The following changes since commit 5767815218efd3cbfd409505ed824d5f356044ae:

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-02-14 15:45:52 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240215

for you to fetch changes up to f780e63fe731b058fe52d43653600d8729a1b5f2:

docs: Add documentation for the mps3-an536 board (2024-02-15 14:32:39 +0000)

* hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC

* linux-user/aarch64: Choose SYNC as the preferred MTE mode

* Fix some errors in SVE/SME handling of MTE tags

* hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses

* hw/block/tc58128: Don't emit deprecation warning under qtest

* tests/qtest: Fix handling of npcm7xx and GMAC tests

* hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ

* tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend

* Don't assert on vmload/vmsave of M-profile CPUs

* hw/arm/smmuv3: add support for stage 1 access fault

* hw/arm/stellaris: QOM cleanups

* Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs

* Improve Cortex_R52 IMPDEF sysreg modelling

* Allow access to SPSR_hyp from hyp mode

* New board model mps3-an536 (Cortex-R52)

Luc Michel (1):

hw/arm/smmuv3: add support for stage 1 access fault

Nabih Estefan (1):

tests/qtest: Fix GMAC test to run on a machine in upstream QEMU

Peter Maydell (22):

hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses

hw/block/tc58128: Don't emit deprecation warning under qtest

tests/qtest/meson.build: Don't include qtests_npcm7xx in qtests_aarch64

tests/qtest/bios-tables-test: Allow changes to virt GTDT

hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ

tests/qtest/bios-tables-tests: Update virt golden reference

hw/arm/npcm7xx: Call qemu_configure_nic_device() for GMAC modules

tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend

target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU

target/arm: Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs

target/arm: The Cortex-R52 has a read-only CBAR

target/arm: Add Cortex-R52 IMPDEF sysregs

target/arm: Allow access to SPSR_hyp from hyp mode

hw/misc/mps2-scc: Fix condition for CFG3 register

hw/misc/mps2-scc: Factor out which-board conditionals

hw/misc/mps2-scc: Make changes needed for AN536 FPGA image

hw/arm/mps3r: Initial skeleton for mps3-an536 board

hw/arm/mps3r: Add CPUs, GIC, and per-CPU RAM

hw/arm/mps3r: Add UARTs

hw/arm/mps3r: Add GPIO, watchdog, dual-timer, I2C devices

hw/arm/mps3r: Add remaining devices

docs: Add documentation for the mps3-an536 board

Philippe Mathieu-Daudé (5):

hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC

hw/arm/stellaris: Convert ADC controller to Resettable interface

hw/arm/stellaris: Convert I2C controller to Resettable interface

hw/arm/stellaris: Add missing QOM 'machine' parent

hw/arm/stellaris: Add missing QOM 'SoC' parent

Richard Henderson (6):

linux-user/aarch64: Choose SYNC as the preferred MTE mode

target/arm: Fix nregs computation in do_{ld,st}_zpa

target/arm: Adjust and validate mtedesc sizem1

target/arm: Split out make_svemte_desc

target/arm: Handle mte in do_ldrq, do_ldro

target/arm: Fix SVE/SME gross MTE suppression checks

MAINTAINERS | 3 +-

docs/system/arm/mps2.rst | 37 +-

configs/devices/arm-softmmu/default.mak | 1 +

hw/arm/smmuv3-internal.h | 1 +

include/hw/arm/smmu-common.h | 1 +

include/hw/arm/virt.h | 2 +

include/hw/misc/mps2-scc.h | 1 +

linux-user/aarch64/target_prctl.h | 29 +-

target/arm/internals.h | 2 +-

target/arm/tcg/translate-a64.h | 2 +

hw/arm/mps3r.c | 640 ++++++++++++++++++++++++++++++++

hw/arm/npcm7xx.c | 1 +

hw/arm/smmu-common.c | 11 +

hw/arm/smmuv3.c | 1 +

hw/arm/stellaris.c | 47 ++-

hw/arm/virt-acpi-build.c | 20 +-

hw/arm/virt.c | 60 ++-

hw/arm/xilinx_zynq.c | 2 +

hw/block/tc58128.c | 4 +-

hw/misc/mps2-scc.c | 138 ++++++-

hw/pci-host/raven.c | 1 +

target/arm/helper.c | 14 +-

target/arm/tcg/cpu32.c | 109 ++++++

target/arm/tcg/op_helper.c | 43 ++-

target/arm/tcg/sme_helper.c | 8 +-

target/arm/tcg/sve_helper.c | 12 +-

target/arm/tcg/translate-sme.c | 15 +-

target/arm/tcg/translate-sve.c | 83 +++--

target/arm/tcg/translate.c | 19 +-

tests/qtest/npcm7xx_emc-test.c | 5 +-

tests/qtest/npcm_gmac-test.c | 84 +----

hw/arm/Kconfig | 5 +

hw/arm/meson.build | 1 +

tests/data/acpi/virt/FACP | Bin 276 -> 276 bytes

tests/data/acpi/virt/GTDT | Bin 96 -> 104 bytes

tests/qtest/meson.build | 4 +-

36 files changed, 1184 insertions(+), 222 deletions(-)

create mode 100644 hw/arm/mps3r.c

From: Philippe Mathieu-Daudé <philmd@linaro.org>

QDev objects created with qdev_new() need to manually add

their parent relationship with object_property_add_child().

