[Qemu-devel] [PULL 00/22] target-arm queue

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

There's more stuff in the pipeline for ARM, but 22 patches
is a respectable number, so let's drain the queue.

-- PMM


The following changes since commit 3fc827d591679f3e262b9d1f8b34528eabfca8c0:

  target-arm: Correct check for non-EL3 (2015-06-02 13:22:29 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150602

for you to fetch changes up to 94edf02c4c94781fa777c459fe86b52131b83cb6:

  hw/arm/virt: change indentation in a15memmap (2015-06-02 16:31:18 +0100)

----------------------------------------------------------------
target-arm queue:
 * more EL2 preparation patches
 * revert a no-longer-necessary workaround for old glib versions
 * add GICv2m support to virt board (MSI support)
 * pl061: fix wrong calculation of GPIOMIS register
 * support MSI via irqfd
 * remove a confusing v8_ prefix from some variable names
 * add dynamic sysbus device support to the virt board

----------------------------------------------------------------
Christoffer Dall (4):
      target-arm: Add GIC phandle to VirtBoardInfo
      arm_gicv2m: Add GICv2m widget to support MSIs
      target-arm: Extend the gic node properties
      target-arm: Add the GICv2m to the virt board

Edgar E. Iglesias (9):
      target-arm: Break down TLB_LOCKDOWN
      target-arm: Add MAIR_EL2
      target-arm: Add TCR_EL2
      target-arm: Add SCTLR_EL2
      target-arm: Add TPIDR_EL2
      target-arm: Add TTBR0_EL2
      target-arm: Add TLBI_ALLE1{IS}
      target-arm: Add TLBI_ALLE2
      target-arm: Add TLBI_VAE2{IS}

Eric Auger (6):
      kvm: introduce kvm_arch_msi_data_to_gsi
      arm_gicv2m: set kvm_gsi_direct_mapping and kvm_msi_via_irqfd_allowed
      hw/arm/sysbus-fdt: helpers for platform bus nodes addition
      hw/arm/boot: arm_load_kernel implemented as a machine init done notifier
      hw/arm/virt: add dynamic sysbus device support
      hw/arm/virt: change indentation in a15memmap

Markus Armbruster (1):
      Revert "target-arm: Avoid g_hash_table_get_keys()"

Peter Maydell (1):
      target-arm: Remove v8_ prefix from names of non-v8-specific cpreg arrays

Victor CLEMENT (1):
      pl061: fix wrong calculation of GPIOMIS register

 hw/arm/Makefile.objs        |   1 +
 hw/arm/boot.c               |  14 +++-
 hw/arm/sysbus-fdt.c         | 174 +++++++++++++++++++++++++++++++++++++++
 hw/arm/virt.c               | 157 +++++++++++++++++++++++++++++-------
 hw/gpio/pl061.c             |   2 +-
 hw/intc/Makefile.objs       |   1 +
 hw/intc/arm_gicv2m.c        | 192 ++++++++++++++++++++++++++++++++++++++++++++
 include/hw/arm/arm.h        |  28 +++++++
 include/hw/arm/sysbus-fdt.h |  60 ++++++++++++++
 include/hw/arm/virt.h       |   3 +
 include/sysemu/kvm.h        |   2 +
 kvm-all.c                   |   2 +-
 target-arm/helper.c         | 121 ++++++++++++++++++++++------
 target-arm/kvm.c            |   5 ++
 target-i386/kvm.c           |   5 ++
 target-mips/kvm.c           |   5 ++
 target-ppc/kvm.c            |   5 ++
 target-s390x/kvm.c          |   5 ++
 18 files changed, 722 insertions(+), 60 deletions(-)
 create mode 100644 hw/arm/sysbus-fdt.c
 create mode 100644 hw/intc/arm_gicv2m.c
 create mode 100644 include/hw/arm/sysbus-fdt.h

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On 2 June 2015 at 17:33, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> There's more stuff in the pipeline for ARM, but 22 patches
> is a respectable number, so let's drain the queue.
>
> -- PMM
>
>
> The following changes since commit 3fc827d591679f3e262b9d1f8b34528eabfca8c0:
>
>   target-arm: Correct check for non-EL3 (2015-06-02 13:22:29 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150602
>
> for you to fetch changes up to 94edf02c4c94781fa777c459fe86b52131b83cb6:
>
>   hw/arm/virt: change indentation in a15memmap (2015-06-02 16:31:18 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * more EL2 preparation patches
>  * revert a no-longer-necessary workaround for old glib versions
>  * add GICv2m support to virt board (MSI support)
>  * pl061: fix wrong calculation of GPIOMIS register
>  * support MSI via irqfd
>  * remove a confusing v8_ prefix from some variable names
>  * add dynamic sysbus device support to the virt board

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

Nothing here except the GICv3 emulation, but I wanted to get it into
master this week, and nothing else has made it into target-arm.next.

thanks
-- PMM


The following changes since commit 98b5b7422fe1813040b499a4be415a9f514f1c10:

  Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.7-5' into staging (2016-06-17 14:09:46 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160617

for you to fetch changes up to f06765a94a31bdd8b65fc83fd91a6c3f8e8a1195:

  ACPI: ARM: Present GIC version in MADT table (2016-06-17 15:23:51 +0100)

----------------------------------------------------------------
target-arm queue:
 * GICv3 emulation

----------------------------------------------------------------
Andrew Jeffery (1):
      hw/timer: Add value matching support to aspeed_timer

Pavel Fedin (3):
      target-arm: Add mp-affinity property for ARM CPU class
      hw/intc/arm_gicv3: Add state information
      hw/intc/arm_gicv3: Add vmstate descriptors

Peter Maydell (14):
      migration: Define VMSTATE_UINT64_2DARRAY
      bitops.h: Implement half-shuffle and half-unshuffle ops
      target-arm: Define new arm_is_el3_or_mon() function
      target-arm: Provide hook to tell GICv3 about changes of security state
      hw/intc/arm_gicv3: Move irq lines into GICv3CPUState structure
      hw/intc/arm_gicv3: Implement functions to identify next pending irq
      hw/intc/arm_gicv3: Wire up distributor and redistributor MMIO regions
      hw/intc/arm_gicv3: Implement gicv3_set_irq()
      hw/intc/arm_gicv3: Implement GICv3 CPU interface registers
      hw/intc/arm_gicv3: Implement gicv3_cpuif_update()
      hw/intc/arm_gicv3: Implement CPU i/f SGI generation registers
      hw/intc/arm_gicv3: Add IRQ handling CPU interface registers
      target-arm/machine.c: Allow user to request GICv3 emulation
      target-arm/monitor.c: Advertise emulated GICv3 in capabilities

Shannon Zhao (1):
      ACPI: ARM: Present GIC version in MADT table

Shlomo Pongratz (3):
      hw/intc/arm_gicv3: ARM GICv3 device framework
      hw/intc/arm_gicv3: Implement GICv3 distributor registers
      hw/intc/arm_gicv3: Implement GICv3 redistributor registers

 hw/arm/virt-acpi-build.c           |    1 +
 hw/intc/Makefile.objs              |    4 +
 hw/intc/arm_gicv3.c                |  400 +++++++++++
 hw/intc/arm_gicv3_common.c         |  225 +++++-
 hw/intc/arm_gicv3_cpuif.c          | 1346 ++++++++++++++++++++++++++++++++++++
 hw/intc/arm_gicv3_dist.c           |  879 +++++++++++++++++++++++
 hw/intc/arm_gicv3_kvm.c            |    8 +
 hw/intc/arm_gicv3_redist.c         |  562 +++++++++++++++
 hw/intc/gicv3_internal.h           |  331 +++++++++
 hw/timer/aspeed_timer.c            |  138 +++-
 include/hw/acpi/acpi-defs.h        |    4 +-
 include/hw/intc/arm_gicv3.h        |   32 +
 include/hw/intc/arm_gicv3_common.h |  215 +++++-
 include/hw/timer/aspeed_timer.h    |    5 +-
 include/migration/vmstate.h        |    6 +
 include/qemu/bitops.h              |  108 +++
 target-arm/cpu.c                   |   10 +
 target-arm/cpu.h                   |   47 +-
 target-arm/helper.c                |    2 +
 target-arm/internals.h             |    8 +
 target-arm/machine.c               |    3 +-
 target-arm/monitor.c               |    3 +-
 target-arm/op_helper.c             |    4 +
 tests/test-bitops.c                |   72 ++
 trace-events                       |   41 ++
 25 files changed, 4394 insertions(+), 60 deletions(-)
 create mode 100644 hw/intc/arm_gicv3.c
 create mode 100644 hw/intc/arm_gicv3_cpuif.c
 create mode 100644 hw/intc/arm_gicv3_dist.c
 create mode 100644 hw/intc/arm_gicv3_redist.c
 create mode 100644 hw/intc/gicv3_internal.h
 create mode 100644 include/hw/intc/arm_gicv3.h

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On 17 June 2016 at 15:25, Peter Maydell <peter.maydell@linaro.org> wrote:
> Nothing here except the GICv3 emulation, but I wanted to get it into
> master this week, and nothing else has made it into target-arm.next.
>
> thanks
> -- PMM
>
>
> The following changes since commit 98b5b7422fe1813040b499a4be415a9f514f1c10:
>
>   Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.7-5' into staging (2016-06-17 14:09:46 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20160617
>
> for you to fetch changes up to f06765a94a31bdd8b65fc83fd91a6c3f8e8a1195:
>
>   ACPI: ARM: Present GIC version in MADT table (2016-06-17 15:23:51 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * GICv3 emulation

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

ARM queue; the bulk of this is M profile bugfixes.

thanks
-- PMM

The following changes since commit 8a26d88507b51b7cc5dc40732e51ccc135fec0f6:

  Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-01-26-1' into staging (2017-01-27 14:08:57 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170127

for you to fetch changes up to 146871c33eb70ca7090a0a55e69e5a8f9b5eb102:

  dma: omap: check dma channel data_type (2017-01-27 15:29:08 +0000)

----------------------------------------------------------------
target-arm queue:
 * various minor M profile bugfixes
 * aspeed/smc: handle dummy bytes when doing fast reads in command mode
 * pflash_cfi01: fix per-device sector length in CFI table
 * arm: stellaris: make MII accesses complete immediately
 * hw/char/exynos4210_uart: Drop unused local variable frame_size
 * arm_gicv3: Fix broken logic in ELRSR calculation
 * dma: omap: check dma channel data_type

----------------------------------------------------------------
Cédric Le Goater (1):
      aspeed/smc: handle dummy bytes when doing fast reads in command mode

Michael Davidsaver (12):
      armv7m: MRS/MSR: handle unprivileged access
      armv7m: Replace armv7m.hack with unassigned_access handler
      armv7m: Explicit error for bad vector table
      armv7m: Fix reads of CONTROL register bit 1
      armv7m: Clear FAULTMASK on return from non-NMI exceptions
      armv7m_nvic: keep a pointer to the CPU
      armv7m: implement CCR, CFSR, HFSR, DFSR, BFAR, and MMFAR
      armv7m: honour CCR.STACKALIGN on exception entry
      armv7m: set CFSR.UNDEFINSTR on undefined instructions
      armv7m: Honour CCR.USERSETMPEND
      armv7m: FAULTMASK should be 0 on reset
      arm: stellaris: make MII accesses complete immediately

