[Qemu-devel] [PULL 00/20] target-arm queue

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

It always feels a bit odd to write a message to myself here :-)
Anyway, here's the latest pile of arm patches...

The following changes since commit 4a331bb33bdf112ba95470e5d6ea3561b049c280:

  Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging (2014-06-09 15:00:21 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140609

for you to fetch changes up to ff00c11324276b8064b3a5d00491d0f9c6291a77:

  target-arm: Delete unused iwmmxt_msadb helper (2014-06-09 15:43:26 +0100)

----------------------------------------------------------------
target-arm queue:
 * support -bios option in vexpress boards
 * register the Cortex-A57 impdef system registers
 * implement PD0/PD1 bits in TTBCR
 * fix handling of UXN bit in ARMv8 page tables
 * complete support of crypto insns in A32/T32
 * implement CRC and crypto insns in A64
 * fix bugs in generic timer control register

----------------------------------------------------------------
Ard Biesheuvel (1):
      target-arm: add support for v8 SHA1 and SHA256 instructions

Fabian Aggeler (2):
      target-arm: Prepare cpreg writefns/readfns for EL3/SecExt
      target-arm: implement PD0/PD1 bits for TTBCR

Grant Likely (1):
      vexpress: Add support for the -bios flag to provide firmware

Ian Campbell (1):
      target-arm: Correct handling of UXN bit in ARMv8 LPAE page tables

Peter Maydell (15):
      target-arm/cpu64.c: Actually register Cortex-A57 impdef registers
      target-arm: Allow 3reg_wide undefreq to encode more bad size options
      target-arm: add support for v8 VMULL.P64 instruction
      target-arm: A64: Use PMULL feature bit for PMULL
      target-arm: arm_any_initfn() should never set ARM_FEATURE_AARCH64
      target-arm: Remove unnecessary setting of feature bits
      target-arm: Clean up handling of ARMv8 optional feature bits
      target-arm: VFPv4 implies half-precision extension
      target-arm: A64: Implement CRC instructions
      target-arm: A32/T32: Mask CRC value in calling code, not helper
      target-arm: A64: Implement AES instructions
      target-arm: A64: Implement 3-register SHA instructions
      target-arm: A64: Implement two-register SHA instructions
      target-arm: Fix errors in writes to generic timer control registers
      target-arm: Delete unused iwmmxt_msadb helper

 hw/arm/vexpress.c          |  13 +++
 linux-user/elfload.c       |   9 +-
 target-arm/cpu.c           |  13 +--
 target-arm/cpu.h           |  19 ++++
 target-arm/cpu64.c         |  15 ++-
 target-arm/crypto_helper.c | 257 +++++++++++++++++++++++++++++++++++++++++++--
 target-arm/helper-a64.c    |  60 +++++------
 target-arm/helper-a64.h    |   4 +-
 target-arm/helper.c        | 136 +++++++++++++-----------
 target-arm/helper.h        |  14 ++-
 target-arm/iwmmxt_helper.c |   9 --
 target-arm/neon_helper.c   |  30 ++++++
 target-arm/translate-a64.c | 211 ++++++++++++++++++++++++++++++++++++-
 target-arm/translate.c     | 144 ++++++++++++++++++++++---
 14 files changed, 790 insertions(+), 144 deletions(-)

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

Here's the ARM queue. I know I have a pile of backed-up code
review to do, but I wanted to get these patches out rather
than accumulating a fifty-patch queue...

thanks
-- PMM

The following changes since commit 34a4450434f1a5daee06fca223afcbb9c8f1ee24:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150824' into staging (2015-08-25 13:34:57 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150825

for you to fetch changes up to ff4657fa18b08279ce1f79da35a0e9e0b9574dd5:

  target-arm: Implement AArch64 TLBI operations on IPAs (2015-08-25 15:45:10 +0100)

----------------------------------------------------------------
target-arm queue:
 * add missing EL2/EL3 TLBI operations
 * add missing EL2/EL3 ATS operations
 * add missing EL2/EL3 registers
 * update Xilinx MAINTAINERS info
 * Xilinx: connect the four OCM banks
 * virt: add SMBIOS support

----------------------------------------------------------------
Alistair Francis (3):
      xlnx-zynqmp: Connect the four OCM banks
      MAINTAINERS: Update Xilinx Maintainership
      MAINTAINERS: Add ZynqMP to MAINTAINERS file

Peter Maydell (15):
      target-arm: Add missing MAIR_EL3 and TPIDR_EL3 registers
      target-arm: Implement missing AMAIR registers
      target-arm: Implement missing AFSR registers
      target-arm: Implement missing ACTLR registers
      target-arm: there is no TTBR1 for 32-bit EL2 stage 1 translations
      target-arm: Wire up AArch64 EL2 and EL3 address translation ops
      target-arm: Add CP_ACCESS_TRAP_UNCATEGORIZED_EL2, 3
      target-arm: Enable the AArch32 ATS12NSO ops
      target-arm: Implement AArch32 ATS1H* operations
      cputlb: Add functions for flushing TLB for a single MMU index
      target-arm: Move TLBI ALLE1/ALLE1IS definitions into numeric order
      target-arm: Restrict AArch64 TLB flushes to the MMU indexes they must touch
      target-arm: Implement missing EL2 TLBI operations
      target-arm: Implement missing EL3 TLB invalidate operations
      target-arm: Implement AArch64 TLBI operations on IPAs

Wei Huang (2):
      smbios: add smbios 3.0 support
      smbios: implement smbios support for mach-virt

 MAINTAINERS                     |  27 ++-
 cputlb.c                        |  97 ++++++++
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/virt.c                   |  26 +++
 hw/arm/xlnx-zynqmp.c            |  15 ++
 hw/i386/pc_piix.c               |   3 +-
 hw/i386/pc_q35.c                |   3 +-
 hw/smbios/smbios.c              |  84 +++++--
 include/exec/exec-all.h         |  47 ++++
 include/hw/arm/xlnx-zynqmp.h    |   6 +
 include/hw/smbios/smbios.h      |  51 +++--
 qemu-options.hx                 |   2 +-
 target-arm/cpu.h                |   3 +
 target-arm/helper.c             | 489 +++++++++++++++++++++++++++++++++++-----
 target-arm/op_helper.c          |   8 +
 15 files changed, 759 insertions(+), 103 deletions(-)

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

Another week, another pullreq...

-- PMM

The following changes since commit 8611280505119e296757a60711a881341603fa5a:

  target-microblaze: Use setcond for pcmp* (2015-09-08 08:49:33 +0200)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150908

for you to fetch changes up to 6fdf3282d16e7fb6e798824fb5f4f60c6a73067d:

  xlnx-zynqmp: Connect the sysbus AHCI to ZynqMP (2015-09-08 17:38:45 +0100)

----------------------------------------------------------------
target-arm queue:
 * Implement priority handling properly via GICC_APR
 * Enable TZ extensions on the GIC if we're using them
 * Minor preparatory patches for EL3 support
 * cadence_gem: Correct Marvell PHY SPCFC reset value
 * Support AHCI in ZynqMP

----------------------------------------------------------------
Alistair Francis (5):
      cadence_gem: Correct Marvell PHY SPCFC reset value
      ahci: Separate the AHCI state structure into the header
      ahci.c: Don't assume AHCIState's parent is AHCIPCIState
      xlnx-zynqmp.c: Convert some of the error_propagate() calls to error_abort
      xlnx-zynqmp: Connect the sysbus AHCI to ZynqMP

Edgar E. Iglesias (3):
      target-arm: Log the target EL when taking exceptions
      target-arm: Correct opc1 for AT_S12Exx
      target-arm: Add AArch64 access to PAR_EL1

Peter Crosthwaite (1):
      qom: Add recursive version of object_child_for_each

Peter Maydell (10):
      armv7m_nvic: Implement ICSR without using internal GIC state
      hw/intc/arm_gic: Running priority is group priority, not full priority
      hw/intc/arm_gic: Fix handling of GICC_APR<n>, GICC_NSAPR<n> registers
      hw/intc/arm_gic: Drop running_irq and last_active arrays
      hw/intc/arm_gic: Actually set the active bits for active interrupts
      hw/arm: new interface for devices which need to behave differently for kernel boot
      hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS kernel boot
      hw/cpu/{a15mpcore, a9mpcore}: enable TrustZone in GIC if it is enabled in CPUs
      hw/arm/virt: Default to not providing TrustZone support
      hw/arm/virt: Enable TZ extensions on the GIC if we are using them

Sergey Sorokin (1):
      target-arm: Fix default_exception_el() function for the case when EL3 is not supported

 hw/arm/boot.c                    |  34 ++++++
 hw/arm/virt.c                    |  14 ++-
 hw/arm/xlnx-zynqmp.c             |  32 +++--
 hw/cpu/a15mpcore.c               |  13 +++
 hw/cpu/a9mpcore.c                |  11 ++
 hw/ide/ahci.c                    |  26 ++---
 hw/ide/ahci.h                    |  16 +++
 hw/intc/arm_gic.c                | 245 ++++++++++++++++++++++++++++++++++-----
 hw/intc/arm_gic_common.c         |  59 ++++++++--
 hw/intc/armv7m_nvic.c            |  13 +--
 hw/net/cadence_gem.c             |   2 +-
 include/hw/arm/linux-boot-if.h   |  43 +++++++
 include/hw/arm/xlnx-zynqmp.h     |   3 +
 include/hw/intc/arm_gic_common.h |  12 +-
 include/qom/object.h             |  15 +++
 qom/object.c                     |  25 +++-
 target-arm/helper-a64.c          |   3 +-
 target-arm/helper.c              |  14 ++-
 target-arm/translate-a64.c       |   6 +-
 target-arm/translate.c           |   6 +-
 target-arm/translate.h           |   5 +-
 21 files changed, 493 insertions(+), 104 deletions(-)
 create mode 100644 include/hw/arm/linux-boot-if.h