Since we don't model the SoC, just use a QOM container.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Message-id: 20240213155214.13619-5-philmd@linaro.org

hw/arm/stellaris.c | 11 ++++++++++-

1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c

--- a/hw/arm/stellaris.c

+++ b/hw/arm/stellaris.c

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

* 400fe000 system control

*/

+ Object *soc_container;

DeviceState *gpio_dev[7], *nvic;

qemu_irq gpio_in[7][8];

qemu_irq gpio_out[7][8];

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

flash_size = (((board->dc0 & 0xffff) + 1) << 1) * 1024;

sram_size = ((board->dc0 >> 18) + 1) * 1024;

+ soc_container = object_new("container");

+ object_property_add_child(OBJECT(ms), "soc", soc_container);

+

/* Flash programming is done via the SCU, so pretend it is ROM. */

memory_region_init_rom(flash, NULL, "stellaris.flash", flash_size,

&error_fatal);

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

* need its sysclk output.

*/

ssys_dev = qdev_new(TYPE_STELLARIS_SYS);

+ object_property_add_child(soc_container, "sys", OBJECT(ssys_dev));

/*

* Most devices come preprogrammed with a MAC address in the user data.

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

sysbus_realize_and_unref(SYS_BUS_DEVICE(ssys_dev), &error_fatal);

nvic = qdev_new(TYPE_ARMV7M);

+ object_property_add_child(soc_container, "v7m", OBJECT(nvic));

qdev_prop_set_uint32(nvic, "num-irq", NUM_IRQ_LINES);

qdev_prop_set_uint8(nvic, "num-prio-bits", NUM_PRIO_BITS);

qdev_prop_set_string(nvic, "cpu-type", ms->cpu_type);

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

dev = qdev_new(TYPE_STELLARIS_GPTM);

sbd = SYS_BUS_DEVICE(dev);

+ object_property_add_child(soc_container, "gptm[*]", OBJECT(dev));

qdev_connect_clock_in(dev, "clk",

qdev_get_clock_out(ssys_dev, "SYSCLK"));

sysbus_realize_and_unref(sbd, &error_fatal);

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

if (board->dc1 & (1 << 3)) { /* watchdog present */

dev = qdev_new(TYPE_LUMINARY_WATCHDOG);

-

+ object_property_add_child(soc_container, "wdg", OBJECT(dev));

qdev_connect_clock_in(dev, "WDOGCLK",

qdev_get_clock_out(ssys_dev, "SYSCLK"));

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

SysBusDevice *sbd;

dev = qdev_new("pl011_luminary");

+ object_property_add_child(soc_container, "uart[*]", OBJECT(dev));

sbd = SYS_BUS_DEVICE(dev);

qdev_prop_set_chr(dev, "chardev", serial_hd(i));

sysbus_realize_and_unref(sbd, &error_fatal);

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

DeviceState *enet;

enet = qdev_new("stellaris_enet");

+ object_property_add_child(soc_container, "enet", OBJECT(enet));

if (nd) {

qdev_set_nic_properties(enet, nd);

} else {

2.34.1

Add the GPIO, watchdog, dual-timer and I2C devices to the mps3-an536

board. These are all simple devices that just need to be created and

wired up.

hw/arm/mps3r.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 59 insertions(+)

diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c

--- a/hw/arm/mps3r.c

+++ b/hw/arm/mps3r.c

@@ -XXX,XX +XXX,XX @@

#include "sysemu/sysemu.h"

#include "hw/boards.h"

#include "hw/or-irq.h"

+#include "hw/qdev-clock.h"

#include "hw/qdev-properties.h"

#include "hw/arm/boot.h"

#include "hw/arm/bsa.h"

#include "hw/char/cmsdk-apb-uart.h"

+#include "hw/i2c/arm_sbcon_i2c.h"

#include "hw/intc/arm_gicv3.h"

+#include "hw/misc/unimp.h"

+#include "hw/timer/cmsdk-apb-dualtimer.h"

+#include "hw/watchdog/cmsdk-apb-watchdog.h"

/* Define the layout of RAM and ROM in a board */

typedef struct RAMInfo {

@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {

CMSDKAPBUART uart[MPS3R_CPU_MAX + MPS3R_UART_MAX];

OrIRQState cpu_uart_oflow[MPS3R_CPU_MAX];

OrIRQState uart_oflow;

+ CMSDKAPBWatchdog watchdog;

+ CMSDKAPBDualTimer dualtimer;

+ ArmSbconI2CState i2c[5];

+ Clock *clk;

};

#define TYPE_MPS3R_MACHINE "mps3r"

@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)

MemoryRegion *sysmem = get_system_memory();

DeviceState *gicdev;

+ mms->clk = clock_new(OBJECT(machine), "CLK");

+ clock_set_hz(mms->clk, CLK_FRQ);

