.
-  Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-10-06' into staging (2020-10-06 21:13:34 +0100)
+thanks
 -- PMM
 The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:
   Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201008
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717
-for you to fetch changes up to ba118c26e16a97e6ff6de8184057d3420ce16a23:
+for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4:
-  target/arm: Make '-cpu max' have a 48-bit PA (2020-10-08 15:24:32 +0100)
+  hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer
+ * hw/arm/sbsa-ref: set 'slots' property of xhci
- * hw/arm/fsl-imx25: Fix a typo
+ * linux-user: Remove pointless NULL check in clock_adjtime handling
- * hw/arm/sbsa-ref : Fix SMMUv3 Initialisation
+ * ptw: Fix S1_ptw_translate() debug path
- * hw/arm/sbsa-ref : allocate IRQs for SMMUv3
+ * ptw: Account for FEAT_RME when applying {N}SW, SA bits
- * hw/char/bcm2835_aux: Allow less than 32-bit accesses
+ * accel/tcg: Zero-pad PC in TCG CPU exec trace lines
- * hw/arm/virt: Implement kvm-steal-time
+ * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
  * target/arm: Make '-cpu max' have a 48-bit PA
 ----------------------------------------------------------------
-Andrew Jones (6):
+Peter Maydell (5):
-      linux headers: sync to 5.9-rc7
+      linux-user: Remove pointless NULL check in clock_adjtime handling
-      target/arm/kvm: Make uncalled stubs explicitly unreachable
+      target/arm/ptw.c: Add comments to S1Translate struct fields
-      hw/arm/virt: Move post cpu realize check into its own function
+      target/arm: Fix S1_ptw_translate() debug path
-      hw/arm/virt: Move kvm pmu setup to virt_cpu_post_init
+      target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
-      tests/qtest: Restore aarch64 arm-cpu-features test
+      accel/tcg: Zero-pad PC in TCG CPU exec trace lines
       hw/arm/virt: Implement kvm-steal-time
-Graeme Gregory (2):
+Tong Ho (1):
-      hw/arm/sbsa-ref : Fix SMMUv3 Initialisation
+      hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
       hw/arm/sbsa-ref : allocate IRQs for SMMUv3
-Peter Maydell (1):
+Yuquan Wang (1):
-      target/arm: Make '-cpu max' have a 48-bit PA
+      hw/arm/sbsa-ref: set 'slots' property of xhci
-Philippe Mathieu-Daudé (3):
+ accel/tcg/cpu-exec.c      |  4 +--
-      hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer
+ accel/tcg/translate-all.c |  2 +-
-      hw/arm/fsl-imx25: Fix a typo
+ hw/arm/sbsa-ref.c         |  1 +
-      hw/char/bcm2835_aux: Allow less than 32-bit accesses
+ hw/nvram/xlnx-efuse.c     | 11 ++++--
+ linux-user/syscall.c      | 12 +++----
- docs/system/arm/cpu-features.rst |  11 ++++
+ target/arm/ptw.c          | 90 +++++++++++++++++++++++++++++++++++++++++------
- include/hw/arm/fsl-imx25.h       |   2 +-
+files changed, 98 insertions(+), 22 deletions(-)
  include/hw/arm/virt.h            |   5 ++
  linux-headers/linux/kvm.h        |   6 ++-
  target/arm/cpu.h                 |   4 ++
  target/arm/kvm_arm.h             |  94 ++++++++++++++++++++++++++-------
  hw/arm/sbsa-ref.c                |   3 +-
  hw/arm/virt.c                    | 110 ++++++++++++++++++++++++++++-----------
  hw/char/bcm2835_aux.c            |   4 +-
  hw/ssi/npcm7xx_fiu.c             |  12 ++---
  target/arm/cpu.c                 |   8 +++
  target/arm/cpu64.c               |   4 ++
  target/arm/kvm.c                 |  16 ++++++
  target/arm/kvm64.c               |  64 +++++++++++++++++++++--
  target/arm/monitor.c             |   2 +-
  tests/qtest/arm-cpu-features.c   |  25 +++++++--
  hw/ssi/trace-events              |   2 +-
  tests/qtest/meson.build          |   3 +-
 files changed, 303 insertions(+), 72 deletions(-)

-[PULL 01/12] hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Fix integer handling issues handling issue reported by Coverity:
-  hw/ssi/npcm7xx_fiu.c: 162 in npcm7xx_fiu_flash_read()
-  >>>     CID 1432730:  Integer handling issues  (NEGATIVE_RETURNS)
-  >>>     "npcm7xx_fiu_cs_index(fiu, f)" is passed to a parameter that cannot be negative.
-npcm7xx_fiu_select(fiu, npcm7xx_fiu_cs_index(fiu, f));
-  hw/ssi/npcm7xx_fiu.c: 221 in npcm7xx_fiu_flash_write()
-cs_id = npcm7xx_fiu_cs_index(fiu, f);
-trace_npcm7xx_fiu_flash_write(DEVICE(fiu)->canonical_path, cs_id, addr,
-size, v);
-  >>>     CID 1432729:  Integer handling issues  (NEGATIVE_RETURNS)
-  >>>     "cs_id" is passed to a parameter that cannot be negative.
-npcm7xx_fiu_select(fiu, cs_id);
-Since the index of the flash can not be negative, return an
-unsigned type.
-Reported-by: Coverity (CID 1432729 & 1432730: NEGATIVE_RETURNS)
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
-Message-id: 20200919132435.310527-1-f4bug@amsat.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/ssi/npcm7xx_fiu.c | 12 ++++++------
- hw/ssi/trace-events  |  2 +-
-files changed, 7 insertions(+), 7 deletions(-)
-diff --git a/hw/ssi/npcm7xx_fiu.c b/hw/ssi/npcm7xx_fiu.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/ssi/npcm7xx_fiu.c
-+++ b/hw/ssi/npcm7xx_fiu.c
-@@ -XXX,XX +XXX,XX @@ enum NPCM7xxFIURegister {
-  * Returns the index of flash in the fiu->flash array. This corresponds to the
-  * chip select ID of the flash.
-  */
--static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash)
-+static unsigned npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu,
-+                                     NPCM7xxFIUFlash *flash)
- {
-     int index = flash - fiu->flash;
-@@ -XXX,XX +XXX,XX @@ static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash)
- }
- /* Assert the chip select specified in the UMA Control/Status Register. */
--static void npcm7xx_fiu_select(NPCM7xxFIUState *s, int cs_id)
-+static void npcm7xx_fiu_select(NPCM7xxFIUState *s, unsigned cs_id)
- {
-     trace_npcm7xx_fiu_select(DEVICE(s)->canonical_path, cs_id);
-     if (cs_id < s->cs_count) {
-         qemu_irq_lower(s->cs_lines[cs_id]);
-+        s->active_cs = cs_id;
-     } else {
-         qemu_log_mask(LOG_GUEST_ERROR,
-                       "%s: UMA to CS%d; this module has only %d chip selects",
-                       DEVICE(s)->canonical_path, cs_id, s->cs_count);
--        cs_id = -1;
-+        s->active_cs = -1;
-     }
--
--    s->active_cs = cs_id;
- }
- /* Deassert the currently active chip select. */
-@@ -XXX,XX +XXX,XX @@ static void npcm7xx_fiu_flash_write(void *opaque, hwaddr addr, uint64_t v,
-     NPCM7xxFIUFlash *f = opaque;
-     NPCM7xxFIUState *fiu = f->fiu;
-     uint32_t dwr_cfg;
--    int cs_id;
-+    unsigned cs_id;
-     int i;
-     if (fiu->active_cs != -1) {
-diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events
-index XXXXXXX..XXXXXXX 100644
---- a/hw/ssi/trace-events
-+++ b/hw/ssi/trace-events
-@@ -XXX,XX +XXX,XX @@ npcm7xx_fiu_deselect(const char *id, int cs) "%s deselect CS%d"
- npcm7xx_fiu_ctrl_read(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32
- npcm7xx_fiu_ctrl_write(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32
- npcm7xx_fiu_flash_read(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
--npcm7xx_fiu_flash_write(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
-+npcm7xx_fiu_flash_write(const char *id, unsigned cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
---
-.20.1

