Series comparison

-[PULL 0/2] target-arm queue
+[PULL v2 00/32] target-arm queue
-Two bug fixes for 9.0...
+For some reason the xilinx can bus patches built in my local config
 but not in the merge-test ones; dropped those.
 -- PMM
-The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5:
+The following changes since commit a68694cd1f3e5448cca814ff39b871f9ebd71ed5:
-  Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into staging (2024-04-04 15:28:06 +0100)
+  Merge remote-tracking branch 'remotes/philmd-gitlab/tags/edk2-next-20200914' into staging (2020-09-14 12:18:58 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240408
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200914-1
-for you to fetch changes up to 19b254e86a900dc5ee332e3ac0baf9c521301abf:
+for you to fetch changes up to 4fe986dd4480308ecf07200cfbd3c3d494a0f639:
-  target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 (2024-04-08 15:38:53 +0100)
+  tests/acceptance: console boot tests for quanta-gsj (2020-09-14 14:24:59 +0100)
 ----------------------------------------------------------------
-target-arm:
+ * hw/misc/a9scu: Do not allow invalid CPU count
- * Use correct SecuritySpace for AArch64 AT ops at EL3
+ * hw/misc/a9scu: Minor cleanups
- * Fix CNTPOFF_EL2 trap to missing EL3
+ * hw/timer/armv7m_systick: assert that board code set system_clock_scale
  * decodetree: Improve identifier matching
  * target/arm: Clean up neon fp insn size field decode
  * target/arm: Remove KVM support for 32-bit Arm hosts
  * hw/arm/mps2: New board models mps2-an386, mps2-an500
  * Deprecate Unicore32 port
  * Deprecate lm32 port
  * target/arm: Count PMU events when MDCR.SPME is set
  * hw/arm: versal-virt: Correct the tx/rx GEM clocks
  * New Nuvoton iBMC board models npcm750-evb, quanta-gsj
 ----------------------------------------------------------------
-Peter Maydell (1):
+Aaron Lindsay (1):
-      target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
+      target/arm: Count PMU events when MDCR.SPME is set
-Pierre-Clément Tosi (1):
+Edgar E. Iglesias (1):
-      target/arm: Fix CNTPOFF_EL2 trap to missing EL3
+      hw/arm: versal-virt: Correct the tx/rx GEM clocks
- target/arm/helper.c | 10 +++++++---
+Havard Skinnemoen (14):
-file changed, 7 insertions(+), 3 deletions(-)
+      hw/misc: Add NPCM7xx System Global Control Registers device model
       hw/misc: Add NPCM7xx Clock Controller device model
       hw/timer: Add NPCM7xx Timer device model
       hw/arm: Add NPCM730 and NPCM750 SoC models
       hw/arm: Add two NPCM7xx-based machines
       roms: Add virtual Boot ROM for NPCM7xx SoCs
       hw/arm: Load -bios image as a boot ROM for npcm7xx
       hw/nvram: NPCM7xx OTP device model
       hw/mem: Stubbed out NPCM7xx Memory Controller model
       hw/ssi: NPCM7xx Flash Interface Unit device model
       hw/arm: Wire up BMC boot flash for npcm750-evb and quanta-gsj
       hw/arm/npcm7xx: add board setup stub for CPU and UART clocks
       docs/system: Add Nuvoton machine documentation
       tests/acceptance: console boot tests for quanta-gsj
+Peter Maydell (11):
+      hw/timer/armv7m_systick: assert that board code set system_clock_scale
+      target/arm: Convert Neon 3-same-fp size field to MO_* in decode
+      target/arm: Convert Neon VCVT fp size field to MO_* in decode
+      target/arm: Convert VCMLA, VCADD size field to MO_* in decode
+      target/arm: Remove KVM support for 32-bit Arm hosts
+      target/arm: Remove no-longer-reachable 32-bit KVM code
+      hw/arm/mps2: New board model mps2-an386
+      hw/arm/mps2: New board model mps2-an500
+      docs/system/arm/mps2.rst: Make board list consistent
+      Deprecate Unicore32 port
+      Deprecate lm32 port
+Philippe Mathieu-Daudé (4):
+      hw/misc/a9scu: Do not allow invalid CPU count
+      hw/misc/a9scu: Simplify setting MemoryRegionOps::valid fields
+      hw/misc/a9scu: Simplify setting MemoryRegionOps::impl fields
+      hw/misc/a9scu: Report unimplemented accesses with qemu_log_mask(UNIMP)