+

for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {

MemoryRegion *mr = mr_for_raminfo(mms, ri);

memory_region_add_subregion(sysmem, ri->base, mr);

@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)

qdev_get_gpio_in(gicdev, combirq));

+ for (int i = 0; i < 4; i++) {

+ /* CMSDK GPIO controllers */

+ g_autofree char *s = g_strdup_printf("gpio%d", i);

+ create_unimplemented_device(s, 0xe0000000 + i * 0x1000, 0x1000);

+ }

+

+ object_initialize_child(OBJECT(mms), "watchdog", &mms->watchdog,

+ TYPE_CMSDK_APB_WATCHDOG);

+ qdev_connect_clock_in(DEVICE(&mms->watchdog), "WDOGCLK", mms->clk);

+ sysbus_realize(SYS_BUS_DEVICE(&mms->watchdog), &error_fatal);

+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->watchdog), 0,

+ qdev_get_gpio_in(gicdev, 0));

+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->watchdog), 0, 0xe0100000);

+

+ object_initialize_child(OBJECT(mms), "dualtimer", &mms->dualtimer,

+ TYPE_CMSDK_APB_DUALTIMER);

+ qdev_connect_clock_in(DEVICE(&mms->dualtimer), "TIMCLK", mms->clk);

+ sysbus_realize(SYS_BUS_DEVICE(&mms->dualtimer), &error_fatal);

+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 0,

+ qdev_get_gpio_in(gicdev, 3));

+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 1,

+ qdev_get_gpio_in(gicdev, 1));

+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 2,

+ qdev_get_gpio_in(gicdev, 2));

+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->dualtimer), 0, 0xe0101000);

+

+ for (int i = 0; i < ARRAY_SIZE(mms->i2c); i++) {

+ static const hwaddr i2cbase[] = {0xe0102000, /* Touch */

+ 0xe0103000, /* Audio */

+ 0xe0107000, /* Shield0 */

+ 0xe0108000, /* Shield1 */

+ 0xe0109000}; /* DDR4 EEPROM */

+ g_autofree char *s = g_strdup_printf("i2c%d", i);

+

+ object_initialize_child(OBJECT(mms), s, &mms->i2c[i],

+ TYPE_ARM_SBCON_I2C);

+ sysbus_realize(SYS_BUS_DEVICE(&mms->i2c[i]), &error_fatal);

+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->i2c[i]), 0, i2cbase[i]);

+ if (i != 2 && i != 3) {

+ /*

+ * internal-only bus: mark it full to avoid user-created

+ * i2c devices being plugged into it.

+ */

+ qbus_mark_full(qdev_get_child_bus(DEVICE(&mms->i2c[i]), "i2c"));

+ }

+ }

+

mms->bootinfo.ram_size = machine->ram_size;

mms->bootinfo.board_id = -1;

mms->bootinfo.loader_start = mmc->loader_start;

2.34.1

The AN536 is another FPGA image for the MPS3 development board. Unlike

the existing FPGA images we already model, this board uses a Cortex-R

family CPU, and it does not use any equivalent to the M-profile

"Subsystem for Embedded" SoC-equivalent that we model in hw/arm/armsse.c.

It's therefore more convenient for us to model it as a completely

separate C file.

This commit adds the basic skeleton of the board model, and the

code to create all the RAM and ROM. We assume that we're probably

going to want to add more images in future, so use the same

base class/subclass setup that mps2-tz.c uses, even though at

the moment there's only a single subclass.

Following commits will add the CPUs and the peripherals.

MAINTAINERS | 3 +-

configs/devices/arm-softmmu/default.mak | 1 +

hw/arm/mps3r.c | 239 ++++++++++++++++++++++++

hw/arm/Kconfig | 5 +

hw/arm/meson.build | 1 +

5 files changed, 248 insertions(+), 1 deletion(-)

create mode 100644 hw/arm/mps3r.c

@@ -XXX,XX +XXX,XX @@ F: include/hw/misc/imx7_*.h

F: hw/pci-host/designware.c

F: include/hw/pci-host/designware.h

-MPS2

+MPS2 / MPS3

M: Peter Maydell <peter.maydell@linaro.org>

L: qemu-arm@nongnu.org

S: Maintained

F: hw/arm/mps2.c

F: hw/arm/mps2-tz.c

+F: hw/arm/mps3r.c

F: hw/misc/mps2-*.c

F: include/hw/misc/mps2-*.h

F: hw/arm/armsse.c

diff --git a/configs/devices/arm-softmmu/default.mak b/configs/devices/arm-softmmu/default.mak

index XXXXXXX..XXXXXXX 100644

--- a/configs/devices/arm-softmmu/default.mak

+++ b/configs/devices/arm-softmmu/default.mak

@@ -XXX,XX +XXX,XX @@ CONFIG_ARM_VIRT=y

# CONFIG_INTEGRATOR=n

# CONFIG_FSL_IMX31=n

# CONFIG_MUSICPAL=n

+# CONFIG_MPS3R=n

# CONFIG_MUSCA=n

# CONFIG_CHEETAH=n

# CONFIG_SX1=n

diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/hw/arm/mps3r.c

@@ -XXX,XX +XXX,XX @@

+/*

+ * Arm MPS3 board emulation for Cortex-R-based FPGA images.

