Series comparison

-[PULL 0/2] target-arm queue
+[PULL 0/5] target-arm queue
-This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
+target-arm queue: just bugfixes, mostly mine.
 we were using uninitialized data for the guarded bit when
 combining stage 1 and stage 2 attrs.
 thanks
 -- PMM
-The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
+The following changes since commit 885fc169f09f5915ce037263d20a59eb226d473d:
-  Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
+  Merge tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alistair23/qemu into staging (2023-07-24 11:34:35 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230725
-for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
+for you to fetch changes up to 78cc90346ec680a7f1bb9f138bf7c9654cf526d5:
-  target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
+  tests/decode: Suppress "error: " string for expected-failure tests (2023-07-25 10:56:52 +0100)
 ----------------------------------------------------------------
-target-arm: Fix bug where we weren't initializing
+target-arm queue:
-            guarded bit state when combining S1/S2 attrs
+ * tests/decode: Suppress "error: " string for expected-failure tests
  * ui/curses: For curses display, recognize a few more control keys
  * target/arm: Special case M-profile in debug_helper.c code
  * scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour
  * hw/arm/smmu: Handle big-endian hosts correctly
 ----------------------------------------------------------------
-Richard Henderson (2):
+Peter Maydell (4):
-      target/arm: PTE bit GP only applies to stage1
+      hw/arm/smmu: Handle big-endian hosts correctly
-      target/arm: Copy guarded bit in combine_cacheattrs
+      scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour
       target/arm: Special case M-profile in debug_helper.c code
       tests/decode: Suppress "error: " string for expected-failure tests
- target/arm/ptw.c | 11 ++++++-----
+Sean Estabrooks (1):
-file changed, 6 insertions(+), 5 deletions(-)
+      For curses display, recognize a few more control keys
  ui/curses_keys.h          |  6 ++++++
  hw/arm/smmu-common.c      |  3 +--
  hw/arm/smmuv3.c           | 39 +++++++++++++++++++++++++++++++--------
  target/arm/debug_helper.c | 18 ++++++++++++------
  scripts/decodetree.py     |  6 +++++-
  scripts/git-submodule.sh  |  2 +-
 files changed, 56 insertions(+), 18 deletions(-)