+Richard Henderson (1):
+      decodetree: Improve identifier matching
+ docs/system/arm/mps2.rst               |  20 +-
+ docs/system/arm/nuvoton.rst            |  92 +++++
+ docs/system/deprecated.rst             |  32 +-
+ docs/system/target-arm.rst             |   1 +
+ configure                              |   2 +-
+ default-configs/arm-softmmu.mak        |   1 +
+ include/hw/arm/npcm7xx.h               | 112 +++++++
+ include/hw/mem/npcm7xx_mc.h            |  36 ++
+ include/hw/misc/npcm7xx_clk.h          |  48 +++
+ include/hw/misc/npcm7xx_gcr.h          |  43 +++
+ include/hw/nvram/npcm7xx_otp.h         |  79 +++++
+ include/hw/ssi/npcm7xx_fiu.h           |  73 ++++
+ include/hw/timer/npcm7xx_timer.h       |  78 +++++
+ target/arm/kvm-consts.h                |   7 -
+ target/arm/kvm_arm.h                   |   6 -
+ target/arm/neon-dp.decode              |  18 +-
+ target/arm/neon-shared.decode          |  18 +-
+ tests/decode/succ_ident1.decode        |   7 +
+ hw/arm/mps2.c                          |  97 +++++-
+ hw/arm/npcm7xx.c                       | 532 +++++++++++++++++++++++++++++
+ hw/arm/npcm7xx_boards.c                | 197 +++++++++++
+ hw/arm/xlnx-versal-virt.c              |   2 +-
+ hw/mem/npcm7xx_mc.c                    |  84 +++++
+ hw/misc/a9scu.c                        |  59 ++--
+ hw/misc/npcm7xx_clk.c                  | 266 +++++++++++++++
+ hw/misc/npcm7xx_gcr.c                  | 269 +++++++++++++++
+ hw/nvram/npcm7xx_otp.c                 | 440 ++++++++++++++++++++++++
+ hw/ssi/npcm7xx_fiu.c                   | 572 +++++++++++++++++++++++++++++++
+ hw/timer/armv7m_systick.c              |   8 +
+ hw/timer/npcm7xx_timer.c               | 543 ++++++++++++++++++++++++++++++
+ target/arm/cpu.c                       | 101 +++---
+ target/arm/helper.c                    |   2 +-
+ target/arm/kvm.c                       |   7 -
+ target/arm/kvm32.c                     | 595 ---------------------------------
+ .gitmodules                            |   3 +
+ MAINTAINERS                            |  10 +
+ hw/arm/Kconfig                         |   9 +
+ hw/arm/meson.build                     |   1 +
+ hw/mem/meson.build                     |   1 +
+ hw/misc/meson.build                    |   4 +
+ hw/misc/trace-events                   |   8 +
+ hw/nvram/meson.build                   |   1 +
+ hw/ssi/meson.build                     |   1 +
+ hw/ssi/trace-events                    |  11 +
+ hw/timer/meson.build                   |   1 +
+ hw/timer/trace-events                  |   5 +
+ pc-bios/README                         |   6 +
+ pc-bios/meson.build                    |   1 +
+ pc-bios/npcm7xx_bootrom.bin            | Bin 0 -> 768 bytes
+ roms/Makefile                          |   7 +
+ roms/vbootrom                          |   1 +
+ scripts/decodetree.py                  |  46 ++-
+ target/arm/meson.build                 |   5 +-
+ target/arm/translate-neon.c.inc        |  42 ++-
+ tests/acceptance/boot_linux_console.py |  83 +++++
+files changed, 3910 insertions(+), 783 deletions(-)
+ create mode 100644 docs/system/arm/nuvoton.rst
+ create mode 100644 include/hw/arm/npcm7xx.h
+ create mode 100644 include/hw/mem/npcm7xx_mc.h
+ create mode 100644 include/hw/misc/npcm7xx_clk.h
+ create mode 100644 include/hw/misc/npcm7xx_gcr.h
+ create mode 100644 include/hw/nvram/npcm7xx_otp.h
+ create mode 100644 include/hw/ssi/npcm7xx_fiu.h
+ create mode 100644 include/hw/timer/npcm7xx_timer.h
+ create mode 100644 tests/decode/succ_ident1.decode
+ create mode 100644 hw/arm/npcm7xx.c
+ create mode 100644 hw/arm/npcm7xx_boards.c
+ create mode 100644 hw/mem/npcm7xx_mc.c
+ create mode 100644 hw/misc/npcm7xx_clk.c
+ create mode 100644 hw/misc/npcm7xx_gcr.c
+ create mode 100644 hw/nvram/npcm7xx_otp.c
+ create mode 100644 hw/ssi/npcm7xx_fiu.c
+ create mode 100644 hw/timer/npcm7xx_timer.c
+ delete mode 100644 target/arm/kvm32.c
+ create mode 100644 pc-bios/npcm7xx_bootrom.bin
+ create mode 160000 roms/vbootrom

