Series comparison

-[PULL 00/29] target-arm queue
+[PULL 0/7] target-arm queue
-First arm pullreq of the 8.0 series...
+A last small test of bug fixes before rc1.
-The following changes since commit ae2b87341b5ddb0dcb1b3f2d4f586ef18de75873:
+thanks
 -- PMM
-  Merge tag 'pull-qapi-2022-12-14-v2' of https://repo.or.cz/qemu/armbru into staging (2022-12-14 22:42:14 +0000)
+The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:
   Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221215
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717
-for you to fetch changes up to 4f3ebdc33618e7c163f769047859d6f34373e3af:
+for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4:
-  target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator (2022-12-15 11:18:20 +0000)
+  hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * hw/arm/virt: Add properties to allow more granular
+ * hw/arm/sbsa-ref: set 'slots' property of xhci
-   configuration of use of highmem space
+ * linux-user: Remove pointless NULL check in clock_adjtime handling
- * target/arm: Add Cortex-A55 CPU
+ * ptw: Fix S1_ptw_translate() debug path
- * hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement
+ * ptw: Account for FEAT_RME when applying {N}SW, SA bits
- * Implement FEAT_EVT
+ * accel/tcg: Zero-pad PC in TCG CPU exec trace lines
- * Some 3-phase-reset conversions for Arm GIC, SMMU
+ * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
  * hw/arm/boot: set initrd with #address-cells type in fdt
  * align user-mode exposed ID registers with Linux
  * hw/misc: Move some arm-related files from specific_ss into softmmu_ss
  * Restrict arm_cpu_exec_interrupt() to TCG accelerator
 ----------------------------------------------------------------
-Gavin Shan (7):
+Peter Maydell (5):
-      hw/arm/virt: Introduce virt_set_high_memmap() helper
+      linux-user: Remove pointless NULL check in clock_adjtime handling
-      hw/arm/virt: Rename variable size to region_size in virt_set_high_memmap()
+      target/arm/ptw.c: Add comments to S1Translate struct fields
-      hw/arm/virt: Introduce variable region_base in virt_set_high_memmap()
+      target/arm: Fix S1_ptw_translate() debug path
-      hw/arm/virt: Introduce virt_get_high_memmap_enabled() helper
+      target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
-      hw/arm/virt: Improve high memory region address assignment
+      accel/tcg: Zero-pad PC in TCG CPU exec trace lines
       hw/arm/virt: Add 'compact-highmem' property
       hw/arm/virt: Add properties to disable high memory regions
-Luke Starrett (1):
+Tong Ho (1):
-      hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement
+      hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
-Mihai Carabas (1):
+Yuquan Wang (1):
-      hw/arm/virt: build SMBIOS 19 table
+      hw/arm/sbsa-ref: set 'slots' property of xhci
-Peter Maydell (15):
+ accel/tcg/cpu-exec.c      |  4 +--
-      target/arm: Allow relevant HCR bits to be written for FEAT_EVT
+ accel/tcg/translate-all.c |  2 +-
-      target/arm: Implement HCR_EL2.TTLBIS traps
+ hw/arm/sbsa-ref.c         |  1 +
-      target/arm: Implement HCR_EL2.TTLBOS traps
+ hw/nvram/xlnx-efuse.c     | 11 ++++--
-      target/arm: Implement HCR_EL2.TICAB,TOCU traps
+ linux-user/syscall.c      | 12 +++----
-      target/arm: Implement HCR_EL2.TID4 traps
+ target/arm/ptw.c          | 90 +++++++++++++++++++++++++++++++++++++++++------
-      target/arm: Report FEAT_EVT for TCG '-cpu max'
+files changed, 98 insertions(+), 22 deletions(-)
       hw/arm: Convert TYPE_ARM_SMMU to 3-phase reset
       hw/arm: Convert TYPE_ARM_SMMUV3 to 3-phase reset
       hw/intc: Convert TYPE_ARM_GIC_COMMON to 3-phase reset
       hw/intc: Convert TYPE_ARM_GIC_KVM to 3-phase reset
       hw/intc: Convert TYPE_ARM_GICV3_COMMON to 3-phase reset
       hw/intc: Convert TYPE_KVM_ARM_GICV3 to 3-phase reset
       hw/intc: Convert TYPE_ARM_GICV3_ITS_COMMON to 3-phase reset
       hw/intc: Convert TYPE_ARM_GICV3_ITS to 3-phase reset
       hw/intc: Convert TYPE_KVM_ARM_ITS to 3-phase reset
 Philippe Mathieu-Daudé (1):
       target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator
 Schspa Shi (1):
       hw/arm/boot: set initrd with #address-cells type in fdt
 Thomas Huth (1):
       hw/misc: Move some arm-related files from specific_ss into softmmu_ss
 Timofey Kutergin (1):
       target/arm: Add Cortex-A55 CPU
 Zhuojia Shen (1):
       target/arm: align exposed ID registers with Linux
  docs/system/arm/emulation.rst          |   1 +
  docs/system/arm/virt.rst               |  18 +++
  include/hw/arm/smmuv3.h                |   2 +-
  include/hw/arm/virt.h                  |   2 +
  include/hw/misc/xlnx-zynqmp-apu-ctrl.h |   2 +-
  target/arm/cpu.h                       |  30 +++++
  target/arm/kvm-consts.h                |   8 +-
  hw/arm/boot.c                          |  10 +-
  hw/arm/smmu-common.c                   |   7 +-
  hw/arm/smmuv3.c                        |  12 +-
  hw/arm/virt.c                          | 202 +++++++++++++++++++++++-----
  hw/intc/arm_gic_common.c               |   7 +-
  hw/intc/arm_gic_kvm.c                  |  14 +-
  hw/intc/arm_gicv3_common.c             |   7 +-
  hw/intc/arm_gicv3_dist.c               |   4 +-
  hw/intc/arm_gicv3_its.c                |  14 +-
  hw/intc/arm_gicv3_its_common.c         |   7 +-
  hw/intc/arm_gicv3_its_kvm.c            |  14 +-
  hw/intc/arm_gicv3_kvm.c                |  14 +-
  hw/misc/imx6_src.c                     |   2 +-
  hw/misc/iotkit-sysctl.c                |   1 -
  target/arm/cpu.c                       |   5 +-
  target/arm/cpu64.c                     |  70 ++++++++++
  target/arm/cpu_tcg.c                   |   1 +
  target/arm/helper.c                    | 231 ++++++++++++++++++++++++---------
  hw/misc/meson.build                    |  11 +-
 files changed, 538 insertions(+), 158 deletions(-)

-[PULL 28/29] hw/misc: Move some arm-related files from specific_ss into softmmu_ss
+[PULL 1/7] hw/arm/sbsa-ref: set 'slots' property of xhci
-From: Thomas Huth <thuth@redhat.com>
+From: Yuquan Wang <wangyuquan1236@phytium.com.cn>
-The header target/arm/kvm-consts.h checks CONFIG_KVM which is marked as
+This extends the slots of xhci to 64, since the default xhci_sysbus
-poisoned in common code, so the files that include this header have to
+just supports one slot.
 be added to specific_ss and recompiled for each, qemu-system-arm and
 qemu-system-aarch64. However, since the kvm headers are only optionally
 used in kvm-constants.h for some sanity checks, we can additionally
 check the NEED_CPU_H macro first to avoid the poisoned CONFIG_KVM macro,
 so kvm-constants.h can also be used from "common" files (without the
 sanity checks - which should be OK since they are still done from other
 target-specific files instead). This way, and by adjusting some other
 include statements in the related files here and there, we can move some
 files from specific_ss into softmmu_ss, so that they only need to be
 compiled once during the build process.
-Signed-off-by: Thomas Huth <thuth@redhat.com>
+Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
-Message-id: 20221202154023.293614-1-thuth@redhat.com
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
 Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
 Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- include/hw/misc/xlnx-zynqmp-apu-ctrl.h |  2 +-
+ hw/arm/sbsa-ref.c | 1 +
- target/arm/kvm-consts.h                |  8 ++++----
+file changed, 1 insertion(+)
  hw/misc/imx6_src.c                     |  2 +-
  hw/misc/iotkit-sysctl.c                |  1 -
  hw/misc/meson.build                    | 11 +++++------
 files changed, 11 insertions(+), 13 deletions(-)
-diff --git a/include/hw/misc/xlnx-zynqmp-apu-ctrl.h b/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
+diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
+--- a/hw/arm/sbsa-ref.c
-+++ b/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
++++ b/hw/arm/sbsa-ref.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms)
+     hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;
- #include "hw/sysbus.h"
+     int irq = sbsa_ref_irqmap[SBSA_XHCI];
- #include "hw/register.h"
+     DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
--#include "target/arm/cpu.h"
++    qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
-+#include "target/arm/cpu-qom.h"
+     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
- #define TYPE_XLNX_ZYNQMP_APU_CTRL "xlnx.apu-ctrl"
+     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
  OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPAPUCtrl, XLNX_ZYNQMP_APU_CTRL)
 diff --git a/target/arm/kvm-consts.h b/target/arm/kvm-consts.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm-consts.h
 +++ b/target/arm/kvm-consts.h
@@ -XXX,XX +XXX,XX @@
  #ifndef ARM_KVM_CONSTS_H
  #define ARM_KVM_CONSTS_H
 +#ifdef NEED_CPU_H
  #ifdef CONFIG_KVM
  #include <linux/kvm.h>
  #include <linux/psci.h>
 -
  #define MISMATCH_CHECK(X, Y) QEMU_BUILD_BUG_ON(X != Y)
 +#endif
 +#endif
 -#else
 -
 +#ifndef MISMATCH_CHECK
  #define MISMATCH_CHECK(X, Y) QEMU_BUILD_BUG_ON(0)
 -
  #endif
  #define CP_REG_SIZE_SHIFT 52
 diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/imx6_src.c
 +++ b/hw/misc/imx6_src.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/log.h"
  #include "qemu/main-loop.h"
  #include "qemu/module.h"
 -#include "arm-powerctl.h"
 +#include "target/arm/arm-powerctl.h"
  #include "hw/core/cpu.h"
  #ifndef DEBUG_IMX6_SRC
 diff --git a/hw/misc/iotkit-sysctl.c b/hw/misc/iotkit-sysctl.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/iotkit-sysctl.c
 +++ b/hw/misc/iotkit-sysctl.c
@@ -XXX,XX +XXX,XX @@
  #include "hw/qdev-properties.h"
  #include "hw/arm/armsse-version.h"
  #include "target/arm/arm-powerctl.h"
 -#include "target/arm/cpu.h"
  REG32(SECDBGSTAT, 0x0)
  REG32(SECDBGSET, 0x4)
 diff --git a/hw/misc/meson.build b/hw/misc/meson.build
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/meson.build
 +++ b/hw/misc/meson.build
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_IMX', if_true: files(
    'imx25_ccm.c',
    'imx31_ccm.c',
    'imx6_ccm.c',
 +  'imx6_src.c',
    'imx6ul_ccm.c',
    'imx7_ccm.c',
    'imx7_gpr.c',
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_RASPI', if_true: files(
  ))
  softmmu_ss.add(when: 'CONFIG_SLAVIO', if_true: files('slavio_misc.c'))
  softmmu_ss.add(when: 'CONFIG_ZYNQ', if_true: files('zynq_slcr.c'))
 -specific_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-crf.c'))
 -specific_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-apu-ctrl.c'))
 +softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-crf.c'))
 +softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-apu-ctrl.c'))
  specific_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: files('xlnx-versal-crl.c'))
  softmmu_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: files(
    'xlnx-versal-xramc.c',
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_TZ_MPC', if_true: files('tz-mpc.c'))
  softmmu_ss.add(when: 'CONFIG_TZ_MSC', if_true: files('tz-msc.c'))
  softmmu_ss.add(when: 'CONFIG_TZ_PPC', if_true: files('tz-ppc.c'))
  softmmu_ss.add(when: 'CONFIG_IOTKIT_SECCTL', if_true: files('iotkit-secctl.c'))
 +softmmu_ss.add(when: 'CONFIG_IOTKIT_SYSCTL', if_true: files('iotkit-sysctl.c'))
  softmmu_ss.add(when: 'CONFIG_IOTKIT_SYSINFO', if_true: files('iotkit-sysinfo.c'))
  softmmu_ss.add(when: 'CONFIG_ARMSSE_CPU_PWRCTRL', if_true: files('armsse-cpu-pwrctrl.c'))
  softmmu_ss.add(when: 'CONFIG_ARMSSE_CPUID', if_true: files('armsse-cpuid.c'))
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_ahb_apb_pnp.c'))
  specific_ss.add(when: 'CONFIG_AVR_POWER', if_true: files('avr_power.c'))
 -specific_ss.add(when: 'CONFIG_IMX', if_true: files('imx6_src.c'))
 -specific_ss.add(when: 'CONFIG_IOTKIT_SYSCTL', if_true: files('iotkit-sysctl.c'))
 -
  specific_ss.add(when: 'CONFIG_MAC_VIA', if_true: files('mac_via.c'))
  specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_cmgcr.c', 'mips_cpc.c'))
  specific_ss.add(when: 'CONFIG_MIPS_ITU', if_true: files('mips_itu.c'))
 -specific_ss.add(when: 'CONFIG_SBSA_REF', if_true: files('sbsa_ec.c'))
 +softmmu_ss.add(when: 'CONFIG_SBSA_REF', if_true: files('sbsa_ec.c'))
  # HPPA devices
  softmmu_ss.add(when: 'CONFIG_LASI', if_true: files('lasi.c'))
 --
-.25.1
+.34.1

-[PULL 23/29] hw/intc: Convert TYPE_ARM_GICV3_ITS_COMMON to 3-phase reset
+[PULL 2/7] linux-user: Remove pointless NULL check in clock_adjtime handling
-Convert the TYPE_ARM_GICV3_ITS_COMMON parent class to 3-phase reset.
+In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to
 the address of the local variable htx.  This means it can never be
 NULL, but later in the code we check it for NULL anyway.  Coverity
 complains about this (CID 1507683) because the NULL check comes after
 a call to clock_adjtime() that assumes it is non-NULL.
 Since phtx is always &htx, and is used only in three places, it's not
 really necessary.  Remove it, bringing the code structure in to line
 with that for TARGET_NR_clock_adjtime64, which already uses a simple
 '&htx' when it wants a pointer to 'htx'.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221109161444.3397405-8-peter.maydell@linaro.org
+Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org
 ---
- hw/intc/arm_gicv3_its_common.c | 7 ++++---
+ linux-user/syscall.c | 12 +++++-------
-file changed, 4 insertions(+), 3 deletions(-)
+file changed, 5 insertions(+), 7 deletions(-)
-diff --git a/hw/intc/arm_gicv3_its_common.c b/hw/intc/arm_gicv3_its_common.c
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_its_common.c
+--- a/linux-user/syscall.c
-+++ b/hw/intc/arm_gicv3_its_common.c
++++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ void gicv3_its_init_mmio(GICv3ITSState *s, const MemoryRegionOps *ops,
+@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-     msi_nonbroken = true;
+ #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
- }
+     case TARGET_NR_clock_adjtime:
+         {
--static void gicv3_its_common_reset(DeviceState *dev)
+-            struct timex htx, *phtx = &htx;
-+static void gicv3_its_common_reset_hold(Object *obj)
++            struct timex htx;
- {
--    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+-            if (target_to_host_timex(phtx, arg2) != 0) {
-+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
++            if (target_to_host_timex(&htx, arg2) != 0) {
+                 return -TARGET_EFAULT;
-     s->ctlr = 0;
+             }
-     s->cbaser = 0;
+-            ret = get_errno(clock_adjtime(arg1, phtx));
-@@ -XXX,XX +XXX,XX @@ static void gicv3_its_common_reset(DeviceState *dev)
+-            if (!is_error(ret) && phtx) {
- static void gicv3_its_common_class_init(ObjectClass *klass, void *data)
+-                if (host_to_target_timex(arg2, phtx) != 0) {
- {
+-                    return -TARGET_EFAULT;
-     DeviceClass *dc = DEVICE_CLASS(klass);
+-                }
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
++            ret = get_errno(clock_adjtime(arg1, &htx));
++            if (!is_error(ret) && host_to_target_timex(arg2, &htx)) {
--    dc->reset = gicv3_its_common_reset;
++                return -TARGET_EFAULT;
-+    rc->phases.hold = gicv3_its_common_reset_hold;
+             }
-     dc->vmsd = &vmstate_its;
+         }
- }
+         return ret;
 --
-.25.1
+.34.1

-[PULL 25/29] hw/intc: Convert TYPE_KVM_ARM_ITS to 3-phase reset
+[PULL 3/7] target/arm/ptw.c: Add comments to S1Translate struct fields
-Convert the TYPE_KVM_ARM_ITS device to 3-phase reset.
+Add comments to the in_* fields in the S1Translate struct
 that explain what they're doing.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org
 Message-id: 20221109161444.3397405-10-peter.maydell@linaro.org
 ---
- hw/intc/arm_gicv3_its_kvm.c | 14 +++++++++-----
+ target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++
-file changed, 9 insertions(+), 5 deletions(-)
+file changed, 40 insertions(+)
-diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_its_kvm.c
+--- a/target/arm/ptw.c
-+++ b/hw/intc/arm_gicv3_its_kvm.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3ITSState, KVMARMITSClass,
+@@ -XXX,XX +XXX,XX @@
+ #endif
- struct KVMARMITSClass {
-     GICv3ITSCommonClass parent_class;
+ typedef struct S1Translate {
--    void (*parent_reset)(DeviceState *dev);
++    /*
-+    ResettablePhases parent_phases;
++     * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk.
- };
++     * Together with in_space, specifies the architectural translation regime.
++     */
+     ARMMMUIdx in_mmu_idx;
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_post_load(GICv3ITSState *s)
++    /*
-                       GITS_CTLR, &s->ctlr, true, &error_abort);
++     * in_ptw_idx: specifies which mmuidx to use for the actual
- }
++     * page table descriptor load operations. This will be one of the
++     * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes.
--static void kvm_arm_its_reset(DeviceState *dev)
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
-+static void kvm_arm_its_reset_hold(Object *obj)
++     * this field is updated accordingly.
- {
++     */
--    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+     ARMMMUIdx in_ptw_idx;
-+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
++    /*
-     KVMARMITSClass *c = KVM_ARM_ITS_GET_CLASS(s);
++     * in_space: the security space for this walk. This plus
-     int i;
++     * the in_mmu_idx specify the architectural translation regime.
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
--    c->parent_reset(dev);
++     * this field is updated accordingly.
-+    if (c->parent_phases.hold) {
++     *
-+        c->parent_phases.hold(obj);
++     * Note that the security space for the in_ptw_idx may be different
-+    }
++     * from that for the in_mmu_idx. We do not need to explicitly track
++     * the in_ptw_idx security space because:
-     if (kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
++     *  - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx
-                                KVM_DEV_ARM_ITS_CTRL_RESET)) {
++     *    itself specifies the security space
-@@ -XXX,XX +XXX,XX @@ static Property kvm_arm_its_props[] = {
++     *  - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security
- static void kvm_arm_its_class_init(ObjectClass *klass, void *data)
++     *    space used for ptw reads is the same as that of the security
- {
++     *    space of the stage 1 translation for all cases except where
-     DeviceClass *dc = DEVICE_CLASS(klass);
++     *    stage 1 is Secure; in that case the only possibilities for
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
++     *    the ptw read are Secure and NonSecure, and the in_ptw_idx
-     GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
++     *    value being Stage2 vs Stage2_S distinguishes those.
-     KVMARMITSClass *ic = KVM_ARM_ITS_CLASS(klass);
++     */
+     ARMSecuritySpace in_space;
-     dc->realize = kvm_arm_its_realize;
++    /*
-     device_class_set_props(dc, kvm_arm_its_props);
++     * in_secure: whether the translation regime is a Secure one.
--    device_class_set_parent_reset(dc, kvm_arm_its_reset, &ic->parent_reset);
++     * This is always equal to arm_space_is_secure(in_space).
-+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_its_reset_hold, NULL,
++     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
-+                                       &ic->parent_phases);
++     * this field is updated accordingly.
-     icc->send_msi = kvm_its_send_msi;
++     */
-     icc->pre_save = kvm_arm_its_pre_save;
+     bool in_secure;
-     icc->post_load = kvm_arm_its_post_load;
++    /*
 +     * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug
 +     * accesses will not update the guest page table access flags
 +     * and will not change the state of the softmmu TLBs.
 +     */
      bool in_debug;
      /*
       * If this is stage 2 of a stage 1+2 page table walk, then this must
 --
-.25.1
+.34.1

-[PULL 01/29] hw/arm/virt: Introduce virt_set_high_memmap() helper
+[PULL 4/7] target/arm: Fix S1_ptw_translate() debug path
-From: Gavin Shan <gshan@redhat.com>
+In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate()
 so that the debug-access "call get_phys_addr_*" codepath is used both
 when S1 is doing ptw reads from stage 2 and when it is doing ptw
 reads from physical memory.  However, we didn't update the
 calculation of s2ptw->in_space and s2ptw->in_secure to account for
 the "ptw reads from physical memory" case.  This meant that debug
 accesses when in Secure state broke.
-This introduces virt_set_high_memmap() helper. The logic of high
+Create a new function S2_security_space() which returns the
-memory region address assignment is moved to the helper. The intention
+correct security space to use for the ptw load, and use it to
-is to make the subsequent optimization for high memory region address
+determine the correct .in_secure and .in_space fields for the
-assignment easier.
+stage 2 lookup for the ptw load.
-No functional change intended.
+Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Gavin Shan <gshan@redhat.com>
+Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org
-Reviewed-by: Marc Zyngier <maz@kernel.org>
+Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate")
 Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
 Message-id: 20221029224307.138822-2-gshan@redhat.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/arm/virt.c | 74 ++++++++++++++++++++++++++++-----------------------
+ target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++-----
-file changed, 41 insertions(+), 33 deletions(-)
+file changed, 32 insertions(+), 5 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
+--- a/target/arm/ptw.c
-+++ b/hw/arm/virt.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
+@@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
-     return arm_cpu_mp_affinity(idx, clustersz);
+     }
  }
-+static void virt_set_high_memmap(VirtMachineState *vms,
++static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space,
-+                                 hwaddr base, int pa_bits)
++                                          ARMMMUIdx s2_mmu_idx)
 +{
-+    int i;
++    /*
-+
++     * Return the security space to use for stage 2 when doing
-+    for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
++     * the S1 page table descriptor load.
-+        hwaddr size = extended_memmap[i].size;
++     */
-+        bool fits;
++    if (regime_is_stage2(s2_mmu_idx)) {
 +
 +        base = ROUND_UP(base, size);
 +        vms->memmap[i].base = base;
 +        vms->memmap[i].size = size;
 +
 +        /*
-+         * Check each device to see if they fit in the PA space,
++         * The security space for ptw reads is almost always the same
-+         * moving highest_gpa as we go.
++         * as that of the security space of the stage 1 translation.
-+         *
++         * The only exception is when stage 1 is Secure; in that case
-+         * For each device that doesn't fit, disable it.
++         * the ptw read might be to the Secure or the NonSecure space
 +         * (but never Realm or Root), and the s2_mmu_idx tells us which.
 +         * Root translations are always single-stage.
 +         */
-+        fits = (base + size) <= BIT_ULL(pa_bits);
++        if (s1_space == ARMSS_Secure) {
-+        if (fits) {
++            return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S);
-+            vms->highest_gpa = base + size - 1;
++        } else {
 +            assert(s2_mmu_idx != ARMMMUIdx_Stage2_S);
 +            assert(s1_space != ARMSS_Root);
 +            return s1_space;
 +        }
-+
++    } else {
-+        switch (i) {
++        /* ptw loads are from phys: the mmu idx itself says which space */
-+        case VIRT_HIGH_GIC_REDIST2:
++        return arm_phys_to_space(s2_mmu_idx);
 +            vms->highmem_redists &= fits;
 +            break;
 +        case VIRT_HIGH_PCIE_ECAM:
 +            vms->highmem_ecam &= fits;
 +            break;
 +        case VIRT_HIGH_PCIE_MMIO:
 +            vms->highmem_mmio &= fits;
 +            break;
 +        }
 +
 +        base += size;
 +    }
 +}
 +
- static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
+ /* Translate a S1 pagetable walk through S2 if needed.  */
  static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
                               hwaddr addr, ARMMMUFaultInfo *fi)
  {
-     MachineState *ms = MACHINE(vms);
+-    ARMSecuritySpace space = ptw->in_space;
-@@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
+     bool is_secure = ptw->in_secure;
-     /* We know for sure that at least the memory fits in the PA space */
+     ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
-     vms->highest_gpa = memtop - 1;
+     ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
+@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
--    for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
+          * From gdbstub, do not use softmmu so that we don't modify the
--        hwaddr size = extended_memmap[i].size;
+          * state of the cpu at all, including softmmu tlb contents.
--        bool fits;
+          */
--
++        ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx);
--        base = ROUND_UP(base, size);
+         S1Translate s2ptw = {
--        vms->memmap[i].base = base;
+             .in_mmu_idx = s2_mmu_idx,
--        vms->memmap[i].size = size;
+             .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
--
+-            .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
--        /*
+-            .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
--         * Check each device to see if they fit in the PA space,
+-                         : space == ARMSS_Realm ? ARMSS_Realm
--         * moving highest_gpa as we go.
+-                         : ARMSS_NonSecure),
--         *
++            .in_secure = arm_space_is_secure(s2_space),
--         * For each device that doesn't fit, disable it.
++            .in_space = s2_space,
--         */
+             .in_debug = true,
--        fits = (base + size) <= BIT_ULL(pa_bits);
+         };
--        if (fits) {
+         GetPhysAddrResult s2 = { };
 -            vms->highest_gpa = base + size - 1;
 -        }
 -
 -        switch (i) {
 -        case VIRT_HIGH_GIC_REDIST2:
 -            vms->highmem_redists &= fits;
 -            break;
 -        case VIRT_HIGH_PCIE_ECAM:
 -            vms->highmem_ecam &= fits;
 -            break;
 -        case VIRT_HIGH_PCIE_MMIO:
 -            vms->highmem_mmio &= fits;
 -            break;
 -        }
 -
 -        base += size;
 -    }
 +    virt_set_high_memmap(vms, base, pa_bits);
      if (device_memory_size > 0) {
          ms->device_memory = g_malloc0(sizeof(*ms->device_memory));
 --
-.25.1
+.34.1

