[Qemu-devel] [PULL 0/8] target-arm queue

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Pull request with what I hope are the last ARM fixes for 2.3...


The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150401

for you to fetch changes up to 25b9fb107bc1f6735fdb3fce537792f5db95f78d:

  target-arm: kvm64 fix save/restore of SPSR regs (2015-04-01 17:57:30 +0100)

----------------------------------------------------------------
target-arm:
 * Fix broken migration on AArch64 KVM
 * Fix minor memory leaks in virt, vexpress, highbank
 * Honour requested filename when loading highbank rom image

----------------------------------------------------------------
Alex Bennée (4):
      target-arm: kvm: save/restore mp state
      hw/intc: arm_gic_kvm.c restore config first
      target-arm: kvm64 sync FP register state
      target-arm: kvm64 fix save/restore of SPSR regs

Peter Maydell (1):
      target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)

Stefan Weil (3):
      hw/arm/highbank: Fix resource leak and wrong image loading
      hw/arm/vexpress: Fix memory leak reported by Coverity
      hw/arm/virt: Fix memory leak reported by Coverity

 hw/arm/highbank.c       |   3 +-
 hw/arm/vexpress.c       |  11 ++++-
 hw/arm/virt.c           |   9 +++-
 hw/intc/arm_gic_kvm.c   |   7 ++-
 target-arm/helper-a64.c |   2 +-
 target-arm/helper.c     |   2 +-
 target-arm/internals.h  |   5 +-
 target-arm/kvm.c        |  44 ++++++++++++++++++
 target-arm/kvm32.c      |   4 ++
 target-arm/kvm64.c      | 118 ++++++++++++++++++++++++++++++++++++++++++++++--
 target-arm/kvm_arm.h    |  17 +++++++
 11 files changed, 207 insertions(+), 15 deletions(-)

[Qemu-devel] [PULL 1/8] hw/arm/highbank: Fix resource leak and wrong image loading

[Peter Maydell]

From: Stefan Weil <sw@weilnetz.de>

Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.

In addition, that name is used to get the size of the image, but a
different image name was used to load it.

In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.

Fix all three issues.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/highbank.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index ddd10dc..07cb4e0 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -278,8 +278,7 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
     if (bios_name != NULL) {
         sysboot_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
         if (sysboot_filename != NULL) {
-            uint32_t filesize = get_image_size(sysboot_filename);
-            if (load_image_targphys("sysram.bin", 0xfff88000, filesize) < 0) {
+            if (load_image_targphys(sysboot_filename, 0xfff88000, 0x8000) < 0) {
                 hw_error("Unable to load %s\n", bios_name);
             }
             g_free(sysboot_filename);
-- 
1.9.1

[Qemu-devel] [PULL 2/8] hw/arm/vexpress: Fix memory leak reported by Coverity

[Peter Maydell]

From: Stefan Weil <sw@weilnetz.de>

As the conditional statement had to be split anyway, we can also
add a better error report message.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/vexpress.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index e9a7ced..dd04527 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -563,6 +563,7 @@ static void vexpress_common_init(MachineState *machine)
      */
     if (bios_name) {
         char *fn;
+        int image_size;
 
         if (drive_get(IF_PFLASH, 0, 0)) {
             error_report("The contents of the first flash device may be "
@@ -571,8 +572,14 @@ static void vexpress_common_init(MachineState *machine)
             exit(1);
         }
         fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-        if (!fn || load_image_targphys(fn, map[VE_NORFLASH0],
-                                       VEXPRESS_FLASH_SIZE) < 0) {
+        if (!fn) {
+            error_report("Could not find ROM image '%s'", bios_name);
+            exit(1);
+        }
+        image_size = load_image_targphys(fn, map[VE_NORFLASH0],
+                                         VEXPRESS_FLASH_SIZE);
+        g_free(fn);
+        if (image_size < 0) {
             error_report("Could not load ROM image '%s'", bios_name);
             exit(1);
         }
-- 
1.9.1

[Qemu-devel] [PULL 3/8] hw/arm/virt: Fix memory leak reported by Coverity

[Peter Maydell]