-New patch
+[PULL 1/5] hw/arm/smmu: Handle big-endian hosts correctly
+The implementation of the SMMUv3 has multiple places where it reads a
+data structure from the guest and directly operates on it without
+doing a guest-to-host endianness conversion.  Since all SMMU data
+structures are little-endian, this means that the SMMU doesn't work
+on a big-endian host.  In particular, this causes the Avocado test
+  machine_aarch64_virt.py:Aarch64VirtMachine.test_alpine_virt_tcg_gic_max
+to fail on an s390x host.
+Add appropriate byte-swapping on reads and writes of guest in-memory
+data structures so that the device works correctly on big-endian
+hosts.
+As part of this we constrain queue_read() to operate only on Cmd
+structs and queue_write() on Evt structs, because in practice these
+are the only data structures the two functions are used with, and we
+need to know what the data structure is to be able to byte-swap its
+parts correctly.
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Tested-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Message-id: 20230717132641.764660-1-peter.maydell@linaro.org
+Cc: qemu-stable@nongnu.org
+---
+ hw/arm/smmu-common.c |  3 +--
+ hw/arm/smmuv3.c      | 39 +++++++++++++++++++++++++++++++--------
+files changed, 32 insertions(+), 10 deletions(-)
+diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/smmu-common.c
++++ b/hw/arm/smmu-common.c
+@@ -XXX,XX +XXX,XX @@ static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,
+     dma_addr_t addr = baseaddr + index * sizeof(*pte);
+     /* TODO: guarantee 64-bit single-copy atomicity */
+-    ret = dma_memory_read(&address_space_memory, addr, pte, sizeof(*pte),
+-                          MEMTXATTRS_UNSPECIFIED);
++    ret = ldq_le_dma(&address_space_memory, addr, pte, MEMTXATTRS_UNSPECIFIED);
+     if (ret != MEMTX_OK) {
+         info->type = SMMU_PTW_ERR_WALK_EABT;
+diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/arm/smmuv3.c
++++ b/hw/arm/smmuv3.c
+@@ -XXX,XX +XXX,XX @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
+     trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn);
+ }
+-static inline MemTxResult queue_read(SMMUQueue *q, void *data)
++static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd)
+ {
+     dma_addr_t addr = Q_CONS_ENTRY(q);
++    MemTxResult ret;
++    int i;
+-    return dma_memory_read(&address_space_memory, addr, data, q->entry_size,
+-                           MEMTXATTRS_UNSPECIFIED);
++    ret = dma_memory_read(&address_space_memory, addr, cmd, sizeof(Cmd),
++                          MEMTXATTRS_UNSPECIFIED);
++    if (ret != MEMTX_OK) {
++        return ret;
++    }
++    for (i = 0; i < ARRAY_SIZE(cmd->word); i++) {
++        le32_to_cpus(&cmd->word[i]);
++    }
++    return ret;
+ }
+-static MemTxResult queue_write(SMMUQueue *q, void *data)
++static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in)
+ {
+     dma_addr_t addr = Q_PROD_ENTRY(q);
+     MemTxResult ret;
++    Evt evt = *evt_in;
++    int i;
+-    ret = dma_memory_write(&address_space_memory, addr, data, q->entry_size,
++    for (i = 0; i < ARRAY_SIZE(evt.word); i++) {
++        cpu_to_le32s(&evt.word[i]);
++    }
++    ret = dma_memory_write(&address_space_memory, addr, &evt, sizeof(Evt),
+                            MEMTXATTRS_UNSPECIFIED);
+     if (ret != MEMTX_OK) {
+         return ret;
+@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)
+ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
+                         SMMUEventInfo *event)
+ {
+-    int ret;
++    int ret, i;
+     trace_smmuv3_get_ste(addr);
+     /* TODO: guarantee 64-bit single-copy atomicity */
+@@ -XXX,XX +XXX,XX @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
+         event->u.f_ste_fetch.addr = addr;
+         return -EINVAL;
+     }
++    for (i = 0; i < ARRAY_SIZE(buf->word); i++) {
++        le32_to_cpus(&buf->word[i]);
++    }
+     return 0;
+ }
+@@ -XXX,XX +XXX,XX @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
+                        CD *buf, SMMUEventInfo *event)
+ {
+     dma_addr_t addr = STE_CTXPTR(ste);
+-    int ret;
++    int ret, i;
+     trace_smmuv3_get_cd(addr);
+     /* TODO: guarantee 64-bit single-copy atomicity */
+@@ -XXX,XX +XXX,XX @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
+         event->u.f_ste_fetch.addr = addr;
+         return -EINVAL;
+     }
++    for (i = 0; i < ARRAY_SIZE(buf->word); i++) {
++        le32_to_cpus(&buf->word[i]);
++    }
+     return 0;
+ }
+@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
+         return -EINVAL;
+     }
+     if (s->features & SMMU_FEATURE_2LVL_STE) {
+-        int l1_ste_offset, l2_ste_offset, max_l2_ste, span;
++        int l1_ste_offset, l2_ste_offset, max_l2_ste, span, i;
+         dma_addr_t l1ptr, l2ptr;
+         STEDesc l1std;
+@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
+             event->u.f_ste_fetch.addr = l1ptr;
+             return -EINVAL;
+         }
++        for (i = 0; i < ARRAY_SIZE(l1std.word); i++) {
++            le32_to_cpus(&l1std.word[i]);
++        }
+         span = L1STD_SPAN(&l1std);
+--
+.34.1