Peter Maydell (8):
      hw/registerfields.h: Pull FIELD etc macros out of hw/register.h
      pflash_cfi01: fix per-device sector length in CFI table
      target/arm: Drop IS_M() macro
      armv7m: add state for v7M CCR, CFSR, HFSR, DFSR, MMFAR, BFAR
      armv7m: Report no-coprocessor faults correctly
      armv7m: R14 should reset to 0xffffffff
      hw/char/exynos4210_uart: Drop unused local variable frame_size
      arm_gicv3: Fix broken logic in ELRSR calculation

Prasad J Pandit (1):
      dma: omap: check dma channel data_type

 include/hw/compat.h         |   4 ++
 include/hw/register.h       |  47 +------------
 include/hw/registerfields.h |  60 +++++++++++++++++
 target/arm/cpu.h            |  62 +++++++++++++++--
 target/arm/internals.h      |   7 ++
 hw/arm/armv7m.c             |   8 ---
 hw/block/pflash_cfi01.c     |  22 ++++--
 hw/char/exynos4210_uart.c   |   6 +-
 hw/dma/omap_dma.c           |  10 ++-
 hw/intc/arm_gicv3_cpuif.c   |   2 +-
 hw/intc/armv7m_nvic.c       |  58 +++++++++++-----
 hw/net/stellaris_enet.c     |   5 +-
 hw/ssi/aspeed_smc.c         |  21 ++++++
 linux-user/main.c           |   1 +
 target/arm/cpu.c            |  50 ++++++++++++--
 target/arm/helper.c         | 160 +++++++++++++++++++++++++++-----------------
 target/arm/machine.c        |  12 ++--
 target/arm/translate.c      |  20 ++++--
 18 files changed, 386 insertions(+), 169 deletions(-)
 create mode 100644 include/hw/registerfields.h

[Qemu-devel] [PULL 01/22] aspeed/smc: handle dummy bytes when doing fast reads in command mode

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

When doing fast read, a certain amount of dummy bytes should be sent
before the read. This number is configurable in the controler CE0
Control Register and needs to be modeled using fake transfers to the
flash module.

This only supports command mode. User mode requires more work and a
possible extension of the m25p80 device model.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com>
Message-id: 1484751701-2646-1-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/aspeed_smc.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index ae1ad2d..087b29e 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -69,7 +69,9 @@
 #define R_CTRL0           (0x10 / 4)
 #define   CTRL_CMD_SHIFT           16
 #define   CTRL_CMD_MASK            0xff
+#define   CTRL_DUMMY_HIGH_SHIFT    14
 #define   CTRL_AST2400_SPI_4BYTE   (1 << 13)
+#define   CTRL_DUMMY_LOW_SHIFT     6 /* 2 bits [7:6] */
 #define   CTRL_CE_STOP_ACTIVE      (1 << 2)
 #define   CTRL_CMD_MODE_MASK       0x3
 #define     CTRL_READMODE          0x0
@@ -485,6 +487,16 @@ static uint32_t aspeed_smc_check_segment_addr(const AspeedSMCFlash *fl,
     return addr;
 }
 
+static int aspeed_smc_flash_dummies(const AspeedSMCFlash *fl)
+{
+    const AspeedSMCState *s = fl->controller;
+    uint32_t r_ctrl0 = s->regs[s->r_ctrl0 + fl->id];
+    uint32_t dummy_high = (r_ctrl0 >> CTRL_DUMMY_HIGH_SHIFT) & 0x1;
+    uint32_t dummy_low = (r_ctrl0 >> CTRL_DUMMY_LOW_SHIFT) & 0x3;
+
+    return ((dummy_high << 2) | dummy_low) * 8;
+}
+
 static void aspeed_smc_flash_send_addr(AspeedSMCFlash *fl, uint32_t addr)
 {
     const AspeedSMCState *s = fl->controller;
@@ -521,6 +533,15 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size)
         aspeed_smc_flash_select(fl);
         aspeed_smc_flash_send_addr(fl, addr);
 
+        /*
+         * Use fake transfers to model dummy bytes. The value should
+         * be configured to some non-zero value in fast read mode and
+         * zero in read mode.
+         */
+        for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) {
+            ssi_transfer(fl->controller->spi, 0xFF);
+        }
+
         for (i = 0; i < size; i++) {
             ret |= ssi_transfer(s->spi, 0x0) << (8 * i);
         }
-- 
2.7.4

[Qemu-devel] [PULL 02/22] armv7m: MRS/MSR: handle unprivileged access

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

The MRS and MSR instruction handling has a number of flaws:
 * unprivileged accesses should only be able to read
   CONTROL and the xPSR subfields, and only write APSR
   (others RAZ/WI)
 * privileged access should not be able to write xPSR
   subfields other than APSR
 * accesses to unimplemented registers should log as
   guest errors, not abort QEMU

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1484937883-1068-2-git-send-email-peter.maydell@linaro.org
[PMM: rewrote commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 79 +++++++++++++++++++++++++----------------------------
 1 file changed, 37 insertions(+), 42 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7111c8c..ad23de3 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8243,23 +8243,32 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
 
 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
 {
-    ARMCPU *cpu = arm_env_get_cpu(env);
+    uint32_t mask;
+    unsigned el = arm_current_el(env);
+
+    /* First handle registers which unprivileged can read */
+
+    switch (reg) {
+    case 0 ... 7: /* xPSR sub-fields */
+        mask = 0;
+        if ((reg & 1) && el) {
+            mask |= 0x000001ff; /* IPSR (unpriv. reads as zero) */
+        }
+        if (!(reg & 4)) {
+            mask |= 0xf8000000; /* APSR */
+        }
+        /* EPSR reads as zero */
+        return xpsr_read(env) & mask;
+        break;
+    case 20: /* CONTROL */
+        return env->v7m.control;
+    }
+
+    if (el == 0) {
+        return 0; /* unprivileged reads others as zero */
+    }
 
     switch (reg) {
-    case 0: /* APSR */
-        return xpsr_read(env) & 0xf8000000;
-    case 1: /* IAPSR */
-        return xpsr_read(env) & 0xf80001ff;
-    case 2: /* EAPSR */
-        return xpsr_read(env) & 0xff00fc00;
-    case 3: /* xPSR */
-        return xpsr_read(env) & 0xff00fdff;
-    case 5: /* IPSR */
-        return xpsr_read(env) & 0x000001ff;
-    case 6: /* EPSR */
-        return xpsr_read(env) & 0x0700fc00;
-    case 7: /* IEPSR */
-        return xpsr_read(env) & 0x0700edff;
     case 8: /* MSP */
         return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
     case 9: /* PSP */
@@ -8271,40 +8280,26 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
         return env->v7m.basepri;
     case 19: /* FAULTMASK */
         return (env->daif & PSTATE_F) != 0;
-    case 20: /* CONTROL */
-        return env->v7m.control;
     default:
-        /* ??? For debugging only.  */
-        cpu_abort(CPU(cpu), "Unimplemented system register read (%d)\n", reg);
+        qemu_log_mask(LOG_GUEST_ERROR, "Attempt to read unknown special"
+                                       " register %d\n", reg);
         return 0;
     }
 }
 
 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
 {
-    ARMCPU *cpu = arm_env_get_cpu(env);
+    if (arm_current_el(env) == 0 && reg > 7) {
+        /* only xPSR sub-fields may be written by unprivileged */
+        return;
+    }
 
     switch (reg) {
-    case 0: /* APSR */
-        xpsr_write(env, val, 0xf8000000);
-        break;
-    case 1: /* IAPSR */
-        xpsr_write(env, val, 0xf8000000);
-        break;
-    case 2: /* EAPSR */
-        xpsr_write(env, val, 0xfe00fc00);
-        break;
-    case 3: /* xPSR */
-        xpsr_write(env, val, 0xfe00fc00);
-        break;
-    case 5: /* IPSR */
-        /* IPSR bits are readonly.  */
-        break;
-    case 6: /* EPSR */
-        xpsr_write(env, val, 0x0600fc00);
-        break;
-    case 7: /* IEPSR */
-        xpsr_write(env, val, 0x0600fc00);
+    case 0 ... 7: /* xPSR sub-fields */
+        /* only APSR is actually writable */
+        if (reg & 4) {
+            xpsr_write(env, val, 0xf8000000); /* APSR */
+        }
         break;
     case 8: /* MSP */
         if (env->v7m.current_sp)
@@ -8345,8 +8340,8 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
         switch_v7m_sp(env, (val & 2) != 0);
         break;
     default:
-        /* ??? For debugging only.  */
-        cpu_abort(CPU(cpu), "Unimplemented system register write (%d)\n", reg);
+        qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"
+                                       " register %d\n", reg);
         return;
     }
 }
-- 
2.7.4

[Qemu-devel] [PULL 03/22] armv7m: Replace armv7m.hack with unassigned_access handler

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

For v7m we need to catch attempts to execute from special
addresses at 0xfffffff0 and above. Previously we did this
with the aid of a hacky special purpose lump of memory
in the address space and a check in translate.c for whether
we were translating code at those addresses.

We can implement this more cleanly using a CPU
unassigned access handler which throws the exception
if the unassigned access is for one of the special addresses.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484937883-1068-3-git-send-email-peter.maydell@linaro.org
[PMM:
 * drop the deletion of the "don't interrupt if PC is magic"
   code in arm_v7m_cpu_exec_interrupt() -- this is still
   required
 * don't generate an exception for unassigned accesses
   which aren't to the magic address -- although doing
   this is in theory correct in practice it will break
   currently working guests which rely on the RAZ/WI
   behaviour when they touch devices which we haven't
   modelled.
 * trigger EXCP_EXCEPTION_EXIT on is_exec, not !is_write
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/armv7m.c        |  8 --------
 target/arm/cpu.c       | 28 ++++++++++++++++++++++++++++
 target/arm/translate.c | 12 ++++++------
 3 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index 49d3078..0c9ca7b 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -180,7 +180,6 @@ DeviceState *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
     uint64_t entry;
     uint64_t lowaddr;
     int big_endian;
-    MemoryRegion *hack = g_new(MemoryRegion, 1);
 
     if (cpu_model == NULL) {
 	cpu_model = "cortex-m3";
@@ -225,13 +224,6 @@ DeviceState *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
         }
     }
 
-    /* Hack to map an additional page of ram at the top of the address
-       space.  This stops qemu complaining about executing code outside RAM
-       when returning from an exception.  */
-    memory_region_init_ram(hack, NULL, "armv7m.hack", 0x1000, &error_fatal);
-    vmstate_register_ram_global(hack);
-    memory_region_add_subregion(system_memory, 0xfffff000, hack);
-
     qemu_register_reset(armv7m_reset, cpu);
     return nvic;
 }
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a941f66..9075989 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -292,6 +292,33 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 }
 