-[PULL 02/29] hw/arm/virt: Rename variable size to region_size in virt_set_high_memmap()
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-This renames variable 'size' to 'region_size' in virt_set_high_memmap().
-Its counterpart ('region_base') will be introduced in next patch.
-No functional change intended.
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
-Message-id: 20221029224307.138822-3-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/virt.c | 15 ++++++++-------
-file changed, 8 insertions(+), 7 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
- static void virt_set_high_memmap(VirtMachineState *vms,
-                                  hwaddr base, int pa_bits)
- {
-+    hwaddr region_size;
-+    bool fits;
-     int i;
-     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
--        hwaddr size = extended_memmap[i].size;
--        bool fits;
-+        region_size = extended_memmap[i].size;
--        base = ROUND_UP(base, size);
-+        base = ROUND_UP(base, region_size);
-         vms->memmap[i].base = base;
--        vms->memmap[i].size = size;
-+        vms->memmap[i].size = region_size;
-         /*
-          * Check each device to see if they fit in the PA space,
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-          *
-          * For each device that doesn't fit, disable it.
-          */
--        fits = (base + size) <= BIT_ULL(pa_bits);
-+        fits = (base + region_size) <= BIT_ULL(pa_bits);
-         if (fits) {
--            vms->highest_gpa = base + size - 1;
-+            vms->highest_gpa = base + region_size - 1;
-         }
-         switch (i) {
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-             break;
-         }
--        base += size;
-+        base += region_size;
-     }
- }
---
-.25.1

-[PULL 03/29] hw/arm/virt: Introduce variable region_base in virt_set_high_memmap()
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-This introduces variable 'region_base' for the base address of the
-specific high memory region. It's the preparatory work to optimize
-high memory region address assignment.
-No functional change intended.
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
-Message-id: 20221029224307.138822-4-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/virt.c | 12 ++++++------
-file changed, 6 insertions(+), 6 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
- static void virt_set_high_memmap(VirtMachineState *vms,
-                                  hwaddr base, int pa_bits)
- {
--    hwaddr region_size;
-+    hwaddr region_base, region_size;
-     bool fits;
-     int i;
-     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
-+        region_base = ROUND_UP(base, extended_memmap[i].size);
-         region_size = extended_memmap[i].size;
--        base = ROUND_UP(base, region_size);
--        vms->memmap[i].base = base;
-+        vms->memmap[i].base = region_base;
-         vms->memmap[i].size = region_size;
-         /*
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-          *
-          * For each device that doesn't fit, disable it.
-          */
--        fits = (base + region_size) <= BIT_ULL(pa_bits);
-+        fits = (region_base + region_size) <= BIT_ULL(pa_bits);
-         if (fits) {
--            vms->highest_gpa = base + region_size - 1;
-+            vms->highest_gpa = region_base + region_size - 1;
-         }
-         switch (i) {
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-             break;
-         }
--        base += region_size;
-+        base = region_base + region_size;
-     }
- }
---
-.25.1

-[PULL 04/29] hw/arm/virt: Introduce virt_get_high_memmap_enabled() helper
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-This introduces virt_get_high_memmap_enabled() helper, which returns
-the pointer to vms->highmem_{redists, ecam, mmio}. The pointer will
-be used in the subsequent patches.
-No functional change intended.
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
-Message-id: 20221029224307.138822-5-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/virt.c | 32 +++++++++++++++++++-------------
-file changed, 19 insertions(+), 13 deletions(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
-     return arm_cpu_mp_affinity(idx, clustersz);
- }
-+static inline bool *virt_get_high_memmap_enabled(VirtMachineState *vms,
-+                                                 int index)
-+{
-+    bool *enabled_array[] = {
-+        &vms->highmem_redists,
-+        &vms->highmem_ecam,
-+        &vms->highmem_mmio,
-+    };
-+
-+    assert(ARRAY_SIZE(extended_memmap) - VIRT_LOWMEMMAP_LAST ==
-+           ARRAY_SIZE(enabled_array));
-+    assert(index - VIRT_LOWMEMMAP_LAST < ARRAY_SIZE(enabled_array));
-+
-+    return enabled_array[index - VIRT_LOWMEMMAP_LAST];
-+}
-+
- static void virt_set_high_memmap(VirtMachineState *vms,
-                                  hwaddr base, int pa_bits)
- {
-     hwaddr region_base, region_size;
--    bool fits;
-+    bool *region_enabled, fits;
-     int i;
-     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
-+        region_enabled = virt_get_high_memmap_enabled(vms, i);
-         region_base = ROUND_UP(base, extended_memmap[i].size);
-         region_size = extended_memmap[i].size;
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-             vms->highest_gpa = region_base + region_size - 1;
-         }
--        switch (i) {
--        case VIRT_HIGH_GIC_REDIST2:
--            vms->highmem_redists &= fits;
--            break;
--        case VIRT_HIGH_PCIE_ECAM:
--            vms->highmem_ecam &= fits;
--            break;
--        case VIRT_HIGH_PCIE_MMIO:
--            vms->highmem_mmio &= fits;
--            break;
--        }
--
-+        *region_enabled &= fits;
-         base = region_base + region_size;
-     }
- }
---
-.25.1

-[PULL 05/29] hw/arm/virt: Improve high memory region address assignment
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-There are three high memory regions, which are VIRT_HIGH_REDIST2,
-VIRT_HIGH_PCIE_ECAM and VIRT_HIGH_PCIE_MMIO. Their base addresses
-are floating on highest RAM address. However, they can be disabled
-in several cases.
-(1) One specific high memory region is likely to be disabled by
-    code by toggling vms->highmem_{redists, ecam, mmio}.
-(2) VIRT_HIGH_PCIE_ECAM region is disabled on machine, which is
-    'virt-2.12' or ealier than it.
-(3) VIRT_HIGH_PCIE_ECAM region is disabled when firmware is loaded
-    on 32-bits system.
-(4) One specific high memory region is disabled when it breaks the
-    PA space limit.
-The current implementation of virt_set_{memmap, high_memmap}() isn't
-optimized because the high memory region's PA space is always reserved,
-regardless of whatever the actual state in the corresponding
-vms->highmem_{redists, ecam, mmio} flag. In the code, 'base' and
-'vms->highest_gpa' are always increased for case (1), (2) and (3).
-It's unnecessary since the assigned PA space for the disabled high
-memory region won't be used afterwards.
-Improve the address assignment for those three high memory region by
-skipping the address assignment for one specific high memory region if
-it has been disabled in case (1), (2) and (3). The memory layout may
-be changed after the improvement is applied, which leads to potential
-migration breakage. So 'vms->highmem_compact' is added to control if
-the improvement should be applied. For now, 'vms->highmem_compact' is
-set to false, meaning that we don't have memory layout change until it
-becomes configurable through property 'compact-highmem' in next patch.
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
-Message-id: 20221029224307.138822-6-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/arm/virt.h |  1 +
- hw/arm/virt.c         | 15 ++++++++++-----
-files changed, 11 insertions(+), 5 deletions(-)
-diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/virt.h
-+++ b/include/hw/arm/virt.h
-@@ -XXX,XX +XXX,XX @@ struct VirtMachineState {
-     PFlashCFI01 *flash[2];
-     bool secure;
-     bool highmem;
-+    bool highmem_compact;
-     bool highmem_ecam;
-     bool highmem_mmio;
-     bool highmem_redists;
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
-         vms->memmap[i].size = region_size;
-         /*
--         * Check each device to see if they fit in the PA space,
--         * moving highest_gpa as we go.
-+         * Check each device to see if it fits in the PA space,
-+         * moving highest_gpa as we go. For compatibility, move
-+         * highest_gpa for disabled fitting devices as well, if
-+         * the compact layout has been disabled.
-          *
-          * For each device that doesn't fit, disable it.
-          */
-         fits = (region_base + region_size) <= BIT_ULL(pa_bits);
--        if (fits) {
--            vms->highest_gpa = region_base + region_size - 1;
-+        *region_enabled &= fits;
-+        if (vms->highmem_compact && !*region_enabled) {
-+            continue;
-         }
--        *region_enabled &= fits;
-         base = region_base + region_size;
-+        if (fits) {
-+            vms->highest_gpa = base - 1;
-+        }
-     }
- }
---
-.25.1

-[PULL 06/29] hw/arm/virt: Add 'compact-highmem' property
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-After the improvement to high memory region address assignment is
-applied, the memory layout can be changed, introducing possible
-migration breakage. For example, VIRT_HIGH_PCIE_MMIO memory region
-is disabled or enabled when the optimization is applied or not, with
-the following configuration. The configuration is only achievable by
-modifying the source code until more properties are added to allow
-users selectively disable those high memory regions.
-  pa_bits              = 40;
-  vms->highmem_redists = false;
-  vms->highmem_ecam    = false;
-  vms->highmem_mmio    = true;
-  # qemu-system-aarch64 -accel kvm -cpu host    \
-    -machine virt-7.2,compact-highmem={on, off} \
-    -m 4G,maxmem=511G -monitor stdio
-  Region             compact-highmem=off         compact-highmem=on
-  ----------------------------------------------------------------
-  MEM                [1GB         512GB]        [1GB         512GB]
-  HIGH_GIC_REDISTS2  [512GB       512GB+64MB]   [disabled]
-  HIGH_PCIE_ECAM     [512GB+256MB 512GB+512MB]  [disabled]
-  HIGH_PCIE_MMIO     [disabled]                 [512GB       1TB]
-In order to keep backwords compatibility, we need to disable the
-optimization on machine, which is virt-7.1 or ealier than it. It
-means the optimization is enabled by default from virt-7.2. Besides,
-'compact-highmem' property is added so that the optimization can be
-explicitly enabled or disabled on all machine types by users.
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
-Message-id: 20221029224307.138822-7-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- docs/system/arm/virt.rst |  4 ++++
- include/hw/arm/virt.h    |  1 +
- hw/arm/virt.c            | 32 ++++++++++++++++++++++++++++++++
-files changed, 37 insertions(+)
-diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/virt.rst
-+++ b/docs/system/arm/virt.rst
-@@ -XXX,XX +XXX,XX @@ highmem
-   address space above 32 bits. The default is ``on`` for machine types
-   later than ``virt-2.12``.
-+compact-highmem
-+  Set ``on``/``off`` to enable/disable the compact layout for high memory regions.
-+  The default is ``on`` for machine types later than ``virt-7.2``.
-+
- gic-version
-   Specify the version of the Generic Interrupt Controller (GIC) to provide.
-   Valid values are:
-diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/virt.h
-+++ b/include/hw/arm/virt.h
-@@ -XXX,XX +XXX,XX @@ struct VirtMachineClass {
-     bool no_pmu;
-     bool claim_edge_triggered_timers;
-     bool smbios_old_sys_ver;
-+    bool no_highmem_compact;
-     bool no_highmem_ecam;
-     bool no_ged;   /* Machines < 4.2 have no support for ACPI GED device */
-     bool kvm_no_adjvtime;
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static const MemMapEntry base_memmap[] = {
-  * Note the extended_memmap is sized so that it eventually also includes the
-  * base_memmap entries (VIRT_HIGH_GIC_REDIST2 index is greater than the last
-  * index of base_memmap).
-+ *
-+ * The memory map for these Highmem IO Regions can be in legacy or compact
-+ * layout, depending on 'compact-highmem' property. With legacy layout, the
-+ * PA space for one specific region is always reserved, even if the region
-+ * has been disabled or doesn't fit into the PA space. However, the PA space
-+ * for the region won't be reserved in these circumstances with compact layout.
-  */
- static MemMapEntry extended_memmap[] = {
-     /* Additional 64 MB redist region (can contain up to 512 redistributors) */
-@@ -XXX,XX +XXX,XX @@ static void virt_set_highmem(Object *obj, bool value, Error **errp)
-     vms->highmem = value;
- }
-+static bool virt_get_compact_highmem(Object *obj, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    return vms->highmem_compact;
-+}
-+
-+static void virt_set_compact_highmem(Object *obj, bool value, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    vms->highmem_compact = value;
-+}
-+
- static bool virt_get_its(Object *obj, Error **errp)
- {
-     VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
-                                           "Set on/off to enable/disable using "
-                                           "physical address space above 32 bits");
-+    object_class_property_add_bool(oc, "compact-highmem",
-+                                   virt_get_compact_highmem,
-+                                   virt_set_compact_highmem);
-+    object_class_property_set_description(oc, "compact-highmem",
-+                                          "Set on/off to enable/disable compact "
-+                                          "layout for high memory regions");
-+
-     object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
-                                   virt_set_gic_version);
-     object_class_property_set_description(oc, "gic-version",
-@@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj)
-     /* High memory is enabled by default */
-     vms->highmem = true;
-+    vms->highmem_compact = !vmc->no_highmem_compact;
-     vms->gic_version = VIRT_GIC_VERSION_NOSEL;
-     vms->highmem_ecam = !vmc->no_highmem_ecam;
-@@ -XXX,XX +XXX,XX @@ DEFINE_VIRT_MACHINE_AS_LATEST(7, 2)
- static void virt_machine_7_1_options(MachineClass *mc)
- {
-+    VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
-+
-     virt_machine_7_2_options(mc);
-     compat_props_add(mc->compat_props, hw_compat_7_1, hw_compat_7_1_len);
-+    /* Compact layout for high memory regions was introduced with 7.2 */
-+    vmc->no_highmem_compact = true;
- }
- DEFINE_VIRT_MACHINE(7, 1)
---
-.25.1

-[PULL 07/29] hw/arm/virt: Add properties to disable high memory regions
+Deleted patch
-From: Gavin Shan <gshan@redhat.com>
-The 3 high memory regions are usually enabled by default, but they may
-be not used. For example, VIRT_HIGH_GIC_REDIST2 isn't needed by GICv2.
-This leads to waste in the PA space.
-Add properties ("highmem-redists", "highmem-ecam", "highmem-mmio") to
-allow users selectively disable them if needed. After that, the high
-memory region for GICv3 or GICv4 redistributor can be disabled by user,
-the number of maximal supported CPUs needs to be calculated based on
-'vms->highmem_redists'. The follow-up error message is also improved
-to indicate if the high memory region for GICv3 and GICv4 has been
-enabled or not.
-Suggested-by: Marc Zyngier <maz@kernel.org>
-Signed-off-by: Gavin Shan <gshan@redhat.com>
-Reviewed-by: Marc Zyngier <maz@kernel.org>
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
-Message-id: 20221029224307.138822-8-gshan@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- docs/system/arm/virt.rst | 13 +++++++
- hw/arm/virt.c            | 75 ++++++++++++++++++++++++++++++++++++++--
-files changed, 86 insertions(+), 2 deletions(-)
-diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/virt.rst
-+++ b/docs/system/arm/virt.rst
-@@ -XXX,XX +XXX,XX @@ compact-highmem
-   Set ``on``/``off`` to enable/disable the compact layout for high memory regions.
-   The default is ``on`` for machine types later than ``virt-7.2``.
-+highmem-redists
-+  Set ``on``/``off`` to enable/disable the high memory region for GICv3 or
-+  GICv4 redistributor. The default is ``on``. Setting this to ``off`` will
-+  limit the maximum number of CPUs when GICv3 or GICv4 is used.
-+
-+highmem-ecam
-+  Set ``on``/``off`` to enable/disable the high memory region for PCI ECAM.
-+  The default is ``on`` for machine types later than ``virt-3.0``.
-+
-+highmem-mmio
-+  Set ``on``/``off`` to enable/disable the high memory region for PCI MMIO.
-+  The default is ``on``.
-+
- gic-version
-   Specify the version of the Generic Interrupt Controller (GIC) to provide.
-   Valid values are:
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
-     if (vms->gic_version == VIRT_GIC_VERSION_2) {
-         virt_max_cpus = GIC_NCPU;
-     } else {
--        virt_max_cpus = virt_redist_capacity(vms, VIRT_GIC_REDIST) +
--            virt_redist_capacity(vms, VIRT_HIGH_GIC_REDIST2);
-+        virt_max_cpus = virt_redist_capacity(vms, VIRT_GIC_REDIST);
-+        if (vms->highmem_redists) {
-+            virt_max_cpus += virt_redist_capacity(vms, VIRT_HIGH_GIC_REDIST2);
-+        }
-     }
-     if (max_cpus > virt_max_cpus) {
-         error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
-                      "supported by machine 'mach-virt' (%d)",
-                      max_cpus, virt_max_cpus);
-+        if (vms->gic_version != VIRT_GIC_VERSION_2 && !vms->highmem_redists) {
-+            error_printf("Try 'highmem-redists=on' for more CPUs\n");
-+        }
-+
-         exit(1);
-     }
-@@ -XXX,XX +XXX,XX @@ static void virt_set_compact_highmem(Object *obj, bool value, Error **errp)
-     vms->highmem_compact = value;
- }
-+static bool virt_get_highmem_redists(Object *obj, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    return vms->highmem_redists;
-+}
-+
-+static void virt_set_highmem_redists(Object *obj, bool value, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    vms->highmem_redists = value;
-+}
-+
-+static bool virt_get_highmem_ecam(Object *obj, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    return vms->highmem_ecam;
-+}
-+
-+static void virt_set_highmem_ecam(Object *obj, bool value, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    vms->highmem_ecam = value;
-+}
-+
-+static bool virt_get_highmem_mmio(Object *obj, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    return vms->highmem_mmio;
-+}
-+
-+static void virt_set_highmem_mmio(Object *obj, bool value, Error **errp)
-+{
-+    VirtMachineState *vms = VIRT_MACHINE(obj);
-+
-+    vms->highmem_mmio = value;
-+}
-+
-+
- static bool virt_get_its(Object *obj, Error **errp)
- {
-     VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
-                                           "Set on/off to enable/disable compact "
-                                           "layout for high memory regions");
-+    object_class_property_add_bool(oc, "highmem-redists",
-+                                   virt_get_highmem_redists,
-+                                   virt_set_highmem_redists);
-+    object_class_property_set_description(oc, "highmem-redists",
-+                                          "Set on/off to enable/disable high "
-+                                          "memory region for GICv3 or GICv4 "
-+                                          "redistributor");
-+
-+    object_class_property_add_bool(oc, "highmem-ecam",
-+                                   virt_get_highmem_ecam,
-+                                   virt_set_highmem_ecam);
-+    object_class_property_set_description(oc, "highmem-ecam",
-+                                          "Set on/off to enable/disable high "
-+                                          "memory region for PCI ECAM");
-+
-+    object_class_property_add_bool(oc, "highmem-mmio",
-+                                   virt_get_highmem_mmio,
-+                                   virt_set_highmem_mmio);
-+    object_class_property_set_description(oc, "highmem-mmio",
-+                                          "Set on/off to enable/disable high "
-+                                          "memory region for PCI MMIO");
-+
-     object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
-                                   virt_set_gic_version);
-     object_class_property_set_description(oc, "gic-version",
---
-.25.1

-[PULL 08/29] hw/arm/virt: build SMBIOS 19 table
+Deleted patch
-From: Mihai Carabas <mihai.carabas@oracle.com>
-Use the base_memmap to build the SMBIOS 19 table which provides the address
-mapping for a Physical Memory Array (from spec [1] chapter 7.20).
-This was present on i386 from commit c97294ec1b9e36887e119589d456557d72ab37b5
-("SMBIOS: Build aggregate smbios tables and entry point").
-[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.5.0.pdf
-The absence of this table is a breach of the specs and is
-detected by the FirmwareTestSuite (FWTS), but it doesn't
-cause any known problems for guest OSes.
-Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
-Message-id: 1668789029-5432-1-git-send-email-mihai.carabas@oracle.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/virt.c | 8 +++++++-
-file changed, 7 insertions(+), 1 deletion(-)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
- static void virt_build_smbios(VirtMachineState *vms)
- {
-     MachineClass *mc = MACHINE_GET_CLASS(vms);
-+    MachineState *ms = MACHINE(vms);
-     VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
-     uint8_t *smbios_tables, *smbios_anchor;
-     size_t smbios_tables_len, smbios_anchor_len;
-+    struct smbios_phys_mem_area mem_array;
-     const char *product = "QEMU Virtual Machine";
-     if (kvm_enabled()) {
-@@ -XXX,XX +XXX,XX @@ static void virt_build_smbios(VirtMachineState *vms)
-                         vmc->smbios_old_sys_ver ? "1.0" : mc->name, false,
-                         true, SMBIOS_ENTRY_POINT_TYPE_64);
--    smbios_get_tables(MACHINE(vms), NULL, 0,
-+    /* build the array of physical mem area from base_memmap */
-+    mem_array.address = vms->memmap[VIRT_MEM].base;
-+    mem_array.length = ms->ram_size;
-+
-+    smbios_get_tables(ms, &mem_array, 1,
-                       &smbios_tables, &smbios_tables_len,
-                       &smbios_anchor, &smbios_anchor_len,
-                       &error_fatal);
---
-.25.1

