Series comparison

-[PULL 00/28] target-arm queue
+[PULL v2 00/11] target-arm queue
-Hi; this is the latest target-arm queue; most of this is a refactoring
+Massively slimmed down v2: MemTag broke bsd-user, and the npcm7xx
-patchset from RTH for the arm page-table-walk emulation.
+ethernet device failed 'make check' on big-endian hosts.
-thanks
 -- PMM
-The following changes since commit f1d33f55c47dfdaf8daacd618588ad3ae4c452d1:
+The following changes since commit 83339e21d05c824ebc9131d644f25c23d0e41ecf:
-  Merge tag 'pull-testing-gdbstub-plugins-gitdm-061022-3' of https://github.com/stsquad/qemu into staging (2022-10-06 07:11:56 -0400)
+  Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-02-10 15:42:20 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221010
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210211-1
-for you to fetch changes up to 915f62844cf62e428c7c178149b5ff1cbe129b07:
+for you to fetch changes up to d3c1183ffeb71ca3a783eae3d7e1c51e71e8a621:
-  docs/system/arm/emulation.rst: Report FEAT_GTG support (2022-10-10 14:52:25 +0100)
+  target/arm: Correctly initialize MDCR_EL2.HPMN (2021-02-11 19:48:09 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * Retry KVM_CREATE_VM call if it fails EINTR
+ * Correctly initialize MDCR_EL2.HPMN
- * allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
+ * versal: Use nr_apu_cpus in favor of hard coding 2
- * docs/nuvoton: Update URL for images
+ * accel/tcg: Add URL of clang bug to comment about our workaround
- * refactoring of page table walk code
+ * Add support for FEAT_DIT, Data Independent Timing
- * hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
+ * Remove GPIO from unimplemented NPCM7XX
- * Don't allow guest to use unimplemented granule sizes
+ * Fix SCR RES1 handling
- * Report FEAT_GTG support
+ * Don't migrate CPUARMState.features
 ----------------------------------------------------------------
-Jerome Forissier (2):
+Aaron Lindsay (1):
-      target/arm: allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
+      target/arm: Don't migrate CPUARMState.features
       hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
-Joel Stanley (1):
+Daniel Müller (1):
-      docs/nuvoton: Update URL for images
+      target/arm: Correctly initialize MDCR_EL2.HPMN
-Peter Maydell (4):
+Edgar E. Iglesias (1):
-      target/arm/kvm: Retry KVM_CREATE_VM call if it fails EINTR
+      hw/arm: versal: Use nr_apu_cpus in favor of hard coding 2
       target/arm: Don't allow guest to use unimplemented granule sizes
       target/arm: Use ARMGranuleSize in ARMVAParameters
       docs/system/arm/emulation.rst: Report FEAT_GTG support
-Richard Henderson (21):
+Hao Wu (1):
-      target/arm: Split s2walk_secure from ipa_secure in get_phys_addr
+      hw/arm: Remove GPIO from unimplemented NPCM7XX
       target/arm: Make the final stage1+2 write to secure be unconditional
       target/arm: Add is_secure parameter to get_phys_addr_lpae
       target/arm: Fix S2 disabled check in S1_ptw_translate
       target/arm: Add is_secure parameter to regime_translation_disabled
       target/arm: Split out get_phys_addr_with_secure
       target/arm: Add is_secure parameter to v7m_read_half_insn
       target/arm: Add TBFLAG_M32.SECURE
       target/arm: Merge regime_is_secure into get_phys_addr
       target/arm: Add is_secure parameter to do_ats_write
       target/arm: Fold secure and non-secure a-profile mmu indexes
       target/arm: Reorg regime_translation_disabled
       target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
       target/arm: Introduce arm_hcr_el2_eff_secstate
       target/arm: Hoist read of *is_secure in S1_ptw_translate
       target/arm: Remove env argument from combined_attrs_fwb
       target/arm: Pass HCR to attribute subroutines.
       target/arm: Fix ATS12NSO* from S PL1
       target/arm: Split out get_phys_addr_disabled
       target/arm: Fix cacheattr in get_phys_addr_disabled
       target/arm: Use tlb_set_page_full
- docs/system/arm/emulation.rst |   1 +
+Mike Nawrocki (1):
- docs/system/arm/nuvoton.rst   |   4 +-
+      target/arm: Fix SCR RES1 handling
- target/arm/cpu-param.h        |   2 +-
- target/arm/cpu.h              | 181 ++++++++------
+Peter Maydell (2):
- target/arm/internals.h        | 150 ++++++-----
+      arm: Update infocenter.arm.com URLs
- hw/arm/boot.c                 |   4 +
+      accel/tcg: Add URL of clang bug to comment about our workaround
- target/arm/helper.c           | 332 ++++++++++++++----------
- target/arm/kvm.c              |   4 +-
+Rebecca Cran (4):
- target/arm/m_helper.c         |  29 ++-
+      target/arm: Add support for FEAT_DIT, Data Independent Timing
- target/arm/ptw.c              | 570 ++++++++++++++++++++++--------------------
+      target/arm: Support AA32 DIT by moving PSTATE_SS from cpsr into env->pstate
- target/arm/tlb_helper.c       |   9 +-
+      target/arm: Set ID_AA64PFR0.DIT and ID_PFR0.DIT to 1 for "max" AA64 CPU
- target/arm/translate-a64.c    |   8 -
+      target/arm: Set ID_PFR0.DIT to 1 for "max" 32-bit CPU
- target/arm/translate.c        |   9 +-
-files changed, 717 insertions(+), 586 deletions(-)
+ include/hw/dma/pl080.h                 |  7 ++--
  include/hw/misc/arm_integrator_debug.h |  2 +-
  include/hw/ssi/pl022.h                 |  5 ++-
  target/arm/cpu.h                       | 17 ++++++++
  target/arm/internals.h                 |  6 +++
  accel/tcg/cpu-exec.c                   | 25 +++++++++---
  hw/arm/aspeed_ast2600.c                |  2 +-
  hw/arm/musca.c                         |  4 +-
  hw/arm/npcm7xx.c                       |  8 ----
  hw/arm/xlnx-versal.c                   |  4 +-
  hw/misc/arm_integrator_debug.c         |  2 +-
  hw/timer/arm_timer.c                   |  7 ++--
  target/arm/cpu.c                       |  4 ++
  target/arm/cpu64.c                     |  5 +++
  target/arm/helper-a64.c                | 27 +++++++++++--
  target/arm/helper.c                    | 71 +++++++++++++++++++++++++++-------
  target/arm/machine.c                   |  2 +-
  target/arm/op_helper.c                 |  9 +----
  target/arm/translate-a64.c             | 12 ++++++
 files changed, 164 insertions(+), 55 deletions(-)

-[PULL 01/28] target/arm/kvm: Retry KVM_CREATE_VM call if it fails EINTR
+Deleted patch
-Occasionally the KVM_CREATE_VM ioctl can return EINTR, even though
-there is no pending signal to be taken. In commit 94ccff13382055
-we added a retry-on-EINTR loop to the KVM_CREATE_VM call in the
-generic KVM code. Adopt the same approach for the use of the
-ioctl in the Arm-specific KVM code (where we use it to create a
-scratch VM for probing for various things).
-For more information, see the mailing list thread:
-https://lore.kernel.org/qemu-devel/8735e0s1zw.wl-maz@kernel.org/
-Reported-by: Vitaly Chikunov <vt@altlinux.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Acked-by: Marc Zyngier <maz@kernel.org>
-Message-id: 20220930113824.1933293-1-peter.maydell@linaro.org
----
- target/arm/kvm.c | 4 +++-
-file changed, 3 insertions(+), 1 deletion(-)
-diff --git a/target/arm/kvm.c b/target/arm/kvm.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm.c
-+++ b/target/arm/kvm.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try,
-     if (max_vm_pa_size < 0) {
-         max_vm_pa_size = 0;
-     }
--    vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size);
-+    do {
-+        vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size);
-+    } while (vmfd == -1 && errno == EINTR);
-     if (vmfd < 0) {
-         goto err;
-     }
---
-.25.1

-[PULL 02/28] target/arm: allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
+Deleted patch
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Updates write_scr() to allow setting SCR_EL3.EnTP2 when FEAT_SME is
-implemented. SCR_EL3 being a 64-bit register, valid_mask is changed
-to uint64_t and the SCR_* constants in target/arm/cpu.h are extended
-to 64-bit so that masking and bitwise not (~) behave as expected.
-This enables booting Linux with Trusted Firmware-A at EL3 with
-"-M virt,secure=on -cpu max".
-Cc: qemu-stable@nongnu.org
-Fixes: 78cb9776662a ("target/arm: Enable SME for -cpu max")
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-Reviewed-by: Andre Przywara <andre.przywara@arm.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221004072354.27037-1-jerome.forissier@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h    | 54 ++++++++++++++++++++++-----------------------
- target/arm/helper.c |  5 ++++-
-files changed, 31 insertions(+), 28 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
- #define HPFAR_NS      (1ULL << 63)
--#define SCR_NS                (1U << 0)
--#define SCR_IRQ               (1U << 1)
--#define SCR_FIQ               (1U << 2)
--#define SCR_EA                (1U << 3)
--#define SCR_FW                (1U << 4)
--#define SCR_AW                (1U << 5)
--#define SCR_NET               (1U << 6)
--#define SCR_SMD               (1U << 7)
--#define SCR_HCE               (1U << 8)
--#define SCR_SIF               (1U << 9)
--#define SCR_RW                (1U << 10)
--#define SCR_ST                (1U << 11)
--#define SCR_TWI               (1U << 12)
--#define SCR_TWE               (1U << 13)
--#define SCR_TLOR              (1U << 14)
--#define SCR_TERR              (1U << 15)
--#define SCR_APK               (1U << 16)
--#define SCR_API               (1U << 17)
--#define SCR_EEL2              (1U << 18)
--#define SCR_EASE              (1U << 19)
--#define SCR_NMEA              (1U << 20)
--#define SCR_FIEN              (1U << 21)
--#define SCR_ENSCXT            (1U << 25)
--#define SCR_ATA               (1U << 26)
--#define SCR_FGTEN             (1U << 27)
--#define SCR_ECVEN             (1U << 28)
--#define SCR_TWEDEN            (1U << 29)
-+#define SCR_NS                (1ULL << 0)
-+#define SCR_IRQ               (1ULL << 1)
-+#define SCR_FIQ               (1ULL << 2)
-+#define SCR_EA                (1ULL << 3)
-+#define SCR_FW                (1ULL << 4)
-+#define SCR_AW                (1ULL << 5)
-+#define SCR_NET               (1ULL << 6)
-+#define SCR_SMD               (1ULL << 7)
-+#define SCR_HCE               (1ULL << 8)
-+#define SCR_SIF               (1ULL << 9)
-+#define SCR_RW                (1ULL << 10)
-+#define SCR_ST                (1ULL << 11)
-+#define SCR_TWI               (1ULL << 12)
-+#define SCR_TWE               (1ULL << 13)
-+#define SCR_TLOR              (1ULL << 14)
-+#define SCR_TERR              (1ULL << 15)
-+#define SCR_APK               (1ULL << 16)
-+#define SCR_API               (1ULL << 17)
-+#define SCR_EEL2              (1ULL << 18)
-+#define SCR_EASE              (1ULL << 19)
-+#define SCR_NMEA              (1ULL << 20)
-+#define SCR_FIEN              (1ULL << 21)
-+#define SCR_ENSCXT            (1ULL << 25)
-+#define SCR_ATA               (1ULL << 26)
-+#define SCR_FGTEN             (1ULL << 27)
-+#define SCR_ECVEN             (1ULL << 28)
-+#define SCR_TWEDEN            (1ULL << 29)
- #define SCR_TWEDEL            MAKE_64BIT_MASK(30, 4)
- #define SCR_TME               (1ULL << 34)
- #define SCR_AMVOFFEN          (1ULL << 35)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
- static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
- {
-     /* Begin with base v8.0 state.  */
--    uint32_t valid_mask = 0x3fff;
-+    uint64_t valid_mask = 0x3fff;
-     ARMCPU *cpu = env_archcpu(env);
-     /*
-@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-         if (cpu_isar_feature(aa64_doublefault, cpu)) {
-             valid_mask |= SCR_EASE | SCR_NMEA;
-         }
-+        if (cpu_isar_feature(aa64_sme, cpu)) {
-+            valid_mask |= SCR_ENTP2;
-+        }
-     } else {
-         valid_mask &= ~(SCR_RW | SCR_ST);
-         if (cpu_isar_feature(aa32_ras, cpu)) {
---
-.25.1

-[PULL 03/28] docs/nuvoton: Update URL for images
+Deleted patch
-From: Joel Stanley <joel@jms.id.au>
-openpower.xyz was retired some time ago. The OpenBMC Jenkins is where
-images can be found these days.
-Signed-off-by: Joel Stanley <joel@jms.id.au>
-Reviewed-by: Hao Wu <wuhaotsh@google.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-id: 20221004050042.22681-1-joel@jms.id.au
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- docs/system/arm/nuvoton.rst | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/docs/system/arm/nuvoton.rst b/docs/system/arm/nuvoton.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/nuvoton.rst
-+++ b/docs/system/arm/nuvoton.rst
-@@ -XXX,XX +XXX,XX @@ Boot options
- The Nuvoton machines can boot from an OpenBMC firmware image, or directly into
- a kernel using the ``-kernel`` option. OpenBMC images for ``quanta-gsj`` and
--possibly others can be downloaded from the OpenPOWER jenkins :
-+possibly others can be downloaded from the OpenBMC jenkins :
--   https://openpower.xyz/
-+   https://jenkins.openbmc.org/
- The firmware image should be attached as an MTD drive. Example :
---
-.25.1

-[PULL 04/28] target/arm: Split s2walk_secure from ipa_secure in get_phys_addr
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The starting security state comes with the translation regime,
-not the current state of arm_is_secure_below_el3().
-Create a new local variable, s2walk_secure, which does not need
-to be written back to result->attrs.secure -- we compute that
-value later, after the S2 walk is complete.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221001162318.153420-2-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 18 +++++++++---------
-file changed, 9 insertions(+), 9 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-             hwaddr ipa;
-             int s1_prot;
-             int ret;
--            bool ipa_secure;
-+            bool ipa_secure, s2walk_secure;
-             ARMCacheAttrs cacheattrs1;
-             ARMMMUIdx s2_mmu_idx;
-             bool is_el0;
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-             ipa = result->phys;
-             ipa_secure = result->attrs.secure;
--            if (arm_is_secure_below_el3(env)) {
--                if (ipa_secure) {
--                    result->attrs.secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
--                } else {
--                    result->attrs.secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
--                }
-+            if (is_secure) {
-+                /* Select TCR based on the NS bit from the S1 walk. */
-+                s2walk_secure = !(ipa_secure
-+                                  ? env->cp15.vstcr_el2 & VSTCR_SW
-+                                  : env->cp15.vtcr_el2 & VTCR_NSW);
-             } else {
-                 assert(!ipa_secure);
-+                s2walk_secure = false;
-             }
--            s2_mmu_idx = (result->attrs.secure
-+            s2_mmu_idx = (s2walk_secure
-                           ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
-             is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-                                                     result->cacheattrs);
-             /* Check if IPA translates to secure or non-secure PA space. */
--            if (arm_is_secure_below_el3(env)) {
-+            if (is_secure) {
-                 if (ipa_secure) {
-                     result->attrs.secure =
-                         !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
---
-.25.1

-[PULL 05/28] target/arm: Make the final stage1+2 write to secure be unconditional
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-While the stage2 call to get_phys_addr_lpae should never set
-attrs.secure when given a non-secure input, it's just as easy
-to make the final update to attrs.secure be unconditional and
-false in the case of non-secure input.
-Suggested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221007152159.1414065-1-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 21 ++++++++++-----------
-file changed, 10 insertions(+), 11 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-             result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
-                                                     result->cacheattrs);
--            /* Check if IPA translates to secure or non-secure PA space. */
--            if (is_secure) {
--                if (ipa_secure) {
--                    result->attrs.secure =
--                        !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
--                } else {
--                    result->attrs.secure =
--                        !((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
--                        || (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
--                }
--            }
-+            /*
-+             * Check if IPA translates to secure or non-secure PA space.
-+             * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
-+             */
-+            result->attrs.secure =
-+                (is_secure
-+                 && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
-+                 && (ipa_secure
-+                     || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))));
-+
-             return 0;
-         } else {
-             /*
---
-.25.1