-New patch
+[PULL 2/5] scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour
+The POSIX definition of the 'read' utility requires that you
+specify the variable name to set; omitting the name and
+having it default to 'REPLY' is a bashism. If your system
+sh is dash, then it will print an error message during build:
+qemu/pc-bios/s390-ccw/../../scripts/git-submodule.sh: 106: read: arg count
+Specify the variable name explicitly.
+Fixes: fdb8fd8cb915647b ("git-submodule: allow partial update of .git-submodule-status")
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-id: 20230720153038.1587196-1-peter.maydell@linaro.org
+---
+ scripts/git-submodule.sh | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
+index XXXXXXX..XXXXXXX 100755
+--- a/scripts/git-submodule.sh
++++ b/scripts/git-submodule.sh
+@@ -XXX,XX +XXX,XX @@ update)
+         check_updated $module || echo Updated "$module"
+     done
+-    (while read -r; do
++    (while read -r REPLY; do
+         for module in $modules; do
+             case $REPLY in
+                 *" $module "*) continue 2 ;;
+--
+.34.1

-[PULL 1/2] target/arm: PTE bit GP only applies to stage1
+[PULL 3/5] target/arm: Special case M-profile in debug_helper.c code
-From: Richard Henderson <richard.henderson@linaro.org>
+A lot of the code called from helper_exception_bkpt_insn() is written
 assuming A-profile, but we will also call this helper on M-profile
 CPUs when they execute a BKPT insn.  This used to work by accident,
 but recent changes mean that we will hit an assert when some of this
 code calls down into lower level functions that end up calling
 arm_security_space_below_el3(), arm_el_is_aa64(), and other functions
 that now explicitly assert that the guest CPU is not M-profile.
-Only perform the extract of GP during the stage1 walk.
+Handle M-profile directly to avoid the assertions:
  * in arm_debug_target_el(), M-profile debug exceptions always
    go to EL1
  * in arm_debug_exception_fsr(), M-profile always uses the short
    format FSR (compare commit d7fe699be54b2, though in this case
    the code in arm_v7m_cpu_do_interrupt() does not need to
    look at the FSR value at all)
-Reported-by: Peter Maydell <peter.maydell@linaro.org>
+Cc: qemu-stable@nongnu.org
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1775
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20230721143239.1753066-1-peter.maydell@linaro.org
 ---
- target/arm/ptw.c | 10 +++++-----
+ target/arm/debug_helper.c | 18 ++++++++++++------
-file changed, 5 insertions(+), 5 deletions(-)
+file changed, 12 insertions(+), 6 deletions(-)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
+diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
+--- a/target/arm/debug_helper.c
-+++ b/target/arm/ptw.c
++++ b/target/arm/debug_helper.c
-@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
+@@ -XXX,XX +XXX,XX @@ static int arm_debug_target_el(CPUARMState *env)
-         result->f.attrs.secure = false;
+     bool secure = arm_is_secure(env);
      bool route_to_el2 = false;
 +    if (arm_feature(env, ARM_FEATURE_M)) {
 +        return 1;
 +    }
 +
      if (arm_is_el2_enabled(env)) {
          route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
                         env->cp15.mdcr_el2 & MDCR_TDE;
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_debug_exception_fsr(CPUARMState *env)
  {
      ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
      int target_el = arm_debug_target_el(env);
 -    bool using_lpae = false;
 +    bool using_lpae;
 -    if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
 +    if (arm_feature(env, ARM_FEATURE_M)) {
 +        using_lpae = false;
 +    } else if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
          using_lpae = true;
      } else if (arm_feature(env, ARM_FEATURE_PMSA) &&
                 arm_feature(env, ARM_FEATURE_V8)) {
          using_lpae = true;
 +    } else if (arm_feature(env, ARM_FEATURE_LPAE) &&
 +               (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
 +        using_lpae = true;
      } else {
 -        if (arm_feature(env, ARM_FEATURE_LPAE) &&
 -            (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
 -            using_lpae = true;
 -        }
 +        using_lpae = false;
      }
--    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
+     if (using_lpae) {
 -    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
 -        result->f.guarded = extract64(attrs, 50, 1); /* GP */
 -    }
 -
      if (regime_is_stage2(mmu_idx)) {
          result->cacheattrs.is_s2_format = true;
          result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
          assert(attrindx <= 7);
          result->cacheattrs.is_s2_format = false;
          result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
 +
 +        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
 +        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
 +            result->f.guarded = extract64(attrs, 50, 1); /* GP */
 +        }
      }
      /*
 --
 .34.1

