Series comparison

-[PULL 00/43] target-arm queue
+[PULL 00/23] target-arm queue
-First arm pullreq for 6.1 cycle. The big stuff here is RTH's alignment series.
+Two small bugfixes, plus most of RTH's refactoring of cpregs
 handling.
-thanks
 -- PMM
-The following changes since commit ccdf06c1db192152ac70a1dd974c624f566cb7d4:
+The following changes since commit 1fba9dc71a170b3a05b9d3272dd8ecfe7f26e215:
-  Open 6.1 development tree (2021-04-30 11:15:40 +0100)
+  Merge tag 'pull-request-2022-05-04' of https://gitlab.com/thuth/qemu into staging (2022-05-04 08:07:02 -0700)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210430
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220505
-for you to fetch changes up to a6091108aa44e9017af4ca13c43f55a629e3744c:
+for you to fetch changes up to 99a50d1a67c602126fc2b3a4812d3000eba9bf34:
-  hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows (2021-04-30 11:16:52 +0100)
+  target/arm: read access to performance counters from EL0 (2022-05-05 09:36:22 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows
+ * Enable read access to performance counters from EL0
- * hw: add compat machines for 6.1
+ * Enable SCTLR_EL1.BT0 for aarch64-linux-user
- * Fault misaligned accesses where the architecture requires it
+ * Refactoring of cpreg handling
  * Fix some corner cases of MTE faults (notably with misaligned accesses)
  * Make Thumb store insns UNDEF for Rn==1111
  * hw/arm/smmuv3: Support 16K translation granule
 ----------------------------------------------------------------
-Cornelia Huck (1):
+Alex Zuepke (1):
-      hw: add compat machines for 6.1
+      target/arm: read access to performance counters from EL0
-Kunkun Jiang (1):
+Richard Henderson (22):
-      hw/arm/smmuv3: Support 16K translation granule
+      target/arm: Enable SCTLR_EL1.BT0 for aarch64-linux-user
       target/arm: Split out cpregs.h
       target/arm: Reorg CPAccessResult and access_check_cp_reg
       target/arm: Replace sentinels with ARRAY_SIZE in cpregs.h
       target/arm: Make some more cpreg data static const
       target/arm: Reorg ARMCPRegInfo type field bits
       target/arm: Avoid bare abort() or assert(0)
       target/arm: Change cpreg access permissions to enum
       target/arm: Name CPState type
       target/arm: Name CPSecureState type
       target/arm: Drop always-true test in define_arm_vh_e2h_redirects_aliases
       target/arm: Store cpregs key in the hash table directly
       target/arm: Merge allocation of the cpreg and its name
       target/arm: Hoist computation of key in add_cpreg_to_hashtable
       target/arm: Consolidate cpreg updates in add_cpreg_to_hashtable
       target/arm: Use bool for is64 and ns in add_cpreg_to_hashtable
       target/arm: Hoist isbanked computation in add_cpreg_to_hashtable
       target/arm: Perform override check early in add_cpreg_to_hashtable
       target/arm: Reformat comments in add_cpreg_to_hashtable
       target/arm: Remove HOST_BIG_ENDIAN ifdef in add_cpreg_to_hashtable
       target/arm: Add isar predicates for FEAT_Debugv8p2
       target/arm: Add isar_feature_{aa64,any}_ras
-Peter Maydell (2):
+ target/arm/cpregs.h               | 453 ++++++++++++++++++++++++++++++++++++++
-      target/arm: Make Thumb store insns UNDEF for Rn==1111
+ target/arm/cpu.h                  | 393 +++------------------------------
-      hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows
+ hw/arm/pxa2xx.c                   |   2 +-
+ hw/arm/pxa2xx_pic.c               |   2 +-
-Richard Henderson (39):
+ hw/intc/arm_gicv3_cpuif.c         |   6 +-
-      target/arm: Fix mte_checkN
+ hw/intc/arm_gicv3_kvm.c           |   3 +-
-      target/arm: Split out mte_probe_int
+ target/arm/cpu.c                  |  25 +--
-      target/arm: Fix unaligned checks for mte_check1, mte_probe1
+ target/arm/cpu64.c                |   2 +-
-      test/tcg/aarch64: Add mte-5
+ target/arm/cpu_tcg.c              |   5 +-
-      target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
+ target/arm/gdbstub.c              |   5 +-
-      target/arm: Merge mte_check1, mte_checkN
+ target/arm/helper.c               | 358 +++++++++++++-----------------
-      target/arm: Rename mte_probe1 to mte_probe
+ target/arm/hvf/hvf.c              |   2 +-
-      target/arm: Simplify sve mte checking
+ target/arm/kvm-stub.c             |   4 +-
-      target/arm: Remove log2_esize parameter to gen_mte_checkN
+ target/arm/kvm.c                  |   4 +-
-      target/arm: Fix decode of align in VLDST_single
+ target/arm/machine.c              |   4 +-
-      target/arm: Rename TBFLAG_A32, SCTLR_B
+ target/arm/op_helper.c            |  57 ++---
-      target/arm: Rename TBFLAG_ANY, PSTATE_SS
+ target/arm/translate-a64.c        |  14 +-
-      target/arm: Add wrapper macros for accessing tbflags
+ target/arm/translate-neon.c       |   2 +-
-      target/arm: Introduce CPUARMTBFlags
+ target/arm/translate.c            |  13 +-
-      target/arm: Move mode specific TB flags to tb->cs_base
+ tests/tcg/aarch64/bti-3.c         |  42 ++++
-      target/arm: Move TBFLAG_AM32 bits to the top
+ tests/tcg/aarch64/Makefile.target |   6 +-
-      target/arm: Move TBFLAG_ANY bits to the bottom
+files changed, 738 insertions(+), 664 deletions(-)
-      target/arm: Add ALIGN_MEM to TBFLAG_ANY
+ create mode 100644 target/arm/cpregs.h
-      target/arm: Adjust gen_aa32_{ld, st}_i32 for align+endianness
+ create mode 100644 tests/tcg/aarch64/bti-3.c
       target/arm: Merge gen_aa32_frob64 into gen_aa32_ld_i64
       target/arm: Fix SCTLR_B test for TCGv_i64 load/store
       target/arm: Adjust gen_aa32_{ld, st}_i64 for align+endianness
       target/arm: Enforce word alignment for LDRD/STRD
       target/arm: Enforce alignment for LDA/LDAH/STL/STLH
       target/arm: Enforce alignment for LDM/STM
       target/arm: Enforce alignment for RFE
       target/arm: Enforce alignment for SRS
       target/arm: Enforce alignment for VLDM/VSTM
       target/arm: Enforce alignment for VLDR/VSTR
       target/arm: Enforce alignment for VLDn (all lanes)
       target/arm: Enforce alignment for VLDn/VSTn (multiple)
       target/arm: Enforce alignment for VLDn/VSTn (single)
       target/arm: Use finalize_memop for aa64 gpr load/store
       target/arm: Use finalize_memop for aa64 fpr load/store
       target/arm: Enforce alignment for aa64 load-acq/store-rel
       target/arm: Use MemOp for size + endian in aa64 vector ld/st
       target/arm: Enforce alignment for aa64 vector LDn/STn (multiple)
       target/arm: Enforce alignment for aa64 vector LDn/STn (single)
       target/arm: Enforce alignment for sve LD1R
  include/hw/boards.h               |   3 +
  include/hw/i386/pc.h              |   3 +
  include/hw/pci-host/gpex.h        |   4 +
  target/arm/cpu.h                  | 105 ++++++++++-----
  target/arm/helper-a64.h           |   3 +-
  target/arm/internals.h            |  11 +-
  target/arm/translate-a64.h        |   2 +-
  target/arm/translate.h            |  38 ++++++
  target/arm/neon-ls.decode         |   4 +-
  hw/arm/smmuv3.c                   |   6 +-
  hw/arm/virt.c                     |   7 +-
  hw/core/machine.c                 |   5 +
  hw/i386/pc.c                      |   3 +
  hw/i386/pc_piix.c                 |  14 +-
  hw/i386/pc_q35.c                  |  13 +-
  hw/pci-host/gpex.c                |  56 +++++++-
  hw/ppc/spapr.c                    |  17 ++-
  hw/s390x/s390-virtio-ccw.c        |  14 +-
  target/arm/helper-a64.c           |   2 +-
  target/arm/helper.c               | 162 ++++++++++++----------
  target/arm/mte_helper.c           | 185 ++++++++++---------------
  target/arm/sve_helper.c           | 100 +++++---------
  target/arm/translate-a64.c        | 236 ++++++++++++++++----------------
  target/arm/translate-sve.c        |  11 +-
  target/arm/translate.c            | 274 ++++++++++++++++++++++----------------
  tests/tcg/aarch64/mte-5.c         |  44 ++++++
  target/arm/translate-neon.c.inc   | 117 ++++++++++++----
  target/arm/translate-vfp.c.inc    |  20 +--
  tests/tcg/aarch64/Makefile.target |   2 +-
 files changed, 878 insertions(+), 583 deletions(-)
  create mode 100644 tests/tcg/aarch64/mte-5.c

-[PULL 01/43] hw/arm/smmuv3: Support 16K translation granule
+Deleted patch
-From: Kunkun Jiang <jiangkunkun@huawei.com>
-The driver can query some bits in SMMUv3 IDR5 to learn which
-translation granules are supported. Arm recommends that SMMUv3
-implementations support at least 4K and 64K granules. But in
-the vSMMUv3, there seems to be no reason not to support 16K
-translation granule. In addition, if 16K is not supported,
-vSVA will failed to be enabled in the future for 16K guest
-kernel. So it'd better to support it.
-Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Tested-by: Eric Auger <eric.auger@redhat.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/smmuv3.c | 6 ++++--
-file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/smmuv3.c
-+++ b/hw/arm/smmuv3.c
-@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)
-     s->idr[3] = FIELD_DP32(s->idr[3], IDR3, RIL, 1);
-     s->idr[3] = FIELD_DP32(s->idr[3], IDR3, HAD, 1);
--   /* 4K and 64K granule support */
-+    /* 4K, 16K and 64K granule support */
-     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN4K, 1);
-+    s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN16K, 1);
-     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN64K, 1);
-     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS); /* 44 bits */
-@@ -XXX,XX +XXX,XX @@ static int decode_cd(SMMUTransCfg *cfg, CD *cd, SMMUEventInfo *event)
-         tg = CD_TG(cd, i);
-         tt->granule_sz = tg2granule(tg, i);
--        if ((tt->granule_sz != 12 && tt->granule_sz != 16) || CD_ENDI(cd)) {
-+        if ((tt->granule_sz != 12 && tt->granule_sz != 14 &&
-+             tt->granule_sz != 16) || CD_ENDI(cd)) {
-             goto bad_cd;
-         }
---
-.20.1

-[PULL 02/43] target/arm: Make Thumb store insns UNDEF for Rn==1111
+Deleted patch
-The Arm ARM specifies that for Thumb encodings of the various plain
-store insns, if the Rn field is 1111 then we must UNDEF.  This is
-different from the Arm encodings, where this case is either
-UNPREDICTABLE or has well-defined behaviour.  The exclusive stores,
-store-release and STRD do not have this UNDEF case for any encoding.
-Enforce the UNDEF for this case in the Thumb plain store insns.
-Fixes: https://bugs.launchpad.net/qemu/+bug/1922887
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210408162402.5822-1-peter.maydell@linaro.org
----
- target/arm/translate.c | 16 ++++++++++++++++
-file changed, 16 insertions(+)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool op_store_rr(DisasContext *s, arg_ldst_rr *a,
-     ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite;
-     TCGv_i32 addr, tmp;
-+    /*
-+     * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it
-+     * is either UNPREDICTABLE or has defined behaviour
-+     */
-+    if (s->thumb && a->rn == 15) {
-+        return false;
-+    }
-+
-     addr = op_addr_rr_pre(s, a);
-     tmp = load_reg(s, a->rt);
-@@ -XXX,XX +XXX,XX @@ static bool op_store_ri(DisasContext *s, arg_ldst_ri *a,
-     ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite;
-     TCGv_i32 addr, tmp;
-+    /*
-+     * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it
-+     * is either UNPREDICTABLE or has defined behaviour
-+     */
-+    if (s->thumb && a->rn == 15) {
-+        return false;
-+    }
-+
-     addr = op_addr_ri_pre(s, a);
-     tmp = load_reg(s, a->rt);
---
-.20.1

-[PULL 03/43] target/arm: Fix mte_checkN
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-We were incorrectly assuming that only the first byte of an MTE access
-is checked against the tags.  But per the ARM, unaligned accesses are
-pre-decomposed into single-byte accesses.  So by the time we reach the
-actual MTE check in the ARM pseudocode, all accesses are aligned.
-Therefore, the first failure is always either the first byte of the
-access, or the first byte of the granule.
-In addition, some of the arithmetic is off for last-first -> count.
-This does not become directly visible until a later patch that passes
-single bytes into this function, so ptr == ptr_last.
-Buglink: https://bugs.launchpad.net/bugs/1921948
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-2-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-[PMM: tweaked a comment]
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/mte_helper.c | 40 ++++++++++++++++++----------------------
-file changed, 18 insertions(+), 22 deletions(-)
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
-+++ b/target/arm/mte_helper.c
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-                     uint64_t ptr, uintptr_t ra)
- {
-     int mmu_idx, ptr_tag, bit55;
--    uint64_t ptr_last, ptr_end, prev_page, next_page;
--    uint64_t tag_first, tag_end;
--    uint64_t tag_byte_first, tag_byte_end;
--    uint32_t esize, total, tag_count, tag_size, n, c;
-+    uint64_t ptr_last, prev_page, next_page;
-+    uint64_t tag_first, tag_last;
-+    uint64_t tag_byte_first, tag_byte_last;
-+    uint32_t total, tag_count, tag_size, n, c;
-     uint8_t *mem1, *mem2;
-     MMUAccessType type;
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-     mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
-     type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
--    esize = FIELD_EX32(desc, MTEDESC, ESIZE);
-     total = FIELD_EX32(desc, MTEDESC, TSIZE);
--    /* Find the addr of the end of the access, and of the last element. */
--    ptr_end = ptr + total;
--    ptr_last = ptr_end - esize;
-+    /* Find the addr of the end of the access */
-+    ptr_last = ptr + total - 1;
-     /* Round the bounds to the tag granule, and compute the number of tags. */
-     tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
--    tag_end = QEMU_ALIGN_UP(ptr_last, TAG_GRANULE);
--    tag_count = (tag_end - tag_first) / TAG_GRANULE;
-+    tag_last = QEMU_ALIGN_DOWN(ptr_last, TAG_GRANULE);
-+    tag_count = ((tag_last - tag_first) / TAG_GRANULE) + 1;
-     /* Round the bounds to twice the tag granule, and compute the bytes. */
-     tag_byte_first = QEMU_ALIGN_DOWN(ptr, 2 * TAG_GRANULE);
--    tag_byte_end = QEMU_ALIGN_UP(ptr_last, 2 * TAG_GRANULE);
-+    tag_byte_last = QEMU_ALIGN_DOWN(ptr_last, 2 * TAG_GRANULE);
-     /* Locate the page boundaries. */
-     prev_page = ptr & TARGET_PAGE_MASK;
-     next_page = prev_page + TARGET_PAGE_SIZE;
--    if (likely(tag_end - prev_page <= TARGET_PAGE_SIZE)) {
-+    if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
-         /* Memory access stays on one page. */
--        tag_size = (tag_byte_end - tag_byte_first) / (2 * TAG_GRANULE);
-+        tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
-         mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
-                                   MMU_DATA_LOAD, tag_size, ra);
-         if (!mem1) {
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-         mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, next_page - ptr,
-                                   MMU_DATA_LOAD, tag_size, ra);
--        tag_size = (tag_byte_end - next_page) / (2 * TAG_GRANULE);
-+        tag_size = ((tag_byte_last - next_page) / (2 * TAG_GRANULE)) + 1;
-         mem2 = allocation_tag_mem(env, mmu_idx, next_page, type,
--                                  ptr_end - next_page,
-+                                  ptr_last - next_page + 1,
-                                   MMU_DATA_LOAD, tag_size, ra);
-         /*
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-     }
-     /*
--     * If we failed, we know which granule.  Compute the element that
--     * is first in that granule, and signal failure on that element.
-+     * If we failed, we know which granule.  For the first granule, the
-+     * failure address is @ptr, the first byte accessed.  Otherwise the
-+     * failure address is the first byte of the nth granule.
-      */
-     if (unlikely(n < tag_count)) {
--        uint64_t fail_ofs;
--
--        fail_ofs = tag_first + n * TAG_GRANULE - ptr;
--        fail_ofs = ROUND_UP(fail_ofs, esize);
--        mte_check_fail(env, desc, ptr + fail_ofs, ra);
-+        uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
-+        mte_check_fail(env, desc, fault, ra);
-     }
-  done:
---
-.20.1

-[PULL 06/43] test/tcg/aarch64: Add mte-5
+[PULL 01/23] target/arm: Enable SCTLR_EL1.BT0 for aarch64-linux-user
 From: Richard Henderson <richard.henderson@linaro.org>
-Buglink: https://bugs.launchpad.net/bugs/1921948
+This controls whether the PACI{A,B}SP instructions trap with BTYPE=3
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+(indirect branch from register other than x16/x17).  The linux kernel
 sets this in bti_enable().
 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/998
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-5-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Message-id: 20220427042312.294300-1-richard.henderson@linaro.org
 [PMM: remove stray change to makefile comment]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- tests/tcg/aarch64/mte-5.c         | 44 +++++++++++++++++++++++++++++++
+ target/arm/cpu.c                  |  2 ++
- tests/tcg/aarch64/Makefile.target |  2 +-
+ tests/tcg/aarch64/bti-3.c         | 42 +++++++++++++++++++++++++++++++
-files changed, 45 insertions(+), 1 deletion(-)
+ tests/tcg/aarch64/Makefile.target |  6 ++---
- create mode 100644 tests/tcg/aarch64/mte-5.c
+files changed, 47 insertions(+), 3 deletions(-)
  create mode 100644 tests/tcg/aarch64/bti-3.c
-diff --git a/tests/tcg/aarch64/mte-5.c b/tests/tcg/aarch64/mte-5.c
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
          /* Enable all PAC keys.  */
          env->cp15.sctlr_el[1] |= (SCTLR_EnIA | SCTLR_EnIB |
                                    SCTLR_EnDA | SCTLR_EnDB);
 +        /* Trap on btype=3 for PACIxSP. */
 +        env->cp15.sctlr_el[1] |= SCTLR_BT0;
          /* and to the FP/Neon instructions */
          env->cp15.cpacr_el1 = deposit64(env->cp15.cpacr_el1, 20, 2, 3);
          /* and to the SVE instructions */
 diff --git a/tests/tcg/aarch64/bti-3.c b/tests/tcg/aarch64/bti-3.c
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
-+++ b/tests/tcg/aarch64/mte-5.c
++++ b/tests/tcg/aarch64/bti-3.c
 @@ -XXX,XX +XXX,XX @@
 +/*
-+ * Memory tagging, faulting unaligned access.
++ * BTI vs PACIASP
 + *
 + * Copyright (c) 2021 Linaro Ltd
 + * SPDX-License-Identifier: GPL-2.0-or-later
 + */
 +
-+#include "mte.h"
++#include "bti-crt.inc.c"
 +
-+void pass(int sig, siginfo_t *info, void *uc)
++static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
 +{
-+    assert(info->si_code == SEGV_MTESERR);
++    uc->uc_mcontext.pc += 8;
-+    exit(0);
++    uc->uc_mcontext.pstate = 1;
 +}
 +
-+int main(int ac, char **av)
++#define BTYPE_1() \
 +    asm("mov %0,#1; adr x16, 1f; br x16; 1: hint #25; mov %0,#0" \
 +        : "=r"(skipped) : : "x16", "x30")
 +
 +#define BTYPE_2() \
 +    asm("mov %0,#1; adr x16, 1f; blr x16; 1: hint #25; mov %0,#0" \
 +        : "=r"(skipped) : : "x16", "x30")
 +
 +#define BTYPE_3() \
 +    asm("mov %0,#1; adr x15, 1f; br x15; 1: hint #25; mov %0,#0" \
 +        : "=r"(skipped) : : "x15", "x30")
 +
 +#define TEST(WHICH, EXPECT) \
 +    do { WHICH(); fail += skipped ^ EXPECT; } while (0)
 +
 +int main()
 +{
-+    struct sigaction sa;
++    int fail = 0;
-+    void *p0, *p1, *p2;
++    int skipped;
 +    long excl = 1;
 +
-+    enable_mte(PR_MTE_TCF_SYNC);
++    /* Signal-like with SA_SIGINFO.  */
-+    p0 = alloc_mte_mem(sizeof(*p0));
++    signal_info(SIGILL, skip2_sigill);
 +
-+    /* Create two differently tagged pointers.  */
++    /* With SCTLR_EL1.BT0 set, PACIASP is not compatible with type=3. */
-+    asm("irg %0,%1,%2" : "=r"(p1) : "r"(p0), "r"(excl));
++    TEST(BTYPE_1, 0);
-+    asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1));
++    TEST(BTYPE_2, 0);
-+    assert(excl != 1);
++    TEST(BTYPE_3, 1);
 +    asm("irg %0,%1,%2" : "=r"(p2) : "r"(p0), "r"(excl));
 +    assert(p1 != p2);
 +
-+    memset(&sa, 0, sizeof(sa));
++    return fail;
 +    sa.sa_sigaction = pass;
 +    sa.sa_flags = SA_SIGINFO;
 +    sigaction(SIGSEGV, &sa, NULL);
 +
 +    /* Store store two different tags in sequential granules. */
 +    asm("stg %0, [%0]" : : "r"(p1));
 +    asm("stg %0, [%0]" : : "r"(p2 + 16));
 +
 +    /* Perform an unaligned load crossing the granules. */
 +    asm volatile("ldr %0, [%1]" : "=r"(p0) : "r"(p1 + 12));
 +    abort();
 +}
 diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
 index XXXXXXX..XXXXXXX 100644
 --- a/tests/tcg/aarch64/Makefile.target
 +++ b/tests/tcg/aarch64/Makefile.target
-@@ -XXX,XX +XXX,XX @@ AARCH64_TESTS += bti-2
+@@ -XXX,XX +XXX,XX @@ endif
+ # BTI Tests
- # MTE Tests
+ # bti-1 tests the elf notes, so we require special compiler support.
- ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),)
+ ifneq ($(CROSS_CC_HAS_ARMV8_BTI),)
--AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-6
+-AARCH64_TESTS += bti-1
-+AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6
+-bti-1: CFLAGS += -mbranch-protection=standard
- mte-%: CFLAGS += -march=armv8.5-a+memtag
+-bti-1: LDFLAGS += -nostdlib
 +AARCH64_TESTS += bti-1 bti-3
 +bti-1 bti-3: CFLAGS += -mbranch-protection=standard
 +bti-1 bti-3: LDFLAGS += -nostdlib
  endif
+ # bti-2 tests PROT_BTI, so no special compiler support required.
  AARCH64_TESTS += bti-2
 --
-.20.1
+.25.1

-[PULL 14/43] target/arm: Rename TBFLAG_ANY, PSTATE_SS
+[PULL 02/23] target/arm: Split out cpregs.h
 From: Richard Henderson <richard.henderson@linaro.org>
-We're about to rearrange the macro expansion surrounding tbflags,
+Move ARMCPRegInfo and all related declarations to a new
-and this field name will be expanded using the bit definition of
+internal header, out of the public cpu.h.
 the same name, resulting in a token pasting error.
-So PSTATE_SS -> PSTATE__SS in the uses, and document it.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-4-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h           | 2 +-
+ target/arm/cpregs.h        | 413 +++++++++++++++++++++++++++++++++++++
- target/arm/helper.c        | 4 ++--
+ target/arm/cpu.h           | 368 ---------------------------------
- target/arm/translate-a64.c | 2 +-
+ hw/arm/pxa2xx.c            |   1 +
- target/arm/translate.c     | 2 +-
+ hw/arm/pxa2xx_pic.c        |   1 +
-files changed, 5 insertions(+), 5 deletions(-)
+ hw/intc/arm_gicv3_cpuif.c  |   1 +
  hw/intc/arm_gicv3_kvm.c    |   2 +
  target/arm/cpu.c           |   1 +
  target/arm/cpu64.c         |   1 +
  target/arm/cpu_tcg.c       |   1 +
  target/arm/gdbstub.c       |   3 +-
  target/arm/helper.c        |   1 +
  target/arm/op_helper.c     |   1 +
  target/arm/translate-a64.c |   4 +-
  target/arm/translate.c     |   3 +-
 files changed, 427 insertions(+), 374 deletions(-)
  create mode 100644 target/arm/cpregs.h
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/target/arm/cpregs.h
+@@ -XXX,XX +XXX,XX @@
++/*
++ * QEMU ARM CP Register access and descriptions
++ *
++ * Copyright (c) 2022 Linaro Ltd
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, see
++ * <http://www.gnu.org/licenses/gpl-2.0.html>
++ */
++
++#ifndef TARGET_ARM_CPREGS_H
++#define TARGET_ARM_CPREGS_H
++
++/*
++ * ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
++ * special-behaviour cp reg and bits [11..8] indicate what behaviour
++ * it has. Otherwise it is a simple cp reg, where CONST indicates that
++ * TCG can assume the value to be constant (ie load at translate time)
++ * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
++ * indicates that the TB should not be ended after a write to this register
++ * (the default is that the TB ends after cp writes). OVERRIDE permits
++ * a register definition to override a previous definition for the
++ * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
++ * old must have the OVERRIDE bit set.
++ * ALIAS indicates that this register is an alias view of some underlying
++ * state which is also visible via another register, and that the other
++ * register is handling migration and reset; registers marked ALIAS will not be
++ * migrated but may have their state set by syncing of register state from KVM.
++ * NO_RAW indicates that this register has no underlying state and does not
++ * support raw access for state saving/loading; it will not be used for either
++ * migration or KVM state synchronization. (Typically this is for "registers"
++ * which are actually used as instructions for cache maintenance and so on.)
++ * IO indicates that this register does I/O and therefore its accesses
++ * need to be marked with gen_io_start() and also end the TB. In particular,
++ * registers which implement clocks or timers require this.
++ * RAISES_EXC is for when the read or write hook might raise an exception;
++ * the generated code will synchronize the CPU state before calling the hook
++ * so that it is safe for the hook to call raise_exception().
++ * NEWEL is for writes to registers that might change the exception
++ * level - typically on older ARM chips. For those cases we need to
++ * re-read the new el when recomputing the translation flags.
++ */
++#define ARM_CP_SPECIAL           0x0001
++#define ARM_CP_CONST             0x0002
++#define ARM_CP_64BIT             0x0004
++#define ARM_CP_SUPPRESS_TB_END   0x0008
++#define ARM_CP_OVERRIDE          0x0010
++#define ARM_CP_ALIAS             0x0020
++#define ARM_CP_IO                0x0040
++#define ARM_CP_NO_RAW            0x0080
++#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
++#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
++#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
++#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
++#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
++#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
++#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
++#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
++#define ARM_CP_FPU               0x1000
++#define ARM_CP_SVE               0x2000
++#define ARM_CP_NO_GDB            0x4000
++#define ARM_CP_RAISES_EXC        0x8000
++#define ARM_CP_NEWEL             0x10000
++/* Used only as a terminator for ARMCPRegInfo lists */
++#define ARM_CP_SENTINEL          0xfffff
++/* Mask of only the flag bits in a type field */
++#define ARM_CP_FLAG_MASK         0x1f0ff
++
++/*
++ * Valid values for ARMCPRegInfo state field, indicating which of
++ * the AArch32 and AArch64 execution states this register is visible in.
++ * If the reginfo doesn't explicitly specify then it is AArch32 only.
++ * If the reginfo is declared to be visible in both states then a second
++ * reginfo is synthesised for the AArch32 view of the AArch64 register,
++ * such that the AArch32 view is the lower 32 bits of the AArch64 one.
++ * Note that we rely on the values of these enums as we iterate through
++ * the various states in some places.
++ */
++enum {
++    ARM_CP_STATE_AA32 = 0,
++    ARM_CP_STATE_AA64 = 1,
++    ARM_CP_STATE_BOTH = 2,
++};
++
++/*
++ * ARM CP register secure state flags.  These flags identify security state
++ * attributes for a given CP register entry.
++ * The existence of both or neither secure and non-secure flags indicates that
++ * the register has both a secure and non-secure hash entry.  A single one of
++ * these flags causes the register to only be hashed for the specified
++ * security state.
++ * Although definitions may have any combination of the S/NS bits, each
++ * registered entry will only have one to identify whether the entry is secure
++ * or non-secure.
++ */
++enum {
++    ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
++    ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
++};
++
++/*
++ * Return true if cptype is a valid type field. This is used to try to
++ * catch errors where the sentinel has been accidentally left off the end
++ * of a list of registers.
++ */
++static inline bool cptype_valid(int cptype)
++{
++    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
++        || ((cptype & ARM_CP_SPECIAL) &&
++            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
++}
++
++/*
++ * Access rights:
++ * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
++ * defines as PL0 (user), PL1 (fiq/irq/svc/abt/und/sys, ie privileged), and
++ * PL2 (hyp). The other level which has Read and Write bits is Secure PL1
++ * (ie any of the privileged modes in Secure state, or Monitor mode).
++ * If a register is accessible in one privilege level it's always accessible
++ * in higher privilege levels too. Since "Secure PL1" also follows this rule
++ * (ie anything visible in PL2 is visible in S-PL1, some things are only
++ * visible in S-PL1) but "Secure PL1" is a bit of a mouthful, we bend the
++ * terminology a little and call this PL3.
++ * In AArch64 things are somewhat simpler as the PLx bits line up exactly
++ * with the ELx exception levels.
++ *
++ * If access permissions for a register are more complex than can be
++ * described with these bits, then use a laxer set of restrictions, and
++ * do the more restrictive/complex check inside a helper function.
++ */
++#define PL3_R 0x80
++#define PL3_W 0x40
++#define PL2_R (0x20 | PL3_R)
++#define PL2_W (0x10 | PL3_W)
++#define PL1_R (0x08 | PL2_R)
++#define PL1_W (0x04 | PL2_W)
++#define PL0_R (0x02 | PL1_R)
++#define PL0_W (0x01 | PL1_W)
++
++/*
++ * For user-mode some registers are accessible to EL0 via a kernel
++ * trap-and-emulate ABI. In this case we define the read permissions
++ * as actually being PL0_R. However some bits of any given register
++ * may still be masked.
++ */
++#ifdef CONFIG_USER_ONLY
++#define PL0U_R PL0_R
++#else
++#define PL0U_R PL1_R
++#endif
++
++#define PL3_RW (PL3_R | PL3_W)
++#define PL2_RW (PL2_R | PL2_W)
++#define PL1_RW (PL1_R | PL1_W)
++#define PL0_RW (PL0_R | PL0_W)
++
++typedef enum CPAccessResult {
++    /* Access is permitted */
++    CP_ACCESS_OK = 0,
++    /*
++     * Access fails due to a configurable trap or enable which would
++     * result in a categorized exception syndrome giving information about
++     * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
++     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
++     * PL1 if in EL0, otherwise to the current EL).
++     */
++    CP_ACCESS_TRAP = 1,
++    /*
++     * Access fails and results in an exception syndrome 0x0 ("uncategorized").
++     * Note that this is not a catch-all case -- the set of cases which may
++     * result in this failure is specifically defined by the architecture.
++     */
++    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
++    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
++    CP_ACCESS_TRAP_EL2 = 3,
++    CP_ACCESS_TRAP_EL3 = 4,
++    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
++    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
++    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
++} CPAccessResult;
++
++typedef struct ARMCPRegInfo ARMCPRegInfo;
++
++/*
++ * Access functions for coprocessor registers. These cannot fail and
++ * may not raise exceptions.
++ */
++typedef uint64_t CPReadFn(CPUARMState *env, const ARMCPRegInfo *opaque);
++typedef void CPWriteFn(CPUARMState *env, const ARMCPRegInfo *opaque,
++                       uint64_t value);
++/* Access permission check functions for coprocessor registers. */
++typedef CPAccessResult CPAccessFn(CPUARMState *env,
++                                  const ARMCPRegInfo *opaque,
++                                  bool isread);
++/* Hook function for register reset */
++typedef void CPResetFn(CPUARMState *env, const ARMCPRegInfo *opaque);
++
++#define CP_ANY 0xff
++
++/* Definition of an ARM coprocessor register */
++struct ARMCPRegInfo {
++    /* Name of register (useful mainly for debugging, need not be unique) */
++    const char *name;
++    /*
++     * Location of register: coprocessor number and (crn,crm,opc1,opc2)
++     * tuple. Any of crm, opc1 and opc2 may be CP_ANY to indicate a
++     * 'wildcard' field -- any value of that field in the MRC/MCR insn
++     * will be decoded to this register. The register read and write
++     * callbacks will be passed an ARMCPRegInfo with the crn/crm/opc1/opc2
++     * used by the program, so it is possible to register a wildcard and
++     * then behave differently on read/write if necessary.
++     * For 64 bit registers, only crm and opc1 are relevant; crn and opc2
++     * must both be zero.
++     * For AArch64-visible registers, opc0 is also used.
++     * Since there are no "coprocessors" in AArch64, cp is purely used as a
++     * way to distinguish (for KVM's benefit) guest-visible system registers
++     * from demuxed ones provided to preserve the "no side effects on
++     * KVM register read/write from QEMU" semantics. cp==0x13 is guest
++     * visible (to match KVM's encoding); cp==0 will be converted to
++     * cp==0x13 when the ARMCPRegInfo is registered, for convenience.
++     */
++    uint8_t cp;
++    uint8_t crn;
++    uint8_t crm;
++    uint8_t opc0;
++    uint8_t opc1;
++    uint8_t opc2;
++    /* Execution state in which this register is visible: ARM_CP_STATE_* */
++    int state;
++    /* Register type: ARM_CP_* bits/values */
++    int type;
++    /* Access rights: PL*_[RW] */
++    int access;
++    /* Security state: ARM_CP_SECSTATE_* bits/values */
++    int secure;
++    /*
++     * The opaque pointer passed to define_arm_cp_regs_with_opaque() when
++     * this register was defined: can be used to hand data through to the
++     * register read/write functions, since they are passed the ARMCPRegInfo*.
++     */
++    void *opaque;
++    /*
++     * Value of this register, if it is ARM_CP_CONST. Otherwise, if
++     * fieldoffset is non-zero, the reset value of the register.
++     */
++    uint64_t resetvalue;
++    /*
++     * Offset of the field in CPUARMState for this register.
++     * This is not needed if either:
++     *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
++     *  2. both readfn and writefn are specified
++     */
++    ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
++
++    /*
++     * Offsets of the secure and non-secure fields in CPUARMState for the
++     * register if it is banked.  These fields are only used during the static
++     * registration of a register.  During hashing the bank associated
++     * with a given security state is copied to fieldoffset which is used from
++     * there on out.
++     *
++     * It is expected that register definitions use either fieldoffset or
++     * bank_fieldoffsets in the definition but not both.  It is also expected
++     * that both bank offsets are set when defining a banked register.  This
++     * use indicates that a register is banked.
++     */
++    ptrdiff_t bank_fieldoffsets[2];
++
++    /*
++     * Function for making any access checks for this register in addition to
++     * those specified by the 'access' permissions bits. If NULL, no extra
++     * checks required. The access check is performed at runtime, not at
++     * translate time.
++     */
++    CPAccessFn *accessfn;
++    /*
++     * Function for handling reads of this register. If NULL, then reads
++     * will be done by loading from the offset into CPUARMState specified
++     * by fieldoffset.
++     */
++    CPReadFn *readfn;
++    /*
++     * Function for handling writes of this register. If NULL, then writes
++     * will be done by writing to the offset into CPUARMState specified
++     * by fieldoffset.
++     */
++    CPWriteFn *writefn;
++    /*
++     * Function for doing a "raw" read; used when we need to copy
++     * coprocessor state to the kernel for KVM or out for
++     * migration. This only needs to be provided if there is also a
++     * readfn and it has side effects (for instance clear-on-read bits).
++     */
++    CPReadFn *raw_readfn;
++    /*
++     * Function for doing a "raw" write; used when we need to copy KVM
++     * kernel coprocessor state into userspace, or for inbound
++     * migration. This only needs to be provided if there is also a
++     * writefn and it masks out "unwritable" bits or has write-one-to-clear
++     * or similar behaviour.
++     */
++    CPWriteFn *raw_writefn;
++    /*
++     * Function for resetting the register. If NULL, then reset will be done
++     * by writing resetvalue to the field specified in fieldoffset. If
++     * fieldoffset is 0 then no reset will be done.
++     */
++    CPResetFn *resetfn;
++
++    /*
++     * "Original" writefn and readfn.
++     * For ARMv8.1-VHE register aliases, we overwrite the read/write
++     * accessor functions of various EL1/EL0 to perform the runtime
++     * check for which sysreg should actually be modified, and then
++     * forwards the operation.  Before overwriting the accessors,
++     * the original function is copied here, so that accesses that
++     * really do go to the EL1/EL0 version proceed normally.
++     * (The corresponding EL2 register is linked via opaque.)
++     */
++    CPReadFn *orig_readfn;
++    CPWriteFn *orig_writefn;
++};
++
++/*
++ * Macros which are lvalues for the field in CPUARMState for the
++ * ARMCPRegInfo *ri.
++ */
++#define CPREG_FIELD32(env, ri) \
++    (*(uint32_t *)((char *)(env) + (ri)->fieldoffset))
++#define CPREG_FIELD64(env, ri) \
++    (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
++
++#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
++
++void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
++                                    const ARMCPRegInfo *regs, void *opaque);
++void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
++                                       const ARMCPRegInfo *regs, void *opaque);
++static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
++{
++    define_arm_cp_regs_with_opaque(cpu, regs, 0);
++}
++static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
++{
++    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
++}
++const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
++
++/*
++ * Definition of an ARM co-processor register as viewed from
++ * userspace. This is used for presenting sanitised versions of
++ * registers to userspace when emulating the Linux AArch64 CPU
++ * ID/feature ABI (advertised as HWCAP_CPUID).
++ */
++typedef struct ARMCPRegUserSpaceInfo {
++    /* Name of register */
++    const char *name;
++
++    /* Is the name actually a glob pattern */
++    bool is_glob;
++
++    /* Only some bits are exported to user space */
++    uint64_t exported_bits;
++
++    /* Fixed bits are applied after the mask */
++    uint64_t fixed_bits;
++} ARMCPRegUserSpaceInfo;
++
++#define REGUSERINFO_SENTINEL { .name = NULL }
++
++void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
++
++/* CPWriteFn that can be used to implement writes-ignored behaviour */
++void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
++                         uint64_t value);
++/* CPReadFn that can be used for read-as-zero behaviour */
++uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
++
++/*
++ * CPResetFn that does nothing, for use if no reset is required even
++ * if fieldoffset is non zero.
++ */
++void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque);
++
++/*
++ * Return true if this reginfo struct's field in the cpu state struct
++ * is 64 bits wide.
++ */
++static inline bool cpreg_field_is_64bit(const ARMCPRegInfo *ri)
++{
++    return (ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT);
++}
++
++static inline bool cp_access_ok(int current_el,
++                                const ARMCPRegInfo *ri, int isread)
++{
++    return (ri->access >> ((current_el * 2) + isread)) & 1;
++}
++
++/* Raw read of a coprocessor register (as needed for migration, etc) */
++uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri);
++
++#endif /* TARGET_ARM_CPREGS_H */
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
+@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
      return kvmid;
  }
 -/* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
 - * special-behaviour cp reg and bits [11..8] indicate what behaviour
 - * it has. Otherwise it is a simple cp reg, where CONST indicates that
 - * TCG can assume the value to be constant (ie load at translate time)
 - * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
 - * indicates that the TB should not be ended after a write to this register
 - * (the default is that the TB ends after cp writes). OVERRIDE permits
 - * a register definition to override a previous definition for the
 - * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
 - * old must have the OVERRIDE bit set.
 - * ALIAS indicates that this register is an alias view of some underlying
 - * state which is also visible via another register, and that the other
 - * register is handling migration and reset; registers marked ALIAS will not be
 - * migrated but may have their state set by syncing of register state from KVM.
 - * NO_RAW indicates that this register has no underlying state and does not
 - * support raw access for state saving/loading; it will not be used for either
 - * migration or KVM state synchronization. (Typically this is for "registers"
 - * which are actually used as instructions for cache maintenance and so on.)
 - * IO indicates that this register does I/O and therefore its accesses
 - * need to be marked with gen_io_start() and also end the TB. In particular,
 - * registers which implement clocks or timers require this.
 - * RAISES_EXC is for when the read or write hook might raise an exception;
 - * the generated code will synchronize the CPU state before calling the hook
 - * so that it is safe for the hook to call raise_exception().
 - * NEWEL is for writes to registers that might change the exception
 - * level - typically on older ARM chips. For those cases we need to
 - * re-read the new el when recomputing the translation flags.
 - */
 -#define ARM_CP_SPECIAL           0x0001
 -#define ARM_CP_CONST             0x0002
 -#define ARM_CP_64BIT             0x0004
 -#define ARM_CP_SUPPRESS_TB_END   0x0008
 -#define ARM_CP_OVERRIDE          0x0010
 -#define ARM_CP_ALIAS             0x0020
 -#define ARM_CP_IO                0x0040
 -#define ARM_CP_NO_RAW            0x0080
 -#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
 -#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
 -#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
 -#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
 -#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
 -#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
 -#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
 -#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
 -#define ARM_CP_FPU               0x1000
 -#define ARM_CP_SVE               0x2000
 -#define ARM_CP_NO_GDB            0x4000
 -#define ARM_CP_RAISES_EXC        0x8000
 -#define ARM_CP_NEWEL             0x10000
 -/* Used only as a terminator for ARMCPRegInfo lists */
 -#define ARM_CP_SENTINEL          0xfffff
 -/* Mask of only the flag bits in a type field */
 -#define ARM_CP_FLAG_MASK         0x1f0ff
 -
 -/* Valid values for ARMCPRegInfo state field, indicating which of
 - * the AArch32 and AArch64 execution states this register is visible in.
 - * If the reginfo doesn't explicitly specify then it is AArch32 only.
 - * If the reginfo is declared to be visible in both states then a second
 - * reginfo is synthesised for the AArch32 view of the AArch64 register,
 - * such that the AArch32 view is the lower 32 bits of the AArch64 one.
 - * Note that we rely on the values of these enums as we iterate through
 - * the various states in some places.
 - */
 -enum {
 -    ARM_CP_STATE_AA32 = 0,
 -    ARM_CP_STATE_AA64 = 1,
 -    ARM_CP_STATE_BOTH = 2,
 -};
 -
 -/* ARM CP register secure state flags.  These flags identify security state
 - * attributes for a given CP register entry.
 - * The existence of both or neither secure and non-secure flags indicates that
 - * the register has both a secure and non-secure hash entry.  A single one of
 - * these flags causes the register to only be hashed for the specified
 - * security state.
 - * Although definitions may have any combination of the S/NS bits, each
 - * registered entry will only have one to identify whether the entry is secure
 - * or non-secure.
 - */
 -enum {
 -    ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
 -    ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
 -};
 -
 -/* Return true if cptype is a valid type field. This is used to try to
 - * catch errors where the sentinel has been accidentally left off the end
 - * of a list of registers.
 - */
 -static inline bool cptype_valid(int cptype)
 -{
 -    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
 -        || ((cptype & ARM_CP_SPECIAL) &&
 -            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
 -}
 -
 -/* Access rights:
 - * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
 - * defines as PL0 (user), PL1 (fiq/irq/svc/abt/und/sys, ie privileged), and
 - * PL2 (hyp). The other level which has Read and Write bits is Secure PL1
 - * (ie any of the privileged modes in Secure state, or Monitor mode).
 - * If a register is accessible in one privilege level it's always accessible
 - * in higher privilege levels too. Since "Secure PL1" also follows this rule
 - * (ie anything visible in PL2 is visible in S-PL1, some things are only
 - * visible in S-PL1) but "Secure PL1" is a bit of a mouthful, we bend the
 - * terminology a little and call this PL3.
 - * In AArch64 things are somewhat simpler as the PLx bits line up exactly
 - * with the ELx exception levels.
 - *
 - * If access permissions for a register are more complex than can be
 - * described with these bits, then use a laxer set of restrictions, and
 - * do the more restrictive/complex check inside a helper function.
 - */
 -#define PL3_R 0x80
 -#define PL3_W 0x40
 -#define PL2_R (0x20 | PL3_R)
 -#define PL2_W (0x10 | PL3_W)
 -#define PL1_R (0x08 | PL2_R)
 -#define PL1_W (0x04 | PL2_W)
 -#define PL0_R (0x02 | PL1_R)
 -#define PL0_W (0x01 | PL1_W)
 -
 -/*
 - * For user-mode some registers are accessible to EL0 via a kernel
 - * trap-and-emulate ABI. In this case we define the read permissions
 - * as actually being PL0_R. However some bits of any given register
 - * may still be masked.
 - */
 -#ifdef CONFIG_USER_ONLY
 -#define PL0U_R PL0_R
 -#else
 -#define PL0U_R PL1_R
 -#endif
 -
 -#define PL3_RW (PL3_R | PL3_W)
 -#define PL2_RW (PL2_R | PL2_W)
 -#define PL1_RW (PL1_R | PL1_W)
 -#define PL0_RW (PL0_R | PL0_W)
 -
  /* Return the highest implemented Exception Level */
  static inline int arm_highest_el(CPUARMState *env)
  {
@@ -XXX,XX +XXX,XX @@ static inline int arm_current_el(CPUARMState *env)
      }
  }
 -typedef struct ARMCPRegInfo ARMCPRegInfo;
 -
 -typedef enum CPAccessResult {
 -    /* Access is permitted */
 -    CP_ACCESS_OK = 0,
 -    /* Access fails due to a configurable trap or enable which would
 -     * result in a categorized exception syndrome giving information about
 -     * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
 -     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
 -     * PL1 if in EL0, otherwise to the current EL).
 -     */
 -    CP_ACCESS_TRAP = 1,
 -    /* Access fails and results in an exception syndrome 0x0 ("uncategorized").
 -     * Note that this is not a catch-all case -- the set of cases which may
 -     * result in this failure is specifically defined by the architecture.
 -     */
 -    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
 -    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
 -    CP_ACCESS_TRAP_EL2 = 3,
 -    CP_ACCESS_TRAP_EL3 = 4,
 -    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
 -    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
 -    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
 -} CPAccessResult;
 -
 -/* Access functions for coprocessor registers. These cannot fail and
 - * may not raise exceptions.
 - */
 -typedef uint64_t CPReadFn(CPUARMState *env, const ARMCPRegInfo *opaque);
 -typedef void CPWriteFn(CPUARMState *env, const ARMCPRegInfo *opaque,
 -                       uint64_t value);
 -/* Access permission check functions for coprocessor registers. */
 -typedef CPAccessResult CPAccessFn(CPUARMState *env,
 -                                  const ARMCPRegInfo *opaque,
 -                                  bool isread);
 -/* Hook function for register reset */
 -typedef void CPResetFn(CPUARMState *env, const ARMCPRegInfo *opaque);
 -
 -#define CP_ANY 0xff
 -
 -/* Definition of an ARM coprocessor register */
 -struct ARMCPRegInfo {
 -    /* Name of register (useful mainly for debugging, need not be unique) */
 -    const char *name;
 -    /* Location of register: coprocessor number and (crn,crm,opc1,opc2)
 -     * tuple. Any of crm, opc1 and opc2 may be CP_ANY to indicate a
 -     * 'wildcard' field -- any value of that field in the MRC/MCR insn
 -     * will be decoded to this register. The register read and write
 -     * callbacks will be passed an ARMCPRegInfo with the crn/crm/opc1/opc2
 -     * used by the program, so it is possible to register a wildcard and
 -     * then behave differently on read/write if necessary.
 -     * For 64 bit registers, only crm and opc1 are relevant; crn and opc2
 -     * must both be zero.
 -     * For AArch64-visible registers, opc0 is also used.
 -     * Since there are no "coprocessors" in AArch64, cp is purely used as a
 -     * way to distinguish (for KVM's benefit) guest-visible system registers
 -     * from demuxed ones provided to preserve the "no side effects on
 -     * KVM register read/write from QEMU" semantics. cp==0x13 is guest
 -     * visible (to match KVM's encoding); cp==0 will be converted to
 -     * cp==0x13 when the ARMCPRegInfo is registered, for convenience.
 -     */
 -    uint8_t cp;
 -    uint8_t crn;
 -    uint8_t crm;
 -    uint8_t opc0;
 -    uint8_t opc1;
 -    uint8_t opc2;
 -    /* Execution state in which this register is visible: ARM_CP_STATE_* */
 -    int state;
 -    /* Register type: ARM_CP_* bits/values */
 -    int type;
 -    /* Access rights: PL*_[RW] */
 -    int access;
 -    /* Security state: ARM_CP_SECSTATE_* bits/values */
 -    int secure;
 -    /* The opaque pointer passed to define_arm_cp_regs_with_opaque() when
 -     * this register was defined: can be used to hand data through to the
 -     * register read/write functions, since they are passed the ARMCPRegInfo*.
 -     */
 -    void *opaque;
 -    /* Value of this register, if it is ARM_CP_CONST. Otherwise, if
 -     * fieldoffset is non-zero, the reset value of the register.
 -     */
 -    uint64_t resetvalue;
 -    /* Offset of the field in CPUARMState for this register.
 -     *
 -     * This is not needed if either:
 -     *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
 -     *  2. both readfn and writefn are specified
 -     */
 -    ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
 -
 -    /* Offsets of the secure and non-secure fields in CPUARMState for the
 -     * register if it is banked.  These fields are only used during the static
 -     * registration of a register.  During hashing the bank associated
 -     * with a given security state is copied to fieldoffset which is used from
 -     * there on out.
 -     *
 -     * It is expected that register definitions use either fieldoffset or
 -     * bank_fieldoffsets in the definition but not both.  It is also expected
 -     * that both bank offsets are set when defining a banked register.  This
 -     * use indicates that a register is banked.
 -     */
 -    ptrdiff_t bank_fieldoffsets[2];
 -
 -    /* Function for making any access checks for this register in addition to
 -     * those specified by the 'access' permissions bits. If NULL, no extra
 -     * checks required. The access check is performed at runtime, not at
 -     * translate time.
 -     */
 -    CPAccessFn *accessfn;
 -    /* Function for handling reads of this register. If NULL, then reads
 -     * will be done by loading from the offset into CPUARMState specified
 -     * by fieldoffset.
 -     */
 -    CPReadFn *readfn;
 -    /* Function for handling writes of this register. If NULL, then writes
 -     * will be done by writing to the offset into CPUARMState specified
 -     * by fieldoffset.
 -     */
 -    CPWriteFn *writefn;
 -    /* Function for doing a "raw" read; used when we need to copy
 -     * coprocessor state to the kernel for KVM or out for
 -     * migration. This only needs to be provided if there is also a
 -     * readfn and it has side effects (for instance clear-on-read bits).
 -     */
 -    CPReadFn *raw_readfn;
 -    /* Function for doing a "raw" write; used when we need to copy KVM
 -     * kernel coprocessor state into userspace, or for inbound
 -     * migration. This only needs to be provided if there is also a
 -     * writefn and it masks out "unwritable" bits or has write-one-to-clear
 -     * or similar behaviour.
 -     */
 -    CPWriteFn *raw_writefn;
 -    /* Function for resetting the register. If NULL, then reset will be done
 -     * by writing resetvalue to the field specified in fieldoffset. If
 -     * fieldoffset is 0 then no reset will be done.
 -     */
 -    CPResetFn *resetfn;
 -
 -    /*
 -     * "Original" writefn and readfn.
 -     * For ARMv8.1-VHE register aliases, we overwrite the read/write
 -     * accessor functions of various EL1/EL0 to perform the runtime
 -     * check for which sysreg should actually be modified, and then
 -     * forwards the operation.  Before overwriting the accessors,
 -     * the original function is copied here, so that accesses that
 -     * really do go to the EL1/EL0 version proceed normally.
 -     * (The corresponding EL2 register is linked via opaque.)
 -     */
 -    CPReadFn *orig_readfn;
 -    CPWriteFn *orig_writefn;
 -};
 -
 -/* Macros which are lvalues for the field in CPUARMState for the
 - * ARMCPRegInfo *ri.
 - */
 -#define CPREG_FIELD32(env, ri) \
 -    (*(uint32_t *)((char *)(env) + (ri)->fieldoffset))
 -#define CPREG_FIELD64(env, ri) \
 -    (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
 -
 -#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
 -
 -void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
 -                                    const ARMCPRegInfo *regs, void *opaque);
 -void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 -                                       const ARMCPRegInfo *regs, void *opaque);
 -static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
 -{
 -    define_arm_cp_regs_with_opaque(cpu, regs, 0);
 -}
 -static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
 -{
 -    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
 -}
 -const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
 -
 -/*
 - * Definition of an ARM co-processor register as viewed from
 - * userspace. This is used for presenting sanitised versions of
 - * registers to userspace when emulating the Linux AArch64 CPU
 - * ID/feature ABI (advertised as HWCAP_CPUID).
 - */
 -typedef struct ARMCPRegUserSpaceInfo {
 -    /* Name of register */
 -    const char *name;
 -
 -    /* Is the name actually a glob pattern */
 -    bool is_glob;
 -
 -    /* Only some bits are exported to user space */
 -    uint64_t exported_bits;
 -
 -    /* Fixed bits are applied after the mask */
 -    uint64_t fixed_bits;
 -} ARMCPRegUserSpaceInfo;
 -
 -#define REGUSERINFO_SENTINEL { .name = NULL }
 -
 -void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
 -
 -/* CPWriteFn that can be used to implement writes-ignored behaviour */
 -void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
 -                         uint64_t value);
 -/* CPReadFn that can be used for read-as-zero behaviour */
 -uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
 -
 -/* CPResetFn that does nothing, for use if no reset is required even
 - * if fieldoffset is non zero.
 - */
 -void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque);
 -
 -/* Return true if this reginfo struct's field in the cpu state struct
 - * is 64 bits wide.
 - */
 -static inline bool cpreg_field_is_64bit(const ARMCPRegInfo *ri)
 -{
 -    return (ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT);
 -}
 -
 -static inline bool cp_access_ok(int current_el,
 -                                const ARMCPRegInfo *ri, int isread)
 -{
 -    return (ri->access >> ((current_el * 2) + isread)) & 1;
 -}
 -
 -/* Raw read of a coprocessor register (as needed for migration, etc) */
 -uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri);
 -
  /**
   * write_list_to_cpustate
   * @cpu: ARMCPU
 diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/pxa2xx.c
 +++ b/hw/arm/pxa2xx.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/cutils.h"
  #include "qemu/log.h"
  #include "qom/object.h"
 +#include "target/arm/cpregs.h"
  static struct {
      hwaddr io_base;
 diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/pxa2xx_pic.c
 +++ b/hw/arm/pxa2xx_pic.c
@@ -XXX,XX +XXX,XX @@
  #include "hw/sysbus.h"
  #include "migration/vmstate.h"
  #include "qom/object.h"
 +#include "target/arm/cpregs.h"
  #define ICIP    0x00    /* Interrupt Controller IRQ Pending register */
  #define ICMR    0x04    /* Interrupt Controller Mask register */
 diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_cpuif.c
 +++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@
  #include "gicv3_internal.h"
  #include "hw/irq.h"
  #include "cpu.h"
 +#include "target/arm/cpregs.h"
  /*
   * Special case return value from hppvi_index(); must be larger than
 diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_kvm.c
 +++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@
  #include "vgic_common.h"
  #include "migration/blocker.h"
  #include "qom/object.h"
 +#include "target/arm/cpregs.h"
 +
  #ifdef DEBUG_GICV3_KVM
  #define DPRINTF(fmt, ...) \
 diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@
  #include "kvm_arm.h"
  #include "disas/capstone.h"
  #include "fpu/softfloat.h"
 +#include "cpregs.h"
  static void arm_cpu_set_pc(CPUState *cs, vaddr value)
  {
 diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu64.c
 +++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@
  #include "hvf_arm.h"
  #include "qapi/visitor.h"
  #include "hw/qdev-properties.h"
 +#include "cpregs.h"
  #ifndef CONFIG_USER_ONLY
 diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu_tcg.c
 +++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@
  #if !defined(CONFIG_USER_ONLY)
  #include "hw/boards.h"
  #endif
 +#include "cpregs.h"
  /* CPU models. These are not needed for the AArch64 linux-user build. */
  #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
 diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/gdbstub.c
 +++ b/target/arm/gdbstub.c
@@ -XXX,XX +XXX,XX @@
   */
- FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
+ #include "qemu/osdep.h"
- FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
+ #include "cpu.h"
--FIELD(TBFLAG_ANY, PSTATE_SS, 29, 1)     /* Not cached. */
+-#include "internals.h"
-+FIELD(TBFLAG_ANY, PSTATE__SS, 29, 1)    /* Not cached. */
+ #include "exec/gdbstub.h"
- FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
++#include "internals.h"
- FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
++#include "cpregs.h"
- /* Target EL if we take a floating-point-disabled exception */
  typedef struct RegisterSysregXmlParam {
      CPUState *cs;
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
+@@ -XXX,XX +XXX,XX @@
-      *     0            x       Inactive (the TB flag for SS is always 0)
+ #include "exec/cpu_ldst.h"
-      *     1            0       Active-pending
+ #include "semihosting/common-semi.h"
-      *     1            1       Active-not-pending
+ #endif
--     * SS_ACTIVE is set in hflags; PSTATE_SS is computed every TB.
++#include "cpregs.h"
-+     * SS_ACTIVE is set in hflags; PSTATE__SS is computed every TB.
-      */
+ #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
-     if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE) &&
+ #define PMCR_NUM_COUNTERS 4 /* QEMU IMPDEF choice */
-         (env->pstate & PSTATE_SS)) {
+diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
--        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
+index XXXXXXX..XXXXXXX 100644
-+        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE__SS, 1);
+--- a/target/arm/op_helper.c
-     }
++++ b/target/arm/op_helper.c
+@@ -XXX,XX +XXX,XX @@
-     *pflags = flags;
+ #include "internals.h"
  #include "exec/exec-all.h"
  #include "exec/cpu_ldst.h"
 +#include "cpregs.h"
  #define SIGNBIT (uint32_t)0x80000000
  #define SIGNBIT64 ((uint64_t)1 << 63)
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
+@@ -XXX,XX +XXX,XX @@
-      *   end the TB
+ #include "translate.h"
-      */
+ #include "internals.h"
-     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
+ #include "qemu/host-utils.h"
--    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+-
-+    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
+ #include "semihosting/semihost.h"
-     dc->is_ldex = false;
+ #include "exec/gen-icount.h"
-     dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
+-
  #include "exec/helper-proto.h"
  #include "exec/helper-gen.h"
  #include "exec/log.h"
 -
 +#include "cpregs.h"
  #include "translate-a64.h"
  #include "qemu/atomic128.h"
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
+@@ -XXX,XX +XXX,XX @@
-      *   end the TB
+ #include "qemu/bitops.h"
-      */
+ #include "arm_ldst.h"
-     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
+ #include "semihosting/semihost.h"
--    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+-
-+    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
+ #include "exec/helper-proto.h"
-     dc->is_ldex = false;
+ #include "exec/helper-gen.h"
+-
-     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
+ #include "exec/log.h"
 +#include "cpregs.h"
  #define ENABLE_ARCH_4T    arm_dc_feature(s, ARM_FEATURE_V4T)
 --
-.20.1
+.25.1

-[PULL 37/43] target/arm: Enforce alignment for aa64 load-acq/store-rel
+[PULL 03/23] target/arm: Reorg CPAccessResult and access_check_cp_reg
 From: Richard Henderson <richard.henderson@linaro.org>
+Rearrange the values of the enumerators of CPAccessResult
+so that we may directly extract the target el. For the two
+special cases in access_check_cp_reg, use CPAccessResult.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-28-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 23 ++++++++++++++---------
+ target/arm/cpregs.h    | 26 ++++++++++++--------
-file changed, 14 insertions(+), 9 deletions(-)
+ target/arm/op_helper.c | 56 +++++++++++++++++++++---------------------
 files changed, 44 insertions(+), 38 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/cpregs.h
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static inline bool cptype_valid(int cptype)
-         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
+ typedef enum CPAccessResult {
-         clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
+     /* Access is permitted */
-                                     true, rn != 31, size);
+     CP_ACCESS_OK = 0,
--        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size, true, rt,
++
-+        /* TODO: ARMv8.4-LSE SCTLR.nAA */
++    /*
-+        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size | MO_ALIGN, true, rt,
++     * Combined with one of the following, the low 2 bits indicate the
-                   disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
++     * target exception level.  If 0, the exception is taken to the usual
-         return;
++     * target EL (EL1 or PL1 if in EL0, otherwise to the current EL).
++     */
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
++    CP_ACCESS_EL_MASK = 3,
 +
      /*
       * Access fails due to a configurable trap or enable which would
       * result in a categorized exception syndrome giving information about
       * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
 -     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
 -     * PL1 if in EL0, otherwise to the current EL).
 +     * 0xc or 0x18).
       */
 -    CP_ACCESS_TRAP = 1,
 +    CP_ACCESS_TRAP = (1 << 2),
 +    CP_ACCESS_TRAP_EL2 = CP_ACCESS_TRAP | 2,
 +    CP_ACCESS_TRAP_EL3 = CP_ACCESS_TRAP | 3,
 +
      /*
       * Access fails and results in an exception syndrome 0x0 ("uncategorized").
       * Note that this is not a catch-all case -- the set of cases which may
       * result in this failure is specifically defined by the architecture.
       */
 -    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
 -    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
 -    CP_ACCESS_TRAP_EL2 = 3,
 -    CP_ACCESS_TRAP_EL3 = 4,
 -    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
 -    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
 -    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
 +    CP_ACCESS_TRAP_UNCATEGORIZED = (2 << 2),
 +    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = CP_ACCESS_TRAP_UNCATEGORIZED | 2,
 +    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = CP_ACCESS_TRAP_UNCATEGORIZED | 3,
  } CPAccessResult;
  typedef struct ARMCPRegInfo ARMCPRegInfo;
 diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/op_helper.c
 +++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
                                   uint32_t isread)
  {
      const ARMCPRegInfo *ri = rip;
 +    CPAccessResult res = CP_ACCESS_OK;
      int target_el;
      if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14
          && extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {
 -        raise_exception(env, EXCP_UDEF, syndrome, exception_target_el(env));
 +        res = CP_ACCESS_TRAP;
 +        goto fail;
      }
      /*
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
          mask &= ~((1 << 4) | (1 << 14));
          if (env->cp15.hstr_el2 & mask) {
 -            target_el = 2;
 -            goto exept;
 +            res = CP_ACCESS_TRAP_EL2;
 +            goto fail;
          }
-         clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
+     }
-                                     false, rn != 31, size);
--        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, true, rt,
+-    if (!ri->accessfn) {
--                  disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
++    if (ri->accessfn) {
-+        /* TODO: ARMv8.4-LSE SCTLR.nAA */
++        res = ri->accessfn(env, ri, isread);
-+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size | MO_ALIGN, false, true,
++    }
-+                  rt, disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
++    if (likely(res == CP_ACCESS_OK)) {
          tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
          return;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
      int size = extract32(insn, 30, 2);
      TCGv_i64 clean_addr, dirty_addr;
      bool is_store = false;
 -    bool is_signed = false;
      bool extend = false;
      bool iss_sf;
 +    MemOp mop;
      if (!dc_isar_feature(aa64_rcpc_8_4, s)) {
          unallocated_encoding(s);
          return;
      }
-+    /* TODO: ARMv8.4-LSE SCTLR.nAA */
+-    switch (ri->accessfn(env, ri, isread)) {
-+    mop = size | MO_ALIGN;
+-    case CP_ACCESS_OK:
-+
+-        return;
-     switch (opc) {
++ fail:
-     case 0: /* STLURB */
++    switch (res & ~CP_ACCESS_EL_MASK) {
-         is_store = true;
+     case CP_ACCESS_TRAP:
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
+-        target_el = exception_target_el(env);
-             unallocated_encoding(s);
+-        break;
-             return;
+-    case CP_ACCESS_TRAP_EL2:
-         }
+-        /* Requesting a trap to EL2 when we're in EL3 is
--        is_signed = true;
+-         * a bug in the access function.
-+        mop |= MO_SIGN;
+-         */
 -        assert(arm_current_el(env) != 3);
 -        target_el = 2;
 -        break;
 -    case CP_ACCESS_TRAP_EL3:
 -        target_el = 3;
          break;
-     case 3: /* LDAPURS* 32-bit variant */
+     case CP_ACCESS_TRAP_UNCATEGORIZED:
-         if (size > 1) {
+-        target_el = exception_target_el(env);
-             unallocated_encoding(s);
+-        syndrome = syn_uncategorized();
-             return;
+-        break;
-         }
+-    case CP_ACCESS_TRAP_UNCATEGORIZED_EL2:
--        is_signed = true;
+-        target_el = 2;
-+        mop |= MO_SIGN;
+-        syndrome = syn_uncategorized();
-         extend = true; /* zero-extend 32->64 after signed load */
+-        break;
 -    case CP_ACCESS_TRAP_UNCATEGORIZED_EL3:
 -        target_el = 3;
          syndrome = syn_uncategorized();
          break;
      default:
          g_assert_not_reached();
      }
--    iss_sf = disas_ldst_compute_iss_sf(size, is_signed, opc);
+-exept:
-+    iss_sf = disas_ldst_compute_iss_sf(size, (mop & MO_SIGN) != 0, opc);
++    target_el = res & CP_ACCESS_EL_MASK;
++    switch (target_el) {
-     if (rn == 31) {
++    case 0:
-         gen_check_sp_alignment(s);
++        target_el = exception_target_el(env);
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
++        break;
-     if (is_store) {
++    case 2:
-         /* Store-Release semantics */
++        assert(arm_current_el(env) != 3);
-         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
++        assert(arm_is_el2_enabled(env));
--        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size, true, rt, iss_sf, true);
++        break;
-+        do_gpr_st(s, cpu_reg(s, rt), clean_addr, mop, true, rt, iss_sf, true);
++    case 3:
-     } else {
++        assert(arm_feature(env, ARM_FEATURE_EL3));
-         /*
++        break;
-          * Load-AcquirePC semantics; we implement as the slightly more
++    default:
-          * restrictive Load-Acquire.
++        /* No "direct" traps to EL1 */
-          */
++        g_assert_not_reached();
--        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size + is_signed * MO_SIGN,
++    }
-+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, mop,
++
-                   extend, true, rt, iss_sf, true);
+     raise_exception(env, EXCP_UDEF, syndrome, target_el);
-         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
+ }
-     }
 --
-.20.1
+.25.1