-[PULL 02/12] hw/arm/fsl-imx25: Fix a typo
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20201002080935.1660005-1-f4bug@amsat.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/arm/fsl-imx25.h | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/fsl-imx25.h
-+++ b/include/hw/arm/fsl-imx25.h
-@@ -XXX,XX +XXX,XX @@ struct FslIMX25State {
-  * 0xBB00_0000 0xBB00_0FFF 4 Kbytes     NAND flash main area buffer
-  * 0xBB00_1000 0xBB00_11FF 512 B        NAND flash spare area buffer
-  * 0xBB00_1200 0xBB00_1DFF 3 Kbytes     Reserved
-- * 0xBB00_1E00 0xBB00_1FFF 512 B        NAND flash control regisers
-+ * 0xBB00_1E00 0xBB00_1FFF 512 B        NAND flash control registers
-  * 0xBB01_2000 0xBFFF_FFFF 96 Mbytes (minus 8 Kbytes) Reserved
-  * 0xC000_0000 0xFFFF_FFFF 1024 Mbytes  Reserved
-  */
---
-.20.1

-[PULL 03/12] hw/arm/sbsa-ref : Fix SMMUv3 Initialisation
+Deleted patch
-From: Graeme Gregory <graeme@nuviainc.com>
-SMMUv3 has an error in a previous patch where an i was transposed to a 1
-meaning interrupts would not have been correctly assigned to the SMMUv3
-instance.
-Fixes: 48ba18e6d3f3 ("hw/arm/sbsa-ref: Simplify by moving the gic in the machine state")
-Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Message-id: 20201007100732.4103790-2-graeme@nuviainc.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/sbsa-ref.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/sbsa-ref.c
-+++ b/hw/arm/sbsa-ref.c
-@@ -XXX,XX +XXX,XX @@ static void create_smmu(const SBSAMachineState *sms, PCIBus *bus)
-     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
-     for (i = 0; i < NUM_SMMU_IRQS; i++) {
-         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
--                           qdev_get_gpio_in(sms->gic, irq + 1));
-+                           qdev_get_gpio_in(sms->gic, irq + i));
-     }
- }
---
-.20.1

-[PULL 04/12] hw/arm/sbsa-ref : allocate IRQs for SMMUv3
+[PULL 1/7] hw/arm/sbsa-ref: set 'slots' property of xhci
-From: Graeme Gregory <graeme@nuviainc.com>
+From: Yuquan Wang <wangyuquan1236@phytium.com.cn>
-Original commit did not allocate IRQs for the SMMUv3 in the irqmap
+This extends the slots of xhci to 64, since the default xhci_sysbus
-effectively using irq 0->3 (shared with other devices). Assuming
+just supports one slot.
 original intent was to allocate unique IRQs then add an allocation
 to the irqmap.
-Fixes: e9fdf453240 ("hw/arm: Add arm SBSA reference machine, devices part")
+Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
-Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-Message-id: 20201007100732.4103790-3-graeme@nuviainc.com
+Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
 Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
  hw/arm/sbsa-ref.c | 1 +
 file changed, 1 insertion(+)
 diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/sbsa-ref.c
 +++ b/hw/arm/sbsa-ref.c
-@@ -XXX,XX +XXX,XX @@ static const int sbsa_ref_irqmap[] = {
+@@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms)
-     [SBSA_SECURE_UART_MM] = 9,
+     hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;
-     [SBSA_AHCI] = 10,
+     int irq = sbsa_ref_irqmap[SBSA_XHCI];
-     [SBSA_EHCI] = 11,
+     DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
-+    [SBSA_SMMU] = 12, /* ... to 15 */
++    qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
- };
+     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
- static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx)
+     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
 --
-.20.1
+.34.1

-[PULL 05/12] hw/char/bcm2835_aux: Allow less than 32-bit accesses
+Deleted patch
-From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-The "BCM2835 ARM Peripherals" datasheet [*] chapter 2
-("Auxiliaries: UART1 & SPI1, SPI2"), list the register
-sizes as 3/8/16/32 bits. We assume this means this
-peripheral allows 8-bit accesses.
-This was not an issue until commit 5d971f9e67 which reverted
-("memory: accept mismatching sizes in memory_region_access_valid").
-The model is implemented as 32-bit accesses (see commit 97398d900c,
-all registers are 32-bit) so replace MemoryRegionOps.valid as
-MemoryRegionOps.impl, and re-introduce MemoryRegionOps.valid
-with a 8/32-bit range.
-[*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf
-Fixes: 97398d900c ("bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block")
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20201002181032.1899463-1-f4bug@amsat.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/char/bcm2835_aux.c | 4 +++-
-file changed, 3 insertions(+), 1 deletion(-)
-diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/char/bcm2835_aux.c
-+++ b/hw/char/bcm2835_aux.c
-@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps bcm2835_aux_ops = {
-     .read = bcm2835_aux_read,
-     .write = bcm2835_aux_write,
-     .endianness = DEVICE_NATIVE_ENDIAN,
--    .valid.min_access_size = 4,
-+    .impl.min_access_size = 4,
-+    .impl.max_access_size = 4,
-+    .valid.min_access_size = 1,
-     .valid.max_access_size = 4,
- };
---
-.20.1

-[PULL 06/12] linux headers: sync to 5.9-rc7
+Deleted patch
-From: Andrew Jones <drjones@redhat.com>
-Update against Linux 5.9-rc7.
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Message-id: 20201001061718.101915-2-drjones@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- linux-headers/linux/kvm.h | 6 ++++--
-file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-headers/linux/kvm.h
-+++ b/linux-headers/linux/kvm.h
-@@ -XXX,XX +XXX,XX @@ struct kvm_ppc_resize_hpt {
- #define KVM_VM_PPC_HV 1
- #define KVM_VM_PPC_PR 2
--/* on MIPS, 0 forces trap & emulate, 1 forces VZ ASE */
--#define KVM_VM_MIPS_TE        0
-+/* on MIPS, 0 indicates auto, 1 forces VZ ASE, 2 forces trap & emulate */
-+#define KVM_VM_MIPS_AUTO    0
- #define KVM_VM_MIPS_VZ        1
-+#define KVM_VM_MIPS_TE        2
- #define KVM_S390_SIE_PAGE_OFFSET 1
-@@ -XXX,XX +XXX,XX @@ struct kvm_ppc_resize_hpt {
- #define KVM_CAP_LAST_CPU 184
- #define KVM_CAP_SMALLER_MAXPHYADDR 185
- #define KVM_CAP_S390_DIAG318 186
-+#define KVM_CAP_STEAL_TIME 187
- #ifdef KVM_CAP_IRQ_ROUTING
---
-.20.1

-[PULL 10/12] tests/qtest: Restore aarch64 arm-cpu-features test
+[PULL 2/7] linux-user: Remove pointless NULL check in clock_adjtime handling
-From: Andrew Jones <drjones@redhat.com>
+In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to
 the address of the local variable htx.  This means it can never be
 NULL, but later in the code we check it for NULL anyway.  Coverity
 complains about this (CID 1507683) because the NULL check comes after
 a call to clock_adjtime() that assumes it is non-NULL.
-arm-cpu-features got dropped from the AArch64 tests during the meson
+Since phtx is always &htx, and is used only in three places, it's not
-conversion shuffle.
+really necessary.  Remove it, bringing the code structure in to line
 with that for TARGET_NR_clock_adjtime64, which already uses a simple
 '&htx' when it wants a pointer to 'htx'.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Message-id: 20201001061718.101915-6-drjones@redhat.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org
 ---
- tests/qtest/meson.build | 3 ++-
+ linux-user/syscall.c | 12 +++++-------
-file changed, 2 insertions(+), 1 deletion(-)
+file changed, 5 insertions(+), 7 deletions(-)
-diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
 index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/meson.build
+--- a/linux-user/syscall.c
-+++ b/tests/qtest/meson.build
++++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ qtests_aarch64 = \
+@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-   (cpu != 'arm' ? ['bios-tables-test'] : []) +                                                  \
+ #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
-   (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-test'] : []) +        \
+     case TARGET_NR_clock_adjtime:
-   (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-swtpm-test'] : []) +  \
+         {
--  ['numa-test',
+-            struct timex htx, *phtx = &htx;
-+  ['arm-cpu-features',
++            struct timex htx;
-+   'numa-test',
-    'boot-serial-test',
+-            if (target_to_host_timex(phtx, arg2) != 0) {
-    'migration-test']
++            if (target_to_host_timex(&htx, arg2) != 0) {
+                 return -TARGET_EFAULT;
              }
 -            ret = get_errno(clock_adjtime(arg1, phtx));
 -            if (!is_error(ret) && phtx) {
 -                if (host_to_target_timex(arg2, phtx) != 0) {
 -                    return -TARGET_EFAULT;
 -                }
 +            ret = get_errno(clock_adjtime(arg1, &htx));
 +            if (!is_error(ret) && host_to_target_timex(arg2, &htx)) {
 +                return -TARGET_EFAULT;
              }
          }
          return ret;
 --
-.20.1
+.34.1