-[PULL 09/29] target/arm: Add Cortex-A55 CPU
+Deleted patch
-From: Timofey Kutergin <tkutergin@gmail.com>
-The Cortex-A55 is one of the newer armv8.2+ CPUs; in particular
-it supports the Privileged Access Never (PAN) feature. Add
-a model of this CPU, so you can use a CPU type on the virt
-board that models a specific real hardware CPU, rather than
-having to use the QEMU-specific "max" CPU type.
-Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
-Message-id: 20221121150819.2782817-1-tkutergin@gmail.com
-[PMM: tweaked commit message]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- docs/system/arm/virt.rst |  1 +
- hw/arm/virt.c            |  1 +
- target/arm/cpu64.c       | 69 ++++++++++++++++++++++++++++++++++++++++
-files changed, 71 insertions(+)
-diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/virt.rst
-+++ b/docs/system/arm/virt.rst
-@@ -XXX,XX +XXX,XX @@ Supported guest CPU types:
- - ``cortex-a15`` (32-bit; the default)
- - ``cortex-a35`` (64-bit)
- - ``cortex-a53`` (64-bit)
-+- ``cortex-a55`` (64-bit)
- - ``cortex-a57`` (64-bit)
- - ``cortex-a72`` (64-bit)
- - ``cortex-a76`` (64-bit)
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -XXX,XX +XXX,XX @@ static const char *valid_cpus[] = {
-     ARM_CPU_TYPE_NAME("cortex-a15"),
-     ARM_CPU_TYPE_NAME("cortex-a35"),
-     ARM_CPU_TYPE_NAME("cortex-a53"),
-+    ARM_CPU_TYPE_NAME("cortex-a55"),
-     ARM_CPU_TYPE_NAME("cortex-a57"),
-     ARM_CPU_TYPE_NAME("cortex-a72"),
-     ARM_CPU_TYPE_NAME("cortex-a76"),
-diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu64.c
-+++ b/target/arm/cpu64.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_a53_initfn(Object *obj)
-     define_cortex_a72_a57_a53_cp_reginfo(cpu);
- }
-+static void aarch64_a55_initfn(Object *obj)
-+{
-+    ARMCPU *cpu = ARM_CPU(obj);
-+
-+    cpu->dtb_compatible = "arm,cortex-a55";
-+    set_feature(&cpu->env, ARM_FEATURE_V8);
-+    set_feature(&cpu->env, ARM_FEATURE_NEON);
-+    set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
-+    set_feature(&cpu->env, ARM_FEATURE_AARCH64);
-+    set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
-+    set_feature(&cpu->env, ARM_FEATURE_EL2);
-+    set_feature(&cpu->env, ARM_FEATURE_EL3);
-+    set_feature(&cpu->env, ARM_FEATURE_PMU);
-+
-+    /* Ordered by B2.4 AArch64 registers by functional group */
-+    cpu->clidr = 0x82000023;
-+    cpu->ctr = 0x84448004; /* L1Ip = VIPT */
-+    cpu->dcz_blocksize = 4; /* 64 bytes */
-+    cpu->isar.id_aa64dfr0  = 0x0000000010305408ull;
-+    cpu->isar.id_aa64isar0 = 0x0000100010211120ull;
-+    cpu->isar.id_aa64isar1 = 0x0000000000100001ull;
-+    cpu->isar.id_aa64mmfr0 = 0x0000000000101122ull;
-+    cpu->isar.id_aa64mmfr1 = 0x0000000010212122ull;
-+    cpu->isar.id_aa64mmfr2 = 0x0000000000001011ull;
-+    cpu->isar.id_aa64pfr0  = 0x0000000010112222ull;
-+    cpu->isar.id_aa64pfr1  = 0x0000000000000010ull;
-+    cpu->id_afr0       = 0x00000000;
-+    cpu->isar.id_dfr0  = 0x04010088;
-+    cpu->isar.id_isar0 = 0x02101110;
-+    cpu->isar.id_isar1 = 0x13112111;
-+    cpu->isar.id_isar2 = 0x21232042;
-+    cpu->isar.id_isar3 = 0x01112131;
-+    cpu->isar.id_isar4 = 0x00011142;
-+    cpu->isar.id_isar5 = 0x01011121;
-+    cpu->isar.id_isar6 = 0x00000010;
-+    cpu->isar.id_mmfr0 = 0x10201105;
-+    cpu->isar.id_mmfr1 = 0x40000000;
-+    cpu->isar.id_mmfr2 = 0x01260000;
-+    cpu->isar.id_mmfr3 = 0x02122211;
-+    cpu->isar.id_mmfr4 = 0x00021110;
-+    cpu->isar.id_pfr0  = 0x10010131;
-+    cpu->isar.id_pfr1  = 0x00011011;
-+    cpu->isar.id_pfr2  = 0x00000011;
-+    cpu->midr = 0x412FD050;          /* r2p0 */
-+    cpu->revidr = 0;
-+
-+    /* From B2.23 CCSIDR_EL1 */
-+    cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
-+    cpu->ccsidr[1] = 0x200fe01a; /* 32KB L1 icache */
-+    cpu->ccsidr[2] = 0x703fe07a; /* 512KB L2 cache */
-+
-+    /* From B2.96 SCTLR_EL3 */
-+    cpu->reset_sctlr = 0x30c50838;
-+
-+    /* From B4.45 ICH_VTR_EL2 */
-+    cpu->gic_num_lrs = 4;
-+    cpu->gic_vpribits = 5;
-+    cpu->gic_vprebits = 5;
-+    cpu->gic_pribits = 5;
-+
-+    cpu->isar.mvfr0 = 0x10110222;
-+    cpu->isar.mvfr1 = 0x13211111;
-+    cpu->isar.mvfr2 = 0x00000043;
-+
-+    /* From D5.4 AArch64 PMU register summary */
-+    cpu->isar.reset_pmcr_el0 = 0x410b3000;
-+}
-+
- static void aarch64_a72_initfn(Object *obj)
- {
-     ARMCPU *cpu = ARM_CPU(obj);
-@@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo aarch64_cpus[] = {
-     { .name = "cortex-a35",         .initfn = aarch64_a35_initfn },
-     { .name = "cortex-a57",         .initfn = aarch64_a57_initfn },
-     { .name = "cortex-a53",         .initfn = aarch64_a53_initfn },
-+    { .name = "cortex-a55",         .initfn = aarch64_a55_initfn },
-     { .name = "cortex-a72",         .initfn = aarch64_a72_initfn },
-     { .name = "cortex-a76",         .initfn = aarch64_a76_initfn },
-     { .name = "a64fx",              .initfn = aarch64_a64fx_initfn },
---
-.25.1

-[PULL 10/29] hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement
+Deleted patch
-From: Luke Starrett <lukes@xsightlabs.com>
-The ARM GICv3 TRM describes that the ITLinesNumber field of GICD_TYPER
-register:
-"indicates the maximum SPI INTID that the GIC implementation supports"
-As SPI #0 is absolute IRQ #32, the max SPI INTID should have accounted
-for the internal 16x SGI's and 16x PPI's.  However, the original GICv3
-model subtracted off the SGI/PPI.  Cosmetically this can be seen at OS
-boot (Linux) showing 32 shy of what should be there, i.e.:
-    [    0.000000] GICv3: 224 SPIs implemented
-Though in hw/arm/virt.c, the machine is configured for 256 SPI's.  ARM
-virt machine likely doesn't have a problem with this because the upper
-IRQ's don't actually have anything meaningful wired. But, this does
-become a functional issue on a custom use case which wants to make use
-of these IRQ's.  Additionally, boot code (i.e. TF-A) will only init up
-to the number (blocks of 32) that it believes to actually be there.
-Signed-off-by: Luke Starrett <lukes@xsightlabs.com>
-Message-id: AM9P193MB168473D99B761E204E032095D40D9@AM9P193MB1684.EURP193.PROD.OUTLOOK.COM
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/intc/arm_gicv3_dist.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/hw/intc/arm_gicv3_dist.c b/hw/intc/arm_gicv3_dist.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_dist.c
-+++ b/hw/intc/arm_gicv3_dist.c
-@@ -XXX,XX +XXX,XX @@ static bool gicd_readl(GICv3State *s, hwaddr offset,
-          * MBIS == 0 (message-based SPIs not supported)
-          * SecurityExtn == 1 if security extns supported
-          * CPUNumber == 0 since for us ARE is always 1
--         * ITLinesNumber == (num external irqs / 32) - 1
-+         * ITLinesNumber == (((max SPI IntID + 1) / 32) - 1)
-          */
--        int itlinesnumber = ((s->num_irq - GIC_INTERNAL) / 32) - 1;
-+        int itlinesnumber = (s->num_irq / 32) - 1;
-         /*
-          * SecurityExtn must be RAZ if GICD_CTLR.DS == 1, and
-          * "security extensions not supported" always implies DS == 1,
---
-.25.1

-[PULL 11/29] target/arm: Allow relevant HCR bits to be written for FEAT_EVT
+Deleted patch
-FEAT_EVT adds five new bits to the HCR_EL2 register: TTLBIS, TTLBOS,
-TICAB, TOCU and TID4.  These allow the guest to enable trapping of
-various EL1 instructions to EL2.  In this commit, add the necessary
-code to allow the guest to set these bits if the feature is present;
-because the bit is always zero when the feature isn't present we
-won't need to use explicit feature checks in the "trap on condition"
-tests in the following commits.
-Note that although full implementation of the feature (mandatory from
-Armv8.5 onward) requires all five trap bits, the ID registers permit
-a value indicating that only TICAB, TOCU and TID4 are implemented,
-which might be the case for CPUs between Armv8.2 and Armv8.5.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/cpu.h    | 30 ++++++++++++++++++++++++++++++
- target/arm/helper.c |  6 ++++++
-files changed, 36 insertions(+)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_tts2uxn(const ARMISARegisters *id)
-     return FIELD_EX32(id->id_mmfr4, ID_MMFR4, XNX) != 0;
- }
-+static inline bool isar_feature_aa32_half_evt(const ARMISARegisters *id)
-+{
-+    return FIELD_EX32(id->id_mmfr4, ID_MMFR4, EVT) >= 1;
-+}
-+
-+static inline bool isar_feature_aa32_evt(const ARMISARegisters *id)
-+{
-+    return FIELD_EX32(id->id_mmfr4, ID_MMFR4, EVT) >= 2;
-+}
-+
- static inline bool isar_feature_aa32_dit(const ARMISARegisters *id)
- {
-     return FIELD_EX32(id->id_pfr0, ID_PFR0, DIT) != 0;
-@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_ids(const ARMISARegisters *id)
-     return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, IDS) != 0;
- }
-+static inline bool isar_feature_aa64_half_evt(const ARMISARegisters *id)
-+{
-+    return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, EVT) >= 1;
-+}
-+
-+static inline bool isar_feature_aa64_evt(const ARMISARegisters *id)
-+{
-+    return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, EVT) >= 2;
-+}
-+
- static inline bool isar_feature_aa64_bti(const ARMISARegisters *id)
- {
-     return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0;
-@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_ras(const ARMISARegisters *id)
-     return isar_feature_aa64_ras(id) || isar_feature_aa32_ras(id);
- }
-+static inline bool isar_feature_any_half_evt(const ARMISARegisters *id)
-+{
-+    return isar_feature_aa64_half_evt(id) || isar_feature_aa32_half_evt(id);
-+}
-+
-+static inline bool isar_feature_any_evt(const ARMISARegisters *id)
-+{
-+    return isar_feature_aa64_evt(id) || isar_feature_aa32_evt(id);
-+}
-+
- /*
-  * Forward to the above feature tests given an ARMCPU pointer.
-  */
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
-         }
-     }
-+    if (cpu_isar_feature(any_evt, cpu)) {
-+        valid_mask |= HCR_TTLBIS | HCR_TTLBOS | HCR_TICAB | HCR_TOCU | HCR_TID4;
-+    } else if (cpu_isar_feature(any_half_evt, cpu)) {
-+        valid_mask |= HCR_TICAB | HCR_TOCU | HCR_TID4;
-+    }
-+
-     /* Clear RES0 bits.  */
-     value &= valid_mask;
---
-.25.1

-[PULL 12/29] target/arm: Implement HCR_EL2.TTLBIS traps
+Deleted patch
-For FEAT_EVT, the HCR_EL2.TTLBIS bit allows trapping on EL1 use of
-TLB maintenance instructions that operate on the inner shareable
-domain:
-AArch64:
- TLBI VMALLE1IS, TLBI VAE1IS, TLBI ASIDE1IS, TLBI VAAE1IS,
- TLBI VALE1IS, TLBI VAALE1IS, TLBI RVAE1IS, TLBI RVAAE1IS,
- TLBI RVALE1IS, and TLBI RVAALE1IS.
-AArch32:
- TLBIALLIS, TLBIMVAIS, TLBIASIDIS, TLBIMVAAIS, TLBIMVALIS,
- and TLBIMVAALIS.
-Add the trapping support.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper.c | 43 +++++++++++++++++++++++++++----------------
-file changed, 27 insertions(+), 16 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_ttlb(CPUARMState *env, const ARMCPRegInfo *ri,
-     return CP_ACCESS_OK;
- }
-+/* Check for traps from EL1 due to HCR_EL2.TTLB or TTLBIS. */
-+static CPAccessResult access_ttlbis(CPUARMState *env, const ARMCPRegInfo *ri,
-+                                    bool isread)
-+{
-+    if (arm_current_el(env) == 1 &&
-+        (arm_hcr_el2_eff(env) & (HCR_TTLB | HCR_TTLBIS))) {
-+        return CP_ACCESS_TRAP_EL2;
-+    }
-+    return CP_ACCESS_OK;
-+}
-+
- static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
- {
-     ARMCPU *cpu = env_archcpu(env);
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
- static const ARMCPRegInfo v7mp_cp_reginfo[] = {
-     /* 32 bit TLB invalidates, Inner Shareable */
-     { .name = "TLBIALLIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbiall_is_write },
-     { .name = "TLBIMVAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbimva_is_write },
-     { .name = "TLBIASIDIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbiasid_is_write },
-     { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbimvaa_is_write },
- };
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-     /* TLBI operations */
-     { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vmalle1is_write },
-     { .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vmalle1is_write },
-     { .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
- #endif
-     /* TLB invalidate last level of translation table walk */
-     { .name = "TLBIMVALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbimva_is_write },
-     { .name = "TLBIMVAALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
--      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
-       .writefn = tlbimvaa_is_write },
-     { .name = "TLBIMVAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
-       .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
- static const ARMCPRegInfo tlbirange_reginfo[] = {
-     { .name = "TLBI_RVAE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 1,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAAE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 3,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-    { .name = "TLBI_RVALE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 5,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAALE1IS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 7,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
---
-.25.1

-[PULL 13/29] target/arm: Implement HCR_EL2.TTLBOS traps
+Deleted patch
-For FEAT_EVT, the HCR_EL2.TTLBOS bit allows trapping on EL1
-use of TLB maintenance instructions that operate on the
-outer shareable domain:
-TLBI VMALLE1OS, TLBI VAE1OS, TLBI ASIDE1OS,TLBI VAAE1OS,
-TLBI VALE1OS, TLBI VAALE1OS, TLBI RVAE1OS, TLBI RVAAE1OS,
-TLBI RVALE1OS, and TLBI RVAALE1OS.
-(There are no AArch32 outer-shareable TLB maintenance ops.)
-Implement the trapping.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper.c | 33 +++++++++++++++++++++++----------
-file changed, 23 insertions(+), 10 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_ttlbis(CPUARMState *env, const ARMCPRegInfo *ri,
-     return CP_ACCESS_OK;
- }
-+#ifdef TARGET_AARCH64
-+/* Check for traps from EL1 due to HCR_EL2.TTLB or TTLBOS. */
-+static CPAccessResult access_ttlbos(CPUARMState *env, const ARMCPRegInfo *ri,
-+                                    bool isread)
-+{
-+    if (arm_current_el(env) == 1 &&
-+        (arm_hcr_el2_eff(env) & (HCR_TTLB | HCR_TTLBOS))) {
-+        return CP_ACCESS_TRAP_EL2;
-+    }
-+    return CP_ACCESS_OK;
-+}
-+#endif
-+
- static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
- {
-     ARMCPU *cpu = env_archcpu(env);
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAAE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 3,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-    { .name = "TLBI_RVALE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 5,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAALE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 7,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_rvae1is_write },
-     { .name = "TLBI_RVAE1", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 1,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
- static const ARMCPRegInfo tlbios_reginfo[] = {
-     { .name = "TLBI_VMALLE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 0,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vmalle1is_write },
-     { .name = "TLBI_VAE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 1,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_ASIDE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 2,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vmalle1is_write },
-     { .name = "TLBI_VAAE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 3,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_VALE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 5,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_VAALE1OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 7,
--      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
-+      .access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
-       .writefn = tlbi_aa64_vae1is_write },
-     { .name = "TLBI_ALLE2OS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 0,
---
-.25.1

-[PULL 14/29] target/arm: Implement HCR_EL2.TICAB,TOCU traps
+Deleted patch
-For FEAT_EVT, the HCR_EL2.TICAB bit allows trapping of the ICIALLUIS
-and IC IALLUIS cache maintenance instructions.
-The HCR_EL2.TOCU bit traps all the other cache maintenance
-instructions that operate to the point of unification:
- AArch64 IC IVAU, IC IALLU, DC CVAU
- AArch32 ICIMVAU, ICIALLU, DCCMVAU
-The two trap bits between them cover all of the cache maintenance
-instructions which must also check the HCR_TPU flag.  Turn the old
-aa64_cacheop_pou_access() function into a helper function which takes
-the set of HCR_EL2 flags to check as an argument, and call it from
-new access_ticab() and access_tocu() functions as appropriate for
-each cache op.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper.c | 36 +++++++++++++++++++++++-------------
-file changed, 23 insertions(+), 13 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_poc_access(CPUARMState *env,
-     return CP_ACCESS_OK;
- }
--static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
--                                              const ARMCPRegInfo *ri,
--                                              bool isread)
-+static CPAccessResult do_cacheop_pou_access(CPUARMState *env, uint64_t hcrflags)
- {
-     /* Cache invalidate/clean to Point of Unification... */
-     switch (arm_current_el(env)) {
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
-         }
-         /* fall through */
-     case 1:
--        /* ... EL1 must trap to EL2 if HCR_EL2.TPU is set.  */
--        if (arm_hcr_el2_eff(env) & HCR_TPU) {
-+        /* ... EL1 must trap to EL2 if relevant HCR_EL2 flags are set.  */
-+        if (arm_hcr_el2_eff(env) & hcrflags) {
-             return CP_ACCESS_TRAP_EL2;
-         }
-         break;
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
-     return CP_ACCESS_OK;
- }
-+static CPAccessResult access_ticab(CPUARMState *env, const ARMCPRegInfo *ri,
-+                                   bool isread)
-+{
-+    return do_cacheop_pou_access(env, HCR_TICAB | HCR_TPU);
-+}
-+
-+static CPAccessResult access_tocu(CPUARMState *env, const ARMCPRegInfo *ri,
-+                                  bool isread)
-+{
-+    return do_cacheop_pou_access(env, HCR_TOCU | HCR_TPU);
-+}
-+
- /* See: D4.7.2 TLB maintenance requirements and the TLB maintenance instructions
-  * Page D4-1736 (DDI0487A.b)
-  */
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-     { .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
-       .access = PL1_W, .type = ARM_CP_NOP,
--      .accessfn = aa64_cacheop_pou_access },
-+      .accessfn = access_ticab },
-     { .name = "IC_IALLU", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
-       .access = PL1_W, .type = ARM_CP_NOP,
--      .accessfn = aa64_cacheop_pou_access },
-+      .accessfn = access_tocu },
-     { .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
-       .access = PL0_W, .type = ARM_CP_NOP,
--      .accessfn = aa64_cacheop_pou_access },
-+      .accessfn = access_tocu },
-     { .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
-       .access = PL1_W, .accessfn = aa64_cacheop_poc_access,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-     { .name = "DC_CVAU", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 11, .opc2 = 1,
-       .access = PL0_W, .type = ARM_CP_NOP,
--      .accessfn = aa64_cacheop_pou_access },
-+      .accessfn = access_tocu },
-     { .name = "DC_CIVAC", .state = ARM_CP_STATE_AA64,
-       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 1,
-       .access = PL0_W, .type = ARM_CP_NOP,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-       .writefn = tlbiipas2is_hyp_write },
-     /* 32 bit cache operations */
-     { .name = "ICIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
--      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
-+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_ticab },
-     { .name = "BPIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 6,
-       .type = ARM_CP_NOP, .access = PL1_W },
-     { .name = "ICIALLU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
--      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
-+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
-     { .name = "ICIMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 1,
--      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
-+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
-     { .name = "BPIALL", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 6,
-       .type = ARM_CP_NOP, .access = PL1_W },
-     { .name = "BPIMVA", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 7,
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
-     { .name = "DCCSW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
-       .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
-     { .name = "DCCMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 11, .opc2 = 1,
--      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
-+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
-     { .name = "DCCIMVAC", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 1,
-       .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_poc_access },
-     { .name = "DCCISW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
---
-.25.1

-[PULL 15/29] target/arm: Implement HCR_EL2.TID4 traps
+Deleted patch
-For FEAT_EVT, the HCR_EL2.TID4 trap allows trapping of the cache ID
-registers CCSIDR_EL1, CCSIDR2_EL1, CLIDR_EL1 and CSSELR_EL1 (and
-their AArch32 equivalents).  This is a subset of the registers
-trapped by HCR_EL2.TID2, which includes all of these and also the
-CTR_EL0 register.
-Our implementation already uses a separate access function for
-CTR_EL0 (ctr_el0_access()), so all of the registers currently using
-access_aa64_tid2() should also be checking TID4.  Make that function
-check both TID2 and TID4, and rename it appropriately.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper.c | 17 +++++++++--------
-file changed, 9 insertions(+), 8 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void scr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
-     scr_write(env, ri, 0);
- }
--static CPAccessResult access_aa64_tid2(CPUARMState *env,
--                                       const ARMCPRegInfo *ri,
--                                       bool isread)
-+static CPAccessResult access_tid4(CPUARMState *env,
-+                                  const ARMCPRegInfo *ri,
-+                                  bool isread)
- {
--    if (arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_TID2)) {
-+    if (arm_current_el(env) == 1 &&
-+        (arm_hcr_el2_eff(env) & (HCR_TID2 | HCR_TID4))) {
-         return CP_ACCESS_TRAP_EL2;
-     }
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
-     { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
-       .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
-       .access = PL1_R,
--      .accessfn = access_aa64_tid2,
-+      .accessfn = access_tid4,
-       .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
-     { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
-       .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
-       .access = PL1_RW,
--      .accessfn = access_aa64_tid2,
-+      .accessfn = access_tid4,
-       .writefn = csselr_write, .resetvalue = 0,
-       .bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
-                              offsetof(CPUARMState, cp15.csselr_ns) } },
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ccsidr2_reginfo[] = {
-     { .name = "CCSIDR2", .state = ARM_CP_STATE_BOTH,
-       .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 2,
-       .access = PL1_R,
--      .accessfn = access_aa64_tid2,
-+      .accessfn = access_tid4,
-       .readfn = ccsidr2_read, .type = ARM_CP_NO_RAW },
- };
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
-             .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
-             .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
-             .access = PL1_R, .type = ARM_CP_CONST,
--            .accessfn = access_aa64_tid2,
-+            .accessfn = access_tid4,
-             .resetvalue = cpu->clidr
-         };
-         define_one_arm_cp_reg(cpu, &clidr);
---
-.25.1

-[PULL 16/29] target/arm: Report FEAT_EVT for TCG '-cpu max'
+Deleted patch
-Update the ID registers for TCG's '-cpu max' to report the
-FEAT_EVT Enhanced Virtualization Traps support.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- docs/system/arm/emulation.rst | 1 +
- target/arm/cpu64.c            | 1 +
- target/arm/cpu_tcg.c          | 1 +
-files changed, 3 insertions(+)
-diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/system/arm/emulation.rst
-+++ b/docs/system/arm/emulation.rst
-@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
- - FEAT_DoubleFault (Double Fault Extension)
- - FEAT_E0PD (Preventing EL0 access to halves of address maps)
- - FEAT_ETS (Enhanced Translation Synchronization)
-+- FEAT_EVT (Enhanced Virtualization Traps)
- - FEAT_FCMA (Floating-point complex number instructions)
- - FEAT_FHM (Floating-point half-precision multiplication instructions)
- - FEAT_FP16 (Half-precision floating-point data processing)
-diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu64.c
-+++ b/target/arm/cpu64.c
-@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
-     t = FIELD_DP64(t, ID_AA64MMFR2, FWB, 1);      /* FEAT_S2FWB */
-     t = FIELD_DP64(t, ID_AA64MMFR2, TTL, 1);      /* FEAT_TTL */
-     t = FIELD_DP64(t, ID_AA64MMFR2, BBM, 2);      /* FEAT_BBM at level 2 */
-+    t = FIELD_DP64(t, ID_AA64MMFR2, EVT, 2);      /* FEAT_EVT */
-     t = FIELD_DP64(t, ID_AA64MMFR2, E0PD, 1);     /* FEAT_E0PD */
-     cpu->isar.id_aa64mmfr2 = t;
-diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu_tcg.c
-+++ b/target/arm/cpu_tcg.c
-@@ -XXX,XX +XXX,XX @@ void aa32_max_features(ARMCPU *cpu)
-     t = FIELD_DP32(t, ID_MMFR4, AC2, 1);          /* ACTLR2, HACTLR2 */
-     t = FIELD_DP32(t, ID_MMFR4, CNP, 1);          /* FEAT_TTCNP */
-     t = FIELD_DP32(t, ID_MMFR4, XNX, 1);          /* FEAT_XNX */
-+    t = FIELD_DP32(t, ID_MMFR4, EVT, 2);          /* FEAT_EVT */
-     cpu->isar.id_mmfr4 = t;
-     t = cpu->isar.id_mmfr5;
---
-.25.1