-[PULL 35/43] target/arm: Use finalize_memop for aa64 gpr load/store
+[PULL 04/23] target/arm: Replace sentinels with ARRAY_SIZE in cpregs.h
 From: Richard Henderson <richard.henderson@linaro.org>
-In the case of gpr load, merge the size and is_signed arguments;
+Remove a possible source of error by removing REGINFO_SENTINEL
-otherwise, simply convert size to memop.
+and using ARRAY_SIZE (convinently hidden inside a macro) to
 find the end of the set of regs being registered or modified.
+The space saved by not having the extra array element reduces
+the executable's .data.rel.ro section by about 9k.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-26-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-4-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 78 ++++++++++++++++----------------------
+ target/arm/cpregs.h       |  53 +++++++++---------
-file changed, 33 insertions(+), 45 deletions(-)
+ hw/arm/pxa2xx.c           |   1 -
  hw/arm/pxa2xx_pic.c       |   1 -
  hw/intc/arm_gicv3_cpuif.c |   5 --
  hw/intc/arm_gicv3_kvm.c   |   1 -
  target/arm/cpu64.c        |   1 -
  target/arm/cpu_tcg.c      |   4 --
  target/arm/helper.c       | 111 ++++++++------------------------------
 files changed, 48 insertions(+), 129 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/cpregs.h
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ static void gen_adc_CC(int sf, TCGv_i64 dest, TCGv_i64 t0, TCGv_i64 t1)
+@@ -XXX,XX +XXX,XX @@
-  * Store from GPR register to memory.
+ #define ARM_CP_NO_GDB            0x4000
-  */
+ #define ARM_CP_RAISES_EXC        0x8000
- static void do_gpr_st_memidx(DisasContext *s, TCGv_i64 source,
+ #define ARM_CP_NEWEL             0x10000
--                             TCGv_i64 tcg_addr, int size, int memidx,
+-/* Used only as a terminator for ARMCPRegInfo lists */
-+                             TCGv_i64 tcg_addr, MemOp memop, int memidx,
+-#define ARM_CP_SENTINEL          0xfffff
-                              bool iss_valid,
+ /* Mask of only the flag bits in a type field */
-                              unsigned int iss_srt,
+ #define ARM_CP_FLAG_MASK         0x1f0ff
-                              bool iss_sf, bool iss_ar)
@@ -XXX,XX +XXX,XX @@ enum {
      ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
  };
 -/*
 - * Return true if cptype is a valid type field. This is used to try to
 - * catch errors where the sentinel has been accidentally left off the end
 - * of a list of registers.
 - */
 -static inline bool cptype_valid(int cptype)
 -{
 -    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
 -        || ((cptype & ARM_CP_SPECIAL) &&
 -            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
 -}
 -
  /*
   * Access rights:
   * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
  #define CPREG_FIELD64(env, ri) \
      (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
 -#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
 +void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu, const ARMCPRegInfo *reg,
 +                                       void *opaque);
 -void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
 -                                    const ARMCPRegInfo *regs, void *opaque);
 -void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 -                                       const ARMCPRegInfo *regs, void *opaque);
 -static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
 -{
 -    define_arm_cp_regs_with_opaque(cpu, regs, 0);
 -}
  static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
  {
--    g_assert(size <= 3);
+-    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
--    tcg_gen_qemu_st_i64(source, tcg_addr, memidx, s->be_data + size);
++    define_one_arm_cp_reg_with_opaque(cpu, regs, NULL);
 +    memop = finalize_memop(s, memop);
 +    tcg_gen_qemu_st_i64(source, tcg_addr, memidx, memop);
      if (iss_valid) {
          uint32_t syn;
          syn = syn_data_abort_with_iss(0,
 -                                      size,
 +                                      (memop & MO_SIZE),
                                        false,
                                        iss_srt,
                                        iss_sf,
@@ -XXX,XX +XXX,XX @@ static void do_gpr_st_memidx(DisasContext *s, TCGv_i64 source,
  }
++
- static void do_gpr_st(DisasContext *s, TCGv_i64 source,
++void define_arm_cp_regs_with_opaque_len(ARMCPU *cpu, const ARMCPRegInfo *regs,
--                      TCGv_i64 tcg_addr, int size,
++                                        void *opaque, size_t len);
-+                      TCGv_i64 tcg_addr, MemOp memop,
++
-                       bool iss_valid,
++#define define_arm_cp_regs_with_opaque(CPU, REGS, OPAQUE)               \
-                       unsigned int iss_srt,
++    do {                                                                \
-                       bool iss_sf, bool iss_ar)
++        QEMU_BUILD_BUG_ON(ARRAY_SIZE(REGS) == 0);                       \
- {
++        define_arm_cp_regs_with_opaque_len(CPU, REGS, OPAQUE,           \
--    do_gpr_st_memidx(s, source, tcg_addr, size, get_mem_index(s),
++                                           ARRAY_SIZE(REGS));           \
-+    do_gpr_st_memidx(s, source, tcg_addr, memop, get_mem_index(s),
++    } while (0)
-                      iss_valid, iss_srt, iss_sf, iss_ar);
++
- }
++#define define_arm_cp_regs(CPU, REGS) \
 +    define_arm_cp_regs_with_opaque(CPU, REGS, NULL)
 +
  const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
  /*
-  * Load from memory to GPR register
+@@ -XXX,XX +XXX,XX @@ typedef struct ARMCPRegUserSpaceInfo {
-  */
+     uint64_t fixed_bits;
--static void do_gpr_ld_memidx(DisasContext *s,
+ } ARMCPRegUserSpaceInfo;
--                             TCGv_i64 dest, TCGv_i64 tcg_addr,
--                             int size, bool is_signed,
+-#define REGUSERINFO_SENTINEL { .name = NULL }
--                             bool extend, int memidx,
++void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
-+static void do_gpr_ld_memidx(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
++                                 const ARMCPRegUserSpaceInfo *mods,
-+                             MemOp memop, bool extend, int memidx,
++                                 size_t mods_len);
-                              bool iss_valid, unsigned int iss_srt,
-                              bool iss_sf, bool iss_ar)
+-void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
- {
++#define modify_arm_cp_regs(REGS, MODS)                                  \
--    MemOp memop = s->be_data + size;
++    do {                                                                \
--
++        QEMU_BUILD_BUG_ON(ARRAY_SIZE(REGS) == 0);                       \
--    g_assert(size <= 3);
++        QEMU_BUILD_BUG_ON(ARRAY_SIZE(MODS) == 0);                       \
--
++        modify_arm_cp_regs_with_len(REGS, ARRAY_SIZE(REGS),             \
--    if (is_signed) {
++                                    MODS, ARRAY_SIZE(MODS));            \
--        memop += MO_SIGN;
++    } while (0)
--    }
--
+ /* CPWriteFn that can be used to implement writes-ignored behaviour */
-+    memop = finalize_memop(s, memop);
+ void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
-     tcg_gen_qemu_ld_i64(dest, tcg_addr, memidx, memop);
+diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
+index XXXXXXX..XXXXXXX 100644
--    if (extend && is_signed) {
+--- a/hw/arm/pxa2xx.c
--        g_assert(size < 3);
++++ b/hw/arm/pxa2xx.c
-+    if (extend && (memop & MO_SIGN)) {
+@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pxa_cp_reginfo[] = {
-+        g_assert((memop & MO_SIZE) <= MO_32);
+     { .name = "PWRMODE", .cp = 14, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 0,
-         tcg_gen_ext32u_i64(dest, dest);
+       .access = PL1_RW, .type = ARM_CP_IO,
        .readfn = arm_cp_read_zero, .writefn = pxa2xx_pwrmode_write },
 -    REGINFO_SENTINEL
  };
  static void pxa2xx_setup_cp14(PXA2xxState *s)
 diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/arm/pxa2xx_pic.c
 +++ b/hw/arm/pxa2xx_pic.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pxa_pic_cp_reginfo[] = {
      REGINFO_FOR_PIC_CP("ICLR2", 8),
      REGINFO_FOR_PIC_CP("ICFP2", 9),
      REGINFO_FOR_PIC_CP("ICPR2", 0xa),
 -    REGINFO_SENTINEL
  };
  static const MemoryRegionOps pxa2xx_pic_ops = {
 diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_cpuif.c
 +++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
        .readfn = icc_igrpen1_el3_read,
        .writefn = icc_igrpen1_el3_write,
      },
 -    REGINFO_SENTINEL
  };
  static uint64_t ich_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_hcr_reginfo[] = {
        .readfn = ich_vmcr_read,
        .writefn = ich_vmcr_write,
      },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = {
        .readfn = ich_ap_read,
        .writefn = ich_ap_write,
      },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = {
        .readfn = ich_ap_read,
        .writefn = ich_ap_write,
      },
 -    REGINFO_SENTINEL
  };
  static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque)
@@ -XXX,XX +XXX,XX @@ void gicv3_init_cpuif(GICv3State *s)
                        .readfn = ich_lr_read,
                        .writefn = ich_lr_write,
                      },
 -                    REGINFO_SENTINEL
                  };
                  define_arm_cp_regs(cpu, lr_regset);
              }
 diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_kvm.c
 +++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
         */
        .resetfn = arm_gicv3_icc_reset,
      },
 -    REGINFO_SENTINEL
  };
  /**
 diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu64.c
 +++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortex_a72_a57_a53_cp_reginfo[] = {
      { .name = "L2MERRSR",
        .cp = 15, .opc1 = 3, .crm = 15,
        .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static void aarch64_a57_initfn(Object *obj)
 diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu_tcg.c
 +++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa8_cp_reginfo[] = {
        .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
      { .name = "L2AUXCR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
        .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static void cortex_a8_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa9_cp_reginfo[] = {
        .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
      { .name = "TLB_ATTR", .cp = 15, .crn = 15, .crm = 7, .opc1 = 5, .opc2 = 2,
        .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
 -    REGINFO_SENTINEL
  };
  static void cortex_a9_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
  #endif
      { .name = "L2ECTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 3,
        .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static void cortex_a7_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexr5_cp_reginfo[] = {
        .access = PL1_RW, .type = ARM_CP_CONST },
      { .name = "DCACHE_INVAL", .cp = 15, .opc1 = 0, .crn = 15, .crm = 5,
        .opc2 = 0, .access = PL1_W, .type = ARM_CP_NOP },
 -    REGINFO_SENTINEL
  };
  static void cortex_r5_initfn(Object *obj)
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cp_reginfo[] = {
        .secure = ARM_CP_SECSTATE_S,
        .fieldoffset = offsetof(CPUARMState, cp15.contextidr_s),
        .resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo not_v8_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
      { .name = "CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
        .opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
        .type = ARM_CP_NOP | ARM_CP_OVERRIDE },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo not_v6_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v6_cp_reginfo[] = {
       */
      { .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
        .access = PL1_W, .type = ARM_CP_WFI },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo not_v7_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
        .opc1 = 0, .opc2 = 0, .access = PL1_RW, .type = ARM_CP_NOP },
      { .name = "NMRR", .cp = 15, .crn = 10, .crm = 2,
        .opc1 = 0, .opc2 = 1, .access = PL1_RW, .type = ARM_CP_NOP },
 -    REGINFO_SENTINEL
  };
  static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
        .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2, .accessfn = cpacr_access,
        .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.cpacr_el1),
        .resetfn = cpacr_reset, .writefn = cpacr_write, .readfn = cpacr_read },
 -    REGINFO_SENTINEL
  };
  typedef struct pm_event {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
      { .name = "TLBIMVAA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 3,
        .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
        .writefn = tlbimvaa_write },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo v7mp_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7mp_cp_reginfo[] = {
      { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
        .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
        .writefn = tlbimvaa_is_write },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
        .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
        .writefn = pmovsset_write,
        .raw_writefn = raw_write },
 -    REGINFO_SENTINEL
  };
  static void teecr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo t2ee_cp_reginfo[] = {
      { .name = "TEEHBR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
        .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
        .accessfn = teehbr_access, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo v6k_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
        .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tpidrprw_s),
                               offsetoflow32(CPUARMState, cp15.tpidrprw_ns) },
        .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
        .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_SEC].cval),
        .writefn = gt_sec_cval_write, .raw_writefn = raw_write,
      },
 -    REGINFO_SENTINEL
  };
  static CPAccessResult e2h_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
        .access = PL0_R, .type = ARM_CP_NO_RAW | ARM_CP_IO,
        .readfn = gt_virt_cnt_read,
      },
 -    REGINFO_SENTINEL
  };
  #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vapa_cp_reginfo[] = {
        .access = PL1_W, .accessfn = ats_access,
        .writefn = ats_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
  #endif
 -    REGINFO_SENTINEL
  };
  /* Return basic MPU access permission bits.  */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
        .fieldoffset = offsetof(CPUARMState, pmsav7.rnr[M_REG_NS]),
        .writefn = pmsav7_rgnr_write,
        .resetfn = arm_cp_reset_ignore },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
      { .name = "946_PRBS7", .cp = 15, .crn = 6, .crm = 7, .opc1 = 0,
        .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
        .fieldoffset = offsetof(CPUARMState, cp15.c6_region[7]) },
 -    REGINFO_SENTINEL
  };
  static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_pmsa_cp_reginfo[] = {
        .access = PL1_RW, .accessfn = access_tvm_trvm,
        .fieldoffset = offsetof(CPUARMState, cp15.far_el[1]),
        .resetvalue = 0, },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo vmsa_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
        /* No offsetoflow32 -- pass the entire TCR to writefn/raw_writefn. */
        .bank_fieldoffsets = { offsetof(CPUARMState, cp15.tcr_el[3]),
                               offsetof(CPUARMState, cp15.tcr_el[1])} },
 -    REGINFO_SENTINEL
  };
  /* Note that unlike TTBCR, writing to TTBCR2 does not require flushing
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo omap_cp_reginfo[] = {
      { .name = "C9", .cp = 15, .crn = 9,
        .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW,
        .type = ARM_CP_CONST | ARM_CP_OVERRIDE, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static void xscale_cpar_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo xscale_cp_reginfo[] = {
      { .name = "XSCALE_UNLOCK_DCACHE",
        .cp = 15, .opc1 = 0, .crn = 9, .crm = 2, .opc2 = 1,
        .access = PL1_W, .type = ARM_CP_NOP },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
        .access = PL1_RW,
        .type = ARM_CP_CONST | ARM_CP_NO_RAW | ARM_CP_OVERRIDE,
        .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
      { .name = "CDSR", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 6,
        .access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_RAW,
        .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
        .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
      { .name = "CIDCR", .cp = 15, .crm = 14, .opc1 = 0,
        .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
      { .name = "TCI_DCACHE", .cp = 15, .crn = 7, .crm = 14, .opc1 = 0, .opc2 = 3,
        .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_RAW,
        .resetvalue = (1 << 30) },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo strongarm_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo strongarm_cp_reginfo[] = {
        .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
        .access = PL1_RW, .resetvalue = 0,
        .type = ARM_CP_CONST | ARM_CP_OVERRIDE | ARM_CP_NO_RAW },
 -    REGINFO_SENTINEL
  };
  static uint64_t midr_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
        .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr1_s),
                               offsetof(CPUARMState, cp15.ttbr1_ns) },
        .writefn = vmsa_ttbr_write, },
 -    REGINFO_SENTINEL
  };
  static uint64_t aa64_fpcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
        .access = PL1_RW, .accessfn = access_trap_aa32s_el1,
        .writefn = sdcr_write,
        .fieldoffset = offsetoflow32(CPUARMState, cp15.mdcr_el3) },
 -    REGINFO_SENTINEL
  };
  /* Used to describe the behaviour of EL2 regs when EL2 does not exist.  */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
        .type = ARM_CP_CONST,
        .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
        .access = PL2_RW, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  /* Ditto, but for registers which exist in ARMv8 but not v7 */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_v8_cp_reginfo[] = {
        .cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 4,
        .access = PL2_RW,
        .type = ARM_CP_CONST, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
        .cp = 15, .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 3,
        .access = PL2_RW,
        .fieldoffset = offsetof(CPUARMState, cp15.hstr_el2) },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo el2_v8_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_v8_cp_reginfo[] = {
        .access = PL2_RW,
        .fieldoffset = offsetofhigh32(CPUARMState, cp15.hcr_el2),
        .writefn = hcr_writehigh },
 -    REGINFO_SENTINEL
  };
  static CPAccessResult sel2_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_sec_cp_reginfo[] = {
        .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 6, .opc2 = 2,
        .access = PL2_RW, .accessfn = sel2_access,
        .fieldoffset = offsetof(CPUARMState, cp15.vstcr_el2) },
 -    REGINFO_SENTINEL
  };
  static CPAccessResult nsacr_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
        .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 7, .opc2 = 5,
        .access = PL3_W, .type = ARM_CP_NO_RAW,
        .writefn = tlbi_aa64_vae3_write },
 -    REGINFO_SENTINEL
  };
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
        .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
        .access = PL1_RW, .accessfn = access_tda,
        .type = ARM_CP_NOP },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
        .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
      { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
        .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  /* Return the exception level to which exceptions should be taken
@@ -XXX,XX +XXX,XX @@ static void define_debug_regs(ARMCPU *cpu)
                .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
                .writefn = dbgbcr_write, .raw_writefn = raw_write
              },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, dbgregs);
      }
+@@ -XXX,XX +XXX,XX @@ static void define_debug_regs(ARMCPU *cpu)
-@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld_memidx(DisasContext *s,
+               .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
-         uint32_t syn;
+               .writefn = dbgwcr_write, .raw_writefn = raw_write
+             },
-         syn = syn_data_abort_with_iss(0,
+-            REGINFO_SENTINEL
--                                      size,
+         };
--                                      is_signed,
+         define_arm_cp_regs(cpu, dbgregs);
-+                                      (memop & MO_SIZE),
+     }
-+                                      (memop & MO_SIGN) != 0,
+@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
-                                       iss_srt,
+               .type = ARM_CP_IO,
-                                       iss_sf,
+               .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
-                                       iss_ar,
+               .raw_writefn = pmevtyper_rawwrite },
-@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld_memidx(DisasContext *s,
+-            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, pmev_regs);
          g_free(pmevcntr_name);
@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
                .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 5,
                .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
                .resetvalue = extract64(cpu->pmceid1, 32, 32) },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, v81_pmu_regs);
      }
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo lor_reginfo[] = {
        .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7,
        .access = PL1_R, .accessfn = access_lor_ns,
        .type = ARM_CP_CONST, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  #ifdef TARGET_AARCH64
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
        .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
        .access = PL1_RW, .accessfn = access_pauth,
        .fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo tlbirange_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
        .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 6, .opc2 = 5,
        .access = PL3_W, .type = ARM_CP_NO_RAW,
        .writefn = tlbi_aa64_rvae3_write },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo tlbios_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbios_reginfo[] = {
        .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 5,
        .access = PL3_W, .type = ARM_CP_NO_RAW,
        .writefn = tlbi_aa64_vae3is_write },
 -    REGINFO_SENTINEL
  };
  static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo rndr_reginfo[] = {
        .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
        .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
        .access = PL0_R, .readfn = rndr_readfn },
 -    REGINFO_SENTINEL
  };
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dcpop_reg[] = {
        .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 1,
        .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
        .accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo dcpodp_reg[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dcpodp_reg[] = {
        .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 1,
        .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
        .accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
 -    REGINFO_SENTINEL
  };
  #endif /*CONFIG_USER_ONLY*/
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo mte_reginfo[] = {
      { .name = "DC_CIGDSW", .state = ARM_CP_STATE_AA64,
        .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 6,
        .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo mte_tco_ro_reginfo[] = {
      { .name = "TCO", .state = ARM_CP_STATE_AA64,
        .opc0 = 3, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 7,
        .type = ARM_CP_CONST, .access = PL0_RW, },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
        .accessfn = aa64_zva_access,
  #endif
      },
 -    REGINFO_SENTINEL
  };
  #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
      { .name = "CPPRCTX", .state = ARM_CP_STATE_AA32,
        .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 7,
        .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
 -    REGINFO_SENTINEL
  };
  static uint64_t ccsidr2_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ccsidr2_reginfo[] = {
        .access = PL1_R,
        .accessfn = access_aa64_tid2,
        .readfn = ccsidr2_read, .type = ARM_CP_NO_RAW },
 -    REGINFO_SENTINEL
  };
  static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo jazelle_regs[] = {
        .cp = 14, .crn = 2, .crm = 0, .opc1 = 7, .opc2 = 0,
        .accessfn = access_joscr_jmcr,
        .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo vhe_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vhe_reginfo[] = {
        .access = PL2_RW, .accessfn = e2h_access,
        .writefn = gt_virt_cval_write, .raw_writefn = raw_write },
  #endif
 -    REGINFO_SENTINEL
  };
  #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ats1e1_reginfo[] = {
        .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
        .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
        .writefn = ats_write64 },
 -    REGINFO_SENTINEL
  };
  static const ARMCPRegInfo ats1cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ats1cp_reginfo[] = {
        .cp = 15, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
        .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
        .writefn = ats_write },
 -    REGINFO_SENTINEL
  };
  #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo actlr2_hactlr2_reginfo[] = {
        .cp = 15, .opc1 = 4, .crn = 1, .crm = 0, .opc2 = 3,
        .access = PL2_RW, .type = ARM_CP_CONST,
        .resetvalue = 0 },
 -    REGINFO_SENTINEL
  };
  void register_cp_regs_for_features(ARMCPU *cpu)
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL1_R, .type = ARM_CP_CONST,
                .accessfn = access_aa32_tid3,
                .resetvalue = cpu->isar.id_isar6 },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, v6_idregs);
          define_arm_cp_regs(cpu, v6_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 7,
                .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
                .resetvalue = cpu->pmceid1 },
 -            REGINFO_SENTINEL
          };
  #ifdef CONFIG_USER_ONLY
          ARMCPRegUserSpaceInfo v8_user_idregs[] = {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .exported_bits = 0x000000f0ffffffff },
              { .name = "ID_AA64ISAR*_EL1_RESERVED",
                .is_glob = true                     },
 -            REGUSERINFO_SENTINEL
          };
          modify_arm_cp_regs(v8_idregs, v8_user_idregs);
  #endif
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL2_RW,
                .resetvalue = vmpidr_def,
                .fieldoffset = offsetof(CPUARMState, cp15.vmpidr_el2) },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, vpidr_regs);
          define_arm_cp_regs(cpu, el2_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                    .access = PL2_RW, .accessfn = access_el3_aa32ns,
                    .type = ARM_CP_NO_RAW,
                    .writefn = arm_cp_write_ignore, .readfn = mpidr_read },
 -                REGINFO_SENTINEL
              };
              define_arm_cp_regs(cpu, vpidr_regs);
              define_arm_cp_regs(cpu, el3_no_el2_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .raw_writefn = raw_write, .writefn = sctlr_write,
                .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]),
                .resetvalue = cpu->reset_sctlr },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, el3_regs);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
              { .name = "DUMMY",
                .cp = 15, .crn = 0, .crm = 7, .opc1 = 0, .opc2 = CP_ANY,
                .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
 -            REGINFO_SENTINEL
          };
          ARMCPRegInfo id_v8_midr_cp_reginfo[] = {
              { .name = "MIDR_EL1", .state = ARM_CP_STATE_BOTH,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL1_R,
                .accessfn = access_aa64_tid1,
                .type = ARM_CP_CONST, .resetvalue = cpu->revidr },
 -            REGINFO_SENTINEL
          };
          ARMCPRegInfo id_cp_reginfo[] = {
              /* These are common to v8 and pre-v8 */
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL1_R,
                .accessfn = access_aa32_tid1,
                .type = ARM_CP_CONST, .resetvalue = 0 },
 -            REGINFO_SENTINEL
          };
          /* TLBTR is specific to VMSA */
          ARMCPRegInfo id_tlbtr_reginfo = {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
              { .name = "MIDR_EL1",
                .exported_bits = 0x00000000ffffffff },
              { .name = "REVIDR_EL1"                },
 -            REGUSERINFO_SENTINEL
          };
          modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
  #endif
          if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
              arm_feature(env, ARM_FEATURE_STRONGARM)) {
 -            ARMCPRegInfo *r;
 +            size_t i;
              /* Register the blanket "writes ignored" value first to cover the
               * whole space. Then update the specific ID registers to allow write
               * access, so that they ignore writes rather than causing them to
               * UNDEF.
               */
              define_one_arm_cp_reg(cpu, &crn0_wi_reginfo);
 -            for (r = id_pre_v8_midr_cp_reginfo;
 -                 r->type != ARM_CP_SENTINEL; r++) {
 -                r->access = PL1_RW;
 +            for (i = 0; i < ARRAY_SIZE(id_pre_v8_midr_cp_reginfo); ++i) {
 +                id_pre_v8_midr_cp_reginfo[i].access = PL1_RW;
              }
 -            for (r = id_cp_reginfo; r->type != ARM_CP_SENTINEL; r++) {
 -                r->access = PL1_RW;
 +            for (i = 0; i < ARRAY_SIZE(id_cp_reginfo); ++i) {
 +                id_cp_reginfo[i].access = PL1_RW;
              }
              id_mpuir_reginfo.access = PL1_RW;
              id_tlbtr_reginfo.access = PL1_RW;
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
              { .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
                .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
                .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
 -            REGINFO_SENTINEL
          };
  #ifdef CONFIG_USER_ONLY
          ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
              { .name = "MPIDR_EL1",
                .fixed_bits = 0x0000000080000000 },
 -            REGUSERINFO_SENTINEL
          };
          modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
  #endif
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 1,
                .access = PL3_RW, .type = ARM_CP_CONST,
                .resetvalue = 0 },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, auxcr_reginfo);
          if (cpu_isar_feature(aa32_ac2, cpu)) {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                    .type = ARM_CP_CONST,
                    .opc0 = 3, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 0,
                    .access = PL1_R, .resetvalue = cpu->reset_cbar },
 -                REGINFO_SENTINEL
              };
              /* We don't implement a r/w 64 bit CBAR currently */
              assert(arm_feature(env, ARM_FEATURE_CBAR_RO));
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
                                       offsetof(CPUARMState, cp15.vbar_ns) },
                .resetvalue = 0 },
 -            REGINFO_SENTINEL
          };
          define_arm_cp_regs(cpu, vbar_cp_reginfo);
      }
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
                     r->writefn);
          }
      }
 -    /* Bad type field probably means missing sentinel at end of reg list */
 -    assert(cptype_valid(r->type));
 +
      for (crm = crmmin; crm <= crmmax; crm++) {
          for (opc1 = opc1min; opc1 <= opc1max; opc1++) {
              for (opc2 = opc2min; opc2 <= opc2max; opc2++) {
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
      }
  }
--static void do_gpr_ld(DisasContext *s,
+-void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
--                      TCGv_i64 dest, TCGv_i64 tcg_addr,
+-                                    const ARMCPRegInfo *regs, void *opaque)
--                      int size, bool is_signed, bool extend,
++/* Define a whole list of registers */
-+static void do_gpr_ld(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
++void define_arm_cp_regs_with_opaque_len(ARMCPU *cpu, const ARMCPRegInfo *regs,
-+                      MemOp memop, bool extend,
++                                        void *opaque, size_t len)
                        bool iss_valid, unsigned int iss_srt,
                        bool iss_sf, bool iss_ar)
  {
--    do_gpr_ld_memidx(s, dest, tcg_addr, size, is_signed, extend,
+-    /* Define a whole list of registers */
--                     get_mem_index(s),
+-    const ARMCPRegInfo *r;
-+    do_gpr_ld_memidx(s, dest, tcg_addr, memop, extend, get_mem_index(s),
+-    for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
-                      iss_valid, iss_srt, iss_sf, iss_ar);
+-        define_one_arm_cp_reg_with_opaque(cpu, r, opaque);
- }
++    size_t i;
++    for (i = 0; i < len; ++i) {
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
++        define_one_arm_cp_reg_with_opaque(cpu, regs + i, opaque);
          }
          clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
                                      false, rn != 31, size);
 -        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, false, true, rt,
 +        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, true, rt,
                    disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
          tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
          return;
@@ -XXX,XX +XXX,XX @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
          /* Only unsigned 32bit loads target 32bit registers.  */
          bool iss_sf = opc != 0;
 -        do_gpr_ld(s, tcg_rt, clean_addr, size, is_signed, false,
 -                  true, rt, iss_sf, false);
 +        do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
 +                  false, true, rt, iss_sf, false);
      }
      tcg_temp_free_i64(clean_addr);
  }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
              /* Do not modify tcg_rt before recognizing any exception
               * from the second load.
               */
 -            do_gpr_ld(s, tmp, clean_addr, size, is_signed, false,
 -                      false, 0, false, false);
 +            do_gpr_ld(s, tmp, clean_addr, size + is_signed * MO_SIGN,
 +                      false, false, 0, false, false);
              tcg_gen_addi_i64(clean_addr, clean_addr, 1 << size);
 -            do_gpr_ld(s, tcg_rt2, clean_addr, size, is_signed, false,
 -                      false, 0, false, false);
 +            do_gpr_ld(s, tcg_rt2, clean_addr, size + is_signed * MO_SIGN,
 +                      false, false, 0, false, false);
              tcg_gen_mov_i64(tcg_rt, tmp);
              tcg_temp_free_i64(tmp);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
              do_gpr_st_memidx(s, tcg_rt, clean_addr, size, memidx,
                               iss_valid, rt, iss_sf, false);
          } else {
 -            do_gpr_ld_memidx(s, tcg_rt, clean_addr, size,
 -                             is_signed, is_extended, memidx,
 +            do_gpr_ld_memidx(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
 +                             is_extended, memidx,
                               iss_valid, rt, iss_sf, false);
          }
      }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
              do_gpr_st(s, tcg_rt, clean_addr, size,
                        true, rt, iss_sf, false);
          } else {
 -            do_gpr_ld(s, tcg_rt, clean_addr, size,
 -                      is_signed, is_extended,
 -                      true, rt, iss_sf, false);
 +            do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
 +                      is_extended, true, rt, iss_sf, false);
          }
      }
  }
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
-             do_gpr_st(s, tcg_rt, clean_addr, size,
+@@ -XXX,XX +XXX,XX @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
-                       true, rt, iss_sf, false);
+  * user-space cannot alter any values and dynamic values pertaining to
-         } else {
+  * execution state are hidden from user space view anyway.
--            do_gpr_ld(s, tcg_rt, clean_addr, size, is_signed, is_extended,
+  */
--                      true, rt, iss_sf, false);
+-void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
-+            do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
++void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
-+                      is_extended, true, rt, iss_sf, false);
++                                 const ARMCPRegUserSpaceInfo *mods,
 +                                 size_t mods_len)
  {
 -    const ARMCPRegUserSpaceInfo *m;
 -    ARMCPRegInfo *r;
 -
 -    for (m = mods; m->name; m++) {
 +    for (size_t mi = 0; mi < mods_len; ++mi) {
 +        const ARMCPRegUserSpaceInfo *m = mods + mi;
          GPatternSpec *pat = NULL;
 +
          if (m->is_glob) {
              pat = g_pattern_spec_new(m->name);
          }
-     }
+-        for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
- }
++        for (size_t ri = 0; ri < regs_len; ++ri) {
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
++            ARMCPRegInfo *r = regs + ri;
-          * full load-acquire (we only need "load-acquire processor consistent"),
++
-          * but we choose to implement them as full LDAQ.
+             if (pat && g_pattern_match_string(pat, r->name)) {
-          */
+                 r->type = ARM_CP_CONST;
--        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, false,
+                 r->access = PL0U_R;
 +        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false,
                    true, rt, disas_ldst_compute_iss_sf(size, false, 0), true);
          tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
          return;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
                                  is_wback || rn != 31, size);
      tcg_rt = cpu_reg(s, rt);
 -    do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,
 +    do_gpr_ld(s, tcg_rt, clean_addr, size,
                /* extend */ false, /* iss_valid */ !is_wback,
                /* iss_srt */ rt, /* iss_sf */ true, /* iss_ar */ false);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
           * Load-AcquirePC semantics; we implement as the slightly more
           * restrictive Load-Acquire.
           */
 -        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, is_signed, extend,
 -                  true, rt, iss_sf, true);
 +        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size + is_signed * MO_SIGN,
 +                  extend, true, rt, iss_sf, true);
          tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
      }
  }
 --
-.20.1
+.25.1

-[PULL 39/43] target/arm: Enforce alignment for aa64 vector LDn/STn (multiple)
+[PULL 05/23] target/arm: Make some more cpreg data static const
 From: Richard Henderson <richard.henderson@linaro.org>
+These particular data structures are not modified at runtime.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-30-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-5-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 15 +++++++++++----
+ target/arm/helper.c | 16 ++++++++--------
-file changed, 11 insertions(+), 4 deletions(-)
+file changed, 8 insertions(+), 8 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
-     bool is_postidx = extract32(insn, 23, 1);
+               .resetvalue = cpu->pmceid1 },
-     bool is_q = extract32(insn, 30, 1);
+         };
-     TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
+ #ifdef CONFIG_USER_ONLY
--    MemOp endian = s->be_data;
+-        ARMCPRegUserSpaceInfo v8_user_idregs[] = {
-+    MemOp endian, align, mop;
++        static const ARMCPRegUserSpaceInfo v8_user_idregs[] = {
+             { .name = "ID_AA64PFR0_EL1",
-     int total;    /* total bytes */
+               .exported_bits = 0x000f000f00ff0000,
-     int elements; /* elements per vector */
+               .fixed_bits    = 0x0000000000000011 },
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
       */
      if (arm_feature(env, ARM_FEATURE_EL3)) {
          if (arm_feature(env, ARM_FEATURE_AARCH64)) {
 -            ARMCPRegInfo nsacr = {
 +            static const ARMCPRegInfo nsacr = {
                  .name = "NSACR", .type = ARM_CP_CONST,
                  .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                  .access = PL1_RW, .accessfn = nsacr_access,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
              };
              define_one_arm_cp_reg(cpu, &nsacr);
          } else {
 -            ARMCPRegInfo nsacr = {
 +            static const ARMCPRegInfo nsacr = {
                  .name = "NSACR",
                  .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                  .access = PL3_RW | PL1_R,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
          }
      } else {
          if (arm_feature(env, ARM_FEATURE_V8)) {
 -            ARMCPRegInfo nsacr = {
 +            static const ARMCPRegInfo nsacr = {
                  .name = "NSACR", .type = ARM_CP_CONST,
                  .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                  .access = PL1_R,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL1_R, .type = ARM_CP_CONST,
                .resetvalue = cpu->pmsav7_dregion << 8
          };
 -        ARMCPRegInfo crn0_wi_reginfo = {
 +        static const ARMCPRegInfo crn0_wi_reginfo = {
              .name = "CRN0_WI", .cp = 15, .crn = 0, .crm = CP_ANY,
              .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
              .type = ARM_CP_NOP | ARM_CP_OVERRIDE
          };
  #ifdef CONFIG_USER_ONLY
 -        ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
 +        static const ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
              { .name = "MIDR_EL1",
                .exported_bits = 0x00000000ffffffff },
              { .name = "REVIDR_EL1"                },
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
          };
  #ifdef CONFIG_USER_ONLY
 -        ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
 +        static const ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
              { .name = "MPIDR_EL1",
                .fixed_bits = 0x0000000080000000 },
          };
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
      }
-     /* For our purposes, bytes are always little-endian.  */
+     if (arm_feature(env, ARM_FEATURE_VBAR)) {
-+    endian = s->be_data;
+-        ARMCPRegInfo vbar_cp_reginfo[] = {
-     if (size == 0) {
++        static const ARMCPRegInfo vbar_cp_reginfo[] = {
-         endian = MO_LE;
+             { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
-     }
+               .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
+               .access = PL1_RW, .writefn = vbar_write,
       * Consecutive little-endian elements from a single register
       * can be promoted to a larger little-endian operation.
       */
 +    align = MO_ALIGN;
      if (selem == 1 && endian == MO_LE) {
 +        align = pow2_align(size);
          size = 3;
      }
 -    elements = (is_q ? 16 : 8) >> size;
 +    if (!s->align_mem) {
 +        align = 0;
 +    }
 +    mop = endian | size | align;
 +    elements = (is_q ? 16 : 8) >> size;
      tcg_ebytes = tcg_const_i64(1 << size);
      for (r = 0; r < rpt; r++) {
          int e;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
              for (xs = 0; xs < selem; xs++) {
                  int tt = (rt + r + xs) % 32;
                  if (is_store) {
 -                    do_vec_st(s, tt, e, clean_addr, size | endian);
 +                    do_vec_st(s, tt, e, clean_addr, mop);
                  } else {
 -                    do_vec_ld(s, tt, e, clean_addr, size | endian);
 +                    do_vec_ld(s, tt, e, clean_addr, mop);
                  }
                  tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
              }
 --
-.20.1
+.25.1

-[PULL 20/43] target/arm: Add ALIGN_MEM to TBFLAG_ANY
+[PULL 06/23] target/arm: Reorg ARMCPRegInfo type field bits
 From: Richard Henderson <richard.henderson@linaro.org>
-Use this to signal when memory access alignment is required.
+Instead of defining ARM_CP_FLAG_MASK to remove flags,
-This value comes from the CCR register for M-profile, and
+define ARM_CP_SPECIAL_MASK to isolate special cases.
-from the SCTLR register for A-profile.
+Sort the specials to the low bits. Use an enum.
 Split the large comment block so as to document each
 value separately.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-6-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-11-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h           |  2 ++
+ target/arm/cpregs.h        | 130 +++++++++++++++++++++++--------------
- target/arm/translate.h     |  2 ++
+ target/arm/cpu.c           |   4 +-
- target/arm/helper.c        | 19 +++++++++++++++++--
+ target/arm/helper.c        |   4 +-
- target/arm/translate-a64.c |  1 +
+ target/arm/translate-a64.c |   6 +-
- target/arm/translate.c     |  7 +++----
+ target/arm/translate.c     |   6 +-
-files changed, 25 insertions(+), 6 deletions(-)
+files changed, 92 insertions(+), 58 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/cpregs.h
-+++ b/target/arm/cpu.h
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
+@@ -XXX,XX +XXX,XX @@
- FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
+ #define TARGET_ARM_CPREGS_H
  /* For A-profile only, target EL for debug exceptions.  */
  FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
 +/* Memory operations require alignment: SCTLR_ELx.A or CCR.UNALIGN_TRP */
 +FIELD(TBFLAG_ANY, ALIGN_MEM, 12, 1)
  /*
-  * Bit usage when in AArch32 state, both A- and M-profile.
+- * ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
-diff --git a/target/arm/translate.h b/target/arm/translate.h
+- * special-behaviour cp reg and bits [11..8] indicate what behaviour
-index XXXXXXX..XXXXXXX 100644
+- * it has. Otherwise it is a simple cp reg, where CONST indicates that
---- a/target/arm/translate.h
+- * TCG can assume the value to be constant (ie load at translate time)
-+++ b/target/arm/translate.h
+- * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
-@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
+- * indicates that the TB should not be ended after a write to this register
-     bool bt;
+- * (the default is that the TB ends after cp writes). OVERRIDE permits
-     /* True if any CP15 access is trapped by HSTR_EL2 */
+- * a register definition to override a previous definition for the
-     bool hstr_active;
+- * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
-+    /* True if memory operations require alignment */
+- * old must have the OVERRIDE bit set.
-+    bool align_mem;
+- * ALIAS indicates that this register is an alias view of some underlying
-     /*
+- * state which is also visible via another register, and that the other
-      * >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
+- * register is handling migration and reset; registers marked ALIAS will not be
-      *  < 0, set by the current instruction.
+- * migrated but may have their state set by syncing of register state from KVM.
 - * NO_RAW indicates that this register has no underlying state and does not
 - * support raw access for state saving/loading; it will not be used for either
 - * migration or KVM state synchronization. (Typically this is for "registers"
 - * which are actually used as instructions for cache maintenance and so on.)
 - * IO indicates that this register does I/O and therefore its accesses
 - * need to be marked with gen_io_start() and also end the TB. In particular,
 - * registers which implement clocks or timers require this.
 - * RAISES_EXC is for when the read or write hook might raise an exception;
 - * the generated code will synchronize the CPU state before calling the hook
 - * so that it is safe for the hook to call raise_exception().
 - * NEWEL is for writes to registers that might change the exception
 - * level - typically on older ARM chips. For those cases we need to
 - * re-read the new el when recomputing the translation flags.
 + * ARMCPRegInfo type field bits:
   */
 -#define ARM_CP_SPECIAL           0x0001
 -#define ARM_CP_CONST             0x0002
 -#define ARM_CP_64BIT             0x0004
 -#define ARM_CP_SUPPRESS_TB_END   0x0008
 -#define ARM_CP_OVERRIDE          0x0010
 -#define ARM_CP_ALIAS             0x0020
 -#define ARM_CP_IO                0x0040
 -#define ARM_CP_NO_RAW            0x0080
 -#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
 -#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
 -#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
 -#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
 -#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
 -#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
 -#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
 -#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
 -#define ARM_CP_FPU               0x1000
 -#define ARM_CP_SVE               0x2000
 -#define ARM_CP_NO_GDB            0x4000
 -#define ARM_CP_RAISES_EXC        0x8000
 -#define ARM_CP_NEWEL             0x10000
 -/* Mask of only the flag bits in a type field */
 -#define ARM_CP_FLAG_MASK         0x1f0ff
 +enum {
 +    /*
 +     * Register must be handled specially during translation.
 +     * The method is one of the values below:
 +     */
 +    ARM_CP_SPECIAL_MASK          = 0x000f,
 +    /* Special: no change to PE state: writes ignored, reads ignored. */
 +    ARM_CP_NOP                   = 0x0001,
 +    /* Special: sysreg is WFI, for v5 and v6. */
 +    ARM_CP_WFI                   = 0x0002,
 +    /* Special: sysreg is NZCV. */
 +    ARM_CP_NZCV                  = 0x0003,
 +    /* Special: sysreg is CURRENTEL. */
 +    ARM_CP_CURRENTEL             = 0x0004,
 +    /* Special: sysreg is DC ZVA or similar. */
 +    ARM_CP_DC_ZVA                = 0x0005,
 +    ARM_CP_DC_GVA                = 0x0006,
 +    ARM_CP_DC_GZVA               = 0x0007,
 +
 +    /* Flag: reads produce resetvalue; writes ignored. */
 +    ARM_CP_CONST                 = 1 << 4,
 +    /* Flag: For ARM_CP_STATE_AA32, sysreg is 64-bit. */
 +    ARM_CP_64BIT                 = 1 << 5,
 +    /*
 +     * Flag: TB should not be ended after a write to this register
 +     * (the default is that the TB ends after cp writes).
 +     */
 +    ARM_CP_SUPPRESS_TB_END       = 1 << 6,
 +    /*
 +     * Flag: Permit a register definition to override a previous definition
 +     * for the same (cp, is64, crn, crm, opc1, opc2) tuple: either the new
 +     * or the old must have the ARM_CP_OVERRIDE bit set.
 +     */
 +    ARM_CP_OVERRIDE              = 1 << 7,
 +    /*
 +     * Flag: Register is an alias view of some underlying state which is also
 +     * visible via another register, and that the other register is handling
 +     * migration and reset; registers marked ARM_CP_ALIAS will not be migrated
 +     * but may have their state set by syncing of register state from KVM.
 +     */
 +    ARM_CP_ALIAS                 = 1 << 8,
 +    /*
 +     * Flag: Register does I/O and therefore its accesses need to be marked
 +     * with gen_io_start() and also end the TB. In particular, registers which
 +     * implement clocks or timers require this.
 +     */
 +    ARM_CP_IO                    = 1 << 9,
 +    /*
 +     * Flag: Register has no underlying state and does not support raw access
 +     * for state saving/loading; it will not be used for either migration or
 +     * KVM state synchronization. Typically this is for "registers" which are
 +     * actually used as instructions for cache maintenance and so on.
 +     */
 +    ARM_CP_NO_RAW                = 1 << 10,
 +    /*
 +     * Flag: The read or write hook might raise an exception; the generated
 +     * code will synchronize the CPU state before calling the hook so that it
 +     * is safe for the hook to call raise_exception().
 +     */
 +    ARM_CP_RAISES_EXC            = 1 << 11,
 +    /*
 +     * Flag: Writes to the sysreg might change the exception level - typically
 +     * on older ARM chips. For those cases we need to re-read the new el when
 +     * recomputing the translation flags.
 +     */
 +    ARM_CP_NEWEL                 = 1 << 12,
 +    /*
 +     * Flag: Access check for this sysreg is identical to accessing FPU state
 +     * from an instruction: use translation fp_access_check().
 +     */
 +    ARM_CP_FPU                   = 1 << 13,
 +    /*
 +     * Flag: Access check for this sysreg is identical to accessing SVE state
 +     * from an instruction: use translation sve_access_check().
 +     */
 +    ARM_CP_SVE                   = 1 << 14,
 +    /* Flag: Do not expose in gdb sysreg xml. */
 +    ARM_CP_NO_GDB                = 1 << 15,
 +};
  /*
   * Valid values for ARMCPRegInfo state field, indicating which of
 diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
      ARMCPRegInfo *ri = value;
      ARMCPU *cpu = opaque;
 -    if (ri->type & (ARM_CP_SPECIAL | ARM_CP_ALIAS)) {
 +    if (ri->type & (ARM_CP_SPECIAL_MASK | ARM_CP_ALIAS)) {
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void cp_reg_check_reset(gpointer key, gpointer value,  gpointer opaque)
      ARMCPU *cpu = opaque;
      uint64_t oldvalue, newvalue;
 -    if (ri->type & (ARM_CP_SPECIAL | ARM_CP_ALIAS | ARM_CP_NO_RAW)) {
 +    if (ri->type & (ARM_CP_SPECIAL_MASK | ARM_CP_ALIAS | ARM_CP_NO_RAW)) {
          return;
      }
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-                                         ARMMMUIdx mmu_idx)
+      * multiple times. Special registers (ie NOP/WFI) are
- {
+      * never migratable and not even raw-accessible.
      CPUARMTBFlags flags = {};
 +    uint32_t ccr = env->v7m.ccr[env->v7m.secure];
 +
 +    /* Without HaveMainExt, CCR.UNALIGN_TRP is RES1. */
 +    if (ccr & R_V7M_CCR_UNALIGN_TRP_MASK) {
 +        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
 +    }
      if (arm_v7m_is_handler_mode(env)) {
          DP_TBFLAG_M32(flags, HANDLER, 1);
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
       */
-     if (arm_feature(env, ARM_FEATURE_V8) &&
+-    if ((r->type & ARM_CP_SPECIAL)) {
-         !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
++    if (r->type & ARM_CP_SPECIAL_MASK) {
--          (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
+         r2->type |= ARM_CP_NO_RAW;
-+          (ccr & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
+     }
-         DP_TBFLAG_M32(flags, STACKCHECK, 1);
+     if (((r->crm == CP_ANY) && crm != 0) ||
-     }
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
+     /* Check that the register definition has enough info to handle
-@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
+      * reads and writes if they are permitted.
-                                         ARMMMUIdx mmu_idx)
+      */
- {
+-    if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
-     CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
++    if (!(r->type & (ARM_CP_SPECIAL_MASK | ARM_CP_CONST))) {
-+    int el = arm_current_el(env);
+         if (r->access & PL3_R) {
-+
+             assert((r->fieldoffset ||
-+    if (arm_sctlr(env, el) & SCTLR_A) {
+                    (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1])) ||
 +        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
 +    }
      if (arm_el_is_aa64(env, 1)) {
          DP_TBFLAG_A32(flags, VFPEN, 1);
      }
 -    if (arm_current_el(env) < 2 && env->cp15.hstr_el2 &&
 +    if (el < 2 && env->cp15.hstr_el2 &&
          (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
          DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
      }
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
      sctlr = regime_sctlr(env, stage1);
 +    if (sctlr & SCTLR_A) {
 +        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
 +    }
 +
      if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
          DP_TBFLAG_ANY(flags, BE_DATA, 1);
      }
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
+@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-     dc->user = (dc->current_el == 0);
+     }
- #endif
-     dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
+     /* Handle special cases first */
-+    dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
+-    switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
-     dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
++    switch (ri->type & ARM_CP_SPECIAL_MASK) {
-     dc->sve_len = (EX_TBFLAG_A64(tb_flags, ZCR_LEN) + 1) * 16;
++    case 0:
-     dc->pauth_active = EX_TBFLAG_A64(tb_flags, PAUTH_ACTIVE);
++        break;
      case ARM_CP_NOP:
          return;
      case ARM_CP_NZCV:
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
          }
          return;
      default:
 -        break;
 +        g_assert_not_reached();
      }
      if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
          return;
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
+@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
- {
+         }
-     TCGv addr;
+         /* Handle special cases first */
--    if (arm_dc_feature(s, ARM_FEATURE_M) &&
+-        switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
--        !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
++        switch (ri->type & ARM_CP_SPECIAL_MASK) {
-+    if (s->align_mem) {
++        case 0:
-         opc |= MO_ALIGN;
++            break;
-     }
+         case ARM_CP_NOP:
+             return;
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
+         case ARM_CP_WFI:
- {
+@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-     TCGv addr;
+             s->base.is_jmp = DISAS_WFI;
+             return;
--    if (arm_dc_feature(s, ARM_FEATURE_M) &&
+         default:
--        !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
+-            break;
-+    if (s->align_mem) {
++            g_assert_not_reached();
-         opc |= MO_ALIGN;
+         }
-     }
+         if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      dc->user = (dc->current_el == 0);
  #endif
      dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
 +    dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
      if (arm_feature(env, ARM_FEATURE_M)) {
          dc->vfp_enabled = 1;
 --
-.20.1
+.25.1

-[PULL 15/43] target/arm: Add wrapper macros for accessing tbflags
+[PULL 07/23] target/arm: Avoid bare abort() or assert(0)
 From: Richard Henderson <richard.henderson@linaro.org>
-We're about to split tbflags into two parts.  These macros
+Standardize on g_assert_not_reached() for "should not happen".
-will ensure that the correct part is used with the correct
+Retain abort() when preceeded by fprintf or error_report.
 set of bits.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-7-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-5-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h           | 22 +++++++++-
+ target/arm/helper.c         | 7 +++----
- target/arm/helper-a64.c    |  2 +-
+ target/arm/hvf/hvf.c        | 2 +-
- target/arm/helper.c        | 85 +++++++++++++++++---------------------
+ target/arm/kvm-stub.c       | 4 ++--
- target/arm/translate-a64.c | 36 ++++++++--------
+ target/arm/kvm.c            | 4 ++--
- target/arm/translate.c     | 48 ++++++++++-----------
+ target/arm/machine.c        | 4 ++--
-files changed, 101 insertions(+), 92 deletions(-)
+ target/arm/translate-a64.c  | 4 ++--
  target/arm/translate-neon.c | 2 +-
  target/arm/translate.c      | 4 ++--
 files changed, 15 insertions(+), 16 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, TCMA, 16, 2)
- FIELD(TBFLAG_A64, MTE_ACTIVE, 18, 1)
- FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
-+/*
-+ * Helpers for using the above.
-+ */
-+#define DP_TBFLAG_ANY(DST, WHICH, VAL) \
-+    (DST = FIELD_DP32(DST, TBFLAG_ANY, WHICH, VAL))
-+#define DP_TBFLAG_A64(DST, WHICH, VAL) \
-+    (DST = FIELD_DP32(DST, TBFLAG_A64, WHICH, VAL))
-+#define DP_TBFLAG_A32(DST, WHICH, VAL) \
-+    (DST = FIELD_DP32(DST, TBFLAG_A32, WHICH, VAL))
-+#define DP_TBFLAG_M32(DST, WHICH, VAL) \
-+    (DST = FIELD_DP32(DST, TBFLAG_M32, WHICH, VAL))
-+#define DP_TBFLAG_AM32(DST, WHICH, VAL) \
-+    (DST = FIELD_DP32(DST, TBFLAG_AM32, WHICH, VAL))
-+
-+#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN, TBFLAG_ANY, WHICH)
-+#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A64, WHICH)
-+#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A32, WHICH)
-+#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_M32, WHICH)
-+#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN, TBFLAG_AM32, WHICH)
-+
- /**
-  * cpu_mmu_index:
-  * @env: The cpu environment
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
-  */
- static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
- {
--    return FIELD_EX32(env->hflags, TBFLAG_ANY, MMUIDX);
-+    return EX_TBFLAG_ANY(env->hflags, MMUIDX);
- }
- static inline bool bswap_code(bool sctlr_b)
-diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.c
-+++ b/target/arm/helper-a64.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
-          * the hflags rebuild, since we can pull the composite TBII field
-          * from there.
-          */
--        tbii = FIELD_EX32(env->hflags, TBFLAG_A64, TBII);
-+        tbii = EX_TBFLAG_A64(env->hflags, TBII);
-         if ((tbii >> extract64(new_pc, 55, 1)) & 1) {
-             /* TBI is enabled. */
-             int core_mmu_idx = cpu_mmu_index(env, false);
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
- static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
+             break;
-                                       ARMMMUIdx mmu_idx, uint32_t flags)
+         default:
- {
+             /* broken reginfo with out-of-range opc1 */
--    flags = FIELD_DP32(flags, TBFLAG_ANY, FPEXC_EL, fp_el);
+-            assert(false);
--    flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX,
+-            break;
--                       arm_to_core_mmu_idx(mmu_idx));
++            g_assert_not_reached();
 +    DP_TBFLAG_ANY(flags, FPEXC_EL, fp_el);
 +    DP_TBFLAG_ANY(flags, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
      if (arm_singlestep_active(env)) {
 -        flags = FIELD_DP32(flags, TBFLAG_ANY, SS_ACTIVE, 1);
 +        DP_TBFLAG_ANY(flags, SS_ACTIVE, 1);
      }
      return flags;
  }
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
      bool sctlr_b = arm_sctlr_b(env);
      if (sctlr_b) {
 -        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR__B, 1);
 +        DP_TBFLAG_A32(flags, SCTLR__B, 1);
      }
      if (arm_cpu_data_is_big_endian_a32(env, sctlr_b)) {
 -        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
 +        DP_TBFLAG_ANY(flags, BE_DATA, 1);
      }
 -    flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
 +    DP_TBFLAG_A32(flags, NS, !access_secure_reg(env));
      return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
  }
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
      uint32_t flags = 0;
      if (arm_v7m_is_handler_mode(env)) {
 -        flags = FIELD_DP32(flags, TBFLAG_M32, HANDLER, 1);
 +        DP_TBFLAG_M32(flags, HANDLER, 1);
      }
      /*
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
      if (arm_feature(env, ARM_FEATURE_V8) &&
          !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
            (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
 -        flags = FIELD_DP32(flags, TBFLAG_M32, STACKCHECK, 1);
 +        DP_TBFLAG_M32(flags, STACKCHECK, 1);
      }
      return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_aprofile(CPUARMState *env)
  {
      int flags = 0;
 -    flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL,
 -                       arm_debug_target_el(env));
 +    DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
      return flags;
  }
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
      uint32_t flags = rebuild_hflags_aprofile(env);
      if (arm_el_is_aa64(env, 1)) {
 -        flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
 +        DP_TBFLAG_A32(flags, VFPEN, 1);
      }
      if (arm_current_el(env) < 2 && env->cp15.hstr_el2 &&
          (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
 -        flags = FIELD_DP32(flags, TBFLAG_A32, HSTR_ACTIVE, 1);
 +        DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
      }
      return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
      uint64_t sctlr;
      int tbii, tbid;
 -    flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
 +    DP_TBFLAG_ANY(flags, AARCH64_STATE, 1);
      /* Get control bits for tagged addresses.  */
      tbid = aa64_va_parameter_tbi(tcr, mmu_idx);
      tbii = tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx);
 -    flags = FIELD_DP32(flags, TBFLAG_A64, TBII, tbii);
 -    flags = FIELD_DP32(flags, TBFLAG_A64, TBID, tbid);
 +    DP_TBFLAG_A64(flags, TBII, tbii);
 +    DP_TBFLAG_A64(flags, TBID, tbid);
      if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
          int sve_el = sve_exception_el(env, el);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
          } else {
              zcr_len = sve_zcr_len_for_el(env, el);
          }
--        flags = FIELD_DP32(flags, TBFLAG_A64, SVEEXC_EL, sve_el);
+         /* assert our permissions are not too lax (stricter is fine) */
--        flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
+         assert((r->access & ~mask) == 0);
-+        DP_TBFLAG_A64(flags, SVEEXC_EL, sve_el);
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-+        DP_TBFLAG_A64(flags, ZCR_LEN, zcr_len);
+             break;
-     }
+         default:
+             /* Never happens, but compiler isn't smart enough to tell.  */
-     sctlr = regime_sctlr(env, stage1);
+-            abort();
++            g_assert_not_reached();
      if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
 -        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
 +        DP_TBFLAG_ANY(flags, BE_DATA, 1);
      }
      if (cpu_isar_feature(aa64_pauth, env_archcpu(env))) {
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
           * The decision of which action to take is left to a helper.
           */
          if (sctlr & (SCTLR_EnIA | SCTLR_EnIB | SCTLR_EnDA | SCTLR_EnDB)) {
 -            flags = FIELD_DP32(flags, TBFLAG_A64, PAUTH_ACTIVE, 1);
 +            DP_TBFLAG_A64(flags, PAUTH_ACTIVE, 1);
          }
      }
+     *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
-     if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-         /* Note that SCTLR_EL[23].BT == SCTLR_BT1.  */
+             break;
-         if (sctlr & (el == 0 ? SCTLR_BT0 : SCTLR_BT1)) {
+         default:
--            flags = FIELD_DP32(flags, TBFLAG_A64, BT, 1);
+             /* Never happens, but compiler isn't smart enough to tell.  */
-+            DP_TBFLAG_A64(flags, BT, 1);
+-            abort();
 +            g_assert_not_reached();
          }
      }
+     if (domain_prot == 3) {
-@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
+diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
-         case ARMMMUIdx_SE10_1:
+index XXXXXXX..XXXXXXX 100644
-         case ARMMMUIdx_SE10_1_PAN:
+--- a/target/arm/hvf/hvf.c
-             /* TODO: ARMv8.3-NV */
++++ b/target/arm/hvf/hvf.c
--            flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
-+            DP_TBFLAG_A64(flags, UNPRIV, 1);
+         /* we got kicked, no exit to process */
-             break;
+         return 0;
-         case ARMMMUIdx_E20_2:
+     default:
-         case ARMMMUIdx_E20_2_PAN:
+-        assert(0);
-@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
++        g_assert_not_reached();
-              * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
+     }
-              */
-             if (env->cp15.hcr_el2 & HCR_TGE) {
+     hvf_sync_vtimer(cpu);
--                flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+diff --git a/target/arm/kvm-stub.c b/target/arm/kvm-stub.c
-+                DP_TBFLAG_A64(flags, UNPRIV, 1);
+index XXXXXXX..XXXXXXX 100644
-             }
+--- a/target/arm/kvm-stub.c
 +++ b/target/arm/kvm-stub.c
@@ -XXX,XX +XXX,XX @@
  bool write_kvmstate_to_list(ARMCPU *cpu)
  {
 -    abort();
 +    g_assert_not_reached();
  }
  bool write_list_to_kvmstate(ARMCPU *cpu, int level)
  {
 -    abort();
 +    g_assert_not_reached();
  }
 diff --git a/target/arm/kvm.c b/target/arm/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm.c
 +++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ bool write_kvmstate_to_list(ARMCPU *cpu)
              ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &r);
              break;
          default:
-@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
+-            abort();
-          * 4) If no Allocation Tag Access, then all accesses are Unchecked.
++            g_assert_not_reached();
           */
          if (allocation_tag_access_enabled(env, el, sctlr)) {
 -            flags = FIELD_DP32(flags, TBFLAG_A64, ATA, 1);
 +            DP_TBFLAG_A64(flags, ATA, 1);
              if (tbid
                  && !(env->pstate & PSTATE_TCO)
                  && (sctlr & (el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) {
 -                flags = FIELD_DP32(flags, TBFLAG_A64, MTE_ACTIVE, 1);
 +                DP_TBFLAG_A64(flags, MTE_ACTIVE, 1);
              }
          }
-         /* And again for unprivileged accesses, if required.  */
+         if (ret) {
--        if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV)
+             ok = false;
-+        if (EX_TBFLAG_A64(flags, UNPRIV)
+@@ -XXX,XX +XXX,XX @@ bool write_list_to_kvmstate(ARMCPU *cpu, int level)
-             && tbid
+             r.addr = (uintptr_t)(cpu->cpreg_values + i);
-             && !(env->pstate & PSTATE_TCO)
+             break;
-             && (sctlr & SCTLR_TCF0)
+         default:
-             && allocation_tag_access_enabled(env, 0, sctlr)) {
+-            abort();
--            flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1);
++            g_assert_not_reached();
 +            DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1);
          }
-         /* Cache TCMA as well as TBI. */
+         ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &r);
--        flags = FIELD_DP32(flags, TBFLAG_A64, TCMA,
+         if (ret) {
--                           aa64_va_parameter_tcma(tcr, mmu_idx));
+diff --git a/target/arm/machine.c b/target/arm/machine.c
-+        DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx));
+index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/machine.c
 +++ b/target/arm/machine.c
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
      if (kvm_enabled()) {
          if (!write_kvmstate_to_list(cpu)) {
              /* This should never fail */
 -            abort();
 +            g_assert_not_reached();
          }
          /*
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
      } else {
          if (!write_cpustate_to_list(cpu, false)) {
              /* This should never fail. */
 -            abort();
 +            g_assert_not_reached();
          }
      }
-     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-     *cs_base = 0;
-     assert_hflags_rebuild_correctly(env);
--    if (FIELD_EX32(flags, TBFLAG_ANY, AARCH64_STATE)) {
-+    if (EX_TBFLAG_ANY(flags, AARCH64_STATE)) {
-         *pc = env->pc;
-         if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
--            flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
-+            DP_TBFLAG_A64(flags, BTYPE, env->btype);
-         }
-     } else {
-         *pc = env->regs[15];
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-             if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
-                 FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
-                 != env->v7m.secure) {
--                flags = FIELD_DP32(flags, TBFLAG_M32, FPCCR_S_WRONG, 1);
-+                DP_TBFLAG_M32(flags, FPCCR_S_WRONG, 1);
-             }
-             if ((env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-                  * active FP context; we must create a new FP context before
-                  * executing any FP insn.
-                  */
--                flags = FIELD_DP32(flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED, 1);
-+                DP_TBFLAG_M32(flags, NEW_FP_CTXT_NEEDED, 1);
-             }
-             bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
-             if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
--                flags = FIELD_DP32(flags, TBFLAG_M32, LSPACT, 1);
-+                DP_TBFLAG_M32(flags, LSPACT, 1);
-             }
-         } else {
-             /*
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-              * Note that VECLEN+VECSTRIDE are RES0 for M-profile.
-              */
-             if (arm_feature(env, ARM_FEATURE_XSCALE)) {
--                flags = FIELD_DP32(flags, TBFLAG_A32,
--                                   XSCALE_CPAR, env->cp15.c15_cpar);
-+                DP_TBFLAG_A32(flags, XSCALE_CPAR, env->cp15.c15_cpar);
-             } else {
--                flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN,
--                                   env->vfp.vec_len);
--                flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE,
--                                   env->vfp.vec_stride);
-+                DP_TBFLAG_A32(flags, VECLEN, env->vfp.vec_len);
-+                DP_TBFLAG_A32(flags, VECSTRIDE, env->vfp.vec_stride);
-             }
-             if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)) {
--                flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
-+                DP_TBFLAG_A32(flags, VFPEN, 1);
-             }
-         }
--        flags = FIELD_DP32(flags, TBFLAG_AM32, THUMB, env->thumb);
--        flags = FIELD_DP32(flags, TBFLAG_AM32, CONDEXEC, env->condexec_bits);
-+        DP_TBFLAG_AM32(flags, THUMB, env->thumb);
-+        DP_TBFLAG_AM32(flags, CONDEXEC, env->condexec_bits);
-     }
-     /*
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-      *     1            1       Active-not-pending
-      * SS_ACTIVE is set in hflags; PSTATE__SS is computed every TB.
-      */
--    if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE) &&
--        (env->pstate & PSTATE_SS)) {
--        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE__SS, 1);
-+    if (EX_TBFLAG_ANY(flags, SS_ACTIVE) && (env->pstate & PSTATE_SS)) {
-+        DP_TBFLAG_ANY(flags, PSTATE__SS, 1);
-     }
-     *pflags = flags;
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn)
-                                !arm_el_is_aa64(env, 3);
+         gen_helper_advsimd_rinth(tcg_res, tcg_op, fpst);
-     dc->thumb = 0;
+         break;
-     dc->sctlr_b = 0;
+     default:
--    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
+-        abort();
-+    dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
++        g_assert_not_reached();
-     dc->condexec_mask = 0;
+     }
-     dc->condexec_cond = 0;
--    core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
+     write_fp_sreg(s, rd, tcg_res);
-+    core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX);
+@@ -XXX,XX +XXX,XX @@ static void handle_fp_fcvt(DisasContext *s, int opcode,
-     dc->mmu_idx = core_to_aa64_mmu_idx(core_mmu_idx);
+         break;
--    dc->tbii = FIELD_EX32(tb_flags, TBFLAG_A64, TBII);
+     }
--    dc->tbid = FIELD_EX32(tb_flags, TBFLAG_A64, TBID);
+     default:
--    dc->tcma = FIELD_EX32(tb_flags, TBFLAG_A64, TCMA);
+-        abort();
-+    dc->tbii = EX_TBFLAG_A64(tb_flags, TBII);
++        g_assert_not_reached();
-+    dc->tbid = EX_TBFLAG_A64(tb_flags, TBID);
+     }
-+    dc->tcma = EX_TBFLAG_A64(tb_flags, TCMA);
+ }
-     dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
- #if !defined(CONFIG_USER_ONLY)
+diff --git a/target/arm/translate-neon.c b/target/arm/translate-neon.c
-     dc->user = (dc->current_el == 0);
+index XXXXXXX..XXXXXXX 100644
- #endif
+--- a/target/arm/translate-neon.c
--    dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
++++ b/target/arm/translate-neon.c
--    dc->sve_excp_el = FIELD_EX32(tb_flags, TBFLAG_A64, SVEEXC_EL);
+@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
--    dc->sve_len = (FIELD_EX32(tb_flags, TBFLAG_A64, ZCR_LEN) + 1) * 16;
+         }
--    dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
+         break;
--    dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
+     default:
--    dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
+-        abort();
--    dc->unpriv = FIELD_EX32(tb_flags, TBFLAG_A64, UNPRIV);
++        g_assert_not_reached();
--    dc->ata = FIELD_EX32(tb_flags, TBFLAG_A64, ATA);
+     }
--    dc->mte_active[0] = FIELD_EX32(tb_flags, TBFLAG_A64, MTE_ACTIVE);
+     if ((vd + a->stride * (nregs - 1)) > 31) {
--    dc->mte_active[1] = FIELD_EX32(tb_flags, TBFLAG_A64, MTE0_ACTIVE);
+         /*
 +    dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
 +    dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
 +    dc->sve_len = (EX_TBFLAG_A64(tb_flags, ZCR_LEN) + 1) * 16;
 +    dc->pauth_active = EX_TBFLAG_A64(tb_flags, PAUTH_ACTIVE);
 +    dc->bt = EX_TBFLAG_A64(tb_flags, BT);
 +    dc->btype = EX_TBFLAG_A64(tb_flags, BTYPE);
 +    dc->unpriv = EX_TBFLAG_A64(tb_flags, UNPRIV);
 +    dc->ata = EX_TBFLAG_A64(tb_flags, ATA);
 +    dc->mte_active[0] = EX_TBFLAG_A64(tb_flags, MTE_ACTIVE);
 +    dc->mte_active[1] = EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE);
      dc->vec_len = 0;
      dc->vec_stride = 0;
      dc->cp_regs = arm_cpu->cp_regs;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
       *   emit code to generate a software step exception
       *   end the TB
       */
 -    dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
 -    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
 +    dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
 +    dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
      dc->is_ldex = false;
 -    dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
 +    dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
      /* Bound the number of insns to execute to those left on the page.  */
      bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
+@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
-      */
+         offset = 4;
-     dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
+         break;
-                                !arm_el_is_aa64(env, 3);
+     default:
--    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_AM32, THUMB);
+-        abort();
--    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
++        g_assert_not_reached();
--    condexec = FIELD_EX32(tb_flags, TBFLAG_AM32, CONDEXEC);
+     }
-+    dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB);
+     tcg_gen_addi_i32(addr, addr, offset);
-+    dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
+     tmp = load_reg(s, 14);
-+    condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC);
+@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
-     dc->condexec_mask = (condexec & 0xf) << 1;
+             offset = 0;
-     dc->condexec_cond = condexec >> 4;
+             break;
+         default:
--    core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
+-            abort();
-+    core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX);
++            g_assert_not_reached();
      dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
      dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
  #if !defined(CONFIG_USER_ONLY)
      dc->user = (dc->current_el == 0);
  #endif
 -    dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
 +    dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
      if (arm_feature(env, ARM_FEATURE_M)) {
          dc->vfp_enabled = 1;
          dc->be_data = MO_TE;
 -        dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_M32, HANDLER);
 +        dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER);
          dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
              regime_is_secure(env, dc->mmu_idx);
 -        dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_M32, STACKCHECK);
 -        dc->v8m_fpccr_s_wrong =
 -            FIELD_EX32(tb_flags, TBFLAG_M32, FPCCR_S_WRONG);
 +        dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK);
 +        dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG);
          dc->v7m_new_fp_ctxt_needed =
 -            FIELD_EX32(tb_flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED);
 -        dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_M32, LSPACT);
 +            EX_TBFLAG_M32(tb_flags, NEW_FP_CTXT_NEEDED);
 +        dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT);
      } else {
 -        dc->be_data =
 -            FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
 -        dc->debug_target_el =
 -            FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
 -        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR__B);
 -        dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE);
 -        dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
 -        dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
 +        dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
 +        dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B);
 +        dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE);
 +        dc->ns = EX_TBFLAG_A32(tb_flags, NS);
 +        dc->vfp_enabled = EX_TBFLAG_A32(tb_flags, VFPEN);
          if (arm_feature(env, ARM_FEATURE_XSCALE)) {
 -            dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
 +            dc->c15_cpar = EX_TBFLAG_A32(tb_flags, XSCALE_CPAR);
          } else {
 -            dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
 -            dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
 +            dc->vec_len = EX_TBFLAG_A32(tb_flags, VECLEN);
 +            dc->vec_stride = EX_TBFLAG_A32(tb_flags, VECSTRIDE);
          }
-     }
+         tcg_gen_addi_i32(addr, addr, offset);
-     dc->cp_regs = cpu->cp_regs;
+         gen_helper_set_r13_banked(cpu_env, tcg_constant_i32(mode), addr);
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
       *   emit code to generate a software step exception
       *   end the TB
       */
 -    dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
 -    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
 +    dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
 +    dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
      dc->is_ldex = false;
      dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
      DisasContext dc = { };
      const TranslatorOps *ops = &arm_translator_ops;
 -    if (FIELD_EX32(tb->flags, TBFLAG_AM32, THUMB)) {
 +    if (EX_TBFLAG_AM32(tb->flags, THUMB)) {
          ops = &thumb_translator_ops;
      }
  #ifdef TARGET_AARCH64
 -    if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
 +    if (EX_TBFLAG_ANY(tb->flags, AARCH64_STATE)) {
          ops = &aarch64_translator_ops;
      }
  #endif
 --
-.20.1
+.25.1