-[PULL 06/28] target/arm: Add is_secure parameter to get_phys_addr_lpae
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Remove the use of regime_is_secure from get_phys_addr_lpae,
-using the new parameter instead.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-3-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 20 ++++++++++----------
-file changed, 10 insertions(+), 10 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@
- static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-                                MMUAccessType access_type, ARMMMUIdx mmu_idx,
--                               bool s1_is_el0, GetPhysAddrResult *result,
--                               ARMMMUFaultInfo *fi)
-+                               bool is_secure, bool s1_is_el0,
-+                               GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
-     __attribute__((nonnull));
- /* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-         GetPhysAddrResult s2 = {};
-         int ret;
--        ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false,
--                                 &s2, fi);
-+        ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
-+                                 *is_secure, false, &s2, fi);
-         if (ret) {
-             assert(fi->type != ARMFault_None);
-             fi->s2addr = addr;
-@@ -XXX,XX +XXX,XX @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
-  */
- static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-                                MMUAccessType access_type, ARMMMUIdx mmu_idx,
--                               bool s1_is_el0, GetPhysAddrResult *result,
--                               ARMMMUFaultInfo *fi)
-+                               bool is_secure, bool s1_is_el0,
-+                               GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
- {
-     ARMCPU *cpu = env_archcpu(env);
-     /* Read an LPAE long-descriptor translation table. */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-      * remain non-secure. We implement this by just ORing in the NSTable/NS
-      * bits at each step.
-      */
--    tableattrs = regime_is_secure(env, mmu_idx) ? 0 : (1 << 4);
-+    tableattrs = is_secure ? 0 : (1 << 4);
-     for (;;) {
-         uint64_t descriptor;
-         bool nstable;
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-             memset(result, 0, sizeof(*result));
-             ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
--                                     is_el0, result, fi);
-+                                     s2walk_secure, is_el0, result, fi);
-             fi->s2addr = ipa;
-             /* Combine the S1 and S2 perms.  */
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     }
-     if (regime_using_lpae_format(env, mmu_idx)) {
--        return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
--                                  result, fi);
-+        return get_phys_addr_lpae(env, address, access_type, mmu_idx,
-+                                  is_secure, false, result, fi);
-     } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
-         return get_phys_addr_v6(env, address, access_type, mmu_idx,
-                                 is_secure, result, fi);
---
-.25.1

-[PULL 07/28] target/arm: Fix S2 disabled check in S1_ptw_translate
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Pass the correct stage2 mmu_idx to regime_translation_disabled,
-which we computed afterward.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221001162318.153420-4-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-                                hwaddr addr, bool *is_secure,
-                                ARMMMUFaultInfo *fi)
- {
-+    ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-+
-     if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
--        !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
--        ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
--                                          : ARMMMUIdx_Stage2;
-+        !regime_translation_disabled(env, s2_mmu_idx)) {
-         GetPhysAddrResult s2 = {};
-         int ret;
---
-.25.1

-[PULL 08/28] target/arm: Add is_secure parameter to regime_translation_disabled
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Remove the use of regime_is_secure from regime_translation_disabled,
-using the new parameter instead.
-This fixes a bug in S1_ptw_translate and get_phys_addr where we had
-passed ARMMMUIdx_Stage2 and not ARMMMUIdx_Stage2_S to determine if
-Stage2 is disabled, affecting FEAT_SEL2.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-5-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 20 +++++++++++---------
-file changed, 11 insertions(+), 9 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, int ttbrn)
- }
- /* Return true if the specified stage of address translation is disabled */
--static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
-+static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
-+                                        bool is_secure)
- {
-     uint64_t hcr_el2;
-     if (arm_feature(env, ARM_FEATURE_M)) {
--        switch (env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)] &
-+        switch (env->v7m.mpu_ctrl[is_secure] &
-                 (R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) {
-         case R_V7M_MPU_CTRL_ENABLE_MASK:
-             /* Enabled, but not for HardFault and NMI */
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
-     if (hcr_el2 & HCR_TGE) {
-         /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
--        if (!regime_is_secure(env, mmu_idx) && regime_el(env, mmu_idx) == 1) {
-+        if (!is_secure && regime_el(env, mmu_idx) == 1) {
-             return true;
-         }
-     }
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-     ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-     if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
--        !regime_translation_disabled(env, s2_mmu_idx)) {
-+        !regime_translation_disabled(env, s2_mmu_idx, *is_secure)) {
-         GetPhysAddrResult s2 = {};
-         int ret;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
-     uint32_t base;
-     bool is_user = regime_is_user(env, mmu_idx);
--    if (regime_translation_disabled(env, mmu_idx)) {
-+    if (regime_translation_disabled(env, mmu_idx, is_secure)) {
-         /* MPU disabled.  */
-         result->phys = address;
-         result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-     result->page_size = TARGET_PAGE_SIZE;
-     result->prot = 0;
--    if (regime_translation_disabled(env, mmu_idx) ||
-+    if (regime_translation_disabled(env, mmu_idx, secure) ||
-         m_is_ppb_region(env, address)) {
-         /*
-          * MPU disabled or M profile PPB access: use default memory map.
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-      * are done in arm_v7m_load_vector(), which always does a direct
-      * read using address_space_ldl(), rather than going via this function.
-      */
--    if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
-+    if (regime_translation_disabled(env, mmu_idx, secure)) { /* MPU disabled */
-         hit = true;
-     } else if (m_is_ppb_region(env, address)) {
-         hit = true;
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-                                 result, fi);
-             /* If S1 fails or S2 is disabled, return early.  */
--            if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
-+            if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
-+                                                   is_secure)) {
-                 return ret;
-             }
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     /* Definitely a real MMU, not an MPU */
--    if (regime_translation_disabled(env, mmu_idx)) {
-+    if (regime_translation_disabled(env, mmu_idx, is_secure)) {
-         uint64_t hcr;
-         uint8_t memattr;
---
-.25.1

-[PULL 09/28] target/arm: Split out get_phys_addr_with_secure
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Retain the existing get_phys_addr interface using the security
-state derived from mmu_idx.  Move the kerneldoc comments to the
-header file where they belong.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-6-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h | 40 ++++++++++++++++++++++++++++++++++++++
- target/arm/ptw.c       | 44 ++++++++++++++----------------------------
-files changed, 55 insertions(+), 29 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ typedef struct GetPhysAddrResult {
-     ARMCacheAttrs cacheattrs;
- } GetPhysAddrResult;
-+/**
-+ * get_phys_addr_with_secure: get the physical address for a virtual address
-+ * @env: CPUARMState
-+ * @address: virtual address to get physical address for
-+ * @access_type: 0 for read, 1 for write, 2 for execute
-+ * @mmu_idx: MMU index indicating required translation regime
-+ * @is_secure: security state for the access
-+ * @result: set on translation success.
-+ * @fi: set to fault info if the translation fails
-+ *
-+ * Find the physical address corresponding to the given virtual address,
-+ * by doing a translation table walk on MMU based systems or using the
-+ * MPU state on MPU based systems.
-+ *
-+ * Returns false if the translation was successful. Otherwise, phys_ptr, attrs,
-+ * prot and page_size may not be filled in, and the populated fsr value provides
-+ * information on why the translation aborted, in the format of a
-+ * DFSR/IFSR fault register, with the following caveats:
-+ *  * we honour the short vs long DFSR format differences.
-+ *  * the WnR bit is never set (the caller must do this).
-+ *  * for PSMAv5 based systems we don't bother to return a full FSR format
-+ *    value.
-+ */
-+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-+                               MMUAccessType access_type,
-+                               ARMMMUIdx mmu_idx, bool is_secure,
-+                               GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
-+    __attribute__((nonnull));
-+
-+/**
-+ * get_phys_addr: get the physical address for a virtual address
-+ * @env: CPUARMState
-+ * @address: virtual address to get physical address for
-+ * @access_type: 0 for read, 1 for write, 2 for execute
-+ * @mmu_idx: MMU index indicating required translation regime
-+ * @result: set on translation success.
-+ * @fi: set to fault info if the translation fails
-+ *
-+ * Similarly, but use the security regime of @mmu_idx.
-+ */
- bool get_phys_addr(CPUARMState *env, target_ulong address,
-                    MMUAccessType access_type, ARMMMUIdx mmu_idx,
-                    GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
-     return ret;
- }
--/**
-- * get_phys_addr - get the physical address for this virtual address
-- *
-- * Find the physical address corresponding to the given virtual address,
-- * by doing a translation table walk on MMU based systems or using the
-- * MPU state on MPU based systems.
-- *
-- * Returns false if the translation was successful. Otherwise, phys_ptr, attrs,
-- * prot and page_size may not be filled in, and the populated fsr value provides
-- * information on why the translation aborted, in the format of a
-- * DFSR/IFSR fault register, with the following caveats:
-- *  * we honour the short vs long DFSR format differences.
-- *  * the WnR bit is never set (the caller must do this).
-- *  * for PSMAv5 based systems we don't bother to return a full FSR format
-- *    value.
-- *
-- * @env: CPUARMState
-- * @address: virtual address to get physical address for
-- * @access_type: 0 for read, 1 for write, 2 for execute
-- * @mmu_idx: MMU index indicating required translation regime
-- * @result: set on translation success.
-- * @fi: set to fault info if the translation fails
-- */
--bool get_phys_addr(CPUARMState *env, target_ulong address,
--                   MMUAccessType access_type, ARMMMUIdx mmu_idx,
--                   GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
-+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-+                               MMUAccessType access_type, ARMMMUIdx mmu_idx,
-+                               bool is_secure, GetPhysAddrResult *result,
-+                               ARMMMUFaultInfo *fi)
- {
-     ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
--    bool is_secure = regime_is_secure(env, mmu_idx);
-     if (mmu_idx != s1_mmu_idx) {
-         /*
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-             ARMMMUIdx s2_mmu_idx;
-             bool is_el0;
--            ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
--                                result, fi);
-+            ret = get_phys_addr_with_secure(env, address, access_type,
-+                                            s1_mmu_idx, is_secure, result, fi);
-             /* If S1 fails or S2 is disabled, return early.  */
-             if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     }
- }
-+bool get_phys_addr(CPUARMState *env, target_ulong address,
-+                   MMUAccessType access_type, ARMMMUIdx mmu_idx,
-+                   GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
-+{
-+    return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
-+                                     regime_is_secure(env, mmu_idx),
-+                                     result, fi);
-+}
-+
- hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
-                                          MemTxAttrs *attrs)
- {
---
-.25.1

-[PULL 10/28] target/arm: Add is_secure parameter to v7m_read_half_insn
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Remove the use of regime_is_secure from v7m_read_half_insn, using
-the new parameter instead.
-As it happens, both callers pass true, propagated from the argument
-to arm_v7m_mmu_idx_for_secstate which created the mmu_idx argument,
-but that is a detail of v7m_handle_execute_nsc we need not expose
-to the callee.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-7-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/m_helper.c | 9 ++++-----
-file changed, 4 insertions(+), 5 deletions(-)
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/m_helper.c
-+++ b/target/arm/m_helper.c
-@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
-     return true;
- }
--static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
-+static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
-                                uint32_t addr, uint16_t *insn)
- {
-     /*
-@@ -XXX,XX +XXX,XX @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
-     ARMMMUFaultInfo fi = {};
-     MemTxResult txres;
--    v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx,
--                        regime_is_secure(env, mmu_idx), &sattrs);
-+    v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, secure, &sattrs);
-     if (!sattrs.nsc || sattrs.ns) {
-         /*
-          * This must be the second half of the insn, and it straddles a
-@@ -XXX,XX +XXX,XX @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
-     /* We want to do the MPU lookup as secure; work out what mmu_idx that is */
-     mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
--    if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15], &insn)) {
-+    if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15], &insn)) {
-         return false;
-     }
-@@ -XXX,XX +XXX,XX @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
-         goto gen_invep;
-     }
--    if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15] + 2, &insn)) {
-+    if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15] + 2, &insn)) {
-         return false;
-     }
---
-.25.1

-[PULL 11/28] target/arm: Add TBFLAG_M32.SECURE
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Remove the use of regime_is_secure from arm_tr_init_disas_context.
-Instead, provide the value of v8m_secure directly from tb_flags.
-Rather than use regime_is_secure, use the env->v7m.secure directly,
-as per arm_mmu_idx_el.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-8-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h       | 2 ++
- target/arm/helper.c    | 4 ++++
- target/arm/translate.c | 3 +--
-files changed, 7 insertions(+), 2 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 3, 1)     /* Not cached. */
- FIELD(TBFLAG_M32, FPCCR_S_WRONG, 4, 1)          /* Not cached. */
- /* Set if MVE insns are definitely not predicated by VPR or LTPSIZE */
- FIELD(TBFLAG_M32, MVE_NO_PRED, 5, 1)            /* Not cached. */
-+/* Set if in secure mode */
-+FIELD(TBFLAG_M32, SECURE, 6, 1)
- /*
-  * Bit usage when in AArch64 state
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
-         DP_TBFLAG_M32(flags, STACKCHECK, 1);
-     }
-+    if (arm_feature(env, ARM_FEATURE_M_SECURITY) && env->v7m.secure) {
-+        DP_TBFLAG_M32(flags, SECURE, 1);
-+    }
-+
-     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
- }
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-         dc->vfp_enabled = 1;
-         dc->be_data = MO_TE;
-         dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER);
--        dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
--            regime_is_secure(env, dc->mmu_idx);
-+        dc->v8m_secure = EX_TBFLAG_M32(tb_flags, SECURE);
-         dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK);
-         dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG);
-         dc->v7m_new_fp_ctxt_needed =
---
-.25.1

-[PULL 12/28] target/arm: Merge regime_is_secure into get_phys_addr
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-This is the last use of regime_is_secure; remove it
-entirely before changing the layout of ARMMMUIdx.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-9-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h | 42 ----------------------------------------
- target/arm/ptw.c       | 44 ++++++++++++++++++++++++++++++++++++++++--
-files changed, 42 insertions(+), 44 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
-     }
- }
--/* Return true if this address translation regime is secure */
--static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
--{
--    switch (mmu_idx) {
--    case ARMMMUIdx_E10_0:
--    case ARMMMUIdx_E10_1:
--    case ARMMMUIdx_E10_1_PAN:
--    case ARMMMUIdx_E20_0:
--    case ARMMMUIdx_E20_2:
--    case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_Stage1_E0:
--    case ARMMMUIdx_Stage1_E1:
--    case ARMMMUIdx_Stage1_E1_PAN:
--    case ARMMMUIdx_E2:
--    case ARMMMUIdx_Stage2:
--    case ARMMMUIdx_MPrivNegPri:
--    case ARMMMUIdx_MUserNegPri:
--    case ARMMMUIdx_MPriv:
--    case ARMMMUIdx_MUser:
--        return false;
--    case ARMMMUIdx_SE3:
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
--    case ARMMMUIdx_Stage1_SE0:
--    case ARMMMUIdx_Stage1_SE1:
--    case ARMMMUIdx_Stage1_SE1_PAN:
--    case ARMMMUIdx_SE2:
--    case ARMMMUIdx_Stage2_S:
--    case ARMMMUIdx_MSPrivNegPri:
--    case ARMMMUIdx_MSUserNegPri:
--    case ARMMMUIdx_MSPriv:
--    case ARMMMUIdx_MSUser:
--        return true;
--    default:
--        g_assert_not_reached();
--    }
--}
--
- static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
- {
-     switch (mmu_idx) {
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-                    MMUAccessType access_type, ARMMMUIdx mmu_idx,
-                    GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
- {
-+    bool is_secure;
-+
-+    switch (mmu_idx) {
-+    case ARMMMUIdx_E10_0:
-+    case ARMMMUIdx_E10_1:
-+    case ARMMMUIdx_E10_1_PAN:
-+    case ARMMMUIdx_E20_0:
-+    case ARMMMUIdx_E20_2:
-+    case ARMMMUIdx_E20_2_PAN:
-+    case ARMMMUIdx_Stage1_E0:
-+    case ARMMMUIdx_Stage1_E1:
-+    case ARMMMUIdx_Stage1_E1_PAN:
-+    case ARMMMUIdx_E2:
-+    case ARMMMUIdx_Stage2:
-+    case ARMMMUIdx_MPrivNegPri:
-+    case ARMMMUIdx_MUserNegPri:
-+    case ARMMMUIdx_MPriv:
-+    case ARMMMUIdx_MUser:
-+        is_secure = false;
-+        break;
-+    case ARMMMUIdx_SE3:
-+    case ARMMMUIdx_SE10_0:
-+    case ARMMMUIdx_SE10_1:
-+    case ARMMMUIdx_SE10_1_PAN:
-+    case ARMMMUIdx_SE20_0:
-+    case ARMMMUIdx_SE20_2:
-+    case ARMMMUIdx_SE20_2_PAN:
-+    case ARMMMUIdx_Stage1_SE0:
-+    case ARMMMUIdx_Stage1_SE1:
-+    case ARMMMUIdx_Stage1_SE1_PAN:
-+    case ARMMMUIdx_SE2:
-+    case ARMMMUIdx_Stage2_S:
-+    case ARMMMUIdx_MSPrivNegPri:
-+    case ARMMMUIdx_MSUserNegPri:
-+    case ARMMMUIdx_MSPriv:
-+    case ARMMMUIdx_MSUser:
-+        is_secure = true;
-+        break;
-+    default:
-+        g_assert_not_reached();
-+    }
-     return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
--                                     regime_is_secure(env, mmu_idx),
--                                     result, fi);
-+                                     is_secure, result, fi);
- }
- hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
---
-.25.1