[Qemu-devel] [PULL 01/20] armv7m_nvic: Implement ICSR without using internal GIC state

[Peter Maydell]

Change the implementation of the Interrupt Control and State Register
in the v7M NVIC to not use the running_irq and last_active internal
state fields in the GIC. These fields don't correspond to state in
a real GIC and will be removed soon.
The changes to the ICSR are:
 * the VECTACTIVE field is documented as identical to the IPSR[8:0]
   field, so implement it that way
 * implement RETTOBASE via looking at the active state bits

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-2-git-send-email-peter.maydell@linaro.org
---
 hw/intc/armv7m_nvic.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index e13b729..3ec8408 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -185,26 +185,25 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
         return cpu->midr;
     case 0xd04: /* Interrupt Control State.  */
         /* VECTACTIVE */
-        val = s->gic.running_irq[0];
+        cpu = ARM_CPU(current_cpu);
+        val = cpu->env.v7m.exception;
         if (val == 1023) {
             val = 0;
         } else if (val >= 32) {
             val -= 16;
         }
-        /* RETTOBASE */
-        if (s->gic.running_irq[0] == 1023
-                || s->gic.last_active[s->gic.running_irq[0]][0] == 1023) {
-            val |= (1 << 11);
-        }
         /* VECTPENDING */
         if (s->gic.current_pending[0] != 1023)
             val |= (s->gic.current_pending[0] << 12);
-        /* ISRPENDING */
+        /* ISRPENDING and RETTOBASE */
         for (irq = 32; irq < s->num_irq; irq++) {
             if (s->gic.irq_state[irq].pending) {
                 val |= (1 << 22);
                 break;
             }
+            if (irq != cpu->env.v7m.exception && s->gic.irq_state[irq].active) {
+                val |= (1 << 11);
+            }
         }
         /* PENDSTSET */
         if (s->gic.irq_state[ARMV7M_EXCP_SYSTICK].pending)
-- 
1.9.1

[Qemu-devel] [PULL 02/20] hw/intc/arm_gic: Running priority is group priority, not full priority

[Peter Maydell]

Priority values for the GIC are divided into a "group priority"
and a "subpriority" (with the division being determined by the
binary point register). The running priority is only determined
by the group priority of the active interrupts, not the
subpriority. In particular, this means that there can't be more
than one active interrupt at any particular group priority.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-3-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index a8c5d19..1b8e839 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -219,13 +219,39 @@ static uint16_t gic_get_current_pending_irq(GICState *s, int cpu,
     return pending_irq;
 }
 
+static int gic_get_group_priority(GICState *s, int cpu, int irq)
+{
+    /* Return the group priority of the specified interrupt
+     * (which is the top bits of its priority, with the number
+     * of bits masked determined by the applicable binary point register).
+     */
+    int bpr;
+    uint32_t mask;
+
+    if (gic_has_groups(s) &&
+        !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) &&
+        GIC_TEST_GROUP(irq, (1 << cpu))) {
+        bpr = s->abpr[cpu];
+    } else {
+        bpr = s->bpr[cpu];
+    }
+
+    /* a BPR of 0 means the group priority bits are [7:1];
+     * a BPR of 1 means they are [7:2], and so on down to
+     * a BPR of 7 meaning no group priority bits at all.
+     */
+    mask = ~0U << ((bpr & 7) + 1);
+
+    return GIC_GET_PRIORITY(irq, cpu) & mask;
+}
+
 static void gic_set_running_irq(GICState *s, int cpu, int irq)
 {
     s->running_irq[cpu] = irq;
     if (irq == 1023) {
         s->running_priority[cpu] = 0x100;
     } else {
-        s->running_priority[cpu] = GIC_GET_PRIORITY(irq, cpu);
+        s->running_priority[cpu] = gic_get_group_priority(s, cpu, irq);
     }
     gic_update(s);
 }
-- 
1.9.1

[Qemu-devel] [PULL 03/20] hw/intc/arm_gic: Fix handling of GICC_APR<n>, GICC_NSAPR<n> registers

[Peter Maydell]

A GICv2 has both GICC_APR<n> and GICC_NSAPR<n> registers, with
the latter holding the active priority bits for Group 1 interrupts
(usually Nonsecure interrupts), and the Nonsecure view of the
GICC_APR<n> is the second half of the GICC_NSAPR<n> registers.
Turn our half-hearted implementation of APR<n> into a proper
implementation of both APR<n> and NSAPR<n>:

 * Add the underlying state for NSAPR<n>
 * Make sure APR<n> aren't visible for pre-GICv2
 * Implement reading of NSAPR<n>
 * Make non-secure reads of APR<n> behave correctly
 * Implement writing to APR<n> and NSAPR<n>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-4-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c                | 114 ++++++++++++++++++++++++++++++++++++++-
 hw/intc/arm_gic_common.c         |   5 +-
 include/hw/intc/arm_gic_common.h |   1 +
 3 files changed, 116 insertions(+), 4 deletions(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 1b8e839..34f781f 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -948,6 +948,68 @@ static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data,
     }
 }
 
+static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno)
+{
+    /* Return the Nonsecure view of GICC_APR<regno>. This is the
+     * second half of GICC_NSAPR.
+     */
+    switch (GIC_MIN_BPR) {
+    case 0:
+        if (regno < 2) {
+            return s->nsapr[regno + 2][cpu];
+        }
+        break;
+    case 1:
+        if (regno == 0) {
+            return s->nsapr[regno + 1][cpu];
+        }
+        break;
+    case 2:
+        if (regno == 0) {
+            return extract32(s->nsapr[0][cpu], 16, 16);
+        }
+        break;
+    case 3:
+        if (regno == 0) {
+            return extract32(s->nsapr[0][cpu], 8, 8);
+        }
+        break;
+    default:
+        g_assert_not_reached();
+    }
+    return 0;
+}
+
+static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno,
+                                         uint32_t value)
+{
+    /* Write the Nonsecure view of GICC_APR<regno>. */
+    switch (GIC_MIN_BPR) {
+    case 0:
+        if (regno < 2) {
+            s->nsapr[regno + 2][cpu] = value;
+        }
+        break;
+    case 1:
+        if (regno == 0) {
+            s->nsapr[regno + 1][cpu] = value;
+        }
+        break;
+    case 2:
+        if (regno == 0) {
+            s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value);
+        }
+        break;
+    case 3:
+        if (regno == 0) {
+            s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value);
+        }
+        break;
+    default:
+        g_assert_not_reached();
+    }
+}
+
 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset,
                                 uint64_t *data, MemTxAttrs attrs)
 {
@@ -988,8 +1050,31 @@ static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset,
         }
         break;
     case 0xd0: case 0xd4: case 0xd8: case 0xdc:
-        *data = s->apr[(offset - 0xd0) / 4][cpu];
+    {
+        int regno = (offset - 0xd0) / 4;
+
+        if (regno >= GIC_NR_APRS || s->revision != 2) {
+            *data = 0;
+        } else if (s->security_extn && !attrs.secure) {
+            /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */
+            *data = gic_apr_ns_view(s, regno, cpu);
+        } else {
+            *data = s->apr[regno][cpu];
+        }
+        break;
+    }
+    case 0xe0: case 0xe4: case 0xe8: case 0xec:
+    {
+        int regno = (offset - 0xe0) / 4;
+
+        if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) ||
+            (s->security_extn && !attrs.secure)) {
+            *data = 0;
+        } else {
+            *data = s->nsapr[regno][cpu];
+        }
         break;
+    }
     default:
         qemu_log_mask(LOG_GUEST_ERROR,
                       "gic_cpu_read: Bad offset %x\n", (int)offset);
@@ -1027,8 +1112,33 @@ static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset,
         }
         break;
     case 0xd0: case 0xd4: case 0xd8: case 0xdc:
-        qemu_log_mask(LOG_UNIMP, "Writing APR not implemented\n");
+    {
+        int regno = (offset - 0xd0) / 4;
+
+        if (regno >= GIC_NR_APRS || s->revision != 2) {
+            return MEMTX_OK;
+        }
+        if (s->security_extn && !attrs.secure) {
+            /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */
+            gic_apr_write_ns_view(s, regno, cpu, value);
+        } else {
+            s->apr[regno][cpu] = value;
+        }
         break;
+    }
+    case 0xe0: case 0xe4: case 0xe8: case 0xec:
+    {
+        int regno = (offset - 0xe0) / 4;
+
+        if (regno >= GIC_NR_APRS || s->revision != 2) {
+            return MEMTX_OK;
+        }
+        if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) {
+            return MEMTX_OK;
+        }
+        s->nsapr[regno][cpu] = value;
+        break;
+    }
     default:
         qemu_log_mask(LOG_GUEST_ERROR,
                       "gic_cpu_write: Bad offset %x\n", (int)offset);
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index fe64b51..43c103e 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -59,8 +59,8 @@ static const VMStateDescription vmstate_gic_irq_state = {
 
 static const VMStateDescription vmstate_gic = {
     .name = "arm_gic",
-    .version_id = 10,
-    .minimum_version_id = 10,
+    .version_id = 11,
+    .minimum_version_id = 11,
     .pre_save = gic_pre_save,
     .post_load = gic_post_load,
     .fields = (VMStateField[]) {
@@ -80,6 +80,7 @@ static const VMStateDescription vmstate_gic = {
         VMSTATE_UINT8_ARRAY(bpr, GICState, GIC_NCPU),
         VMSTATE_UINT8_ARRAY(abpr, GICState, GIC_NCPU),
         VMSTATE_UINT32_2DARRAY(apr, GICState, GIC_NR_APRS, GIC_NCPU),
+        VMSTATE_UINT32_2DARRAY(nsapr, GICState, GIC_NR_APRS, GIC_NCPU),
         VMSTATE_END_OF_LIST()
     }
 };
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index edca3e0..c4ec2c3 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -106,6 +106,7 @@ typedef struct GICState {
      * the GIC.
      */
     uint32_t apr[GIC_NR_APRS][GIC_NCPU];
+    uint32_t nsapr[GIC_NR_APRS][GIC_NCPU];
 
     uint32_t num_cpu;
 