-[PULL 07/12] target/arm/kvm: Make uncalled stubs explicitly unreachable
+[PULL 3/7] target/arm/ptw.c: Add comments to S1Translate struct fields
-From: Andrew Jones <drjones@redhat.com>
+Add comments to the in_* fields in the S1Translate struct
 that explain what they're doing.
-When we compile without KVM support !defined(CONFIG_KVM) we generate
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-stubs for functions that the linker will still encounter. Sometimes
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-these stubs can be executed safely and are placed in paths where they
+Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org
-get executed with or without KVM. Other functions should never be
+---
-called without KVM. Those functions should be guarded by kvm_enabled(),
+ target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++
-but should also be robust to refactoring mistakes. Putting a
+file changed, 40 insertions(+)
 g_assert_not_reached() in the function should help. Additionally,
 the g_assert_not_reached() calls may actually help the linker remove
 some code.
-We remove the stubs for kvm_arm_get/put_virtual_time(), as they aren't
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 necessary at all - the only caller is in kvm.c
 Reviewed-by: Eric Auger <eric.auger@redhat.com>
 Signed-off-by: Andrew Jones <drjones@redhat.com>
 Message-id: 20201001061718.101915-3-drjones@redhat.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
  target/arm/kvm_arm.h | 51 +++++++++++++++++++++++++++-----------------
 file changed, 32 insertions(+), 19 deletions(-)
 diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm_arm.h
+--- a/target/arm/ptw.c
-+++ b/target/arm/kvm_arm.h
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level);
+@@ -XXX,XX +XXX,XX @@
  #else
 -static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
 -{
 -    /*
 -     * This should never actually be called in the "not KVM" case,
 -     * but set up the fields to indicate an error anyway.
 -     */
 -    cpu->kvm_target = QEMU_KVM_ARM_TARGET_NONE;
 -    cpu->host_cpu_probe_failed = true;
 -}
 -
 -static inline void kvm_arm_add_vcpu_properties(Object *obj) {}
 -
 +/*
 + * It's safe to call these functions without KVM support.
 + * They should either do nothing or return "not supported".
 + */
  static inline bool kvm_arm_aarch32_supported(void)
  {
      return false;
@@ -XXX,XX +XXX,XX @@ static inline bool kvm_arm_sve_supported(void)
      return false;
  }
 +/*
 + * These functions should never actually be called without KVM support.
 + */
 +static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
 +{
 +    g_assert_not_reached();
 +}
 +
 +static inline void kvm_arm_add_vcpu_properties(Object *obj)
 +{
 +    g_assert_not_reached();
 +}
 +
  static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
  {
 -    return -ENOENT;
 +    g_assert_not_reached();
  }
  static inline int kvm_arm_vgic_probe(void)
  {
 -    return 0;
 +    g_assert_not_reached();
  }
 -static inline void kvm_arm_pmu_set_irq(CPUState *cs, int irq) {}
 -static inline void kvm_arm_pmu_init(CPUState *cs) {}
 +static inline void kvm_arm_pmu_set_irq(CPUState *cs, int irq)
 +{
 +    g_assert_not_reached();
 +}
 -static inline void kvm_arm_sve_get_vls(CPUState *cs, unsigned long *map) {}
 +static inline void kvm_arm_pmu_init(CPUState *cs)
 +{
 +    g_assert_not_reached();
 +}
 +
 +static inline void kvm_arm_sve_get_vls(CPUState *cs, unsigned long *map)
 +{
 +    g_assert_not_reached();
 +}
 -static inline void kvm_arm_get_virtual_time(CPUState *cs) {}
 -static inline void kvm_arm_put_virtual_time(CPUState *cs) {}
  #endif
- static inline const char *gic_class_name(void)
+ typedef struct S1Translate {
 +    /*
 +     * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk.
 +     * Together with in_space, specifies the architectural translation regime.
 +     */
      ARMMMUIdx in_mmu_idx;
 +    /*
 +     * in_ptw_idx: specifies which mmuidx to use for the actual
 +     * page table descriptor load operations. This will be one of the
 +     * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes.
 +     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
 +     * this field is updated accordingly.
 +     */
      ARMMMUIdx in_ptw_idx;
 +    /*
 +     * in_space: the security space for this walk. This plus
 +     * the in_mmu_idx specify the architectural translation regime.
 +     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
 +     * this field is updated accordingly.
 +     *
 +     * Note that the security space for the in_ptw_idx may be different
 +     * from that for the in_mmu_idx. We do not need to explicitly track
 +     * the in_ptw_idx security space because:
 +     *  - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx
 +     *    itself specifies the security space
 +     *  - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security
 +     *    space used for ptw reads is the same as that of the security
 +     *    space of the stage 1 translation for all cases except where
 +     *    stage 1 is Secure; in that case the only possibilities for
 +     *    the ptw read are Secure and NonSecure, and the in_ptw_idx
 +     *    value being Stage2 vs Stage2_S distinguishes those.
 +     */
      ARMSecuritySpace in_space;
 +    /*
 +     * in_secure: whether the translation regime is a Secure one.
 +     * This is always equal to arm_space_is_secure(in_space).
 +     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
 +     * this field is updated accordingly.
 +     */
      bool in_secure;
 +    /*
 +     * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug
 +     * accesses will not update the guest page table access flags
 +     * and will not change the state of the softmmu TLBs.
 +     */
      bool in_debug;
      /*
       * If this is stage 2 of a stage 1+2 page table walk, then this must
 --
-.20.1
+.34.1

