Series comparison

-[PULL 00/26] target-arm queue
+[PULL v2 00/21] target-arm queue
-The following changes since commit 65cc5ccf06a74c98de73ec683d9a543baa302a12:
+no changes to v1, except adding the CVE identifier to one of the commit
 messages.
-  Merge tag 'pull-riscv-to-apply-20230120' of https://github.com/alistair23/qemu into staging (2023-01-20 16:17:56 +0000)
+-- PMM
 The following changes since commit cf7ca7d5b9faca13f1f8e3ea92cfb2f741eb0c0e:
   Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging (2021-02-01 16:28:00 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230123
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210203
-for you to fetch changes up to 3b07a936d3bfe97b07ddffcfbb532985a88033dd:
+for you to fetch changes up to fd8f71b95da86f530aae3d02a14b0ccd9e024772:
-  target/arm: Look up ARMCPRegInfo at runtime (2023-01-23 13:32:38 +0000)
+  hw/arm: Display CPU type in machine description (2021-02-03 10:15:51 +0000)
 ----------------------------------------------------------------
 target-arm queue:
- * Widen cnthctl_el2 to uint64_t
+ * hw/intc/arm_gic: Allow to use QTest without crashing
- * Unify checking for M Main Extension in MRS/MSR
+ * hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
- * bitbang_i2c, versatile_i2c: code cleanups
+ * hw/char/exynos4210_uart: Fix missing call to report ready for input
- * SME: refactor SME SM/ZA handling
+ * hw/arm/smmuv3: Fix addr_mask for range-based invalidation
- * Fix physical address resolution for MTE
+ * hw/ssi/imx_spi: Fix various minor bugs
- * Fix in_debug path in S1_ptw_translate
+ * hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
- * Don't set EXC_RETURN.ES if Security Extension not present
+ * hw/arm: Add missing Kconfig dependencies
- * Implement DBGCLAIM registers
+ * hw/arm: Display CPU type in machine description
  * Provide stubs for more external debug registers
  * Look up ARMCPRegInfo at runtime, not translate time
 ----------------------------------------------------------------
-David Reiss (1):
+Bin Meng (5):
-      target/arm: Unify checking for M Main Extension in MRS/MSR
+      hw/ssi: imx_spi: Use a macro for number of chip selects supported
       hw/ssi: imx_spi: Remove imx_spi_update_irq() in imx_spi_reset()
       hw/ssi: imx_spi: Round up the burst length to be multiple of 8
       hw/ssi: imx_spi: Correct the burst length > 32 bit transfer logic
       hw/ssi: imx_spi: Correct tx and rx fifo endianness
-Evgeny Iakovlev (2):
+Iris Johnson (2):
-      target/arm: implement DBGCLAIM registers
+      hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
-      target/arm: provide stubs for more external debug registers
+      hw/char/exynos4210_uart: Fix missing call to report ready for input
-Peter Maydell (1):
+Philippe Mathieu-Daudé (12):
-      target/arm: Don't set EXC_RETURN.ES if Security Extension not present
+      hw/intc/arm_gic: Allow to use QTest without crashing
       hw/ssi: imx_spi: Remove pointless variable initialization
       hw/ssi: imx_spi: Rework imx_spi_reset() to keep CONREG register value
       hw/ssi: imx_spi: Rework imx_spi_read() to handle block disabled
       hw/ssi: imx_spi: Rework imx_spi_write() to handle block disabled
       hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
       hw/arm/stm32f405_soc: Add missing dependency on OR_IRQ
       hw/arm/exynos4210: Add missing dependency on OR_IRQ
       hw/arm/xlnx-versal: Versal SoC requires ZDMA
       hw/arm/xlnx-versal: Versal SoC requires ZynqMP peripherals
       hw/net/can: ZynqMP CAN device requires PTIMER
       hw/arm: Display CPU type in machine description
-Philippe Mathieu-Daudé (10):
+Xuzhou Cheng (1):
-      hw/i2c/bitbang_i2c: Define TYPE_GPIO_I2C in public header
+      hw/ssi: imx_spi: Disable chip selects when controller is disabled
       hw/i2c/bitbang_i2c: Remove unused dummy MemoryRegion
       hw/i2c/bitbang_i2c: Change state calling bitbang_i2c_set_state() helper
       hw/i2c/bitbang_i2c: Trace state changes
       hw/i2c/bitbang_i2c: Convert DPRINTF() to trace events
       hw/i2c/versatile_i2c: Drop useless casts from void * to pointer
       hw/i2c/versatile_i2c: Replace VersatileI2CState -> ArmSbconI2CState
       hw/i2c/versatile_i2c: Replace TYPE_VERSATILE_I2C -> TYPE_ARM_SBCON_I2C
       hw/i2c/versatile_i2c: Use ARM_SBCON_I2C() macro
       hw/i2c/versatile_i2c: Rename versatile_i2c -> arm_sbcon_i2c
-Richard Henderson (12):
+Zenghui Yu (1):
-      target/arm: Widen cnthctl_el2 to uint64_t
+      hw/arm/smmuv3: Fix addr_mask for range-based invalidation
       target/arm/sme: Reorg SME access handling in handle_msr_i()
       target/arm/sme: Rebuild hflags in set_pstate() helpers
       target/arm/sme: Introduce aarch64_set_svcr()
       target/arm/sme: Reset SVE state in aarch64_set_svcr()
       target/arm/sme: Reset ZA state in aarch64_set_svcr()
       target/arm/sme: Rebuild hflags in aarch64_set_svcr()
       target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
       target/arm: Fix physical address resolution for MTE
       target/arm: Fix in_debug path in S1_ptw_translate
       target/arm: Reorg do_coproc_insn
       target/arm: Look up ARMCPRegInfo at runtime
- MAINTAINERS                                 |   1 +
+ include/hw/ssi/imx_spi.h  |   5 +-
- include/hw/i2c/arm_sbcon_i2c.h              |   6 +-
+ hw/arm/digic_boards.c     |   2 +-
- include/hw/i2c/bitbang_i2c.h                |   2 +
+ hw/arm/microbit.c         |   2 +-
- target/arm/cpu.h                            |   5 +-
+ hw/arm/netduino2.c        |   2 +-
- target/arm/helper-sme.h                     |   3 +-
+ hw/arm/netduinoplus2.c    |   2 +-
- target/arm/helper.h                         |  11 +-
+ hw/arm/orangepi.c         |   2 +-
- target/arm/translate.h                      |   7 +
+ hw/arm/smmuv3.c           |   4 +-
- hw/arm/musicpal.c                           |   3 +-
+ hw/arm/stellaris.c        |   4 +-
- hw/arm/realview.c                           |   2 +-
+ hw/char/exynos4210_uart.c |   7 ++-
- hw/arm/versatilepb.c                        |   2 +-
+ hw/intc/arm_gic.c         |   5 +-
- hw/arm/vexpress.c                           |   2 +-
+ hw/ssi/imx_spi.c          | 153 +++++++++++++++++++++++++++++-----------------
- hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} |  39 ++-
+ hw/Kconfig                |   1 +
- hw/i2c/bitbang_i2c.c                        |  80 ++++--
+ hw/arm/Kconfig            |   5 ++
- linux-user/aarch64/cpu_loop.c               |  11 +-
+ hw/dma/Kconfig            |   3 +
- linux-user/aarch64/signal.c                 |  13 +-
+ hw/dma/meson.build        |   2 +-
- target/arm/debug_helper.c                   |  54 ++++
+files changed, 130 insertions(+), 69 deletions(-)
  target/arm/helper.c                         |  41 ++-
  target/arm/m_helper.c                       |  24 +-
  target/arm/mte_helper.c                     |   2 +-
  target/arm/op_helper.c                      |  27 +-
  target/arm/ptw.c                            |   4 +-
  target/arm/sme_helper.c                     |  37 +--
  target/arm/translate-a64.c                  |  68 +++--
  target/arm/translate.c                      | 430 +++++++++++++++-------------
  hw/arm/Kconfig                              |   4 +-
  hw/i2c/Kconfig                              |   2 +-
  hw/i2c/meson.build                          |   2 +-
  hw/i2c/trace-events                         |   7 +
 files changed, 506 insertions(+), 383 deletions(-)
  rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (70%)

-[PULL 01/26] target/arm: Widen cnthctl_el2 to uint64_t
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-This is a 64-bit register on AArch64, even if the high 44 bits
-are RES0.  Because this is defined as ARM_CP_STATE_BOTH, we are
-asserting that the cpreg field is 64-bits.
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1400
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230115171633.3171890-1-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
-         };
-         uint64_t c14_cntfrq; /* Counter Frequency register */
-         uint64_t c14_cntkctl; /* Timer Control register */
--        uint32_t cnthctl_el2; /* Counter/Timer Hyp Control register */
-+        uint64_t cnthctl_el2; /* Counter/Timer Hyp Control register */
-         uint64_t cntvoff_el2; /* Counter Virtual Offset register */
-         ARMGenericTimer c14_timer[NUM_GTIMERS];
-         uint32_t c15_cpar; /* XScale Coprocessor Access Register */
---
-.34.1

-[PULL 02/26] target/arm: Unify checking for M Main Extension in MRS/MSR
+Deleted patch
-From: David Reiss <dreiss@meta.com>
-BASEPRI, FAULTMASK, and their _NS equivalents only exist on devices with
-the Main Extension.  However, the MRS instruction did not check this,
-and the MSR instruction handled it inconsistently (warning BASEPRI, but
-silently ignoring writes to BASEPRI_NS).  Unify this behavior and always
-warn when reading or writing any of these registers if the extension is
-not present.
-Signed-off-by: David Reiss <dreiss@meta.com>
-Message-id: 167330628518.10497.13100425787268927786-0@git.sr.ht
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/m_helper.c | 22 ++++++++++++++++++++--
-file changed, 20 insertions(+), 2 deletions(-)
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/m_helper.c
-+++ b/target/arm/m_helper.c
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
-             }
-             return env->v7m.primask[M_REG_NS];
-         case 0x91: /* BASEPRI_NS */
-+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+                goto bad_reg;
-+            }
-             if (!env->v7m.secure) {
-                 return 0;
-             }
-             return env->v7m.basepri[M_REG_NS];
-         case 0x93: /* FAULTMASK_NS */
-+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+                goto bad_reg;
-+            }
-             if (!env->v7m.secure) {
-                 return 0;
-             }
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
-         return env->v7m.primask[env->v7m.secure];
-     case 17: /* BASEPRI */
-     case 18: /* BASEPRI_MAX */
-+        if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+            goto bad_reg;
-+        }
-         return env->v7m.basepri[env->v7m.secure];
-     case 19: /* FAULTMASK */
-+        if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+            goto bad_reg;
-+        }
-         return env->v7m.faultmask[env->v7m.secure];
-     default:
-     bad_reg:
-@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
-             env->v7m.primask[M_REG_NS] = val & 1;
-             return;
-         case 0x91: /* BASEPRI_NS */
--            if (!env->v7m.secure || !arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+                goto bad_reg;
-+            }
-+            if (!env->v7m.secure) {
-                 return;
-             }
-             env->v7m.basepri[M_REG_NS] = val & 0xff;
-             return;
-         case 0x93: /* FAULTMASK_NS */
--            if (!env->v7m.secure || !arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
-+                goto bad_reg;
-+            }
-+            if (!env->v7m.secure) {
-                 return;
-             }
-             env->v7m.faultmask[M_REG_NS] = val & 1;
---
-.34.1

-[PULL 03/26] hw/i2c/bitbang_i2c: Define TYPE_GPIO_I2C in public header
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Define TYPE_GPIO_I2C in the public "hw/i2c/bitbang_i2c.h"
-header and use it in hw/arm/musicpal.c.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Corey Minyard <cminyard@mvista.com>
-Message-id: 20230111085016.44551-2-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/i2c/bitbang_i2c.h | 2 ++
- hw/arm/musicpal.c            | 3 ++-
- hw/i2c/bitbang_i2c.c         | 1 -
-files changed, 4 insertions(+), 2 deletions(-)
-diff --git a/include/hw/i2c/bitbang_i2c.h b/include/hw/i2c/bitbang_i2c.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/i2c/bitbang_i2c.h
-+++ b/include/hw/i2c/bitbang_i2c.h
-@@ -XXX,XX +XXX,XX @@
- #include "hw/i2c/i2c.h"
-+#define TYPE_GPIO_I2C "gpio_i2c"
-+
- typedef struct bitbang_i2c_interface bitbang_i2c_interface;
- #define BITBANG_I2C_SDA 0
-diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/musicpal.c
-+++ b/hw/arm/musicpal.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/block/flash.h"
- #include "ui/console.h"
- #include "hw/i2c/i2c.h"
-+#include "hw/i2c/bitbang_i2c.h"
- #include "hw/irq.h"
- #include "hw/or-irq.h"
- #include "hw/audio/wm8750.h"
-@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)
-     dev = sysbus_create_simple(TYPE_MUSICPAL_GPIO, MP_GPIO_BASE,
-                                qdev_get_gpio_in(pic, MP_GPIO_IRQ));
--    i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
-+    i2c_dev = sysbus_create_simple(TYPE_GPIO_I2C, -1, NULL);
-     i2c = (I2CBus *)qdev_get_child_bus(i2c_dev, "i2c");
-     lcd_dev = sysbus_create_simple(TYPE_MUSICPAL_LCD, MP_LCD_BASE, NULL);
-diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/bitbang_i2c.c
-+++ b/hw/i2c/bitbang_i2c.c
-@@ -XXX,XX +XXX,XX @@ void bitbang_i2c_init(bitbang_i2c_interface *s, I2CBus *bus)
- /* GPIO interface.  */
--#define TYPE_GPIO_I2C "gpio_i2c"
- OBJECT_DECLARE_SIMPLE_TYPE(GPIOI2CState, GPIO_I2C)
- struct GPIOI2CState {
---
-.34.1

-[PULL 04/26] hw/i2c/bitbang_i2c: Remove unused dummy MemoryRegion
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Corey Minyard <cminyard@mvista.com>
-Message-id: 20230111085016.44551-3-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/bitbang_i2c.c | 7 ++-----
-file changed, 2 insertions(+), 5 deletions(-)
-diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/bitbang_i2c.c
-+++ b/hw/i2c/bitbang_i2c.c
-@@ -XXX,XX +XXX,XX @@ void bitbang_i2c_init(bitbang_i2c_interface *s, I2CBus *bus)
- OBJECT_DECLARE_SIMPLE_TYPE(GPIOI2CState, GPIO_I2C)
- struct GPIOI2CState {
-+    /*< private >*/
-     SysBusDevice parent_obj;
-+    /*< public >*/
--    MemoryRegion dummy_iomem;
-     bitbang_i2c_interface bitbang;
-     int last_level;
-     qemu_irq out;
-@@ -XXX,XX +XXX,XX @@ static void gpio_i2c_init(Object *obj)
- {
-     DeviceState *dev = DEVICE(obj);
-     GPIOI2CState *s = GPIO_I2C(obj);
--    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
-     I2CBus *bus;
--    memory_region_init(&s->dummy_iomem, obj, "gpio_i2c", 0);
--    sysbus_init_mmio(sbd, &s->dummy_iomem);
--
-     bus = i2c_init_bus(dev, "i2c");
-     bitbang_i2c_init(&s->bitbang, bus);
---
-.34.1

-[PULL 05/26] hw/i2c/bitbang_i2c: Change state calling bitbang_i2c_set_state() helper
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Corey Minyard <cminyard@mvista.com>
-Message-id: 20230111085016.44551-4-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/bitbang_i2c.c | 23 +++++++++++++++--------
-file changed, 15 insertions(+), 8 deletions(-)
-diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/bitbang_i2c.c
-+++ b/hw/i2c/bitbang_i2c.c
-@@ -XXX,XX +XXX,XX @@ do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
- #define DPRINTF(fmt, ...) do {} while(0)
- #endif
-+static void bitbang_i2c_set_state(bitbang_i2c_interface *i2c,
-+                                  bitbang_i2c_state state)
-+{
-+    i2c->state = state;
-+}
-+
- static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
- {
-     DPRINTF("STOP\n");
-     if (i2c->current_addr >= 0)
-         i2c_end_transfer(i2c->bus);
-     i2c->current_addr = -1;
--    i2c->state = STOPPED;
-+    bitbang_i2c_set_state(i2c, STOPPED);
- }
- /* Set device data pin.  */
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-         if (level == 0) {
-             DPRINTF("START\n");
-             /* START condition.  */
--            i2c->state = SENDING_BIT7;
-+            bitbang_i2c_set_state(i2c, SENDING_BIT7);
-             i2c->current_addr = -1;
-         } else {
-             /* STOP condition.  */
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-     case SENDING_BIT7 ... SENDING_BIT0:
-         i2c->buffer = (i2c->buffer << 1) | data;
-         /* will end up in WAITING_FOR_ACK */
--        i2c->state++;
-+        bitbang_i2c_set_state(i2c, i2c->state + 1);
-         return bitbang_i2c_ret(i2c, 1);
-     case WAITING_FOR_ACK:
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-              * device we were sending to decided to NACK us).
-              */
-             DPRINTF("Got NACK\n");
-+            bitbang_i2c_set_state(i2c, SENT_NACK);
-             bitbang_i2c_enter_stop(i2c);
-             return bitbang_i2c_ret(i2c, 1);
-         }
-         if (i2c->current_addr & 1) {
--            i2c->state = RECEIVING_BIT7;
-+            bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
-         } else {
--            i2c->state = SENDING_BIT7;
-+            bitbang_i2c_set_state(i2c, SENDING_BIT7);
-         }
-         return bitbang_i2c_ret(i2c, 0);
-     }
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-     case RECEIVING_BIT6 ... RECEIVING_BIT0:
-         data = i2c->buffer >> 7;
-         /* will end up in SENDING_ACK */
--        i2c->state++;
-+        bitbang_i2c_set_state(i2c, i2c->state + 1);
-         i2c->buffer <<= 1;
-         return bitbang_i2c_ret(i2c, data);
-     case SENDING_ACK:
--        i2c->state = RECEIVING_BIT7;
-         if (data != 0) {
-             DPRINTF("NACKED\n");
--            i2c->state = SENT_NACK;
-+            bitbang_i2c_set_state(i2c, SENT_NACK);
-             i2c_nack(i2c->bus);
-         } else {
-             DPRINTF("ACKED\n");
-+            bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
-         }
-         return bitbang_i2c_ret(i2c, 1);
-     }
---
-.34.1

-[PULL 06/26] hw/i2c/bitbang_i2c: Trace state changes
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Trace bitbang state machine changes with trace events.
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Acked-by: Corey Minyard <cminyard@mvista.com>
-Message-id: 20230111085016.44551-5-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/bitbang_i2c.c | 33 ++++++++++++++++++++++++++++-----
- hw/i2c/trace-events  |  3 +++
-files changed, 31 insertions(+), 5 deletions(-)
-diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/bitbang_i2c.c
-+++ b/hw/i2c/bitbang_i2c.c
-@@ -XXX,XX +XXX,XX @@
- #include "hw/sysbus.h"
- #include "qemu/module.h"
- #include "qom/object.h"
-+#include "trace.h"
- //#define DEBUG_BITBANG_I2C
-@@ -XXX,XX +XXX,XX @@ do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
- #define DPRINTF(fmt, ...) do {} while(0)
- #endif
-+/* bitbang_i2c_state enum to name */
-+static const char * const sname[] = {
-+#define NAME(e) [e] = stringify(e)
-+    NAME(STOPPED),
-+    [SENDING_BIT7] = "SENDING_BIT7 (START)",
-+    NAME(SENDING_BIT6),
-+    NAME(SENDING_BIT5),
-+    NAME(SENDING_BIT4),
-+    NAME(SENDING_BIT3),
-+    NAME(SENDING_BIT2),
-+    NAME(SENDING_BIT1),
-+    NAME(SENDING_BIT0),
-+    NAME(WAITING_FOR_ACK),
-+    [RECEIVING_BIT7] = "RECEIVING_BIT7 (ACK)",
-+    NAME(RECEIVING_BIT6),
-+    NAME(RECEIVING_BIT5),
-+    NAME(RECEIVING_BIT4),
-+    NAME(RECEIVING_BIT3),
-+    NAME(RECEIVING_BIT2),
-+    NAME(RECEIVING_BIT1),
-+    NAME(RECEIVING_BIT0),
-+    NAME(SENDING_ACK),
-+    NAME(SENT_NACK)
-+#undef NAME
-+};
-+
- static void bitbang_i2c_set_state(bitbang_i2c_interface *i2c,
-                                   bitbang_i2c_state state)
- {
-+    trace_bitbang_i2c_state(sname[i2c->state], sname[state]);
-     i2c->state = state;
- }
- static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
- {
--    DPRINTF("STOP\n");
-     if (i2c->current_addr >= 0)
-         i2c_end_transfer(i2c->bus);
-     i2c->current_addr = -1;
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-             return bitbang_i2c_nop(i2c);
-         }
-         if (level == 0) {
--            DPRINTF("START\n");
-             /* START condition.  */
-             bitbang_i2c_set_state(i2c, SENDING_BIT7);
-             i2c->current_addr = -1;
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-             /* NACK (either addressing a nonexistent device, or the
-              * device we were sending to decided to NACK us).
-              */
--            DPRINTF("Got NACK\n");
-             bitbang_i2c_set_state(i2c, SENT_NACK);
-             bitbang_i2c_enter_stop(i2c);
-             return bitbang_i2c_ret(i2c, 1);
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-     case SENDING_ACK:
-         if (data != 0) {
--            DPRINTF("NACKED\n");
-             bitbang_i2c_set_state(i2c, SENT_NACK);
-             i2c_nack(i2c->bus);
-         } else {
--            DPRINTF("ACKED\n");
-             bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
-         }
-         return bitbang_i2c_ret(i2c, 1);
-diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/trace-events
-+++ b/hw/i2c/trace-events
-@@ -XXX,XX +XXX,XX @@
- # See docs/devel/tracing.rst for syntax documentation.
-+# bitbang_i2c.c
-+bitbang_i2c_state(const char *old_state, const char *new_state) "state %s -> %s"
-+
- # core.c
- i2c_event(const char *event, uint8_t address) "%s(addr:0x%02x)"
---
-.34.1

