Series comparison

-[PULL 0/4] target-arm queue
+[PULL 0/6] target-arm queue
-Hi; some minor changes for 6.2, which I think can be classified
+Some small arm bug fixes for rc3.
 as bug fixes and are OK for this point in the release cycle.
 (Wouldn't be the end of the world if they slipped to 7.0.)
 -- PMM
-The following changes since commit 42f6c9179be4401974dd3a75ee72defd16b5092d:
+The following changes since commit 9b617b1bb4056e60b39be4c33be20c10928a6a5c:
-  Merge tag 'pull-ppc-20211112' of https://github.com/legoater/qemu into staging (2021-11-12 12:28:25 +0100)
+  Merge tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2022-04-01 10:23:27 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211115-1
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220401
-for you to fetch changes up to 1adf528ec3bdf62ea3b580b7ad562534a3676ff5:
+for you to fetch changes up to a5b1e1ab662aa6dc42d5a913080fccbb8bf82e9b:
-  hw/rtc/pl031: Send RTC_CHANGE QMP event (2021-11-15 18:53:00 +0000)
+  target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen (2022-04-01 15:35:49 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * Support multiple redistributor regions for TCG GICv3
+ * target/arm: Fix some bugs in secure EL2 handling
- * Send RTC_CHANGE QMP event from pl031
+ * target/arm: Fix assert when !HAVE_CMPXCHG128
  * MAINTAINERS: change Fred Konrad's email address
 ----------------------------------------------------------------
-Eric Auger (1):
+Frederic Konrad (1):
-      hw/rtc/pl031: Send RTC_CHANGE QMP event
+      MAINTAINERS: change Fred Konrad's email address
-Peter Maydell (3):
+Idan Horowitz (4):
-      hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
+      target/arm: Fix MTE access checks for disabled SEL2
-      hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
+      target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
-      hw/intc/arm_gicv3: Support multiple redistributor regions
+      target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
       target/arm: Determine final stage 2 output PA space based on original IPA
- include/hw/intc/arm_gicv3_common.h | 14 ++++++++--
+Peter Maydell (1):
- hw/intc/arm_gicv3.c                | 12 +-------
+      target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
  hw/intc/arm_gicv3_common.c         | 56 ++++++++++++++++++++++++--------------
  hw/intc/arm_gicv3_kvm.c            | 10 ++-----
  hw/intc/arm_gicv3_redist.c         | 40 +++++++++++++++------------
  hw/rtc/pl031.c                     | 10 ++++++-
  hw/rtc/meson.build                 |  2 +-
 files changed, 83 insertions(+), 61 deletions(-)
+ target/arm/internals.h     |  2 +-
+ target/arm/helper.c        | 18 +++++++++++++++---
+ target/arm/translate-a64.c |  7 ++++++-
+ .mailmap                   |  3 ++-
+ MAINTAINERS                |  2 +-
+files changed, 25 insertions(+), 7 deletions(-)

-New patch
+[PULL 1/6] target/arm: Fix MTE access checks for disabled SEL2
+From: Idan Horowitz <idan.horowitz@gmail.com>
+While not mentioned anywhere in the actual specification text, the
+HCR_EL2.ATA bit is treated as '1' when EL2 is disabled at the current
+security state. This can be observed in the psuedo-code implementation
+of AArch64.AllocationTagAccessIsEnabled().
+Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220328173107.311267-1-idan.horowitz@gmail.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/internals.h | 2 +-
+ target/arm/helper.c    | 2 +-
+files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/target/arm/internals.h b/target/arm/internals.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/internals.h
++++ b/target/arm/internals.h
+@@ -XXX,XX +XXX,XX @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
+         && !(env->cp15.scr_el3 & SCR_ATA)) {
+         return false;
+     }
+-    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
++    if (el < 2 && arm_is_el2_enabled(env)) {
+         uint64_t hcr = arm_hcr_el2_eff(env);
+         if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
+             return false;
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
+ {
+     int el = arm_current_el(env);
+-    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
++    if (el < 2 && arm_is_el2_enabled(env)) {
+         uint64_t hcr = arm_hcr_el2_eff(env);
+         if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
+             return CP_ACCESS_TRAP_EL2;
+--
+.25.1

-New patch
+[PULL 2/6] target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
+From: Idan Horowitz <idan.horowitz@gmail.com>
+As per the AArch64.SS2OutputPASpace() psuedo-code in the ARMv8 ARM when the
+PA space of the IPA is non secure, the output PA space is secure if and only
+if all of the bits VTCR.<NSW, NSA>, VSTCR.<SW, SA> are not set.
+Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220327093427.1548629-2-idan.horowitz@gmail.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/helper.c | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
+                 } else {
+                     attrs->secure =
+                         !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
+-                        || (env->cp15.vstcr_el2.raw_tcr & VSTCR_SA));
++                        || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
+                 }
+             }
+             return 0;
+--
+.25.1