-[PULL 08/12] hw/arm/virt: Move post cpu realize check into its own function
+[PULL 4/7] target/arm: Fix S1_ptw_translate() debug path
-From: Andrew Jones <drjones@redhat.com>
+In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate()
 so that the debug-access "call get_phys_addr_*" codepath is used both
 when S1 is doing ptw reads from stage 2 and when it is doing ptw
 reads from physical memory.  However, we didn't update the
 calculation of s2ptw->in_space and s2ptw->in_secure to account for
 the "ptw reads from physical memory" case.  This meant that debug
 accesses when in Secure state broke.
-We'll add more to this new function in coming patches so we also
+Create a new function S2_security_space() which returns the
-state the gic must be created and call it below create_gic().
+correct security space to use for the ptw load, and use it to
 determine the correct .in_secure and .in_space fields for the
 stage 2 lookup for the ptw load.
-No functional change intended.
+Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Andrew Jones <drjones@redhat.com>
+Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org
-Message-id: 20201001061718.101915-4-drjones@redhat.com
+Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate")
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/arm/virt.c | 43 +++++++++++++++++++++++++++----------------
+ target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++-----
-file changed, 27 insertions(+), 16 deletions(-)
+file changed, 32 insertions(+), 5 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
+--- a/target/arm/ptw.c
-+++ b/hw/arm/virt.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static void finalize_gic_version(VirtMachineState *vms)
+@@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
      }
  }
-+/*
++static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space,
-+ * virt_cpu_post_init() must be called after the CPUs have
++                                          ARMMMUIdx s2_mmu_idx)
 + * been realized and the GIC has been created.
 + */
 +static void virt_cpu_post_init(VirtMachineState *vms)
 +{
-+    bool aarch64;
++    /*
-+
++     * Return the security space to use for stage 2 when doing
-+    aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL);
++     * the S1 page table descriptor load.
-+
++     */
-+    if (!kvm_enabled()) {
++    if (regime_is_stage2(s2_mmu_idx)) {
-+        if (aarch64 && vms->highmem) {
++        /*
-+            int requested_pa_size = 64 - clz64(vms->highest_gpa);
++         * The security space for ptw reads is almost always the same
-+            int pamax = arm_pamax(ARM_CPU(first_cpu));
++         * as that of the security space of the stage 1 translation.
-+
++         * The only exception is when stage 1 is Secure; in that case
-+            if (pamax < requested_pa_size) {
++         * the ptw read might be to the Secure or the NonSecure space
-+                error_report("VCPU supports less PA bits (%d) than "
++         * (but never Realm or Root), and the s2_mmu_idx tells us which.
-+                             "requested by the memory map (%d)",
++         * Root translations are always single-stage.
-+                             pamax, requested_pa_size);
++         */
-+                exit(1);
++        if (s1_space == ARMSS_Secure) {
-+            }
++            return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S);
 +        } else {
 +            assert(s2_mmu_idx != ARMMMUIdx_Stage2_S);
 +            assert(s1_space != ARMSS_Root);
 +            return s1_space;
 +        }
++    } else {
++        /* ptw loads are from phys: the mmu idx itself says which space */
++        return arm_phys_to_space(s2_mmu_idx);
 +    }
 +}
 +
- static void machvirt_init(MachineState *machine)
+ /* Translate a S1 pagetable walk through S2 if needed.  */
  static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
                               hwaddr addr, ARMMMUFaultInfo *fi)
  {
-     VirtMachineState *vms = VIRT_MACHINE(machine);
+-    ARMSecuritySpace space = ptw->in_space;
-@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
+     bool is_secure = ptw->in_secure;
-     fdt_add_timer_nodes(vms);
+     ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
-     fdt_add_cpu_nodes(vms);
+     ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
+@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
--   if (!kvm_enabled()) {
+          * From gdbstub, do not use softmmu so that we don't modify the
--        ARMCPU *cpu = ARM_CPU(first_cpu);
+          * state of the cpu at all, including softmmu tlb contents.
--        bool aarch64 = object_property_get_bool(OBJECT(cpu), "aarch64", NULL);
+          */
--
++        ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx);
--        if (aarch64 && vms->highmem) {
+         S1Translate s2ptw = {
--            int requested_pa_size, pamax = arm_pamax(cpu);
+             .in_mmu_idx = s2_mmu_idx,
--
+             .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
--            requested_pa_size = 64 - clz64(vms->highest_gpa);
+-            .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
--            if (pamax < requested_pa_size) {
+-            .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
--                error_report("VCPU supports less PA bits (%d) than requested "
+-                         : space == ARMSS_Realm ? ARMSS_Realm
--                            "by the memory map (%d)", pamax, requested_pa_size);
+-                         : ARMSS_NonSecure),
--                exit(1);
++            .in_secure = arm_space_is_secure(s2_space),
--            }
++            .in_space = s2_space,
--        }
+             .in_debug = true,
--    }
+         };
--
+         GetPhysAddrResult s2 = { };
      memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base,
                                  machine->ram);
      if (machine->device_memory) {
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
      create_gic(vms);
 +    virt_cpu_post_init(vms);
 +
      fdt_add_pmu_nodes(vms);
      create_uart(vms, VIRT_UART, sysmem, serial_hd(0));
 --
-.20.1
+.34.1

-[PULL 12/12] target/arm: Make '-cpu max' have a 48-bit PA
+[PULL 5/7] target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
-QEMU supports a 48-bit physical address range, but we don't currently
+In get_phys_addr_twostage() the code that applies the effects of
-expose it in the '-cpu max' ID registers (you get the same range as
+VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure.
-Cortex-A57, which is 44 bits).
+Now we also have f.attrs.space for FEAT_RME, we need to keep the two
 in sync.
-Set the ID_AA64MMFR0.PARange field to indicate 48 bits.
+These bits only have an effect for Secure space translations, not
 for Root, so use the input in_space field to determine whether to
 apply them rather than the input is_secure. This doesn't actually
 make a difference because Root translations are never two-stage,
 but it's a little clearer.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20201001160116.18095-1-peter.maydell@linaro.org
+Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org
 ---
- target/arm/cpu64.c | 4 ++++
+ target/arm/ptw.c | 13 ++++++++-----
-file changed, 4 insertions(+)
+file changed, 8 insertions(+), 5 deletions(-)
-diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu64.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/cpu64.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-         t = FIELD_DP64(t, ID_AA64PFR1, MTE, 2);
+     hwaddr ipa;
-         cpu->isar.id_aa64pfr1 = t;
+     int s1_prot, s1_lgpgsz;
+     bool is_secure = ptw->in_secure;
-+        t = cpu->isar.id_aa64mmfr0;
++    ARMSecuritySpace in_space = ptw->in_space;
-+        t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */
+     bool ret, ipa_secure;
-+        cpu->isar.id_aa64mmfr0 = t;
+     ARMCacheAttrs cacheattrs1;
-+
+     ARMSecuritySpace ipa_space;
-         t = cpu->isar.id_aa64mmfr1;
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-         t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */
+      * Check if IPA translates to secure or non-secure PA space.
-         t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1);
+      * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
       */
 -    result->f.attrs.secure =
 -        (is_secure
 -         && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
 -         && (ipa_secure
 -             || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))));
 +    if (in_space == ARMSS_Secure) {
 +        result->f.attrs.secure =
 +            !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
 +            && (ipa_secure
 +                || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)));
 +        result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure);
 +    }
      return false;
  }
 --
-.20.1
+.34.1

-[PULL 09/12] hw/arm/virt: Move kvm pmu setup to virt_cpu_post_init
+[PULL 6/7] accel/tcg: Zero-pad PC in TCG CPU exec trace lines
-From: Andrew Jones <drjones@redhat.com>
+In commit f0a08b0913befbd we changed the type of the PC from
 target_ulong to vaddr.  In doing so we inadvertently dropped the
 zero-padding on the PC in trace lines (the second item inside the []
 in these lines).  They used to look like this on AArch64, for
 instance:
-Move the KVM PMU setup part of fdt_add_pmu_nodes() to
+Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000]
 virt_cpu_post_init(), which is a more appropriate location. Now
 fdt_add_pmu_nodes() is also named more appropriately, because it
 no longer does anything but fdt node creation.
-No functional change intended.
+and now they look like this:
 Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+and if the PC happens to be somewhere low like 0x5000
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+then the field is shown as /5000/.
-Signed-off-by: Andrew Jones <drjones@redhat.com>
-Message-id: 20201001061718.101915-5-drjones@redhat.com
+This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier,
 depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64
 with no width specifier.
 Restore the zero-padding by adding an 016 width specifier to
 this tracing and a couple of others that were similarly recently
 changed to use VADDR_PRIx without a width specifier.
 We can't unfortunately restore the "32-bit guests are padded to
 hex digits and 64-bit guests to 16 hex digits" behaviour so
 easily.
 Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr")
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Anton Johansson <anjo@rev.ng>
+Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org
 ---
- hw/arm/virt.c | 34 ++++++++++++++++++----------------
+ accel/tcg/cpu-exec.c      | 4 ++--
-file changed, 18 insertions(+), 16 deletions(-)
+ accel/tcg/translate-all.c | 2 +-
 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
+--- a/accel/tcg/cpu-exec.c
-+++ b/hw/arm/virt.c
++++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static void fdt_add_gic_node(VirtMachineState *vms)
+@@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu,
+     if (qemu_log_in_addr_range(pc)) {
- static void fdt_add_pmu_nodes(const VirtMachineState *vms)
+         qemu_log_mask(CPU_LOG_EXEC,
- {
+                       "Trace %d: %p [%08" PRIx64
--    CPUState *cpu;
+-                      "/%" VADDR_PRIx "/%08x/%08x] %s\n",
--    ARMCPU *armcpu;
++                      "/%016" VADDR_PRIx "/%08x/%08x] %s\n",
-+    ARMCPU *armcpu = ARM_CPU(first_cpu);
+                       cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
-     uint32_t irqflags = GIC_FDT_IRQ_FLAGS_LEVEL_HI;
+                       tb->flags, tb->cflags, lookup_symbol(pc));
--    CPU_FOREACH(cpu) {
+@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
--        armcpu = ARM_CPU(cpu);
+         if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
--        if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {
+             vaddr pc = log_pc(cpu, last_tb);
--            return;
+             if (qemu_log_in_addr_range(pc)) {
--        }
+-                qemu_log("Stopped execution of TB chain before %p [%"
--        if (kvm_enabled()) {
++                qemu_log("Stopped execution of TB chain before %p [%016"
--            if (kvm_irqchip_in_kernel()) {
+                          VADDR_PRIx "] %s\n",
--                kvm_arm_pmu_set_irq(cpu, PPI(VIRTUAL_PMU_IRQ));
+                          last_tb->tc.ptr, pc, lookup_symbol(pc));
--            }
+             }
--            kvm_arm_pmu_init(cpu);
+diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
--        }
+index XXXXXXX..XXXXXXX 100644
-+    if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {
+--- a/accel/tcg/translate-all.c
-+        assert(!object_property_get_bool(OBJECT(armcpu), "pmu", NULL));
++++ b/accel/tcg/translate-all.c
-+        return;
+@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
      if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
          vaddr pc = log_pc(cpu, tb);
          if (qemu_log_in_addr_range(pc)) {
 -            qemu_log("cpu_io_recompile: rewound execution of TB to %"
 +            qemu_log("cpu_io_recompile: rewound execution of TB to %016"
                       VADDR_PRIx "\n", pc);
          }
      }
-     if (vms->gic_version == VIRT_GIC_VERSION_2) {
-@@ -XXX,XX +XXX,XX @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)
-                              (1 << vms->smp_cpus) - 1);
-     }
--    armcpu = ARM_CPU(qemu_get_cpu(0));
-     qemu_fdt_add_subnode(vms->fdt, "/pmu");
-     if (arm_feature(&armcpu->env, ARM_FEATURE_V8)) {
-         const char compat[] = "arm,armv8-pmuv3";
-@@ -XXX,XX +XXX,XX @@ static void finalize_gic_version(VirtMachineState *vms)
-  */
- static void virt_cpu_post_init(VirtMachineState *vms)
- {
--    bool aarch64;
-+    bool aarch64, pmu;
-+    CPUState *cpu;
-     aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL);
-+    pmu = object_property_get_bool(OBJECT(first_cpu), "pmu", NULL);
--    if (!kvm_enabled()) {
-+    if (kvm_enabled()) {
-+        CPU_FOREACH(cpu) {
-+            if (pmu) {
-+                assert(arm_feature(&ARM_CPU(cpu)->env, ARM_FEATURE_PMU));
-+                if (kvm_irqchip_in_kernel()) {
-+                    kvm_arm_pmu_set_irq(cpu, PPI(VIRTUAL_PMU_IRQ));
-+                }
-+                kvm_arm_pmu_init(cpu);
-+            }
-+        }
-+    } else {
-         if (aarch64 && vms->highmem) {
-             int requested_pa_size = 64 - clz64(vms->highest_gpa);
-             int pamax = arm_pamax(ARM_CPU(first_cpu));
 --
-.20.1
+.34.1