-[PULL 16/43] target/arm: Introduce CPUARMTBFlags
+[PULL 08/23] target/arm: Change cpreg access permissions to enum
 From: Richard Henderson <richard.henderson@linaro.org>
-In preparation for splitting tb->flags across multiple
+Create a typedef as well, and use it in ARMCPRegInfo.
-fields, introduce a structure to hold the value(s).
+This won't be perfect for debugging, but it'll nicely
-So far this only migrates the one uint32_t and fixes
+display the most common cases.
 all of the places that require adjustment to match.
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-6-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-8-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h           | 26 ++++++++++++---------
+ target/arm/cpregs.h | 44 +++++++++++++++++++++++---------------------
- target/arm/translate.h     | 11 +++++++++
+ target/arm/helper.c |  2 +-
- target/arm/helper.c        | 48 +++++++++++++++++++++-----------------
+files changed, 24 insertions(+), 22 deletions(-)
  target/arm/translate-a64.c |  2 +-
  target/arm/translate.c     |  7 +++---
 files changed, 57 insertions(+), 37 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/cpregs.h
-+++ b/target/arm/cpu.h
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ typedef struct ARMPACKey {
+@@ -XXX,XX +XXX,XX @@ enum {
- } ARMPACKey;
+  * described with these bits, then use a laxer set of restrictions, and
   * do the more restrictive/complex check inside a helper function.
   */
 -#define PL3_R 0x80
 -#define PL3_W 0x40
 -#define PL2_R (0x20 | PL3_R)
 -#define PL2_W (0x10 | PL3_W)
 -#define PL1_R (0x08 | PL2_R)
 -#define PL1_W (0x04 | PL2_W)
 -#define PL0_R (0x02 | PL1_R)
 -#define PL0_W (0x01 | PL1_W)
 +typedef enum {
 +    PL3_R = 0x80,
 +    PL3_W = 0x40,
 +    PL2_R = 0x20 | PL3_R,
 +    PL2_W = 0x10 | PL3_W,
 +    PL1_R = 0x08 | PL2_R,
 +    PL1_W = 0x04 | PL2_W,
 +    PL0_R = 0x02 | PL1_R,
 +    PL0_W = 0x01 | PL1_W,
 -/*
 - * For user-mode some registers are accessible to EL0 via a kernel
 - * trap-and-emulate ABI. In this case we define the read permissions
 - * as actually being PL0_R. However some bits of any given register
 - * may still be masked.
 - */
 +    /*
 +     * For user-mode some registers are accessible to EL0 via a kernel
 +     * trap-and-emulate ABI. In this case we define the read permissions
 +     * as actually being PL0_R. However some bits of any given register
 +     * may still be masked.
 +     */
  #ifdef CONFIG_USER_ONLY
 -#define PL0U_R PL0_R
 +    PL0U_R = PL0_R,
  #else
 -#define PL0U_R PL1_R
 +    PL0U_R = PL1_R,
  #endif
-+/* See the commentary above the TBFLAG field definitions.  */
+-#define PL3_RW (PL3_R | PL3_W)
-+typedef struct CPUARMTBFlags {
+-#define PL2_RW (PL2_R | PL2_W)
-+    uint32_t flags;
+-#define PL1_RW (PL1_R | PL1_W)
-+} CPUARMTBFlags;
+-#define PL0_RW (PL0_R | PL0_W)
++    PL3_RW = PL3_R | PL3_W,
- typedef struct CPUARMState {
++    PL2_RW = PL2_R | PL2_W,
-     /* Regs for current mode.  */
++    PL1_RW = PL1_R | PL1_W,
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
++    PL0_RW = PL0_R | PL0_W,
-     uint32_t aarch64; /* 1 if CPU is in aarch64 state; inverse of PSTATE.nRW */
++} CPAccessRights;
-     /* Cached TBFLAGS state.  See below for which bits are included.  */
+ typedef enum CPAccessResult {
--    uint32_t hflags;
+     /* Access is permitted */
-+    CPUARMTBFlags hflags;
+@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
+     /* Register type: ARM_CP_* bits/values */
-     /* Frequently accessed CPSR bits are stored separately for efficiency.
+     int type;
-        This contains all the other bits.  Use cpsr_{read,write} to access
+     /* Access rights: PL*_[RW] */
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
+-    int access;
-  * Helpers for using the above.
++    CPAccessRights access;
-  */
+     /* Security state: ARM_CP_SECSTATE_* bits/values */
- #define DP_TBFLAG_ANY(DST, WHICH, VAL) \
+     int secure;
--    (DST = FIELD_DP32(DST, TBFLAG_ANY, WHICH, VAL))
+     /*
 +    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_ANY, WHICH, VAL))
  #define DP_TBFLAG_A64(DST, WHICH, VAL) \
 -    (DST = FIELD_DP32(DST, TBFLAG_A64, WHICH, VAL))
 +    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A64, WHICH, VAL))
  #define DP_TBFLAG_A32(DST, WHICH, VAL) \
 -    (DST = FIELD_DP32(DST, TBFLAG_A32, WHICH, VAL))
 +    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A32, WHICH, VAL))
  #define DP_TBFLAG_M32(DST, WHICH, VAL) \
 -    (DST = FIELD_DP32(DST, TBFLAG_M32, WHICH, VAL))
 +    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_M32, WHICH, VAL))
  #define DP_TBFLAG_AM32(DST, WHICH, VAL) \
 -    (DST = FIELD_DP32(DST, TBFLAG_AM32, WHICH, VAL))
 +    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_AM32, WHICH, VAL))
 -#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN, TBFLAG_ANY, WHICH)
 -#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A64, WHICH)
 -#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A32, WHICH)
 -#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_M32, WHICH)
 -#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN, TBFLAG_AM32, WHICH)
 +#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_ANY, WHICH)
 +#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A64, WHICH)
 +#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A32, WHICH)
 +#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_M32, WHICH)
 +#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN.flags, TBFLAG_AM32, WHICH)
  /**
   * cpu_mmu_index:
 diff --git a/target/arm/translate.h b/target/arm/translate.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.h
 +++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef void CryptoThreeOpIntFn(TCGv_ptr, TCGv_ptr, TCGv_i32);
  typedef void CryptoThreeOpFn(TCGv_ptr, TCGv_ptr, TCGv_ptr);
  typedef void AtomicThreeOpFn(TCGv_i64, TCGv_i64, TCGv_i64, TCGArg, MemOp);
 +/**
 + * arm_tbflags_from_tb:
 + * @tb: the TranslationBlock
 + *
 + * Extract the flag values from @tb.
 + */
 +static inline CPUARMTBFlags arm_tbflags_from_tb(const TranslationBlock *tb)
 +{
 +    return (CPUARMTBFlags){ tb->flags };
 +}
 +
  /*
   * Enum for argument to fpstatus_ptr().
   */
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
- }
+      * to encompass the generic architectural permission check.
- #endif
+      */
+     if (r->state != ARM_CP_STATE_AA32) {
--static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
+-        int mask = 0;
--                                      ARMMMUIdx mmu_idx, uint32_t flags)
++        CPAccessRights mask;
-+static CPUARMTBFlags rebuild_hflags_common(CPUARMState *env, int fp_el,
+         switch (r->opc1) {
-+                                           ARMMMUIdx mmu_idx,
+         case 0:
-+                                           CPUARMTBFlags flags)
+             /* min_EL EL1, but some accessible to EL0 via kernel ABI */
  {
      DP_TBFLAG_ANY(flags, FPEXC_EL, fp_el);
      DP_TBFLAG_ANY(flags, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
      return flags;
  }
 -static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
 -                                         ARMMMUIdx mmu_idx, uint32_t flags)
 +static CPUARMTBFlags rebuild_hflags_common_32(CPUARMState *env, int fp_el,
 +                                              ARMMMUIdx mmu_idx,
 +                                              CPUARMTBFlags flags)
  {
      bool sctlr_b = arm_sctlr_b(env);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
      return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
  }
 -static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
 -                                   ARMMMUIdx mmu_idx)
 +static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
 +                                        ARMMMUIdx mmu_idx)
  {
 -    uint32_t flags = 0;
 +    CPUARMTBFlags flags = {};
      if (arm_v7m_is_handler_mode(env)) {
          DP_TBFLAG_M32(flags, HANDLER, 1);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
      return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
  }
 -static uint32_t rebuild_hflags_aprofile(CPUARMState *env)
 +static CPUARMTBFlags rebuild_hflags_aprofile(CPUARMState *env)
  {
 -    int flags = 0;
 +    CPUARMTBFlags flags = {};
      DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
      return flags;
  }
 -static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
 -                                   ARMMMUIdx mmu_idx)
 +static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
 +                                        ARMMMUIdx mmu_idx)
  {
 -    uint32_t flags = rebuild_hflags_aprofile(env);
 +    CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
      if (arm_el_is_aa64(env, 1)) {
          DP_TBFLAG_A32(flags, VFPEN, 1);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
      return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
  }
 -static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
 -                                   ARMMMUIdx mmu_idx)
 +static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
 +                                        ARMMMUIdx mmu_idx)
  {
 -    uint32_t flags = rebuild_hflags_aprofile(env);
 +    CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
      ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
      uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
      uint64_t sctlr;
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
      return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
  }
 -static uint32_t rebuild_hflags_internal(CPUARMState *env)
 +static CPUARMTBFlags rebuild_hflags_internal(CPUARMState *env)
  {
      int el = arm_current_el(env);
      int fp_el = fp_exception_el(env, el);
@@ -XXX,XX +XXX,XX @@ void HELPER(rebuild_hflags_m32_newel)(CPUARMState *env)
      int el = arm_current_el(env);
      int fp_el = fp_exception_el(env, el);
      ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
 +
      env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx);
  }
@@ -XXX,XX +XXX,XX @@ void HELPER(rebuild_hflags_a64)(CPUARMState *env, int el)
  static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
  {
  #ifdef CONFIG_DEBUG_TCG
 -    uint32_t env_flags_current = env->hflags;
 -    uint32_t env_flags_rebuilt = rebuild_hflags_internal(env);
 +    CPUARMTBFlags c = env->hflags;
 +    CPUARMTBFlags r = rebuild_hflags_internal(env);
 -    if (unlikely(env_flags_current != env_flags_rebuilt)) {
 +    if (unlikely(c.flags != r.flags)) {
          fprintf(stderr, "TCG hflags mismatch (current:0x%08x rebuilt:0x%08x)\n",
 -                env_flags_current, env_flags_rebuilt);
 +                c.flags, r.flags);
          abort();
      }
  #endif
@@ -XXX,XX +XXX,XX @@ static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
  void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                            target_ulong *cs_base, uint32_t *pflags)
  {
 -    uint32_t flags = env->hflags;
 +    CPUARMTBFlags flags;
      *cs_base = 0;
      assert_hflags_rebuild_correctly(env);
 +    flags = env->hflags;
      if (EX_TBFLAG_ANY(flags, AARCH64_STATE)) {
          *pc = env->pc;
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
          DP_TBFLAG_ANY(flags, PSTATE__SS, 1);
      }
 -    *pflags = flags;
 +    *pflags = flags.flags;
  }
  #ifdef TARGET_AARCH64
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
      DisasContext *dc = container_of(dcbase, DisasContext, base);
      CPUARMState *env = cpu->env_ptr;
      ARMCPU *arm_cpu = env_archcpu(env);
 -    uint32_t tb_flags = dc->base.tb->flags;
 +    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb);
      int bound, core_mmu_idx;
      dc->isar = &arm_cpu->isar;
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      DisasContext *dc = container_of(dcbase, DisasContext, base);
      CPUARMState *env = cs->env_ptr;
      ARMCPU *cpu = env_archcpu(env);
 -    uint32_t tb_flags = dc->base.tb->flags;
 +    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb);
      uint32_t condexec, core_mmu_idx;
      dc->isar = &cpu->isar;
@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
  {
      DisasContext dc = { };
      const TranslatorOps *ops = &arm_translator_ops;
 +    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(tb);
 -    if (EX_TBFLAG_AM32(tb->flags, THUMB)) {
 +    if (EX_TBFLAG_AM32(tb_flags, THUMB)) {
          ops = &thumb_translator_ops;
      }
  #ifdef TARGET_AARCH64
 -    if (EX_TBFLAG_ANY(tb->flags, AARCH64_STATE)) {
 +    if (EX_TBFLAG_ANY(tb_flags, AARCH64_STATE)) {
          ops = &aarch64_translator_ops;
      }
  #endif
 --
-.20.1
+.25.1

-[PULL 10/43] target/arm: Simplify sve mte checking
+[PULL 09/23] target/arm: Name CPState type
 From: Richard Henderson <richard.henderson@linaro.org>
-Now that mte_check1 and mte_checkN have been merged, we can
+Give this enum a name and use in ARMCPRegInfo,
-merge sve_cont_ldst_mte_check1 and sve_cont_ldst_mte_checkN.
+add_cpreg_to_hashtable and define_one_arm_cp_reg_with_opaque.
 Which means that we can eliminate the function pointer into
 sve_ldN_r and sve_stN_r, calling sve_cont_ldst_mte_check directly.
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-9-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-9-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/sve_helper.c | 84 +++++++++++++----------------------------
+ target/arm/cpregs.h | 6 +++---
-file changed, 26 insertions(+), 58 deletions(-)
+ target/arm/helper.c | 6 ++++--
 files changed, 7 insertions(+), 5 deletions(-)
-diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sve_helper.c
+--- a/target/arm/cpregs.h
-+++ b/target/arm/sve_helper.c
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_watchpoints(SVEContLdSt *info, CPUARMState *env,
+@@ -XXX,XX +XXX,XX @@ enum {
- #endif
+  * Note that we rely on the values of these enums as we iterate through
   * the various states in some places.
   */
 -enum {
 +typedef enum {
      ARM_CP_STATE_AA32 = 0,
      ARM_CP_STATE_AA64 = 1,
      ARM_CP_STATE_BOTH = 2,
 -};
 +} CPState;
  /*
   * ARM CP register secure state flags.  These flags identify security state
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
      uint8_t opc1;
      uint8_t opc2;
      /* Execution state in which this register is visible: ARM_CP_STATE_* */
 -    int state;
 +    CPState state;
      /* Register type: ARM_CP_* bits/values */
      int type;
      /* Access rights: PL*_[RW] */
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
  }
--typedef uint64_t mte_check_fn(CPUARMState *, uint32_t, uint64_t, uintptr_t);
+ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
--
+-                                   void *opaque, int state, int secstate,
--static inline QEMU_ALWAYS_INLINE
++                                   void *opaque, CPState state, int secstate,
--void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
+                                    int crm, int opc1, int opc2,
--                                 uint64_t *vg, target_ulong addr, int esize,
+                                    const char *name)
 -                                 int msize, uint32_t mtedesc, uintptr_t ra,
 -                                 mte_check_fn *check)
 +static void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
 +                                    uint64_t *vg, target_ulong addr, int esize,
 +                                    int msize, uint32_t mtedesc, uintptr_t ra)
  {
-     intptr_t mem_off, reg_off, reg_last;
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
+      * bits; the ARM_CP_64BIT* flag applies only to the AArch32 view of
-@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
+      * the register, if any.
              uint64_t pg = vg[reg_off >> 6];
              do {
                  if ((pg >> (reg_off & 63)) & 1) {
 -                    check(env, mtedesc, addr, ra);
 +                    mte_check(env, mtedesc, addr, ra);
                  }
                  reg_off += esize;
                  mem_off += msize;
@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
              uint64_t pg = vg[reg_off >> 6];
              do {
                  if ((pg >> (reg_off & 63)) & 1) {
 -                    check(env, mtedesc, addr, ra);
 +                    mte_check(env, mtedesc, addr, ra);
                  }
                  reg_off += esize;
                  mem_off += msize;
@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
      }
  }
 -typedef void sve_cont_ldst_mte_check_fn(SVEContLdSt *info, CPUARMState *env,
 -                                        uint64_t *vg, target_ulong addr,
 -                                        int esize, int msize, uint32_t mtedesc,
 -                                        uintptr_t ra);
 -
 -static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
 -                                     uint64_t *vg, target_ulong addr,
 -                                     int esize, int msize, uint32_t mtedesc,
 -                                     uintptr_t ra)
 -{
 -    sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
 -                                mtedesc, ra, mte_check);
 -}
 -
 -static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
 -                                     uint64_t *vg, target_ulong addr,
 -                                     int esize, int msize, uint32_t mtedesc,
 -                                     uintptr_t ra)
 -{
 -    sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
 -                                mtedesc, ra, mte_check);
 -}
 -
 -
  /*
   * Common helper for all contiguous 1,2,3,4-register predicated stores.
   */
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
                 uint32_t desc, const uintptr_t retaddr,
                 const int esz, const int msz, const int N, uint32_t mtedesc,
                 sve_ldst1_host_fn *host_fn,
 -               sve_ldst1_tlb_fn *tlb_fn,
 -               sve_cont_ldst_mte_check_fn *mte_check_fn)
 +               sve_ldst1_tlb_fn *tlb_fn)
  {
      const unsigned rd = simd_data(desc);
      const intptr_t reg_max = simd_oprsz(desc);
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
       * Handle mte checks for all active elements.
       * Since TBI must be set for MTE, !mtedesc => !mte_active.
       */
--    if (mte_check_fn && mtedesc) {
+-    int crm, opc1, opc2, state;
--        mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
++    int crm, opc1, opc2;
--                     mtedesc, retaddr);
+     int crmmin = (r->crm == CP_ANY) ? 0 : r->crm;
-+    if (mtedesc) {
+     int crmmax = (r->crm == CP_ANY) ? 15 : r->crm;
-+        sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
+     int opc1min = (r->opc1 == CP_ANY) ? 0 : r->opc1;
-+                                mtedesc, retaddr);
+     int opc1max = (r->opc1 == CP_ANY) ? 7 : r->opc1;
-     }
+     int opc2min = (r->opc2 == CP_ANY) ? 0 : r->opc2;
+     int opc2max = (r->opc2 == CP_ANY) ? 7 : r->opc2;
-     flags = info.page[0].flags | info.page[1].flags;
++    CPState state;
-@@ -XXX,XX +XXX,XX @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
++
-         mtedesc = 0;
+     /* 64 bit registers have only CRm and Opc1 fields */
-     }
+     assert(!((r->type & ARM_CP_64BIT) && (r->opc2 || r->crn)));
+     /* op0 only exists in the AArch64 encodings */
 -    sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
 -              N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
 +    sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
  }
  #define DO_LD1_1(NAME, ESZ)                                             \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_##NAME##_r)(CPUARMState *env, void *vg,                 \
                              target_ulong addr, uint32_t desc)           \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, 1, 0,            \
 -              sve_##NAME##_host, sve_##NAME##_tlb, NULL);               \
 +              sve_##NAME##_host, sve_##NAME##_tlb);                     \
  }                                                                       \
  void HELPER(sve_##NAME##_r_mte)(CPUARMState *env, void *vg,             \
                                  target_ulong addr, uint32_t desc)       \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_##NAME##_le_r)(CPUARMState *env, void *vg,              \
                                 target_ulong addr, uint32_t desc)        \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0,             \
 -              sve_##NAME##_le_host, sve_##NAME##_le_tlb, NULL);         \
 +              sve_##NAME##_le_host, sve_##NAME##_le_tlb);               \
  }                                                                       \
  void HELPER(sve_##NAME##_be_r)(CPUARMState *env, void *vg,              \
                                 target_ulong addr, uint32_t desc)        \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0,             \
 -              sve_##NAME##_be_host, sve_##NAME##_be_tlb, NULL);         \
 +              sve_##NAME##_be_host, sve_##NAME##_be_tlb);               \
  }                                                                       \
  void HELPER(sve_##NAME##_le_r_mte)(CPUARMState *env, void *vg,          \
 -                                 target_ulong addr, uint32_t desc)      \
 +                                   target_ulong addr, uint32_t desc)    \
  {                                                                       \
      sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1,            \
                    sve_##NAME##_le_host, sve_##NAME##_le_tlb);           \
  }                                                                       \
  void HELPER(sve_##NAME##_be_r_mte)(CPUARMState *env, void *vg,          \
 -                                 target_ulong addr, uint32_t desc)      \
 +                                   target_ulong addr, uint32_t desc)    \
  {                                                                       \
      sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1,            \
                    sve_##NAME##_be_host, sve_##NAME##_be_tlb);           \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_ld##N##bb_r)(CPUARMState *env, void *vg,                \
                               target_ulong addr, uint32_t desc)          \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), MO_8, MO_8, N, 0,           \
 -              sve_ld1bb_host, sve_ld1bb_tlb, NULL);                     \
 +              sve_ld1bb_host, sve_ld1bb_tlb);                           \
  }                                                                       \
  void HELPER(sve_ld##N##bb_r_mte)(CPUARMState *env, void *vg,            \
                                   target_ulong addr, uint32_t desc)      \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_ld##N##SUFF##_le_r)(CPUARMState *env, void *vg,         \
                                      target_ulong addr, uint32_t desc)   \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0,             \
 -              sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb, NULL);   \
 +              sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb);         \
  }                                                                       \
  void HELPER(sve_ld##N##SUFF##_be_r)(CPUARMState *env, void *vg,         \
                                      target_ulong addr, uint32_t desc)   \
  {                                                                       \
      sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0,             \
 -              sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb, NULL);   \
 +              sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb);         \
  }                                                                       \
  void HELPER(sve_ld##N##SUFF##_le_r_mte)(CPUARMState *env, void *vg,     \
                                          target_ulong addr, uint32_t desc) \
@@ -XXX,XX +XXX,XX @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
                 uint32_t desc, const uintptr_t retaddr,
                 const int esz, const int msz, const int N, uint32_t mtedesc,
                 sve_ldst1_host_fn *host_fn,
 -               sve_ldst1_tlb_fn *tlb_fn,
 -               sve_cont_ldst_mte_check_fn *mte_check_fn)
 +               sve_ldst1_tlb_fn *tlb_fn)
  {
      const unsigned rd = simd_data(desc);
      const intptr_t reg_max = simd_oprsz(desc);
@@ -XXX,XX +XXX,XX @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
       * Handle mte checks for all active elements.
       * Since TBI must be set for MTE, !mtedesc => !mte_active.
       */
 -    if (mte_check_fn && mtedesc) {
 -        mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
 -                     mtedesc, retaddr);
 +    if (mtedesc) {
 +        sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
 +                                mtedesc, retaddr);
      }
      flags = info.page[0].flags | info.page[1].flags;
@@ -XXX,XX +XXX,XX @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
          mtedesc = 0;
      }
 -    sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
 -              N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
 +    sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
  }
  #define DO_STN_1(N, NAME, ESZ)                                          \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_st##N##NAME##_r)(CPUARMState *env, void *vg,            \
                                   target_ulong addr, uint32_t desc)      \
  {                                                                       \
      sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, N, 0,            \
 -              sve_st1##NAME##_host, sve_st1##NAME##_tlb, NULL);         \
 +              sve_st1##NAME##_host, sve_st1##NAME##_tlb);               \
  }                                                                       \
  void HELPER(sve_st##N##NAME##_r_mte)(CPUARMState *env, void *vg,        \
                                       target_ulong addr, uint32_t desc)  \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_st##N##NAME##_le_r)(CPUARMState *env, void *vg,         \
                                      target_ulong addr, uint32_t desc)   \
  {                                                                       \
      sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0,             \
 -              sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb, NULL);   \
 +              sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb);         \
  }                                                                       \
  void HELPER(sve_st##N##NAME##_be_r)(CPUARMState *env, void *vg,         \
                                      target_ulong addr, uint32_t desc)   \
  {                                                                       \
      sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0,             \
 -              sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb, NULL);   \
 +              sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb);         \
  }                                                                       \
  void HELPER(sve_st##N##NAME##_le_r_mte)(CPUARMState *env, void *vg,     \
                                          target_ulong addr, uint32_t desc) \
 --
-.20.1
+.25.1

-[PULL 17/43] target/arm: Move mode specific TB flags to tb->cs_base
+[PULL 10/23] target/arm: Name CPSecureState type
 From: Richard Henderson <richard.henderson@linaro.org>
-Now that we have all of the proper macros defined, expanding
+Give this enum a name and use in ARMCPRegInfo and add_cpreg_to_hashtable.
-the CPUARMTBFlags structure and populating the two TB fields
+Add the enumerator ARM_CP_SECSTATE_BOTH to clarify how 0
-is relatively simple.
+is handled in define_one_arm_cp_reg_with_opaque.
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-7-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-10-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h       | 49 ++++++++++++++++++++++++------------------
+ target/arm/cpregs.h | 7 ++++---
- target/arm/translate.h |  2 +-
+ target/arm/helper.c | 7 +++++--
- target/arm/helper.c    | 10 +++++----
+files changed, 9 insertions(+), 5 deletions(-)
 files changed, 35 insertions(+), 26 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/cpregs.h
-+++ b/target/arm/cpu.h
++++ b/target/arm/cpregs.h
-@@ -XXX,XX +XXX,XX @@ typedef struct ARMPACKey {
+@@ -XXX,XX +XXX,XX @@ typedef enum {
- /* See the commentary above the TBFLAG field definitions.  */
+  * registered entry will only have one to identify whether the entry is secure
- typedef struct CPUARMTBFlags {
+  * or non-secure.
-     uint32_t flags;
+  */
-+    target_ulong flags2;
+-enum {
- } CPUARMTBFlags;
++typedef enum {
++    ARM_CP_SECSTATE_BOTH = 0,       /* define one cpreg for each secstate */
- typedef struct CPUARMState {
+     ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
-@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
+     ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
- #include "exec/cpu-all.h"
+-};
 +} CPSecureState;
  /*
-- * Bit usage in the TB flags field: bit 31 indicates whether we are
+  * Access rights:
-- * in 32 or 64 bit mode. The meaning of the other bits depends on that.
+@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
-- * We put flags which are shared between 32 and 64 bit mode at the top
+     /* Access rights: PL*_[RW] */
-- * of the word, and flags which apply to only one mode at the bottom.
+     CPAccessRights access;
-+ * We have more than 32-bits worth of state per TB, so we split the data
+     /* Security state: ARM_CP_SECSTATE_* bits/values */
-+ * between tb->flags and tb->cs_base, which is otherwise unused for ARM.
+-    int secure;
-+ * We collect these two parts in CPUARMTBFlags where they are named
++    CPSecureState secure;
-+ * flags and flags2 respectively.
+     /*
-  *
+      * The opaque pointer passed to define_arm_cp_regs_with_opaque() when
-- *  31          20    18    14          9              0
+      * this register was defined: can be used to hand data through to the
 - * +--------------+-----+-----+----------+--------------+
 - * |              |     |   TBFLAG_A32   |              |
 - * |              |     +-----+----------+  TBFLAG_AM32 |
 - * |  TBFLAG_ANY  |           |TBFLAG_M32|              |
 - * |              +-----------+----------+--------------|
 - * |              |            TBFLAG_A64               |
 - * +--------------+-------------------------------------+
 - *  31          20                                     0
 + * The flags that are shared between all execution modes, TBFLAG_ANY,
 + * are stored in flags.  The flags that are specific to a given mode
 + * are stores in flags2.  Since cs_base is sized on the configured
 + * address size, flags2 always has 64-bits for A64, and a minimum of
 + * 32-bits for A32 and M32.
 + *
 + * The bits for 32-bit A-profile and M-profile partially overlap:
 + *
 + *  18             9              0
 + * +----------------+--------------+
 + * |   TBFLAG_A32   |              |
 + * +-----+----------+  TBFLAG_AM32 |
 + * |     |TBFLAG_M32|              |
 + * +-----+----------+--------------+
 + *     14          9              0
   *
   * Unless otherwise noted, these bits are cached in env->hflags.
   */
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
  #define DP_TBFLAG_ANY(DST, WHICH, VAL) \
      (DST.flags = FIELD_DP32(DST.flags, TBFLAG_ANY, WHICH, VAL))
  #define DP_TBFLAG_A64(DST, WHICH, VAL) \
 -    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A64, WHICH, VAL))
 +    (DST.flags2 = FIELD_DP32(DST.flags2, TBFLAG_A64, WHICH, VAL))
  #define DP_TBFLAG_A32(DST, WHICH, VAL) \
 -    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A32, WHICH, VAL))
 +    (DST.flags2 = FIELD_DP32(DST.flags2, TBFLAG_A32, WHICH, VAL))
  #define DP_TBFLAG_M32(DST, WHICH, VAL) \
 -    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_M32, WHICH, VAL))
 +    (DST.flags2 = FIELD_DP32(DST.flags2, TBFLAG_M32, WHICH, VAL))
  #define DP_TBFLAG_AM32(DST, WHICH, VAL) \
 -    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_AM32, WHICH, VAL))
 +    (DST.flags2 = FIELD_DP32(DST.flags2, TBFLAG_AM32, WHICH, VAL))
  #define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_ANY, WHICH)
 -#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A64, WHICH)
 -#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A32, WHICH)
 -#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_M32, WHICH)
 -#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN.flags, TBFLAG_AM32, WHICH)
 +#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN.flags2, TBFLAG_A64, WHICH)
 +#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN.flags2, TBFLAG_A32, WHICH)
 +#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN.flags2, TBFLAG_M32, WHICH)
 +#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN.flags2, TBFLAG_AM32, WHICH)
  /**
   * cpu_mmu_index:
 diff --git a/target/arm/translate.h b/target/arm/translate.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.h
 +++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef void AtomicThreeOpFn(TCGv_i64, TCGv_i64, TCGv_i64, TCGArg, MemOp);
   */
  static inline CPUARMTBFlags arm_tbflags_from_tb(const TranslationBlock *tb)
  {
 -    return (CPUARMTBFlags){ tb->flags };
 +    return (CPUARMTBFlags){ tb->flags, tb->cs_base };
  }
  /*
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
-     CPUARMTBFlags c = env->hflags;
+ }
-     CPUARMTBFlags r = rebuild_hflags_internal(env);
+ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
--    if (unlikely(c.flags != r.flags)) {
+-                                   void *opaque, CPState state, int secstate,
--        fprintf(stderr, "TCG hflags mismatch (current:0x%08x rebuilt:0x%08x)\n",
++                                   void *opaque, CPState state,
--                c.flags, r.flags);
++                                   CPSecureState secstate,
-+    if (unlikely(c.flags != r.flags || c.flags2 != r.flags2)) {
+                                    int crm, int opc1, int opc2,
-+        fprintf(stderr, "TCG hflags mismatch "
+                                    const char *name)
 +                        "(current:(0x%08x,0x" TARGET_FMT_lx ")"
 +                        " rebuilt:(0x%08x,0x" TARGET_FMT_lx ")\n",
 +                c.flags, c.flags2, r.flags, r.flags2);
          abort();
      }
  #endif
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
  {
-     CPUARMTBFlags flags;
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
+                                                    r->secure, crm, opc1, opc2,
--    *cs_base = 0;
+                                                    r->name);
-     assert_hflags_rebuild_correctly(env);
+                             break;
-     flags = env->hflags;
+-                        default:
++                        case ARM_CP_SECSTATE_BOTH:
-@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
+                             name = g_strdup_printf("%s_S", r->name);
-     }
+                             add_cpreg_to_hashtable(cpu, r, opaque, state,
+                                                    ARM_CP_SECSTATE_S,
-     *pflags = flags.flags;
+@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
-+    *cs_base = flags.flags2;
+                                                    ARM_CP_SECSTATE_NS,
- }
+                                                    crm, opc1, opc2, r->name);
+                             break;
- #ifdef TARGET_AARCH64
++                        default:
 +                            g_assert_not_reached();
                          }
                      } else {
                          /* AArch64 registers get mapped to non-secure instance
 --
-.20.1
+.25.1

-[PULL 41/43] target/arm: Enforce alignment for sve LD1R
+[PULL 11/23] target/arm: Drop always-true test in define_arm_vh_e2h_redirects_aliases
 From: Richard Henderson <richard.henderson@linaro.org>
+The new_key field is always non-zero -- drop the if.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-11-richard.henderson@linaro.org
-Message-id: 20210419202257.161730-32-richard.henderson@linaro.org
+[PMM: reinstated dropped PL3_RW mask]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-sve.c | 2 +-
+ target/arm/helper.c | 23 +++++++++++------------
-file changed, 1 insertion(+), 1 deletion(-)
+file changed, 11 insertions(+), 12 deletions(-)
-diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-sve.c
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-sve.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_LD1R_zpri(DisasContext *s, arg_rpri_load *a)
+@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
-     clean_addr = gen_mte_check1(s, temp, false, true, msz);
+     for (i = 0; i < ARRAY_SIZE(aliases); i++) {
-     tcg_gen_qemu_ld_i64(temp, clean_addr, get_mem_index(s),
+         const struct E2HAlias *a = &aliases[i];
--                        s->be_data | dtype_mop[a->dtype]);
+-        ARMCPRegInfo *src_reg, *dst_reg;
-+                        finalize_memop(s, dtype_mop[a->dtype]));
++        ARMCPRegInfo *src_reg, *dst_reg, *new_reg;
++        uint32_t *new_key;
-     /* Broadcast to *all* elements.  */
++        bool ok;
-     tcg_gen_gvec_dup_i64(esz, vec_full_reg_offset(s, a->rd),
          if (a->feature && !a->feature(&cpu->isar)) {
              continue;
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
          g_assert(src_reg->opaque == NULL);
          /* Create alias before redirection so we dup the right data. */
 -        if (a->new_key) {
 -            ARMCPRegInfo *new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
 -            uint32_t *new_key = g_memdup(&a->new_key, sizeof(uint32_t));
 -            bool ok;
 +        new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
 +        new_key = g_memdup(&a->new_key, sizeof(uint32_t));
 -            new_reg->name = a->new_name;
 -            new_reg->type |= ARM_CP_ALIAS;
 -            /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
 -            new_reg->access &= PL2_RW | PL3_RW;
 +        new_reg->name = a->new_name;
 +        new_reg->type |= ARM_CP_ALIAS;
 +        /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
 +        new_reg->access &= PL2_RW | PL3_RW;
 -            ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
 -            g_assert(ok);
 -        }
 +        ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
 +        g_assert(ok);
          src_reg->opaque = dst_reg;
          src_reg->orig_readfn = src_reg->readfn ?: raw_read;
 --
-.20.1
+.25.1

-[PULL 08/43] target/arm: Merge mte_check1, mte_checkN
+[PULL 12/23] target/arm: Store cpregs key in the hash table directly
 From: Richard Henderson <richard.henderson@linaro.org>
-The mte_check1 and mte_checkN functions are now identical.
+Cast the uint32_t key into a gpointer directly, which
-Drop mte_check1 and rename mte_checkN to mte_check.
+allows us to avoid allocating storage for each key.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Use g_hash_table_lookup when we already have a gpointer
 (e.g. for callbacks like count_cpreg), or when using
 get_arm_cp_reginfo would require casting away const.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-7-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Message-id: 20220501055028.646596-12-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper-a64.h    |  3 +--
+ target/arm/cpu.c     |  4 ++--
- target/arm/internals.h     |  5 +----
+ target/arm/gdbstub.c |  2 +-
- target/arm/mte_helper.c    | 26 +++-----------------------
+ target/arm/helper.c  | 41 ++++++++++++++++++-----------------------
- target/arm/sve_helper.c    | 14 +++++++-------
+files changed, 21 insertions(+), 26 deletions(-)
  target/arm/translate-a64.c |  4 ++--
 files changed, 14 insertions(+), 38 deletions(-)
-diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.h
+--- a/target/arm/cpu.c
-+++ b/target/arm/helper-a64.h
++++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
- DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
+     ARMCPU *cpu = ARM_CPU(obj);
- DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
+     cpu_set_cpustate_pointers(cpu);
--DEF_HELPER_FLAGS_3(mte_check1, TCG_CALL_NO_WG, i64, env, i32, i64)
+-    cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
--DEF_HELPER_FLAGS_3(mte_checkN, TCG_CALL_NO_WG, i64, env, i32, i64)
+-                                         g_free, cpreg_hashtable_data_destroy);
-+DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
++    cpu->cp_regs = g_hash_table_new_full(g_direct_hash, g_direct_equal,
- DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
++                                         NULL, cpreg_hashtable_data_destroy);
- DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
- DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32)
+     QLIST_INIT(&cpu->pre_el_change_hooks);
-diff --git a/target/arm/internals.h b/target/arm/internals.h
+     QLIST_INIT(&cpu->el_change_hooks);
 diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
+--- a/target/arm/gdbstub.c
-+++ b/target/arm/internals.h
++++ b/target/arm/gdbstub.c
-@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, WRITE, 8, 1)
+@@ -XXX,XX +XXX,XX @@ static void arm_gen_one_xml_sysreg_tag(GString *s, DynamicGDBXMLInfo *dyn_xml,
- FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
+ static void arm_register_sysreg_for_xml(gpointer key, gpointer value,
+                                         gpointer p)
  bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
 -uint64_t mte_check1(CPUARMState *env, uint32_t desc,
 -                    uint64_t ptr, uintptr_t ra);
 -uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
 -                    uint64_t ptr, uintptr_t ra);
 +uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
  static inline int allocation_tag_from_addr(uint64_t ptr)
  {
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
+-    uint32_t ri_key = *(uint32_t *)key;
 +    uint32_t ri_key = (uintptr_t)key;
      ARMCPRegInfo *ri = value;
      RegisterSysregXmlParam *param = (RegisterSysregXmlParam *)p;
      GString *s = param->s;
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
+--- a/target/arm/helper.c
-+++ b/target/arm/mte_helper.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
+@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu)
-     return 0;
+ static void add_cpreg_to_list(gpointer key, gpointer opaque)
  {
      ARMCPU *cpu = opaque;
 -    uint64_t regidx;
 -    const ARMCPRegInfo *ri;
 -
 -    regidx = *(uint32_t *)key;
 -    ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
 +    uint32_t regidx = (uintptr_t)key;
 +    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
      if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
          cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_list(gpointer key, gpointer opaque)
  static void count_cpreg(gpointer key, gpointer opaque)
  {
      ARMCPU *cpu = opaque;
 -    uint64_t regidx;
      const ARMCPRegInfo *ri;
 -    regidx = *(uint32_t *)key;
 -    ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
 +    ri = g_hash_table_lookup(cpu->cp_regs, key);
      if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
          cpu->cpreg_array_len++;
@@ -XXX,XX +XXX,XX @@ static void count_cpreg(gpointer key, gpointer opaque)
  static gint cpreg_key_compare(gconstpointer a, gconstpointer b)
  {
 -    uint64_t aidx = cpreg_to_kvm_id(*(uint32_t *)a);
 -    uint64_t bidx = cpreg_to_kvm_id(*(uint32_t *)b);
 +    uint64_t aidx = cpreg_to_kvm_id((uintptr_t)a);
 +    uint64_t bidx = cpreg_to_kvm_id((uintptr_t)b);
      if (aidx > bidx) {
          return 1;
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
      for (i = 0; i < ARRAY_SIZE(aliases); i++) {
          const struct E2HAlias *a = &aliases[i];
          ARMCPRegInfo *src_reg, *dst_reg, *new_reg;
 -        uint32_t *new_key;
          bool ok;
          if (a->feature && !a->feature(&cpu->isar)) {
              continue;
          }
 -        src_reg = g_hash_table_lookup(cpu->cp_regs, &a->src_key);
 -        dst_reg = g_hash_table_lookup(cpu->cp_regs, &a->dst_key);
 +        src_reg = g_hash_table_lookup(cpu->cp_regs,
 +                                      (gpointer)(uintptr_t)a->src_key);
 +        dst_reg = g_hash_table_lookup(cpu->cp_regs,
 +                                      (gpointer)(uintptr_t)a->dst_key);
          g_assert(src_reg != NULL);
          g_assert(dst_reg != NULL);
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
          /* Create alias before redirection so we dup the right data. */
          new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
 -        new_key = g_memdup(&a->new_key, sizeof(uint32_t));
          new_reg->name = a->new_name;
          new_reg->type |= ARM_CP_ALIAS;
          /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
          new_reg->access &= PL2_RW | PL3_RW;
 -        ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
 +        ok = g_hash_table_insert(cpu->cp_regs,
 +                                 (gpointer)(uintptr_t)a->new_key, new_reg);
          g_assert(ok);
          src_reg->opaque = dst_reg;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      /* Private utility function for define_one_arm_cp_reg_with_opaque():
       * add a single reginfo struct to the hash table.
       */
 -    uint32_t *key = g_new(uint32_t, 1);
 +    uint32_t key;
      ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
      int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
      int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
          if (r->cp == 0 || r->state == ARM_CP_STATE_BOTH) {
              r2->cp = CP_REG_ARM64_SYSREG_CP;
          }
 -        *key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
 -                                  r2->opc0, opc1, opc2);
 +        key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
 +                                 r2->opc0, opc1, opc2);
      } else {
 -        *key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
 +        key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
      }
      if (opaque) {
          r2->opaque = opaque;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
       * requested.
       */
      if (!(r->type & ARM_CP_OVERRIDE)) {
 -        ARMCPRegInfo *oldreg;
 -        oldreg = g_hash_table_lookup(cpu->cp_regs, key);
 +        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
          if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
              fprintf(stderr, "Register redefined: cp=%d %d bit "
                      "crn=%d crm=%d opc1=%d opc2=%d, "
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
              g_assert_not_reached();
          }
      }
 -    g_hash_table_insert(cpu->cp_regs, key, r2);
 +    g_hash_table_insert(cpu->cp_regs, (gpointer)(uintptr_t)key, r2);
  }
--uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
--                    uint64_t ptr, uintptr_t ra)
+@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
-+uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra)
  const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp)
  {
-     uint64_t fault;
+-    return g_hash_table_lookup(cpregs, &encoded_cp);
-     int ret = mte_probe_int(env, desc, ptr, ra, &fault);
++    return g_hash_table_lookup(cpregs, (gpointer)(uintptr_t)encoded_cp);
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
      return useronly_clean_ptr(ptr);
  }
--uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
+ void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
 +uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
  {
 -    return mte_checkN(env, desc, ptr, GETPC());
 -}
 -
 -uint64_t mte_check1(CPUARMState *env, uint32_t desc,
 -                    uint64_t ptr, uintptr_t ra)
 -{
 -    uint64_t fault;
 -    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
 -
 -    if (unlikely(ret == 0)) {
 -        mte_check_fail(env, desc, fault, ra);
 -    } else if (ret < 0) {
 -        return ptr;
 -    }
 -    return useronly_clean_ptr(ptr);
 -}
 -
 -uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
 -{
 -    return mte_check1(env, desc, ptr, GETPC());
 +    return mte_check(env, desc, ptr, GETPC());
  }
  /*
 diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/sve_helper.c
 +++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
                                       uintptr_t ra)
  {
      sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
 -                                mtedesc, ra, mte_check1);
 +                                mtedesc, ra, mte_check);
  }
  static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
                                       uintptr_t ra)
  {
      sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
 -                                mtedesc, ra, mte_checkN);
 +                                mtedesc, ra, mte_check);
  }
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
      if (fault == FAULT_FIRST) {
          /* Trapping mte check for the first-fault element.  */
          if (mtedesc) {
 -            mte_check1(env, mtedesc, addr + mem_off, retaddr);
 +            mte_check(env, mtedesc, addr + mem_off, retaddr);
          }
          /*
@@ -XXX,XX +XXX,XX @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                                               info.attrs, BP_MEM_READ, retaddr);
                      }
                      if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
 -                        mte_check1(env, mtedesc, addr, retaddr);
 +                        mte_check(env, mtedesc, addr, retaddr);
                      }
                      host_fn(&scratch, reg_off, info.host);
                  } else {
@@ -XXX,XX +XXX,XX @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                                               BP_MEM_READ, retaddr);
                      }
                      if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
 -                        mte_check1(env, mtedesc, addr, retaddr);
 +                        mte_check(env, mtedesc, addr, retaddr);
                      }
                      tlb_fn(env, &scratch, reg_off, addr, retaddr);
                  }
@@ -XXX,XX +XXX,XX @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
       */
      addr = base + (off_fn(vm, reg_off) << scale);
      if (mtedesc) {
 -        mte_check1(env, mtedesc, addr, retaddr);
 +        mte_check(env, mtedesc, addr, retaddr);
      }
      tlb_fn(env, vd, reg_off, addr, retaddr);
@@ -XXX,XX +XXX,XX @@ void sve_st1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                  }
                  if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
 -                    mte_check1(env, mtedesc, addr, retaddr);
 +                    mte_check(env, mtedesc, addr, retaddr);
                  }
              }
              i += 1;
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
          tcg_desc = tcg_const_i32(desc);
          ret = new_tmp_a64(s);
 -        gen_helper_mte_check1(ret, cpu_env, tcg_desc, addr);
 +        gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
          tcg_temp_free_i32(tcg_desc);
          return ret;
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
          tcg_desc = tcg_const_i32(desc);
          ret = new_tmp_a64(s);
 -        gen_helper_mte_checkN(ret, cpu_env, tcg_desc, addr);
 +        gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
          tcg_temp_free_i32(tcg_desc);
          return ret;
 --
-.20.1
+.25.1

-[PULL 21/43] target/arm: Adjust gen_aa32_{ld, st}_i32 for align+endianness
+[PULL 13/23] target/arm: Merge allocation of the cpreg and its name
 From: Richard Henderson <richard.henderson@linaro.org>
-Create a finalize_memop function that computes alignment and
+Simplify freeing cp_regs hash table entries by using a single
-endianness and returns the final MemOp for the operation.
+allocation for the entire value.
-Split out gen_aa32_{ld,st}_internal_i32 which bypasses any special
+This fixes a theoretical bug if we were to ever free the entire
-handling of endianness or alignment.  Adjust gen_aa32_{ld,st}_i32
+hash table, because we've been installing string literal constants
-so that s->be_data is not added by the callers.
+into the cpreg structure in define_arm_vh_e2h_redirects_aliases.
 However, at present we only free entries created for AArch32
 wildcard cpregs which get overwritten by more specific cpregs,
 so this bug is never exposed.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-13-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-12-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.h          |  24 ++++++++
+ target/arm/cpu.c    | 16 +---------------
- target/arm/translate.c          | 100 +++++++++++++++++---------------
+ target/arm/helper.c | 10 ++++++++--
- target/arm/translate-neon.c.inc |   9 +--
+files changed, 9 insertions(+), 17 deletions(-)
 files changed, 79 insertions(+), 54 deletions(-)
-diff --git a/target/arm/translate.h b/target/arm/translate.h
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.h
+--- a/target/arm/cpu.c
-+++ b/target/arm/translate.h
++++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static inline TCGv_ptr fpstatus_ptr(ARMFPStatusFlavour flavour)
+@@ -XXX,XX +XXX,XX @@ uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz)
-     return statusptr;
+     return (Aff1 << ARM_AFF1_SHIFT) | Aff0;
  }
-+/**
+-static void cpreg_hashtable_data_destroy(gpointer data)
-+ * finalize_memop:
+-{
-+ * @s: DisasContext
+-    /*
-+ * @opc: size+sign+align of the memory operation
+-     * Destroy function for cpu->cp_regs hashtable data entries.
-+ *
+-     * We must free the name string because it was g_strdup()ed in
-+ * Build the complete MemOp for a memory operation, including alignment
+-     * add_cpreg_to_hashtable(). It's OK to cast away the 'const'
-+ * and endianness.
+-     * from r->name because we know we definitely allocated it.
-+ *
+-     */
-+ * If (op & MO_AMASK) then the operation already contains the required
+-    ARMCPRegInfo *r = data;
 + * alignment, e.g. for AccType_ATOMIC.  Otherwise, this an optionally
 + * unaligned operation, e.g. for AccType_NORMAL.
 + *
 + * In the latter case, there are configuration bits that require alignment,
 + * and this is applied here.  Note that there is no way to indicate that
 + * no alignment should ever be enforced; this must be handled manually.
 + */
 +static inline MemOp finalize_memop(DisasContext *s, MemOp opc)
 +{
 +    if (s->align_mem && !(opc & MO_AMASK)) {
 +        opc |= MO_ALIGN;
 +    }
 +    return opc | s->be_data;
 +}
 +
  #endif /* TARGET_ARM_TRANSLATE_H */
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
  #define IS_USER_ONLY 0
  #endif
 -/* Abstractions of "generate code to do a guest load/store for
 +/*
 + * Abstractions of "generate code to do a guest load/store for
   * AArch32", where a vaddr is always 32 bits (and is zero
   * extended if we're a 64 bit core) and  data is also
   * 32 bits unless specifically doing a 64 bit access.
@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
   * that the address argument is TCGv_i32 rather than TCGv.
   */
 -static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
 +static TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
  {
      TCGv addr = tcg_temp_new();
      tcg_gen_extu_i32_tl(addr, a32);
@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
      return addr;
  }
 +/*
 + * Internal routines are used for NEON cases where the endianness
 + * and/or alignment has already been taken into account and manipulated.
 + */
 +static void gen_aa32_ld_internal_i32(DisasContext *s, TCGv_i32 val,
 +                                     TCGv_i32 a32, int index, MemOp opc)
 +{
 +    TCGv addr = gen_aa32_addr(s, a32, opc);
 +    tcg_gen_qemu_ld_i32(val, addr, index, opc);
 +    tcg_temp_free(addr);
 +}
 +
 +static void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val,
 +                                     TCGv_i32 a32, int index, MemOp opc)
 +{
 +    TCGv addr = gen_aa32_addr(s, a32, opc);
 +    tcg_gen_qemu_st_i32(val, addr, index, opc);
 +    tcg_temp_free(addr);
 +}
 +
  static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
                              int index, MemOp opc)
  {
 -    TCGv addr;
 -
--    if (s->align_mem) {
+-    g_free((void *)r->name);
--        opc |= MO_ALIGN;
+-    g_free(r);
 -    }
 -
 -    addr = gen_aa32_addr(s, a32, opc);
 -    tcg_gen_qemu_ld_i32(val, addr, index, opc);
 -    tcg_temp_free(addr);
 +    gen_aa32_ld_internal_i32(s, val, a32, index, finalize_memop(s, opc));
  }
  static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
                              int index, MemOp opc)
  {
 -    TCGv addr;
 +    gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc));
 +}
 -    if (s->align_mem) {
 -        opc |= MO_ALIGN;
 +#define DO_GEN_LD(SUFF, OPC)                                            \
 +    static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
 +                                         TCGv_i32 a32, int index)       \
 +    {                                                                   \
 +        gen_aa32_ld_i32(s, val, a32, index, OPC);                       \
      }
 -    addr = gen_aa32_addr(s, a32, opc);
 -    tcg_gen_qemu_st_i32(val, addr, index, opc);
 -    tcg_temp_free(addr);
 -}
 -
--#define DO_GEN_LD(SUFF, OPC)                                             \
+ static void arm_cpu_initfn(Object *obj)
 -static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val,      \
 -                                     TCGv_i32 a32, int index)            \
 -{                                                                        \
 -    gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);               \
 -}
 -
 -#define DO_GEN_ST(SUFF, OPC)                                             \
 -static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val,      \
 -                                     TCGv_i32 a32, int index)            \
 -{                                                                        \
 -    gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);               \
 -}
 +#define DO_GEN_ST(SUFF, OPC)                                            \
 +    static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
 +                                         TCGv_i32 a32, int index)       \
 +    {                                                                   \
 +        gen_aa32_st_i32(s, val, a32, index, OPC);                       \
 +    }
  static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
  {
-@@ -XXX,XX +XXX,XX @@ static bool op_load_rr(DisasContext *s, arg_ldst_rr *a,
+     ARMCPU *cpu = ARM_CPU(obj);
-     addr = op_addr_rr_pre(s, a);
+     cpu_set_cpustate_pointers(cpu);
-     tmp = tcg_temp_new_i32();
+     cpu->cp_regs = g_hash_table_new_full(g_direct_hash, g_direct_equal,
--    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop | s->be_data);
+-                                         NULL, cpreg_hashtable_data_destroy);
-+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop);
++                                         NULL, g_free);
-     disas_set_da_iss(s, mop, issinfo);
+     QLIST_INIT(&cpu->pre_el_change_hooks);
-     /*
+     QLIST_INIT(&cpu->el_change_hooks);
-@@ -XXX,XX +XXX,XX @@ static bool op_store_rr(DisasContext *s, arg_ldst_rr *a,
+diff --git a/target/arm/helper.c b/target/arm/helper.c
      addr = op_addr_rr_pre(s, a);
      tmp = load_reg(s, a->rt);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop);
      disas_set_da_iss(s, mop, issinfo);
      tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a)
      addr = op_addr_rr_pre(s, a);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
      store_reg(s, a->rt, tmp);
      tcg_gen_addi_i32(addr, addr, 4);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
      store_reg(s, a->rt + 1, tmp);
      /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a)
      addr = op_addr_rr_pre(s, a);
      tmp = load_reg(s, a->rt);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
      tcg_temp_free_i32(tmp);
      tcg_gen_addi_i32(addr, addr, 4);
      tmp = load_reg(s, a->rt + 1);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
      tcg_temp_free_i32(tmp);
      op_addr_rr_post(s, a, addr, -4);
@@ -XXX,XX +XXX,XX @@ static bool op_load_ri(DisasContext *s, arg_ldst_ri *a,
      addr = op_addr_ri_pre(s, a);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop);
      disas_set_da_iss(s, mop, issinfo);
      /*
@@ -XXX,XX +XXX,XX @@ static bool op_store_ri(DisasContext *s, arg_ldst_ri *a,
      addr = op_addr_ri_pre(s, a);
      tmp = load_reg(s, a->rt);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop);
      disas_set_da_iss(s, mop, issinfo);
      tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
      addr = op_addr_ri_pre(s, a);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
      store_reg(s, a->rt, tmp);
      tcg_gen_addi_i32(addr, addr, 4);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
      store_reg(s, rt2, tmp);
      /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
      addr = op_addr_ri_pre(s, a);
      tmp = load_reg(s, a->rt);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
      tcg_temp_free_i32(tmp);
      tcg_gen_addi_i32(addr, addr, 4);
      tmp = load_reg(s, rt2);
 -    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
      tcg_temp_free_i32(tmp);
      op_addr_ri_post(s, a, addr, -4);
@@ -XXX,XX +XXX,XX @@ static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop)
      addr = load_reg(s, a->rn);
      tmp = load_reg(s, a->rt);
      tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
 -    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | s->be_data);
 +    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop);
      disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite);
      tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop)
      addr = load_reg(s, a->rn);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | s->be_data);
 +    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
      disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel);
      tcg_temp_free_i32(addr);
@@ -XXX,XX +XXX,XX @@ static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half)
      addr = load_reg(s, a->rn);
      tcg_gen_add_i32(addr, addr, tmp);
 -    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
 -                    half ? MO_UW | s->be_data : MO_UB);
 +    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), half ? MO_UW : MO_UB);
      tcg_temp_free_i32(addr);
      tcg_gen_add_i32(tmp, tmp, tmp);
 diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-neon.c.inc
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-neon.c.inc
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     addr = tcg_temp_new_i32();
+      * add a single reginfo struct to the hash table.
      load_reg_var(s, addr, a->rn);
      for (reg = 0; reg < nregs; reg++) {
 -        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
 -                        s->be_data | size);
 +        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), size);
          if ((vd & 1) && vec_size == 16) {
              /*
               * We cannot write 16 bytes at once because the
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
       */
-     for (reg = 0; reg < nregs; reg++) {
+     uint32_t key;
-         if (a->l) {
+-    ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
--            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
++    ARMCPRegInfo *r2;
--                            s->be_data | a->size);
+     int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
-+            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), a->size);
+     int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
-             neon_store_element(vd, a->reg_idx, a->size, tmp);
++    size_t name_len;
-         } else { /* Store */
++
-             neon_load_element(tmp, vd, a->reg_idx, a->size);
++    /* Combine cpreg and name into one allocation. */
--            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
++    name_len = strlen(name) + 1;
--                            s->be_data | a->size);
++    r2 = g_malloc(sizeof(*r2) + name_len);
-+            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), a->size);
++    *r2 = *r;
-         }
++    r2->name = memcpy(r2 + 1, name, name_len);
-         vd += a->stride;
-         tcg_gen_addi_i32(addr, addr, 1 << a->size);
+-    r2->name = g_strdup(name);
      /* Reset the secure state to the specific incoming state.  This is
       * necessary as the register may have been defined with both states.
       */
 --
-.20.1
+.25.1

-[PULL 33/43] target/arm: Enforce alignment for VLDn/VSTn (multiple)
+[PULL 14/23] target/arm: Hoist computation of key in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
+Move the computation of key to the top of the function.
+Hoist the resolution of cp as well, as an input to the
+computation of key.
+This will be required by a subsequent patch.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-14-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-24-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-neon.c.inc | 27 ++++++++++++++++++++++-----
+ target/arm/helper.c | 49 +++++++++++++++++++++++++--------------------
-file changed, 22 insertions(+), 5 deletions(-)
+file changed, 27 insertions(+), 22 deletions(-)
-diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-neon.c.inc
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-neon.c.inc
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
- {
+     ARMCPRegInfo *r2;
-     /* Neon load/store multiple structures */
+     int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
-     int nregs, interleave, spacing, reg, n;
+     int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
--    MemOp endian = s->be_data;
++    int cp = r->cp;
-+    MemOp mop, align, endian;
+     size_t name_len;
-     int mmu_idx = get_mem_index(s);
-     int size = a->size;
++    switch (state) {
-     TCGv_i64 tmp64;
++    case ARM_CP_STATE_AA32:
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
++        /* We assume it is a cp15 register if the .cp field is left unset. */
-     }
++        if (cp == 0 && r->state == ARM_CP_STATE_BOTH) {
++            cp = 15;
-     /* For our purposes, bytes are always little-endian.  */
++        }
-+    endian = s->be_data;
++        key = ENCODE_CP_REG(cp, is64, ns, r->crn, crm, opc1, opc2);
-     if (size == 0) {
++        break;
-         endian = MO_LE;
++    case ARM_CP_STATE_AA64:
-     }
++        /*
-+
++         * To allow abbreviation of ARMCPRegInfo definitions, we treat
-+    /* Enforce alignment requested by the instruction */
++         * cp == 0 as equivalent to the value for "standard guest-visible
-+    if (a->align) {
++         * sysreg".  STATE_BOTH definitions are also always "standard sysreg"
-+        align = pow2_align(a->align + 2); /* 4 ** a->align */
++         * in their AArch64 view (the .cp value may be non-zero for the
-+    } else {
++         * benefit of the AArch32 view).
-+        align = s->align_mem ? MO_ALIGN : 0;
++         */
 +        if (cp == 0 || r->state == ARM_CP_STATE_BOTH) {
 +            cp = CP_REG_ARM64_SYSREG_CP;
 +        }
 +        key = ENCODE_AA64_CP_REG(cp, r->crn, crm, r->opc0, opc1, opc2);
 +        break;
 +    default:
 +        g_assert_not_reached();
 +    }
 +
-     /*
+     /* Combine cpreg and name into one allocation. */
-      * Consecutive little-endian elements from a single register
+     name_len = strlen(name) + 1;
-      * can be promoted to a larger little-endian operation.
+     r2 = g_malloc(sizeof(*r2) + name_len);
-      */
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     if (interleave == 1 && endian == MO_LE) {
+         }
-+        /* Retain any natural alignment. */
-+        if (align == MO_ALIGN) {
+         if (r->state == ARM_CP_STATE_BOTH) {
-+            align = pow2_align(size);
+-            /* We assume it is a cp15 register if the .cp field is left unset.
-+        }
+-             */
-         size = 3;
+-            if (r2->cp == 0) {
-     }
+-                r2->cp = 15;
-+
+-            }
-     tmp64 = tcg_temp_new_i64();
+-
-     addr = tcg_temp_new_i32();
+ #if HOST_BIG_ENDIAN
-     tmp = tcg_const_i32(1 << size);
+             if (r2->fieldoffset) {
-     load_reg_var(s, addr, a->rn);
+                 r2->fieldoffset += sizeof(uint32_t);
-+
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-+    mop = endian | size | align;
+ #endif
      for (reg = 0; reg < nregs; reg++) {
          for (n = 0; n < 8 >> size; n++) {
              int xs;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
                  int tt = a->vd + reg + spacing * xs;
                  if (a->l) {
 -                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx,
 -                                             endian | size);
 +                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx, mop);
                      neon_store_element64(tt, n, size, tmp64);
                  } else {
                      neon_load_element64(tmp64, tt, n, size);
 -                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx,
 -                                             endian | size);
 +                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx, mop);
                  }
                  tcg_gen_add_i32(addr, addr, tmp);
 +
 +                /* Subsequent memory operations inherit alignment */
 +                mop &= ~MO_AMASK;
              }
          }
      }
+-    if (state == ARM_CP_STATE_AA64) {
+-        /* To allow abbreviation of ARMCPRegInfo
+-         * definitions, we treat cp == 0 as equivalent to
+-         * the value for "standard guest-visible sysreg".
+-         * STATE_BOTH definitions are also always "standard
+-         * sysreg" in their AArch64 view (the .cp value may
+-         * be non-zero for the benefit of the AArch32 view).
+-         */
+-        if (r->cp == 0 || r->state == ARM_CP_STATE_BOTH) {
+-            r2->cp = CP_REG_ARM64_SYSREG_CP;
+-        }
+-        key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
+-                                 r2->opc0, opc1, opc2);
+-    } else {
+-        key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
+-    }
+     if (opaque) {
+         r2->opaque = opaque;
+     }
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
+     /* Make sure reginfo passed to helpers for wildcarded regs
+      * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
+      */
++    r2->cp = cp;
+     r2->crm = crm;
+     r2->opc1 = opc1;
+     r2->opc2 = opc2;
 --
-.20.1
+.25.1