-[PULL 1/2] target/arm: Fix CNTPOFF_EL2 trap to missing EL3
+Deleted patch
-From: Pierre-Clément Tosi <ptosi@google.com>
-EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is
-present, as described by the reference manual (for MRS):
-  /* ... */
-  elsif PSTATE.EL == EL2 then
-      if Halted() && HaveEL(EL3) && /*...*/ then
-          UNDEFINED;
-      elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then
-          /* ... */
-      else
-          X[t, 64] = CNTPOFF_EL2;
-However, the existing implementation of gt_cntpoff_access() always
-returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In
-pseudo-code terminology, this corresponds to assuming that HaveEL(EL3)
-is always true, which is wrong. As a result, QEMU panics in
-access_check_cp_reg() when started without EL3 and running EL2 code
-accessing the register (e.g. any recent KVM booting a guest).
-Therefore, add the HaveEL(EL3) check to gt_cntpoff_access().
-Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling")
-Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
-Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/helper.c | 3 ++-
-file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult gt_cntpoff_access(CPUARMState *env,
-                                         const ARMCPRegInfo *ri,
-                                         bool isread)
- {
--    if (arm_current_el(env) == 2 && !(env->cp15.scr_el3 & SCR_ECVEN)) {
-+    if (arm_current_el(env) == 2 && arm_feature(env, ARM_FEATURE_EL3) &&
-+        !(env->cp15.scr_el3 & SCR_ECVEN)) {
-         return CP_ACCESS_TRAP_EL3;
-     }
-     return CP_ACCESS_OK;
---
-.34.1

-[PULL 2/2] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
+Deleted patch
-When we do an AT address translation operation, the page table walk
-is supposed to be performed in the context of the EL we're doing the
-walk for, so for instance an AT S1E2R walk is done for EL2.  In the
-pseudocode an EL is passed to AArch64.AT(), which calls
-SecurityStateAtEL() to find the security state that we should be
-doing the walk with.
-In ats_write64() we get this wrong, instead using the current
-security space always.  This is fine for AT operations performed from
-EL1 and EL2, because there the current security state and the
-security state for the lower EL are the same.  But for AT operations
-performed from EL3, the current security state is always either
-Secure or Root, whereas we want to use the security state defined by
-SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
-FEAT_RME but also ones where EL3 is Secure state and the EL3 code
-is trying to do an AT for a NonSecure EL2 or EL1.
-Use arm_security_space_below_el3() to get the SecuritySpace to
-pass to do_ats_write() for all AT operations except the
-AT S1E3* operations.
-Cc: qemu-stable@nongnu.org
-Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT instructions")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org
----
- target/arm/helper.c | 7 +++++--
-file changed, 5 insertions(+), 2 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-     ARMMMUIdx mmu_idx;
-     uint64_t hcr_el2 = arm_hcr_el2_eff(env);
-     bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
-+    bool for_el3 = false;
-+    ARMSecuritySpace ss;
-     switch (ri->opc2 & 6) {
-     case 0:
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-             break;
-         case 6: /* AT S1E3R, AT S1E3W */
-             mmu_idx = ARMMMUIdx_E3;
-+            for_el3 = true;
-             break;
-         default:
-             g_assert_not_reached();
-@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
-         g_assert_not_reached();
-     }
--    env->cp15.par_el[1] = do_ats_write(env, value, access_type,
--                                       mmu_idx, arm_security_space(env));
-+    ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env);
-+    env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss);
- #else
-     /* Handled by hardware accelerator. */
-     g_assert_not_reached();
---
-.34.1

Two bug fixes for 9.0...