-[PULL 18/29] hw/arm: Convert TYPE_ARM_SMMUV3 to 3-phase reset
+[PULL 5/7] target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
-Convert the TYPE_ARM_SMMUV3 device to 3-phase reset.  The legacy
+In get_phys_addr_twostage() the code that applies the effects of
-reset method doesn't do anything that's invalid in the hold phase, so
+VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure.
-the conversion only requires changing it to a hold phase method, and
+Now we also have f.attrs.space for FEAT_RME, we need to keep the two
-using the 3-phase versions of the "save the parent reset method and
+in sync.
-chain to it" code.
 These bits only have an effect for Secure space translations, not
 for Root, so use the input in_space field to determine whether to
 apply them rather than the input is_secure. This doesn't actually
 make a difference because Root translations are never two-stage,
 but it's a little clearer.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Message-id: 20221109161444.3397405-3-peter.maydell@linaro.org
 ---
- include/hw/arm/smmuv3.h |  2 +-
+ target/arm/ptw.c | 13 ++++++++-----
- hw/arm/smmuv3.c         | 12 ++++++++----
+file changed, 8 insertions(+), 5 deletions(-)
 files changed, 9 insertions(+), 5 deletions(-)
-diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/hw/arm/smmuv3.h
+--- a/target/arm/ptw.c
-+++ b/include/hw/arm/smmuv3.h
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ struct SMMUv3Class {
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-     /*< public >*/
+     hwaddr ipa;
+     int s1_prot, s1_lgpgsz;
-     DeviceRealize parent_realize;
+     bool is_secure = ptw->in_secure;
--    DeviceReset   parent_reset;
++    ARMSecuritySpace in_space = ptw->in_space;
-+    ResettablePhases parent_phases;
+     bool ret, ipa_secure;
- };
+     ARMCacheAttrs cacheattrs1;
+     ARMSecuritySpace ipa_space;
- #define TYPE_ARM_SMMUV3   "arm-smmuv3"
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
-diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
+      * Check if IPA translates to secure or non-secure PA space.
-index XXXXXXX..XXXXXXX 100644
+      * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
---- a/hw/arm/smmuv3.c
+      */
-+++ b/hw/arm/smmuv3.c
+-    result->f.attrs.secure =
-@@ -XXX,XX +XXX,XX @@ static void smmu_init_irq(SMMUv3State *s, SysBusDevice *dev)
+-        (is_secure
-     }
+-         && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
- }
+-         && (ipa_secure
+-             || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))));
--static void smmu_reset(DeviceState *dev)
++    if (in_space == ARMSS_Secure) {
-+static void smmu_reset_hold(Object *obj)
++        result->f.attrs.secure =
- {
++            !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
--    SMMUv3State *s = ARM_SMMUV3(dev);
++            && (ipa_secure
-+    SMMUv3State *s = ARM_SMMUV3(obj);
++                || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)));
-     SMMUv3Class *c = ARM_SMMUV3_GET_CLASS(s);
++        result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure);
 -    c->parent_reset(dev);
 +    if (c->parent_phases.hold) {
 +        c->parent_phases.hold(obj);
 +    }
-     smmuv3_init_regs(s);
+     return false;
  }
@@ -XXX,XX +XXX,XX @@ static void smmuv3_instance_init(Object *obj)
  static void smmuv3_class_init(ObjectClass *klass, void *data)
  {
      DeviceClass *dc = DEVICE_CLASS(klass);
 +    ResettableClass *rc = RESETTABLE_CLASS(klass);
      SMMUv3Class *c = ARM_SMMUV3_CLASS(klass);
      dc->vmsd = &vmstate_smmuv3;
 -    device_class_set_parent_reset(dc, smmu_reset, &c->parent_reset);
 +    resettable_class_set_parent_phases(rc, NULL, smmu_reset_hold, NULL,
 +                                       &c->parent_phases);
      c->parent_realize = dc->realize;
      dc->realize = smmu_realize;
  }
 --
-.25.1
+.34.1

-[PULL 17/29] hw/arm: Convert TYPE_ARM_SMMU to 3-phase reset
+[PULL 6/7] accel/tcg: Zero-pad PC in TCG CPU exec trace lines
-Convert the TYPE_ARM_SMMU device to 3-phase reset.  The legacy method
+In commit f0a08b0913befbd we changed the type of the PC from
-doesn't do anything that's invalid in the hold phase, so the
+target_ulong to vaddr.  In doing so we inadvertently dropped the
-conversion is simple and not a behaviour change.
+zero-padding on the PC in trace lines (the second item inside the []
 in these lines).  They used to look like this on AArch64, for
 instance:
-Note that we must convert this base class before we can convert the
+Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000]
 TYPE_ARM_SMMUV3 subclass -- transitional support in Resettable
 handles "chain to parent class reset" when the base class is 3-phase
 and the subclass is still using legacy reset, but not the other way
 around.
+and now they look like this:
+Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000]
+and if the PC happens to be somewhere low like 0x5000
+then the field is shown as /5000/.
+This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier,
+depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64
+with no width specifier.
+Restore the zero-padding by adding an 016 width specifier to
+this tracing and a couple of others that were similarly recently
+changed to use VADDR_PRIx without a width specifier.
+We can't unfortunately restore the "32-bit guests are padded to
+hex digits and 64-bit guests to 16 hex digits" behaviour so
+easily.
+Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr")
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Anton Johansson <anjo@rev.ng>
-Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org
 Message-id: 20221109161444.3397405-2-peter.maydell@linaro.org
 ---
- hw/arm/smmu-common.c | 7 ++++---
+ accel/tcg/cpu-exec.c      | 4 ++--
-file changed, 4 insertions(+), 3 deletions(-)
+ accel/tcg/translate-all.c | 2 +-
 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/smmu-common.c
+--- a/accel/tcg/cpu-exec.c
-+++ b/hw/arm/smmu-common.c
++++ b/accel/tcg/cpu-exec.c
-@@ -XXX,XX +XXX,XX @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
+@@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu,
      if (qemu_log_in_addr_range(pc)) {
          qemu_log_mask(CPU_LOG_EXEC,
                        "Trace %d: %p [%08" PRIx64
 -                      "/%" VADDR_PRIx "/%08x/%08x] %s\n",
 +                      "/%016" VADDR_PRIx "/%08x/%08x] %s\n",
                        cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
                        tb->flags, tb->cflags, lookup_symbol(pc));
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
          if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
              vaddr pc = log_pc(cpu, last_tb);
              if (qemu_log_in_addr_range(pc)) {
 -                qemu_log("Stopped execution of TB chain before %p [%"
 +                qemu_log("Stopped execution of TB chain before %p [%016"
                           VADDR_PRIx "] %s\n",
                           last_tb->tc.ptr, pc, lookup_symbol(pc));
              }
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
      if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
          vaddr pc = log_pc(cpu, tb);
          if (qemu_log_in_addr_range(pc)) {
 -            qemu_log("cpu_io_recompile: rewound execution of TB to %"
 +            qemu_log("cpu_io_recompile: rewound execution of TB to %016"
                       VADDR_PRIx "\n", pc);
          }
      }
- }
--static void smmu_base_reset(DeviceState *dev)
-+static void smmu_base_reset_hold(Object *obj)
- {
--    SMMUState *s = ARM_SMMU(dev);
-+    SMMUState *s = ARM_SMMU(obj);
-     g_hash_table_remove_all(s->configs);
-     g_hash_table_remove_all(s->iotlb);
-@@ -XXX,XX +XXX,XX @@ static Property smmu_dev_properties[] = {
- static void smmu_base_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     SMMUBaseClass *sbc = ARM_SMMU_CLASS(klass);
-     device_class_set_props(dc, smmu_dev_properties);
-     device_class_set_parent_realize(dc, smmu_base_realize,
-                                     &sbc->parent_realize);
--    dc->reset = smmu_base_reset;
-+    rc->phases.hold = smmu_base_reset_hold;
- }
- static const TypeInfo smmu_base_info = {
 --
-.25.1
+.34.1

-[PULL 19/29] hw/intc: Convert TYPE_ARM_GIC_COMMON to 3-phase reset
+Deleted patch
-Convert the TYPE_ARM_GIC_COMMON device to 3-phase reset.  This is a
-simple no-behaviour-change conversion.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20221109161444.3397405-4-peter.maydell@linaro.org
----
- hw/intc/arm_gic_common.c | 7 ++++---
-file changed, 4 insertions(+), 3 deletions(-)
-diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gic_common.c
-+++ b/hw/intc/arm_gic_common.c
-@@ -XXX,XX +XXX,XX @@ static inline void arm_gic_common_reset_irq_state(GICState *s, int first_cpu,
-     }
- }
--static void arm_gic_common_reset(DeviceState *dev)
-+static void arm_gic_common_reset_hold(Object *obj)
- {
--    GICState *s = ARM_GIC_COMMON(dev);
-+    GICState *s = ARM_GIC_COMMON(obj);
-     int i, j;
-     int resetprio;
-@@ -XXX,XX +XXX,XX @@ static Property arm_gic_common_properties[] = {
- static void arm_gic_common_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
--    dc->reset = arm_gic_common_reset;
-+    rc->phases.hold = arm_gic_common_reset_hold;
-     dc->realize = arm_gic_common_realize;
-     device_class_set_props(dc, arm_gic_common_properties);
-     dc->vmsd = &vmstate_gic;
---
-.25.1

-[PULL 20/29] hw/intc: Convert TYPE_ARM_GIC_KVM to 3-phase reset
+Deleted patch
-Now we have converted TYPE_ARM_GIC_COMMON, we can convert the
-TYPE_ARM_GIC_KVM subclass to 3-phase reset.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20221109161444.3397405-5-peter.maydell@linaro.org
----
- hw/intc/arm_gic_kvm.c | 14 +++++++++-----
-file changed, 9 insertions(+), 5 deletions(-)
-diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gic_kvm.c
-+++ b/hw/intc/arm_gic_kvm.c
-@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICState, KVMARMGICClass,
- struct KVMARMGICClass {
-     ARMGICCommonClass parent_class;
-     DeviceRealize parent_realize;
--    void (*parent_reset)(DeviceState *dev);
-+    ResettablePhases parent_phases;
- };
- void kvm_arm_gic_set_irq(uint32_t num_irq, int irq, int level)
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_get(GICState *s)
-     }
- }
--static void kvm_arm_gic_reset(DeviceState *dev)
-+static void kvm_arm_gic_reset_hold(Object *obj)
- {
--    GICState *s = ARM_GIC_COMMON(dev);
-+    GICState *s = ARM_GIC_COMMON(obj);
-     KVMARMGICClass *kgc = KVM_ARM_GIC_GET_CLASS(s);
--    kgc->parent_reset(dev);
-+    if (kgc->parent_phases.hold) {
-+        kgc->parent_phases.hold(obj);
-+    }
-     if (kvm_arm_gic_can_save_restore(s)) {
-         kvm_arm_gic_put(s);
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_realize(DeviceState *dev, Error **errp)
- static void kvm_arm_gic_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     ARMGICCommonClass *agcc = ARM_GIC_COMMON_CLASS(klass);
-     KVMARMGICClass *kgc = KVM_ARM_GIC_CLASS(klass);
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_class_init(ObjectClass *klass, void *data)
-     agcc->post_load = kvm_arm_gic_put;
-     device_class_set_parent_realize(dc, kvm_arm_gic_realize,
-                                     &kgc->parent_realize);
--    device_class_set_parent_reset(dc, kvm_arm_gic_reset, &kgc->parent_reset);
-+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_gic_reset_hold, NULL,
-+                                       &kgc->parent_phases);
- }
- static const TypeInfo kvm_arm_gic_info = {
---
-.25.1

-[PULL 21/29] hw/intc: Convert TYPE_ARM_GICV3_COMMON to 3-phase reset
+Deleted patch
-Convert the TYPE_ARM_GICV3_COMMON parent class to 3-phase reset.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20221109161444.3397405-6-peter.maydell@linaro.org
----
- hw/intc/arm_gicv3_common.c | 7 ++++---
-file changed, 4 insertions(+), 3 deletions(-)
-diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_common.c
-+++ b/hw/intc/arm_gicv3_common.c
-@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_finalize(Object *obj)
-     g_free(s->redist_region_count);
- }
--static void arm_gicv3_common_reset(DeviceState *dev)
-+static void arm_gicv3_common_reset_hold(Object *obj)
- {
--    GICv3State *s = ARM_GICV3_COMMON(dev);
-+    GICv3State *s = ARM_GICV3_COMMON(obj);
-     int i;
-     for (i = 0; i < s->num_cpu; i++) {
-@@ -XXX,XX +XXX,XX @@ static Property arm_gicv3_common_properties[] = {
- static void arm_gicv3_common_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
--    dc->reset = arm_gicv3_common_reset;
-+    rc->phases.hold = arm_gicv3_common_reset_hold;
-     dc->realize = arm_gicv3_common_realize;
-     device_class_set_props(dc, arm_gicv3_common_properties);
-     dc->vmsd = &vmstate_gicv3;
---
-.25.1

-[PULL 22/29] hw/intc: Convert TYPE_KVM_ARM_GICV3 to 3-phase reset
+Deleted patch
-Convert the TYPE_KVM_ARM_GICV3 device to 3-phase reset.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20221109161444.3397405-7-peter.maydell@linaro.org
----
- hw/intc/arm_gicv3_kvm.c | 14 +++++++++-----
-file changed, 9 insertions(+), 5 deletions(-)
-diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_kvm.c
-+++ b/hw/intc/arm_gicv3_kvm.c
-@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3State, KVMARMGICv3Class,
- struct KVMARMGICv3Class {
-     ARMGICv3CommonClass parent_class;
-     DeviceRealize parent_realize;
--    void (*parent_reset)(DeviceState *dev);
-+    ResettablePhases parent_phases;
- };
- static void kvm_arm_gicv3_set_irq(void *opaque, int irq, int level)
-@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_icc_reset(CPUARMState *env, const ARMCPRegInfo *ri)
-     c->icc_ctlr_el1[GICV3_S] = c->icc_ctlr_el1[GICV3_NS];
- }
--static void kvm_arm_gicv3_reset(DeviceState *dev)
-+static void kvm_arm_gicv3_reset_hold(Object *obj)
- {
--    GICv3State *s = ARM_GICV3_COMMON(dev);
-+    GICv3State *s = ARM_GICV3_COMMON(obj);
-     KVMARMGICv3Class *kgc = KVM_ARM_GICV3_GET_CLASS(s);
-     DPRINTF("Reset\n");
--    kgc->parent_reset(dev);
-+    if (kgc->parent_phases.hold) {
-+        kgc->parent_phases.hold(obj);
-+    }
-     if (s->migration_blocker) {
-         DPRINTF("Cannot put kernel gic state, no kernel interface\n");
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
- static void kvm_arm_gicv3_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     ARMGICv3CommonClass *agcc = ARM_GICV3_COMMON_CLASS(klass);
-     KVMARMGICv3Class *kgc = KVM_ARM_GICV3_CLASS(klass);
-@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_class_init(ObjectClass *klass, void *data)
-     agcc->post_load = kvm_arm_gicv3_put;
-     device_class_set_parent_realize(dc, kvm_arm_gicv3_realize,
-                                     &kgc->parent_realize);
--    device_class_set_parent_reset(dc, kvm_arm_gicv3_reset, &kgc->parent_reset);
-+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_gicv3_reset_hold, NULL,
-+                                       &kgc->parent_phases);
- }
- static const TypeInfo kvm_arm_gicv3_info = {
---
-.25.1

-[PULL 24/29] hw/intc: Convert TYPE_ARM_GICV3_ITS to 3-phase reset
+Deleted patch
-Convert the TYPE_ARM_GICV3_ITS device to 3-phase reset.
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20221109161444.3397405-9-peter.maydell@linaro.org
----
- hw/intc/arm_gicv3_its.c | 14 +++++++++-----
-file changed, 9 insertions(+), 5 deletions(-)
-diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_its.c
-+++ b/hw/intc/arm_gicv3_its.c
-@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3ITSState, GICv3ITSClass,
- struct GICv3ITSClass {
-     GICv3ITSCommonClass parent_class;
--    void (*parent_reset)(DeviceState *dev);
-+    ResettablePhases parent_phases;
- };
- /*
-@@ -XXX,XX +XXX,XX @@ static void gicv3_arm_its_realize(DeviceState *dev, Error **errp)
-     }
- }
--static void gicv3_its_reset(DeviceState *dev)
-+static void gicv3_its_reset_hold(Object *obj)
- {
--    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
-+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
-     GICv3ITSClass *c = ARM_GICV3_ITS_GET_CLASS(s);
--    c->parent_reset(dev);
-+    if (c->parent_phases.hold) {
-+        c->parent_phases.hold(obj);
-+    }
-     /* Quiescent bit reset to 1 */
-     s->ctlr = FIELD_DP32(s->ctlr, GITS_CTLR, QUIESCENT, 1);
-@@ -XXX,XX +XXX,XX @@ static Property gicv3_its_props[] = {
- static void gicv3_its_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-+    ResettableClass *rc = RESETTABLE_CLASS(klass);
-     GICv3ITSClass *ic = ARM_GICV3_ITS_CLASS(klass);
-     GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
-     dc->realize = gicv3_arm_its_realize;
-     device_class_set_props(dc, gicv3_its_props);
--    device_class_set_parent_reset(dc, gicv3_its_reset, &ic->parent_reset);
-+    resettable_class_set_parent_phases(rc, NULL, gicv3_its_reset_hold, NULL,
-+                                       &ic->parent_phases);
-     icc->post_load = gicv3_its_post_load;
- }
---
-.25.1

-[PULL 26/29] hw/arm/boot: set initrd with #address-cells type in fdt
+Deleted patch
-From: Schspa Shi <schspa@gmail.com>
-We use 32bit value for linux,initrd-[start/end], when we have
-loader_start > 4GB, there will be a wrong initrd_start passed
-to the kernel, and the kernel will report the following warning.
-[    0.000000] ------------[ cut here ]------------
-[    0.000000] initrd not fully accessible via the linear mapping -- please check your bootloader ...
-[    0.000000] WARNING: CPU: 0 PID: 0 at arch/arm64/mm/init.c:355 arm64_memblock_init+0x158/0x244
-[    0.000000] Modules linked in:
-[    0.000000] CPU: 0 PID: 0 Comm: swapper Tainted: G        W          6.1.0-rc3-13250-g30a0b95b1335-dirty #28
-[    0.000000] Hardware name: Horizon Sigi Virtual development board (DT)
-[    0.000000] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
-[    0.000000] pc : arm64_memblock_init+0x158/0x244
-[    0.000000] lr : arm64_memblock_init+0x158/0x244
-[    0.000000] sp : ffff800009273df0
-[    0.000000] x29: ffff800009273df0 x28: 0000001000cc0010 x27: 0000800000000000
-[    0.000000] x26: 000000000050a3e2 x25: ffff800008b46000 x24: ffff800008b46000
-[    0.000000] x23: ffff800008a53000 x22: ffff800009420000 x21: ffff800008a53000
-[    0.000000] x20: 0000000004000000 x19: 0000000004000000 x18: 00000000ffff1020
-[    0.000000] x17: 6568632065736165 x16: 6c70202d2d20676e x15: 697070616d207261
-[    0.000000] x14: 656e696c20656874 x13: 0a2e2e2e20726564 x12: 0000000000000000
-[    0.000000] x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
-[    0.000000] x8 : 0000000000000000 x7 : 796c6c756620746f x6 : 6e20647274696e69
-[    0.000000] x5 : ffff8000093c7c47 x4 : ffff800008a2102f x3 : ffff800009273a88
-[    0.000000] x2 : 80000000fffff038 x1 : 00000000000000c0 x0 : 0000000000000056
-[    0.000000] Call trace:
-[    0.000000]  arm64_memblock_init+0x158/0x244
-[    0.000000]  setup_arch+0x164/0x1cc
-[    0.000000]  start_kernel+0x94/0x4ac
-[    0.000000]  __primary_switched+0xb4/0xbc
-[    0.000000] ---[ end trace 0000000000000000 ]---
-[    0.000000] Zone ranges:
-[    0.000000]   DMA      [mem 0x0000001000000000-0x0000001007ffffff]
-This doesn't affect any machine types we currently support, because
-for all of our machine types the RAM starts well below the 4GB
-mark, but it does demonstrate that we're not currently writing
-the device-tree properties quite as intended.
-To fix it, we can change it to write these values to the dtb using a
-type width matching #address-cells.  This is the intended size for
-these dtb properties, and is how u-boot, for instance, writes them,
-although in practice the Linux kernel will cope with them being any
-width as long as they're big enough to fit the value.
-Signed-off-by: Schspa Shi <schspa@gmail.com>
-Message-id: 20221129160724.75667-1-schspa@gmail.com
-[PMM: tweaked commit message]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/boot.c | 10 ++++++----
-file changed, 6 insertions(+), 4 deletions(-)
-diff --git a/hw/arm/boot.c b/hw/arm/boot.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/boot.c
-+++ b/hw/arm/boot.c
-@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
-     }
-     if (binfo->initrd_size) {
--        rc = qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start",
--                                   binfo->initrd_start);
-+        rc = qemu_fdt_setprop_sized_cells(fdt, "/chosen", "linux,initrd-start",
-+                                          acells, binfo->initrd_start);
-         if (rc < 0) {
-             fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
-             goto fail;
-         }
--        rc = qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
--                                   binfo->initrd_start + binfo->initrd_size);
-+        rc = qemu_fdt_setprop_sized_cells(fdt, "/chosen", "linux,initrd-end",
-+                                          acells,
-+                                          binfo->initrd_start +
-+                                          binfo->initrd_size);
-         if (rc < 0) {
-             fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
-             goto fail;
---
-.25.1