+ * (For M-profile images see mps2.c and mps2tz.c.)

+ *

+ * Copyright (c) 2017 Linaro Limited

+ * Written by Peter Maydell

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 or

+ * (at your option) any later version.

+ */

+

+/*

+ * The MPS3 is an FPGA based dev board. This file handles FPGA images

+ * which use the Cortex-R CPUs. We model these separately from the

+ * M-profile images, because on M-profile the FPGA image is based on

+ * a "Subsystem for Embedded" which is similar to an SoC, whereas

+ * the R-profile FPGA images don't have that abstraction layer.

+ *

+ * We model the following FPGA images here:

+ * "mps3-an536" -- dual Cortex-R52 as documented in Arm Application Note AN536

+ *

+ * Application Note AN536:

+ * https://developer.arm.com/documentation/dai0536/latest/

+ */

+

+#include "qemu/osdep.h"

+#include "qemu/units.h"

+#include "qapi/error.h"

+#include "exec/address-spaces.h"

+#include "cpu.h"

+#include "hw/boards.h"

+#include "hw/arm/boot.h"

+

+/* Define the layout of RAM and ROM in a board */

+typedef struct RAMInfo {

+ const char *name;

+ hwaddr base;

+ hwaddr size;

+ int mrindex; /* index into rams[]; -1 for the system RAM block */

+ int flags;

+} RAMInfo;

+

+/*

+ * The MPS3 DDR is 3GiB, but on a 32-bit host QEMU doesn't permit

+ * emulation of that much guest RAM, so artificially make it smaller.

+ */

+#if HOST_LONG_BITS == 32

+#define MPS3_DDR_SIZE (1 * GiB)

+#else

+#define MPS3_DDR_SIZE (3 * GiB)

+#endif

+

+/*

+ * Flag values:

+ * IS_MAIN: this is the main machine RAM

+ * IS_ROM: this area is read-only

+ */

+#define IS_MAIN 1

+#define IS_ROM 2

+

+#define MPS3R_RAM_MAX 9

+

+typedef enum MPS3RFPGAType {

+ FPGA_AN536,

+} MPS3RFPGAType;

+

+struct MPS3RMachineClass {

+ MachineClass parent;

+ MPS3RFPGAType fpga_type;

+ const RAMInfo *raminfo;

+};

+

+struct MPS3RMachineState {

+ MachineState parent;

+ MemoryRegion ram[MPS3R_RAM_MAX];

+};

+

+#define TYPE_MPS3R_MACHINE "mps3r"

+#define TYPE_MPS3R_AN536_MACHINE MACHINE_TYPE_NAME("mps3-an536")

+

+OBJECT_DECLARE_TYPE(MPS3RMachineState, MPS3RMachineClass, MPS3R_MACHINE)

+

+static const RAMInfo an536_raminfo[] = {

+ {

+ .name = "ATCM",

+ .base = 0x00000000,

+ .size = 0x00008000,

+ .mrindex = 0,

+ }, {

+ /* We model the QSPI flash as simple ROM for now */

+ .name = "QSPI",

+ .base = 0x08000000,

+ .size = 0x00800000,

+ .flags = IS_ROM,

+ .mrindex = 1,

+ }, {

+ .name = "BRAM",

+ .base = 0x10000000,

+ .size = 0x00080000,

+ .mrindex = 2,

+ }, {

+ .name = "DDR",

+ .base = 0x20000000,

+ .size = MPS3_DDR_SIZE,

+ .mrindex = -1,

+ }, {

+ .name = "ATCM0",

+ .base = 0xee000000,

+ .size = 0x00008000,

+ .mrindex = 3,

+ }, {

+ .name = "BTCM0",

+ .base = 0xee100000,

+ .size = 0x00008000,

+ .mrindex = 4,

+ }, {

+ .name = "CTCM0",

+ .base = 0xee200000,

+ .size = 0x00008000,

+ .mrindex = 5,

+ }, {

+ .name = "ATCM1",

+ .base = 0xee400000,

+ .size = 0x00008000,

+ .mrindex = 6,

+ }, {

+ .name = "BTCM1",

+ .base = 0xee500000,

+ .size = 0x00008000,

+ .mrindex = 7,

+ }, {

+ .name = "CTCM1",

+ .base = 0xee600000,

+ .size = 0x00008000,

+ .mrindex = 8,

+ }, {

+ .name = NULL,

+ }

+};

+

+static MemoryRegion *mr_for_raminfo(MPS3RMachineState *mms,

+ const RAMInfo *raminfo)

+{

+ /* Return an initialized MemoryRegion for the RAMInfo. */

+ MemoryRegion *ram;

+

+ if (raminfo->mrindex < 0) {

+ /* Means this RAMInfo is for QEMU's "system memory" */

+ MachineState *machine = MACHINE(mms);

+ assert(!(raminfo->flags & IS_ROM));

+ return machine->ram;

+ }

+

+ assert(raminfo->mrindex < MPS3R_RAM_MAX);