-[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
+[PULL 4/5] For curses display, recognize a few more control keys
-From: Richard Henderson <richard.henderson@linaro.org>
+From: Sean Estabrooks <sean.estabrooks@gmail.com>
-The guarded bit comes from the stage1 walk.
+The curses display handles most control-X keys, and translates
 them into their corresponding keycode.  Here we recognize
 a few that are missing, Ctrl-@ (null), Ctrl-\ (backslash),
 Ctrl-] (right bracket), Ctrl-^ (caret), Ctrl-_ (underscore).
-Fixes: Coverity CID 1507929
+Signed-off-by: Sean Estabrooks <sean.estabrooks@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: CAHyVn3Bh9CRgDuOmf7G7Ngwamu8d4cVozAcB2i4ymnnggBXNmg@mail.gmail.com
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/ptw.c | 1 +
+ ui/curses_keys.h | 6 ++++++
-file changed, 1 insertion(+)
+file changed, 6 insertions(+)
-diff --git a/target/arm/ptw.c b/target/arm/ptw.c
+diff --git a/ui/curses_keys.h b/ui/curses_keys.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/ptw.c
+--- a/ui/curses_keys.h
-+++ b/target/arm/ptw.c
++++ b/ui/curses_keys.h
-@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
+@@ -XXX,XX +XXX,XX @@ static const int _curses2keycode[CURSES_CHARS] = {
+     ['N' - '@'] = 49 | CNTRL, /* Control + n */
-     assert(!s1.is_s2_format);
+     /* Control + m collides with the keycode for Enter */
-     ret.is_s2_format = false;
-+    ret.guarded = s1.guarded;
++    ['@' - '@']  =  3 | CNTRL, /* Control + @ */
++    /* Control + [ collides with the keycode for Escape */
-     if (s1.attrs == 0xf0) {
++    ['\\' - '@'] = 43 | CNTRL, /* Control + Backslash */
-         tagged = true;
++    [']' - '@']  = 27 | CNTRL, /* Control + ] */
 +    ['^' - '@']  =  7 | CNTRL, /* Control + ^ */
 +    ['_' - '@']  = 12 | CNTRL, /* Control + Underscore */
  };
  static const int _curseskey2keycode[CURSES_KEYS] = {
 --
 .34.1

-New patch
+[PULL 5/5] tests/decode: Suppress "error: " string for expected-failure tests
+The "expected failure" tests for decodetree result in the
+error messages from decodetree ending up in logs and in
+V=1 output:
+>>> MALLOC_PERTURB_=226 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/pyvenv/bin/python3 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/scripts/decodetree.py --output-null --test-for-error /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode
+――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― ✀  ――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
+/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode:5: error: duplicate argument "a"
+―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
+/44 qemu:decodetree / err_argset1                OK              0.05s
+This then produces false positives when scanning the
+logfiles for strings like "error: ".
+For the expected-failure tests, make decodetree print
+"detected:" instead of "error:".
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20230720131521.1325905-1-peter.maydell@linaro.org
+---
+ scripts/decodetree.py | 6 +++++-
+file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/scripts/decodetree.py b/scripts/decodetree.py
+index XXXXXXX..XXXXXXX 100644
+--- a/scripts/decodetree.py
++++ b/scripts/decodetree.py
+@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):
+     global output_file
+     global output_fd
++    # For the test suite expected-errors case, don't print the
++    # string "error: ", so they don't turn up as false positives
++    # if you grep the meson logs for strings like that.
++    end = 'error: ' if not testforerror else 'detected: '
+     prefix = ''
+     if file:
+         prefix += f'{file}:'
+@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):
+         prefix += f'{lineno}:'
+     if prefix:
+         prefix += ' '
+-    print(prefix, end='error: ', file=sys.stderr)
++    print(prefix, end=end, file=sys.stderr)
+     print(*args, file=sys.stderr)
+     if output_file and output_fd:
+--
+.34.1

This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
we were using uninitialized data for the guarded bit when
combining stage 1 and stage 2 attrs.

thanks
-- PMM

The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:

Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410

for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:

target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)

