Series comparison

-[PULL 0/4] target-arm queue
+[PULL v2 00/29] target-arm queue
-The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d:
+v2: drop pvpanic-pci patches.
-  Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100)
+The following changes since commit f1fcb6851aba6dd9838886dc179717a11e344a1c:
   Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging (2021-01-19 11:57:07 +0000)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210119-1
-for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001:
+for you to fetch changes up to b93f4fbdc48283a39089469c44a5529d79dc40a8:
-  hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100)
+  docs: Build and install all the docs in a single manual (2021-01-19 15:45:14 +0000)
 ----------------------------------------------------------------
- * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
+target-arm queue:
- * hw/arm: do not free machine->fdt in arm_load_dtb()
+ * Implement IMPDEF pauth algorithm
- * target/arm: Fix generated code for cpreg reads when HSTR is active
+ * Support ARMv8.4-SEL2
- * hw/ssi: Fix Linux driver init issue with xilinx_spi
+ * Fix bug where we were truncating predicate vector lengths in SVE insns
  * npcm7xx_adc-test: Fix memleak in adc_qom_set
  * target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
  * docs: Build and install all the docs in a single manual
 ----------------------------------------------------------------
-Chris Rauer (1):
+Gan Qixin (1):
-      hw/ssi: Fix Linux driver init issue with xilinx_spi
+      npcm7xx_adc-test: Fix memleak in adc_qom_set
 Markus Armbruster (1):
       hw/arm: do not free machine->fdt in arm_load_dtb()
 Peter Maydell (1):
-      target/arm: Fix generated code for cpreg reads when HSTR is active
+      docs: Build and install all the docs in a single manual
 Philippe Mathieu-Daudé (1):
-      target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
+      target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
- target/arm/internals.h        | 15 ++++++++++-----
+Richard Henderson (7):
- hw/arm/boot.c                 |  5 ++++-
+      target/arm: Implement an IMPDEF pauth algorithm
- hw/ssi/xilinx_spi.c           |  1 +
+      target/arm: Add cpu properties to control pauth
- target/arm/gdbstub64.c        |  7 +++++--
+      target/arm: Use object_property_add_bool for "sve" property
- target/arm/tcg/pauth_helper.c | 18 +-----------------
+      target/arm: Introduce PREDDESC field definitions
- target/arm/tcg/translate.c    |  6 ++++++
+      target/arm: Update PFIRST, PNEXT for pred_desc
-files changed, 27 insertions(+), 25 deletions(-)
+      target/arm: Update ZIP, UZP, TRN for pred_desc
       target/arm: Update REV, PUNPK for pred_desc
+Rémi Denis-Courmont (19):
+      target/arm: remove redundant tests
+      target/arm: add arm_is_el2_enabled() helper
+      target/arm: use arm_is_el2_enabled() where applicable
+      target/arm: use arm_hcr_el2_eff() where applicable
+      target/arm: factor MDCR_EL2 common handling
+      target/arm: Define isar_feature function to test for presence of SEL2
+      target/arm: add 64-bit S-EL2 to EL exception table
+      target/arm: add MMU stage 1 for Secure EL2
+      target/arm: add ARMv8.4-SEL2 system registers
+      target/arm: handle VMID change in secure state
+      target/arm: do S1_ptw_translate() before address space lookup
+      target/arm: translate NS bit in page-walks
+      target/arm: generalize 2-stage page-walk condition
+      target/arm: secure stage 2 translation regime
+      target/arm: set HPFAR_EL2.NS on secure stage 2 faults
+      target/arm: revector to run-time pick target EL
+      target/arm: Implement SCR_EL2.EEL2
+      target/arm: enable Secure EL2 in max CPU
+      target/arm: refactor vae1_tlbmask()
+ docs/conf.py                     |  46 ++++-
+ docs/devel/conf.py               |  15 --
+ docs/index.html.in               |  17 --
+ docs/interop/conf.py             |  28 ---
+ docs/meson.build                 |  64 +++---
+ docs/specs/conf.py               |  16 --
+ docs/system/arm/cpu-features.rst |  21 ++
+ docs/system/conf.py              |  28 ---
+ docs/tools/conf.py               |  37 ----
+ docs/user/conf.py                |  15 --
+ include/qemu/xxhash.h            |  98 +++++++++
+ target/arm/cpu-param.h           |   2 +-
+ target/arm/cpu.h                 | 107 ++++++++--
+ target/arm/internals.h           |  45 +++++
+ target/arm/cpu.c                 |  23 ++-
+ target/arm/cpu64.c               |  65 ++++--
+ target/arm/helper-a64.c          |   8 +-
+ target/arm/helper.c              | 414 ++++++++++++++++++++++++++-------------
+ target/arm/m_helper.c            |   2 +-
+ target/arm/monitor.c             |   1 +
+ target/arm/op_helper.c           |   4 +-
+ target/arm/pauth_helper.c        |  27 ++-
+ target/arm/sve_helper.c          |  33 ++--
+ target/arm/tlb_helper.c          |   3 +
+ target/arm/translate-a64.c       |   4 +
+ target/arm/translate-sve.c       |  31 ++-
+ target/arm/translate.c           |  36 +++-
+ tests/qtest/arm-cpu-features.c   |  13 ++
+ tests/qtest/npcm7xx_adc-test.c   |   1 +
+ .gitlab-ci.yml                   |   4 +-
+files changed, 770 insertions(+), 438 deletions(-)
+ delete mode 100644 docs/devel/conf.py
+ delete mode 100644 docs/index.html.in
+ delete mode 100644 docs/interop/conf.py
+ delete mode 100644 docs/specs/conf.py
+ delete mode 100644 docs/system/conf.py
+ delete mode 100644 docs/tools/conf.py
+ delete mode 100644 docs/user/conf.py