-[PULL 13/28] target/arm: Add is_secure parameter to do_ats_write
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Use get_phys_addr_with_secure directly.  For a-profile, this is the
-one place where the value of is_secure may not equal arm_is_secure(env).
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-10-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 19 ++++++++++++++-----
-file changed, 14 insertions(+), 5 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
- #ifdef CONFIG_TCG
- static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
--                             MMUAccessType access_type, ARMMMUIdx mmu_idx)
-+                             MMUAccessType access_type, ARMMMUIdx mmu_idx,
-+                             bool is_secure)
- {
-     bool ret;
-     uint64_t par64;
-@@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
-     ARMMMUFaultInfo fi = {};
-     GetPhysAddrResult res = {};
--    ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
-+    ret = get_phys_addr_with_secure(env, value, access_type, mmu_idx,
-+                                    is_secure, &res, &fi);
-     /*
-      * ATS operations only do S1 or S1+S2 translations, so we never
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-         switch (el) {
-         case 3:
-             mmu_idx = ARMMMUIdx_SE3;
-+            secure = true;
-             break;
-         case 2:
-             g_assert(!secure);  /* ARMv8.4-SecEL2 is 64-bit only */
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-         switch (el) {
-         case 3:
-             mmu_idx = ARMMMUIdx_SE10_0;
-+            secure = true;
-             break;
-         case 2:
-             g_assert(!secure);  /* ARMv8.4-SecEL2 is 64-bit only */
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-     case 4:
-         /* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
-         mmu_idx = ARMMMUIdx_E10_1;
-+        secure = false;
-         break;
-     case 6:
-         /* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
-         mmu_idx = ARMMMUIdx_E10_0;
-+        secure = false;
-         break;
-     default:
-         g_assert_not_reached();
-     }
--    par64 = do_ats_write(env, value, access_type, mmu_idx);
-+    par64 = do_ats_write(env, value, access_type, mmu_idx, secure);
-     A32_BANKED_CURRENT_REG_SET(env, par, par64);
- #else
-@@ -XXX,XX +XXX,XX @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
-     uint64_t par64;
--    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2);
-+    /* There is no SecureEL2 for AArch32. */
-+    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false);
-     A32_BANKED_CURRENT_REG_SET(env, par, par64);
- #else
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-             break;
-         case 6: /* AT S1E3R, AT S1E3W */
-             mmu_idx = ARMMMUIdx_SE3;
-+            secure = true;
-             break;
-         default:
-             g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-         g_assert_not_reached();
-     }
--    env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx);
-+    env->cp15.par_el[1] = do_ats_write(env, value, access_type,
-+                                       mmu_idx, secure);
- #else
-     /* Handled by hardware accelerator. */
-     g_assert_not_reached();
---
-.25.1