----------------------------------------------------------------
target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

----------------------------------------------------------------
Richard Henderson (2):
      target/arm: PTE bit GP only applies to stage1
      target/arm: Copy guarded bit in combine_cacheattrs

target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1

target-arm queue: just bugfixes, mostly mine.

thanks
-- PMM

The following changes since commit 885fc169f09f5915ce037263d20a59eb226d473d:

Merge tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alistair23/qemu into staging (2023-07-24 11:34:35 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230725

for you to fetch changes up to 78cc90346ec680a7f1bb9f138bf7c9654cf526d5:

tests/decode: Suppress "error: " string for expected-failure tests (2023-07-25 10:56:52 +0100)

----------------------------------------------------------------
target-arm queue:
 * tests/decode: Suppress "error: " string for expected-failure tests
 * ui/curses: For curses display, recognize a few more control keys
 * target/arm: Special case M-profile in debug_helper.c code
 * scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour
 * hw/arm/smmu: Handle big-endian hosts correctly

----------------------------------------------------------------
Peter Maydell (4):
      hw/arm/smmu: Handle big-endian hosts correctly
      scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour
      target/arm: Special case M-profile in debug_helper.c code
      tests/decode: Suppress "error: " string for expected-failure tests

Sean Estabrooks (1):
      For curses display, recognize a few more control keys

The implementation of the SMMUv3 has multiple places where it reads a
data structure from the guest and directly operates on it without
doing a guest-to-host endianness conversion.  Since all SMMU data
structures are little-endian, this means that the SMMU doesn't work
on a big-endian host.  In particular, this causes the Avocado test
  machine_aarch64_virt.py:Aarch64VirtMachine.test_alpine_virt_tcg_gic_max
to fail on an s390x host.

Add appropriate byte-swapping on reads and writes of guest in-memory
data structures so that the device works correctly on big-endian
hosts.

As part of this we constrain queue_read() to operate only on Cmd
structs and queue_write() on Evt structs, because in practice these
are the only data structures the two functions are used with, and we
need to know what the data structure is to be able to byte-swap its
parts correctly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20230717132641.764660-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
---
 hw/arm/smmu-common.c |  3 +--
 hw/arm/smmuv3.c      | 39 +++++++++++++++++++++++++++++++--------
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -XXX,XX +XXX,XX @@ static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,
     dma_addr_t addr = baseaddr + index * sizeof(*pte);
 
     /* TODO: guarantee 64-bit single-copy atomicity */
-    ret = dma_memory_read(&address_space_memory, addr, pte, sizeof(*pte),
-                          MEMTXATTRS_UNSPECIFIED);
+    ret = ldq_le_dma(&address_space_memory, addr, pte, MEMTXATTRS_UNSPECIFIED);
 
     if (ret != MEMTX_OK) {
         info->type = SMMU_PTW_ERR_WALK_EABT;
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -XXX,XX +XXX,XX @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
     trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn);
 }
 
-static inline MemTxResult queue_read(SMMUQueue *q, void *data)
+static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd)
 {
     dma_addr_t addr = Q_CONS_ENTRY(q);
+    MemTxResult ret;
+    int i;
 
-    return dma_memory_read(&address_space_memory, addr, data, q->entry_size,
-                           MEMTXATTRS_UNSPECIFIED);
+    ret = dma_memory_read(&address_space_memory, addr, cmd, sizeof(Cmd),
+                          MEMTXATTRS_UNSPECIFIED);
+    if (ret != MEMTX_OK) {
+        return ret;
+    }
+    for (i = 0; i < ARRAY_SIZE(cmd->word); i++) {
+        le32_to_cpus(&cmd->word[i]);
+    }
+    return ret;
 }
 
-static MemTxResult queue_write(SMMUQueue *q, void *data)
+static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in)
 {
     dma_addr_t addr = Q_PROD_ENTRY(q);
     MemTxResult ret;
+    Evt evt = *evt_in;
+    int i;
 