-- 
1.9.1

[Qemu-devel] [PULL 04/20] hw/intc/arm_gic: Drop running_irq and last_active arrays

[Peter Maydell]

The running_irq and last_active arrays represent state which
doesn't exist in a real hardware GIC. The only thing we use
them for is updating the running priority when an interrupt
is completed, but in fact we can use the active-priority
registers to do this. The running priority is always the
priority corresponding to the lowest set bit in the active
priority registers, because only one interrupt at any
particular priority can be active at once.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-5-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c                | 103 ++++++++++++++++++++++++++++-----------
 hw/intc/arm_gic_common.c         |   7 +--
 include/hw/intc/arm_gic_common.h |  10 ----
 3 files changed, 76 insertions(+), 44 deletions(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 34f781f..9daa8cd 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -245,15 +245,72 @@ static int gic_get_group_priority(GICState *s, int cpu, int irq)
     return GIC_GET_PRIORITY(irq, cpu) & mask;
 }
 
-static void gic_set_running_irq(GICState *s, int cpu, int irq)
+static void gic_activate_irq(GICState *s, int cpu, int irq)
 {
-    s->running_irq[cpu] = irq;
-    if (irq == 1023) {
-        s->running_priority[cpu] = 0x100;
+    /* Set the appropriate Active Priority Register bit for this IRQ,
+     * and update the running priority.
+     */
+    int prio = gic_get_group_priority(s, cpu, irq);
+    int preemption_level = prio >> (GIC_MIN_BPR + 1);
+    int regno = preemption_level / 32;
+    int bitno = preemption_level % 32;
+
+    if (gic_has_groups(s) && GIC_TEST_GROUP(irq, (1 << cpu))) {
+        s->nsapr[regno][cpu] &= (1 << bitno);
     } else {
-        s->running_priority[cpu] = gic_get_group_priority(s, cpu, irq);
+        s->apr[regno][cpu] &= (1 << bitno);
     }
-    gic_update(s);
+
+    s->running_priority[cpu] = prio;
+}
+
+static int gic_get_prio_from_apr_bits(GICState *s, int cpu)
+{
+    /* Recalculate the current running priority for this CPU based
+     * on the set bits in the Active Priority Registers.
+     */
+    int i;
+    for (i = 0; i < GIC_NR_APRS; i++) {
+        uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu];
+        if (!apr) {
+            continue;
+        }
+        return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1);
+    }
+    return 0x100;
+}
+
+static void gic_drop_prio(GICState *s, int cpu, int group)
+{
+    /* Drop the priority of the currently active interrupt in the
+     * specified group.
+     *
+     * Note that we can guarantee (because of the requirement to nest
+     * GICC_IAR reads [which activate an interrupt and raise priority]
+     * with GICC_EOIR writes [which drop the priority for the interrupt])
+     * that the interrupt we're being called for is the highest priority
+     * active interrupt, meaning that it has the lowest set bit in the
+     * APR registers.
+     *
+     * If the guest does not honour the ordering constraints then the
+     * behaviour of the GIC is UNPREDICTABLE, which for us means that
+     * the values of the APR registers might become incorrect and the
+     * running priority will be wrong, so interrupts that should preempt
+     * might not do so, and interrupts that should not preempt might do so.
+     */
+    int i;
+
+    for (i = 0; i < GIC_NR_APRS; i++) {
+        uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu];
+        if (!*papr) {
+            continue;
+        }
+        /* Clear lowest set bit */
+        *papr &= *papr - 1;
+        break;
+    }
+
+    s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu);
 }
 
 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs)
@@ -276,7 +333,6 @@ uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs)
         DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq);
         return 1023;
     }
-    s->last_active[irq][cpu] = s->running_irq[cpu];
 
     if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) {
         /* Clear pending flags for both level and edge triggered interrupts.
@@ -307,7 +363,8 @@ uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs)
         }
     }
 
-    gic_set_running_irq(s, cpu, irq);
+    gic_activate_irq(s, cpu, irq);
+    gic_update(s);
     DPRINTF("ACK %d\n", irq);
     return ret;
 }
@@ -437,8 +494,9 @@ static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs)
 
 void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
 {
-    int update = 0;
     int cm = 1 << cpu;
+    int group;
+
     DPRINTF("EOI %d\n", irq);
     if (irq >= s->num_irq) {
         /* This handles two cases:
@@ -451,8 +509,9 @@ void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
          */
         return;
     }
-    if (s->running_irq[cpu] == 1023)
+    if (s->running_priority[cpu] == 0x100) {
         return; /* No active IRQ.  */
+    }
 
     if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) {
         /* Mark level triggered interrupts as pending if they are still
@@ -461,11 +520,12 @@ void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
             && GIC_TEST_LEVEL(irq, cm) && (GIC_TARGET(irq) & cm) != 0) {
             DPRINTF("Set %d pending mask %x\n", irq, cm);
             GIC_SET_PENDING(irq, cm);
-            update = 1;
         }
     }
 
-    if (s->security_extn && !attrs.secure && !GIC_TEST_GROUP(irq, cm)) {
+    group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
+
+    if (s->security_extn && !attrs.secure && !group) {
         DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq);
         return;
     }
@@ -475,23 +535,8 @@ void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
      * i.e. go ahead and complete the irq anyway.
      */
 
-    if (irq != s->running_irq[cpu]) {
-        /* Complete an IRQ that is not currently running.  */
-        int tmp = s->running_irq[cpu];
-        while (s->last_active[tmp][cpu] != 1023) {
-            if (s->last_active[tmp][cpu] == irq) {
-                s->last_active[tmp][cpu] = s->last_active[irq][cpu];
-                break;
-            }
-            tmp = s->last_active[tmp][cpu];
-        }
-        if (update) {
-            gic_update(s);
-        }
-    } else {
-        /* Complete the current running IRQ.  */
-        gic_set_running_irq(s, cpu, s->last_active[s->running_irq[cpu]][cpu]);
-    }
+    gic_drop_prio(s, cpu, group);
+    gic_update(s);
 }
 
 static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index 43c103e..aa0e7d8 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -59,8 +59,8 @@ static const VMStateDescription vmstate_gic_irq_state = {
 
 static const VMStateDescription vmstate_gic = {
     .name = "arm_gic",
-    .version_id = 11,
-    .minimum_version_id = 11,
+    .version_id = 12,
+    .minimum_version_id = 12,
     .pre_save = gic_pre_save,
     .post_load = gic_post_load,
     .fields = (VMStateField[]) {
@@ -71,10 +71,8 @@ static const VMStateDescription vmstate_gic = {
         VMSTATE_UINT8_ARRAY(irq_target, GICState, GIC_MAXIRQ),
         VMSTATE_UINT8_2DARRAY(priority1, GICState, GIC_INTERNAL, GIC_NCPU),
         VMSTATE_UINT8_ARRAY(priority2, GICState, GIC_MAXIRQ - GIC_INTERNAL),
-        VMSTATE_UINT16_2DARRAY(last_active, GICState, GIC_MAXIRQ, GIC_NCPU),
         VMSTATE_UINT8_2DARRAY(sgi_pending, GICState, GIC_NR_SGIS, GIC_NCPU),
         VMSTATE_UINT16_ARRAY(priority_mask, GICState, GIC_NCPU),
-        VMSTATE_UINT16_ARRAY(running_irq, GICState, GIC_NCPU),
         VMSTATE_UINT16_ARRAY(running_priority, GICState, GIC_NCPU),
         VMSTATE_UINT16_ARRAY(current_pending, GICState, GIC_NCPU),
         VMSTATE_UINT8_ARRAY(bpr, GICState, GIC_NCPU),
@@ -174,7 +172,6 @@ static void arm_gic_common_reset(DeviceState *dev)
             s->priority_mask[i] = 0;
         }
         s->current_pending[i] = 1023;
-        s->running_irq[i] = 1023;
         s->running_priority[i] = 0x100;
         s->cpu_ctlr[i] = 0;
         s->bpr[i] = GIC_MIN_BPR;
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index c4ec2c3..b9dfe05 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -68,7 +68,6 @@ typedef struct GICState {
     uint8_t irq_target[GIC_MAXIRQ];
     uint8_t priority1[GIC_INTERNAL][GIC_NCPU];
     uint8_t priority2[GIC_MAXIRQ - GIC_INTERNAL];
-    uint16_t last_active[GIC_MAXIRQ][GIC_NCPU];
     /* For each SGI on the target CPU, we store 8 bits
      * indicating which source CPUs have made this SGI
      * pending on the target CPU. These correspond to
@@ -78,7 +77,6 @@ typedef struct GICState {
     uint8_t sgi_pending[GIC_NR_SGIS][GIC_NCPU];
 
     uint16_t priority_mask[GIC_NCPU];
-    uint16_t running_irq[GIC_NCPU];
     uint16_t running_priority[GIC_NCPU];
     uint16_t current_pending[GIC_NCPU];
 