 #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
+static void arm_v7m_unassigned_access(CPUState *cpu, hwaddr addr,
+                                      bool is_write, bool is_exec, int opaque,
+                                      unsigned size)
+{
+    ARMCPU *arm = ARM_CPU(cpu);
+    CPUARMState *env = &arm->env;
+
+    /* ARMv7-M interrupt return works by loading a magic value into the PC.
+     * On real hardware the load causes the return to occur.  The qemu
+     * implementation performs the jump normally, then does the exception
+     * return by throwing a special exception when when the CPU tries to
+     * execute code at the magic address.
+     */
+    if (env->v7m.exception != 0 && addr >= 0xfffffff0 && is_exec) {
+        cpu->exception_index = EXCP_EXCEPTION_EXIT;
+        cpu_loop_exit(cpu);
+    }
+
+    /* In real hardware an attempt to access parts of the address space
+     * with nothing there will usually cause an external abort.
+     * However our QEMU board models are often missing device models where
+     * the guest can boot anyway with the default read-as-zero/writes-ignored
+     * behaviour that you get without a QEMU unassigned_access hook.
+     * So just return here to retain that default behaviour.
+     */
+}
+
 static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 {
     CPUClass *cc = CPU_GET_CLASS(cs);
@@ -1016,6 +1043,7 @@ static void arm_v7m_class_init(ObjectClass *oc, void *data)
     cc->do_interrupt = arm_v7m_cpu_do_interrupt;
 #endif
 
+    cc->do_unassigned_access = arm_v7m_unassigned_access;
     cc->cpu_exec_interrupt = arm_v7m_cpu_exec_interrupt;
 }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index c9186b6..a7c2abe 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -11719,12 +11719,12 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
             break;
         }
 #else
-        if (dc->pc >= 0xfffffff0 && arm_dc_feature(dc, ARM_FEATURE_M)) {
-            /* We always get here via a jump, so know we are not in a
-               conditional execution block.  */
-            gen_exception_internal(EXCP_EXCEPTION_EXIT);
-            dc->is_jmp = DISAS_EXC;
-            break;
+        if (arm_dc_feature(dc, ARM_FEATURE_M)) {
+            /* Branches to the magic exception-return addresses should
+             * already have been caught via the arm_v7m_unassigned_access hook,
+             * and never get here.
+             */
+            assert(dc->pc < 0xfffffff0);
         }
 #endif
 
-- 
2.7.4

[Qemu-devel] [PULL 04/22] armv7m: Explicit error for bad vector table

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

Give an explicit error and abort when a load
from the vector table fails. Architecturally this
should HardFault (which will then immediately
fail to load the HardFault vector and go into Lockup).
Since we don't model Lockup, just report this guest
error via cpu_abort(). This is more helpful than the
previous behaviour of reading a zero, which is the
address of the reset stack pointer and not a sensible
location to jump to.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484937883-1068-4-git-send-email-peter.maydell@linaro.org
[PMM: expanded commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ad23de3..8edb08c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6014,6 +6014,30 @@ static void arm_log_exception(int idx)
     }
 }
 
+static uint32_t arm_v7m_load_vector(ARMCPU *cpu)
+
+{
+    CPUState *cs = CPU(cpu);
+    CPUARMState *env = &cpu->env;
+    MemTxResult result;
+    hwaddr vec = env->v7m.vecbase + env->v7m.exception * 4;
+    uint32_t addr;
+
+    addr = address_space_ldl(cs->as, vec,
+                             MEMTXATTRS_UNSPECIFIED, &result);
+    if (result != MEMTX_OK) {
+        /* Architecturally this should cause a HardFault setting HSFR.VECTTBL,
+         * which would then be immediately followed by our failing to load
+         * the entry vector for that HardFault, which is a Lockup case.
+         * Since we don't model Lockup, we just report this guest error
+         * via cpu_abort().
+         */
+        cpu_abort(cs, "Failed to read from exception vector table "
+                  "entry %08x\n", (unsigned)vec);
+    }
+    return addr;
+}
+
 void arm_v7m_cpu_do_interrupt(CPUState *cs)
 {
     ARMCPU *cpu = ARM_CPU(cs);
@@ -6095,7 +6119,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
     /* Clear IT bits */
     env->condexec_bits = 0;
     env->regs[14] = lr;
-    addr = ldl_phys(cs->as, env->v7m.vecbase + env->v7m.exception * 4);
+    addr = arm_v7m_load_vector(cpu);
     env->regs[15] = addr & 0xfffffffe;
     env->thumb = addr & 1;
 }
-- 
2.7.4

[Qemu-devel] [PULL 05/22] hw/registerfields.h: Pull FIELD etc macros out of hw/register.h

[Peter Maydell]

hw/register.h provides macros like FIELD which make it easy to define
shift, mask and length constants for the fields within a register.
Unfortunately register.h also includes a lot of other things, some
of which will only compile in the softmmu build.

Pull the FIELD macro and friends out into a separate header file,
so they can be used in places like target/arm files which also
get built in the user-only configs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484937883-1068-5-git-send-email-peter.maydell@linaro.org
---
 include/hw/register.h       | 47 +----------------------------------
 include/hw/registerfields.h | 60 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 46 deletions(-)
 create mode 100644 include/hw/registerfields.h

diff --git a/include/hw/register.h b/include/hw/register.h
index 5b6dc32..de2414e 100644
--- a/include/hw/register.h
+++ b/include/hw/register.h
@@ -13,6 +13,7 @@
 
 #include "hw/qdev-core.h"
 #include "exec/memory.h"
+#include "hw/registerfields.h"
 
 typedef struct RegisterInfo RegisterInfo;
 typedef struct RegisterAccessInfo RegisterAccessInfo;
@@ -206,50 +207,4 @@ RegisterInfoArray *register_init_block32(DeviceState *owner,
 
 void register_finalize_block(RegisterInfoArray *r_array);
 
-/* Define constants for a 32 bit register */
-
-/* This macro will define A_FOO, for the byte address of a register
- * as well as R_FOO for the uint32_t[] register number (A_FOO / 4).
- */
-#define REG32(reg, addr)                                                  \
-    enum { A_ ## reg = (addr) };                                          \
-    enum { R_ ## reg = (addr) / 4 };
-
-/* Define SHIFT, LENGTH and MASK constants for a field within a register */
-
-/* This macro will define FOO_BAR_MASK, FOO_BAR_SHIFT and FOO_BAR_LENGTH 
- * constants for field BAR in register FOO.
- */
-#define FIELD(reg, field, shift, length)                                  \
-    enum { R_ ## reg ## _ ## field ## _SHIFT = (shift)};                  \
-    enum { R_ ## reg ## _ ## field ## _LENGTH = (length)};                \
-    enum { R_ ## reg ## _ ## field ## _MASK =                             \
-                                        MAKE_64BIT_MASK(shift, length)};
-
-/* Extract a field from a register */
-#define FIELD_EX32(storage, reg, field)                                   \
-    extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,               \
-              R_ ## reg ## _ ## field ## _LENGTH)
-
-/* Extract a field from an array of registers */
-#define ARRAY_FIELD_EX32(regs, reg, field)                                \
-    FIELD_EX32((regs)[R_ ## reg], reg, field)
-
-/* Deposit a register field.
- * Assigning values larger then the target field will result in
- * compilation warnings.
- */
-#define FIELD_DP32(storage, reg, field, val) ({                           \
-    struct {                                                              \
-        unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;                \
-    } v = { .v = val };                                                   \
-    uint32_t d;                                                           \
-    d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,           \
-                  R_ ## reg ## _ ## field ## _LENGTH, v.v);               \
-    d; })
-
-/* Deposit a field to array of registers.  */
-#define ARRAY_FIELD_DP32(regs, reg, field, val)                           \
-    (regs)[R_ ## reg] = FIELD_DP32((regs)[R_ ## reg], reg, field, val);
-
 #endif
diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
new file mode 100644
index 0000000..af101d5
--- /dev/null
+++ b/include/hw/registerfields.h
@@ -0,0 +1,60 @@
+/*
+ * Register Definition API: field macros
+ *
+ * Copyright (c) 2016 Xilinx Inc.
+ * Copyright (c) 2013 Peter Crosthwaite <peter.crosthwaite@xilinx.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef REGISTERFIELDS_H
+#define REGISTERFIELDS_H
+
+/* Define constants for a 32 bit register */
+
+/* This macro will define A_FOO, for the byte address of a register
+ * as well as R_FOO for the uint32_t[] register number (A_FOO / 4).
+ */
+#define REG32(reg, addr)                                                  \
+    enum { A_ ## reg = (addr) };                                          \
+    enum { R_ ## reg = (addr) / 4 };
+
+/* Define SHIFT, LENGTH and MASK constants for a field within a register */
+
+/* This macro will define FOO_BAR_MASK, FOO_BAR_SHIFT and FOO_BAR_LENGTH 
+ * constants for field BAR in register FOO.
+ */
+#define FIELD(reg, field, shift, length)                                  \
+    enum { R_ ## reg ## _ ## field ## _SHIFT = (shift)};                  \
+    enum { R_ ## reg ## _ ## field ## _LENGTH = (length)};                \
+    enum { R_ ## reg ## _ ## field ## _MASK =                             \
+                                        MAKE_64BIT_MASK(shift, length)};
+
+/* Extract a field from a register */
+#define FIELD_EX32(storage, reg, field)                                   \
+    extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,               \
+              R_ ## reg ## _ ## field ## _LENGTH)
+
+/* Extract a field from an array of registers */
+#define ARRAY_FIELD_EX32(regs, reg, field)                                \
+    FIELD_EX32((regs)[R_ ## reg], reg, field)
+
+/* Deposit a register field.
+ * Assigning values larger then the target field will result in
+ * compilation warnings.
+ */
+#define FIELD_DP32(storage, reg, field, val) ({                           \
+    struct {                                                              \
+        unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;                \
+    } v = { .v = val };                                                   \
+    uint32_t d;                                                           \
+    d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,           \
+                  R_ ## reg ## _ ## field ## _LENGTH, v.v);               \
+    d; })
+
+/* Deposit a field to array of registers.  */
+#define ARRAY_FIELD_DP32(regs, reg, field, val)                           \
+    (regs)[R_ ## reg] = FIELD_DP32((regs)[R_ ## reg], reg, field, val);
+
+#endif
-- 
2.7.4

[Qemu-devel] [PULL 06/22] armv7m: Fix reads of CONTROL register bit 1

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

The v7m CONTROL register bit 1 is SPSEL, which indicates
the stack being used. We were storing this information
not in v7m.control but in the separate v7m.other_sp
structure field. Unfortunately, the code handling reads
of the CONTROL register didn't take account of this, and
so if SPSEL was updated by an exception entry or exit then
a subsequent guest read of CONTROL would get the wrong value.

Using a separate structure field doesn't really gain us
anything in efficiency, so drop this unnecessary complexity
in favour of simply storing all the bits in v7m.control.