-    ret = dma_memory_write(&address_space_memory, addr, data, q->entry_size,
+    for (i = 0; i < ARRAY_SIZE(evt.word); i++) {
+        cpu_to_le32s(&evt.word[i]);
+    }
+    ret = dma_memory_write(&address_space_memory, addr, &evt, sizeof(Evt),
                            MEMTXATTRS_UNSPECIFIED);
     if (ret != MEMTX_OK) {
         return ret;
@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)
 static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
                         SMMUEventInfo *event)
 {
-    int ret;
+    int ret, i;
 
     trace_smmuv3_get_ste(addr);
     /* TODO: guarantee 64-bit single-copy atomicity */
@@ -XXX,XX +XXX,XX @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
         event->u.f_ste_fetch.addr = addr;
         return -EINVAL;
     }
+    for (i = 0; i < ARRAY_SIZE(buf->word); i++) {
+        le32_to_cpus(&buf->word[i]);
+    }
     return 0;
 
 }
@@ -XXX,XX +XXX,XX @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
                        CD *buf, SMMUEventInfo *event)
 {
     dma_addr_t addr = STE_CTXPTR(ste);
-    int ret;
+    int ret, i;
 
     trace_smmuv3_get_cd(addr);
     /* TODO: guarantee 64-bit single-copy atomicity */
@@ -XXX,XX +XXX,XX @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
         event->u.f_ste_fetch.addr = addr;
         return -EINVAL;
     }
+    for (i = 0; i < ARRAY_SIZE(buf->word); i++) {
+        le32_to_cpus(&buf->word[i]);
+    }
     return 0;
 }
 
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
         return -EINVAL;
     }
     if (s->features & SMMU_FEATURE_2LVL_STE) {
-        int l1_ste_offset, l2_ste_offset, max_l2_ste, span;
+        int l1_ste_offset, l2_ste_offset, max_l2_ste, span, i;
         dma_addr_t l1ptr, l2ptr;
         STEDesc l1std;
 
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
             event->u.f_ste_fetch.addr = l1ptr;
             return -EINVAL;
         }
+        for (i = 0; i < ARRAY_SIZE(l1std.word); i++) {
+            le32_to_cpus(&l1std.word[i]);
+        }
 
         span = L1STD_SPAN(&l1std);
 
-- 
2.34.1

The POSIX definition of the 'read' utility requires that you
specify the variable name to set; omitting the name and
having it default to 'REPLY' is a bashism. If your system
sh is dash, then it will print an error message during build:

qemu/pc-bios/s390-ccw/../../scripts/git-submodule.sh: 106: read: arg count

Specify the variable name explicitly.

Fixes: fdb8fd8cb915647b ("git-submodule: allow partial update of .git-submodule-status")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230720153038.1587196-1-peter.maydell@linaro.org
---
 scripts/git-submodule.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index XXXXXXX..XXXXXXX 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -XXX,XX +XXX,XX @@ update)
         check_updated $module || echo Updated "$module"
     done
 
-    (while read -r; do
+    (while read -r REPLY; do
         for module in $modules; do
             case $REPLY in
                 *" $module "*) continue 2 ;;
-- 
2.34.1

A lot of the code called from helper_exception_bkpt_insn() is written
assuming A-profile, but we will also call this helper on M-profile
CPUs when they execute a BKPT insn.  This used to work by accident,
but recent changes mean that we will hit an assert when some of this
code calls down into lower level functions that end up calling
arm_security_space_below_el3(), arm_el_is_aa64(), and other functions
that now explicitly assert that the guest CPU is not M-profile.

Handle M-profile directly to avoid the assertions:
 * in arm_debug_target_el(), M-profile debug exceptions always
   go to EL1
 * in arm_debug_exception_fsr(), M-profile always uses the short
   format FSR (compare commit d7fe699be54b2, though in this case
   the code in arm_v7m_cpu_do_interrupt() does not need to
   look at the FSR value at all)

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1775
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230721143239.1753066-1-peter.maydell@linaro.org
---
 target/arm/debug_helper.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -XXX,XX +XXX,XX @@ static int arm_debug_target_el(CPUARMState *env)
     bool secure = arm_is_secure(env);
     bool route_to_el2 = false;
 
