Series comparison

-[PULL 0/5] target-arm queue
+[Qemu-devel] [PULL v2 00/23] target-arm queue
-Hi; here's a collection of Arm bug fixes for rc2.
+v2: dropped patches that add the microbit nRF51 non-volatile memories
 and the test case for them.
 thanks
 -- PMM
-The following changes since commit a082fab9d259473a9d5d53307cf83b1223301181:
-  Merge tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu into staging (2022-11-17 12:39:38 -0500)
+The following changes since commit 3a183e330dbd7dbcac3841737ac874979552cca2:
   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190128' into staging (2019-01-28 16:26:47 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221121
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190129
-for you to fetch changes up to 312b71abce3005ca7294dc0db7d548dc7cc41fbf:
+for you to fetch changes up to 46f5abc0a2566ac3dc954eeb62fd625f0eaca120:
-  target/arm: Limit LPA2 effective output address when TCR.DS == 0 (2022-11-21 11:46:46 +0000)
+  gdbstub: Simplify gdb_get_cpu_pid() to use cpu->cluster_index (2019-01-29 11:46:06 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/sd: Fix sun4i allwinner-sdhost for U-Boot
+ * Fix validation of 32-bit address spaces for aa32 (fixes an assert introduced in ba97be9f4a4)
- * hw/intc: add implementation of GICD_IIDR to Arm GIC
+ * v8m: Ensure IDAU is respected if SAU is disabled
- * tests/avocado/boot_linux.py: Bump aarch64 virt test timeout
+ * gdbstub: fix gdb_get_cpu(s, pid, tid) when pid and/or tid are 0
- * target/arm: Limit LPA2 effective output address when TCR.DS == 0
+ * exec.c: Use correct attrs in cpu_memory_rw_debug()
  * accel/tcg/user-exec: Don't parse aarch64 insns to test for read vs write
  * target/arm: Don't clear supported PMU events when initializing PMCEID1
  * memory: add memory_region_flush_rom_device()
  * microbit: Add stub NRF51 TWI magnetometer/accelerometer detection
  * tests/microbit-test: extend testing of microbit devices
  * checkpatch: Don't emit spurious warnings about block comments
  * aspeed/smc: misc bug fixes
  * xlnx-zynqmp: Don't create rpu-cluster if there are no RPUs
  * xlnx-zynqmp: Realize cluster after putting RPUs in it
  * accel/tcg: Add cluster number to TCG TB hash so differently configured
    CPUs don't pick up cached TBs for the wrong kind of CPU
 ----------------------------------------------------------------
-Alex Bennée (2):
+Aaron Lindsay OS (1):
-      hw/intc: clean-up access to GIC multi-byte registers
+      target/arm: Don't clear supported PMU events when initializing PMCEID1
       hw/intc: add implementation of GICD_IIDR to Arm GIC
-Ard Biesheuvel (1):
+Cédric Le Goater (4):
-      target/arm: Limit LPA2 effective output address when TCR.DS == 0
+      aspeed/smc: fix default read value
       aspeed/smc: define registers for all possible CS
       aspeed/smc: Add dummy data register
       aspeed/smc: snoop SPI transfers to fake dummy cycles
-Peter Maydell (1):
+Julia Suvorova (3):
-      tests/avocado/boot_linux.py: Bump aarch64 virt test timeout to 720s
+      tests/libqtest: Introduce qtest_init_with_serial()
       tests/microbit-test: Make test independent of global_qtest
       tests/microbit-test: Check nRF51 UART functionality
-Strahinja Jankovic (1):
+Luc Michel (1):
-      hw/sd: Fix sun4i allwinner-sdhost for U-Boot
+      gdbstub: fix gdb_get_cpu(s, pid, tid) when pid and/or tid are 0
- include/hw/sd/allwinner-sdhost.h |  1 +
+Peter Maydell (8):
- hw/intc/arm_gic.c                | 28 ++++++++++++-----
+      exec.c: Use correct attrs in cpu_memory_rw_debug()
- hw/sd/allwinner-sdhost.c         | 67 +++++++++++++++++++++++++++-------------
+      accel/tcg/user-exec: Don't parse aarch64 insns to test for read vs write
- target/arm/ptw.c                 |  8 +++++
+      checkpatch: Don't emit spurious warnings about block comments
- tests/avocado/boot_linux.py      |  2 +-
+      xlnx-zynqmp: Don't create rpu-cluster if there are no RPUs
-files changed, 77 insertions(+), 29 deletions(-)
+      hw/arm/xlnx-zynqmp: Realize cluster after putting RPUs in it
       qom/cpu: Add cluster_index to CPUState
       accel/tcg: Add cluster number to TCG TB hash
       gdbstub: Simplify gdb_get_cpu_pid() to use cpu->cluster_index
+Richard Henderson (1):
+      target/arm: Fix validation of 32-bit address spaces for aa32
+Stefan Hajnoczi (3):
+      tests/microbit-test: add TWI stub device test
+      MAINTAINERS: update microbit ARM board files
+      memory: add memory_region_flush_rom_device()
+Steffen Görtz (1):
+      arm: Stub out NRF51 TWI magnetometer/accelerometer detection
+Thomas Roth (1):
+      target/arm: v8m: Ensure IDAU is respected if SAU is disabled
+ hw/i2c/Makefile.objs          |   1 +
+ include/exec/exec-all.h       |   4 +-
+ include/exec/memory.h         |  18 +++
+ include/hw/arm/nrf51.h        |   2 +
+ include/hw/arm/nrf51_soc.h    |   1 +
+ include/hw/cpu/cluster.h      |  24 +++
+ include/hw/i2c/microbit_i2c.h |  42 +++++
+ include/hw/ssi/aspeed_smc.h   |   3 +
+ include/qom/cpu.h             |   7 +
+ target/arm/cpu.h              |  11 +-
+ tests/libqtest.h              |  11 ++
+ accel/tcg/cpu-exec.c          |   3 +
+ accel/tcg/translate-all.c     |   3 +
+ accel/tcg/user-exec.c         |  66 ++++++--
+ exec.c                        |  19 ++-
+ gdbstub.c                     | 120 ++++++---------
+ hw/arm/microbit.c             |  16 ++
+ hw/arm/xlnx-zynqmp.c          |   9 +-
+ hw/cpu/cluster.c              |  46 ++++++
+ hw/i2c/microbit_i2c.c         | 127 +++++++++++++++
+ hw/ssi/aspeed_smc.c           | 128 ++++++++++++++-
+ qom/cpu.c                     |   1 +
+ target/arm/cpu.c              |   3 +-
+ target/arm/helper.c           |  67 ++++----
+ tests/libqtest.c              |  25 +++
+ tests/microbit-test.c         | 350 +++++++++++++++++++++++++++++-------------
+ MAINTAINERS                   |   8 +-
+ scripts/checkpatch.pl         |   2 +-
+files changed, 874 insertions(+), 243 deletions(-)
+ create mode 100644 include/hw/i2c/microbit_i2c.h
+ create mode 100644 hw/i2c/microbit_i2c.c