This is a migration compatibility break for M profile
CPUs only.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484937883-1068-6-git-send-email-peter.maydell@linaro.org
[PMM: rewrote commit message;
 use deposit32(); use FIELD to define constants for
 masking and shifting of CONTROL register fields
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h       |  1 -
 target/arm/internals.h |  7 +++++++
 target/arm/helper.c    | 35 +++++++++++++++++++++++------------
 target/arm/machine.c   |  6 ++----
 4 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 151a5d7..521c11b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -405,7 +405,6 @@ typedef struct CPUARMState {
         uint32_t vecbase;
         uint32_t basepri;
         uint32_t control;
-        int current_sp;
         int exception;
     } v7m;
 
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3cae5ff..2e65bc1 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -25,6 +25,8 @@
 #ifndef TARGET_ARM_INTERNALS_H
 #define TARGET_ARM_INTERNALS_H
 
+#include "hw/registerfields.h"
+
 /* register banks for CPU modes */
 #define BANK_USRSYS 0
 #define BANK_SVC    1
@@ -75,6 +77,11 @@ static const char * const excnames[] = {
  */
 #define GTIMER_SCALE 16
 
+/* Bit definitions for the v7M CONTROL register */
+FIELD(V7M_CONTROL, NPRIV, 0, 1)
+FIELD(V7M_CONTROL, SPSEL, 1, 1)
+FIELD(V7M_CONTROL, FPCA, 2, 1)
+
 /*
  * For AArch64, map a given EL to an index in the banked_spsr array.
  * Note that this mapping and the AArch32 mapping defined in bank_number()
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8edb08c..dc383d1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5947,14 +5947,19 @@ static uint32_t v7m_pop(CPUARMState *env)
 }
 
 /* Switch to V7M main or process stack pointer.  */
-static void switch_v7m_sp(CPUARMState *env, int process)
+static void switch_v7m_sp(CPUARMState *env, bool new_spsel)
 {
     uint32_t tmp;
-    if (env->v7m.current_sp != process) {
+    bool old_spsel = env->v7m.control & R_V7M_CONTROL_SPSEL_MASK;
+
+    if (old_spsel != new_spsel) {
         tmp = env->v7m.other_sp;
         env->v7m.other_sp = env->regs[13];
         env->regs[13] = tmp;
-        env->v7m.current_sp = process;
+
+        env->v7m.control = deposit32(env->v7m.control,
+                                     R_V7M_CONTROL_SPSEL_SHIFT,
+                                     R_V7M_CONTROL_SPSEL_LENGTH, new_spsel);
     }
 }
 
@@ -6049,8 +6054,9 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
     arm_log_exception(cs->exception_index);
 
     lr = 0xfffffff1;
-    if (env->v7m.current_sp)
+    if (env->v7m.control & R_V7M_CONTROL_SPSEL_MASK) {
         lr |= 4;
+    }
     if (env->v7m.exception == 0)
         lr |= 8;
 
@@ -8294,9 +8300,11 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
 
     switch (reg) {
     case 8: /* MSP */
-        return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
+        return (env->v7m.control & R_V7M_CONTROL_SPSEL_MASK) ?
+            env->v7m.other_sp : env->regs[13];
     case 9: /* PSP */
-        return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
+        return (env->v7m.control & R_V7M_CONTROL_SPSEL_MASK) ?
+            env->regs[13] : env->v7m.other_sp;
     case 16: /* PRIMASK */
         return (env->daif & PSTATE_I) != 0;
     case 17: /* BASEPRI */
@@ -8326,16 +8334,18 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
         }
         break;
     case 8: /* MSP */
-        if (env->v7m.current_sp)
+        if (env->v7m.control & R_V7M_CONTROL_SPSEL_MASK) {
             env->v7m.other_sp = val;
-        else
+        } else {
             env->regs[13] = val;
+        }
         break;
     case 9: /* PSP */
-        if (env->v7m.current_sp)
+        if (env->v7m.control & R_V7M_CONTROL_SPSEL_MASK) {
             env->regs[13] = val;
-        else
+        } else {
             env->v7m.other_sp = val;
+        }
         break;
     case 16: /* PRIMASK */
         if (val & 1) {
@@ -8360,8 +8370,9 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
         }
         break;
     case 20: /* CONTROL */
-        env->v7m.control = val & 3;
-        switch_v7m_sp(env, (val & 2) != 0);
+        switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
+        env->v7m.control = val & (R_V7M_CONTROL_SPSEL_MASK |
+                                  R_V7M_CONTROL_NPRIV_MASK);
         break;
     default:
         qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 487320d..8d93571 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -99,15 +99,13 @@ static bool m_needed(void *opaque)
 
 static const VMStateDescription vmstate_m = {
     .name = "cpu/m",
-    .version_id = 1,
-    .minimum_version_id = 1,
+    .version_id = 2,
+    .minimum_version_id = 2,
     .needed = m_needed,
     .fields = (VMStateField[]) {
-        VMSTATE_UINT32(env.v7m.other_sp, ARMCPU),
         VMSTATE_UINT32(env.v7m.vecbase, ARMCPU),
         VMSTATE_UINT32(env.v7m.basepri, ARMCPU),
         VMSTATE_UINT32(env.v7m.control, ARMCPU),
-        VMSTATE_INT32(env.v7m.current_sp, ARMCPU),
         VMSTATE_INT32(env.v7m.exception, ARMCPU),
         VMSTATE_END_OF_LIST()
     }
-- 
2.7.4

[Qemu-devel] [PULL 07/22] armv7m: Clear FAULTMASK on return from non-NMI exceptions

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

FAULTMASK must be cleared on return from all
exceptions other than NMI.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484937883-1068-7-git-send-email-peter.maydell@linaro.org
---
 target/arm/helper.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index dc383d1..cfbc622 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5969,8 +5969,13 @@ static void do_v7m_exception_exit(CPUARMState *env)
     uint32_t xpsr;
 
     type = env->regs[15];
-    if (env->v7m.exception != 0)
+    if (env->v7m.exception != ARMV7M_EXCP_NMI) {
+        /* Auto-clear FAULTMASK on return from other than NMI */
+        env->daif &= ~PSTATE_F;
+    }
+    if (env->v7m.exception != 0) {
         armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
+    }
 
     /* Switch to the target stack.  */
     switch_v7m_sp(env, (type & 4) != 0);
-- 
2.7.4

[Qemu-devel] [PULL 08/22] pflash_cfi01: fix per-device sector length in CFI table

[Peter Maydell]

For configurations of the pflash_cfi01 device which set it up with a
device-width not equal to the width (ie where we are emulating
multiple narrow flash devices wired up in parallel), we were giving
incorrect values in the CFI data table:

(1) the sector length entry should specify the sector length for a
    single device, not the length for the overall collection of
    devices
(2) the number of blocks per device must not be divided by the
    number of devices because the resulting device size would not
    match the overall size
(3) this then means that the overall write block size must be
    modified depending on the number of devices because the entry is
    per device and when the guest writes into the flash it
    calculates the write size by using the CFI entry (write size
    per device) multiplied by the number of chips.
    (It would alternatively be possible to modify the write
    block size in the CFI table (currently hardcoded at 2048) and
    leave the overall write block size alone.)

This commit corrects these bugs, and adds a hw-compat property
to retain the old behaviour on 2.8 and earlier versions. (The
only board we have which uses this sort of flash config and
has machine versioning is the "virt" board -- the PC uses a
single flash device and so behaviour is unaffected whether
using old-multiple-chip-handling or not.)

Here is a configuration example from the vexpress board:

VEXPRESS_FLASH_SIZE = 64M
VEXPRESS_FLASH_SECT_SIZE 256K
num-blocks = VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE = 256
sector-length = 256K
width = 4
device-width = 2

The code will fill the CFI entry with the following entries:
  num-blocks = 256
  sector-length = 128K
  writeblock_size = 2048

This results in two chips, each with 256 * 128K = 32M device size and
a write block size of 2048.

A sector erase will be sent to both chips, thus 256K must be erased.
When the guest sends a block write command, it will write 4096 bytes
data at once (2048 per device).

Signed-off-by: David Engraf <david.engraf@sysgo.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: cleaned up and expanded commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/compat.h     |  4 ++++
 hw/block/pflash_cfi01.c | 22 +++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/include/hw/compat.h b/include/hw/compat.h
index 34e9b4a..ee0dd1b 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -10,6 +10,10 @@
         .driver   = "fw_cfg_io",\
         .property = "x-file-slots",\
         .value    = stringify(0x10),\
+    },{\
+        .driver   = "pflash_cfi01",\
+        .property = "old-multiple-chip-handling",\
+        .value    = "on",\
     },
 
 #define HW_COMPAT_2_7 \
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 5f0ee9d..71b98a3 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -99,6 +99,7 @@ struct pflash_t {
     char *name;
     void *storage;
     VMChangeStateEntry *vmstate;
+    bool old_multiple_chip_handling;
 };
 
 static int pflash_post_load(void *opaque, int version_id);
@@ -703,7 +704,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
     pflash_t *pfl = CFI_PFLASH01(dev);
     uint64_t total_len;
     int ret;
-    uint64_t blocks_per_device, device_len;
+    uint64_t blocks_per_device, sector_len_per_device, device_len;
     int num_devices;
     Error *local_err = NULL;
 
@@ -726,8 +727,14 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
      * in the cfi_table[].
      */
     num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
-    blocks_per_device = pfl->nb_blocs / num_devices;
-    device_len = pfl->sector_len * blocks_per_device;
+    if (pfl->old_multiple_chip_handling) {
+        blocks_per_device = pfl->nb_blocs / num_devices;
+        sector_len_per_device = pfl->sector_len;
+    } else {
+        blocks_per_device = pfl->nb_blocs;
+        sector_len_per_device = pfl->sector_len / num_devices;
+    }
+    device_len = sector_len_per_device * blocks_per_device;
 
     /* XXX: to be fixed */
 #if 0
@@ -832,6 +839,9 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
         pfl->cfi_table[0x2A] = 0x0B;
     }
     pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
+    if (!pfl->old_multiple_chip_handling && num_devices > 1) {
+        pfl->writeblock_size *= num_devices;
+    }
 
     pfl->cfi_table[0x2B] = 0x00;
     /* Number of erase block regions (uniform) */
@@ -839,8 +849,8 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
     /* Erase block region 1 */
     pfl->cfi_table[0x2D] = blocks_per_device - 1;
     pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
-    pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
-    pfl->cfi_table[0x30] = pfl->sector_len >> 16;
+    pfl->cfi_table[0x2F] = sector_len_per_device >> 8;
+    pfl->cfi_table[0x30] = sector_len_per_device >> 16;
 
     /* Extended */
     pfl->cfi_table[0x31] = 'P';
@@ -898,6 +908,8 @@ static Property pflash_cfi01_properties[] = {
     DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
     DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
     DEFINE_PROP_STRING("name", struct pflash_t, name),
+    DEFINE_PROP_BOOL("old-multiple-chip-handling", struct pflash_t,
+                     old_multiple_chip_handling, false),
     DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.7.4

[Qemu-devel] [PULL 09/22] target/arm: Drop IS_M() macro

[Peter Maydell]

We only use the IS_M() macro in two places, and it's a bit of a
namespace grab to put in cpu.h.  Drop it in favour of just explicitly
calling arm_feature() in the places where it was used.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-2-git-send-email-peter.maydell@linaro.org
---
 target/arm/cpu.h    | 6 ------
 target/arm/cpu.c    | 2 +-
 target/arm/helper.c | 2 +-
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 521c11b..b2cc329 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1762,12 +1762,6 @@ bool write_list_to_cpustate(ARMCPU *cpu);
  */
 bool write_cpustate_to_list(ARMCPU *cpu);
 
-/* Does the core conform to the "MicroController" profile. e.g. Cortex-M3.
-   Note the M in older cores (eg. ARM7TDMI) stands for Multiply. These are
-   conventional cores (ie. Application or Realtime profile).  */
-
-#define IS_M(env) arm_feature(env, ARM_FEATURE_M)
-
 #define ARM_CPUID_TI915T      0x54029152
 #define ARM_CPUID_TI925T      0x54029252
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 9075989..6395d5a 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -182,7 +182,7 @@ static void arm_cpu_reset(CPUState *s)
     /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
      * clear at reset. Initial SP and PC are loaded from ROM.
      */
-    if (IS_M(env)) {
+    if (arm_feature(env, ARM_FEATURE_M)) {
         uint32_t initial_msp; /* Loaded from 0x0 */
         uint32_t initial_pc; /* Loaded from 0x4 */
         uint8_t *rom;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index cfbc622..ce7e43b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6695,7 +6695,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
     CPUARMState *env = &cpu->env;
     unsigned int new_el = env->exception.target_el;
 
-    assert(!IS_M(env));
+    assert(!arm_feature(env, ARM_FEATURE_M));
 
     arm_log_exception(cs->exception_index);
     qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env),
-- 
2.7.4

[Qemu-devel] [PULL 10/22] armv7m_nvic: keep a pointer to the CPU

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

Many NVIC operations access the CPU state, so store a pointer in
struct nvic_state rather than fetching it via qemu_get_cpu() every
time we need it.