-[PULL 11/12] hw/arm/virt: Implement kvm-steal-time
+[PULL 7/7] hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
-From: Andrew Jones <drjones@redhat.com>
+From: Tong Ho <tong.ho@amd.com>
-We add the kvm-steal-time CPU property and implement it for machvirt.
+Add a check in the bit-set operation to write the backstore
-A tiny bit of refactoring was also done to allow pmu and pvtime to
+only if the affected bit is 0 before.
 use the same vcpu device helper functions.
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+With this in place, there will be no need for callers to
-Signed-off-by: Andrew Jones <drjones@redhat.com>
+do the checking in order to avoid unnecessary writes.
-Message-id: 20201001061718.101915-7-drjones@redhat.com
 Signed-off-by: Tong Ho <tong.ho@amd.com>
 Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
 Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- docs/system/arm/cpu-features.rst | 11 ++++++
+ hw/nvram/xlnx-efuse.c | 11 +++++++++--
- include/hw/arm/virt.h            |  5 +++
+file changed, 9 insertions(+), 2 deletions(-)
  target/arm/cpu.h                 |  4 ++
  target/arm/kvm_arm.h             | 43 +++++++++++++++++++++
  hw/arm/virt.c                    | 43 +++++++++++++++++++--
  target/arm/cpu.c                 |  8 ++++
  target/arm/kvm.c                 | 16 ++++++++
  target/arm/kvm64.c               | 64 +++++++++++++++++++++++++++++---
  target/arm/monitor.c             |  2 +-
  tests/qtest/arm-cpu-features.c   | 25 +++++++++++--
 files changed, 208 insertions(+), 13 deletions(-)
-diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
+diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
 index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/cpu-features.rst
+--- a/hw/nvram/xlnx-efuse.c
-+++ b/docs/system/arm/cpu-features.rst
++++ b/hw/nvram/xlnx-efuse.c
-@@ -XXX,XX +XXX,XX @@ the list of KVM VCPU features and their descriptions.
+@@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k)
-                            adjustment, also restoring the legacy (pre-5.0)
-                            behavior.
+ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
+ {
-+  kvm-steal-time           Since v5.2, kvm-steal-time is enabled by
++    uint32_t set, *row;
 +                           default when KVM is enabled, the feature is
 +                           supported, and the guest is 64-bit.
 +
-+                           When kvm-steal-time is enabled a 64-bit guest
+     if (efuse_ro_bits_find(s, bit)) {
-+                           can account for time its CPUs were not running
+         g_autofree char *path = object_get_canonical_path(OBJECT(s));
-+                           due to the host not scheduling the corresponding
-+                           VCPU threads.  The accounting statistics may
+@@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
 +                           influence the guest scheduler behavior and/or be
 +                           exposed to the guest userspace.
 +
  SVE CPU Properties
  ==================
 diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/arm/virt.h
 +++ b/include/hw/arm/virt.h
@@ -XXX,XX +XXX,XX @@
  #define PPI(irq) ((irq) + 16)
 +/* See Linux kernel arch/arm64/include/asm/pvclock-abi.h */
 +#define PVTIME_SIZE_PER_CPU 64
 +
  enum {
      VIRT_FLASH,
      VIRT_MEM,
@@ -XXX,XX +XXX,XX @@ enum {
      VIRT_PCDIMM_ACPI,
      VIRT_ACPI_GED,
      VIRT_NVDIMM_ACPI,
 +    VIRT_PVTIME,
      VIRT_LOWMEMMAP_LAST,
  };
@@ -XXX,XX +XXX,XX @@ struct VirtMachineClass {
      bool no_highmem_ecam;
      bool no_ged;   /* Machines < 4.2 has no support for ACPI GED device */
      bool kvm_no_adjvtime;
 +    bool no_kvm_steal_time;
      bool acpi_expose_flash;
  };
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@
  #include "hw/registerfields.h"
  #include "cpu-qom.h"
  #include "exec/cpu-defs.h"
 +#include "qapi/qapi-types-common.h"
  /* ARM processors have a weak memory model */
  #define TCG_GUEST_DEFAULT_MO      (0)
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
      bool kvm_vtime_dirty;
      uint64_t kvm_vtime;
 +    /* KVM steal time */
 +    OnOffAuto kvm_steal_time;
 +
      /* Uniprocessor system with MP extensions */
      bool mp_is_up;
 diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm_arm.h
 +++ b/target/arm/kvm_arm.h
@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
   */
  void kvm_arm_add_vcpu_properties(Object *obj);
 +/**
 + * kvm_arm_steal_time_finalize:
 + * @cpu: ARMCPU for which to finalize kvm-steal-time
 + * @errp: Pointer to Error* for error propagation
 + *
 + * Validate the kvm-steal-time property selection and set its default
 + * based on KVM support and guest configuration.
 + */
 +void kvm_arm_steal_time_finalize(ARMCPU *cpu, Error **errp);
 +
 +/**
 + * kvm_arm_steal_time_supported:
 + *
 + * Returns: true if KVM can enable steal time reporting
 + * and false otherwise.
 + */
 +bool kvm_arm_steal_time_supported(void);
 +
  /**
   * kvm_arm_aarch32_supported:
   *
@@ -XXX,XX +XXX,XX @@ int kvm_arm_vgic_probe(void);
  void kvm_arm_pmu_set_irq(CPUState *cs, int irq);
  void kvm_arm_pmu_init(CPUState *cs);
 +
 +/**
 + * kvm_arm_pvtime_init:
 + * @cs: CPUState
 + * @ipa: Per-vcpu guest physical base address of the pvtime structures
 + *
 + * Initializes PVTIME for the VCPU, setting the PVTIME IPA to @ipa.
 + */
 +void kvm_arm_pvtime_init(CPUState *cs, uint64_t ipa);
 +
  int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level);
  #else
@@ -XXX,XX +XXX,XX @@ static inline bool kvm_arm_sve_supported(void)
      return false;
  }
 +static inline bool kvm_arm_steal_time_supported(void)
 +{
 +    return false;
 +}
 +
  /*
   * These functions should never actually be called without KVM support.
   */
@@ -XXX,XX +XXX,XX @@ static inline void kvm_arm_pmu_init(CPUState *cs)
      g_assert_not_reached();
  }
 +static inline void kvm_arm_pvtime_init(CPUState *cs, uint64_t ipa)
 +{
 +    g_assert_not_reached();
 +}
 +
 +static inline void kvm_arm_steal_time_finalize(ARMCPU *cpu, Error **errp)
 +{
 +    g_assert_not_reached();
 +}
 +
  static inline void kvm_arm_sve_get_vls(CPUState *cs, unsigned long *map)
  {
      g_assert_not_reached();
 diff --git a/hw/arm/virt.c b/hw/arm/virt.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/virt.c
 +++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static const MemMapEntry base_memmap[] = {
      [VIRT_PCDIMM_ACPI] =        { 0x09070000, MEMORY_HOTPLUG_IO_LEN },
      [VIRT_ACPI_GED] =           { 0x09080000, ACPI_GED_EVT_SEL_LEN },
      [VIRT_NVDIMM_ACPI] =        { 0x09090000, NVDIMM_ACPI_IO_LEN},