-[PULL 1/5] hw/sd: Fix sun4i allwinner-sdhost for U-Boot
+Deleted patch
-From: Strahinja Jankovic <strahinjapjankovic@gmail.com>
-Trying to run U-Boot for Cubieboard (Allwinner A10) fails because it cannot
-access SD card. The problem is that FIFO register in current
-allwinner-sdhost implementation is at the address corresponding to
-Allwinner H3, but not A10.
-Linux kernel is not affected since Linux driver uses DMA access and does
-not use FIFO register for reading/writing.
-This patch adds new class parameter `is_sun4i` and based on that
-parameter uses register at offset 0x100 either as FIFO register (if
-sun4i) or as threshold register (if not sun4i; in this case register at
-x200 is FIFO register).
-Tested with U-Boot and Linux kernel image built for Cubieboard and
-OrangePi PC.
-Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20221112214900.24152-1-strahinja.p.jankovic@gmail.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/sd/allwinner-sdhost.h |  1 +
- hw/sd/allwinner-sdhost.c         | 67 ++++++++++++++++++++++----------
-files changed, 47 insertions(+), 21 deletions(-)
-diff --git a/include/hw/sd/allwinner-sdhost.h b/include/hw/sd/allwinner-sdhost.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/sd/allwinner-sdhost.h
-+++ b/include/hw/sd/allwinner-sdhost.h
-@@ -XXX,XX +XXX,XX @@ struct AwSdHostClass {
-     /** Maximum buffer size in bytes per DMA descriptor */
-     size_t max_desc_size;
-+    bool   is_sun4i;
- };
-diff --git a/hw/sd/allwinner-sdhost.c b/hw/sd/allwinner-sdhost.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/sd/allwinner-sdhost.c
-+++ b/hw/sd/allwinner-sdhost.c
-@@ -XXX,XX +XXX,XX @@ enum {
-     REG_SD_DLBA       = 0x84,  /* Descriptor List Base Address */
-     REG_SD_IDST       = 0x88,  /* Internal DMA Controller Status */
-     REG_SD_IDIE       = 0x8C,  /* Internal DMA Controller IRQ Enable */
--    REG_SD_THLDC      = 0x100, /* Card Threshold Control */
-+    REG_SD_THLDC      = 0x100, /* Card Threshold Control / FIFO (sun4i only)*/
-     REG_SD_DSBD       = 0x10C, /* eMMC DDR Start Bit Detection Control */
-     REG_SD_RES_CRC    = 0x110, /* Response CRC from card/eMMC */
-     REG_SD_DATA7_CRC  = 0x114, /* CRC Data 7 from card/eMMC */
-@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_dma(AwSdHostState *s)
-     }
- }
-+static uint32_t allwinner_sdhost_fifo_read(AwSdHostState *s)
-+{
-+    uint32_t res = 0;
-+
-+    if (sdbus_data_ready(&s->sdbus)) {
-+        sdbus_read_data(&s->sdbus, &res, sizeof(uint32_t));
-+        le32_to_cpus(&res);
-+        allwinner_sdhost_update_transfer_cnt(s, sizeof(uint32_t));
-+        allwinner_sdhost_auto_stop(s);
-+        allwinner_sdhost_update_irq(s);
-+    } else {
-+        qemu_log_mask(LOG_GUEST_ERROR, "%s: no data ready on SD bus\n",
-+                      __func__);
-+    }
-+
-+    return res;
-+}
-+
- static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
-                                       unsigned size)
- {
-     AwSdHostState *s = AW_SDHOST(opaque);
-+    AwSdHostClass *sc = AW_SDHOST_GET_CLASS(s);
-     uint32_t res = 0;
-     switch (offset) {
-@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
-     case REG_SD_IDIE:      /* Internal DMA Controller Interrupt Enable */
-         res = s->dmac_irq;
-         break;
--    case REG_SD_THLDC:     /* Card Threshold Control */
--        res = s->card_threshold;
-+    case REG_SD_THLDC:     /* Card Threshold Control or FIFO register (sun4i) */
-+        if (sc->is_sun4i) {
-+            res = allwinner_sdhost_fifo_read(s);
-+        } else {
-+            res = s->card_threshold;
-+        }
-         break;
-     case REG_SD_DSBD:      /* eMMC DDR Start Bit Detection Control */
-         res = s->startbit_detect;
-@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
-         res = s->status_crc;
-         break;
-     case REG_SD_FIFO:      /* Read/Write FIFO */
--        if (sdbus_data_ready(&s->sdbus)) {
--            sdbus_read_data(&s->sdbus, &res, sizeof(uint32_t));
--            le32_to_cpus(&res);
--            allwinner_sdhost_update_transfer_cnt(s, sizeof(uint32_t));
--            allwinner_sdhost_auto_stop(s);
--            allwinner_sdhost_update_irq(s);
--        } else {
--            qemu_log_mask(LOG_GUEST_ERROR, "%s: no data ready on SD bus\n",
--                          __func__);
--        }
-+        res = allwinner_sdhost_fifo_read(s);
-         break;
-     default:
-         qemu_log_mask(LOG_GUEST_ERROR, "%s: out-of-bounds offset %"
-@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
-     return res;
- }
-+static void allwinner_sdhost_fifo_write(AwSdHostState *s, uint64_t value)
-+{
-+    uint32_t u32 = cpu_to_le32(value);
-+    sdbus_write_data(&s->sdbus, &u32, sizeof(u32));
-+    allwinner_sdhost_update_transfer_cnt(s, sizeof(u32));
-+    allwinner_sdhost_auto_stop(s);
-+    allwinner_sdhost_update_irq(s);
-+}
-+
- static void allwinner_sdhost_write(void *opaque, hwaddr offset,
-                                    uint64_t value, unsigned size)
- {
-     AwSdHostState *s = AW_SDHOST(opaque);
--    uint32_t u32;
-+    AwSdHostClass *sc = AW_SDHOST_GET_CLASS(s);
-     trace_allwinner_sdhost_write(offset, value, size);
-@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_write(void *opaque, hwaddr offset,
-         s->dmac_irq = value;
-         allwinner_sdhost_update_irq(s);
-         break;
--    case REG_SD_THLDC:     /* Card Threshold Control */
--        s->card_threshold = value;
-+    case REG_SD_THLDC:     /* Card Threshold Control or FIFO (sun4i) */
-+        if (sc->is_sun4i) {
-+            allwinner_sdhost_fifo_write(s, value);
-+        } else {
-+            s->card_threshold = value;
-+        }
-         break;
-     case REG_SD_DSBD:      /* eMMC DDR Start Bit Detection Control */
-         s->startbit_detect = value;
-         break;
-     case REG_SD_FIFO:      /* Read/Write FIFO */
--        u32 = cpu_to_le32(value);
--        sdbus_write_data(&s->sdbus, &u32, sizeof(u32));
--        allwinner_sdhost_update_transfer_cnt(s, sizeof(u32));
--        allwinner_sdhost_auto_stop(s);
--        allwinner_sdhost_update_irq(s);
-+        allwinner_sdhost_fifo_write(s, value);
-         break;
-     case REG_SD_RES_CRC:   /* Response CRC from card/eMMC */
-     case REG_SD_DATA7_CRC: /* CRC Data 7 from card/eMMC */
-@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_sun4i_class_init(ObjectClass *klass, void *data)
- {
-     AwSdHostClass *sc = AW_SDHOST_CLASS(klass);
-     sc->max_desc_size = 8 * KiB;
-+    sc->is_sun4i = true;
- }
- static void allwinner_sdhost_sun5i_class_init(ObjectClass *klass, void *data)
- {
-     AwSdHostClass *sc = AW_SDHOST_CLASS(klass);
-     sc->max_desc_size = 64 * KiB;
-+    sc->is_sun4i = false;
- }
- static const TypeInfo allwinner_sdhost_info = {
---
-.25.1