-[PULL 07/26] hw/i2c/bitbang_i2c: Convert DPRINTF() to trace events
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Convert the remaining DPRINTF debug macro uses to tracepoints.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Corey Minyard <cminyard@mvista.com>
-Message-id: 20230111085016.44551-6-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/bitbang_i2c.c | 18 ++++++------------
- hw/i2c/trace-events  |  4 ++++
-files changed, 10 insertions(+), 12 deletions(-)
-diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/bitbang_i2c.c
-+++ b/hw/i2c/bitbang_i2c.c
-@@ -XXX,XX +XXX,XX @@
- #include "qom/object.h"
- #include "trace.h"
--//#define DEBUG_BITBANG_I2C
--
--#ifdef DEBUG_BITBANG_I2C
--#define DPRINTF(fmt, ...) \
--do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
--#else
--#define DPRINTF(fmt, ...) do {} while(0)
--#endif
- /* bitbang_i2c_state enum to name */
- static const char * const sname[] = {
-@@ -XXX,XX +XXX,XX @@ static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
- /* Set device data pin.  */
- static int bitbang_i2c_ret(bitbang_i2c_interface *i2c, int level)
- {
-+    trace_bitbang_i2c_data(i2c->last_clock, i2c->last_data,
-+                           i2c->device_out, level);
-     i2c->device_out = level;
--    //DPRINTF("%d %d %d\n", i2c->last_clock, i2c->last_data, i2c->device_out);
-+
-     return level & i2c->last_data;
- }
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-         if (i2c->current_addr < 0) {
-             i2c->current_addr = i2c->buffer;
--            DPRINTF("Address 0x%02x\n", i2c->current_addr);
-+            trace_bitbang_i2c_addr(i2c->current_addr);
-             ret = i2c_start_transfer(i2c->bus, i2c->current_addr >> 1,
-                                      i2c->current_addr & 1);
-         } else {
--            DPRINTF("Sent 0x%02x\n", i2c->buffer);
-+            trace_bitbang_i2c_send(i2c->buffer);
-             ret = i2c_send(i2c->bus, i2c->buffer);
-         }
-         if (ret) {
-@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
-     }
-     case RECEIVING_BIT7:
-         i2c->buffer = i2c_recv(i2c->bus);
--        DPRINTF("RX byte 0x%02x\n", i2c->buffer);
-+        trace_bitbang_i2c_recv(i2c->buffer);
-         /* Fall through... */
-     case RECEIVING_BIT6 ... RECEIVING_BIT0:
-         data = i2c->buffer >> 7;
-diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/trace-events
-+++ b/hw/i2c/trace-events
-@@ -XXX,XX +XXX,XX @@
- # bitbang_i2c.c
- bitbang_i2c_state(const char *old_state, const char *new_state) "state %s -> %s"
-+bitbang_i2c_addr(uint8_t addr) "Address 0x%02x"
-+bitbang_i2c_send(uint8_t byte) "TX byte 0x%02x"
-+bitbang_i2c_recv(uint8_t byte) "RX byte 0x%02x"
-+bitbang_i2c_data(unsigned dat, unsigned clk, unsigned old_out, unsigned new_out) "dat %u clk %u out %u -> %u"
- # core.c
---
-.34.1

-[PULL 08/26] hw/i2c/versatile_i2c: Drop useless casts from void * to pointer
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230110082508.24038-2-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/versatile_i2c.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/versatile_i2c.c
-+++ b/hw/i2c/versatile_i2c.c
-@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
- static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
-                                    unsigned size)
- {
--    VersatileI2CState *s = (VersatileI2CState *)opaque;
-+    VersatileI2CState *s = opaque;
-     switch (offset) {
-     case A_CONTROL_SET:
-@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
- static void versatile_i2c_write(void *opaque, hwaddr offset,
-                                 uint64_t value, unsigned size)
- {
--    VersatileI2CState *s = (VersatileI2CState *)opaque;
-+    VersatileI2CState *s = opaque;
-     switch (offset) {
-     case A_CONTROL_SET:
---
-.34.1

-[PULL 09/26] hw/i2c/versatile_i2c: Replace VersatileI2CState -> ArmSbconI2CState
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-In order to rename TYPE_VERSATILE_I2C as TYPE_ARM_SBCON_I2C
-(the formal ARM naming), start renaming its state.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230110082508.24038-3-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/i2c/arm_sbcon_i2c.h |  3 +--
- hw/i2c/versatile_i2c.c         | 10 +++++-----
-files changed, 6 insertions(+), 7 deletions(-)
-diff --git a/include/hw/i2c/arm_sbcon_i2c.h b/include/hw/i2c/arm_sbcon_i2c.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/i2c/arm_sbcon_i2c.h
-+++ b/include/hw/i2c/arm_sbcon_i2c.h
-@@ -XXX,XX +XXX,XX @@
- #define TYPE_ARM_SBCON_I2C TYPE_VERSATILE_I2C
- typedef struct ArmSbconI2CState ArmSbconI2CState;
--DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C,
--                         TYPE_ARM_SBCON_I2C)
-+DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C, TYPE_ARM_SBCON_I2C)
- struct ArmSbconI2CState {
-     /*< private >*/
-diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/versatile_i2c.c
-+++ b/hw/i2c/versatile_i2c.c
-@@ -XXX,XX +XXX,XX @@
- #include "qom/object.h"
- typedef ArmSbconI2CState VersatileI2CState;
--DECLARE_INSTANCE_CHECKER(VersatileI2CState, VERSATILE_I2C,
-+DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
-                          TYPE_VERSATILE_I2C)
-@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
- static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
-                                    unsigned size)
- {
--    VersatileI2CState *s = opaque;
-+    ArmSbconI2CState *s = opaque;
-     switch (offset) {
-     case A_CONTROL_SET:
-@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
- static void versatile_i2c_write(void *opaque, hwaddr offset,
-                                 uint64_t value, unsigned size)
- {
--    VersatileI2CState *s = opaque;
-+    ArmSbconI2CState *s = opaque;
-     switch (offset) {
-     case A_CONTROL_SET:
-@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps versatile_i2c_ops = {
- static void versatile_i2c_init(Object *obj)
- {
-     DeviceState *dev = DEVICE(obj);
--    VersatileI2CState *s = VERSATILE_I2C(obj);
-+    ArmSbconI2CState *s = VERSATILE_I2C(obj);
-     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
-     I2CBus *bus;
-@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
- static const TypeInfo versatile_i2c_info = {
-     .name          = TYPE_VERSATILE_I2C,
-     .parent        = TYPE_SYS_BUS_DEVICE,
--    .instance_size = sizeof(VersatileI2CState),
-+    .instance_size = sizeof(ArmSbconI2CState),
-     .instance_init = versatile_i2c_init,
- };
---
-.34.1

-[PULL 10/26] hw/i2c/versatile_i2c: Replace TYPE_VERSATILE_I2C -> TYPE_ARM_SBCON_I2C
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230110082508.24038-4-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- include/hw/i2c/arm_sbcon_i2c.h | 3 +--
- hw/arm/realview.c              | 2 +-
- hw/arm/versatilepb.c           | 2 +-
- hw/arm/vexpress.c              | 2 +-
- hw/i2c/versatile_i2c.c         | 4 ++--
-files changed, 6 insertions(+), 7 deletions(-)
-diff --git a/include/hw/i2c/arm_sbcon_i2c.h b/include/hw/i2c/arm_sbcon_i2c.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/i2c/arm_sbcon_i2c.h
-+++ b/include/hw/i2c/arm_sbcon_i2c.h
-@@ -XXX,XX +XXX,XX @@
- #include "hw/i2c/bitbang_i2c.h"
- #include "qom/object.h"
--#define TYPE_VERSATILE_I2C "versatile_i2c"
--#define TYPE_ARM_SBCON_I2C TYPE_VERSATILE_I2C
-+#define TYPE_ARM_SBCON_I2C "versatile_i2c"
- typedef struct ArmSbconI2CState ArmSbconI2CState;
- DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C, TYPE_ARM_SBCON_I2C)
-diff --git a/hw/arm/realview.c b/hw/arm/realview.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/realview.c
-+++ b/hw/arm/realview.c
-@@ -XXX,XX +XXX,XX @@ static void realview_init(MachineState *machine,
-         }
-     }
--    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, 0x10002000, NULL);
-+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, 0x10002000, NULL);
-     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
-     i2c_slave_create_simple(i2c, "ds1338", 0x68);
-diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/versatilepb.c
-+++ b/hw/arm/versatilepb.c
-@@ -XXX,XX +XXX,XX @@ static void versatile_init(MachineState *machine, int board_id)
-     /* Add PL031 Real Time Clock. */
-     sysbus_create_simple("pl031", 0x101e8000, pic[10]);
--    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, 0x10002000, NULL);
-+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, 0x10002000, NULL);
-     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
-     i2c_slave_create_simple(i2c, "ds1338", 0x68);
-diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/vexpress.c
-+++ b/hw/arm/vexpress.c
-@@ -XXX,XX +XXX,XX @@ static void vexpress_common_init(MachineState *machine)
-     sysbus_create_simple("sp804", map[VE_TIMER01], pic[2]);
-     sysbus_create_simple("sp804", map[VE_TIMER23], pic[3]);
--    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, map[VE_SERIALDVI], NULL);
-+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, map[VE_SERIALDVI], NULL);
-     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
-     i2c_slave_create_simple(i2c, "sii9022", 0x39);
-diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/versatile_i2c.c
-+++ b/hw/i2c/versatile_i2c.c
-@@ -XXX,XX +XXX,XX @@
- typedef ArmSbconI2CState VersatileI2CState;
- DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
--                         TYPE_VERSATILE_I2C)
-+                         TYPE_ARM_SBCON_I2C)
-@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
- }
- static const TypeInfo versatile_i2c_info = {
--    .name          = TYPE_VERSATILE_I2C,
-+    .name          = TYPE_ARM_SBCON_I2C,
-     .parent        = TYPE_SYS_BUS_DEVICE,
-     .instance_size = sizeof(ArmSbconI2CState),
-     .instance_init = versatile_i2c_init,
---
-.34.1

-[PULL 11/26] hw/i2c/versatile_i2c: Use ARM_SBCON_I2C() macro
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-ARM_SBCON_I2C() macro and ArmSbconI2CState typedef are
-already declared via the QOM DECLARE_INSTANCE_CHECKER()
-macro in "hw/i2c/arm_sbcon_i2c.h". Drop the VERSATILE_I2C
-declarations from versatile_i2c.c.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230110082508.24038-5-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/i2c/versatile_i2c.c | 7 +------
-file changed, 1 insertion(+), 6 deletions(-)
-diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/versatile_i2c.c
-+++ b/hw/i2c/versatile_i2c.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/module.h"
- #include "qom/object.h"
--typedef ArmSbconI2CState VersatileI2CState;
--DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
--                         TYPE_ARM_SBCON_I2C)
--
--
- REG32(CONTROL_GET, 0)
- REG32(CONTROL_SET, 0)
-@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps versatile_i2c_ops = {
- static void versatile_i2c_init(Object *obj)
- {
-     DeviceState *dev = DEVICE(obj);
--    ArmSbconI2CState *s = VERSATILE_I2C(obj);
-+    ArmSbconI2CState *s = ARM_SBCON_I2C(obj);
-     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
-     I2CBus *bus;
---
-.34.1

-[PULL 12/26] hw/i2c/versatile_i2c: Rename versatile_i2c -> arm_sbcon_i2c
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-This device model started with the Versatile board, named
-TYPE_VERSATILE_I2C, then ended up renamed TYPE_ARM_SBCON_I2C
-as per the official "ARM SBCon two-wire serial bus interface"
-description from:
-https://developer.arm.com/documentation/dui0440/b/programmer-s-reference/two-wire-serial-bus-interface--sbcon
-Use the latter name as a better description.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230110082508.24038-6-philmd@linaro.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- MAINTAINERS                                 |  1 +
- hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} | 24 ++++++++++-----------
- hw/arm/Kconfig                              |  4 ++--
- hw/i2c/Kconfig                              |  2 +-
- hw/i2c/meson.build                          |  2 +-
-files changed, 17 insertions(+), 16 deletions(-)
- rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (81%)
-diff --git a/MAINTAINERS b/MAINTAINERS
-index XXXXXXX..XXXXXXX 100644
---- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
- L: qemu-arm@nongnu.org
- S: Maintained
- F: hw/*/versatile*
-+F: hw/i2c/arm_sbcon_i2c.c
- F: include/hw/i2c/arm_sbcon_i2c.h
- F: hw/misc/arm_sysctl.c
- F: docs/system/arm/versatile.rst
-diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/arm_sbcon_i2c.c
-similarity index 81%
-rename from hw/i2c/versatile_i2c.c
-rename to hw/i2c/arm_sbcon_i2c.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/versatile_i2c.c
-+++ b/hw/i2c/arm_sbcon_i2c.c
-@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
- #define SCL BIT(0)
- #define SDA BIT(1)
--static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
-+static uint64_t arm_sbcon_i2c_read(void *opaque, hwaddr offset,
-                                    unsigned size)
- {
-     ArmSbconI2CState *s = opaque;
-@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
-     }
- }
--static void versatile_i2c_write(void *opaque, hwaddr offset,
-+static void arm_sbcon_i2c_write(void *opaque, hwaddr offset,
-                                 uint64_t value, unsigned size)
- {
-     ArmSbconI2CState *s = opaque;
-@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_write(void *opaque, hwaddr offset,
-     s->in = bitbang_i2c_set(&s->bitbang, BITBANG_I2C_SDA, (s->out & SDA) != 0);
- }
--static const MemoryRegionOps versatile_i2c_ops = {
--    .read = versatile_i2c_read,
--    .write = versatile_i2c_write,
-+static const MemoryRegionOps arm_sbcon_i2c_ops = {
-+    .read = arm_sbcon_i2c_read,
-+    .write = arm_sbcon_i2c_write,
-     .endianness = DEVICE_NATIVE_ENDIAN,
- };
--static void versatile_i2c_init(Object *obj)
-+static void arm_sbcon_i2c_init(Object *obj)
- {
-     DeviceState *dev = DEVICE(obj);
-     ArmSbconI2CState *s = ARM_SBCON_I2C(obj);
-@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
-     bus = i2c_init_bus(dev, "i2c");
-     bitbang_i2c_init(&s->bitbang, bus);
--    memory_region_init_io(&s->iomem, obj, &versatile_i2c_ops, s,
-+    memory_region_init_io(&s->iomem, obj, &arm_sbcon_i2c_ops, s,
-                           "arm_sbcon_i2c", 0x1000);
-     sysbus_init_mmio(sbd, &s->iomem);
- }
--static const TypeInfo versatile_i2c_info = {
-+static const TypeInfo arm_sbcon_i2c_info = {
-     .name          = TYPE_ARM_SBCON_I2C,
-     .parent        = TYPE_SYS_BUS_DEVICE,
-     .instance_size = sizeof(ArmSbconI2CState),
--    .instance_init = versatile_i2c_init,
-+    .instance_init = arm_sbcon_i2c_init,
- };
--static void versatile_i2c_register_types(void)
-+static void arm_sbcon_i2c_register_types(void)
- {
--    type_register_static(&versatile_i2c_info);
-+    type_register_static(&arm_sbcon_i2c_info);
- }
--type_init(versatile_i2c_register_types)
-+type_init(arm_sbcon_i2c_register_types)
-diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/Kconfig
-+++ b/hw/arm/Kconfig
-@@ -XXX,XX +XXX,XX @@ config REALVIEW
-     select PL110
-     select PL181  # display
-     select PL310  # cache controller
--    select VERSATILE_I2C
-+    select ARM_SBCON_I2C
-     select DS1338 # I2C RTC+NVRAM
-     select USB_OHCI
-@@ -XXX,XX +XXX,XX @@ config MPS2
-     select SPLIT_IRQ
-     select UNIMP
-     select CMSDK_APB_WATCHDOG
--    select VERSATILE_I2C
-+    select ARM_SBCON_I2C
- config FSL_IMX7
-     bool
-diff --git a/hw/i2c/Kconfig b/hw/i2c/Kconfig
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/Kconfig
-+++ b/hw/i2c/Kconfig
-@@ -XXX,XX +XXX,XX @@ config SMBUS_EEPROM
-     bool
-     select SMBUS
--config VERSATILE_I2C
-+config ARM_SBCON_I2C
-     bool
-     select BITBANG_I2C
-diff --git a/hw/i2c/meson.build b/hw/i2c/meson.build
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i2c/meson.build
-+++ b/hw/i2c/meson.build
-@@ -XXX,XX +XXX,XX @@ i2c_ss.add(when: 'CONFIG_ALLWINNER_I2C', if_true: files('allwinner-i2c.c'))
- i2c_ss.add(when: 'CONFIG_NRF51_SOC', if_true: files('microbit_i2c.c'))
- i2c_ss.add(when: 'CONFIG_NPCM7XX', if_true: files('npcm7xx_smbus.c'))
- i2c_ss.add(when: 'CONFIG_SMBUS_EEPROM', if_true: files('smbus_eeprom.c'))
--i2c_ss.add(when: 'CONFIG_VERSATILE_I2C', if_true: files('versatile_i2c.c'))
-+i2c_ss.add(when: 'CONFIG_ARM_SBCON_I2C', if_true: files('arm_sbcon_i2c.c'))
- i2c_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_i2c.c'))
- i2c_ss.add(when: 'CONFIG_PPC4XX', if_true: files('ppc4xx_i2c.c'))
- i2c_ss.add(when: 'CONFIG_PCA954X', if_true: files('i2c_mux_pca954x.c'))
---
-.34.1

-[PULL 13/26] target/arm/sme: Reorg SME access handling in handle_msr_i()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-2-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate-a64.c | 24 +++++++++++++-----------
-file changed, 13 insertions(+), 11 deletions(-)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
-             goto do_unallocated;
-         }
-         if (sme_access_check(s)) {
--            bool i = crm & 1;
--            bool changed = false;
-+            int old = s->pstate_sm | (s->pstate_za << 1);
-+            int new = (crm & 1) * 3;
-+            int msk = (crm >> 1) & 3;
--            if ((crm & 2) && i != s->pstate_sm) {
--                gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
--                changed = true;
--            }
--            if ((crm & 4) && i != s->pstate_za) {
--                gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
--                changed = true;
--            }
--            if (changed) {
-+            if ((old ^ new) & msk) {
-+                /* At least one bit changes. */
-+                bool i = crm & 1;
-+
-+                if ((crm & 2) && i != s->pstate_sm) {
-+                    gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
-+                }
-+                if ((crm & 4) && i != s->pstate_za) {
-+                    gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
-+                }
-                 gen_rebuild_hflags(s);
-             } else {
-                 s->base.is_jmp = DISAS_NEXT;
---
-.34.1