-- PMM

The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5:

Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into staging (2024-04-04 15:28:06 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240408

for you to fetch changes up to 19b254e86a900dc5ee332e3ac0baf9c521301abf:

target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3 (2024-04-08 15:38:53 +0100)

----------------------------------------------------------------
target-arm:
 * Use correct SecuritySpace for AArch64 AT ops at EL3
 * Fix CNTPOFF_EL2 trap to missing EL3

----------------------------------------------------------------
Peter Maydell (1):
      target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3

Pierre-Clément Tosi (1):
      target/arm: Fix CNTPOFF_EL2 trap to missing EL3

target/arm/helper.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

From: Pierre-Clément Tosi <ptosi@google.com>

EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is
present, as described by the reference manual (for MRS):

/* ... */
  elsif PSTATE.EL == EL2 then
      if Halted() && HaveEL(EL3) && /*...*/ then
          UNDEFINED;
      elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then
          /* ... */
      else
          X[t, 64] = CNTPOFF_EL2;

However, the existing implementation of gt_cntpoff_access() always
returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In
pseudo-code terminology, this corresponds to assuming that HaveEL(EL3)
is always true, which is wrong. As a result, QEMU panics in
access_check_cp_reg() when started without EL3 and running EL2 code
accessing the register (e.g. any recent KVM booting a guest).

Therefore, add the HaveEL(EL3) check to gt_cntpoff_access().

Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult gt_cntpoff_access(CPUARMState *env,
                                         const ARMCPRegInfo *ri,
                                         bool isread)
 {
-    if (arm_current_el(env) == 2 && !(env->cp15.scr_el3 & SCR_ECVEN)) {
+    if (arm_current_el(env) == 2 && arm_feature(env, ARM_FEATURE_EL3) &&
+        !(env->cp15.scr_el3 & SCR_ECVEN)) {
         return CP_ACCESS_TRAP_EL3;
     }
     return CP_ACCESS_OK;
-- 
2.34.1

When we do an AT address translation operation, the page table walk
is supposed to be performed in the context of the EL we're doing the
walk for, so for instance an AT S1E2R walk is done for EL2.  In the
pseudocode an EL is passed to AArch64.AT(), which calls
SecurityStateAtEL() to find the security state that we should be
doing the walk with.

In ats_write64() we get this wrong, instead using the current
security space always.  This is fine for AT operations performed from
EL1 and EL2, because there the current security state and the
security state for the lower EL are the same.  But for AT operations
performed from EL3, the current security state is always either
Secure or Root, whereas we want to use the security state defined by
SCR_EL3.{NS,NSE} for the walk. This affects not just guests using
FEAT_RME but also ones where EL3 is Secure state and the EL3 code
is trying to do an AT for a NonSecure EL2 or EL1.

Use arm_security_space_below_el3() to get the SecuritySpace to
pass to do_ats_write() for all AT operations except the
AT S1E3* operations.

Cc: qemu-stable@nongnu.org
Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT instructions")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org
---
 target/arm/helper.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
     ARMMMUIdx mmu_idx;
     uint64_t hcr_el2 = arm_hcr_el2_eff(env);
     bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
+    bool for_el3 = false;
+    ARMSecuritySpace ss;
 
     switch (ri->opc2 & 6) {
     case 0:
@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
             break;
         case 6: /* AT S1E3R, AT S1E3W */
             mmu_idx = ARMMMUIdx_E3;
+            for_el3 = true;
             break;
         default:
             g_assert_not_reached();
@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
         g_assert_not_reached();
     }
 
-    env->cp15.par_el[1] = do_ats_write(env, value, access_type,
-                                       mmu_idx, arm_security_space(env));
+    ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env);
+    env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss);
 #else
     /* Handled by hardware accelerator. */
     g_assert_not_reached();
-- 
2.34.1

For some reason the xilinx can bus patches built in my local config
but not in the merge-test ones; dropped those.