@@ -96,14 +94,6 @@ typedef struct GICState {
      * If an interrupt for preemption level X is active, then
      *   APRn[X mod 32] == 0b1,  where n = X / 32
      * otherwise the bit is clear.
-     *
-     * TODO: rewrite the interrupt acknowlege/complete routines to use
-     * the APR registers to track the necessary information to update
-     * s->running_priority[] on interrupt completion (ie completely remove
-     * last_active[][] and running_irq[]). This will be necessary if we ever
-     * want to support TCG<->KVM migration, or TCG guests which can
-     * do power management involving powering down and restarting
-     * the GIC.
      */
     uint32_t apr[GIC_NR_APRS][GIC_NCPU];
     uint32_t nsapr[GIC_NR_APRS][GIC_NCPU];
-- 
1.9.1

[Qemu-devel] [PULL 05/20] hw/intc/arm_gic: Actually set the active bits for active interrupts

[Peter Maydell]

Although we were correctly handling interrupts becoming active
and then inactive, we weren't actually exposing this to the guest
by setting the 'active' flag for the interrupt, so reads
of GICD_ICACTIVERn and GICD_ISACTIVERn would generally incorrectly
return zeroes. Correct this oversight.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1438089748-5528-6-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 9daa8cd..2df550c 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -262,6 +262,7 @@ static void gic_activate_irq(GICState *s, int cpu, int irq)
     }
 
     s->running_priority[cpu] = prio;
+    GIC_SET_ACTIVE(irq, 1 << cpu);
 }
 
 static int gic_get_prio_from_apr_bits(GICState *s, int cpu)
@@ -536,6 +537,7 @@ void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
      */
 
     gic_drop_prio(s, cpu, group);
+    GIC_CLEAR_ACTIVE(irq, cm);
     gic_update(s);
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 06/20] qom: Add recursive version of object_child_for_each

[Peter Maydell]

From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

Useful for iterating through an entire QOM subtree.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-2-git-send-email-peter.maydell@linaro.org
---
 include/qom/object.h | 15 +++++++++++++++
 qom/object.c         | 25 ++++++++++++++++++++++---
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/include/qom/object.h b/include/qom/object.h
index 807978e..be7280c 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -1494,6 +1494,21 @@ int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
                          void *opaque);
 
 /**
+ * object_child_foreach_recursive:
+ * @obj: the object whose children will be navigated
+ * @fn: the iterator function to be called
+ * @opaque: an opaque value that will be passed to the iterator
+ *
+ * Call @fn passing each child of @obj and @opaque to it, until @fn returns
+ * non-zero. Calls recursively, all child nodes of @obj will also be passed
+ * all the way down to the leaf nodes of the tree. Depth first ordering.
+ *
+ * Returns: The last value returned by @fn, or 0 if there is no child.
+ */
+int object_child_foreach_recursive(Object *obj,
+                                   int (*fn)(Object *child, void *opaque),
+                                   void *opaque);
+/**
  * container_get:
  * @root: root of the #path, e.g., object_get_root()
  * @path: path to the container
diff --git a/qom/object.c b/qom/object.c
index eea8edf..b7b05d3 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -775,23 +775,42 @@ void object_class_foreach(void (*fn)(ObjectClass *klass, void *opaque),
     enumerating_types = false;
 }
 
-int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
-                         void *opaque)
+static int do_object_child_foreach(Object *obj,
+                                   int (*fn)(Object *child, void *opaque),
+                                   void *opaque, bool recurse)
 {
     ObjectProperty *prop, *next;
     int ret = 0;
 
     QTAILQ_FOREACH_SAFE(prop, &obj->properties, node, next) {
         if (object_property_is_child(prop)) {
-            ret = fn(prop->opaque, opaque);
+            Object *child = prop->opaque;
+
+            ret = fn(child, opaque);
             if (ret != 0) {
                 break;
             }
+            if (recurse) {
+                do_object_child_foreach(child, fn, opaque, true);
+            }
         }
     }
     return ret;
 }
 
+int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
+                         void *opaque)
+{
+    return do_object_child_foreach(obj, fn, opaque, false);
+}
+
+int object_child_foreach_recursive(Object *obj,
+                                   int (*fn)(Object *child, void *opaque),
+                                   void *opaque)
+{
+    return do_object_child_foreach(obj, fn, opaque, true);
+}
+
 static void object_class_get_list_tramp(ObjectClass *klass, void *opaque)
 {
     GSList **list = opaque;
-- 
1.9.1

[Qemu-devel] [PULL 07/20] hw/arm: new interface for devices which need to behave differently for kernel boot

[Peter Maydell]

For ARM we have a little minimalist bootloader in hw/arm/boot.c which
takes the place of firmware if we're directly booting a Linux kernel.
Unfortunately a few devices need special case handling in this situation
to do the initialization which on real hardware would be done by
firmware. (In particular if we're booting a kernel in NonSecure state
then we need to make a TZ-aware GIC put all its interrupts into Group 1,
or the guest will be unable to use them.)

Create a new QOM interface which can be implemented by devices which
need to do something different from their default reset behaviour.
The callback will be called after machine initialization and before
first reset.

Suggested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-3-git-send-email-peter.maydell@linaro.org
---
 hw/arm/boot.c                  | 34 +++++++++++++++++++++++++++++++++
 include/hw/arm/linux-boot-if.h | 43 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)
 create mode 100644 include/hw/arm/linux-boot-if.h

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 5b969cd..bef451b 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -10,6 +10,7 @@
 #include "config.h"
 #include "hw/hw.h"
 #include "hw/arm/arm.h"
+#include "hw/arm/linux-boot-if.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/loader.h"
@@ -555,6 +556,20 @@ static void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key,
     fw_cfg_add_bytes(fw_cfg, data_key, data, size);
 }
 
+static int do_arm_linux_init(Object *obj, void *opaque)
+{
+    if (object_dynamic_cast(obj, TYPE_ARM_LINUX_BOOT_IF)) {
+        ARMLinuxBootIf *albif = ARM_LINUX_BOOT_IF(obj);
+        ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_GET_CLASS(obj);
+        struct arm_boot_info *info = opaque;
+
+        if (albifc->arm_linux_init) {
+            albifc->arm_linux_init(albif, info->secure_boot);
+        }
+    }
+    return 0;
+}
+
 static void arm_load_kernel_notify(Notifier *notifier, void *data)
 {
     CPUState *cs;
@@ -778,6 +793,12 @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
         if (info->nb_cpus > 1) {
             info->write_secondary_boot(cpu, info);
         }
+
+        /* Notify devices which need to fake up firmware initialization
+         * that we're doing a direct kernel boot.
+         */
+        object_child_foreach_recursive(object_get_root(),
+                                       do_arm_linux_init, info);
     }
     info->is_linux = is_linux;
 
@@ -803,3 +824,16 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
         qemu_register_reset(do_cpu_reset, ARM_CPU(cs));
     }
 }
+
+static const TypeInfo arm_linux_boot_if_info = {
+    .name = TYPE_ARM_LINUX_BOOT_IF,
+    .parent = TYPE_INTERFACE,
+    .class_size = sizeof(ARMLinuxBootIfClass),
+};
+
+static void arm_linux_boot_register_types(void)
+{
+    type_register_static(&arm_linux_boot_if_info);
+}
+
+type_init(arm_linux_boot_register_types)
diff --git a/include/hw/arm/linux-boot-if.h b/include/hw/arm/linux-boot-if.h
new file mode 100644
index 0000000..aba4479
--- /dev/null
+++ b/include/hw/arm/linux-boot-if.h
@@ -0,0 +1,43 @@
+/*
+ * hw/arm/linux-boot-if.h : interface for devices which need to behave
+ * specially for direct boot of an ARM Linux kernel
+ */
+
+#ifndef HW_ARM_LINUX_BOOT_IF_H
+#define HW_ARM_LINUX_BOOT_IF_H
+
+#include "qom/object.h"
+
+#define TYPE_ARM_LINUX_BOOT_IF "arm-linux-boot-if"
+#define ARM_LINUX_BOOT_IF_CLASS(klass) \
+    OBJECT_CLASS_CHECK(ARMLinuxBootIfClass, (klass), TYPE_ARM_LINUX_BOOT_IF)
+#define ARM_LINUX_BOOT_IF_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(ARMLinuxBootIfClass, (obj), TYPE_ARM_LINUX_BOOT_IF)
+#define ARM_LINUX_BOOT_IF(obj) \
+    INTERFACE_CHECK(ARMLinuxBootIf, (obj), TYPE_ARM_LINUX_BOOT_IF)
+
+typedef struct ARMLinuxBootIf {
+    /*< private >*/
+    Object parent_obj;
+} ARMLinuxBootIf;
+
+typedef struct ARMLinuxBootIfClass {
+    /*< private >*/
+    InterfaceClass parent_class;
+
+    /*< public >*/
+    /** arm_linux_init: configure the device for a direct boot
+     * of an ARM Linux kernel (so that device reset puts it into
+     * the state the kernel expects after firmware initialization,
+     * rather than the true hardware reset state). This callback is
+     * called once after machine construction is complete (before the
+     * first system reset).
+     *
+     * @obj: the object implementing this interface
+     * @secure_boot: true if we are booting Secure, false for NonSecure
+     * (or for a CPU which doesn't support TrustZone)
+     */
+    void (*arm_linux_init)(ARMLinuxBootIf *obj, bool secure_boot);
+} ARMLinuxBootIfClass;
+
+#endif
-- 
1.9.1

[Qemu-devel] [PULL 08/20] hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS kernel boot

[Peter Maydell]

If we directly boot a kernel in NonSecure on a system where the GIC
supports the security extensions then we must cause the GIC to
configure its interrupts into group 1 (NonSecure) rather than the
usual group 0, and with their initial priority set to the highest
NonSecure priority rather than the usual highest Secure priority.
Otherwise the guest kernel will be unable to use any interrupts.