-[PULL 3/4] hw/intc/arm_gicv3: Support multiple redistributor regions
+[PULL 3/6] target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
-Our GICv3 QOM interface includes an array property
+From: Idan Horowitz <idan.horowitz@gmail.com>
 redist-region-count which allows board models to specify that the
 registributor registers are not in a single contiguous range, but
 split into multiple pieces.  We implemented this for KVM, but
 currently the TCG GICv3 model insists that there is only one region.
 You can see the limit being hit with a setup like:
   qemu-system-aarch64 -machine virt,gic-version=3 -smp 124
-Add support for split regions to the TCG GICv3.  To do this we switch
+As per the AArch64.SS2InitialTTWState() psuedo-code in the ARMv8 ARM the
-from allocating a simple array of MemoryRegions to an array of
+initial PA space used for stage 2 table walks is assigned based on the SW
-GICv3RedistRegion structs so that we can use the GICv3RedistRegion as
+and NSW bits of the VSTCR and VTCR registers.
-the opaque pointer in the MemoryRegion read/write callbacks.  Each
+This was already implemented for the recursive stage 2 page table walks
-GICv3RedistRegion contains the MemoryRegion, a backpointer allowing
+in S1_ptw_translate(), but was missing for the final stage 2 walk.
 the read/write callback to get hold of the GICv3State, and an index
 which allows us to calculate which CPU's redistributor is being
 accessed.
-Note that arm_gicv3_kvm always passes in NULL as the ops argument
+Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
-to gicv3_init_irqs_and_mmio(), so the only MemoryRegion read/write
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-callbacks we need to update to handle this new scheme are the
+Message-id: 20220327093427.1548629-3-idan.horowitz@gmail.com
-gicv3_redist_read/write functions used by the emulated GICv3.
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
  target/arm/helper.c | 10 ++++++++++
 file changed, 10 insertions(+)
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 ---
  include/hw/intc/arm_gicv3_common.h | 12 ++++++++-
  hw/intc/arm_gicv3.c                |  6 -----
  hw/intc/arm_gicv3_common.c         | 15 ++++++++---
  hw/intc/arm_gicv3_kvm.c            |  4 +--
  hw/intc/arm_gicv3_redist.c         | 40 ++++++++++++++++--------------
 files changed, 46 insertions(+), 31 deletions(-)
 diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/intc/arm_gicv3_common.h
+--- a/target/arm/helper.c
-+++ b/include/hw/intc/arm_gicv3_common.h
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ struct GICv3CPUState {
+@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     bool seenbetter;
+                 return ret;
- };
+             }
-+/*
++            if (arm_is_secure_below_el3(env)) {
-+ * The redistributor pages might be split into more than one region
++                if (attrs->secure) {
-+ * on some machine types if there are many CPUs.
++                    attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
-+ */
++                } else {
-+typedef struct GICv3RedistRegion {
++                    attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
-+    GICv3State *gic;
++                }
-+    MemoryRegion iomem;
++            } else {
-+    uint32_t cpuidx; /* index of first CPU this region covers */
++                assert(!attrs->secure);
-+} GICv3RedistRegion;
++            }
 +
- struct GICv3State {
+             s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-     /*< private >*/
+             is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
      SysBusDevice parent_obj;
      /*< public >*/
      MemoryRegion iomem_dist; /* Distributor */
 -    MemoryRegion *iomem_redist; /* Redistributor Regions */
 +    GICv3RedistRegion *redist_regions; /* Redistributor Regions */
      uint32_t *redist_region_count; /* redistributor count within each region */
      uint32_t nb_redist_regions; /* number of redist regions */
 diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3.c
 +++ b/hw/intc/arm_gicv3.c
@@ -XXX,XX +XXX,XX @@ static void arm_gic_realize(DeviceState *dev, Error **errp)
          return;
      }
 -    if (s->nb_redist_regions != 1) {
 -        error_setg(errp, "VGICv3 redist region number(%d) not equal to 1",
 -                   s->nb_redist_regions);
 -        return;
 -    }
 -
      gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops);
      gicv3_init_cpuif(s);
 diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_common.c
 +++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
  {
      SysBusDevice *sbd = SYS_BUS_DEVICE(s);
      int i;
 +    int cpuidx;
      /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
       * GPIO array layout is thus:
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
                            "gicv3_dist", 0x10000);
      sysbus_init_mmio(sbd, &s->iomem_dist);
 -    s->iomem_redist = g_new0(MemoryRegion, s->nb_redist_regions);
 +    s->redist_regions = g_new0(GICv3RedistRegion, s->nb_redist_regions);
 +    cpuidx = 0;
      for (i = 0; i < s->nb_redist_regions; i++) {
          char *name = g_strdup_printf("gicv3_redist_region[%d]", i);
 +        GICv3RedistRegion *region = &s->redist_regions[i];
 -        memory_region_init_io(&s->iomem_redist[i], OBJECT(s),
 -                              ops ? &ops[1] : NULL, s, name,
 +        region->gic = s;
 +        region->cpuidx = cpuidx;
 +        cpuidx += s->redist_region_count[i];
 +
 +        memory_region_init_io(&region->iomem, OBJECT(s),
 +                              ops ? &ops[1] : NULL, region, name,
                                s->redist_region_count[i] * GICV3_REDIST_SIZE);
 -        sysbus_init_mmio(sbd, &s->iomem_redist[i]);
 +        sysbus_init_mmio(sbd, &region->iomem);
          g_free(name);
      }
  }
 diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_kvm.c
 +++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
                              KVM_VGIC_V3_ADDR_TYPE_DIST, s->dev_fd, 0);
      if (!multiple_redist_region_allowed) {
 -        kvm_arm_register_device(&s->iomem_redist[0], -1,
 +        kvm_arm_register_device(&s->redist_regions[0].iomem, -1,
                                  KVM_DEV_ARM_VGIC_GRP_ADDR,
                                  KVM_VGIC_V3_ADDR_TYPE_REDIST, s->dev_fd, 0);
      } else {
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
              uint64_t addr_ormask =
                          i | ((uint64_t)s->redist_region_count[i] << 52);
 -            kvm_arm_register_device(&s->iomem_redist[i], -1,
 +            kvm_arm_register_device(&s->redist_regions[i].iomem, -1,
                                      KVM_DEV_ARM_VGIC_GRP_ADDR,
                                      KVM_VGIC_V3_ADDR_TYPE_REDIST_REGION,
                                      s->dev_fd, addr_ormask);
 diff --git a/hw/intc/arm_gicv3_redist.c b/hw/intc/arm_gicv3_redist.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_redist.c
 +++ b/hw/intc/arm_gicv3_redist.c
@@ -XXX,XX +XXX,XX @@ static MemTxResult gicr_writell(GICv3CPUState *cs, hwaddr offset,
  MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data,
                                unsigned size, MemTxAttrs attrs)
  {
 -    GICv3State *s = opaque;
 +    GICv3RedistRegion *region = opaque;
 +    GICv3State *s = region->gic;
      GICv3CPUState *cs;
      MemTxResult r;
      int cpuidx;
      assert((offset & (size - 1)) == 0);
 -    /* This region covers all the redistributor pages; there are
 -     * (for GICv3) two 64K pages per CPU. At the moment they are
 -     * all contiguous (ie in this one region), though we might later
 -     * want to allow splitting of redistributor pages into several
 -     * blocks so we can support more CPUs.
 +    /*
 +     * There are (for GICv3) two 64K redistributor pages per CPU.
 +     * In some cases the redistributor pages for all CPUs are not
 +     * contiguous (eg on the virt board they are split into two
 +     * parts if there are too many CPUs to all fit in the same place
 +     * in the memory map); if so then the GIC has multiple MemoryRegions
 +     * for the redistributors.
       */
 -    cpuidx = offset / 0x20000;
 -    offset %= 0x20000;
 -    assert(cpuidx < s->num_cpu);
 +    cpuidx = region->cpuidx + offset / GICV3_REDIST_SIZE;
 +    offset %= GICV3_REDIST_SIZE;
      cs = &s->cpu[cpuidx];
@@ -XXX,XX +XXX,XX @@ MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data,
  MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data,
                                 unsigned size, MemTxAttrs attrs)
  {
 -    GICv3State *s = opaque;
 +    GICv3RedistRegion *region = opaque;
 +    GICv3State *s = region->gic;
      GICv3CPUState *cs;
      MemTxResult r;
      int cpuidx;
      assert((offset & (size - 1)) == 0);
 -    /* This region covers all the redistributor pages; there are
 -     * (for GICv3) two 64K pages per CPU. At the moment they are
 -     * all contiguous (ie in this one region), though we might later
 -     * want to allow splitting of redistributor pages into several
 -     * blocks so we can support more CPUs.
 +    /*
 +     * There are (for GICv3) two 64K redistributor pages per CPU.
 +     * In some cases the redistributor pages for all CPUs are not
 +     * contiguous (eg on the virt board they are split into two
 +     * parts if there are too many CPUs to all fit in the same place
 +     * in the memory map); if so then the GIC has multiple MemoryRegions
 +     * for the redistributors.
       */
 -    cpuidx = offset / 0x20000;
 -    offset %= 0x20000;
 -    assert(cpuidx < s->num_cpu);
 +    cpuidx = region->cpuidx + offset / GICV3_REDIST_SIZE;
 +    offset %= GICV3_REDIST_SIZE;
      cs = &s->cpu[cpuidx];
 --
 .25.1