-[PULL 14/28] target/arm: Fold secure and non-secure a-profile mmu indexes
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-For a-profile aarch64, which does not bank system registers, it takes
-quite a lot of code to switch between security states.  In the process,
-registers such as TCR_EL{1,2} must be swapped, which in itself requires
-the flushing of softmmu tlbs.  Therefore it doesn't buy us anything to
-separate tlbs by security state.
-Retain the distinction between Stage2 and Stage2_S.
-This will be important as we implement FEAT_RME, and do not wish to
-add a third set of mmu indexes for Realm state.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-11-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu-param.h     |   2 +-
- target/arm/cpu.h           |  72 +++++++------------
- target/arm/internals.h     |  31 +-------
- target/arm/helper.c        | 144 +++++++++++++------------------------
- target/arm/ptw.c           |  25 ++-----
- target/arm/translate-a64.c |   8 ---
- target/arm/translate.c     |   6 +-
-files changed, 85 insertions(+), 203 deletions(-)
-diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu-param.h
-+++ b/target/arm/cpu-param.h
-@@ -XXX,XX +XXX,XX @@
- # define TARGET_PAGE_BITS_MIN  10
- #endif
--#define NB_MMU_MODES 15
-+#define NB_MMU_MODES 8
- #endif
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
-  *     table over and over.
-  *  6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access
-  *     Never (PAN) bit within PSTATE.
-+ *  7. we fold together the secure and non-secure regimes for A-profile,
-+ *     because there are no banked system registers for aarch64, so the
-+ *     process of switching between secure and non-secure is
-+ *     already heavyweight.
-  *
-  * This gives us the following list of cases:
-  *
-- * NS EL0 EL1&0 stage 1+2 (aka NS PL0)
-- * NS EL1 EL1&0 stage 1+2 (aka NS PL1)
-- * NS EL1 EL1&0 stage 1+2 +PAN
-- * NS EL0 EL2&0
-- * NS EL2 EL2&0
-- * NS EL2 EL2&0 +PAN
-- * NS EL2 (aka NS PL2)
-- * S EL0 EL1&0 (aka S PL0)
-- * S EL1 EL1&0 (not used if EL3 is 32 bit)
-- * S EL1 EL1&0 +PAN
-- * S EL3 (aka S PL1)
-+ * EL0 EL1&0 stage 1+2 (aka NS PL0)
-+ * EL1 EL1&0 stage 1+2 (aka NS PL1)
-+ * EL1 EL1&0 stage 1+2 +PAN
-+ * EL0 EL2&0
-+ * EL2 EL2&0
-+ * EL2 EL2&0 +PAN
-+ * EL2 (aka NS PL2)
-+ * EL3 (aka S PL1)
-  *
-- * for a total of 11 different mmu_idx.
-+ * for a total of 8 different mmu_idx.
-  *
-  * R profile CPUs have an MPU, but can use the same set of MMU indexes
-- * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
-- * NS EL2 if we ever model a Cortex-R52).
-+ * as A profile. They only need to distinguish EL0 and EL1 (and
-+ * EL2 if we ever model a Cortex-R52).
-  *
-  * M profile CPUs are rather different as they do not have a true MMU.
-  * They have the following different MMU indexes:
-@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
- #define ARM_MMU_IDX_NOTLB 0x20  /* does not have a TLB */
- #define ARM_MMU_IDX_M     0x40  /* M profile */
--/* Meanings of the bits for A profile mmu idx values */
--#define ARM_MMU_IDX_A_NS     0x8
--
- /* Meanings of the bits for M profile mmu idx values */
- #define ARM_MMU_IDX_M_PRIV   0x1
- #define ARM_MMU_IDX_M_NEGPRI 0x2
-@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdx {
-     /*
-      * A-profile.
-      */
--    ARMMMUIdx_SE10_0     =  0 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE20_0     =  1 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE10_1     =  2 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE20_2     =  3 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE10_1_PAN =  4 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE20_2_PAN =  5 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE2        =  6 | ARM_MMU_IDX_A,
--    ARMMMUIdx_SE3        =  7 | ARM_MMU_IDX_A,
--
--    ARMMMUIdx_E10_0     = ARMMMUIdx_SE10_0 | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E20_0     = ARMMMUIdx_SE20_0 | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E10_1     = ARMMMUIdx_SE10_1 | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E20_2     = ARMMMUIdx_SE20_2 | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E10_1_PAN = ARMMMUIdx_SE10_1_PAN | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E20_2_PAN = ARMMMUIdx_SE20_2_PAN | ARM_MMU_IDX_A_NS,
--    ARMMMUIdx_E2        = ARMMMUIdx_SE2 | ARM_MMU_IDX_A_NS,
-+    ARMMMUIdx_E10_0     = 0 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E20_0     = 1 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E10_1     = 2 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E20_2     = 3 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E10_1_PAN = 4 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E20_2_PAN = 5 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E2        = 6 | ARM_MMU_IDX_A,
-+    ARMMMUIdx_E3        = 7 | ARM_MMU_IDX_A,
-     /*
-      * These are not allocated TLBs and are used only for AT system
-@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdx {
-     ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
-     ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
-     ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
--    ARMMMUIdx_Stage1_SE0 = 3 | ARM_MMU_IDX_NOTLB,
--    ARMMMUIdx_Stage1_SE1 = 4 | ARM_MMU_IDX_NOTLB,
--    ARMMMUIdx_Stage1_SE1_PAN = 5 | ARM_MMU_IDX_NOTLB,
-     /*
-      * Not allocated a TLB: used only for second stage of an S12 page
-      * table walk, or for descriptor loads during first stage of an S1
-@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdx {
-      * then various TLB flush insns which currently are no-ops or flush
-      * only stage 1 MMU indexes will need to change to flush stage 2.
-      */
--    ARMMMUIdx_Stage2     = 6 | ARM_MMU_IDX_NOTLB,
--    ARMMMUIdx_Stage2_S   = 7 | ARM_MMU_IDX_NOTLB,
-+    ARMMMUIdx_Stage2     = 3 | ARM_MMU_IDX_NOTLB,
-+    ARMMMUIdx_Stage2_S   = 4 | ARM_MMU_IDX_NOTLB,
-     /*
-      * M-profile.
-@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdxBit {
-     TO_CORE_BIT(E2),
-     TO_CORE_BIT(E20_2),
-     TO_CORE_BIT(E20_2_PAN),
--    TO_CORE_BIT(SE10_0),
--    TO_CORE_BIT(SE20_0),
--    TO_CORE_BIT(SE10_1),
--    TO_CORE_BIT(SE20_2),
--    TO_CORE_BIT(SE10_1_PAN),
--    TO_CORE_BIT(SE20_2_PAN),
--    TO_CORE_BIT(SE2),
--    TO_CORE_BIT(SE3),
-+    TO_CORE_BIT(E3),
-     TO_CORE_BIT(MUser),
-     TO_CORE_BIT(MPriv),
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
-     case ARMMMUIdx_Stage1_E0:
-     case ARMMMUIdx_Stage1_E1:
-     case ARMMMUIdx_Stage1_E1_PAN:
--    case ARMMMUIdx_Stage1_SE0:
--    case ARMMMUIdx_Stage1_SE1:
--    case ARMMMUIdx_Stage1_SE1_PAN:
-     case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_E10_1:
-     case ARMMMUIdx_E10_1_PAN:
-     case ARMMMUIdx_E20_0:
-     case ARMMMUIdx_E20_2:
-     case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
-         return true;
-     default:
-         return false;
-@@ -XXX,XX +XXX,XX @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
- {
-     switch (mmu_idx) {
-     case ARMMMUIdx_Stage1_E1_PAN:
--    case ARMMMUIdx_Stage1_SE1_PAN:
-     case ARMMMUIdx_E10_1_PAN:
-     case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_SE10_1_PAN:
--    case ARMMMUIdx_SE20_2_PAN:
-         return true;
-     default:
-         return false;
-@@ -XXX,XX +XXX,XX @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
- static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
- {
-     switch (mmu_idx) {
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
-     case ARMMMUIdx_E20_0:
-     case ARMMMUIdx_E20_2:
-     case ARMMMUIdx_E20_2_PAN:
-     case ARMMMUIdx_Stage2:
-     case ARMMMUIdx_Stage2_S:
--    case ARMMMUIdx_SE2:
-     case ARMMMUIdx_E2:
-         return 2;
--    case ARMMMUIdx_SE3:
-+    case ARMMMUIdx_E3:
-         return 3;
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_Stage1_SE0:
--        return arm_el_is_aa64(env, 3) ? 1 : 3;
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
-+    case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_Stage1_E0:
-+        return arm_el_is_aa64(env, 3) || !arm_is_secure_below_el3(env) ? 1 : 3;
-     case ARMMMUIdx_Stage1_E1:
-     case ARMMMUIdx_Stage1_E1_PAN:
--    case ARMMMUIdx_Stage1_SE1:
--    case ARMMMUIdx_Stage1_SE1_PAN:
--    case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_E10_1:
-     case ARMMMUIdx_E10_1_PAN:
-     case ARMMMUIdx_MPrivNegPri:
-@@ -XXX,XX +XXX,XX @@ static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx mmu_idx)
-     case ARMMMUIdx_Stage1_E0:
-     case ARMMMUIdx_Stage1_E1:
-     case ARMMMUIdx_Stage1_E1_PAN:
--    case ARMMMUIdx_Stage1_SE0:
--    case ARMMMUIdx_Stage1_SE1:
--    case ARMMMUIdx_Stage1_SE1_PAN:
-         return true;
-     default:
-         return false;
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-     /* Begin with base v8.0 state.  */
-     uint64_t valid_mask = 0x3fff;
-     ARMCPU *cpu = env_archcpu(env);
-+    uint64_t changed;
-     /*
-      * Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
-@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-     /* Clear all-context RES0 bits.  */
-     value &= valid_mask;
--    raw_write(env, ri, value);
-+    changed = env->cp15.scr_el3 ^ value;
-+    env->cp15.scr_el3 = value;
-+
-+    /*
-+     * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
-+     * we must invalidate all TLBs below EL3.
-+     */
-+    if (changed & SCR_NS) {
-+        tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
-+                                           ARMMMUIdxBit_E20_0 |
-+                                           ARMMMUIdxBit_E10_1 |
-+                                           ARMMMUIdxBit_E20_2 |
-+                                           ARMMMUIdxBit_E10_1_PAN |
-+                                           ARMMMUIdxBit_E20_2_PAN |
-+                                           ARMMMUIdxBit_E2));
-+    }
- }
- static void scr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
-@@ -XXX,XX +XXX,XX @@ static int gt_phys_redir_timeridx(CPUARMState *env)
-     case ARMMMUIdx_E20_0:
-     case ARMMMUIdx_E20_2:
-     case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
-         return GTIMER_HYP;
-     default:
-         return GTIMER_PHYS;
-@@ -XXX,XX +XXX,XX @@ static int gt_virt_redir_timeridx(CPUARMState *env)
-     case ARMMMUIdx_E20_0:
-     case ARMMMUIdx_E20_2:
-     case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
-         return GTIMER_HYPVIRT;
-     default:
-         return GTIMER_VIRT;
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-         /* stage 1 current state PL1: ATS1CPR, ATS1CPW, ATS1CPRP, ATS1CPWP */
-         switch (el) {
-         case 3:
--            mmu_idx = ARMMMUIdx_SE3;
-+            mmu_idx = ARMMMUIdx_E3;
-             secure = true;
-             break;
-         case 2:
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-             /* fall through */
-         case 1:
-             if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) {
--                mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
--                           : ARMMMUIdx_Stage1_E1_PAN);
-+                mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
-             } else {
--                mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
-+                mmu_idx = ARMMMUIdx_Stage1_E1;
-             }
-             break;
-         default:
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-         /* stage 1 current state PL0: ATS1CUR, ATS1CUW */
-         switch (el) {
-         case 3:
--            mmu_idx = ARMMMUIdx_SE10_0;
-+            mmu_idx = ARMMMUIdx_E10_0;
-             secure = true;
-             break;
-         case 2:
-@@ -XXX,XX +XXX,XX @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
-             mmu_idx = ARMMMUIdx_Stage1_E0;
-             break;
-         case 1:
--            mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
-+            mmu_idx = ARMMMUIdx_Stage1_E0;
-             break;
-         default:
-             g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-         switch (ri->opc1) {
-         case 0: /* AT S1E1R, AT S1E1W, AT S1E1RP, AT S1E1WP */
-             if (ri->crm == 9 && (env->pstate & PSTATE_PAN)) {
--                mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
--                           : ARMMMUIdx_Stage1_E1_PAN);
-+                mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
-             } else {
--                mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
-+                mmu_idx = ARMMMUIdx_Stage1_E1;
-             }
-             break;
-         case 4: /* AT S1E2R, AT S1E2W */
--            mmu_idx = secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2;
-+            mmu_idx = ARMMMUIdx_E2;
-             break;
-         case 6: /* AT S1E3R, AT S1E3W */
--            mmu_idx = ARMMMUIdx_SE3;
-+            mmu_idx = ARMMMUIdx_E3;
-             secure = true;
-             break;
-         default:
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-         }
-         break;
-     case 2: /* AT S1E0R, AT S1E0W */
--        mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
-+        mmu_idx = ARMMMUIdx_Stage1_E0;
-         break;
-     case 4: /* AT S12E1R, AT S12E1W */
--        mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_E10_1;
-+        mmu_idx = ARMMMUIdx_E10_1;
-         break;
-     case 6: /* AT S12E0R, AT S12E0W */
--        mmu_idx = secure ? ARMMMUIdx_SE10_0 : ARMMMUIdx_E10_0;
-+        mmu_idx = ARMMMUIdx_E10_0;
-         break;
-     default:
-         g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
-         uint16_t mask = ARMMMUIdxBit_E20_2 |
-                         ARMMMUIdxBit_E20_2_PAN |
-                         ARMMMUIdxBit_E20_0;
--
--        if (arm_is_secure_below_el3(env)) {
--            mask >>= ARM_MMU_IDX_A_NS;
--        }
--
-         tlb_flush_by_mmuidx(env_cpu(env), mask);
-     }
-     raw_write(env, ri, value);
-@@ -XXX,XX +XXX,XX @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-         uint16_t mask = ARMMMUIdxBit_E10_1 |
-                         ARMMMUIdxBit_E10_1_PAN |
-                         ARMMMUIdxBit_E10_0;
--
--        if (arm_is_secure_below_el3(env)) {
--            mask >>= ARM_MMU_IDX_A_NS;
--        }
--
-         tlb_flush_by_mmuidx(cs, mask);
-         raw_write(env, ri, value);
-     }
-@@ -XXX,XX +XXX,XX @@ static int vae1_tlbmask(CPUARMState *env)
-                ARMMMUIdxBit_E10_1_PAN |
-                ARMMMUIdxBit_E10_0;
-     }
--
--    if (arm_is_secure_below_el3(env)) {
--        mask >>= ARM_MMU_IDX_A_NS;
--    }
--
-     return mask;
- }
-@@ -XXX,XX +XXX,XX @@ static int vae1_tlbbits(CPUARMState *env, uint64_t addr)
-         mmu_idx = ARMMMUIdx_E10_0;
-     }
--    if (arm_is_secure_below_el3(env)) {
--        mmu_idx &= ~ARM_MMU_IDX_A_NS;
--    }
--
-     return tlbbits_for_regime(env, mmu_idx, addr);
- }
-@@ -XXX,XX +XXX,XX @@ static int alle1_tlbmask(CPUARMState *env)
-      * stage 2 translations, whereas most other scopes only invalidate
-      * stage 1 translations.
-      */
--    if (arm_is_secure_below_el3(env)) {
--        return ARMMMUIdxBit_SE10_1 |
--               ARMMMUIdxBit_SE10_1_PAN |
--               ARMMMUIdxBit_SE10_0;
--    } else {
--        return ARMMMUIdxBit_E10_1 |
--               ARMMMUIdxBit_E10_1_PAN |
--               ARMMMUIdxBit_E10_0;
--    }
-+    return (ARMMMUIdxBit_E10_1 |
-+            ARMMMUIdxBit_E10_1_PAN |
-+            ARMMMUIdxBit_E10_0);
- }
- static int e2_tlbmask(CPUARMState *env)
- {
--    if (arm_is_secure_below_el3(env)) {
--        return ARMMMUIdxBit_SE20_0 |
--               ARMMMUIdxBit_SE20_2 |
--               ARMMMUIdxBit_SE20_2_PAN |
--               ARMMMUIdxBit_SE2;
--    } else {
--        return ARMMMUIdxBit_E20_0 |
--               ARMMMUIdxBit_E20_2 |
--               ARMMMUIdxBit_E20_2_PAN |
--               ARMMMUIdxBit_E2;
--    }
-+    return (ARMMMUIdxBit_E20_0 |
-+            ARMMMUIdxBit_E20_2 |
-+            ARMMMUIdxBit_E20_2_PAN |
-+            ARMMMUIdxBit_E2);
- }
- static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     ARMCPU *cpu = env_archcpu(env);
-     CPUState *cs = CPU(cpu);
--    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_SE3);
-+    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E3);
- }
- static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
- {
-     CPUState *cs = env_cpu(env);
--    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_SE3);
-+    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E3);
- }
- static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     CPUState *cs = CPU(cpu);
-     uint64_t pageaddr = sextract64(value << 12, 0, 56);
--    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_SE3);
-+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E3);
- }
- static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
- {
-     CPUState *cs = env_cpu(env);
-     uint64_t pageaddr = sextract64(value << 12, 0, 56);
--    bool secure = arm_is_secure_below_el3(env);
--    int mask = secure ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2;
--    int bits = tlbbits_for_regime(env, secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2,
--                                  pageaddr);
-+    int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr);
--    tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
-+    tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
-+                                                  ARMMMUIdxBit_E2, bits);
- }
- static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
- {
-     CPUState *cs = env_cpu(env);
-     uint64_t pageaddr = sextract64(value << 12, 0, 56);
--    int bits = tlbbits_for_regime(env, ARMMMUIdx_SE3, pageaddr);
-+    int bits = tlbbits_for_regime(env, ARMMMUIdx_E3, pageaddr);
-     tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
--                                                  ARMMMUIdxBit_SE3, bits);
-+                                                  ARMMMUIdxBit_E3, bits);
- }
- #ifdef TARGET_AARCH64
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_rvae1is_write(CPUARMState *env,
- static int vae2_tlbmask(CPUARMState *env)
- {
--    return (arm_is_secure_below_el3(env)
--            ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2);
-+    return ARMMMUIdxBit_E2;
- }
- static void tlbi_aa64_rvae2_write(CPUARMState *env,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_rvae3_write(CPUARMState *env,
-      * flush-last-level-only.
-      */
--    do_rvae_write(env, value, ARMMMUIdxBit_SE3,
--                  tlb_force_broadcast(env));
-+    do_rvae_write(env, value, ARMMMUIdxBit_E3, tlb_force_broadcast(env));
- }
- static void tlbi_aa64_rvae3is_write(CPUARMState *env,
-@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_rvae3is_write(CPUARMState *env,
-      * flush-last-level-only or inner/outer specific flushes.
-      */
--    do_rvae_write(env, value, ARMMMUIdxBit_SE3, true);
-+    do_rvae_write(env, value, ARMMMUIdxBit_E3, true);
- }
- #endif
-@@ -XXX,XX +XXX,XX @@ uint64_t arm_sctlr(CPUARMState *env, int el)
-     /* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
-     if (el == 0) {
-         ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
--        el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0)
--             ? 2 : 1;
-+        el = mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1;
-     }
-     return env->cp15.sctlr_el[el];
- }
-@@ -XXX,XX +XXX,XX @@ int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
-     switch (mmu_idx) {
-     case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_E20_0:
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_SE20_0:
-         return 0;
-     case ARMMMUIdx_E10_1:
-     case ARMMMUIdx_E10_1_PAN:
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
-         return 1;
-     case ARMMMUIdx_E2:
-     case ARMMMUIdx_E20_2:
-     case ARMMMUIdx_E20_2_PAN:
--    case ARMMMUIdx_SE2:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
-         return 2;
--    case ARMMMUIdx_SE3:
-+    case ARMMMUIdx_E3:
-         return 3;
-     default:
-         g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
-         }
-         break;
-     case 3:
--        return ARMMMUIdx_SE3;
-+        return ARMMMUIdx_E3;
-     default:
-         g_assert_not_reached();
-     }
--    if (arm_is_secure_below_el3(env)) {
--        idx &= ~ARM_MMU_IDX_A_NS;
--    }
--
-     return idx;
- }
-@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
-         switch (mmu_idx) {
-         case ARMMMUIdx_E10_1:
-         case ARMMMUIdx_E10_1_PAN:
--        case ARMMMUIdx_SE10_1:
--        case ARMMMUIdx_SE10_1_PAN:
-             /* TODO: ARMv8.3-NV */
-             DP_TBFLAG_A64(flags, UNPRIV, 1);
-             break;
-         case ARMMMUIdx_E20_2:
-         case ARMMMUIdx_E20_2_PAN:
--        case ARMMMUIdx_SE20_2:
--        case ARMMMUIdx_SE20_2_PAN:
-             /*
-              * Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is
-              * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ unsigned int arm_pamax(ARMCPU *cpu)
- ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
- {
-     switch (mmu_idx) {
--    case ARMMMUIdx_SE10_0:
--        return ARMMMUIdx_Stage1_SE0;
--    case ARMMMUIdx_SE10_1:
--        return ARMMMUIdx_Stage1_SE1;
--    case ARMMMUIdx_SE10_1_PAN:
--        return ARMMMUIdx_Stage1_SE1_PAN;
-     case ARMMMUIdx_E10_0:
-         return ARMMMUIdx_Stage1_E0;
-     case ARMMMUIdx_E10_1:
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
- static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
- {
-     switch (mmu_idx) {
--    case ARMMMUIdx_SE10_0:
-     case ARMMMUIdx_E20_0:
--    case ARMMMUIdx_SE20_0:
-     case ARMMMUIdx_Stage1_E0:
--    case ARMMMUIdx_Stage1_SE0:
-     case ARMMMUIdx_MUser:
-     case ARMMMUIdx_MSUser:
-     case ARMMMUIdx_MUserNegPri:
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-             s2_mmu_idx = (s2walk_secure
-                           ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
--            is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
-+            is_el0 = mmu_idx == ARMMMUIdx_E10_0;
-             /*
-              * S1 is done, now do S2 translation.
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     case ARMMMUIdx_Stage1_E1:
-     case ARMMMUIdx_Stage1_E1_PAN:
-     case ARMMMUIdx_E2:
-+        is_secure = arm_is_secure_below_el3(env);
-+        break;
-     case ARMMMUIdx_Stage2:
-     case ARMMMUIdx_MPrivNegPri:
-     case ARMMMUIdx_MUserNegPri:
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
-     case ARMMMUIdx_MUser:
-         is_secure = false;
-         break;
--    case ARMMMUIdx_SE3:
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
--    case ARMMMUIdx_SE20_0:
--    case ARMMMUIdx_SE20_2:
--    case ARMMMUIdx_SE20_2_PAN:
--    case ARMMMUIdx_Stage1_SE0:
--    case ARMMMUIdx_Stage1_SE1:
--    case ARMMMUIdx_Stage1_SE1_PAN:
--    case ARMMMUIdx_SE2:
-+    case ARMMMUIdx_E3:
-     case ARMMMUIdx_Stage2_S:
-     case ARMMMUIdx_MSPrivNegPri:
-     case ARMMMUIdx_MSUserNegPri:
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static int get_a64_user_mem_index(DisasContext *s)
-         case ARMMMUIdx_E20_2_PAN:
-             useridx = ARMMMUIdx_E20_0;
-             break;
--        case ARMMMUIdx_SE10_1:
--        case ARMMMUIdx_SE10_1_PAN:
--            useridx = ARMMMUIdx_SE10_0;
--            break;
--        case ARMMMUIdx_SE20_2:
--        case ARMMMUIdx_SE20_2_PAN:
--            useridx = ARMMMUIdx_SE20_0;
--            break;
-         default:
-             g_assert_not_reached();
-         }
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline int get_a32_user_mem_index(DisasContext *s)
-      *  otherwise, access as if at PL0.
-      */
-     switch (s->mmu_idx) {
-+    case ARMMMUIdx_E3:
-     case ARMMMUIdx_E2:        /* this one is UNPREDICTABLE */
-     case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_E10_1:
-     case ARMMMUIdx_E10_1_PAN:
-         return arm_to_core_mmu_idx(ARMMMUIdx_E10_0);
--    case ARMMMUIdx_SE3:
--    case ARMMMUIdx_SE10_0:
--    case ARMMMUIdx_SE10_1:
--    case ARMMMUIdx_SE10_1_PAN:
--        return arm_to_core_mmu_idx(ARMMMUIdx_SE10_0);
-     case ARMMMUIdx_MUser:
-     case ARMMMUIdx_MPriv:
-         return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
---
-.25.1

-[PULL 15/28] target/arm: Reorg regime_translation_disabled
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Use a switch on mmu_idx for the a-profile indexes, instead of
-three different if's vs regime_el and arm_mmu_idx_is_stage1_of_2.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-12-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 32 +++++++++++++++++++++++++-------
-file changed, 25 insertions(+), 7 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
-     hcr_el2 = arm_hcr_el2_eff(env);
--    if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
-+    switch (mmu_idx) {
-+    case ARMMMUIdx_Stage2:
-+    case ARMMMUIdx_Stage2_S:
-         /* HCR.DC means HCR.VM behaves as 1 */
-         return (hcr_el2 & (HCR_DC | HCR_VM)) == 0;
--    }
--    if (hcr_el2 & HCR_TGE) {
-+    case ARMMMUIdx_E10_0:
-+    case ARMMMUIdx_E10_1:
-+    case ARMMMUIdx_E10_1_PAN:
-         /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
--        if (!is_secure && regime_el(env, mmu_idx) == 1) {
-+        if (!is_secure && (hcr_el2 & HCR_TGE)) {
-             return true;
-         }
--    }
-+        break;
--    if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) {
-+    case ARMMMUIdx_Stage1_E0:
-+    case ARMMMUIdx_Stage1_E1:
-+    case ARMMMUIdx_Stage1_E1_PAN:
-         /* HCR.DC means SCTLR_EL1.M behaves as 0 */
--        return true;
-+        if (hcr_el2 & HCR_DC) {
-+            return true;
-+        }
-+        break;
-+
-+    case ARMMMUIdx_E20_0:
-+    case ARMMMUIdx_E20_2:
-+    case ARMMMUIdx_E20_2_PAN:
-+    case ARMMMUIdx_E2:
-+    case ARMMMUIdx_E3:
-+        break;
-+
-+    default:
-+        g_assert_not_reached();
-     }
-     return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
---
-.25.1

-[PULL 16/28] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-The effect of TGE does not only apply to non-secure state,
-now that Secure EL2 exists.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-13-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
-     case ARMMMUIdx_E10_0:
-     case ARMMMUIdx_E10_1:
-     case ARMMMUIdx_E10_1_PAN:
--        /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
--        if (!is_secure && (hcr_el2 & HCR_TGE)) {
-+        /* TGE means that EL0/1 act as if SCTLR_EL1.M is zero */
-+        if (hcr_el2 & HCR_TGE) {
-             return true;
-         }
-         break;
---
-.25.1

-[PULL 17/28] target/arm: Introduce arm_hcr_el2_eff_secstate
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-For page walking, we may require HCR for a security state
-that is not "current".
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-14-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h    | 20 +++++++++++++-------
- target/arm/helper.c | 11 ++++++++---
-files changed, 21 insertions(+), 10 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool arm_is_secure(CPUARMState *env)
-  * Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
-  * This corresponds to the pseudocode EL2Enabled()
-  */
-+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
-+{
-+    return arm_feature(env, ARM_FEATURE_EL2)
-+           && (!secure || (env->cp15.scr_el3 & SCR_EEL2));
-+}
-+
- static inline bool arm_is_el2_enabled(CPUARMState *env)
- {
--    if (arm_feature(env, ARM_FEATURE_EL2)) {
--        if (arm_is_secure_below_el3(env)) {
--            return (env->cp15.scr_el3 & SCR_EEL2) != 0;
--        }
--        return true;
--    }
--    return false;
-+    return arm_is_el2_enabled_secstate(env, arm_is_secure_below_el3(env));
- }
- #else
-@@ -XXX,XX +XXX,XX @@ static inline bool arm_is_secure(CPUARMState *env)
-     return false;
- }
-+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
-+{
-+    return false;
-+}
-+
- static inline bool arm_is_el2_enabled(CPUARMState *env)
- {
-     return false;
-@@ -XXX,XX +XXX,XX @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
-  * "for all purposes other than a direct read or write access of HCR_EL2."
-  * Not included here is HCR_RW.
-  */
-+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure);
- uint64_t arm_hcr_el2_eff(CPUARMState *env);
- uint64_t arm_hcrx_el2_eff(CPUARMState *env);
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri,
- }
- /*
-- * Return the effective value of HCR_EL2.
-+ * Return the effective value of HCR_EL2, at the given security state.
-  * Bits that are not included here:
-  * RW       (read from SCR_EL3.RW as needed)
-  */
--uint64_t arm_hcr_el2_eff(CPUARMState *env)
-+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure)
- {
-     uint64_t ret = env->cp15.hcr_el2;
--    if (!arm_is_el2_enabled(env)) {
-+    if (!arm_is_el2_enabled_secstate(env, secure)) {
-         /*
-          * "This register has no effect if EL2 is not enabled in the
-          * current Security state".  This is ARMv8.4-SecEL2 speak for
-@@ -XXX,XX +XXX,XX @@ uint64_t arm_hcr_el2_eff(CPUARMState *env)
-     return ret;
- }
-+uint64_t arm_hcr_el2_eff(CPUARMState *env)
-+{
-+    return arm_hcr_el2_eff_secstate(env, arm_is_secure_below_el3(env));
-+}
-+
- /*
-  * Corresponds to ARM pseudocode function ELIsInHost().
-  */
---
-.25.1