From: Stefan Weil <sw@weilnetz.de>

As the conditional statement had to be split anyway, we can also
add a better error report message.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877982-3603-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b652b07..7d082e2 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -553,6 +553,7 @@ static void create_flash(const VirtBoardInfo *vbi)
 
     if (bios_name) {
         char *fn;
+        int image_size;
 
         if (drive_get(IF_PFLASH, 0, 0)) {
             error_report("The contents of the first flash device may be "
@@ -561,7 +562,13 @@ static void create_flash(const VirtBoardInfo *vbi)
             exit(1);
         }
         fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-        if (!fn || load_image_targphys(fn, flashbase, flashsize) < 0) {
+        if (!fn) {
+            error_report("Could not find ROM image '%s'", bios_name);
+            exit(1);
+        }
+        image_size = load_image_targphys(fn, flashbase, flashsize);
+        g_free(fn);
+        if (image_size < 0) {
             error_report("Could not load ROM image '%s'", bios_name);
             exit(1);
         }
-- 
1.9.1

[Qemu-devel] [PULL 4/8] target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)

[Peter Maydell]

The AArch64 SPSR_EL1 register is architecturally mandated to
be mapped to the AArch32 SPSR_svc register. This means its
state should live in QEMU's env->banked_spsr[1] field.
Correct the various places in the code that incorrectly
put it in banked_spsr[0].

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper-a64.c | 2 +-
 target-arm/helper.c     | 2 +-
 target-arm/internals.h  | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index 7e0d038..861f6fa 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -523,7 +523,7 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
         aarch64_save_sp(env, arm_current_el(env));
         env->elr_el[new_el] = env->pc;
     } else {
-        env->banked_spsr[0] = cpsr_read(env);
+        env->banked_spsr[aarch64_banked_spsr_index(new_el)] = cpsr_read(env);
         if (!env->thumb) {
             env->cp15.esr_el[new_el] |= 1 << 25;
         }
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 10886c5..d77c6de 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2438,7 +2438,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "SPSR_EL1", .state = ARM_CP_STATE_AA64,
       .type = ARM_CP_ALIAS,
       .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 0,
-      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, banked_spsr[0]) },
+      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, banked_spsr[1]) },
     /* We rely on the access checks not allowing the guest to write to the
      * state field when SPSel indicates that it's being used as the stack
      * pointer.
diff --git a/target-arm/internals.h b/target-arm/internals.h
index bb171a7..2cc3017 100644
--- a/target-arm/internals.h
+++ b/target-arm/internals.h
@@ -82,11 +82,14 @@ static inline void arm_log_exception(int idx)
 
 /*
  * For AArch64, map a given EL to an index in the banked_spsr array.
+ * Note that this mapping and the AArch32 mapping defined in bank_number()
+ * must agree such that the AArch64<->AArch32 SPSRs have the architecturally
+ * mandated mapping between each other.
  */
 static inline unsigned int aarch64_banked_spsr_index(unsigned int el)
 {
     static const unsigned int map[4] = {
-        [1] = 0, /* EL1.  */
+        [1] = 1, /* EL1.  */
         [2] = 6, /* EL2.  */
         [3] = 7, /* EL3.  */
     };
-- 
1.9.1

[Qemu-devel] [PULL 5/8] target-arm: kvm: save/restore mp state

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

This adds the saving and restore of the current Multi-Processing state
of the machine. While the KVM_GET/SET_MP_STATE API exposes a number of
potential states for x86 we only use two for ARM. Either the process is
running or not. We then save this state into the cpu_powered TCG state
to avoid changing the serialisation format.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/kvm.c     | 44 ++++++++++++++++++++++++++++++++++++++++++++
 target-arm/kvm32.c   |  4 ++++
 target-arm/kvm64.c   |  4 ++++
 target-arm/kvm_arm.h | 17 +++++++++++++++++
 4 files changed, 69 insertions(+)

diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 72c1fa1..fdd9ba3 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -28,6 +28,8 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
     KVM_CAP_LAST_INFO
 };
 
+static bool cap_has_mp_state;
+
 int kvm_arm_vcpu_init(CPUState *cs)
 {
     ARMCPU *cpu = ARM_CPU(cs);
@@ -157,6 +159,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
      */
     kvm_async_interrupts_allowed = true;
 