-[PULL 2/5] hw/intc: clean-up access to GIC multi-byte registers
+Deleted patch
-From: Alex Bennée <alex.bennee@linaro.org>
-gic_dist_readb was returning a word value which just happened to work
-as a result of the way we OR the data together. Lets fix it so only
-the explicit byte is returned for each part of GICD_TYPER. I've
-changed the return type to uint8_t although the overflow is only
-detected with an explicit -Wconversion.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/intc/arm_gic.c | 16 ++++++++++------
-file changed, 10 insertions(+), 6 deletions(-)
-diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gic.c
-+++ b/hw/intc/arm_gic.c
-@@ -XXX,XX +XXX,XX @@ static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
-     gic_update(s);
- }
--static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
-+static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
- {
-     GICState *s = (GICState *)opaque;
-     uint32_t res;
-@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
-     cm = 1 << cpu;
-     if (offset < 0x100) {
-         if (offset == 0) {      /* GICD_CTLR */
-+            /* We rely here on the only non-zero bits being in byte 0 */
-             if (s->security_extn && !attrs.secure) {
-                 /* The NS bank of this register is just an alias of the
-                  * EnableGrp1 bit in the S bank version.
-@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
-                 return s->ctlr;
-             }
-         }
--        if (offset == 4)
--            /* Interrupt Controller Type Register */
--            return ((s->num_irq / 32) - 1)
--                    | ((s->num_cpu - 1) << 5)
--                    | (s->security_extn << 10);
-+        if (offset == 4) {
-+            /* GICD_TYPER byte 0 */
-+            return ((s->num_irq / 32) - 1) | ((s->num_cpu - 1) << 5);
-+        }
-+        if (offset == 5) {
-+            /* GICD_TYPER byte 1 */
-+            return (s->security_extn << 2);
-+        }
-         if (offset < 0x08)
-             return 0;
-         if (offset >= 0x80) {
---
-.25.1