As with the arm_gicv3_common code, we currently just call
qemu_get_cpu() in the NVIC's realize method, but in future we might
want to use a QOM property to pass the CPU to the NVIC.

This imposes an ordering requirement that the CPU is
realized before the NVIC, but that is always true since
both are dealt with in armv7m_init().

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-3-git-send-email-peter.maydell@linaro.org
[PMM: Use qemu_get_cpu(0) rather than first_cpu; expand
 commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/armv7m_nvic.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 06d8db6..81dcb83 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -23,6 +23,7 @@
 
 typedef struct {
     GICState gic;
+    ARMCPU *cpu;
     struct {
         uint32_t control;
         uint32_t reload;
@@ -155,7 +156,7 @@ void armv7m_nvic_complete_irq(void *opaque, int irq)
 
 static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
 {
-    ARMCPU *cpu;
+    ARMCPU *cpu = s->cpu;
     uint32_t val;
     int irq;
 
@@ -187,11 +188,9 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
     case 0x1c: /* SysTick Calibration Value.  */
         return 10000;
     case 0xd00: /* CPUID Base.  */
-        cpu = ARM_CPU(qemu_get_cpu(0));
         return cpu->midr;
     case 0xd04: /* Interrupt Control State.  */
         /* VECTACTIVE */
-        cpu = ARM_CPU(qemu_get_cpu(0));
         val = cpu->env.v7m.exception;
         if (val == 1023) {
             val = 0;
@@ -222,7 +221,6 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
             val |= (1 << 31);
         return val;
     case 0xd08: /* Vector Table Offset.  */
-        cpu = ARM_CPU(qemu_get_cpu(0));
         return cpu->env.v7m.vecbase;
     case 0xd0c: /* Application Interrupt/Reset Control.  */
         return 0xfa050000;
@@ -296,7 +294,7 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
 
 static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
 {
-    ARMCPU *cpu;
+    ARMCPU *cpu = s->cpu;
     uint32_t oldval;
     switch (offset) {
     case 0x10: /* SysTick Control and Status.  */
@@ -349,7 +347,6 @@ static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
         }
         break;
     case 0xd08: /* Vector Table Offset.  */
-        cpu = ARM_CPU(qemu_get_cpu(0));
         cpu->env.v7m.vecbase = value & 0xffffff80;
         break;
     case 0xd0c: /* Application Interrupt/Reset Control.  */
@@ -495,6 +492,8 @@ static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
     NVICClass *nc = NVIC_GET_CLASS(s);
     Error *local_err = NULL;
 
+    s->cpu = ARM_CPU(qemu_get_cpu(0));
+    assert(s->cpu);
     /* The NVIC always has only one CPU */
     s->gic.num_cpu = 1;
     /* Tell the common code we're an NVIC */
-- 
2.7.4

[Qemu-devel] [PULL 11/22] armv7m: add state for v7M CCR, CFSR, HFSR, DFSR, MMFAR, BFAR

[Peter Maydell]

Add the structure fields, VMState fields, reset code and macros for
the v7M system control registers CCR, CFSR, HFSR, DFSR, MMFAR and
BFAR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-4-git-send-email-peter.maydell@linaro.org
---
 target/arm/cpu.h     | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 target/arm/cpu.c     |  7 +++++++
 target/arm/machine.c | 10 ++++++++--
 3 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b2cc329..4b062d2 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -21,6 +21,7 @@
 #define ARM_CPU_H
 
 #include "kvm-consts.h"
+#include "hw/registerfields.h"
 
 #if defined(TARGET_AARCH64)
   /* AArch64 definitions */
@@ -405,6 +406,12 @@ typedef struct CPUARMState {
         uint32_t vecbase;
         uint32_t basepri;
         uint32_t control;
+        uint32_t ccr; /* Configuration and Control */
+        uint32_t cfsr; /* Configurable Fault Status */
+        uint32_t hfsr; /* HardFault Status */
+        uint32_t dfsr; /* Debug Fault Status Register */
+        uint32_t mmfar; /* MemManage Fault Address */
+        uint32_t bfar; /* BusFault Address */
         int exception;
     } v7m;
 
@@ -1086,6 +1093,53 @@ enum arm_cpu_mode {
 #define ARM_IWMMXT_wCGR2	10
 #define ARM_IWMMXT_wCGR3	11
 
+/* V7M CCR bits */
+FIELD(V7M_CCR, NONBASETHRDENA, 0, 1)
+FIELD(V7M_CCR, USERSETMPEND, 1, 1)
+FIELD(V7M_CCR, UNALIGN_TRP, 3, 1)
+FIELD(V7M_CCR, DIV_0_TRP, 4, 1)
+FIELD(V7M_CCR, BFHFNMIGN, 8, 1)
+FIELD(V7M_CCR, STKALIGN, 9, 1)
+FIELD(V7M_CCR, DC, 16, 1)
+FIELD(V7M_CCR, IC, 17, 1)
+
+/* V7M CFSR bits for MMFSR */
+FIELD(V7M_CFSR, IACCVIOL, 0, 1)
+FIELD(V7M_CFSR, DACCVIOL, 1, 1)
+FIELD(V7M_CFSR, MUNSTKERR, 3, 1)
+FIELD(V7M_CFSR, MSTKERR, 4, 1)
+FIELD(V7M_CFSR, MLSPERR, 5, 1)
+FIELD(V7M_CFSR, MMARVALID, 7, 1)
+
+/* V7M CFSR bits for BFSR */
+FIELD(V7M_CFSR, IBUSERR, 8 + 0, 1)
+FIELD(V7M_CFSR, PRECISERR, 8 + 1, 1)
+FIELD(V7M_CFSR, IMPRECISERR, 8 + 2, 1)
+FIELD(V7M_CFSR, UNSTKERR, 8 + 3, 1)
+FIELD(V7M_CFSR, STKERR, 8 + 4, 1)
+FIELD(V7M_CFSR, LSPERR, 8 + 5, 1)
+FIELD(V7M_CFSR, BFARVALID, 8 + 7, 1)
+
+/* V7M CFSR bits for UFSR */
+FIELD(V7M_CFSR, UNDEFINSTR, 16 + 0, 1)
+FIELD(V7M_CFSR, INVSTATE, 16 + 1, 1)
+FIELD(V7M_CFSR, INVPC, 16 + 2, 1)
+FIELD(V7M_CFSR, NOCP, 16 + 3, 1)
+FIELD(V7M_CFSR, UNALIGNED, 16 + 8, 1)
+FIELD(V7M_CFSR, DIVBYZERO, 16 + 9, 1)
+
+/* V7M HFSR bits */
+FIELD(V7M_HFSR, VECTTBL, 1, 1)
+FIELD(V7M_HFSR, FORCED, 30, 1)
+FIELD(V7M_HFSR, DEBUGEVT, 31, 1)
+
+/* V7M DFSR bits */
+FIELD(V7M_DFSR, HALTED, 0, 1)
+FIELD(V7M_DFSR, BKPT, 1, 1)
+FIELD(V7M_DFSR, DWTTRAP, 2, 1)
+FIELD(V7M_DFSR, VCATCH, 3, 1)
+FIELD(V7M_DFSR, EXTERNAL, 4, 1)
+
 /* If adding a feature bit which corresponds to a Linux ELF
  * HWCAP bit, remember to update the feature-bit-to-hwcap
  * mapping in linux-user/elfload.c:get_elf_hwcap().
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 6395d5a..c804f59 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -188,6 +188,13 @@ static void arm_cpu_reset(CPUState *s)
         uint8_t *rom;
 
         env->daif &= ~PSTATE_I;
+
+        /* The reset value of this bit is IMPDEF, but ARM recommends
+         * that it resets to 1, so QEMU always does that rather than making
+         * it dependent on CPU model.
+         */
+        env->v7m.ccr = R_V7M_CCR_STKALIGN_MASK;
+
         rom = rom_ptr(0);
         if (rom) {
             /* Address zero is covered by ROM which hasn't yet been
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 8d93571..fa5ec76 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -99,13 +99,19 @@ static bool m_needed(void *opaque)
 
 static const VMStateDescription vmstate_m = {
     .name = "cpu/m",
-    .version_id = 2,
-    .minimum_version_id = 2,
+    .version_id = 3,
+    .minimum_version_id = 3,
     .needed = m_needed,
     .fields = (VMStateField[]) {
         VMSTATE_UINT32(env.v7m.vecbase, ARMCPU),
         VMSTATE_UINT32(env.v7m.basepri, ARMCPU),
         VMSTATE_UINT32(env.v7m.control, ARMCPU),
+        VMSTATE_UINT32(env.v7m.ccr, ARMCPU),
+        VMSTATE_UINT32(env.v7m.cfsr, ARMCPU),
+        VMSTATE_UINT32(env.v7m.hfsr, ARMCPU),
+        VMSTATE_UINT32(env.v7m.dfsr, ARMCPU),
+        VMSTATE_UINT32(env.v7m.mmfar, ARMCPU),
+        VMSTATE_UINT32(env.v7m.bfar, ARMCPU),
         VMSTATE_INT32(env.v7m.exception, ARMCPU),
         VMSTATE_END_OF_LIST()
     }
-- 
2.7.4

[Qemu-devel] [PULL 12/22] armv7m: implement CCR, CFSR, HFSR, DFSR, BFAR, and MMFAR

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

Implement the v7M system registers CCR, CFSR, HFSR, DFSR, BFAR and
MMFAR.  For the moment these simply read as written (with some basic
handling of RAZ/WI bits and W1C semantics).