+    cap_has_mp_state = kvm_check_extension(s, KVM_CAP_MP_STATE);
+
     type_register_static(&host_arm_cpu_type_info);
 
     return 0;
@@ -458,6 +462,46 @@ void kvm_arm_reset_vcpu(ARMCPU *cpu)
     }
 }
 
+/*
+ * Update KVM's MP_STATE based on what QEMU thinks it is
+ */
+int kvm_arm_sync_mpstate_to_kvm(ARMCPU *cpu)
+{
+    if (cap_has_mp_state) {
+        struct kvm_mp_state mp_state = {
+            .mp_state =
+            cpu->powered_off ? KVM_MP_STATE_STOPPED : KVM_MP_STATE_RUNNABLE
+        };
+        int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MP_STATE, &mp_state);
+        if (ret) {
+            fprintf(stderr, "%s: failed to set MP_STATE %d/%s\n",
+                    __func__, ret, strerror(-ret));
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Sync the KVM MP_STATE into QEMU
+ */
+int kvm_arm_sync_mpstate_to_qemu(ARMCPU *cpu)
+{
+    if (cap_has_mp_state) {
+        struct kvm_mp_state mp_state;
+        int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MP_STATE, &mp_state);
+        if (ret) {
+            fprintf(stderr, "%s: failed to get MP_STATE %d/%s\n",
+                    __func__, ret, strerror(-ret));
+            abort();
+        }
+        cpu->powered_off = (mp_state.mp_state == KVM_MP_STATE_STOPPED);
+    }
+
+    return 0;
+}
+
 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
 {
 }
diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index 94030d1..49b6bab 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -356,6 +356,8 @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return EINVAL;
     }
 
+    kvm_arm_sync_mpstate_to_kvm(cpu);
+
     return ret;
 }
 
@@ -427,5 +429,7 @@ int kvm_arch_get_registers(CPUState *cs)
      */
     write_list_to_cpustate(cpu);
 
+    kvm_arm_sync_mpstate_to_qemu(cpu);
+
     return 0;
 }
diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index 8cf3a62..fed03f2 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -211,6 +211,8 @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return EINVAL;
     }
 
+    kvm_arm_sync_mpstate_to_kvm(cpu);
+
     /* TODO:
      * FP state
      */
@@ -310,6 +312,8 @@ int kvm_arch_get_registers(CPUState *cs)
      */
     write_list_to_cpustate(cpu);
 
+    kvm_arm_sync_mpstate_to_qemu(cpu);
+
     /* TODO: other registers */
     return ret;
 }
diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h
index 455dea3..5abd591 100644
--- a/target-arm/kvm_arm.h
+++ b/target-arm/kvm_arm.h
@@ -162,6 +162,23 @@ typedef struct ARMHostCPUClass {
  */
 bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc);
 
+
+/**
+ * kvm_arm_sync_mpstate_to_kvm
+ * @cpu: ARMCPU
+ *
+ * If supported set the KVM MP_STATE based on QEMU's model.
+ */
+int kvm_arm_sync_mpstate_to_kvm(ARMCPU *cpu);
+
+/**
+ * kvm_arm_sync_mpstate_to_qemu
+ * @cpu: ARMCPU
+ *
+ * If supported get the MP_STATE from KVM and store in QEMU's model.
+ */
+int kvm_arm_sync_mpstate_to_qemu(ARMCPU *cpu);
+
 #endif
 
 #endif
-- 
1.9.1

[Qemu-devel] [PULL 6/8] hw/intc: arm_gic_kvm.c restore config first

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

As there is logic to deal with the difference between edge and level
triggered interrupts in the kernel we must ensure it knows the
configuration of the IRQs before we restore the pending state.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gic_kvm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
index 0d20750..e1952ad 100644
--- a/hw/intc/arm_gic_kvm.c
+++ b/hw/intc/arm_gic_kvm.c
@@ -370,6 +370,11 @@ static void kvm_arm_gic_put(GICState *s)
      * the appropriate CPU interfaces in the kernel) */
     kvm_dist_put(s, 0x800, 8, s->num_irq, translate_targets);
 