-[PULL 14/26] target/arm/sme: Rebuild hflags in set_pstate() helpers
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-3-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/sme_helper.c    | 2 ++
- target/arm/translate-a64.c | 1 -
-files changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
-     }
-     env->svcr ^= R_SVCR_SM_MASK;
-     arm_reset_sve_state(env);
-+    arm_rebuild_hflags(env);
- }
- void helper_set_pstate_za(CPUARMState *env, uint32_t i)
-@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
-     if (i) {
-         memset(env->zarray, 0, sizeof(env->zarray));
-     }
-+    arm_rebuild_hflags(env);
- }
- void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
-                 if ((crm & 4) && i != s->pstate_za) {
-                     gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
-                 }
--                gen_rebuild_hflags(s);
-             } else {
-                 s->base.is_jmp = DISAS_NEXT;
-             }
---
-.34.1

-[PULL 15/26] target/arm/sme: Introduce aarch64_set_svcr()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-4-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h              | 1 +
- linux-user/aarch64/cpu_loop.c | 2 +-
- linux-user/aarch64/signal.c   | 2 +-
- target/arm/helper.c           | 8 ++++++++
- target/arm/sme_helper.c       | 4 ++--
-files changed, 13 insertions(+), 4 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
- void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq);
- void aarch64_sve_change_el(CPUARMState *env, int old_el,
-                            int new_el, bool el0_a64);
-+void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask);
- void arm_reset_sve_state(CPUARMState *env);
- /*
-diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/cpu_loop.c
-+++ b/linux-user/aarch64/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
-              * On syscall, PSTATE.ZA is preserved, along with the ZA matrix.
-              * PSTATE.SM is cleared, per SMSTOP, which does ResetSVEState.
-              */
-+            aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-             if (FIELD_EX64(env->svcr, SVCR, SM)) {
--                env->svcr = FIELD_DP64(env->svcr, SVCR, SM, 0);
-                 arm_rebuild_hflags(env);
-                 arm_reset_sve_state(env);
-             }
-diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/signal.c
-+++ b/linux-user/aarch64/signal.c
-@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
-      * Invoke the signal handler with both SM and ZA disabled.
-      * When clearing SM, ResetSVEState, per SMSTOP.
-      */
-+    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
-     if (FIELD_EX64(env->svcr, SVCR, SM)) {
-         arm_reset_sve_state(env);
-     }
-     if (env->svcr) {
--        env->svcr = 0;
-         arm_rebuild_hflags(env);
-     }
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_esm(CPUARMState *env, const ARMCPRegInfo *ri,
-     return CP_ACCESS_OK;
- }
-+void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
-+{
-+    uint64_t change = (env->svcr ^ new) & mask;
-+
-+    env->svcr ^= change;
-+}
-+
- static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-                        uint64_t value)
- {
-     helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
-     helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
-+    aarch64_set_svcr(env, value, -1);
-     arm_rebuild_hflags(env);
- }
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
-     if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
-         return;
-     }
--    env->svcr ^= R_SVCR_SM_MASK;
-+    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-     arm_reset_sve_state(env);
-     arm_rebuild_hflags(env);
- }
-@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
-     if (i == FIELD_EX64(env->svcr, SVCR, ZA)) {
-         return;
-     }
--    env->svcr ^= R_SVCR_ZA_MASK;
-+    aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
-     /*
-      * ResetSMEState.
---
-.34.1

-[PULL 16/26] target/arm/sme: Reset SVE state in aarch64_set_svcr()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Move arm_reset_sve_state() calls to aarch64_set_svcr().
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-5-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h              |  1 -
- linux-user/aarch64/cpu_loop.c |  1 -
- linux-user/aarch64/signal.c   |  8 +-------
- target/arm/helper.c           | 13 +++++++++++++
- target/arm/sme_helper.c       | 10 ----------
-files changed, 14 insertions(+), 19 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq);
- void aarch64_sve_change_el(CPUARMState *env, int old_el,
-                            int new_el, bool el0_a64);
- void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask);
--void arm_reset_sve_state(CPUARMState *env);
- /*
-  * SVE registers are encoded in KVM's memory in an endianness-invariant format.
-diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/cpu_loop.c
-+++ b/linux-user/aarch64/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
-             aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-             if (FIELD_EX64(env->svcr, SVCR, SM)) {
-                 arm_rebuild_hflags(env);
--                arm_reset_sve_state(env);
-             }
-             ret = do_syscall(env,
-                              env->xregs[8],
-diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/signal.c
-+++ b/linux-user/aarch64/signal.c
-@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
-         env->btype = 2;
-     }
--    /*
--     * Invoke the signal handler with both SM and ZA disabled.
--     * When clearing SM, ResetSVEState, per SMSTOP.
--     */
-+    /* Invoke the signal handler with both SM and ZA disabled. */
-     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
--    if (FIELD_EX64(env->svcr, SVCR, SM)) {
--        arm_reset_sve_state(env);
--    }
-     if (env->svcr) {
-         arm_rebuild_hflags(env);
-     }
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_esm(CPUARMState *env, const ARMCPRegInfo *ri,
-     return CP_ACCESS_OK;
- }
-+/* ResetSVEState */
-+static void arm_reset_sve_state(CPUARMState *env)
-+{
-+    memset(env->vfp.zregs, 0, sizeof(env->vfp.zregs));
-+    /* Recall that FFR is stored as pregs[16]. */
-+    memset(env->vfp.pregs, 0, sizeof(env->vfp.pregs));
-+    vfp_set_fpcr(env, 0x0800009f);
-+}
-+
- void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
- {
-     uint64_t change = (env->svcr ^ new) & mask;
-     env->svcr ^= change;
-+
-+    if (change & R_SVCR_SM_MASK) {
-+        arm_reset_sve_state(env);
-+    }
- }
- static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "vec_internal.h"
- #include "sve_ldst_internal.h"
--/* ResetSVEState */
--void arm_reset_sve_state(CPUARMState *env)
--{
--    memset(env->vfp.zregs, 0, sizeof(env->vfp.zregs));
--    /* Recall that FFR is stored as pregs[16]. */
--    memset(env->vfp.pregs, 0, sizeof(env->vfp.pregs));
--    vfp_set_fpcr(env, 0x0800009f);
--}
--
- void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
- {
-     if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
-         return;
-     }
-     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
--    arm_reset_sve_state(env);
-     arm_rebuild_hflags(env);
- }
---
-.34.1

-[PULL 17/26] target/arm/sme: Reset ZA state in aarch64_set_svcr()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-6-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c     | 12 ++++++++++++
- target/arm/sme_helper.c | 12 ------------
-files changed, 12 insertions(+), 12 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
-     if (change & R_SVCR_SM_MASK) {
-         arm_reset_sve_state(env);
-     }
-+
-+    /*
-+     * ResetSMEState.
-+     *
-+     * SetPSTATE_ZA zeros on enable and disable.  We can zero this only
-+     * on enable: while disabled, the storage is inaccessible and the
-+     * value does not matter.  We're not saving the storage in vmstate
-+     * when disabled either.
-+     */
-+    if (change & new & R_SVCR_ZA_MASK) {
-+        memset(env->zarray, 0, sizeof(env->zarray));
-+    }
- }
- static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
-         return;
-     }
-     aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
--
--    /*
--     * ResetSMEState.
--     *
--     * SetPSTATE_ZA zeros on enable and disable.  We can zero this only
--     * on enable: while disabled, the storage is inaccessible and the
--     * value does not matter.  We're not saving the storage in vmstate
--     * when disabled either.
--     */
--    if (i) {
--        memset(env->zarray, 0, sizeof(env->zarray));
--    }
-     arm_rebuild_hflags(env);
- }
---
-.34.1

-[PULL 18/26] target/arm/sme: Rebuild hflags in aarch64_set_svcr()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-7-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- linux-user/aarch64/cpu_loop.c | 8 +-------
- linux-user/aarch64/signal.c   | 3 ---
- target/arm/helper.c           | 6 +++++-
- target/arm/sme_helper.c       | 8 --------
-files changed, 6 insertions(+), 19 deletions(-)
-diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/cpu_loop.c
-+++ b/linux-user/aarch64/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
-         switch (trapnr) {
-         case EXCP_SWI:
--            /*
--             * On syscall, PSTATE.ZA is preserved, along with the ZA matrix.
--             * PSTATE.SM is cleared, per SMSTOP, which does ResetSVEState.
--             */
-+            /* On syscall, PSTATE.ZA is preserved, PSTATE.SM is cleared. */
-             aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
--            if (FIELD_EX64(env->svcr, SVCR, SM)) {
--                arm_rebuild_hflags(env);
--            }
-             ret = do_syscall(env,
-                              env->xregs[8],
-                              env->xregs[0],
-diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/signal.c
-+++ b/linux-user/aarch64/signal.c
-@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
-     /* Invoke the signal handler with both SM and ZA disabled. */
-     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
--    if (env->svcr) {
--        arm_rebuild_hflags(env);
--    }
-     if (info) {
-         tswap_siginfo(&frame->info, info);
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
- {
-     uint64_t change = (env->svcr ^ new) & mask;
-+    if (change == 0) {
-+        return;
-+    }
-     env->svcr ^= change;
-     if (change & R_SVCR_SM_MASK) {
-@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
-     if (change & new & R_SVCR_ZA_MASK) {
-         memset(env->zarray, 0, sizeof(env->zarray));
-     }
-+
-+    arm_rebuild_hflags(env);
- }
- static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-@@ -XXX,XX +XXX,XX @@ static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
-     helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
-     aarch64_set_svcr(env, value, -1);
--    arm_rebuild_hflags(env);
- }
- static void smcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@
- void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
- {
--    if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
--        return;
--    }
-     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
--    arm_rebuild_hflags(env);
- }
- void helper_set_pstate_za(CPUARMState *env, uint32_t i)
- {
--    if (i == FIELD_EX64(env->svcr, SVCR, ZA)) {
--        return;
--    }
-     aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
--    arm_rebuild_hflags(env);
- }
- void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
---
-.34.1

-[PULL 19/26] target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Unify the two helper_set_pstate_{sm,za} in this function.
-Do not call helper_* functions from svcr_write.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230112102436.1913-8-philmd@linaro.org
-Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
-[PMD: Split patch in multiple tiny steps]
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper-sme.h    |  3 +--
- target/arm/helper.c        |  2 --
- target/arm/sme_helper.c    |  9 ++-------
- target/arm/translate-a64.c | 10 ++--------
-files changed, 5 insertions(+), 19 deletions(-)
-diff --git a/target/arm/helper-sme.h b/target/arm/helper-sme.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-sme.h
-+++ b/target/arm/helper-sme.h
-@@ -XXX,XX +XXX,XX @@
-  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
-  */
--DEF_HELPER_FLAGS_2(set_pstate_sm, TCG_CALL_NO_RWG, void, env, i32)
--DEF_HELPER_FLAGS_2(set_pstate_za, TCG_CALL_NO_RWG, void, env, i32)
-+DEF_HELPER_FLAGS_3(set_svcr, TCG_CALL_NO_RWG, void, env, i32, i32)
- DEF_HELPER_FLAGS_3(sme_zero, TCG_CALL_NO_RWG, void, env, i32, i32)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
- static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-                        uint64_t value)
- {
--    helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
--    helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
-     aarch64_set_svcr(env, value, -1);
- }
-diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/sme_helper.c
-+++ b/target/arm/sme_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "vec_internal.h"
- #include "sve_ldst_internal.h"
--void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
-+void helper_set_svcr(CPUARMState *env, uint32_t val, uint32_t mask)
- {
--    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
--}
--
--void helper_set_pstate_za(CPUARMState *env, uint32_t i)
--{
--    aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
-+    aarch64_set_svcr(env, val, mask);
- }
- void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
-             if ((old ^ new) & msk) {
-                 /* At least one bit changes. */
--                bool i = crm & 1;
--
--                if ((crm & 2) && i != s->pstate_sm) {
--                    gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
--                }
--                if ((crm & 4) && i != s->pstate_za) {
--                    gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
--                }
-+                gen_helper_set_svcr(cpu_env, tcg_constant_i32(new),
-+                                    tcg_constant_i32(msk));
-             } else {
-                 s->base.is_jmp = DISAS_NEXT;
-             }
---
-.34.1

-[PULL 20/26] target/arm: Fix physical address resolution for MTE
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Conversion to probe_access_full missed applying the page offset.
-Fixes: b8967ddf ("target/arm: Use probe_access_full for MTE")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1416
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230114031213.2970349-1-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/mte_helper.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/mte_helper.c
-+++ b/target/arm/mte_helper.c
-@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
-      * Remember these values across the second lookup below,
-      * which may invalidate this pointer via tlb resize.
-      */
--    ptr_paddr = full->phys_addr;
-+    ptr_paddr = full->phys_addr | (ptr & ~TARGET_PAGE_MASK);
-     attrs = full->attrs;
-     full = NULL;
---
-.34.1

-[PULL 21/26] target/arm: Fix in_debug path in S1_ptw_translate
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-During the conversion, the test against get_phys_addr_lpae got inverted,
-meaning that successful translations went to the 'failed' label.
-Cc: qemu-stable@nongnu.org
-Fixes: f3639a64f60 ("target/arm: Use softmmu tlbs for page table walking")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230114054605.2977022-1-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/ptw.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
-+++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
-             };
-             GetPhysAddrResult s2 = { };
--            if (!get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
--                                    false, &s2, fi)) {
-+            if (get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
-+                                   false, &s2, fi)) {
-                 goto fail;
-             }
-             ptw->out_phys = s2.f.phys_addr;
---
-.34.1

-[PULL 22/26] target/arm: Don't set EXC_RETURN.ES if Security Extension not present
+Deleted patch
-In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if
-either the exception targets Secure or if the CPU doesn't implement
-the Security Extension.  This is incorrect: the v8M Arm ARM specifies
-that the ES bit should be RES0 if the Security Extension is not
-implemented, and the pseudocode agrees.
-Remove the incorrect condition, so that we leave the ES bit 0
-if the Security Extension isn't implemented.
-This doesn't have any guest-visible effects for our current set of
-emulated CPUs, because all our v8M CPUs implement the Security
-Extension; but it's worth fixing in case we add a v8M CPU without
-the extension in future.
-Reported-by: Igor Kotrasinski <i.kotrasinsk@samsung.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/m_helper.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/m_helper.c
-+++ b/target/arm/m_helper.c
-@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
-         }
-         lr &= ~R_V7M_EXCRET_ES_MASK;
--        if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {
-+        if (targets_secure) {
-             lr |= R_V7M_EXCRET_ES_MASK;
-         }
-         lr &= ~R_V7M_EXCRET_SPSEL_MASK;
---
-.34.1

-[PULL 23/26] target/arm: implement DBGCLAIM registers
+Deleted patch
-From: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
-The architecture does not define any functionality for the CLAIM tag bits.
-So we will just keep the raw bits, as per spec.
-Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230120155929.32384-2-eiakovlev@linux.microsoft.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/cpu.h          |  1 +
- target/arm/debug_helper.c | 33 +++++++++++++++++++++++++++++++++
-files changed, 34 insertions(+)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
-+++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
-         uint64_t dbgbcr[16]; /* breakpoint control registers */
-         uint64_t dbgwvr[16]; /* watchpoint value registers */
-         uint64_t dbgwcr[16]; /* watchpoint control registers */
-+        uint64_t dbgclaim;   /* DBGCLAIM bits */
-         uint64_t mdscr_el1;
-         uint64_t oslsr_el1; /* OS Lock Status */
-         uint64_t osdlr_el1; /* OS DoubleLock status */
-diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/debug_helper.c
-+++ b/target/arm/debug_helper.c
-@@ -XXX,XX +XXX,XX @@ static void osdlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-     }
- }
-+static void dbgclaimset_write(CPUARMState *env, const ARMCPRegInfo *ri,
-+                              uint64_t value)
-+{
-+    env->cp15.dbgclaim |= (value & 0xFF);
-+}
-+
-+static uint64_t dbgclaimset_read(CPUARMState *env, const ARMCPRegInfo *ri)
-+{
-+    /* CLAIM bits are RAO */
-+    return 0xFF;
-+}
-+
-+static void dbgclaimclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-+                              uint64_t value)
-+{
-+    env->cp15.dbgclaim &= ~(value & 0xFF);
-+}
-+
- static const ARMCPRegInfo debug_cp_reginfo[] = {
-     /*
-      * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
-       .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
-       .access = PL1_RW, .accessfn = access_tda,
-       .type = ARM_CP_NOP },
-+    /*
-+     * Dummy DBGCLAIM registers.
-+     * "The architecture does not define any functionality for the CLAIM tag bits.",
-+     * so we only keep the raw bits
-+     */
-+    { .name = "DBGCLAIMSET_EL1", .state = ARM_CP_STATE_BOTH,
-+      .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 6,
-+      .type = ARM_CP_ALIAS,
-+      .access = PL1_RW, .accessfn = access_tda,
-+      .writefn = dbgclaimset_write, .readfn = dbgclaimset_read },
-+    { .name = "DBGCLAIMCLR_EL1", .state = ARM_CP_STATE_BOTH,
-+      .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 6,
-+      .access = PL1_RW, .accessfn = access_tda,
-+      .writefn = dbgclaimclr_write, .raw_writefn = raw_write,
-+      .fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },
- };
- static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
---
-.34.1

-[PULL 24/26] target/arm: provide stubs for more external debug registers
+Deleted patch
-From: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
-Qemu doesn't implement Debug Communication Channel, as well as the rest
-of external debug interface. However, Microsoft Hyper-V in tries to
-access some of those registers during an EL2 context switch.
-Since there is no architectural way to not advertise support for external
-debug, provide RAZ/WI stubs for OSDTRRX_EL1, OSDTRTX_EL1 and OSECCR_EL1
-registers in the same way the rest of DCM is currently done. Do account
-for access traps though with access_tda.
-Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20230120155929.32384-3-eiakovlev@linux.microsoft.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/debug_helper.c | 21 +++++++++++++++++++++
-file changed, 21 insertions(+)
-diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/debug_helper.c
-+++ b/target/arm/debug_helper.c
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
-       .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
-       .access = PL0_R, .accessfn = access_tda,
-       .type = ARM_CP_CONST, .resetvalue = 0 },
-+    /*
-+     * OSDTRRX_EL1/OSDTRTX_EL1 are used for save and restore of DBGDTRRX_EL0.
-+     * It is a component of the Debug Communications Channel, which is not implemented.
-+     */
-+    { .name = "OSDTRRX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
-+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 2,
-+      .access = PL1_RW, .accessfn = access_tda,
-+      .type = ARM_CP_CONST, .resetvalue = 0 },
-+    { .name = "OSDTRTX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
-+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
-+      .access = PL1_RW, .accessfn = access_tda,
-+      .type = ARM_CP_CONST, .resetvalue = 0 },
-+    /*
-+     * OSECCR_EL1 provides a mechanism for an operating system
-+     * to access the contents of EDECCR. EDECCR is not implemented though,
-+     * as is the rest of external device mechanism.
-+     */
-+    { .name = "OSECCR_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
-+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
-+      .access = PL1_RW, .accessfn = access_tda,
-+      .type = ARM_CP_CONST, .resetvalue = 0 },
-     /*
-      * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2].  Map all bits as
-      * it is unlikely a guest will care.
---
-.34.1