-[PULL 1/4] target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
-aarch64_gdb_get_pauth_reg() -- although disabled since commit
-d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to
-gdb") is still compiled in. It calls pauth_ptr_mask() which is
-located in target/arm/tcg/pauth_helper.c, a TCG specific helper.
-To avoid a linking error when TCG is not enabled:
-  Undefined symbols for architecture arm64:
-    "_pauth_ptr_mask", referenced from:
-        _aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o
-  ld: symbol(s) not found for architecture arm64
-  clang: error: linker command failed with exit code 1 (use -v to see invocation)
-- Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg()
-  (this is the single user),
-- Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and
-  inline it in "internals.h",
-Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension")
-Suggested-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Fabiano Rosas <farosas@suse.de>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Message-id: 20230328212516.29592-1-philmd@linaro.org
-[PMM: reinstated doc comment]
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/internals.h        | 15 ++++++++++-----
- target/arm/gdbstub64.c        |  7 +++++--
- target/arm/tcg/pauth_helper.c | 18 +-----------------
-files changed, 16 insertions(+), 24 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ bool arm_generate_debug_exceptions(CPUARMState *env);
- /**
-  * pauth_ptr_mask:
-- * @env: cpu context
-- * @ptr: selects between TTBR0 and TTBR1
-- * @data: selects between TBI and TBID
-+ * @param: parameters defining the MMU setup
-  *
-- * Return a mask of the bits of @ptr that contain the authentication code.
-+ * Return a mask of the address bits that contain the authentication code,
-+ * given the MMU config defined by @param.
-  */
--uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data);
-+static inline uint64_t pauth_ptr_mask(ARMVAParameters param)
-+{
-+    int bot_pac_bit = 64 - param.tsz;
-+    int top_pac_bit = 64 - 8 * param.tbi;
-+
-+    return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
-+}
- /* Add the cpreg definitions for debug related system registers */
- void define_debug_regs(ARMCPU *cpu);
-diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/gdbstub64.c
-+++ b/target/arm/gdbstub64.c
-@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
-         {
-             bool is_data = !(reg & 1);
-             bool is_high = reg & 2;
--            uint64_t mask = pauth_ptr_mask(env, -is_high, is_data);
--            return gdb_get_reg64(buf, mask);
-+            ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
-+            ARMVAParameters param;
-+
-+            param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
-+            return gdb_get_reg64(buf, pauth_ptr_mask(param));
-         }
-     default:
-         return 0;
-diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/tcg/pauth_helper.c
-+++ b/target/arm/tcg/pauth_helper.c
-@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
-     return pac | ext | ptr;
- }
--static uint64_t pauth_ptr_mask_internal(ARMVAParameters param)
--{
--    int bot_pac_bit = 64 - param.tsz;
--    int top_pac_bit = 64 - 8 * param.tbi;
--
--    return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
--}
--
- static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
- {
--    uint64_t mask = pauth_ptr_mask_internal(param);
-+    uint64_t mask = pauth_ptr_mask(param);
-     /* Note that bit 55 is used whether or not the regime has 2 ranges. */
-     if (extract64(ptr, 55, 1)) {
-@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
-     }
- }
--uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data)
--{
--    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
--    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
--
--    return pauth_ptr_mask_internal(param);
--}
--
- static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
-                            ARMPACKey *key, bool data, int keynumber)
- {
---
-.34.1