-[PULL 13/43] target/arm: Rename TBFLAG_A32, SCTLR_B
+[PULL 15/23] target/arm: Consolidate cpreg updates in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
-We're about to rearrange the macro expansion surrounding tbflags,
+Put most of the value writeback to the same place,
-and this field name will be expanded using the bit definition of
+and improve the comment that goes with them.
 the same name, resulting in a token pasting error.
-So SCTLR_B -> SCTLR__B in the 3 uses, and document it.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-15-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h       | 2 +-
+ target/arm/helper.c | 28 ++++++++++++----------------
- target/arm/helper.c    | 2 +-
+file changed, 12 insertions(+), 16 deletions(-)
  target/arm/translate.c | 2 +-
 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
-  */
- FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
- FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
--FIELD(TBFLAG_A32, SCTLR_B, 15, 1)
-+FIELD(TBFLAG_A32, SCTLR__B, 15, 1)      /* Cannot overlap with SCTLR_B */
- FIELD(TBFLAG_A32, HSTR_ACTIVE, 16, 1)
- /*
-  * Indicates whether cp register reads and writes by guest code should access
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     bool sctlr_b = arm_sctlr_b(env);
+     *r2 = *r;
+     r2->name = memcpy(r2 + 1, name, name_len);
-     if (sctlr_b) {
--        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, 1);
+-    /* Reset the secure state to the specific incoming state.  This is
-+        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR__B, 1);
+-     * necessary as the register may have been defined with both states.
 +    /*
 +     * Update fields to match the instantiation, overwiting wildcards
 +     * such as CP_ANY, ARM_CP_STATE_BOTH, or ARM_CP_SECSTATE_BOTH.
       */
 +    r2->cp = cp;
 +    r2->crm = crm;
 +    r2->opc1 = opc1;
 +    r2->opc2 = opc2;
 +    r2->state = state;
      r2->secure = secstate;
 +    if (opaque) {
 +        r2->opaque = opaque;
 +    }
      if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
          /* Register is banked (using both entries in array).
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
  #endif
          }
      }
-     if (arm_cpu_data_is_big_endian_a32(env, sctlr_b)) {
+-    if (opaque) {
-         flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+-        r2->opaque = opaque;
-diff --git a/target/arm/translate.c b/target/arm/translate.c
+-    }
-index XXXXXXX..XXXXXXX 100644
+-    /* reginfo passed to helpers is correct for the actual access,
---- a/target/arm/translate.c
+-     * and is never ARM_CP_STATE_BOTH:
-+++ b/target/arm/translate.c
+-     */
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
+-    r2->state = state;
-             FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
+-    /* Make sure reginfo passed to helpers for wildcarded regs
-         dc->debug_target_el =
+-     * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
-             FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
+-     */
--        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
+-    r2->cp = cp;
-+        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR__B);
+-    r2->crm = crm;
-         dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE);
+-    r2->opc1 = opc1;
-         dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
+-    r2->opc2 = opc2;
-         dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
++
      /* By convention, for wildcarded registers only the first
       * entry is used for migration; the others are marked as
       * ALIAS so we don't try to transfer the register
 --
-.20.1
+.25.1

-[PULL 26/43] target/arm: Enforce alignment for LDA/LDAH/STL/STLH
+[PULL 16/23] target/arm: Use bool for is64 and ns in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
+Bool is a more appropriate type for these variables.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-16-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-17-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 4 ++--
+ target/arm/helper.c | 4 ++--
 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
+--- a/target/arm/helper.c
-+++ b/target/arm/translate.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop)
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     addr = load_reg(s, a->rn);
+      */
-     tmp = load_reg(s, a->rt);
+     uint32_t key;
-     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
+     ARMCPRegInfo *r2;
--    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop);
+-    int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
-+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN);
+-    int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
-     disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite);
++    bool is64 = r->type & ARM_CP_64BIT;
++    bool ns = secstate & ARM_CP_SECSTATE_NS;
-     tcg_temp_free_i32(tmp);
+     int cp = r->cp;
-@@ -XXX,XX +XXX,XX @@ static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop)
+     size_t name_len;
      addr = load_reg(s, a->rn);
      tmp = tcg_temp_new_i32();
 -    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
 +    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN);
      disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel);
      tcg_temp_free_i32(addr);
 --
-.20.1
+.25.1

-[PULL 36/43] target/arm: Use finalize_memop for aa64 fpr load/store
+[PULL 17/23] target/arm: Hoist isbanked computation in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
-For 128-bit load/store, use 16-byte alignment.  This
+Computing isbanked only once makes the code
-requires that we perform the two operations in the
+a bit easier to read.
 correct order so that we generate the alignment fault
 before modifying memory.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-17-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-27-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 42 +++++++++++++++++++++++---------------
+ target/arm/helper.c | 6 ++++--
-file changed, 26 insertions(+), 16 deletions(-)
+file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-a64.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
- static void do_fp_st(DisasContext *s, int srcidx, TCGv_i64 tcg_addr, int size)
+     bool is64 = r->type & ARM_CP_64BIT;
- {
+     bool ns = secstate & ARM_CP_SECSTATE_NS;
-     /* This writes the bottom N bits of a 128 bit wide vector to memory */
+     int cp = r->cp;
--    TCGv_i64 tmp = tcg_temp_new_i64();
++    bool isbanked;
--    tcg_gen_ld_i64(tmp, cpu_env, fp_reg_offset(s, srcidx, MO_64));
+     size_t name_len;
-+    TCGv_i64 tmplo = tcg_temp_new_i64();
-+    MemOp mop;
+     switch (state) {
-+
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-+    tcg_gen_ld_i64(tmplo, cpu_env, fp_reg_offset(s, srcidx, MO_64));
+         r2->opaque = opaque;
 +
      if (size < 4) {
 -        tcg_gen_qemu_st_i64(tmp, tcg_addr, get_mem_index(s),
 -                            s->be_data + size);
 +        mop = finalize_memop(s, size);
 +        tcg_gen_qemu_st_i64(tmplo, tcg_addr, get_mem_index(s), mop);
      } else {
          bool be = s->be_data == MO_BE;
          TCGv_i64 tcg_hiaddr = tcg_temp_new_i64();
 +        TCGv_i64 tmphi = tcg_temp_new_i64();
 +        tcg_gen_ld_i64(tmphi, cpu_env, fp_reg_hi_offset(s, srcidx));
 +
 +        mop = s->be_data | MO_Q;
 +        tcg_gen_qemu_st_i64(be ? tmphi : tmplo, tcg_addr, get_mem_index(s),
 +                            mop | (s->align_mem ? MO_ALIGN_16 : 0));
          tcg_gen_addi_i64(tcg_hiaddr, tcg_addr, 8);
 -        tcg_gen_qemu_st_i64(tmp, be ? tcg_hiaddr : tcg_addr, get_mem_index(s),
 -                            s->be_data | MO_Q);
 -        tcg_gen_ld_i64(tmp, cpu_env, fp_reg_hi_offset(s, srcidx));
 -        tcg_gen_qemu_st_i64(tmp, be ? tcg_addr : tcg_hiaddr, get_mem_index(s),
 -                            s->be_data | MO_Q);
 +        tcg_gen_qemu_st_i64(be ? tmplo : tmphi, tcg_hiaddr,
 +                            get_mem_index(s), mop);
 +
          tcg_temp_free_i64(tcg_hiaddr);
 +        tcg_temp_free_i64(tmphi);
      }
--    tcg_temp_free_i64(tmp);
+-    if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
-+    tcg_temp_free_i64(tmplo);
++    isbanked = r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1];
- }
++    if (isbanked) {
+         /* Register is banked (using both entries in array).
- /*
+          * Overwriting fieldoffset as the array is only used to define
-@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
+          * banked registers but later only fieldoffset is used.
-     /* This always zero-extends and writes to a full 128 bit wide vector */
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      TCGv_i64 tmplo = tcg_temp_new_i64();
      TCGv_i64 tmphi = NULL;
 +    MemOp mop;
      if (size < 4) {
 -        MemOp memop = s->be_data + size;
 -        tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), memop);
 +        mop = finalize_memop(s, size);
 +        tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), mop);
      } else {
          bool be = s->be_data == MO_BE;
          TCGv_i64 tcg_hiaddr;
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
          tmphi = tcg_temp_new_i64();
          tcg_hiaddr = tcg_temp_new_i64();
 +        mop = s->be_data | MO_Q;
 +        tcg_gen_qemu_ld_i64(be ? tmphi : tmplo, tcg_addr, get_mem_index(s),
 +                            mop | (s->align_mem ? MO_ALIGN_16 : 0));
          tcg_gen_addi_i64(tcg_hiaddr, tcg_addr, 8);
 -        tcg_gen_qemu_ld_i64(tmplo, be ? tcg_hiaddr : tcg_addr, get_mem_index(s),
 -                            s->be_data | MO_Q);
 -        tcg_gen_qemu_ld_i64(tmphi, be ? tcg_addr : tcg_hiaddr, get_mem_index(s),
 -                            s->be_data | MO_Q);
 +        tcg_gen_qemu_ld_i64(be ? tmplo : tmphi, tcg_hiaddr,
 +                            get_mem_index(s), mop);
          tcg_temp_free_i64(tcg_hiaddr);
      }
+     if (state == ARM_CP_STATE_AA32) {
+-        if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
++        if (isbanked) {
+             /* If the register is banked then we don't need to migrate or
+              * reset the 32-bit instance in certain cases:
+              *
 --
-.20.1
+.25.1

-[PULL 04/43] target/arm: Split out mte_probe_int
+[PULL 18/23] target/arm: Perform override check early in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
-Split out a helper function from mte_checkN to perform
+Perform the override check early, so that it is still done
-all of the checking and address manpulation.  So far,
+even when we decide to discard an unreachable cpreg.
 just use this in mte_checkN itself.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Use assert not printf+abort.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-3-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20220501055028.646596-18-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/mte_helper.c | 52 +++++++++++++++++++++++++++++++----------
+ target/arm/helper.c | 22 ++++++++--------------
-file changed, 40 insertions(+), 12 deletions(-)
+file changed, 8 insertions(+), 14 deletions(-)
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
+--- a/target/arm/helper.c
-+++ b/target/arm/mte_helper.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     return n;
+         g_assert_not_reached();
  }
 -uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
 -                    uint64_t ptr, uintptr_t ra)
 +/**
 + * mte_probe_int() - helper for mte_probe and mte_check
 + * @env: CPU environment
 + * @desc: MTEDESC descriptor
 + * @ptr: virtual address of the base of the access
 + * @fault: return virtual address of the first check failure
 + *
 + * Internal routine for both mte_probe and mte_check.
 + * Return zero on failure, filling in *fault.
 + * Return negative on trivial success for tbi disabled.
 + * Return positive on success with tbi enabled.
 + */
 +static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
 +                         uintptr_t ra, uint32_t total, uint64_t *fault)
  {
      int mmu_idx, ptr_tag, bit55;
      uint64_t ptr_last, prev_page, next_page;
      uint64_t tag_first, tag_last;
      uint64_t tag_byte_first, tag_byte_last;
 -    uint32_t total, tag_count, tag_size, n, c;
 +    uint32_t tag_count, tag_size, n, c;
      uint8_t *mem1, *mem2;
      MMUAccessType type;
      bit55 = extract64(ptr, 55, 1);
 +    *fault = ptr;
      /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
      if (unlikely(!tbi_check(desc, bit55))) {
 -        return ptr;
 +        return -1;
      }
-     ptr_tag = allocation_tag_from_addr(ptr);
++    /* Overriding of an existing definition must be explicitly requested. */
++    if (!(r->type & ARM_CP_OVERRIDE)) {
-     if (tcma_check(desc, bit55, ptr_tag)) {
++        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
--        goto done;
++        if (oldreg) {
-+        return 1;
++            assert(oldreg->type & ARM_CP_OVERRIDE);
-     }
++        }
      mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
      type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
 -    total = FIELD_EX32(desc, MTEDESC, TSIZE);
      /* Find the addr of the end of the access */
      ptr_last = ptr + total - 1;
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
          mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
                                    MMU_DATA_LOAD, tag_size, ra);
          if (!mem1) {
 -            goto done;
 +            return 1;
          }
          /* Perform all of the comparisons. */
          n = checkN(mem1, ptr & TAG_GRANULE, ptr_tag, tag_count);
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
          }
          if (n == c) {
              if (!mem2) {
 -                goto done;
 +                return 1;
              }
              n += checkN(mem2, 0, ptr_tag, tag_count - c);
          }
      }
 +    if (likely(n == tag_count)) {
 +        return 1;
 +    }
 +
-     /*
+     /* Combine cpreg and name into one allocation. */
-      * If we failed, we know which granule.  For the first granule, the
+     name_len = strlen(name) + 1;
-      * failure address is @ptr, the first byte accessed.  Otherwise the
+     r2 = g_malloc(sizeof(*r2) + name_len);
-      * failure address is the first byte of the nth granule.
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-      */
+         assert(!raw_accessors_invalid(r2));
 -    if (unlikely(n < tag_count)) {
 -        uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
 -        mte_check_fail(env, desc, fault, ra);
 +    if (n > 0) {
 +        *fault = tag_first + n * TAG_GRANULE;
      }
-+    return 0;
-+}
+-    /* Overriding of an existing definition must be explicitly
+-     * requested.
-- done:
+-     */
-+uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
+-    if (!(r->type & ARM_CP_OVERRIDE)) {
-+                    uint64_t ptr, uintptr_t ra)
+-        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
-+{
+-        if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
-+    uint64_t fault;
+-            fprintf(stderr, "Register redefined: cp=%d %d bit "
-+    uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
+-                    "crn=%d crm=%d opc1=%d opc2=%d, "
-+    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+-                    "was %s, now %s\n", r2->cp, 32 + 32 * is64,
-+
+-                    r2->crn, r2->crm, r2->opc1, r2->opc2,
-+    if (unlikely(ret == 0)) {
+-                    oldreg->name, r2->name);
-+        mte_check_fail(env, desc, fault, ra);
+-            g_assert_not_reached();
-+    } else if (ret < 0) {
+-        }
-+        return ptr;
+-    }
-+    }
+     g_hash_table_insert(cpu->cp_regs, (gpointer)(uintptr_t)key, r2);
      return useronly_clean_ptr(ptr);
  }
 --
-.20.1
+.25.1

-[PULL 05/43] target/arm: Fix unaligned checks for mte_check1, mte_probe1
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-We were incorrectly assuming that only the first byte of an MTE access
-is checked against the tags.  But per the ARM, unaligned accesses are
-pre-decomposed into single-byte accesses.  So by the time we reach the
-actual MTE check in the ARM pseudocode, all accesses are aligned.
-We cannot tell a priori whether or not a given scalar access is aligned,
-therefore we must at least check.  Use mte_probe_int, which is already
-set up for checking multiple granules.
-Buglink: https://bugs.launchpad.net/bugs/1921948
-Tested-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-4-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/mte_helper.c | 109 +++++++++++++---------------------------
-file changed, 35 insertions(+), 74 deletions(-)
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
-+++ b/target/arm/mte_helper.c
-@@ -XXX,XX +XXX,XX @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
-     }
- }
--/*
-- * Perform an MTE checked access for a single logical or atomic access.
-- */
--static bool mte_probe1_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
--                           uintptr_t ra, int bit55)
--{
--    int mem_tag, mmu_idx, ptr_tag, size;
--    MMUAccessType type;
--    uint8_t *mem;
--
--    ptr_tag = allocation_tag_from_addr(ptr);
--
--    if (tcma_check(desc, bit55, ptr_tag)) {
--        return true;
--    }
--
--    mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
--    type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
--    size = FIELD_EX32(desc, MTEDESC, ESIZE);
--
--    mem = allocation_tag_mem(env, mmu_idx, ptr, type, size,
--                             MMU_DATA_LOAD, 1, ra);
--    if (!mem) {
--        return true;
--    }
--
--    mem_tag = load_tag1(ptr, mem);
--    return ptr_tag == mem_tag;
--}
--
--/*
-- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
-- * Returns false if the access is Checked and the check failed.  This
-- * is only intended to probe the tag -- the validity of the page must
-- * be checked beforehand.
-- */
--bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
--{
--    int bit55 = extract64(ptr, 55, 1);
--
--    /* If TBI is disabled, the access is unchecked. */
--    if (unlikely(!tbi_check(desc, bit55))) {
--        return true;
--    }
--
--    return mte_probe1_int(env, desc, ptr, 0, bit55);
--}
--
--uint64_t mte_check1(CPUARMState *env, uint32_t desc,
--                    uint64_t ptr, uintptr_t ra)
--{
--    int bit55 = extract64(ptr, 55, 1);
--
--    /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
--    if (unlikely(!tbi_check(desc, bit55))) {
--        return ptr;
--    }
--
--    if (unlikely(!mte_probe1_int(env, desc, ptr, ra, bit55))) {
--        mte_check_fail(env, desc, ptr, ra);
--    }
--
--    return useronly_clean_ptr(ptr);
--}
--
--uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
--{
--    return mte_check1(env, desc, ptr, GETPC());
--}
--
--/*
-- * Perform an MTE checked access for multiple logical accesses.
-- */
--
- /**
-  * checkN:
-  * @tag: tag memory to test
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-     return mte_checkN(env, desc, ptr, GETPC());
- }
-+uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-+                    uint64_t ptr, uintptr_t ra)
-+{
-+    uint64_t fault;
-+    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
-+    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
-+
-+    if (unlikely(ret == 0)) {
-+        mte_check_fail(env, desc, fault, ra);
-+    } else if (ret < 0) {
-+        return ptr;
-+    }
-+    return useronly_clean_ptr(ptr);
-+}
-+
-+uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-+{
-+    return mte_check1(env, desc, ptr, GETPC());
-+}
-+
-+/*
-+ * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
-+ * Returns false if the access is Checked and the check failed.  This
-+ * is only intended to probe the tag -- the validity of the page must
-+ * be checked beforehand.
-+ */
-+bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
-+{
-+    uint64_t fault;
-+    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
-+    int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
-+
-+    return ret != 0;
-+}
-+
- /*
-  * Perform an MTE checked access for DC_ZVA.
-  */
---
-.20.1

-[PULL 07/43] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-After recent changes, mte_checkN does not use ESIZE,
-and mte_check1 never used TSIZE.  We can combine the
-two into a single field: SIZEM1.
-Choose to pass size - 1 because size == 0 is never used,
-our immediate need in mte_probe_int is for the address
-of the last byte (ptr + size - 1), and since almost all
-operations are powers of 2, this makes the immediate
-constant one bit smaller.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-6-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h     |  4 ++--
- target/arm/mte_helper.c    | 18 ++++++++----------
- target/arm/translate-a64.c |  5 ++---
- target/arm/translate-sve.c |  5 ++---
-files changed, 14 insertions(+), 18 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@
- #define TARGET_ARM_INTERNALS_H
- #include "hw/registerfields.h"
-+#include "tcg/tcg-gvec-desc.h"
- #include "syndrome.h"
- /* register banks for CPU modes */
-@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, MIDX,  0, 4)
- FIELD(MTEDESC, TBI,   4, 2)
- FIELD(MTEDESC, TCMA,  6, 2)
- FIELD(MTEDESC, WRITE, 8, 1)
--FIELD(MTEDESC, ESIZE, 9, 5)
--FIELD(MTEDESC, TSIZE, 14, 10)  /* mte_checkN only */
-+FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
- bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
- uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
-+++ b/target/arm/mte_helper.c
-@@ -XXX,XX +XXX,XX @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
-  * Return positive on success with tbi enabled.
-  */
- static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
--                         uintptr_t ra, uint32_t total, uint64_t *fault)
-+                         uintptr_t ra, uint64_t *fault)
- {
-     int mmu_idx, ptr_tag, bit55;
-     uint64_t ptr_last, prev_page, next_page;
-     uint64_t tag_first, tag_last;
-     uint64_t tag_byte_first, tag_byte_last;
--    uint32_t tag_count, tag_size, n, c;
-+    uint32_t sizem1, tag_count, tag_size, n, c;
-     uint8_t *mem1, *mem2;
-     MMUAccessType type;
-@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
-     mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
-     type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
-+    sizem1 = FIELD_EX32(desc, MTEDESC, SIZEM1);
-     /* Find the addr of the end of the access */
--    ptr_last = ptr + total - 1;
-+    ptr_last = ptr + sizem1;
-     /* Round the bounds to the tag granule, and compute the number of tags. */
-     tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
-@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
-     if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
-         /* Memory access stays on one page. */
-         tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
--        mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
-+        mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,
-                                   MMU_DATA_LOAD, tag_size, ra);
-         if (!mem1) {
-             return 1;
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-                     uint64_t ptr, uintptr_t ra)
- {
-     uint64_t fault;
--    uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
--    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
-+    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
-     if (unlikely(ret == 0)) {
-         mte_check_fail(env, desc, fault, ra);
-@@ -XXX,XX +XXX,XX @@ uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-                     uint64_t ptr, uintptr_t ra)
- {
-     uint64_t fault;
--    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
--    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
-+    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
-     if (unlikely(ret == 0)) {
-         mte_check_fail(env, desc, fault, ra);
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
- bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
- {
-     uint64_t fault;
--    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
--    int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
-+    int ret = mte_probe_int(env, desc, ptr, 0, &fault);
-     return ret != 0;
- }
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
-         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
-         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
-         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
--        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_size);
-+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << log2_size) - 1);
-         tcg_desc = tcg_const_i32(desc);
-         ret = new_tmp_a64(s);
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
-         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
-         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
-         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
--        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_esize);
--        desc = FIELD_DP32(desc, MTEDESC, TSIZE, total_size);
-+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
-         tcg_desc = tcg_const_i32(desc);
-         ret = new_tmp_a64(s);
-diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-sve.c
-+++ b/target/arm/translate-sve.c
-@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
-         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
-         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
-         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
--        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
--        desc = FIELD_DP32(desc, MTEDESC, TSIZE, mte_n << msz);
-+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1);
-         desc <<= SVE_MTEDESC_SHIFT;
-     } else {
-         addr = clean_data_tbi(s, addr);
-@@ -XXX,XX +XXX,XX @@ static void do_mem_zpz(DisasContext *s, int zt, int pg, int zm,
-         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
-         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
-         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
--        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
-+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << msz) - 1);
-         desc <<= SVE_MTEDESC_SHIFT;
-     }
-     desc = simd_desc(vsz, vsz, desc | scale);
---
-.20.1

-[PULL 09/43] target/arm: Rename mte_probe1 to mte_probe
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-For consistency with the mte_check1 + mte_checkN merge
-to mte_check, rename the probe function as well.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-8-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h  | 2 +-
- target/arm/mte_helper.c | 6 +++---
- target/arm/sve_helper.c | 6 +++---
-files changed, 7 insertions(+), 7 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, TCMA,  6, 2)
- FIELD(MTEDESC, WRITE, 8, 1)
- FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
--bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
-+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr);
- uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
- static inline int allocation_tag_from_addr(uint64_t ptr)
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
-+++ b/target/arm/mte_helper.c
-@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
-      * exception for inaccessible pages, and resolves the virtual address
-      * into the softmmu tlb.
-      *
--     * When RA == 0, this is for mte_probe1.  The page is expected to be
-+     * When RA == 0, this is for mte_probe.  The page is expected to be
-      * valid.  Indicate to probe_access_flags no-fault, then assert that
-      * we received a valid page.
-      */
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
- }
- /*
-- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
-+ * No-fault version of mte_check, to be used by SVE for MemSingleNF.
-  * Returns false if the access is Checked and the check failed.  This
-  * is only intended to probe the tag -- the validity of the page must
-  * be checked beforehand.
-  */
--bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
-+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr)
- {
-     uint64_t fault;
-     int ret = mte_probe_int(env, desc, ptr, 0, &fault);
-diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sve_helper.c
-+++ b/target/arm/sve_helper.c
-@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
-                 /* Watchpoint hit, see below. */
-                 goto do_fault;
-             }
--            if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
-+            if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
-                 goto do_fault;
-             }
-             /*
-@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
-                      & BP_MEM_READ)) {
-                     goto do_fault;
-                 }
--                if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
-+                if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
-                     goto do_fault;
-                 }
-                 host_fn(vd, reg_off, host + mem_off);
-@@ -XXX,XX +XXX,XX @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
-                 }
-                 if (mtedesc &&
-                     arm_tlb_mte_tagged(&info.attrs) &&
--                    !mte_probe1(env, mtedesc, addr)) {
-+                    !mte_probe(env, mtedesc, addr)) {
-                     goto fault;
-                 }
---
-.20.1

-[PULL 11/43] target/arm: Remove log2_esize parameter to gen_mte_checkN
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The log2_esize parameter is not used except trivially.
-Drop the parameter and the deferral to gen_mte_check1.
-This fixes a bug in that the parameters as documented
-in the header file were the reverse from those in the
-implementation.  Which meant that translate-sve.c was
-passing the parameters in the wrong order.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210416183106.1516563-10-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.h |  2 +-
- target/arm/translate-a64.c | 15 +++++++--------
- target/arm/translate-sve.c |  4 ++--
-files changed, 10 insertions(+), 11 deletions(-)
-diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.h
-+++ b/target/arm/translate-a64.h
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr);
- TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
-                         bool tag_checked, int log2_size);
- TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
--                        bool tag_checked, int count, int log2_esize);
-+                        bool tag_checked, int size);
- /* We should have at some point before trying to access an FP register
-  * done the necessary access check, so assert that
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
-  * For MTE, check multiple logical sequential accesses.
-  */
- TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
--                        bool tag_checked, int log2_esize, int total_size)
-+                        bool tag_checked, int size)
- {
--    if (tag_checked && s->mte_active[0] && total_size != (1 << log2_esize)) {
-+    if (tag_checked && s->mte_active[0]) {
-         TCGv_i32 tcg_desc;
-         TCGv_i64 ret;
-         int desc = 0;
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
-         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
-         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
-         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
--        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
-+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, size - 1);
-         tcg_desc = tcg_const_i32(desc);
-         ret = new_tmp_a64(s);
-@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
-         return ret;
-     }
--    return gen_mte_check1(s, addr, is_write, tag_checked, log2_esize);
-+    return clean_data_tbi(s, addr);
- }
- typedef struct DisasCompare64 {
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
-     }
-     clean_addr = gen_mte_checkN(s, dirty_addr, !is_load,
--                                (wback || rn != 31) && !set_tag,
--                                size, 2 << size);
-+                                (wback || rn != 31) && !set_tag, 2 << size);
-     if (is_vector) {
-         if (is_load) {
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
-      * promote consecutive little-endian elements below.
-      */
-     clean_addr = gen_mte_checkN(s, tcg_rn, is_store, is_postidx || rn != 31,
--                                size, total);
-+                                total);
-     /*
-      * Consecutive little-endian elements from a single register
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-     tcg_rn = cpu_reg_sp(s, rn);
-     clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
--                                scale, total);
-+                                total);
-     tcg_ebytes = tcg_const_i64(1 << scale);
-     for (xs = 0; xs < selem; xs++) {
-diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-sve.c
-+++ b/target/arm/translate-sve.c
-@@ -XXX,XX +XXX,XX @@ static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
-     dirty_addr = tcg_temp_new_i64();
-     tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
--    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
-+    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
-     tcg_temp_free_i64(dirty_addr);
-     /*
-@@ -XXX,XX +XXX,XX @@ static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
-     dirty_addr = tcg_temp_new_i64();
-     tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
--    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
-+    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
-     tcg_temp_free_i64(dirty_addr);
-     /* Note that unpredicated load/store of vector/predicate registers
---
-.20.1

-[PULL 12/43] target/arm: Fix decode of align in VLDST_single
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The encoding of size = 2 and size = 3 had the incorrect decode
-for align, overlapping the stride field.  This error was hidden
-by what should have been unnecessary masking in translate.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-2-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/neon-ls.decode       | 4 ++--
- target/arm/translate-neon.c.inc | 4 ++--
-files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/arm/neon-ls.decode b/target/arm/neon-ls.decode
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/neon-ls.decode
-+++ b/target/arm/neon-ls.decode
-@@ -XXX,XX +XXX,XX @@ VLD_all_lanes  1111 0100 1 . 1 0 rn:4 .... 11 n:2 size:2 t:1 a:1 rm:4 \
- VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 00 n:2 reg_idx:3 align:1 rm:4 \
-                vd=%vd_dp size=0 stride=1
--VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 01 n:2 reg_idx:2 align:2 rm:4 \
-+VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 01 n:2 reg_idx:2 . align:1 rm:4 \
-                vd=%vd_dp size=1 stride=%imm1_5_p1
--VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 10 n:2 reg_idx:1 align:3 rm:4 \
-+VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 10 n:2 reg_idx:1 . align:2 rm:4 \
-                vd=%vd_dp size=2 stride=%imm1_6_p1
-diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-neon.c.inc
-+++ b/target/arm/translate-neon.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
-     switch (nregs) {
-     case 1:
-         if (((a->align & (1 << a->size)) != 0) ||
--            (a->size == 2 && ((a->align & 3) == 1 || (a->align & 3) == 2))) {
-+            (a->size == 2 && (a->align == 1 || a->align == 2))) {
-             return false;
-         }
-         break;
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
-         }
-         break;
-     case 4:
--        if ((a->size == 2) && ((a->align & 3) == 3)) {
-+        if (a->size == 2 && a->align == 3) {
-             return false;
-         }
-         break;
---
-.20.1

-[PULL 32/43] target/arm: Enforce alignment for VLDn (all lanes)
+[PULL 19/23] target/arm: Reformat comments in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
+Put the block comments into the current coding style.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-19-richard.henderson@linaro.org
 Message-id: 20210419202257.161730-23-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.h          |  1 +
+ target/arm/helper.c | 24 +++++++++++++++---------
- target/arm/translate.c          | 15 +++++++++++++
+file changed, 15 insertions(+), 9 deletions(-)
  target/arm/translate-neon.c.inc | 37 +++++++++++++++++++++++++--------
 files changed, 44 insertions(+), 9 deletions(-)
-diff --git a/target/arm/translate.h b/target/arm/translate.h
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.h
+--- a/target/arm/helper.c
-+++ b/target/arm/translate.h
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void arm_test_cc(DisasCompare *cmp, int cc);
+@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
- void arm_free_cc(DisasCompare *cmp);
+     return cpu_list;
- void arm_jump_cc(DisasCompare *cmp, TCGLabel *label);
+ }
- void arm_gen_test_cc(int cc, TCGLabel *label);
-+MemOp pow2_align(unsigned i);
++/*
++ * Private utility function for define_one_arm_cp_reg_with_opaque():
- /* Return state of Alternate Half-precision flag, caller frees result */
++ * add a single reginfo struct to the hash table.
- static inline TCGv_i32 get_ahp_flag(void)
++ */
-diff --git a/target/arm/translate.c b/target/arm/translate.c
+ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-index XXXXXXX..XXXXXXX 100644
+                                    void *opaque, CPState state,
---- a/target/arm/translate.c
+                                    CPSecureState secstate,
-+++ b/target/arm/translate.c
+                                    int crm, int opc1, int opc2,
-@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
+                                    const char *name)
- #define IS_USER_ONLY 0
+ {
- #endif
+-    /* Private utility function for define_one_arm_cp_reg_with_opaque():
+-     * add a single reginfo struct to the hash table.
-+MemOp pow2_align(unsigned i)
+-     */
-+{
+     uint32_t key;
-+    static const MemOp mop_align[] = {
+     ARMCPRegInfo *r2;
-+        0, MO_ALIGN_2, MO_ALIGN_4, MO_ALIGN_8, MO_ALIGN_16,
+     bool is64 = r->type & ARM_CP_64BIT;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      isbanked = r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1];
      if (isbanked) {
 -        /* Register is banked (using both entries in array).
 +        /*
-+         * FIXME: TARGET_PAGE_BITS_MIN affects TLB_FLAGS_MASK such
++         * Register is banked (using both entries in array).
-+         * that 256-bit alignment (MO_ALIGN_32) cannot be supported:
+          * Overwriting fieldoffset as the array is only used to define
-+         * see get_alignment_bits(). Enforce only 128-bit alignment for now.
+          * banked registers but later only fieldoffset is used.
-+         */
+          */
-+        MO_ALIGN_16
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-+    };
-+    g_assert(i < ARRAY_SIZE(mop_align));
+     if (state == ARM_CP_STATE_AA32) {
-+    return mop_align[i];
+         if (isbanked) {
-+}
+-            /* If the register is banked then we don't need to migrate or
-+
++            /*
- /*
++             * If the register is banked then we don't need to migrate or
-  * Abstractions of "generate code to do a guest load/store for
+              * reset the 32-bit instance in certain cases:
-  * AArch32", where a vaddr is always 32 bits (and is zero
+              *
-diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
+              * 1) If the register has both 32-bit and 64-bit instances then we
-index XXXXXXX..XXXXXXX 100644
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
---- a/target/arm/translate-neon.c.inc
+                 r2->type |= ARM_CP_ALIAS;
-+++ b/target/arm/translate-neon.c.inc
+             }
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
+         } else if ((secstate != r->secure) && !ns) {
-     int size = a->size;
+-            /* The register is not banked so we only want to allow migration of
-     int nregs = a->n + 1;
+-             * the non-secure instance.
-     TCGv_i32 addr, tmp;
++            /*
-+    MemOp mop, align;
++             * The register is not banked so we only want to allow migration
++             * of the non-secure instance.
-     if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
+              */
-         return false;
+             r2->type |= ARM_CP_ALIAS;
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
+         }
-         return false;
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
          }
      }
-+    align = 0;
+-    /* By convention, for wildcarded registers only the first
-     if (size == 3) {
++    /*
-         if (nregs != 4 || a->a == 0) {
++     * By convention, for wildcarded registers only the first
-             return false;
+      * entry is used for migration; the others are marked as
-         }
+      * ALIAS so we don't try to transfer the register
-         /* For VLD4 size == 3 a == 1 means 32 bits at 16 byte alignment */
+      * multiple times. Special registers (ie NOP/WFI) are
--        size = 2;
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
--    }
+         r2->type |= ARM_CP_ALIAS | ARM_CP_NO_GDB;
 -    if (nregs == 1 && a->a == 1 && size == 0) {
 -        return false;
 -    }
 -    if (nregs == 3 && a->a == 1) {
 -        return false;
 +        size = MO_32;
 +        align = MO_ALIGN_16;
 +    } else if (a->a) {
 +        switch (nregs) {
 +        case 1:
 +            if (size == 0) {
 +                return false;
 +            }
 +            align = MO_ALIGN;
 +            break;
 +        case 2:
 +            align = pow2_align(size + 1);
 +            break;
 +        case 3:
 +            return false;
 +        case 4:
 +            align = pow2_align(size + 2);
 +            break;
 +        default:
 +            g_assert_not_reached();
 +        }
      }
-     if (!vfp_access_check(s)) {
+-    /* Check that raw accesses are either forbidden or handled. Note that
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
++    /*
 +     * Check that raw accesses are either forbidden or handled. Note that
       * we can't assert this earlier because the setup of fieldoffset for
       * banked registers has to be done first.
       */
-     stride = a->t ? 2 : 1;
-     vec_size = nregs == 1 ? stride * 8 : 8;
--
-+    mop = size | align;
-     tmp = tcg_temp_new_i32();
-     addr = tcg_temp_new_i32();
-     load_reg_var(s, addr, a->rn);
-     for (reg = 0; reg < nregs; reg++) {
--        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), size);
-+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
-         if ((vd & 1) && vec_size == 16) {
-             /*
-              * We cannot write 16 bytes at once because the
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
-         }
-         tcg_gen_addi_i32(addr, addr, 1 << size);
-         vd += stride;
-+
-+        /* Subsequent memory operations inherit alignment */
-+        mop &= ~MO_AMASK;
-     }
-     tcg_temp_free_i32(tmp);
-     tcg_temp_free_i32(addr);
 --
-.20.1
+.25.1

-[PULL 34/43] target/arm: Enforce alignment for VLDn/VSTn (single)
+[PULL 20/23] target/arm: Remove HOST_BIG_ENDIAN ifdef in add_cpreg_to_hashtable
 From: Richard Henderson <richard.henderson@linaro.org>
+Since e03b56863d2bc, our host endian indicator is unconditionally
+set, which means that we can use a normal C condition.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220501055028.646596-20-richard.henderson@linaro.org
-Message-id: 20210419202257.161730-25-richard.henderson@linaro.org
+[PMM: quote correct git hash in commit message]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-neon.c.inc | 48 ++++++++++++++++++++++++++++-----
+ target/arm/helper.c | 9 +++------
-file changed, 42 insertions(+), 6 deletions(-)
+file changed, 3 insertions(+), 6 deletions(-)
-diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-neon.c.inc
+--- a/target/arm/helper.c
-+++ b/target/arm/translate-neon.c.inc
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
+@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-     int nregs = a->n + 1;
+             r2->type |= ARM_CP_ALIAS;
-     int vd = a->vd;
+         }
-     TCGv_i32 addr, tmp;
-+    MemOp mop;
+-        if (r->state == ARM_CP_STATE_BOTH) {
+-#if HOST_BIG_ENDIAN
-     if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
+-            if (r2->fieldoffset) {
-         return false;
+-                r2->fieldoffset += sizeof(uint32_t);
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
+-            }
-         return true;
+-#endif
 +        if (HOST_BIG_ENDIAN &&
 +            r->state == ARM_CP_STATE_BOTH && r2->fieldoffset) {
 +            r2->fieldoffset += sizeof(uint32_t);
          }
      }
-+    /* Pick up SCTLR settings */
-+    mop = finalize_memop(s, a->size);
-+
-+    if (a->align) {
-+        MemOp align_op;
-+
-+        switch (nregs) {
-+        case 1:
-+            /* For VLD1, use natural alignment. */
-+            align_op = MO_ALIGN;
-+            break;
-+        case 2:
-+            /* For VLD2, use double alignment. */
-+            align_op = pow2_align(a->size + 1);
-+            break;
-+        case 4:
-+            if (a->size == MO_32) {
-+                /*
-+                 * For VLD4.32, align = 1 is double alignment, align = 2 is
-+                 * quad alignment; align = 3 is rejected above.
-+                 */
-+                align_op = pow2_align(a->size + a->align);
-+            } else {
-+                /* For VLD4.8 and VLD.16, we want quad alignment. */
-+                align_op = pow2_align(a->size + 2);
-+            }
-+            break;
-+        default:
-+            /* For VLD3, the alignment field is zero and rejected above. */
-+            g_assert_not_reached();
-+        }
-+
-+        mop = (mop & ~MO_AMASK) | align_op;
-+    }
-+
-     tmp = tcg_temp_new_i32();
-     addr = tcg_temp_new_i32();
-     load_reg_var(s, addr, a->rn);
--    /*
--     * TODO: if we implemented alignment exceptions, we should check
--     * addr against the alignment encoded in a->align here.
--     */
-+
-     for (reg = 0; reg < nregs; reg++) {
-         if (a->l) {
--            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), a->size);
-+            gen_aa32_ld_internal_i32(s, tmp, addr, get_mem_index(s), mop);
-             neon_store_element(vd, a->reg_idx, a->size, tmp);
-         } else { /* Store */
-             neon_load_element(tmp, vd, a->reg_idx, a->size);
--            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), a->size);
-+            gen_aa32_st_internal_i32(s, tmp, addr, get_mem_index(s), mop);
-         }
-         vd += a->stride;
-         tcg_gen_addi_i32(addr, addr, 1 << a->size);
-+
-+        /* Subsequent memory operations inherit alignment */
-+        mop &= ~MO_AMASK;
-     }
-     tcg_temp_free_i32(addr);
-     tcg_temp_free_i32(tmp);
 --
-.20.1
+.25.1

-[PULL 24/43] target/arm: Adjust gen_aa32_{ld, st}_i64 for align+endianness
+[PULL 21/23] target/arm: Add isar predicates for FEAT_Debugv8p2
 From: Richard Henderson <richard.henderson@linaro.org>
-Adjust the interface to match what has been done to the
-TCGv_i32 load/store functions.
-This is less obvious, because at present the only user of
-these functions, trans_VLDST_multiple, also wants to manipulate
-the endianness to speed up loading multiple bytes.  Thus we
-retain an "internal" interface which is identical to the
-current gen_aa32_{ld,st}_i64 interface.
-The "new" interface will gain users as we remove the legacy
-interfaces, gen_aa32_ld64 and gen_aa32_st64.
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-15-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-24-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c          | 78 +++++++++++++++++++--------------
+ target/arm/cpu.h | 15 +++++++++++++++
- target/arm/translate-neon.c.inc |  6 ++-
+file changed, 15 insertions(+)
 files changed, 49 insertions(+), 35 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
+--- a/target/arm/cpu.h
-+++ b/target/arm/translate.c
++++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val,
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_ssbs(const ARMISARegisters *id)
-     tcg_temp_free(addr);
+     return FIELD_EX32(id->id_pfr2, ID_PFR2, SSBS) != 0;
  }
-+static void gen_aa32_ld_internal_i64(DisasContext *s, TCGv_i64 val,
++static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
 +                                     TCGv_i32 a32, int index, MemOp opc)
 +{
-+    TCGv addr = gen_aa32_addr(s, a32, opc);
++    return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
 +
 +    tcg_gen_qemu_ld_i64(val, addr, index, opc);
 +
 +    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 +    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
 +        tcg_gen_rotri_i64(val, val, 32);
 +    }
 +    tcg_temp_free(addr);
 +}
 +
-+static void gen_aa32_st_internal_i64(DisasContext *s, TCGv_i64 val,
+ /*
-+                                     TCGv_i32 a32, int index, MemOp opc)
+  * 64-bit feature tests via id registers.
   */
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_ssbs(const ARMISARegisters *id)
      return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, SSBS) != 0;
  }
 +static inline bool isar_feature_aa64_debugv8p2(const ARMISARegisters *id)
 +{
-+    TCGv addr = gen_aa32_addr(s, a32, opc);
++    return FIELD_EX64(id->id_aa64dfr0, ID_AA64DFR0, DEBUGVER) >= 8;
 +
 +    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 +    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
 +        TCGv_i64 tmp = tcg_temp_new_i64();
 +        tcg_gen_rotri_i64(tmp, val, 32);
 +        tcg_gen_qemu_st_i64(tmp, addr, index, opc);
 +        tcg_temp_free_i64(tmp);
 +    } else {
 +        tcg_gen_qemu_st_i64(val, addr, index, opc);
 +    }
 +    tcg_temp_free(addr);
 +}
 +
- static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
+ static inline bool isar_feature_aa64_sve2(const ARMISARegisters *id)
                              int index, MemOp opc)
  {
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
+     return FIELD_EX64(id->id_aa64zfr0, ID_AA64ZFR0, SVEVER) != 0;
-     gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc));
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_tts2uxn(const ARMISARegisters *id)
      return isar_feature_aa64_tts2uxn(id) || isar_feature_aa32_tts2uxn(id);
  }
-+static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
++static inline bool isar_feature_any_debugv8p2(const ARMISARegisters *id)
 +                            int index, MemOp opc)
 +{
-+    gen_aa32_ld_internal_i64(s, val, a32, index, finalize_memop(s, opc));
++    return isar_feature_aa64_debugv8p2(id) || isar_feature_aa32_debugv8p2(id);
 +}
 +
-+static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
+ /*
-+                            int index, MemOp opc)
+  * Forward to the above feature tests given an ARMCPU pointer.
-+{
+  */
 +    gen_aa32_st_internal_i64(s, val, a32, index, finalize_memop(s, opc));
 +}
 +
  #define DO_GEN_LD(SUFF, OPC)                                            \
      static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
                                           TCGv_i32 a32, int index)       \
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
          gen_aa32_st_i32(s, val, a32, index, OPC);                       \
      }
 -static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
 -                            int index, MemOp opc)
 -{
 -    TCGv addr = gen_aa32_addr(s, a32, opc);
 -    tcg_gen_qemu_ld_i64(val, addr, index, opc);
 -
 -    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 -    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
 -        tcg_gen_rotri_i64(val, val, 32);
 -    }
 -
 -    tcg_temp_free(addr);
 -}
 -
  static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
                                   TCGv_i32 a32, int index)
  {
 -    gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
 -}
 -
 -static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
 -                            int index, MemOp opc)
 -{
 -    TCGv addr = gen_aa32_addr(s, a32, opc);
 -
 -    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 -    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
 -        TCGv_i64 tmp = tcg_temp_new_i64();
 -        tcg_gen_rotri_i64(tmp, val, 32);
 -        tcg_gen_qemu_st_i64(tmp, addr, index, opc);
 -        tcg_temp_free_i64(tmp);
 -    } else {
 -        tcg_gen_qemu_st_i64(val, addr, index, opc);
 -    }
 -    tcg_temp_free(addr);
 +    gen_aa32_ld_i64(s, val, a32, index, MO_Q);
  }
  static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
                                   TCGv_i32 a32, int index)
  {
 -    gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
 +    gen_aa32_st_i64(s, val, a32, index, MO_Q);
  }
  DO_GEN_LD(8u, MO_UB)
 diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-neon.c.inc
 +++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
                  int tt = a->vd + reg + spacing * xs;
                  if (a->l) {
 -                    gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
 +                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx,
 +                                             endian | size);
                      neon_store_element64(tt, n, size, tmp64);
                  } else {
                      neon_load_element64(tmp64, tt, n, size);
 -                    gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
 +                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx,
 +                                             endian | size);
                  }
                  tcg_gen_add_i32(addr, addr, tmp);
              }
 --
-.20.1
+.25.1

-[PULL 18/43] target/arm: Move TBFLAG_AM32 bits to the top
+[PULL 22/23] target/arm: Add isar_feature_{aa64,any}_ras
 From: Richard Henderson <richard.henderson@linaro.org>
-Now that these bits have been moved out of tb->flags,
+Add the aa64 predicate for detecting RAS support from id registers.
-where TBFLAG_ANY was filling from the top, move AM32
+We already have the aa32 version from the M-profile work.
-to fill from the top, and A32 and M32 to fill from the
+Add the 'any' predicate for testing both aa64 and aa32.
 bottom.  This means fewer changes when adding new bits.
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-9-richard.henderson@linaro.org
+Message-id: 20220501055028.646596-34-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h | 42 +++++++++++++++++++++---------------------
+ target/arm/cpu.h | 10 ++++++++++
-file changed, 21 insertions(+), 21 deletions(-)
+file changed, 10 insertions(+)
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_aa32_el1(const ARMISARegisters *id)
-  *
+     return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL1) >= 2;
-  * The bits for 32-bit A-profile and M-profile partially overlap:
+ }
-  *
-- *  18             9              0
++static inline bool isar_feature_aa64_ras(const ARMISARegisters *id)
-- * +----------------+--------------+
++{
-- * |   TBFLAG_A32   |              |
++    return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RAS) != 0;
-- * +-----+----------+  TBFLAG_AM32 |
++}
-- * |     |TBFLAG_M32|              |
++
-- * +-----+----------+--------------+
+ static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
-- *     14          9              0
+ {
-+ *  31         23         11 10             0
+     return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
-+ * +-------------+----------+----------------+
+@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_debugv8p2(const ARMISARegisters *id)
-+ * |             |          |   TBFLAG_A32   |
+     return isar_feature_aa64_debugv8p2(id) || isar_feature_aa32_debugv8p2(id);
-+ * | TBFLAG_AM32 |          +-----+----------+
+ }
-+ * |             |                |TBFLAG_M32|
-+ * +-------------+----------------+----------+
++static inline bool isar_feature_any_ras(const ARMISARegisters *id)
-+ *  31         23                5 4        0
++{
-  *
++    return isar_feature_aa64_ras(id) || isar_feature_aa32_ras(id);
-  * Unless otherwise noted, these bits are cached in env->hflags.
++}
 +
  /*
   * Forward to the above feature tests given an ARMCPU pointer.
   */
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
- /*
-  * Bit usage when in AArch32 state, both A- and M-profile.
-  */
--FIELD(TBFLAG_AM32, CONDEXEC, 0, 8)      /* Not cached. */
--FIELD(TBFLAG_AM32, THUMB, 8, 1)         /* Not cached. */
-+FIELD(TBFLAG_AM32, CONDEXEC, 24, 8)      /* Not cached. */
-+FIELD(TBFLAG_AM32, THUMB, 23, 1)         /* Not cached. */
- /*
-  * Bit usage when in AArch32 state, for A-profile only.
-  */
--FIELD(TBFLAG_A32, VECLEN, 9, 3)         /* Not cached. */
--FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
-+FIELD(TBFLAG_A32, VECLEN, 0, 3)         /* Not cached. */
-+FIELD(TBFLAG_A32, VECSTRIDE, 3, 2)     /* Not cached. */
- /*
-  * We store the bottom two bits of the CPAR as TB flags and handle
-  * checks on the other bits at runtime. This shares the same bits as
-  * VECSTRIDE, which is OK as no XScale CPU has VFP.
-  * Not cached, because VECLEN+VECSTRIDE are not cached.
-  */
--FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
--FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
--FIELD(TBFLAG_A32, SCTLR__B, 15, 1)      /* Cannot overlap with SCTLR_B */
--FIELD(TBFLAG_A32, HSTR_ACTIVE, 16, 1)
-+FIELD(TBFLAG_A32, XSCALE_CPAR, 5, 2)
-+FIELD(TBFLAG_A32, VFPEN, 7, 1)         /* Partially cached, minus FPEXC. */
-+FIELD(TBFLAG_A32, SCTLR__B, 8, 1)      /* Cannot overlap with SCTLR_B */
-+FIELD(TBFLAG_A32, HSTR_ACTIVE, 9, 1)
- /*
-  * Indicates whether cp register reads and writes by guest code should access
-  * the secure or nonsecure bank of banked registers; note that this is not
-  * the same thing as the current security state of the processor!
-  */
--FIELD(TBFLAG_A32, NS, 17, 1)
-+FIELD(TBFLAG_A32, NS, 10, 1)
- /*
-  * Bit usage when in AArch32 state, for M-profile only.
-  */
- /* Handler (ie not Thread) mode */
--FIELD(TBFLAG_M32, HANDLER, 9, 1)
-+FIELD(TBFLAG_M32, HANDLER, 0, 1)
- /* Whether we should generate stack-limit checks */
--FIELD(TBFLAG_M32, STACKCHECK, 10, 1)
-+FIELD(TBFLAG_M32, STACKCHECK, 1, 1)
- /* Set if FPCCR.LSPACT is set */
--FIELD(TBFLAG_M32, LSPACT, 11, 1)                 /* Not cached. */
-+FIELD(TBFLAG_M32, LSPACT, 2, 1)                 /* Not cached. */
- /* Set if we must create a new FP context */
--FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 12, 1)     /* Not cached. */
-+FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 3, 1)     /* Not cached. */
- /* Set if FPCCR.S does not match current security state */
--FIELD(TBFLAG_M32, FPCCR_S_WRONG, 13, 1)          /* Not cached. */
-+FIELD(TBFLAG_M32, FPCCR_S_WRONG, 4, 1)          /* Not cached. */
- /*
-  * Bit usage when in AArch64 state
 --
-.20.1
+.25.1

-[PULL 19/43] target/arm: Move TBFLAG_ANY bits to the bottom
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Now that other bits have been moved out of tb->flags,
-there's no point in filling from the top.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-10-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h | 14 +++++++-------
-file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
-  *
-  * Unless otherwise noted, these bits are cached in env->hflags.
-  */
--FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
--FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
--FIELD(TBFLAG_ANY, PSTATE__SS, 29, 1)    /* Not cached. */
--FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
--FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
-+FIELD(TBFLAG_ANY, AARCH64_STATE, 0, 1)
-+FIELD(TBFLAG_ANY, SS_ACTIVE, 1, 1)
-+FIELD(TBFLAG_ANY, PSTATE__SS, 2, 1)      /* Not cached. */
-+FIELD(TBFLAG_ANY, BE_DATA, 3, 1)
-+FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
- /* Target EL if we take a floating-point-disabled exception */
--FIELD(TBFLAG_ANY, FPEXC_EL, 22, 2)
-+FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
- /* For A-profile only, target EL for debug exceptions.  */
--FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
-+FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
- /*
-  * Bit usage when in AArch32 state, both A- and M-profile.
---
-.20.1

-[PULL 22/43] target/arm: Merge gen_aa32_frob64 into gen_aa32_ld_i64
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-This is the only caller.  Adjust some commentary to talk
-about SCTLR_B instead of the vanishing function.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-13-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 37 ++++++++++++++++---------------------
-file changed, 16 insertions(+), 21 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
-         gen_aa32_st_i32(s, val, a32, index, OPC);                       \
-     }
--static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
--{
--    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
--    if (!IS_USER_ONLY && s->sctlr_b) {
--        tcg_gen_rotri_i64(val, val, 32);
--    }
--}
--
- static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
-                             int index, MemOp opc)
- {
-     TCGv addr = gen_aa32_addr(s, a32, opc);
-     tcg_gen_qemu_ld_i64(val, addr, index, opc);
--    gen_aa32_frob64(s, val);
-+
-+    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-+    if (!IS_USER_ONLY && s->sctlr_b) {
-+        tcg_gen_rotri_i64(val, val, 32);
-+    }
-+
-     tcg_temp_free(addr);
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
-         TCGv_i32 tmp2 = tcg_temp_new_i32();
-         TCGv_i64 t64 = tcg_temp_new_i64();
--        /* For AArch32, architecturally the 32-bit word at the lowest
-+        /*
-+         * For AArch32, architecturally the 32-bit word at the lowest
-          * address is always Rt and the one at addr+4 is Rt2, even if
-          * the CPU is big-endian. That means we don't want to do a
--         * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
--         * for an architecturally 64-bit access, but instead do a
--         * 64-bit access using MO_BE if appropriate and then split
--         * the two halves.
--         * This only makes a difference for BE32 user-mode, where
--         * frob64() must not flip the two halves of the 64-bit data
--         * but this code must treat BE32 user-mode like BE32 system.
-+         * gen_aa32_ld_i64(), which checks SCTLR_B as if for an
-+         * architecturally 64-bit access, but instead do a 64-bit access
-+         * using MO_BE if appropriate and then split the two halves.
-          */
-         TCGv taddr = gen_aa32_addr(s, addr, opc);
-@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
-         TCGv_i64 n64 = tcg_temp_new_i64();
-         t2 = load_reg(s, rt2);
--        /* For AArch32, architecturally the 32-bit word at the lowest
-+
-+        /*
-+         * For AArch32, architecturally the 32-bit word at the lowest
-          * address is always Rt and the one at addr+4 is Rt2, even if
-          * the CPU is big-endian. Since we're going to treat this as a
-          * single 64-bit BE store, we need to put the two halves in the
-          * opposite order for BE to LE, so that they end up in the right
--         * places.
--         * We don't want gen_aa32_frob64() because that does the wrong
--         * thing for BE32 usermode.
-+         * places.  We don't want gen_aa32_st_i64, because that checks
-+         * SCTLR_B as if for an architectural 64-bit access.
-          */
-         if (s->be_data == MO_BE) {
-             tcg_gen_concat_i32_i64(n64, t2, t1);
---
-.20.1

-[PULL 23/43] target/arm: Fix SCTLR_B test for TCGv_i64 load/store
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Just because operating on a TCGv_i64 temporary does not
-mean that we're performing a 64-bit operation.  Restrict
-the frobbing to actual 64-bit operations.
-This bug is not currently visible because all current
-users of these two functions always pass MO_64.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-14-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
-     tcg_gen_qemu_ld_i64(val, addr, index, opc);
-     /* Not needed for user-mode BE32, where we use MO_BE instead.  */
--    if (!IS_USER_ONLY && s->sctlr_b) {
-+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
-         tcg_gen_rotri_i64(val, val, 32);
-     }
-@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
-     TCGv addr = gen_aa32_addr(s, a32, opc);
-     /* Not needed for user-mode BE32, where we use MO_BE instead.  */
--    if (!IS_USER_ONLY && s->sctlr_b) {
-+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
-         TCGv_i64 tmp = tcg_temp_new_i64();
-         tcg_gen_rotri_i64(tmp, val, 32);
-         tcg_gen_qemu_st_i64(tmp, addr, index, opc);
---
-.20.1

-[PULL 25/43] target/arm: Enforce word alignment for LDRD/STRD
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Buglink: https://bugs.launchpad.net/qemu/+bug/1905356
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-16-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 16 ++++++++--------
-file changed, 8 insertions(+), 8 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a)
-     addr = op_addr_rr_pre(s, a);
-     tmp = tcg_temp_new_i32();
--    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     store_reg(s, a->rt, tmp);
-     tcg_gen_addi_i32(addr, addr, 4);
-     tmp = tcg_temp_new_i32();
--    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     store_reg(s, a->rt + 1, tmp);
-     /* LDRD w/ base writeback is undefined if the registers overlap.  */
-@@ -XXX,XX +XXX,XX @@ static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a)
-     addr = op_addr_rr_pre(s, a);
-     tmp = load_reg(s, a->rt);
--    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     tcg_temp_free_i32(tmp);
-     tcg_gen_addi_i32(addr, addr, 4);
-     tmp = load_reg(s, a->rt + 1);
--    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     tcg_temp_free_i32(tmp);
-     op_addr_rr_post(s, a, addr, -4);
-@@ -XXX,XX +XXX,XX @@ static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
-     addr = op_addr_ri_pre(s, a);
-     tmp = tcg_temp_new_i32();
--    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     store_reg(s, a->rt, tmp);
-     tcg_gen_addi_i32(addr, addr, 4);
-     tmp = tcg_temp_new_i32();
--    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     store_reg(s, rt2, tmp);
-     /* LDRD w/ base writeback is undefined if the registers overlap.  */
-@@ -XXX,XX +XXX,XX @@ static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
-     addr = op_addr_ri_pre(s, a);
-     tmp = load_reg(s, a->rt);
--    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     tcg_temp_free_i32(tmp);
-     tcg_gen_addi_i32(addr, addr, 4);
-     tmp = load_reg(s, rt2);
--    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
-+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-     tcg_temp_free_i32(tmp);
-     op_addr_ri_post(s, a, addr, -4);
---
-.20.1

-[PULL 27/43] target/arm: Enforce alignment for LDM/STM
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-18-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool op_stm(DisasContext *s, arg_ldst_block *a, int min_n)
-         } else {
-             tmp = load_reg(s, i);
-         }
--        gen_aa32_st32(s, tmp, addr, mem_idx);
-+        gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-         tcg_temp_free_i32(tmp);
-         /* No need to add after the last transfer.  */
-@@ -XXX,XX +XXX,XX @@ static bool do_ldm(DisasContext *s, arg_ldst_block *a, int min_n)
-         }
-         tmp = tcg_temp_new_i32();
--        gen_aa32_ld32u(s, tmp, addr, mem_idx);
-+        gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
-         if (user) {
-             tmp2 = tcg_const_i32(i);
-             gen_helper_set_user_reg(cpu_env, tmp2, tmp);
---
-.20.1

-[PULL 28/43] target/arm: Enforce alignment for RFE
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-19-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static bool trans_RFE(DisasContext *s, arg_RFE *a)
-     /* Load PC into tmp and CPSR into tmp2.  */
-     t1 = tcg_temp_new_i32();
--    gen_aa32_ld32u(s, t1, addr, get_mem_index(s));
-+    gen_aa32_ld_i32(s, t1, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-     tcg_gen_addi_i32(addr, addr, 4);
-     t2 = tcg_temp_new_i32();
--    gen_aa32_ld32u(s, t2, addr, get_mem_index(s));
-+    gen_aa32_ld_i32(s, t2, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-     if (a->w) {
-         /* Base writeback.  */
---
-.20.1

-[PULL 29/43] target/arm: Enforce alignment for SRS
+[PULL 23/23] target/arm: read access to performance counters from EL0
-From: Richard Henderson <richard.henderson@linaro.org>
+From: Alex Zuepke <alex.zuepke@tum.de>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+The ARMv8 manual defines that PMUSERENR_EL0.ER enables read-access
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+to both PMXEVCNTR_EL0 and PMEVCNTR<n>_EL0 registers, however,
-Message-id: 20210419202257.161730-20-richard.henderson@linaro.org
+we only use it for PMXEVCNTR_EL0. Extend to PMEVCNTR<n>_EL0 as well.
 Signed-off-by: Alex Zuepke <alex.zuepke@tum.de>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Message-id: 20220428132717.84190-1-alex.zuepke@tum.de
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 4 ++--
+ target/arm/helper.c | 4 ++--
 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
+--- a/target/arm/helper.c
-+++ b/target/arm/translate.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
+@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
-     }
+               .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
-     tcg_gen_addi_i32(addr, addr, offset);
+               .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
-     tmp = load_reg(s, 14);
+               .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
--    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
+-              .accessfn = pmreg_access },
-+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
++              .accessfn = pmreg_access_xevcntr },
-     tcg_temp_free_i32(tmp);
+             { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
-     tmp = load_cpu_field(spsr);
+               .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
-     tcg_gen_addi_i32(addr, addr, 4);
+-              .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
--    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
++              .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access_xevcntr,
-+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
+               .type = ARM_CP_IO,
-     tcg_temp_free_i32(tmp);
+               .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
-     if (writeback) {
+               .raw_readfn = pmevcntr_rawread,
          switch (amode) {
 --
-.20.1
+.25.1

-[PULL 30/43] target/arm: Enforce alignment for VLDM/VSTM
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-21-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-vfp.c.inc | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-vfp.c.inc
-+++ b/target/arm/translate-vfp.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_sp(DisasContext *s, arg_VLDM_VSTM_sp *a)
-     for (i = 0; i < n; i++) {
-         if (a->l) {
-             /* load */
--            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
-+            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-             vfp_store_reg32(tmp, a->vd + i);
-         } else {
-             /* store */
-             vfp_load_reg32(tmp, a->vd + i);
--            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
-+            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-         }
-         tcg_gen_addi_i32(addr, addr, offset);
-     }
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_dp(DisasContext *s, arg_VLDM_VSTM_dp *a)
-     for (i = 0; i < n; i++) {
-         if (a->l) {
-             /* load */
--            gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
-+            gen_aa32_ld_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
-             vfp_store_reg64(tmp, a->vd + i);
-         } else {
-             /* store */
-             vfp_load_reg64(tmp, a->vd + i);
--            gen_aa32_st64(s, tmp, addr, get_mem_index(s));
-+            gen_aa32_st_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
-         }
-         tcg_gen_addi_i32(addr, addr, offset);
-     }
---
-.20.1

-[PULL 31/43] target/arm: Enforce alignment for VLDR/VSTR
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-22-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-vfp.c.inc | 12 ++++++------
-file changed, 6 insertions(+), 6 deletions(-)
-diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-vfp.c.inc
-+++ b/target/arm/translate-vfp.c.inc
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_hp(DisasContext *s, arg_VLDR_VSTR_sp *a)
-     addr = add_reg_for_lit(s, a->rn, offset);
-     tmp = tcg_temp_new_i32();
-     if (a->l) {
--        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UW | MO_ALIGN);
-         vfp_store_reg32(tmp, a->vd);
-     } else {
-         vfp_load_reg32(tmp, a->vd);
--        gen_aa32_st16(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UW | MO_ALIGN);
-     }
-     tcg_temp_free_i32(tmp);
-     tcg_temp_free_i32(addr);
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_sp(DisasContext *s, arg_VLDR_VSTR_sp *a)
-     addr = add_reg_for_lit(s, a->rn, offset);
-     tmp = tcg_temp_new_i32();
-     if (a->l) {
--        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-         vfp_store_reg32(tmp, a->vd);
-     } else {
-         vfp_load_reg32(tmp, a->vd);
--        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
-     }
-     tcg_temp_free_i32(tmp);
-     tcg_temp_free_i32(addr);
-@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_dp(DisasContext *s, arg_VLDR_VSTR_dp *a)
-     addr = add_reg_for_lit(s, a->rn, offset);
-     tmp = tcg_temp_new_i64();
-     if (a->l) {
--        gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_ld_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
-         vfp_store_reg64(tmp, a->vd);
-     } else {
-         vfp_load_reg64(tmp, a->vd);
--        gen_aa32_st64(s, tmp, addr, get_mem_index(s));
-+        gen_aa32_st_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
-     }
-     tcg_temp_free_i64(tmp);
-     tcg_temp_free_i32(addr);
---
-.20.1