-[PULL 25/26] target/arm: Reorg do_coproc_insn
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Move the ri == NULL case to the top of the function and return.
-This allows the else to be removed and the code unindented.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20230106194451.1213153-2-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/translate.c | 406 ++++++++++++++++++++---------------------
-file changed, 203 insertions(+), 203 deletions(-)
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-                            bool isread, int rt, int rt2)
- {
-     const ARMCPRegInfo *ri;
-+    bool need_exit_tb;
-     ri = get_arm_cp_reginfo(s->cp_regs,
-             ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
--    if (ri) {
--        bool need_exit_tb;
--        /* Check access permissions */
--        if (!cp_access_ok(s->current_el, ri, isread)) {
--            unallocated_encoding(s);
--            return;
--        }
--
--        if (s->hstr_active || ri->accessfn ||
--            (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
--            /* Emit code to perform further access permissions checks at
--             * runtime; this may result in an exception.
--             * Note that on XScale all cp0..c13 registers do an access check
--             * call in order to handle c15_cpar.
--             */
--            uint32_t syndrome;
--
--            /* Note that since we are an implementation which takes an
--             * exception on a trapped conditional instruction only if the
--             * instruction passes its condition code check, we can take
--             * advantage of the clause in the ARM ARM that allows us to set
--             * the COND field in the instruction to 0xE in all cases.
--             * We could fish the actual condition out of the insn (ARM)
--             * or the condexec bits (Thumb) but it isn't necessary.
--             */
--            switch (cpnum) {
--            case 14:
--                if (is64) {
--                    syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
--                                                 isread, false);
--                } else {
--                    syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
--                                                rt, isread, false);
--                }
--                break;
--            case 15:
--                if (is64) {
--                    syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
--                                                 isread, false);
--                } else {
--                    syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
--                                                rt, isread, false);
--                }
--                break;
--            default:
--                /* ARMv8 defines that only coprocessors 14 and 15 exist,
--                 * so this can only happen if this is an ARMv7 or earlier CPU,
--                 * in which case the syndrome information won't actually be
--                 * guest visible.
--                 */
--                assert(!arm_dc_feature(s, ARM_FEATURE_V8));
--                syndrome = syn_uncategorized();
--                break;
--            }
--
--            gen_set_condexec(s);
--            gen_update_pc(s, 0);
--            gen_helper_access_check_cp_reg(cpu_env,
--                                           tcg_constant_ptr(ri),
--                                           tcg_constant_i32(syndrome),
--                                           tcg_constant_i32(isread));
--        } else if (ri->type & ARM_CP_RAISES_EXC) {
--            /*
--             * The readfn or writefn might raise an exception;
--             * synchronize the CPU state in case it does.
--             */
--            gen_set_condexec(s);
--            gen_update_pc(s, 0);
--        }
--
--        /* Handle special cases first */
--        switch (ri->type & ARM_CP_SPECIAL_MASK) {
--        case 0:
--            break;
--        case ARM_CP_NOP:
--            return;
--        case ARM_CP_WFI:
--            if (isread) {
--                unallocated_encoding(s);
--                return;
--            }
--            gen_update_pc(s, curr_insn_len(s));
--            s->base.is_jmp = DISAS_WFI;
--            return;
--        default:
--            g_assert_not_reached();
--        }
--
--        if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
--            gen_io_start();
--        }
--
--        if (isread) {
--            /* Read */
--            if (is64) {
--                TCGv_i64 tmp64;
--                TCGv_i32 tmp;
--                if (ri->type & ARM_CP_CONST) {
--                    tmp64 = tcg_constant_i64(ri->resetvalue);
--                } else if (ri->readfn) {
--                    tmp64 = tcg_temp_new_i64();
--                    gen_helper_get_cp_reg64(tmp64, cpu_env,
--                                            tcg_constant_ptr(ri));
--                } else {
--                    tmp64 = tcg_temp_new_i64();
--                    tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
--                }
--                tmp = tcg_temp_new_i32();
--                tcg_gen_extrl_i64_i32(tmp, tmp64);
--                store_reg(s, rt, tmp);
--                tmp = tcg_temp_new_i32();
--                tcg_gen_extrh_i64_i32(tmp, tmp64);
--                tcg_temp_free_i64(tmp64);
--                store_reg(s, rt2, tmp);
--            } else {
--                TCGv_i32 tmp;
--                if (ri->type & ARM_CP_CONST) {
--                    tmp = tcg_constant_i32(ri->resetvalue);
--                } else if (ri->readfn) {
--                    tmp = tcg_temp_new_i32();
--                    gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
--                } else {
--                    tmp = load_cpu_offset(ri->fieldoffset);
--                }
--                if (rt == 15) {
--                    /* Destination register of r15 for 32 bit loads sets
--                     * the condition codes from the high 4 bits of the value
--                     */
--                    gen_set_nzcv(tmp);
--                    tcg_temp_free_i32(tmp);
--                } else {
--                    store_reg(s, rt, tmp);
--                }
--            }
-+    if (!ri) {
-+        /*
-+         * Unknown register; this might be a guest error or a QEMU
-+         * unimplemented feature.
-+         */
-+        if (is64) {
-+            qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
-+                          "64 bit system register cp:%d opc1: %d crm:%d "
-+                          "(%s)\n",
-+                          isread ? "read" : "write", cpnum, opc1, crm,
-+                          s->ns ? "non-secure" : "secure");
-         } else {
--            /* Write */
--            if (ri->type & ARM_CP_CONST) {
--                /* If not forbidden by access permissions, treat as WI */
--                return;
--            }
--
--            if (is64) {
--                TCGv_i32 tmplo, tmphi;
--                TCGv_i64 tmp64 = tcg_temp_new_i64();
--                tmplo = load_reg(s, rt);
--                tmphi = load_reg(s, rt2);
--                tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
--                tcg_temp_free_i32(tmplo);
--                tcg_temp_free_i32(tmphi);
--                if (ri->writefn) {
--                    gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri),
--                                            tmp64);
--                } else {
--                    tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
--                }
--                tcg_temp_free_i64(tmp64);
--            } else {
--                TCGv_i32 tmp = load_reg(s, rt);
--                if (ri->writefn) {
--                    gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
--                    tcg_temp_free_i32(tmp);
--                } else {
--                    store_cpu_offset(tmp, ri->fieldoffset, 4);
--                }
--            }
-+            qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
-+                          "system register cp:%d opc1:%d crn:%d crm:%d "
-+                          "opc2:%d (%s)\n",
-+                          isread ? "read" : "write", cpnum, opc1, crn,
-+                          crm, opc2, s->ns ? "non-secure" : "secure");
-         }
--
--        /* I/O operations must end the TB here (whether read or write) */
--        need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&
--                        (ri->type & ARM_CP_IO));
--
--        if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
--            /*
--             * A write to any coprocessor register that ends a TB
--             * must rebuild the hflags for the next TB.
--             */
--            gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);
--            /*
--             * We default to ending the TB on a coprocessor register write,
--             * but allow this to be suppressed by the register definition
--             * (usually only necessary to work around guest bugs).
--             */
--            need_exit_tb = true;
--        }
--        if (need_exit_tb) {
--            gen_lookup_tb(s);
--        }
--
-+        unallocated_encoding(s);
-         return;
-     }
--    /* Unknown register; this might be a guest error or a QEMU
--     * unimplemented feature.
--     */
--    if (is64) {
--        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
--                      "64 bit system register cp:%d opc1: %d crm:%d "
--                      "(%s)\n",
--                      isread ? "read" : "write", cpnum, opc1, crm,
--                      s->ns ? "non-secure" : "secure");
--    } else {
--        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
--                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
--                      "(%s)\n",
--                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
--                      s->ns ? "non-secure" : "secure");
-+    /* Check access permissions */
-+    if (!cp_access_ok(s->current_el, ri, isread)) {
-+        unallocated_encoding(s);
-+        return;
-     }
--    unallocated_encoding(s);
--    return;
-+    if (s->hstr_active || ri->accessfn ||
-+        (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
-+        /*
-+         * Emit code to perform further access permissions checks at
-+         * runtime; this may result in an exception.
-+         * Note that on XScale all cp0..c13 registers do an access check
-+         * call in order to handle c15_cpar.
-+         */
-+        uint32_t syndrome;
-+
-+        /*
-+         * Note that since we are an implementation which takes an
-+         * exception on a trapped conditional instruction only if the
-+         * instruction passes its condition code check, we can take
-+         * advantage of the clause in the ARM ARM that allows us to set
-+         * the COND field in the instruction to 0xE in all cases.
-+         * We could fish the actual condition out of the insn (ARM)
-+         * or the condexec bits (Thumb) but it isn't necessary.
-+         */
-+        switch (cpnum) {
-+        case 14:
-+            if (is64) {
-+                syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
-+                                             isread, false);
-+            } else {
-+                syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
-+                                            rt, isread, false);
-+            }
-+            break;
-+        case 15:
-+            if (is64) {
-+                syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
-+                                             isread, false);
-+            } else {
-+                syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
-+                                            rt, isread, false);
-+            }
-+            break;
-+        default:
-+            /*
-+             * ARMv8 defines that only coprocessors 14 and 15 exist,
-+             * so this can only happen if this is an ARMv7 or earlier CPU,
-+             * in which case the syndrome information won't actually be
-+             * guest visible.
-+             */
-+            assert(!arm_dc_feature(s, ARM_FEATURE_V8));
-+            syndrome = syn_uncategorized();
-+            break;
-+        }
-+
-+        gen_set_condexec(s);
-+        gen_update_pc(s, 0);
-+        gen_helper_access_check_cp_reg(cpu_env,
-+                                       tcg_constant_ptr(ri),
-+                                       tcg_constant_i32(syndrome),
-+                                       tcg_constant_i32(isread));
-+    } else if (ri->type & ARM_CP_RAISES_EXC) {
-+        /*
-+         * The readfn or writefn might raise an exception;
-+         * synchronize the CPU state in case it does.
-+         */
-+        gen_set_condexec(s);
-+        gen_update_pc(s, 0);
-+    }
-+
-+    /* Handle special cases first */
-+    switch (ri->type & ARM_CP_SPECIAL_MASK) {
-+    case 0:
-+        break;
-+    case ARM_CP_NOP:
-+        return;
-+    case ARM_CP_WFI:
-+        if (isread) {
-+            unallocated_encoding(s);
-+            return;
-+        }
-+        gen_update_pc(s, curr_insn_len(s));
-+        s->base.is_jmp = DISAS_WFI;
-+        return;
-+    default:
-+        g_assert_not_reached();
-+    }
-+
-+    if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-+        gen_io_start();
-+    }
-+
-+    if (isread) {
-+        /* Read */
-+        if (is64) {
-+            TCGv_i64 tmp64;
-+            TCGv_i32 tmp;
-+            if (ri->type & ARM_CP_CONST) {
-+                tmp64 = tcg_constant_i64(ri->resetvalue);
-+            } else if (ri->readfn) {
-+                tmp64 = tcg_temp_new_i64();
-+                gen_helper_get_cp_reg64(tmp64, cpu_env,
-+                                        tcg_constant_ptr(ri));
-+            } else {
-+                tmp64 = tcg_temp_new_i64();
-+                tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
-+            }
-+            tmp = tcg_temp_new_i32();
-+            tcg_gen_extrl_i64_i32(tmp, tmp64);
-+            store_reg(s, rt, tmp);
-+            tmp = tcg_temp_new_i32();
-+            tcg_gen_extrh_i64_i32(tmp, tmp64);
-+            tcg_temp_free_i64(tmp64);
-+            store_reg(s, rt2, tmp);
-+        } else {
-+            TCGv_i32 tmp;
-+            if (ri->type & ARM_CP_CONST) {
-+                tmp = tcg_constant_i32(ri->resetvalue);
-+            } else if (ri->readfn) {
-+                tmp = tcg_temp_new_i32();
-+                gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
-+            } else {
-+                tmp = load_cpu_offset(ri->fieldoffset);
-+            }
-+            if (rt == 15) {
-+                /* Destination register of r15 for 32 bit loads sets
-+                 * the condition codes from the high 4 bits of the value
-+                 */
-+                gen_set_nzcv(tmp);
-+                tcg_temp_free_i32(tmp);
-+            } else {
-+                store_reg(s, rt, tmp);
-+            }
-+        }
-+    } else {
-+        /* Write */
-+        if (ri->type & ARM_CP_CONST) {
-+            /* If not forbidden by access permissions, treat as WI */
-+            return;
-+        }
-+
-+        if (is64) {
-+            TCGv_i32 tmplo, tmphi;
-+            TCGv_i64 tmp64 = tcg_temp_new_i64();
-+            tmplo = load_reg(s, rt);
-+            tmphi = load_reg(s, rt2);
-+            tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
-+            tcg_temp_free_i32(tmplo);
-+            tcg_temp_free_i32(tmphi);
-+            if (ri->writefn) {
-+                gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);
-+            } else {
-+                tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
-+            }
-+            tcg_temp_free_i64(tmp64);
-+        } else {
-+            TCGv_i32 tmp = load_reg(s, rt);
-+            if (ri->writefn) {
-+                gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
-+                tcg_temp_free_i32(tmp);
-+            } else {
-+                store_cpu_offset(tmp, ri->fieldoffset, 4);
-+            }
-+        }
-+    }
-+
-+    /* I/O operations must end the TB here (whether read or write) */
-+    need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&
-+                    (ri->type & ARM_CP_IO));
-+
-+    if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
-+        /*
-+         * A write to any coprocessor register that ends a TB
-+         * must rebuild the hflags for the next TB.
-+         */
-+        gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);
-+        /*
-+         * We default to ending the TB on a coprocessor register write,
-+         * but allow this to be suppressed by the register definition
-+         * (usually only necessary to work around guest bugs).
-+         */
-+        need_exit_tb = true;
-+    }
-+    if (need_exit_tb) {
-+        gen_lookup_tb(s);
-+    }
- }
- /* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */
---
-.34.1

-[PULL 26/26] target/arm: Look up ARMCPRegInfo at runtime
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Do not encode the pointer as a constant in the opcode stream.
-This pointer is specific to the cpu that first generated the
-translation, which runs into problems with both hot-pluggable
-cpus and user-only threads, as cpus are removed. It's also a
-potential correctness issue in the theoretical case of a
-slightly-heterogenous system, because if CPU 0 generates a
-TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
-hash table, which might have a wrong set of registers in it.
-(All our current systems are either completely homogenous,
-M-profile, or have CPUs sufficiently different that they
-wouldn't be sharing TBs anyway because the differences would
-show up in the TB flags, so the correctness issue is only
-theoretical, not practical.)
-Perform the lookup in either helper_access_check_cp_reg,
-or a new helper_lookup_cp_reg.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
-[PMM: added note in commit message about correctness issue]
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.h        | 11 +++++----
- target/arm/translate.h     |  7 ++++++
- target/arm/op_helper.c     | 27 ++++++++++++++------
- target/arm/translate-a64.c | 49 ++++++++++++++++++++++---------------
- target/arm/translate.c     | 50 +++++++++++++++++++++++++-------------
-files changed, 95 insertions(+), 49 deletions(-)
-diff --git a/target/arm/helper.h b/target/arm/helper.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.h
-+++ b/target/arm/helper.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(v8m_stackcheck, void, env, i32)
- DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, i32)
--DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
--DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
--DEF_HELPER_2(get_cp_reg, i32, env, ptr)
--DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
--DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
-+DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
-+DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)
-+DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)
-+DEF_HELPER_2(get_cp_reg, i32, env, cptr)
-+DEF_HELPER_3(set_cp_reg64, void, env, cptr, i64)
-+DEF_HELPER_2(get_cp_reg64, i64, env, cptr)
- DEF_HELPER_2(get_r13_banked, i32, env, i32)
- DEF_HELPER_3(set_r13_banked, void, env, i32, i32)
-diff --git a/target/arm/translate.h b/target/arm/translate.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.h
-+++ b/target/arm/translate.h
-@@ -XXX,XX +XXX,XX @@ static inline void set_disas_label(DisasContext *s, DisasLabel l)
-     s->pc_save = l.pc_save;
- }
-+static inline TCGv_ptr gen_lookup_cp_reg(uint32_t key)
-+{
-+    TCGv_ptr ret = tcg_temp_new_ptr();
-+    gen_helper_lookup_cp_reg(ret, cpu_env, tcg_constant_i32(key));
-+    return ret;
-+}
-+
- /*
-  * Helpers for implementing sets of trans_* functions.
-  * Defer the implementation of NAME to FUNC, with optional extra arguments.
-diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/op_helper.c
-+++ b/target/arm/op_helper.c
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)
-     }
- }
--void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
--                                 uint32_t isread)
-+const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
-+                                        uint32_t syndrome, uint32_t isread)
- {
-     ARMCPU *cpu = env_archcpu(env);
--    const ARMCPRegInfo *ri = rip;
-+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
-     CPAccessResult res = CP_ACCESS_OK;
-     int target_el;
-+    assert(ri != NULL);
-+
-     if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14
-         && extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {
-         res = CP_ACCESS_TRAP;
-@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
-         res = ri->accessfn(env, ri, isread);
-     }
-     if (likely(res == CP_ACCESS_OK)) {
--        return;
-+        return ri;
-     }
-  fail:
-@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
-     raise_exception(env, EXCP_UDEF, syndrome, target_el);
- }
--void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)
-+const void *HELPER(lookup_cp_reg)(CPUARMState *env, uint32_t key)
-+{
-+    ARMCPU *cpu = env_archcpu(env);
-+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
-+
-+    assert(ri != NULL);
-+    return ri;
-+}
-+
-+void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
- {
-     const ARMCPRegInfo *ri = rip;
-@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)
-     }
- }
--uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)
-+uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)
- {
-     const ARMCPRegInfo *ri = rip;
-     uint32_t res;
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)
-     return res;
- }
--void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)
-+void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)
- {
-     const ARMCPRegInfo *ri = rip;
-@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)
-     }
- }
--uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
-+uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)
- {
-     const ARMCPRegInfo *ri = rip;
-     uint64_t res;
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-                        unsigned int op0, unsigned int op1, unsigned int op2,
-                        unsigned int crn, unsigned int crm, unsigned int rt)
- {
--    const ARMCPRegInfo *ri;
-+    uint32_t key = ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,
-+                                      crn, crm, op0, op1, op2);
-+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);
-+    TCGv_ptr tcg_ri = NULL;
-     TCGv_i64 tcg_rt;
--    ri = get_arm_cp_reginfo(s->cp_regs,
--                            ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,
--                                               crn, crm, op0, op1, op2));
--
-     if (!ri) {
-         /* Unknown register; this might be a guest error or a QEMU
-          * unimplemented feature.
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-         syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
-         gen_a64_update_pc(s, 0);
--        gen_helper_access_check_cp_reg(cpu_env,
--                                       tcg_constant_ptr(ri),
-+        tcg_ri = tcg_temp_new_ptr();
-+        gen_helper_access_check_cp_reg(tcg_ri, cpu_env,
-+                                       tcg_constant_i32(key),
-                                        tcg_constant_i32(syndrome),
-                                        tcg_constant_i32(isread));
-     } else if (ri->type & ARM_CP_RAISES_EXC) {
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-     case 0:
-         break;
-     case ARM_CP_NOP:
--        return;
-+        goto exit;
-     case ARM_CP_NZCV:
-         tcg_rt = cpu_reg(s, rt);
-         if (isread) {
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-         } else {
-             gen_set_nzcv(tcg_rt);
-         }
--        return;
-+        goto exit;
-     case ARM_CP_CURRENTEL:
-         /* Reads as current EL value from pstate, which is
-          * guaranteed to be constant by the tb flags.
-          */
-         tcg_rt = cpu_reg(s, rt);
-         tcg_gen_movi_i64(tcg_rt, s->current_el << 2);
--        return;
-+        goto exit;
-     case ARM_CP_DC_ZVA:
-         /* Writes clear the aligned block of memory which rt points into. */
-         if (s->mte_active[0]) {
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-             tcg_rt = clean_data_tbi(s, cpu_reg(s, rt));
-         }
-         gen_helper_dc_zva(cpu_env, tcg_rt);
--        return;
-+        goto exit;
-     case ARM_CP_DC_GVA:
-         {
-             TCGv_i64 clean_addr, tag;
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-                 tcg_temp_free_i64(tag);
-             }
-         }
--        return;
-+        goto exit;
-     case ARM_CP_DC_GZVA:
-         {
-             TCGv_i64 clean_addr, tag;
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-                 tcg_temp_free_i64(tag);
-             }
-         }
--        return;
-+        goto exit;
-     default:
-         g_assert_not_reached();
-     }
-     if ((ri->type & ARM_CP_FPU) && !fp_access_check_only(s)) {
--        return;
-+        goto exit;
-     } else if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
--        return;
-+        goto exit;
-     } else if ((ri->type & ARM_CP_SME) && !sme_access_check(s)) {
--        return;
-+        goto exit;
-     }
-     if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-         if (ri->type & ARM_CP_CONST) {
-             tcg_gen_movi_i64(tcg_rt, ri->resetvalue);
-         } else if (ri->readfn) {
--            gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_constant_ptr(ri));
-+            if (!tcg_ri) {
-+                tcg_ri = gen_lookup_cp_reg(key);
-+            }
-+            gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_ri);
-         } else {
-             tcg_gen_ld_i64(tcg_rt, cpu_env, ri->fieldoffset);
-         }
-     } else {
-         if (ri->type & ARM_CP_CONST) {
-             /* If not forbidden by access permissions, treat as WI */
--            return;
-+            goto exit;
-         } else if (ri->writefn) {
--            gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tcg_rt);
-+            if (!tcg_ri) {
-+                tcg_ri = gen_lookup_cp_reg(key);
-+            }
-+            gen_helper_set_cp_reg64(cpu_env, tcg_ri, tcg_rt);
-         } else {
-             tcg_gen_st_i64(tcg_rt, cpu_env, ri->fieldoffset);
-         }
-@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-          */
-         s->base.is_jmp = DISAS_UPDATE_EXIT;
-     }
-+
-+ exit:
-+    if (tcg_ri) {
-+        tcg_temp_free_ptr(tcg_ri);
-+    }
- }
- /* System
-diff --git a/target/arm/translate.c b/target/arm/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/translate.c
-+++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-                            int opc1, int crn, int crm, int opc2,
-                            bool isread, int rt, int rt2)
- {
--    const ARMCPRegInfo *ri;
-+    uint32_t key = ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2);
-+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);
-+    TCGv_ptr tcg_ri = NULL;
-     bool need_exit_tb;
--    ri = get_arm_cp_reginfo(s->cp_regs,
--            ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
--
-     if (!ri) {
-         /*
-          * Unknown register; this might be a guest error or a QEMU
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-         gen_set_condexec(s);
-         gen_update_pc(s, 0);
--        gen_helper_access_check_cp_reg(cpu_env,
--                                       tcg_constant_ptr(ri),
-+        tcg_ri = tcg_temp_new_ptr();
-+        gen_helper_access_check_cp_reg(tcg_ri, cpu_env,
-+                                       tcg_constant_i32(key),
-                                        tcg_constant_i32(syndrome),
-                                        tcg_constant_i32(isread));
-     } else if (ri->type & ARM_CP_RAISES_EXC) {
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-     case 0:
-         break;
-     case ARM_CP_NOP:
--        return;
-+        goto exit;
-     case ARM_CP_WFI:
-         if (isread) {
-             unallocated_encoding(s);
--            return;
-+        } else {
-+            gen_update_pc(s, curr_insn_len(s));
-+            s->base.is_jmp = DISAS_WFI;
-         }
--        gen_update_pc(s, curr_insn_len(s));
--        s->base.is_jmp = DISAS_WFI;
--        return;
-+        goto exit;
-     default:
-         g_assert_not_reached();
-     }
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-             if (ri->type & ARM_CP_CONST) {
-                 tmp64 = tcg_constant_i64(ri->resetvalue);
-             } else if (ri->readfn) {
-+                if (!tcg_ri) {
-+                    tcg_ri = gen_lookup_cp_reg(key);
-+                }
-                 tmp64 = tcg_temp_new_i64();
--                gen_helper_get_cp_reg64(tmp64, cpu_env,
--                                        tcg_constant_ptr(ri));
-+                gen_helper_get_cp_reg64(tmp64, cpu_env, tcg_ri);
-             } else {
-                 tmp64 = tcg_temp_new_i64();
-                 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-             if (ri->type & ARM_CP_CONST) {
-                 tmp = tcg_constant_i32(ri->resetvalue);
-             } else if (ri->readfn) {
-+                if (!tcg_ri) {
-+                    tcg_ri = gen_lookup_cp_reg(key);
-+                }
-                 tmp = tcg_temp_new_i32();
--                gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
-+                gen_helper_get_cp_reg(tmp, cpu_env, tcg_ri);
-             } else {
-                 tmp = load_cpu_offset(ri->fieldoffset);
-             }
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-         /* Write */
-         if (ri->type & ARM_CP_CONST) {
-             /* If not forbidden by access permissions, treat as WI */
--            return;
-+            goto exit;
-         }
-         if (is64) {
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-             tcg_temp_free_i32(tmplo);
-             tcg_temp_free_i32(tmphi);
-             if (ri->writefn) {
--                gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);
-+                if (!tcg_ri) {
-+                    tcg_ri = gen_lookup_cp_reg(key);
-+                }
-+                gen_helper_set_cp_reg64(cpu_env, tcg_ri, tmp64);
-             } else {
-                 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
-             }
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-         } else {
-             TCGv_i32 tmp = load_reg(s, rt);
-             if (ri->writefn) {
--                gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
-+                if (!tcg_ri) {
-+                    tcg_ri = gen_lookup_cp_reg(key);
-+                }
-+                gen_helper_set_cp_reg(cpu_env, tcg_ri, tmp);
-                 tcg_temp_free_i32(tmp);
-             } else {
-                 store_cpu_offset(tmp, ri->fieldoffset, 4);
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-     if (need_exit_tb) {
-         gen_lookup_tb(s);
-     }
-+
-+ exit:
-+    if (tcg_ri) {
-+        tcg_temp_free_ptr(tcg_ri);
-+    }
- }
- /* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */
---
-.34.1