-[PULL 18/28] target/arm: Hoist read of *is_secure in S1_ptw_translate
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Rename the argument to is_secure_ptr, and introduce a
-local variable is_secure with the value.  We only write
-back to the pointer toward the end of the function.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-15-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 22 ++++++++++++----------
-file changed, 12 insertions(+), 10 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
- /* Translate a S1 pagetable walk through S2 if needed.  */
- static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
--                               hwaddr addr, bool *is_secure,
-+                               hwaddr addr, bool *is_secure_ptr,
-                                ARMMMUFaultInfo *fi)
- {
--    ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-+    bool is_secure = *is_secure_ptr;
-+    ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
-     if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
--        !regime_translation_disabled(env, s2_mmu_idx, *is_secure)) {
-+        !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
-         GetPhysAddrResult s2 = {};
-         int ret;
-         ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
--                                 *is_secure, false, &s2, fi);
-+                                 is_secure, false, &s2, fi);
-         if (ret) {
-             assert(fi->type != ARMFault_None);
-             fi->s2addr = addr;
-             fi->stage2 = true;
-             fi->s1ptw = true;
--            fi->s1ns = !*is_secure;
-+            fi->s1ns = !is_secure;
-             return ~0;
-         }
-         if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-             fi->s2addr = addr;
-             fi->stage2 = true;
-             fi->s1ptw = true;
--            fi->s1ns = !*is_secure;
-+            fi->s1ns = !is_secure;
-             return ~0;
-         }
-         if (arm_is_secure_below_el3(env)) {
-             /* Check if page table walk is to secure or non-secure PA space. */
--            if (*is_secure) {
--                *is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
-+            if (is_secure) {
-+                is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
-             } else {
--                *is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
-+                is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
-             }
-+            *is_secure_ptr = is_secure;
-         } else {
--            assert(!*is_secure);
-+            assert(!is_secure);
-         }
-         addr = s2.phys;
---
-.25.1

-[PULL 19/28] target/arm: Remove env argument from combined_attrs_fwb
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-This value is unused.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221001162318.153420-16-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 5 ++---
-file changed, 2 insertions(+), 3 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static uint8_t force_cacheattr_nibble_wb(uint8_t attr)
-  * s1 and s2 for the HCR_EL2.FWB == 1 case, returning the
-  * combined attributes in MAIR_EL1 format.
-  */
--static uint8_t combined_attrs_fwb(CPUARMState *env,
--                                  ARMCacheAttrs s1, ARMCacheAttrs s2)
-+static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
- {
-     switch (s2.attrs) {
-     case 7:
-@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
-     /* Combine memory type and cacheability attributes */
-     if (arm_hcr_el2_eff(env) & HCR_FWB) {
--        ret.attrs = combined_attrs_fwb(env, s1, s2);
-+        ret.attrs = combined_attrs_fwb(s1, s2);
-     } else {
-         ret.attrs = combined_attrs_nofwb(env, s1, s2);
-     }
---
-.25.1

-[PULL 20/28] target/arm: Pass HCR to attribute subroutines.
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-These subroutines did not need ENV for anything except
-retrieving the effective value of HCR anyway.
-We have computed the effective value of HCR in the callers,
-and this will be especially important for interpreting HCR
-in a non-current security state.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-17-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 30 +++++++++++++++++-------------
-file changed, 17 insertions(+), 13 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
-     return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
- }
--static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
-+static bool ptw_attrs_are_device(uint64_t hcr, ARMCacheAttrs cacheattrs)
- {
-     /*
-      * For an S1 page table walk, the stage 1 attributes are always
-@@ -XXX,XX +XXX,XX @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
-      * when cacheattrs.attrs bit [2] is 0.
-      */
-     assert(cacheattrs.is_s2_format);
--    if (arm_hcr_el2_eff(env) & HCR_FWB) {
-+    if (hcr & HCR_FWB) {
-         return (cacheattrs.attrs & 0x4) == 0;
-     } else {
-         return (cacheattrs.attrs & 0xc) == 0;
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-     if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
-         !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
-         GetPhysAddrResult s2 = {};
-+        uint64_t hcr;
-         int ret;
-         ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-             fi->s1ns = !is_secure;
-             return ~0;
-         }
--        if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
--            ptw_attrs_are_device(env, s2.cacheattrs)) {
-+
-+        hcr = arm_hcr_el2_eff(env);
-+        if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
-             /*
-              * PTW set and S1 walk touched S2 Device memory:
-              * generate Permission fault.
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
-  * ref: shared/translation/attrs/S2AttrDecode()
-  *      .../S2ConvertAttrsHints()
-  */
--static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs)
-+static uint8_t convert_stage2_attrs(uint64_t hcr, uint8_t s2attrs)
- {
-     uint8_t hiattr = extract32(s2attrs, 2, 2);
-     uint8_t loattr = extract32(s2attrs, 0, 2);
-     uint8_t hihint = 0, lohint = 0;
-     if (hiattr != 0) { /* normal memory */
--        if (arm_hcr_el2_eff(env) & HCR_CD) { /* cache disabled */
-+        if (hcr & HCR_CD) { /* cache disabled */
-             hiattr = loattr = 1; /* non-cacheable */
-         } else {
-             if (hiattr != 1) { /* Write-through or write-back */
-@@ -XXX,XX +XXX,XX @@ static uint8_t combine_cacheattr_nibble(uint8_t s1, uint8_t s2)
-  * s1 and s2 for the HCR_EL2.FWB == 0 case, returning the
-  * combined attributes in MAIR_EL1 format.
-  */
--static uint8_t combined_attrs_nofwb(CPUARMState *env,
-+static uint8_t combined_attrs_nofwb(uint64_t hcr,
-                                     ARMCacheAttrs s1, ARMCacheAttrs s2)
- {
-     uint8_t s1lo, s2lo, s1hi, s2hi, s2_mair_attrs, ret_attrs;
--    s2_mair_attrs = convert_stage2_attrs(env, s2.attrs);
-+    s2_mair_attrs = convert_stage2_attrs(hcr, s2.attrs);
-     s1lo = extract32(s1.attrs, 0, 4);
-     s2lo = extract32(s2_mair_attrs, 0, 4);
-@@ -XXX,XX +XXX,XX @@ static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
-  * @s1:      Attributes from stage 1 walk
-  * @s2:      Attributes from stage 2 walk
-  */
--static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
-+static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
-                                         ARMCacheAttrs s1, ARMCacheAttrs s2)
- {
-     ARMCacheAttrs ret;
-@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
-     }
-     /* Combine memory type and cacheability attributes */
--    if (arm_hcr_el2_eff(env) & HCR_FWB) {
-+    if (hcr & HCR_FWB) {
-         ret.attrs = combined_attrs_fwb(s1, s2);
-     } else {
--        ret.attrs = combined_attrs_nofwb(env, s1, s2);
-+        ret.attrs = combined_attrs_nofwb(hcr, s1, s2);
-     }
-     /*
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-             ARMCacheAttrs cacheattrs1;
-             ARMMMUIdx s2_mmu_idx;
-             bool is_el0;
-+            uint64_t hcr;
-             ret = get_phys_addr_with_secure(env, address, access_type,
-                                             s1_mmu_idx, is_secure, result, fi);
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-             }
-             /* Combine the S1 and S2 cache attributes. */
--            if (arm_hcr_el2_eff(env) & HCR_DC) {
-+            hcr = arm_hcr_el2_eff(env);
-+            if (hcr & HCR_DC) {
-                 /*
-                  * HCR.DC forces the first stage attributes to
-                  *  Normal Non-Shareable,
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-                 }
-                 cacheattrs1.shareability = 0;
-             }
--            result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
-+            result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
-                                                     result->cacheattrs);
-             /*
---
-.25.1

-[PULL 21/28] target/arm: Fix ATS12NSO* from S PL1
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Use arm_hcr_el2_eff_secstate instead of arm_hcr_el2_eff, so
-that we use is_secure instead of the current security state.
-These AT* operations have been broken since arm_hcr_el2_eff
-gained a check for "el2 enabled" for Secure EL2.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-18-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
-         }
-     }
--    hcr_el2 = arm_hcr_el2_eff(env);
-+    hcr_el2 = arm_hcr_el2_eff_secstate(env, is_secure);
-     switch (mmu_idx) {
-     case ARMMMUIdx_Stage2:
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-             return ~0;
-         }
--        hcr = arm_hcr_el2_eff(env);
-+        hcr = arm_hcr_el2_eff_secstate(env, is_secure);
-         if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
-             /*
-              * PTW set and S1 walk touched S2 Device memory:
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-             }
-             /* Combine the S1 and S2 cache attributes. */
--            hcr = arm_hcr_el2_eff(env);
-+            hcr = arm_hcr_el2_eff_secstate(env, is_secure);
-             if (hcr & HCR_DC) {
-                 /*
-                  * HCR.DC forces the first stage attributes to
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-         result->page_size = TARGET_PAGE_SIZE;
-         /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
--        hcr = arm_hcr_el2_eff(env);
-+        hcr = arm_hcr_el2_eff_secstate(env, is_secure);
-         result->cacheattrs.shareability = 0;
-         result->cacheattrs.is_s2_format = false;
-         if (hcr & HCR_DC) {
---
-.25.1

-[PULL 22/28] target/arm: Split out get_phys_addr_disabled
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221001162318.153420-19-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 138 +++++++++++++++++++++++++----------------------
-file changed, 74 insertions(+), 64 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
-     return ret;
- }
-+/*
-+ * MMU disabled.  S1 addresses within aa64 translation regimes are
-+ * still checked for bounds -- see AArch64.S1DisabledOutput().
-+ */
-+static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
-+                                   MMUAccessType access_type,
-+                                   ARMMMUIdx mmu_idx, bool is_secure,
-+                                   GetPhysAddrResult *result,
-+                                   ARMMMUFaultInfo *fi)
-+{
-+    uint64_t hcr;
-+    uint8_t memattr;
-+
-+    if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
-+        int r_el = regime_el(env, mmu_idx);
-+        if (arm_el_is_aa64(env, r_el)) {
-+            int pamax = arm_pamax(env_archcpu(env));
-+            uint64_t tcr = env->cp15.tcr_el[r_el];
-+            int addrtop, tbi;
-+
-+            tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
-+            if (access_type == MMU_INST_FETCH) {
-+                tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
-+            }
-+            tbi = (tbi >> extract64(address, 55, 1)) & 1;
-+            addrtop = (tbi ? 55 : 63);
-+
-+            if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
-+                fi->type = ARMFault_AddressSize;
-+                fi->level = 0;
-+                fi->stage2 = false;
-+                return 1;
-+            }
-+
-+            /*
-+             * When TBI is disabled, we've just validated that all of the
-+             * bits above PAMax are zero, so logically we only need to
-+             * clear the top byte for TBI.  But it's clearer to follow
-+             * the pseudocode set of addrdesc.paddress.
-+             */
-+            address = extract64(address, 0, 52);
-+        }
-+    }
-+
-+    result->phys = address;
-+    result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-+    result->page_size = TARGET_PAGE_SIZE;
-+
-+    /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
-+    hcr = arm_hcr_el2_eff_secstate(env, is_secure);
-+    result->cacheattrs.shareability = 0;
-+    result->cacheattrs.is_s2_format = false;
-+    if (hcr & HCR_DC) {
-+        if (hcr & HCR_DCT) {
-+            memattr = 0xf0;  /* Tagged, Normal, WB, RWA */
-+        } else {
-+            memattr = 0xff;  /* Normal, WB, RWA */
-+        }
-+    } else if (access_type == MMU_INST_FETCH) {
-+        if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
-+            memattr = 0xee;  /* Normal, WT, RA, NT */
-+        } else {
-+            memattr = 0x44;  /* Normal, NC, No */
-+        }
-+        result->cacheattrs.shareability = 2; /* outer sharable */
-+    } else {
-+        memattr = 0x00;      /* Device, nGnRnE */
-+    }
-+    result->cacheattrs.attrs = memattr;
-+    return 0;
-+}
-+
- bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-                                MMUAccessType access_type, ARMMMUIdx mmu_idx,
-                                bool is_secure, GetPhysAddrResult *result,
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-     /* Definitely a real MMU, not an MPU */
-     if (regime_translation_disabled(env, mmu_idx, is_secure)) {
--        uint64_t hcr;
--        uint8_t memattr;
--
--        /*
--         * MMU disabled.  S1 addresses within aa64 translation regimes are
--         * still checked for bounds -- see AArch64.TranslateAddressS1Off.
--         */
--        if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
--            int r_el = regime_el(env, mmu_idx);
--            if (arm_el_is_aa64(env, r_el)) {
--                int pamax = arm_pamax(env_archcpu(env));
--                uint64_t tcr = env->cp15.tcr_el[r_el];
--                int addrtop, tbi;
--
--                tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
--                if (access_type == MMU_INST_FETCH) {
--                    tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
--                }
--                tbi = (tbi >> extract64(address, 55, 1)) & 1;
--                addrtop = (tbi ? 55 : 63);
--
--                if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
--                    fi->type = ARMFault_AddressSize;
--                    fi->level = 0;
--                    fi->stage2 = false;
--                    return 1;
--                }
--
--                /*
--                 * When TBI is disabled, we've just validated that all of the
--                 * bits above PAMax are zero, so logically we only need to
--                 * clear the top byte for TBI.  But it's clearer to follow
--                 * the pseudocode set of addrdesc.paddress.
--                 */
--                address = extract64(address, 0, 52);
--            }
--        }
--        result->phys = address;
--        result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
--        result->page_size = TARGET_PAGE_SIZE;
--
--        /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
--        hcr = arm_hcr_el2_eff_secstate(env, is_secure);
--        result->cacheattrs.shareability = 0;
--        result->cacheattrs.is_s2_format = false;
--        if (hcr & HCR_DC) {
--            if (hcr & HCR_DCT) {
--                memattr = 0xf0;  /* Tagged, Normal, WB, RWA */
--            } else {
--                memattr = 0xff;  /* Normal, WB, RWA */
--            }
--        } else if (access_type == MMU_INST_FETCH) {
--            if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
--                memattr = 0xee;  /* Normal, WT, RA, NT */
--            } else {
--                memattr = 0x44;  /* Normal, NC, No */
--            }
--            result->cacheattrs.shareability = 2; /* outer sharable */
--        } else {
--            memattr = 0x00;      /* Device, nGnRnE */
--        }
--        result->cacheattrs.attrs = memattr;
--        return 0;
-+        return get_phys_addr_disabled(env, address, access_type, mmu_idx,
-+                                      is_secure, result, fi);
-     }
--
-     if (regime_using_lpae_format(env, mmu_idx)) {
-         return get_phys_addr_lpae(env, address, access_type, mmu_idx,
-                                   is_secure, false, result, fi);
---
-.25.1