-[PULL 2/4] hw/arm: do not free machine->fdt in arm_load_dtb()
+Deleted patch
-From: Markus Armbruster <armbru@redhat.com>
-At this moment, arm_load_dtb() can free machine->fdt when
-binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be
-retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is
-the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to
-machine->fdt. And, in that case, the existing g_free(fdt) at the end of
-arm_load_dtb() will make machine->fdt point to an invalid memory region.
-Since monitor command 'dumpdtb' was introduced a couple of releases
-ago, running it with any ARM machine that uses arm_load_dtb() will
-crash QEMU.
-Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead
-of freeing 'fdt', assign it back to ms->fdt.
-Cc: Peter Maydell <peter.maydell@linaro.org>
-Cc: qemu-arm@nongnu.org
-Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb")
-Reported-by: Markus Armbruster <armbru@redhat.com>
-Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Signed-off-by: Markus Armbruster <armbru@redhat.com>
-Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Message-id: 20230328165935.1512846-1-armbru@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/arm/boot.c | 5 ++++-
-file changed, 4 insertions(+), 1 deletion(-)
-diff --git a/hw/arm/boot.c b/hw/arm/boot.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/boot.c
-+++ b/hw/arm/boot.c
-@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
-     qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
-                                        rom_ptr_for_as(as, addr, size));
--    g_free(fdt);
-+    if (fdt != ms->fdt) {
-+        g_free(ms->fdt);
-+        ms->fdt = fdt;
-+    }
-     return size;
---
-.34.1

-[PULL 3/4] target/arm: Fix generated code for cpreg reads when HSTR is active
+Deleted patch
-In commit 049edada we added some code to handle HSTR_EL2 traps, which
-we did as an inline "conditionally branch over a
-gen_exception_insn()".  Unfortunately this fails to take account of
-the fact that gen_exception_insn() will set s->base.is_jmp to
-DISAS_NORETURN.  That means that at the end of the TB we won't
-generate the necessary code to handle the "branched over the trap and
-continued normal execution" codepath.  The result is that the TCG
-main loop thinks that we stopped execution of the TB due to a
-situation that only happens when icount is enabled, and hits an
-assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate
-the correct code for when execution continues past this insn.
-Note that this only happens for cpreg reads; writes will call
-gen_lookup_tb() which generates a valid end-of-TB.
-Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org
----
- target/arm/tcg/translate.c | 6 ++++++
-file changed, 6 insertions(+)
-diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/tcg/translate.c
-+++ b/target/arm/tcg/translate.c
-@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
-             tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label);
-             gen_exception_insn(s, 0, EXCP_UDEF, syndrome);
-+            /*
-+             * gen_exception_insn() will set is_jmp to DISAS_NORETURN,
-+             * but since we're conditionally branching over it, we want
-+             * to assume continue-to-next-instruction.
-+             */
-+            s->base.is_jmp = DISAS_NEXT;
-             set_disas_label(s, over);
-         }
-     }
---
-.34.1

-[PULL 4/4] hw/ssi: Fix Linux driver init issue with xilinx_spi
+Deleted patch
-From: Chris Rauer <crauer@google.com>
-The problem is that the Linux driver expects the master transaction inhibit
-bit(R_SPICR_MTI) to be set during driver initialization so that it can
-detect the fifo size but QEMU defaults it to zero out of reset.  The
-datasheet indicates this bit is active on reset.
-See page 25, SPI Control Register section:
-https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf
-Signed-off-by: Chris Rauer <crauer@google.com>
-Message-id: 20230323182811.2641044-1-crauer@google.com
-Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/ssi/xilinx_spi.c | 1 +
-file changed, 1 insertion(+)
-diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/ssi/xilinx_spi.c
-+++ b/hw/ssi/xilinx_spi.c
-@@ -XXX,XX +XXX,XX @@ static void xlx_spi_do_reset(XilinxSPI *s)
-     txfifo_reset(s);
-     s->regs[R_SPISSR] = ~0;
-+    s->regs[R_SPICR] = R_SPICR_MTI;
-     xlx_spi_update_irq(s);
-     xlx_spi_update_cs(s);
- }
---
-.34.1

The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d:

Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403

for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001:

hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100)

----------------------------------------------------------------
 * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
 * hw/arm: do not free machine->fdt in arm_load_dtb()
 * target/arm: Fix generated code for cpreg reads when HSTR is active
 * hw/ssi: Fix Linux driver init issue with xilinx_spi

