Series comparison

-[PULL 0/3] target-arm queue
+[PULL 0/2] target-arm queue
-A few last patches to go in for rc3...
+This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
 we were using uninitialized data for the guarded bit when
 combining stage 1 and stage 2 attrs.
-The following changes since commit c1e90def01bdb8fcbdbebd9d1eaa8e4827ece620:
+thanks
 -- PMM
-  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210412' into staging (2021-04-12 12:12:09 +0100)
+The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
   Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210413
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
-for you to fetch changes up to 2d18b4ca023ca1a3aee18064251d6e6e1084f3eb:
+for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
-  sphinx: qapidoc: Wrap "If" section body in a paragraph node (2021-04-13 10:14:58 +0100)
+  target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
 ----------------------------------------------------------------
-target-arm queue:
+target-arm: Fix bug where we weren't initializing
- * Fix MPC setting for AN524 SRAM block
+            guarded bit state when combining S1/S2 attrs
  * sphinx: qapidoc: Wrap "If" section body in a paragraph node
 ----------------------------------------------------------------
-John Snow (1):
+Richard Henderson (2):
-      sphinx: qapidoc: Wrap "If" section body in a paragraph node
+      target/arm: PTE bit GP only applies to stage1
       target/arm: Copy guarded bit in combine_cacheattrs
-Peter Maydell (2):
+ target/arm/ptw.c | 11 ++++++-----
-      hw/arm/mps2-tz: Fix MPC setting for AN524 SRAM block
+file changed, 6 insertions(+), 5 deletions(-)
       hw/arm/mps2-tz: Assert if more than one RAM is attached to an MPC
  docs/sphinx/qapidoc.py |  4 +++-
  hw/arm/mps2-tz.c       | 10 +++++++---
 files changed, 10 insertions(+), 4 deletions(-)

-[PULL 1/3] hw/arm/mps2-tz: Fix MPC setting for AN524 SRAM block
+Deleted patch
-The AN524 has three MPCs: one for the BRAM, one for the QSPI flash,
-and one for the DDR.  We incorrectly set the .mpc field in the
-RAMInfo struct for the SRAM block to 1, giving it the same MPC we are
-using for the QSPI.  The effect of this was that the QSPI didn't get
-mapped into the system address space at all, via an MPC or otherwise,
-and guest programs which tried to read from the QSPI would get a bus
-error.  Correct the SRAM RAMInfo to indicate that it does not have an
-associated MPC.
-Fixes: 25ff112a8cc ("hw/arm/mps2-tz: Add new mps3-an524 board")
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20210409150527.15053-2-peter.maydell@linaro.org
----
- hw/arm/mps2-tz.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/mps2-tz.c
-+++ b/hw/arm/mps2-tz.c
-@@ -XXX,XX +XXX,XX @@ static const RAMInfo an524_raminfo[] = { {
-         .name = "sram",
-         .base = 0x20000000,
-         .size = 32 * 4 * KiB,
--        .mpc = 1,
-+        .mpc = -1,
-         .mrindex = 1,
-     }, {
-         /* We don't model QSPI flash yet; for now expose it as simple ROM */
---
-.20.1

-[PULL 2/3] hw/arm/mps2-tz: Assert if more than one RAM is attached to an MPC
+[PULL 1/2] target/arm: PTE bit GP only applies to stage1
-Each board in mps2-tz.c specifies a RAMInfo[] array providing
+From: Richard Henderson <richard.henderson@linaro.org>
 information about each RAM in the board.  The .mpc field of the
 RAMInfo struct specifies which MPC, if any, the RAM is attached to.
 We already assert if the array doesn't have any entry for an MPC, but
 we don't diagnose the error of using the same MPC number twice (which
 is quite easy to do by accident if copy-and-pasting structure
 entries).
-Enhance find_raminfo_for_mpc() so that it detects multiple entries
+Only perform the extract of GP during the stage1 walk.
 for the MPC as well as missing entries.
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20210409150527.15053-3-peter.maydell@linaro.org
 ---
- hw/arm/mps2-tz.c | 8 ++++++--
+ target/arm/ptw.c | 10 +++++-----
-file changed, 6 insertions(+), 2 deletions(-)
+file changed, 5 insertions(+), 5 deletions(-)
-diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/mps2-tz.c
+--- a/target/arm/ptw.c
-+++ b/hw/arm/mps2-tz.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static const RAMInfo *find_raminfo_for_mpc(MPS2TZMachineState *mms, int mpc)
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
- {
+         result->f.attrs.secure = false;
      MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms);
      const RAMInfo *p;
 +    const RAMInfo *found = NULL;
      for (p = mmc->raminfo; p->name; p++) {
          if (p->mpc == mpc && !(p->flags & IS_ALIAS)) {
 -            return p;
 +            /* There should only be one entry in the array for this MPC */
 +            g_assert(!found);
 +            found = p;
          }
      }
-     /* if raminfo array doesn't have an entry for each MPC this is a bug */
--    g_assert_not_reached();
+-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-+    assert(found);
+-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-+    return found;
+-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
- }
+-    }
+-
- static MemoryRegion *mr_for_raminfo(MPS2TZMachineState *mms,
+     if (regime_is_stage2(mmu_idx)) {
          result->cacheattrs.is_s2_format = true;
          result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
          assert(attrindx <= 7);
          result->cacheattrs.is_s2_format = false;
          result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
 +
 +        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
 +        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
 +            result->f.guarded = extract64(attrs, 50, 1); /* GP */
 +        }
      }
      /*
 --
-.20.1
+.34.1