-[PULL 38/43] target/arm: Use MemOp for size + endian in aa64 vector ld/st
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-29-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.c | 20 ++++++++++----------
-file changed, 10 insertions(+), 10 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void write_vec_element_i32(DisasContext *s, TCGv_i32 tcg_src,
- /* Store from vector register to memory */
- static void do_vec_st(DisasContext *s, int srcidx, int element,
--                      TCGv_i64 tcg_addr, int size, MemOp endian)
-+                      TCGv_i64 tcg_addr, MemOp mop)
- {
-     TCGv_i64 tcg_tmp = tcg_temp_new_i64();
--    read_vec_element(s, tcg_tmp, srcidx, element, size);
--    tcg_gen_qemu_st_i64(tcg_tmp, tcg_addr, get_mem_index(s), endian | size);
-+    read_vec_element(s, tcg_tmp, srcidx, element, mop & MO_SIZE);
-+    tcg_gen_qemu_st_i64(tcg_tmp, tcg_addr, get_mem_index(s), mop);
-     tcg_temp_free_i64(tcg_tmp);
- }
- /* Load from memory to vector register */
- static void do_vec_ld(DisasContext *s, int destidx, int element,
--                      TCGv_i64 tcg_addr, int size, MemOp endian)
-+                      TCGv_i64 tcg_addr, MemOp mop)
- {
-     TCGv_i64 tcg_tmp = tcg_temp_new_i64();
--    tcg_gen_qemu_ld_i64(tcg_tmp, tcg_addr, get_mem_index(s), endian | size);
--    write_vec_element(s, tcg_tmp, destidx, element, size);
-+    tcg_gen_qemu_ld_i64(tcg_tmp, tcg_addr, get_mem_index(s), mop);
-+    write_vec_element(s, tcg_tmp, destidx, element, mop & MO_SIZE);
-     tcg_temp_free_i64(tcg_tmp);
- }
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
-             for (xs = 0; xs < selem; xs++) {
-                 int tt = (rt + r + xs) % 32;
-                 if (is_store) {
--                    do_vec_st(s, tt, e, clean_addr, size, endian);
-+                    do_vec_st(s, tt, e, clean_addr, size | endian);
-                 } else {
--                    do_vec_ld(s, tt, e, clean_addr, size, endian);
-+                    do_vec_ld(s, tt, e, clean_addr, size | endian);
-                 }
-                 tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
-             }
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-         } else {
-             /* Load/store one element per register */
-             if (is_load) {
--                do_vec_ld(s, rt, index, clean_addr, scale, s->be_data);
-+                do_vec_ld(s, rt, index, clean_addr, scale | s->be_data);
-             } else {
--                do_vec_st(s, rt, index, clean_addr, scale, s->be_data);
-+                do_vec_st(s, rt, index, clean_addr, scale | s->be_data);
-             }
-         }
-         tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
---
-.20.1

-[PULL 40/43] target/arm: Enforce alignment for aa64 vector LDn/STn (single)
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20210419202257.161730-31-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.c | 9 +++++----
-file changed, 5 insertions(+), 4 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-     int index = is_q << 3 | S << 2 | size;
-     int xs, total;
-     TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
-+    MemOp mop;
-     if (extract32(insn, 31, 1)) {
-         unallocated_encoding(s);
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-     clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
-                                 total);
-+    mop = finalize_memop(s, scale);
-     tcg_ebytes = tcg_const_i64(1 << scale);
-     for (xs = 0; xs < selem; xs++) {
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-             /* Load and replicate to all elements */
-             TCGv_i64 tcg_tmp = tcg_temp_new_i64();
--            tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr,
--                                get_mem_index(s), s->be_data + scale);
-+            tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr, get_mem_index(s), mop);
-             tcg_gen_gvec_dup_i64(scale, vec_full_reg_offset(s, rt),
-                                  (is_q + 1) * 8, vec_full_reg_size(s),
-                                  tcg_tmp);
-@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
-         } else {
-             /* Load/store one element per register */
-             if (is_load) {
--                do_vec_ld(s, rt, index, clean_addr, scale | s->be_data);
-+                do_vec_ld(s, rt, index, clean_addr, mop);
-             } else {
--                do_vec_st(s, rt, index, clean_addr, scale | s->be_data);
-+                do_vec_st(s, rt, index, clean_addr, mop);
-             }
-         }
-         tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
---
-.20.1

-[PULL 42/43] hw: add compat machines for 6.1
+Deleted patch
-From: Cornelia Huck <cohuck@redhat.com>
-Add 6.1 machine types for arm/i440fx/q35/s390x/spapr.
-Signed-off-by: Cornelia Huck <cohuck@redhat.com>
-Acked-by: Greg Kurz <groug@kaod.org>
-Message-id: 20210331111900.118274-1-cohuck@redhat.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/boards.h        |  3 +++
- include/hw/i386/pc.h       |  3 +++
- hw/arm/virt.c              |  7 ++++++-
- hw/core/machine.c          |  3 +++
- hw/i386/pc.c               |  3 +++
- hw/i386/pc_piix.c          | 14 +++++++++++++-
- hw/i386/pc_q35.c           | 13 ++++++++++++-
- hw/ppc/spapr.c             | 17 ++++++++++++++---
- hw/s390x/s390-virtio-ccw.c | 14 +++++++++++++-
-files changed, 70 insertions(+), 7 deletions(-)
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -XXX,XX +XXX,XX @@ struct MachineState {
-     } \
-     type_init(machine_initfn##_register_types)
-+extern GlobalProperty hw_compat_6_0[];
-+extern const size_t hw_compat_6_0_len;
-+
- extern GlobalProperty hw_compat_5_2[];
- extern const size_t hw_compat_5_2_len;
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -XXX,XX +XXX,XX @@ bool pc_system_ovmf_table_find(const char *entry, uint8_t **data,
- void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
-                        const CPUArchIdList *apic_ids, GArray *entry);
-+extern GlobalProperty pc_compat_6_0[];
-+extern const size_t pc_compat_6_0_len;
-+
- extern GlobalProperty pc_compat_5_2[];
- extern const size_t pc_compat_5_2_len;
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static void machvirt_machine_init(void)
- }
- type_init(machvirt_machine_init);
-+static void virt_machine_6_1_options(MachineClass *mc)
-+{
-+}
-+DEFINE_VIRT_MACHINE_AS_LATEST(6, 1)
-+
- static void virt_machine_6_0_options(MachineClass *mc)
- {
- }
--DEFINE_VIRT_MACHINE_AS_LATEST(6, 0)
-+DEFINE_VIRT_MACHINE(6, 0)
- static void virt_machine_5_2_options(MachineClass *mc)
- {
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/virtio/virtio.h"
- #include "hw/virtio/virtio-pci.h"
-+GlobalProperty hw_compat_6_0[] = {};
-+const size_t hw_compat_6_0_len = G_N_ELEMENTS(hw_compat_6_0);
-+
- GlobalProperty hw_compat_5_2[] = {
-     { "ICH9-LPC", "smm-compat", "on"},
-     { "PIIX4_PM", "smm-compat", "on"},
-diff --git a/hw/i386/pc.c b/hw/i386/pc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i386/pc.c
-+++ b/hw/i386/pc.c
-@@ -XXX,XX +XXX,XX @@
- #include "trace.h"
- #include CONFIG_DEVICES
-+GlobalProperty pc_compat_6_0[] = {};
-+const size_t pc_compat_6_0_len = G_N_ELEMENTS(pc_compat_6_0);
-+
- GlobalProperty pc_compat_5_2[] = {
-     { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
- };
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -XXX,XX +XXX,XX @@ static void pc_i440fx_machine_options(MachineClass *m)
-     machine_class_allow_dynamic_sysbus_dev(m, TYPE_VMBUS_BRIDGE);
- }
--static void pc_i440fx_6_0_machine_options(MachineClass *m)
-+static void pc_i440fx_6_1_machine_options(MachineClass *m)
- {
-     PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-     pc_i440fx_machine_options(m);
-@@ -XXX,XX +XXX,XX @@ static void pc_i440fx_6_0_machine_options(MachineClass *m)
-     pcmc->default_cpu_version = 1;
- }
-+DEFINE_I440FX_MACHINE(v6_1, "pc-i440fx-6.1", NULL,
-+                      pc_i440fx_6_1_machine_options);
-+
-+static void pc_i440fx_6_0_machine_options(MachineClass *m)
-+{
-+    pc_i440fx_6_1_machine_options(m);
-+    m->alias = NULL;
-+    m->is_default = false;
-+    compat_props_add(m->compat_props, hw_compat_6_0, hw_compat_6_0_len);
-+    compat_props_add(m->compat_props, pc_compat_6_0, pc_compat_6_0_len);
-+}
-+
- DEFINE_I440FX_MACHINE(v6_0, "pc-i440fx-6.0", NULL,
-                       pc_i440fx_6_0_machine_options);
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -XXX,XX +XXX,XX @@ static void pc_q35_machine_options(MachineClass *m)
-     m->max_cpus = 288;
- }
--static void pc_q35_6_0_machine_options(MachineClass *m)
-+static void pc_q35_6_1_machine_options(MachineClass *m)
- {
-     PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-     pc_q35_machine_options(m);
-@@ -XXX,XX +XXX,XX @@ static void pc_q35_6_0_machine_options(MachineClass *m)
-     pcmc->default_cpu_version = 1;
- }
-+DEFINE_Q35_MACHINE(v6_1, "pc-q35-6.1", NULL,
-+                   pc_q35_6_1_machine_options);
-+
-+static void pc_q35_6_0_machine_options(MachineClass *m)
-+{
-+    pc_q35_6_1_machine_options(m);
-+    m->alias = NULL;
-+    compat_props_add(m->compat_props, hw_compat_6_0, hw_compat_6_0_len);
-+    compat_props_add(m->compat_props, pc_compat_6_0, pc_compat_6_0_len);
-+}
-+
- DEFINE_Q35_MACHINE(v6_0, "pc-q35-6.0", NULL,
-                    pc_q35_6_0_machine_options);
-diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/ppc/spapr.c
-+++ b/hw/ppc/spapr.c
-@@ -XXX,XX +XXX,XX @@ static void spapr_machine_latest_class_options(MachineClass *mc)
-     type_init(spapr_machine_register_##suffix)
- /*
-- * pseries-6.0
-+ * pseries-6.1
-  */
--static void spapr_machine_6_0_class_options(MachineClass *mc)
-+static void spapr_machine_6_1_class_options(MachineClass *mc)
- {
-     /* Defaults for the latest behaviour inherited from the base class */
- }
--DEFINE_SPAPR_MACHINE(6_0, "6.0", true);
-+DEFINE_SPAPR_MACHINE(6_1, "6.1", true);
-+
-+/*
-+ * pseries-6.0
-+ */
-+static void spapr_machine_6_0_class_options(MachineClass *mc)
-+{
-+    spapr_machine_6_1_class_options(mc);
-+    compat_props_add(mc->compat_props, hw_compat_6_0, hw_compat_6_0_len);
-+}
-+
-+DEFINE_SPAPR_MACHINE(6_0, "6.0", false);
- /*
-  * pseries-5.2
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -XXX,XX +XXX,XX @@ bool css_migration_enabled(void)
-     }                                                                         \
-     type_init(ccw_machine_register_##suffix)
-+static void ccw_machine_6_1_instance_options(MachineState *machine)
-+{
-+}
-+
-+static void ccw_machine_6_1_class_options(MachineClass *mc)
-+{
-+}
-+DEFINE_CCW_MACHINE(6_1, "6.1", true);
-+
- static void ccw_machine_6_0_instance_options(MachineState *machine)
- {
-+    ccw_machine_6_1_instance_options(machine);
- }
- static void ccw_machine_6_0_class_options(MachineClass *mc)
- {
-+    ccw_machine_6_1_class_options(mc);
-+    compat_props_add(mc->compat_props, hw_compat_6_0, hw_compat_6_0_len);
- }
--DEFINE_CCW_MACHINE(6_0, "6.0", true);
-+DEFINE_CCW_MACHINE(6_0, "6.0", false);
- static void ccw_machine_5_2_instance_options(MachineState *machine)
- {
---
-.20.1

-[PULL 43/43] hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows
+Deleted patch
-Currently the gpex PCI controller implements no special behaviour for
-guest accesses to areas of the PIO and MMIO where it has not mapped
-any PCI devices, which means that for Arm you end up with a CPU
-exception due to a data abort.
-Most host OSes expect "like an x86 PC" behaviour, where bad accesses
-like this return -1 for reads and ignore writes.  In the interests of
-not being surprising, make host CPU accesses to these windows behave
-as -1/discard where there's no mapped PCI device.
-The old behaviour generally didn't cause any problems, because
-almost always the guest OS will map the PCI devices and then only
-access where it has mapped them. One corner case where you will see
-this kind of access is if Linux attempts to probe legacy ISA
-devices via a PIO window access. So far the only case where we've
-seen this has been via the syzkaller fuzzer.
-Reported-by: Dmitry Vyukov <dvyukov@google.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-Message-id: 20210325163315.27724-1-peter.maydell@linaro.org
-Fixes: https://bugs.launchpad.net/qemu/+bug/1918917
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/pci-host/gpex.h |  4 +++
- hw/core/machine.c          |  4 ++-
- hw/pci-host/gpex.c         | 56 ++++++++++++++++++++++++++++++++++++--
-files changed, 60 insertions(+), 4 deletions(-)
-diff --git a/include/hw/pci-host/gpex.h b/include/hw/pci-host/gpex.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/pci-host/gpex.h
-+++ b/include/hw/pci-host/gpex.h
-@@ -XXX,XX +XXX,XX @@ struct GPEXHost {
-     MemoryRegion io_ioport;
-     MemoryRegion io_mmio;
-+    MemoryRegion io_ioport_window;
-+    MemoryRegion io_mmio_window;
-     qemu_irq irq[GPEX_NUM_IRQS];
-     int irq_num[GPEX_NUM_IRQS];
-+
-+    bool allow_unmapped_accesses;
- };
- struct GPEXConfig {
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/virtio/virtio.h"
- #include "hw/virtio/virtio-pci.h"
--GlobalProperty hw_compat_6_0[] = {};
-+GlobalProperty hw_compat_6_0[] = {
-+    { "gpex-pcihost", "allow-unmapped-accesses", "false" },
-+};
- const size_t hw_compat_6_0_len = G_N_ELEMENTS(hw_compat_6_0);
- GlobalProperty hw_compat_5_2[] = {
-diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/pci-host/gpex.c
-+++ b/hw/pci-host/gpex.c
-@@ -XXX,XX +XXX,XX @@ static void gpex_host_realize(DeviceState *dev, Error **errp)
-     int i;
-     pcie_host_mmcfg_init(pex, PCIE_MMCFG_SIZE_MAX);
-+    sysbus_init_mmio(sbd, &pex->mmio);
-+
-+    /*
-+     * Note that the MemoryRegions io_mmio and io_ioport that we pass
-+     * to pci_register_root_bus() are not the same as the
-+     * MemoryRegions io_mmio_window and io_ioport_window that we
-+     * expose as SysBus MRs. The difference is in the behaviour of
-+     * accesses to addresses where no PCI device has been mapped.
-+     *
-+     * io_mmio and io_ioport are the underlying PCI view of the PCI
-+     * address space, and when a PCI device does a bus master access
-+     * to a bad address this is reported back to it as a transaction
-+     * failure.
-+     *
-+     * io_mmio_window and io_ioport_window implement "unmapped
-+     * addresses read as -1 and ignore writes"; this is traditional
-+     * x86 PC behaviour, which is not mandated by the PCI spec proper
-+     * but expected by much PCI-using guest software, including Linux.
-+     *
-+     * In the interests of not being unnecessarily surprising, we
-+     * implement it in the gpex PCI host controller, by providing the
-+     * _window MRs, which are containers with io ops that implement
-+     * the 'background' behaviour and which hold the real PCI MRs as
-+     * subregions.
-+     */
-     memory_region_init(&s->io_mmio, OBJECT(s), "gpex_mmio", UINT64_MAX);
-     memory_region_init(&s->io_ioport, OBJECT(s), "gpex_ioport", 64 * 1024);
--    sysbus_init_mmio(sbd, &pex->mmio);
--    sysbus_init_mmio(sbd, &s->io_mmio);
--    sysbus_init_mmio(sbd, &s->io_ioport);
-+    if (s->allow_unmapped_accesses) {
-+        memory_region_init_io(&s->io_mmio_window, OBJECT(s),
-+                              &unassigned_io_ops, OBJECT(s),
-+                              "gpex_mmio_window", UINT64_MAX);
-+        memory_region_init_io(&s->io_ioport_window, OBJECT(s),
-+                              &unassigned_io_ops, OBJECT(s),
-+                              "gpex_ioport_window", 64 * 1024);
-+
-+        memory_region_add_subregion(&s->io_mmio_window, 0, &s->io_mmio);
-+        memory_region_add_subregion(&s->io_ioport_window, 0, &s->io_ioport);
-+        sysbus_init_mmio(sbd, &s->io_mmio_window);
-+        sysbus_init_mmio(sbd, &s->io_ioport_window);
-+    } else {
-+        sysbus_init_mmio(sbd, &s->io_mmio);
-+        sysbus_init_mmio(sbd, &s->io_ioport);
-+    }
-+
-     for (i = 0; i < GPEX_NUM_IRQS; i++) {
-         sysbus_init_irq(sbd, &s->irq[i]);
-         s->irq_num[i] = -1;
-@@ -XXX,XX +XXX,XX @@ static const char *gpex_host_root_bus_path(PCIHostState *host_bridge,
-     return "0000:00";
- }
-+static Property gpex_host_properties[] = {
-+    /*
-+     * Permit CPU accesses to unmapped areas of the PIO and MMIO windows
-+     * (discarding writes and returning -1 for reads) rather than aborting.
-+     */
-+    DEFINE_PROP_BOOL("allow-unmapped-accesses", GPEXHost,
-+                     allow_unmapped_accesses, true),
-+    DEFINE_PROP_END_OF_LIST(),
-+};
-+
- static void gpex_host_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-@@ -XXX,XX +XXX,XX @@ static void gpex_host_class_init(ObjectClass *klass, void *data)
-     dc->realize = gpex_host_realize;
-     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-     dc->fw_name = "pci";
-+    device_class_set_props(dc, gpex_host_properties);
- }
- static void gpex_host_initfn(Object *obj)
---
-.20.1

First arm pullreq for 6.1 cycle. The big stuff here is RTH's alignment series.

thanks
-- PMM

The following changes since commit ccdf06c1db192152ac70a1dd974c624f566cb7d4:

Open 6.1 development tree (2021-04-30 11:15:40 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210430

for you to fetch changes up to a6091108aa44e9017af4ca13c43f55a629e3744c:

hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows (2021-04-30 11:16:52 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows
 * hw: add compat machines for 6.1
 * Fault misaligned accesses where the architecture requires it
 * Fix some corner cases of MTE faults (notably with misaligned accesses)
 * Make Thumb store insns UNDEF for Rn==1111
 * hw/arm/smmuv3: Support 16K translation granule

----------------------------------------------------------------
Cornelia Huck (1):
      hw: add compat machines for 6.1

Kunkun Jiang (1):
      hw/arm/smmuv3: Support 16K translation granule

Peter Maydell (2):
      target/arm: Make Thumb store insns UNDEF for Rn==1111
      hw/pci-host/gpex: Don't fault for unmapped parts of MMIO and PIO windows

Richard Henderson (39):
      target/arm: Fix mte_checkN
      target/arm: Split out mte_probe_int
      target/arm: Fix unaligned checks for mte_check1, mte_probe1
      test/tcg/aarch64: Add mte-5
      target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
      target/arm: Merge mte_check1, mte_checkN
      target/arm: Rename mte_probe1 to mte_probe
      target/arm: Simplify sve mte checking
      target/arm: Remove log2_esize parameter to gen_mte_checkN
      target/arm: Fix decode of align in VLDST_single
      target/arm: Rename TBFLAG_A32, SCTLR_B
      target/arm: Rename TBFLAG_ANY, PSTATE_SS
      target/arm: Add wrapper macros for accessing tbflags
      target/arm: Introduce CPUARMTBFlags
      target/arm: Move mode specific TB flags to tb->cs_base
      target/arm: Move TBFLAG_AM32 bits to the top
      target/arm: Move TBFLAG_ANY bits to the bottom
      target/arm: Add ALIGN_MEM to TBFLAG_ANY
      target/arm: Adjust gen_aa32_{ld, st}_i32 for align+endianness
      target/arm: Merge gen_aa32_frob64 into gen_aa32_ld_i64
      target/arm: Fix SCTLR_B test for TCGv_i64 load/store
      target/arm: Adjust gen_aa32_{ld, st}_i64 for align+endianness
      target/arm: Enforce word alignment for LDRD/STRD
      target/arm: Enforce alignment for LDA/LDAH/STL/STLH
      target/arm: Enforce alignment for LDM/STM
      target/arm: Enforce alignment for RFE
      target/arm: Enforce alignment for SRS
      target/arm: Enforce alignment for VLDM/VSTM
      target/arm: Enforce alignment for VLDR/VSTR
      target/arm: Enforce alignment for VLDn (all lanes)
      target/arm: Enforce alignment for VLDn/VSTn (multiple)
      target/arm: Enforce alignment for VLDn/VSTn (single)
      target/arm: Use finalize_memop for aa64 gpr load/store
      target/arm: Use finalize_memop for aa64 fpr load/store
      target/arm: Enforce alignment for aa64 load-acq/store-rel
      target/arm: Use MemOp for size + endian in aa64 vector ld/st
      target/arm: Enforce alignment for aa64 vector LDn/STn (multiple)
      target/arm: Enforce alignment for aa64 vector LDn/STn (single)
      target/arm: Enforce alignment for sve LD1R

From: Kunkun Jiang <jiangkunkun@huawei.com>

The driver can query some bits in SMMUv3 IDR5 to learn which
translation granules are supported. Arm recommends that SMMUv3
implementations support at least 4K and 64K granules. But in
the vSMMUv3, there seems to be no reason not to support 16K
translation granule. In addition, if 16K is not supported,
vSVA will failed to be enabled in the future for 16K guest
kernel. So it'd better to support it.

Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)
     s->idr[3] = FIELD_DP32(s->idr[3], IDR3, RIL, 1);
     s->idr[3] = FIELD_DP32(s->idr[3], IDR3, HAD, 1);
 
-   /* 4K and 64K granule support */
+    /* 4K, 16K and 64K granule support */
     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN4K, 1);
+    s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN16K, 1);
     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN64K, 1);
     s->idr[5] = FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS); /* 44 bits */
 
@@ -XXX,XX +XXX,XX @@ static int decode_cd(SMMUTransCfg *cfg, CD *cd, SMMUEventInfo *event)
 
         tg = CD_TG(cd, i);
         tt->granule_sz = tg2granule(tg, i);
-        if ((tt->granule_sz != 12 && tt->granule_sz != 16) || CD_ENDI(cd)) {
+        if ((tt->granule_sz != 12 && tt->granule_sz != 14 &&
+             tt->granule_sz != 16) || CD_ENDI(cd)) {
             goto bad_cd;
         }
 
-- 
2.20.1

The Arm ARM specifies that for Thumb encodings of the various plain
store insns, if the Rn field is 1111 then we must UNDEF.  This is
different from the Arm encodings, where this case is either
UNPREDICTABLE or has well-defined behaviour.  The exclusive stores,
store-release and STRD do not have this UNDEF case for any encoding.

Enforce the UNDEF for this case in the Thumb plain store insns.

Fixes: https://bugs.launchpad.net/qemu/+bug/1922887
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210408162402.5822-1-peter.maydell@linaro.org
---
 target/arm/translate.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool op_store_rr(DisasContext *s, arg_ldst_rr *a,
     ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite;
     TCGv_i32 addr, tmp;
 
+    /*
+     * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it
+     * is either UNPREDICTABLE or has defined behaviour
+     */
+    if (s->thumb && a->rn == 15) {
+        return false;
+    }
+
     addr = op_addr_rr_pre(s, a);
 
     tmp = load_reg(s, a->rt);
@@ -XXX,XX +XXX,XX @@ static bool op_store_ri(DisasContext *s, arg_ldst_ri *a,
     ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite;
     TCGv_i32 addr, tmp;
 
+    /*
+     * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it
+     * is either UNPREDICTABLE or has defined behaviour
+     */
+    if (s->thumb && a->rn == 15) {
+        return false;
+    }
+
     addr = op_addr_ri_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We were incorrectly assuming that only the first byte of an MTE access
is checked against the tags.  But per the ARM, unaligned accesses are
pre-decomposed into single-byte accesses.  So by the time we reach the
actual MTE check in the ARM pseudocode, all accesses are aligned.

Therefore, the first failure is always either the first byte of the
access, or the first byte of the granule.

In addition, some of the arithmetic is off for last-first -> count.
This does not become directly visible until a later patch that passes
single bytes into this function, so ptr == ptr_last.

Buglink: https://bugs.launchpad.net/bugs/1921948
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked a comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/mte_helper.c | 40 ++++++++++++++++++----------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
                     uint64_t ptr, uintptr_t ra)
 {
     int mmu_idx, ptr_tag, bit55;
-    uint64_t ptr_last, ptr_end, prev_page, next_page;
-    uint64_t tag_first, tag_end;
-    uint64_t tag_byte_first, tag_byte_end;
-    uint32_t esize, total, tag_count, tag_size, n, c;
+    uint64_t ptr_last, prev_page, next_page;
+    uint64_t tag_first, tag_last;
+    uint64_t tag_byte_first, tag_byte_last;
+    uint32_t total, tag_count, tag_size, n, c;
     uint8_t *mem1, *mem2;
     MMUAccessType type;
 
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
 
     mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
     type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
-    esize = FIELD_EX32(desc, MTEDESC, ESIZE);
     total = FIELD_EX32(desc, MTEDESC, TSIZE);
 
-    /* Find the addr of the end of the access, and of the last element. */
-    ptr_end = ptr + total;
-    ptr_last = ptr_end - esize;
+    /* Find the addr of the end of the access */
+    ptr_last = ptr + total - 1;
 
     /* Round the bounds to the tag granule, and compute the number of tags. */
     tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
-    tag_end = QEMU_ALIGN_UP(ptr_last, TAG_GRANULE);
-    tag_count = (tag_end - tag_first) / TAG_GRANULE;
+    tag_last = QEMU_ALIGN_DOWN(ptr_last, TAG_GRANULE);
+    tag_count = ((tag_last - tag_first) / TAG_GRANULE) + 1;
 
     /* Round the bounds to twice the tag granule, and compute the bytes. */
     tag_byte_first = QEMU_ALIGN_DOWN(ptr, 2 * TAG_GRANULE);
-    tag_byte_end = QEMU_ALIGN_UP(ptr_last, 2 * TAG_GRANULE);
+    tag_byte_last = QEMU_ALIGN_DOWN(ptr_last, 2 * TAG_GRANULE);
 
     /* Locate the page boundaries. */
     prev_page = ptr & TARGET_PAGE_MASK;
     next_page = prev_page + TARGET_PAGE_SIZE;
 
-    if (likely(tag_end - prev_page <= TARGET_PAGE_SIZE)) {
+    if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
         /* Memory access stays on one page. */
-        tag_size = (tag_byte_end - tag_byte_first) / (2 * TAG_GRANULE);
+        tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
         mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
                                   MMU_DATA_LOAD, tag_size, ra);
         if (!mem1) {
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
         mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, next_page - ptr,
                                   MMU_DATA_LOAD, tag_size, ra);
 
-        tag_size = (tag_byte_end - next_page) / (2 * TAG_GRANULE);
+        tag_size = ((tag_byte_last - next_page) / (2 * TAG_GRANULE)) + 1;
         mem2 = allocation_tag_mem(env, mmu_idx, next_page, type,
-                                  ptr_end - next_page,
+                                  ptr_last - next_page + 1,
                                   MMU_DATA_LOAD, tag_size, ra);
 
         /*
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
     }
 
     /*
-     * If we failed, we know which granule.  Compute the element that
-     * is first in that granule, and signal failure on that element.
+     * If we failed, we know which granule.  For the first granule, the
+     * failure address is @ptr, the first byte accessed.  Otherwise the
+     * failure address is the first byte of the nth granule.
      */
     if (unlikely(n < tag_count)) {
-        uint64_t fail_ofs;
-
-        fail_ofs = tag_first + n * TAG_GRANULE - ptr;
-        fail_ofs = ROUND_UP(fail_ofs, esize);
-        mte_check_fail(env, desc, ptr + fail_ofs, ra);
+        uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
+        mte_check_fail(env, desc, fault, ra);
     }
 
  done:
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Split out a helper function from mte_checkN to perform
all of the checking and address manpulation.  So far,
just use this in mte_checkN itself.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/mte_helper.c | 52 +++++++++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 12 deletions(-)

diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
     return n;
 }
 
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra)
+/**
+ * mte_probe_int() - helper for mte_probe and mte_check
+ * @env: CPU environment
+ * @desc: MTEDESC descriptor
+ * @ptr: virtual address of the base of the access
+ * @fault: return virtual address of the first check failure
+ *
+ * Internal routine for both mte_probe and mte_check.
+ * Return zero on failure, filling in *fault.
+ * Return negative on trivial success for tbi disabled.
+ * Return positive on success with tbi enabled.
+ */
+static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
+                         uintptr_t ra, uint32_t total, uint64_t *fault)
 {
     int mmu_idx, ptr_tag, bit55;
     uint64_t ptr_last, prev_page, next_page;
     uint64_t tag_first, tag_last;
     uint64_t tag_byte_first, tag_byte_last;
-    uint32_t total, tag_count, tag_size, n, c;
+    uint32_t tag_count, tag_size, n, c;
     uint8_t *mem1, *mem2;
     MMUAccessType type;
 
     bit55 = extract64(ptr, 55, 1);
+    *fault = ptr;
 
     /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
     if (unlikely(!tbi_check(desc, bit55))) {
-        return ptr;
+        return -1;
     }
 
     ptr_tag = allocation_tag_from_addr(ptr);
 
     if (tcma_check(desc, bit55, ptr_tag)) {
-        goto done;
+        return 1;
     }
 
     mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
     type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
-    total = FIELD_EX32(desc, MTEDESC, TSIZE);
 
     /* Find the addr of the end of the access */
     ptr_last = ptr + total - 1;
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
         mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
                                   MMU_DATA_LOAD, tag_size, ra);
         if (!mem1) {
-            goto done;
+            return 1;
         }
         /* Perform all of the comparisons. */
         n = checkN(mem1, ptr & TAG_GRANULE, ptr_tag, tag_count);
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
         }
         if (n == c) {
             if (!mem2) {
-                goto done;
+                return 1;
             }
             n += checkN(mem2, 0, ptr_tag, tag_count - c);
         }
     }
 
+    if (likely(n == tag_count)) {
+        return 1;
+    }
+
     /*
      * If we failed, we know which granule.  For the first granule, the
      * failure address is @ptr, the first byte accessed.  Otherwise the
      * failure address is the first byte of the nth granule.
      */
-    if (unlikely(n < tag_count)) {
-        uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
-        mte_check_fail(env, desc, fault, ra);
+    if (n > 0) {
+        *fault = tag_first + n * TAG_GRANULE;
     }
+    return 0;
+}
 
- done:
+uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
+                    uint64_t ptr, uintptr_t ra)
+{
+    uint64_t fault;
+    uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
+    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+
+    if (unlikely(ret == 0)) {
+        mte_check_fail(env, desc, fault, ra);
+    } else if (ret < 0) {
+        return ptr;
+    }
     return useronly_clean_ptr(ptr);
 }
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We cannot tell a priori whether or not a given scalar access is aligned,
therefore we must at least check.  Use mte_probe_int, which is already
set up for checking multiple granules.

Buglink: https://bugs.launchpad.net/bugs/1921948
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/mte_helper.c | 109 +++++++++++++---------------------------
 1 file changed, 35 insertions(+), 74 deletions(-)

diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
     }
 }
 
-/*
- * Perform an MTE checked access for a single logical or atomic access.
- */
-static bool mte_probe1_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
-                           uintptr_t ra, int bit55)
-{
-    int mem_tag, mmu_idx, ptr_tag, size;
-    MMUAccessType type;
-    uint8_t *mem;
-
-    ptr_tag = allocation_tag_from_addr(ptr);
-
-    if (tcma_check(desc, bit55, ptr_tag)) {
-        return true;
-    }
-
-    mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
-    type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
-    size = FIELD_EX32(desc, MTEDESC, ESIZE);
-
-    mem = allocation_tag_mem(env, mmu_idx, ptr, type, size,
-                             MMU_DATA_LOAD, 1, ra);
-    if (!mem) {
-        return true;
-    }
-
-    mem_tag = load_tag1(ptr, mem);
-    return ptr_tag == mem_tag;
-}
-
-/*
- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
- * Returns false if the access is Checked and the check failed.  This
- * is only intended to probe the tag -- the validity of the page must
- * be checked beforehand.
- */
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
-    int bit55 = extract64(ptr, 55, 1);
-
-    /* If TBI is disabled, the access is unchecked. */
-    if (unlikely(!tbi_check(desc, bit55))) {
-        return true;
-    }
-
-    return mte_probe1_int(env, desc, ptr, 0, bit55);
-}
-
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra)
-{
-    int bit55 = extract64(ptr, 55, 1);
-
-    /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
-    if (unlikely(!tbi_check(desc, bit55))) {
-        return ptr;
-    }
-
-    if (unlikely(!mte_probe1_int(env, desc, ptr, ra, bit55))) {
-        mte_check_fail(env, desc, ptr, ra);
-    }
-
-    return useronly_clean_ptr(ptr);
-}
-
-uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
-    return mte_check1(env, desc, ptr, GETPC());
-}
-
-/*
- * Perform an MTE checked access for multiple logical accesses.
- */
-
 /**
  * checkN:
  * @tag: tag memory to test
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
     return mte_checkN(env, desc, ptr, GETPC());
 }
 
+uint64_t mte_check1(CPUARMState *env, uint32_t desc,
+                    uint64_t ptr, uintptr_t ra)
+{
+    uint64_t fault;
+    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
+    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+
+    if (unlikely(ret == 0)) {
+        mte_check_fail(env, desc, fault, ra);
+    } else if (ret < 0) {
+        return ptr;
+    }
+    return useronly_clean_ptr(ptr);
+}
+
+uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
+{
+    return mte_check1(env, desc, ptr, GETPC());
+}
+
+/*
+ * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
+ * Returns false if the access is Checked and the check failed.  This
+ * is only intended to probe the tag -- the validity of the page must
+ * be checked beforehand.
+ */
+bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
+{
+    uint64_t fault;
+    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
+    int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
+
+    return ret != 0;
+}
+
 /*
  * Perform an MTE checked access for DC_ZVA.
  */
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Buglink: https://bugs.launchpad.net/bugs/1921948
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 tests/tcg/aarch64/mte-5.c         | 44 +++++++++++++++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  2 +-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/aarch64/mte-5.c

diff --git a/tests/tcg/aarch64/mte-5.c b/tests/tcg/aarch64/mte-5.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/tcg/aarch64/mte-5.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Memory tagging, faulting unaligned access.
+ *
+ * Copyright (c) 2021 Linaro Ltd
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "mte.h"
+
+void pass(int sig, siginfo_t *info, void *uc)
+{
+    assert(info->si_code == SEGV_MTESERR);
+    exit(0);
+}
+
+int main(int ac, char **av)
+{
+    struct sigaction sa;
+    void *p0, *p1, *p2;
+    long excl = 1;
+
+    enable_mte(PR_MTE_TCF_SYNC);
+    p0 = alloc_mte_mem(sizeof(*p0));
+
+    /* Create two differently tagged pointers.  */
+    asm("irg %0,%1,%2" : "=r"(p1) : "r"(p0), "r"(excl));
+    asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1));
+    assert(excl != 1);
+    asm("irg %0,%1,%2" : "=r"(p2) : "r"(p0), "r"(excl));
+    assert(p1 != p2);
+
+    memset(&sa, 0, sizeof(sa));
+    sa.sa_sigaction = pass;
+    sa.sa_flags = SA_SIGINFO;
+    sigaction(SIGSEGV, &sa, NULL);
+
+    /* Store store two different tags in sequential granules. */
+    asm("stg %0, [%0]" : : "r"(p1));
+    asm("stg %0, [%0]" : : "r"(p2 + 16));
+
+    /* Perform an unaligned load crossing the granules. */
+    asm volatile("ldr %0, [%1]" : "=r"(p0) : "r"(p1 + 12));
+    abort();
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index XXXXXXX..XXXXXXX 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -XXX,XX +XXX,XX @@ AARCH64_TESTS += bti-2
 
 # MTE Tests
 ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),)
-AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-6
+AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6
 mte-%: CFLAGS += -march=armv8.5-a+memtag
 endif
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

After recent changes, mte_checkN does not use ESIZE,
and mte_check1 never used TSIZE.  We can combine the
two into a single field: SIZEM1.

Choose to pass size - 1 because size == 0 is never used,
our immediate need in mte_probe_int is for the address
of the last byte (ptr + size - 1), and since almost all
operations are powers of 2, this makes the immediate
constant one bit smaller.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h     |  4 ++--
 target/arm/mte_helper.c    | 18 ++++++++----------
 target/arm/translate-a64.c |  5 ++---
 target/arm/translate-sve.c |  5 ++---
 4 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@
 #define TARGET_ARM_INTERNALS_H
 
 #include "hw/registerfields.h"
+#include "tcg/tcg-gvec-desc.h"
 #include "syndrome.h"
 
 /* register banks for CPU modes */
@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, MIDX,  0, 4)
 FIELD(MTEDESC, TBI,   4, 2)
 FIELD(MTEDESC, TCMA,  6, 2)
 FIELD(MTEDESC, WRITE, 8, 1)
-FIELD(MTEDESC, ESIZE, 9, 5)
-FIELD(MTEDESC, TSIZE, 14, 10)  /* mte_checkN only */
+FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
 
 bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
 uint64_t mte_check1(CPUARMState *env, uint32_t desc,
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
  * Return positive on success with tbi enabled.
  */
 static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
-                         uintptr_t ra, uint32_t total, uint64_t *fault)
+                         uintptr_t ra, uint64_t *fault)
 {
     int mmu_idx, ptr_tag, bit55;
     uint64_t ptr_last, prev_page, next_page;
     uint64_t tag_first, tag_last;
     uint64_t tag_byte_first, tag_byte_last;
-    uint32_t tag_count, tag_size, n, c;
+    uint32_t sizem1, tag_count, tag_size, n, c;
     uint8_t *mem1, *mem2;
     MMUAccessType type;
 
@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
 
     mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
     type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
+    sizem1 = FIELD_EX32(desc, MTEDESC, SIZEM1);
 
     /* Find the addr of the end of the access */
-    ptr_last = ptr + total - 1;
+    ptr_last = ptr + sizem1;
 
     /* Round the bounds to the tag granule, and compute the number of tags. */
     tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
     if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
         /* Memory access stays on one page. */
         tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
-        mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
+        mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,
                                   MMU_DATA_LOAD, tag_size, ra);
         if (!mem1) {
             return 1;
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
                     uint64_t ptr, uintptr_t ra)
 {
     uint64_t fault;
-    uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
-    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
 
     if (unlikely(ret == 0)) {
         mte_check_fail(env, desc, fault, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t mte_check1(CPUARMState *env, uint32_t desc,
                     uint64_t ptr, uintptr_t ra)
 {
     uint64_t fault;
-    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
-    int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
 
     if (unlikely(ret == 0)) {
         mte_check_fail(env, desc, fault, ra);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
 bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
 {
     uint64_t fault;
-    uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
-    int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
+    int ret = mte_probe_int(env, desc, ptr, 0, &fault);
 
     return ret != 0;
 }
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
-        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_size);
+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << log2_size) - 1);
         tcg_desc = tcg_const_i32(desc);
 
         ret = new_tmp_a64(s);
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
-        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_esize);
-        desc = FIELD_DP32(desc, MTEDESC, TSIZE, total_size);
+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
         tcg_desc = tcg_const_i32(desc);
 
         ret = new_tmp_a64(s);
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
-        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
-        desc = FIELD_DP32(desc, MTEDESC, TSIZE, mte_n << msz);
+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1);
         desc <<= SVE_MTEDESC_SHIFT;
     } else {
         addr = clean_data_tbi(s, addr);
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpz(DisasContext *s, int zt, int pg, int zm,
         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
-        desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << msz) - 1);
         desc <<= SVE_MTEDESC_SHIFT;
     }
     desc = simd_desc(vsz, vsz, desc | scale);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The mte_check1 and mte_checkN functions are now identical.
Drop mte_check1 and rename mte_checkN to mte_check.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper-a64.h    |  3 +--
 target/arm/internals.h     |  5 +----
 target/arm/mte_helper.c    | 26 +++-----------------------
 target/arm/sve_helper.c    | 14 +++++++-------
 target/arm/translate-a64.c |  4 ++--
 5 files changed, 14 insertions(+), 38 deletions(-)

diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
 DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
 
-DEF_HELPER_FLAGS_3(mte_check1, TCG_CALL_NO_WG, i64, env, i32, i64)
-DEF_HELPER_FLAGS_3(mte_checkN, TCG_CALL_NO_WG, i64, env, i32, i64)
+DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
 DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
 DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, WRITE, 8, 1)
 FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
 
 bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra);
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra);
+uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
 
 static inline int allocation_tag_from_addr(uint64_t ptr)
 {
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
     return 0;
 }
 
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra)
+uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra)
 {
     uint64_t fault;
     int ret = mte_probe_int(env, desc, ptr, ra, &fault);
@@ -XXX,XX +XXX,XX @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
     return useronly_clean_ptr(ptr);
 }
 
-uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
+uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
 {
-    return mte_checkN(env, desc, ptr, GETPC());
-}
-
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
-                    uint64_t ptr, uintptr_t ra)
-{
-    uint64_t fault;
-    int ret = mte_probe_int(env, desc, ptr, ra, &fault);
-
-    if (unlikely(ret == 0)) {
-        mte_check_fail(env, desc, fault, ra);
-    } else if (ret < 0) {
-        return ptr;
-    }
-    return useronly_clean_ptr(ptr);
-}
-
-uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
-    return mte_check1(env, desc, ptr, GETPC());
+    return mte_check(env, desc, ptr, GETPC());
 }
 
 /*
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
                                      uintptr_t ra)
 {
     sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
-                                mtedesc, ra, mte_check1);
+                                mtedesc, ra, mte_check);
 }
 
 static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
                                      uintptr_t ra)
 {
     sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
-                                mtedesc, ra, mte_checkN);
+                                mtedesc, ra, mte_check);
 }
 
 
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
     if (fault == FAULT_FIRST) {
         /* Trapping mte check for the first-fault element.  */
         if (mtedesc) {
-            mte_check1(env, mtedesc, addr + mem_off, retaddr);
+            mte_check(env, mtedesc, addr + mem_off, retaddr);
         }
 
         /*
@@ -XXX,XX +XXX,XX @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                                              info.attrs, BP_MEM_READ, retaddr);
                     }
                     if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
-                        mte_check1(env, mtedesc, addr, retaddr);
+                        mte_check(env, mtedesc, addr, retaddr);
                     }
                     host_fn(&scratch, reg_off, info.host);
                 } else {
@@ -XXX,XX +XXX,XX @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                                              BP_MEM_READ, retaddr);
                     }
                     if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
-                        mte_check1(env, mtedesc, addr, retaddr);
+                        mte_check(env, mtedesc, addr, retaddr);
                     }
                     tlb_fn(env, &scratch, reg_off, addr, retaddr);
                 }
@@ -XXX,XX +XXX,XX @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
      */
     addr = base + (off_fn(vm, reg_off) << scale);
     if (mtedesc) {
-        mte_check1(env, mtedesc, addr, retaddr);
+        mte_check(env, mtedesc, addr, retaddr);
     }
     tlb_fn(env, vd, reg_off, addr, retaddr);
 
@@ -XXX,XX +XXX,XX @@ void sve_st1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                 }
 
                 if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
-                    mte_check1(env, mtedesc, addr, retaddr);
+                    mte_check(env, mtedesc, addr, retaddr);
                 }
             }
             i += 1;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
         tcg_desc = tcg_const_i32(desc);
 
         ret = new_tmp_a64(s);
-        gen_helper_mte_check1(ret, cpu_env, tcg_desc, addr);
+        gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
         tcg_temp_free_i32(tcg_desc);
 
         return ret;
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
         tcg_desc = tcg_const_i32(desc);
 
         ret = new_tmp_a64(s);
-        gen_helper_mte_checkN(ret, cpu_env, tcg_desc, addr);
+        gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
         tcg_temp_free_i32(tcg_desc);
 
         return ret;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

For consistency with the mte_check1 + mte_checkN merge
to mte_check, rename the probe function as well.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h  | 2 +-
 target/arm/mte_helper.c | 6 +++---
 target/arm/sve_helper.c | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, TCMA,  6, 2)
 FIELD(MTEDESC, WRITE, 8, 1)
 FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9)  /* size - 1 */
 
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr);
 uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
 
 static inline int allocation_tag_from_addr(uint64_t ptr)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
      * exception for inaccessible pages, and resolves the virtual address
      * into the softmmu tlb.
      *
-     * When RA == 0, this is for mte_probe1.  The page is expected to be
+     * When RA == 0, this is for mte_probe.  The page is expected to be
      * valid.  Indicate to probe_access_flags no-fault, then assert that
      * we received a valid page.
      */
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
 }
 
 /*
- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
+ * No-fault version of mte_check, to be used by SVE for MemSingleNF.
  * Returns false if the access is Checked and the check failed.  This
  * is only intended to probe the tag -- the validity of the page must
  * be checked beforehand.
  */
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr)
 {
     uint64_t fault;
     int ret = mte_probe_int(env, desc, ptr, 0, &fault);
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
                 /* Watchpoint hit, see below. */
                 goto do_fault;
             }
-            if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
+            if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
                 goto do_fault;
             }
             /*
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
                      & BP_MEM_READ)) {
                     goto do_fault;
                 }
-                if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
+                if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
                     goto do_fault;
                 }
                 host_fn(vd, reg_off, host + mem_off);
@@ -XXX,XX +XXX,XX @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
                 }
                 if (mtedesc &&
                     arm_tlb_mte_tagged(&info.attrs) &&
-                    !mte_probe1(env, mtedesc, addr)) {
+                    !mte_probe(env, mtedesc, addr)) {
                     goto fault;
                 }
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Now that mte_check1 and mte_checkN have been merged, we can
merge sve_cont_ldst_mte_check1 and sve_cont_ldst_mte_checkN.

Which means that we can eliminate the function pointer into
sve_ldN_r and sve_stN_r, calling sve_cont_ldst_mte_check directly.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/sve_helper.c | 84 +++++++++++++----------------------------
 1 file changed, 26 insertions(+), 58 deletions(-)

diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -XXX,XX +XXX,XX @@ static void sve_cont_ldst_watchpoints(SVEContLdSt *info, CPUARMState *env,
 #endif
 }
 
-typedef uint64_t mte_check_fn(CPUARMState *, uint32_t, uint64_t, uintptr_t);
-
-static inline QEMU_ALWAYS_INLINE
-void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
-                                 uint64_t *vg, target_ulong addr, int esize,
-                                 int msize, uint32_t mtedesc, uintptr_t ra,
-                                 mte_check_fn *check)
+static void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
+                                    uint64_t *vg, target_ulong addr, int esize,
+                                    int msize, uint32_t mtedesc, uintptr_t ra)
 {
     intptr_t mem_off, reg_off, reg_last;
 
@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
             uint64_t pg = vg[reg_off >> 6];
             do {
                 if ((pg >> (reg_off & 63)) & 1) {
-                    check(env, mtedesc, addr, ra);
+                    mte_check(env, mtedesc, addr, ra);
                 }
                 reg_off += esize;
                 mem_off += msize;
@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
             uint64_t pg = vg[reg_off >> 6];
             do {
                 if ((pg >> (reg_off & 63)) & 1) {
-                    check(env, mtedesc, addr, ra);
+                    mte_check(env, mtedesc, addr, ra);
                 }
                 reg_off += esize;
                 mem_off += msize;
@@ -XXX,XX +XXX,XX @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
     }
 }
 
-typedef void sve_cont_ldst_mte_check_fn(SVEContLdSt *info, CPUARMState *env,
-                                        uint64_t *vg, target_ulong addr,
-                                        int esize, int msize, uint32_t mtedesc,
-                                        uintptr_t ra);
-
-static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
-                                     uint64_t *vg, target_ulong addr,
-                                     int esize, int msize, uint32_t mtedesc,
-                                     uintptr_t ra)
-{
-    sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
-                                mtedesc, ra, mte_check);
-}
-
-static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
-                                     uint64_t *vg, target_ulong addr,
-                                     int esize, int msize, uint32_t mtedesc,
-                                     uintptr_t ra)
-{
-    sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
-                                mtedesc, ra, mte_check);
-}
-
-
 /*
  * Common helper for all contiguous 1,2,3,4-register predicated stores.
  */
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
                uint32_t desc, const uintptr_t retaddr,
                const int esz, const int msz, const int N, uint32_t mtedesc,
                sve_ldst1_host_fn *host_fn,
-               sve_ldst1_tlb_fn *tlb_fn,
-               sve_cont_ldst_mte_check_fn *mte_check_fn)
+               sve_ldst1_tlb_fn *tlb_fn)
 {
     const unsigned rd = simd_data(desc);
     const intptr_t reg_max = simd_oprsz(desc);
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
      * Handle mte checks for all active elements.
      * Since TBI must be set for MTE, !mtedesc => !mte_active.
      */
-    if (mte_check_fn && mtedesc) {
-        mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
-                     mtedesc, retaddr);
+    if (mtedesc) {
+        sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
+                                mtedesc, retaddr);
     }
 
     flags = info.page[0].flags | info.page[1].flags;
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
         mtedesc = 0;
     }
 
-    sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
-              N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
+    sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
 }
 
 #define DO_LD1_1(NAME, ESZ)                                             \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_##NAME##_r)(CPUARMState *env, void *vg,                 \
                             target_ulong addr, uint32_t desc)           \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, 1, 0,            \
-              sve_##NAME##_host, sve_##NAME##_tlb, NULL);               \
+              sve_##NAME##_host, sve_##NAME##_tlb);                     \
 }                                                                       \
 void HELPER(sve_##NAME##_r_mte)(CPUARMState *env, void *vg,             \
                                 target_ulong addr, uint32_t desc)       \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_##NAME##_le_r)(CPUARMState *env, void *vg,              \
                                target_ulong addr, uint32_t desc)        \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0,             \
-              sve_##NAME##_le_host, sve_##NAME##_le_tlb, NULL);         \
+              sve_##NAME##_le_host, sve_##NAME##_le_tlb);               \
 }                                                                       \
 void HELPER(sve_##NAME##_be_r)(CPUARMState *env, void *vg,              \
                                target_ulong addr, uint32_t desc)        \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0,             \
-              sve_##NAME##_be_host, sve_##NAME##_be_tlb, NULL);         \
+              sve_##NAME##_be_host, sve_##NAME##_be_tlb);               \
 }                                                                       \
 void HELPER(sve_##NAME##_le_r_mte)(CPUARMState *env, void *vg,          \
-                                 target_ulong addr, uint32_t desc)      \
+                                   target_ulong addr, uint32_t desc)    \
 {                                                                       \
     sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1,            \
                   sve_##NAME##_le_host, sve_##NAME##_le_tlb);           \
 }                                                                       \
 void HELPER(sve_##NAME##_be_r_mte)(CPUARMState *env, void *vg,          \
-                                 target_ulong addr, uint32_t desc)      \
+                                   target_ulong addr, uint32_t desc)    \
 {                                                                       \
     sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1,            \
                   sve_##NAME##_be_host, sve_##NAME##_be_tlb);           \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_ld##N##bb_r)(CPUARMState *env, void *vg,                \
                              target_ulong addr, uint32_t desc)          \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), MO_8, MO_8, N, 0,           \
-              sve_ld1bb_host, sve_ld1bb_tlb, NULL);                     \
+              sve_ld1bb_host, sve_ld1bb_tlb);                           \
 }                                                                       \
 void HELPER(sve_ld##N##bb_r_mte)(CPUARMState *env, void *vg,            \
                                  target_ulong addr, uint32_t desc)      \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_ld##N##SUFF##_le_r)(CPUARMState *env, void *vg,         \
                                     target_ulong addr, uint32_t desc)   \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0,             \
-              sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb, NULL);   \
+              sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb);         \
 }                                                                       \
 void HELPER(sve_ld##N##SUFF##_be_r)(CPUARMState *env, void *vg,         \
                                     target_ulong addr, uint32_t desc)   \
 {                                                                       \
     sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0,             \
-              sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb, NULL);   \
+              sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb);         \
 }                                                                       \
 void HELPER(sve_ld##N##SUFF##_le_r_mte)(CPUARMState *env, void *vg,     \
                                         target_ulong addr, uint32_t desc) \
@@ -XXX,XX +XXX,XX @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
                uint32_t desc, const uintptr_t retaddr,
                const int esz, const int msz, const int N, uint32_t mtedesc,
                sve_ldst1_host_fn *host_fn,
-               sve_ldst1_tlb_fn *tlb_fn,
-               sve_cont_ldst_mte_check_fn *mte_check_fn)
+               sve_ldst1_tlb_fn *tlb_fn)
 {
     const unsigned rd = simd_data(desc);
     const intptr_t reg_max = simd_oprsz(desc);
@@ -XXX,XX +XXX,XX @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
      * Handle mte checks for all active elements.
      * Since TBI must be set for MTE, !mtedesc => !mte_active.
      */
-    if (mte_check_fn && mtedesc) {
-        mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
-                     mtedesc, retaddr);
+    if (mtedesc) {
+        sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
+                                mtedesc, retaddr);
     }
 
     flags = info.page[0].flags | info.page[1].flags;
@@ -XXX,XX +XXX,XX @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
         mtedesc = 0;
     }
 
-    sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
-              N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
+    sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
 }
 
 #define DO_STN_1(N, NAME, ESZ)                                          \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_st##N##NAME##_r)(CPUARMState *env, void *vg,            \
                                  target_ulong addr, uint32_t desc)      \
 {                                                                       \
     sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, N, 0,            \
-              sve_st1##NAME##_host, sve_st1##NAME##_tlb, NULL);         \
+              sve_st1##NAME##_host, sve_st1##NAME##_tlb);               \
 }                                                                       \
 void HELPER(sve_st##N##NAME##_r_mte)(CPUARMState *env, void *vg,        \
                                      target_ulong addr, uint32_t desc)  \
@@ -XXX,XX +XXX,XX @@ void HELPER(sve_st##N##NAME##_le_r)(CPUARMState *env, void *vg,         \
                                     target_ulong addr, uint32_t desc)   \
 {                                                                       \
     sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0,             \
-              sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb, NULL);   \
+              sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb);         \
 }                                                                       \
 void HELPER(sve_st##N##NAME##_be_r)(CPUARMState *env, void *vg,         \
                                     target_ulong addr, uint32_t desc)   \
 {                                                                       \
     sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0,             \
-              sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb, NULL);   \
+              sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb);         \
 }                                                                       \
 void HELPER(sve_st##N##NAME##_le_r_mte)(CPUARMState *env, void *vg,     \
                                         target_ulong addr, uint32_t desc) \
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The log2_esize parameter is not used except trivially.
Drop the parameter and the deferral to gen_mte_check1.

This fixes a bug in that the parameters as documented
in the header file were the reverse from those in the
implementation.  Which meant that translate-sve.c was
passing the parameters in the wrong order.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416183106.1516563-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.h |  2 +-
 target/arm/translate-a64.c | 15 +++++++--------
 target/arm/translate-sve.c |  4 ++--
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.h
+++ b/target/arm/translate-a64.h
@@ -XXX,XX +XXX,XX @@ TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr);
 TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
                         bool tag_checked, int log2_size);
 TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
-                        bool tag_checked, int count, int log2_esize);
+                        bool tag_checked, int size);
 
 /* We should have at some point before trying to access an FP register
  * done the necessary access check, so assert that
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
  * For MTE, check multiple logical sequential accesses.
  */
 TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
-                        bool tag_checked, int log2_esize, int total_size)
+                        bool tag_checked, int size)
 {
-    if (tag_checked && s->mte_active[0] && total_size != (1 << log2_esize)) {
+    if (tag_checked && s->mte_active[0]) {
         TCGv_i32 tcg_desc;
         TCGv_i64 ret;
         int desc = 0;
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
         desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
         desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
         desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
-        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
+        desc = FIELD_DP32(desc, MTEDESC, SIZEM1, size - 1);
         tcg_desc = tcg_const_i32(desc);
 
         ret = new_tmp_a64(s);
@@ -XXX,XX +XXX,XX @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
 
         return ret;
     }
-    return gen_mte_check1(s, addr, is_write, tag_checked, log2_esize);
+    return clean_data_tbi(s, addr);
 }
 
 typedef struct DisasCompare64 {
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
     }
 
     clean_addr = gen_mte_checkN(s, dirty_addr, !is_load,
-                                (wback || rn != 31) && !set_tag,
-                                size, 2 << size);
+                                (wback || rn != 31) && !set_tag, 2 << size);
 
     if (is_vector) {
         if (is_load) {
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
      * promote consecutive little-endian elements below.
      */
     clean_addr = gen_mte_checkN(s, tcg_rn, is_store, is_postidx || rn != 31,
-                                size, total);
+                                total);
 
     /*
      * Consecutive little-endian elements from a single register
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
     tcg_rn = cpu_reg_sp(s, rn);
 
     clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
-                                scale, total);
+                                total);
 
     tcg_ebytes = tcg_const_i64(1 << scale);
     for (xs = 0; xs < selem; xs++) {
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@ static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
 
     dirty_addr = tcg_temp_new_i64();
     tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
-    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
+    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
     tcg_temp_free_i64(dirty_addr);
 
     /*
@@ -XXX,XX +XXX,XX @@ static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
 
     dirty_addr = tcg_temp_new_i64();
     tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
-    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
+    clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
     tcg_temp_free_i64(dirty_addr);
 
     /* Note that unpredicated load/store of vector/predicate registers
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The encoding of size = 2 and size = 3 had the incorrect decode
for align, overlapping the stride field.  This error was hidden
by what should have been unnecessary masking in translate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/neon-ls.decode       | 4 ++--
 target/arm/translate-neon.c.inc | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/neon-ls.decode b/target/arm/neon-ls.decode
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/neon-ls.decode
+++ b/target/arm/neon-ls.decode
@@ -XXX,XX +XXX,XX @@ VLD_all_lanes  1111 0100 1 . 1 0 rn:4 .... 11 n:2 size:2 t:1 a:1 rm:4 \
 
 VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 00 n:2 reg_idx:3 align:1 rm:4 \
                vd=%vd_dp size=0 stride=1
-VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 01 n:2 reg_idx:2 align:2 rm:4 \
+VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 01 n:2 reg_idx:2 . align:1 rm:4 \
                vd=%vd_dp size=1 stride=%imm1_5_p1
-VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 10 n:2 reg_idx:1 align:3 rm:4 \
+VLDST_single   1111 0100 1 . l:1 0 rn:4 .... 10 n:2 reg_idx:1 . align:2 rm:4 \
                vd=%vd_dp size=2 stride=%imm1_6_p1
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
     switch (nregs) {
     case 1:
         if (((a->align & (1 << a->size)) != 0) ||
-            (a->size == 2 && ((a->align & 3) == 1 || (a->align & 3) == 2))) {
+            (a->size == 2 && (a->align == 1 || a->align == 2))) {
             return false;
         }
         break;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
         }
         break;
     case 4:
-        if ((a->size == 2) && ((a->align & 3) == 3)) {
+        if (a->size == 2 && a->align == 3) {
             return false;
         }
         break;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We're about to rearrange the macro expansion surrounding tbflags,
and this field name will be expanded using the bit definition of
the same name, resulting in a token pasting error.

So SCTLR_B -> SCTLR__B in the 3 uses, and document it.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h       | 2 +-
 target/arm/helper.c    | 2 +-
 target/arm/translate.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
  */
 FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
 FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
-FIELD(TBFLAG_A32, SCTLR_B, 15, 1)
+FIELD(TBFLAG_A32, SCTLR__B, 15, 1)      /* Cannot overlap with SCTLR_B */
 FIELD(TBFLAG_A32, HSTR_ACTIVE, 16, 1)
 /*
  * Indicates whether cp register reads and writes by guest code should access
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
     bool sctlr_b = arm_sctlr_b(env);
 
     if (sctlr_b) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, 1);
+        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR__B, 1);
     }
     if (arm_cpu_data_is_big_endian_a32(env, sctlr_b)) {
         flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
             FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
         dc->debug_target_el =
             FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
-        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
+        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR__B);
         dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE);
         dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
         dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We're about to rearrange the macro expansion surrounding tbflags,
and this field name will be expanded using the bit definition of
the same name, resulting in a token pasting error.