-[PULL 3/5] hw/intc: add implementation of GICD_IIDR to Arm GIC
+Deleted patch
-From: Alex Bennée <alex.bennee@linaro.org>
-a66a24585f (hw/intc/arm_gic: Implement read of GICC_IIDR) implemented
-this for the CPU interface register. The fact we don't implement it
-shows up when running Xen with -d guest_error which is definitely
-wrong because the guest is perfectly entitled to read it.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/intc/arm_gic.c | 12 +++++++++++-
-file changed, 11 insertions(+), 1 deletion(-)
-diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gic.c
-+++ b/hw/intc/arm_gic.c
-@@ -XXX,XX +XXX,XX @@ static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
-             /* GICD_TYPER byte 1 */
-             return (s->security_extn << 2);
-         }
--        if (offset < 0x08)
-+        if (offset == 8) {
-+            /* GICD_IIDR byte 0 */
-+            return 0x3b; /* Arm JEP106 identity */
-+        }
-+        if (offset == 9) {
-+            /* GICD_IIDR byte 1 */
-+            return 0x04; /* Arm JEP106 identity */
-+        }
-+        if (offset < 0x0c) {
-+            /* All other bytes in this range are RAZ */
-             return 0;
-+        }
-         if (offset >= 0x80) {
-             /* Interrupt Group Registers: these RAZ/WI if this is an NS
-              * access to a GIC with the security extensions, or if the GIC
---
-.25.1

-[PULL 4/5] tests/avocado/boot_linux.py: Bump aarch64 virt test timeout to 720s
+Deleted patch
-The two tests
-tests/avocado/boot_linux.py:BootLinuxAarch64.test_virt_tcg_gicv2
-tests/avocado/boot_linux.py:BootLinuxAarch64.test_virt_tcg_gicv3
-take quite a long time to run, and the current timeout of 240s
-is not enough for the tests to complete on slow machines:
-we've seen these tests time out in the gitlab CI in the
-'avocado-system-alpine' CI job, for instance. The timeout
-is also insufficient for running the test with a debug build
-of QEMU: on my machine the tests take over 10 minutes to run
-in that config.
-Push the timeout up to 720s so that the test definitely has
-enough time to complete.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
----
- tests/avocado/boot_linux.py | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tests/avocado/boot_linux.py b/tests/avocado/boot_linux.py
-index XXXXXXX..XXXXXXX 100644
---- a/tests/avocado/boot_linux.py
-+++ b/tests/avocado/boot_linux.py
-@@ -XXX,XX +XXX,XX @@ class BootLinuxAarch64(LinuxTest):
-     :avocado: tags=machine:virt
-     :avocado: tags=machine:gic-version=2
-     """
--    timeout = 240
-+    timeout = 720
-     def add_common_args(self):
-         self.vm.add_args('-bios',
---
-.25.1