-[PULL 23/28] target/arm: Fix cacheattr in get_phys_addr_disabled
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Do not apply memattr or shareability for Stage2 translations.
-Make sure to apply HCR_{DC,DCT} only to Regime_EL10, per the
-pseudocode in AArch64.S1DisabledOutput.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221001162318.153420-20-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 48 +++++++++++++++++++++++++-----------------------
-file changed, 25 insertions(+), 23 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
-                                    GetPhysAddrResult *result,
-                                    ARMMMUFaultInfo *fi)
- {
--    uint64_t hcr;
--    uint8_t memattr;
-+    uint8_t memattr = 0x00;    /* Device nGnRnE */
-+    uint8_t shareability = 0;  /* non-sharable */
-     if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
-         int r_el = regime_el(env, mmu_idx);
-+
-         if (arm_el_is_aa64(env, r_el)) {
-             int pamax = arm_pamax(env_archcpu(env));
-             uint64_t tcr = env->cp15.tcr_el[r_el];
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
-              */
-             address = extract64(address, 0, 52);
-         }
-+
-+        /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
-+        if (r_el == 1) {
-+            uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
-+            if (hcr & HCR_DC) {
-+                if (hcr & HCR_DCT) {
-+                    memattr = 0xf0;  /* Tagged, Normal, WB, RWA */
-+                } else {
-+                    memattr = 0xff;  /* Normal, WB, RWA */
-+                }
-+            }
-+        }
-+        if (memattr == 0 && access_type == MMU_INST_FETCH) {
-+            if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
-+                memattr = 0xee;  /* Normal, WT, RA, NT */
-+            } else {
-+                memattr = 0x44;  /* Normal, NC, No */
-+            }
-+            shareability = 2; /* outer sharable */
-+        }
-+        result->cacheattrs.is_s2_format = false;
-     }
-     result->phys = address;
-     result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-     result->page_size = TARGET_PAGE_SIZE;
--
--    /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
--    hcr = arm_hcr_el2_eff_secstate(env, is_secure);
--    result->cacheattrs.shareability = 0;
--    result->cacheattrs.is_s2_format = false;
--    if (hcr & HCR_DC) {
--        if (hcr & HCR_DCT) {
--            memattr = 0xf0;  /* Tagged, Normal, WB, RWA */
--        } else {
--            memattr = 0xff;  /* Normal, WB, RWA */
--        }
--    } else if (access_type == MMU_INST_FETCH) {
--        if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
--            memattr = 0xee;  /* Normal, WT, RA, NT */
--        } else {
--            memattr = 0x44;  /* Normal, NC, No */
--        }
--        result->cacheattrs.shareability = 2; /* outer sharable */
--    } else {
--        memattr = 0x00;      /* Device, nGnRnE */
--    }
-+    result->cacheattrs.shareability = shareability;
-     result->cacheattrs.attrs = memattr;
-     return 0;
- }
---
-.25.1

-[PULL 24/28] target/arm: Use tlb_set_page_full
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Adjust GetPhysAddrResult to fill in CPUTLBEntryFull,
-so that it may be passed directly to tlb_set_page_full.
-The change is large, but mostly mechanical.  The major
-non-mechanical change is page_size -> lg_page_size.
-Most of the time this is obvious, and is related to
-TARGET_PAGE_BITS.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221001162318.153420-21-richard.henderson@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h  |   5 +-
- target/arm/helper.c     |  12 +--
- target/arm/m_helper.c   |  20 ++---
- target/arm/ptw.c        | 179 ++++++++++++++++++++--------------------
- target/arm/tlb_helper.c |   9 +-
-files changed, 111 insertions(+), 114 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ typedef struct ARMCacheAttrs {
- /* Fields that are valid upon success. */
- typedef struct GetPhysAddrResult {
--    hwaddr phys;
--    target_ulong page_size;
--    int prot;
--    MemTxAttrs attrs;
-+    CPUTLBEntryFull f;
-     ARMCacheAttrs cacheattrs;
- } GetPhysAddrResult;
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
-         /* Create a 64-bit PAR */
-         par64 = (1 << 11); /* LPAE bit always set */
-         if (!ret) {
--            par64 |= res.phys & ~0xfffULL;
--            if (!res.attrs.secure) {
-+            par64 |= res.f.phys_addr & ~0xfffULL;
-+            if (!res.f.attrs.secure) {
-                 par64 |= (1 << 9); /* NS */
-             }
-             par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
-@@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
-          */
-         if (!ret) {
-             /* We do not set any attribute bits in the PAR */
--            if (res.page_size == (1 << 24)
-+            if (res.f.lg_page_size == 24
-                 && arm_feature(env, ARM_FEATURE_V7)) {
--                par64 = (res.phys & 0xff000000) | (1 << 1);
-+                par64 = (res.f.phys_addr & 0xff000000) | (1 << 1);
-             } else {
--                par64 = res.phys & 0xfffff000;
-+                par64 = res.f.phys_addr & 0xfffff000;
-             }
--            if (!res.attrs.secure) {
-+            if (!res.f.attrs.secure) {
-                 par64 |= (1 << 9); /* NS */
-             }
-         } else {
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/m_helper.c
-+++ b/target/arm/m_helper.c
-@@ -XXX,XX +XXX,XX @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
-         }
-         goto pend_fault;
-     }
--    address_space_stl_le(arm_addressspace(cs, res.attrs), res.phys, value,
--                         res.attrs, &txres);
-+    address_space_stl_le(arm_addressspace(cs, res.f.attrs), res.f.phys_addr,
-+                         value, res.f.attrs, &txres);
-     if (txres != MEMTX_OK) {
-         /* BusFault trying to write the data */
-         if (mode == STACK_LAZYFP) {
-@@ -XXX,XX +XXX,XX @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
-         goto pend_fault;
-     }
--    value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
--                              res.attrs, &txres);
-+    value = address_space_ldl(arm_addressspace(cs, res.f.attrs),
-+                              res.f.phys_addr, res.f.attrs, &txres);
-     if (txres != MEMTX_OK) {
-         /* BusFault trying to read the data */
-         qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
-@@ -XXX,XX +XXX,XX @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
-         qemu_log_mask(CPU_LOG_INT, "...really MemManage with CFSR.IACCVIOL\n");
-         return false;
-     }
--    *insn = address_space_lduw_le(arm_addressspace(cs, res.attrs), res.phys,
--                                  res.attrs, &txres);
-+    *insn = address_space_lduw_le(arm_addressspace(cs, res.f.attrs),
-+                                  res.f.phys_addr, res.f.attrs, &txres);
-     if (txres != MEMTX_OK) {
-         env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
-         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
-@@ -XXX,XX +XXX,XX @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
-         }
-         return false;
-     }
--    value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
--                              res.attrs, &txres);
-+    value = address_space_ldl(arm_addressspace(cs, res.f.attrs),
-+                              res.f.phys_addr, res.f.attrs, &txres);
-     if (txres != MEMTX_OK) {
-         /* BusFault trying to read the data */
-         qemu_log_mask(CPU_LOG_INT,
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
-         } else {
-             mrvalid = true;
-         }
--        r = res.prot & PAGE_READ;
--        rw = res.prot & PAGE_WRITE;
-+        r = res.f.prot & PAGE_READ;
-+        rw = res.f.prot & PAGE_WRITE;
-     } else {
-         r = false;
-         rw = false;
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
-             assert(!is_secure);
-         }
--        addr = s2.phys;
-+        addr = s2.f.phys_addr;
-     }
-     return addr;
- }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-         /* 1Mb section.  */
-         phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
-         ap = (desc >> 10) & 3;
--        result->page_size = 1024 * 1024;
-+        result->f.lg_page_size = 20; /* 1MB */
-     } else {
-         /* Lookup l2 entry.  */
-         if (type == 1) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-         case 1: /* 64k page.  */
-             phys_addr = (desc & 0xffff0000) | (address & 0xffff);
-             ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
--            result->page_size = 0x10000;
-+            result->f.lg_page_size = 16;
-             break;
-         case 2: /* 4k page.  */
-             phys_addr = (desc & 0xfffff000) | (address & 0xfff);
-             ap = (desc >> (4 + ((address >> 9) & 6))) & 3;
--            result->page_size = 0x1000;
-+            result->f.lg_page_size = 12;
-             break;
-         case 3: /* 1k page, or ARMv6/XScale "extended small (4k) page" */
-             if (type == 1) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-                 if (arm_feature(env, ARM_FEATURE_XSCALE)
-                     || arm_feature(env, ARM_FEATURE_V6)) {
-                     phys_addr = (desc & 0xfffff000) | (address & 0xfff);
--                    result->page_size = 0x1000;
-+                    result->f.lg_page_size = 12;
-                 } else {
-                     /*
-                      * UNPREDICTABLE in ARMv5; we choose to take a
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-                 }
-             } else {
-                 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
--                result->page_size = 0x400;
-+                result->f.lg_page_size = 10;
-             }
-             ap = (desc >> 4) & 3;
-             break;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-             g_assert_not_reached();
-         }
-     }
--    result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
--    result->prot |= result->prot ? PAGE_EXEC : 0;
--    if (!(result->prot & (1 << access_type))) {
-+    result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
-+    result->f.prot |= result->f.prot ? PAGE_EXEC : 0;
-+    if (!(result->f.prot & (1 << access_type))) {
-         /* Access permission fault.  */
-         fi->type = ARMFault_Permission;
-         goto do_fault;
-     }
--    result->phys = phys_addr;
-+    result->f.phys_addr = phys_addr;
-     return false;
- do_fault:
-     fi->domain = domain;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-             phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
-             phys_addr |= (uint64_t)extract32(desc, 20, 4) << 32;
-             phys_addr |= (uint64_t)extract32(desc, 5, 4) << 36;
--            result->page_size = 0x1000000;
-+            result->f.lg_page_size = 24;  /* 16MB */
-         } else {
-             /* Section.  */
-             phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
--            result->page_size = 0x100000;
-+            result->f.lg_page_size = 20;  /* 1MB */
-         }
-         ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
-         xn = desc & (1 << 4);
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-         case 1: /* 64k page.  */
-             phys_addr = (desc & 0xffff0000) | (address & 0xffff);
-             xn = desc & (1 << 15);
--            result->page_size = 0x10000;
-+            result->f.lg_page_size = 16;
-             break;
-         case 2: case 3: /* 4k page.  */
-             phys_addr = (desc & 0xfffff000) | (address & 0xfff);
-             xn = desc & 1;
--            result->page_size = 0x1000;
-+            result->f.lg_page_size = 12;
-             break;
-         default:
-             /* Never happens, but compiler isn't smart enough to tell.  */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-         }
-     }
-     if (domain_prot == 3) {
--        result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-+        result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-     } else {
-         if (pxn && !regime_is_user(env, mmu_idx)) {
-             xn = 1;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-                 fi->type = ARMFault_AccessFlag;
-                 goto do_fault;
-             }
--            result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
-+            result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
-         } else {
--            result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
-+            result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
-         }
--        if (result->prot && !xn) {
--            result->prot |= PAGE_EXEC;
-+        if (result->f.prot && !xn) {
-+            result->f.prot |= PAGE_EXEC;
-         }
--        if (!(result->prot & (1 << access_type))) {
-+        if (!(result->f.prot & (1 << access_type))) {
-             /* Access permission fault.  */
-             fi->type = ARMFault_Permission;
-             goto do_fault;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
-          * the CPU doesn't support TZ or this is a non-secure translation
-          * regime, because the attribute will already be non-secure.
-          */
--        result->attrs.secure = false;
-+        result->f.attrs.secure = false;
-     }
--    result->phys = phys_addr;
-+    result->f.phys_addr = phys_addr;
-     return false;
- do_fault:
-     fi->domain = domain;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-     if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
-         ns = mmu_idx == ARMMMUIdx_Stage2;
-         xn = extract32(attrs, 11, 2);
--        result->prot = get_S2prot(env, ap, xn, s1_is_el0);
-+        result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
-     } else {
-         ns = extract32(attrs, 3, 1);
-         xn = extract32(attrs, 12, 1);
-         pxn = extract32(attrs, 11, 1);
--        result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
-+        result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
-     }
-     fault_type = ARMFault_Permission;
--    if (!(result->prot & (1 << access_type))) {
-+    if (!(result->f.prot & (1 << access_type))) {
-         goto do_fault;
-     }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-          * the CPU doesn't support TZ or this is a non-secure translation
-          * regime, because the attribute will already be non-secure.
-          */
--        result->attrs.secure = false;
-+        result->f.attrs.secure = false;
-     }
-     /* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB.  */
-     if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
--        arm_tlb_bti_gp(&result->attrs) = true;
-+        arm_tlb_bti_gp(&result->f.attrs) = true;
-     }
-     if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-         result->cacheattrs.shareability = extract32(attrs, 6, 2);
-     }
--    result->phys = descaddr;
--    result->page_size = page_size;
-+    result->f.phys_addr = descaddr;
-+    result->f.lg_page_size = ctz64(page_size);
-     return false;
- do_fault:
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
-     if (regime_translation_disabled(env, mmu_idx, is_secure)) {
-         /* MPU disabled.  */
--        result->phys = address;
--        result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-+        result->f.phys_addr = address;
-+        result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-         return false;
-     }
--    result->phys = address;
-+    result->f.phys_addr = address;
-     for (n = 7; n >= 0; n--) {
-         base = env->cp15.c6_region[n];
-         if ((base & 1) == 0) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
-             fi->level = 1;
-             return true;
-         }
--        result->prot = PAGE_READ | PAGE_WRITE;
-+        result->f.prot = PAGE_READ | PAGE_WRITE;
-         break;
-     case 2:
--        result->prot = PAGE_READ;
-+        result->f.prot = PAGE_READ;
-         if (!is_user) {
--            result->prot |= PAGE_WRITE;
-+            result->f.prot |= PAGE_WRITE;
-         }
-         break;
-     case 3:
--        result->prot = PAGE_READ | PAGE_WRITE;
-+        result->f.prot = PAGE_READ | PAGE_WRITE;
-         break;
-     case 5:
-         if (is_user) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
-             fi->level = 1;
-             return true;
-         }
--        result->prot = PAGE_READ;
-+        result->f.prot = PAGE_READ;
-         break;
-     case 6:
--        result->prot = PAGE_READ;
-+        result->f.prot = PAGE_READ;
-         break;
-     default:
-         /* Bad permission.  */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
-         fi->level = 1;
-         return true;
-     }
--    result->prot |= PAGE_EXEC;
-+    result->f.prot |= PAGE_EXEC;
-     return false;
- }
- static void get_phys_addr_pmsav7_default(CPUARMState *env, ARMMMUIdx mmu_idx,
--                                         int32_t address, int *prot)
-+                                         int32_t address, uint8_t *prot)
- {
-     if (!arm_feature(env, ARM_FEATURE_M)) {
-         *prot = PAGE_READ | PAGE_WRITE;
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-     int n;
-     bool is_user = regime_is_user(env, mmu_idx);
--    result->phys = address;
--    result->page_size = TARGET_PAGE_SIZE;
--    result->prot = 0;
-+    result->f.phys_addr = address;
-+    result->f.lg_page_size = TARGET_PAGE_BITS;
-+    result->f.prot = 0;
-     if (regime_translation_disabled(env, mmu_idx, secure) ||
-         m_is_ppb_region(env, address)) {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-          * which always does a direct read using address_space_ldl(), rather
-          * than going via this function, so we don't need to check that here.
-          */
--        get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
-+        get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot);
-     } else { /* MPU enabled */
-         for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
-             /* region search */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-                 if (ranges_overlap(base, rmask,
-                                    address & TARGET_PAGE_MASK,
-                                    TARGET_PAGE_SIZE)) {
--                    result->page_size = 1;
-+                    result->f.lg_page_size = 0;
-                 }
-                 continue;
-             }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-                 continue;
-             }
-             if (rsize < TARGET_PAGE_BITS) {
--                result->page_size = 1 << rsize;
-+                result->f.lg_page_size = rsize;
-             }
-             break;
-         }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-                 fi->type = ARMFault_Background;
-                 return true;
-             }
--            get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
-+            get_phys_addr_pmsav7_default(env, mmu_idx, address,
-+                                         &result->f.prot);
-         } else { /* a MPU hit! */
-             uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);
-             uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-                 case 5:
-                     break; /* no access */
-                 case 3:
--                    result->prot |= PAGE_WRITE;
-+                    result->f.prot |= PAGE_WRITE;
-                     /* fall through */
-                 case 2:
-                 case 6:
--                    result->prot |= PAGE_READ | PAGE_EXEC;
-+                    result->f.prot |= PAGE_READ | PAGE_EXEC;
-                     break;
-                 case 7:
-                     /* for v7M, same as 6; for R profile a reserved value */
-                     if (arm_feature(env, ARM_FEATURE_M)) {
--                        result->prot |= PAGE_READ | PAGE_EXEC;
-+                        result->f.prot |= PAGE_READ | PAGE_EXEC;
-                         break;
-                     }
-                     /* fall through */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-                 case 1:
-                 case 2:
-                 case 3:
--                    result->prot |= PAGE_WRITE;
-+                    result->f.prot |= PAGE_WRITE;
-                     /* fall through */
-                 case 5:
-                 case 6:
--                    result->prot |= PAGE_READ | PAGE_EXEC;
-+                    result->f.prot |= PAGE_READ | PAGE_EXEC;
-                     break;
-                 case 7:
-                     /* for v7M, same as 6; for R profile a reserved value */
-                     if (arm_feature(env, ARM_FEATURE_M)) {
--                        result->prot |= PAGE_READ | PAGE_EXEC;
-+                        result->f.prot |= PAGE_READ | PAGE_EXEC;
-                         break;
-                     }
-                     /* fall through */
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
-             /* execute never */
-             if (xn) {
--                result->prot &= ~PAGE_EXEC;
-+                result->f.prot &= ~PAGE_EXEC;
-             }
-         }
-     }
-     fi->type = ARMFault_Permission;
-     fi->level = 1;
--    return !(result->prot & (1 << access_type));
-+    return !(result->f.prot & (1 << access_type));
- }
- bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-     uint32_t addr_page_base = address & TARGET_PAGE_MASK;
-     uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
--    result->page_size = TARGET_PAGE_SIZE;
--    result->phys = address;
--    result->prot = 0;
-+    result->f.lg_page_size = TARGET_PAGE_BITS;
-+    result->f.phys_addr = address;
-+    result->f.prot = 0;
-     if (mregion) {
-         *mregion = -1;
-     }
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-                     ranges_overlap(base, limit - base + 1,
-                                    addr_page_base,
-                                    TARGET_PAGE_SIZE)) {
--                    result->page_size = 1;
-+                    result->f.lg_page_size = 0;
-                 }
-                 continue;
-             }
-             if (base > addr_page_base || limit < addr_page_limit) {
--                result->page_size = 1;
-+                result->f.lg_page_size = 0;
-             }
-             if (matchregion != -1) {
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-     if (matchregion == -1) {
-         /* hit using the background region */
--        get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
-+        get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot);
-     } else {
-         uint32_t ap = extract32(env->pmsav8.rbar[secure][matchregion], 1, 2);
-         uint32_t xn = extract32(env->pmsav8.rbar[secure][matchregion], 0, 1);
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-             xn = 1;
-         }
--        result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
--        if (result->prot && !xn && !(pxn && !is_user)) {
--            result->prot |= PAGE_EXEC;
-+        result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
-+        if (result->f.prot && !xn && !(pxn && !is_user)) {
-+            result->f.prot |= PAGE_EXEC;
-         }
-         /*
-          * We don't need to look the attribute up in the MAIR0/MAIR1
-@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
-     fi->type = ARMFault_Permission;
-     fi->level = 1;
--    return !(result->prot & (1 << access_type));
-+    return !(result->f.prot & (1 << access_type));
- }
- static bool v8m_is_sau_exempt(CPUARMState *env,
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
-                 } else {
-                     fi->type = ARMFault_QEMU_SFault;
-                 }
--                result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
--                result->phys = address;
--                result->prot = 0;
-+                result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS;
-+                result->f.phys_addr = address;
-+                result->f.prot = 0;
-                 return true;
-             }
-         } else {
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
-              * might downgrade a secure access to nonsecure.
-              */
-             if (sattrs.ns) {
--                result->attrs.secure = false;
-+                result->f.attrs.secure = false;
-             } else if (!secure) {
-                 /*
-                  * NS access to S memory must fault.
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
-                  * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
-                  */
-                 fi->type = ARMFault_QEMU_SFault;
--                result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
--                result->phys = address;
--                result->prot = 0;
-+                result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS;
-+                result->f.phys_addr = address;
-+                result->f.prot = 0;
-                 return true;
-             }
-         }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
-     ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure,
-                             result, fi, NULL);
-     if (sattrs.subpage) {
--        result->page_size = 1;
-+        result->f.lg_page_size = 0;
-     }
-     return ret;
- }
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
-         result->cacheattrs.is_s2_format = false;
-     }
--    result->phys = address;
--    result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
--    result->page_size = TARGET_PAGE_SIZE;
-+    result->f.phys_addr = address;
-+    result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-+    result->f.lg_page_size = TARGET_PAGE_BITS;
-     result->cacheattrs.shareability = shareability;
-     result->cacheattrs.attrs = memattr;
-     return 0;
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-                 return ret;
-             }
--            ipa = result->phys;
--            ipa_secure = result->attrs.secure;
-+            ipa = result->f.phys_addr;
-+            ipa_secure = result->f.attrs.secure;
-             if (is_secure) {
-                 /* Select TCR based on the NS bit from the S1 walk. */
-                 s2walk_secure = !(ipa_secure
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-              * Save the stage1 results so that we may merge
-              * prot and cacheattrs later.
-              */
--            s1_prot = result->prot;
-+            s1_prot = result->f.prot;
-             cacheattrs1 = result->cacheattrs;
-             memset(result, 0, sizeof(*result));
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-             fi->s2addr = ipa;
-             /* Combine the S1 and S2 perms.  */
--            result->prot &= s1_prot;
-+            result->f.prot &= s1_prot;
-             /* If S2 fails, return early.  */
-             if (ret) {
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-              * Check if IPA translates to secure or non-secure PA space.
-              * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
-              */
--            result->attrs.secure =
-+            result->f.attrs.secure =
-                 (is_secure
-                  && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
-                  && (ipa_secure
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-      * cannot upgrade an non-secure translation regime's attributes
-      * to secure.
-      */
--    result->attrs.secure = is_secure;
--    result->attrs.user = regime_is_user(env, mmu_idx);
-+    result->f.attrs.secure = is_secure;
-+    result->f.attrs.user = regime_is_user(env, mmu_idx);
-     /*
-      * Fast Context Switch Extension. This doesn't exist at all in v8.
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-     if (arm_feature(env, ARM_FEATURE_PMSA)) {
-         bool ret;
--        result->page_size = TARGET_PAGE_SIZE;
-+        result->f.lg_page_size = TARGET_PAGE_BITS;
-         if (arm_feature(env, ARM_FEATURE_V8)) {
-             /* PMSAv8 */
-@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
-                       (access_type == MMU_DATA_STORE ? "writing" : "execute"),
-                       (uint32_t)address, mmu_idx,
-                       ret ? "Miss" : "Hit",
--                      result->prot & PAGE_READ ? 'r' : '-',
--                      result->prot & PAGE_WRITE ? 'w' : '-',
--                      result->prot & PAGE_EXEC ? 'x' : '-');
-+                      result->f.prot & PAGE_READ ? 'r' : '-',
-+                      result->f.prot & PAGE_WRITE ? 'w' : '-',
-+                      result->f.prot & PAGE_EXEC ? 'x' : '-');
-         return ret;
-     }
-@@ -XXX,XX +XXX,XX @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
-     bool ret;
-     ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi);
--    *attrs = res.attrs;
-+    *attrs = res.f.attrs;
-     if (ret) {
-         return -1;
-     }
--    return res.phys;
-+    return res.f.phys_addr;
- }
-diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/tlb_helper.c
-+++ b/target/arm/tlb_helper.c
-@@ -XXX,XX +XXX,XX @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-          * target page size are handled specially, so for those we
-          * pass in the exact addresses.
-          */
--        if (res.page_size >= TARGET_PAGE_SIZE) {
--            res.phys &= TARGET_PAGE_MASK;
-+        if (res.f.lg_page_size >= TARGET_PAGE_BITS) {
-+            res.f.phys_addr &= TARGET_PAGE_MASK;
-             address &= TARGET_PAGE_MASK;
-         }
-         /* Notice and record tagged memory. */
-         if (cpu_isar_feature(aa64_mte, cpu) && res.cacheattrs.attrs == 0xf0) {
--            arm_tlb_mte_tagged(&res.attrs) = true;
-+            arm_tlb_mte_tagged(&res.f.attrs) = true;
-         }
--        tlb_set_page_with_attrs(cs, address, res.phys, res.attrs,
--                                res.prot, mmu_idx, res.page_size);
-+        tlb_set_page_full(cs, mmu_idx, address, &res.f);
-         return true;
-     } else if (probe) {
-         return false;
---
-.25.1