So PSTATE_SS -> PSTATE__SS in the uses, and document it.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h           | 2 +-
 target/arm/helper.c        | 4 ++--
 target/arm/translate-a64.c | 2 +-
 target/arm/translate.c     | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
  */
 FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
 FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
-FIELD(TBFLAG_ANY, PSTATE_SS, 29, 1)     /* Not cached. */
+FIELD(TBFLAG_ANY, PSTATE__SS, 29, 1)    /* Not cached. */
 FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
 FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
 /* Target EL if we take a floating-point-disabled exception */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
      *     0            x       Inactive (the TB flag for SS is always 0)
      *     1            0       Active-pending
      *     1            1       Active-not-pending
-     * SS_ACTIVE is set in hflags; PSTATE_SS is computed every TB.
+     * SS_ACTIVE is set in hflags; PSTATE__SS is computed every TB.
      */
     if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE) &&
         (env->pstate & PSTATE_SS)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
+        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE__SS, 1);
     }
 
     *pflags = flags;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
      *   end the TB
      */
     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
     dc->is_ldex = false;
     dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      *   end the TB
      */
     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
     dc->is_ldex = false;
 
     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We're about to split tbflags into two parts.  These macros
will ensure that the correct part is used with the correct
set of bits.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h           | 22 +++++++++-
 target/arm/helper-a64.c    |  2 +-
 target/arm/helper.c        | 85 +++++++++++++++++---------------------
 target/arm/translate-a64.c | 36 ++++++++--------
 target/arm/translate.c     | 48 ++++++++++-----------
 5 files changed, 101 insertions(+), 92 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, TCMA, 16, 2)
 FIELD(TBFLAG_A64, MTE_ACTIVE, 18, 1)
 FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
 
+/*
+ * Helpers for using the above.
+ */
+#define DP_TBFLAG_ANY(DST, WHICH, VAL) \
+    (DST = FIELD_DP32(DST, TBFLAG_ANY, WHICH, VAL))
+#define DP_TBFLAG_A64(DST, WHICH, VAL) \
+    (DST = FIELD_DP32(DST, TBFLAG_A64, WHICH, VAL))
+#define DP_TBFLAG_A32(DST, WHICH, VAL) \
+    (DST = FIELD_DP32(DST, TBFLAG_A32, WHICH, VAL))
+#define DP_TBFLAG_M32(DST, WHICH, VAL) \
+    (DST = FIELD_DP32(DST, TBFLAG_M32, WHICH, VAL))
+#define DP_TBFLAG_AM32(DST, WHICH, VAL) \
+    (DST = FIELD_DP32(DST, TBFLAG_AM32, WHICH, VAL))
+
+#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN, TBFLAG_ANY, WHICH)
+#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A64, WHICH)
+#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A32, WHICH)
+#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_M32, WHICH)
+#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN, TBFLAG_AM32, WHICH)
+
 /**
  * cpu_mmu_index:
  * @env: The cpu environment
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
  */
 static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
 {
-    return FIELD_EX32(env->hflags, TBFLAG_ANY, MMUIDX);
+    return EX_TBFLAG_ANY(env->hflags, MMUIDX);
 }
 
 static inline bool bswap_code(bool sctlr_b)
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
          * the hflags rebuild, since we can pull the composite TBII field
          * from there.
          */
-        tbii = FIELD_EX32(env->hflags, TBFLAG_A64, TBII);
+        tbii = EX_TBFLAG_A64(env->hflags, TBII);
         if ((tbii >> extract64(new_pc, 55, 1)) & 1) {
             /* TBI is enabled. */
             int core_mmu_idx = cpu_mmu_index(env, false);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
 static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
                                       ARMMMUIdx mmu_idx, uint32_t flags)
 {
-    flags = FIELD_DP32(flags, TBFLAG_ANY, FPEXC_EL, fp_el);
-    flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX,
-                       arm_to_core_mmu_idx(mmu_idx));
+    DP_TBFLAG_ANY(flags, FPEXC_EL, fp_el);
+    DP_TBFLAG_ANY(flags, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
 
     if (arm_singlestep_active(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, SS_ACTIVE, 1);
+        DP_TBFLAG_ANY(flags, SS_ACTIVE, 1);
     }
     return flags;
 }
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
     bool sctlr_b = arm_sctlr_b(env);
 
     if (sctlr_b) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR__B, 1);
+        DP_TBFLAG_A32(flags, SCTLR__B, 1);
     }
     if (arm_cpu_data_is_big_endian_a32(env, sctlr_b)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+        DP_TBFLAG_ANY(flags, BE_DATA, 1);
     }
-    flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
+    DP_TBFLAG_A32(flags, NS, !access_secure_reg(env));
 
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     uint32_t flags = 0;
 
     if (arm_v7m_is_handler_mode(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_M32, HANDLER, 1);
+        DP_TBFLAG_M32(flags, HANDLER, 1);
     }
 
     /*
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     if (arm_feature(env, ARM_FEATURE_V8) &&
         !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
           (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
-        flags = FIELD_DP32(flags, TBFLAG_M32, STACKCHECK, 1);
+        DP_TBFLAG_M32(flags, STACKCHECK, 1);
     }
 
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_aprofile(CPUARMState *env)
 {
     int flags = 0;
 
-    flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL,
-                       arm_debug_target_el(env));
+    DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
     return flags;
 }
 
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
     uint32_t flags = rebuild_hflags_aprofile(env);
 
     if (arm_el_is_aa64(env, 1)) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
+        DP_TBFLAG_A32(flags, VFPEN, 1);
     }
 
     if (arm_current_el(env) < 2 && env->cp15.hstr_el2 &&
         (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, HSTR_ACTIVE, 1);
+        DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
     }
 
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
     uint64_t sctlr;
     int tbii, tbid;
 
-    flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
+    DP_TBFLAG_ANY(flags, AARCH64_STATE, 1);
 
     /* Get control bits for tagged addresses.  */
     tbid = aa64_va_parameter_tbi(tcr, mmu_idx);
     tbii = tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx);
 
-    flags = FIELD_DP32(flags, TBFLAG_A64, TBII, tbii);
-    flags = FIELD_DP32(flags, TBFLAG_A64, TBID, tbid);
+    DP_TBFLAG_A64(flags, TBII, tbii);
+    DP_TBFLAG_A64(flags, TBID, tbid);
 
     if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
         int sve_el = sve_exception_el(env, el);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
         } else {
             zcr_len = sve_zcr_len_for_el(env, el);
         }
-        flags = FIELD_DP32(flags, TBFLAG_A64, SVEEXC_EL, sve_el);
-        flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
+        DP_TBFLAG_A64(flags, SVEEXC_EL, sve_el);
+        DP_TBFLAG_A64(flags, ZCR_LEN, zcr_len);
     }
 
     sctlr = regime_sctlr(env, stage1);
 
     if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+        DP_TBFLAG_ANY(flags, BE_DATA, 1);
     }
 
     if (cpu_isar_feature(aa64_pauth, env_archcpu(env))) {
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
          * The decision of which action to take is left to a helper.
          */
         if (sctlr & (SCTLR_EnIA | SCTLR_EnIB | SCTLR_EnDA | SCTLR_EnDB)) {
-            flags = FIELD_DP32(flags, TBFLAG_A64, PAUTH_ACTIVE, 1);
+            DP_TBFLAG_A64(flags, PAUTH_ACTIVE, 1);
         }
     }
 
     if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
         /* Note that SCTLR_EL[23].BT == SCTLR_BT1.  */
         if (sctlr & (el == 0 ? SCTLR_BT0 : SCTLR_BT1)) {
-            flags = FIELD_DP32(flags, TBFLAG_A64, BT, 1);
+            DP_TBFLAG_A64(flags, BT, 1);
         }
     }
 
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
         case ARMMMUIdx_SE10_1:
         case ARMMMUIdx_SE10_1_PAN:
             /* TODO: ARMv8.3-NV */
-            flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+            DP_TBFLAG_A64(flags, UNPRIV, 1);
             break;
         case ARMMMUIdx_E20_2:
         case ARMMMUIdx_E20_2_PAN:
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
              * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
              */
             if (env->cp15.hcr_el2 & HCR_TGE) {
-                flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+                DP_TBFLAG_A64(flags, UNPRIV, 1);
             }
             break;
         default:
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
          * 4) If no Allocation Tag Access, then all accesses are Unchecked.
          */
         if (allocation_tag_access_enabled(env, el, sctlr)) {
-            flags = FIELD_DP32(flags, TBFLAG_A64, ATA, 1);
+            DP_TBFLAG_A64(flags, ATA, 1);
             if (tbid
                 && !(env->pstate & PSTATE_TCO)
                 && (sctlr & (el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) {
-                flags = FIELD_DP32(flags, TBFLAG_A64, MTE_ACTIVE, 1);
+                DP_TBFLAG_A64(flags, MTE_ACTIVE, 1);
             }
         }
         /* And again for unprivileged accesses, if required.  */
-        if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV)
+        if (EX_TBFLAG_A64(flags, UNPRIV)
             && tbid
             && !(env->pstate & PSTATE_TCO)
             && (sctlr & SCTLR_TCF0)
             && allocation_tag_access_enabled(env, 0, sctlr)) {
-            flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1);
+            DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1);
         }
         /* Cache TCMA as well as TBI. */
-        flags = FIELD_DP32(flags, TBFLAG_A64, TCMA,
-                           aa64_va_parameter_tcma(tcr, mmu_idx));
+        DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx));
     }
 
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     *cs_base = 0;
     assert_hflags_rebuild_correctly(env);
 
-    if (FIELD_EX32(flags, TBFLAG_ANY, AARCH64_STATE)) {
+    if (EX_TBFLAG_ANY(flags, AARCH64_STATE)) {
         *pc = env->pc;
         if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
-            flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
+            DP_TBFLAG_A64(flags, BTYPE, env->btype);
         }
     } else {
         *pc = env->regs[15];
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
                 FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
                 != env->v7m.secure) {
-                flags = FIELD_DP32(flags, TBFLAG_M32, FPCCR_S_WRONG, 1);
+                DP_TBFLAG_M32(flags, FPCCR_S_WRONG, 1);
             }
 
             if ((env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                  * active FP context; we must create a new FP context before
                  * executing any FP insn.
                  */
-                flags = FIELD_DP32(flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED, 1);
+                DP_TBFLAG_M32(flags, NEW_FP_CTXT_NEEDED, 1);
             }
 
             bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
             if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
-                flags = FIELD_DP32(flags, TBFLAG_M32, LSPACT, 1);
+                DP_TBFLAG_M32(flags, LSPACT, 1);
             }
         } else {
             /*
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
              * Note that VECLEN+VECSTRIDE are RES0 for M-profile.
              */
             if (arm_feature(env, ARM_FEATURE_XSCALE)) {
-                flags = FIELD_DP32(flags, TBFLAG_A32,
-                                   XSCALE_CPAR, env->cp15.c15_cpar);
+                DP_TBFLAG_A32(flags, XSCALE_CPAR, env->cp15.c15_cpar);
             } else {
-                flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN,
-                                   env->vfp.vec_len);
-                flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE,
-                                   env->vfp.vec_stride);
+                DP_TBFLAG_A32(flags, VECLEN, env->vfp.vec_len);
+                DP_TBFLAG_A32(flags, VECSTRIDE, env->vfp.vec_stride);
             }
             if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)) {
-                flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
+                DP_TBFLAG_A32(flags, VFPEN, 1);
             }
         }
 
-        flags = FIELD_DP32(flags, TBFLAG_AM32, THUMB, env->thumb);
-        flags = FIELD_DP32(flags, TBFLAG_AM32, CONDEXEC, env->condexec_bits);
+        DP_TBFLAG_AM32(flags, THUMB, env->thumb);
+        DP_TBFLAG_AM32(flags, CONDEXEC, env->condexec_bits);
     }
 
     /*
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
      *     1            1       Active-not-pending
      * SS_ACTIVE is set in hflags; PSTATE__SS is computed every TB.
      */
-    if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE) &&
-        (env->pstate & PSTATE_SS)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE__SS, 1);
+    if (EX_TBFLAG_ANY(flags, SS_ACTIVE) && (env->pstate & PSTATE_SS)) {
+        DP_TBFLAG_ANY(flags, PSTATE__SS, 1);
     }
 
     *pflags = flags;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
                                !arm_el_is_aa64(env, 3);
     dc->thumb = 0;
     dc->sctlr_b = 0;
-    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
+    dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
     dc->condexec_mask = 0;
     dc->condexec_cond = 0;
-    core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
+    core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX);
     dc->mmu_idx = core_to_aa64_mmu_idx(core_mmu_idx);
-    dc->tbii = FIELD_EX32(tb_flags, TBFLAG_A64, TBII);
-    dc->tbid = FIELD_EX32(tb_flags, TBFLAG_A64, TBID);
-    dc->tcma = FIELD_EX32(tb_flags, TBFLAG_A64, TCMA);
+    dc->tbii = EX_TBFLAG_A64(tb_flags, TBII);
+    dc->tbid = EX_TBFLAG_A64(tb_flags, TBID);
+    dc->tcma = EX_TBFLAG_A64(tb_flags, TCMA);
     dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
 #if !defined(CONFIG_USER_ONLY)
     dc->user = (dc->current_el == 0);
 #endif
-    dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
-    dc->sve_excp_el = FIELD_EX32(tb_flags, TBFLAG_A64, SVEEXC_EL);
-    dc->sve_len = (FIELD_EX32(tb_flags, TBFLAG_A64, ZCR_LEN) + 1) * 16;
-    dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
-    dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
-    dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
-    dc->unpriv = FIELD_EX32(tb_flags, TBFLAG_A64, UNPRIV);
-    dc->ata = FIELD_EX32(tb_flags, TBFLAG_A64, ATA);
-    dc->mte_active[0] = FIELD_EX32(tb_flags, TBFLAG_A64, MTE_ACTIVE);
-    dc->mte_active[1] = FIELD_EX32(tb_flags, TBFLAG_A64, MTE0_ACTIVE);
+    dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
+    dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
+    dc->sve_len = (EX_TBFLAG_A64(tb_flags, ZCR_LEN) + 1) * 16;
+    dc->pauth_active = EX_TBFLAG_A64(tb_flags, PAUTH_ACTIVE);
+    dc->bt = EX_TBFLAG_A64(tb_flags, BT);
+    dc->btype = EX_TBFLAG_A64(tb_flags, BTYPE);
+    dc->unpriv = EX_TBFLAG_A64(tb_flags, UNPRIV);
+    dc->ata = EX_TBFLAG_A64(tb_flags, ATA);
+    dc->mte_active[0] = EX_TBFLAG_A64(tb_flags, MTE_ACTIVE);
+    dc->mte_active[1] = EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE);
     dc->vec_len = 0;
     dc->vec_stride = 0;
     dc->cp_regs = arm_cpu->cp_regs;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
      *   emit code to generate a software step exception
      *   end the TB
      */
-    dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
+    dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
+    dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
     dc->is_ldex = false;
-    dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
+    dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
 
     /* Bound the number of insns to execute to those left on the page.  */
     bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      */
     dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
                                !arm_el_is_aa64(env, 3);
-    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_AM32, THUMB);
-    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
-    condexec = FIELD_EX32(tb_flags, TBFLAG_AM32, CONDEXEC);
+    dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB);
+    dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
+    condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC);
     dc->condexec_mask = (condexec & 0xf) << 1;
     dc->condexec_cond = condexec >> 4;
 
-    core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
+    core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX);
     dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
     dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
 #if !defined(CONFIG_USER_ONLY)
     dc->user = (dc->current_el == 0);
 #endif
-    dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
+    dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
 
     if (arm_feature(env, ARM_FEATURE_M)) {
         dc->vfp_enabled = 1;
         dc->be_data = MO_TE;
-        dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_M32, HANDLER);
+        dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER);
         dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
             regime_is_secure(env, dc->mmu_idx);
-        dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_M32, STACKCHECK);
-        dc->v8m_fpccr_s_wrong =
-            FIELD_EX32(tb_flags, TBFLAG_M32, FPCCR_S_WRONG);
+        dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK);
+        dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG);
         dc->v7m_new_fp_ctxt_needed =
-            FIELD_EX32(tb_flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED);
-        dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_M32, LSPACT);
+            EX_TBFLAG_M32(tb_flags, NEW_FP_CTXT_NEEDED);
+        dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT);
     } else {
-        dc->be_data =
-            FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
-        dc->debug_target_el =
-            FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
-        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR__B);
-        dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE);
-        dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
-        dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
+        dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
+        dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B);
+        dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE);
+        dc->ns = EX_TBFLAG_A32(tb_flags, NS);
+        dc->vfp_enabled = EX_TBFLAG_A32(tb_flags, VFPEN);
         if (arm_feature(env, ARM_FEATURE_XSCALE)) {
-            dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
+            dc->c15_cpar = EX_TBFLAG_A32(tb_flags, XSCALE_CPAR);
         } else {
-            dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
-            dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
+            dc->vec_len = EX_TBFLAG_A32(tb_flags, VECLEN);
+            dc->vec_stride = EX_TBFLAG_A32(tb_flags, VECSTRIDE);
         }
     }
     dc->cp_regs = cpu->cp_regs;
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      *   emit code to generate a software step exception
      *   end the TB
      */
-    dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-    dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE__SS);
+    dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
+    dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
     dc->is_ldex = false;
 
     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
     DisasContext dc = { };
     const TranslatorOps *ops = &arm_translator_ops;
 
-    if (FIELD_EX32(tb->flags, TBFLAG_AM32, THUMB)) {
+    if (EX_TBFLAG_AM32(tb->flags, THUMB)) {
         ops = &thumb_translator_ops;
     }
 #ifdef TARGET_AARCH64
-    if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
+    if (EX_TBFLAG_ANY(tb->flags, AARCH64_STATE)) {
         ops = &aarch64_translator_ops;
     }
 #endif
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

In preparation for splitting tb->flags across multiple
fields, introduce a structure to hold the value(s).
So far this only migrates the one uint32_t and fixes
all of the places that require adjustment to match.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h           | 26 ++++++++++++---------
 target/arm/translate.h     | 11 +++++++++
 target/arm/helper.c        | 48 +++++++++++++++++++++-----------------
 target/arm/translate-a64.c |  2 +-
 target/arm/translate.c     |  7 +++---
 5 files changed, 57 insertions(+), 37 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef struct ARMPACKey {
 } ARMPACKey;
 #endif
 
+/* See the commentary above the TBFLAG field definitions.  */
+typedef struct CPUARMTBFlags {
+    uint32_t flags;
+} CPUARMTBFlags;
 
 typedef struct CPUARMState {
     /* Regs for current mode.  */
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
     uint32_t aarch64; /* 1 if CPU is in aarch64 state; inverse of PSTATE.nRW */
 
     /* Cached TBFLAGS state.  See below for which bits are included.  */
-    uint32_t hflags;
+    CPUARMTBFlags hflags;
 
     /* Frequently accessed CPSR bits are stored separately for efficiency.
        This contains all the other bits.  Use cpsr_{read,write} to access
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A64, MTE0_ACTIVE, 19, 1)
  * Helpers for using the above.
  */
 #define DP_TBFLAG_ANY(DST, WHICH, VAL) \
-    (DST = FIELD_DP32(DST, TBFLAG_ANY, WHICH, VAL))
+    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_ANY, WHICH, VAL))
 #define DP_TBFLAG_A64(DST, WHICH, VAL) \
-    (DST = FIELD_DP32(DST, TBFLAG_A64, WHICH, VAL))
+    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A64, WHICH, VAL))
 #define DP_TBFLAG_A32(DST, WHICH, VAL) \
-    (DST = FIELD_DP32(DST, TBFLAG_A32, WHICH, VAL))
+    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_A32, WHICH, VAL))
 #define DP_TBFLAG_M32(DST, WHICH, VAL) \
-    (DST = FIELD_DP32(DST, TBFLAG_M32, WHICH, VAL))
+    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_M32, WHICH, VAL))
 #define DP_TBFLAG_AM32(DST, WHICH, VAL) \
-    (DST = FIELD_DP32(DST, TBFLAG_AM32, WHICH, VAL))
+    (DST.flags = FIELD_DP32(DST.flags, TBFLAG_AM32, WHICH, VAL))
 
-#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN, TBFLAG_ANY, WHICH)
-#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A64, WHICH)
-#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_A32, WHICH)
-#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN, TBFLAG_M32, WHICH)
-#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN, TBFLAG_AM32, WHICH)
+#define EX_TBFLAG_ANY(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_ANY, WHICH)
+#define EX_TBFLAG_A64(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A64, WHICH)
+#define EX_TBFLAG_A32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_A32, WHICH)
+#define EX_TBFLAG_M32(IN, WHICH)   FIELD_EX32(IN.flags, TBFLAG_M32, WHICH)
+#define EX_TBFLAG_AM32(IN, WHICH)  FIELD_EX32(IN.flags, TBFLAG_AM32, WHICH)
 
 /**
  * cpu_mmu_index:
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef void CryptoThreeOpIntFn(TCGv_ptr, TCGv_ptr, TCGv_i32);
 typedef void CryptoThreeOpFn(TCGv_ptr, TCGv_ptr, TCGv_ptr);
 typedef void AtomicThreeOpFn(TCGv_i64, TCGv_i64, TCGv_i64, TCGArg, MemOp);
 
+/**
+ * arm_tbflags_from_tb:
+ * @tb: the TranslationBlock
+ *
+ * Extract the flag values from @tb.
+ */
+static inline CPUARMTBFlags arm_tbflags_from_tb(const TranslationBlock *tb)
+{
+    return (CPUARMTBFlags){ tb->flags };
+}
+
 /*
  * Enum for argument to fpstatus_ptr().
  */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
 }
 #endif
 
-static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
-                                      ARMMMUIdx mmu_idx, uint32_t flags)
+static CPUARMTBFlags rebuild_hflags_common(CPUARMState *env, int fp_el,
+                                           ARMMMUIdx mmu_idx,
+                                           CPUARMTBFlags flags)
 {
     DP_TBFLAG_ANY(flags, FPEXC_EL, fp_el);
     DP_TBFLAG_ANY(flags, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
     return flags;
 }
 
-static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
-                                         ARMMMUIdx mmu_idx, uint32_t flags)
+static CPUARMTBFlags rebuild_hflags_common_32(CPUARMState *env, int fp_el,
+                                              ARMMMUIdx mmu_idx,
+                                              CPUARMTBFlags flags)
 {
     bool sctlr_b = arm_sctlr_b(env);
 
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
 
-static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
-                                   ARMMMUIdx mmu_idx)
+static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
+                                        ARMMMUIdx mmu_idx)
 {
-    uint32_t flags = 0;
+    CPUARMTBFlags flags = {};
 
     if (arm_v7m_is_handler_mode(env)) {
         DP_TBFLAG_M32(flags, HANDLER, 1);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
-static uint32_t rebuild_hflags_aprofile(CPUARMState *env)
+static CPUARMTBFlags rebuild_hflags_aprofile(CPUARMState *env)
 {
-    int flags = 0;
+    CPUARMTBFlags flags = {};
 
     DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
     return flags;
 }
 
-static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
-                                   ARMMMUIdx mmu_idx)
+static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
+                                        ARMMMUIdx mmu_idx)
 {
-    uint32_t flags = rebuild_hflags_aprofile(env);
+    CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
 
     if (arm_el_is_aa64(env, 1)) {
         DP_TBFLAG_A32(flags, VFPEN, 1);
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
-static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
-                                   ARMMMUIdx mmu_idx)
+static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
+                                        ARMMMUIdx mmu_idx)
 {
-    uint32_t flags = rebuild_hflags_aprofile(env);
+    CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
     ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
     uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
     uint64_t sctlr;
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
 
-static uint32_t rebuild_hflags_internal(CPUARMState *env)
+static CPUARMTBFlags rebuild_hflags_internal(CPUARMState *env)
 {
     int el = arm_current_el(env);
     int fp_el = fp_exception_el(env, el);
@@ -XXX,XX +XXX,XX @@ void HELPER(rebuild_hflags_m32_newel)(CPUARMState *env)
     int el = arm_current_el(env);
     int fp_el = fp_exception_el(env, el);
     ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
+
     env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx);
 }
 
@@ -XXX,XX +XXX,XX @@ void HELPER(rebuild_hflags_a64)(CPUARMState *env, int el)
 static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
 {
 #ifdef CONFIG_DEBUG_TCG
-    uint32_t env_flags_current = env->hflags;
-    uint32_t env_flags_rebuilt = rebuild_hflags_internal(env);
+    CPUARMTBFlags c = env->hflags;
+    CPUARMTBFlags r = rebuild_hflags_internal(env);
 
-    if (unlikely(env_flags_current != env_flags_rebuilt)) {
+    if (unlikely(c.flags != r.flags)) {
         fprintf(stderr, "TCG hflags mismatch (current:0x%08x rebuilt:0x%08x)\n",
-                env_flags_current, env_flags_rebuilt);
+                c.flags, r.flags);
         abort();
     }
 #endif
@@ -XXX,XX +XXX,XX @@ static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
-    uint32_t flags = env->hflags;
+    CPUARMTBFlags flags;
 
     *cs_base = 0;
     assert_hflags_rebuild_correctly(env);
+    flags = env->hflags;
 
     if (EX_TBFLAG_ANY(flags, AARCH64_STATE)) {
         *pc = env->pc;
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         DP_TBFLAG_ANY(flags, PSTATE__SS, 1);
     }
 
-    *pflags = flags;
+    *pflags = flags.flags;
 }
 
 #ifdef TARGET_AARCH64
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     DisasContext *dc = container_of(dcbase, DisasContext, base);
     CPUARMState *env = cpu->env_ptr;
     ARMCPU *arm_cpu = env_archcpu(env);
-    uint32_t tb_flags = dc->base.tb->flags;
+    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb);
     int bound, core_mmu_idx;
 
     dc->isar = &arm_cpu->isar;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     DisasContext *dc = container_of(dcbase, DisasContext, base);
     CPUARMState *env = cs->env_ptr;
     ARMCPU *cpu = env_archcpu(env);
-    uint32_t tb_flags = dc->base.tb->flags;
+    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb);
     uint32_t condexec, core_mmu_idx;
 
     dc->isar = &cpu->isar;
@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
 {
     DisasContext dc = { };
     const TranslatorOps *ops = &arm_translator_ops;
+    CPUARMTBFlags tb_flags = arm_tbflags_from_tb(tb);
 
-    if (EX_TBFLAG_AM32(tb->flags, THUMB)) {
+    if (EX_TBFLAG_AM32(tb_flags, THUMB)) {
         ops = &thumb_translator_ops;
     }
 #ifdef TARGET_AARCH64
-    if (EX_TBFLAG_ANY(tb->flags, AARCH64_STATE)) {
+    if (EX_TBFLAG_ANY(tb_flags, AARCH64_STATE)) {
         ops = &aarch64_translator_ops;
     }
 #endif
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Now that we have all of the proper macros defined, expanding
the CPUARMTBFlags structure and populating the two TB fields
is relatively simple.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h       | 49 ++++++++++++++++++++++++------------------
 target/arm/translate.h |  2 +-
 target/arm/helper.c    | 10 +++++----
 3 files changed, 35 insertions(+), 26 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Now that these bits have been moved out of tb->flags,
where TBFLAG_ANY was filling from the top, move AM32
to fill from the top, and A32 and M32 to fill from the
bottom.  This means fewer changes when adding new bits.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
  *
  * The bits for 32-bit A-profile and M-profile partially overlap:
  *
- *  18             9              0
- * +----------------+--------------+
- * |   TBFLAG_A32   |              |
- * +-----+----------+  TBFLAG_AM32 |
- * |     |TBFLAG_M32|              |
- * +-----+----------+--------------+
- *     14          9              0
+ *  31         23         11 10             0
+ * +-------------+----------+----------------+
+ * |             |          |   TBFLAG_A32   |
+ * | TBFLAG_AM32 |          +-----+----------+
+ * |             |                |TBFLAG_M32|
+ * +-------------+----------------+----------+
+ *  31         23                5 4        0
  *
  * Unless otherwise noted, these bits are cached in env->hflags.
  */
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
 /*
  * Bit usage when in AArch32 state, both A- and M-profile.
  */
-FIELD(TBFLAG_AM32, CONDEXEC, 0, 8)      /* Not cached. */
-FIELD(TBFLAG_AM32, THUMB, 8, 1)         /* Not cached. */
+FIELD(TBFLAG_AM32, CONDEXEC, 24, 8)      /* Not cached. */
+FIELD(TBFLAG_AM32, THUMB, 23, 1)         /* Not cached. */
 
 /*
  * Bit usage when in AArch32 state, for A-profile only.
  */
-FIELD(TBFLAG_A32, VECLEN, 9, 3)         /* Not cached. */
-FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
+FIELD(TBFLAG_A32, VECLEN, 0, 3)         /* Not cached. */
+FIELD(TBFLAG_A32, VECSTRIDE, 3, 2)     /* Not cached. */
 /*
  * We store the bottom two bits of the CPAR as TB flags and handle
  * checks on the other bits at runtime. This shares the same bits as
  * VECSTRIDE, which is OK as no XScale CPU has VFP.
  * Not cached, because VECLEN+VECSTRIDE are not cached.
  */
-FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
-FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
-FIELD(TBFLAG_A32, SCTLR__B, 15, 1)      /* Cannot overlap with SCTLR_B */
-FIELD(TBFLAG_A32, HSTR_ACTIVE, 16, 1)
+FIELD(TBFLAG_A32, XSCALE_CPAR, 5, 2)
+FIELD(TBFLAG_A32, VFPEN, 7, 1)         /* Partially cached, minus FPEXC. */
+FIELD(TBFLAG_A32, SCTLR__B, 8, 1)      /* Cannot overlap with SCTLR_B */
+FIELD(TBFLAG_A32, HSTR_ACTIVE, 9, 1)
 /*
  * Indicates whether cp register reads and writes by guest code should access
  * the secure or nonsecure bank of banked registers; note that this is not
  * the same thing as the current security state of the processor!
  */
-FIELD(TBFLAG_A32, NS, 17, 1)
+FIELD(TBFLAG_A32, NS, 10, 1)
 
 /*
  * Bit usage when in AArch32 state, for M-profile only.
  */
 /* Handler (ie not Thread) mode */
-FIELD(TBFLAG_M32, HANDLER, 9, 1)
+FIELD(TBFLAG_M32, HANDLER, 0, 1)
 /* Whether we should generate stack-limit checks */
-FIELD(TBFLAG_M32, STACKCHECK, 10, 1)
+FIELD(TBFLAG_M32, STACKCHECK, 1, 1)
 /* Set if FPCCR.LSPACT is set */
-FIELD(TBFLAG_M32, LSPACT, 11, 1)                 /* Not cached. */
+FIELD(TBFLAG_M32, LSPACT, 2, 1)                 /* Not cached. */
 /* Set if we must create a new FP context */
-FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 12, 1)     /* Not cached. */
+FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 3, 1)     /* Not cached. */
 /* Set if FPCCR.S does not match current security state */
-FIELD(TBFLAG_M32, FPCCR_S_WRONG, 13, 1)          /* Not cached. */
+FIELD(TBFLAG_M32, FPCCR_S_WRONG, 4, 1)          /* Not cached. */
 
 /*
  * Bit usage when in AArch64 state
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Now that other bits have been moved out of tb->flags,
there's no point in filling from the top.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef ARMCPU ArchCPU;
  *
  * Unless otherwise noted, these bits are cached in env->hflags.
  */
-FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
-FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
-FIELD(TBFLAG_ANY, PSTATE__SS, 29, 1)    /* Not cached. */
-FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
-FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
+FIELD(TBFLAG_ANY, AARCH64_STATE, 0, 1)
+FIELD(TBFLAG_ANY, SS_ACTIVE, 1, 1)
+FIELD(TBFLAG_ANY, PSTATE__SS, 2, 1)      /* Not cached. */
+FIELD(TBFLAG_ANY, BE_DATA, 3, 1)
+FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
 /* Target EL if we take a floating-point-disabled exception */
-FIELD(TBFLAG_ANY, FPEXC_EL, 22, 2)
+FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
 /* For A-profile only, target EL for debug exceptions.  */
-FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
+FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
 
 /*
  * Bit usage when in AArch32 state, both A- and M-profile.
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Use this to signal when memory access alignment is required.
This value comes from the CCR register for M-profile, and
from the SCTLR register for A-profile.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h           |  2 ++
 target/arm/translate.h     |  2 ++
 target/arm/helper.c        | 19 +++++++++++++++++--
 target/arm/translate-a64.c |  1 +
 target/arm/translate.c     |  7 +++----
 5 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
 FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
 /* For A-profile only, target EL for debug exceptions.  */
 FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
+/* Memory operations require alignment: SCTLR_ELx.A or CCR.UNALIGN_TRP */
+FIELD(TBFLAG_ANY, ALIGN_MEM, 12, 1)
 
 /*
  * Bit usage when in AArch32 state, both A- and M-profile.
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
     bool bt;
     /* True if any CP15 access is trapped by HSTR_EL2 */
     bool hstr_active;
+    /* True if memory operations require alignment */
+    bool align_mem;
     /*
      * >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
      *  < 0, set by the current instruction.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
                                         ARMMMUIdx mmu_idx)
 {
     CPUARMTBFlags flags = {};
+    uint32_t ccr = env->v7m.ccr[env->v7m.secure];
+
+    /* Without HaveMainExt, CCR.UNALIGN_TRP is RES1. */
+    if (ccr & R_V7M_CCR_UNALIGN_TRP_MASK) {
+        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
+    }
 
     if (arm_v7m_is_handler_mode(env)) {
         DP_TBFLAG_M32(flags, HANDLER, 1);
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
      */
     if (arm_feature(env, ARM_FEATURE_V8) &&
         !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
-          (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
+          (ccr & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
         DP_TBFLAG_M32(flags, STACKCHECK, 1);
     }
 
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
                                         ARMMMUIdx mmu_idx)
 {
     CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
+    int el = arm_current_el(env);
+
+    if (arm_sctlr(env, el) & SCTLR_A) {
+        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
+    }
 
     if (arm_el_is_aa64(env, 1)) {
         DP_TBFLAG_A32(flags, VFPEN, 1);
     }
 
-    if (arm_current_el(env) < 2 && env->cp15.hstr_el2 &&
+    if (el < 2 && env->cp15.hstr_el2 &&
         (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
         DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
     }
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
 
     sctlr = regime_sctlr(env, stage1);
 
+    if (sctlr & SCTLR_A) {
+        DP_TBFLAG_ANY(flags, ALIGN_MEM, 1);
+    }
+
     if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
         DP_TBFLAG_ANY(flags, BE_DATA, 1);
     }
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     dc->user = (dc->current_el == 0);
 #endif
     dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
+    dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
     dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
     dc->sve_len = (EX_TBFLAG_A64(tb_flags, ZCR_LEN) + 1) * 16;
     dc->pauth_active = EX_TBFLAG_A64(tb_flags, PAUTH_ACTIVE);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
 {
     TCGv addr;
 
-    if (arm_dc_feature(s, ARM_FEATURE_M) &&
-        !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
+    if (s->align_mem) {
         opc |= MO_ALIGN;
     }
 
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
 {
     TCGv addr;
 
-    if (arm_dc_feature(s, ARM_FEATURE_M) &&
-        !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
+    if (s->align_mem) {
         opc |= MO_ALIGN;
     }
 
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     dc->user = (dc->current_el == 0);
 #endif
     dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
+    dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
 
     if (arm_feature(env, ARM_FEATURE_M)) {
         dc->vfp_enabled = 1;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Create a finalize_memop function that computes alignment and
endianness and returns the final MemOp for the operation.

Split out gen_aa32_{ld,st}_internal_i32 which bypasses any special
handling of endianness or alignment.  Adjust gen_aa32_{ld,st}_i32
so that s->be_data is not added by the callers.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.h          |  24 ++++++++
 target/arm/translate.c          | 100 +++++++++++++++++---------------
 target/arm/translate-neon.c.inc |   9 +--
 3 files changed, 79 insertions(+), 54 deletions(-)

diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ static inline TCGv_ptr fpstatus_ptr(ARMFPStatusFlavour flavour)
     return statusptr;
 }
 
+/**
+ * finalize_memop:
+ * @s: DisasContext
+ * @opc: size+sign+align of the memory operation
+ *
+ * Build the complete MemOp for a memory operation, including alignment
+ * and endianness.
+ *
+ * If (op & MO_AMASK) then the operation already contains the required
+ * alignment, e.g. for AccType_ATOMIC.  Otherwise, this an optionally
+ * unaligned operation, e.g. for AccType_NORMAL.
+ *
+ * In the latter case, there are configuration bits that require alignment,
+ * and this is applied here.  Note that there is no way to indicate that
+ * no alignment should ever be enforced; this must be handled manually.
+ */
+static inline MemOp finalize_memop(DisasContext *s, MemOp opc)
+{
+    if (s->align_mem && !(opc & MO_AMASK)) {
+        opc |= MO_ALIGN;
+    }
+    return opc | s->be_data;
+}
+
 #endif /* TARGET_ARM_TRANSLATE_H */
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
 #define IS_USER_ONLY 0
 #endif
 
-/* Abstractions of "generate code to do a guest load/store for
+/*
+ * Abstractions of "generate code to do a guest load/store for
  * AArch32", where a vaddr is always 32 bits (and is zero
  * extended if we're a 64 bit core) and  data is also
  * 32 bits unless specifically doing a 64 bit access.
@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
  * that the address argument is TCGv_i32 rather than TCGv.
  */
 
-static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
+static TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
 {
     TCGv addr = tcg_temp_new();
     tcg_gen_extu_i32_tl(addr, a32);
@@ -XXX,XX +XXX,XX @@ static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
     return addr;
 }
 
+/*
+ * Internal routines are used for NEON cases where the endianness
+ * and/or alignment has already been taken into account and manipulated.
+ */
+static void gen_aa32_ld_internal_i32(DisasContext *s, TCGv_i32 val,
+                                     TCGv_i32 a32, int index, MemOp opc)
+{
+    TCGv addr = gen_aa32_addr(s, a32, opc);
+    tcg_gen_qemu_ld_i32(val, addr, index, opc);
+    tcg_temp_free(addr);
+}
+
+static void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val,
+                                     TCGv_i32 a32, int index, MemOp opc)
+{
+    TCGv addr = gen_aa32_addr(s, a32, opc);
+    tcg_gen_qemu_st_i32(val, addr, index, opc);
+    tcg_temp_free(addr);
+}
+
 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
                             int index, MemOp opc)
 {
-    TCGv addr;
-
-    if (s->align_mem) {
-        opc |= MO_ALIGN;
-    }
-
-    addr = gen_aa32_addr(s, a32, opc);
-    tcg_gen_qemu_ld_i32(val, addr, index, opc);
-    tcg_temp_free(addr);
+    gen_aa32_ld_internal_i32(s, val, a32, index, finalize_memop(s, opc));
 }
 
 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
                             int index, MemOp opc)
 {
-    TCGv addr;
+    gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc));
+}
 
-    if (s->align_mem) {
-        opc |= MO_ALIGN;
+#define DO_GEN_LD(SUFF, OPC)                                            \
+    static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
+                                         TCGv_i32 a32, int index)       \
+    {                                                                   \
+        gen_aa32_ld_i32(s, val, a32, index, OPC);                       \
     }
 
-    addr = gen_aa32_addr(s, a32, opc);
-    tcg_gen_qemu_st_i32(val, addr, index, opc);
-    tcg_temp_free(addr);
-}
-
-#define DO_GEN_LD(SUFF, OPC)                                             \
-static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val,      \
-                                     TCGv_i32 a32, int index)            \
-{                                                                        \
-    gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);               \
-}
-
-#define DO_GEN_ST(SUFF, OPC)                                             \
-static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val,      \
-                                     TCGv_i32 a32, int index)            \
-{                                                                        \
-    gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);               \
-}
+#define DO_GEN_ST(SUFF, OPC)                                            \
+    static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
+                                         TCGv_i32 a32, int index)       \
+    {                                                                   \
+        gen_aa32_st_i32(s, val, a32, index, OPC);                       \
+    }
 
 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
 {
@@ -XXX,XX +XXX,XX @@ static bool op_load_rr(DisasContext *s, arg_ldst_rr *a,
     addr = op_addr_rr_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop);
     disas_set_da_iss(s, mop, issinfo);
 
     /*
@@ -XXX,XX +XXX,XX @@ static bool op_store_rr(DisasContext *s, arg_ldst_rr *a,
     addr = op_addr_rr_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop);
     disas_set_da_iss(s, mop, issinfo);
     tcg_temp_free_i32(tmp);
 
@@ -XXX,XX +XXX,XX @@ static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a)
     addr = op_addr_rr_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
     store_reg(s, a->rt, tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
     store_reg(s, a->rt + 1, tmp);
 
     /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a)
     addr = op_addr_rr_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
     tcg_temp_free_i32(tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = load_reg(s, a->rt + 1);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
     tcg_temp_free_i32(tmp);
 
     op_addr_rr_post(s, a, addr, -4);
@@ -XXX,XX +XXX,XX @@ static bool op_load_ri(DisasContext *s, arg_ldst_ri *a,
     addr = op_addr_ri_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop);
     disas_set_da_iss(s, mop, issinfo);
 
     /*
@@ -XXX,XX +XXX,XX @@ static bool op_store_ri(DisasContext *s, arg_ldst_ri *a,
     addr = op_addr_ri_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, mop);
     disas_set_da_iss(s, mop, issinfo);
     tcg_temp_free_i32(tmp);
 
@@ -XXX,XX +XXX,XX @@ static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
     addr = op_addr_ri_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
     store_reg(s, a->rt, tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
     store_reg(s, rt2, tmp);
 
     /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
     addr = op_addr_ri_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
     tcg_temp_free_i32(tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = load_reg(s, rt2);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
     tcg_temp_free_i32(tmp);
 
     op_addr_ri_post(s, a, addr, -4);
@@ -XXX,XX +XXX,XX @@ static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop)
     addr = load_reg(s, a->rn);
     tmp = load_reg(s, a->rt);
     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
-    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | s->be_data);
+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop);
     disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite);
 
     tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop)
 
     addr = load_reg(s, a->rn);
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | s->be_data);
+    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
     disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel);
     tcg_temp_free_i32(addr);
 
@@ -XXX,XX +XXX,XX @@ static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half)
     addr = load_reg(s, a->rn);
     tcg_gen_add_i32(addr, addr, tmp);
 
-    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
-                    half ? MO_UW | s->be_data : MO_UB);
+    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), half ? MO_UW : MO_UB);
     tcg_temp_free_i32(addr);
 
     tcg_gen_add_i32(tmp, tmp, tmp);
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
     addr = tcg_temp_new_i32();
     load_reg_var(s, addr, a->rn);
     for (reg = 0; reg < nregs; reg++) {
-        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
-                        s->be_data | size);
+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), size);
         if ((vd & 1) && vec_size == 16) {
             /*
              * We cannot write 16 bytes at once because the
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
      */
     for (reg = 0; reg < nregs; reg++) {
         if (a->l) {
-            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
-                            s->be_data | a->size);
+            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), a->size);
             neon_store_element(vd, a->reg_idx, a->size, tmp);
         } else { /* Store */
             neon_load_element(tmp, vd, a->reg_idx, a->size);
-            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
-                            s->be_data | a->size);
+            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), a->size);
         }
         vd += a->stride;
         tcg_gen_addi_i32(addr, addr, 1 << a->size);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

This is the only caller.  Adjust some commentary to talk
about SCTLR_B instead of the vanishing function.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 37 ++++++++++++++++---------------------
 1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
         gen_aa32_st_i32(s, val, a32, index, OPC);                       \
     }
 
-static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
-{
-    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-    if (!IS_USER_ONLY && s->sctlr_b) {
-        tcg_gen_rotri_i64(val, val, 32);
-    }
-}
-
 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
                             int index, MemOp opc)
 {
     TCGv addr = gen_aa32_addr(s, a32, opc);
     tcg_gen_qemu_ld_i64(val, addr, index, opc);
-    gen_aa32_frob64(s, val);
+
+    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
+    if (!IS_USER_ONLY && s->sctlr_b) {
+        tcg_gen_rotri_i64(val, val, 32);
+    }
+
     tcg_temp_free(addr);
 }
 
@@ -XXX,XX +XXX,XX @@ static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
         TCGv_i32 tmp2 = tcg_temp_new_i32();
         TCGv_i64 t64 = tcg_temp_new_i64();
 
-        /* For AArch32, architecturally the 32-bit word at the lowest
+        /*
+         * For AArch32, architecturally the 32-bit word at the lowest
          * address is always Rt and the one at addr+4 is Rt2, even if
          * the CPU is big-endian. That means we don't want to do a
-         * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
-         * for an architecturally 64-bit access, but instead do a
-         * 64-bit access using MO_BE if appropriate and then split
-         * the two halves.
-         * This only makes a difference for BE32 user-mode, where
-         * frob64() must not flip the two halves of the 64-bit data
-         * but this code must treat BE32 user-mode like BE32 system.
+         * gen_aa32_ld_i64(), which checks SCTLR_B as if for an
+         * architecturally 64-bit access, but instead do a 64-bit access
+         * using MO_BE if appropriate and then split the two halves.
          */
         TCGv taddr = gen_aa32_addr(s, addr, opc);
 
@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
         TCGv_i64 n64 = tcg_temp_new_i64();
 
         t2 = load_reg(s, rt2);
-        /* For AArch32, architecturally the 32-bit word at the lowest
+
+        /*
+         * For AArch32, architecturally the 32-bit word at the lowest
          * address is always Rt and the one at addr+4 is Rt2, even if
          * the CPU is big-endian. Since we're going to treat this as a
          * single 64-bit BE store, we need to put the two halves in the
          * opposite order for BE to LE, so that they end up in the right
-         * places.
-         * We don't want gen_aa32_frob64() because that does the wrong
-         * thing for BE32 usermode.
+         * places.  We don't want gen_aa32_st_i64, because that checks
+         * SCTLR_B as if for an architectural 64-bit access.
          */
         if (s->be_data == MO_BE) {
             tcg_gen_concat_i32_i64(n64, t2, t1);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Just because operating on a TCGv_i64 temporary does not
mean that we're performing a 64-bit operation.  Restrict
the frobbing to actual 64-bit operations.

This bug is not currently visible because all current
users of these two functions always pass MO_64.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
     tcg_gen_qemu_ld_i64(val, addr, index, opc);
 
     /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-    if (!IS_USER_ONLY && s->sctlr_b) {
+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
         tcg_gen_rotri_i64(val, val, 32);
     }
 
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
     TCGv addr = gen_aa32_addr(s, a32, opc);
 
     /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-    if (!IS_USER_ONLY && s->sctlr_b) {
+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
         TCGv_i64 tmp = tcg_temp_new_i64();
         tcg_gen_rotri_i64(tmp, val, 32);
         tcg_gen_qemu_st_i64(tmp, addr, index, opc);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Adjust the interface to match what has been done to the
TCGv_i32 load/store functions.

This is less obvious, because at present the only user of
these functions, trans_VLDST_multiple, also wants to manipulate
the endianness to speed up loading multiple bytes.  Thus we
retain an "internal" interface which is identical to the
current gen_aa32_{ld,st}_i64 interface.

The "new" interface will gain users as we remove the legacy
interfaces, gen_aa32_ld64 and gen_aa32_st64.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c          | 78 +++++++++++++++++++--------------
 target/arm/translate-neon.c.inc |  6 ++-
 2 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val,
     tcg_temp_free(addr);
 }
 
+static void gen_aa32_ld_internal_i64(DisasContext *s, TCGv_i64 val,
+                                     TCGv_i32 a32, int index, MemOp opc)
+{
+    TCGv addr = gen_aa32_addr(s, a32, opc);
+
+    tcg_gen_qemu_ld_i64(val, addr, index, opc);
+
+    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
+        tcg_gen_rotri_i64(val, val, 32);
+    }
+    tcg_temp_free(addr);
+}
+
+static void gen_aa32_st_internal_i64(DisasContext *s, TCGv_i64 val,
+                                     TCGv_i32 a32, int index, MemOp opc)
+{
+    TCGv addr = gen_aa32_addr(s, a32, opc);
+
+    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
+    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
+        TCGv_i64 tmp = tcg_temp_new_i64();
+        tcg_gen_rotri_i64(tmp, val, 32);
+        tcg_gen_qemu_st_i64(tmp, addr, index, opc);
+        tcg_temp_free_i64(tmp);
+    } else {
+        tcg_gen_qemu_st_i64(val, addr, index, opc);
+    }
+    tcg_temp_free(addr);
+}
+
 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
                             int index, MemOp opc)
 {
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
     gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc));
 }
 
+static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
+                            int index, MemOp opc)
+{
+    gen_aa32_ld_internal_i64(s, val, a32, index, finalize_memop(s, opc));
+}
+
+static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
+                            int index, MemOp opc)
+{
+    gen_aa32_st_internal_i64(s, val, a32, index, finalize_memop(s, opc));
+}
+
 #define DO_GEN_LD(SUFF, OPC)                                            \
     static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
                                          TCGv_i32 a32, int index)       \
@@ -XXX,XX +XXX,XX @@ static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
         gen_aa32_st_i32(s, val, a32, index, OPC);                       \
     }
 
-static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
-                            int index, MemOp opc)
-{
-    TCGv addr = gen_aa32_addr(s, a32, opc);
-    tcg_gen_qemu_ld_i64(val, addr, index, opc);
-
-    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
-        tcg_gen_rotri_i64(val, val, 32);
-    }
-
-    tcg_temp_free(addr);
-}
-
 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
                                  TCGv_i32 a32, int index)
 {
-    gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
-}
-
-static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
-                            int index, MemOp opc)
-{
-    TCGv addr = gen_aa32_addr(s, a32, opc);
-
-    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
-    if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) {
-        TCGv_i64 tmp = tcg_temp_new_i64();
-        tcg_gen_rotri_i64(tmp, val, 32);
-        tcg_gen_qemu_st_i64(tmp, addr, index, opc);
-        tcg_temp_free_i64(tmp);
-    } else {
-        tcg_gen_qemu_st_i64(val, addr, index, opc);
-    }
-    tcg_temp_free(addr);
+    gen_aa32_ld_i64(s, val, a32, index, MO_Q);
 }
 
 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
                                  TCGv_i32 a32, int index)
 {
-    gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
+    gen_aa32_st_i64(s, val, a32, index, MO_Q);
 }
 
 DO_GEN_LD(8u, MO_UB)
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
                 int tt = a->vd + reg + spacing * xs;
 
                 if (a->l) {
-                    gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
+                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx,
+                                             endian | size);
                     neon_store_element64(tt, n, size, tmp64);
                 } else {
                     neon_load_element64(tmp64, tt, n, size);
-                    gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
+                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx,
+                                             endian | size);
                 }
                 tcg_gen_add_i32(addr, addr, tmp);
             }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Buglink: https://bugs.launchpad.net/qemu/+bug/1905356
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-16-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a)
     addr = op_addr_rr_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     store_reg(s, a->rt, tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     store_reg(s, a->rt + 1, tmp);
 
     /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a)
     addr = op_addr_rr_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = load_reg(s, a->rt + 1);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
 
     op_addr_rr_post(s, a, addr, -4);
@@ -XXX,XX +XXX,XX @@ static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
     addr = op_addr_ri_pre(s, a);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     store_reg(s, a->rt, tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     store_reg(s, rt2, tmp);
 
     /* LDRD w/ base writeback is undefined if the registers overlap.  */
@@ -XXX,XX +XXX,XX @@ static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2)
     addr = op_addr_ri_pre(s, a);
 
     tmp = load_reg(s, a->rt);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
 
     tcg_gen_addi_i32(addr, addr, 4);
 
     tmp = load_reg(s, rt2);
-    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL);
+    gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
 
     op_addr_ri_post(s, a, addr, -4);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop)
     addr = load_reg(s, a->rn);
     tmp = load_reg(s, a->rt);
     tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
-    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop);
+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN);
     disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite);
 
     tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop)
 
     addr = load_reg(s, a->rn);
     tmp = tcg_temp_new_i32();
-    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
+    gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN);
     disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel);
     tcg_temp_free_i32(addr);
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool op_stm(DisasContext *s, arg_ldst_block *a, int min_n)
         } else {
             tmp = load_reg(s, i);
         }
-        gen_aa32_st32(s, tmp, addr, mem_idx);
+        gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
         tcg_temp_free_i32(tmp);
 
         /* No need to add after the last transfer.  */
@@ -XXX,XX +XXX,XX @@ static bool do_ldm(DisasContext *s, arg_ldst_block *a, int min_n)
         }
 
         tmp = tcg_temp_new_i32();
-        gen_aa32_ld32u(s, tmp, addr, mem_idx);
+        gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN);
         if (user) {
             tmp2 = tcg_const_i32(i);
             gen_helper_set_user_reg(cpu_env, tmp2, tmp);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static bool trans_RFE(DisasContext *s, arg_RFE *a)
 
     /* Load PC into tmp and CPSR into tmp2.  */
     t1 = tcg_temp_new_i32();
-    gen_aa32_ld32u(s, t1, addr, get_mem_index(s));
+    gen_aa32_ld_i32(s, t1, addr, get_mem_index(s), MO_UL | MO_ALIGN);
     tcg_gen_addi_i32(addr, addr, 4);
     t2 = tcg_temp_new_i32();
-    gen_aa32_ld32u(s, t2, addr, get_mem_index(s));
+    gen_aa32_ld_i32(s, t2, addr, get_mem_index(s), MO_UL | MO_ALIGN);
 
     if (a->w) {
         /* Base writeback.  */
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-20-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
     }
     tcg_gen_addi_i32(addr, addr, offset);
     tmp = load_reg(s, 14);
-    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
     tmp = load_cpu_field(spsr);
     tcg_gen_addi_i32(addr, addr, 4);
-    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
+    gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
     tcg_temp_free_i32(tmp);
     if (writeback) {
         switch (amode) {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-21-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-vfp.c.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-vfp.c.inc
+++ b/target/arm/translate-vfp.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_sp(DisasContext *s, arg_VLDM_VSTM_sp *a)
     for (i = 0; i < n; i++) {
         if (a->l) {
             /* load */
-            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
+            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
             vfp_store_reg32(tmp, a->vd + i);
         } else {
             /* store */
             vfp_load_reg32(tmp, a->vd + i);
-            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
+            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
         }
         tcg_gen_addi_i32(addr, addr, offset);
     }
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_dp(DisasContext *s, arg_VLDM_VSTM_dp *a)
     for (i = 0; i < n; i++) {
         if (a->l) {
             /* load */
-            gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
+            gen_aa32_ld_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
             vfp_store_reg64(tmp, a->vd + i);
         } else {
             /* store */
             vfp_load_reg64(tmp, a->vd + i);
-            gen_aa32_st64(s, tmp, addr, get_mem_index(s));
+            gen_aa32_st_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
         }
         tcg_gen_addi_i32(addr, addr, offset);
     }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-22-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-vfp.c.inc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-vfp.c.inc
+++ b/target/arm/translate-vfp.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_hp(DisasContext *s, arg_VLDR_VSTR_sp *a)
     addr = add_reg_for_lit(s, a->rn, offset);
     tmp = tcg_temp_new_i32();
     if (a->l) {
-        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UW | MO_ALIGN);
         vfp_store_reg32(tmp, a->vd);
     } else {
         vfp_load_reg32(tmp, a->vd);
-        gen_aa32_st16(s, tmp, addr, get_mem_index(s));
+        gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UW | MO_ALIGN);
     }
     tcg_temp_free_i32(tmp);
     tcg_temp_free_i32(addr);
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_sp(DisasContext *s, arg_VLDR_VSTR_sp *a)
     addr = add_reg_for_lit(s, a->rn, offset);
     tmp = tcg_temp_new_i32();
     if (a->l) {
-        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
         vfp_store_reg32(tmp, a->vd);
     } else {
         vfp_load_reg32(tmp, a->vd);
-        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
+        gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN);
     }
     tcg_temp_free_i32(tmp);
     tcg_temp_free_i32(addr);
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_dp(DisasContext *s, arg_VLDR_VSTR_dp *a)
     addr = add_reg_for_lit(s, a->rn, offset);
     tmp = tcg_temp_new_i64();
     if (a->l) {
-        gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
+        gen_aa32_ld_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
         vfp_store_reg64(tmp, a->vd);
     } else {
         vfp_load_reg64(tmp, a->vd);
-        gen_aa32_st64(s, tmp, addr, get_mem_index(s));
+        gen_aa32_st_i64(s, tmp, addr, get_mem_index(s), MO_Q | MO_ALIGN_4);
     }
     tcg_temp_free_i64(tmp);
     tcg_temp_free_i32(addr);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-23-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.h          |  1 +
 target/arm/translate.c          | 15 +++++++++++++
 target/arm/translate-neon.c.inc | 37 +++++++++++++++++++++++++--------
 3 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ void arm_test_cc(DisasCompare *cmp, int cc);
 void arm_free_cc(DisasCompare *cmp);
 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label);
 void arm_gen_test_cc(int cc, TCGLabel *label);
+MemOp pow2_align(unsigned i);
 
 /* Return state of Alternate Half-precision flag, caller frees result */
 static inline TCGv_i32 get_ahp_flag(void)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
 #define IS_USER_ONLY 0
 #endif
 
+MemOp pow2_align(unsigned i)
+{
+    static const MemOp mop_align[] = {
+        0, MO_ALIGN_2, MO_ALIGN_4, MO_ALIGN_8, MO_ALIGN_16,
+        /*
+         * FIXME: TARGET_PAGE_BITS_MIN affects TLB_FLAGS_MASK such
+         * that 256-bit alignment (MO_ALIGN_32) cannot be supported:
+         * see get_alignment_bits(). Enforce only 128-bit alignment for now.
+         */
+        MO_ALIGN_16
+    };
+    g_assert(i < ARRAY_SIZE(mop_align));
+    return mop_align[i];
+}
+
 /*
  * Abstractions of "generate code to do a guest load/store for
  * AArch32", where a vaddr is always 32 bits (and is zero
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
     int size = a->size;
     int nregs = a->n + 1;
     TCGv_i32 addr, tmp;
+    MemOp mop, align;
 
     if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
         return false;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
         return false;
     }
 
+    align = 0;
     if (size == 3) {
         if (nregs != 4 || a->a == 0) {
             return false;
         }
         /* For VLD4 size == 3 a == 1 means 32 bits at 16 byte alignment */
-        size = 2;
-    }
-    if (nregs == 1 && a->a == 1 && size == 0) {
-        return false;
-    }
-    if (nregs == 3 && a->a == 1) {
-        return false;
+        size = MO_32;
+        align = MO_ALIGN_16;
+    } else if (a->a) {
+        switch (nregs) {
+        case 1:
+            if (size == 0) {
+                return false;
+            }
+            align = MO_ALIGN;
+            break;
+        case 2:
+            align = pow2_align(size + 1);
+            break;
+        case 3:
+            return false;
+        case 4:
+            align = pow2_align(size + 2);
+            break;
+        default:
+            g_assert_not_reached();
+        }
     }
 
     if (!vfp_access_check(s)) {
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
      */
     stride = a->t ? 2 : 1;
     vec_size = nregs == 1 ? stride * 8 : 8;
-
+    mop = size | align;
     tmp = tcg_temp_new_i32();
     addr = tcg_temp_new_i32();
     load_reg_var(s, addr, a->rn);
     for (reg = 0; reg < nregs; reg++) {
-        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), size);
+        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop);
         if ((vd & 1) && vec_size == 16) {
             /*
              * We cannot write 16 bytes at once because the
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
         }
         tcg_gen_addi_i32(addr, addr, 1 << size);
         vd += stride;
+
+        /* Subsequent memory operations inherit alignment */
+        mop &= ~MO_AMASK;
     }
     tcg_temp_free_i32(tmp);
     tcg_temp_free_i32(addr);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-24-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-neon.c.inc | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
 {
     /* Neon load/store multiple structures */
     int nregs, interleave, spacing, reg, n;
-    MemOp endian = s->be_data;
+    MemOp mop, align, endian;
     int mmu_idx = get_mem_index(s);
     int size = a->size;
     TCGv_i64 tmp64;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
     }
 
     /* For our purposes, bytes are always little-endian.  */
+    endian = s->be_data;
     if (size == 0) {
         endian = MO_LE;
     }
+
+    /* Enforce alignment requested by the instruction */
+    if (a->align) {
+        align = pow2_align(a->align + 2); /* 4 ** a->align */
+    } else {
+        align = s->align_mem ? MO_ALIGN : 0;
+    }
+
     /*
      * Consecutive little-endian elements from a single register
      * can be promoted to a larger little-endian operation.
      */
     if (interleave == 1 && endian == MO_LE) {
+        /* Retain any natural alignment. */
+        if (align == MO_ALIGN) {
+            align = pow2_align(size);
+        }
         size = 3;
     }
+
     tmp64 = tcg_temp_new_i64();
     addr = tcg_temp_new_i32();
     tmp = tcg_const_i32(1 << size);
     load_reg_var(s, addr, a->rn);
+
+    mop = endian | size | align;
     for (reg = 0; reg < nregs; reg++) {
         for (n = 0; n < 8 >> size; n++) {
             int xs;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_multiple(DisasContext *s, arg_VLDST_multiple *a)
                 int tt = a->vd + reg + spacing * xs;
 
                 if (a->l) {
-                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx,
-                                             endian | size);
+                    gen_aa32_ld_internal_i64(s, tmp64, addr, mmu_idx, mop);
                     neon_store_element64(tt, n, size, tmp64);
                 } else {
                     neon_load_element64(tmp64, tt, n, size);
-                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx,
-                                             endian | size);
+                    gen_aa32_st_internal_i64(s, tmp64, addr, mmu_idx, mop);
                 }
                 tcg_gen_add_i32(addr, addr, tmp);
+
+                /* Subsequent memory operations inherit alignment */
+                mop &= ~MO_AMASK;
             }
         }
     }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-25-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-neon.c.inc | 48 ++++++++++++++++++++++++++++-----
 1 file changed, 42 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c.inc
+++ b/target/arm/translate-neon.c.inc
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
     int nregs = a->n + 1;
     int vd = a->vd;
     TCGv_i32 addr, tmp;
+    MemOp mop;
 
     if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
         return false;
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
         return true;
     }
 
+    /* Pick up SCTLR settings */
+    mop = finalize_memop(s, a->size);
+
+    if (a->align) {
+        MemOp align_op;
+
+        switch (nregs) {
+        case 1:
+            /* For VLD1, use natural alignment. */
+            align_op = MO_ALIGN;
+            break;
+        case 2:
+            /* For VLD2, use double alignment. */
+            align_op = pow2_align(a->size + 1);
+            break;
+        case 4:
+            if (a->size == MO_32) {
+                /*
+                 * For VLD4.32, align = 1 is double alignment, align = 2 is
+                 * quad alignment; align = 3 is rejected above.
+                 */
+                align_op = pow2_align(a->size + a->align);
+            } else {
+                /* For VLD4.8 and VLD.16, we want quad alignment. */
+                align_op = pow2_align(a->size + 2);
+            }
+            break;
+        default:
+            /* For VLD3, the alignment field is zero and rejected above. */
+            g_assert_not_reached();
+        }
+
+        mop = (mop & ~MO_AMASK) | align_op;
+    }
+
     tmp = tcg_temp_new_i32();
     addr = tcg_temp_new_i32();
     load_reg_var(s, addr, a->rn);
-    /*
-     * TODO: if we implemented alignment exceptions, we should check
-     * addr against the alignment encoded in a->align here.
-     */
+
     for (reg = 0; reg < nregs; reg++) {
         if (a->l) {
-            gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), a->size);
+            gen_aa32_ld_internal_i32(s, tmp, addr, get_mem_index(s), mop);
             neon_store_element(vd, a->reg_idx, a->size, tmp);
         } else { /* Store */
             neon_load_element(tmp, vd, a->reg_idx, a->size);
-            gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), a->size);
+            gen_aa32_st_internal_i32(s, tmp, addr, get_mem_index(s), mop);
         }
         vd += a->stride;
         tcg_gen_addi_i32(addr, addr, 1 << a->size);
+
+        /* Subsequent memory operations inherit alignment */
+        mop &= ~MO_AMASK;
     }
     tcg_temp_free_i32(addr);
     tcg_temp_free_i32(tmp);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

In the case of gpr load, merge the size and is_signed arguments;
otherwise, simply convert size to memop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-26-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 78 ++++++++++++++++----------------------
 1 file changed, 33 insertions(+), 45 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_adc_CC(int sf, TCGv_i64 dest, TCGv_i64 t0, TCGv_i64 t1)
  * Store from GPR register to memory.
  */
 static void do_gpr_st_memidx(DisasContext *s, TCGv_i64 source,
-                             TCGv_i64 tcg_addr, int size, int memidx,
+                             TCGv_i64 tcg_addr, MemOp memop, int memidx,
                              bool iss_valid,
                              unsigned int iss_srt,
                              bool iss_sf, bool iss_ar)
 {
-    g_assert(size <= 3);
-    tcg_gen_qemu_st_i64(source, tcg_addr, memidx, s->be_data + size);
+    memop = finalize_memop(s, memop);
+    tcg_gen_qemu_st_i64(source, tcg_addr, memidx, memop);
 
     if (iss_valid) {
         uint32_t syn;
 
         syn = syn_data_abort_with_iss(0,
-                                      size,
+                                      (memop & MO_SIZE),
                                       false,
                                       iss_srt,
                                       iss_sf,
@@ -XXX,XX +XXX,XX @@ static void do_gpr_st_memidx(DisasContext *s, TCGv_i64 source,
 }
 
 static void do_gpr_st(DisasContext *s, TCGv_i64 source,
-                      TCGv_i64 tcg_addr, int size,
+                      TCGv_i64 tcg_addr, MemOp memop,
                       bool iss_valid,
                       unsigned int iss_srt,
                       bool iss_sf, bool iss_ar)
 {
-    do_gpr_st_memidx(s, source, tcg_addr, size, get_mem_index(s),
+    do_gpr_st_memidx(s, source, tcg_addr, memop, get_mem_index(s),
                      iss_valid, iss_srt, iss_sf, iss_ar);
 }
 
 /*
  * Load from memory to GPR register
  */
-static void do_gpr_ld_memidx(DisasContext *s,
-                             TCGv_i64 dest, TCGv_i64 tcg_addr,
-                             int size, bool is_signed,
-                             bool extend, int memidx,
+static void do_gpr_ld_memidx(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
+                             MemOp memop, bool extend, int memidx,
                              bool iss_valid, unsigned int iss_srt,
                              bool iss_sf, bool iss_ar)
 {
-    MemOp memop = s->be_data + size;
-
-    g_assert(size <= 3);
-
-    if (is_signed) {
-        memop += MO_SIGN;
-    }
-
+    memop = finalize_memop(s, memop);
     tcg_gen_qemu_ld_i64(dest, tcg_addr, memidx, memop);
 
-    if (extend && is_signed) {
-        g_assert(size < 3);
+    if (extend && (memop & MO_SIGN)) {
+        g_assert((memop & MO_SIZE) <= MO_32);
         tcg_gen_ext32u_i64(dest, dest);
     }
 
@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld_memidx(DisasContext *s,
         uint32_t syn;
 
         syn = syn_data_abort_with_iss(0,
-                                      size,
-                                      is_signed,
+                                      (memop & MO_SIZE),
+                                      (memop & MO_SIGN) != 0,
                                       iss_srt,
                                       iss_sf,
                                       iss_ar,
@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld_memidx(DisasContext *s,
     }
 }
 
-static void do_gpr_ld(DisasContext *s,
-                      TCGv_i64 dest, TCGv_i64 tcg_addr,
-                      int size, bool is_signed, bool extend,
+static void do_gpr_ld(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
+                      MemOp memop, bool extend,
                       bool iss_valid, unsigned int iss_srt,
                       bool iss_sf, bool iss_ar)
 {
-    do_gpr_ld_memidx(s, dest, tcg_addr, size, is_signed, extend,
-                     get_mem_index(s),
+    do_gpr_ld_memidx(s, dest, tcg_addr, memop, extend, get_mem_index(s),
                      iss_valid, iss_srt, iss_sf, iss_ar);
 }
 
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
         }
         clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
                                     false, rn != 31, size);
-        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, false, true, rt,
+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, true, rt,
                   disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
         return;
@@ -XXX,XX +XXX,XX @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
         /* Only unsigned 32bit loads target 32bit registers.  */
         bool iss_sf = opc != 0;
 
-        do_gpr_ld(s, tcg_rt, clean_addr, size, is_signed, false,
-                  true, rt, iss_sf, false);
+        do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
+                  false, true, rt, iss_sf, false);
     }
     tcg_temp_free_i64(clean_addr);
 }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
             /* Do not modify tcg_rt before recognizing any exception
              * from the second load.
              */
-            do_gpr_ld(s, tmp, clean_addr, size, is_signed, false,
-                      false, 0, false, false);
+            do_gpr_ld(s, tmp, clean_addr, size + is_signed * MO_SIGN,
+                      false, false, 0, false, false);
             tcg_gen_addi_i64(clean_addr, clean_addr, 1 << size);
-            do_gpr_ld(s, tcg_rt2, clean_addr, size, is_signed, false,
-                      false, 0, false, false);
+            do_gpr_ld(s, tcg_rt2, clean_addr, size + is_signed * MO_SIGN,
+                      false, false, 0, false, false);
 
             tcg_gen_mov_i64(tcg_rt, tmp);
             tcg_temp_free_i64(tmp);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
             do_gpr_st_memidx(s, tcg_rt, clean_addr, size, memidx,
                              iss_valid, rt, iss_sf, false);
         } else {
-            do_gpr_ld_memidx(s, tcg_rt, clean_addr, size,
-                             is_signed, is_extended, memidx,
+            do_gpr_ld_memidx(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
+                             is_extended, memidx,
                              iss_valid, rt, iss_sf, false);
         }
     }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
             do_gpr_st(s, tcg_rt, clean_addr, size,
                       true, rt, iss_sf, false);
         } else {
-            do_gpr_ld(s, tcg_rt, clean_addr, size,
-                      is_signed, is_extended,
-                      true, rt, iss_sf, false);
+            do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
+                      is_extended, true, rt, iss_sf, false);
         }
     }
 }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
             do_gpr_st(s, tcg_rt, clean_addr, size,
                       true, rt, iss_sf, false);
         } else {
-            do_gpr_ld(s, tcg_rt, clean_addr, size, is_signed, is_extended,
-                      true, rt, iss_sf, false);
+            do_gpr_ld(s, tcg_rt, clean_addr, size + is_signed * MO_SIGN,
+                      is_extended, true, rt, iss_sf, false);
         }
     }
 }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
          * full load-acquire (we only need "load-acquire processor consistent"),
          * but we choose to implement them as full LDAQ.
          */
-        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, false,
+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false,
                   true, rt, disas_ldst_compute_iss_sf(size, false, 0), true);
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
         return;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
                                 is_wback || rn != 31, size);
 
     tcg_rt = cpu_reg(s, rt);
-    do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,
+    do_gpr_ld(s, tcg_rt, clean_addr, size,
               /* extend */ false, /* iss_valid */ !is_wback,
               /* iss_srt */ rt, /* iss_sf */ true, /* iss_ar */ false);
 