Implement this behaviour, controlled by a flag which we set if
appropriate when the ARM bootloader code calls our ARMLinuxBootIf
interface callback.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-4-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gic_common.c         | 51 +++++++++++++++++++++++++++++++++++++---
 include/hw/intc/arm_gic_common.h |  1 +
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index aa0e7d8..9c82b97 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -19,6 +19,7 @@
  */
 
 #include "gic_internal.h"
+#include "hw/arm/linux-boot-if.h"
 
 static void gic_pre_save(void *opaque)
 {
@@ -164,12 +165,27 @@ static void arm_gic_common_reset(DeviceState *dev)
 {
     GICState *s = ARM_GIC_COMMON(dev);
     int i, j;
+    int resetprio;
+
+    /* If we're resetting a TZ-aware GIC as if secure firmware
+     * had set it up ready to start a kernel in non-secure,
+     * we need to set interrupt priorities to a "zero for the
+     * NS view" value. This is particularly critical for the
+     * priority_mask[] values, because if they are zero then NS
+     * code cannot ever rewrite the priority to anything else.
+     */
+    if (s->security_extn && s->irq_reset_nonsecure) {
+        resetprio = 0x80;
+    } else {
+        resetprio = 0;
+    }
+
     memset(s->irq_state, 0, GIC_MAXIRQ * sizeof(gic_irq_state));
     for (i = 0 ; i < s->num_cpu; i++) {
         if (s->revision == REV_11MPCORE) {
             s->priority_mask[i] = 0xf0;
         } else {
-            s->priority_mask[i] = 0;
+            s->priority_mask[i] = resetprio;
         }
         s->current_pending[i] = 1023;
         s->running_priority[i] = 0x100;
@@ -177,7 +193,7 @@ static void arm_gic_common_reset(DeviceState *dev)
         s->bpr[i] = GIC_MIN_BPR;
         s->abpr[i] = GIC_MIN_ABPR;
         for (j = 0; j < GIC_INTERNAL; j++) {
-            s->priority1[j][i] = 0;
+            s->priority1[j][i] = resetprio;
         }
         for (j = 0; j < GIC_NR_SGIS; j++) {
             s->sgi_pending[j][i] = 0;
@@ -189,7 +205,7 @@ static void arm_gic_common_reset(DeviceState *dev)
     }
 
     for (i = 0; i < ARRAY_SIZE(s->priority2); i++) {
-        s->priority2[i] = 0;
+        s->priority2[i] = resetprio;
     }
 
     for (i = 0; i < GIC_MAXIRQ; i++) {
@@ -200,9 +216,32 @@ static void arm_gic_common_reset(DeviceState *dev)
             s->irq_target[i] = 0;
         }
     }
+    if (s->security_extn && s->irq_reset_nonsecure) {
+        for (i = 0; i < GIC_MAXIRQ; i++) {
+            GIC_SET_GROUP(i, ALL_CPU_MASK);
+        }
+    }
+
     s->ctlr = 0;
 }
 
+static void arm_gic_common_linux_init(ARMLinuxBootIf *obj,
+                                      bool secure_boot)
+{
+    GICState *s = ARM_GIC_COMMON(obj);
+
+    if (s->security_extn && !secure_boot) {
+        /* We're directly booting a kernel into NonSecure. If this GIC
+         * implements the security extensions then we must configure it
+         * to have all the interrupts be NonSecure (this is a job that
+         * is done by the Secure boot firmware in real hardware, and in
+         * this mode QEMU is acting as a minimalist firmware-and-bootloader
+         * equivalent).
+         */
+        s->irq_reset_nonsecure = true;
+    }
+}
+
 static Property arm_gic_common_properties[] = {
     DEFINE_PROP_UINT32("num-cpu", GICState, num_cpu, 1),
     DEFINE_PROP_UINT32("num-irq", GICState, num_irq, 32),
@@ -219,11 +258,13 @@ static Property arm_gic_common_properties[] = {
 static void arm_gic_common_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
+    ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
 
     dc->reset = arm_gic_common_reset;
     dc->realize = arm_gic_common_realize;
     dc->props = arm_gic_common_properties;
     dc->vmsd = &vmstate_gic;
+    albifc->arm_linux_init = arm_gic_common_linux_init;
 }
 
 static const TypeInfo arm_gic_common_type = {
@@ -233,6 +274,10 @@ static const TypeInfo arm_gic_common_type = {
     .class_size = sizeof(ARMGICCommonClass),
     .class_init = arm_gic_common_class_init,
     .abstract = true,
+    .interfaces = (InterfaceInfo []) {
+        { TYPE_ARM_LINUX_BOOT_IF },
+        { },
+    },
 };
 
 static void register_types(void)
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index b9dfe05..564a72b 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -109,6 +109,7 @@ typedef struct GICState {
     uint32_t num_irq;
     uint32_t revision;
     bool security_extn;
+    bool irq_reset_nonsecure; /* configure IRQs as group 1 (NS) on reset? */
     int dev_fd; /* kvm device fd if backed by kvm vgic support */
 } GICState;
 
-- 
1.9.1

[Qemu-devel] [PULL 09/20] hw/cpu/{a15mpcore, a9mpcore}: enable TrustZone in GIC if it is enabled in CPUs

[Peter Maydell]

If the A9 and A15 CPUs which we're creating the peripherals for have
TrustZone (EL3) enabled, then also enable it in the GIC we create.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-5-git-send-email-peter.maydell@linaro.org
---
 hw/cpu/a15mpcore.c | 13 +++++++++++++
 hw/cpu/a9mpcore.c  | 11 +++++++++++
 2 files changed, 24 insertions(+)

diff --git a/hw/cpu/a15mpcore.c b/hw/cpu/a15mpcore.c
index 58ac02e..4ef8db1 100644
--- a/hw/cpu/a15mpcore.c
+++ b/hw/cpu/a15mpcore.c
@@ -52,10 +52,23 @@ static void a15mp_priv_realize(DeviceState *dev, Error **errp)
     SysBusDevice *busdev;
     int i;
     Error *err = NULL;
+    bool has_el3;
+    Object *cpuobj;
 
     gicdev = DEVICE(&s->gic);
     qdev_prop_set_uint32(gicdev, "num-cpu", s->num_cpu);
     qdev_prop_set_uint32(gicdev, "num-irq", s->num_irq);
+
+    if (!kvm_irqchip_in_kernel()) {
+        /* Make the GIC's TZ support match the CPUs. We assume that
+         * either all the CPUs have TZ, or none do.
+         */
+        cpuobj = OBJECT(qemu_get_cpu(0));
+        has_el3 = object_property_find(cpuobj, "has_el3", &error_abort) &&
+            object_property_get_bool(cpuobj, "has_el3", &error_abort);
+        qdev_prop_set_bit(gicdev, "has-security-extensions", has_el3);
+    }
+
     object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
     if (err != NULL) {
         error_propagate(errp, err);
diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
index c09358c..7046246 100644
--- a/hw/cpu/a9mpcore.c
+++ b/hw/cpu/a9mpcore.c
@@ -49,6 +49,8 @@ static void a9mp_priv_realize(DeviceState *dev, Error **errp)
                  *wdtbusdev;
     Error *err = NULL;
     int i;
+    bool has_el3;
+    Object *cpuobj;
 
     scudev = DEVICE(&s->scu);
     qdev_prop_set_uint32(scudev, "num-cpu", s->num_cpu);
@@ -62,6 +64,15 @@ static void a9mp_priv_realize(DeviceState *dev, Error **errp)
     gicdev = DEVICE(&s->gic);
     qdev_prop_set_uint32(gicdev, "num-cpu", s->num_cpu);
     qdev_prop_set_uint32(gicdev, "num-irq", s->num_irq);
+
+    /* Make the GIC's TZ support match the CPUs. We assume that
+     * either all the CPUs have TZ, or none do.
+     */
+    cpuobj = OBJECT(qemu_get_cpu(0));
+    has_el3 = object_property_find(cpuobj, "has_el3", &error_abort) &&
+        object_property_get_bool(cpuobj, "has_el3", &error_abort);
+    qdev_prop_set_bit(gicdev, "has-security-extensions", has_el3);
+
     object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
     if (err != NULL) {
         error_propagate(errp, err);
-- 
1.9.1

[Qemu-devel] [PULL 10/20] hw/arm/virt: Default to not providing TrustZone support

[Peter Maydell]

Switch the default for the 'virt' board to not providing TrustZone
support in either the CPU or the GIC. This is primarily for the
benefit of UEFI, which currently assumes there is no TrustZone
support, and does not set the GIC up correctly if it is TZ-aware.
It also means the board is consistent about its behaviour whether
we're using KVM or TCG (KVM never has TrustZone support).