----------------------------------------------------------------
Chris Rauer (1):
      hw/ssi: Fix Linux driver init issue with xilinx_spi

Markus Armbruster (1):
      hw/arm: do not free machine->fdt in arm_load_dtb()

Peter Maydell (1):
      target/arm: Fix generated code for cpreg reads when HSTR is active

Philippe Mathieu-Daudé (1):
      target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()

From: Philippe Mathieu-Daudé <philmd@linaro.org>

aarch64_gdb_get_pauth_reg() -- although disabled since commit
5787d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to
gdb") is still compiled in. It calls pauth_ptr_mask() which is
located in target/arm/tcg/pauth_helper.c, a TCG specific helper.

To avoid a linking error when TCG is not enabled:

Undefined symbols for architecture arm64:
    "_pauth_ptr_mask", referenced from:
        _aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o
  ld: symbol(s) not found for architecture arm64
  clang: error: linker command failed with exit code 1 (use -v to see invocation)

- Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg()
  (this is the single user),
- Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and
  inline it in "internals.h",

Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension")
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230328212516.29592-1-philmd@linaro.org
[PMM: reinstated doc comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h        | 15 ++++++++++-----
 target/arm/gdbstub64.c        |  7 +++++--
 target/arm/tcg/pauth_helper.c | 18 +-----------------
 3 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ bool arm_generate_debug_exceptions(CPUARMState *env);
 
 /**
  * pauth_ptr_mask:
- * @env: cpu context
- * @ptr: selects between TTBR0 and TTBR1
- * @data: selects between TBI and TBID
+ * @param: parameters defining the MMU setup
  *
- * Return a mask of the bits of @ptr that contain the authentication code.
+ * Return a mask of the address bits that contain the authentication code,
+ * given the MMU config defined by @param.
  */
-uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data);
+static inline uint64_t pauth_ptr_mask(ARMVAParameters param)
+{
+    int bot_pac_bit = 64 - param.tsz;
+    int top_pac_bit = 64 - 8 * param.tbi;
+
+    return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
+}
 
 /* Add the cpreg definitions for debug related system registers */
 void define_debug_regs(ARMCPU *cpu);
diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/gdbstub64.c
+++ b/target/arm/gdbstub64.c
@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
         {
             bool is_data = !(reg & 1);
             bool is_high = reg & 2;
-            uint64_t mask = pauth_ptr_mask(env, -is_high, is_data);
-            return gdb_get_reg64(buf, mask);
+            ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
+            ARMVAParameters param;
+
+            param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
+            return gdb_get_reg64(buf, pauth_ptr_mask(param));
         }
     default:
         return 0;
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
     return pac | ext | ptr;
 }
 
-static uint64_t pauth_ptr_mask_internal(ARMVAParameters param)
-{
-    int bot_pac_bit = 64 - param.tsz;
-    int top_pac_bit = 64 - 8 * param.tbi;
-
-    return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
-}
-
 static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
 {
-    uint64_t mask = pauth_ptr_mask_internal(param);
+    uint64_t mask = pauth_ptr_mask(param);
 
     /* Note that bit 55 is used whether or not the regime has 2 ranges. */
     if (extract64(ptr, 55, 1)) {
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
     }
 }
 
-uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data)
-{
-    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
-    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
-
-    return pauth_ptr_mask_internal(param);
-}
-
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
                            ARMPACKey *key, bool data, int keynumber)
 {
-- 
2.34.1

From: Markus Armbruster <armbru@redhat.com>

At this moment, arm_load_dtb() can free machine->fdt when
binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be
retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is
the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to
machine->fdt. And, in that case, the existing g_free(fdt) at the end of
arm_load_dtb() will make machine->fdt point to an invalid memory region.

Since monitor command 'dumpdtb' was introduced a couple of releases
ago, running it with any ARM machine that uses arm_load_dtb() will
crash QEMU.

Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead
of freeing 'fdt', assign it back to ms->fdt.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb")
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-id: 20230328165935.1512846-1-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
     qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
                                        rom_ptr_for_as(as, addr, size));
 
-    g_free(fdt);
+    if (fdt != ms->fdt) {
+        g_free(ms->fdt);
+        ms->fdt = fdt;
+    }
 
     return size;
 
-- 
2.34.1

In commit 049edada we added some code to handle HSTR_EL2 traps, which
we did as an inline "conditionally branch over a
gen_exception_insn()".  Unfortunately this fails to take account of
the fact that gen_exception_insn() will set s->base.is_jmp to
DISAS_NORETURN.  That means that at the end of the TB we won't
generate the necessary code to handle the "branched over the trap and
continued normal execution" codepath.  The result is that the TCG
main loop thinks that we stopped execution of the TB due to a
situation that only happens when icount is enabled, and hits an
assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate
the correct code for when execution continues past this insn.