-[PULL 27/29] target/arm: align exposed ID registers with Linux
+Deleted patch
-From: Zhuojia Shen <chaosdefinition@hotmail.com>
-In CPUID registers exposed to userspace, some registers were missing
-and some fields were not exposed.  This patch aligns exposed ID
-registers and their fields with what the upstream kernel currently
-exposes.
-Specifically, the following new ID registers/fields are exposed to
-userspace:
-ID_AA64PFR1_EL1.BT:       bits 3-0
-ID_AA64PFR1_EL1.MTE:      bits 11-8
-ID_AA64PFR1_EL1.SME:      bits 27-24
-ID_AA64ZFR0_EL1.SVEver:   bits 3-0
-ID_AA64ZFR0_EL1.AES:      bits 7-4
-ID_AA64ZFR0_EL1.BitPerm:  bits 19-16
-ID_AA64ZFR0_EL1.BF16:     bits 23-20
-ID_AA64ZFR0_EL1.SHA3:     bits 35-32
-ID_AA64ZFR0_EL1.SM4:      bits 43-40
-ID_AA64ZFR0_EL1.I8MM:     bits 47-44
-ID_AA64ZFR0_EL1.F32MM:    bits 55-52
-ID_AA64ZFR0_EL1.F64MM:    bits 59-56
-ID_AA64SMFR0_EL1.F32F32:  bit 32
-ID_AA64SMFR0_EL1.B16F32:  bit 34
-ID_AA64SMFR0_EL1.F16F32:  bit 35
-ID_AA64SMFR0_EL1.I8I32:   bits 39-36
-ID_AA64SMFR0_EL1.F64F64:  bit 48
-ID_AA64SMFR0_EL1.I16I64:  bits 55-52
-ID_AA64SMFR0_EL1.FA64:    bit 63
-ID_AA64MMFR0_EL1.ECV:     bits 63-60
-ID_AA64MMFR1_EL1.AFP:     bits 47-44
-ID_AA64MMFR2_EL1.AT:      bits 35-32
-ID_AA64ISAR0_EL1.RNDR:    bits 63-60
-ID_AA64ISAR1_EL1.FRINTTS: bits 35-32
-ID_AA64ISAR1_EL1.BF16:    bits 47-44
-ID_AA64ISAR1_EL1.DGH:     bits 51-48
-ID_AA64ISAR1_EL1.I8MM:    bits 55-52
-ID_AA64ISAR2_EL1.WFxT:    bits 3-0
-ID_AA64ISAR2_EL1.RPRES:   bits 7-4
-ID_AA64ISAR2_EL1.GPA3:    bits 11-8
-ID_AA64ISAR2_EL1.APA3:    bits 15-12
-The code is also refactored to use symbolic names for ID register fields
-for better readability and maintainability.
-Signed-off-by: Zhuojia Shen <chaosdefinition@hotmail.com>
-Message-id: DS7PR12MB6309BC9133877BCC6FC419FEAC0D9@DS7PR12MB6309.namprd12.prod.outlook.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 96 +++++++++++++++++++++++++++++++++++++--------
-file changed, 79 insertions(+), 17 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
- #ifdef CONFIG_USER_ONLY
-         static const ARMCPRegUserSpaceInfo v8_user_idregs[] = {
-             { .name = "ID_AA64PFR0_EL1",
--              .exported_bits = 0x000f000f00ff0000,
--              .fixed_bits    = 0x0000000000000011 },
-+              .exported_bits = R_ID_AA64PFR0_FP_MASK |
-+                               R_ID_AA64PFR0_ADVSIMD_MASK |
-+                               R_ID_AA64PFR0_SVE_MASK |
-+                               R_ID_AA64PFR0_DIT_MASK,
-+              .fixed_bits = (0x1 << R_ID_AA64PFR0_EL0_SHIFT) |
-+                            (0x1 << R_ID_AA64PFR0_EL1_SHIFT) },
-             { .name = "ID_AA64PFR1_EL1",
--              .exported_bits = 0x00000000000000f0 },
-+              .exported_bits = R_ID_AA64PFR1_BT_MASK |
-+                               R_ID_AA64PFR1_SSBS_MASK |
-+                               R_ID_AA64PFR1_MTE_MASK |
-+                               R_ID_AA64PFR1_SME_MASK },
-             { .name = "ID_AA64PFR*_EL1_RESERVED",
--              .is_glob = true                     },
--            { .name = "ID_AA64ZFR0_EL1"           },
-+              .is_glob = true },
-+            { .name = "ID_AA64ZFR0_EL1",
-+              .exported_bits = R_ID_AA64ZFR0_SVEVER_MASK |
-+                               R_ID_AA64ZFR0_AES_MASK |
-+                               R_ID_AA64ZFR0_BITPERM_MASK |
-+                               R_ID_AA64ZFR0_BFLOAT16_MASK |
-+                               R_ID_AA64ZFR0_SHA3_MASK |
-+                               R_ID_AA64ZFR0_SM4_MASK |
-+                               R_ID_AA64ZFR0_I8MM_MASK |
-+                               R_ID_AA64ZFR0_F32MM_MASK |
-+                               R_ID_AA64ZFR0_F64MM_MASK },
-+            { .name = "ID_AA64SMFR0_EL1",
-+              .exported_bits = R_ID_AA64SMFR0_F32F32_MASK |
-+                               R_ID_AA64SMFR0_B16F32_MASK |
-+                               R_ID_AA64SMFR0_F16F32_MASK |
-+                               R_ID_AA64SMFR0_I8I32_MASK |
-+                               R_ID_AA64SMFR0_F64F64_MASK |
-+                               R_ID_AA64SMFR0_I16I64_MASK |
-+                               R_ID_AA64SMFR0_FA64_MASK },
-             { .name = "ID_AA64MMFR0_EL1",
--              .fixed_bits    = 0x00000000ff000000 },
--            { .name = "ID_AA64MMFR1_EL1"          },
-+              .exported_bits = R_ID_AA64MMFR0_ECV_MASK,
-+              .fixed_bits = (0xf << R_ID_AA64MMFR0_TGRAN64_SHIFT) |
-+                            (0xf << R_ID_AA64MMFR0_TGRAN4_SHIFT) },
-+            { .name = "ID_AA64MMFR1_EL1",
-+              .exported_bits = R_ID_AA64MMFR1_AFP_MASK },
-+            { .name = "ID_AA64MMFR2_EL1",
-+              .exported_bits = R_ID_AA64MMFR2_AT_MASK },
-             { .name = "ID_AA64MMFR*_EL1_RESERVED",
--              .is_glob = true                     },
-+              .is_glob = true },
-             { .name = "ID_AA64DFR0_EL1",
--              .fixed_bits    = 0x0000000000000006 },
--            { .name = "ID_AA64DFR1_EL1"           },
-+              .fixed_bits = (0x6 << R_ID_AA64DFR0_DEBUGVER_SHIFT) },
-+            { .name = "ID_AA64DFR1_EL1" },
-             { .name = "ID_AA64DFR*_EL1_RESERVED",
--              .is_glob = true                     },
-+              .is_glob = true },
-             { .name = "ID_AA64AFR*",
--              .is_glob = true                     },
-+              .is_glob = true },
-             { .name = "ID_AA64ISAR0_EL1",
--              .exported_bits = 0x00fffffff0fffff0 },
-+              .exported_bits = R_ID_AA64ISAR0_AES_MASK |
-+                               R_ID_AA64ISAR0_SHA1_MASK |
-+                               R_ID_AA64ISAR0_SHA2_MASK |
-+                               R_ID_AA64ISAR0_CRC32_MASK |
-+                               R_ID_AA64ISAR0_ATOMIC_MASK |
-+                               R_ID_AA64ISAR0_RDM_MASK |
-+                               R_ID_AA64ISAR0_SHA3_MASK |
-+                               R_ID_AA64ISAR0_SM3_MASK |
-+                               R_ID_AA64ISAR0_SM4_MASK |
-+                               R_ID_AA64ISAR0_DP_MASK |
-+                               R_ID_AA64ISAR0_FHM_MASK |
-+                               R_ID_AA64ISAR0_TS_MASK |
-+                               R_ID_AA64ISAR0_RNDR_MASK },
-             { .name = "ID_AA64ISAR1_EL1",
--              .exported_bits = 0x000000f0ffffffff },
-+              .exported_bits = R_ID_AA64ISAR1_DPB_MASK |
-+                               R_ID_AA64ISAR1_APA_MASK |
-+                               R_ID_AA64ISAR1_API_MASK |
-+                               R_ID_AA64ISAR1_JSCVT_MASK |
-+                               R_ID_AA64ISAR1_FCMA_MASK |
-+                               R_ID_AA64ISAR1_LRCPC_MASK |
-+                               R_ID_AA64ISAR1_GPA_MASK |
-+                               R_ID_AA64ISAR1_GPI_MASK |
-+                               R_ID_AA64ISAR1_FRINTTS_MASK |
-+                               R_ID_AA64ISAR1_SB_MASK |
-+                               R_ID_AA64ISAR1_BF16_MASK |
-+                               R_ID_AA64ISAR1_DGH_MASK |
-+                               R_ID_AA64ISAR1_I8MM_MASK },
-+            { .name = "ID_AA64ISAR2_EL1",
-+              .exported_bits = R_ID_AA64ISAR2_WFXT_MASK |
-+                               R_ID_AA64ISAR2_RPRES_MASK |
-+                               R_ID_AA64ISAR2_GPA3_MASK |
-+                               R_ID_AA64ISAR2_APA3_MASK },
-             { .name = "ID_AA64ISAR*_EL1_RESERVED",
--              .is_glob = true                     },
-+              .is_glob = true },
-         };
-         modify_arm_cp_regs(v8_idregs, v8_user_idregs);
- #endif
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
- #ifdef CONFIG_USER_ONLY
-         static const ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
-             { .name = "MIDR_EL1",
--              .exported_bits = 0x00000000ffffffff },
--            { .name = "REVIDR_EL1"                },
-+              .exported_bits = R_MIDR_EL1_REVISION_MASK |
-+                               R_MIDR_EL1_PARTNUM_MASK |
-+                               R_MIDR_EL1_ARCHITECTURE_MASK |
-+                               R_MIDR_EL1_VARIANT_MASK |
-+                               R_MIDR_EL1_IMPLEMENTER_MASK },
-+            { .name = "REVIDR_EL1" },
-         };
-         modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
- #endif
---
-.25.1

-[PULL 29/29] target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator
+[PULL 7/7] hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
+From: Tong Ho <tong.ho@amd.com>
-When building with --disable-tcg on Darwin we get:
+Add a check in the bit-set operation to write the backstore
 only if the affected bit is 0 before.
-  target/arm/cpu.c:725:16: error: incomplete definition of type 'struct TCGCPUOps'
+With this in place, there will be no need for callers to
-    cc->tcg_ops->do_interrupt(cs);
+do the checking in order to avoid unnecessary writes.
     ~~~~~~~~~~~^
-Commit 083afd18a9 ("target/arm: Restrict cpu_exec_interrupt()
+Signed-off-by: Tong Ho <tong.ho@amd.com>
-handler to sysemu") limited this block to system emulation,
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
-but neglected to also limit it to TCG.
+Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Fabiano Rosas <farosas@suse.de>
 Message-id: 20221209110823.59495-1-philmd@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.c | 5 +++--
+ hw/nvram/xlnx-efuse.c | 11 +++++++++--
-file changed, 3 insertions(+), 2 deletions(-)
+file changed, 9 insertions(+), 2 deletions(-)
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
+--- a/hw/nvram/xlnx-efuse.c
-+++ b/target/arm/cpu.c
++++ b/hw/nvram/xlnx-efuse.c
-@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
+@@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k)
-     arm_rebuild_hflags(env);
- }
+ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
+ {
--#ifndef CONFIG_USER_ONLY
++    uint32_t set, *row;
-+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
++
+     if (efuse_ro_bits_find(s, bit)) {
- static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
+         g_autofree char *path = object_get_canonical_path(OBJECT(s));
-                                      unsigned int target_el,
-@@ -XXX,XX +XXX,XX @@ static bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+@@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
-     cc->tcg_ops->do_interrupt(cs);
+         return false;
      }
 -    s->fuse32[bit / 32] |= 1 << (bit % 32);
 -    efuse_bdrv_sync(s, bit);
 +    /* Avoid back-end write unless there is a real update */
 +    row = &s->fuse32[bit / 32];
 +    set = 1 << (bit % 32);
 +    if (!(set & *row)) {
 +        *row |= set;
 +        efuse_bdrv_sync(s, bit);
 +    }
      return true;
  }
--#endif /* !CONFIG_USER_ONLY */
 +
 +#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
  void arm_cpu_update_virq(ARMCPU *cpu)
  {
 --
-.25.1
+.34.1

First arm pullreq of the 8.0 series...

The following changes since commit ae2b87341b5ddb0dcb1b3f2d4f586ef18de75873:

Merge tag 'pull-qapi-2022-12-14-v2' of https://repo.or.cz/qemu/armbru into staging (2022-12-14 22:42:14 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221215

for you to fetch changes up to 4f3ebdc33618e7c163f769047859d6f34373e3af:

target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator (2022-12-15 11:18:20 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: Add properties to allow more granular
   configuration of use of highmem space
 * target/arm: Add Cortex-A55 CPU
 * hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement
 * Implement FEAT_EVT
 * Some 3-phase-reset conversions for Arm GIC, SMMU
 * hw/arm/boot: set initrd with #address-cells type in fdt
 * align user-mode exposed ID registers with Linux
 * hw/misc: Move some arm-related files from specific_ss into softmmu_ss
 * Restrict arm_cpu_exec_interrupt() to TCG accelerator

----------------------------------------------------------------
Gavin Shan (7):
      hw/arm/virt: Introduce virt_set_high_memmap() helper
      hw/arm/virt: Rename variable size to region_size in virt_set_high_memmap()
      hw/arm/virt: Introduce variable region_base in virt_set_high_memmap()
      hw/arm/virt: Introduce virt_get_high_memmap_enabled() helper
      hw/arm/virt: Improve high memory region address assignment
      hw/arm/virt: Add 'compact-highmem' property
      hw/arm/virt: Add properties to disable high memory regions

Luke Starrett (1):
      hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement

Mihai Carabas (1):
      hw/arm/virt: build SMBIOS 19 table

Peter Maydell (15):
      target/arm: Allow relevant HCR bits to be written for FEAT_EVT
      target/arm: Implement HCR_EL2.TTLBIS traps
      target/arm: Implement HCR_EL2.TTLBOS traps
      target/arm: Implement HCR_EL2.TICAB,TOCU traps
      target/arm: Implement HCR_EL2.TID4 traps
      target/arm: Report FEAT_EVT for TCG '-cpu max'
      hw/arm: Convert TYPE_ARM_SMMU to 3-phase reset
      hw/arm: Convert TYPE_ARM_SMMUV3 to 3-phase reset
      hw/intc: Convert TYPE_ARM_GIC_COMMON to 3-phase reset
      hw/intc: Convert TYPE_ARM_GIC_KVM to 3-phase reset
      hw/intc: Convert TYPE_ARM_GICV3_COMMON to 3-phase reset
      hw/intc: Convert TYPE_KVM_ARM_GICV3 to 3-phase reset
      hw/intc: Convert TYPE_ARM_GICV3_ITS_COMMON to 3-phase reset
      hw/intc: Convert TYPE_ARM_GICV3_ITS to 3-phase reset
      hw/intc: Convert TYPE_KVM_ARM_ITS to 3-phase reset

Philippe Mathieu-Daudé (1):
      target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator

Schspa Shi (1):
      hw/arm/boot: set initrd with #address-cells type in fdt

Thomas Huth (1):
      hw/misc: Move some arm-related files from specific_ss into softmmu_ss

Timofey Kutergin (1):
      target/arm: Add Cortex-A55 CPU

Zhuojia Shen (1):
      target/arm: align exposed ID registers with Linux

From: Gavin Shan <gshan@redhat.com>

This introduces virt_set_high_memmap() helper. The logic of high
memory region address assignment is moved to the helper. The intention
is to make the subsequent optimization for high memory region address
assignment easier.

No functional change intended.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-2-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 74 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 41 insertions(+), 33 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
     return arm_cpu_mp_affinity(idx, clustersz);
 }
 
+static void virt_set_high_memmap(VirtMachineState *vms,
+                                 hwaddr base, int pa_bits)
+{
+    int i;
+
+    for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
+        hwaddr size = extended_memmap[i].size;
+        bool fits;
+
+        base = ROUND_UP(base, size);
+        vms->memmap[i].base = base;
+        vms->memmap[i].size = size;
+
+        /*
+         * Check each device to see if they fit in the PA space,
+         * moving highest_gpa as we go.
+         *
+         * For each device that doesn't fit, disable it.
+         */
+        fits = (base + size) <= BIT_ULL(pa_bits);
+        if (fits) {
+            vms->highest_gpa = base + size - 1;
+        }
+
+        switch (i) {
+        case VIRT_HIGH_GIC_REDIST2:
+            vms->highmem_redists &= fits;
+            break;
+        case VIRT_HIGH_PCIE_ECAM:
+            vms->highmem_ecam &= fits;
+            break;
+        case VIRT_HIGH_PCIE_MMIO:
+            vms->highmem_mmio &= fits;
+            break;
+        }
+
+        base += size;
+    }
+}
+
 static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
 {
     MachineState *ms = MACHINE(vms);
@@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
     /* We know for sure that at least the memory fits in the PA space */
     vms->highest_gpa = memtop - 1;
 
-    for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
-        hwaddr size = extended_memmap[i].size;
-        bool fits;
-
-        base = ROUND_UP(base, size);
-        vms->memmap[i].base = base;
-        vms->memmap[i].size = size;
-
-        /*
-         * Check each device to see if they fit in the PA space,
-         * moving highest_gpa as we go.
-         *
-         * For each device that doesn't fit, disable it.
-         */
-        fits = (base + size) <= BIT_ULL(pa_bits);
-        if (fits) {
-            vms->highest_gpa = base + size - 1;
-        }
-
-        switch (i) {
-        case VIRT_HIGH_GIC_REDIST2:
-            vms->highmem_redists &= fits;
-            break;
-        case VIRT_HIGH_PCIE_ECAM:
-            vms->highmem_ecam &= fits;
-            break;
-        case VIRT_HIGH_PCIE_MMIO:
-            vms->highmem_mmio &= fits;
-            break;
-        }
-
-        base += size;
-    }
+    virt_set_high_memmap(vms, base, pa_bits);
 
     if (device_memory_size > 0) {
         ms->device_memory = g_malloc0(sizeof(*ms->device_memory));
-- 
2.25.1

From: Gavin Shan <gshan@redhat.com>

This renames variable 'size' to 'region_size' in virt_set_high_memmap().
Its counterpart ('region_base') will be introduced in next patch.

No functional change intended.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-3-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
 static void virt_set_high_memmap(VirtMachineState *vms,
                                  hwaddr base, int pa_bits)
 {
+    hwaddr region_size;
+    bool fits;
     int i;
 
     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
-        hwaddr size = extended_memmap[i].size;
-        bool fits;
+        region_size = extended_memmap[i].size;
 
-        base = ROUND_UP(base, size);
+        base = ROUND_UP(base, region_size);
         vms->memmap[i].base = base;
-        vms->memmap[i].size = size;
+        vms->memmap[i].size = region_size;
 
         /*
          * Check each device to see if they fit in the PA space,
@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
          *
          * For each device that doesn't fit, disable it.
          */
-        fits = (base + size) <= BIT_ULL(pa_bits);
+        fits = (base + region_size) <= BIT_ULL(pa_bits);
         if (fits) {
-            vms->highest_gpa = base + size - 1;
+            vms->highest_gpa = base + region_size - 1;
         }
 
         switch (i) {
@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
             break;
         }
 
-        base += size;
+        base += region_size;
     }
 }
 
-- 
2.25.1

From: Gavin Shan <gshan@redhat.com>

This introduces variable 'region_base' for the base address of the
specific high memory region. It's the preparatory work to optimize
high memory region address assignment.

No functional change intended.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-4-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
 static void virt_set_high_memmap(VirtMachineState *vms,
                                  hwaddr base, int pa_bits)
 {
-    hwaddr region_size;
+    hwaddr region_base, region_size;
     bool fits;
     int i;
 
     for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
+        region_base = ROUND_UP(base, extended_memmap[i].size);
         region_size = extended_memmap[i].size;
 
-        base = ROUND_UP(base, region_size);
-        vms->memmap[i].base = base;
+        vms->memmap[i].base = region_base;
         vms->memmap[i].size = region_size;
 
         /*
@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
          *
          * For each device that doesn't fit, disable it.
          */
-        fits = (base + region_size) <= BIT_ULL(pa_bits);
+        fits = (region_base + region_size) <= BIT_ULL(pa_bits);
         if (fits) {
-            vms->highest_gpa = base + region_size - 1;
+            vms->highest_gpa = region_base + region_size - 1;
         }
 
         switch (i) {
@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
             break;
         }
 
-        base += region_size;
+        base = region_base + region_size;
     }
 }
 
-- 
2.25.1

From: Gavin Shan <gshan@redhat.com>

This introduces virt_get_high_memmap_enabled() helper, which returns
the pointer to vms->highmem_{redists, ecam, mmio}. The pointer will
be used in the subsequent patches.

No functional change intended.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-5-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

From: Gavin Shan <gshan@redhat.com>

There are three high memory regions, which are VIRT_HIGH_REDIST2,
VIRT_HIGH_PCIE_ECAM and VIRT_HIGH_PCIE_MMIO. Their base addresses
are floating on highest RAM address. However, they can be disabled
in several cases.

(1) One specific high memory region is likely to be disabled by
    code by toggling vms->highmem_{redists, ecam, mmio}.

(2) VIRT_HIGH_PCIE_ECAM region is disabled on machine, which is
    'virt-2.12' or ealier than it.

(3) VIRT_HIGH_PCIE_ECAM region is disabled when firmware is loaded
    on 32-bits system.

(4) One specific high memory region is disabled when it breaks the
    PA space limit.

The current implementation of virt_set_{memmap, high_memmap}() isn't
optimized because the high memory region's PA space is always reserved,
regardless of whatever the actual state in the corresponding
vms->highmem_{redists, ecam, mmio} flag. In the code, 'base' and
'vms->highest_gpa' are always increased for case (1), (2) and (3).
It's unnecessary since the assigned PA space for the disabled high
memory region won't be used afterwards.

Improve the address assignment for those three high memory region by
skipping the address assignment for one specific high memory region if
it has been disabled in case (1), (2) and (3). The memory layout may
be changed after the improvement is applied, which leads to potential
migration breakage. So 'vms->highmem_compact' is added to control if
the improvement should be applied. For now, 'vms->highmem_compact' is
set to false, meaning that we don't have memory layout change until it
becomes configurable through property 'compact-highmem' in next patch.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-6-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/virt.h |  1 +
 hw/arm/virt.c         | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -XXX,XX +XXX,XX @@ struct VirtMachineState {
     PFlashCFI01 *flash[2];
     bool secure;
     bool highmem;
+    bool highmem_compact;
     bool highmem_ecam;
     bool highmem_mmio;
     bool highmem_redists;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static void virt_set_high_memmap(VirtMachineState *vms,
         vms->memmap[i].size = region_size;
 
         /*
-         * Check each device to see if they fit in the PA space,
-         * moving highest_gpa as we go.
+         * Check each device to see if it fits in the PA space,
+         * moving highest_gpa as we go. For compatibility, move
+         * highest_gpa for disabled fitting devices as well, if
+         * the compact layout has been disabled.
          *
          * For each device that doesn't fit, disable it.
          */
         fits = (region_base + region_size) <= BIT_ULL(pa_bits);
-        if (fits) {
-            vms->highest_gpa = region_base + region_size - 1;
+        *region_enabled &= fits;
+        if (vms->highmem_compact && !*region_enabled) {
+            continue;
         }
 
-        *region_enabled &= fits;
         base = region_base + region_size;
+        if (fits) {
+            vms->highest_gpa = base - 1;
+        }
     }
 }
 
-- 
2.25.1

From: Gavin Shan <gshan@redhat.com>

After the improvement to high memory region address assignment is
applied, the memory layout can be changed, introducing possible
migration breakage. For example, VIRT_HIGH_PCIE_MMIO memory region
is disabled or enabled when the optimization is applied or not, with
the following configuration. The configuration is only achievable by
modifying the source code until more properties are added to allow
users selectively disable those high memory regions.

pa_bits              = 40;
  vms->highmem_redists = false;
  vms->highmem_ecam    = false;
  vms->highmem_mmio    = true;

# qemu-system-aarch64 -accel kvm -cpu host    \
    -machine virt-7.2,compact-highmem={on, off} \
    -m 4G,maxmem=511G -monitor stdio

Region             compact-highmem=off         compact-highmem=on
  ----------------------------------------------------------------
  MEM                [1GB         512GB]        [1GB         512GB]
  HIGH_GIC_REDISTS2  [512GB       512GB+64MB]   [disabled]
  HIGH_PCIE_ECAM     [512GB+256MB 512GB+512MB]  [disabled]
  HIGH_PCIE_MMIO     [disabled]                 [512GB       1TB]

In order to keep backwords compatibility, we need to disable the
optimization on machine, which is virt-7.1 or ealier than it. It
means the optimization is enabled by default from virt-7.2. Besides,
'compact-highmem' property is added so that the optimization can be
explicitly enabled or disabled on all machine types by users.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-id: 20221029224307.138822-7-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/system/arm/virt.rst |  4 ++++
 include/hw/arm/virt.h    |  1 +
 hw/arm/virt.c            | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+)

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -XXX,XX +XXX,XX @@ highmem
   address space above 32 bits. The default is ``on`` for machine types
   later than ``virt-2.12``.
 
+compact-highmem
+  Set ``on``/``off`` to enable/disable the compact layout for high memory regions.
+  The default is ``on`` for machine types later than ``virt-7.2``.
+
 gic-version
   Specify the version of the Generic Interrupt Controller (GIC) to provide.
   Valid values are:
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -XXX,XX +XXX,XX @@ struct VirtMachineClass {
     bool no_pmu;
     bool claim_edge_triggered_timers;
     bool smbios_old_sys_ver;
+    bool no_highmem_compact;
     bool no_highmem_ecam;
     bool no_ged;   /* Machines < 4.2 have no support for ACPI GED device */
     bool kvm_no_adjvtime;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static const MemMapEntry base_memmap[] = {
  * Note the extended_memmap is sized so that it eventually also includes the
  * base_memmap entries (VIRT_HIGH_GIC_REDIST2 index is greater than the last
  * index of base_memmap).
+ *
+ * The memory map for these Highmem IO Regions can be in legacy or compact
+ * layout, depending on 'compact-highmem' property. With legacy layout, the
+ * PA space for one specific region is always reserved, even if the region
+ * has been disabled or doesn't fit into the PA space. However, the PA space
+ * for the region won't be reserved in these circumstances with compact layout.
  */
 static MemMapEntry extended_memmap[] = {
     /* Additional 64 MB redist region (can contain up to 512 redistributors) */
@@ -XXX,XX +XXX,XX @@ static void virt_set_highmem(Object *obj, bool value, Error **errp)
     vms->highmem = value;
 }
 
+static bool virt_get_compact_highmem(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->highmem_compact;
+}
+
+static void virt_set_compact_highmem(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->highmem_compact = value;
+}
+
 static bool virt_get_its(Object *obj, Error **errp)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
                                           "Set on/off to enable/disable using "
                                           "physical address space above 32 bits");
 
+    object_class_property_add_bool(oc, "compact-highmem",
+                                   virt_get_compact_highmem,
+                                   virt_set_compact_highmem);
+    object_class_property_set_description(oc, "compact-highmem",
+                                          "Set on/off to enable/disable compact "
+                                          "layout for high memory regions");
+
     object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
                                   virt_set_gic_version);
     object_class_property_set_description(oc, "gic-version",
@@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj)
 
     /* High memory is enabled by default */
     vms->highmem = true;
+    vms->highmem_compact = !vmc->no_highmem_compact;
     vms->gic_version = VIRT_GIC_VERSION_NOSEL;
 
     vms->highmem_ecam = !vmc->no_highmem_ecam;
@@ -XXX,XX +XXX,XX @@ DEFINE_VIRT_MACHINE_AS_LATEST(7, 2)
 
 static void virt_machine_7_1_options(MachineClass *mc)
 {
+    VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
+
     virt_machine_7_2_options(mc);
     compat_props_add(mc->compat_props, hw_compat_7_1, hw_compat_7_1_len);
+    /* Compact layout for high memory regions was introduced with 7.2 */
+    vmc->no_highmem_compact = true;
 }
 DEFINE_VIRT_MACHINE(7, 1)
 
-- 
2.25.1

From: Gavin Shan <gshan@redhat.com>

The 3 high memory regions are usually enabled by default, but they may
be not used. For example, VIRT_HIGH_GIC_REDIST2 isn't needed by GICv2.
This leads to waste in the PA space.