-[PULL 5/5] target/arm: Limit LPA2 effective output address when TCR.DS == 0
+Deleted patch
-From: Ard Biesheuvel <ardb@kernel.org>
-With LPA2, the effective output address size is at most 48 bits when
-TCR.DS == 0. This case is currently unhandled in the page table walker,
-where we happily assume LVA/64k granule when outputsize > 48 and
-param.ds == 0, resulting in the wrong conversion to be used from a
-page table descriptor to a physical address.
-    if (outputsize > 48) {
-        if (param.ds) {
-            descaddr |= extract64(descriptor, 8, 2) << 50;
-        } else {
-            descaddr |= extract64(descriptor, 12, 4) << 48;
-        }
-So cap the outputsize to 48 when TCR.DS is cleared, as per the
-architecture.
-Cc: Peter Maydell <peter.maydell@linaro.org>
-Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Cc: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221116170316.259695-1-ardb@kernel.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 8 ++++++++
-file changed, 8 insertions(+)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
-         ps = MIN(ps, param.ps);
-         assert(ps < ARRAY_SIZE(pamax_map));
-         outputsize = pamax_map[ps];
-+
-+        /*
-+         * With LPA2, the effective output address (OA) size is at most 48 bits
-+         * unless TCR.DS == 1
-+         */
-+        if (!param.ds && param.gran != Gran64K) {
-+            outputsize = MIN(outputsize, 48);
-+        }
-     } else {
-         param = aa32_va_parameters(env, address, mmu_idx);
-         level = 1;
---
-.25.1

Hi; here's a collection of Arm bug fixes for rc2.

thanks
-- PMM

The following changes since commit a082fab9d259473a9d5d53307cf83b1223301181:

Merge tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu into staging (2022-11-17 12:39:38 -0500)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221121

for you to fetch changes up to 312b71abce3005ca7294dc0db7d548dc7cc41fbf:

target/arm: Limit LPA2 effective output address when TCR.DS == 0 (2022-11-21 11:46:46 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/sd: Fix sun4i allwinner-sdhost for U-Boot
 * hw/intc: add implementation of GICD_IIDR to Arm GIC
 * tests/avocado/boot_linux.py: Bump aarch64 virt test timeout
 * target/arm: Limit LPA2 effective output address when TCR.DS == 0

----------------------------------------------------------------
Alex Bennée (2):
      hw/intc: clean-up access to GIC multi-byte registers
      hw/intc: add implementation of GICD_IIDR to Arm GIC

Ard Biesheuvel (1):
      target/arm: Limit LPA2 effective output address when TCR.DS == 0

Peter Maydell (1):
      tests/avocado/boot_linux.py: Bump aarch64 virt test timeout to 720s

Strahinja Jankovic (1):
      hw/sd: Fix sun4i allwinner-sdhost for U-Boot

include/hw/sd/allwinner-sdhost.h |  1 +
 hw/intc/arm_gic.c                | 28 ++++++++++++-----
 hw/sd/allwinner-sdhost.c         | 67 +++++++++++++++++++++++++++-------------
 target/arm/ptw.c                 |  8 +++++
 tests/avocado/boot_linux.py      |  2 +-
 5 files changed, 77 insertions(+), 29 deletions(-)

From: Strahinja Jankovic <strahinjapjankovic@gmail.com>

Trying to run U-Boot for Cubieboard (Allwinner A10) fails because it cannot
access SD card. The problem is that FIFO register in current
allwinner-sdhost implementation is at the address corresponding to
Allwinner H3, but not A10.
Linux kernel is not affected since Linux driver uses DMA access and does
not use FIFO register for reading/writing.

This patch adds new class parameter `is_sun4i` and based on that
parameter uses register at offset 0x100 either as FIFO register (if
sun4i) or as threshold register (if not sun4i; in this case register at
0x200 is FIFO register).

Tested with U-Boot and Linux kernel image built for Cubieboard and
OrangePi PC.

Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20221112214900.24152-1-strahinja.p.jankovic@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/sd/allwinner-sdhost.h |  1 +
 hw/sd/allwinner-sdhost.c         | 67 ++++++++++++++++++++++----------
 2 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/include/hw/sd/allwinner-sdhost.h b/include/hw/sd/allwinner-sdhost.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/sd/allwinner-sdhost.h
+++ b/include/hw/sd/allwinner-sdhost.h
@@ -XXX,XX +XXX,XX @@ struct AwSdHostClass {
 
     /** Maximum buffer size in bytes per DMA descriptor */
     size_t max_desc_size;
+    bool   is_sun4i;
 
 };
 
diff --git a/hw/sd/allwinner-sdhost.c b/hw/sd/allwinner-sdhost.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/sd/allwinner-sdhost.c
+++ b/hw/sd/allwinner-sdhost.c
@@ -XXX,XX +XXX,XX @@ enum {
     REG_SD_DLBA       = 0x84,  /* Descriptor List Base Address */
     REG_SD_IDST       = 0x88,  /* Internal DMA Controller Status */
     REG_SD_IDIE       = 0x8C,  /* Internal DMA Controller IRQ Enable */
-    REG_SD_THLDC      = 0x100, /* Card Threshold Control */
+    REG_SD_THLDC      = 0x100, /* Card Threshold Control / FIFO (sun4i only)*/
     REG_SD_DSBD       = 0x10C, /* eMMC DDR Start Bit Detection Control */
     REG_SD_RES_CRC    = 0x110, /* Response CRC from card/eMMC */
     REG_SD_DATA7_CRC  = 0x114, /* CRC Data 7 from card/eMMC */
@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_dma(AwSdHostState *s)
     }
 }
 
+static uint32_t allwinner_sdhost_fifo_read(AwSdHostState *s)
+{
+    uint32_t res = 0;
+
+    if (sdbus_data_ready(&s->sdbus)) {
+        sdbus_read_data(&s->sdbus, &res, sizeof(uint32_t));
+        le32_to_cpus(&res);
+        allwinner_sdhost_update_transfer_cnt(s, sizeof(uint32_t));
+        allwinner_sdhost_auto_stop(s);
+        allwinner_sdhost_update_irq(s);
+    } else {
+        qemu_log_mask(LOG_GUEST_ERROR, "%s: no data ready on SD bus\n",
+                      __func__);
+    }
+
+    return res;
+}
+
 static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
                                       unsigned size)
 {
     AwSdHostState *s = AW_SDHOST(opaque);
+    AwSdHostClass *sc = AW_SDHOST_GET_CLASS(s);
     uint32_t res = 0;
 
     switch (offset) {
@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
     case REG_SD_IDIE:      /* Internal DMA Controller Interrupt Enable */
         res = s->dmac_irq;
         break;
-    case REG_SD_THLDC:     /* Card Threshold Control */
-        res = s->card_threshold;
+    case REG_SD_THLDC:     /* Card Threshold Control or FIFO register (sun4i) */
+        if (sc->is_sun4i) {
+            res = allwinner_sdhost_fifo_read(s);
+        } else {
+            res = s->card_threshold;
+        }
         break;
     case REG_SD_DSBD:      /* eMMC DDR Start Bit Detection Control */
         res = s->startbit_detect;
@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
         res = s->status_crc;
         break;
     case REG_SD_FIFO:      /* Read/Write FIFO */
-        if (sdbus_data_ready(&s->sdbus)) {
-            sdbus_read_data(&s->sdbus, &res, sizeof(uint32_t));
-            le32_to_cpus(&res);
-            allwinner_sdhost_update_transfer_cnt(s, sizeof(uint32_t));
-            allwinner_sdhost_auto_stop(s);
-            allwinner_sdhost_update_irq(s);
-        } else {
-            qemu_log_mask(LOG_GUEST_ERROR, "%s: no data ready on SD bus\n",
-                          __func__);
-        }
+        res = allwinner_sdhost_fifo_read(s);
         break;
     default:
         qemu_log_mask(LOG_GUEST_ERROR, "%s: out-of-bounds offset %"
@@ -XXX,XX +XXX,XX @@ static uint64_t allwinner_sdhost_read(void *opaque, hwaddr offset,
     return res;
 }
 
+static void allwinner_sdhost_fifo_write(AwSdHostState *s, uint64_t value)
+{
+    uint32_t u32 = cpu_to_le32(value);
+    sdbus_write_data(&s->sdbus, &u32, sizeof(u32));
+    allwinner_sdhost_update_transfer_cnt(s, sizeof(u32));
+    allwinner_sdhost_auto_stop(s);
+    allwinner_sdhost_update_irq(s);
+}
+
 static void allwinner_sdhost_write(void *opaque, hwaddr offset,
                                    uint64_t value, unsigned size)
 {
     AwSdHostState *s = AW_SDHOST(opaque);
-    uint32_t u32;
+    AwSdHostClass *sc = AW_SDHOST_GET_CLASS(s);
 
     trace_allwinner_sdhost_write(offset, value, size);
 