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-5-git-send-email-peter.maydell@linaro.org
[PMM: drop warning about setting unimplemented CCR bits;
 tweak commit message; add DFSR]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/armv7m_nvic.c | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 81dcb83..60e72d7 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -228,8 +228,7 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
         /* TODO: Implement SLEEPONEXIT.  */
         return 0;
     case 0xd14: /* Configuration Control.  */
-        /* TODO: Implement Configuration Control bits.  */
-        return 0;
+        return cpu->env.v7m.ccr;
     case 0xd24: /* System Handler Status.  */
         val = 0;
         if (s->gic.irq_state[ARMV7M_EXCP_MEM].active) val |= (1 << 0);
@@ -248,16 +247,19 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t offset)
         if (s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled) val |= (1 << 18);
         return val;
     case 0xd28: /* Configurable Fault Status.  */
-        /* TODO: Implement Fault Status.  */
-        qemu_log_mask(LOG_UNIMP, "Configurable Fault Status unimplemented\n");
-        return 0;
+        return cpu->env.v7m.cfsr;
     case 0xd2c: /* Hard Fault Status.  */
+        return cpu->env.v7m.hfsr;
     case 0xd30: /* Debug Fault Status.  */
-    case 0xd34: /* Mem Manage Address.  */
+        return cpu->env.v7m.dfsr;
+    case 0xd34: /* MMFAR MemManage Fault Address */
+        return cpu->env.v7m.mmfar;
     case 0xd38: /* Bus Fault Address.  */
+        return cpu->env.v7m.bfar;
     case 0xd3c: /* Aux Fault Status.  */
         /* TODO: Implement fault status registers.  */
-        qemu_log_mask(LOG_UNIMP, "Fault status registers unimplemented\n");
+        qemu_log_mask(LOG_UNIMP,
+                      "Aux Fault status registers unimplemented\n");
         return 0;
     case 0xd40: /* PFR0.  */
         return 0x00000030;
@@ -366,9 +368,19 @@ static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
         }
         break;
     case 0xd10: /* System Control.  */
-    case 0xd14: /* Configuration Control.  */
         /* TODO: Implement control registers.  */
-        qemu_log_mask(LOG_UNIMP, "NVIC: SCR and CCR unimplemented\n");
+        qemu_log_mask(LOG_UNIMP, "NVIC: SCR unimplemented\n");
+        break;
+    case 0xd14: /* Configuration Control.  */
+        /* Enforce RAZ/WI on reserved and must-RAZ/WI bits */
+        value &= (R_V7M_CCR_STKALIGN_MASK |
+                  R_V7M_CCR_BFHFNMIGN_MASK |
+                  R_V7M_CCR_DIV_0_TRP_MASK |
+                  R_V7M_CCR_UNALIGN_TRP_MASK |
+                  R_V7M_CCR_USERSETMPEND_MASK |
+                  R_V7M_CCR_NONBASETHRDENA_MASK);
+
+        cpu->env.v7m.ccr = value;
         break;
     case 0xd24: /* System Handler Control.  */
         /* TODO: Real hardware allows you to set/clear the active bits
@@ -378,13 +390,23 @@ static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
         s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
         break;
     case 0xd28: /* Configurable Fault Status.  */
+        cpu->env.v7m.cfsr &= ~value; /* W1C */
+        break;
     case 0xd2c: /* Hard Fault Status.  */
+        cpu->env.v7m.hfsr &= ~value; /* W1C */
+        break;
     case 0xd30: /* Debug Fault Status.  */
+        cpu->env.v7m.dfsr &= ~value; /* W1C */
+        break;
     case 0xd34: /* Mem Manage Address.  */
+        cpu->env.v7m.mmfar = value;
+        return;
     case 0xd38: /* Bus Fault Address.  */
+        cpu->env.v7m.bfar = value;
+        return;
     case 0xd3c: /* Aux Fault Status.  */
         qemu_log_mask(LOG_UNIMP,
-                      "NVIC: fault status registers unimplemented\n");
+                      "NVIC: Aux fault status registers unimplemented\n");
         break;
     case 0xf00: /* Software Triggered Interrupt Register */
         if ((value & 0x1ff) < s->num_irq) {
-- 
2.7.4

[Qemu-devel] [PULL 13/22] armv7m: honour CCR.STACKALIGN on exception entry

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

The CCR.STACKALIGN bit controls whether the CPU is supposed to force
8-alignment of the stack pointer on entry to the exception handler.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Message-id: 1485285380-10565-6-git-send-email-peter.maydell@linaro.org
[PMM: commit message and comment tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ce7e43b..7dc30f5 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6110,10 +6110,8 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
         return; /* Never happens.  Keep compiler happy.  */
     }
 
-    /* Align stack pointer.  */
-    /* ??? Should only do this if Configuration Control Register
-       STACKALIGN bit is set.  */
-    if (env->regs[13] & 4) {
+    /* Align stack pointer if the guest wants that */
+    if ((env->regs[13] & 4) && (env->v7m.ccr & R_V7M_CCR_STKALIGN_MASK)) {
         env->regs[13] -= 4;
         xpsr |= 0x200;
     }
-- 
2.7.4

[Qemu-devel] [PULL 14/22] armv7m: set CFSR.UNDEFINSTR on undefined instructions

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

When we take an exception for an undefined instruction, set the
appropriate CFSR bit.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-7-git-send-email-peter.maydell@linaro.org
[PMM: tweaked commit message, comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7dc30f5..e6b1c36 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6072,6 +6072,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
     switch (cs->exception_index) {
     case EXCP_UDEF:
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+        env->v7m.cfsr |= R_V7M_CFSR_UNDEFINSTR_MASK;
         return;
     case EXCP_SWI:
         /* The PC already points to the next instruction.  */
-- 
2.7.4

[Qemu-devel] [PULL 15/22] armv7m: Report no-coprocessor faults correctly

[Peter Maydell]

For v7M attempts to access a nonexistent coprocessor are reported
differently from plain undefined instructions (as UsageFaults of type
NOCP rather than type UNDEFINSTR).  Split them out into a new
EXCP_NOCP so we can report the FSR value correctly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-8-git-send-email-peter.maydell@linaro.org
---
 target/arm/cpu.h       | 1 +
 linux-user/main.c      | 1 +
 target/arm/helper.c    | 4 ++++
 target/arm/translate.c | 8 ++++++++
 4 files changed, 14 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4b062d2..39bff86 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -53,6 +53,7 @@
 #define EXCP_VIRQ           14
 #define EXCP_VFIQ           15
 #define EXCP_SEMIHOST       16   /* semihosting call */
+#define EXCP_NOCP           17   /* v7M NOCP UsageFault */
 
 #define ARMV7M_EXCP_RESET   1
 #define ARMV7M_EXCP_NMI     2
diff --git a/linux-user/main.c b/linux-user/main.c
index f5c8557..3004958 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -573,6 +573,7 @@ void cpu_loop(CPUARMState *env)
 
         switch(trapnr) {
         case EXCP_UDEF:
+        case EXCP_NOCP:
             {
                 TaskState *ts = cs->opaque;
                 uint32_t opcode;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e6b1c36..c23df1b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6074,6 +6074,10 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
         env->v7m.cfsr |= R_V7M_CFSR_UNDEFINSTR_MASK;
         return;
+    case EXCP_NOCP:
+        armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+        env->v7m.cfsr |= R_V7M_CFSR_NOCP_MASK;
+        return;
     case EXCP_SWI:
         /* The PC already points to the next instruction.  */
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index a7c2abe..493c627 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -10217,6 +10217,14 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
         break;
     case 6: case 7: case 14: case 15:
         /* Coprocessor.  */
+        if (arm_dc_feature(s, ARM_FEATURE_M)) {
+            /* We don't currently implement M profile FP support,
+             * so this entire space should give a NOCP fault.
+             */
+            gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
+                               default_exception_el(s));
+            break;
+        }
         if (((insn >> 24) & 3) == 3) {
             /* Translate into the equivalent ARM encoding.  */
             insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
-- 
2.7.4

[Qemu-devel] [PULL 16/22] armv7m: Honour CCR.USERSETMPEND

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

The CCR.USERSETMPEND bit has to be set to permit unprivileged code to
write to the Software Triggered Interrupt register; honour this bit
rather than letting any code write to the register.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-9-git-send-email-peter.maydell@linaro.org
[PMM: Tweak commit message, comment, phrasing of condition]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/armv7m_nvic.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 60e72d7..fe5c303 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -409,7 +409,10 @@ static void nvic_writel(nvic_state *s, uint32_t offset, uint32_t value)
                       "NVIC: Aux fault status registers unimplemented\n");
         break;
     case 0xf00: /* Software Triggered Interrupt Register */
-        if ((value & 0x1ff) < s->num_irq) {
+        /* user mode can only write to STIR if CCR.USERSETMPEND permits it */
+        if ((value & 0x1ff) < s->num_irq &&
+            (arm_current_el(&cpu->env) ||
+             (cpu->env.v7m.ccr & R_V7M_CCR_USERSETMPEND_MASK))) {
             gic_set_pending_private(&s->gic, 0, value & 0x1ff);
         }
         break;
-- 
2.7.4

[Qemu-devel] [PULL 17/22] armv7m: FAULTMASK should be 0 on reset

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

For M profile CPUs, FAULTMASK should be 0 on reset, like PRIMASK.
QEMU stores FAULTMASK in the PSTATE F bit, so (as with PRIMASK in the
I bit) we have to clear these to undo the A profile default of 1.

Update the comment accordingly and move it so that it's closer to the
code it's referring to.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-10-git-send-email-peter.maydell@linaro.org
[PMM: rewrote commit message, moved comments]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index c804f59..0814f73 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -179,15 +179,16 @@ static void arm_cpu_reset(CPUState *s)
     /* SVC mode with interrupts disabled.  */
     env->uncached_cpsr = ARM_CPU_MODE_SVC;
     env->daif = PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F;
-    /* On ARMv7-M the CPSR_I is the value of the PRIMASK register, and is
-     * clear at reset. Initial SP and PC are loaded from ROM.
-     */
+
     if (arm_feature(env, ARM_FEATURE_M)) {
         uint32_t initial_msp; /* Loaded from 0x0 */
         uint32_t initial_pc; /* Loaded from 0x4 */
         uint8_t *rom;
 
-        env->daif &= ~PSTATE_I;
+        /* For M profile we store FAULTMASK and PRIMASK in the
+         * PSTATE F and I bits; these are both clear at reset.
+         */
+        env->daif &= ~(PSTATE_I | PSTATE_F);
 
         /* The reset value of this bit is IMPDEF, but ARM recommends
          * that it resets to 1, so QEMU always does that rather than making
@@ -195,6 +196,7 @@ static void arm_cpu_reset(CPUState *s)
          */
         env->v7m.ccr = R_V7M_CCR_STKALIGN_MASK;
 
+        /* Load the initial SP and PC from the vector table at address 0 */
         rom = rom_ptr(0);
         if (rom) {
             /* Address zero is covered by ROM which hasn't yet been
-- 
2.7.4

[Qemu-devel] [PULL 18/22] armv7m: R14 should reset to 0xffffffff

[Peter Maydell]

For M profile (unlike A profile) the reset value of R14 is specified
as 0xffffffff.  (The rationale is that this is an illegal exception
return value, so if guest code tries to return to it it will result
in a helpful exception.)