-[PULL 4/4] hw/rtc/pl031: Send RTC_CHANGE QMP event
+[PULL 4/6] target/arm: Determine final stage 2 output PA space based on original IPA
-From: Eric Auger <eric.auger@redhat.com>
+From: Idan Horowitz <idan.horowitz@gmail.com>
-The PL031 currently is not able to report guest RTC change to the QMP
+As per the AArch64.S2Walk() pseudo-code in the ARMv8 ARM, the final
-monitor as opposed to mc146818 or spapr RTCs. This patch adds the call
+decision as to the output address's PA space based on the SA/SW/NSA/NSW
-to qapi_event_send_rtc_change() when the Load Register is written. The
+bits needs to take the input IPA's PA space into account, and not the
-value which is reported corresponds to the difference between the guest
+PA space of the result of the stage 2 walk itself.
 reference time and the reference time kept in softmmu/rtc.c.
-For instance adding 20s to the guest RTC value will report 20. Adding
+Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
-an extra 20s to the guest RTC value will report 20 + 20 = 40.
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220327093427.1548629-4-idan.horowitz@gmail.com
-The inclusion of qapi/qapi-types-misc-target.h in hw/rtl/pl031.c
+[PMM: fixed commit message typo]
 require to compile the PL031 with specific_ss.add() to avoid
 ./qapi/qapi-types-misc-target.h:18:13: error: attempt to use poisoned
 "TARGET_<ARCH>".
 Signed-off-by: Eric Auger <eric.auger@redhat.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Message-id: 20210920122535.269988-1-eric.auger@redhat.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/rtc/pl031.c     | 10 +++++++++-
+ target/arm/helper.c | 8 +++++---
- hw/rtc/meson.build |  2 +-
+file changed, 5 insertions(+), 3 deletions(-)
 files changed, 10 insertions(+), 2 deletions(-)
-diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c
+diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/rtc/pl031.c
+--- a/target/arm/helper.c
-+++ b/hw/rtc/pl031.c
++++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
- #include "qemu/log.h"
+             hwaddr ipa;
- #include "qemu/module.h"
+             int s2_prot;
- #include "trace.h"
+             int ret;
-+#include "qapi/qapi-events-misc-target.h"
++            bool ipa_secure;
+             ARMCacheAttrs cacheattrs2 = {};
- #define RTC_DR      0x00    /* Data read register */
+             ARMMMUIdx s2_mmu_idx;
- #define RTC_MR      0x04    /* Match register */
+             bool is_el0;
-@@ -XXX,XX +XXX,XX @@ static void pl031_write(void * opaque, hwaddr offset,
+@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     trace_pl031_write(offset, value);
+                 return ret;
+             }
-     switch (offset) {
--    case RTC_LR:
++            ipa_secure = attrs->secure;
-+    case RTC_LR: {
+             if (arm_is_secure_below_el3(env)) {
-+        struct tm tm;
+-                if (attrs->secure) {
-+
++                if (ipa_secure) {
-         s->tick_offset += value - pl031_get_count(s);
+                     attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
-+
+                 } else {
-+        qemu_get_timedate(&tm, s->tick_offset);
+                     attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
-+        qapi_event_send_rtc_change(qemu_timedate_diff(&tm));
+                 }
-+
+             } else {
-         pl031_set_alarm(s);
+-                assert(!attrs->secure);
-         break;
++                assert(!ipa_secure);
-+    }
+             }
-     case RTC_MR:
-         s->mr = value;
+             s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-         pl031_set_alarm(s);
+@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-diff --git a/hw/rtc/meson.build b/hw/rtc/meson.build
-index XXXXXXX..XXXXXXX 100644
+             /* Check if IPA translates to secure or non-secure PA space. */
---- a/hw/rtc/meson.build
+             if (arm_is_secure_below_el3(env)) {
-+++ b/hw/rtc/meson.build
+-                if (attrs->secure) {
-@@ -XXX,XX +XXX,XX @@
++                if (ipa_secure) {
- softmmu_ss.add(when: 'CONFIG_DS1338', if_true: files('ds1338.c'))
+                     attrs->secure =
- softmmu_ss.add(when: 'CONFIG_M41T80', if_true: files('m41t80.c'))
+                         !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
- softmmu_ss.add(when: 'CONFIG_M48T59', if_true: files('m48t59.c'))
+                 } else {
 -softmmu_ss.add(when: 'CONFIG_PL031', if_true: files('pl031.c'))
 +specific_ss.add(when: 'CONFIG_PL031', if_true: files('pl031.c'))
  softmmu_ss.add(when: 'CONFIG_TWL92230', if_true: files('twl92230.c'))
  softmmu_ss.add(when: ['CONFIG_ISA_BUS', 'CONFIG_M48T59'], if_true: files('m48t59-isa.c'))
  softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP', if_true: files('xlnx-zynqmp-rtc.c'))
 --
 .25.1