@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_write(void *opaque, hwaddr offset,
         s->dmac_irq = value;
         allwinner_sdhost_update_irq(s);
         break;
-    case REG_SD_THLDC:     /* Card Threshold Control */
-        s->card_threshold = value;
+    case REG_SD_THLDC:     /* Card Threshold Control or FIFO (sun4i) */
+        if (sc->is_sun4i) {
+            allwinner_sdhost_fifo_write(s, value);
+        } else {
+            s->card_threshold = value;
+        }
         break;
     case REG_SD_DSBD:      /* eMMC DDR Start Bit Detection Control */
         s->startbit_detect = value;
         break;
     case REG_SD_FIFO:      /* Read/Write FIFO */
-        u32 = cpu_to_le32(value);
-        sdbus_write_data(&s->sdbus, &u32, sizeof(u32));
-        allwinner_sdhost_update_transfer_cnt(s, sizeof(u32));
-        allwinner_sdhost_auto_stop(s);
-        allwinner_sdhost_update_irq(s);
+        allwinner_sdhost_fifo_write(s, value);
         break;
     case REG_SD_RES_CRC:   /* Response CRC from card/eMMC */
     case REG_SD_DATA7_CRC: /* CRC Data 7 from card/eMMC */
@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_sun4i_class_init(ObjectClass *klass, void *data)
 {
     AwSdHostClass *sc = AW_SDHOST_CLASS(klass);
     sc->max_desc_size = 8 * KiB;
+    sc->is_sun4i = true;
 }
 
 static void allwinner_sdhost_sun5i_class_init(ObjectClass *klass, void *data)
 {
     AwSdHostClass *sc = AW_SDHOST_CLASS(klass);
     sc->max_desc_size = 64 * KiB;
+    sc->is_sun4i = false;
 }
 
 static const TypeInfo allwinner_sdhost_info = {
-- 
2.25.1

From: Alex Bennée <alex.bennee@linaro.org>

gic_dist_readb was returning a word value which just happened to work
as a result of the way we OR the data together. Lets fix it so only
the explicit byte is returned for each part of GICD_TYPER. I've
changed the return type to uint8_t although the overflow is only
detected with an explicit -Wconversion.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gic.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -XXX,XX +XXX,XX @@ static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
     gic_update(s);
 }
 
-static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
+static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
 {
     GICState *s = (GICState *)opaque;
     uint32_t res;
@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
     cm = 1 << cpu;
     if (offset < 0x100) {
         if (offset == 0) {      /* GICD_CTLR */
+            /* We rely here on the only non-zero bits being in byte 0 */
             if (s->security_extn && !attrs.secure) {
                 /* The NS bank of this register is just an alias of the
                  * EnableGrp1 bit in the S bank version.
@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
                 return s->ctlr;
             }
         }
-        if (offset == 4)
-            /* Interrupt Controller Type Register */
-            return ((s->num_irq / 32) - 1)
-                    | ((s->num_cpu - 1) << 5)
-                    | (s->security_extn << 10);
+        if (offset == 4) {
+            /* GICD_TYPER byte 0 */
+            return ((s->num_irq / 32) - 1) | ((s->num_cpu - 1) << 5);
+        }
+        if (offset == 5) {
+            /* GICD_TYPER byte 1 */
+            return (s->security_extn << 2);
+        }
         if (offset < 0x08)
             return 0;
         if (offset >= 0x80) {
-- 
2.25.1

From: Alex Bennée <alex.bennee@linaro.org>

a66a24585f (hw/intc/arm_gic: Implement read of GICC_IIDR) implemented
this for the CPU interface register. The fact we don't implement it
shows up when running Xen with -d guest_error which is definitely
wrong because the guest is perfectly entitled to read it.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gic.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -XXX,XX +XXX,XX @@ static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
             /* GICD_TYPER byte 1 */
             return (s->security_extn << 2);
         }
-        if (offset < 0x08)
+        if (offset == 8) {
+            /* GICD_IIDR byte 0 */
+            return 0x3b; /* Arm JEP106 identity */
+        }
+        if (offset == 9) {
+            /* GICD_IIDR byte 1 */
+            return 0x04; /* Arm JEP106 identity */
+        }
+        if (offset < 0x0c) {
+            /* All other bytes in this range are RAZ */
             return 0;
+        }
         if (offset >= 0x80) {
             /* Interrupt Group Registers: these RAZ/WI if this is an NS
              * access to a GIC with the security extensions, or if the GIC
-- 
2.25.1

The two tests
tests/avocado/boot_linux.py:BootLinuxAarch64.test_virt_tcg_gicv2
tests/avocado/boot_linux.py:BootLinuxAarch64.test_virt_tcg_gicv3

take quite a long time to run, and the current timeout of 240s
is not enough for the tests to complete on slow machines:
we've seen these tests time out in the gitlab CI in the
'avocado-system-alpine' CI job, for instance. The timeout
is also insufficient for running the test with a debug build
of QEMU: on my machine the tests take over 10 minutes to run
in that config.