Registers r0 to r12 and the flags are architecturally UNKNOWN on
reset, so we leave those at zero.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1485285380-10565-11-git-send-email-peter.maydell@linaro.org
---
 target/arm/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 0814f73..e9f10f7 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -196,6 +196,9 @@ static void arm_cpu_reset(CPUState *s)
          */
         env->v7m.ccr = R_V7M_CCR_STKALIGN_MASK;
 
+        /* Unlike A/R profile, M profile defines the reset LR value */
+        env->regs[14] = 0xffffffff;
+
         /* Load the initial SP and PC from the vector table at address 0 */
         rom = rom_ptr(0);
         if (rom) {
-- 
2.7.4

[Qemu-devel] [PULL 19/22] arm: stellaris: make MII accesses complete immediately

[Peter Maydell]

From: Michael Davidsaver <mdavidsaver@gmail.com>

When the guest attempts to start an MII register
access via the MCTL register, clear the START bit,
so that when the guest reads it back the register
transaction will be signalled as having completed.
This avoids the guest spinning as it polls the
START bit waiting for it to clear (which it
previously never would).

The  MII registers themselves still aren't implemented,
but at least we can avoid guests spending quite so much
time busy waiting.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1484938222-1423-1-git-send-email-peter.maydell@linaro.org
[PMM: expand commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/net/stellaris_enet.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
index 957730e..04bd10a 100644
--- a/hw/net/stellaris_enet.c
+++ b/hw/net/stellaris_enet.c
@@ -416,7 +416,10 @@ static void stellaris_enet_write(void *opaque, hwaddr offset,
         s->thr = value;
         break;
     case 0x20: /* MCTL */
-        s->mctl = value;
+        /* TODO: MII registers aren't modelled.
+         * Clear START, indicating that the operation completes immediately.
+         */
+        s->mctl = value & ~1;
         break;
     case 0x24: /* MDV */
         s->mdv = value;
-- 
2.7.4

[Qemu-devel] [PULL 20/22] hw/char/exynos4210_uart: Drop unused local variable frame_size

[Peter Maydell]

The frame_size local variable in exynos4210_uart_update_parameters()
is calculated but never used (and has been this way since the
device was introduced in commit e5a4914efc7). The qemu_chr_fe_ioctl()
doesn't need this information (if it really wanted it it could
calculate it from the parity/data_bits/stop_bits), so just drop
the variable entirely.

Fixes: https://bugs.launchpad.net/bugs/1655702

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1484589515-26353-1-git-send-email-peter.maydell@linaro.org
---
 hw/char/exynos4210_uart.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/char/exynos4210_uart.c b/hw/char/exynos4210_uart.c
index 820d1ab..0cd3dd3 100644
--- a/hw/char/exynos4210_uart.c
+++ b/hw/char/exynos4210_uart.c
@@ -306,7 +306,7 @@ static void exynos4210_uart_update_irq(Exynos4210UartState *s)
 
 static void exynos4210_uart_update_parameters(Exynos4210UartState *s)
 {
-    int speed, parity, data_bits, stop_bits, frame_size;
+    int speed, parity, data_bits, stop_bits;
     QEMUSerialSetParams ssp;
     uint64_t uclk_rate;
 
@@ -314,9 +314,7 @@ static void exynos4210_uart_update_parameters(Exynos4210UartState *s)
         return;
     }
 
-    frame_size = 1; /* start bit */
     if (s->reg[I_(ULCON)] & 0x20) {
-        frame_size++; /* parity bit */
         if (s->reg[I_(ULCON)] & 0x28) {
             parity = 'E';
         } else {
@@ -334,8 +332,6 @@ static void exynos4210_uart_update_parameters(Exynos4210UartState *s)
 
     data_bits = (s->reg[I_(ULCON)] & 0x3) + 5;
 
-    frame_size += data_bits + stop_bits;
-
     uclk_rate = 24000000;
 
     speed = uclk_rate / ((16 * (s->reg[I_(UBRDIV)]) & 0xffff) +
-- 
2.7.4

[Qemu-devel] [PULL 21/22] arm_gicv3: Fix broken logic in ELRSR calculation

[Peter Maydell]

Fix a broken expression in the calculation of ELRSR
register bits: instead of "(lr & ICH_LR_EL2_HW) == 1"
we want to check for != 0, because the HW bit is not
bit 0 so a test for == 1 is always false.

Fixes: https://bugs.launchpad.net/bugs/1658506

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1485255993-6322-1-git-send-email-peter.maydell@linaro.org
---
 hw/intc/arm_gicv3_cpuif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index a9ee7fd..c25ee03 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -2430,7 +2430,7 @@ static uint64_t ich_elrsr_read(CPUARMState *env, const ARMCPRegInfo *ri)
         uint64_t lr = cs->ich_lr_el2[i];
 
         if ((lr & ICH_LR_EL2_STATE_MASK) == 0 &&
-            ((lr & ICH_LR_EL2_HW) == 1 || (lr & ICH_LR_EL2_EOI) == 0)) {
+            ((lr & ICH_LR_EL2_HW) != 0 || (lr & ICH_LR_EL2_EOI) == 0)) {
             value |= (1 << i);
         }
     }
-- 
2.7.4

[Qemu-devel] [PULL 22/22] dma: omap: check dma channel data_type

[Peter Maydell]

From: Prasad J Pandit <pjp@fedoraproject.org>

When setting dma channel 'data_type', if (value & 3) == 3,
the set 'data_type' is said to be bad. This also leads to an
OOB access in 'omap_dma_transfer_generic', while doing
cpu_physical_memory_r/w operations. Add check to avoid it.

Reported-by: Jiang Xin <jiangxin1@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170127120528.30959-1-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/dma/omap_dma.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c
index f6f86f9..45dfe7a 100644
--- a/hw/dma/omap_dma.c
+++ b/hw/dma/omap_dma.c
@@ -878,15 +878,17 @@ static int omap_dma_ch_reg_write(struct omap_dma_s *s,
         ch->burst[0] = (value & 0x0180) >> 7;
         ch->pack[0] = (value & 0x0040) >> 6;
         ch->port[0] = (enum omap_dma_port) ((value & 0x003c) >> 2);
-        ch->data_type = 1 << (value & 3);
         if (ch->port[0] >= __omap_dma_port_last)
             printf("%s: invalid DMA port %i\n", __FUNCTION__,
                             ch->port[0]);
         if (ch->port[1] >= __omap_dma_port_last)
             printf("%s: invalid DMA port %i\n", __FUNCTION__,
                             ch->port[1]);
-        if ((value & 3) == 3)
+        ch->data_type = 1 << (value & 3);
+        if ((value & 3) == 3) {
             printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
+            ch->data_type >>= 1;
+        }
         break;
 
     case 0x02:	/* SYS_DMA_CCR_CH0 */
@@ -1988,8 +1990,10 @@ static void omap_dma4_write(void *opaque, hwaddr addr,
             fprintf(stderr, "%s: bad MReqAddressTranslate sideband signal\n",
                             __FUNCTION__);
         ch->data_type = 1 << (value & 3);
-        if ((value & 3) == 3)
+        if ((value & 3) == 3) {
             printf("%s: bad data_type for DMA channel\n", __FUNCTION__);
+            ch->data_type >>= 1;
+        }
         break;
 
     case 0x14:	/* DMA4_CEN */
-- 
2.7.4

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PULL 00/22] target-arm queue
Message-id: 1485531137-2362-1-git-send-email-peter.maydell@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/1485447262-27014-1-git-send-email-mst@redhat.com -> patchew/1485447262-27014-1-git-send-email-mst@redhat.com
 * [new tag]         patchew/1485531137-2362-1-git-send-email-peter.maydell@linaro.org -> patchew/1485531137-2362-1-git-send-email-peter.maydell@linaro.org
Switched to a new branch 'test'
51b769b dma: omap: check dma channel data_type
f9f7f1b arm_gicv3: Fix broken logic in ELRSR calculation
55b3d0c hw/char/exynos4210_uart: Drop unused local variable frame_size
a18e1b9 arm: stellaris: make MII accesses complete immediately
19ff761 armv7m: R14 should reset to 0xffffffff
c825a48 armv7m: FAULTMASK should be 0 on reset
44c8660 armv7m: Honour CCR.USERSETMPEND
a868e15 armv7m: Report no-coprocessor faults correctly
f76a2fa armv7m: set CFSR.UNDEFINSTR on undefined instructions
7b16c2e armv7m: honour CCR.STACKALIGN on exception entry
5b10d87 armv7m: implement CCR, CFSR, HFSR, DFSR, BFAR, and MMFAR
275e822 armv7m: add state for v7M CCR, CFSR, HFSR, DFSR, MMFAR, BFAR
16dcdc1 armv7m_nvic: keep a pointer to the CPU
3dc52da target/arm: Drop IS_M() macro
e6c3816 pflash_cfi01: fix per-device sector length in CFI table
f83ac4e armv7m: Clear FAULTMASK on return from non-NMI exceptions
b62c642 armv7m: Fix reads of CONTROL register bit 1
698250d hw/registerfields.h: Pull FIELD etc macros out of hw/register.h
07c53ea armv7m: Explicit error for bad vector table
7acb50c armv7m: Replace armv7m.hack with unassigned_access handler
eb2c228 armv7m: MRS/MSR: handle unprivileged access
c1d24d5 aspeed/smc: handle dummy bytes when doing fast reads in command mode

=== OUTPUT BEGIN ===
Checking PATCH 1/22: aspeed/smc: handle dummy bytes when doing fast reads in command mode...
Checking PATCH 2/22: armv7m: MRS/MSR: handle unprivileged access...
Checking PATCH 3/22: armv7m: Replace armv7m.hack with unassigned_access handler...
Checking PATCH 4/22: armv7m: Explicit error for bad vector table...
Checking PATCH 5/22: hw/registerfields.h: Pull FIELD etc macros out of hw/register.h...
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#112: FILE: include/hw/registerfields.h:19:
+#define REG32(reg, addr)                                                  \
+    enum { A_ ## reg = (addr) };                                          \
+    enum { R_ ## reg = (addr) / 4 };

ERROR: trailing whitespace
#118: FILE: include/hw/registerfields.h:25:
+/* This macro will define FOO_BAR_MASK, FOO_BAR_SHIFT and FOO_BAR_LENGTH $