 +    [VIRT_PVTIME] =             { 0x090a0000, 0x00010000 },
      [VIRT_MMIO] =               { 0x0a000000, 0x00000200 },
      /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
      [VIRT_PLATFORM_BUS] =       { 0x0c000000, 0x02000000 },
@@ -XXX,XX +XXX,XX @@ static void finalize_gic_version(VirtMachineState *vms)
   * virt_cpu_post_init() must be called after the CPUs have
   * been realized and the GIC has been created.
   */
 -static void virt_cpu_post_init(VirtMachineState *vms)
 +static void virt_cpu_post_init(VirtMachineState *vms, int max_cpus,
 +                               MemoryRegion *sysmem)
  {
 -    bool aarch64, pmu;
 +    bool aarch64, pmu, steal_time;
      CPUState *cpu;
      aarch64 = object_property_get_bool(OBJECT(first_cpu), "aarch64", NULL);
      pmu = object_property_get_bool(OBJECT(first_cpu), "pmu", NULL);
 +    steal_time = object_property_get_bool(OBJECT(first_cpu),
 +                                          "kvm-steal-time", NULL);
      if (kvm_enabled()) {
 +        hwaddr pvtime_reg_base = vms->memmap[VIRT_PVTIME].base;
 +        hwaddr pvtime_reg_size = vms->memmap[VIRT_PVTIME].size;
 +
 +        if (steal_time) {
 +            MemoryRegion *pvtime = g_new(MemoryRegion, 1);
 +            hwaddr pvtime_size = max_cpus * PVTIME_SIZE_PER_CPU;
 +
 +            /* The memory region size must be a multiple of host page size. */
 +            pvtime_size = REAL_HOST_PAGE_ALIGN(pvtime_size);
 +
 +            if (pvtime_size > pvtime_reg_size) {
 +                error_report("pvtime requires a %ld byte memory region for "
 +                             "%d CPUs, but only %ld has been reserved",
 +                             pvtime_size, max_cpus, pvtime_reg_size);
 +                exit(1);
 +            }
 +
 +            memory_region_init_ram(pvtime, NULL, "pvtime", pvtime_size, NULL);
 +            memory_region_add_subregion(sysmem, pvtime_reg_base, pvtime);
 +        }
 +
          CPU_FOREACH(cpu) {
              if (pmu) {
                  assert(arm_feature(&ARM_CPU(cpu)->env, ARM_FEATURE_PMU));
@@ -XXX,XX +XXX,XX @@ static void virt_cpu_post_init(VirtMachineState *vms)
                  }
                  kvm_arm_pmu_init(cpu);
              }
 +            if (steal_time) {
 +                kvm_arm_pvtime_init(cpu, pvtime_reg_base +
 +                                         cpu->cpu_index * PVTIME_SIZE_PER_CPU);
 +            }
          }
      } else {
          if (aarch64 && vms->highmem) {
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
              object_property_set_bool(cpuobj, "kvm-no-adjvtime", true, NULL);
          }
 +        if (vmc->no_kvm_steal_time &&
 +            object_property_find(cpuobj, "kvm-steal-time")) {
 +            object_property_set_bool(cpuobj, "kvm-steal-time", false, NULL);
 +        }
 +
          if (vmc->no_pmu && object_property_find(cpuobj, "pmu")) {
              object_property_set_bool(cpuobj, "pmu", false, NULL);
          }
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
      create_gic(vms);
 -    virt_cpu_post_init(vms);
 +    virt_cpu_post_init(vms, possible_cpus->len, sysmem);
      fdt_add_pmu_nodes(vms);
@@ -XXX,XX +XXX,XX @@ DEFINE_VIRT_MACHINE_AS_LATEST(5, 2)
  static void virt_machine_5_1_options(MachineClass *mc)
  {
 +    VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
 +
      virt_machine_5_2_options(mc);
      compat_props_add(mc->compat_props, hw_compat_5_1, hw_compat_5_1_len);
 +    vmc->no_kvm_steal_time = true;
  }
  DEFINE_VIRT_MACHINE(5, 1)
 diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp)
              return;
          }
      }
 +
 +    if (kvm_enabled()) {
 +        kvm_arm_steal_time_finalize(cpu, &local_err);
 +        if (local_err != NULL) {
 +            error_propagate(errp, local_err);
 +            return;
 +        }
 +    }
  }
  static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 diff --git a/target/arm/kvm.c b/target/arm/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm.c
 +++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ static void kvm_no_adjvtime_set(Object *obj, bool value, Error **errp)
      ARM_CPU(obj)->kvm_adjvtime = !value;
  }
 +static bool kvm_steal_time_get(Object *obj, Error **errp)
 +{
 +    return ARM_CPU(obj)->kvm_steal_time != ON_OFF_AUTO_OFF;
 +}
 +
 +static void kvm_steal_time_set(Object *obj, bool value, Error **errp)
 +{
 +    ARM_CPU(obj)->kvm_steal_time = value ? ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF;
 +}
 +
  /* KVM VCPU properties should be prefixed with "kvm-". */
  void kvm_arm_add_vcpu_properties(Object *obj)
  {
@@ -XXX,XX +XXX,XX @@ void kvm_arm_add_vcpu_properties(Object *obj)
                                          "the virtual counter. VM stopped time "
                                          "will be counted.");
      }
 +
 +    cpu->kvm_steal_time = ON_OFF_AUTO_AUTO;
 +    object_property_add_bool(obj, "kvm-steal-time", kvm_steal_time_get,
 +                             kvm_steal_time_set);
 +    object_property_set_description(obj, "kvm-steal-time",
 +                                    "Set off to disable KVM steal time.");
  }
  bool kvm_arm_pmu_supported(void)
 diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm64.c
 +++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@
  #include <linux/kvm.h>
  #include "qemu-common.h"
 +#include "qapi/error.h"
  #include "cpu.h"
  #include "qemu/timer.h"
  #include "qemu/error-report.h"
@@ -XXX,XX +XXX,XX @@ static CPUWatchpoint *find_hw_watchpoint(CPUState *cpu, target_ulong addr)
      return NULL;
  }
 -static bool kvm_arm_pmu_set_attr(CPUState *cs, struct kvm_device_attr *attr)
 +static bool kvm_arm_set_device_attr(CPUState *cs, struct kvm_device_attr *attr,
 +                                    const char *name)
  {
      int err;
      err = kvm_vcpu_ioctl(cs, KVM_HAS_DEVICE_ATTR, attr);
      if (err != 0) {
 -        error_report("PMU: KVM_HAS_DEVICE_ATTR: %s", strerror(-err));
 +        error_report("%s: KVM_HAS_DEVICE_ATTR: %s", name, strerror(-err));
          return false;
      }
-     err = kvm_vcpu_ioctl(cs, KVM_SET_DEVICE_ATTR, attr);
+-    s->fuse32[bit / 32] |= 1 << (bit % 32);
-     if (err != 0) {
+-    efuse_bdrv_sync(s, bit);
--        error_report("PMU: KVM_SET_DEVICE_ATTR: %s", strerror(-err));
++    /* Avoid back-end write unless there is a real update */
-+        error_report("%s: KVM_SET_DEVICE_ATTR: %s", name, strerror(-err));
++    row = &s->fuse32[bit / 32];
-         return false;
++    set = 1 << (bit % 32);
-     }
++    if (!(set & *row)) {