Push the timeout up to 720s so that the test definitely has
enough time to complete.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 tests/avocado/boot_linux.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/avocado/boot_linux.py b/tests/avocado/boot_linux.py
index XXXXXXX..XXXXXXX 100644
--- a/tests/avocado/boot_linux.py
+++ b/tests/avocado/boot_linux.py
@@ -XXX,XX +XXX,XX @@ class BootLinuxAarch64(LinuxTest):
     :avocado: tags=machine:virt
     :avocado: tags=machine:gic-version=2
     """
-    timeout = 240
+    timeout = 720
 
     def add_common_args(self):
         self.vm.add_args('-bios',
-- 
2.25.1

From: Ard Biesheuvel <ardb@kernel.org>

With LPA2, the effective output address size is at most 48 bits when
TCR.DS == 0. This case is currently unhandled in the page table walker,
where we happily assume LVA/64k granule when outputsize > 48 and
param.ds == 0, resulting in the wrong conversion to be used from a
page table descriptor to a physical address.

if (outputsize > 48) {
        if (param.ds) {
            descaddr |= extract64(descriptor, 8, 2) << 50;
        } else {
            descaddr |= extract64(descriptor, 12, 4) << 48;
        }

So cap the outputsize to 48 when TCR.DS is cleared, as per the
architecture.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221116170316.259695-1-ardb@kernel.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         ps = MIN(ps, param.ps);
         assert(ps < ARRAY_SIZE(pamax_map));
         outputsize = pamax_map[ps];
+
+        /*
+         * With LPA2, the effective output address (OA) size is at most 48 bits
+         * unless TCR.DS == 1
+         */
+        if (!param.ds && param.gran != Gran64K) {
+            outputsize = MIN(outputsize, 48);
+        }
     } else {
         param = aa32_va_parameters(env, address, mmu_idx);
         level = 1;
-- 
2.25.1

v2: dropped patches that add the microbit nRF51 non-volatile memories
and the test case for them.

thanks
-- PMM

The following changes since commit 3a183e330dbd7dbcac3841737ac874979552cca2:

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190128' into staging (2019-01-28 16:26:47 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190129

for you to fetch changes up to 46f5abc0a2566ac3dc954eeb62fd625f0eaca120:

gdbstub: Simplify gdb_get_cpu_pid() to use cpu->cluster_index (2019-01-29 11:46:06 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix validation of 32-bit address spaces for aa32 (fixes an assert introduced in ba97be9f4a4)
 * v8m: Ensure IDAU is respected if SAU is disabled
 * gdbstub: fix gdb_get_cpu(s, pid, tid) when pid and/or tid are 0
 * exec.c: Use correct attrs in cpu_memory_rw_debug()
 * accel/tcg/user-exec: Don't parse aarch64 insns to test for read vs write
 * target/arm: Don't clear supported PMU events when initializing PMCEID1
 * memory: add memory_region_flush_rom_device()
 * microbit: Add stub NRF51 TWI magnetometer/accelerometer detection
 * tests/microbit-test: extend testing of microbit devices
 * checkpatch: Don't emit spurious warnings about block comments
 * aspeed/smc: misc bug fixes
 * xlnx-zynqmp: Don't create rpu-cluster if there are no RPUs
 * xlnx-zynqmp: Realize cluster after putting RPUs in it
 * accel/tcg: Add cluster number to TCG TB hash so differently configured
   CPUs don't pick up cached TBs for the wrong kind of CPU

----------------------------------------------------------------
Aaron Lindsay OS (1):
      target/arm: Don't clear supported PMU events when initializing PMCEID1

Cédric Le Goater (4):
      aspeed/smc: fix default read value
      aspeed/smc: define registers for all possible CS
      aspeed/smc: Add dummy data register
      aspeed/smc: snoop SPI transfers to fake dummy cycles

Julia Suvorova (3):
      tests/libqtest: Introduce qtest_init_with_serial()
      tests/microbit-test: Make test independent of global_qtest
      tests/microbit-test: Check nRF51 UART functionality

Luc Michel (1):
      gdbstub: fix gdb_get_cpu(s, pid, tid) when pid and/or tid are 0

Peter Maydell (8):
      exec.c: Use correct attrs in cpu_memory_rw_debug()
      accel/tcg/user-exec: Don't parse aarch64 insns to test for read vs write
      checkpatch: Don't emit spurious warnings about block comments
      xlnx-zynqmp: Don't create rpu-cluster if there are no RPUs
      hw/arm/xlnx-zynqmp: Realize cluster after putting RPUs in it
      qom/cpu: Add cluster_index to CPUState
      accel/tcg: Add cluster number to TCG TB hash
      gdbstub: Simplify gdb_get_cpu_pid() to use cpu->cluster_index

Richard Henderson (1):
      target/arm: Fix validation of 32-bit address spaces for aa32

Stefan Hajnoczi (3):
      tests/microbit-test: add TWI stub device test
      MAINTAINERS: update microbit ARM board files
      memory: add memory_region_flush_rom_device()

Steffen Görtz (1):
      arm: Stub out NRF51 TWI magnetometer/accelerometer detection

Thomas Roth (1):
      target/arm: v8m: Ensure IDAU is respected if SAU is disabled