-[PULL 3/3] sphinx: qapidoc: Wrap "If" section body in a paragraph node
+[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
-From: John Snow <jsnow@redhat.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-These sections need to be wrapped in a block-level element, such as
+The guarded bit comes from the stage1 walk.
 Paragraph in order for them to be rendered into Texinfo correctly.
-Before (e.g.):
+Fixes: Coverity CID 1507929
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 <section ids="qapidoc-713">
   <title>If</title>
   <literal>defined(CONFIG_REPLICATION)</literal>
 </section>
 became:
   .SS If
   \fBdefined(CONFIG_REPLICATION)\fP.SS \fBBlockdevOptionsReplication\fP (Object)
   ...
 After:
 <section ids="qapidoc-713">
   <title>If</title>
   <paragraph>
     <literal>defined(CONFIG_REPLICATION)</literal>
   </paragraph>
 </section>
 becomes:
   .SS If
   .sp
   \fBdefined(CONFIG_REPLICATION)\fP
   .SS \fBBlockdevOptionsReplication\fP (Object)
   ...
 Reported-by: Markus Armbruster <armbru@redhat.com>
 Tested-by: Markus Armbruster <armbru@redhat.com>
 Signed-off-by: John Snow <jsnow@redhat.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20210406141909.1992225-2-jsnow@redhat.com
+Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- docs/sphinx/qapidoc.py | 4 +++-
+ target/arm/ptw.c | 1 +
-file changed, 3 insertions(+), 1 deletion(-)
+file changed, 1 insertion(+)
-diff --git a/docs/sphinx/qapidoc.py b/docs/sphinx/qapidoc.py
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/docs/sphinx/qapidoc.py
+--- a/target/arm/ptw.c
-+++ b/docs/sphinx/qapidoc.py
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ def _nodes_for_if_section(self, ifcond):
+@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
-         nodelist = []
-         if ifcond:
+     assert(!s1.is_s2_format);
-             snode = self._make_section('If')
+     ret.is_s2_format = false;
--            snode += self._nodes_for_ifcond(ifcond, with_if=False)
++    ret.guarded = s1.guarded;
-+            snode += nodes.paragraph(
-+                '', '', *self._nodes_for_ifcond(ifcond, with_if=False)
+     if (s1.attrs == 0xf0) {
-+            )
+         tagged = true;
              nodelist.append(snode)
          return nodelist
 --
-.20.1
+.34.1

A few last patches to go in for rc3...

The following changes since commit c1e90def01bdb8fcbdbebd9d1eaa8e4827ece620:

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210412' into staging (2021-04-12 12:12:09 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210413

for you to fetch changes up to 2d18b4ca023ca1a3aee18064251d6e6e1084f3eb:

sphinx: qapidoc: Wrap "If" section body in a paragraph node (2021-04-13 10:14:58 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix MPC setting for AN524 SRAM block
 * sphinx: qapidoc: Wrap "If" section body in a paragraph node

----------------------------------------------------------------
John Snow (1):
      sphinx: qapidoc: Wrap "If" section body in a paragraph node

Peter Maydell (2):
      hw/arm/mps2-tz: Fix MPC setting for AN524 SRAM block
      hw/arm/mps2-tz: Assert if more than one RAM is attached to an MPC

docs/sphinx/qapidoc.py |  4 +++-
 hw/arm/mps2-tz.c       | 10 +++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

The AN524 has three MPCs: one for the BRAM, one for the QSPI flash,
and one for the DDR.  We incorrectly set the .mpc field in the
RAMInfo struct for the SRAM block to 1, giving it the same MPC we are
using for the QSPI.  The effect of this was that the QSPI didn't get
mapped into the system address space at all, via an MPC or otherwise,
and guest programs which tried to read from the QSPI would get a bus
error.  Correct the SRAM RAMInfo to indicate that it does not have an
associated MPC.