+    if (arm_feature(env, ARM_FEATURE_M)) {
+        return 1;
+    }
+
     if (arm_is_el2_enabled(env)) {
         route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
                        env->cp15.mdcr_el2 & MDCR_TDE;
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_debug_exception_fsr(CPUARMState *env)
 {
     ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
     int target_el = arm_debug_target_el(env);
-    bool using_lpae = false;
+    bool using_lpae;
 
-    if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
+    if (arm_feature(env, ARM_FEATURE_M)) {
+        using_lpae = false;
+    } else if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
         using_lpae = true;
     } else if (arm_feature(env, ARM_FEATURE_PMSA) &&
                arm_feature(env, ARM_FEATURE_V8)) {
         using_lpae = true;
+    } else if (arm_feature(env, ARM_FEATURE_LPAE) &&
+               (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
+        using_lpae = true;
     } else {
-        if (arm_feature(env, ARM_FEATURE_LPAE) &&
-            (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
-            using_lpae = true;
-        }
+        using_lpae = false;
     }
 
     if (using_lpae) {
-- 
2.34.1

From: Sean Estabrooks <sean.estabrooks@gmail.com>

The curses display handles most control-X keys, and translates
them into their corresponding keycode.  Here we recognize
a few that are missing, Ctrl-@ (null), Ctrl-\ (backslash),
Ctrl-] (right bracket), Ctrl-^ (caret), Ctrl-_ (underscore).

Signed-off-by: Sean Estabrooks <sean.estabrooks@gmail.com>
Message-id: CAHyVn3Bh9CRgDuOmf7G7Ngwamu8d4cVozAcB2i4ymnnggBXNmg@mail.gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 ui/curses_keys.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ui/curses_keys.h b/ui/curses_keys.h
index XXXXXXX..XXXXXXX 100644
--- a/ui/curses_keys.h
+++ b/ui/curses_keys.h
@@ -XXX,XX +XXX,XX @@ static const int _curses2keycode[CURSES_CHARS] = {
     ['N' - '@'] = 49 | CNTRL, /* Control + n */
     /* Control + m collides with the keycode for Enter */
 
+    ['@' - '@']  =  3 | CNTRL, /* Control + @ */
+    /* Control + [ collides with the keycode for Escape */
+    ['\\' - '@'] = 43 | CNTRL, /* Control + Backslash */
+    [']' - '@']  = 27 | CNTRL, /* Control + ] */
+    ['^' - '@']  =  7 | CNTRL, /* Control + ^ */
+    ['_' - '@']  = 12 | CNTRL, /* Control + Underscore */
 };
 
 static const int _curseskey2keycode[CURSES_KEYS] = {
-- 
2.34.1

The "expected failure" tests for decodetree result in the
error messages from decodetree ending up in logs and in
V=1 output:

>>> MALLOC_PERTURB_=226 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/pyvenv/bin/python3 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/scripts/decodetree.py --output-null --test-for-error /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― ✀  ――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode:5: error: duplicate argument "a"
―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
 1/44 qemu:decodetree / err_argset1                OK              0.05s

This then produces false positives when scanning the
logfiles for strings like "error: ".

For the expected-failure tests, make decodetree print
"detected:" instead of "error:".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230720131521.1325905-1-peter.maydell@linaro.org
---
 scripts/decodetree.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/decodetree.py b/scripts/decodetree.py
index XXXXXXX..XXXXXXX 100644
--- a/scripts/decodetree.py
+++ b/scripts/decodetree.py
@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):
     global output_file
     global output_fd
 
+    # For the test suite expected-errors case, don't print the
+    # string "error: ", so they don't turn up as false positives
+    # if you grep the meson logs for strings like that.
+    end = 'error: ' if not testforerror else 'detected: '
     prefix = ''
     if file:
         prefix += f'{file}:'
@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):
         prefix += f'{lineno}:'
     if prefix:
         prefix += ' '
-    print(prefix, end='error: ', file=sys.stderr)
+    print(prefix, end=end, file=sys.stderr)
     print(*args, file=sys.stderr)
 
     if output_file and output_fd:
-- 
2.34.1