-[PULL 2/4] hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
+[PULL 5/6] MAINTAINERS: change Fred Konrad's email address
-The 'Last' bit in the GICR_TYPER GICv3 redistributor register is
+From: Frederic Konrad <konrad@adacore.com>
 supposed to be set to 1 if this is the last redistributor in a series
 of contiguous redistributor pages.  Currently we set Last only for
 the redistributor for CPU (num_cpu - 1).  This only works if there is
 a single redistributor region; if there are multiple redistributor
 regions then we need to set the Last bit for the last redistributor
 in each region.
-This doesn't cause any problems currently because only the KVM GICv3
+frederic.konrad@adacore.com and konrad@adacore.com will stop working starting
-supports multiple redistributor regions, and it ignores the value in
+-04-01.
 GICv3State::gicr_typer.  But we need to fix this before we can enable
 support for multiple regions in the emulated GICv3.
+Use my personal email instead.
+Signed-off-by: Frederic Konrad <frederic.konrad@adacore.com>
+Reviewed-by: Fabien Chouteau <chouteau@adacore.com <clg@kaod.org>>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Message-id: 1648643217-15811-1-git-send-email-frederic.konrad@adacore.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- hw/intc/arm_gicv3_common.c | 17 ++++++++++++-----
+ .mailmap    | 3 ++-
-file changed, 12 insertions(+), 5 deletions(-)
+ MAINTAINERS | 2 +-
 files changed, 3 insertions(+), 2 deletions(-)
-diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
+diff --git a/.mailmap b/.mailmap
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_common.c
+--- a/.mailmap
-+++ b/hw/intc/arm_gicv3_common.c
++++ b/.mailmap
-@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
+@@ -XXX,XX +XXX,XX @@ Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
- static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
+ Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
- {
+ Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
-     GICv3State *s = ARM_GICV3_COMMON(dev);
+ Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
--    int i, rdist_capacity;
+-Frederic Konrad <konrad@adacore.com> <fred.konrad@greensocs.com>
-+    int i, rdist_capacity, cpuidx;
++Frederic Konrad <konrad.frederic@yahoo.fr> <fred.konrad@greensocs.com>
++Frederic Konrad <konrad.frederic@yahoo.fr> <konrad@adacore.com>
-     /* revision property is actually reserved and currently used only in order
+ Greg Kurz <groug@kaod.org> <gkurz@linux.vnet.ibm.com>
-      * to keep the interface compatible with GICv2 code, avoiding extra
+ Huacai Chen <chenhuacai@kernel.org> <chenhc@lemote.com>
-@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
+ Huacai Chen <chenhuacai@kernel.org> <chenhuacai@loongson.cn>
-     for (i = 0; i < s->num_cpu; i++) {
+diff --git a/MAINTAINERS b/MAINTAINERS
-         CPUState *cpu = qemu_get_cpu(i);
+index XXXXXXX..XXXXXXX 100644
-         uint64_t cpu_affid;
+--- a/MAINTAINERS
--        int last;
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ F: include/hw/rtc/sun4v-rtc.h
-         s->cpu[i].cpu = cpu;
-         s->cpu[i].gic = s;
+ Leon3
-@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
+ M: Fabien Chouteau <chouteau@adacore.com>
-          *  PLPIS == 0 (physical LPIs not supported)
+-M: KONRAD Frederic <frederic.konrad@adacore.com>
-          */
++M: Frederic Konrad <konrad.frederic@yahoo.fr>
-         cpu_affid = object_property_get_uint(OBJECT(cpu), "mp-affinity", NULL);
+ S: Maintained
--        last = (i == s->num_cpu - 1);
+ F: hw/sparc/leon3.c
+ F: hw/*/grlib*
          /* The CPU mp-affinity property is in MPIDR register format; squash
           * the affinity bytes into 32 bits as the GICR_TYPER has them.
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
                       (cpu_affid & 0xFFFFFF);
          s->cpu[i].gicr_typer = (cpu_affid << 32) |
              (1 << 24) |
 -            (i << 8) |
 -            (last << 4);
 +            (i << 8);
          if (s->lpi_enable) {
              s->cpu[i].gicr_typer |= GICR_TYPER_PLPIS;
          }
      }
 +
 +    /*
 +     * Now go through and set GICR_TYPER.Last for the final
 +     * redistributor in each region.
 +     */
 +    cpuidx = 0;
 +    for (i = 0; i < s->nb_redist_regions; i++) {
 +        cpuidx += s->redist_region_count[i];
 +        s->cpu[cpuidx - 1].gicr_typer |= GICR_TYPER_LAST;
 +    }
  }
  static void arm_gicv3_finalize(Object *obj)
 --
 .25.1

-[PULL 1/4] hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
+[PULL 6/6] target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
-The GICv3 devices have an array property redist-region-count.
+In gen_store_exclusive(), if the host does not have a cmpxchg128
-Currently we check this for errors (bad values) in
+primitive then we generate bad code for STXP for storing two 64-bit
-gicv3_init_irqs_and_mmio(), just before we use it.  Move this error
+values.  We generate a call to the exit_atomic helper, which never
-checking to the arm_gicv3_common_realize() function, where we
+returns, and set is_jmp to DISAS_NORETURN.  However, this is
-sanity-check all of the other base-class properties. (This will
+forgetting that we have already emitted a brcond that jumps over this
-always be before gicv3_init_irqs_and_mmio() is called, because
+call for the case where we don't hold the exclusive.  The effect is
-that function is called in the subclass realize methods, after
+that we don't generate any code to end the TB for the
-they have called the parent-class realize.)
+exclusive-not-held execution path, which falls into the "exit with
 TB_EXIT_REQUESTED" code that gen_tb_end() emits.  This then causes an
 assert at runtime when cpu_loop_exec_tb() sees an EXIT_REQUESTED TB
 return that wasn't for an interrupt or icount.
-The motivation for this refactor is:
+In particular, you can hit this case when using the clang sanitizers
- * we would like to use the redist_region_count[] values in
+and trying to run the xlnx-versal-virt acceptance test in 'make
-   arm_gicv3_common_realize() in a subsequent patch, so we need
+check-acceptance'.  This bug was masked until commit 848126d11e93ff
-   to have already done the sanity-checking first
+("meson: move int128 checks from configure") because we used to set
- * this removes the only use of the Error** argument to
+CONFIG_CMPXCHG128=1 and avoid the buggy codepath, but after that we
-   gicv3_init_irqs_and_mmio(), so we can remove some error-handling
+do not.
    boilerplate
+Fix the bug by not setting is_jmp.  The code after the exit_atomic
+call up to the fail_label is dead, but TCG is smart enough to
+eliminate it.  We do need to set 'tmp' to some valid value, though
+(in the same way the exit_atomic-using code in tcg/tcg-op.c does).
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/953
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220331150858.96348-1-peter.maydell@linaro.org
 ---
- include/hw/intc/arm_gicv3_common.h |  2 +-
+ target/arm/translate-a64.c | 7 ++++++-
- hw/intc/arm_gicv3.c                |  6 +-----
+file changed, 6 insertions(+), 1 deletion(-)
  hw/intc/arm_gicv3_common.c         | 26 +++++++++++++-------------
  hw/intc/arm_gicv3_kvm.c            |  6 +-----
 files changed, 16 insertions(+), 24 deletions(-)
-diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/intc/arm_gicv3_common.h
+--- a/target/arm/translate-a64.c
-+++ b/include/hw/intc/arm_gicv3_common.h
++++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ struct ARMGICv3CommonClass {
+@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
- };
+         } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+             if (!HAVE_CMPXCHG128) {
- void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
+                 gen_helper_exit_atomic(cpu_env);
--                              const MemoryRegionOps *ops, Error **errp);
+-                s->base.is_jmp = DISAS_NORETURN;
-+                              const MemoryRegionOps *ops);
++                /*
++                 * Produce a result so we have a well-formed opcode
- #endif
++                 * stream when the following (dead) code uses 'tmp'.
-diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
++                 * TCG will remove the dead ops for us.
-index XXXXXXX..XXXXXXX 100644
++                 */
---- a/hw/intc/arm_gicv3.c
++                tcg_gen_movi_i64(tmp, 0);
-+++ b/hw/intc/arm_gicv3.c
+             } else if (s->be_data == MO_LE) {
-@@ -XXX,XX +XXX,XX @@ static void arm_gic_realize(DeviceState *dev, Error **errp)
+                 gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
-         return;
+                                                         cpu_exclusive_addr,
      }
 -    gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops, &local_err);
 -    if (local_err) {
 -        error_propagate(errp, local_err);
 -        return;
 -    }
 +    gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops);
      gicv3_init_cpuif(s);
  }
 diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_common.c
 +++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_gicv3 = {
  };
  void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
 -                              const MemoryRegionOps *ops, Error **errp)
 +                              const MemoryRegionOps *ops)
  {
      SysBusDevice *sbd = SYS_BUS_DEVICE(s);
 -    int rdist_capacity = 0;
      int i;
 -    for (i = 0; i < s->nb_redist_regions; i++) {
 -        rdist_capacity += s->redist_region_count[i];
 -    }
 -    if (rdist_capacity < s->num_cpu) {
 -        error_setg(errp, "Capacity of the redist regions(%d) "
 -                   "is less than number of vcpus(%d)",
 -                   rdist_capacity, s->num_cpu);
 -        return;
 -    }
 -
      /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
       * GPIO array layout is thus:
       *  [0..N-1] spi
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
  static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
  {
      GICv3State *s = ARM_GICV3_COMMON(dev);
 -    int i;
 +    int i, rdist_capacity;
      /* revision property is actually reserved and currently used only in order
       * to keep the interface compatible with GICv2 code, avoiding extra
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
          return;
      }
 +    rdist_capacity = 0;
 +    for (i = 0; i < s->nb_redist_regions; i++) {
 +        rdist_capacity += s->redist_region_count[i];
 +    }
 +    if (rdist_capacity < s->num_cpu) {
 +        error_setg(errp, "Capacity of the redist regions(%d) "
 +                   "is less than number of vcpus(%d)",
 +                   rdist_capacity, s->num_cpu);
 +        return;
 +    }
 +
      s->cpu = g_new0(GICv3CPUState, s->num_cpu);
      for (i = 0; i < s->num_cpu; i++) {
 diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_kvm.c
 +++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
          return;
      }
 -    gicv3_init_irqs_and_mmio(s, kvm_arm_gicv3_set_irq, NULL, &local_err);
 -    if (local_err) {
 -        error_propagate(errp, local_err);
 -        return;
 -    }
 +    gicv3_init_irqs_and_mmio(s, kvm_arm_gicv3_set_irq, NULL);
      for (i = 0; i < s->num_cpu; i++) {
          ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i));
 --
 .25.1