Note that this only happens for cpreg reads; writes will call
gen_lookup_tb() which generates a valid end-of-TB.

Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org
---
 target/arm/tcg/translate.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
             tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label);
 
             gen_exception_insn(s, 0, EXCP_UDEF, syndrome);
+            /*
+             * gen_exception_insn() will set is_jmp to DISAS_NORETURN,
+             * but since we're conditionally branching over it, we want
+             * to assume continue-to-next-instruction.
+             */
+            s->base.is_jmp = DISAS_NEXT;
             set_disas_label(s, over);
         }
     }
-- 
2.34.1

From: Chris Rauer <crauer@google.com>

The problem is that the Linux driver expects the master transaction inhibit
bit(R_SPICR_MTI) to be set during driver initialization so that it can
detect the fifo size but QEMU defaults it to zero out of reset.  The
datasheet indicates this bit is active on reset.

See page 25, SPI Control Register section:
https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf

Signed-off-by: Chris Rauer <crauer@google.com>
Message-id: 20230323182811.2641044-1-crauer@google.com
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/xilinx_spi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ssi/xilinx_spi.c
+++ b/hw/ssi/xilinx_spi.c
@@ -XXX,XX +XXX,XX @@ static void xlx_spi_do_reset(XilinxSPI *s)
     txfifo_reset(s);
 
     s->regs[R_SPISSR] = ~0;
+    s->regs[R_SPICR] = R_SPICR_MTI;
     xlx_spi_update_irq(s);
     xlx_spi_update_cs(s);
 }
-- 
2.34.1

v2: drop pvpanic-pci patches.

The following changes since commit f1fcb6851aba6dd9838886dc179717a11e344a1c:

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging (2021-01-19 11:57:07 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210119-1

for you to fetch changes up to b93f4fbdc48283a39089469c44a5529d79dc40a8:

docs: Build and install all the docs in a single manual (2021-01-19 15:45:14 +0000)

----------------------------------------------------------------
target-arm queue:
 * Implement IMPDEF pauth algorithm
 * Support ARMv8.4-SEL2
 * Fix bug where we were truncating predicate vector lengths in SVE insns
 * npcm7xx_adc-test: Fix memleak in adc_qom_set
 * target/arm/m_helper: Silence GCC 10 maybe-uninitialized error
 * docs: Build and install all the docs in a single manual

----------------------------------------------------------------
Gan Qixin (1):
      npcm7xx_adc-test: Fix memleak in adc_qom_set

Peter Maydell (1):
      docs: Build and install all the docs in a single manual

Philippe Mathieu-Daudé (1):
      target/arm/m_helper: Silence GCC 10 maybe-uninitialized error

Richard Henderson (7):
      target/arm: Implement an IMPDEF pauth algorithm
      target/arm: Add cpu properties to control pauth
      target/arm: Use object_property_add_bool for "sve" property
      target/arm: Introduce PREDDESC field definitions
      target/arm: Update PFIRST, PNEXT for pred_desc
      target/arm: Update ZIP, UZP, TRN for pred_desc
      target/arm: Update REV, PUNPK for pred_desc

Rémi Denis-Courmont (19):
      target/arm: remove redundant tests
      target/arm: add arm_is_el2_enabled() helper
      target/arm: use arm_is_el2_enabled() where applicable
      target/arm: use arm_hcr_el2_eff() where applicable
      target/arm: factor MDCR_EL2 common handling
      target/arm: Define isar_feature function to test for presence of SEL2
      target/arm: add 64-bit S-EL2 to EL exception table
      target/arm: add MMU stage 1 for Secure EL2
      target/arm: add ARMv8.4-SEL2 system registers
      target/arm: handle VMID change in secure state
      target/arm: do S1_ptw_translate() before address space lookup
      target/arm: translate NS bit in page-walks
      target/arm: generalize 2-stage page-walk condition
      target/arm: secure stage 2 translation regime
      target/arm: set HPFAR_EL2.NS on secure stage 2 faults
      target/arm: revector to run-time pick target EL
      target/arm: Implement SCR_EL2.EEL2
      target/arm: enable Secure EL2 in max CPU
      target/arm: refactor vae1_tlbmask()