Fixes: 25ff112a8cc ("hw/arm/mps2-tz: Add new mps3-an524 board")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210409150527.15053-2-peter.maydell@linaro.org
---
 hw/arm/mps2-tz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -XXX,XX +XXX,XX @@ static const RAMInfo an524_raminfo[] = { {
         .name = "sram",
         .base = 0x20000000,
         .size = 32 * 4 * KiB,
-        .mpc = 1,
+        .mpc = -1,
         .mrindex = 1,
     }, {
         /* We don't model QSPI flash yet; for now expose it as simple ROM */
-- 
2.20.1

Each board in mps2-tz.c specifies a RAMInfo[] array providing
information about each RAM in the board.  The .mpc field of the
RAMInfo struct specifies which MPC, if any, the RAM is attached to.
We already assert if the array doesn't have any entry for an MPC, but
we don't diagnose the error of using the same MPC number twice (which
is quite easy to do by accident if copy-and-pasting structure
entries).

Enhance find_raminfo_for_mpc() so that it detects multiple entries
for the MPC as well as missing entries.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210409150527.15053-3-peter.maydell@linaro.org
---
 hw/arm/mps2-tz.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -XXX,XX +XXX,XX @@ static const RAMInfo *find_raminfo_for_mpc(MPS2TZMachineState *mms, int mpc)
 {
     MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms);
     const RAMInfo *p;
+    const RAMInfo *found = NULL;
 
     for (p = mmc->raminfo; p->name; p++) {
         if (p->mpc == mpc && !(p->flags & IS_ALIAS)) {
-            return p;
+            /* There should only be one entry in the array for this MPC */
+            g_assert(!found);
+            found = p;
         }
     }
     /* if raminfo array doesn't have an entry for each MPC this is a bug */
-    g_assert_not_reached();
+    assert(found);
+    return found;
 }
 
 static MemoryRegion *mr_for_raminfo(MPS2TZMachineState *mms,
-- 
2.20.1

From: John Snow <jsnow@redhat.com>

These sections need to be wrapped in a block-level element, such as
Paragraph in order for them to be rendered into Texinfo correctly.

Before (e.g.):

<section ids="qapidoc-713">
  <title>If</title>
  <literal>defined(CONFIG_REPLICATION)</literal>
</section>

became:

.SS If
  \fBdefined(CONFIG_REPLICATION)\fP.SS \fBBlockdevOptionsReplication\fP (Object)
  ...

After:

<section ids="qapidoc-713">
  <title>If</title>
  <paragraph>
    <literal>defined(CONFIG_REPLICATION)</literal>
  </paragraph>
</section>

becomes:

.SS If
  .sp
  \fBdefined(CONFIG_REPLICATION)\fP
  .SS \fBBlockdevOptionsReplication\fP (Object)
  ...

Reported-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210406141909.1992225-2-jsnow@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/sphinx/qapidoc.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/sphinx/qapidoc.py b/docs/sphinx/qapidoc.py
index XXXXXXX..XXXXXXX 100644
--- a/docs/sphinx/qapidoc.py
+++ b/docs/sphinx/qapidoc.py
@@ -XXX,XX +XXX,XX @@ def _nodes_for_if_section(self, ifcond):
         nodelist = []
         if ifcond:
             snode = self._make_section('If')
-            snode += self._nodes_for_ifcond(ifcond, with_if=False)
+            snode += nodes.paragraph(
+                '', '', *self._nodes_for_ifcond(ifcond, with_if=False)
+            )
             nodelist.append(snode)
         return nodelist
 
-- 
2.20.1

This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
we were using uninitialized data for the guarded bit when
combining stage 1 and stage 2 attrs.

thanks
-- PMM

The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:

Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410

for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:

target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)

----------------------------------------------------------------
target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

----------------------------------------------------------------
Richard Henderson (2):
      target/arm: PTE bit GP only applies to stage1
      target/arm: Copy guarded bit in combine_cacheattrs

target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1