Hi; some minor changes for 6.2, which I think can be classified
as bug fixes and are OK for this point in the release cycle.
(Wouldn't be the end of the world if they slipped to 7.0.)

-- PMM

The following changes since commit 42f6c9179be4401974dd3a75ee72defd16b5092d:

Merge tag 'pull-ppc-20211112' of https://github.com/legoater/qemu into staging (2021-11-12 12:28:25 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211115-1

for you to fetch changes up to 1adf528ec3bdf62ea3b580b7ad562534a3676ff5:

hw/rtc/pl031: Send RTC_CHANGE QMP event (2021-11-15 18:53:00 +0000)

----------------------------------------------------------------
target-arm queue:
 * Support multiple redistributor regions for TCG GICv3
 * Send RTC_CHANGE QMP event from pl031

----------------------------------------------------------------
Eric Auger (1):
      hw/rtc/pl031: Send RTC_CHANGE QMP event

Peter Maydell (3):
      hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
      hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
      hw/intc/arm_gicv3: Support multiple redistributor regions

include/hw/intc/arm_gicv3_common.h | 14 ++++++++--
 hw/intc/arm_gicv3.c                | 12 +-------
 hw/intc/arm_gicv3_common.c         | 56 ++++++++++++++++++++++++--------------
 hw/intc/arm_gicv3_kvm.c            | 10 ++-----
 hw/intc/arm_gicv3_redist.c         | 40 +++++++++++++++------------
 hw/rtc/pl031.c                     | 10 ++++++-
 hw/rtc/meson.build                 |  2 +-
 7 files changed, 83 insertions(+), 61 deletions(-)

The GICv3 devices have an array property redist-region-count.
Currently we check this for errors (bad values) in
gicv3_init_irqs_and_mmio(), just before we use it.  Move this error
checking to the arm_gicv3_common_realize() function, where we
sanity-check all of the other base-class properties. (This will
always be before gicv3_init_irqs_and_mmio() is called, because
that function is called in the subclass realize methods, after
they have called the parent-class realize.)

The motivation for this refactor is:
 * we would like to use the redist_region_count[] values in
   arm_gicv3_common_realize() in a subsequent patch, so we need
   to have already done the sanity-checking first
 * this removes the only use of the Error** argument to
   gicv3_init_irqs_and_mmio(), so we can remove some error-handling
   boilerplate

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/intc/arm_gicv3_common.h |  2 +-
 hw/intc/arm_gicv3.c                |  6 +-----
 hw/intc/arm_gicv3_common.c         | 26 +++++++++++++-------------
 hw/intc/arm_gicv3_kvm.c            |  6 +-----
 4 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/intc/arm_gicv3_common.h
+++ b/include/hw/intc/arm_gicv3_common.h
@@ -XXX,XX +XXX,XX @@ struct ARMGICv3CommonClass {
 };
 
 void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
-                              const MemoryRegionOps *ops, Error **errp);
+                              const MemoryRegionOps *ops);
 
 #endif
diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -XXX,XX +XXX,XX @@ static void arm_gic_realize(DeviceState *dev, Error **errp)
         return;
     }
 
-    gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops, &local_err);
-    if (local_err) {
-        error_propagate(errp, local_err);
-        return;
-    }
+    gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops);
 
     gicv3_init_cpuif(s);
 }
diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_gicv3 = {
 };
 
 void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
-                              const MemoryRegionOps *ops, Error **errp)
+                              const MemoryRegionOps *ops)
 {
     SysBusDevice *sbd = SYS_BUS_DEVICE(s);
-    int rdist_capacity = 0;
     int i;
 
-    for (i = 0; i < s->nb_redist_regions; i++) {
-        rdist_capacity += s->redist_region_count[i];
-    }
-    if (rdist_capacity < s->num_cpu) {
-        error_setg(errp, "Capacity of the redist regions(%d) "
-                   "is less than number of vcpus(%d)",
-                   rdist_capacity, s->num_cpu);
-        return;
-    }
-
     /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
      * GPIO array layout is thus:
      *  [0..N-1] spi
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
 static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
 {
     GICv3State *s = ARM_GICV3_COMMON(dev);
-    int i;
+    int i, rdist_capacity;
 
     /* revision property is actually reserved and currently used only in order
      * to keep the interface compatible with GICv2 code, avoiding extra
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
         return;
     }
 
+    rdist_capacity = 0;
+    for (i = 0; i < s->nb_redist_regions; i++) {
+        rdist_capacity += s->redist_region_count[i];
+    }
+    if (rdist_capacity < s->num_cpu) {
+        error_setg(errp, "Capacity of the redist regions(%d) "
+                   "is less than number of vcpus(%d)",
+                   rdist_capacity, s->num_cpu);
+        return;
+    }
+
     s->cpu = g_new0(GICv3CPUState, s->num_cpu);
 
     for (i = 0; i < s->num_cpu; i++) {
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
         return;
     }
 
-    gicv3_init_irqs_and_mmio(s, kvm_arm_gicv3_set_irq, NULL, &local_err);
-    if (local_err) {
-        error_propagate(errp, local_err);
-        return;
-    }
+    gicv3_init_irqs_and_mmio(s, kvm_arm_gicv3_set_irq, NULL);
 
     for (i = 0; i < s->num_cpu; i++) {
         ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i));
-- 
2.25.1

The 'Last' bit in the GICR_TYPER GICv3 redistributor register is
supposed to be set to 1 if this is the last redistributor in a series
of contiguous redistributor pages.  Currently we set Last only for
the redistributor for CPU (num_cpu - 1).  This only works if there is
a single redistributor region; if there are multiple redistributor
regions then we need to set the Last bit for the last redistributor
in each region.