+    /* irq_state[n].trigger -> GICD_ICFGRn
+     * (restore configuration registers before pending IRQs so we treat
+     * level/edge correctly) */
+    kvm_dist_put(s, 0xc00, 2, s->num_irq, translate_trigger);
+
     /* irq_state[n].pending + irq_state[n].level -> GICD_ISPENDRn */
     kvm_dist_put(s, 0x280, 1, s->num_irq, translate_clear);
     kvm_dist_put(s, 0x200, 1, s->num_irq, translate_pending);
@@ -378,8 +383,6 @@ static void kvm_arm_gic_put(GICState *s)
     kvm_dist_put(s, 0x380, 1, s->num_irq, translate_clear);
     kvm_dist_put(s, 0x300, 1, s->num_irq, translate_active);
 
-    /* irq_state[n].trigger -> GICD_ICFRn */
-    kvm_dist_put(s, 0xc00, 2, s->num_irq, translate_trigger);
 
     /* s->priorityX[irq] -> ICD_IPRIORITYRn */
     kvm_dist_put(s, 0x400, 8, s->num_irq, translate_priority);
-- 
1.9.1

[Qemu-devel] [PULL 7/8] target-arm: kvm64 sync FP register state

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

For migration to work we need to sync all of the register state. This is
especially noticeable when GCC starts using FP registers as spill
registers even with integer programs.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/kvm64.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 82 insertions(+), 3 deletions(-)

diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index fed03f2..d6c83b0 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -15,6 +15,7 @@
 
 #include <linux/kvm.h>
 
+#include "config-host.h"
 #include "qemu-common.h"
 #include "qemu/timer.h"
 #include "sysemu/sysemu.h"
@@ -126,9 +127,16 @@ bool kvm_arm_reg_syncs_via_cpreg_list(uint64_t regidx)
 #define AARCH64_CORE_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \
                  KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
 
+#define AARCH64_SIMD_CORE_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U128 | \
+                 KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
+
+#define AARCH64_SIMD_CTRL_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U32 | \
+                 KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
+
 int kvm_arch_put_registers(CPUState *cs, int level)
 {
     struct kvm_one_reg reg;
+    uint32_t fpr;
     uint64_t val;
     int i;
     int ret;
@@ -207,15 +215,48 @@ int kvm_arch_put_registers(CPUState *cs, int level)
         }
     }
 
+    /* Advanced SIMD and FP registers
+     * We map Qn = regs[2n+1]:regs[2n]
+     */
+    for (i = 0; i < 32; i++) {
+        int rd = i << 1;
+        uint64_t fp_val[2];
+#ifdef HOST_WORDS_BIGENDIAN
+        fp_val[0] = env->vfp.regs[rd + 1];
+        fp_val[1] = env->vfp.regs[rd];
+#else
+        fp_val[1] = env->vfp.regs[rd + 1];
+        fp_val[0] = env->vfp.regs[rd];
+#endif
+        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
+        reg.addr = (uintptr_t)(&fp_val);
+        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+        if (ret) {
+            return ret;
+        }
+    }
+
+    reg.addr = (uintptr_t)(&fpr);
+    fpr = vfp_get_fpsr(env);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
+    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+
+    fpr = vfp_get_fpcr(env);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
+    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+
     if (!write_list_to_kvmstate(cpu)) {
         return EINVAL;
     }
 
     kvm_arm_sync_mpstate_to_kvm(cpu);
 
-    /* TODO:
-     * FP state
-     */
     return ret;
 }
 
@@ -223,6 +264,7 @@ int kvm_arch_get_registers(CPUState *cs)
 {
     struct kvm_one_reg reg;
     uint64_t val;
+    uint32_t fpr;
     int i;
     int ret;
 