++        *row |= set;
-@@ -XXX,XX +XXX,XX @@ void kvm_arm_pmu_init(CPUState *cs)
++        efuse_bdrv_sync(s, bit);
      if (!ARM_CPU(cs)->has_pmu) {
          return;
      }
 -    if (!kvm_arm_pmu_set_attr(cs, &attr)) {
 +    if (!kvm_arm_set_device_attr(cs, &attr, "PMU")) {
          error_report("failed to init PMU");
          abort();
      }
@@ -XXX,XX +XXX,XX @@ void kvm_arm_pmu_set_irq(CPUState *cs, int irq)
      if (!ARM_CPU(cs)->has_pmu) {
          return;
      }
 -    if (!kvm_arm_pmu_set_attr(cs, &attr)) {
 +    if (!kvm_arm_set_device_attr(cs, &attr, "PMU")) {
          error_report("failed to set irq for PMU");
          abort();
      }
  }
 +void kvm_arm_pvtime_init(CPUState *cs, uint64_t ipa)
 +{
 +    struct kvm_device_attr attr = {
 +        .group = KVM_ARM_VCPU_PVTIME_CTRL,
 +        .attr = KVM_ARM_VCPU_PVTIME_IPA,
 +        .addr = (uint64_t)&ipa,
 +    };
 +
 +    if (ARM_CPU(cs)->kvm_steal_time == ON_OFF_AUTO_OFF) {
 +        return;
 +    }
-+    if (!kvm_arm_set_device_attr(cs, &attr, "PVTIME IPA")) {
-+        error_report("failed to init PVTIME IPA");
-+        abort();
-+    }
-+}
-+
- static int read_sys_reg32(int fd, uint32_t *pret, uint64_t id)
- {
-     uint64_t ret;
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
      return true;
  }
-+void kvm_arm_steal_time_finalize(ARMCPU *cpu, Error **errp)
-+{
-+    bool has_steal_time = kvm_arm_steal_time_supported();
-+
-+    if (cpu->kvm_steal_time == ON_OFF_AUTO_AUTO) {
-+        if (!has_steal_time || !arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
-+            cpu->kvm_steal_time = ON_OFF_AUTO_OFF;
-+        } else {
-+            cpu->kvm_steal_time = ON_OFF_AUTO_ON;
-+        }
-+    } else if (cpu->kvm_steal_time == ON_OFF_AUTO_ON) {
-+        if (!has_steal_time) {
-+            error_setg(errp, "'kvm-steal-time' cannot be enabled "
-+                             "on this host");
-+            return;
-+        } else if (!arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
-+            /*
-+             * DEN0057A chapter 2 says "This specification only covers
-+             * systems in which the Execution state of the hypervisor
-+             * as well as EL1 of virtual machines is AArch64.". And,
-+             * to ensure that, the smc/hvc calls are only specified as
-+             * smc64/hvc64.
-+             */
-+            error_setg(errp, "'kvm-steal-time' cannot be enabled "
-+                             "for AArch32 guests");
-+            return;
-+        }
-+    }
-+}
-+
- bool kvm_arm_aarch32_supported(void)
- {
-     return kvm_check_extension(kvm_state, KVM_CAP_ARM_EL1_32BIT);
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_sve_supported(void)
-     return kvm_check_extension(kvm_state, KVM_CAP_ARM_SVE);
- }
-+bool kvm_arm_steal_time_supported(void)
-+{
-+    return kvm_check_extension(kvm_state, KVM_CAP_STEAL_TIME);
-+}
-+
- QEMU_BUILD_BUG_ON(KVM_ARM64_SVE_VQ_MIN != 1);
- void kvm_arm_sve_get_vls(CPUState *cs, unsigned long *map)
-diff --git a/target/arm/monitor.c b/target/arm/monitor.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/monitor.c
-+++ b/target/arm/monitor.c
-@@ -XXX,XX +XXX,XX @@ static const char *cpu_model_advertised_features[] = {
-     "sve128", "sve256", "sve384", "sve512",
-     "sve640", "sve768", "sve896", "sve1024", "sve1152", "sve1280",
-     "sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048",
--    "kvm-no-adjvtime",
-+    "kvm-no-adjvtime", "kvm-steal-time",
-     NULL
- };
-diff --git a/tests/qtest/arm-cpu-features.c b/tests/qtest/arm-cpu-features.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/arm-cpu-features.c
-+++ b/tests/qtest/arm-cpu-features.c
-@@ -XXX,XX +XXX,XX @@ static void test_query_cpu_model_expansion(const void *data)
-     assert_set_feature(qts, "max", "pmu", true);
-     assert_has_not_feature(qts, "max", "kvm-no-adjvtime");
-+    assert_has_not_feature(qts, "max", "kvm-steal-time");
-     if (g_str_equal(qtest_get_arch(), "aarch64")) {
-         assert_has_feature_enabled(qts, "max", "aarch64");
-@@ -XXX,XX +XXX,XX @@ static void test_query_cpu_model_expansion_kvm(const void *data)
-     assert_set_feature(qts, "host", "kvm-no-adjvtime", false);
-     if (g_str_equal(qtest_get_arch(), "aarch64")) {
-+        bool kvm_supports_steal_time;
-         bool kvm_supports_sve;
-         char max_name[8], name[8];
-         uint32_t max_vq, vq;
-@@ -XXX,XX +XXX,XX @@ static void test_query_cpu_model_expansion_kvm(const void *data)
-         QDict *resp;
-         char *error;
-+        assert_error(qts, "cortex-a15",
-+            "We cannot guarantee the CPU type 'cortex-a15' works "
-+            "with KVM on this host", NULL);
-+
-         assert_has_feature_enabled(qts, "host", "aarch64");
-         /* Enabling and disabling pmu should always work. */
-@@ -XXX,XX +XXX,XX @@ static void test_query_cpu_model_expansion_kvm(const void *data)
-         assert_set_feature(qts, "host", "pmu", false);
-         assert_set_feature(qts, "host", "pmu", true);
--        assert_error(qts, "cortex-a15",
--            "We cannot guarantee the CPU type 'cortex-a15' works "
--            "with KVM on this host", NULL);
--
-+        /*
-+         * Some features would be enabled by default, but they're disabled
-+         * because this instance of KVM doesn't support them. Test that the
-+         * features are present, and, when enabled, issue further tests.
-+         */
-+        assert_has_feature(qts, "host", "kvm-steal-time");
-         assert_has_feature(qts, "host", "sve");
-+
-         resp = do_query_no_props(qts, "host");
-+        kvm_supports_steal_time = resp_get_feature(resp, "kvm-steal-time");
-         kvm_supports_sve = resp_get_feature(resp, "sve");
-         vls = resp_get_sve_vls(resp);
-         qobject_unref(resp);
-+        if (kvm_supports_steal_time) {
-+            /* If we have steal-time then we should be able to toggle it. */
-+            assert_set_feature(qts, "host", "kvm-steal-time", false);
-+            assert_set_feature(qts, "host", "kvm-steal-time", true);
-+        }
-+
-         if (kvm_supports_sve) {
-             g_assert(vls != 0);
-             max_vq = 64 - __builtin_clzll(vls);
-@@ -XXX,XX +XXX,XX @@ static void test_query_cpu_model_expansion_kvm(const void *data)
-         assert_has_not_feature(qts, "host", "aarch64");
-         assert_has_not_feature(qts, "host", "pmu");
-         assert_has_not_feature(qts, "host", "sve");
-+        assert_has_not_feature(qts, "host", "kvm-steal-time");
-     }
-     qtest_quit(qts);
 --
-.20.1
+.34.1