-[PULL 25/28] hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
+Deleted patch
-From: Jerome Forissier <jerome.forissier@linaro.org>
-According to the Linux kernel booting.rst [1], CPTR_EL3.ESM and
-SCR_EL3.EnTP2 must be initialized to 1 when EL3 is present and FEAT_SME
-is advertised. This has to be taken care of when QEMU boots directly
-into the kernel (i.e., "-M virt,secure=on -cpu max -kernel Image").
-Cc: qemu-stable@nongnu.org
-Fixes: 78cb9776662a ("target/arm: Enable SME for -cpu max")
-Link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm64/booting.rst?h=v6.0#n321
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-Message-id: 20221003145641.1921467-1-jerome.forissier@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/boot.c | 4 ++++
-file changed, 4 insertions(+)
-diff --git a/hw/arm/boot.c b/hw/arm/boot.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/boot.c
-+++ b/hw/arm/boot.c
-@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
-                     if (cpu_isar_feature(aa64_sve, cpu)) {
-                         env->cp15.cptr_el[3] |= R_CPTR_EL3_EZ_MASK;
-                     }
-+                    if (cpu_isar_feature(aa64_sme, cpu)) {
-+                        env->cp15.cptr_el[3] |= R_CPTR_EL3_ESM_MASK;
-+                        env->cp15.scr_el3 |= SCR_ENTP2;
-+                    }
-                     /* AArch64 kernels never boot in secure mode */
-                     assert(!info->secure_boot);
-                     /* This hook is only supported for AArch32 currently:
---
-.25.1

-[PULL 26/28] target/arm: Don't allow guest to use unimplemented granule sizes
+Deleted patch
-Arm CPUs support some subset of the granule (page) sizes 4K, 16K and
-K.  The guest selects the one it wants using bits in the TCR_ELx
-registers.  If it tries to program these registers with a value that
-is either reserved or which requests a size that the CPU does not
-implement, the architecture requires that the CPU behaves as if the
-field was programmed to some size that has been implemented.
-Currently we don't implement this, and instead let the guest use any
-granule size, even if the CPU ID register fields say it isn't
-present.
-Make aa64_va_parameters() check against the supported granule size
-and force use of a different one if it is not implemented.
-(A subsequent commit will make ARMVAParameters use the new enum
-rather than the current pair of using16k/using64k bools.)
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221003162315.2833797-2-peter.maydell@linaro.org
----
- target/arm/cpu.h       |  33 +++++++++++++
- target/arm/internals.h |   9 ++++
- target/arm/helper.c    | 102 +++++++++++++++++++++++++++++++++++++----
-files changed, 136 insertions(+), 8 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_tgran16_2_lpa2(const ARMISARegisters *id)
-     return t >= 3 || (t == 0 && isar_feature_aa64_tgran16_lpa2(id));
- }
-+static inline bool isar_feature_aa64_tgran4(const ARMISARegisters *id)
-+{
-+    return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4) >= 0;
-+}
-+
-+static inline bool isar_feature_aa64_tgran16(const ARMISARegisters *id)
-+{
-+    return FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16) >= 1;
-+}
-+
-+static inline bool isar_feature_aa64_tgran64(const ARMISARegisters *id)
-+{
-+    return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN64) >= 0;
-+}
-+
-+static inline bool isar_feature_aa64_tgran4_2(const ARMISARegisters *id)
-+{
-+    unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4_2);
-+    return t >= 2 || (t == 0 && isar_feature_aa64_tgran4(id));
-+}
-+
-+static inline bool isar_feature_aa64_tgran16_2(const ARMISARegisters *id)
-+{
-+    unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16_2);
-+    return t >= 2 || (t == 0 && isar_feature_aa64_tgran16(id));
-+}
-+
-+static inline bool isar_feature_aa64_tgran64_2(const ARMISARegisters *id)
-+{
-+    unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN64_2);
-+    return t >= 2 || (t == 0 && isar_feature_aa64_tgran64(id));
-+}
-+
- static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id)
- {
-     return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ static inline uint32_t aarch64_pstate_valid_mask(const ARMISARegisters *id)
-     return valid;
- }
-+/* Granule size (i.e. page size) */
-+typedef enum ARMGranuleSize {
-+    /* Same order as TG0 encoding */
-+    Gran4K,
-+    Gran64K,
-+    Gran16K,
-+    GranInvalid,
-+} ARMGranuleSize;
-+
- /*
-  * Parameters of a given virtual address, as extracted from the
-  * translation control register (TCR) for a given regime.
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx)
-     }
- }
-+static ARMGranuleSize tg0_to_gran_size(int tg)
-+{
-+    switch (tg) {
-+    case 0:
-+        return Gran4K;
-+    case 1:
-+        return Gran64K;
-+    case 2:
-+        return Gran16K;
-+    default:
-+        return GranInvalid;
-+    }
-+}
-+
-+static ARMGranuleSize tg1_to_gran_size(int tg)
-+{
-+    switch (tg) {
-+    case 1:
-+        return Gran16K;
-+    case 2:
-+        return Gran4K;
-+    case 3:
-+        return Gran64K;
-+    default:
-+        return GranInvalid;
-+    }
-+}
-+
-+static inline bool have4k(ARMCPU *cpu, bool stage2)
-+{
-+    return stage2 ? cpu_isar_feature(aa64_tgran4_2, cpu)
-+        : cpu_isar_feature(aa64_tgran4, cpu);
-+}
-+
-+static inline bool have16k(ARMCPU *cpu, bool stage2)
-+{
-+    return stage2 ? cpu_isar_feature(aa64_tgran16_2, cpu)
-+        : cpu_isar_feature(aa64_tgran16, cpu);
-+}
-+
-+static inline bool have64k(ARMCPU *cpu, bool stage2)
-+{
-+    return stage2 ? cpu_isar_feature(aa64_tgran64_2, cpu)
-+        : cpu_isar_feature(aa64_tgran64, cpu);
-+}
-+
-+static ARMGranuleSize sanitize_gran_size(ARMCPU *cpu, ARMGranuleSize gran,
-+                                         bool stage2)
-+{
-+    switch (gran) {
-+    case Gran4K:
-+        if (have4k(cpu, stage2)) {
-+            return gran;
-+        }
-+        break;
-+    case Gran16K:
-+        if (have16k(cpu, stage2)) {
-+            return gran;
-+        }
-+        break;
-+    case Gran64K:
-+        if (have64k(cpu, stage2)) {
-+            return gran;
-+        }
-+        break;
-+    case GranInvalid:
-+        break;
-+    }
-+    /*
-+     * If the guest selects a granule size that isn't implemented,
-+     * the architecture requires that we behave as if it selected one
-+     * that is (with an IMPDEF choice of which one to pick). We choose
-+     * to implement the smallest supported granule size.
-+     */
-+    if (have4k(cpu, stage2)) {
-+        return Gran4K;
-+    }
-+    if (have16k(cpu, stage2)) {
-+        return Gran16K;
-+    }
-+    assert(have64k(cpu, stage2));
-+    return Gran64K;
-+}
-+
- ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-                                    ARMMMUIdx mmu_idx, bool data)
- {
-     uint64_t tcr = regime_tcr(env, mmu_idx);
-     bool epd, hpd, using16k, using64k, tsz_oob, ds;
-     int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
-+    ARMGranuleSize gran;
-     ARMCPU *cpu = env_archcpu(env);
-+    bool stage2 = mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S;
-     if (!regime_has_2_ranges(mmu_idx)) {
-         select = 0;
-         tsz = extract32(tcr, 0, 6);
--        using64k = extract32(tcr, 14, 1);
--        using16k = extract32(tcr, 15, 1);
--        if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
-+        gran = tg0_to_gran_size(extract32(tcr, 14, 2));
-+        if (stage2) {
-             /* VTCR_EL2 */
-             hpd = false;
-         } else {
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-         select = extract64(va, 55, 1);
-         if (!select) {
-             tsz = extract32(tcr, 0, 6);
-+            gran = tg0_to_gran_size(extract32(tcr, 14, 2));
-             epd = extract32(tcr, 7, 1);
-             sh = extract32(tcr, 12, 2);
--            using64k = extract32(tcr, 14, 1);
--            using16k = extract32(tcr, 15, 1);
-             hpd = extract64(tcr, 41, 1);
-         } else {
--            int tg = extract32(tcr, 30, 2);
--            using16k = tg == 1;
--            using64k = tg == 3;
-             tsz = extract32(tcr, 16, 6);
-+            gran = tg1_to_gran_size(extract32(tcr, 30, 2));
-             epd = extract32(tcr, 23, 1);
-             sh = extract32(tcr, 28, 2);
-             hpd = extract64(tcr, 42, 1);
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-         ds = extract64(tcr, 59, 1);
-     }
-+    gran = sanitize_gran_size(cpu, gran, stage2);
-+    using64k = gran == Gran64K;
-+    using16k = gran == Gran16K;
-+
-     if (cpu_isar_feature(aa64_st, cpu)) {
-         max_tsz = 48 - using64k;
-     } else {
---
-.25.1