Add properties ("highmem-redists", "highmem-ecam", "highmem-mmio") to
allow users selectively disable them if needed. After that, the high
memory region for GICv3 or GICv4 redistributor can be disabled by user,
the number of maximal supported CPUs needs to be calculated based on
'vms->highmem_redists'. The follow-up error message is also improved
to indicate if the high memory region for GICv3 and GICv4 has been
enabled or not.

Suggested-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20221029224307.138822-8-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/system/arm/virt.rst | 13 +++++++
 hw/arm/virt.c            | 75 ++++++++++++++++++++++++++++++++++++++--
 2 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -XXX,XX +XXX,XX @@ compact-highmem
   Set ``on``/``off`` to enable/disable the compact layout for high memory regions.
   The default is ``on`` for machine types later than ``virt-7.2``.
 
+highmem-redists
+  Set ``on``/``off`` to enable/disable the high memory region for GICv3 or
+  GICv4 redistributor. The default is ``on``. Setting this to ``off`` will
+  limit the maximum number of CPUs when GICv3 or GICv4 is used.
+
+highmem-ecam
+  Set ``on``/``off`` to enable/disable the high memory region for PCI ECAM.
+  The default is ``on`` for machine types later than ``virt-3.0``.
+
+highmem-mmio
+  Set ``on``/``off`` to enable/disable the high memory region for PCI MMIO.
+  The default is ``on``.
+
 gic-version
   Specify the version of the Generic Interrupt Controller (GIC) to provide.
   Valid values are:
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
     if (vms->gic_version == VIRT_GIC_VERSION_2) {
         virt_max_cpus = GIC_NCPU;
     } else {
-        virt_max_cpus = virt_redist_capacity(vms, VIRT_GIC_REDIST) +
-            virt_redist_capacity(vms, VIRT_HIGH_GIC_REDIST2);
+        virt_max_cpus = virt_redist_capacity(vms, VIRT_GIC_REDIST);
+        if (vms->highmem_redists) {
+            virt_max_cpus += virt_redist_capacity(vms, VIRT_HIGH_GIC_REDIST2);
+        }
     }
 
     if (max_cpus > virt_max_cpus) {
         error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
                      "supported by machine 'mach-virt' (%d)",
                      max_cpus, virt_max_cpus);
+        if (vms->gic_version != VIRT_GIC_VERSION_2 && !vms->highmem_redists) {
+            error_printf("Try 'highmem-redists=on' for more CPUs\n");
+        }
+
         exit(1);
     }
 
@@ -XXX,XX +XXX,XX @@ static void virt_set_compact_highmem(Object *obj, bool value, Error **errp)
     vms->highmem_compact = value;
 }
 
+static bool virt_get_highmem_redists(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->highmem_redists;
+}
+
+static void virt_set_highmem_redists(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->highmem_redists = value;
+}
+
+static bool virt_get_highmem_ecam(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->highmem_ecam;
+}
+
+static void virt_set_highmem_ecam(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->highmem_ecam = value;
+}
+
+static bool virt_get_highmem_mmio(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->highmem_mmio;
+}
+
+static void virt_set_highmem_mmio(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->highmem_mmio = value;
+}
+
+
 static bool virt_get_its(Object *obj, Error **errp)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
                                           "Set on/off to enable/disable compact "
                                           "layout for high memory regions");
 
+    object_class_property_add_bool(oc, "highmem-redists",
+                                   virt_get_highmem_redists,
+                                   virt_set_highmem_redists);
+    object_class_property_set_description(oc, "highmem-redists",
+                                          "Set on/off to enable/disable high "
+                                          "memory region for GICv3 or GICv4 "
+                                          "redistributor");
+
+    object_class_property_add_bool(oc, "highmem-ecam",
+                                   virt_get_highmem_ecam,
+                                   virt_set_highmem_ecam);
+    object_class_property_set_description(oc, "highmem-ecam",
+                                          "Set on/off to enable/disable high "
+                                          "memory region for PCI ECAM");
+
+    object_class_property_add_bool(oc, "highmem-mmio",
+                                   virt_get_highmem_mmio,
+                                   virt_set_highmem_mmio);
+    object_class_property_set_description(oc, "highmem-mmio",
+                                          "Set on/off to enable/disable high "
+                                          "memory region for PCI MMIO");
+
     object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
                                   virt_set_gic_version);
     object_class_property_set_description(oc, "gic-version",
-- 
2.25.1

From: Mihai Carabas <mihai.carabas@oracle.com>

Use the base_memmap to build the SMBIOS 19 table which provides the address
mapping for a Physical Memory Array (from spec [1] chapter 7.20).

This was present on i386 from commit c97294ec1b9e36887e119589d456557d72ab37b5
("SMBIOS: Build aggregate smbios tables and entry point").

[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.5.0.pdf

The absence of this table is a breach of the specs and is
detected by the FirmwareTestSuite (FWTS), but it doesn't
cause any known problems for guest OSes.

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Message-id: 1668789029-5432-1-git-send-email-mihai.carabas@oracle.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
 static void virt_build_smbios(VirtMachineState *vms)
 {
     MachineClass *mc = MACHINE_GET_CLASS(vms);
+    MachineState *ms = MACHINE(vms);
     VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
     uint8_t *smbios_tables, *smbios_anchor;
     size_t smbios_tables_len, smbios_anchor_len;
+    struct smbios_phys_mem_area mem_array;
     const char *product = "QEMU Virtual Machine";
 
     if (kvm_enabled()) {
@@ -XXX,XX +XXX,XX @@ static void virt_build_smbios(VirtMachineState *vms)
                         vmc->smbios_old_sys_ver ? "1.0" : mc->name, false,
                         true, SMBIOS_ENTRY_POINT_TYPE_64);
 
-    smbios_get_tables(MACHINE(vms), NULL, 0,
+    /* build the array of physical mem area from base_memmap */
+    mem_array.address = vms->memmap[VIRT_MEM].base;
+    mem_array.length = ms->ram_size;
+
+    smbios_get_tables(ms, &mem_array, 1,
                       &smbios_tables, &smbios_tables_len,
                       &smbios_anchor, &smbios_anchor_len,
                       &error_fatal);
-- 
2.25.1

From: Timofey Kutergin <tkutergin@gmail.com>

The Cortex-A55 is one of the newer armv8.2+ CPUs; in particular
it supports the Privileged Access Never (PAN) feature. Add
a model of this CPU, so you can use a CPU type on the virt
board that models a specific real hardware CPU, rather than
having to use the QEMU-specific "max" CPU type.

Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
Message-id: 20221121150819.2782817-1-tkutergin@gmail.com
[PMM: tweaked commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 docs/system/arm/virt.rst |  1 +
 hw/arm/virt.c            |  1 +
 target/arm/cpu64.c       | 69 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+)

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -XXX,XX +XXX,XX @@ Supported guest CPU types:
 - ``cortex-a15`` (32-bit; the default)
 - ``cortex-a35`` (64-bit)
 - ``cortex-a53`` (64-bit)
+- ``cortex-a55`` (64-bit)
 - ``cortex-a57`` (64-bit)
 - ``cortex-a72`` (64-bit)
 - ``cortex-a76`` (64-bit)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -XXX,XX +XXX,XX @@ static const char *valid_cpus[] = {
     ARM_CPU_TYPE_NAME("cortex-a15"),
     ARM_CPU_TYPE_NAME("cortex-a35"),
     ARM_CPU_TYPE_NAME("cortex-a53"),
+    ARM_CPU_TYPE_NAME("cortex-a55"),
     ARM_CPU_TYPE_NAME("cortex-a57"),
     ARM_CPU_TYPE_NAME("cortex-a72"),
     ARM_CPU_TYPE_NAME("cortex-a76"),
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_a53_initfn(Object *obj)
     define_cortex_a72_a57_a53_cp_reginfo(cpu);
 }
 
+static void aarch64_a55_initfn(Object *obj)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+
+    cpu->dtb_compatible = "arm,cortex-a55";
+    set_feature(&cpu->env, ARM_FEATURE_V8);
+    set_feature(&cpu->env, ARM_FEATURE_NEON);
+    set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
+    set_feature(&cpu->env, ARM_FEATURE_AARCH64);
+    set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
+    set_feature(&cpu->env, ARM_FEATURE_EL2);
+    set_feature(&cpu->env, ARM_FEATURE_EL3);
+    set_feature(&cpu->env, ARM_FEATURE_PMU);
+
+    /* Ordered by B2.4 AArch64 registers by functional group */
+    cpu->clidr = 0x82000023;
+    cpu->ctr = 0x84448004; /* L1Ip = VIPT */
+    cpu->dcz_blocksize = 4; /* 64 bytes */
+    cpu->isar.id_aa64dfr0  = 0x0000000010305408ull;
+    cpu->isar.id_aa64isar0 = 0x0000100010211120ull;
+    cpu->isar.id_aa64isar1 = 0x0000000000100001ull;
+    cpu->isar.id_aa64mmfr0 = 0x0000000000101122ull;
+    cpu->isar.id_aa64mmfr1 = 0x0000000010212122ull;
+    cpu->isar.id_aa64mmfr2 = 0x0000000000001011ull;
+    cpu->isar.id_aa64pfr0  = 0x0000000010112222ull;
+    cpu->isar.id_aa64pfr1  = 0x0000000000000010ull;
+    cpu->id_afr0       = 0x00000000;
+    cpu->isar.id_dfr0  = 0x04010088;
+    cpu->isar.id_isar0 = 0x02101110;
+    cpu->isar.id_isar1 = 0x13112111;
+    cpu->isar.id_isar2 = 0x21232042;
+    cpu->isar.id_isar3 = 0x01112131;
+    cpu->isar.id_isar4 = 0x00011142;
+    cpu->isar.id_isar5 = 0x01011121;
+    cpu->isar.id_isar6 = 0x00000010;
+    cpu->isar.id_mmfr0 = 0x10201105;
+    cpu->isar.id_mmfr1 = 0x40000000;
+    cpu->isar.id_mmfr2 = 0x01260000;
+    cpu->isar.id_mmfr3 = 0x02122211;
+    cpu->isar.id_mmfr4 = 0x00021110;
+    cpu->isar.id_pfr0  = 0x10010131;
+    cpu->isar.id_pfr1  = 0x00011011;
+    cpu->isar.id_pfr2  = 0x00000011;
+    cpu->midr = 0x412FD050;          /* r2p0 */
+    cpu->revidr = 0;
+
+    /* From B2.23 CCSIDR_EL1 */
+    cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
+    cpu->ccsidr[1] = 0x200fe01a; /* 32KB L1 icache */
+    cpu->ccsidr[2] = 0x703fe07a; /* 512KB L2 cache */
+
+    /* From B2.96 SCTLR_EL3 */
+    cpu->reset_sctlr = 0x30c50838;
+
+    /* From B4.45 ICH_VTR_EL2 */
+    cpu->gic_num_lrs = 4;
+    cpu->gic_vpribits = 5;
+    cpu->gic_vprebits = 5;
+    cpu->gic_pribits = 5;
+
+    cpu->isar.mvfr0 = 0x10110222;
+    cpu->isar.mvfr1 = 0x13211111;
+    cpu->isar.mvfr2 = 0x00000043;
+
+    /* From D5.4 AArch64 PMU register summary */
+    cpu->isar.reset_pmcr_el0 = 0x410b3000;
+}
+
 static void aarch64_a72_initfn(Object *obj)
 {
     ARMCPU *cpu = ARM_CPU(obj);
@@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo aarch64_cpus[] = {
     { .name = "cortex-a35",         .initfn = aarch64_a35_initfn },
     { .name = "cortex-a57",         .initfn = aarch64_a57_initfn },
     { .name = "cortex-a53",         .initfn = aarch64_a53_initfn },
+    { .name = "cortex-a55",         .initfn = aarch64_a55_initfn },
     { .name = "cortex-a72",         .initfn = aarch64_a72_initfn },
     { .name = "cortex-a76",         .initfn = aarch64_a76_initfn },
     { .name = "a64fx",              .initfn = aarch64_a64fx_initfn },
-- 
2.25.1

From: Luke Starrett <lukes@xsightlabs.com>

The ARM GICv3 TRM describes that the ITLinesNumber field of GICD_TYPER
register:

"indicates the maximum SPI INTID that the GIC implementation supports"

As SPI #0 is absolute IRQ #32, the max SPI INTID should have accounted
for the internal 16x SGI's and 16x PPI's.  However, the original GICv3
model subtracted off the SGI/PPI.  Cosmetically this can be seen at OS
boot (Linux) showing 32 shy of what should be there, i.e.:

[    0.000000] GICv3: 224 SPIs implemented

Though in hw/arm/virt.c, the machine is configured for 256 SPI's.  ARM
virt machine likely doesn't have a problem with this because the upper
32 IRQ's don't actually have anything meaningful wired. But, this does
become a functional issue on a custom use case which wants to make use
of these IRQ's.  Additionally, boot code (i.e. TF-A) will only init up
to the number (blocks of 32) that it believes to actually be there.

Signed-off-by: Luke Starrett <lukes@xsightlabs.com>
Message-id: AM9P193MB168473D99B761E204E032095D40D9@AM9P193MB1684.EURP193.PROD.OUTLOOK.COM
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_dist.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gicv3_dist.c b/hw/intc/arm_gicv3_dist.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_dist.c
+++ b/hw/intc/arm_gicv3_dist.c
@@ -XXX,XX +XXX,XX @@ static bool gicd_readl(GICv3State *s, hwaddr offset,
          * MBIS == 0 (message-based SPIs not supported)
          * SecurityExtn == 1 if security extns supported
          * CPUNumber == 0 since for us ARE is always 1
-         * ITLinesNumber == (num external irqs / 32) - 1
+         * ITLinesNumber == (((max SPI IntID + 1) / 32) - 1)
          */
-        int itlinesnumber = ((s->num_irq - GIC_INTERNAL) / 32) - 1;
+        int itlinesnumber = (s->num_irq / 32) - 1;
         /*
          * SecurityExtn must be RAZ if GICD_CTLR.DS == 1, and
          * "security extensions not supported" always implies DS == 1,
-- 
2.25.1

FEAT_EVT adds five new bits to the HCR_EL2 register: TTLBIS, TTLBOS,
TICAB, TOCU and TID4.  These allow the guest to enable trapping of
various EL1 instructions to EL2.  In this commit, add the necessary
code to allow the guest to set these bits if the feature is present;
because the bit is always zero when the feature isn't present we
won't need to use explicit feature checks in the "trap on condition"
tests in the following commits.

Note that although full implementation of the feature (mandatory from
Armv8.5 onward) requires all five trap bits, the ID registers permit
a value indicating that only TICAB, TOCU and TID4 are implemented,
which might be the case for CPUs between Armv8.2 and Armv8.5.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h    | 30 ++++++++++++++++++++++++++++++
 target/arm/helper.c |  6 ++++++
 2 files changed, 36 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_tts2uxn(const ARMISARegisters *id)
     return FIELD_EX32(id->id_mmfr4, ID_MMFR4, XNX) != 0;
 }
 
+static inline bool isar_feature_aa32_half_evt(const ARMISARegisters *id)
+{
+    return FIELD_EX32(id->id_mmfr4, ID_MMFR4, EVT) >= 1;
+}
+
+static inline bool isar_feature_aa32_evt(const ARMISARegisters *id)
+{
+    return FIELD_EX32(id->id_mmfr4, ID_MMFR4, EVT) >= 2;
+}
+
 static inline bool isar_feature_aa32_dit(const ARMISARegisters *id)
 {
     return FIELD_EX32(id->id_pfr0, ID_PFR0, DIT) != 0;
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_ids(const ARMISARegisters *id)
     return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, IDS) != 0;
 }
 
+static inline bool isar_feature_aa64_half_evt(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, EVT) >= 1;
+}
+
+static inline bool isar_feature_aa64_evt(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, EVT) >= 2;
+}
+
 static inline bool isar_feature_aa64_bti(const ARMISARegisters *id)
 {
     return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0;
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_any_ras(const ARMISARegisters *id)
     return isar_feature_aa64_ras(id) || isar_feature_aa32_ras(id);
 }
 
+static inline bool isar_feature_any_half_evt(const ARMISARegisters *id)
+{
+    return isar_feature_aa64_half_evt(id) || isar_feature_aa32_half_evt(id);
+}
+
+static inline bool isar_feature_any_evt(const ARMISARegisters *id)
+{
+    return isar_feature_aa64_evt(id) || isar_feature_aa32_evt(id);
+}
+
 /*
  * Forward to the above feature tests given an ARMCPU pointer.
  */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
         }
     }
 
+    if (cpu_isar_feature(any_evt, cpu)) {
+        valid_mask |= HCR_TTLBIS | HCR_TTLBOS | HCR_TICAB | HCR_TOCU | HCR_TID4;
+    } else if (cpu_isar_feature(any_half_evt, cpu)) {
+        valid_mask |= HCR_TICAB | HCR_TOCU | HCR_TID4;
+    }
+
     /* Clear RES0 bits.  */
     value &= valid_mask;
 
-- 
2.25.1

For FEAT_EVT, the HCR_EL2.TTLBIS bit allows trapping on EL1 use of
TLB maintenance instructions that operate on the inner shareable
domain:

AArch64:
 TLBI VMALLE1IS, TLBI VAE1IS, TLBI ASIDE1IS, TLBI VAAE1IS,
 TLBI VALE1IS, TLBI VAALE1IS, TLBI RVAE1IS, TLBI RVAAE1IS,
 TLBI RVALE1IS, and TLBI RVAALE1IS.

AArch32:
 TLBIALLIS, TLBIMVAIS, TLBIASIDIS, TLBIMVAAIS, TLBIMVALIS,
 and TLBIMVAALIS.

Add the trapping support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_ttlb(CPUARMState *env, const ARMCPRegInfo *ri,
     return CP_ACCESS_OK;
 }
 
+/* Check for traps from EL1 due to HCR_EL2.TTLB or TTLBIS. */
+static CPAccessResult access_ttlbis(CPUARMState *env, const ARMCPRegInfo *ri,
+                                    bool isread)
+{
+    if (arm_current_el(env) == 1 &&
+        (arm_hcr_el2_eff(env) & (HCR_TTLB | HCR_TTLBIS))) {
+        return CP_ACCESS_TRAP_EL2;
+    }
+    return CP_ACCESS_OK;
+}
+
 static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
 {
     ARMCPU *cpu = env_archcpu(env);
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
 static const ARMCPRegInfo v7mp_cp_reginfo[] = {
     /* 32 bit TLB invalidates, Inner Shareable */
     { .name = "TLBIALLIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbiall_is_write },
     { .name = "TLBIMVAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbimva_is_write },
     { .name = "TLBIASIDIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbiasid_is_write },
     { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbimvaa_is_write },
 };
 
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     /* TLBI operations */
     { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vmalle1is_write },
     { .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae1is_write },
     { .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vmalle1is_write },
     { .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae1is_write },
     { .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae1is_write },
     { .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_vae1is_write },
     { .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
 #endif
     /* TLB invalidate last level of translation table walk */
     { .name = "TLBIMVALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbimva_is_write },
     { .name = "TLBIMVAALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
-      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
+      .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlbis,
       .writefn = tlbimvaa_is_write },
     { .name = "TLBIMVAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
       .type = ARM_CP_NO_RAW, .access = PL1_W, .accessfn = access_ttlb,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
 static const ARMCPRegInfo tlbirange_reginfo[] = {
     { .name = "TLBI_RVAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 1,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_rvae1is_write },
     { .name = "TLBI_RVAAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 3,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_rvae1is_write },
    { .name = "TLBI_RVALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 5,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_rvae1is_write },
     { .name = "TLBI_RVAALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 7,
-      .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+      .access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
       .writefn = tlbi_aa64_rvae1is_write },
     { .name = "TLBI_RVAE1OS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
-- 
2.25.1

For FEAT_EVT, the HCR_EL2.TTLBOS bit allows trapping on EL1
use of TLB maintenance instructions that operate on the
outer shareable domain:

TLBI VMALLE1OS, TLBI VAE1OS, TLBI ASIDE1OS,TLBI VAAE1OS,
TLBI VALE1OS, TLBI VAALE1OS, TLBI RVAE1OS, TLBI RVAAE1OS,
TLBI RVALE1OS, and TLBI RVAALE1OS.

(There are no AArch32 outer-shareable TLB maintenance ops.)

Implement the trapping.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

For FEAT_EVT, the HCR_EL2.TICAB bit allows trapping of the ICIALLUIS
and IC IALLUIS cache maintenance instructions.

The HCR_EL2.TOCU bit traps all the other cache maintenance
instructions that operate to the point of unification:
 AArch64 IC IVAU, IC IALLU, DC CVAU
 AArch32 ICIMVAU, ICIALLU, DCCMVAU

The two trap bits between them cover all of the cache maintenance
instructions which must also check the HCR_TPU flag.  Turn the old
aa64_cacheop_pou_access() function into a helper function which takes
the set of HCR_EL2 flags to check as an argument, and call it from
new access_ticab() and access_tocu() functions as appropriate for
each cache op.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_poc_access(CPUARMState *env,
     return CP_ACCESS_OK;
 }
 
-static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
-                                              const ARMCPRegInfo *ri,
-                                              bool isread)
+static CPAccessResult do_cacheop_pou_access(CPUARMState *env, uint64_t hcrflags)
 {
     /* Cache invalidate/clean to Point of Unification... */
     switch (arm_current_el(env)) {
@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
         }
         /* fall through */
     case 1:
-        /* ... EL1 must trap to EL2 if HCR_EL2.TPU is set.  */
-        if (arm_hcr_el2_eff(env) & HCR_TPU) {
+        /* ... EL1 must trap to EL2 if relevant HCR_EL2 flags are set.  */
+        if (arm_hcr_el2_eff(env) & hcrflags) {
             return CP_ACCESS_TRAP_EL2;
         }
         break;
@@ -XXX,XX +XXX,XX @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env,
     return CP_ACCESS_OK;
 }
 
+static CPAccessResult access_ticab(CPUARMState *env, const ARMCPRegInfo *ri,
+                                   bool isread)
+{
+    return do_cacheop_pou_access(env, HCR_TICAB | HCR_TPU);
+}
+
+static CPAccessResult access_tocu(CPUARMState *env, const ARMCPRegInfo *ri,
+                                  bool isread)
+{
+    return do_cacheop_pou_access(env, HCR_TOCU | HCR_TPU);
+}
+
 /* See: D4.7.2 TLB maintenance requirements and the TLB maintenance instructions
  * Page D4-1736 (DDI0487A.b)
  */
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
       .access = PL1_W, .type = ARM_CP_NOP,
-      .accessfn = aa64_cacheop_pou_access },
+      .accessfn = access_ticab },
     { .name = "IC_IALLU", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
       .access = PL1_W, .type = ARM_CP_NOP,
-      .accessfn = aa64_cacheop_pou_access },
+      .accessfn = access_tocu },
     { .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
       .access = PL0_W, .type = ARM_CP_NOP,
-      .accessfn = aa64_cacheop_pou_access },
+      .accessfn = access_tocu },
     { .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
       .access = PL1_W, .accessfn = aa64_cacheop_poc_access,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "DC_CVAU", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 11, .opc2 = 1,
       .access = PL0_W, .type = ARM_CP_NOP,
-      .accessfn = aa64_cacheop_pou_access },
+      .accessfn = access_tocu },
     { .name = "DC_CIVAC", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 1,
       .access = PL0_W, .type = ARM_CP_NOP,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
       .writefn = tlbiipas2is_hyp_write },
     /* 32 bit cache operations */
     { .name = "ICIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
-      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_ticab },
     { .name = "BPIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 6,
       .type = ARM_CP_NOP, .access = PL1_W },
     { .name = "ICIALLU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
-      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
     { .name = "ICIMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 1,
-      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
     { .name = "BPIALL", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 6,
       .type = ARM_CP_NOP, .access = PL1_W },
     { .name = "BPIMVA", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 7,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "DCCSW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
       .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
     { .name = "DCCMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 11, .opc2 = 1,
-      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_pou_access },
+      .type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tocu },
     { .name = "DCCIMVAC", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 1,
       .type = ARM_CP_NOP, .access = PL1_W, .accessfn = aa64_cacheop_poc_access },
     { .name = "DCCISW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
-- 
2.25.1

For FEAT_EVT, the HCR_EL2.TID4 trap allows trapping of the cache ID
registers CCSIDR_EL1, CCSIDR2_EL1, CLIDR_EL1 and CSSELR_EL1 (and
their AArch32 equivalents).  This is a subset of the registers
trapped by HCR_EL2.TID2, which includes all of these and also the
CTR_EL0 register.