The following changes since commit 65cc5ccf06a74c98de73ec683d9a543baa302a12:

Merge tag 'pull-riscv-to-apply-20230120' of https://github.com/alistair23/qemu into staging (2023-01-20 16:17:56 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230123

for you to fetch changes up to 3b07a936d3bfe97b07ddffcfbb532985a88033dd:

target/arm: Look up ARMCPRegInfo at runtime (2023-01-23 13:32:38 +0000)

----------------------------------------------------------------
target-arm queue:
 * Widen cnthctl_el2 to uint64_t
 * Unify checking for M Main Extension in MRS/MSR
 * bitbang_i2c, versatile_i2c: code cleanups
 * SME: refactor SME SM/ZA handling
 * Fix physical address resolution for MTE
 * Fix in_debug path in S1_ptw_translate
 * Don't set EXC_RETURN.ES if Security Extension not present
 * Implement DBGCLAIM registers
 * Provide stubs for more external debug registers
 * Look up ARMCPRegInfo at runtime, not translate time

----------------------------------------------------------------
David Reiss (1):
      target/arm: Unify checking for M Main Extension in MRS/MSR

Evgeny Iakovlev (2):
      target/arm: implement DBGCLAIM registers
      target/arm: provide stubs for more external debug registers

Peter Maydell (1):
      target/arm: Don't set EXC_RETURN.ES if Security Extension not present

Philippe Mathieu-Daudé (10):
      hw/i2c/bitbang_i2c: Define TYPE_GPIO_I2C in public header
      hw/i2c/bitbang_i2c: Remove unused dummy MemoryRegion
      hw/i2c/bitbang_i2c: Change state calling bitbang_i2c_set_state() helper
      hw/i2c/bitbang_i2c: Trace state changes
      hw/i2c/bitbang_i2c: Convert DPRINTF() to trace events
      hw/i2c/versatile_i2c: Drop useless casts from void * to pointer
      hw/i2c/versatile_i2c: Replace VersatileI2CState -> ArmSbconI2CState
      hw/i2c/versatile_i2c: Replace TYPE_VERSATILE_I2C -> TYPE_ARM_SBCON_I2C
      hw/i2c/versatile_i2c: Use ARM_SBCON_I2C() macro
      hw/i2c/versatile_i2c: Rename versatile_i2c -> arm_sbcon_i2c

Richard Henderson (12):
      target/arm: Widen cnthctl_el2 to uint64_t
      target/arm/sme: Reorg SME access handling in handle_msr_i()
      target/arm/sme: Rebuild hflags in set_pstate() helpers
      target/arm/sme: Introduce aarch64_set_svcr()
      target/arm/sme: Reset SVE state in aarch64_set_svcr()
      target/arm/sme: Reset ZA state in aarch64_set_svcr()
      target/arm/sme: Rebuild hflags in aarch64_set_svcr()
      target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
      target/arm: Fix physical address resolution for MTE
      target/arm: Fix in_debug path in S1_ptw_translate
      target/arm: Reorg do_coproc_insn
      target/arm: Look up ARMCPRegInfo at runtime

MAINTAINERS                                 |   1 +
 include/hw/i2c/arm_sbcon_i2c.h              |   6 +-
 include/hw/i2c/bitbang_i2c.h                |   2 +
 target/arm/cpu.h                            |   5 +-
 target/arm/helper-sme.h                     |   3 +-
 target/arm/helper.h                         |  11 +-
 target/arm/translate.h                      |   7 +
 hw/arm/musicpal.c                           |   3 +-
 hw/arm/realview.c                           |   2 +-
 hw/arm/versatilepb.c                        |   2 +-
 hw/arm/vexpress.c                           |   2 +-
 hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} |  39 ++-
 hw/i2c/bitbang_i2c.c                        |  80 ++++--
 linux-user/aarch64/cpu_loop.c               |  11 +-
 linux-user/aarch64/signal.c                 |  13 +-
 target/arm/debug_helper.c                   |  54 ++++
 target/arm/helper.c                         |  41 ++-
 target/arm/m_helper.c                       |  24 +-
 target/arm/mte_helper.c                     |   2 +-
 target/arm/op_helper.c                      |  27 +-
 target/arm/ptw.c                            |   4 +-
 target/arm/sme_helper.c                     |  37 +--
 target/arm/translate-a64.c                  |  68 +++--
 target/arm/translate.c                      | 430 +++++++++++++++-------------
 hw/arm/Kconfig                              |   4 +-
 hw/i2c/Kconfig                              |   2 +-
 hw/i2c/meson.build                          |   2 +-
 hw/i2c/trace-events                         |   7 +
 28 files changed, 506 insertions(+), 383 deletions(-)
 rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (70%)

From: Richard Henderson <richard.henderson@linaro.org>

This is a 64-bit register on AArch64, even if the high 44 bits
are RES0.  Because this is defined as ARM_CP_STATE_BOTH, we are
asserting that the cpreg field is 64-bits.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1400
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230115171633.3171890-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
         };
         uint64_t c14_cntfrq; /* Counter Frequency register */
         uint64_t c14_cntkctl; /* Timer Control register */
-        uint32_t cnthctl_el2; /* Counter/Timer Hyp Control register */
+        uint64_t cnthctl_el2; /* Counter/Timer Hyp Control register */
         uint64_t cntvoff_el2; /* Counter Virtual Offset register */
         ARMGenericTimer c14_timer[NUM_GTIMERS];
         uint32_t c15_cpar; /* XScale Coprocessor Access Register */
-- 
2.34.1

From: David Reiss <dreiss@meta.com>

BASEPRI, FAULTMASK, and their _NS equivalents only exist on devices with
the Main Extension.  However, the MRS instruction did not check this,
and the MSR instruction handled it inconsistently (warning BASEPRI, but
silently ignoring writes to BASEPRI_NS).  Unify this behavior and always
warn when reading or writing any of these registers if the extension is
not present.

Signed-off-by: David Reiss <dreiss@meta.com>
Message-id: 167330628518.10497.13100425787268927786-0@git.sr.ht
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/m_helper.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
             }
             return env->v7m.primask[M_REG_NS];
         case 0x91: /* BASEPRI_NS */
+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+                goto bad_reg;
+            }
             if (!env->v7m.secure) {
                 return 0;
             }
             return env->v7m.basepri[M_REG_NS];
         case 0x93: /* FAULTMASK_NS */
+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+                goto bad_reg;
+            }
             if (!env->v7m.secure) {
                 return 0;
             }
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
         return env->v7m.primask[env->v7m.secure];
     case 17: /* BASEPRI */
     case 18: /* BASEPRI_MAX */
+        if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+            goto bad_reg;
+        }
         return env->v7m.basepri[env->v7m.secure];
     case 19: /* FAULTMASK */
+        if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+            goto bad_reg;
+        }
         return env->v7m.faultmask[env->v7m.secure];
     default:
     bad_reg:
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
             env->v7m.primask[M_REG_NS] = val & 1;
             return;
         case 0x91: /* BASEPRI_NS */
-            if (!env->v7m.secure || !arm_feature(env, ARM_FEATURE_M_MAIN)) {
+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+                goto bad_reg;
+            }
+            if (!env->v7m.secure) {
                 return;
             }
             env->v7m.basepri[M_REG_NS] = val & 0xff;
             return;
         case 0x93: /* FAULTMASK_NS */
-            if (!env->v7m.secure || !arm_feature(env, ARM_FEATURE_M_MAIN)) {
+            if (!arm_feature(env, ARM_FEATURE_M_MAIN)) {
+                goto bad_reg;
+            }
+            if (!env->v7m.secure) {
                 return;
             }
             env->v7m.faultmask[M_REG_NS] = val & 1;
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Define TYPE_GPIO_I2C in the public "hw/i2c/bitbang_i2c.h"
header and use it in hw/arm/musicpal.c.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20230111085016.44551-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/i2c/bitbang_i2c.h | 2 ++
 hw/arm/musicpal.c            | 3 ++-
 hw/i2c/bitbang_i2c.c         | 1 -
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/hw/i2c/bitbang_i2c.h b/include/hw/i2c/bitbang_i2c.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/i2c/bitbang_i2c.h
+++ b/include/hw/i2c/bitbang_i2c.h
@@ -XXX,XX +XXX,XX @@
 
 #include "hw/i2c/i2c.h"
 
+#define TYPE_GPIO_I2C "gpio_i2c"
+
 typedef struct bitbang_i2c_interface bitbang_i2c_interface;
 
 #define BITBANG_I2C_SDA 0
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/block/flash.h"
 #include "ui/console.h"
 #include "hw/i2c/i2c.h"
+#include "hw/i2c/bitbang_i2c.h"
 #include "hw/irq.h"
 #include "hw/or-irq.h"
 #include "hw/audio/wm8750.h"
@@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine)
 
     dev = sysbus_create_simple(TYPE_MUSICPAL_GPIO, MP_GPIO_BASE,
                                qdev_get_gpio_in(pic, MP_GPIO_IRQ));
-    i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
+    i2c_dev = sysbus_create_simple(TYPE_GPIO_I2C, -1, NULL);
     i2c = (I2CBus *)qdev_get_child_bus(i2c_dev, "i2c");
 
     lcd_dev = sysbus_create_simple(TYPE_MUSICPAL_LCD, MP_LCD_BASE, NULL);
diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -XXX,XX +XXX,XX @@ void bitbang_i2c_init(bitbang_i2c_interface *s, I2CBus *bus)
 
 /* GPIO interface.  */
 
-#define TYPE_GPIO_I2C "gpio_i2c"
 OBJECT_DECLARE_SIMPLE_TYPE(GPIOI2CState, GPIO_I2C)
 
 struct GPIOI2CState {
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20230111085016.44551-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/bitbang_i2c.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -XXX,XX +XXX,XX @@ void bitbang_i2c_init(bitbang_i2c_interface *s, I2CBus *bus)
 OBJECT_DECLARE_SIMPLE_TYPE(GPIOI2CState, GPIO_I2C)
 
 struct GPIOI2CState {
+    /*< private >*/
     SysBusDevice parent_obj;
+    /*< public >*/
 
-    MemoryRegion dummy_iomem;
     bitbang_i2c_interface bitbang;
     int last_level;
     qemu_irq out;
@@ -XXX,XX +XXX,XX @@ static void gpio_i2c_init(Object *obj)
 {
     DeviceState *dev = DEVICE(obj);
     GPIOI2CState *s = GPIO_I2C(obj);
-    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
     I2CBus *bus;
 
-    memory_region_init(&s->dummy_iomem, obj, "gpio_i2c", 0);
-    sysbus_init_mmio(sbd, &s->dummy_iomem);
-
     bus = i2c_init_bus(dev, "i2c");
     bitbang_i2c_init(&s->bitbang, bus);
 
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20230111085016.44551-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/bitbang_i2c.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -XXX,XX +XXX,XX @@ do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
 #define DPRINTF(fmt, ...) do {} while(0)
 #endif
 
+static void bitbang_i2c_set_state(bitbang_i2c_interface *i2c,
+                                  bitbang_i2c_state state)
+{
+    i2c->state = state;
+}
+
 static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
 {
     DPRINTF("STOP\n");
     if (i2c->current_addr >= 0)
         i2c_end_transfer(i2c->bus);
     i2c->current_addr = -1;
-    i2c->state = STOPPED;
+    bitbang_i2c_set_state(i2c, STOPPED);
 }
 
 /* Set device data pin.  */
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
         if (level == 0) {
             DPRINTF("START\n");
             /* START condition.  */
-            i2c->state = SENDING_BIT7;
+            bitbang_i2c_set_state(i2c, SENDING_BIT7);
             i2c->current_addr = -1;
         } else {
             /* STOP condition.  */
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
     case SENDING_BIT7 ... SENDING_BIT0:
         i2c->buffer = (i2c->buffer << 1) | data;
         /* will end up in WAITING_FOR_ACK */
-        i2c->state++; 
+        bitbang_i2c_set_state(i2c, i2c->state + 1);
         return bitbang_i2c_ret(i2c, 1);
 
     case WAITING_FOR_ACK:
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
              * device we were sending to decided to NACK us).
              */
             DPRINTF("Got NACK\n");
+            bitbang_i2c_set_state(i2c, SENT_NACK);
             bitbang_i2c_enter_stop(i2c);
             return bitbang_i2c_ret(i2c, 1);
         }
         if (i2c->current_addr & 1) {
-            i2c->state = RECEIVING_BIT7;
+            bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
         } else {
-            i2c->state = SENDING_BIT7;
+            bitbang_i2c_set_state(i2c, SENDING_BIT7);
         }
         return bitbang_i2c_ret(i2c, 0);
     }
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
     case RECEIVING_BIT6 ... RECEIVING_BIT0:
         data = i2c->buffer >> 7;
         /* will end up in SENDING_ACK */
-        i2c->state++;
+        bitbang_i2c_set_state(i2c, i2c->state + 1);
         i2c->buffer <<= 1;
         return bitbang_i2c_ret(i2c, data);
 
     case SENDING_ACK:
-        i2c->state = RECEIVING_BIT7;
         if (data != 0) {
             DPRINTF("NACKED\n");
-            i2c->state = SENT_NACK;
+            bitbang_i2c_set_state(i2c, SENT_NACK);
             i2c_nack(i2c->bus);
         } else {
             DPRINTF("ACKED\n");
+            bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
         }
         return bitbang_i2c_ret(i2c, 1);
     }
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Trace bitbang state machine changes with trace events.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20230111085016.44551-5-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/bitbang_i2c.c | 33 ++++++++++++++++++++++++++++-----
 hw/i2c/trace-events  |  3 +++
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/sysbus.h"
 #include "qemu/module.h"
 #include "qom/object.h"
+#include "trace.h"
 
 //#define DEBUG_BITBANG_I2C
 
@@ -XXX,XX +XXX,XX @@ do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
 #define DPRINTF(fmt, ...) do {} while(0)
 #endif
 
+/* bitbang_i2c_state enum to name */
+static const char * const sname[] = {
+#define NAME(e) [e] = stringify(e)
+    NAME(STOPPED),
+    [SENDING_BIT7] = "SENDING_BIT7 (START)",
+    NAME(SENDING_BIT6),
+    NAME(SENDING_BIT5),
+    NAME(SENDING_BIT4),
+    NAME(SENDING_BIT3),
+    NAME(SENDING_BIT2),
+    NAME(SENDING_BIT1),
+    NAME(SENDING_BIT0),
+    NAME(WAITING_FOR_ACK),
+    [RECEIVING_BIT7] = "RECEIVING_BIT7 (ACK)",
+    NAME(RECEIVING_BIT6),
+    NAME(RECEIVING_BIT5),
+    NAME(RECEIVING_BIT4),
+    NAME(RECEIVING_BIT3),
+    NAME(RECEIVING_BIT2),
+    NAME(RECEIVING_BIT1),
+    NAME(RECEIVING_BIT0),
+    NAME(SENDING_ACK),
+    NAME(SENT_NACK)
+#undef NAME
+};
+
 static void bitbang_i2c_set_state(bitbang_i2c_interface *i2c,
                                   bitbang_i2c_state state)
 {
+    trace_bitbang_i2c_state(sname[i2c->state], sname[state]);
     i2c->state = state;
 }
 
 static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
 {
-    DPRINTF("STOP\n");
     if (i2c->current_addr >= 0)
         i2c_end_transfer(i2c->bus);
     i2c->current_addr = -1;
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
             return bitbang_i2c_nop(i2c);
         }
         if (level == 0) {
-            DPRINTF("START\n");
             /* START condition.  */
             bitbang_i2c_set_state(i2c, SENDING_BIT7);
             i2c->current_addr = -1;
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
             /* NACK (either addressing a nonexistent device, or the
              * device we were sending to decided to NACK us).
              */
-            DPRINTF("Got NACK\n");
             bitbang_i2c_set_state(i2c, SENT_NACK);
             bitbang_i2c_enter_stop(i2c);
             return bitbang_i2c_ret(i2c, 1);
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
 
     case SENDING_ACK:
         if (data != 0) {
-            DPRINTF("NACKED\n");
             bitbang_i2c_set_state(i2c, SENT_NACK);
             i2c_nack(i2c->bus);
         } else {
-            DPRINTF("ACKED\n");
             bitbang_i2c_set_state(i2c, RECEIVING_BIT7);
         }
         return bitbang_i2c_ret(i2c, 1);
diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/trace-events
+++ b/hw/i2c/trace-events
@@ -XXX,XX +XXX,XX @@
 # See docs/devel/tracing.rst for syntax documentation.
 