-[PULL 27/28] target/arm: Use ARMGranuleSize in ARMVAParameters
+Deleted patch
-Now we have an enum for the granule size, use it in the
-ARMVAParameters struct instead of the using16k/using64k bools.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221003162315.2833797-3-peter.maydell@linaro.org
----
- target/arm/internals.h | 23 +++++++++++++++++++++--
- target/arm/helper.c    | 39 ++++++++++++++++++++++++++++-----------
- target/arm/ptw.c       |  8 +-------
-files changed, 50 insertions(+), 20 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ typedef enum ARMGranuleSize {
-     GranInvalid,
- } ARMGranuleSize;
-+/**
-+ * arm_granule_bits: Return address size of the granule in bits
-+ *
-+ * Return the address size of the granule in bits. This corresponds
-+ * to the pseudocode TGxGranuleBits().
-+ */
-+static inline int arm_granule_bits(ARMGranuleSize gran)
-+{
-+    switch (gran) {
-+    case Gran64K:
-+        return 16;
-+    case Gran16K:
-+        return 14;
-+    case Gran4K:
-+        return 12;
-+    default:
-+        g_assert_not_reached();
-+    }
-+}
-+
- /*
-  * Parameters of a given virtual address, as extracted from the
-  * translation control register (TCR) for a given regime.
-@@ -XXX,XX +XXX,XX @@ typedef struct ARMVAParameters {
-     bool tbi        : 1;
-     bool epd        : 1;
-     bool hpd        : 1;
--    bool using16k   : 1;
--    bool using64k   : 1;
-     bool tsz_oob    : 1;  /* tsz has been clamped to legal range */
-     bool ds         : 1;
-+    ARMGranuleSize gran : 2;
- } ARMVAParameters;
- ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ typedef struct {
-     uint64_t length;
- } TLBIRange;
-+static ARMGranuleSize tlbi_range_tg_to_gran_size(int tg)
-+{
-+    /*
-+     * Note that the TLBI range TG field encoding differs from both
-+     * TG0 and TG1 encodings.
-+     */
-+    switch (tg) {
-+    case 1:
-+        return Gran4K;
-+    case 2:
-+        return Gran16K;
-+    case 3:
-+        return Gran64K;
-+    default:
-+        return GranInvalid;
-+    }
-+}
-+
- static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
-                                      uint64_t value)
- {
-@@ -XXX,XX +XXX,XX @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
-     uint64_t select = sextract64(value, 36, 1);
-     ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
-     TLBIRange ret = { };
-+    ARMGranuleSize gran;
-     page_size_granule = extract64(value, 46, 2);
-+    gran = tlbi_range_tg_to_gran_size(page_size_granule);
-     /* The granule encoded in value must match the granule in use. */
--    if (page_size_granule != (param.using64k ? 3 : param.using16k ? 2 : 1)) {
-+    if (gran != param.gran) {
-         qemu_log_mask(LOG_GUEST_ERROR, "Invalid tlbi page size granule %d\n",
-                       page_size_granule);
-         return ret;
-     }
--    page_shift = (page_size_granule - 1) * 2 + 12;
-+    page_shift = arm_granule_bits(gran);
-     num = extract64(value, 39, 5);
-     scale = extract64(value, 44, 2);
-     exponent = (5 * scale) + 1;
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-                                    ARMMMUIdx mmu_idx, bool data)
- {
-     uint64_t tcr = regime_tcr(env, mmu_idx);
--    bool epd, hpd, using16k, using64k, tsz_oob, ds;
-+    bool epd, hpd, tsz_oob, ds;
-     int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
-     ARMGranuleSize gran;
-     ARMCPU *cpu = env_archcpu(env);
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-     }
-     gran = sanitize_gran_size(cpu, gran, stage2);
--    using64k = gran == Gran64K;
--    using16k = gran == Gran16K;
-     if (cpu_isar_feature(aa64_st, cpu)) {
--        max_tsz = 48 - using64k;
-+        max_tsz = 48 - (gran == Gran64K);
-     } else {
-         max_tsz = 39;
-     }
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-      * adjust the effective value of DS, as documented.
-      */
-     min_tsz = 16;
--    if (using64k) {
-+    if (gran == Gran64K) {
-         if (cpu_isar_feature(aa64_lva, cpu)) {
-             min_tsz = 12;
-         }
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-         switch (mmu_idx) {
-         case ARMMMUIdx_Stage2:
-         case ARMMMUIdx_Stage2_S:
--            if (using16k) {
-+            if (gran == Gran16K) {
-                 ds = cpu_isar_feature(aa64_tgran16_2_lpa2, cpu);
-             } else {
-                 ds = cpu_isar_feature(aa64_tgran4_2_lpa2, cpu);
-             }
-             break;
-         default:
--            if (using16k) {
-+            if (gran == Gran16K) {
-                 ds = cpu_isar_feature(aa64_tgran16_lpa2, cpu);
-             } else {
-                 ds = cpu_isar_feature(aa64_tgran4_lpa2, cpu);
-@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
-         .tbi = tbi,
-         .epd = epd,
-         .hpd = hpd,
--        .using16k = using16k,
--        .using64k = using64k,
-         .tsz_oob = tsz_oob,
-         .ds = ds,
-+        .gran = gran,
-     };
- }
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
-         }
-     }
--    if (param.using64k) {
--        stride = 13;
--    } else if (param.using16k) {
--        stride = 11;
--    } else {
--        stride = 9;
--    }
-+    stride = arm_granule_bits(param.gran) - 3;
-     /*
-      * Note that QEMU ignores shareability and cacheability attributes,
---
-.25.1

-[PULL 28/28] docs/system/arm/emulation.rst: Report FEAT_GTG support
+Deleted patch
-FEAT_GTG is a change tho the ID register ID_AA64MMFR0_EL1 so that it
-can report a different set of supported granule (page) sizes for
-stage 1 and stage 2 translation tables.  As of commit c20281b2a5048
-we already report the granule sizes that way for '-cpu max', and now
-we also correctly make attempts to use unimplemented granule sizes
-fail, so we can report the support of the feature in the
-documentation.
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221003162315.2833797-4-peter.maydell@linaro.org
----
- docs/system/arm/emulation.rst | 1 +
-file changed, 1 insertion(+)
-diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/emulation.rst
-+++ b/docs/system/arm/emulation.rst
-@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
- - FEAT_FRINTTS (Floating-point to integer instructions)
- - FEAT_FlagM (Flag manipulation instructions v2)
- - FEAT_FlagM2 (Enhancements to flag manipulation instructions)
-+- FEAT_GTG (Guest translation granule size)
- - FEAT_HCX (Support for the HCRX_EL2 register)
- - FEAT_HPDS (Hierarchical permission disables)
- - FEAT_I8MM (AArch64 Int8 matrix multiplication instructions)
---
-.25.1

Hi; this is the latest target-arm queue; most of this is a refactoring
patchset from RTH for the arm page-table-walk emulation.

thanks
-- PMM

The following changes since commit f1d33f55c47dfdaf8daacd618588ad3ae4c452d1:

Merge tag 'pull-testing-gdbstub-plugins-gitdm-061022-3' of https://github.com/stsquad/qemu into staging (2022-10-06 07:11:56 -0400)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221010

for you to fetch changes up to 915f62844cf62e428c7c178149b5ff1cbe129b07:

docs/system/arm/emulation.rst: Report FEAT_GTG support (2022-10-10 14:52:25 +0100)

----------------------------------------------------------------
target-arm queue:
 * Retry KVM_CREATE_VM call if it fails EINTR
 * allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
 * docs/nuvoton: Update URL for images
 * refactoring of page table walk code
 * hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
 * Don't allow guest to use unimplemented granule sizes
 * Report FEAT_GTG support

----------------------------------------------------------------
Jerome Forissier (2):
      target/arm: allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
      hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3

Joel Stanley (1):
      docs/nuvoton: Update URL for images

Peter Maydell (4):
      target/arm/kvm: Retry KVM_CREATE_VM call if it fails EINTR
      target/arm: Don't allow guest to use unimplemented granule sizes
      target/arm: Use ARMGranuleSize in ARMVAParameters
      docs/system/arm/emulation.rst: Report FEAT_GTG support

Richard Henderson (21):
      target/arm: Split s2walk_secure from ipa_secure in get_phys_addr
      target/arm: Make the final stage1+2 write to secure be unconditional
      target/arm: Add is_secure parameter to get_phys_addr_lpae
      target/arm: Fix S2 disabled check in S1_ptw_translate
      target/arm: Add is_secure parameter to regime_translation_disabled
      target/arm: Split out get_phys_addr_with_secure
      target/arm: Add is_secure parameter to v7m_read_half_insn
      target/arm: Add TBFLAG_M32.SECURE
      target/arm: Merge regime_is_secure into get_phys_addr
      target/arm: Add is_secure parameter to do_ats_write
      target/arm: Fold secure and non-secure a-profile mmu indexes
      target/arm: Reorg regime_translation_disabled
      target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
      target/arm: Introduce arm_hcr_el2_eff_secstate
      target/arm: Hoist read of *is_secure in S1_ptw_translate
      target/arm: Remove env argument from combined_attrs_fwb
      target/arm: Pass HCR to attribute subroutines.
      target/arm: Fix ATS12NSO* from S PL1
      target/arm: Split out get_phys_addr_disabled
      target/arm: Fix cacheattr in get_phys_addr_disabled
      target/arm: Use tlb_set_page_full

Occasionally the KVM_CREATE_VM ioctl can return EINTR, even though
there is no pending signal to be taken. In commit 94ccff13382055
we added a retry-on-EINTR loop to the KVM_CREATE_VM call in the
generic KVM code. Adopt the same approach for the use of the
ioctl in the Arm-specific KVM code (where we use it to create a
scratch VM for probing for various things).

For more information, see the mailing list thread:
https://lore.kernel.org/qemu-devel/8735e0s1zw.wl-maz@kernel.org/

Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Message-id: 20220930113824.1933293-1-peter.maydell@linaro.org
---
 target/arm/kvm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try,
     if (max_vm_pa_size < 0) {
         max_vm_pa_size = 0;
     }
-    vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size);
+    do {
+        vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size);
+    } while (vmfd == -1 && errno == EINTR);
     if (vmfd < 0) {
         goto err;
     }
-- 
2.25.1

From: Jerome Forissier <jerome.forissier@linaro.org>

Updates write_scr() to allow setting SCR_EL3.EnTP2 when FEAT_SME is
implemented. SCR_EL3 being a 64-bit register, valid_mask is changed
to uint64_t and the SCR_* constants in target/arm/cpu.h are extended
to 64-bit so that masking and bitwise not (~) behave as expected.

This enables booting Linux with Trusted Firmware-A at EL3 with
"-M virt,secure=on -cpu max".

Cc: qemu-stable@nongnu.org
Fixes: 78cb9776662a ("target/arm: Enable SME for -cpu max")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221004072354.27037-1-jerome.forissier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 54 ++++++++++++++++++++++-----------------------
 target/arm/helper.c |  5 ++++-
 2 files changed, 31 insertions(+), 28 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
 
 #define HPFAR_NS      (1ULL << 63)
 
-#define SCR_NS                (1U << 0)
-#define SCR_IRQ               (1U << 1)
-#define SCR_FIQ               (1U << 2)
-#define SCR_EA                (1U << 3)
-#define SCR_FW                (1U << 4)
-#define SCR_AW                (1U << 5)
-#define SCR_NET               (1U << 6)
-#define SCR_SMD               (1U << 7)
-#define SCR_HCE               (1U << 8)
-#define SCR_SIF               (1U << 9)
-#define SCR_RW                (1U << 10)
-#define SCR_ST                (1U << 11)
-#define SCR_TWI               (1U << 12)
-#define SCR_TWE               (1U << 13)
-#define SCR_TLOR              (1U << 14)
-#define SCR_TERR              (1U << 15)
-#define SCR_APK               (1U << 16)
-#define SCR_API               (1U << 17)
-#define SCR_EEL2              (1U << 18)
-#define SCR_EASE              (1U << 19)
-#define SCR_NMEA              (1U << 20)
-#define SCR_FIEN              (1U << 21)
-#define SCR_ENSCXT            (1U << 25)
-#define SCR_ATA               (1U << 26)
-#define SCR_FGTEN             (1U << 27)
-#define SCR_ECVEN             (1U << 28)
-#define SCR_TWEDEN            (1U << 29)
+#define SCR_NS                (1ULL << 0)
+#define SCR_IRQ               (1ULL << 1)
+#define SCR_FIQ               (1ULL << 2)
+#define SCR_EA                (1ULL << 3)
+#define SCR_FW                (1ULL << 4)
+#define SCR_AW                (1ULL << 5)
+#define SCR_NET               (1ULL << 6)
+#define SCR_SMD               (1ULL << 7)
+#define SCR_HCE               (1ULL << 8)
+#define SCR_SIF               (1ULL << 9)
+#define SCR_RW                (1ULL << 10)
+#define SCR_ST                (1ULL << 11)
+#define SCR_TWI               (1ULL << 12)
+#define SCR_TWE               (1ULL << 13)
+#define SCR_TLOR              (1ULL << 14)
+#define SCR_TERR              (1ULL << 15)
+#define SCR_APK               (1ULL << 16)
+#define SCR_API               (1ULL << 17)
+#define SCR_EEL2              (1ULL << 18)
+#define SCR_EASE              (1ULL << 19)
+#define SCR_NMEA              (1ULL << 20)
+#define SCR_FIEN              (1ULL << 21)
+#define SCR_ENSCXT            (1ULL << 25)
+#define SCR_ATA               (1ULL << 26)
+#define SCR_FGTEN             (1ULL << 27)
+#define SCR_ECVEN             (1ULL << 28)
+#define SCR_TWEDEN            (1ULL << 29)
 #define SCR_TWEDEL            MAKE_64BIT_MASK(30, 4)
 #define SCR_TME               (1ULL << 34)
 #define SCR_AMVOFFEN          (1ULL << 35)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
 {
     /* Begin with base v8.0 state.  */
-    uint32_t valid_mask = 0x3fff;
+    uint64_t valid_mask = 0x3fff;
     ARMCPU *cpu = env_archcpu(env);
 
     /*
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
         if (cpu_isar_feature(aa64_doublefault, cpu)) {
             valid_mask |= SCR_EASE | SCR_NMEA;
         }
+        if (cpu_isar_feature(aa64_sme, cpu)) {
+            valid_mask |= SCR_ENTP2;
+        }
     } else {
         valid_mask &= ~(SCR_RW | SCR_ST);
         if (cpu_isar_feature(aa32_ras, cpu)) {
-- 
2.25.1

From: Joel Stanley <joel@jms.id.au>

openpower.xyz was retired some time ago. The OpenBMC Jenkins is where
images can be found these days.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20221004050042.22681-1-joel@jms.id.au
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/system/arm/nuvoton.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/nuvoton.rst b/docs/system/arm/nuvoton.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/nuvoton.rst
+++ b/docs/system/arm/nuvoton.rst
@@ -XXX,XX +XXX,XX @@ Boot options
 
 The Nuvoton machines can boot from an OpenBMC firmware image, or directly into
 a kernel using the ``-kernel`` option. OpenBMC images for ``quanta-gsj`` and
-possibly others can be downloaded from the OpenPOWER jenkins :
+possibly others can be downloaded from the OpenBMC jenkins :
 
-   https://openpower.xyz/
+   https://jenkins.openbmc.org/
 
 The firmware image should be attached as an MTD drive. Example :
 
-- 
2.25.1