Our implementation already uses a separate access function for
CTR_EL0 (ctr_el0_access()), so all of the registers currently using
access_aa64_tid2() should also be checking TID4.  Make that function
check both TID2 and TID4, and rename it appropriately.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void scr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
     scr_write(env, ri, 0);
 }
 
-static CPAccessResult access_aa64_tid2(CPUARMState *env,
-                                       const ARMCPRegInfo *ri,
-                                       bool isread)
+static CPAccessResult access_tid4(CPUARMState *env,
+                                  const ARMCPRegInfo *ri,
+                                  bool isread)
 {
-    if (arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_TID2)) {
+    if (arm_current_el(env) == 1 &&
+        (arm_hcr_el2_eff(env) & (HCR_TID2 | HCR_TID4))) {
         return CP_ACCESS_TRAP_EL2;
     }
 
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
     { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
       .access = PL1_R,
-      .accessfn = access_aa64_tid2,
+      .accessfn = access_tid4,
       .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
     { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
       .access = PL1_RW,
-      .accessfn = access_aa64_tid2,
+      .accessfn = access_tid4,
       .writefn = csselr_write, .resetvalue = 0,
       .bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
                              offsetof(CPUARMState, cp15.csselr_ns) } },
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ccsidr2_reginfo[] = {
     { .name = "CCSIDR2", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 2,
       .access = PL1_R,
-      .accessfn = access_aa64_tid2,
+      .accessfn = access_tid4,
       .readfn = ccsidr2_read, .type = ARM_CP_NO_RAW },
 };
 
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
             .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
             .access = PL1_R, .type = ARM_CP_CONST,
-            .accessfn = access_aa64_tid2,
+            .accessfn = access_tid4,
             .resetvalue = cpu->clidr
         };
         define_one_arm_cp_reg(cpu, &clidr);
-- 
2.25.1

Update the ID registers for TCG's '-cpu max' to report the
FEAT_EVT Enhanced Virtualization Traps support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 docs/system/arm/emulation.rst | 1 +
 target/arm/cpu64.c            | 1 +
 target/arm/cpu_tcg.c          | 1 +
 3 files changed, 3 insertions(+)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
 - FEAT_DoubleFault (Double Fault Extension)
 - FEAT_E0PD (Preventing EL0 access to halves of address maps)
 - FEAT_ETS (Enhanced Translation Synchronization)
+- FEAT_EVT (Enhanced Virtualization Traps)
 - FEAT_FCMA (Floating-point complex number instructions)
 - FEAT_FHM (Floating-point half-precision multiplication instructions)
 - FEAT_FP16 (Half-precision floating-point data processing)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
     t = FIELD_DP64(t, ID_AA64MMFR2, FWB, 1);      /* FEAT_S2FWB */
     t = FIELD_DP64(t, ID_AA64MMFR2, TTL, 1);      /* FEAT_TTL */
     t = FIELD_DP64(t, ID_AA64MMFR2, BBM, 2);      /* FEAT_BBM at level 2 */
+    t = FIELD_DP64(t, ID_AA64MMFR2, EVT, 2);      /* FEAT_EVT */
     t = FIELD_DP64(t, ID_AA64MMFR2, E0PD, 1);     /* FEAT_E0PD */
     cpu->isar.id_aa64mmfr2 = t;
 
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@ void aa32_max_features(ARMCPU *cpu)
     t = FIELD_DP32(t, ID_MMFR4, AC2, 1);          /* ACTLR2, HACTLR2 */
     t = FIELD_DP32(t, ID_MMFR4, CNP, 1);          /* FEAT_TTCNP */
     t = FIELD_DP32(t, ID_MMFR4, XNX, 1);          /* FEAT_XNX */
+    t = FIELD_DP32(t, ID_MMFR4, EVT, 2);          /* FEAT_EVT */
     cpu->isar.id_mmfr4 = t;
 
     t = cpu->isar.id_mmfr5;
-- 
2.25.1

Convert the TYPE_ARM_SMMU device to 3-phase reset.  The legacy method
doesn't do anything that's invalid in the hold phase, so the
conversion is simple and not a behaviour change.

Note that we must convert this base class before we can convert the
TYPE_ARM_SMMUV3 subclass -- transitional support in Resettable
handles "chain to parent class reset" when the base class is 3-phase
and the subclass is still using legacy reset, but not the other way
around.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20221109161444.3397405-2-peter.maydell@linaro.org
---
 hw/arm/smmu-common.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -XXX,XX +XXX,XX @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
     }
 }
 
-static void smmu_base_reset(DeviceState *dev)
+static void smmu_base_reset_hold(Object *obj)
 {
-    SMMUState *s = ARM_SMMU(dev);
+    SMMUState *s = ARM_SMMU(obj);
 
     g_hash_table_remove_all(s->configs);
     g_hash_table_remove_all(s->iotlb);
@@ -XXX,XX +XXX,XX @@ static Property smmu_dev_properties[] = {
 static void smmu_base_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     SMMUBaseClass *sbc = ARM_SMMU_CLASS(klass);
 
     device_class_set_props(dc, smmu_dev_properties);
     device_class_set_parent_realize(dc, smmu_base_realize,
                                     &sbc->parent_realize);
-    dc->reset = smmu_base_reset;
+    rc->phases.hold = smmu_base_reset_hold;
 }
 
 static const TypeInfo smmu_base_info = {
-- 
2.25.1

Convert the TYPE_ARM_SMMUV3 device to 3-phase reset.  The legacy
reset method doesn't do anything that's invalid in the hold phase, so
the conversion only requires changing it to a hold phase method, and
using the 3-phase versions of the "save the parent reset method and
chain to it" code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-3-peter.maydell@linaro.org
---
 include/hw/arm/smmuv3.h |  2 +-
 hw/arm/smmuv3.c         | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/arm/smmuv3.h
+++ b/include/hw/arm/smmuv3.h
@@ -XXX,XX +XXX,XX @@ struct SMMUv3Class {
     /*< public >*/
 
     DeviceRealize parent_realize;
-    DeviceReset   parent_reset;
+    ResettablePhases parent_phases;
 };
 
 #define TYPE_ARM_SMMUV3   "arm-smmuv3"
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -XXX,XX +XXX,XX @@ static void smmu_init_irq(SMMUv3State *s, SysBusDevice *dev)
     }
 }
 
-static void smmu_reset(DeviceState *dev)
+static void smmu_reset_hold(Object *obj)
 {
-    SMMUv3State *s = ARM_SMMUV3(dev);
+    SMMUv3State *s = ARM_SMMUV3(obj);
     SMMUv3Class *c = ARM_SMMUV3_GET_CLASS(s);
 
-    c->parent_reset(dev);
+    if (c->parent_phases.hold) {
+        c->parent_phases.hold(obj);
+    }
 
     smmuv3_init_regs(s);
 }
@@ -XXX,XX +XXX,XX @@ static void smmuv3_instance_init(Object *obj)
 static void smmuv3_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     SMMUv3Class *c = ARM_SMMUV3_CLASS(klass);
 
     dc->vmsd = &vmstate_smmuv3;
-    device_class_set_parent_reset(dc, smmu_reset, &c->parent_reset);
+    resettable_class_set_parent_phases(rc, NULL, smmu_reset_hold, NULL,
+                                       &c->parent_phases);
     c->parent_realize = dc->realize;
     dc->realize = smmu_realize;
 }
-- 
2.25.1

Convert the TYPE_ARM_GIC_COMMON device to 3-phase reset.  This is a
simple no-behaviour-change conversion.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221109161444.3397405-4-peter.maydell@linaro.org
---
 hw/intc/arm_gic_common.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -XXX,XX +XXX,XX @@ static inline void arm_gic_common_reset_irq_state(GICState *s, int first_cpu,
     }
 }
 
-static void arm_gic_common_reset(DeviceState *dev)
+static void arm_gic_common_reset_hold(Object *obj)
 {
-    GICState *s = ARM_GIC_COMMON(dev);
+    GICState *s = ARM_GIC_COMMON(obj);
     int i, j;
     int resetprio;
 
@@ -XXX,XX +XXX,XX @@ static Property arm_gic_common_properties[] = {
 static void arm_gic_common_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
 
-    dc->reset = arm_gic_common_reset;
+    rc->phases.hold = arm_gic_common_reset_hold;
     dc->realize = arm_gic_common_realize;
     device_class_set_props(dc, arm_gic_common_properties);
     dc->vmsd = &vmstate_gic;
-- 
2.25.1

Now we have converted TYPE_ARM_GIC_COMMON, we can convert the
TYPE_ARM_GIC_KVM subclass to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-5-peter.maydell@linaro.org
---
 hw/intc/arm_gic_kvm.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gic_kvm.c
+++ b/hw/intc/arm_gic_kvm.c
@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICState, KVMARMGICClass,
 struct KVMARMGICClass {
     ARMGICCommonClass parent_class;
     DeviceRealize parent_realize;
-    void (*parent_reset)(DeviceState *dev);
+    ResettablePhases parent_phases;
 };
 
 void kvm_arm_gic_set_irq(uint32_t num_irq, int irq, int level)
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_get(GICState *s)
     }
 }
 
-static void kvm_arm_gic_reset(DeviceState *dev)
+static void kvm_arm_gic_reset_hold(Object *obj)
 {
-    GICState *s = ARM_GIC_COMMON(dev);
+    GICState *s = ARM_GIC_COMMON(obj);
     KVMARMGICClass *kgc = KVM_ARM_GIC_GET_CLASS(s);
 
-    kgc->parent_reset(dev);
+    if (kgc->parent_phases.hold) {
+        kgc->parent_phases.hold(obj);
+    }
 
     if (kvm_arm_gic_can_save_restore(s)) {
         kvm_arm_gic_put(s);
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_realize(DeviceState *dev, Error **errp)
 static void kvm_arm_gic_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     ARMGICCommonClass *agcc = ARM_GIC_COMMON_CLASS(klass);
     KVMARMGICClass *kgc = KVM_ARM_GIC_CLASS(klass);
 
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gic_class_init(ObjectClass *klass, void *data)
     agcc->post_load = kvm_arm_gic_put;
     device_class_set_parent_realize(dc, kvm_arm_gic_realize,
                                     &kgc->parent_realize);
-    device_class_set_parent_reset(dc, kvm_arm_gic_reset, &kgc->parent_reset);
+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_gic_reset_hold, NULL,
+                                       &kgc->parent_phases);
 }
 
 static const TypeInfo kvm_arm_gic_info = {
-- 
2.25.1

Convert the TYPE_ARM_GICV3_COMMON parent class to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-6-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_common.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_finalize(Object *obj)
     g_free(s->redist_region_count);
 }
 
-static void arm_gicv3_common_reset(DeviceState *dev)
+static void arm_gicv3_common_reset_hold(Object *obj)
 {
-    GICv3State *s = ARM_GICV3_COMMON(dev);
+    GICv3State *s = ARM_GICV3_COMMON(obj);
     int i;
 
     for (i = 0; i < s->num_cpu; i++) {
@@ -XXX,XX +XXX,XX @@ static Property arm_gicv3_common_properties[] = {
 static void arm_gicv3_common_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
 
-    dc->reset = arm_gicv3_common_reset;
+    rc->phases.hold = arm_gicv3_common_reset_hold;
     dc->realize = arm_gicv3_common_realize;
     device_class_set_props(dc, arm_gicv3_common_properties);
     dc->vmsd = &vmstate_gicv3;
-- 
2.25.1

Convert the TYPE_KVM_ARM_GICV3 device to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-7-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_kvm.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3State, KVMARMGICv3Class,
 struct KVMARMGICv3Class {
     ARMGICv3CommonClass parent_class;
     DeviceRealize parent_realize;
-    void (*parent_reset)(DeviceState *dev);
+    ResettablePhases parent_phases;
 };
 
 static void kvm_arm_gicv3_set_irq(void *opaque, int irq, int level)
@@ -XXX,XX +XXX,XX @@ static void arm_gicv3_icc_reset(CPUARMState *env, const ARMCPRegInfo *ri)
     c->icc_ctlr_el1[GICV3_S] = c->icc_ctlr_el1[GICV3_NS];
 }
 
-static void kvm_arm_gicv3_reset(DeviceState *dev)
+static void kvm_arm_gicv3_reset_hold(Object *obj)
 {
-    GICv3State *s = ARM_GICV3_COMMON(dev);
+    GICv3State *s = ARM_GICV3_COMMON(obj);
     KVMARMGICv3Class *kgc = KVM_ARM_GICV3_GET_CLASS(s);
 
     DPRINTF("Reset\n");
 
-    kgc->parent_reset(dev);
+    if (kgc->parent_phases.hold) {
+        kgc->parent_phases.hold(obj);
+    }
 
     if (s->migration_blocker) {
         DPRINTF("Cannot put kernel gic state, no kernel interface\n");
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_realize(DeviceState *dev, Error **errp)
 static void kvm_arm_gicv3_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     ARMGICv3CommonClass *agcc = ARM_GICV3_COMMON_CLASS(klass);
     KVMARMGICv3Class *kgc = KVM_ARM_GICV3_CLASS(klass);
 
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_gicv3_class_init(ObjectClass *klass, void *data)
     agcc->post_load = kvm_arm_gicv3_put;
     device_class_set_parent_realize(dc, kvm_arm_gicv3_realize,
                                     &kgc->parent_realize);
-    device_class_set_parent_reset(dc, kvm_arm_gicv3_reset, &kgc->parent_reset);
+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_gicv3_reset_hold, NULL,
+                                       &kgc->parent_phases);
 }
 
 static const TypeInfo kvm_arm_gicv3_info = {
-- 
2.25.1

Convert the TYPE_ARM_GICV3_ITS_COMMON parent class to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221109161444.3397405-8-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_its_common.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gicv3_its_common.c b/hw/intc/arm_gicv3_its_common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_its_common.c
+++ b/hw/intc/arm_gicv3_its_common.c
@@ -XXX,XX +XXX,XX @@ void gicv3_its_init_mmio(GICv3ITSState *s, const MemoryRegionOps *ops,
     msi_nonbroken = true;
 }
 
-static void gicv3_its_common_reset(DeviceState *dev)
+static void gicv3_its_common_reset_hold(Object *obj)
 {
-    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
 
     s->ctlr = 0;
     s->cbaser = 0;
@@ -XXX,XX +XXX,XX @@ static void gicv3_its_common_reset(DeviceState *dev)
 static void gicv3_its_common_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
 
-    dc->reset = gicv3_its_common_reset;
+    rc->phases.hold = gicv3_its_common_reset_hold;
     dc->vmsd = &vmstate_its;
 }
 
-- 
2.25.1

Convert the TYPE_ARM_GICV3_ITS device to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-9-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_its.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_its.c
+++ b/hw/intc/arm_gicv3_its.c
@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3ITSState, GICv3ITSClass,
 
 struct GICv3ITSClass {
     GICv3ITSCommonClass parent_class;
-    void (*parent_reset)(DeviceState *dev);
+    ResettablePhases parent_phases;
 };
 
 /*
@@ -XXX,XX +XXX,XX @@ static void gicv3_arm_its_realize(DeviceState *dev, Error **errp)
     }
 }
 
-static void gicv3_its_reset(DeviceState *dev)
+static void gicv3_its_reset_hold(Object *obj)
 {
-    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
     GICv3ITSClass *c = ARM_GICV3_ITS_GET_CLASS(s);
 
-    c->parent_reset(dev);
+    if (c->parent_phases.hold) {
+        c->parent_phases.hold(obj);
+    }
 
     /* Quiescent bit reset to 1 */
     s->ctlr = FIELD_DP32(s->ctlr, GITS_CTLR, QUIESCENT, 1);
@@ -XXX,XX +XXX,XX @@ static Property gicv3_its_props[] = {
 static void gicv3_its_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     GICv3ITSClass *ic = ARM_GICV3_ITS_CLASS(klass);
     GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
 
     dc->realize = gicv3_arm_its_realize;
     device_class_set_props(dc, gicv3_its_props);
-    device_class_set_parent_reset(dc, gicv3_its_reset, &ic->parent_reset);
+    resettable_class_set_parent_phases(rc, NULL, gicv3_its_reset_hold, NULL,
+                                       &ic->parent_phases);
     icc->post_load = gicv3_its_post_load;
 }
 
-- 
2.25.1

Convert the TYPE_KVM_ARM_ITS device to 3-phase reset.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221109161444.3397405-10-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_its_kvm.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -XXX,XX +XXX,XX @@ DECLARE_OBJ_CHECKERS(GICv3ITSState, KVMARMITSClass,
 
 struct KVMARMITSClass {
     GICv3ITSCommonClass parent_class;
-    void (*parent_reset)(DeviceState *dev);
+    ResettablePhases parent_phases;
 };
 
 
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_post_load(GICv3ITSState *s)
                       GITS_CTLR, &s->ctlr, true, &error_abort);
 }
 
-static void kvm_arm_its_reset(DeviceState *dev)
+static void kvm_arm_its_reset_hold(Object *obj)
 {
-    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+    GICv3ITSState *s = ARM_GICV3_ITS_COMMON(obj);
     KVMARMITSClass *c = KVM_ARM_ITS_GET_CLASS(s);
     int i;
 
-    c->parent_reset(dev);
+    if (c->parent_phases.hold) {
+        c->parent_phases.hold(obj);
+    }
 
     if (kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
                                KVM_DEV_ARM_ITS_CTRL_RESET)) {
@@ -XXX,XX +XXX,XX @@ static Property kvm_arm_its_props[] = {
 static void kvm_arm_its_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ResettableClass *rc = RESETTABLE_CLASS(klass);
     GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
     KVMARMITSClass *ic = KVM_ARM_ITS_CLASS(klass);
 
     dc->realize = kvm_arm_its_realize;
     device_class_set_props(dc, kvm_arm_its_props);
-    device_class_set_parent_reset(dc, kvm_arm_its_reset, &ic->parent_reset);
+    resettable_class_set_parent_phases(rc, NULL, kvm_arm_its_reset_hold, NULL,
+                                       &ic->parent_phases);
     icc->send_msi = kvm_its_send_msi;
     icc->pre_save = kvm_arm_its_pre_save;
     icc->post_load = kvm_arm_its_post_load;
-- 
2.25.1

From: Schspa Shi <schspa@gmail.com>

We use 32bit value for linux,initrd-[start/end], when we have
loader_start > 4GB, there will be a wrong initrd_start passed
to the kernel, and the kernel will report the following warning.

[    0.000000] ------------[ cut here ]------------
[    0.000000] initrd not fully accessible via the linear mapping -- please check your bootloader ...
[    0.000000] WARNING: CPU: 0 PID: 0 at arch/arm64/mm/init.c:355 arm64_memblock_init+0x158/0x244
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 PID: 0 Comm: swapper Tainted: G        W          6.1.0-rc3-13250-g30a0b95b1335-dirty #28
[    0.000000] Hardware name: Horizon Sigi Virtual development board (DT)
[    0.000000] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[    0.000000] pc : arm64_memblock_init+0x158/0x244
[    0.000000] lr : arm64_memblock_init+0x158/0x244
[    0.000000] sp : ffff800009273df0
[    0.000000] x29: ffff800009273df0 x28: 0000001000cc0010 x27: 0000800000000000
[    0.000000] x26: 000000000050a3e2 x25: ffff800008b46000 x24: ffff800008b46000
[    0.000000] x23: ffff800008a53000 x22: ffff800009420000 x21: ffff800008a53000
[    0.000000] x20: 0000000004000000 x19: 0000000004000000 x18: 00000000ffff1020
[    0.000000] x17: 6568632065736165 x16: 6c70202d2d20676e x15: 697070616d207261
[    0.000000] x14: 656e696c20656874 x13: 0a2e2e2e20726564 x12: 0000000000000000
[    0.000000] x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
[    0.000000] x8 : 0000000000000000 x7 : 796c6c756620746f x6 : 6e20647274696e69
[    0.000000] x5 : ffff8000093c7c47 x4 : ffff800008a2102f x3 : ffff800009273a88
[    0.000000] x2 : 80000000fffff038 x1 : 00000000000000c0 x0 : 0000000000000056
[    0.000000] Call trace:
[    0.000000]  arm64_memblock_init+0x158/0x244
[    0.000000]  setup_arch+0x164/0x1cc
[    0.000000]  start_kernel+0x94/0x4ac
[    0.000000]  __primary_switched+0xb4/0xbc
[    0.000000] ---[ end trace 0000000000000000 ]---
[    0.000000] Zone ranges:
[    0.000000]   DMA      [mem 0x0000001000000000-0x0000001007ffffff]

This doesn't affect any machine types we currently support, because
for all of our machine types the RAM starts well below the 4GB
mark, but it does demonstrate that we're not currently writing
the device-tree properties quite as intended.

To fix it, we can change it to write these values to the dtb using a
type width matching #address-cells.  This is the intended size for
these dtb properties, and is how u-boot, for instance, writes them,
although in practice the Linux kernel will cope with them being any
width as long as they're big enough to fit the value.

Signed-off-by: Schspa Shi <schspa@gmail.com>
Message-id: 20221129160724.75667-1-schspa@gmail.com
[PMM: tweaked commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
     }
 
     if (binfo->initrd_size) {
-        rc = qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start",
-                                   binfo->initrd_start);
+        rc = qemu_fdt_setprop_sized_cells(fdt, "/chosen", "linux,initrd-start",
+                                          acells, binfo->initrd_start);
         if (rc < 0) {
             fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
             goto fail;
         }
 
-        rc = qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
-                                   binfo->initrd_start + binfo->initrd_size);
+        rc = qemu_fdt_setprop_sized_cells(fdt, "/chosen", "linux,initrd-end",
+                                          acells,
+                                          binfo->initrd_start +
+                                          binfo->initrd_size);
         if (rc < 0) {
             fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
             goto fail;
-- 
2.25.1

From: Zhuojia Shen <chaosdefinition@hotmail.com>

In CPUID registers exposed to userspace, some registers were missing
and some fields were not exposed.  This patch aligns exposed ID
registers and their fields with what the upstream kernel currently
exposes.

Specifically, the following new ID registers/fields are exposed to
userspace:

ID_AA64PFR1_EL1.BT:       bits 3-0
ID_AA64PFR1_EL1.MTE:      bits 11-8
ID_AA64PFR1_EL1.SME:      bits 27-24

ID_AA64ZFR0_EL1.SVEver:   bits 3-0
ID_AA64ZFR0_EL1.AES:      bits 7-4
ID_AA64ZFR0_EL1.BitPerm:  bits 19-16
ID_AA64ZFR0_EL1.BF16:     bits 23-20
ID_AA64ZFR0_EL1.SHA3:     bits 35-32
ID_AA64ZFR0_EL1.SM4:      bits 43-40
ID_AA64ZFR0_EL1.I8MM:     bits 47-44
ID_AA64ZFR0_EL1.F32MM:    bits 55-52
ID_AA64ZFR0_EL1.F64MM:    bits 59-56

ID_AA64SMFR0_EL1.F32F32:  bit 32
ID_AA64SMFR0_EL1.B16F32:  bit 34
ID_AA64SMFR0_EL1.F16F32:  bit 35
ID_AA64SMFR0_EL1.I8I32:   bits 39-36
ID_AA64SMFR0_EL1.F64F64:  bit 48
ID_AA64SMFR0_EL1.I16I64:  bits 55-52
ID_AA64SMFR0_EL1.FA64:    bit 63

ID_AA64MMFR0_EL1.ECV:     bits 63-60

ID_AA64MMFR1_EL1.AFP:     bits 47-44

ID_AA64MMFR2_EL1.AT:      bits 35-32

ID_AA64ISAR0_EL1.RNDR:    bits 63-60

ID_AA64ISAR1_EL1.FRINTTS: bits 35-32
ID_AA64ISAR1_EL1.BF16:    bits 47-44
ID_AA64ISAR1_EL1.DGH:     bits 51-48
ID_AA64ISAR1_EL1.I8MM:    bits 55-52

ID_AA64ISAR2_EL1.WFxT:    bits 3-0
ID_AA64ISAR2_EL1.RPRES:   bits 7-4
ID_AA64ISAR2_EL1.GPA3:    bits 11-8
ID_AA64ISAR2_EL1.APA3:    bits 15-12

The code is also refactored to use symbolic names for ID register fields
for better readability and maintainability.