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
          * Load-AcquirePC semantics; we implement as the slightly more
          * restrictive Load-Acquire.
          */
-        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, is_signed, extend,
-                  true, rt, iss_sf, true);
+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size + is_signed * MO_SIGN,
+                  extend, true, rt, iss_sf, true);
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
     }
 }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

For 128-bit load/store, use 16-byte alignment.  This
requires that we perform the two operations in the
correct order so that we generate the alignment fault
before modifying memory.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-27-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 42 +++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 16 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void do_gpr_ld(DisasContext *s, TCGv_i64 dest, TCGv_i64 tcg_addr,
 static void do_fp_st(DisasContext *s, int srcidx, TCGv_i64 tcg_addr, int size)
 {
     /* This writes the bottom N bits of a 128 bit wide vector to memory */
-    TCGv_i64 tmp = tcg_temp_new_i64();
-    tcg_gen_ld_i64(tmp, cpu_env, fp_reg_offset(s, srcidx, MO_64));
+    TCGv_i64 tmplo = tcg_temp_new_i64();
+    MemOp mop;
+
+    tcg_gen_ld_i64(tmplo, cpu_env, fp_reg_offset(s, srcidx, MO_64));
+
     if (size < 4) {
-        tcg_gen_qemu_st_i64(tmp, tcg_addr, get_mem_index(s),
-                            s->be_data + size);
+        mop = finalize_memop(s, size);
+        tcg_gen_qemu_st_i64(tmplo, tcg_addr, get_mem_index(s), mop);
     } else {
         bool be = s->be_data == MO_BE;
         TCGv_i64 tcg_hiaddr = tcg_temp_new_i64();
+        TCGv_i64 tmphi = tcg_temp_new_i64();
 
+        tcg_gen_ld_i64(tmphi, cpu_env, fp_reg_hi_offset(s, srcidx));
+
+        mop = s->be_data | MO_Q;
+        tcg_gen_qemu_st_i64(be ? tmphi : tmplo, tcg_addr, get_mem_index(s),
+                            mop | (s->align_mem ? MO_ALIGN_16 : 0));
         tcg_gen_addi_i64(tcg_hiaddr, tcg_addr, 8);
-        tcg_gen_qemu_st_i64(tmp, be ? tcg_hiaddr : tcg_addr, get_mem_index(s),
-                            s->be_data | MO_Q);
-        tcg_gen_ld_i64(tmp, cpu_env, fp_reg_hi_offset(s, srcidx));
-        tcg_gen_qemu_st_i64(tmp, be ? tcg_addr : tcg_hiaddr, get_mem_index(s),
-                            s->be_data | MO_Q);
+        tcg_gen_qemu_st_i64(be ? tmplo : tmphi, tcg_hiaddr,
+                            get_mem_index(s), mop);
+
         tcg_temp_free_i64(tcg_hiaddr);
+        tcg_temp_free_i64(tmphi);
     }
 
-    tcg_temp_free_i64(tmp);
+    tcg_temp_free_i64(tmplo);
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
     /* This always zero-extends and writes to a full 128 bit wide vector */
     TCGv_i64 tmplo = tcg_temp_new_i64();
     TCGv_i64 tmphi = NULL;
+    MemOp mop;
 
     if (size < 4) {
-        MemOp memop = s->be_data + size;
-        tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), memop);
+        mop = finalize_memop(s, size);
+        tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), mop);
     } else {
         bool be = s->be_data == MO_BE;
         TCGv_i64 tcg_hiaddr;
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
         tmphi = tcg_temp_new_i64();
         tcg_hiaddr = tcg_temp_new_i64();
 
+        mop = s->be_data | MO_Q;
+        tcg_gen_qemu_ld_i64(be ? tmphi : tmplo, tcg_addr, get_mem_index(s),
+                            mop | (s->align_mem ? MO_ALIGN_16 : 0));
         tcg_gen_addi_i64(tcg_hiaddr, tcg_addr, 8);
-        tcg_gen_qemu_ld_i64(tmplo, be ? tcg_hiaddr : tcg_addr, get_mem_index(s),
-                            s->be_data | MO_Q);
-        tcg_gen_qemu_ld_i64(tmphi, be ? tcg_addr : tcg_hiaddr, get_mem_index(s),
-                            s->be_data | MO_Q);
+        tcg_gen_qemu_ld_i64(be ? tmplo : tmphi, tcg_hiaddr,
+                            get_mem_index(s), mop);
         tcg_temp_free_i64(tcg_hiaddr);
     }
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-28-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
         clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
                                     true, rn != 31, size);
-        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size, true, rt,
+        /* TODO: ARMv8.4-LSE SCTLR.nAA */
+        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size | MO_ALIGN, true, rt,
                   disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
         return;
 
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
         }
         clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
                                     false, rn != 31, size);
-        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, true, rt,
-                  disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
+        /* TODO: ARMv8.4-LSE SCTLR.nAA */
+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size | MO_ALIGN, false, true,
+                  rt, disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
         return;
 
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
     int size = extract32(insn, 30, 2);
     TCGv_i64 clean_addr, dirty_addr;
     bool is_store = false;
-    bool is_signed = false;
     bool extend = false;
     bool iss_sf;
+    MemOp mop;
 
     if (!dc_isar_feature(aa64_rcpc_8_4, s)) {
         unallocated_encoding(s);
         return;
     }
 
+    /* TODO: ARMv8.4-LSE SCTLR.nAA */
+    mop = size | MO_ALIGN;
+
     switch (opc) {
     case 0: /* STLURB */
         is_store = true;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
             unallocated_encoding(s);
             return;
         }
-        is_signed = true;
+        mop |= MO_SIGN;
         break;
     case 3: /* LDAPURS* 32-bit variant */
         if (size > 1) {
             unallocated_encoding(s);
             return;
         }
-        is_signed = true;
+        mop |= MO_SIGN;
         extend = true; /* zero-extend 32->64 after signed load */
         break;
     default:
         g_assert_not_reached();
     }
 
-    iss_sf = disas_ldst_compute_iss_sf(size, is_signed, opc);
+    iss_sf = disas_ldst_compute_iss_sf(size, (mop & MO_SIGN) != 0, opc);
 
     if (rn == 31) {
         gen_check_sp_alignment(s);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
     if (is_store) {
         /* Store-Release semantics */
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
-        do_gpr_st(s, cpu_reg(s, rt), clean_addr, size, true, rt, iss_sf, true);
+        do_gpr_st(s, cpu_reg(s, rt), clean_addr, mop, true, rt, iss_sf, true);
     } else {
         /*
          * Load-AcquirePC semantics; we implement as the slightly more
          * restrictive Load-Acquire.
          */
-        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size + is_signed * MO_SIGN,
+        do_gpr_ld(s, cpu_reg(s, rt), clean_addr, mop,
                   extend, true, rt, iss_sf, true);
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
     }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-29-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-30-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
     bool is_postidx = extract32(insn, 23, 1);
     bool is_q = extract32(insn, 30, 1);
     TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
-    MemOp endian = s->be_data;
+    MemOp endian, align, mop;
 
     int total;    /* total bytes */
     int elements; /* elements per vector */
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
     }
 
     /* For our purposes, bytes are always little-endian.  */
+    endian = s->be_data;
     if (size == 0) {
         endian = MO_LE;
     }
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
      * Consecutive little-endian elements from a single register
      * can be promoted to a larger little-endian operation.
      */
+    align = MO_ALIGN;
     if (selem == 1 && endian == MO_LE) {
+        align = pow2_align(size);
         size = 3;
     }
-    elements = (is_q ? 16 : 8) >> size;
+    if (!s->align_mem) {
+        align = 0;
+    }
+    mop = endian | size | align;
 
+    elements = (is_q ? 16 : 8) >> size;
     tcg_ebytes = tcg_const_i64(1 << size);
     for (r = 0; r < rpt; r++) {
         int e;
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
             for (xs = 0; xs < selem; xs++) {
                 int tt = (rt + r + xs) % 32;
                 if (is_store) {
-                    do_vec_st(s, tt, e, clean_addr, size | endian);
+                    do_vec_st(s, tt, e, clean_addr, mop);
                 } else {
-                    do_vec_ld(s, tt, e, clean_addr, size | endian);
+                    do_vec_ld(s, tt, e, clean_addr, mop);
                 }
                 tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
             }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210419202257.161730-31-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
     int index = is_q << 3 | S << 2 | size;
     int xs, total;
     TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
+    MemOp mop;
 
     if (extract32(insn, 31, 1)) {
         unallocated_encoding(s);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
 
     clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
                                 total);
+    mop = finalize_memop(s, scale);
 
     tcg_ebytes = tcg_const_i64(1 << scale);
     for (xs = 0; xs < selem; xs++) {
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
             /* Load and replicate to all elements */
             TCGv_i64 tcg_tmp = tcg_temp_new_i64();
 
-            tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr,
-                                get_mem_index(s), s->be_data + scale);
+            tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr, get_mem_index(s), mop);
             tcg_gen_gvec_dup_i64(scale, vec_full_reg_offset(s, rt),
                                  (is_q + 1) * 8, vec_full_reg_size(s),
                                  tcg_tmp);
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
         } else {
             /* Load/store one element per register */
             if (is_load) {
-                do_vec_ld(s, rt, index, clean_addr, scale | s->be_data);
+                do_vec_ld(s, rt, index, clean_addr, mop);
             } else {
-                do_vec_st(s, rt, index, clean_addr, scale | s->be_data);
+                do_vec_st(s, rt, index, clean_addr, mop);
             }
         }
         tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
-- 
2.20.1

From: Cornelia Huck <cohuck@redhat.com>

Add 6.1 machine types for arm/i440fx/q35/s390x/spapr.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Message-id: 20210331111900.118274-1-cohuck@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/boards.h        |  3 +++
 include/hw/i386/pc.h       |  3 +++
 hw/arm/virt.c              |  7 ++++++-
 hw/core/machine.c          |  3 +++
 hw/i386/pc.c               |  3 +++
 hw/i386/pc_piix.c          | 14 +++++++++++++-
 hw/i386/pc_q35.c           | 13 ++++++++++++-
 hw/ppc/spapr.c             | 17 ++++++++++++++---
 hw/s390x/s390-virtio-ccw.c | 14 +++++++++++++-
 9 files changed, 70 insertions(+), 7 deletions(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -XXX,XX +XXX,XX @@ struct MachineState {
     } \
     type_init(machine_initfn##_register_types)
 
+extern GlobalProperty hw_compat_6_0[];
+extern const size_t hw_compat_6_0_len;
+
 extern GlobalProperty hw_compat_5_2[];
 extern const size_t hw_compat_5_2_len;
 
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -XXX,XX +XXX,XX @@ bool pc_system_ovmf_table_find(const char *entry, uint8_t **data,
 void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
                        const CPUArchIdList *apic_ids, GArray *entry);
 
+extern GlobalProperty pc_compat_6_0[];
+extern const size_t pc_compat_6_0_len;
+
 extern GlobalProperty pc_compat_5_2[];
 extern const size_t pc_compat_5_2_len;
 
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static void machvirt_machine_init(void)
 }
 type_init(machvirt_machine_init);
 
+static void virt_machine_6_1_options(MachineClass *mc)
+{
+}
+DEFINE_VIRT_MACHINE_AS_LATEST(6, 1)
+
 static void virt_machine_6_0_options(MachineClass *mc)
 {
 }
-DEFINE_VIRT_MACHINE_AS_LATEST(6, 0)
+DEFINE_VIRT_MACHINE(6, 0)
 
 static void virt_machine_5_2_options(MachineClass *mc)
 {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-pci.h"
 
+GlobalProperty hw_compat_6_0[] = {};
+const size_t hw_compat_6_0_len = G_N_ELEMENTS(hw_compat_6_0);
+
 GlobalProperty hw_compat_5_2[] = {
     { "ICH9-LPC", "smm-compat", "on"},
     { "PIIX4_PM", "smm-compat", "on"},
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -XXX,XX +XXX,XX @@
 #include "trace.h"
 #include CONFIG_DEVICES
 
+GlobalProperty pc_compat_6_0[] = {};
+const size_t pc_compat_6_0_len = G_N_ELEMENTS(pc_compat_6_0);
+
 GlobalProperty pc_compat_5_2[] = {
     { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
 };
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -XXX,XX +XXX,XX @@ static void pc_i440fx_machine_options(MachineClass *m)
     machine_class_allow_dynamic_sysbus_dev(m, TYPE_VMBUS_BRIDGE);
 }
 
-static void pc_i440fx_6_0_machine_options(MachineClass *m)
+static void pc_i440fx_6_1_machine_options(MachineClass *m)
 {
     PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
     pc_i440fx_machine_options(m);
@@ -XXX,XX +XXX,XX @@ static void pc_i440fx_6_0_machine_options(MachineClass *m)
     pcmc->default_cpu_version = 1;
 }
 
+DEFINE_I440FX_MACHINE(v6_1, "pc-i440fx-6.1", NULL,
+                      pc_i440fx_6_1_machine_options);
+
+static void pc_i440fx_6_0_machine_options(MachineClass *m)
+{
+    pc_i440fx_6_1_machine_options(m);
+    m->alias = NULL;
+    m->is_default = false;
+    compat_props_add(m->compat_props, hw_compat_6_0, hw_compat_6_0_len);
+    compat_props_add(m->compat_props, pc_compat_6_0, pc_compat_6_0_len);
+}
+
 DEFINE_I440FX_MACHINE(v6_0, "pc-i440fx-6.0", NULL,
                       pc_i440fx_6_0_machine_options);
 
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -XXX,XX +XXX,XX @@ static void pc_q35_machine_options(MachineClass *m)
     m->max_cpus = 288;
 }
 
-static void pc_q35_6_0_machine_options(MachineClass *m)
+static void pc_q35_6_1_machine_options(MachineClass *m)
 {
     PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
     pc_q35_machine_options(m);
@@ -XXX,XX +XXX,XX @@ static void pc_q35_6_0_machine_options(MachineClass *m)
     pcmc->default_cpu_version = 1;
 }
 
+DEFINE_Q35_MACHINE(v6_1, "pc-q35-6.1", NULL,
+                   pc_q35_6_1_machine_options);
+
+static void pc_q35_6_0_machine_options(MachineClass *m)
+{
+    pc_q35_6_1_machine_options(m);
+    m->alias = NULL;
+    compat_props_add(m->compat_props, hw_compat_6_0, hw_compat_6_0_len);
+    compat_props_add(m->compat_props, pc_compat_6_0, pc_compat_6_0_len);
+}
+
 DEFINE_Q35_MACHINE(v6_0, "pc-q35-6.0", NULL,
                    pc_q35_6_0_machine_options);
 
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -XXX,XX +XXX,XX @@ static void spapr_machine_latest_class_options(MachineClass *mc)
     type_init(spapr_machine_register_##suffix)
 
 /*
- * pseries-6.0
+ * pseries-6.1
  */
-static void spapr_machine_6_0_class_options(MachineClass *mc)
+static void spapr_machine_6_1_class_options(MachineClass *mc)
 {
     /* Defaults for the latest behaviour inherited from the base class */
 }
 
-DEFINE_SPAPR_MACHINE(6_0, "6.0", true);
+DEFINE_SPAPR_MACHINE(6_1, "6.1", true);
+
+/*
+ * pseries-6.0
+ */
+static void spapr_machine_6_0_class_options(MachineClass *mc)
+{
+    spapr_machine_6_1_class_options(mc);
+    compat_props_add(mc->compat_props, hw_compat_6_0, hw_compat_6_0_len);
+}
+
+DEFINE_SPAPR_MACHINE(6_0, "6.0", false);
 
 /*
  * pseries-5.2
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -XXX,XX +XXX,XX @@ bool css_migration_enabled(void)
     }                                                                         \
     type_init(ccw_machine_register_##suffix)
 
+static void ccw_machine_6_1_instance_options(MachineState *machine)
+{
+}
+
+static void ccw_machine_6_1_class_options(MachineClass *mc)
+{
+}
+DEFINE_CCW_MACHINE(6_1, "6.1", true);
+
 static void ccw_machine_6_0_instance_options(MachineState *machine)
 {
+    ccw_machine_6_1_instance_options(machine);
 }
 
 static void ccw_machine_6_0_class_options(MachineClass *mc)
 {
+    ccw_machine_6_1_class_options(mc);
+    compat_props_add(mc->compat_props, hw_compat_6_0, hw_compat_6_0_len);
 }
-DEFINE_CCW_MACHINE(6_0, "6.0", true);
+DEFINE_CCW_MACHINE(6_0, "6.0", false);
 
 static void ccw_machine_5_2_instance_options(MachineState *machine)
 {
-- 
2.20.1

Currently the gpex PCI controller implements no special behaviour for
guest accesses to areas of the PIO and MMIO where it has not mapped
any PCI devices, which means that for Arm you end up with a CPU
exception due to a data abort.

Most host OSes expect "like an x86 PC" behaviour, where bad accesses
like this return -1 for reads and ignore writes.  In the interests of
not being surprising, make host CPU accesses to these windows behave
as -1/discard where there's no mapped PCI device.

The old behaviour generally didn't cause any problems, because
almost always the guest OS will map the PCI devices and then only
access where it has mapped them. One corner case where you will see
this kind of access is if Linux attempts to probe legacy ISA
devices via a PIO window access. So far the only case where we've
seen this has been via the syzkaller fuzzer.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20210325163315.27724-1-peter.maydell@linaro.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1918917
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/pci-host/gpex.h |  4 +++
 hw/core/machine.c          |  4 ++-
 hw/pci-host/gpex.c         | 56 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/include/hw/pci-host/gpex.h b/include/hw/pci-host/gpex.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/pci-host/gpex.h
+++ b/include/hw/pci-host/gpex.h
@@ -XXX,XX +XXX,XX @@ struct GPEXHost {
 
     MemoryRegion io_ioport;
     MemoryRegion io_mmio;
+    MemoryRegion io_ioport_window;
+    MemoryRegion io_mmio_window;
     qemu_irq irq[GPEX_NUM_IRQS];
     int irq_num[GPEX_NUM_IRQS];
+
+    bool allow_unmapped_accesses;
 };
 
 struct GPEXConfig {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-pci.h"
 
-GlobalProperty hw_compat_6_0[] = {};
+GlobalProperty hw_compat_6_0[] = {
+    { "gpex-pcihost", "allow-unmapped-accesses", "false" },
+};
 const size_t hw_compat_6_0_len = G_N_ELEMENTS(hw_compat_6_0);
 
 GlobalProperty hw_compat_5_2[] = {
diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/pci-host/gpex.c
+++ b/hw/pci-host/gpex.c
@@ -XXX,XX +XXX,XX @@ static void gpex_host_realize(DeviceState *dev, Error **errp)
     int i;
 
     pcie_host_mmcfg_init(pex, PCIE_MMCFG_SIZE_MAX);
+    sysbus_init_mmio(sbd, &pex->mmio);
+
+    /*
+     * Note that the MemoryRegions io_mmio and io_ioport that we pass
+     * to pci_register_root_bus() are not the same as the
+     * MemoryRegions io_mmio_window and io_ioport_window that we
+     * expose as SysBus MRs. The difference is in the behaviour of
+     * accesses to addresses where no PCI device has been mapped.
+     *
+     * io_mmio and io_ioport are the underlying PCI view of the PCI
+     * address space, and when a PCI device does a bus master access
+     * to a bad address this is reported back to it as a transaction
+     * failure.
+     *
+     * io_mmio_window and io_ioport_window implement "unmapped
+     * addresses read as -1 and ignore writes"; this is traditional
+     * x86 PC behaviour, which is not mandated by the PCI spec proper
+     * but expected by much PCI-using guest software, including Linux.
+     *
+     * In the interests of not being unnecessarily surprising, we
+     * implement it in the gpex PCI host controller, by providing the
+     * _window MRs, which are containers with io ops that implement
+     * the 'background' behaviour and which hold the real PCI MRs as
+     * subregions.
+     */
     memory_region_init(&s->io_mmio, OBJECT(s), "gpex_mmio", UINT64_MAX);
     memory_region_init(&s->io_ioport, OBJECT(s), "gpex_ioport", 64 * 1024);
 
-    sysbus_init_mmio(sbd, &pex->mmio);
-    sysbus_init_mmio(sbd, &s->io_mmio);
-    sysbus_init_mmio(sbd, &s->io_ioport);
+    if (s->allow_unmapped_accesses) {
+        memory_region_init_io(&s->io_mmio_window, OBJECT(s),
+                              &unassigned_io_ops, OBJECT(s),
+                              "gpex_mmio_window", UINT64_MAX);
+        memory_region_init_io(&s->io_ioport_window, OBJECT(s),
+                              &unassigned_io_ops, OBJECT(s),
+                              "gpex_ioport_window", 64 * 1024);
+
+        memory_region_add_subregion(&s->io_mmio_window, 0, &s->io_mmio);
+        memory_region_add_subregion(&s->io_ioport_window, 0, &s->io_ioport);
+        sysbus_init_mmio(sbd, &s->io_mmio_window);
+        sysbus_init_mmio(sbd, &s->io_ioport_window);
+    } else {
+        sysbus_init_mmio(sbd, &s->io_mmio);
+        sysbus_init_mmio(sbd, &s->io_ioport);
+    }
+
     for (i = 0; i < GPEX_NUM_IRQS; i++) {
         sysbus_init_irq(sbd, &s->irq[i]);
         s->irq_num[i] = -1;
@@ -XXX,XX +XXX,XX @@ static const char *gpex_host_root_bus_path(PCIHostState *host_bridge,
     return "0000:00";
 }
 
+static Property gpex_host_properties[] = {
+    /*
+     * Permit CPU accesses to unmapped areas of the PIO and MMIO windows
+     * (discarding writes and returning -1 for reads) rather than aborting.
+     */
+    DEFINE_PROP_BOOL("allow-unmapped-accesses", GPEXHost,
+                     allow_unmapped_accesses, true),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
 static void gpex_host_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
@@ -XXX,XX +XXX,XX @@ static void gpex_host_class_init(ObjectClass *klass, void *data)
     dc->realize = gpex_host_realize;
     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
     dc->fw_name = "pci";
+    device_class_set_props(dc, gpex_host_properties);
 }
 
 static void gpex_host_initfn(Object *obj)
-- 
2.20.1

Two small bugfixes, plus most of RTH's refactoring of cpregs
handling.

-- PMM

The following changes since commit 1fba9dc71a170b3a05b9d3272dd8ecfe7f26e215:

Merge tag 'pull-request-2022-05-04' of https://gitlab.com/thuth/qemu into staging (2022-05-04 08:07:02 -0700)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220505

for you to fetch changes up to 99a50d1a67c602126fc2b3a4812d3000eba9bf34:

target/arm: read access to performance counters from EL0 (2022-05-05 09:36:22 +0100)

----------------------------------------------------------------
target-arm queue:
 * Enable read access to performance counters from EL0
 * Enable SCTLR_EL1.BT0 for aarch64-linux-user
 * Refactoring of cpreg handling

----------------------------------------------------------------
Alex Zuepke (1):
      target/arm: read access to performance counters from EL0

Richard Henderson (22):
      target/arm: Enable SCTLR_EL1.BT0 for aarch64-linux-user
      target/arm: Split out cpregs.h
      target/arm: Reorg CPAccessResult and access_check_cp_reg
      target/arm: Replace sentinels with ARRAY_SIZE in cpregs.h
      target/arm: Make some more cpreg data static const
      target/arm: Reorg ARMCPRegInfo type field bits
      target/arm: Avoid bare abort() or assert(0)
      target/arm: Change cpreg access permissions to enum
      target/arm: Name CPState type
      target/arm: Name CPSecureState type
      target/arm: Drop always-true test in define_arm_vh_e2h_redirects_aliases
      target/arm: Store cpregs key in the hash table directly
      target/arm: Merge allocation of the cpreg and its name
      target/arm: Hoist computation of key in add_cpreg_to_hashtable
      target/arm: Consolidate cpreg updates in add_cpreg_to_hashtable
      target/arm: Use bool for is64 and ns in add_cpreg_to_hashtable
      target/arm: Hoist isbanked computation in add_cpreg_to_hashtable
      target/arm: Perform override check early in add_cpreg_to_hashtable
      target/arm: Reformat comments in add_cpreg_to_hashtable
      target/arm: Remove HOST_BIG_ENDIAN ifdef in add_cpreg_to_hashtable
      target/arm: Add isar predicates for FEAT_Debugv8p2
      target/arm: Add isar_feature_{aa64,any}_ras

From: Richard Henderson <richard.henderson@linaro.org>

This controls whether the PACI{A,B}SP instructions trap with BTYPE=3
(indirect branch from register other than x16/x17).  The linux kernel
sets this in bti_enable().

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/998
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220427042312.294300-1-richard.henderson@linaro.org
[PMM: remove stray change to makefile comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c                  |  2 ++
 tests/tcg/aarch64/bti-3.c         | 42 +++++++++++++++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  6 ++---
 3 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 tests/tcg/aarch64/bti-3.c

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
         /* Enable all PAC keys.  */
         env->cp15.sctlr_el[1] |= (SCTLR_EnIA | SCTLR_EnIB |
                                   SCTLR_EnDA | SCTLR_EnDB);
+        /* Trap on btype=3 for PACIxSP. */
+        env->cp15.sctlr_el[1] |= SCTLR_BT0;
         /* and to the FP/Neon instructions */
         env->cp15.cpacr_el1 = deposit64(env->cp15.cpacr_el1, 20, 2, 3);
         /* and to the SVE instructions */
diff --git a/tests/tcg/aarch64/bti-3.c b/tests/tcg/aarch64/bti-3.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/tcg/aarch64/bti-3.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * BTI vs PACIASP
+ */
+
+#include "bti-crt.inc.c"
+
+static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
+{
+    uc->uc_mcontext.pc += 8;
+    uc->uc_mcontext.pstate = 1;
+}
+
+#define BTYPE_1() \
+    asm("mov %0,#1; adr x16, 1f; br x16; 1: hint #25; mov %0,#0" \
+        : "=r"(skipped) : : "x16", "x30")
+
+#define BTYPE_2() \
+    asm("mov %0,#1; adr x16, 1f; blr x16; 1: hint #25; mov %0,#0" \
+        : "=r"(skipped) : : "x16", "x30")
+
+#define BTYPE_3() \
+    asm("mov %0,#1; adr x15, 1f; br x15; 1: hint #25; mov %0,#0" \
+        : "=r"(skipped) : : "x15", "x30")
+
+#define TEST(WHICH, EXPECT) \
+    do { WHICH(); fail += skipped ^ EXPECT; } while (0)
+
+int main()
+{
+    int fail = 0;
+    int skipped;
+
+    /* Signal-like with SA_SIGINFO.  */
+    signal_info(SIGILL, skip2_sigill);
+
+    /* With SCTLR_EL1.BT0 set, PACIASP is not compatible with type=3. */
+    TEST(BTYPE_1, 0);
+    TEST(BTYPE_2, 0);
+    TEST(BTYPE_3, 1);
+
+    return fail;
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index XXXXXXX..XXXXXXX 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -XXX,XX +XXX,XX @@ endif
 # BTI Tests
 # bti-1 tests the elf notes, so we require special compiler support.
 ifneq ($(CROSS_CC_HAS_ARMV8_BTI),)
-AARCH64_TESTS += bti-1
-bti-1: CFLAGS += -mbranch-protection=standard
-bti-1: LDFLAGS += -nostdlib
+AARCH64_TESTS += bti-1 bti-3
+bti-1 bti-3: CFLAGS += -mbranch-protection=standard
+bti-1 bti-3: LDFLAGS += -nostdlib
 endif
 # bti-2 tests PROT_BTI, so no special compiler support required.
 AARCH64_TESTS += bti-2
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Move ARMCPRegInfo and all related declarations to a new
internal header, out of the public cpu.h.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpregs.h        | 413 +++++++++++++++++++++++++++++++++++++
 target/arm/cpu.h           | 368 ---------------------------------
 hw/arm/pxa2xx.c            |   1 +
 hw/arm/pxa2xx_pic.c        |   1 +
 hw/intc/arm_gicv3_cpuif.c  |   1 +
 hw/intc/arm_gicv3_kvm.c    |   2 +
 target/arm/cpu.c           |   1 +
 target/arm/cpu64.c         |   1 +
 target/arm/cpu_tcg.c       |   1 +
 target/arm/gdbstub.c       |   3 +-
 target/arm/helper.c        |   1 +
 target/arm/op_helper.c     |   1 +
 target/arm/translate-a64.c |   4 +-
 target/arm/translate.c     |   3 +-
 14 files changed, 427 insertions(+), 374 deletions(-)
 create mode 100644 target/arm/cpregs.h

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * QEMU ARM CP Register access and descriptions
+ *
+ * Copyright (c) 2022 Linaro Ltd
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see
+ * <http://www.gnu.org/licenses/gpl-2.0.html>
+ */
+
+#ifndef TARGET_ARM_CPREGS_H
+#define TARGET_ARM_CPREGS_H
+
+/*
+ * ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
+ * special-behaviour cp reg and bits [11..8] indicate what behaviour
+ * it has. Otherwise it is a simple cp reg, where CONST indicates that
+ * TCG can assume the value to be constant (ie load at translate time)
+ * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
+ * indicates that the TB should not be ended after a write to this register
+ * (the default is that the TB ends after cp writes). OVERRIDE permits
+ * a register definition to override a previous definition for the
+ * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
+ * old must have the OVERRIDE bit set.
+ * ALIAS indicates that this register is an alias view of some underlying
+ * state which is also visible via another register, and that the other
+ * register is handling migration and reset; registers marked ALIAS will not be
+ * migrated but may have their state set by syncing of register state from KVM.
+ * NO_RAW indicates that this register has no underlying state and does not
+ * support raw access for state saving/loading; it will not be used for either
+ * migration or KVM state synchronization. (Typically this is for "registers"
+ * which are actually used as instructions for cache maintenance and so on.)
+ * IO indicates that this register does I/O and therefore its accesses
+ * need to be marked with gen_io_start() and also end the TB. In particular,
+ * registers which implement clocks or timers require this.
+ * RAISES_EXC is for when the read or write hook might raise an exception;
+ * the generated code will synchronize the CPU state before calling the hook
+ * so that it is safe for the hook to call raise_exception().
+ * NEWEL is for writes to registers that might change the exception
+ * level - typically on older ARM chips. For those cases we need to
+ * re-read the new el when recomputing the translation flags.
+ */
+#define ARM_CP_SPECIAL           0x0001
+#define ARM_CP_CONST             0x0002
+#define ARM_CP_64BIT             0x0004
+#define ARM_CP_SUPPRESS_TB_END   0x0008
+#define ARM_CP_OVERRIDE          0x0010
+#define ARM_CP_ALIAS             0x0020
+#define ARM_CP_IO                0x0040
+#define ARM_CP_NO_RAW            0x0080
+#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
+#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
+#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
+#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
+#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
+#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
+#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
+#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
+#define ARM_CP_FPU               0x1000
+#define ARM_CP_SVE               0x2000
+#define ARM_CP_NO_GDB            0x4000
+#define ARM_CP_RAISES_EXC        0x8000
+#define ARM_CP_NEWEL             0x10000
+/* Used only as a terminator for ARMCPRegInfo lists */
+#define ARM_CP_SENTINEL          0xfffff
+/* Mask of only the flag bits in a type field */
+#define ARM_CP_FLAG_MASK         0x1f0ff
+
+/*
+ * Valid values for ARMCPRegInfo state field, indicating which of
+ * the AArch32 and AArch64 execution states this register is visible in.
+ * If the reginfo doesn't explicitly specify then it is AArch32 only.
+ * If the reginfo is declared to be visible in both states then a second
+ * reginfo is synthesised for the AArch32 view of the AArch64 register,
+ * such that the AArch32 view is the lower 32 bits of the AArch64 one.
+ * Note that we rely on the values of these enums as we iterate through
+ * the various states in some places.
+ */
+enum {
+    ARM_CP_STATE_AA32 = 0,
+    ARM_CP_STATE_AA64 = 1,
+    ARM_CP_STATE_BOTH = 2,
+};
+
+/*
+ * ARM CP register secure state flags.  These flags identify security state
+ * attributes for a given CP register entry.
+ * The existence of both or neither secure and non-secure flags indicates that
+ * the register has both a secure and non-secure hash entry.  A single one of
+ * these flags causes the register to only be hashed for the specified
+ * security state.
+ * Although definitions may have any combination of the S/NS bits, each
+ * registered entry will only have one to identify whether the entry is secure
+ * or non-secure.
+ */
+enum {
+    ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
+    ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
+};
+
+/*
+ * Return true if cptype is a valid type field. This is used to try to
+ * catch errors where the sentinel has been accidentally left off the end
+ * of a list of registers.
+ */
+static inline bool cptype_valid(int cptype)
+{
+    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
+        || ((cptype & ARM_CP_SPECIAL) &&
+            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
+}
+
+/*
+ * Access rights:
+ * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
+ * defines as PL0 (user), PL1 (fiq/irq/svc/abt/und/sys, ie privileged), and
+ * PL2 (hyp). The other level which has Read and Write bits is Secure PL1
+ * (ie any of the privileged modes in Secure state, or Monitor mode).
+ * If a register is accessible in one privilege level it's always accessible
+ * in higher privilege levels too. Since "Secure PL1" also follows this rule
+ * (ie anything visible in PL2 is visible in S-PL1, some things are only
+ * visible in S-PL1) but "Secure PL1" is a bit of a mouthful, we bend the
+ * terminology a little and call this PL3.
+ * In AArch64 things are somewhat simpler as the PLx bits line up exactly
+ * with the ELx exception levels.
+ *
+ * If access permissions for a register are more complex than can be
+ * described with these bits, then use a laxer set of restrictions, and
+ * do the more restrictive/complex check inside a helper function.
+ */
+#define PL3_R 0x80
+#define PL3_W 0x40
+#define PL2_R (0x20 | PL3_R)
+#define PL2_W (0x10 | PL3_W)
+#define PL1_R (0x08 | PL2_R)
+#define PL1_W (0x04 | PL2_W)
+#define PL0_R (0x02 | PL1_R)
+#define PL0_W (0x01 | PL1_W)
+
+/*
+ * For user-mode some registers are accessible to EL0 via a kernel
+ * trap-and-emulate ABI. In this case we define the read permissions
+ * as actually being PL0_R. However some bits of any given register
+ * may still be masked.
+ */
+#ifdef CONFIG_USER_ONLY
+#define PL0U_R PL0_R
+#else
+#define PL0U_R PL1_R
+#endif
+
+#define PL3_RW (PL3_R | PL3_W)
+#define PL2_RW (PL2_R | PL2_W)
+#define PL1_RW (PL1_R | PL1_W)
+#define PL0_RW (PL0_R | PL0_W)
+
+typedef enum CPAccessResult {
+    /* Access is permitted */
+    CP_ACCESS_OK = 0,
+    /*
+     * Access fails due to a configurable trap or enable which would
+     * result in a categorized exception syndrome giving information about
+     * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
+     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
+     * PL1 if in EL0, otherwise to the current EL).
+     */
+    CP_ACCESS_TRAP = 1,
+    /*
+     * Access fails and results in an exception syndrome 0x0 ("uncategorized").
+     * Note that this is not a catch-all case -- the set of cases which may
+     * result in this failure is specifically defined by the architecture.
+     */
+    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
+    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
+    CP_ACCESS_TRAP_EL2 = 3,
+    CP_ACCESS_TRAP_EL3 = 4,
+    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
+    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
+    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
+} CPAccessResult;
+
+typedef struct ARMCPRegInfo ARMCPRegInfo;
+
+/*
+ * Access functions for coprocessor registers. These cannot fail and
+ * may not raise exceptions.
+ */
+typedef uint64_t CPReadFn(CPUARMState *env, const ARMCPRegInfo *opaque);
+typedef void CPWriteFn(CPUARMState *env, const ARMCPRegInfo *opaque,
+                       uint64_t value);
+/* Access permission check functions for coprocessor registers. */
+typedef CPAccessResult CPAccessFn(CPUARMState *env,
+                                  const ARMCPRegInfo *opaque,
+                                  bool isread);
+/* Hook function for register reset */
+typedef void CPResetFn(CPUARMState *env, const ARMCPRegInfo *opaque);
+
+#define CP_ANY 0xff
+
+/* Definition of an ARM coprocessor register */
+struct ARMCPRegInfo {
+    /* Name of register (useful mainly for debugging, need not be unique) */
+    const char *name;
+    /*
+     * Location of register: coprocessor number and (crn,crm,opc1,opc2)
+     * tuple. Any of crm, opc1 and opc2 may be CP_ANY to indicate a
+     * 'wildcard' field -- any value of that field in the MRC/MCR insn
+     * will be decoded to this register. The register read and write
+     * callbacks will be passed an ARMCPRegInfo with the crn/crm/opc1/opc2
+     * used by the program, so it is possible to register a wildcard and
+     * then behave differently on read/write if necessary.
+     * For 64 bit registers, only crm and opc1 are relevant; crn and opc2
+     * must both be zero.
+     * For AArch64-visible registers, opc0 is also used.
+     * Since there are no "coprocessors" in AArch64, cp is purely used as a
+     * way to distinguish (for KVM's benefit) guest-visible system registers
+     * from demuxed ones provided to preserve the "no side effects on
+     * KVM register read/write from QEMU" semantics. cp==0x13 is guest
+     * visible (to match KVM's encoding); cp==0 will be converted to
+     * cp==0x13 when the ARMCPRegInfo is registered, for convenience.
+     */
+    uint8_t cp;
+    uint8_t crn;
+    uint8_t crm;
+    uint8_t opc0;
+    uint8_t opc1;
+    uint8_t opc2;
+    /* Execution state in which this register is visible: ARM_CP_STATE_* */
+    int state;
+    /* Register type: ARM_CP_* bits/values */
+    int type;
+    /* Access rights: PL*_[RW] */
+    int access;
+    /* Security state: ARM_CP_SECSTATE_* bits/values */
+    int secure;
+    /*
+     * The opaque pointer passed to define_arm_cp_regs_with_opaque() when
+     * this register was defined: can be used to hand data through to the
+     * register read/write functions, since they are passed the ARMCPRegInfo*.
+     */
+    void *opaque;
+    /*
+     * Value of this register, if it is ARM_CP_CONST. Otherwise, if
+     * fieldoffset is non-zero, the reset value of the register.
+     */
+    uint64_t resetvalue;
+    /*
+     * Offset of the field in CPUARMState for this register.
+     * This is not needed if either:
+     *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
+     *  2. both readfn and writefn are specified
+     */
+    ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
+
+    /*
+     * Offsets of the secure and non-secure fields in CPUARMState for the
+     * register if it is banked.  These fields are only used during the static
+     * registration of a register.  During hashing the bank associated
+     * with a given security state is copied to fieldoffset which is used from
+     * there on out.
+     *
+     * It is expected that register definitions use either fieldoffset or
+     * bank_fieldoffsets in the definition but not both.  It is also expected
+     * that both bank offsets are set when defining a banked register.  This
+     * use indicates that a register is banked.
+     */
+    ptrdiff_t bank_fieldoffsets[2];
+
+    /*
+     * Function for making any access checks for this register in addition to
+     * those specified by the 'access' permissions bits. If NULL, no extra
+     * checks required. The access check is performed at runtime, not at
+     * translate time.
+     */
+    CPAccessFn *accessfn;
+    /*
+     * Function for handling reads of this register. If NULL, then reads
+     * will be done by loading from the offset into CPUARMState specified
+     * by fieldoffset.
+     */
+    CPReadFn *readfn;
+    /*
+     * Function for handling writes of this register. If NULL, then writes
+     * will be done by writing to the offset into CPUARMState specified
+     * by fieldoffset.
+     */
+    CPWriteFn *writefn;
+    /*
+     * Function for doing a "raw" read; used when we need to copy
+     * coprocessor state to the kernel for KVM or out for
+     * migration. This only needs to be provided if there is also a
+     * readfn and it has side effects (for instance clear-on-read bits).
+     */
+    CPReadFn *raw_readfn;
+    /*
+     * Function for doing a "raw" write; used when we need to copy KVM
+     * kernel coprocessor state into userspace, or for inbound
+     * migration. This only needs to be provided if there is also a
+     * writefn and it masks out "unwritable" bits or has write-one-to-clear
+     * or similar behaviour.
+     */
+    CPWriteFn *raw_writefn;
+    /*
+     * Function for resetting the register. If NULL, then reset will be done
+     * by writing resetvalue to the field specified in fieldoffset. If
+     * fieldoffset is 0 then no reset will be done.
+     */
+    CPResetFn *resetfn;
+
+    /*
+     * "Original" writefn and readfn.
+     * For ARMv8.1-VHE register aliases, we overwrite the read/write
+     * accessor functions of various EL1/EL0 to perform the runtime
+     * check for which sysreg should actually be modified, and then
+     * forwards the operation.  Before overwriting the accessors,
+     * the original function is copied here, so that accesses that
+     * really do go to the EL1/EL0 version proceed normally.
+     * (The corresponding EL2 register is linked via opaque.)
+     */
+    CPReadFn *orig_readfn;
+    CPWriteFn *orig_writefn;
+};
+
+/*
+ * Macros which are lvalues for the field in CPUARMState for the
+ * ARMCPRegInfo *ri.
+ */
+#define CPREG_FIELD32(env, ri) \
+    (*(uint32_t *)((char *)(env) + (ri)->fieldoffset))
+#define CPREG_FIELD64(env, ri) \
+    (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
+
+#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
+
+void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
+                                    const ARMCPRegInfo *regs, void *opaque);
+void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
+                                       const ARMCPRegInfo *regs, void *opaque);
+static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
+{
+    define_arm_cp_regs_with_opaque(cpu, regs, 0);
+}
+static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
+{
+    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
+}
+const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
+
+/*
+ * Definition of an ARM co-processor register as viewed from
+ * userspace. This is used for presenting sanitised versions of
+ * registers to userspace when emulating the Linux AArch64 CPU
+ * ID/feature ABI (advertised as HWCAP_CPUID).
+ */
+typedef struct ARMCPRegUserSpaceInfo {
+    /* Name of register */
+    const char *name;
+
+    /* Is the name actually a glob pattern */
+    bool is_glob;
+
+    /* Only some bits are exported to user space */
+    uint64_t exported_bits;
+
+    /* Fixed bits are applied after the mask */
+    uint64_t fixed_bits;
+} ARMCPRegUserSpaceInfo;
+
+#define REGUSERINFO_SENTINEL { .name = NULL }
+
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
+
+/* CPWriteFn that can be used to implement writes-ignored behaviour */
+void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
+                         uint64_t value);
+/* CPReadFn that can be used for read-as-zero behaviour */
+uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
+
+/*
+ * CPResetFn that does nothing, for use if no reset is required even
+ * if fieldoffset is non zero.
+ */
+void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque);
+
+/*
+ * Return true if this reginfo struct's field in the cpu state struct
+ * is 64 bits wide.
+ */
+static inline bool cpreg_field_is_64bit(const ARMCPRegInfo *ri)
+{
+    return (ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT);
+}
+
+static inline bool cp_access_ok(int current_el,
+                                const ARMCPRegInfo *ri, int isread)
+{
+    return (ri->access >> ((current_el * 2) + isread)) & 1;
+}
+
+/* Raw read of a coprocessor register (as needed for migration, etc) */
+uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri);
+
+#endif /* TARGET_ARM_CPREGS_H */
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
     return kvmid;
 }
 
-/* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
- * special-behaviour cp reg and bits [11..8] indicate what behaviour
- * it has. Otherwise it is a simple cp reg, where CONST indicates that
- * TCG can assume the value to be constant (ie load at translate time)
- * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
- * indicates that the TB should not be ended after a write to this register
- * (the default is that the TB ends after cp writes). OVERRIDE permits
- * a register definition to override a previous definition for the
- * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
- * old must have the OVERRIDE bit set.
- * ALIAS indicates that this register is an alias view of some underlying
- * state which is also visible via another register, and that the other
- * register is handling migration and reset; registers marked ALIAS will not be
- * migrated but may have their state set by syncing of register state from KVM.
- * NO_RAW indicates that this register has no underlying state and does not
- * support raw access for state saving/loading; it will not be used for either
- * migration or KVM state synchronization. (Typically this is for "registers"
- * which are actually used as instructions for cache maintenance and so on.)
- * IO indicates that this register does I/O and therefore its accesses
- * need to be marked with gen_io_start() and also end the TB. In particular,
- * registers which implement clocks or timers require this.
- * RAISES_EXC is for when the read or write hook might raise an exception;
- * the generated code will synchronize the CPU state before calling the hook
- * so that it is safe for the hook to call raise_exception().
- * NEWEL is for writes to registers that might change the exception
- * level - typically on older ARM chips. For those cases we need to
- * re-read the new el when recomputing the translation flags.
- */
-#define ARM_CP_SPECIAL           0x0001
-#define ARM_CP_CONST             0x0002
-#define ARM_CP_64BIT             0x0004
-#define ARM_CP_SUPPRESS_TB_END   0x0008
-#define ARM_CP_OVERRIDE          0x0010
-#define ARM_CP_ALIAS             0x0020
-#define ARM_CP_IO                0x0040
-#define ARM_CP_NO_RAW            0x0080
-#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
-#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
-#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
-#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
-#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
-#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
-#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
-#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
-#define ARM_CP_FPU               0x1000
-#define ARM_CP_SVE               0x2000
-#define ARM_CP_NO_GDB            0x4000
-#define ARM_CP_RAISES_EXC        0x8000
-#define ARM_CP_NEWEL             0x10000
-/* Used only as a terminator for ARMCPRegInfo lists */
-#define ARM_CP_SENTINEL          0xfffff
-/* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK         0x1f0ff
-
-/* Valid values for ARMCPRegInfo state field, indicating which of
- * the AArch32 and AArch64 execution states this register is visible in.
- * If the reginfo doesn't explicitly specify then it is AArch32 only.
- * If the reginfo is declared to be visible in both states then a second
- * reginfo is synthesised for the AArch32 view of the AArch64 register,
- * such that the AArch32 view is the lower 32 bits of the AArch64 one.
- * Note that we rely on the values of these enums as we iterate through
- * the various states in some places.
- */
-enum {
-    ARM_CP_STATE_AA32 = 0,
-    ARM_CP_STATE_AA64 = 1,
-    ARM_CP_STATE_BOTH = 2,
-};
-
-/* ARM CP register secure state flags.  These flags identify security state
- * attributes for a given CP register entry.
- * The existence of both or neither secure and non-secure flags indicates that
- * the register has both a secure and non-secure hash entry.  A single one of
- * these flags causes the register to only be hashed for the specified
- * security state.
- * Although definitions may have any combination of the S/NS bits, each
- * registered entry will only have one to identify whether the entry is secure
- * or non-secure.
- */
-enum {
-    ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
-    ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
-};
-
-/* Return true if cptype is a valid type field. This is used to try to
- * catch errors where the sentinel has been accidentally left off the end
- * of a list of registers.
- */
-static inline bool cptype_valid(int cptype)
-{
-    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
-        || ((cptype & ARM_CP_SPECIAL) &&
-            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
-}
-
-/* Access rights:
- * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
- * defines as PL0 (user), PL1 (fiq/irq/svc/abt/und/sys, ie privileged), and
- * PL2 (hyp). The other level which has Read and Write bits is Secure PL1
- * (ie any of the privileged modes in Secure state, or Monitor mode).
- * If a register is accessible in one privilege level it's always accessible
- * in higher privilege levels too. Since "Secure PL1" also follows this rule
- * (ie anything visible in PL2 is visible in S-PL1, some things are only
- * visible in S-PL1) but "Secure PL1" is a bit of a mouthful, we bend the
- * terminology a little and call this PL3.
- * In AArch64 things are somewhat simpler as the PLx bits line up exactly
- * with the ELx exception levels.
- *
- * If access permissions for a register are more complex than can be
- * described with these bits, then use a laxer set of restrictions, and
- * do the more restrictive/complex check inside a helper function.
- */
-#define PL3_R 0x80
-#define PL3_W 0x40
-#define PL2_R (0x20 | PL3_R)
-#define PL2_W (0x10 | PL3_W)
-#define PL1_R (0x08 | PL2_R)
-#define PL1_W (0x04 | PL2_W)
-#define PL0_R (0x02 | PL1_R)
-#define PL0_W (0x01 | PL1_W)
-
-/*
- * For user-mode some registers are accessible to EL0 via a kernel
- * trap-and-emulate ABI. In this case we define the read permissions
- * as actually being PL0_R. However some bits of any given register
- * may still be masked.
- */
-#ifdef CONFIG_USER_ONLY
-#define PL0U_R PL0_R
-#else
-#define PL0U_R PL1_R
-#endif
-
-#define PL3_RW (PL3_R | PL3_W)
-#define PL2_RW (PL2_R | PL2_W)
-#define PL1_RW (PL1_R | PL1_W)
-#define PL0_RW (PL0_R | PL0_W)
-
 /* Return the highest implemented Exception Level */
 static inline int arm_highest_el(CPUARMState *env)
 {
@@ -XXX,XX +XXX,XX @@ static inline int arm_current_el(CPUARMState *env)
     }
 }
 
-typedef struct ARMCPRegInfo ARMCPRegInfo;
-
-typedef enum CPAccessResult {
-    /* Access is permitted */
-    CP_ACCESS_OK = 0,
-    /* Access fails due to a configurable trap or enable which would
-     * result in a categorized exception syndrome giving information about
-     * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
-     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
-     * PL1 if in EL0, otherwise to the current EL).
-     */
-    CP_ACCESS_TRAP = 1,
-    /* Access fails and results in an exception syndrome 0x0 ("uncategorized").
-     * Note that this is not a catch-all case -- the set of cases which may
-     * result in this failure is specifically defined by the architecture.
-     */
-    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
-    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
-    CP_ACCESS_TRAP_EL2 = 3,
-    CP_ACCESS_TRAP_EL3 = 4,
-    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
-    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
-    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
-} CPAccessResult;
-
-/* Access functions for coprocessor registers. These cannot fail and
- * may not raise exceptions.
- */
-typedef uint64_t CPReadFn(CPUARMState *env, const ARMCPRegInfo *opaque);
-typedef void CPWriteFn(CPUARMState *env, const ARMCPRegInfo *opaque,
-                       uint64_t value);
-/* Access permission check functions for coprocessor registers. */
-typedef CPAccessResult CPAccessFn(CPUARMState *env,
-                                  const ARMCPRegInfo *opaque,
-                                  bool isread);
-/* Hook function for register reset */
-typedef void CPResetFn(CPUARMState *env, const ARMCPRegInfo *opaque);
-
-#define CP_ANY 0xff
-
-/* Definition of an ARM coprocessor register */
-struct ARMCPRegInfo {
-    /* Name of register (useful mainly for debugging, need not be unique) */
-    const char *name;
-    /* Location of register: coprocessor number and (crn,crm,opc1,opc2)
-     * tuple. Any of crm, opc1 and opc2 may be CP_ANY to indicate a
-     * 'wildcard' field -- any value of that field in the MRC/MCR insn
-     * will be decoded to this register. The register read and write
-     * callbacks will be passed an ARMCPRegInfo with the crn/crm/opc1/opc2
-     * used by the program, so it is possible to register a wildcard and
-     * then behave differently on read/write if necessary.
-     * For 64 bit registers, only crm and opc1 are relevant; crn and opc2
-     * must both be zero.
-     * For AArch64-visible registers, opc0 is also used.
-     * Since there are no "coprocessors" in AArch64, cp is purely used as a
-     * way to distinguish (for KVM's benefit) guest-visible system registers
-     * from demuxed ones provided to preserve the "no side effects on
-     * KVM register read/write from QEMU" semantics. cp==0x13 is guest
-     * visible (to match KVM's encoding); cp==0 will be converted to
-     * cp==0x13 when the ARMCPRegInfo is registered, for convenience.
-     */
-    uint8_t cp;
-    uint8_t crn;
-    uint8_t crm;
-    uint8_t opc0;
-    uint8_t opc1;
-    uint8_t opc2;
-    /* Execution state in which this register is visible: ARM_CP_STATE_* */
-    int state;
-    /* Register type: ARM_CP_* bits/values */
-    int type;
-    /* Access rights: PL*_[RW] */
-    int access;
-    /* Security state: ARM_CP_SECSTATE_* bits/values */
-    int secure;
-    /* The opaque pointer passed to define_arm_cp_regs_with_opaque() when
-     * this register was defined: can be used to hand data through to the
-     * register read/write functions, since they are passed the ARMCPRegInfo*.
-     */
-    void *opaque;
-    /* Value of this register, if it is ARM_CP_CONST. Otherwise, if
-     * fieldoffset is non-zero, the reset value of the register.
-     */
-    uint64_t resetvalue;
-    /* Offset of the field in CPUARMState for this register.
-     *
-     * This is not needed if either:
-     *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
-     *  2. both readfn and writefn are specified
-     */
-    ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
-
-    /* Offsets of the secure and non-secure fields in CPUARMState for the
-     * register if it is banked.  These fields are only used during the static
-     * registration of a register.  During hashing the bank associated
-     * with a given security state is copied to fieldoffset which is used from
-     * there on out.
-     *
-     * It is expected that register definitions use either fieldoffset or
-     * bank_fieldoffsets in the definition but not both.  It is also expected
-     * that both bank offsets are set when defining a banked register.  This
-     * use indicates that a register is banked.
-     */
-    ptrdiff_t bank_fieldoffsets[2];
-
-    /* Function for making any access checks for this register in addition to
-     * those specified by the 'access' permissions bits. If NULL, no extra
-     * checks required. The access check is performed at runtime, not at
-     * translate time.
-     */
-    CPAccessFn *accessfn;
-    /* Function for handling reads of this register. If NULL, then reads
-     * will be done by loading from the offset into CPUARMState specified
-     * by fieldoffset.
-     */
-    CPReadFn *readfn;
-    /* Function for handling writes of this register. If NULL, then writes
-     * will be done by writing to the offset into CPUARMState specified
-     * by fieldoffset.
-     */
-    CPWriteFn *writefn;
-    /* Function for doing a "raw" read; used when we need to copy
-     * coprocessor state to the kernel for KVM or out for
-     * migration. This only needs to be provided if there is also a
-     * readfn and it has side effects (for instance clear-on-read bits).
-     */
-    CPReadFn *raw_readfn;
-    /* Function for doing a "raw" write; used when we need to copy KVM
-     * kernel coprocessor state into userspace, or for inbound
-     * migration. This only needs to be provided if there is also a
-     * writefn and it masks out "unwritable" bits or has write-one-to-clear
-     * or similar behaviour.
-     */
-    CPWriteFn *raw_writefn;
-    /* Function for resetting the register. If NULL, then reset will be done
-     * by writing resetvalue to the field specified in fieldoffset. If
-     * fieldoffset is 0 then no reset will be done.
-     */
-    CPResetFn *resetfn;
-
-    /*
-     * "Original" writefn and readfn.
-     * For ARMv8.1-VHE register aliases, we overwrite the read/write
-     * accessor functions of various EL1/EL0 to perform the runtime
-     * check for which sysreg should actually be modified, and then
-     * forwards the operation.  Before overwriting the accessors,
-     * the original function is copied here, so that accesses that
-     * really do go to the EL1/EL0 version proceed normally.
-     * (The corresponding EL2 register is linked via opaque.)
-     */
-    CPReadFn *orig_readfn;
-    CPWriteFn *orig_writefn;
-};
-
-/* Macros which are lvalues for the field in CPUARMState for the
- * ARMCPRegInfo *ri.
- */
-#define CPREG_FIELD32(env, ri) \
-    (*(uint32_t *)((char *)(env) + (ri)->fieldoffset))
-#define CPREG_FIELD64(env, ri) \
-    (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
-
-#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
-
-void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
-                                    const ARMCPRegInfo *regs, void *opaque);
-void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
-                                       const ARMCPRegInfo *regs, void *opaque);
-static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
-{
-    define_arm_cp_regs_with_opaque(cpu, regs, 0);
-}
-static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
-{
-    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
-}
-const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
-
-/*
- * Definition of an ARM co-processor register as viewed from
- * userspace. This is used for presenting sanitised versions of
- * registers to userspace when emulating the Linux AArch64 CPU
- * ID/feature ABI (advertised as HWCAP_CPUID).
- */
-typedef struct ARMCPRegUserSpaceInfo {
-    /* Name of register */
-    const char *name;
-
-    /* Is the name actually a glob pattern */
-    bool is_glob;
-
-    /* Only some bits are exported to user space */
-    uint64_t exported_bits;
-
-    /* Fixed bits are applied after the mask */
-    uint64_t fixed_bits;
-} ARMCPRegUserSpaceInfo;
-
-#define REGUSERINFO_SENTINEL { .name = NULL }
-
-void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
-
-/* CPWriteFn that can be used to implement writes-ignored behaviour */
-void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
-                         uint64_t value);
-/* CPReadFn that can be used for read-as-zero behaviour */
-uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
-
-/* CPResetFn that does nothing, for use if no reset is required even
- * if fieldoffset is non zero.
- */
-void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque);
-
-/* Return true if this reginfo struct's field in the cpu state struct
- * is 64 bits wide.
- */
-static inline bool cpreg_field_is_64bit(const ARMCPRegInfo *ri)
-{
-    return (ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT);
-}
-
-static inline bool cp_access_ok(int current_el,
-                                const ARMCPRegInfo *ri, int isread)
-{
-    return (ri->access >> ((current_el * 2) + isread)) & 1;
-}
-
-/* Raw read of a coprocessor register (as needed for migration, etc) */
-uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri);
-
 /**
  * write_list_to_cpustate
  * @cpu: ARMCPU
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/cutils.h"
 #include "qemu/log.h"
 #include "qom/object.h"
+#include "target/arm/cpregs.h"
 
 static struct {
     hwaddr io_base;
diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/pxa2xx_pic.c
+++ b/hw/arm/pxa2xx_pic.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
 #include "qom/object.h"
+#include "target/arm/cpregs.h"
 
 #define ICIP	0x00	/* Interrupt Controller IRQ Pending register */
 #define ICMR	0x04	/* Interrupt Controller Mask register */
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@
 #include "gicv3_internal.h"
 #include "hw/irq.h"
 #include "cpu.h"
+#include "target/arm/cpregs.h"
 
 /*
  * Special case return value from hppvi_index(); must be larger than
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@
 #include "vgic_common.h"
 #include "migration/blocker.h"
 #include "qom/object.h"
+#include "target/arm/cpregs.h"
+
 
 #ifdef DEBUG_GICV3_KVM
 #define DPRINTF(fmt, ...) \
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@
 #include "kvm_arm.h"
 #include "disas/capstone.h"
 #include "fpu/softfloat.h"
+#include "cpregs.h"
 
 static void arm_cpu_set_pc(CPUState *cs, vaddr value)
 {
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@
 #include "hvf_arm.h"
 #include "qapi/visitor.h"
 #include "hw/qdev-properties.h"
+#include "cpregs.h"
 
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/boards.h"
 #endif
+#include "cpregs.h"
 
 /* CPU models. These are not needed for the AArch64 linux-user build. */
 #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -XXX,XX +XXX,XX @@
  */
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "internals.h"
 #include "exec/gdbstub.h"
+#include "internals.h"
+#include "cpregs.h"
 
 typedef struct RegisterSysregXmlParam {
     CPUState *cs;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "semihosting/common-semi.h"
 #endif
+#include "cpregs.h"
 
 #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
 #define PMCR_NUM_COUNTERS 4 /* QEMU IMPDEF choice */
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "internals.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
+#include "cpregs.h"
 
 #define SIGNBIT (uint32_t)0x80000000
 #define SIGNBIT64 ((uint64_t)1 << 63)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "translate.h"
 #include "internals.h"
 #include "qemu/host-utils.h"
-
 #include "semihosting/semihost.h"
 #include "exec/gen-icount.h"
-
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/log.h"
-
+#include "cpregs.h"
 #include "translate-a64.h"
 #include "qemu/atomic128.h"
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/bitops.h"
 #include "arm_ldst.h"
 #include "semihosting/semihost.h"
-
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
-
 #include "exec/log.h"
+#include "cpregs.h"
 
 
 #define ENABLE_ARCH_4T    arm_dc_feature(s, ARM_FEATURE_V4T)
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Rearrange the values of the enumerators of CPAccessResult
so that we may directly extract the target el. For the two
special cases in access_check_cp_reg, use CPAccessResult.

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@ static inline bool cptype_valid(int cptype)
 typedef enum CPAccessResult {
     /* Access is permitted */
     CP_ACCESS_OK = 0,
+
+    /*
+     * Combined with one of the following, the low 2 bits indicate the
+     * target exception level.  If 0, the exception is taken to the usual
+     * target EL (EL1 or PL1 if in EL0, otherwise to the current EL).
+     */
+    CP_ACCESS_EL_MASK = 3,
+
     /*
      * Access fails due to a configurable trap or enable which would
      * result in a categorized exception syndrome giving information about
      * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
-     * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
-     * PL1 if in EL0, otherwise to the current EL).
+     * 0xc or 0x18).
      */
-    CP_ACCESS_TRAP = 1,
+    CP_ACCESS_TRAP = (1 << 2),
+    CP_ACCESS_TRAP_EL2 = CP_ACCESS_TRAP | 2,
+    CP_ACCESS_TRAP_EL3 = CP_ACCESS_TRAP | 3,
+
     /*
      * Access fails and results in an exception syndrome 0x0 ("uncategorized").
      * Note that this is not a catch-all case -- the set of cases which may
      * result in this failure is specifically defined by the architecture.
      */
-    CP_ACCESS_TRAP_UNCATEGORIZED = 2,
-    /* As CP_ACCESS_TRAP, but for traps directly to EL2 or EL3 */
-    CP_ACCESS_TRAP_EL2 = 3,
-    CP_ACCESS_TRAP_EL3 = 4,
-    /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
-    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
-    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
+    CP_ACCESS_TRAP_UNCATEGORIZED = (2 << 2),
+    CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = CP_ACCESS_TRAP_UNCATEGORIZED | 2,
+    CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = CP_ACCESS_TRAP_UNCATEGORIZED | 3,
 } CPAccessResult;
 
 typedef struct ARMCPRegInfo ARMCPRegInfo;
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
                                  uint32_t isread)
 {
     const ARMCPRegInfo *ri = rip;
+    CPAccessResult res = CP_ACCESS_OK;
     int target_el;
 
     if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14
         && extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {
-        raise_exception(env, EXCP_UDEF, syndrome, exception_target_el(env));
+        res = CP_ACCESS_TRAP;
+        goto fail;
     }
 
     /*
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
         mask &= ~((1 << 4) | (1 << 14));
 
         if (env->cp15.hstr_el2 & mask) {
-            target_el = 2;
-            goto exept;
+            res = CP_ACCESS_TRAP_EL2;
+            goto fail;
         }
     }
 
-    if (!ri->accessfn) {
+    if (ri->accessfn) {
+        res = ri->accessfn(env, ri, isread);
+    }
+    if (likely(res == CP_ACCESS_OK)) {
         return;
     }
 
-    switch (ri->accessfn(env, ri, isread)) {
-    case CP_ACCESS_OK:
-        return;
+ fail:
+    switch (res & ~CP_ACCESS_EL_MASK) {
     case CP_ACCESS_TRAP:
-        target_el = exception_target_el(env);
-        break;
-    case CP_ACCESS_TRAP_EL2:
-        /* Requesting a trap to EL2 when we're in EL3 is
-         * a bug in the access function.
-         */
-        assert(arm_current_el(env) != 3);
-        target_el = 2;
-        break;
-    case CP_ACCESS_TRAP_EL3:
-        target_el = 3;
         break;
     case CP_ACCESS_TRAP_UNCATEGORIZED:
-        target_el = exception_target_el(env);
-        syndrome = syn_uncategorized();
-        break;
-    case CP_ACCESS_TRAP_UNCATEGORIZED_EL2:
-        target_el = 2;
-        syndrome = syn_uncategorized();
-        break;
-    case CP_ACCESS_TRAP_UNCATEGORIZED_EL3:
-        target_el = 3;
         syndrome = syn_uncategorized();
         break;
     default:
         g_assert_not_reached();
     }
 
-exept:
+    target_el = res & CP_ACCESS_EL_MASK;
+    switch (target_el) {
+    case 0:
+        target_el = exception_target_el(env);
+        break;
+    case 2:
+        assert(arm_current_el(env) != 3);
+        assert(arm_is_el2_enabled(env));
+        break;
+    case 3:
+        assert(arm_feature(env, ARM_FEATURE_EL3));
+        break;
+    default:
+        /* No "direct" traps to EL1 */
+        g_assert_not_reached();
+    }
+
     raise_exception(env, EXCP_UDEF, syndrome, target_el);
 }
 
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Remove a possible source of error by removing REGINFO_SENTINEL
and using ARRAY_SIZE (convinently hidden inside a macro) to
find the end of the set of regs being registered or modified.