This doesn't cause any problems currently because only the KVM GICv3
supports multiple redistributor regions, and it ignores the value in
GICv3State::gicr_typer.  But we need to fix this before we can enable
support for multiple regions in the emulated GICv3.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/intc/arm_gicv3_common.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
 static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
 {
     GICv3State *s = ARM_GICV3_COMMON(dev);
-    int i, rdist_capacity;
+    int i, rdist_capacity, cpuidx;
 
     /* revision property is actually reserved and currently used only in order
      * to keep the interface compatible with GICv2 code, avoiding extra
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
     for (i = 0; i < s->num_cpu; i++) {
         CPUState *cpu = qemu_get_cpu(i);
         uint64_t cpu_affid;
-        int last;
 
         s->cpu[i].cpu = cpu;
         s->cpu[i].gic = s;
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
          *  PLPIS == 0 (physical LPIs not supported)
          */
         cpu_affid = object_property_get_uint(OBJECT(cpu), "mp-affinity", NULL);
-        last = (i == s->num_cpu - 1);
 
         /* The CPU mp-affinity property is in MPIDR register format; squash
          * the affinity bytes into 32 bits as the GICR_TYPER has them.
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
                      (cpu_affid & 0xFFFFFF);
         s->cpu[i].gicr_typer = (cpu_affid << 32) |
             (1 << 24) |
-            (i << 8) |
-            (last << 4);
+            (i << 8);
 
         if (s->lpi_enable) {
             s->cpu[i].gicr_typer |= GICR_TYPER_PLPIS;
         }
     }
+
+    /*
+     * Now go through and set GICR_TYPER.Last for the final
+     * redistributor in each region.
+     */
+    cpuidx = 0;
+    for (i = 0; i < s->nb_redist_regions; i++) {
+        cpuidx += s->redist_region_count[i];
+        s->cpu[cpuidx - 1].gicr_typer |= GICR_TYPER_LAST;
+    }
 }
 
 static void arm_gicv3_finalize(Object *obj)
-- 
2.25.1

Our GICv3 QOM interface includes an array property
redist-region-count which allows board models to specify that the
registributor registers are not in a single contiguous range, but
split into multiple pieces.  We implemented this for KVM, but
currently the TCG GICv3 model insists that there is only one region.
You can see the limit being hit with a setup like:
  qemu-system-aarch64 -machine virt,gic-version=3 -smp 124

Add support for split regions to the TCG GICv3.  To do this we switch
from allocating a simple array of MemoryRegions to an array of
GICv3RedistRegion structs so that we can use the GICv3RedistRegion as
the opaque pointer in the MemoryRegion read/write callbacks.  Each
GICv3RedistRegion contains the MemoryRegion, a backpointer allowing
the read/write callback to get hold of the GICv3State, and an index
which allows us to calculate which CPU's redistributor is being
accessed.

Note that arm_gicv3_kvm always passes in NULL as the ops argument
to gicv3_init_irqs_and_mmio(), so the only MemoryRegion read/write
callbacks we need to update to handle this new scheme are the
gicv3_redist_read/write functions used by the emulated GICv3.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/intc/arm_gicv3_common.h | 12 ++++++++-
 hw/intc/arm_gicv3.c                |  6 -----
 hw/intc/arm_gicv3_common.c         | 15 ++++++++---
 hw/intc/arm_gicv3_kvm.c            |  4 +--
 hw/intc/arm_gicv3_redist.c         | 40 ++++++++++++++++--------------
 5 files changed, 46 insertions(+), 31 deletions(-)

diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/intc/arm_gicv3_common.h
+++ b/include/hw/intc/arm_gicv3_common.h
@@ -XXX,XX +XXX,XX @@ struct GICv3CPUState {
     bool seenbetter;
 };
 
+/*
+ * The redistributor pages might be split into more than one region
+ * on some machine types if there are many CPUs.
+ */
+typedef struct GICv3RedistRegion {
+    GICv3State *gic;
+    MemoryRegion iomem;
+    uint32_t cpuidx; /* index of first CPU this region covers */
+} GICv3RedistRegion;
+
 struct GICv3State {
     /*< private >*/
     SysBusDevice parent_obj;
     /*< public >*/
 
     MemoryRegion iomem_dist; /* Distributor */
-    MemoryRegion *iomem_redist; /* Redistributor Regions */
+    GICv3RedistRegion *redist_regions; /* Redistributor Regions */
     uint32_t *redist_region_count; /* redistributor count within each region */
     uint32_t nb_redist_regions; /* number of redist regions */
 
diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -XXX,XX +XXX,XX @@ static void arm_gic_realize(DeviceState *dev, Error **errp)
         return;
     }
 
-    if (s->nb_redist_regions != 1) {
-        error_setg(errp, "VGICv3 redist region number(%d) not equal to 1",
-                   s->nb_redist_regions);
-        return;
-    }
-
     gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops);
 
     gicv3_init_cpuif(s);
diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
 {
     SysBusDevice *sbd = SYS_BUS_DEVICE(s);
     int i;
+    int cpuidx;
 
     /* For the GIC, also expose incoming GPIO lines for PPIs for each CPU.
      * GPIO array layout is thus:
@@ -XXX,XX +XXX,XX @@ void gicv3_init_irqs_and_mmio(GICv3State *s, qemu_irq_handler handler,
                           "gicv3_dist", 0x10000);
     sysbus_init_mmio(sbd, &s->iomem_dist);
 
-    s->iomem_redist = g_new0(MemoryRegion, s->nb_redist_regions);
+    s->redist_regions = g_new0(GICv3RedistRegion, s->nb_redist_regions);
+    cpuidx = 0;
     for (i = 0; i < s->nb_redist_regions; i++) {
         char *name = g_strdup_printf("gicv3_redist_region[%d]", i);
+        GICv3RedistRegion *region = &s->redist_regions[i];
 
-        memory_region_init_io(&s->iomem_redist[i], OBJECT(s),
-                              ops ? &ops[1] : NULL, s, name,
+        region->gic = s;
+        region->cpuidx = cpuidx;
+        cpuidx += s->redist_region_count[i];
+
+        memory_region_init_io(&region->iomem, OBJECT(s),
+                              ops ? &ops[1] : NULL, region, name,
                               s->redist_region_count[i] * GICV3_REDIST_SIZE);
-        sysbus_init_mmio(sbd, &s->iomem_redist[i]);
+        sysbus_init_mmio(sbd, &region->iomem);
         g_free(name);
     }
 }
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
                             KVM_VGIC_V3_ADDR_TYPE_DIST, s->dev_fd, 0);
 
     if (!multiple_redist_region_allowed) {
-        kvm_arm_register_device(&s->iomem_redist[0], -1,
+        kvm_arm_register_device(&s->redist_regions[0].iomem, -1,
                                 KVM_DEV_ARM_VGIC_GRP_ADDR,
                                 KVM_VGIC_V3_ADDR_TYPE_REDIST, s->dev_fd, 0);
     } else {
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
             uint64_t addr_ormask =
                         i | ((uint64_t)s->redist_region_count[i] << 52);
 