Signed-off-by: Zhuojia Shen <chaosdefinition@hotmail.com>
Message-id: DS7PR12MB6309BC9133877BCC6FC419FEAC0D9@DS7PR12MB6309.namprd12.prod.outlook.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 96 +++++++++++++++++++++++++++++++++++++--------
 1 file changed, 79 insertions(+), 17 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
 #ifdef CONFIG_USER_ONLY
         static const ARMCPRegUserSpaceInfo v8_user_idregs[] = {
             { .name = "ID_AA64PFR0_EL1",
-              .exported_bits = 0x000f000f00ff0000,
-              .fixed_bits    = 0x0000000000000011 },
+              .exported_bits = R_ID_AA64PFR0_FP_MASK |
+                               R_ID_AA64PFR0_ADVSIMD_MASK |
+                               R_ID_AA64PFR0_SVE_MASK |
+                               R_ID_AA64PFR0_DIT_MASK,
+              .fixed_bits = (0x1 << R_ID_AA64PFR0_EL0_SHIFT) |
+                            (0x1 << R_ID_AA64PFR0_EL1_SHIFT) },
             { .name = "ID_AA64PFR1_EL1",
-              .exported_bits = 0x00000000000000f0 },
+              .exported_bits = R_ID_AA64PFR1_BT_MASK |
+                               R_ID_AA64PFR1_SSBS_MASK |
+                               R_ID_AA64PFR1_MTE_MASK |
+                               R_ID_AA64PFR1_SME_MASK },
             { .name = "ID_AA64PFR*_EL1_RESERVED",
-              .is_glob = true                     },
-            { .name = "ID_AA64ZFR0_EL1"           },
+              .is_glob = true },
+            { .name = "ID_AA64ZFR0_EL1",
+              .exported_bits = R_ID_AA64ZFR0_SVEVER_MASK |
+                               R_ID_AA64ZFR0_AES_MASK |
+                               R_ID_AA64ZFR0_BITPERM_MASK |
+                               R_ID_AA64ZFR0_BFLOAT16_MASK |
+                               R_ID_AA64ZFR0_SHA3_MASK |
+                               R_ID_AA64ZFR0_SM4_MASK |
+                               R_ID_AA64ZFR0_I8MM_MASK |
+                               R_ID_AA64ZFR0_F32MM_MASK |
+                               R_ID_AA64ZFR0_F64MM_MASK },
+            { .name = "ID_AA64SMFR0_EL1",
+              .exported_bits = R_ID_AA64SMFR0_F32F32_MASK |
+                               R_ID_AA64SMFR0_B16F32_MASK |
+                               R_ID_AA64SMFR0_F16F32_MASK |
+                               R_ID_AA64SMFR0_I8I32_MASK |
+                               R_ID_AA64SMFR0_F64F64_MASK |
+                               R_ID_AA64SMFR0_I16I64_MASK |
+                               R_ID_AA64SMFR0_FA64_MASK },
             { .name = "ID_AA64MMFR0_EL1",
-              .fixed_bits    = 0x00000000ff000000 },
-            { .name = "ID_AA64MMFR1_EL1"          },
+              .exported_bits = R_ID_AA64MMFR0_ECV_MASK,
+              .fixed_bits = (0xf << R_ID_AA64MMFR0_TGRAN64_SHIFT) |
+                            (0xf << R_ID_AA64MMFR0_TGRAN4_SHIFT) },
+            { .name = "ID_AA64MMFR1_EL1",
+              .exported_bits = R_ID_AA64MMFR1_AFP_MASK },
+            { .name = "ID_AA64MMFR2_EL1",
+              .exported_bits = R_ID_AA64MMFR2_AT_MASK },
             { .name = "ID_AA64MMFR*_EL1_RESERVED",
-              .is_glob = true                     },
+              .is_glob = true },
             { .name = "ID_AA64DFR0_EL1",
-              .fixed_bits    = 0x0000000000000006 },
-            { .name = "ID_AA64DFR1_EL1"           },
+              .fixed_bits = (0x6 << R_ID_AA64DFR0_DEBUGVER_SHIFT) },
+            { .name = "ID_AA64DFR1_EL1" },
             { .name = "ID_AA64DFR*_EL1_RESERVED",
-              .is_glob = true                     },
+              .is_glob = true },
             { .name = "ID_AA64AFR*",
-              .is_glob = true                     },
+              .is_glob = true },
             { .name = "ID_AA64ISAR0_EL1",
-              .exported_bits = 0x00fffffff0fffff0 },
+              .exported_bits = R_ID_AA64ISAR0_AES_MASK |
+                               R_ID_AA64ISAR0_SHA1_MASK |
+                               R_ID_AA64ISAR0_SHA2_MASK |
+                               R_ID_AA64ISAR0_CRC32_MASK |
+                               R_ID_AA64ISAR0_ATOMIC_MASK |
+                               R_ID_AA64ISAR0_RDM_MASK |
+                               R_ID_AA64ISAR0_SHA3_MASK |
+                               R_ID_AA64ISAR0_SM3_MASK |
+                               R_ID_AA64ISAR0_SM4_MASK |
+                               R_ID_AA64ISAR0_DP_MASK |
+                               R_ID_AA64ISAR0_FHM_MASK |
+                               R_ID_AA64ISAR0_TS_MASK |
+                               R_ID_AA64ISAR0_RNDR_MASK },
             { .name = "ID_AA64ISAR1_EL1",
-              .exported_bits = 0x000000f0ffffffff },
+              .exported_bits = R_ID_AA64ISAR1_DPB_MASK |
+                               R_ID_AA64ISAR1_APA_MASK |
+                               R_ID_AA64ISAR1_API_MASK |
+                               R_ID_AA64ISAR1_JSCVT_MASK |
+                               R_ID_AA64ISAR1_FCMA_MASK |
+                               R_ID_AA64ISAR1_LRCPC_MASK |
+                               R_ID_AA64ISAR1_GPA_MASK |
+                               R_ID_AA64ISAR1_GPI_MASK |
+                               R_ID_AA64ISAR1_FRINTTS_MASK |
+                               R_ID_AA64ISAR1_SB_MASK |
+                               R_ID_AA64ISAR1_BF16_MASK |
+                               R_ID_AA64ISAR1_DGH_MASK |
+                               R_ID_AA64ISAR1_I8MM_MASK },
+            { .name = "ID_AA64ISAR2_EL1",
+              .exported_bits = R_ID_AA64ISAR2_WFXT_MASK |
+                               R_ID_AA64ISAR2_RPRES_MASK |
+                               R_ID_AA64ISAR2_GPA3_MASK |
+                               R_ID_AA64ISAR2_APA3_MASK },
             { .name = "ID_AA64ISAR*_EL1_RESERVED",
-              .is_glob = true                     },
+              .is_glob = true },
         };
         modify_arm_cp_regs(v8_idregs, v8_user_idregs);
 #endif
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
 #ifdef CONFIG_USER_ONLY
         static const ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
             { .name = "MIDR_EL1",
-              .exported_bits = 0x00000000ffffffff },
-            { .name = "REVIDR_EL1"                },
+              .exported_bits = R_MIDR_EL1_REVISION_MASK |
+                               R_MIDR_EL1_PARTNUM_MASK |
+                               R_MIDR_EL1_ARCHITECTURE_MASK |
+                               R_MIDR_EL1_VARIANT_MASK |
+                               R_MIDR_EL1_IMPLEMENTER_MASK },
+            { .name = "REVIDR_EL1" },
         };
         modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
 #endif
-- 
2.25.1

From: Thomas Huth <thuth@redhat.com>

The header target/arm/kvm-consts.h checks CONFIG_KVM which is marked as
poisoned in common code, so the files that include this header have to
be added to specific_ss and recompiled for each, qemu-system-arm and
qemu-system-aarch64. However, since the kvm headers are only optionally
used in kvm-constants.h for some sanity checks, we can additionally
check the NEED_CPU_H macro first to avoid the poisoned CONFIG_KVM macro,
so kvm-constants.h can also be used from "common" files (without the
sanity checks - which should be OK since they are still done from other
target-specific files instead). This way, and by adjusting some other
include statements in the related files here and there, we can move some
files from specific_ss into softmmu_ss, so that they only need to be
compiled once during the build process.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221202154023.293614-1-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/misc/xlnx-zynqmp-apu-ctrl.h |  2 +-
 target/arm/kvm-consts.h                |  8 ++++----
 hw/misc/imx6_src.c                     |  2 +-
 hw/misc/iotkit-sysctl.c                |  1 -
 hw/misc/meson.build                    | 11 +++++------
 5 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/include/hw/misc/xlnx-zynqmp-apu-ctrl.h b/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
+++ b/include/hw/misc/xlnx-zynqmp-apu-ctrl.h
@@ -XXX,XX +XXX,XX @@
 
 #include "hw/sysbus.h"
 #include "hw/register.h"
-#include "target/arm/cpu.h"
+#include "target/arm/cpu-qom.h"
 
 #define TYPE_XLNX_ZYNQMP_APU_CTRL "xlnx.apu-ctrl"
 OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPAPUCtrl, XLNX_ZYNQMP_APU_CTRL)
diff --git a/target/arm/kvm-consts.h b/target/arm/kvm-consts.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm-consts.h
+++ b/target/arm/kvm-consts.h
@@ -XXX,XX +XXX,XX @@
 #ifndef ARM_KVM_CONSTS_H
 #define ARM_KVM_CONSTS_H
 
+#ifdef NEED_CPU_H
 #ifdef CONFIG_KVM
 #include <linux/kvm.h>
 #include <linux/psci.h>
-
 #define MISMATCH_CHECK(X, Y) QEMU_BUILD_BUG_ON(X != Y)
+#endif
+#endif
 
-#else
-
+#ifndef MISMATCH_CHECK
 #define MISMATCH_CHECK(X, Y) QEMU_BUILD_BUG_ON(0)
-
 #endif
 
 #define CP_REG_SIZE_SHIFT 52
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/log.h"
 #include "qemu/main-loop.h"
 #include "qemu/module.h"
-#include "arm-powerctl.h"
+#include "target/arm/arm-powerctl.h"
 #include "hw/core/cpu.h"
 
 #ifndef DEBUG_IMX6_SRC
diff --git a/hw/misc/iotkit-sysctl.c b/hw/misc/iotkit-sysctl.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/iotkit-sysctl.c
+++ b/hw/misc/iotkit-sysctl.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/qdev-properties.h"
 #include "hw/arm/armsse-version.h"
 #include "target/arm/arm-powerctl.h"
-#include "target/arm/cpu.h"
 
 REG32(SECDBGSTAT, 0x0)
 REG32(SECDBGSET, 0x4)
diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_IMX', if_true: files(
   'imx25_ccm.c',
   'imx31_ccm.c',
   'imx6_ccm.c',
+  'imx6_src.c',
   'imx6ul_ccm.c',
   'imx7_ccm.c',
   'imx7_gpr.c',
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_RASPI', if_true: files(
 ))
 softmmu_ss.add(when: 'CONFIG_SLAVIO', if_true: files('slavio_misc.c'))
 softmmu_ss.add(when: 'CONFIG_ZYNQ', if_true: files('zynq_slcr.c'))
-specific_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-crf.c'))
-specific_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-apu-ctrl.c'))
+softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-crf.c'))
+softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_ARM', if_true: files('xlnx-zynqmp-apu-ctrl.c'))
 specific_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: files('xlnx-versal-crl.c'))
 softmmu_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: files(
   'xlnx-versal-xramc.c',
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_TZ_MPC', if_true: files('tz-mpc.c'))
 softmmu_ss.add(when: 'CONFIG_TZ_MSC', if_true: files('tz-msc.c'))
 softmmu_ss.add(when: 'CONFIG_TZ_PPC', if_true: files('tz-ppc.c'))
 softmmu_ss.add(when: 'CONFIG_IOTKIT_SECCTL', if_true: files('iotkit-secctl.c'))
+softmmu_ss.add(when: 'CONFIG_IOTKIT_SYSCTL', if_true: files('iotkit-sysctl.c'))
 softmmu_ss.add(when: 'CONFIG_IOTKIT_SYSINFO', if_true: files('iotkit-sysinfo.c'))
 softmmu_ss.add(when: 'CONFIG_ARMSSE_CPU_PWRCTRL', if_true: files('armsse-cpu-pwrctrl.c'))
 softmmu_ss.add(when: 'CONFIG_ARMSSE_CPUID', if_true: files('armsse-cpuid.c'))
@@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_ahb_apb_pnp.c'))
 
 specific_ss.add(when: 'CONFIG_AVR_POWER', if_true: files('avr_power.c'))
 
-specific_ss.add(when: 'CONFIG_IMX', if_true: files('imx6_src.c'))
-specific_ss.add(when: 'CONFIG_IOTKIT_SYSCTL', if_true: files('iotkit-sysctl.c'))
-
 specific_ss.add(when: 'CONFIG_MAC_VIA', if_true: files('mac_via.c'))
 
 specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_cmgcr.c', 'mips_cpc.c'))
 specific_ss.add(when: 'CONFIG_MIPS_ITU', if_true: files('mips_itu.c'))
 
-specific_ss.add(when: 'CONFIG_SBSA_REF', if_true: files('sbsa_ec.c'))
+softmmu_ss.add(when: 'CONFIG_SBSA_REF', if_true: files('sbsa_ec.c'))
 
 # HPPA devices
 softmmu_ss.add(when: 'CONFIG_LASI', if_true: files('lasi.c'))
-- 
2.25.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

When building with --disable-tcg on Darwin we get:

target/arm/cpu.c:725:16: error: incomplete definition of type 'struct TCGCPUOps'
    cc->tcg_ops->do_interrupt(cs);
    ~~~~~~~~~~~^

Commit 083afd18a9 ("target/arm: Restrict cpu_exec_interrupt()
handler to sysemu") limited this block to system emulation,
but neglected to also limit it to TCG.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-id: 20221209110823.59495-1-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
     arm_rebuild_hflags(env);
 }
 
-#ifndef CONFIG_USER_ONLY
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 
 static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
                                      unsigned int target_el,
@@ -XXX,XX +XXX,XX @@ static bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     cc->tcg_ops->do_interrupt(cs);
     return true;
 }
-#endif /* !CONFIG_USER_ONLY */
+
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 void arm_cpu_update_virq(ARMCPU *cpu)
 {
-- 
2.25.1

A last small test of bug fixes before rc1.

thanks
-- PMM

The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:

Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717

for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4:

hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/sbsa-ref: set 'slots' property of xhci
 * linux-user: Remove pointless NULL check in clock_adjtime handling
 * ptw: Fix S1_ptw_translate() debug path
 * ptw: Account for FEAT_RME when applying {N}SW, SA bits
 * accel/tcg: Zero-pad PC in TCG CPU exec trace lines
 * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write

----------------------------------------------------------------
Peter Maydell (5):
      linux-user: Remove pointless NULL check in clock_adjtime handling
      target/arm/ptw.c: Add comments to S1Translate struct fields
      target/arm: Fix S1_ptw_translate() debug path
      target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
      accel/tcg: Zero-pad PC in TCG CPU exec trace lines

Tong Ho (1):
      hw/nvram: Avoid unnecessary Xilinx eFuse backstore write

Yuquan Wang (1):
      hw/arm/sbsa-ref: set 'slots' property of xhci

From: Yuquan Wang <wangyuquan1236@phytium.com.cn>

This extends the slots of xhci to 64, since the default xhci_sysbus
just supports one slot.

Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn>
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/sbsa-ref.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms)
     hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;
     int irq = sbsa_ref_irqmap[SBSA_XHCI];
     DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
+    qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
 
     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
-- 
2.34.1

In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to
the address of the local variable htx.  This means it can never be
NULL, but later in the code we check it for NULL anyway.  Coverity
complains about this (CID 1507683) because the NULL check comes after
a call to clock_adjtime() that assumes it is non-NULL.

Since phtx is always &htx, and is used only in three places, it's not
really necessary.  Remove it, bringing the code structure in to line
with that for TARGET_NR_clock_adjtime64, which already uses a simple
'&htx' when it wants a pointer to 'htx'.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org
---
 linux-user/syscall.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
 #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
     case TARGET_NR_clock_adjtime:
         {
-            struct timex htx, *phtx = &htx;
+            struct timex htx;
 
-            if (target_to_host_timex(phtx, arg2) != 0) {
+            if (target_to_host_timex(&htx, arg2) != 0) {
                 return -TARGET_EFAULT;
             }
-            ret = get_errno(clock_adjtime(arg1, phtx));
-            if (!is_error(ret) && phtx) {
-                if (host_to_target_timex(arg2, phtx) != 0) {
-                    return -TARGET_EFAULT;
-                }
+            ret = get_errno(clock_adjtime(arg1, &htx));
+            if (!is_error(ret) && host_to_target_timex(arg2, &htx)) {
+                return -TARGET_EFAULT;
             }
         }
         return ret;
-- 
2.34.1

Add comments to the in_* fields in the S1Translate struct
that explain what they're doing.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org
---
 target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@
 #endif
 
 typedef struct S1Translate {
+    /*
+     * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk.
+     * Together with in_space, specifies the architectural translation regime.
+     */
     ARMMMUIdx in_mmu_idx;
+    /*
+     * in_ptw_idx: specifies which mmuidx to use for the actual
+     * page table descriptor load operations. This will be one of the
+     * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes.
+     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
+     * this field is updated accordingly.
+     */
     ARMMMUIdx in_ptw_idx;
+    /*
+     * in_space: the security space for this walk. This plus
+     * the in_mmu_idx specify the architectural translation regime.
+     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
+     * this field is updated accordingly.
+     *
+     * Note that the security space for the in_ptw_idx may be different
+     * from that for the in_mmu_idx. We do not need to explicitly track
+     * the in_ptw_idx security space because:
+     *  - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx
+     *    itself specifies the security space
+     *  - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security
+     *    space used for ptw reads is the same as that of the security
+     *    space of the stage 1 translation for all cases except where
+     *    stage 1 is Secure; in that case the only possibilities for
+     *    the ptw read are Secure and NonSecure, and the in_ptw_idx
+     *    value being Stage2 vs Stage2_S distinguishes those.
+     */
     ARMSecuritySpace in_space;
+    /*
+     * in_secure: whether the translation regime is a Secure one.
+     * This is always equal to arm_space_is_secure(in_space).
+     * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
+     * this field is updated accordingly.
+     */
     bool in_secure;
+    /*
+     * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug
+     * accesses will not update the guest page table access flags
+     * and will not change the state of the softmmu TLBs.
+     */
     bool in_debug;
     /*
      * If this is stage 2 of a stage 1+2 page table walk, then this must
-- 
2.34.1

In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate()
so that the debug-access "call get_phys_addr_*" codepath is used both
when S1 is doing ptw reads from stage 2 and when it is doing ptw
reads from physical memory.  However, we didn't update the
calculation of s2ptw->in_space and s2ptw->in_secure to account for
the "ptw reads from physical memory" case.  This meant that debug
accesses when in Secure state broke.

Create a new function S2_security_space() which returns the
correct security space to use for the ptw load, and use it to
determine the correct .in_secure and .in_space fields for the
stage 2 lookup for the ptw load.

Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org
Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
     }
 }
 
+static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space,
+                                          ARMMMUIdx s2_mmu_idx)
+{
+    /*
+     * Return the security space to use for stage 2 when doing
+     * the S1 page table descriptor load.
+     */
+    if (regime_is_stage2(s2_mmu_idx)) {
+        /*
+         * The security space for ptw reads is almost always the same
+         * as that of the security space of the stage 1 translation.
+         * The only exception is when stage 1 is Secure; in that case
+         * the ptw read might be to the Secure or the NonSecure space
+         * (but never Realm or Root), and the s2_mmu_idx tells us which.
+         * Root translations are always single-stage.
+         */
+        if (s1_space == ARMSS_Secure) {
+            return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S);
+        } else {
+            assert(s2_mmu_idx != ARMMMUIdx_Stage2_S);
+            assert(s1_space != ARMSS_Root);
+            return s1_space;
+        }
+    } else {
+        /* ptw loads are from phys: the mmu idx itself says which space */
+        return arm_phys_to_space(s2_mmu_idx);
+    }
+}
+
 /* Translate a S1 pagetable walk through S2 if needed.  */
 static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
                              hwaddr addr, ARMMMUFaultInfo *fi)
 {
-    ARMSecuritySpace space = ptw->in_space;
     bool is_secure = ptw->in_secure;
     ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
     ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
          * From gdbstub, do not use softmmu so that we don't modify the
          * state of the cpu at all, including softmmu tlb contents.
          */
+        ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx);
         S1Translate s2ptw = {
             .in_mmu_idx = s2_mmu_idx,
             .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
-            .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
-            .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
-                         : space == ARMSS_Realm ? ARMSS_Realm
-                         : ARMSS_NonSecure),
+            .in_secure = arm_space_is_secure(s2_space),
+            .in_space = s2_space,
             .in_debug = true,
         };
         GetPhysAddrResult s2 = { };
-- 
2.34.1

In get_phys_addr_twostage() the code that applies the effects of
VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure.
Now we also have f.attrs.space for FEAT_RME, we need to keep the two
in sync.

These bits only have an effect for Secure space translations, not
for Root, so use the input in_space field to determine whether to
apply them rather than the input is_secure. This doesn't actually
make a difference because Root translations are never two-stage,
but it's a little clearer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org
---
 target/arm/ptw.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
     hwaddr ipa;
     int s1_prot, s1_lgpgsz;
     bool is_secure = ptw->in_secure;
+    ARMSecuritySpace in_space = ptw->in_space;
     bool ret, ipa_secure;
     ARMCacheAttrs cacheattrs1;
     ARMSecuritySpace ipa_space;
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
      * Check if IPA translates to secure or non-secure PA space.
      * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA.
      */
-    result->f.attrs.secure =
-        (is_secure
-         && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
-         && (ipa_secure
-             || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))));
+    if (in_space == ARMSS_Secure) {
+        result->f.attrs.secure =
+            !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW))
+            && (ipa_secure
+                || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)));
+        result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure);
+    }
 
     return false;
 }
-- 
2.34.1

In commit f0a08b0913befbd we changed the type of the PC from
target_ulong to vaddr.  In doing so we inadvertently dropped the
zero-padding on the PC in trace lines (the second item inside the []
in these lines).  They used to look like this on AArch64, for
instance:

Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000]

and now they look like this:
Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000]

and if the PC happens to be somewhere low like 0x5000
then the field is shown as /5000/.

This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier,
depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64
with no width specifier.

Restore the zero-padding by adding an 016 width specifier to
this tracing and a couple of others that were similarly recently
changed to use VADDR_PRIx without a width specifier.

We can't unfortunately restore the "32-bit guests are padded to
8 hex digits and 64-bit guests to 16 hex digits" behaviour so
easily.

Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org
---
 accel/tcg/cpu-exec.c      | 4 ++--
 accel/tcg/translate-all.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu,
     if (qemu_log_in_addr_range(pc)) {
         qemu_log_mask(CPU_LOG_EXEC,
                       "Trace %d: %p [%08" PRIx64
-                      "/%" VADDR_PRIx "/%08x/%08x] %s\n",
+                      "/%016" VADDR_PRIx "/%08x/%08x] %s\n",
                       cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc,
                       tb->flags, tb->cflags, lookup_symbol(pc));
 
@@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
         if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
             vaddr pc = log_pc(cpu, last_tb);
             if (qemu_log_in_addr_range(pc)) {
-                qemu_log("Stopped execution of TB chain before %p [%"
+                qemu_log("Stopped execution of TB chain before %p [%016"
                          VADDR_PRIx "] %s\n",
                          last_tb->tc.ptr, pc, lookup_symbol(pc));
             }
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
     if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
         vaddr pc = log_pc(cpu, tb);
         if (qemu_log_in_addr_range(pc)) {
-            qemu_log("cpu_io_recompile: rewound execution of TB to %"
+            qemu_log("cpu_io_recompile: rewound execution of TB to %016"
                      VADDR_PRIx "\n", pc);
         }
     }
-- 
2.34.1

From: Tong Ho <tong.ho@amd.com>

Add a check in the bit-set operation to write the backstore
only if the affected bit is 0 before.

With this in place, there will be no need for callers to
do the checking in order to avoid unnecessary writes.

Signed-off-by: Tong Ho <tong.ho@amd.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/nvram/xlnx-efuse.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/nvram/xlnx-efuse.c
+++ b/hw/nvram/xlnx-efuse.c
@@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k)
 
 bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
 {
+    uint32_t set, *row;
+
     if (efuse_ro_bits_find(s, bit)) {
         g_autofree char *path = object_get_canonical_path(OBJECT(s));
 
@@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit)
         return false;
     }
 
-    s->fuse32[bit / 32] |= 1 << (bit % 32);
-    efuse_bdrv_sync(s, bit);
+    /* Avoid back-end write unless there is a real update */
+    row = &s->fuse32[bit / 32];
+    set = 1 << (bit % 32);
+    if (!(set & *row)) {
+        *row |= set;
+        efuse_bdrv_sync(s, bit);
+    }
     return true;
 }
 
-- 
2.34.1