The space saved by not having the extra array element reduces
the executable's .data.rel.ro section by about 9k.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpregs.h       |  53 +++++++++---------
 hw/arm/pxa2xx.c           |   1 -
 hw/arm/pxa2xx_pic.c       |   1 -
 hw/intc/arm_gicv3_cpuif.c |   5 --
 hw/intc/arm_gicv3_kvm.c   |   1 -
 target/arm/cpu64.c        |   1 -
 target/arm/cpu_tcg.c      |   4 --
 target/arm/helper.c       | 111 ++++++++------------------------------
 8 files changed, 48 insertions(+), 129 deletions(-)

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@
 #define ARM_CP_NO_GDB            0x4000
 #define ARM_CP_RAISES_EXC        0x8000
 #define ARM_CP_NEWEL             0x10000
-/* Used only as a terminator for ARMCPRegInfo lists */
-#define ARM_CP_SENTINEL          0xfffff
 /* Mask of only the flag bits in a type field */
 #define ARM_CP_FLAG_MASK         0x1f0ff
 
@@ -XXX,XX +XXX,XX @@ enum {
     ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
 };
 
-/*
- * Return true if cptype is a valid type field. This is used to try to
- * catch errors where the sentinel has been accidentally left off the end
- * of a list of registers.
- */
-static inline bool cptype_valid(int cptype)
-{
-    return ((cptype & ~ARM_CP_FLAG_MASK) == 0)
-        || ((cptype & ARM_CP_SPECIAL) &&
-            ((cptype & ~ARM_CP_FLAG_MASK) <= ARM_LAST_SPECIAL));
-}
-
 /*
  * Access rights:
  * We define bits for Read and Write access for what rev C of the v7-AR ARM ARM
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
 #define CPREG_FIELD64(env, ri) \
     (*(uint64_t *)((char *)(env) + (ri)->fieldoffset))
 
-#define REGINFO_SENTINEL { .type = ARM_CP_SENTINEL }
+void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu, const ARMCPRegInfo *reg,
+                                       void *opaque);
 
-void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
-                                    const ARMCPRegInfo *regs, void *opaque);
-void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
-                                       const ARMCPRegInfo *regs, void *opaque);
-static inline void define_arm_cp_regs(ARMCPU *cpu, const ARMCPRegInfo *regs)
-{
-    define_arm_cp_regs_with_opaque(cpu, regs, 0);
-}
 static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
 {
-    define_one_arm_cp_reg_with_opaque(cpu, regs, 0);
+    define_one_arm_cp_reg_with_opaque(cpu, regs, NULL);
 }
+
+void define_arm_cp_regs_with_opaque_len(ARMCPU *cpu, const ARMCPRegInfo *regs,
+                                        void *opaque, size_t len);
+
+#define define_arm_cp_regs_with_opaque(CPU, REGS, OPAQUE)               \
+    do {                                                                \
+        QEMU_BUILD_BUG_ON(ARRAY_SIZE(REGS) == 0);                       \
+        define_arm_cp_regs_with_opaque_len(CPU, REGS, OPAQUE,           \
+                                           ARRAY_SIZE(REGS));           \
+    } while (0)
+
+#define define_arm_cp_regs(CPU, REGS) \
+    define_arm_cp_regs_with_opaque(CPU, REGS, NULL)
+
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
 
 /*
@@ -XXX,XX +XXX,XX @@ typedef struct ARMCPRegUserSpaceInfo {
     uint64_t fixed_bits;
 } ARMCPRegUserSpaceInfo;
 
-#define REGUSERINFO_SENTINEL { .name = NULL }
+void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
+                                 const ARMCPRegUserSpaceInfo *mods,
+                                 size_t mods_len);
 
-void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
+#define modify_arm_cp_regs(REGS, MODS)                                  \
+    do {                                                                \
+        QEMU_BUILD_BUG_ON(ARRAY_SIZE(REGS) == 0);                       \
+        QEMU_BUILD_BUG_ON(ARRAY_SIZE(MODS) == 0);                       \
+        modify_arm_cp_regs_with_len(REGS, ARRAY_SIZE(REGS),             \
+                                    MODS, ARRAY_SIZE(MODS));            \
+    } while (0)
 
 /* CPWriteFn that can be used to implement writes-ignored behaviour */
 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pxa_cp_reginfo[] = {
     { .name = "PWRMODE", .cp = 14, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .type = ARM_CP_IO,
       .readfn = arm_cp_read_zero, .writefn = pxa2xx_pwrmode_write },
-    REGINFO_SENTINEL
 };
 
 static void pxa2xx_setup_cp14(PXA2xxState *s)
diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/pxa2xx_pic.c
+++ b/hw/arm/pxa2xx_pic.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pxa_pic_cp_reginfo[] = {
     REGINFO_FOR_PIC_CP("ICLR2", 8),
     REGINFO_FOR_PIC_CP("ICFP2", 9),
     REGINFO_FOR_PIC_CP("ICPR2", 0xa),
-    REGINFO_SENTINEL
 };
 
 static const MemoryRegionOps pxa2xx_pic_ops = {
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
       .readfn = icc_igrpen1_el3_read,
       .writefn = icc_igrpen1_el3_write,
     },
-    REGINFO_SENTINEL
 };
 
 static uint64_t ich_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_hcr_reginfo[] = {
       .readfn = ich_vmcr_read,
       .writefn = ich_vmcr_write,
     },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = {
       .readfn = ich_ap_read,
       .writefn = ich_ap_write,
     },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = {
       .readfn = ich_ap_read,
       .writefn = ich_ap_write,
     },
-    REGINFO_SENTINEL
 };
 
 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque)
@@ -XXX,XX +XXX,XX @@ void gicv3_init_cpuif(GICv3State *s)
                       .readfn = ich_lr_read,
                       .writefn = ich_lr_write,
                     },
-                    REGINFO_SENTINEL
                 };
                 define_arm_cp_regs(cpu, lr_regset);
             }
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
        */
       .resetfn = arm_gicv3_icc_reset,
     },
-    REGINFO_SENTINEL
 };
 
 /**
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortex_a72_a57_a53_cp_reginfo[] = {
     { .name = "L2MERRSR",
       .cp = 15, .opc1 = 3, .crm = 15,
       .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static void aarch64_a57_initfn(Object *obj)
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa8_cp_reginfo[] = {
       .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
     { .name = "L2AUXCR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
       .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static void cortex_a8_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa9_cp_reginfo[] = {
       .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
     { .name = "TLB_ATTR", .cp = 15, .crn = 15, .crm = 7, .opc1 = 5, .opc2 = 2,
       .access = PL1_RW, .resetvalue = 0, .type = ARM_CP_CONST },
-    REGINFO_SENTINEL
 };
 
 static void cortex_a9_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
 #endif
     { .name = "L2ECTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 3,
       .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static void cortex_a7_initfn(Object *obj)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cortexr5_cp_reginfo[] = {
       .access = PL1_RW, .type = ARM_CP_CONST },
     { .name = "DCACHE_INVAL", .cp = 15, .opc1 = 0, .crn = 15, .crm = 5,
       .opc2 = 0, .access = PL1_W, .type = ARM_CP_NOP },
-    REGINFO_SENTINEL
 };
 
 static void cortex_r5_initfn(Object *obj)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cp_reginfo[] = {
       .secure = ARM_CP_SECSTATE_S,
       .fieldoffset = offsetof(CPUARMState, cp15.contextidr_s),
       .resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo not_v8_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
     { .name = "CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
       .opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
       .type = ARM_CP_NOP | ARM_CP_OVERRIDE },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo not_v6_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v6_cp_reginfo[] = {
      */
     { .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
       .access = PL1_W, .type = ARM_CP_WFI },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo not_v7_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
       .opc1 = 0, .opc2 = 0, .access = PL1_RW, .type = ARM_CP_NOP },
     { .name = "NMRR", .cp = 15, .crn = 10, .crm = 2,
       .opc1 = 0, .opc2 = 1, .access = PL1_RW, .type = ARM_CP_NOP },
-    REGINFO_SENTINEL
 };
 
 static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
       .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2, .accessfn = cpacr_access,
       .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.cpacr_el1),
       .resetfn = cpacr_reset, .writefn = cpacr_write, .readfn = cpacr_read },
-    REGINFO_SENTINEL
 };
 
 typedef struct pm_event {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
     { .name = "TLBIMVAA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 3,
       .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
       .writefn = tlbimvaa_write },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo v7mp_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7mp_cp_reginfo[] = {
     { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
       .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
       .writefn = tlbimvaa_is_write },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
       .writefn = pmovsset_write,
       .raw_writefn = raw_write },
-    REGINFO_SENTINEL
 };
 
 static void teecr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo t2ee_cp_reginfo[] = {
     { .name = "TEEHBR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
       .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
       .accessfn = teehbr_access, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo v6k_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
       .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tpidrprw_s),
                              offsetoflow32(CPUARMState, cp15.tpidrprw_ns) },
       .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_SEC].cval),
       .writefn = gt_sec_cval_write, .raw_writefn = raw_write,
     },
-    REGINFO_SENTINEL
 };
 
 static CPAccessResult e2h_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .access = PL0_R, .type = ARM_CP_NO_RAW | ARM_CP_IO,
       .readfn = gt_virt_cnt_read,
     },
-    REGINFO_SENTINEL
 };
 
 #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vapa_cp_reginfo[] = {
       .access = PL1_W, .accessfn = ats_access,
       .writefn = ats_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
 #endif
-    REGINFO_SENTINEL
 };
 
 /* Return basic MPU access permission bits.  */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, pmsav7.rnr[M_REG_NS]),
       .writefn = pmsav7_rgnr_write,
       .resetfn = arm_cp_reset_ignore },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
     { .name = "946_PRBS7", .cp = 15, .crn = 6, .crm = 7, .opc1 = 0,
       .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
       .fieldoffset = offsetof(CPUARMState, cp15.c6_region[7]) },
-    REGINFO_SENTINEL
 };
 
 static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_pmsa_cp_reginfo[] = {
       .access = PL1_RW, .accessfn = access_tvm_trvm,
       .fieldoffset = offsetof(CPUARMState, cp15.far_el[1]),
       .resetvalue = 0, },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo vmsa_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
       /* No offsetoflow32 -- pass the entire TCR to writefn/raw_writefn. */
       .bank_fieldoffsets = { offsetof(CPUARMState, cp15.tcr_el[3]),
                              offsetof(CPUARMState, cp15.tcr_el[1])} },
-    REGINFO_SENTINEL
 };
 
 /* Note that unlike TTBCR, writing to TTBCR2 does not require flushing
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo omap_cp_reginfo[] = {
     { .name = "C9", .cp = 15, .crn = 9,
       .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW,
       .type = ARM_CP_CONST | ARM_CP_OVERRIDE, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static void xscale_cpar_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo xscale_cp_reginfo[] = {
     { .name = "XSCALE_UNLOCK_DCACHE",
       .cp = 15, .opc1 = 0, .crn = 9, .crm = 2, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NOP },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
       .access = PL1_RW,
       .type = ARM_CP_CONST | ARM_CP_NO_RAW | ARM_CP_OVERRIDE,
       .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
     { .name = "CDSR", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 6,
       .access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_RAW,
       .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
       .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
     { .name = "CIDCR", .cp = 15, .crm = 14, .opc1 = 0,
       .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
     { .name = "TCI_DCACHE", .cp = 15, .crn = 7, .crm = 14, .opc1 = 0, .opc2 = 3,
       .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_RAW,
       .resetvalue = (1 << 30) },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo strongarm_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo strongarm_cp_reginfo[] = {
       .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
       .access = PL1_RW, .resetvalue = 0,
       .type = ARM_CP_CONST | ARM_CP_OVERRIDE | ARM_CP_NO_RAW },
-    REGINFO_SENTINEL
 };
 
 static uint64_t midr_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
       .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr1_s),
                              offsetof(CPUARMState, cp15.ttbr1_ns) },
       .writefn = vmsa_ttbr_write, },
-    REGINFO_SENTINEL
 };
 
 static uint64_t aa64_fpcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
       .access = PL1_RW, .accessfn = access_trap_aa32s_el1,
       .writefn = sdcr_write,
       .fieldoffset = offsetoflow32(CPUARMState, cp15.mdcr_el3) },
-    REGINFO_SENTINEL
 };
 
 /* Used to describe the behaviour of EL2 regs when EL2 does not exist.  */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
       .type = ARM_CP_CONST,
       .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
       .access = PL2_RW, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 /* Ditto, but for registers which exist in ARMv8 but not v7 */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_v8_cp_reginfo[] = {
       .cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 4,
       .access = PL2_RW,
       .type = ARM_CP_CONST, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .cp = 15, .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 3,
       .access = PL2_RW,
       .fieldoffset = offsetof(CPUARMState, cp15.hstr_el2) },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo el2_v8_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_v8_cp_reginfo[] = {
       .access = PL2_RW,
       .fieldoffset = offsetofhigh32(CPUARMState, cp15.hcr_el2),
       .writefn = hcr_writehigh },
-    REGINFO_SENTINEL
 };
 
 static CPAccessResult sel2_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_sec_cp_reginfo[] = {
       .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 6, .opc2 = 2,
       .access = PL2_RW, .accessfn = sel2_access,
       .fieldoffset = offsetof(CPUARMState, cp15.vstcr_el2) },
-    REGINFO_SENTINEL
 };
 
 static CPAccessResult nsacr_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
       .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 7, .opc2 = 5,
       .access = PL3_W, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae3_write },
-    REGINFO_SENTINEL
 };
 
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
       .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
       .access = PL1_RW, .accessfn = access_tda,
       .type = ARM_CP_NOP },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
       .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
     { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
       .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 /* Return the exception level to which exceptions should be taken
@@ -XXX,XX +XXX,XX @@ static void define_debug_regs(ARMCPU *cpu)
               .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
               .writefn = dbgbcr_write, .raw_writefn = raw_write
             },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, dbgregs);
     }
@@ -XXX,XX +XXX,XX @@ static void define_debug_regs(ARMCPU *cpu)
               .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
               .writefn = dbgwcr_write, .raw_writefn = raw_write
             },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, dbgregs);
     }
@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
               .type = ARM_CP_IO,
               .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
               .raw_writefn = pmevtyper_rawwrite },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, pmev_regs);
         g_free(pmevcntr_name);
@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
               .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 5,
               .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
               .resetvalue = extract64(cpu->pmceid1, 32, 32) },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, v81_pmu_regs);
     }
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo lor_reginfo[] = {
       .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7,
       .access = PL1_R, .accessfn = access_lor_ns,
       .type = ARM_CP_CONST, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 #ifdef TARGET_AARCH64
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
       .access = PL1_RW, .accessfn = access_pauth,
       .fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo tlbirange_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
       .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 6, .opc2 = 5,
       .access = PL3_W, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_rvae3_write },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo tlbios_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbios_reginfo[] = {
       .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 5,
       .access = PL3_W, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae3is_write },
-    REGINFO_SENTINEL
 };
 
 static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo rndr_reginfo[] = {
       .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
       .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
       .access = PL0_R, .readfn = rndr_readfn },
-    REGINFO_SENTINEL
 };
 
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dcpop_reg[] = {
       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 1,
       .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
       .accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo dcpodp_reg[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo dcpodp_reg[] = {
       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 1,
       .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
       .accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
-    REGINFO_SENTINEL
 };
 #endif /*CONFIG_USER_ONLY*/
 
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo mte_reginfo[] = {
     { .name = "DC_CIGDSW", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 6,
       .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo mte_tco_ro_reginfo[] = {
     { .name = "TCO", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 7,
       .type = ARM_CP_CONST, .access = PL0_RW, },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
       .accessfn = aa64_zva_access,
 #endif
     },
-    REGINFO_SENTINEL
 };
 
 #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
     { .name = "CPPRCTX", .state = ARM_CP_STATE_AA32,
       .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 7,
       .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
-    REGINFO_SENTINEL
 };
 
 static uint64_t ccsidr2_read(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ccsidr2_reginfo[] = {
       .access = PL1_R,
       .accessfn = access_aa64_tid2,
       .readfn = ccsidr2_read, .type = ARM_CP_NO_RAW },
-    REGINFO_SENTINEL
 };
 
 static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo jazelle_regs[] = {
       .cp = 14, .crn = 2, .crm = 0, .opc1 = 7, .opc2 = 0,
       .accessfn = access_joscr_jmcr,
       .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo vhe_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vhe_reginfo[] = {
       .access = PL2_RW, .accessfn = e2h_access,
       .writefn = gt_virt_cval_write, .raw_writefn = raw_write },
 #endif
-    REGINFO_SENTINEL
 };
 
 #ifndef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ats1e1_reginfo[] = {
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
       .writefn = ats_write64 },
-    REGINFO_SENTINEL
 };
 
 static const ARMCPRegInfo ats1cp_reginfo[] = {
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ats1cp_reginfo[] = {
       .cp = 15, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
       .writefn = ats_write },
-    REGINFO_SENTINEL
 };
 #endif
 
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo actlr2_hactlr2_reginfo[] = {
       .cp = 15, .opc1 = 4, .crn = 1, .crm = 0, .opc2 = 3,
       .access = PL2_RW, .type = ARM_CP_CONST,
       .resetvalue = 0 },
-    REGINFO_SENTINEL
 };
 
 void register_cp_regs_for_features(ARMCPU *cpu)
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL1_R, .type = ARM_CP_CONST,
               .accessfn = access_aa32_tid3,
               .resetvalue = cpu->isar.id_isar6 },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, v6_idregs);
         define_arm_cp_regs(cpu, v6_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 7,
               .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
               .resetvalue = cpu->pmceid1 },
-            REGINFO_SENTINEL
         };
 #ifdef CONFIG_USER_ONLY
         ARMCPRegUserSpaceInfo v8_user_idregs[] = {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .exported_bits = 0x000000f0ffffffff },
             { .name = "ID_AA64ISAR*_EL1_RESERVED",
               .is_glob = true                     },
-            REGUSERINFO_SENTINEL
         };
         modify_arm_cp_regs(v8_idregs, v8_user_idregs);
 #endif
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL2_RW,
               .resetvalue = vmpidr_def,
               .fieldoffset = offsetof(CPUARMState, cp15.vmpidr_el2) },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, vpidr_regs);
         define_arm_cp_regs(cpu, el2_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                   .access = PL2_RW, .accessfn = access_el3_aa32ns,
                   .type = ARM_CP_NO_RAW,
                   .writefn = arm_cp_write_ignore, .readfn = mpidr_read },
-                REGINFO_SENTINEL
             };
             define_arm_cp_regs(cpu, vpidr_regs);
             define_arm_cp_regs(cpu, el3_no_el2_cp_reginfo);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .raw_writefn = raw_write, .writefn = sctlr_write,
               .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[3]),
               .resetvalue = cpu->reset_sctlr },
-            REGINFO_SENTINEL
         };
 
         define_arm_cp_regs(cpu, el3_regs);
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             { .name = "DUMMY",
               .cp = 15, .crn = 0, .crm = 7, .opc1 = 0, .opc2 = CP_ANY,
               .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
-            REGINFO_SENTINEL
         };
         ARMCPRegInfo id_v8_midr_cp_reginfo[] = {
             { .name = "MIDR_EL1", .state = ARM_CP_STATE_BOTH,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL1_R,
               .accessfn = access_aa64_tid1,
               .type = ARM_CP_CONST, .resetvalue = cpu->revidr },
-            REGINFO_SENTINEL
         };
         ARMCPRegInfo id_cp_reginfo[] = {
             /* These are common to v8 and pre-v8 */
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL1_R,
               .accessfn = access_aa32_tid1,
               .type = ARM_CP_CONST, .resetvalue = 0 },
-            REGINFO_SENTINEL
         };
         /* TLBTR is specific to VMSA */
         ARMCPRegInfo id_tlbtr_reginfo = {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             { .name = "MIDR_EL1",
               .exported_bits = 0x00000000ffffffff },
             { .name = "REVIDR_EL1"                },
-            REGUSERINFO_SENTINEL
         };
         modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
 #endif
         if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
             arm_feature(env, ARM_FEATURE_STRONGARM)) {
-            ARMCPRegInfo *r;
+            size_t i;
             /* Register the blanket "writes ignored" value first to cover the
              * whole space. Then update the specific ID registers to allow write
              * access, so that they ignore writes rather than causing them to
              * UNDEF.
              */
             define_one_arm_cp_reg(cpu, &crn0_wi_reginfo);
-            for (r = id_pre_v8_midr_cp_reginfo;
-                 r->type != ARM_CP_SENTINEL; r++) {
-                r->access = PL1_RW;
+            for (i = 0; i < ARRAY_SIZE(id_pre_v8_midr_cp_reginfo); ++i) {
+                id_pre_v8_midr_cp_reginfo[i].access = PL1_RW;
             }
-            for (r = id_cp_reginfo; r->type != ARM_CP_SENTINEL; r++) {
-                r->access = PL1_RW;
+            for (i = 0; i < ARRAY_SIZE(id_cp_reginfo); ++i) {
+                id_cp_reginfo[i].access = PL1_RW;
             }
             id_mpuir_reginfo.access = PL1_RW;
             id_tlbtr_reginfo.access = PL1_RW;
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             { .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
               .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
               .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
-            REGINFO_SENTINEL
         };
 #ifdef CONFIG_USER_ONLY
         ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
             { .name = "MPIDR_EL1",
               .fixed_bits = 0x0000000080000000 },
-            REGUSERINFO_SENTINEL
         };
         modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
 #endif
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 0, .opc2 = 1,
               .access = PL3_RW, .type = ARM_CP_CONST,
               .resetvalue = 0 },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, auxcr_reginfo);
         if (cpu_isar_feature(aa32_ac2, cpu)) {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
                   .type = ARM_CP_CONST,
                   .opc0 = 3, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 0,
                   .access = PL1_R, .resetvalue = cpu->reset_cbar },
-                REGINFO_SENTINEL
             };
             /* We don't implement a r/w 64 bit CBAR currently */
             assert(arm_feature(env, ARM_FEATURE_CBAR_RO));
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
                                      offsetof(CPUARMState, cp15.vbar_ns) },
               .resetvalue = 0 },
-            REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, vbar_cp_reginfo);
     }
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
                    r->writefn);
         }
     }
-    /* Bad type field probably means missing sentinel at end of reg list */
-    assert(cptype_valid(r->type));
+
     for (crm = crmmin; crm <= crmmax; crm++) {
         for (opc1 = opc1min; opc1 <= opc1max; opc1++) {
             for (opc2 = opc2min; opc2 <= opc2max; opc2++) {
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
     }
 }
 
-void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
-                                    const ARMCPRegInfo *regs, void *opaque)
+/* Define a whole list of registers */
+void define_arm_cp_regs_with_opaque_len(ARMCPU *cpu, const ARMCPRegInfo *regs,
+                                        void *opaque, size_t len)
 {
-    /* Define a whole list of registers */
-    const ARMCPRegInfo *r;
-    for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
-        define_one_arm_cp_reg_with_opaque(cpu, r, opaque);
+    size_t i;
+    for (i = 0; i < len; ++i) {
+        define_one_arm_cp_reg_with_opaque(cpu, regs + i, opaque);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
  * user-space cannot alter any values and dynamic values pertaining to
  * execution state are hidden from user space view anyway.
  */
-void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
+void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
+                                 const ARMCPRegUserSpaceInfo *mods,
+                                 size_t mods_len)
 {
-    const ARMCPRegUserSpaceInfo *m;
-    ARMCPRegInfo *r;
-
-    for (m = mods; m->name; m++) {
+    for (size_t mi = 0; mi < mods_len; ++mi) {
+        const ARMCPRegUserSpaceInfo *m = mods + mi;
         GPatternSpec *pat = NULL;
+
         if (m->is_glob) {
             pat = g_pattern_spec_new(m->name);
         }
-        for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
+        for (size_t ri = 0; ri < regs_len; ++ri) {
+            ARMCPRegInfo *r = regs + ri;
+
             if (pat && g_pattern_match_string(pat, r->name)) {
                 r->type = ARM_CP_CONST;
                 r->access = PL0U_R;
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

These particular data structures are not modified at runtime.

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .resetvalue = cpu->pmceid1 },
         };
 #ifdef CONFIG_USER_ONLY
-        ARMCPRegUserSpaceInfo v8_user_idregs[] = {
+        static const ARMCPRegUserSpaceInfo v8_user_idregs[] = {
             { .name = "ID_AA64PFR0_EL1",
               .exported_bits = 0x000f000f00ff0000,
               .fixed_bits    = 0x0000000000000011 },
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
      */
     if (arm_feature(env, ARM_FEATURE_EL3)) {
         if (arm_feature(env, ARM_FEATURE_AARCH64)) {
-            ARMCPRegInfo nsacr = {
+            static const ARMCPRegInfo nsacr = {
                 .name = "NSACR", .type = ARM_CP_CONST,
                 .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                 .access = PL1_RW, .accessfn = nsacr_access,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             };
             define_one_arm_cp_reg(cpu, &nsacr);
         } else {
-            ARMCPRegInfo nsacr = {
+            static const ARMCPRegInfo nsacr = {
                 .name = "NSACR",
                 .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                 .access = PL3_RW | PL1_R,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
         }
     } else {
         if (arm_feature(env, ARM_FEATURE_V8)) {
-            ARMCPRegInfo nsacr = {
+            static const ARMCPRegInfo nsacr = {
                 .name = "NSACR", .type = ARM_CP_CONST,
                 .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
                 .access = PL1_R,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL1_R, .type = ARM_CP_CONST,
               .resetvalue = cpu->pmsav7_dregion << 8
         };
-        ARMCPRegInfo crn0_wi_reginfo = {
+        static const ARMCPRegInfo crn0_wi_reginfo = {
             .name = "CRN0_WI", .cp = 15, .crn = 0, .crm = CP_ANY,
             .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
             .type = ARM_CP_NOP | ARM_CP_OVERRIDE
         };
 #ifdef CONFIG_USER_ONLY
-        ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
+        static const ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
             { .name = "MIDR_EL1",
               .exported_bits = 0x00000000ffffffff },
             { .name = "REVIDR_EL1"                },
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
         };
 #ifdef CONFIG_USER_ONLY
-        ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
+        static const ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
             { .name = "MPIDR_EL1",
               .fixed_bits = 0x0000000080000000 },
         };
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
     }
 
     if (arm_feature(env, ARM_FEATURE_VBAR)) {
-        ARMCPRegInfo vbar_cp_reginfo[] = {
+        static const ARMCPRegInfo vbar_cp_reginfo[] = {
             { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
               .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
               .access = PL1_RW, .writefn = vbar_write,
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Instead of defining ARM_CP_FLAG_MASK to remove flags,
define ARM_CP_SPECIAL_MASK to isolate special cases.
Sort the specials to the low bits. Use an enum.

Split the large comment block so as to document each
value separately.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpregs.h        | 130 +++++++++++++++++++++++--------------
 target/arm/cpu.c           |   4 +-
 target/arm/helper.c        |   4 +-
 target/arm/translate-a64.c |   6 +-
 target/arm/translate.c     |   6 +-
 5 files changed, 92 insertions(+), 58 deletions(-)

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@
 #define TARGET_ARM_CPREGS_H
 
 /*
- * ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
- * special-behaviour cp reg and bits [11..8] indicate what behaviour
- * it has. Otherwise it is a simple cp reg, where CONST indicates that
- * TCG can assume the value to be constant (ie load at translate time)
- * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
- * indicates that the TB should not be ended after a write to this register
- * (the default is that the TB ends after cp writes). OVERRIDE permits
- * a register definition to override a previous definition for the
- * same (cp, is64, crn, crm, opc1, opc2) tuple: either the new or the
- * old must have the OVERRIDE bit set.
- * ALIAS indicates that this register is an alias view of some underlying
- * state which is also visible via another register, and that the other
- * register is handling migration and reset; registers marked ALIAS will not be
- * migrated but may have their state set by syncing of register state from KVM.
- * NO_RAW indicates that this register has no underlying state and does not
- * support raw access for state saving/loading; it will not be used for either
- * migration or KVM state synchronization. (Typically this is for "registers"
- * which are actually used as instructions for cache maintenance and so on.)
- * IO indicates that this register does I/O and therefore its accesses
- * need to be marked with gen_io_start() and also end the TB. In particular,
- * registers which implement clocks or timers require this.
- * RAISES_EXC is for when the read or write hook might raise an exception;
- * the generated code will synchronize the CPU state before calling the hook
- * so that it is safe for the hook to call raise_exception().
- * NEWEL is for writes to registers that might change the exception
- * level - typically on older ARM chips. For those cases we need to
- * re-read the new el when recomputing the translation flags.
+ * ARMCPRegInfo type field bits:
  */
-#define ARM_CP_SPECIAL           0x0001
-#define ARM_CP_CONST             0x0002
-#define ARM_CP_64BIT             0x0004
-#define ARM_CP_SUPPRESS_TB_END   0x0008
-#define ARM_CP_OVERRIDE          0x0010
-#define ARM_CP_ALIAS             0x0020
-#define ARM_CP_IO                0x0040
-#define ARM_CP_NO_RAW            0x0080
-#define ARM_CP_NOP               (ARM_CP_SPECIAL | 0x0100)
-#define ARM_CP_WFI               (ARM_CP_SPECIAL | 0x0200)
-#define ARM_CP_NZCV              (ARM_CP_SPECIAL | 0x0300)
-#define ARM_CP_CURRENTEL         (ARM_CP_SPECIAL | 0x0400)
-#define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
-#define ARM_CP_DC_GVA            (ARM_CP_SPECIAL | 0x0600)
-#define ARM_CP_DC_GZVA           (ARM_CP_SPECIAL | 0x0700)
-#define ARM_LAST_SPECIAL         ARM_CP_DC_GZVA
-#define ARM_CP_FPU               0x1000
-#define ARM_CP_SVE               0x2000
-#define ARM_CP_NO_GDB            0x4000
-#define ARM_CP_RAISES_EXC        0x8000
-#define ARM_CP_NEWEL             0x10000
-/* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK         0x1f0ff
+enum {
+    /*
+     * Register must be handled specially during translation.
+     * The method is one of the values below:
+     */
+    ARM_CP_SPECIAL_MASK          = 0x000f,
+    /* Special: no change to PE state: writes ignored, reads ignored. */
+    ARM_CP_NOP                   = 0x0001,
+    /* Special: sysreg is WFI, for v5 and v6. */
+    ARM_CP_WFI                   = 0x0002,
+    /* Special: sysreg is NZCV. */
+    ARM_CP_NZCV                  = 0x0003,
+    /* Special: sysreg is CURRENTEL. */
+    ARM_CP_CURRENTEL             = 0x0004,
+    /* Special: sysreg is DC ZVA or similar. */
+    ARM_CP_DC_ZVA                = 0x0005,
+    ARM_CP_DC_GVA                = 0x0006,
+    ARM_CP_DC_GZVA               = 0x0007,
+
+    /* Flag: reads produce resetvalue; writes ignored. */
+    ARM_CP_CONST                 = 1 << 4,
+    /* Flag: For ARM_CP_STATE_AA32, sysreg is 64-bit. */
+    ARM_CP_64BIT                 = 1 << 5,
+    /*
+     * Flag: TB should not be ended after a write to this register
+     * (the default is that the TB ends after cp writes).
+     */
+    ARM_CP_SUPPRESS_TB_END       = 1 << 6,
+    /*
+     * Flag: Permit a register definition to override a previous definition
+     * for the same (cp, is64, crn, crm, opc1, opc2) tuple: either the new
+     * or the old must have the ARM_CP_OVERRIDE bit set.
+     */
+    ARM_CP_OVERRIDE              = 1 << 7,
+    /*
+     * Flag: Register is an alias view of some underlying state which is also
+     * visible via another register, and that the other register is handling
+     * migration and reset; registers marked ARM_CP_ALIAS will not be migrated
+     * but may have their state set by syncing of register state from KVM.
+     */
+    ARM_CP_ALIAS                 = 1 << 8,
+    /*
+     * Flag: Register does I/O and therefore its accesses need to be marked
+     * with gen_io_start() and also end the TB. In particular, registers which
+     * implement clocks or timers require this.
+     */
+    ARM_CP_IO                    = 1 << 9,
+    /*
+     * Flag: Register has no underlying state and does not support raw access
+     * for state saving/loading; it will not be used for either migration or
+     * KVM state synchronization. Typically this is for "registers" which are
+     * actually used as instructions for cache maintenance and so on.
+     */
+    ARM_CP_NO_RAW                = 1 << 10,
+    /*
+     * Flag: The read or write hook might raise an exception; the generated
+     * code will synchronize the CPU state before calling the hook so that it
+     * is safe for the hook to call raise_exception().
+     */
+    ARM_CP_RAISES_EXC            = 1 << 11,
+    /*
+     * Flag: Writes to the sysreg might change the exception level - typically
+     * on older ARM chips. For those cases we need to re-read the new el when
+     * recomputing the translation flags.
+     */
+    ARM_CP_NEWEL                 = 1 << 12,
+    /*
+     * Flag: Access check for this sysreg is identical to accessing FPU state
+     * from an instruction: use translation fp_access_check().
+     */
+    ARM_CP_FPU                   = 1 << 13,
+    /*
+     * Flag: Access check for this sysreg is identical to accessing SVE state
+     * from an instruction: use translation sve_access_check().
+     */
+    ARM_CP_SVE                   = 1 << 14,
+    /* Flag: Do not expose in gdb sysreg xml. */
+    ARM_CP_NO_GDB                = 1 << 15,
+};
 
 /*
  * Valid values for ARMCPRegInfo state field, indicating which of
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
     ARMCPRegInfo *ri = value;
     ARMCPU *cpu = opaque;
 
-    if (ri->type & (ARM_CP_SPECIAL | ARM_CP_ALIAS)) {
+    if (ri->type & (ARM_CP_SPECIAL_MASK | ARM_CP_ALIAS)) {
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void cp_reg_check_reset(gpointer key, gpointer value,  gpointer opaque)
     ARMCPU *cpu = opaque;
     uint64_t oldvalue, newvalue;
 
-    if (ri->type & (ARM_CP_SPECIAL | ARM_CP_ALIAS | ARM_CP_NO_RAW)) {
+    if (ri->type & (ARM_CP_SPECIAL_MASK | ARM_CP_ALIAS | ARM_CP_NO_RAW)) {
         return;
     }
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      * multiple times. Special registers (ie NOP/WFI) are
      * never migratable and not even raw-accessible.
      */
-    if ((r->type & ARM_CP_SPECIAL)) {
+    if (r->type & ARM_CP_SPECIAL_MASK) {
         r2->type |= ARM_CP_NO_RAW;
     }
     if (((r->crm == CP_ANY) && crm != 0) ||
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
     /* Check that the register definition has enough info to handle
      * reads and writes if they are permitted.
      */
-    if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
+    if (!(r->type & (ARM_CP_SPECIAL_MASK | ARM_CP_CONST))) {
         if (r->access & PL3_R) {
             assert((r->fieldoffset ||
                    (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1])) ||
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
     }
 
     /* Handle special cases first */
-    switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
+    switch (ri->type & ARM_CP_SPECIAL_MASK) {
+    case 0:
+        break;
     case ARM_CP_NOP:
         return;
     case ARM_CP_NZCV:
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
         }
         return;
     default:
-        break;
+        g_assert_not_reached();
     }
     if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
         return;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
         }
 
         /* Handle special cases first */
-        switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
+        switch (ri->type & ARM_CP_SPECIAL_MASK) {
+        case 0:
+            break;
         case ARM_CP_NOP:
             return;
         case ARM_CP_WFI:
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
             s->base.is_jmp = DISAS_WFI;
             return;
         default:
-            break;
+            g_assert_not_reached();
         }
 
         if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Standardize on g_assert_not_reached() for "should not happen".
Retain abort() when preceeded by fprintf or error_report.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c         | 7 +++----
 target/arm/hvf/hvf.c        | 2 +-
 target/arm/kvm-stub.c       | 4 ++--
 target/arm/kvm.c            | 4 ++--
 target/arm/machine.c        | 4 ++--
 target/arm/translate-a64.c  | 4 ++--
 target/arm/translate-neon.c | 2 +-
 target/arm/translate.c      | 4 ++--
 8 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
             break;
         default:
             /* broken reginfo with out-of-range opc1 */
-            assert(false);
-            break;
+            g_assert_not_reached();
         }
         /* assert our permissions are not too lax (stricter is fine) */
         assert((r->access & ~mask) == 0);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
             break;
         default:
             /* Never happens, but compiler isn't smart enough to tell.  */
-            abort();
+            g_assert_not_reached();
         }
     }
     *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
             break;
         default:
             /* Never happens, but compiler isn't smart enough to tell.  */
-            abort();
+            g_assert_not_reached();
         }
     }
     if (domain_prot == 3) {
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
         /* we got kicked, no exit to process */
         return 0;
     default:
-        assert(0);
+        g_assert_not_reached();
     }
 
     hvf_sync_vtimer(cpu);
diff --git a/target/arm/kvm-stub.c b/target/arm/kvm-stub.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm-stub.c
+++ b/target/arm/kvm-stub.c
@@ -XXX,XX +XXX,XX @@
 
 bool write_kvmstate_to_list(ARMCPU *cpu)
 {
-    abort();
+    g_assert_not_reached();
 }
 
 bool write_list_to_kvmstate(ARMCPU *cpu, int level)
 {
-    abort();
+    g_assert_not_reached();
 }
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ bool write_kvmstate_to_list(ARMCPU *cpu)
             ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &r);
             break;
         default:
-            abort();
+            g_assert_not_reached();
         }
         if (ret) {
             ok = false;
@@ -XXX,XX +XXX,XX @@ bool write_list_to_kvmstate(ARMCPU *cpu, int level)
             r.addr = (uintptr_t)(cpu->cpreg_values + i);
             break;
         default:
-            abort();
+            g_assert_not_reached();
         }
         ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &r);
         if (ret) {
diff --git a/target/arm/machine.c b/target/arm/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
     if (kvm_enabled()) {
         if (!write_kvmstate_to_list(cpu)) {
             /* This should never fail */
-            abort();
+            g_assert_not_reached();
         }
 
         /*
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
     } else {
         if (!write_cpustate_to_list(cpu, false)) {
             /* This should never fail. */
-            abort();
+            g_assert_not_reached();
         }
     }
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn)
         gen_helper_advsimd_rinth(tcg_res, tcg_op, fpst);
         break;
     default:
-        abort();
+        g_assert_not_reached();
     }
 
     write_fp_sreg(s, rd, tcg_res);
@@ -XXX,XX +XXX,XX @@ static void handle_fp_fcvt(DisasContext *s, int opcode,
         break;
     }
     default:
-        abort();
+        g_assert_not_reached();
     }
 }
 
diff --git a/target/arm/translate-neon.c b/target/arm/translate-neon.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-neon.c
+++ b/target/arm/translate-neon.c
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
         }
         break;
     default:
-        abort();
+        g_assert_not_reached();
     }
     if ((vd + a->stride * (nregs - 1)) > 31) {
         /*
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
         offset = 4;
         break;
     default:
-        abort();
+        g_assert_not_reached();
     }
     tcg_gen_addi_i32(addr, addr, offset);
     tmp = load_reg(s, 14);
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
             offset = 0;
             break;
         default:
-            abort();
+            g_assert_not_reached();
         }
         tcg_gen_addi_i32(addr, addr, offset);
         gen_helper_set_r13_banked(cpu_env, tcg_constant_i32(mode), addr);
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Create a typedef as well, and use it in ARMCPRegInfo.
This won't be perfect for debugging, but it'll nicely
display the most common cases.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpregs.h | 44 +++++++++++++++++++++++---------------------
 target/arm/helper.c |  2 +-
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@ enum {
  * described with these bits, then use a laxer set of restrictions, and
  * do the more restrictive/complex check inside a helper function.
  */
-#define PL3_R 0x80
-#define PL3_W 0x40
-#define PL2_R (0x20 | PL3_R)
-#define PL2_W (0x10 | PL3_W)
-#define PL1_R (0x08 | PL2_R)
-#define PL1_W (0x04 | PL2_W)
-#define PL0_R (0x02 | PL1_R)
-#define PL0_W (0x01 | PL1_W)
+typedef enum {
+    PL3_R = 0x80,
+    PL3_W = 0x40,
+    PL2_R = 0x20 | PL3_R,
+    PL2_W = 0x10 | PL3_W,
+    PL1_R = 0x08 | PL2_R,
+    PL1_W = 0x04 | PL2_W,
+    PL0_R = 0x02 | PL1_R,
+    PL0_W = 0x01 | PL1_W,
 
-/*
- * For user-mode some registers are accessible to EL0 via a kernel
- * trap-and-emulate ABI. In this case we define the read permissions
- * as actually being PL0_R. However some bits of any given register
- * may still be masked.
- */
+    /*
+     * For user-mode some registers are accessible to EL0 via a kernel
+     * trap-and-emulate ABI. In this case we define the read permissions
+     * as actually being PL0_R. However some bits of any given register
+     * may still be masked.
+     */
 #ifdef CONFIG_USER_ONLY
-#define PL0U_R PL0_R
+    PL0U_R = PL0_R,
 #else
-#define PL0U_R PL1_R
+    PL0U_R = PL1_R,
 #endif
 
-#define PL3_RW (PL3_R | PL3_W)
-#define PL2_RW (PL2_R | PL2_W)
-#define PL1_RW (PL1_R | PL1_W)
-#define PL0_RW (PL0_R | PL0_W)
+    PL3_RW = PL3_R | PL3_W,
+    PL2_RW = PL2_R | PL2_W,
+    PL1_RW = PL1_R | PL1_W,
+    PL0_RW = PL0_R | PL0_W,
+} CPAccessRights;
 
 typedef enum CPAccessResult {
     /* Access is permitted */
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
     /* Register type: ARM_CP_* bits/values */
     int type;
     /* Access rights: PL*_[RW] */
-    int access;
+    CPAccessRights access;
     /* Security state: ARM_CP_SECSTATE_* bits/values */
     int secure;
     /*
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
      * to encompass the generic architectural permission check.
      */
     if (r->state != ARM_CP_STATE_AA32) {
-        int mask = 0;
+        CPAccessRights mask;
         switch (r->opc1) {
         case 0:
             /* min_EL EL1, but some accessible to EL0 via kernel ABI */
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Give this enum a name and use in ARMCPRegInfo,
add_cpreg_to_hashtable and define_one_arm_cp_reg_with_opaque.

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@ enum {
  * Note that we rely on the values of these enums as we iterate through
  * the various states in some places.
  */
-enum {
+typedef enum {
     ARM_CP_STATE_AA32 = 0,
     ARM_CP_STATE_AA64 = 1,
     ARM_CP_STATE_BOTH = 2,
-};
+} CPState;
 
 /*
  * ARM CP register secure state flags.  These flags identify security state
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
     uint8_t opc1;
     uint8_t opc2;
     /* Execution state in which this register is visible: ARM_CP_STATE_* */
-    int state;
+    CPState state;
     /* Register type: ARM_CP_* bits/values */
     int type;
     /* Access rights: PL*_[RW] */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
 }
 
 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-                                   void *opaque, int state, int secstate,
+                                   void *opaque, CPState state, int secstate,
                                    int crm, int opc1, int opc2,
                                    const char *name)
 {
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
      * bits; the ARM_CP_64BIT* flag applies only to the AArch32 view of
      * the register, if any.
      */
-    int crm, opc1, opc2, state;
+    int crm, opc1, opc2;
     int crmmin = (r->crm == CP_ANY) ? 0 : r->crm;
     int crmmax = (r->crm == CP_ANY) ? 15 : r->crm;
     int opc1min = (r->opc1 == CP_ANY) ? 0 : r->opc1;
     int opc1max = (r->opc1 == CP_ANY) ? 7 : r->opc1;
     int opc2min = (r->opc2 == CP_ANY) ? 0 : r->opc2;
     int opc2max = (r->opc2 == CP_ANY) ? 7 : r->opc2;
+    CPState state;
+
     /* 64 bit registers have only CRm and Opc1 fields */
     assert(!((r->type & ARM_CP_64BIT) && (r->opc2 || r->crn)));
     /* op0 only exists in the AArch64 encodings */
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Give this enum a name and use in ARMCPRegInfo and add_cpreg_to_hashtable.
Add the enumerator ARM_CP_SECSTATE_BOTH to clarify how 0
is handled in define_one_arm_cp_reg_with_opaque.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpregs.h | 7 ++++---
 target/arm/helper.c | 7 +++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
  * registered entry will only have one to identify whether the entry is secure
  * or non-secure.
  */
-enum {
+typedef enum {
+    ARM_CP_SECSTATE_BOTH = 0,       /* define one cpreg for each secstate */
     ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
     ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
-};
+} CPSecureState;
 
 /*
  * Access rights:
@@ -XXX,XX +XXX,XX @@ struct ARMCPRegInfo {
     /* Access rights: PL*_[RW] */
     CPAccessRights access;
     /* Security state: ARM_CP_SECSTATE_* bits/values */
-    int secure;
+    CPSecureState secure;
     /*
      * The opaque pointer passed to define_arm_cp_regs_with_opaque() when
      * this register was defined: can be used to hand data through to the
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
 }
 
 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-                                   void *opaque, CPState state, int secstate,
+                                   void *opaque, CPState state,
+                                   CPSecureState secstate,
                                    int crm, int opc1, int opc2,
                                    const char *name)
 {
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
                                                    r->secure, crm, opc1, opc2,
                                                    r->name);
                             break;
-                        default:
+                        case ARM_CP_SECSTATE_BOTH:
                             name = g_strdup_printf("%s_S", r->name);
                             add_cpreg_to_hashtable(cpu, r, opaque, state,
                                                    ARM_CP_SECSTATE_S,
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
                                                    ARM_CP_SECSTATE_NS,
                                                    crm, opc1, opc2, r->name);
                             break;
+                        default:
+                            g_assert_not_reached();
                         }
                     } else {
                         /* AArch64 registers get mapped to non-secure instance
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

The new_key field is always non-zero -- drop the if.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-11-richard.henderson@linaro.org
[PMM: reinstated dropped PL3_RW mask]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
 
     for (i = 0; i < ARRAY_SIZE(aliases); i++) {
         const struct E2HAlias *a = &aliases[i];
-        ARMCPRegInfo *src_reg, *dst_reg;
+        ARMCPRegInfo *src_reg, *dst_reg, *new_reg;
+        uint32_t *new_key;
+        bool ok;
 
         if (a->feature && !a->feature(&cpu->isar)) {
             continue;
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
         g_assert(src_reg->opaque == NULL);
 
         /* Create alias before redirection so we dup the right data. */
-        if (a->new_key) {
-            ARMCPRegInfo *new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
-            uint32_t *new_key = g_memdup(&a->new_key, sizeof(uint32_t));
-            bool ok;
+        new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
+        new_key = g_memdup(&a->new_key, sizeof(uint32_t));
 
-            new_reg->name = a->new_name;
-            new_reg->type |= ARM_CP_ALIAS;
-            /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
-            new_reg->access &= PL2_RW | PL3_RW;
+        new_reg->name = a->new_name;
+        new_reg->type |= ARM_CP_ALIAS;
+        /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
+        new_reg->access &= PL2_RW | PL3_RW;
 
-            ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
-            g_assert(ok);
-        }
+        ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
+        g_assert(ok);
 
         src_reg->opaque = dst_reg;
         src_reg->orig_readfn = src_reg->readfn ?: raw_read;
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Cast the uint32_t key into a gpointer directly, which
allows us to avoid allocating storage for each key.

Use g_hash_table_lookup when we already have a gpointer
(e.g. for callbacks like count_cpreg), or when using
get_arm_cp_reginfo would require casting away const.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c     |  4 ++--
 target/arm/gdbstub.c |  2 +-
 target/arm/helper.c  | 41 ++++++++++++++++++-----------------------
 3 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
     ARMCPU *cpu = ARM_CPU(obj);
 
     cpu_set_cpustate_pointers(cpu);
-    cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
-                                         g_free, cpreg_hashtable_data_destroy);
+    cpu->cp_regs = g_hash_table_new_full(g_direct_hash, g_direct_equal,
+                                         NULL, cpreg_hashtable_data_destroy);
 
     QLIST_INIT(&cpu->pre_el_change_hooks);
     QLIST_INIT(&cpu->el_change_hooks);
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -XXX,XX +XXX,XX @@ static void arm_gen_one_xml_sysreg_tag(GString *s, DynamicGDBXMLInfo *dyn_xml,
 static void arm_register_sysreg_for_xml(gpointer key, gpointer value,
                                         gpointer p)
 {
-    uint32_t ri_key = *(uint32_t *)key;
+    uint32_t ri_key = (uintptr_t)key;
     ARMCPRegInfo *ri = value;
     RegisterSysregXmlParam *param = (RegisterSysregXmlParam *)p;
     GString *s = param->s;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu)
 static void add_cpreg_to_list(gpointer key, gpointer opaque)
 {
     ARMCPU *cpu = opaque;
-    uint64_t regidx;
-    const ARMCPRegInfo *ri;
-
-    regidx = *(uint32_t *)key;
-    ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
+    uint32_t regidx = (uintptr_t)key;
+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
 
     if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
         cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_list(gpointer key, gpointer opaque)
 static void count_cpreg(gpointer key, gpointer opaque)
 {
     ARMCPU *cpu = opaque;
-    uint64_t regidx;
     const ARMCPRegInfo *ri;
 
-    regidx = *(uint32_t *)key;
-    ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
+    ri = g_hash_table_lookup(cpu->cp_regs, key);
 
     if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
         cpu->cpreg_array_len++;
@@ -XXX,XX +XXX,XX @@ static void count_cpreg(gpointer key, gpointer opaque)
 
 static gint cpreg_key_compare(gconstpointer a, gconstpointer b)
 {
-    uint64_t aidx = cpreg_to_kvm_id(*(uint32_t *)a);
-    uint64_t bidx = cpreg_to_kvm_id(*(uint32_t *)b);
+    uint64_t aidx = cpreg_to_kvm_id((uintptr_t)a);
+    uint64_t bidx = cpreg_to_kvm_id((uintptr_t)b);
 
     if (aidx > bidx) {
         return 1;
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
     for (i = 0; i < ARRAY_SIZE(aliases); i++) {
         const struct E2HAlias *a = &aliases[i];
         ARMCPRegInfo *src_reg, *dst_reg, *new_reg;
-        uint32_t *new_key;
         bool ok;
 
         if (a->feature && !a->feature(&cpu->isar)) {
             continue;
         }
 
-        src_reg = g_hash_table_lookup(cpu->cp_regs, &a->src_key);
-        dst_reg = g_hash_table_lookup(cpu->cp_regs, &a->dst_key);
+        src_reg = g_hash_table_lookup(cpu->cp_regs,
+                                      (gpointer)(uintptr_t)a->src_key);
+        dst_reg = g_hash_table_lookup(cpu->cp_regs,
+                                      (gpointer)(uintptr_t)a->dst_key);
         g_assert(src_reg != NULL);
         g_assert(dst_reg != NULL);
 
@@ -XXX,XX +XXX,XX @@ static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
 
         /* Create alias before redirection so we dup the right data. */
         new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
-        new_key = g_memdup(&a->new_key, sizeof(uint32_t));
 
         new_reg->name = a->new_name;
         new_reg->type |= ARM_CP_ALIAS;
         /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
         new_reg->access &= PL2_RW | PL3_RW;
 
-        ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
+        ok = g_hash_table_insert(cpu->cp_regs,
+                                 (gpointer)(uintptr_t)a->new_key, new_reg);
         g_assert(ok);
 
         src_reg->opaque = dst_reg;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
     /* Private utility function for define_one_arm_cp_reg_with_opaque():
      * add a single reginfo struct to the hash table.
      */
-    uint32_t *key = g_new(uint32_t, 1);
+    uint32_t key;
     ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
     int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
     int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         if (r->cp == 0 || r->state == ARM_CP_STATE_BOTH) {
             r2->cp = CP_REG_ARM64_SYSREG_CP;
         }
-        *key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
-                                  r2->opc0, opc1, opc2);
+        key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
+                                 r2->opc0, opc1, opc2);
     } else {
-        *key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
+        key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
     }
     if (opaque) {
         r2->opaque = opaque;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      * requested.
      */
     if (!(r->type & ARM_CP_OVERRIDE)) {
-        ARMCPRegInfo *oldreg;
-        oldreg = g_hash_table_lookup(cpu->cp_regs, key);
+        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
         if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
             fprintf(stderr, "Register redefined: cp=%d %d bit "
                     "crn=%d crm=%d opc1=%d opc2=%d, "
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
             g_assert_not_reached();
         }
     }
-    g_hash_table_insert(cpu->cp_regs, key, r2);
+    g_hash_table_insert(cpu->cp_regs, (gpointer)(uintptr_t)key, r2);
 }
 
 
@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs_with_len(ARMCPRegInfo *regs, size_t regs_len,
 
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp)
 {
-    return g_hash_table_lookup(cpregs, &encoded_cp);
+    return g_hash_table_lookup(cpregs, (gpointer)(uintptr_t)encoded_cp);
 }
 
 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Simplify freeing cp_regs hash table entries by using a single
allocation for the entire value.

This fixes a theoretical bug if we were to ever free the entire
hash table, because we've been installing string literal constants
into the cpreg structure in define_arm_vh_e2h_redirects_aliases.
However, at present we only free entries created for AArch32
wildcard cpregs which get overwritten by more specific cpregs,
so this bug is never exposed.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c    | 16 +---------------
 target/arm/helper.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz)
     return (Aff1 << ARM_AFF1_SHIFT) | Aff0;
 }
 
-static void cpreg_hashtable_data_destroy(gpointer data)
-{
-    /*
-     * Destroy function for cpu->cp_regs hashtable data entries.
-     * We must free the name string because it was g_strdup()ed in
-     * add_cpreg_to_hashtable(). It's OK to cast away the 'const'
-     * from r->name because we know we definitely allocated it.
-     */
-    ARMCPRegInfo *r = data;
-
-    g_free((void *)r->name);
-    g_free(r);
-}
-
 static void arm_cpu_initfn(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
 
     cpu_set_cpustate_pointers(cpu);
     cpu->cp_regs = g_hash_table_new_full(g_direct_hash, g_direct_equal,
-                                         NULL, cpreg_hashtable_data_destroy);
+                                         NULL, g_free);
 
     QLIST_INIT(&cpu->pre_el_change_hooks);
     QLIST_INIT(&cpu->el_change_hooks);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
      * add a single reginfo struct to the hash table.
      */
     uint32_t key;
-    ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
+    ARMCPRegInfo *r2;
     int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
     int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
+    size_t name_len;
+
+    /* Combine cpreg and name into one allocation. */
+    name_len = strlen(name) + 1;
+    r2 = g_malloc(sizeof(*r2) + name_len);
+    *r2 = *r;
+    r2->name = memcpy(r2 + 1, name, name_len);
 
-    r2->name = g_strdup(name);
     /* Reset the secure state to the specific incoming state.  This is
      * necessary as the register may have been defined with both states.
      */
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Move the computation of key to the top of the function.
Hoist the resolution of cp as well, as an input to the
computation of key.

This will be required by a subsequent patch.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 49 +++++++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
     ARMCPRegInfo *r2;
     int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
     int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
+    int cp = r->cp;
     size_t name_len;
 
+    switch (state) {
+    case ARM_CP_STATE_AA32:
+        /* We assume it is a cp15 register if the .cp field is left unset. */
+        if (cp == 0 && r->state == ARM_CP_STATE_BOTH) {
+            cp = 15;
+        }
+        key = ENCODE_CP_REG(cp, is64, ns, r->crn, crm, opc1, opc2);
+        break;
+    case ARM_CP_STATE_AA64:
+        /*
+         * To allow abbreviation of ARMCPRegInfo definitions, we treat
+         * cp == 0 as equivalent to the value for "standard guest-visible
+         * sysreg".  STATE_BOTH definitions are also always "standard sysreg"
+         * in their AArch64 view (the .cp value may be non-zero for the
+         * benefit of the AArch32 view).
+         */
+        if (cp == 0 || r->state == ARM_CP_STATE_BOTH) {
+            cp = CP_REG_ARM64_SYSREG_CP;
+        }
+        key = ENCODE_AA64_CP_REG(cp, r->crn, crm, r->opc0, opc1, opc2);
+        break;
+    default:
+        g_assert_not_reached();
+    }
+
     /* Combine cpreg and name into one allocation. */
     name_len = strlen(name) + 1;
     r2 = g_malloc(sizeof(*r2) + name_len);
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         }
 
         if (r->state == ARM_CP_STATE_BOTH) {
-            /* We assume it is a cp15 register if the .cp field is left unset.
-             */
-            if (r2->cp == 0) {
-                r2->cp = 15;
-            }
-
 #if HOST_BIG_ENDIAN
             if (r2->fieldoffset) {
                 r2->fieldoffset += sizeof(uint32_t);
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
 #endif
         }
     }
-    if (state == ARM_CP_STATE_AA64) {
-        /* To allow abbreviation of ARMCPRegInfo
-         * definitions, we treat cp == 0 as equivalent to
-         * the value for "standard guest-visible sysreg".
-         * STATE_BOTH definitions are also always "standard
-         * sysreg" in their AArch64 view (the .cp value may
-         * be non-zero for the benefit of the AArch32 view).
-         */
-        if (r->cp == 0 || r->state == ARM_CP_STATE_BOTH) {
-            r2->cp = CP_REG_ARM64_SYSREG_CP;
-        }
-        key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
-                                 r2->opc0, opc1, opc2);
-    } else {
-        key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
-    }
     if (opaque) {
         r2->opaque = opaque;
     }
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
     /* Make sure reginfo passed to helpers for wildcarded regs
      * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
      */
+    r2->cp = cp;
     r2->crm = crm;
     r2->opc1 = opc1;
     r2->opc2 = opc2;
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Put most of the value writeback to the same place,
and improve the comment that goes with them.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
     *r2 = *r;
     r2->name = memcpy(r2 + 1, name, name_len);
 
-    /* Reset the secure state to the specific incoming state.  This is
-     * necessary as the register may have been defined with both states.
+    /*
+     * Update fields to match the instantiation, overwiting wildcards
+     * such as CP_ANY, ARM_CP_STATE_BOTH, or ARM_CP_SECSTATE_BOTH.
      */
+    r2->cp = cp;
+    r2->crm = crm;
+    r2->opc1 = opc1;
+    r2->opc2 = opc2;
+    r2->state = state;
     r2->secure = secstate;
+    if (opaque) {
+        r2->opaque = opaque;
+    }
 
     if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
         /* Register is banked (using both entries in array).
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
 #endif
         }
     }
-    if (opaque) {
-        r2->opaque = opaque;
-    }
-    /* reginfo passed to helpers is correct for the actual access,
-     * and is never ARM_CP_STATE_BOTH:
-     */
-    r2->state = state;
-    /* Make sure reginfo passed to helpers for wildcarded regs
-     * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
-     */
-    r2->cp = cp;
-    r2->crm = crm;
-    r2->opc1 = opc1;
-    r2->opc2 = opc2;
+
     /* By convention, for wildcarded registers only the first
      * entry is used for migration; the others are marked as
      * ALIAS so we don't try to transfer the register
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Computing isbanked only once makes the code
a bit easier to read.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Perform the override check early, so that it is still done
even when we decide to discard an unreachable cpreg.

Use assert not printf+abort.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         g_assert_not_reached();
     }
 
+    /* Overriding of an existing definition must be explicitly requested. */
+    if (!(r->type & ARM_CP_OVERRIDE)) {
+        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
+        if (oldreg) {
+            assert(oldreg->type & ARM_CP_OVERRIDE);
+        }
+    }
+
     /* Combine cpreg and name into one allocation. */
     name_len = strlen(name) + 1;
     r2 = g_malloc(sizeof(*r2) + name_len);
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         assert(!raw_accessors_invalid(r2));
     }
 
-    /* Overriding of an existing definition must be explicitly
-     * requested.
-     */
-    if (!(r->type & ARM_CP_OVERRIDE)) {
-        const ARMCPRegInfo *oldreg = get_arm_cp_reginfo(cpu->cp_regs, key);
-        if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
-            fprintf(stderr, "Register redefined: cp=%d %d bit "
-                    "crn=%d crm=%d opc1=%d opc2=%d, "
-                    "was %s, now %s\n", r2->cp, 32 + 32 * is64,
-                    r2->crn, r2->crm, r2->opc1, r2->opc2,
-                    oldreg->name, r2->name);
-            g_assert_not_reached();
-        }
-    }
     g_hash_table_insert(cpu->cp_regs, (gpointer)(uintptr_t)key, r2);
 }
 
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Put the block comments into the current coding style.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
     return cpu_list;
 }
 
+/*
+ * Private utility function for define_one_arm_cp_reg_with_opaque():
+ * add a single reginfo struct to the hash table.
+ */
 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
                                    void *opaque, CPState state,
                                    CPSecureState secstate,
                                    int crm, int opc1, int opc2,
                                    const char *name)
 {
-    /* Private utility function for define_one_arm_cp_reg_with_opaque():
-     * add a single reginfo struct to the hash table.
-     */
     uint32_t key;
     ARMCPRegInfo *r2;
     bool is64 = r->type & ARM_CP_64BIT;
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
 
     isbanked = r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1];
     if (isbanked) {
-        /* Register is banked (using both entries in array).
+        /*
+         * Register is banked (using both entries in array).
          * Overwriting fieldoffset as the array is only used to define
          * banked registers but later only fieldoffset is used.
          */
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
 
     if (state == ARM_CP_STATE_AA32) {
         if (isbanked) {
-            /* If the register is banked then we don't need to migrate or
+            /*
+             * If the register is banked then we don't need to migrate or
              * reset the 32-bit instance in certain cases:
              *
              * 1) If the register has both 32-bit and 64-bit instances then we
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
                 r2->type |= ARM_CP_ALIAS;
             }
         } else if ((secstate != r->secure) && !ns) {
-            /* The register is not banked so we only want to allow migration of
-             * the non-secure instance.
+            /*
+             * The register is not banked so we only want to allow migration
+             * of the non-secure instance.
              */
             r2->type |= ARM_CP_ALIAS;
         }
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         }
     }
 
-    /* By convention, for wildcarded registers only the first
+    /*
+     * By convention, for wildcarded registers only the first
      * entry is used for migration; the others are marked as
      * ALIAS so we don't try to transfer the register
      * multiple times. Special registers (ie NOP/WFI) are
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
         r2->type |= ARM_CP_ALIAS | ARM_CP_NO_GDB;
     }
 
-    /* Check that raw accesses are either forbidden or handled. Note that
+    /*
+     * Check that raw accesses are either forbidden or handled. Note that
      * we can't assert this earlier because the setup of fieldoffset for
      * banked registers has to be done first.
      */
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Since e03b56863d2bc, our host endian indicator is unconditionally
set, which means that we can use a normal C condition.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220501055028.646596-20-richard.henderson@linaro.org
[PMM: quote correct git hash in commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
             r2->type |= ARM_CP_ALIAS;
         }
 
-        if (r->state == ARM_CP_STATE_BOTH) {
-#if HOST_BIG_ENDIAN
-            if (r2->fieldoffset) {
-                r2->fieldoffset += sizeof(uint32_t);
-            }
-#endif
+        if (HOST_BIG_ENDIAN &&
+            r->state == ARM_CP_STATE_BOTH && r2->fieldoffset) {
+            r2->fieldoffset += sizeof(uint32_t);
         }
     }
 
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-24-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_ssbs(const ARMISARegisters *id)
     return FIELD_EX32(id->id_pfr2, ID_PFR2, SSBS) != 0;
 }
 
+static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
+{
+    return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
+}
+
 /*
  * 64-bit feature tests via id registers.
  */
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_ssbs(const ARMISARegisters *id)
     return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, SSBS) != 0;
 }
 
+static inline bool isar_feature_aa64_debugv8p2(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64dfr0, ID_AA64DFR0, DEBUGVER) >= 8;
+}
+
 static inline bool isar_feature_aa64_sve2(const ARMISARegisters *id)
 {
     return FIELD_EX64(id->id_aa64zfr0, ID_AA64ZFR0, SVEVER) != 0;
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_tts2uxn(const ARMISARegisters *id)
     return isar_feature_aa64_tts2uxn(id) || isar_feature_aa32_tts2uxn(id);
 }
 
+static inline bool isar_feature_any_debugv8p2(const ARMISARegisters *id)
+{
+    return isar_feature_aa64_debugv8p2(id) || isar_feature_aa32_debugv8p2(id);
+}
+
 /*
  * Forward to the above feature tests given an ARMCPU pointer.
  */
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

Add the aa64 predicate for detecting RAS support from id registers.
We already have the aa32 version from the M-profile work.
Add the 'any' predicate for testing both aa64 and aa32.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220501055028.646596-34-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_aa32_el1(const ARMISARegisters *id)
     return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL1) >= 2;
 }
 
+static inline bool isar_feature_aa64_ras(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RAS) != 0;
+}
+
 static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
 {
     return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_debugv8p2(const ARMISARegisters *id)
     return isar_feature_aa64_debugv8p2(id) || isar_feature_aa32_debugv8p2(id);
 }
 
+static inline bool isar_feature_any_ras(const ARMISARegisters *id)
+{
+    return isar_feature_aa64_ras(id) || isar_feature_aa32_ras(id);
+}
+
 /*
  * Forward to the above feature tests given an ARMCPU pointer.
  */
-- 
2.25.1

From: Alex Zuepke <alex.zuepke@tum.de>

The ARMv8 manual defines that PMUSERENR_EL0.ER enables read-access
to both PMXEVCNTR_EL0 and PMEVCNTR<n>_EL0 registers, however,
we only use it for PMXEVCNTR_EL0. Extend to PMEVCNTR<n>_EL0 as well.

Signed-off-by: Alex Zuepke <alex.zuepke@tum.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220428132717.84190-1-alex.zuepke@tum.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
               .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
               .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
               .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
-              .accessfn = pmreg_access },
+              .accessfn = pmreg_access_xevcntr },
             { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
               .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
-              .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
+              .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access_xevcntr,
               .type = ARM_CP_IO,
               .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
               .raw_readfn = pmevcntr_rawread,
-- 
2.25.1