-            kvm_arm_register_device(&s->iomem_redist[i], -1,
+            kvm_arm_register_device(&s->redist_regions[i].iomem, -1,
                                     KVM_DEV_ARM_VGIC_GRP_ADDR,
                                     KVM_VGIC_V3_ADDR_TYPE_REDIST_REGION,
                                     s->dev_fd, addr_ormask);
diff --git a/hw/intc/arm_gicv3_redist.c b/hw/intc/arm_gicv3_redist.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_redist.c
+++ b/hw/intc/arm_gicv3_redist.c
@@ -XXX,XX +XXX,XX @@ static MemTxResult gicr_writell(GICv3CPUState *cs, hwaddr offset,
 MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data,
                               unsigned size, MemTxAttrs attrs)
 {
-    GICv3State *s = opaque;
+    GICv3RedistRegion *region = opaque;
+    GICv3State *s = region->gic;
     GICv3CPUState *cs;
     MemTxResult r;
     int cpuidx;
 
     assert((offset & (size - 1)) == 0);
 
-    /* This region covers all the redistributor pages; there are
-     * (for GICv3) two 64K pages per CPU. At the moment they are
-     * all contiguous (ie in this one region), though we might later
-     * want to allow splitting of redistributor pages into several
-     * blocks so we can support more CPUs.
+    /*
+     * There are (for GICv3) two 64K redistributor pages per CPU.
+     * In some cases the redistributor pages for all CPUs are not
+     * contiguous (eg on the virt board they are split into two
+     * parts if there are too many CPUs to all fit in the same place
+     * in the memory map); if so then the GIC has multiple MemoryRegions
+     * for the redistributors.
      */
-    cpuidx = offset / 0x20000;
-    offset %= 0x20000;
-    assert(cpuidx < s->num_cpu);
+    cpuidx = region->cpuidx + offset / GICV3_REDIST_SIZE;
+    offset %= GICV3_REDIST_SIZE;
 
     cs = &s->cpu[cpuidx];
 
@@ -XXX,XX +XXX,XX @@ MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data,
 MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data,
                                unsigned size, MemTxAttrs attrs)
 {
-    GICv3State *s = opaque;
+    GICv3RedistRegion *region = opaque;
+    GICv3State *s = region->gic;
     GICv3CPUState *cs;
     MemTxResult r;
     int cpuidx;
 
     assert((offset & (size - 1)) == 0);
 
-    /* This region covers all the redistributor pages; there are
-     * (for GICv3) two 64K pages per CPU. At the moment they are
-     * all contiguous (ie in this one region), though we might later
-     * want to allow splitting of redistributor pages into several
-     * blocks so we can support more CPUs.
+    /*
+     * There are (for GICv3) two 64K redistributor pages per CPU.
+     * In some cases the redistributor pages for all CPUs are not
+     * contiguous (eg on the virt board they are split into two
+     * parts if there are too many CPUs to all fit in the same place
+     * in the memory map); if so then the GIC has multiple MemoryRegions
+     * for the redistributors.
      */
-    cpuidx = offset / 0x20000;
-    offset %= 0x20000;
-    assert(cpuidx < s->num_cpu);
+    cpuidx = region->cpuidx + offset / GICV3_REDIST_SIZE;
+    offset %= GICV3_REDIST_SIZE;
 
     cs = &s->cpu[cpuidx];
 
-- 
2.25.1

From: Eric Auger <eric.auger@redhat.com>

The PL031 currently is not able to report guest RTC change to the QMP
monitor as opposed to mc146818 or spapr RTCs. This patch adds the call
to qapi_event_send_rtc_change() when the Load Register is written. The
value which is reported corresponds to the difference between the guest
reference time and the reference time kept in softmmu/rtc.c.

For instance adding 20s to the guest RTC value will report 20. Adding
an extra 20s to the guest RTC value will report 20 + 20 = 40.

The inclusion of qapi/qapi-types-misc-target.h in hw/rtl/pl031.c
require to compile the PL031 with specific_ss.add() to avoid
./qapi/qapi-types-misc-target.h:18:13: error: attempt to use poisoned
"TARGET_<ARCH>".

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210920122535.269988-1-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/rtc/pl031.c     | 10 +++++++++-
 hw/rtc/meson.build |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/rtc/pl031.c
+++ b/hw/rtc/pl031.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/log.h"
 #include "qemu/module.h"
 #include "trace.h"
+#include "qapi/qapi-events-misc-target.h"
 
 #define RTC_DR      0x00    /* Data read register */
 #define RTC_MR      0x04    /* Match register */
@@ -XXX,XX +XXX,XX @@ static void pl031_write(void * opaque, hwaddr offset,
     trace_pl031_write(offset, value);
 
     switch (offset) {
-    case RTC_LR:
+    case RTC_LR: {
+        struct tm tm;
+
         s->tick_offset += value - pl031_get_count(s);
+
+        qemu_get_timedate(&tm, s->tick_offset);
+        qapi_event_send_rtc_change(qemu_timedate_diff(&tm));
+
         pl031_set_alarm(s);
         break;
+    }
     case RTC_MR:
         s->mr = value;
         pl031_set_alarm(s);
diff --git a/hw/rtc/meson.build b/hw/rtc/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/rtc/meson.build
+++ b/hw/rtc/meson.build
@@ -XXX,XX +XXX,XX @@
 softmmu_ss.add(when: 'CONFIG_DS1338', if_true: files('ds1338.c'))
 softmmu_ss.add(when: 'CONFIG_M41T80', if_true: files('m41t80.c'))
 softmmu_ss.add(when: 'CONFIG_M48T59', if_true: files('m48t59.c'))
-softmmu_ss.add(when: 'CONFIG_PL031', if_true: files('pl031.c'))
+specific_ss.add(when: 'CONFIG_PL031', if_true: files('pl031.c'))
 softmmu_ss.add(when: 'CONFIG_TWL92230', if_true: files('twl92230.c'))
 softmmu_ss.add(when: ['CONFIG_ISA_BUS', 'CONFIG_M48T59'], if_true: files('m48t59-isa.c'))
 softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP', if_true: files('xlnx-zynqmp-rtc.c'))
-- 
2.25.1

Some small arm bug fixes for rc3.

-- PMM

The following changes since commit 9b617b1bb4056e60b39be4c33be20c10928a6a5c:

Merge tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2022-04-01 10:23:27 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220401

for you to fetch changes up to a5b1e1ab662aa6dc42d5a913080fccbb8bf82e9b:

target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen (2022-04-01 15:35:49 +0100)

----------------------------------------------------------------
target-arm queue:
 * target/arm: Fix some bugs in secure EL2 handling
 * target/arm: Fix assert when !HAVE_CMPXCHG128
 * MAINTAINERS: change Fred Konrad's email address

----------------------------------------------------------------
Frederic Konrad (1):
      MAINTAINERS: change Fred Konrad's email address

Idan Horowitz (4):
      target/arm: Fix MTE access checks for disabled SEL2
      target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
      target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
      target/arm: Determine final stage 2 output PA space based on original IPA

Peter Maydell (1):
      target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen

From: Idan Horowitz <idan.horowitz@gmail.com>

While not mentioned anywhere in the actual specification text, the
HCR_EL2.ATA bit is treated as '1' when EL2 is disabled at the current
security state. This can be observed in the psuedo-code implementation
of AArch64.AllocationTagAccessIsEnabled().

Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220328173107.311267-1-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h | 2 +-
 target/arm/helper.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
         && !(env->cp15.scr_el3 & SCR_ATA)) {
         return false;
     }
-    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+    if (el < 2 && arm_is_el2_enabled(env)) {
         uint64_t hcr = arm_hcr_el2_eff(env);
         if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
             return false;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     int el = arm_current_el(env);
 
-    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+    if (el < 2 && arm_is_el2_enabled(env)) {
         uint64_t hcr = arm_hcr_el2_eff(env);
         if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
             return CP_ACCESS_TRAP_EL2;
-- 
2.25.1

From: Idan Horowitz <idan.horowitz@gmail.com>

As per the AArch64.SS2OutputPASpace() psuedo-code in the ARMv8 ARM when the
PA space of the IPA is non secure, the output PA space is secure if and only
if all of the bits VTCR.<NSW, NSA>, VSTCR.<SW, SA> are not set.

Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-2-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
                 } else {
                     attrs->secure =
                         !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
-                        || (env->cp15.vstcr_el2.raw_tcr & VSTCR_SA));
+                        || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
                 }
             }
             return 0;
-- 
2.25.1

From: Idan Horowitz <idan.horowitz@gmail.com>

As per the AArch64.SS2InitialTTWState() psuedo-code in the ARMv8 ARM the
initial PA space used for stage 2 table walks is assigned based on the SW
and NSW bits of the VSTCR and VTCR registers.
This was already implemented for the recursive stage 2 page table walks
in S1_ptw_translate(), but was missing for the final stage 2 walk.

Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-3-idan.horowitz@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
                 return ret;
             }
 
+            if (arm_is_secure_below_el3(env)) {
+                if (attrs->secure) {
+                    attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
+                } else {
+                    attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
+                }
+            } else {
+                assert(!attrs->secure);
+            }
+
             s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
             is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
 
-- 
2.25.1

From: Idan Horowitz <idan.horowitz@gmail.com>

As per the AArch64.S2Walk() pseudo-code in the ARMv8 ARM, the final
decision as to the output address's PA space based on the SA/SW/NSA/NSW
bits needs to take the input IPA's PA space into account, and not the
PA space of the result of the stage 2 walk itself.

Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220327093427.1548629-4-idan.horowitz@gmail.com
[PMM: fixed commit message typo]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
             hwaddr ipa;
             int s2_prot;
             int ret;
+            bool ipa_secure;
             ARMCacheAttrs cacheattrs2 = {};
             ARMMMUIdx s2_mmu_idx;
             bool is_el0;
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
                 return ret;
             }
 
+            ipa_secure = attrs->secure;
             if (arm_is_secure_below_el3(env)) {
-                if (attrs->secure) {
+                if (ipa_secure) {
                     attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
                 } else {
                     attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
                 }
             } else {
-                assert(!attrs->secure);
+                assert(!ipa_secure);
             }
 
             s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
 
             /* Check if IPA translates to secure or non-secure PA space. */
             if (arm_is_secure_below_el3(env)) {
-                if (attrs->secure) {
+                if (ipa_secure) {
                     attrs->secure =
                         !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
                 } else {
-- 
2.25.1

From: Frederic Konrad <konrad@adacore.com>

frederic.konrad@adacore.com and konrad@adacore.com will stop working starting
2022-04-01.

Use my personal email instead.

Signed-off-by: Frederic Konrad <frederic.konrad@adacore.com>
Reviewed-by: Fabien Chouteau <chouteau@adacore.com <clg@kaod.org>>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1648643217-15811-1-git-send-email-frederic.konrad@adacore.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 .mailmap    | 3 ++-
 MAINTAINERS | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.mailmap b/.mailmap
index XXXXXXX..XXXXXXX 100644
--- a/.mailmap
+++ b/.mailmap
@@ -XXX,XX +XXX,XX @@ Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
 Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
 Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
 Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
-Frederic Konrad <konrad@adacore.com> <fred.konrad@greensocs.com>
+Frederic Konrad <konrad.frederic@yahoo.fr> <fred.konrad@greensocs.com>
+Frederic Konrad <konrad.frederic@yahoo.fr> <konrad@adacore.com>
 Greg Kurz <groug@kaod.org> <gkurz@linux.vnet.ibm.com>
 Huacai Chen <chenhuacai@kernel.org> <chenhc@lemote.com>
 Huacai Chen <chenhuacai@kernel.org> <chenhuacai@loongson.cn>
diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: include/hw/rtc/sun4v-rtc.h
 
 Leon3
 M: Fabien Chouteau <chouteau@adacore.com>
-M: KONRAD Frederic <frederic.konrad@adacore.com>
+M: Frederic Konrad <konrad.frederic@yahoo.fr>
 S: Maintained
 F: hw/sparc/leon3.c
 F: hw/*/grlib*
-- 
2.25.1

In gen_store_exclusive(), if the host does not have a cmpxchg128
primitive then we generate bad code for STXP for storing two 64-bit
values.  We generate a call to the exit_atomic helper, which never
returns, and set is_jmp to DISAS_NORETURN.  However, this is
forgetting that we have already emitted a brcond that jumps over this
call for the case where we don't hold the exclusive.  The effect is
that we don't generate any code to end the TB for the
exclusive-not-held execution path, which falls into the "exit with
TB_EXIT_REQUESTED" code that gen_tb_end() emits.  This then causes an
assert at runtime when cpu_loop_exec_tb() sees an EXIT_REQUESTED TB
return that wasn't for an interrupt or icount.

In particular, you can hit this case when using the clang sanitizers
and trying to run the xlnx-versal-virt acceptance test in 'make
check-acceptance'.  This bug was masked until commit 848126d11e93ff
("meson: move int128 checks from configure") because we used to set
CONFIG_CMPXCHG128=1 and avoid the buggy codepath, but after that we
do not.

Fix the bug by not setting is_jmp.  The code after the exit_atomic
call up to the fail_label is dead, but TCG is smart enough to
eliminate it.  We do need to set 'tmp' to some valid value, though
(in the same way the exit_atomic-using code in tcg/tcg-op.c does).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/953
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220331150858.96348-1-peter.maydell@linaro.org
---
 target/arm/translate-a64.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
         } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
             if (!HAVE_CMPXCHG128) {
                 gen_helper_exit_atomic(cpu_env);
-                s->base.is_jmp = DISAS_NORETURN;
+                /*
+                 * Produce a result so we have a well-formed opcode
+                 * stream when the following (dead) code uses 'tmp'.
+                 * TCG will remove the dead ops for us.
+                 */
+                tcg_gen_movi_i64(tmp, 0);
             } else if (s->be_data == MO_LE) {
                 gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
                                                         cpu_exclusive_addr,
-- 
2.25.1