+ ram = &mms->ram[raminfo->mrindex];

+

+ memory_region_init_ram(ram, NULL, raminfo->name,

+ raminfo->size, &error_fatal);

+ if (raminfo->flags & IS_ROM) {

+ memory_region_set_readonly(ram, true);

+ }

+ return ram;

+}

+

+static void mps3r_common_init(MachineState *machine)

+{

+ MPS3RMachineState *mms = MPS3R_MACHINE(machine);

+ MPS3RMachineClass *mmc = MPS3R_MACHINE_GET_CLASS(mms);

+ MemoryRegion *sysmem = get_system_memory();

+

+ for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {

+ MemoryRegion *mr = mr_for_raminfo(mms, ri);

+ memory_region_add_subregion(sysmem, ri->base, mr);

+ }

+}

+

+static void mps3r_set_default_ram_info(MPS3RMachineClass *mmc)

+{

+ /*

+ * Set mc->default_ram_size and default_ram_id from the

+ * information in mmc->raminfo.

+ */

+ MachineClass *mc = MACHINE_CLASS(mmc);

+ const RAMInfo *p;

+

+ for (p = mmc->raminfo; p->name; p++) {

+ if (p->mrindex < 0) {

+ /* Found the entry for "system memory" */

+ mc->default_ram_size = p->size;

+ mc->default_ram_id = p->name;

+ return;

+ }

+ }

+ g_assert_not_reached();

+}

+

+static void mps3r_class_init(ObjectClass *oc, void *data)

+{

+ MachineClass *mc = MACHINE_CLASS(oc);

+

+ mc->init = mps3r_common_init;

+}

+

+static void mps3r_an536_class_init(ObjectClass *oc, void *data)

+{

+ MachineClass *mc = MACHINE_CLASS(oc);

+ MPS3RMachineClass *mmc = MPS3R_MACHINE_CLASS(oc);

+ static const char * const valid_cpu_types[] = {

+ ARM_CPU_TYPE_NAME("cortex-r52"),

+ NULL

+ };

+

+ mc->desc = "ARM MPS3 with AN536 FPGA image for Cortex-R52";

+ mc->default_cpus = 2;

+ mc->min_cpus = mc->default_cpus;

+ mc->max_cpus = mc->default_cpus;

+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-r52");

+ mc->valid_cpu_types = valid_cpu_types;

+ mmc->raminfo = an536_raminfo;

+ mps3r_set_default_ram_info(mmc);

+}

+

+static const TypeInfo mps3r_machine_types[] = {

+ {

+ .name = TYPE_MPS3R_MACHINE,

+ .parent = TYPE_MACHINE,

+ .abstract = true,

+ .instance_size = sizeof(MPS3RMachineState),

+ .class_size = sizeof(MPS3RMachineClass),

+ .class_init = mps3r_class_init,

+ }, {

+ .name = TYPE_MPS3R_AN536_MACHINE,

+ .parent = TYPE_MPS3R_MACHINE,

+ .class_init = mps3r_an536_class_init,

+ },

+};

+

+DEFINE_TYPES(mps3r_machine_types);

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config MAINSTONE

select PFLASH_CFI01

select SMC91C111

+config MPS3R

+ bool

+ default y

+ depends on TCG && ARM

+

config MUSCA

bool

default y

diff --git a/hw/arm/meson.build b/hw/arm/meson.build

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/meson.build

+++ b/hw/arm/meson.build

@@ -XXX,XX +XXX,XX @@ arm_ss.add(when: 'CONFIG_HIGHBANK', if_true: files('highbank.c'))

arm_ss.add(when: 'CONFIG_INTEGRATOR', if_true: files('integratorcp.c'))

arm_ss.add(when: 'CONFIG_MAINSTONE', if_true: files('mainstone.c'))

arm_ss.add(when: 'CONFIG_MICROBIT', if_true: files('microbit.c'))

+arm_ss.add(when: 'CONFIG_MPS3R', if_true: files('mps3r.c'))

arm_ss.add(when: 'CONFIG_MUSICPAL', if_true: files('musicpal.c'))

arm_ss.add(when: 'CONFIG_NETDUINOPLUS2', if_true: files('netduinoplus2.c'))

arm_ss.add(when: 'CONFIG_OLIMEX_STM32_H405', if_true: files('olimex-stm32-h405.c'))

2.34.1

This board has a lot of UARTs: there is one UART per CPU in the

per-CPU peripheral part of the address map, whose interrupts are

connected as per-CPU interrupt lines. Then there are 4 UARTs in the

normal part of the peripheral space, whose interrupts are shared

peripheral interrupts.