-- PMM

The following changes since commit a68694cd1f3e5448cca814ff39b871f9ebd71ed5:

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/edk2-next-20200914' into staging (2020-09-14 12:18:58 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200914-1

for you to fetch changes up to 4fe986dd4480308ecf07200cfbd3c3d494a0f639:

tests/acceptance: console boot tests for quanta-gsj (2020-09-14 14:24:59 +0100)

----------------------------------------------------------------
 * hw/misc/a9scu: Do not allow invalid CPU count
 * hw/misc/a9scu: Minor cleanups
 * hw/timer/armv7m_systick: assert that board code set system_clock_scale
 * decodetree: Improve identifier matching
 * target/arm: Clean up neon fp insn size field decode
 * target/arm: Remove KVM support for 32-bit Arm hosts
 * hw/arm/mps2: New board models mps2-an386, mps2-an500
 * Deprecate Unicore32 port
 * Deprecate lm32 port
 * target/arm: Count PMU events when MDCR.SPME is set
 * hw/arm: versal-virt: Correct the tx/rx GEM clocks
 * New Nuvoton iBMC board models npcm750-evb, quanta-gsj

----------------------------------------------------------------
Aaron Lindsay (1):
      target/arm: Count PMU events when MDCR.SPME is set

Edgar E. Iglesias (1):
      hw/arm: versal-virt: Correct the tx/rx GEM clocks

Havard Skinnemoen (14):
      hw/misc: Add NPCM7xx System Global Control Registers device model
      hw/misc: Add NPCM7xx Clock Controller device model
      hw/timer: Add NPCM7xx Timer device model
      hw/arm: Add NPCM730 and NPCM750 SoC models
      hw/arm: Add two NPCM7xx-based machines
      roms: Add virtual Boot ROM for NPCM7xx SoCs
      hw/arm: Load -bios image as a boot ROM for npcm7xx
      hw/nvram: NPCM7xx OTP device model
      hw/mem: Stubbed out NPCM7xx Memory Controller model
      hw/ssi: NPCM7xx Flash Interface Unit device model
      hw/arm: Wire up BMC boot flash for npcm750-evb and quanta-gsj
      hw/arm/npcm7xx: add board setup stub for CPU and UART clocks
      docs/system: Add Nuvoton machine documentation
      tests/acceptance: console boot tests for quanta-gsj

Peter Maydell (11):
      hw/timer/armv7m_systick: assert that board code set system_clock_scale
      target/arm: Convert Neon 3-same-fp size field to MO_* in decode
      target/arm: Convert Neon VCVT fp size field to MO_* in decode
      target/arm: Convert VCMLA, VCADD size field to MO_* in decode
      target/arm: Remove KVM support for 32-bit Arm hosts
      target/arm: Remove no-longer-reachable 32-bit KVM code
      hw/arm/mps2: New board model mps2-an386
      hw/arm/mps2: New board model mps2-an500
      docs/system/arm/mps2.rst: Make board list consistent
      Deprecate Unicore32 port
      Deprecate lm32 port

Philippe Mathieu-Daudé (4):
      hw/misc/a9scu: Do not allow invalid CPU count
      hw/misc/a9scu: Simplify setting MemoryRegionOps::valid fields
      hw/misc/a9scu: Simplify setting MemoryRegionOps::impl fields
      hw/misc/a9scu: Report unimplemented accesses with qemu_log_mask(UNIMP)