@@ -304,6 +346,43 @@ int kvm_arch_get_registers(CPUState *cs)
         }
     }
 
+    /* Advanced SIMD and FP registers
+     * We map Qn = regs[2n+1]:regs[2n]
+     */
+    for (i = 0; i < 32; i++) {
+        uint64_t fp_val[2];
+        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
+        reg.addr = (uintptr_t)(&fp_val);
+        ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+        if (ret) {
+            return ret;
+        } else {
+            int rd = i << 1;
+#ifdef HOST_WORDS_BIGENDIAN
+            env->vfp.regs[rd + 1] = fp_val[0];
+            env->vfp.regs[rd] = fp_val[1];
+#else
+            env->vfp.regs[rd + 1] = fp_val[1];
+            env->vfp.regs[rd] = fp_val[0];
+#endif
+        }
+    }
+
+    reg.addr = (uintptr_t)(&fpr);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
+    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+    vfp_set_fpsr(env, fpr);
+
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
+    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+    vfp_set_fpcr(env, fpr);
+
     if (!write_kvmstate_to_list(cpu)) {
         return EINVAL;
     }
-- 
1.9.1

[Qemu-devel] [PULL 8/8] target-arm: kvm64 fix save/restore of SPSR regs

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

The current code was negatively indexing the cpu state array and not
synchronizing banked spsr register state with the current mode's spsr
state, causing occasional failures with migration.

Some munging is done to take care of the aarch64 mapping and also to
ensure the most current value of the spsr is updated to the banked
registers (relevant for KVM<->TCG migration).

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/kvm64.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index d6c83b0..93c1ca8 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -140,6 +140,7 @@ int kvm_arch_put_registers(CPUState *cs, int level)
     uint64_t val;
     int i;
     int ret;
+    unsigned int el;
 
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
@@ -206,9 +207,22 @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return ret;
     }
 
+    /* Saved Program State Registers
+     *
+     * Before we restore from the banked_spsr[] array we need to
+     * ensure that any modifications to env->spsr are correctly
+     * reflected in the banks.
+     */
+    el = arm_current_el(env);
+    if (el > 0 && !is_a64(env)) {
+        i = bank_number(env->uncached_cpsr & CPSR_M);
+        env->banked_spsr[i] = env->spsr;
+    }
+
+    /* KVM 0-4 map to QEMU banks 1-5 */
     for (i = 0; i < KVM_NR_SPSR; i++) {
         reg.id = AARCH64_CORE_REG(spsr[i]);
-        reg.addr = (uintptr_t) &env->banked_spsr[i - 1];
+        reg.addr = (uintptr_t) &env->banked_spsr[i + 1];
         ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
         if (ret) {
             return ret;
@@ -265,6 +279,7 @@ int kvm_arch_get_registers(CPUState *cs)
     struct kvm_one_reg reg;
     uint64_t val;
     uint32_t fpr;
+    unsigned int el;
     int i;
     int ret;
 
@@ -337,15 +352,25 @@ int kvm_arch_get_registers(CPUState *cs)
         return ret;
     }
 
+    /* Fetch the SPSR registers
+     *
+     * KVM SPSRs 0-4 map to QEMU banks 1-5
+     */
     for (i = 0; i < KVM_NR_SPSR; i++) {
         reg.id = AARCH64_CORE_REG(spsr[i]);
-        reg.addr = (uintptr_t) &env->banked_spsr[i - 1];
+        reg.addr = (uintptr_t) &env->banked_spsr[i + 1];
         ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
         if (ret) {
             return ret;
         }
     }
 
+    el = arm_current_el(env);
+    if (el > 0 && !is_a64(env)) {
+        i = bank_number(env->uncached_cpsr & CPSR_M);
+        env->spsr = env->banked_spsr[i];
+    }
+
     /* Advanced SIMD and FP registers
      * We map Qn = regs[2n+1]:regs[2n]
      */
-- 
1.9.1

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 1 April 2015 at 18:08, Peter Maydell <peter.maydell@linaro.org> wrote:
> Pull request with what I hope are the last ARM fixes for 2.3...
>
>
> The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150401
>
> for you to fetch changes up to 25b9fb107bc1f6735fdb3fce537792f5db95f78d:
>
>   target-arm: kvm64 fix save/restore of SPSR regs (2015-04-01 17:57:30 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * Fix broken migration on AArch64 KVM
>  * Fix minor memory leaks in virt, vexpress, highbank
>  * Honour requested filename when loading highbank rom image
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

target-arm queue: a smallish set of patches for rc1 tomorrow.
I've included the tcg patches because RTH has no others that
would merit a pullreq.