Connect and wire them all up; this involves some OR gates where

multiple overflow interrupts are wired into one GIC input.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Message-id: 20240206132931.38376-11-peter.maydell@linaro.org

hw/arm/mps3r.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 94 insertions(+)

diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c

--- a/hw/arm/mps3r.c

+++ b/hw/arm/mps3r.c

@@ -XXX,XX +XXX,XX @@

#include "qapi/qmp/qlist.h"

#include "exec/address-spaces.h"

#include "cpu.h"

+#include "sysemu/sysemu.h"

#include "hw/boards.h"

+#include "hw/or-irq.h"

#include "hw/qdev-properties.h"

#include "hw/arm/boot.h"

#include "hw/arm/bsa.h"

+#include "hw/char/cmsdk-apb-uart.h"

#include "hw/intc/arm_gicv3.h"

/* Define the layout of RAM and ROM in a board */

@@ -XXX,XX +XXX,XX @@ typedef struct RAMInfo {

#define MPS3R_RAM_MAX 9

#define MPS3R_CPU_MAX 2

+#define MPS3R_UART_MAX 4 /* shared UART count */

#define PERIPHBASE 0xf0000000

#define NUM_SPIS 96

@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {

MemoryRegion sysmem_alias[MPS3R_CPU_MAX];

MemoryRegion cpu_ram[MPS3R_CPU_MAX];

GICv3State gic;

+ /* per-CPU UARTs followed by the shared UARTs */

+ CMSDKAPBUART uart[MPS3R_CPU_MAX + MPS3R_UART_MAX];

+ OrIRQState cpu_uart_oflow[MPS3R_CPU_MAX];

+ OrIRQState uart_oflow;

};

#define TYPE_MPS3R_MACHINE "mps3r"

@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {

OBJECT_DECLARE_TYPE(MPS3RMachineState, MPS3RMachineClass, MPS3R_MACHINE)

+/*

+ * Main clock frequency CLK in Hz (50MHz). In the image there are also

+ * ACLK, MCLK, GPUCLK and PERIPHCLK at the same frequency; for our

+ * model we just roll them all into one.

+ */

+#define CLK_FRQ 50000000

+

static const RAMInfo an536_raminfo[] = {

{

.name = "ATCM",

@@ -XXX,XX +XXX,XX @@ static void create_gic(MPS3RMachineState *mms, MemoryRegion *sysmem)

}

+/*

+ * Create UART uartno, and map it into the MemoryRegion mem at address baseaddr.

+ * The qemu_irq arguments are where we connect the various IRQs from the UART.

+ */

+static void create_uart(MPS3RMachineState *mms, int uartno, MemoryRegion *mem,

+ hwaddr baseaddr, qemu_irq txirq, qemu_irq rxirq,

+ qemu_irq txoverirq, qemu_irq rxoverirq,

+ qemu_irq combirq)

+ g_autofree char *s = g_strdup_printf("uart%d", uartno);

+ SysBusDevice *sbd;

+

+ assert(uartno < ARRAY_SIZE(mms->uart));

+ object_initialize_child(OBJECT(mms), s, &mms->uart[uartno],

+ TYPE_CMSDK_APB_UART);

+ qdev_prop_set_uint32(DEVICE(&mms->uart[uartno]), "pclk-frq", CLK_FRQ);

+ qdev_prop_set_chr(DEVICE(&mms->uart[uartno]), "chardev", serial_hd(uartno));

+ sbd = SYS_BUS_DEVICE(&mms->uart[uartno]);

+ sysbus_realize(sbd, &error_fatal);

+ memory_region_add_subregion(mem, baseaddr,

+ sysbus_mmio_get_region(sbd, 0));

+ sysbus_connect_irq(sbd, 0, txirq);

+ sysbus_connect_irq(sbd, 1, rxirq);

+ sysbus_connect_irq(sbd, 2, txoverirq);

+ sysbus_connect_irq(sbd, 3, rxoverirq);

+ sysbus_connect_irq(sbd, 4, combirq);

static void mps3r_common_init(MachineState *machine)

MPS3RMachineState *mms = MPS3R_MACHINE(machine);

MPS3RMachineClass *mmc = MPS3R_MACHINE_GET_CLASS(mms);

MemoryRegion *sysmem = get_system_memory();

+ DeviceState *gicdev;

for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {

MemoryRegion *mr = mr_for_raminfo(mms, ri);

@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)

}

create_gic(mms, sysmem);

+ gicdev = DEVICE(&mms->gic);

+

+ /*

+ * UARTs 0 and 1 are per-CPU; their interrupts are wired to

+ * the relevant CPU's PPI 0..3, aka INTID 16..19

+ */

+ for (int i = 0; i < machine->smp.cpus; i++) {

+ int intidbase = NUM_SPIS + i * GIC_INTERNAL;

+ g_autofree char *s = g_strdup_printf("cpu-uart-oflow-orgate%d", i);

+ DeviceState *orgate;

+

+ /* The two overflow IRQs from the UART are ORed together into PPI 3 */

+ object_initialize_child(OBJECT(mms), s, &mms->cpu_uart_oflow[i],

+ TYPE_OR_IRQ);

+ orgate = DEVICE(&mms->cpu_uart_oflow[i]);

+ qdev_prop_set_uint32(orgate, "num-lines", 2);

+ qdev_realize(orgate, NULL, &error_fatal);

+ qdev_connect_gpio_out(orgate, 0,

+ qdev_get_gpio_in(gicdev, intidbase + 19));