Richard Henderson (1):
      decodetree: Improve identifier matching

docs/system/arm/mps2.rst               |  20 +-
 docs/system/arm/nuvoton.rst            |  92 +++++
 docs/system/deprecated.rst             |  32 +-
 docs/system/target-arm.rst             |   1 +
 configure                              |   2 +-
 default-configs/arm-softmmu.mak        |   1 +
 include/hw/arm/npcm7xx.h               | 112 +++++++
 include/hw/mem/npcm7xx_mc.h            |  36 ++
 include/hw/misc/npcm7xx_clk.h          |  48 +++
 include/hw/misc/npcm7xx_gcr.h          |  43 +++
 include/hw/nvram/npcm7xx_otp.h         |  79 +++++
 include/hw/ssi/npcm7xx_fiu.h           |  73 ++++
 include/hw/timer/npcm7xx_timer.h       |  78 +++++
 target/arm/kvm-consts.h                |   7 -
 target/arm/kvm_arm.h                   |   6 -
 target/arm/neon-dp.decode              |  18 +-
 target/arm/neon-shared.decode          |  18 +-
 tests/decode/succ_ident1.decode        |   7 +
 hw/arm/mps2.c                          |  97 +++++-
 hw/arm/npcm7xx.c                       | 532 +++++++++++++++++++++++++++++
 hw/arm/npcm7xx_boards.c                | 197 +++++++++++
 hw/arm/xlnx-versal-virt.c              |   2 +-
 hw/mem/npcm7xx_mc.c                    |  84 +++++
 hw/misc/a9scu.c                        |  59 ++--
 hw/misc/npcm7xx_clk.c                  | 266 +++++++++++++++
 hw/misc/npcm7xx_gcr.c                  | 269 +++++++++++++++
 hw/nvram/npcm7xx_otp.c                 | 440 ++++++++++++++++++++++++
 hw/ssi/npcm7xx_fiu.c                   | 572 +++++++++++++++++++++++++++++++
 hw/timer/armv7m_systick.c              |   8 +
 hw/timer/npcm7xx_timer.c               | 543 ++++++++++++++++++++++++++++++
 target/arm/cpu.c                       | 101 +++---
 target/arm/helper.c                    |   2 +-
 target/arm/kvm.c                       |   7 -
 target/arm/kvm32.c                     | 595 ---------------------------------
 .gitmodules                            |   3 +
 MAINTAINERS                            |  10 +
 hw/arm/Kconfig                         |   9 +
 hw/arm/meson.build                     |   1 +
 hw/mem/meson.build                     |   1 +
 hw/misc/meson.build                    |   4 +
 hw/misc/trace-events                   |   8 +
 hw/nvram/meson.build                   |   1 +
 hw/ssi/meson.build                     |   1 +
 hw/ssi/trace-events                    |  11 +
 hw/timer/meson.build                   |   1 +
 hw/timer/trace-events                  |   5 +
 pc-bios/README                         |   6 +
 pc-bios/meson.build                    |   1 +
 pc-bios/npcm7xx_bootrom.bin            | Bin 0 -> 768 bytes
 roms/Makefile                          |   7 +
 roms/vbootrom                          |   1 +
 scripts/decodetree.py                  |  46 ++-
 target/arm/meson.build                 |   5 +-
 target/arm/translate-neon.c.inc        |  42 ++-
 tests/acceptance/boot_linux_console.py |  83 +++++
 55 files changed, 3910 insertions(+), 783 deletions(-)
 create mode 100644 docs/system/arm/nuvoton.rst
 create mode 100644 include/hw/arm/npcm7xx.h
 create mode 100644 include/hw/mem/npcm7xx_mc.h
 create mode 100644 include/hw/misc/npcm7xx_clk.h
 create mode 100644 include/hw/misc/npcm7xx_gcr.h
 create mode 100644 include/hw/nvram/npcm7xx_otp.h
 create mode 100644 include/hw/ssi/npcm7xx_fiu.h
 create mode 100644 include/hw/timer/npcm7xx_timer.h
 create mode 100644 tests/decode/succ_ident1.decode
 create mode 100644 hw/arm/npcm7xx.c
 create mode 100644 hw/arm/npcm7xx_boards.c
 create mode 100644 hw/mem/npcm7xx_mc.c
 create mode 100644 hw/misc/npcm7xx_clk.c
 create mode 100644 hw/misc/npcm7xx_gcr.c
 create mode 100644 hw/nvram/npcm7xx_otp.c
 create mode 100644 hw/ssi/npcm7xx_fiu.c
 create mode 100644 hw/timer/npcm7xx_timer.c
 delete mode 100644 target/arm/kvm32.c
 create mode 100644 pc-bios/npcm7xx_bootrom.bin
 create mode 160000 roms/vbootrom