If TrustZone support is required (for instance for running test
suites or TZ-aware firmware) it can be enabled with the
"-machine secure=on" command line option.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-6-git-send-email-peter.maydell@linaro.org
---
 hw/arm/virt.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 91e45e0..a067748 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1044,8 +1044,11 @@ static void virt_instance_init(Object *obj)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
 
-    /* EL3 is enabled by default on virt */
-    vms->secure = true;
+    /* EL3 is disabled by default on virt: this makes us consistent
+     * between KVM and TCG for this board, and it also allows us to
+     * boot UEFI blobs which assume no TrustZone support.
+     */
+    vms->secure = false;
     object_property_add_bool(obj, "secure", virt_get_secure,
                              virt_set_secure, NULL);
     object_property_set_description(obj, "secure",
-- 
1.9.1

[Qemu-devel] [PULL 11/20] hw/arm/virt: Enable TZ extensions on the GIC if we are using them

[Peter Maydell]

If we're creating a board with support for TrustZone, then enable
it on the GIC model as well as on the CPUs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1441383782-24378-7-git-send-email-peter.maydell@linaro.org
---
 hw/arm/virt.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a067748..e9324f5 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -396,7 +396,7 @@ static void create_v2m(VirtBoardInfo *vbi, qemu_irq *pic)
     fdt_add_v2m_gic_node(vbi);
 }
 
-static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
+static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, bool secure)
 {
     /* We create a standalone GIC v2 */
     DeviceState *gicdev;
@@ -413,6 +413,9 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
      * interrupts; there are always 32 of the former (mandated by GIC spec).
      */
     qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
+    if (!kvm_irqchip_in_kernel()) {
+        qdev_prop_set_bit(gicdev, "has-security-extensions", secure);
+    }
     qdev_init_nofail(gicdev);
     gicbusdev = SYS_BUS_DEVICE(gicdev);
     sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base);
@@ -967,7 +970,7 @@ static void machvirt_init(MachineState *machine)
 
     create_flash(vbi);
 
-    create_gic(vbi, pic);
+    create_gic(vbi, pic, vms->secure);
 
     create_uart(vbi, pic);
 
-- 
1.9.1

[Qemu-devel] [PULL 12/20] target-arm: Fix default_exception_el() function for the case when EL3 is not supported

[Peter Maydell]

From: Sergey Sorokin <afarallax@yandex.ru>

If EL3 is not supported in current configuration,
we should not try to get EL3 bitness.

Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
Message-id: 1441208342-10601-2-git-send-email-afarallax@yandex.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/translate-a64.c | 6 +++++-
 target-arm/translate.c     | 6 +++++-
 target-arm/translate.h     | 5 +++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 529bb0c..faece2c 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -10966,7 +10966,11 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
     dc->condjmp = 0;
 
     dc->aarch64 = 1;
-    dc->el3_is_aa64 = arm_el_is_aa64(env, 3);
+    /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
+     * there is no secure EL1, so we route exceptions to EL3.
+     */
+    dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
+                               !arm_el_is_aa64(env, 3);
     dc->thumb = 0;
     dc->bswap_code = 0;
     dc->condexec_mask = 0;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index e27634f..0bd3d05 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11172,7 +11172,11 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu,
     dc->condjmp = 0;
 
     dc->aarch64 = 0;
-    dc->el3_is_aa64 = arm_el_is_aa64(env, 3);
+    /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
+     * there is no secure EL1, so we route exceptions to EL3.
+     */
+    dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
+                               !arm_el_is_aa64(env, 3);
     dc->thumb = ARM_TBFLAG_THUMB(tb->flags);
     dc->bswap_code = ARM_TBFLAG_BSWAP_CODE(tb->flags);
     dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(tb->flags) & 0xf) << 1;
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 9ab978f..4b618a4 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -23,7 +23,8 @@ typedef struct DisasContext {
     ARMMMUIdx mmu_idx; /* MMU index to use for normal loads/stores */
     bool ns;        /* Use non-secure CPREG bank on access */
     int fp_excp_el; /* FP exception EL or 0 if enabled */
-    bool el3_is_aa64;  /* Flag indicating whether EL3 is AArch64 or not */
+    /* Flag indicating that exceptions from secure mode are routed to EL3. */
+    bool secure_routed_to_el3;
     bool vfp_enabled; /* FP enabled via FPSCR.EN */
     int vec_len;
     int vec_stride;
@@ -84,7 +85,7 @@ static inline int default_exception_el(DisasContext *s)
      * exceptions can only be routed to ELs above 1, so we target the higher of
      * 1 or the current EL.
      */
-    return (s->mmu_idx == ARMMMUIdx_S1SE0 && !s->el3_is_aa64)
+    return (s->mmu_idx == ARMMMUIdx_S1SE0 && s->secure_routed_to_el3)
             ? 3 : MAX(1, s->current_el);
 }
 
-- 
1.9.1

[Qemu-devel] [PULL 13/20] target-arm: Log the target EL when taking exceptions

[Peter Maydell]

From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>

Log the target EL when taking exceptions. This is useful when
debugging guest SW or QEMU itself while transitioning through
the various ELs.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1441311266-8644-2-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper-a64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index 02fc9b4..2c7a645 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -478,7 +478,8 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
     }
 
     arm_log_exception(cs->exception_index);
-    qemu_log_mask(CPU_LOG_INT, "...from EL%d\n", arm_current_el(env));
+    qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env),
+                  new_el);
     if (qemu_loglevel_mask(CPU_LOG_INT)
         && !excp_is_internal(cs->exception_index)) {
         qemu_log_mask(CPU_LOG_INT, "...with ESR 0x%" PRIx32 "\n",
-- 
1.9.1

[Qemu-devel] [PULL 14/20] target-arm: Correct opc1 for AT_S12Exx

[Peter Maydell]

From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1441311266-8644-3-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 040bc70..38a05e1 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2975,16 +2975,16 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
       .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
     { .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64,
-      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 4,
+      .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4,
       .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
     { .name = "AT_S12E1W", .state = ARM_CP_STATE_AA64,
-      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 5,
+      .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 5,
       .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
     { .name = "AT_S12E0R", .state = ARM_CP_STATE_AA64,
-      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 6,
+      .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 6,
       .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
     { .name = "AT_S12E0W", .state = ARM_CP_STATE_AA64,
-      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 7,
+      .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 7,
       .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
     /* AT S1E2* are elsewhere as they UNDEF from EL3 if EL2 is not present */
     { .name = "AT_S1E3R", .state = ARM_CP_STATE_AA64,
-- 
1.9.1

[Qemu-devel] [PULL 15/20] target-arm: Add AArch64 access to PAR_EL1

[Peter Maydell]

From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1441311266-8644-4-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 38a05e1..fc4b65f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2993,6 +2993,12 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "AT_S1E3W", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 1,
       .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
+    { .name = "PAR_EL1", .state = ARM_CP_STATE_AA64,
+      .type = ARM_CP_ALIAS,
+      .opc0 = 3, .opc1 = 0, .crn = 7, .crm = 4, .opc2 = 0,
+      .access = PL1_RW, .resetvalue = 0,
+      .fieldoffset = offsetof(CPUARMState, cp15.par_el[1]),
+      .writefn = par_write },
 #endif
     /* TLB invalidate last level of translation table walk */
     { .name = "TLBIMVALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
-- 
1.9.1

[Qemu-devel] [PULL 16/20] cadence_gem: Correct Marvell PHY SPCFC reset value

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

Bit 15 of the PHY Specific Status Register is reserved and
should remain 0. Fix the reset value to ensure that the 15th
bit is not set.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: c795069e49040ff770fe2ece19dfe1791b729e22.1441316450.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/net/cadence_gem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 494a346..1127223 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -951,7 +951,7 @@ static void gem_phy_reset(CadenceGEMState *s)
     s->phy_regs[PHY_REG_1000BTSTAT] = 0x7C00;
     s->phy_regs[PHY_REG_EXTSTAT] = 0x3000;
     s->phy_regs[PHY_REG_PHYSPCFC_CTL] = 0x0078;
-    s->phy_regs[PHY_REG_PHYSPCFC_ST] = 0xBC00;
+    s->phy_regs[PHY_REG_PHYSPCFC_ST] = 0x7C00;
     s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL] = 0x0C60;
     s->phy_regs[PHY_REG_LED] = 0x4100;
     s->phy_regs[PHY_REG_EXT_PHYSPCFC_CTL2] = 0x000A;
-- 
1.9.1

[Qemu-devel] [PULL 17/20] ahci: Separate the AHCI state structure into the header

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

Pull the AHCI state structure out into the header. This allows
other containers to access the struct. This is required to add
the device to modern SoC containers.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ide/ahci.c | 13 -------------
 hw/ide/ahci.h | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 48749c1..02d85fa 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -25,7 +25,6 @@
 #include <hw/pci/msi.h>
 #include <hw/i386/pc.h>
 #include <hw/pci/pci.h>
-#include <hw/sysbus.h>
 
 #include "qemu/error-report.h"
 #include "sysemu/block-backend.h"
@@ -1625,18 +1624,6 @@ const VMStateDescription vmstate_ahci = {
     },
 };
 
-#define TYPE_SYSBUS_AHCI "sysbus-ahci"
-#define SYSBUS_AHCI(obj) OBJECT_CHECK(SysbusAHCIState, (obj), TYPE_SYSBUS_AHCI)
-
-typedef struct SysbusAHCIState {
-    /*< private >*/
-    SysBusDevice parent_obj;
-    /*< public >*/
-
-    AHCIState ahci;
-    uint32_t num_ports;
-} SysbusAHCIState;
-
 static const VMStateDescription vmstate_sysbus_ahci = {
     .name = "sysbus-ahci",
     .fields = (VMStateField[]) {
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index 79a463d..c055d6b 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -24,6 +24,8 @@
 #ifndef HW_IDE_AHCI_H
 #define HW_IDE_AHCI_H
 
+#include <hw/sysbus.h>
+
 #define AHCI_MEM_BAR_SIZE         0x1000
 #define AHCI_MAX_PORTS            32
 #define AHCI_MAX_SG               168 /* hardware max is 64K */
@@ -369,4 +371,16 @@ void ahci_reset(AHCIState *s);
 
 void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd);
 