+

+ create_uart(mms, i, &mms->cpu_sysmem[i], 0xe7c00000,

+ qdev_get_gpio_in(gicdev, intidbase + 17), /* tx */

+ qdev_get_gpio_in(gicdev, intidbase + 16), /* rx */

+ qdev_get_gpio_in(orgate, 0), /* txover */

+ qdev_get_gpio_in(orgate, 1), /* rxover */

+ qdev_get_gpio_in(gicdev, intidbase + 18) /* combined */);

+ }

+ /*

+ * UARTs 2 to 5 are whole-system; all overflow IRQs are ORed

+ * together into IRQ 17

+ */

+ object_initialize_child(OBJECT(mms), "uart-oflow-orgate",

+ &mms->uart_oflow, TYPE_OR_IRQ);

+ qdev_prop_set_uint32(DEVICE(&mms->uart_oflow), "num-lines",

+ MPS3R_UART_MAX * 2);

+ qdev_realize(DEVICE(&mms->uart_oflow), NULL, &error_fatal);

+ qdev_connect_gpio_out(DEVICE(&mms->uart_oflow), 0,

+ qdev_get_gpio_in(gicdev, 17));

+

+ for (int i = 0; i < MPS3R_UART_MAX; i++) {

+ hwaddr baseaddr = 0xe0205000 + i * 0x1000;

+ int rxirq = 5 + i * 2, txirq = 6 + i * 2, combirq = 13 + i;

+

+ create_uart(mms, i + MPS3R_CPU_MAX, sysmem, baseaddr,

+ qdev_get_gpio_in(gicdev, txirq),

+ qdev_get_gpio_in(gicdev, rxirq),

+ qdev_get_gpio_in(DEVICE(&mms->uart_oflow), i * 2),

+ qdev_get_gpio_in(DEVICE(&mms->uart_oflow), i * 2 + 1),

+ qdev_get_gpio_in(gicdev, combirq));

+ }

mms->bootinfo.ram_size = machine->ram_size;

mms->bootinfo.board_id = -1;

2.34.1

We support two different encodings for the AArch32 IMPDEF

CBAR register -- older cores like the Cortex A9, A7, A15

have this at 4, c15, c0, 0; newer cores like the

Cortex A35, A53, A57 and A72 have it at 1 c15 c0 0.

When we implemented this we picked which encoding to

use based on whether the CPU set ARM_FEATURE_AARCH64.

However this isn't right for three cases:

* the qemu-system-arm 'max' CPU, which is supposed to be

a variant on a Cortex-A57; it ought to use the same

encoding the A57 does and which the AArch64 'max'

exposes to AArch32 guest code

* the Cortex-R52, which is AArch32-only but has the CBAR

at the newer encoding (and where we incorrectly are

not yet setting ARM_FEATURE_CBAR_RO anyway)

* any possible future support for other v8 AArch32

only CPUs, or for supporting "boot the CPU into

AArch32 mode" on our existing cores like the A57 etc

Make the decision of the encoding be based on whether

the CPU implements the ARM_FEATURE_V8 flag instead.

This changes the behaviour only for the qemu-system-arm

'-cpu max'. We don't expect anybody to be relying on the

old behaviour because:

* it's not what the real hardware Cortex-A57 does

(and that's what our ID register claims we are)

* we don't implement the memory-mapped GICv3 support

which is the only thing that exists at the peripheral

base address pointed to by the register

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20240206132931.38376-2-peter.maydell@linaro.org

target/arm/helper.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)

* AArch64 cores we might need to add a specific feature flag

* to indicate cores with "flavour 2" CBAR.

*/

- if (arm_feature(env, ARM_FEATURE_AARCH64)) {

+ if (arm_feature(env, ARM_FEATURE_V8)) {

/* 32 bit view is [31:18] 0...0 [43:32]. */

uint32_t cbar32 = (extract64(cpu->reset_cbar, 18, 14) << 18)

| extract64(cpu->reset_cbar, 32, 12);

2.34.1

It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile

CPU, and in fact if you try to do it we will assert:

#6 0x00007ffff4b95e96 in __GI___assert_fail

(assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)", file=0x5555565a6e5c "../../target/arm/helper.c", line=12600, function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3") at ./assert/assert.c:101

#7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at ../../target/arm/helper.c:12600

#8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at ../../target/arm/cpu.h:2595

#9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at ../../target/arm/internals.h:1512

We might call pmu_counter_enabled() on an M-profile CPU (for example

from the migration pre/post hooks in machine.c); this should always

return false because these CPUs don't set ARM_FEATURE_PMU.

Avoid the assertion by not calling arm_mdcr_el2_eff() before we

have done the early return for "PMU not present".

This fixes an assertion failure if you try to do a loadvm or

savevm for an M-profile board.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20240208153346.970021-1-peter.maydell@linaro.org

target/arm/helper.c | 12 ++++++++++--

1 file changed, 10 insertions(+), 2 deletions(-)

@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)

bool enabled, prohibited = false, filtered;

bool secure = arm_is_secure(env);

int el = arm_current_el(env);

- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);

- uint8_t hpmn = mdcr_el2 & MDCR_HPMN;

+ uint64_t mdcr_el2;

+ uint8_t hpmn;

+ /*

+ * We might be called for M-profile cores where MDCR_EL2 doesn't

+ * exist and arm_mdcr_el2_eff() will assert, so this early-exit check

+ * must be before we read that value.