I haven't included Thomas Huth's 17-patch set to deal with
the introspection crashes, to give that a little more time
on-list for review.

thanks
-- PMM

The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716

for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:

  accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)

----------------------------------------------------------------
target-arm queue:
 * accel/tcg: Use correct test when looking in victim TLB for code
 * bcm2835_aux: Swap RX and TX interrupt assignments
 * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
 * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
 * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
 * aspeed: Implement write-1-{set, clear} for AST2500 strapping
 * target/arm: Fix LD1W and LDFF1W (scalar plus vector)

----------------------------------------------------------------
Andrew Jeffery (1):
      aspeed: Implement write-1-{set, clear} for AST2500 strapping

Guenter Roeck (1):
      bcm2835_aux: Swap RX and TX interrupt assignments

Peter Maydell (4):
      hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
      hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
      accel/tcg: Use correct test when looking in victim TLB for code
      accel/tcg: Assert that tlb fill gave us a valid TLB entry

Richard Henderson (1):
      target/arm: Fix LD1W and LDFF1W (scalar plus vector)

Thomas Huth (1):
      hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false

 include/hw/misc/aspeed_scu.h |  2 ++
 accel/tcg/cputlb.c           |  6 +++---
 hw/arm/bcm2836.c             |  2 ++
 hw/char/bcm2835_aux.c        |  4 ++--
 hw/intc/arm_gic.c            | 22 +++++++++++++++++++---
 hw/misc/aspeed_scu.c         | 19 +++++++++++++++++--
 target/arm/sve_helper.c      |  4 ++--
 7 files changed, 47 insertions(+), 12 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 16 July 2018 at 17:42, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: a smallish set of patches for rc1 tomorrow.
> I've included the tcg patches because RTH has no others that
> would merit a pullreq.
>
> I haven't included Thomas Huth's 17-patch set to deal with
> the introspection crashes, to give that a little more time
> on-list for review.
>
> thanks
> -- PMM
>
> The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716
>
> for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:
>
>   accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * accel/tcg: Use correct test when looking in victim TLB for code
>  * bcm2835_aux: Swap RX and TX interrupt assignments
>  * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
>  * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
>  * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
>  * aspeed: Implement write-1-{set, clear} for AST2500 strapping
>  * target/arm: Fix LD1W and LDFF1W (scalar plus vector)
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Last target-arm pull before hardfreeze; nothing much
exciting here.

thanks
-- PMM


The following changes since commit 9328cfd2fe4a7ff86a41b2c26ea33974241d7d4e:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-06-29 18:09:51 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140630

for you to fetch changes up to ffebe8997523fd922da58a8e19ddffee6b035429:

  disas/libvixl: Fix wrong format strings (2014-06-29 22:04:28 +0100)

----------------------------------------------------------------
target-arm:
 * provide PL031 RTC in virt board
 * fix missing pxa2xx and strongarm vmstate
 * convert cadence_ttc to instance_init
 * fix libvixl format strings and README

----------------------------------------------------------------
Alistair Francis (1):
      timer: cadence_ttc: Convert to instance_init

Peter Maydell (5):
      hw/arm/virt: Provide PL031 RTC
      hw/arm/strongarm: Fix handling of GPSR/GPCR reads
      hw/arm/strongarm: Wire up missing GPIO and PPC vmstate
      hw/arm/pxa2xx_gpio: Fix handling of GPSR/GPCR reads
      hw/arm/pxa2xx_gpio: Correct and register vmstate

Richard Henderson (1):
      disas/libvixl: Update README for version base

Stefan Weil (1):
      disas/libvixl: Fix wrong format strings

 disas/libvixl/README            |  2 +-
 disas/libvixl/a64/disasm-a64.cc | 20 ++++++++++----------
 hw/arm/pxa2xx_gpio.c            | 17 ++++++++---------
 hw/arm/strongarm.c              | 18 ++++++++++--------
 hw/arm/virt.c                   | 30 ++++++++++++++++++++++++++++++
 hw/timer/cadence_ttc.c          | 15 ++++++---------
 6 files changed, 65 insertions(+), 37 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 30 June 2014 13:47, Peter Maydell <peter.maydell@linaro.org> wrote:
> Last target-arm pull before hardfreeze; nothing much
> exciting here.
>
> thanks
> -- PMM
>
>
> The following changes since commit 9328cfd2fe4a7ff86a41b2c26ea33974241d7d4e:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-06-29 18:09:51 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140630
>
> for you to fetch changes up to ffebe8997523fd922da58a8e19ddffee6b035429:
>
>   disas/libvixl: Fix wrong format strings (2014-06-29 22:04:28 +0100)