The following changes since commit 6eeea6725a70e6fcb5abba0764496bdab07ddfb3:

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-10-06' into staging (2020-10-06 21:13:34 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201008

for you to fetch changes up to ba118c26e16a97e6ff6de8184057d3420ce16a23:

target/arm: Make '-cpu max' have a 48-bit PA (2020-10-08 15:24:32 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer
 * hw/arm/fsl-imx25: Fix a typo
 * hw/arm/sbsa-ref : Fix SMMUv3 Initialisation
 * hw/arm/sbsa-ref : allocate IRQs for SMMUv3
 * hw/char/bcm2835_aux: Allow less than 32-bit accesses
 * hw/arm/virt: Implement kvm-steal-time
 * target/arm: Make '-cpu max' have a 48-bit PA

----------------------------------------------------------------
Andrew Jones (6):
      linux headers: sync to 5.9-rc7
      target/arm/kvm: Make uncalled stubs explicitly unreachable
      hw/arm/virt: Move post cpu realize check into its own function
      hw/arm/virt: Move kvm pmu setup to virt_cpu_post_init
      tests/qtest: Restore aarch64 arm-cpu-features test
      hw/arm/virt: Implement kvm-steal-time

Graeme Gregory (2):
      hw/arm/sbsa-ref : Fix SMMUv3 Initialisation
      hw/arm/sbsa-ref : allocate IRQs for SMMUv3

Peter Maydell (1):
      target/arm: Make '-cpu max' have a 48-bit PA

Philippe Mathieu-Daudé (3):
      hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer
      hw/arm/fsl-imx25: Fix a typo
      hw/char/bcm2835_aux: Allow less than 32-bit accesses

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Fix integer handling issues handling issue reported by Coverity:

hw/ssi/npcm7xx_fiu.c: 162 in npcm7xx_fiu_flash_read()
  >>>     CID 1432730:  Integer handling issues  (NEGATIVE_RETURNS)
  >>>     "npcm7xx_fiu_cs_index(fiu, f)" is passed to a parameter that cannot be negative.
  162         npcm7xx_fiu_select(fiu, npcm7xx_fiu_cs_index(fiu, f));

hw/ssi/npcm7xx_fiu.c: 221 in npcm7xx_fiu_flash_write()
  218         cs_id = npcm7xx_fiu_cs_index(fiu, f);
  219         trace_npcm7xx_fiu_flash_write(DEVICE(fiu)->canonical_path, cs_id, addr,
  220                                       size, v);
  >>>     CID 1432729:  Integer handling issues  (NEGATIVE_RETURNS)
  >>>     "cs_id" is passed to a parameter that cannot be negative.
  221         npcm7xx_fiu_select(fiu, cs_id);

Since the index of the flash can not be negative, return an
unsigned type.

Reported-by: Coverity (CID 1432729 & 1432730: NEGATIVE_RETURNS)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-id: 20200919132435.310527-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/npcm7xx_fiu.c | 12 ++++++------
 hw/ssi/trace-events  |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/ssi/npcm7xx_fiu.c b/hw/ssi/npcm7xx_fiu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ssi/npcm7xx_fiu.c
+++ b/hw/ssi/npcm7xx_fiu.c
@@ -XXX,XX +XXX,XX @@ enum NPCM7xxFIURegister {
  * Returns the index of flash in the fiu->flash array. This corresponds to the
  * chip select ID of the flash.
  */
-static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash)
+static unsigned npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu,
+                                     NPCM7xxFIUFlash *flash)
 {
     int index = flash - fiu->flash;
 
@@ -XXX,XX +XXX,XX @@ static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash)
 }
 
 /* Assert the chip select specified in the UMA Control/Status Register. */
-static void npcm7xx_fiu_select(NPCM7xxFIUState *s, int cs_id)
+static void npcm7xx_fiu_select(NPCM7xxFIUState *s, unsigned cs_id)
 {
     trace_npcm7xx_fiu_select(DEVICE(s)->canonical_path, cs_id);
 
     if (cs_id < s->cs_count) {
         qemu_irq_lower(s->cs_lines[cs_id]);
+        s->active_cs = cs_id;
     } else {
         qemu_log_mask(LOG_GUEST_ERROR,
                       "%s: UMA to CS%d; this module has only %d chip selects",
                       DEVICE(s)->canonical_path, cs_id, s->cs_count);
-        cs_id = -1;
+        s->active_cs = -1;
     }
-
-    s->active_cs = cs_id;
 }
 
 /* Deassert the currently active chip select. */
@@ -XXX,XX +XXX,XX @@ static void npcm7xx_fiu_flash_write(void *opaque, hwaddr addr, uint64_t v,
     NPCM7xxFIUFlash *f = opaque;
     NPCM7xxFIUState *fiu = f->fiu;
     uint32_t dwr_cfg;
-    int cs_id;
+    unsigned cs_id;
     int i;
 
     if (fiu->active_cs != -1) {
diff --git a/hw/ssi/trace-events b/hw/ssi/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/ssi/trace-events
+++ b/hw/ssi/trace-events
@@ -XXX,XX +XXX,XX @@ npcm7xx_fiu_deselect(const char *id, int cs) "%s deselect CS%d"
 npcm7xx_fiu_ctrl_read(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32
 npcm7xx_fiu_ctrl_write(const char *id, uint64_t addr, uint32_t data) "%s offset: 0x%04" PRIx64 " value: 0x%08" PRIx32
 npcm7xx_fiu_flash_read(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
-npcm7xx_fiu_flash_write(const char *id, int cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
+npcm7xx_fiu_flash_write(const char *id, unsigned cs, uint64_t addr, unsigned int size, uint64_t value) "%s[%d] offset: 0x%08" PRIx64 " size: %u value: 0x%" PRIx64
-- 
2.20.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201002080935.1660005-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/fsl-imx25.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/fsl-imx25.h
+++ b/include/hw/arm/fsl-imx25.h
@@ -XXX,XX +XXX,XX @@ struct FslIMX25State {
  * 0xBB00_0000 0xBB00_0FFF 4 Kbytes     NAND flash main area buffer
  * 0xBB00_1000 0xBB00_11FF 512 B        NAND flash spare area buffer
  * 0xBB00_1200 0xBB00_1DFF 3 Kbytes     Reserved
- * 0xBB00_1E00 0xBB00_1FFF 512 B        NAND flash control regisers
+ * 0xBB00_1E00 0xBB00_1FFF 512 B        NAND flash control registers
  * 0xBB01_2000 0xBFFF_FFFF 96 Mbytes (minus 8 Kbytes) Reserved
  * 0xC000_0000 0xFFFF_FFFF 1024 Mbytes  Reserved
  */
-- 
2.20.1

From: Graeme Gregory <graeme@nuviainc.com>

SMMUv3 has an error in a previous patch where an i was transposed to a 1
meaning interrupts would not have been correctly assigned to the SMMUv3
instance.

Fixes: 48ba18e6d3f3 ("hw/arm/sbsa-ref: Simplify by moving the gic in the machine state")
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20201007100732.4103790-2-graeme@nuviainc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/sbsa-ref.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -XXX,XX +XXX,XX @@ static void create_smmu(const SBSAMachineState *sms, PCIBus *bus)
     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
     for (i = 0; i < NUM_SMMU_IRQS; i++) {
         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
-                           qdev_get_gpio_in(sms->gic, irq + 1));
+                           qdev_get_gpio_in(sms->gic, irq + i));
     }
 }
 
-- 
2.20.1

From: Graeme Gregory <graeme@nuviainc.com>

Original commit did not allocate IRQs for the SMMUv3 in the irqmap
effectively using irq 0->3 (shared with other devices). Assuming
original intent was to allocate unique IRQs then add an allocation
to the irqmap.

Fixes: e9fdf453240 ("hw/arm: Add arm SBSA reference machine, devices part")
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20201007100732.4103790-3-graeme@nuviainc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/sbsa-ref.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -XXX,XX +XXX,XX @@ static const int sbsa_ref_irqmap[] = {
     [SBSA_SECURE_UART_MM] = 9,
     [SBSA_AHCI] = 10,
     [SBSA_EHCI] = 11,
+    [SBSA_SMMU] = 12, /* ... to 15 */
 };
 
 static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx)
-- 
2.20.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The "BCM2835 ARM Peripherals" datasheet [*] chapter 2
("Auxiliaries: UART1 & SPI1, SPI2"), list the register
sizes as 3/8/16/32 bits. We assume this means this
peripheral allows 8-bit accesses.

This was not an issue until commit 5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").

The model is implemented as 32-bit accesses (see commit 97398d900c,
all registers are 32-bit) so replace MemoryRegionOps.valid as
MemoryRegionOps.impl, and re-introduce MemoryRegionOps.valid
with a 8/32-bit range.

[*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf

Fixes: 97398d900c ("bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201002181032.1899463-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/bcm2835_aux.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps bcm2835_aux_ops = {
     .read = bcm2835_aux_read,
     .write = bcm2835_aux_write,
     .endianness = DEVICE_NATIVE_ENDIAN,
-    .valid.min_access_size = 4,
+    .impl.min_access_size = 4,
+    .impl.max_access_size = 4,
+    .valid.min_access_size = 1,
     .valid.max_access_size = 4,
 };
 
-- 
2.20.1