+ */

if (!arm_feature(env, ARM_FEATURE_PMU)) {

return false;

}

+ mdcr_el2 = arm_mdcr_el2_eff(env);

+ hpmn = mdcr_el2 & MDCR_HPMN;

+

if (!arm_feature(env, ARM_FEATURE_EL2) ||

(counter < hpmn || counter == 31)) {

e = env->cp15.c9_pmcr & PMCRE;

2.34.1

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Suggested-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Message-id: 20240213155214.13619-3-philmd@linaro.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/stellaris.c | 26 ++++++++++++++++++++++----

1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c

--- a/hw/arm/stellaris.c

+++ b/hw/arm/stellaris.c

@@ -XXX,XX +XXX,XX @@ static void stellaris_sys_instance_init(Object *obj)

s->sysclk = qdev_init_clock_out(DEVICE(s), "SYSCLK");

-/* I2C controller. */

+/*

+ * I2C controller.

+ * ??? For now we only implement the master interface.

+ */

#define TYPE_STELLARIS_I2C "stellaris-i2c"

OBJECT_DECLARE_SIMPLE_TYPE(stellaris_i2c_state, STELLARIS_I2C)

@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_write(void *opaque, hwaddr offset,

stellaris_i2c_update(s);

}

-static void stellaris_i2c_reset(stellaris_i2c_state *s)

+static void stellaris_i2c_reset_enter(Object *obj, ResetType type)

{

+ stellaris_i2c_state *s = STELLARIS_I2C(obj);

+

if (s->mcs & STELLARIS_I2C_MCS_BUSBSY)

i2c_end_transfer(s->bus);

+static void stellaris_i2c_reset_hold(Object *obj)

+{

+ stellaris_i2c_state *s = STELLARIS_I2C(obj);

s->msa = 0;

s->mcs = 0;

@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_reset(stellaris_i2c_state *s)

s->mimr = 0;

s->mris = 0;

s->mcr = 0;

+static void stellaris_i2c_reset_exit(Object *obj)

+ stellaris_i2c_state *s = STELLARIS_I2C(obj);

+

stellaris_i2c_update(s);

@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_init(Object *obj)

memory_region_init_io(&s->iomem, obj, &stellaris_i2c_ops, s,

"i2c", 0x1000);

sysbus_init_mmio(sbd, &s->iomem);

- /* ??? For now we only implement the master interface. */

- stellaris_i2c_reset(s);

/* Analogue to Digital Converter. This is only partially implemented,

@@ -XXX,XX +XXX,XX @@ type_init(stellaris_machine_init)

static void stellaris_i2c_class_init(ObjectClass *klass, void *data)

DeviceClass *dc = DEVICE_CLASS(klass);

+ ResettableClass *rc = RESETTABLE_CLASS(klass);

+ rc->phases.enter = stellaris_i2c_reset_enter;

+ rc->phases.hold = stellaris_i2c_reset_hold;

+ rc->phases.exit = stellaris_i2c_reset_exit;

dc->vmsd = &vmstate_stellaris_i2c;

2.34.1

From: Richard Henderson <richard.henderson@linaro.org>

When we added SVE_MTEDESC_SHIFT, we effectively limited the

maximum size of MTEDESC. Adjust SIZEM1 to consume the remaining

bits (32 - 10 - 5 - 12 == 5). Assert that the data to be stored

fits within the field (expecting 8 * 4 - 1 == 31, exact fit).

target/arm/internals.h | 2 +-

target/arm/tcg/translate-sve.c | 7 ++++---

2 files changed, 5 insertions(+), 4 deletions(-)

@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, TBI, 4, 2)

FIELD(MTEDESC, TCMA, 6, 2)

FIELD(MTEDESC, WRITE, 8, 1)

FIELD(MTEDESC, ALIGN, 9, 3)

-FIELD(MTEDESC, SIZEM1, 12, SIMD_DATA_BITS - 12) /* size - 1 */

+FIELD(MTEDESC, SIZEM1, 12, SIMD_DATA_BITS - SVE_MTEDESC_SHIFT - 12) /* size - 1 */

bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr);

uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);

diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c

--- a/target/arm/tcg/translate-sve.c

+++ b/target/arm/tcg/translate-sve.c

@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,

{

unsigned vsz = vec_full_reg_size(s);

TCGv_ptr t_pg;

+ uint32_t sizem1;

int desc = 0;

assert(mte_n >= 1 && mte_n <= 4);

+ sizem1 = (mte_n << dtype_msz(dtype)) - 1;

+ assert(sizem1 <= R_MTEDESC_SIZEM1_MASK >> R_MTEDESC_SIZEM1_SHIFT);

if (s->mte_active[0]) {

- int msz = dtype_msz(dtype);

-

desc = FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s));

desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);

desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);

desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);

- desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1);

+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, sizem1);

desc <<= SVE_MTEDESC_SHIFT;

} else {

addr = clean_data_tbi(s, addr);