+# bitbang_i2c.c
+bitbang_i2c_state(const char *old_state, const char *new_state) "state %s -> %s"
+
 # core.c
 
 i2c_event(const char *event, uint8_t address) "%s(addr:0x%02x)"
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Convert the remaining DPRINTF debug macro uses to tracepoints.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20230111085016.44551-6-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/bitbang_i2c.c | 18 ++++++------------
 hw/i2c/trace-events  |  4 ++++
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -XXX,XX +XXX,XX @@
 #include "qom/object.h"
 #include "trace.h"
 
-//#define DEBUG_BITBANG_I2C
-
-#ifdef DEBUG_BITBANG_I2C
-#define DPRINTF(fmt, ...) \
-do { printf("bitbang_i2c: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#endif
 
 /* bitbang_i2c_state enum to name */
 static const char * const sname[] = {
@@ -XXX,XX +XXX,XX @@ static void bitbang_i2c_enter_stop(bitbang_i2c_interface *i2c)
 /* Set device data pin.  */
 static int bitbang_i2c_ret(bitbang_i2c_interface *i2c, int level)
 {
+    trace_bitbang_i2c_data(i2c->last_clock, i2c->last_data,
+                           i2c->device_out, level);
     i2c->device_out = level;
-    //DPRINTF("%d %d %d\n", i2c->last_clock, i2c->last_data, i2c->device_out);
+
     return level & i2c->last_data;
 }
 
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
 
         if (i2c->current_addr < 0) {
             i2c->current_addr = i2c->buffer;
-            DPRINTF("Address 0x%02x\n", i2c->current_addr);
+            trace_bitbang_i2c_addr(i2c->current_addr);
             ret = i2c_start_transfer(i2c->bus, i2c->current_addr >> 1,
                                      i2c->current_addr & 1);
         } else {
-            DPRINTF("Sent 0x%02x\n", i2c->buffer);
+            trace_bitbang_i2c_send(i2c->buffer);
             ret = i2c_send(i2c->bus, i2c->buffer);
         }
         if (ret) {
@@ -XXX,XX +XXX,XX @@ int bitbang_i2c_set(bitbang_i2c_interface *i2c, int line, int level)
     }
     case RECEIVING_BIT7:
         i2c->buffer = i2c_recv(i2c->bus);
-        DPRINTF("RX byte 0x%02x\n", i2c->buffer);
+        trace_bitbang_i2c_recv(i2c->buffer);
         /* Fall through... */
     case RECEIVING_BIT6 ... RECEIVING_BIT0:
         data = i2c->buffer >> 7;
diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/trace-events
+++ b/hw/i2c/trace-events
@@ -XXX,XX +XXX,XX @@
 
 # bitbang_i2c.c
 bitbang_i2c_state(const char *old_state, const char *new_state) "state %s -> %s"
+bitbang_i2c_addr(uint8_t addr) "Address 0x%02x"
+bitbang_i2c_send(uint8_t byte) "TX byte 0x%02x"
+bitbang_i2c_recv(uint8_t byte) "RX byte 0x%02x"
+bitbang_i2c_data(unsigned dat, unsigned clk, unsigned old_out, unsigned new_out) "dat %u clk %u out %u -> %u"
 
 # core.c
 
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230110082508.24038-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/versatile_i2c.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/versatile_i2c.c
+++ b/hw/i2c/versatile_i2c.c
@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
 static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
                                    unsigned size)
 {
-    VersatileI2CState *s = (VersatileI2CState *)opaque;
+    VersatileI2CState *s = opaque;
 
     switch (offset) {
     case A_CONTROL_SET:
@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
 static void versatile_i2c_write(void *opaque, hwaddr offset,
                                 uint64_t value, unsigned size)
 {
-    VersatileI2CState *s = (VersatileI2CState *)opaque;
+    VersatileI2CState *s = opaque;
 
     switch (offset) {
     case A_CONTROL_SET:
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

In order to rename TYPE_VERSATILE_I2C as TYPE_ARM_SBCON_I2C
(the formal ARM naming), start renaming its state.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230110082508.24038-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/i2c/arm_sbcon_i2c.h |  3 +--
 hw/i2c/versatile_i2c.c         | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/include/hw/i2c/arm_sbcon_i2c.h b/include/hw/i2c/arm_sbcon_i2c.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/i2c/arm_sbcon_i2c.h
+++ b/include/hw/i2c/arm_sbcon_i2c.h
@@ -XXX,XX +XXX,XX @@
 #define TYPE_ARM_SBCON_I2C TYPE_VERSATILE_I2C
 
 typedef struct ArmSbconI2CState ArmSbconI2CState;
-DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C,
-                         TYPE_ARM_SBCON_I2C)
+DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C, TYPE_ARM_SBCON_I2C)
 
 struct ArmSbconI2CState {
     /*< private >*/
diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/versatile_i2c.c
+++ b/hw/i2c/versatile_i2c.c
@@ -XXX,XX +XXX,XX @@
 #include "qom/object.h"
 
 typedef ArmSbconI2CState VersatileI2CState;
-DECLARE_INSTANCE_CHECKER(VersatileI2CState, VERSATILE_I2C,
+DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
                          TYPE_VERSATILE_I2C)
 
 
@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
 static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
                                    unsigned size)
 {
-    VersatileI2CState *s = opaque;
+    ArmSbconI2CState *s = opaque;
 
     switch (offset) {
     case A_CONTROL_SET:
@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
 static void versatile_i2c_write(void *opaque, hwaddr offset,
                                 uint64_t value, unsigned size)
 {
-    VersatileI2CState *s = opaque;
+    ArmSbconI2CState *s = opaque;
 
     switch (offset) {
     case A_CONTROL_SET:
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps versatile_i2c_ops = {
 static void versatile_i2c_init(Object *obj)
 {
     DeviceState *dev = DEVICE(obj);
-    VersatileI2CState *s = VERSATILE_I2C(obj);
+    ArmSbconI2CState *s = VERSATILE_I2C(obj);
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
     I2CBus *bus;
 
@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
 static const TypeInfo versatile_i2c_info = {
     .name          = TYPE_VERSATILE_I2C,
     .parent        = TYPE_SYS_BUS_DEVICE,
-    .instance_size = sizeof(VersatileI2CState),
+    .instance_size = sizeof(ArmSbconI2CState),
     .instance_init = versatile_i2c_init,
 };
 
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230110082508.24038-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/i2c/arm_sbcon_i2c.h | 3 +--
 hw/arm/realview.c              | 2 +-
 hw/arm/versatilepb.c           | 2 +-
 hw/arm/vexpress.c              | 2 +-
 hw/i2c/versatile_i2c.c         | 4 ++--
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/include/hw/i2c/arm_sbcon_i2c.h b/include/hw/i2c/arm_sbcon_i2c.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/i2c/arm_sbcon_i2c.h
+++ b/include/hw/i2c/arm_sbcon_i2c.h
@@ -XXX,XX +XXX,XX @@
 #include "hw/i2c/bitbang_i2c.h"
 #include "qom/object.h"
 
-#define TYPE_VERSATILE_I2C "versatile_i2c"
-#define TYPE_ARM_SBCON_I2C TYPE_VERSATILE_I2C
+#define TYPE_ARM_SBCON_I2C "versatile_i2c"
 
 typedef struct ArmSbconI2CState ArmSbconI2CState;
 DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, ARM_SBCON_I2C, TYPE_ARM_SBCON_I2C)
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -XXX,XX +XXX,XX @@ static void realview_init(MachineState *machine,
         }
     }
 
-    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, 0x10002000, NULL);
+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, 0x10002000, NULL);
     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
     i2c_slave_create_simple(i2c, "ds1338", 0x68);
 
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
@@ -XXX,XX +XXX,XX @@ static void versatile_init(MachineState *machine, int board_id)
     /* Add PL031 Real Time Clock. */
     sysbus_create_simple("pl031", 0x101e8000, pic[10]);
 
-    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, 0x10002000, NULL);
+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, 0x10002000, NULL);
     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
     i2c_slave_create_simple(i2c, "ds1338", 0x68);
 
diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -XXX,XX +XXX,XX @@ static void vexpress_common_init(MachineState *machine)
     sysbus_create_simple("sp804", map[VE_TIMER01], pic[2]);
     sysbus_create_simple("sp804", map[VE_TIMER23], pic[3]);
 
-    dev = sysbus_create_simple(TYPE_VERSATILE_I2C, map[VE_SERIALDVI], NULL);
+    dev = sysbus_create_simple(TYPE_ARM_SBCON_I2C, map[VE_SERIALDVI], NULL);
     i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
     i2c_slave_create_simple(i2c, "sii9022", 0x39);
 
diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/versatile_i2c.c
+++ b/hw/i2c/versatile_i2c.c
@@ -XXX,XX +XXX,XX @@
 
 typedef ArmSbconI2CState VersatileI2CState;
 DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
-                         TYPE_VERSATILE_I2C)
+                         TYPE_ARM_SBCON_I2C)
 
 
 
@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
 }
 
 static const TypeInfo versatile_i2c_info = {
-    .name          = TYPE_VERSATILE_I2C,
+    .name          = TYPE_ARM_SBCON_I2C,
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(ArmSbconI2CState),
     .instance_init = versatile_i2c_init,
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

ARM_SBCON_I2C() macro and ArmSbconI2CState typedef are
already declared via the QOM DECLARE_INSTANCE_CHECKER()
macro in "hw/i2c/arm_sbcon_i2c.h". Drop the VERSATILE_I2C
declarations from versatile_i2c.c.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230110082508.24038-5-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i2c/versatile_i2c.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/versatile_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/versatile_i2c.c
+++ b/hw/i2c/versatile_i2c.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/module.h"
 #include "qom/object.h"
 
-typedef ArmSbconI2CState VersatileI2CState;
-DECLARE_INSTANCE_CHECKER(ArmSbconI2CState, VERSATILE_I2C,
-                         TYPE_ARM_SBCON_I2C)
-
-
 
 REG32(CONTROL_GET, 0)
 REG32(CONTROL_SET, 0)
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps versatile_i2c_ops = {
 static void versatile_i2c_init(Object *obj)
 {
     DeviceState *dev = DEVICE(obj);
-    ArmSbconI2CState *s = VERSATILE_I2C(obj);
+    ArmSbconI2CState *s = ARM_SBCON_I2C(obj);
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
     I2CBus *bus;
 
-- 
2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

This device model started with the Versatile board, named
TYPE_VERSATILE_I2C, then ended up renamed TYPE_ARM_SBCON_I2C
as per the official "ARM SBCon two-wire serial bus interface"
description from:
https://developer.arm.com/documentation/dui0440/b/programmer-s-reference/two-wire-serial-bus-interface--sbcon

Use the latter name as a better description.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230110082508.24038-6-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 MAINTAINERS                                 |  1 +
 hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} | 24 ++++++++++-----------
 hw/arm/Kconfig                              |  4 ++--
 hw/i2c/Kconfig                              |  2 +-
 hw/i2c/meson.build                          |  2 +-
 5 files changed, 17 insertions(+), 16 deletions(-)
 rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (81%)

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
 L: qemu-arm@nongnu.org
 S: Maintained
 F: hw/*/versatile*
+F: hw/i2c/arm_sbcon_i2c.c
 F: include/hw/i2c/arm_sbcon_i2c.h
 F: hw/misc/arm_sysctl.c
 F: docs/system/arm/versatile.rst
diff --git a/hw/i2c/versatile_i2c.c b/hw/i2c/arm_sbcon_i2c.c
similarity index 81%
rename from hw/i2c/versatile_i2c.c
rename to hw/i2c/arm_sbcon_i2c.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/versatile_i2c.c
+++ b/hw/i2c/arm_sbcon_i2c.c
@@ -XXX,XX +XXX,XX @@ REG32(CONTROL_CLR, 4)
 #define SCL BIT(0)
 #define SDA BIT(1)
 
-static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
+static uint64_t arm_sbcon_i2c_read(void *opaque, hwaddr offset,
                                    unsigned size)
 {
     ArmSbconI2CState *s = opaque;
@@ -XXX,XX +XXX,XX @@ static uint64_t versatile_i2c_read(void *opaque, hwaddr offset,
     }
 }
 
-static void versatile_i2c_write(void *opaque, hwaddr offset,
+static void arm_sbcon_i2c_write(void *opaque, hwaddr offset,
                                 uint64_t value, unsigned size)
 {
     ArmSbconI2CState *s = opaque;
@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_write(void *opaque, hwaddr offset,
     s->in = bitbang_i2c_set(&s->bitbang, BITBANG_I2C_SDA, (s->out & SDA) != 0);
 }
 
-static const MemoryRegionOps versatile_i2c_ops = {
-    .read = versatile_i2c_read,
-    .write = versatile_i2c_write,
+static const MemoryRegionOps arm_sbcon_i2c_ops = {
+    .read = arm_sbcon_i2c_read,
+    .write = arm_sbcon_i2c_write,
     .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void versatile_i2c_init(Object *obj)
+static void arm_sbcon_i2c_init(Object *obj)
 {
     DeviceState *dev = DEVICE(obj);
     ArmSbconI2CState *s = ARM_SBCON_I2C(obj);
@@ -XXX,XX +XXX,XX @@ static void versatile_i2c_init(Object *obj)
 
     bus = i2c_init_bus(dev, "i2c");
     bitbang_i2c_init(&s->bitbang, bus);
-    memory_region_init_io(&s->iomem, obj, &versatile_i2c_ops, s,
+    memory_region_init_io(&s->iomem, obj, &arm_sbcon_i2c_ops, s,
                           "arm_sbcon_i2c", 0x1000);
     sysbus_init_mmio(sbd, &s->iomem);
 }
 
-static const TypeInfo versatile_i2c_info = {
+static const TypeInfo arm_sbcon_i2c_info = {
     .name          = TYPE_ARM_SBCON_I2C,
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(ArmSbconI2CState),
-    .instance_init = versatile_i2c_init,
+    .instance_init = arm_sbcon_i2c_init,
 };
 
-static void versatile_i2c_register_types(void)
+static void arm_sbcon_i2c_register_types(void)
 {
-    type_register_static(&versatile_i2c_info);
+    type_register_static(&arm_sbcon_i2c_info);
 }
 
-type_init(versatile_i2c_register_types)
+type_init(arm_sbcon_i2c_register_types)
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -XXX,XX +XXX,XX @@ config REALVIEW
     select PL110
     select PL181  # display
     select PL310  # cache controller
-    select VERSATILE_I2C
+    select ARM_SBCON_I2C
     select DS1338 # I2C RTC+NVRAM
     select USB_OHCI
 
@@ -XXX,XX +XXX,XX @@ config MPS2
     select SPLIT_IRQ
     select UNIMP
     select CMSDK_APB_WATCHDOG
-    select VERSATILE_I2C
+    select ARM_SBCON_I2C
 
 config FSL_IMX7
     bool
diff --git a/hw/i2c/Kconfig b/hw/i2c/Kconfig
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/Kconfig
+++ b/hw/i2c/Kconfig
@@ -XXX,XX +XXX,XX @@ config SMBUS_EEPROM
     bool
     select SMBUS
 
-config VERSATILE_I2C
+config ARM_SBCON_I2C
     bool
     select BITBANG_I2C
 
diff --git a/hw/i2c/meson.build b/hw/i2c/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/i2c/meson.build
+++ b/hw/i2c/meson.build
@@ -XXX,XX +XXX,XX @@ i2c_ss.add(when: 'CONFIG_ALLWINNER_I2C', if_true: files('allwinner-i2c.c'))
 i2c_ss.add(when: 'CONFIG_NRF51_SOC', if_true: files('microbit_i2c.c'))
 i2c_ss.add(when: 'CONFIG_NPCM7XX', if_true: files('npcm7xx_smbus.c'))
 i2c_ss.add(when: 'CONFIG_SMBUS_EEPROM', if_true: files('smbus_eeprom.c'))
-i2c_ss.add(when: 'CONFIG_VERSATILE_I2C', if_true: files('versatile_i2c.c'))
+i2c_ss.add(when: 'CONFIG_ARM_SBCON_I2C', if_true: files('arm_sbcon_i2c.c'))
 i2c_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_i2c.c'))
 i2c_ss.add(when: 'CONFIG_PPC4XX', if_true: files('ppc4xx_i2c.c'))
 i2c_ss.add(when: 'CONFIG_PCA954X', if_true: files('i2c_mux_pca954x.c'))
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-2-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
             goto do_unallocated;
         }
         if (sme_access_check(s)) {
-            bool i = crm & 1;
-            bool changed = false;
+            int old = s->pstate_sm | (s->pstate_za << 1);
+            int new = (crm & 1) * 3;
+            int msk = (crm >> 1) & 3;
 
-            if ((crm & 2) && i != s->pstate_sm) {
-                gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
-                changed = true;
-            }
-            if ((crm & 4) && i != s->pstate_za) {
-                gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
-                changed = true;
-            }
-            if (changed) {
+            if ((old ^ new) & msk) {
+                /* At least one bit changes. */
+                bool i = crm & 1;
+
+                if ((crm & 2) && i != s->pstate_sm) {
+                    gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
+                }
+                if ((crm & 4) && i != s->pstate_za) {
+                    gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
+                }
                 gen_rebuild_hflags(s);
             } else {
                 s->base.is_jmp = DISAS_NEXT;
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-3-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/sme_helper.c    | 2 ++
 target/arm/translate-a64.c | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
     }
     env->svcr ^= R_SVCR_SM_MASK;
     arm_reset_sve_state(env);
+    arm_rebuild_hflags(env);
 }
 
 void helper_set_pstate_za(CPUARMState *env, uint32_t i)
@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
     if (i) {
         memset(env->zarray, 0, sizeof(env->zarray));
     }
+    arm_rebuild_hflags(env);
 }
 
 void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
                 if ((crm & 4) && i != s->pstate_za) {
                     gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
                 }
-                gen_rebuild_hflags(s);
             } else {
                 s->base.is_jmp = DISAS_NEXT;
             }
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-4-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h              | 1 +
 linux-user/aarch64/cpu_loop.c | 2 +-
 linux-user/aarch64/signal.c   | 2 +-
 target/arm/helper.c           | 8 ++++++++
 target/arm/sme_helper.c       | 4 ++--
 5 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq);
 void aarch64_sve_change_el(CPUARMState *env, int old_el,
                            int new_el, bool el0_a64);
+void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask);
 void arm_reset_sve_state(CPUARMState *env);
 
 /*
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
              * On syscall, PSTATE.ZA is preserved, along with the ZA matrix.
              * PSTATE.SM is cleared, per SMSTOP, which does ResetSVEState.
              */
+            aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
             if (FIELD_EX64(env->svcr, SVCR, SM)) {
-                env->svcr = FIELD_DP64(env->svcr, SVCR, SM, 0);
                 arm_rebuild_hflags(env);
                 arm_reset_sve_state(env);
             }
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
      * Invoke the signal handler with both SM and ZA disabled.
      * When clearing SM, ResetSVEState, per SMSTOP.
      */
+    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
     if (FIELD_EX64(env->svcr, SVCR, SM)) {
         arm_reset_sve_state(env);
     }
     if (env->svcr) {
-        env->svcr = 0;
         arm_rebuild_hflags(env);
     }
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_esm(CPUARMState *env, const ARMCPRegInfo *ri,
     return CP_ACCESS_OK;
 }
 
+void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
+{
+    uint64_t change = (env->svcr ^ new) & mask;
+
+    env->svcr ^= change;
+}
+
 static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                        uint64_t value)
 {
     helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
     helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
+    aarch64_set_svcr(env, value, -1);
     arm_rebuild_hflags(env);
 }
 
diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
     if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
         return;
     }
-    env->svcr ^= R_SVCR_SM_MASK;
+    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
     arm_reset_sve_state(env);
     arm_rebuild_hflags(env);
 }
@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
     if (i == FIELD_EX64(env->svcr, SVCR, ZA)) {
         return;
     }
-    env->svcr ^= R_SVCR_ZA_MASK;
+    aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
 
     /*
      * ResetSMEState.
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Move arm_reset_sve_state() calls to aarch64_set_svcr().