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

target-arm pullreq for softfreeze: bugfixes and cleanups and
the first traces of ARMv8 support in the shape of LDA/STL 
instructions. (There will be more of that in QEMU 1.7, I'm sure.)
Please pull.
 
thanks
-- PMM

The following changes since commit c3cb8e77804313e1be99b5f28a34a346736707a5:

  ioport: remove LITTLE_ENDIAN mark for portio (2013-07-12 14:37:47 -0500)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20130715-1

for you to fetch changes up to 82a3a11897308b606120f7235001e87809708f85:

  target-arm: Avoid g_hash_table_get_keys() (2013-07-15 17:13:51 +0100)

----------------------------------------------------------------
target-arm queue

----------------------------------------------------------------
Mans Rullgard (3):
      target-arm: add feature flag for ARMv8
      target-arm: implement LDA/STL instructions
      target-arm: explicitly decode SEVL instruction

Peter Crosthwaite (3):
      target-arm/helper.c: OMAP/StrongARM cp15 crn=0 cleanup
      target-arm/helper.c: Implement MIDR aliases
      target-arm/helper.c: Allow const opaques in arm CP

Peter Maydell (2):
      target-arm: avoid undefined behaviour when writing TTBCR
      target-arm: Avoid g_hash_table_get_keys()

 target-arm/cpu.c       |    7 ++-
 target-arm/cpu.h       |    1 +
 target-arm/helper.c    |   51 ++++++++++++-------
 target-arm/translate.c |  133 ++++++++++++++++++++++++++++++++++++++++++++----
 4 files changed, 161 insertions(+), 31 deletions(-)

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Hi; this is the usual target-arm pullreq, mostly just the cpregs
migration patchset that I posted a while back.

NB: I've updated my make-pullreq script to create a GPG-signed
pull request, but I'm not sure if I got it right -- feedback
welcome :-)

In particular, target-arm.for-upstream is still a branch name
as usual; the signed tag is "pull-target-arm-20130625"; I'm
not sure whether the tag should be the thing named in the
'available at' line below rather than the branch.


The following changes since commit baf8673ca802cb3ea2cdbe94813441d23bde223b:

  Merge remote-tracking branch 'stefanha/block' into staging (2013-06-24 14:33:17 -0500)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

for you to fetch changes up to bdcc150dc44ea96152f05f9e68970b63508d5ae7:

  target-arm: Make LPAE feature imply V7MP (2013-06-25 18:16:10 +0100)

----------------------------------------------------------------
target-arm queue

----------------------------------------------------------------
Peter Maydell (8):
      target-arm: Allow special cpregs to have flags set
      target-arm: Add raw_readfn and raw_writefn to ARMCPRegInfo
      target-arm: mark up cpregs for no-migrate or raw access
      target-arm: Convert TCG to using (index,value) list for cp migration
      target-arm: Initialize cpreg list from KVM when using KVM
      target-arm: Reinitialize all KVM VCPU registers on reset
      target-arm: Use tuple list to sync cp regs with KVM
      target-arm: Make LPAE feature imply V7MP

 target-arm/Makefile.objs |    1 +
 target-arm/cpu-qom.h     |   24 ++++
 target-arm/cpu.c         |    4 +-
 target-arm/cpu.h         |   89 ++++++++++++-
 target-arm/helper.c      |  327 +++++++++++++++++++++++++++++++++++++++-------
 target-arm/kvm-stub.c    |   23 ++++
 target-arm/kvm.c         |  292 +++++++++++++++++++++++++++++++----------
 target-arm/kvm_arm.h     |   33 +++++
 target-arm/machine.c     |  134 ++++++++++++-------
 9 files changed, 760 insertions(+), 167 deletions(-)
 create mode 100644 target-arm/kvm-stub.c