+#define TYPE_SYSBUS_AHCI "sysbus-ahci"
+#define SYSBUS_AHCI(obj) OBJECT_CHECK(SysbusAHCIState, (obj), TYPE_SYSBUS_AHCI)
+
+typedef struct SysbusAHCIState {
+    /*< private >*/
+    SysBusDevice parent_obj;
+    /*< public >*/
+
+    AHCIState ahci;
+    uint32_t num_ports;
+} SysbusAHCIState;
+
 #endif /* HW_IDE_AHCI_H */
-- 
1.9.1

[Qemu-devel] [PULL 18/20] ahci.c: Don't assume AHCIState's parent is AHCIPCIState

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

The AHCIState struct can either have AHCIPCIState or SysbusAHCIState
as a parent. The ahci_irq_lower() and ahci_irq_raise() functions
assume that it is always AHCIPCIState, which is not always the
case, which causes a seg fault. Verify what the container of AHCIState
is before setting the PCIDevice struct.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ide/ahci.c | 13 +++++++------
 hw/ide/ahci.h |  2 ++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 02d85fa..d83efa4 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -121,9 +121,9 @@ static uint32_t  ahci_port_read(AHCIState *s, int port, int offset)
 
 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
 {
-    AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
-    PCIDevice *pci_dev =
-        (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+    DeviceState *dev_state = s->container;
+    PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state),
+                                                           TYPE_PCI_DEVICE);
 
     DPRINTF(0, "raise irq\n");
 
@@ -136,9 +136,9 @@ static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
 
 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
 {
-    AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
-    PCIDevice *pci_dev =
-        (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+    DeviceState *dev_state = s->container;
+    PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state),
+                                                           TYPE_PCI_DEVICE);
 
     DPRINTF(0, "lower irq\n");
 
@@ -1436,6 +1436,7 @@ void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
     s->as = as;
     s->ports = ports;
     s->dev = g_new0(AHCIDevice, ports);
+    s->container = qdev;
     ahci_reg_init(s);
     /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
     memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s,
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index c055d6b..c9b3805 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -287,6 +287,8 @@ struct AHCIDevice {
 };
 
 typedef struct AHCIState {
+    DeviceState *container;
+
     AHCIDevice *dev;
     AHCIControlRegs control_regs;
     MemoryRegion mem;
-- 
1.9.1

[Qemu-devel] [PULL 19/20] xlnx-zynqmp.c: Convert some of the error_propagate() calls to error_abort

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

Convert all of the non-realize error_propagate() calls into error_abort
calls as they shouldn't be user visible failure cases.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/xlnx-zynqmp.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 388baef..6756c74 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -162,12 +162,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
         g_free(name);
 
         object_property_set_int(OBJECT(&s->apu_cpu[i]), GIC_BASE_ADDR,
-                                "reset-cbar", &err);
-        if (err) {
-            error_propagate((errp), (err));
-            return;
-        }
-
+                                "reset-cbar", &error_abort);
         object_property_set_bool(OBJECT(&s->apu_cpu[i]), true, "realized",
                                  &err);
         if (err) {
@@ -200,12 +195,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
         g_free(name);
 
         object_property_set_bool(OBJECT(&s->rpu_cpu[i]), true, "reset-hivecs",
-                                 &err);
-        if (err != NULL) {
-            error_propagate(errp, err);
-            return;
-        }
-
+                                 &error_abort);
         object_property_set_bool(OBJECT(&s->rpu_cpu[i]), true, "realized",
                                  &err);
         if (err) {
-- 
1.9.1

[Qemu-devel] [PULL 20/20] xlnx-zynqmp: Connect the sysbus AHCI to ZynqMP

[Peter Maydell]

From: Alistair Francis <alistair.francis@xilinx.com>

Connect the Sysbus AHCI device to ZynqMP.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
[PMM: removed unnecessary brackets in error_propagate call]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/xlnx-zynqmp.c         | 18 ++++++++++++++++++
 include/hw/arm/xlnx-zynqmp.h |  3 +++
 2 files changed, 21 insertions(+)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 6756c74..2955f3b 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -28,6 +28,10 @@
 #define GIC_DIST_ADDR       0xf9010000
 #define GIC_CPU_ADDR        0xf9020000
 
+#define SATA_INTR           133
+#define SATA_ADDR           0xFD0C0000
+#define SATA_NUM_PORTS      2
+
 static const uint64_t gem_addr[XLNX_ZYNQMP_NUM_GEMS] = {
     0xFF0B0000, 0xFF0C0000, 0xFF0D0000, 0xFF0E0000,
 };
@@ -90,6 +94,9 @@ static void xlnx_zynqmp_init(Object *obj)
         object_initialize(&s->uart[i], sizeof(s->uart[i]), TYPE_CADENCE_UART);
         qdev_set_parent_bus(DEVICE(&s->uart[i]), sysbus_get_default());
     }
+
+    object_initialize(&s->sata, sizeof(s->sata), TYPE_SYSBUS_AHCI);
+    qdev_set_parent_bus(DEVICE(&s->sata), sysbus_get_default());
 }
 
 static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
@@ -240,6 +247,17 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
         sysbus_connect_irq(SYS_BUS_DEVICE(&s->uart[i]), 0,
                            gic_spi[uart_intr[i]]);
     }
+
+    object_property_set_int(OBJECT(&s->sata), SATA_NUM_PORTS, "num-ports",
+                            &error_abort);
+    object_property_set_bool(OBJECT(&s->sata), true, "realized", &err);
+    if (err) {
+        error_propagate(errp, err);
+        return;
+    }
+
+    sysbus_mmio_map(SYS_BUS_DEVICE(&s->sata), 0, SATA_ADDR);
+    sysbus_connect_irq(SYS_BUS_DEVICE(&s->sata), 0, gic_spi[SATA_INTR]);
 }
 
 static Property xlnx_zynqmp_props[] = {
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 6ccb57b..97622ec 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -22,6 +22,8 @@
 #include "hw/intc/arm_gic.h"
 #include "hw/net/cadence_gem.h"
 #include "hw/char/cadence_uart.h"
+#include "hw/ide/pci.h"
+#include "hw/ide/ahci.h"
 
 #define TYPE_XLNX_ZYNQMP "xlnx,zynqmp"
 #define XLNX_ZYNQMP(obj) OBJECT_CHECK(XlnxZynqMPState, (obj), \
@@ -60,6 +62,7 @@ typedef struct XlnxZynqMPState {
 
     CadenceGEMState gem[XLNX_ZYNQMP_NUM_GEMS];
     CadenceUARTState uart[XLNX_ZYNQMP_NUM_UARTS];
+    SysbusAHCIState sata;
 
     char *boot_cpu;
     ARMCPU *boot_cpu_ptr;
-- 
1.9.1

Re: [Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

On 8 September 2015 at 17:51, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Another week, another pullreq...
>
> -- PMM
>
> The following changes since commit 8611280505119e296757a60711a881341603fa5a:
>
>   target-microblaze: Use setcond for pcmp* (2015-09-08 08:49:33 +0200)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150908
>
> for you to fetch changes up to 6fdf3282d16e7fb6e798824fb5f4f60c6a73067d:
>
>   xlnx-zynqmp: Connect the sysbus AHCI to ZynqMP (2015-09-08 17:38:45 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Implement priority handling properly via GICC_APR
>  * Enable TZ extensions on the GIC if we're using them
>  * Minor preparatory patches for EL3 support
>  * cadence_gem: Correct Marvell PHY SPCFC reset value
>  * Support AHCI in ZynqMP

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

The following changes since commit 4d1e324b2241017c92d816ec3af51a14685dbf62:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160226' into staging (2016-02-26 12:54:22 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160226

for you to fetch changes up to e20d84c1407d43d5a2e2ac95dbb46db3b0af8f9f:

  target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF (2016-02-26 15:09:42 +0000)

----------------------------------------------------------------
target-arm queue:
 * Clean up handling of bad mode switches writing to CPSR, and implement
   the ARMv8 requirement that they set PSTATE.IL
 * Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps on perf monitor
   register accesses
 * Don't implement stellaris-pl061-only registers on generic-pl061
 * Fix SD card handling for raspi
 * Add missing include files to MAINTAINERS
 * Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW
 * Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF

----------------------------------------------------------------
Andrew Baumann (3):
      raspi: fix SD card with recent sdhci changes
      sdhci: Revert "add optional quirk property to disable card insertion/removal interrupts"
      sdhci: add quirk property for card insert interrupt status on Raspberry Pi

Edgar E. Iglesias (1):
      target-arm: Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW

Peter Maydell (14):
      target-arm: Give CPSR setting on 32-bit exception return its own helper
      target-arm: Add write_type argument to cpsr_write()
      target-arm: Raw CPSR writes should skip checks and bank switching
      linux-user: Use restrictive mask when calling cpsr_write()
      target-arm: In cpsr_write() ignore mode switches from User mode
      target-arm: Add comment about not implementing NSACR.RFR
      target-arm: Add Hyp mode checks to bad_mode_switch()
      target-arm: Forbid mode switch to Mon from Secure EL1
      target-arm: In v8, make illegal AArch32 mode changes set PSTATE.IL
      target-arm: Make mode switches from Hyp via CPS and MRS illegal
      target-arm: Make Monitor->NS PL1 mode changes illegal if HCR.TGE is 1
      target-arm: Fix handling of SDCR for 32-bit code
      target-arm: Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps
      target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF