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-5-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h              |  1 -
 linux-user/aarch64/cpu_loop.c |  1 -
 linux-user/aarch64/signal.c   |  8 +-------
 target/arm/helper.c           | 13 +++++++++++++
 target/arm/sme_helper.c       | 10 ----------
 5 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq);
 void aarch64_sve_change_el(CPUARMState *env, int old_el,
                            int new_el, bool el0_a64);
 void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask);
-void arm_reset_sve_state(CPUARMState *env);
 
 /*
  * SVE registers are encoded in KVM's memory in an endianness-invariant format.
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
             aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
             if (FIELD_EX64(env->svcr, SVCR, SM)) {
                 arm_rebuild_hflags(env);
-                arm_reset_sve_state(env);
             }
             ret = do_syscall(env,
                              env->xregs[8],
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
         env->btype = 2;
     }
 
-    /*
-     * Invoke the signal handler with both SM and ZA disabled.
-     * When clearing SM, ResetSVEState, per SMSTOP.
-     */
+    /* Invoke the signal handler with both SM and ZA disabled. */
     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
-    if (FIELD_EX64(env->svcr, SVCR, SM)) {
-        arm_reset_sve_state(env);
-    }
     if (env->svcr) {
         arm_rebuild_hflags(env);
     }
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_esm(CPUARMState *env, const ARMCPRegInfo *ri,
     return CP_ACCESS_OK;
 }
 
+/* ResetSVEState */
+static void arm_reset_sve_state(CPUARMState *env)
+{
+    memset(env->vfp.zregs, 0, sizeof(env->vfp.zregs));
+    /* Recall that FFR is stored as pregs[16]. */
+    memset(env->vfp.pregs, 0, sizeof(env->vfp.pregs));
+    vfp_set_fpcr(env, 0x0800009f);
+}
+
 void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
 {
     uint64_t change = (env->svcr ^ new) & mask;
 
     env->svcr ^= change;
+
+    if (change & R_SVCR_SM_MASK) {
+        arm_reset_sve_state(env);
+    }
 }
 
 static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "vec_internal.h"
 #include "sve_ldst_internal.h"
 
-/* ResetSVEState */
-void arm_reset_sve_state(CPUARMState *env)
-{
-    memset(env->vfp.zregs, 0, sizeof(env->vfp.zregs));
-    /* Recall that FFR is stored as pregs[16]. */
-    memset(env->vfp.pregs, 0, sizeof(env->vfp.pregs));
-    vfp_set_fpcr(env, 0x0800009f);
-}
-
 void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
 {
     if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
         return;
     }
     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-    arm_reset_sve_state(env);
     arm_rebuild_hflags(env);
 }
 
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-6-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c     | 12 ++++++++++++
 target/arm/sme_helper.c | 12 ------------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
     if (change & R_SVCR_SM_MASK) {
         arm_reset_sve_state(env);
     }
+
+    /*
+     * ResetSMEState.
+     *
+     * SetPSTATE_ZA zeros on enable and disable.  We can zero this only
+     * on enable: while disabled, the storage is inaccessible and the
+     * value does not matter.  We're not saving the storage in vmstate
+     * when disabled either.
+     */
+    if (change & new & R_SVCR_ZA_MASK) {
+        memset(env->zarray, 0, sizeof(env->zarray));
+    }
 }
 
 static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_set_pstate_za(CPUARMState *env, uint32_t i)
         return;
     }
     aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
-
-    /*
-     * ResetSMEState.
-     *
-     * SetPSTATE_ZA zeros on enable and disable.  We can zero this only
-     * on enable: while disabled, the storage is inaccessible and the
-     * value does not matter.  We're not saving the storage in vmstate
-     * when disabled either.
-     */
-    if (i) {
-        memset(env->zarray, 0, sizeof(env->zarray));
-    }
     arm_rebuild_hflags(env);
 }
 
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-7-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 linux-user/aarch64/cpu_loop.c | 8 +-------
 linux-user/aarch64/signal.c   | 3 ---
 target/arm/helper.c           | 6 +++++-
 target/arm/sme_helper.c       | 8 --------
 4 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
 
         switch (trapnr) {
         case EXCP_SWI:
-            /*
-             * On syscall, PSTATE.ZA is preserved, along with the ZA matrix.
-             * PSTATE.SM is cleared, per SMSTOP, which does ResetSVEState.
-             */
+            /* On syscall, PSTATE.ZA is preserved, PSTATE.SM is cleared. */
             aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-            if (FIELD_EX64(env->svcr, SVCR, SM)) {
-                arm_rebuild_hflags(env);
-            }
             ret = do_syscall(env,
                              env->xregs[8],
                              env->xregs[0],
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
 
     /* Invoke the signal handler with both SM and ZA disabled. */
     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK);
-    if (env->svcr) {
-        arm_rebuild_hflags(env);
-    }
 
     if (info) {
         tswap_siginfo(&frame->info, info);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
 {
     uint64_t change = (env->svcr ^ new) & mask;
 
+    if (change == 0) {
+        return;
+    }
     env->svcr ^= change;
 
     if (change & R_SVCR_SM_MASK) {
@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
     if (change & new & R_SVCR_ZA_MASK) {
         memset(env->zarray, 0, sizeof(env->zarray));
     }
+
+    arm_rebuild_hflags(env);
 }
 
 static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
     helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
     aarch64_set_svcr(env, value, -1);
-    arm_rebuild_hflags(env);
 }
 
 static void smcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@
 
 void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
 {
-    if (i == FIELD_EX64(env->svcr, SVCR, SM)) {
-        return;
-    }
     aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-    arm_rebuild_hflags(env);
 }
 
 void helper_set_pstate_za(CPUARMState *env, uint32_t i)
 {
-    if (i == FIELD_EX64(env->svcr, SVCR, ZA)) {
-        return;
-    }
     aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
-    arm_rebuild_hflags(env);
 }
 
 void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Unify the two helper_set_pstate_{sm,za} in this function.
Do not call helper_* functions from svcr_write.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230112102436.1913-8-philmd@linaro.org
Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper-sme.h    |  3 +--
 target/arm/helper.c        |  2 --
 target/arm/sme_helper.c    |  9 ++-------
 target/arm/translate-a64.c | 10 ++--------
 4 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/target/arm/helper-sme.h b/target/arm/helper-sme.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-sme.h
+++ b/target/arm/helper-sme.h
@@ -XXX,XX +XXX,XX @@
  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 
-DEF_HELPER_FLAGS_2(set_pstate_sm, TCG_CALL_NO_RWG, void, env, i32)
-DEF_HELPER_FLAGS_2(set_pstate_za, TCG_CALL_NO_RWG, void, env, i32)
+DEF_HELPER_FLAGS_3(set_svcr, TCG_CALL_NO_RWG, void, env, i32, i32)
 
 DEF_HELPER_FLAGS_3(sme_zero, TCG_CALL_NO_RWG, void, env, i32, i32)
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask)
 static void svcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                        uint64_t value)
 {
-    helper_set_pstate_sm(env, FIELD_EX64(value, SVCR, SM));
-    helper_set_pstate_za(env, FIELD_EX64(value, SVCR, ZA));
     aarch64_set_svcr(env, value, -1);
 }
 
diff --git a/target/arm/sme_helper.c b/target/arm/sme_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/sme_helper.c
+++ b/target/arm/sme_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "vec_internal.h"
 #include "sve_ldst_internal.h"
 
-void helper_set_pstate_sm(CPUARMState *env, uint32_t i)
+void helper_set_svcr(CPUARMState *env, uint32_t val, uint32_t mask)
 {
-    aarch64_set_svcr(env, 0, R_SVCR_SM_MASK);
-}
-
-void helper_set_pstate_za(CPUARMState *env, uint32_t i)
-{
-    aarch64_set_svcr(env, 0, R_SVCR_ZA_MASK);
+    aarch64_set_svcr(env, val, mask);
 }
 
 void helper_sme_zero(CPUARMState *env, uint32_t imm, uint32_t svl)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
 
             if ((old ^ new) & msk) {
                 /* At least one bit changes. */
-                bool i = crm & 1;
-
-                if ((crm & 2) && i != s->pstate_sm) {
-                    gen_helper_set_pstate_sm(cpu_env, tcg_constant_i32(i));
-                }
-                if ((crm & 4) && i != s->pstate_za) {
-                    gen_helper_set_pstate_za(cpu_env, tcg_constant_i32(i));
-                }
+                gen_helper_set_svcr(cpu_env, tcg_constant_i32(new),
+                                    tcg_constant_i32(msk));
             } else {
                 s->base.is_jmp = DISAS_NEXT;
             }
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Conversion to probe_access_full missed applying the page offset.

Fixes: b8967ddf ("target/arm: Use probe_access_full for MTE")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1416
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230114031213.2970349-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/mte_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
      * Remember these values across the second lookup below,
      * which may invalidate this pointer via tlb resize.
      */
-    ptr_paddr = full->phys_addr;
+    ptr_paddr = full->phys_addr | (ptr & ~TARGET_PAGE_MASK);
     attrs = full->attrs;
     full = NULL;
 
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

During the conversion, the test against get_phys_addr_lpae got inverted,
meaning that successful translations went to the 'failed' label.

Cc: qemu-stable@nongnu.org
Fixes: f3639a64f60 ("target/arm: Use softmmu tlbs for page table walking")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230114054605.2977022-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
             };
             GetPhysAddrResult s2 = { };
 
-            if (!get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
-                                    false, &s2, fi)) {
+            if (get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
+                                   false, &s2, fi)) {
                 goto fail;
             }
             ptw->out_phys = s2.f.phys_addr;
-- 
2.34.1

In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if
either the exception targets Secure or if the CPU doesn't implement
the Security Extension.  This is incorrect: the v8M Arm ARM specifies
that the ES bit should be RES0 if the Security Extension is not
implemented, and the pseudocode agrees.

Remove the incorrect condition, so that we leave the ES bit 0
if the Security Extension isn't implemented.

This doesn't have any guest-visible effects for our current set of
emulated CPUs, because all our v8M CPUs implement the Security
Extension; but it's worth fixing in case we add a v8M CPU without
the extension in future.

Reported-by: Igor Kotrasinski <i.kotrasinsk@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/m_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
         }
 
         lr &= ~R_V7M_EXCRET_ES_MASK;
-        if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+        if (targets_secure) {
             lr |= R_V7M_EXCRET_ES_MASK;
         }
         lr &= ~R_V7M_EXCRET_SPSEL_MASK;
-- 
2.34.1

From: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>

The architecture does not define any functionality for the CLAIM tag bits.
So we will just keep the raw bits, as per spec.

Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230120155929.32384-2-eiakovlev@linux.microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h          |  1 +
 target/arm/debug_helper.c | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
         uint64_t dbgbcr[16]; /* breakpoint control registers */
         uint64_t dbgwvr[16]; /* watchpoint value registers */
         uint64_t dbgwcr[16]; /* watchpoint control registers */
+        uint64_t dbgclaim;   /* DBGCLAIM bits */
         uint64_t mdscr_el1;
         uint64_t oslsr_el1; /* OS Lock Status */
         uint64_t osdlr_el1; /* OS DoubleLock status */
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -XXX,XX +XXX,XX @@ static void osdlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     }
 }
 
+static void dbgclaimset_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                              uint64_t value)
+{
+    env->cp15.dbgclaim |= (value & 0xFF);
+}
+
+static uint64_t dbgclaimset_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+    /* CLAIM bits are RAO */
+    return 0xFF;
+}
+
+static void dbgclaimclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                              uint64_t value)
+{
+    env->cp15.dbgclaim &= ~(value & 0xFF);
+}
+
 static const ARMCPRegInfo debug_cp_reginfo[] = {
     /*
      * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
       .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
       .access = PL1_RW, .accessfn = access_tda,
       .type = ARM_CP_NOP },
+    /*
+     * Dummy DBGCLAIM registers.
+     * "The architecture does not define any functionality for the CLAIM tag bits.",
+     * so we only keep the raw bits
+     */
+    { .name = "DBGCLAIMSET_EL1", .state = ARM_CP_STATE_BOTH,
+      .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 6,
+      .type = ARM_CP_ALIAS,
+      .access = PL1_RW, .accessfn = access_tda,
+      .writefn = dbgclaimset_write, .readfn = dbgclaimset_read },
+    { .name = "DBGCLAIMCLR_EL1", .state = ARM_CP_STATE_BOTH,
+      .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 6,
+      .access = PL1_RW, .accessfn = access_tda,
+      .writefn = dbgclaimclr_write, .raw_writefn = raw_write,
+      .fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },
 };
 
 static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
-- 
2.34.1

From: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>

Qemu doesn't implement Debug Communication Channel, as well as the rest
of external debug interface. However, Microsoft Hyper-V in tries to
access some of those registers during an EL2 context switch.

Since there is no architectural way to not advertise support for external
debug, provide RAZ/WI stubs for OSDTRRX_EL1, OSDTRTX_EL1 and OSECCR_EL1
registers in the same way the rest of DCM is currently done. Do account
for access traps though with access_tda.

Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230120155929.32384-3-eiakovlev@linux.microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/debug_helper.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
       .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
       .access = PL0_R, .accessfn = access_tda,
       .type = ARM_CP_CONST, .resetvalue = 0 },
+    /*
+     * OSDTRRX_EL1/OSDTRTX_EL1 are used for save and restore of DBGDTRRX_EL0.
+     * It is a component of the Debug Communications Channel, which is not implemented.
+     */
+    { .name = "OSDTRRX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 2,
+      .access = PL1_RW, .accessfn = access_tda,
+      .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "OSDTRTX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
+      .access = PL1_RW, .accessfn = access_tda,
+      .type = ARM_CP_CONST, .resetvalue = 0 },
+    /*
+     * OSECCR_EL1 provides a mechanism for an operating system
+     * to access the contents of EDECCR. EDECCR is not implemented though,
+     * as is the rest of external device mechanism.
+     */
+    { .name = "OSECCR_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
+      .access = PL1_RW, .accessfn = access_tda,
+      .type = ARM_CP_CONST, .resetvalue = 0 },
     /*
      * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2].  Map all bits as
      * it is unlikely a guest will care.
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Move the ri == NULL case to the top of the function and return.
This allows the else to be removed and the code unindented.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230106194451.1213153-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 406 ++++++++++++++++++++---------------------
 1 file changed, 203 insertions(+), 203 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
                            bool isread, int rt, int rt2)
 {
     const ARMCPRegInfo *ri;
+    bool need_exit_tb;
 
     ri = get_arm_cp_reginfo(s->cp_regs,
             ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
-    if (ri) {
-        bool need_exit_tb;
 
-        /* Check access permissions */
-        if (!cp_access_ok(s->current_el, ri, isread)) {
-            unallocated_encoding(s);
-            return;
-        }
-
-        if (s->hstr_active || ri->accessfn ||
-            (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
-            /* Emit code to perform further access permissions checks at
-             * runtime; this may result in an exception.
-             * Note that on XScale all cp0..c13 registers do an access check
-             * call in order to handle c15_cpar.
-             */
-            uint32_t syndrome;
-
-            /* Note that since we are an implementation which takes an
-             * exception on a trapped conditional instruction only if the
-             * instruction passes its condition code check, we can take
-             * advantage of the clause in the ARM ARM that allows us to set
-             * the COND field in the instruction to 0xE in all cases.
-             * We could fish the actual condition out of the insn (ARM)
-             * or the condexec bits (Thumb) but it isn't necessary.
-             */
-            switch (cpnum) {
-            case 14:
-                if (is64) {
-                    syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
-                                                 isread, false);
-                } else {
-                    syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
-                                                rt, isread, false);
-                }
-                break;
-            case 15:
-                if (is64) {
-                    syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
-                                                 isread, false);
-                } else {
-                    syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
-                                                rt, isread, false);
-                }
-                break;
-            default:
-                /* ARMv8 defines that only coprocessors 14 and 15 exist,
-                 * so this can only happen if this is an ARMv7 or earlier CPU,
-                 * in which case the syndrome information won't actually be
-                 * guest visible.
-                 */
-                assert(!arm_dc_feature(s, ARM_FEATURE_V8));
-                syndrome = syn_uncategorized();
-                break;
-            }
-
-            gen_set_condexec(s);
-            gen_update_pc(s, 0);
-            gen_helper_access_check_cp_reg(cpu_env,
-                                           tcg_constant_ptr(ri),
-                                           tcg_constant_i32(syndrome),
-                                           tcg_constant_i32(isread));
-        } else if (ri->type & ARM_CP_RAISES_EXC) {
-            /*
-             * The readfn or writefn might raise an exception;
-             * synchronize the CPU state in case it does.
-             */
-            gen_set_condexec(s);
-            gen_update_pc(s, 0);
-        }
-
-        /* Handle special cases first */
-        switch (ri->type & ARM_CP_SPECIAL_MASK) {
-        case 0:
-            break;
-        case ARM_CP_NOP:
-            return;
-        case ARM_CP_WFI:
-            if (isread) {
-                unallocated_encoding(s);
-                return;
-            }
-            gen_update_pc(s, curr_insn_len(s));
-            s->base.is_jmp = DISAS_WFI;
-            return;
-        default:
-            g_assert_not_reached();
-        }
-
-        if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-            gen_io_start();
-        }
-
-        if (isread) {
-            /* Read */
-            if (is64) {
-                TCGv_i64 tmp64;
-                TCGv_i32 tmp;
-                if (ri->type & ARM_CP_CONST) {
-                    tmp64 = tcg_constant_i64(ri->resetvalue);
-                } else if (ri->readfn) {
-                    tmp64 = tcg_temp_new_i64();
-                    gen_helper_get_cp_reg64(tmp64, cpu_env,
-                                            tcg_constant_ptr(ri));
-                } else {
-                    tmp64 = tcg_temp_new_i64();
-                    tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
-                }
-                tmp = tcg_temp_new_i32();
-                tcg_gen_extrl_i64_i32(tmp, tmp64);
-                store_reg(s, rt, tmp);
-                tmp = tcg_temp_new_i32();
-                tcg_gen_extrh_i64_i32(tmp, tmp64);
-                tcg_temp_free_i64(tmp64);
-                store_reg(s, rt2, tmp);
-            } else {
-                TCGv_i32 tmp;
-                if (ri->type & ARM_CP_CONST) {
-                    tmp = tcg_constant_i32(ri->resetvalue);
-                } else if (ri->readfn) {
-                    tmp = tcg_temp_new_i32();
-                    gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
-                } else {
-                    tmp = load_cpu_offset(ri->fieldoffset);
-                }
-                if (rt == 15) {
-                    /* Destination register of r15 for 32 bit loads sets
-                     * the condition codes from the high 4 bits of the value
-                     */
-                    gen_set_nzcv(tmp);
-                    tcg_temp_free_i32(tmp);
-                } else {
-                    store_reg(s, rt, tmp);
-                }
-            }
+    if (!ri) {
+        /*
+         * Unknown register; this might be a guest error or a QEMU
+         * unimplemented feature.
+         */
+        if (is64) {
+            qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
+                          "64 bit system register cp:%d opc1: %d crm:%d "
+                          "(%s)\n",
+                          isread ? "read" : "write", cpnum, opc1, crm,
+                          s->ns ? "non-secure" : "secure");
         } else {
-            /* Write */
-            if (ri->type & ARM_CP_CONST) {
-                /* If not forbidden by access permissions, treat as WI */
-                return;
-            }
-
-            if (is64) {
-                TCGv_i32 tmplo, tmphi;
-                TCGv_i64 tmp64 = tcg_temp_new_i64();
-                tmplo = load_reg(s, rt);
-                tmphi = load_reg(s, rt2);
-                tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
-                tcg_temp_free_i32(tmplo);
-                tcg_temp_free_i32(tmphi);
-                if (ri->writefn) {
-                    gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri),
-                                            tmp64);
-                } else {
-                    tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
-                }
-                tcg_temp_free_i64(tmp64);
-            } else {
-                TCGv_i32 tmp = load_reg(s, rt);
-                if (ri->writefn) {
-                    gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
-                    tcg_temp_free_i32(tmp);
-                } else {
-                    store_cpu_offset(tmp, ri->fieldoffset, 4);
-                }
-            }
+            qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
+                          "system register cp:%d opc1:%d crn:%d crm:%d "
+                          "opc2:%d (%s)\n",
+                          isread ? "read" : "write", cpnum, opc1, crn,
+                          crm, opc2, s->ns ? "non-secure" : "secure");
         }
-
-        /* I/O operations must end the TB here (whether read or write) */
-        need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&
-                        (ri->type & ARM_CP_IO));
-
-        if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
-            /*
-             * A write to any coprocessor register that ends a TB
-             * must rebuild the hflags for the next TB.
-             */
-            gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);
-            /*
-             * We default to ending the TB on a coprocessor register write,
-             * but allow this to be suppressed by the register definition
-             * (usually only necessary to work around guest bugs).
-             */
-            need_exit_tb = true;
-        }
-        if (need_exit_tb) {
-            gen_lookup_tb(s);
-        }
-
+        unallocated_encoding(s);
         return;
     }
 