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Usual target-arm pullreq; mostly Aurelien's performance
improvement patches. The 'drop macro' patch has only been on
the list a few days but it's completely trivial so I threw it
in too. Please pull.

thanks
-- PMM

The following changes since commit a14c74928ba1fdaada515717f4d3c3fa3275d6f7:

  Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging (2012-10-04 19:56:26 -0500)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

for you to fetch changes up to 1273d9ca09e91bb290d10f704055f6abec363dd6:

  target-arm: Drop unused DECODE_CPREG_CRN macro (2012-10-05 15:04:45 +0100)

----------------------------------------------------------------
Aurelien Jarno (5):
      target-arm: use globals for CC flags
      target-arm: convert add_cc and sub_cc helpers to TCG
      target-arm: convert sar, shl and shr helpers to TCG
      target-arm: mark a few integer helpers const and pure
      target-arm: use deposit instead of hardcoded version

Peter Maydell (3):
      cpu_dump_state: move DUMP_FPU and DUMP_CCOP flags from x86-only to generic
      target-arm: Reinstate display of VFP registers in cpu_dump_state
      target-arm: Drop unused DECODE_CPREG_CRN macro

 cpu-all.h                |    3 +
 cpu-exec.c               |    2 +-
 cpus.c                   |    6 +-
 exec.c                   |   12 +-
 monitor.c                |    8 +-
 target-arm/cpu.h         |    2 -
 target-arm/helper.h      |   24 ++--
 target-arm/op_helper.c   |   44 -------
 target-arm/translate.c   |  302 ++++++++++++++++++++++++----------------------
 target-i386/cpu.c        |    2 +-
 target-i386/cpu.h        |    4 -
 target-i386/helper.c     |    4 +-
 target-i386/seg_helper.c |    4 +-
 target-i386/smm_helper.c |    4 +-
 14 files changed, 183 insertions(+), 238 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Aurelien Jarno]

On Fri, Oct 05, 2012 at 03:35:18PM +0100, Peter Maydell wrote:
> Usual target-arm pullreq; mostly Aurelien's performance
> improvement patches. The 'drop macro' patch has only been on
> the list a few days but it's completely trivial so I threw it
> in too. Please pull.
> 
> thanks
> -- PMM
> 
> The following changes since commit a14c74928ba1fdaada515717f4d3c3fa3275d6f7:
> 
>   Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging (2012-10-04 19:56:26 -0500)
> 
> are available in the git repository at:
> 
> 
>   git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream
> 
> for you to fetch changes up to 1273d9ca09e91bb290d10f704055f6abec363dd6:
> 
>   target-arm: Drop unused DECODE_CPREG_CRN macro (2012-10-05 15:04:45 +0100)
> 
> ----------------------------------------------------------------
> Aurelien Jarno (5):
>       target-arm: use globals for CC flags
>       target-arm: convert add_cc and sub_cc helpers to TCG
>       target-arm: convert sar, shl and shr helpers to TCG
>       target-arm: mark a few integer helpers const and pure
>       target-arm: use deposit instead of hardcoded version
> 
> Peter Maydell (3):
>       cpu_dump_state: move DUMP_FPU and DUMP_CCOP flags from x86-only to generic
>       target-arm: Reinstate display of VFP registers in cpu_dump_state
>       target-arm: Drop unused DECODE_CPREG_CRN macro
> 
>  cpu-all.h                |    3 +
>  cpu-exec.c               |    2 +-
>  cpus.c                   |    6 +-
>  exec.c                   |   12 +-
>  monitor.c                |    8 +-
>  target-arm/cpu.h         |    2 -
>  target-arm/helper.h      |   24 ++--
>  target-arm/op_helper.c   |   44 -------
>  target-arm/translate.c   |  302 ++++++++++++++++++++++++----------------------
>  target-i386/cpu.c        |    2 +-
>  target-i386/cpu.h        |    4 -
>  target-i386/helper.c     |    4 +-
>  target-i386/seg_helper.c |    4 +-
>  target-i386/smm_helper.c |    4 +-
>  14 files changed, 183 insertions(+), 238 deletions(-)
> 

Thanks, pulled.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net