Thomas Huth (1):
      MAINTAINERS: Add some missing ARM related header files

Wei Huang (1):
      ARM: PL061: Checking register r/w accesses to reserved area

 MAINTAINERS                  |   4 +
 hw/arm/bcm2835_peripherals.c |   7 ++
 hw/arm/bcm2836.c             |   7 ++
 hw/arm/raspi.c               |  16 +++
 hw/gpio/pl061.c              |  30 ++++--
 hw/sd/sdhci.c                |  47 ++++++--
 include/hw/sd/sdhci.h        |   3 +-
 linux-user/arm/nwfpe/fpa11.h |   2 +-
 linux-user/main.c            |   7 +-
 linux-user/signal.c          |   4 +-
 target-arm/cpu-qom.h         |   1 +
 target-arm/cpu.h             |  17 ++-
 target-arm/gdbstub.c         |   2 +-
 target-arm/helper.c          | 250 +++++++++++++++++++++++++++++++++++++------
 target-arm/helper.h          |   1 +
 target-arm/kvm32.c           |   2 +-
 target-arm/kvm64.c           |   3 +-
 target-arm/machine.c         |   4 +-
 target-arm/op_helper.c       |  15 ++-
 target-arm/translate.c       |   6 +-
 20 files changed, 359 insertions(+), 69 deletions(-)

Re: [Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

On 26 February 2016 at 15:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> The following changes since commit 4d1e324b2241017c92d816ec3af51a14685dbf62:
>
>   Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160226' into staging (2016-02-26 12:54:22 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160226
>
> for you to fetch changes up to e20d84c1407d43d5a2e2ac95dbb46db3b0af8f9f:
>
>   target-arm: Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF (2016-02-26 15:09:42 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Clean up handling of bad mode switches writing to CPSR, and implement
>    the ARMv8 requirement that they set PSTATE.IL
>  * Implement MDCR_EL3.TPM and MDCR_EL2.TPM traps on perf monitor
>    register accesses
>  * Don't implement stellaris-pl061-only registers on generic-pl061
>  * Fix SD card handling for raspi
>  * Add missing include files to MAINTAINERS
>  * Mark CNTHP_TVAL_EL2 as ARM_CP_NO_RAW
>  * Make reserved ranges in ID_AA64* spaces RAZ, not UNDEF

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

Mostly my stuff with a few easy patches from others. I know I have
a few big series in my to-review queue, but I've been too jetlagged
to try to tackle those :-(

thanks
-- PMM

The following changes since commit a26a98dfb9d448d7234d931ae3720feddf6f0651:

  Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171006' into staging (2017-10-06 13:19:03 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171006

for you to fetch changes up to 04829ce334bece78d4fa1d0fdbc8bc27dae9b242:

  nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit (2017-10-06 16:46:49 +0100)

----------------------------------------------------------------
target-arm:
 * v8M: more preparatory work
 * nvic: reset properly rather than leaving the nvic in a weird state
 * xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
 * sd: fix out-of-bounds check for multi block reads
 * arm: Fix SMC reporting to EL2 when QEMU provides PSCI

----------------------------------------------------------------
Jan Kiszka (1):
      arm: Fix SMC reporting to EL2 when QEMU provides PSCI

Michael Olbrich (1):
      hw/sd: fix out-of-bounds check for multi block reads

Peter Maydell (17):
      nvic: Clear the vector arrays and prigroup on reset
      target/arm: Don't switch to target stack early in v7M exception return
      target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
      target/arm: Restore security state on exception return
      target/arm: Restore SPSEL to correct CONTROL register on exception return
      target/arm: Check for xPSR mismatch usage faults earlier for v8M
      target/arm: Warn about restoring to unaligned stack
      target/arm: Don't warn about exception return with PC low bit set for v8M
      target/arm: Add new-in-v8M SFSR and SFAR
      target/arm: Update excret sanity checks for v8M
      target/arm: Add support for restoring v8M additional state context
      target/arm: Add v8M support to exception entry code
      nvic: Implement Security Attribution Unit registers
      target/arm: Implement security attribute lookups for memory accesses
      target/arm: Fix calculation of secure mm_idx values
      target/arm: Factor out "get mmuidx for specified security state"
      nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit

Thomas Huth (1):
      hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false

 target/arm/cpu.h       |  60 ++++-
 target/arm/internals.h |  15 ++
 hw/arm/xlnx-zynqmp.c   |   2 +
 hw/intc/armv7m_nvic.c  | 158 ++++++++++-
 hw/sd/sd.c             |  12 +-
 target/arm/cpu.c       |  27 ++
 target/arm/helper.c    | 691 +++++++++++++++++++++++++++++++++++++++++++------
 target/arm/machine.c   |  16 ++
 target/arm/op_helper.c |  27 +-
 9 files changed, 898 insertions(+), 110 deletions(-)

Re: [Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

On 6 October 2017 at 16:59, Peter Maydell <peter.maydell@linaro.org> wrote:
> Mostly my stuff with a few easy patches from others. I know I have
> a few big series in my to-review queue, but I've been too jetlagged
> to try to tackle those :-(
>
> thanks
> -- PMM
>
> The following changes since commit a26a98dfb9d448d7234d931ae3720feddf6f0651:
>
>   Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171006' into staging (2017-10-06 13:19:03 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171006
>
> for you to fetch changes up to 04829ce334bece78d4fa1d0fdbc8bc27dae9b242:
>
>   nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit (2017-10-06 16:46:49 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * v8M: more preparatory work
>  * nvic: reset properly rather than leaving the nvic in a weird state
>  * xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
>  * sd: fix out-of-bounds check for multi block reads
>  * arm: Fix SMC reporting to EL2 when QEMU provides PSCI
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

Changes v1->v2: it turns out that the raspi3 support exposes a
preexisting bug in our register definitions for VMPIDR/VMIDR:
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04181.html

So I've dropped the final "enable raspi3 board" patch for the
moment. When that VMIDR/VMPIDR patch gets reviewed we can
put the raspi3 patch in with it.


thanks
-- PMM

The following changes since commit f003d07337a6d4d02c43429b26a4270459afb51a:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2018-02-15 15:45:33 +0000)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215-1

for you to fetch changes up to bade58166f4466546600d824a2695a00269d10eb:

  raspi: Raspberry Pi 3 support (2018-02-15 18:33:46 +0000)

----------------------------------------------------------------
target-arm queue:
 * aspeed: code cleanup to use unimplemented_device
 * preparatory work for 'raspi3' RaspberryPi 3 machine model
 * more SVE prep work
 * v8M: add minor missing registers
 * v7M: fix bug where we weren't migrating v7m.other_sp
 * v7M: fix bugs in handling of interrupt registers for
   external interrupts beyond 32

----------------------------------------------------------------
Pekka Enberg (2):
      bcm2836: Make CPU type configurable
      raspi: Raspberry Pi 3 support

Peter Maydell (11):
      hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
      hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
      hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
      hw/intc/armv7m_nvic: Implement v8M CPPWR register
      hw/intc/armv7m_nvic: Implement cache ID registers
      hw/intc/armv7m_nvic: Implement SCR
      target/arm: Implement writing to CONTROL_NS for v8M
      hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
      target/arm: Add AIRCR to vmstate struct
      target/arm: Migrate v7m.other_sp
      target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):
      hw/arm/aspeed: directly map the serial device to the system address space
      hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):
      target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
      target/arm: Enforce FP access to FPCR/FPSR
      target/arm: Suppress TB end for FPCR/FPSR
      target/arm: Enforce access to ZCR_EL at translation
      target/arm: Handle SVE registers when using clear_vec_high

 include/hw/arm/aspeed_soc.h |   1 -
 include/hw/arm/bcm2836.h    |   1 +
 target/arm/cpu.h            |  71 ++++++++++++-----
 target/arm/internals.h      |   6 ++
 hw/arm/aspeed_soc.c         |  35 ++-------
 hw/arm/bcm2836.c            |  17 +++--
 hw/arm/raspi.c              |  34 ++++++---
 hw/intc/armv7m_nvic.c       |  98 ++++++++++++++++++------
 target/arm/cpu.c            |  28 +++++++
 target/arm/helper.c         |  84 +++++++++++++++-----
 target/arm/machine.c        |  84 ++++++++++++++++++++
 target/arm/translate-a64.c  | 181 ++++++++++++++++++++------------------------
 12 files changed, 429 insertions(+), 211 deletions(-)

Re: [Qemu-devel] [PULL 00/20] target-arm queue

[Peter Maydell]

On 15 February 2018 at 18:36, Peter Maydell <peter.maydell@linaro.org> wrote:
> Changes v1->v2: it turns out that the raspi3 support exposes a
> preexisting bug in our register definitions for VMPIDR/VMIDR:
> https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04181.html
>
> So I've dropped the final "enable raspi3 board" patch for the
> moment. When that VMIDR/VMPIDR patch gets reviewed we can
> put the raspi3 patch in with it.
>
>
> thanks
> -- PMM
>
> The following changes since commit f003d07337a6d4d02c43429b26a4270459afb51a:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2018-02-15 15:45:33 +0000)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215-1
>
> for you to fetch changes up to bade58166f4466546600d824a2695a00269d10eb:
>
>   raspi: Raspberry Pi 3 support (2018-02-15 18:33:46 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * aspeed: code cleanup to use unimplemented_device
>  * preparatory work for 'raspi3' RaspberryPi 3 machine model
>  * more SVE prep work
>  * v8M: add minor missing registers
>  * v7M: fix bug where we weren't migrating v7m.other_sp
>  * v7M: fix bugs in handling of interrupt registers for
>    external interrupts beyond 32
>

Applied this version, thanks.

-- PMM