-    /* Unknown register; this might be a guest error or a QEMU
-     * unimplemented feature.
-     */
-    if (is64) {
-        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
-                      "64 bit system register cp:%d opc1: %d crm:%d "
-                      "(%s)\n",
-                      isread ? "read" : "write", cpnum, opc1, crm,
-                      s->ns ? "non-secure" : "secure");
-    } else {
-        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
-                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
-                      "(%s)\n",
-                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
-                      s->ns ? "non-secure" : "secure");
+    /* Check access permissions */
+    if (!cp_access_ok(s->current_el, ri, isread)) {
+        unallocated_encoding(s);
+        return;
     }
 
-    unallocated_encoding(s);
-    return;
+    if (s->hstr_active || ri->accessfn ||
+        (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
+        /*
+         * Emit code to perform further access permissions checks at
+         * runtime; this may result in an exception.
+         * Note that on XScale all cp0..c13 registers do an access check
+         * call in order to handle c15_cpar.
+         */
+        uint32_t syndrome;
+
+        /*
+         * Note that since we are an implementation which takes an
+         * exception on a trapped conditional instruction only if the
+         * instruction passes its condition code check, we can take
+         * advantage of the clause in the ARM ARM that allows us to set
+         * the COND field in the instruction to 0xE in all cases.
+         * We could fish the actual condition out of the insn (ARM)
+         * or the condexec bits (Thumb) but it isn't necessary.
+         */
+        switch (cpnum) {
+        case 14:
+            if (is64) {
+                syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
+                                             isread, false);
+            } else {
+                syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
+                                            rt, isread, false);
+            }
+            break;
+        case 15:
+            if (is64) {
+                syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
+                                             isread, false);
+            } else {
+                syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
+                                            rt, isread, false);
+            }
+            break;
+        default:
+            /*
+             * ARMv8 defines that only coprocessors 14 and 15 exist,
+             * so this can only happen if this is an ARMv7 or earlier CPU,
+             * in which case the syndrome information won't actually be
+             * guest visible.
+             */
+            assert(!arm_dc_feature(s, ARM_FEATURE_V8));
+            syndrome = syn_uncategorized();
+            break;
+        }
+
+        gen_set_condexec(s);
+        gen_update_pc(s, 0);
+        gen_helper_access_check_cp_reg(cpu_env,
+                                       tcg_constant_ptr(ri),
+                                       tcg_constant_i32(syndrome),
+                                       tcg_constant_i32(isread));
+    } else if (ri->type & ARM_CP_RAISES_EXC) {
+        /*
+         * The readfn or writefn might raise an exception;
+         * synchronize the CPU state in case it does.
+         */
+        gen_set_condexec(s);
+        gen_update_pc(s, 0);
+    }
+
+    /* Handle special cases first */
+    switch (ri->type & ARM_CP_SPECIAL_MASK) {
+    case 0:
+        break;
+    case ARM_CP_NOP:
+        return;
+    case ARM_CP_WFI:
+        if (isread) {
+            unallocated_encoding(s);
+            return;
+        }
+        gen_update_pc(s, curr_insn_len(s));
+        s->base.is_jmp = DISAS_WFI;
+        return;
+    default:
+        g_assert_not_reached();
+    }
+
+    if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
+        gen_io_start();
+    }
+
+    if (isread) {
+        /* Read */
+        if (is64) {
+            TCGv_i64 tmp64;
+            TCGv_i32 tmp;
+            if (ri->type & ARM_CP_CONST) {
+                tmp64 = tcg_constant_i64(ri->resetvalue);
+            } else if (ri->readfn) {
+                tmp64 = tcg_temp_new_i64();
+                gen_helper_get_cp_reg64(tmp64, cpu_env,
+                                        tcg_constant_ptr(ri));
+            } else {
+                tmp64 = tcg_temp_new_i64();
+                tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
+            }
+            tmp = tcg_temp_new_i32();
+            tcg_gen_extrl_i64_i32(tmp, tmp64);
+            store_reg(s, rt, tmp);
+            tmp = tcg_temp_new_i32();
+            tcg_gen_extrh_i64_i32(tmp, tmp64);
+            tcg_temp_free_i64(tmp64);
+            store_reg(s, rt2, tmp);
+        } else {
+            TCGv_i32 tmp;
+            if (ri->type & ARM_CP_CONST) {
+                tmp = tcg_constant_i32(ri->resetvalue);
+            } else if (ri->readfn) {
+                tmp = tcg_temp_new_i32();
+                gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
+            } else {
+                tmp = load_cpu_offset(ri->fieldoffset);
+            }
+            if (rt == 15) {
+                /* Destination register of r15 for 32 bit loads sets
+                 * the condition codes from the high 4 bits of the value
+                 */
+                gen_set_nzcv(tmp);
+                tcg_temp_free_i32(tmp);
+            } else {
+                store_reg(s, rt, tmp);
+            }
+        }
+    } else {
+        /* Write */
+        if (ri->type & ARM_CP_CONST) {
+            /* If not forbidden by access permissions, treat as WI */
+            return;
+        }
+
+        if (is64) {
+            TCGv_i32 tmplo, tmphi;
+            TCGv_i64 tmp64 = tcg_temp_new_i64();
+            tmplo = load_reg(s, rt);
+            tmphi = load_reg(s, rt2);
+            tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
+            tcg_temp_free_i32(tmplo);
+            tcg_temp_free_i32(tmphi);
+            if (ri->writefn) {
+                gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);
+            } else {
+                tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
+            }
+            tcg_temp_free_i64(tmp64);
+        } else {
+            TCGv_i32 tmp = load_reg(s, rt);
+            if (ri->writefn) {
+                gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
+                tcg_temp_free_i32(tmp);
+            } else {
+                store_cpu_offset(tmp, ri->fieldoffset, 4);
+            }
+        }
+    }
+
+    /* I/O operations must end the TB here (whether read or write) */
+    need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&
+                    (ri->type & ARM_CP_IO));
+
+    if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
+        /*
+         * A write to any coprocessor register that ends a TB
+         * must rebuild the hflags for the next TB.
+         */
+        gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);
+        /*
+         * We default to ending the TB on a coprocessor register write,
+         * but allow this to be suppressed by the register definition
+         * (usually only necessary to work around guest bugs).
+         */
+        need_exit_tb = true;
+    }
+    if (need_exit_tb) {
+        gen_lookup_tb(s);
+    }
 }
 
 /* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */
-- 
2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)

Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.h        | 11 +++++----
 target/arm/translate.h     |  7 ++++++
 target/arm/op_helper.c     | 27 ++++++++++++++------
 target/arm/translate-a64.c | 49 ++++++++++++++++++++++---------------
 target/arm/translate.c     | 50 +++++++++++++++++++++++++-------------
 5 files changed, 95 insertions(+), 49 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(v8m_stackcheck, void, env, i32)
 
 DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, i32)
 
-DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
-DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
-DEF_HELPER_2(get_cp_reg, i32, env, ptr)
-DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
-DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
+DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
+DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)
+DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)
+DEF_HELPER_2(get_cp_reg, i32, env, cptr)
+DEF_HELPER_3(set_cp_reg64, void, env, cptr, i64)
+DEF_HELPER_2(get_cp_reg64, i64, env, cptr)
 
 DEF_HELPER_2(get_r13_banked, i32, env, i32)
 DEF_HELPER_3(set_r13_banked, void, env, i32, i32)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ static inline void set_disas_label(DisasContext *s, DisasLabel l)
     s->pc_save = l.pc_save;
 }
 
+static inline TCGv_ptr gen_lookup_cp_reg(uint32_t key)
+{
+    TCGv_ptr ret = tcg_temp_new_ptr();
+    gen_helper_lookup_cp_reg(ret, cpu_env, tcg_constant_i32(key));
+    return ret;
+}
+
 /*
  * Helpers for implementing sets of trans_* functions.
  * Defer the implementation of NAME to FUNC, with optional extra arguments.
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)
     }
 }
 
-void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
-                                 uint32_t isread)
+const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
+                                        uint32_t syndrome, uint32_t isread)
 {
     ARMCPU *cpu = env_archcpu(env);
-    const ARMCPRegInfo *ri = rip;
+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
     CPAccessResult res = CP_ACCESS_OK;
     int target_el;
 
+    assert(ri != NULL);
+
     if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14
         && extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {
         res = CP_ACCESS_TRAP;
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
         res = ri->accessfn(env, ri, isread);
     }
     if (likely(res == CP_ACCESS_OK)) {
-        return;
+        return ri;
     }
 
  fail:
@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,
     raise_exception(env, EXCP_UDEF, syndrome, target_el);
 }
 
-void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)
+const void *HELPER(lookup_cp_reg)(CPUARMState *env, uint32_t key)
+{
+    ARMCPU *cpu = env_archcpu(env);
+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
+
+    assert(ri != NULL);
+    return ri;
+}
+
+void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
 {
     const ARMCPRegInfo *ri = rip;
 
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)
     }
 }
 
-uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)
+uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)
 {
     const ARMCPRegInfo *ri = rip;
     uint32_t res;
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)
     return res;
 }
 
-void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)
+void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)
 {
     const ARMCPRegInfo *ri = rip;
 
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)
     }
 }
 
-uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
+uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)
 {
     const ARMCPRegInfo *ri = rip;
     uint64_t res;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
                        unsigned int op0, unsigned int op1, unsigned int op2,
                        unsigned int crn, unsigned int crm, unsigned int rt)
 {
-    const ARMCPRegInfo *ri;
+    uint32_t key = ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,
+                                      crn, crm, op0, op1, op2);
+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);
+    TCGv_ptr tcg_ri = NULL;
     TCGv_i64 tcg_rt;
 
-    ri = get_arm_cp_reginfo(s->cp_regs,
-                            ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,
-                                               crn, crm, op0, op1, op2));
-
     if (!ri) {
         /* Unknown register; this might be a guest error or a QEMU
          * unimplemented feature.
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
 
         syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
         gen_a64_update_pc(s, 0);
-        gen_helper_access_check_cp_reg(cpu_env,
-                                       tcg_constant_ptr(ri),
+        tcg_ri = tcg_temp_new_ptr();
+        gen_helper_access_check_cp_reg(tcg_ri, cpu_env,
+                                       tcg_constant_i32(key),
                                        tcg_constant_i32(syndrome),
                                        tcg_constant_i32(isread));
     } else if (ri->type & ARM_CP_RAISES_EXC) {
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
     case 0:
         break;
     case ARM_CP_NOP:
-        return;
+        goto exit;
     case ARM_CP_NZCV:
         tcg_rt = cpu_reg(s, rt);
         if (isread) {
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
         } else {
             gen_set_nzcv(tcg_rt);
         }
-        return;
+        goto exit;
     case ARM_CP_CURRENTEL:
         /* Reads as current EL value from pstate, which is
          * guaranteed to be constant by the tb flags.
          */
         tcg_rt = cpu_reg(s, rt);
         tcg_gen_movi_i64(tcg_rt, s->current_el << 2);
-        return;
+        goto exit;
     case ARM_CP_DC_ZVA:
         /* Writes clear the aligned block of memory which rt points into. */
         if (s->mte_active[0]) {
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
             tcg_rt = clean_data_tbi(s, cpu_reg(s, rt));
         }
         gen_helper_dc_zva(cpu_env, tcg_rt);
-        return;
+        goto exit;
     case ARM_CP_DC_GVA:
         {
             TCGv_i64 clean_addr, tag;
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
                 tcg_temp_free_i64(tag);
             }
         }
-        return;
+        goto exit;
     case ARM_CP_DC_GZVA:
         {
             TCGv_i64 clean_addr, tag;
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
                 tcg_temp_free_i64(tag);
             }
         }
-        return;
+        goto exit;
     default:
         g_assert_not_reached();
     }
     if ((ri->type & ARM_CP_FPU) && !fp_access_check_only(s)) {
-        return;
+        goto exit;
     } else if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
-        return;
+        goto exit;
     } else if ((ri->type & ARM_CP_SME) && !sme_access_check(s)) {
-        return;
+        goto exit;
     }
 
     if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
         if (ri->type & ARM_CP_CONST) {
             tcg_gen_movi_i64(tcg_rt, ri->resetvalue);
         } else if (ri->readfn) {
-            gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_constant_ptr(ri));
+            if (!tcg_ri) {
+                tcg_ri = gen_lookup_cp_reg(key);
+            }
+            gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_ri);
         } else {
             tcg_gen_ld_i64(tcg_rt, cpu_env, ri->fieldoffset);
         }
     } else {
         if (ri->type & ARM_CP_CONST) {
             /* If not forbidden by access permissions, treat as WI */
-            return;
+            goto exit;
         } else if (ri->writefn) {
-            gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tcg_rt);
+            if (!tcg_ri) {
+                tcg_ri = gen_lookup_cp_reg(key);
+            }
+            gen_helper_set_cp_reg64(cpu_env, tcg_ri, tcg_rt);
         } else {
             tcg_gen_st_i64(tcg_rt, cpu_env, ri->fieldoffset);
         }
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
          */
         s->base.is_jmp = DISAS_UPDATE_EXIT;
     }
+
+ exit:
+    if (tcg_ri) {
+        tcg_temp_free_ptr(tcg_ri);
+    }
 }
 
 /* System
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
                            int opc1, int crn, int crm, int opc2,
                            bool isread, int rt, int rt2)
 {
-    const ARMCPRegInfo *ri;
+    uint32_t key = ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2);
+    const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);
+    TCGv_ptr tcg_ri = NULL;
     bool need_exit_tb;
 
-    ri = get_arm_cp_reginfo(s->cp_regs,
-            ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
-
     if (!ri) {
         /*
          * Unknown register; this might be a guest error or a QEMU
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
 
         gen_set_condexec(s);
         gen_update_pc(s, 0);
-        gen_helper_access_check_cp_reg(cpu_env,
-                                       tcg_constant_ptr(ri),
+        tcg_ri = tcg_temp_new_ptr();
+        gen_helper_access_check_cp_reg(tcg_ri, cpu_env,
+                                       tcg_constant_i32(key),
                                        tcg_constant_i32(syndrome),
                                        tcg_constant_i32(isread));
     } else if (ri->type & ARM_CP_RAISES_EXC) {
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
     case 0:
         break;
     case ARM_CP_NOP:
-        return;
+        goto exit;
     case ARM_CP_WFI:
         if (isread) {
             unallocated_encoding(s);
-            return;
+        } else {
+            gen_update_pc(s, curr_insn_len(s));
+            s->base.is_jmp = DISAS_WFI;
         }
-        gen_update_pc(s, curr_insn_len(s));
-        s->base.is_jmp = DISAS_WFI;
-        return;
+        goto exit;
     default:
         g_assert_not_reached();
     }
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
             if (ri->type & ARM_CP_CONST) {
                 tmp64 = tcg_constant_i64(ri->resetvalue);
             } else if (ri->readfn) {
+                if (!tcg_ri) {
+                    tcg_ri = gen_lookup_cp_reg(key);
+                }
                 tmp64 = tcg_temp_new_i64();
-                gen_helper_get_cp_reg64(tmp64, cpu_env,
-                                        tcg_constant_ptr(ri));
+                gen_helper_get_cp_reg64(tmp64, cpu_env, tcg_ri);
             } else {
                 tmp64 = tcg_temp_new_i64();
                 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
             if (ri->type & ARM_CP_CONST) {
                 tmp = tcg_constant_i32(ri->resetvalue);
             } else if (ri->readfn) {
+                if (!tcg_ri) {
+                    tcg_ri = gen_lookup_cp_reg(key);
+                }
                 tmp = tcg_temp_new_i32();
-                gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));
+                gen_helper_get_cp_reg(tmp, cpu_env, tcg_ri);
             } else {
                 tmp = load_cpu_offset(ri->fieldoffset);
             }
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
         /* Write */
         if (ri->type & ARM_CP_CONST) {
             /* If not forbidden by access permissions, treat as WI */
-            return;
+            goto exit;
         }
 
         if (is64) {
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
             tcg_temp_free_i32(tmplo);
             tcg_temp_free_i32(tmphi);
             if (ri->writefn) {
-                gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);
+                if (!tcg_ri) {
+                    tcg_ri = gen_lookup_cp_reg(key);
+                }
+                gen_helper_set_cp_reg64(cpu_env, tcg_ri, tmp64);
             } else {
                 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
             }
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
         } else {
             TCGv_i32 tmp = load_reg(s, rt);
             if (ri->writefn) {
-                gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);
+                if (!tcg_ri) {
+                    tcg_ri = gen_lookup_cp_reg(key);
+                }
+                gen_helper_set_cp_reg(cpu_env, tcg_ri, tmp);
                 tcg_temp_free_i32(tmp);
             } else {
                 store_cpu_offset(tmp, ri->fieldoffset, 4);
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
     if (need_exit_tb) {
         gen_lookup_tb(s);
     }
+
+ exit:
+    if (tcg_ri) {
+        tcg_temp_free_ptr(tcg_ri);
+    }
 }
 
 /* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */
-- 
2.34.1

no changes to v1, except adding the CVE identifier to one of the commit
messages.

-- PMM

The following changes since commit cf7ca7d5b9faca13f1f8e3ea92cfb2f741eb0c0e:

Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging (2021-02-01 16:28:00 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210203

for you to fetch changes up to fd8f71b95da86f530aae3d02a14b0ccd9e024772:

hw/arm: Display CPU type in machine description (2021-02-03 10:15:51 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/intc/arm_gic: Allow to use QTest without crashing
 * hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
 * hw/char/exynos4210_uart: Fix missing call to report ready for input
 * hw/arm/smmuv3: Fix addr_mask for range-based invalidation
 * hw/ssi/imx_spi: Fix various minor bugs
 * hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
 * hw/arm: Add missing Kconfig dependencies
 * hw/arm: Display CPU type in machine description

----------------------------------------------------------------
Bin Meng (5):
      hw/ssi: imx_spi: Use a macro for number of chip selects supported
      hw/ssi: imx_spi: Remove imx_spi_update_irq() in imx_spi_reset()
      hw/ssi: imx_spi: Round up the burst length to be multiple of 8
      hw/ssi: imx_spi: Correct the burst length > 32 bit transfer logic
      hw/ssi: imx_spi: Correct tx and rx fifo endianness

Iris Johnson (2):
      hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
      hw/char/exynos4210_uart: Fix missing call to report ready for input

Philippe Mathieu-Daudé (12):
      hw/intc/arm_gic: Allow to use QTest without crashing
      hw/ssi: imx_spi: Remove pointless variable initialization
      hw/ssi: imx_spi: Rework imx_spi_reset() to keep CONREG register value
      hw/ssi: imx_spi: Rework imx_spi_read() to handle block disabled
      hw/ssi: imx_spi: Rework imx_spi_write() to handle block disabled
      hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
      hw/arm/stm32f405_soc: Add missing dependency on OR_IRQ
      hw/arm/exynos4210: Add missing dependency on OR_IRQ
      hw/arm/xlnx-versal: Versal SoC requires ZDMA
      hw/arm/xlnx-versal: Versal SoC requires ZynqMP peripherals
      hw/net/can: ZynqMP CAN device requires PTIMER
      hw/arm: Display CPU type in machine description

Xuzhou Cheng (1):
      hw/ssi: imx_spi: Disable chip selects when controller is disabled

Zenghui Yu (1):
      hw/arm/smmuv3: Fix addr_mask for range-based invalidation