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#121: FILE: include/hw/registerfields.h:28:
+#define FIELD(reg, field, shift, length)                                  \
+    enum { R_ ## reg ## _ ## field ## _SHIFT = (shift)};                  \
+    enum { R_ ## reg ## _ ## field ## _LENGTH = (length)};                \
+    enum { R_ ## reg ## _ ## field ## _MASK =                             \
+                                        MAKE_64BIT_MASK(shift, length)};

total: 3 errors, 0 warnings, 117 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/22: armv7m: Fix reads of CONTROL register bit 1...
Checking PATCH 7/22: armv7m: Clear FAULTMASK on return from non-NMI exceptions...
Checking PATCH 8/22: pflash_cfi01: fix per-device sector length in CFI table...
Checking PATCH 9/22: target/arm: Drop IS_M() macro...
Checking PATCH 10/22: armv7m_nvic: keep a pointer to the CPU...
Checking PATCH 11/22: armv7m: add state for v7M CCR, CFSR, HFSR, DFSR, MMFAR, BFAR...
Checking PATCH 12/22: armv7m: implement CCR, CFSR, HFSR, DFSR, BFAR, and MMFAR...
Checking PATCH 13/22: armv7m: honour CCR.STACKALIGN on exception entry...
Checking PATCH 14/22: armv7m: set CFSR.UNDEFINSTR on undefined instructions...
Checking PATCH 15/22: armv7m: Report no-coprocessor faults correctly...
Checking PATCH 16/22: armv7m: Honour CCR.USERSETMPEND...
Checking PATCH 17/22: armv7m: FAULTMASK should be 0 on reset...
Checking PATCH 18/22: armv7m: R14 should reset to 0xffffffff...
Checking PATCH 19/22: arm: stellaris: make MII accesses complete immediately...
Checking PATCH 20/22: hw/char/exynos4210_uart: Drop unused local variable frame_size...
Checking PATCH 21/22: arm_gicv3: Fix broken logic in ELRSR calculation...
Checking PATCH 22/22: dma: omap: check dma channel data_type...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On 27 January 2017 at 15:31, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM queue; the bulk of this is M profile bugfixes.
>
> thanks
> -- PMM

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

Arm stuff, mostly patches from RTH.

thanks
-- PMM

The following changes since commit 01a9a51ffaf4699827ea6425cb2b834a356e159d:

  Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190205-pull-request' into staging (2019-02-05 14:01:29 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190205

for you to fetch changes up to a15945d98d3a3390c3da344d1b47218e91e49d8b:

  target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI (2019-02-05 16:52:42 +0000)

----------------------------------------------------------------
target-arm queue:
 * Implement Armv8.5-BTI extension for system emulation mode
 * Implement the PR_PAC_RESET_KEYS prctl() for linux-user mode's Armv8.3-PAuth support
 * Support TBI (top-byte-ignore) properly for linux-user mode
 * gdbstub: allow killing QEMU via vKill command
 * hw/arm/boot: Support DTB autoload for firmware-only boots
 * target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI

----------------------------------------------------------------
Max Filippov (1):
      gdbstub: allow killing QEMU via vKill command

Peter Maydell (7):
      target/arm: Compute TB_FLAGS for TBI for user-only
      hw/arm/boot: Fix block comment style in arm_load_kernel()
      hw/arm/boot: Factor out "direct kernel boot" code into its own function
      hw/arm/boot: Factor out "set up firmware boot" code
      hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
      hw/arm/boot: Support DTB autoload for firmware-only boots
      target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI

Richard Henderson (14):
      target/arm: Introduce isar_feature_aa64_bti
      target/arm: Add PSTATE.BTYPE
      target/arm: Add BT and BTYPE to tb->flags
      exec: Add target-specific tlb bits to MemTxAttrs
      target/arm: Cache the GP bit for a page in MemTxAttrs
      target/arm: Default handling of BTYPE during translation
      target/arm: Reset btype for direct branches
      target/arm: Set btype for indirect branches
      target/arm: Enable BTI for -cpu max
      linux-user: Implement PR_PAC_RESET_KEYS
      tests/tcg/aarch64: Add pauth smoke test
      target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
      target/arm: Clean TBI for data operations in the translator
      target/arm: Enable TBI for user-only

 tests/tcg/aarch64/Makefile.target   |   6 +-
 include/exec/memattrs.h             |  10 +
 linux-user/aarch64/target_syscall.h |   7 +
 target/arm/cpu.h                    |  27 +-
 target/arm/internals.h              |  27 +-
 target/arm/translate.h              |  12 +-
 gdbstub.c                           |   4 +
 hw/arm/boot.c                       | 166 +++++++------
 linux-user/syscall.c                |  36 +++
 target/arm/cpu.c                    |   6 +
 target/arm/cpu64.c                  |   4 +
 target/arm/helper.c                 |  80 +++---
 target/arm/translate-a64.c          | 476 +++++++++++++++++++++++++-----------
 tests/tcg/aarch64/pauth-1.c         |  23 ++
 14 files changed, 623 insertions(+), 261 deletions(-)
 create mode 100644 tests/tcg/aarch64/pauth-1.c

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190205170510.21984-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULL 00/22] target-arm queue
Type: series
Message-id: 20190205170510.21984-1-peter.maydell@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]               patchew/20190205170510.21984-1-peter.maydell@linaro.org -> patchew/20190205170510.21984-1-peter.maydell@linaro.org
Switched to a new branch 'test'
6ffc7d7c6e target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
30bbbd5fe4 hw/arm/boot: Support DTB autoload for firmware-only boots
7bd500bd87 hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
25e1889da8 hw/arm/boot: Factor out "set up firmware boot" code
50de45269e hw/arm/boot: Factor out "direct kernel boot" code into its own function
aca9c240aa hw/arm/boot: Fix block comment style in arm_load_kernel()
78941d8842 gdbstub: allow killing QEMU via vKill command
721a4323d6 target/arm: Enable TBI for user-only
362b79acbb target/arm: Compute TB_FLAGS for TBI for user-only
1fc2220bbf target/arm: Clean TBI for data operations in the translator
0f5454a0fe target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
959de989c7 tests/tcg/aarch64: Add pauth smoke test
642c75987d linux-user: Implement PR_PAC_RESET_KEYS
39bd3e614f target/arm: Enable BTI for -cpu max
45c6a616a9 target/arm: Set btype for indirect branches
668e1edaf5 target/arm: Reset btype for direct branches
d58c736883 target/arm: Default handling of BTYPE during translation
a853f2b383 target/arm: Cache the GP bit for a page in MemTxAttrs
74d53e27f0 exec: Add target-specific tlb bits to MemTxAttrs
1f99e8c899 target/arm: Add BT and BTYPE to tb->flags
a95068bf12 target/arm: Add PSTATE.BTYPE
a20e5cc7a6 target/arm: Introduce isar_feature_aa64_bti

=== OUTPUT BEGIN ===
1/22 Checking commit a20e5cc7a61e (target/arm: Introduce isar_feature_aa64_bti)
2/22 Checking commit a95068bf1254 (target/arm: Add PSTATE.BTYPE)
3/22 Checking commit 1f99e8c899f8 (target/arm: Add BT and BTYPE to tb->flags)
4/22 Checking commit 74d53e27f036 (exec: Add target-specific tlb bits to MemTxAttrs)
ERROR: spaces prohibited around that ':' (ctx:WxW)
#31: FILE: include/exec/memattrs.h:47:
+    unsigned int target_tlb_bit0 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#32: FILE: include/exec/memattrs.h:48:
+    unsigned int target_tlb_bit1 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#33: FILE: include/exec/memattrs.h:49:
+    unsigned int target_tlb_bit2 : 1;
                                  ^

total: 3 errors, 0 warnings, 16 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/22 Checking commit a853f2b383d2 (target/arm: Cache the GP bit for a page in MemTxAttrs)
6/22 Checking commit d58c736883d2 (target/arm: Default handling of BTYPE during translation)
ERROR: return is not a function, parentheses are not required
#99: FILE: target/arm/translate-a64.c:13796:
+    return (tlb_hit(entry->addr_code, addr) &&

total: 1 errors, 0 warnings, 196 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

7/22 Checking commit 668e1edaf5b8 (target/arm: Reset btype for direct branches)
8/22 Checking commit 45c6a616a907 (target/arm: Set btype for indirect branches)
9/22 Checking commit 39bd3e614f92 (target/arm: Enable BTI for -cpu max)
10/22 Checking commit 642c75987d31 (linux-user: Implement PR_PAC_RESET_KEYS)
11/22 Checking commit 959de989c7b4 (tests/tcg/aarch64: Add pauth smoke test)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#34: 
new file mode 100644

total: 0 errors, 1 warnings, 38 lines checked

Patch 11/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/22 Checking commit 0f5454a0fe1d (target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore)
13/22 Checking commit 1fc2220bbf43 (target/arm: Clean TBI for data operations in the translator)
WARNING: Block comments use a leading /* on a separate line
#514: FILE: target/arm/translate-a64.c:3256:
+    do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,

total: 0 errors, 1 warnings, 574 lines checked

Patch 13/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/22 Checking commit 362b79acbbb0 (target/arm: Compute TB_FLAGS for TBI for user-only)
15/22 Checking commit 721a4323d693 (target/arm: Enable TBI for user-only)
16/22 Checking commit 78941d8842e8 (gdbstub: allow killing QEMU via vKill command)
17/22 Checking commit aca9c240aa47 (hw/arm/boot: Fix block comment style in arm_load_kernel())
18/22 Checking commit 50de45269e4d (hw/arm/boot: Factor out "direct kernel boot" code into its own function)
19/22 Checking commit 25e1889da8c6 (hw/arm/boot: Factor out "set up firmware boot" code)
20/22 Checking commit 7bd500bd874d (hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info)
21/22 Checking commit 30bbbd5fe454 (hw/arm/boot: Support DTB autoload for firmware-only boots)
22/22 Checking commit 6ffc7d7c6eef (target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190205170510.21984-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190205170510.21984-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190205170510.21984-1-peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 00/22] target-arm queue
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   01a9a51..68df0c3  master     -> master
 - [tag update]      patchew/20190205151810.571-1-peter.maydell@linaro.org -> patchew/20190205151810.571-1-peter.maydell@linaro.org
 * [new tag]         patchew/20190205165927.26599-1-samuel.thibault@ens-lyon.org -> patchew/20190205165927.26599-1-samuel.thibault@ens-lyon.org
 * [new tag]         patchew/20190205170510.21984-1-peter.maydell@linaro.org -> patchew/20190205170510.21984-1-peter.maydell@linaro.org
Switched to a new branch 'test'
6ffc7d7 target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
30bbbd5 hw/arm/boot: Support DTB autoload for firmware-only boots
7bd500b hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
25e1889 hw/arm/boot: Factor out "set up firmware boot" code
50de452 hw/arm/boot: Factor out "direct kernel boot" code into its own function
aca9c24 hw/arm/boot: Fix block comment style in arm_load_kernel()
78941d8 gdbstub: allow killing QEMU via vKill command
721a432 target/arm: Enable TBI for user-only
362b79a target/arm: Compute TB_FLAGS for TBI for user-only
1fc2220 target/arm: Clean TBI for data operations in the translator
0f5454a target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
959de98 tests/tcg/aarch64: Add pauth smoke test
642c759 linux-user: Implement PR_PAC_RESET_KEYS
39bd3e6 target/arm: Enable BTI for -cpu max
45c6a61 target/arm: Set btype for indirect branches
668e1ed target/arm: Reset btype for direct branches
d58c736 target/arm: Default handling of BTYPE during translation
a853f2b target/arm: Cache the GP bit for a page in MemTxAttrs
74d53e2 exec: Add target-specific tlb bits to MemTxAttrs
1f99e8c target/arm: Add BT and BTYPE to tb->flags
a95068b target/arm: Add PSTATE.BTYPE
a20e5cc target/arm: Introduce isar_feature_aa64_bti

=== OUTPUT BEGIN ===
1/22 Checking commit a20e5cc7a61e (target/arm: Introduce isar_feature_aa64_bti)
2/22 Checking commit a95068bf1254 (target/arm: Add PSTATE.BTYPE)
3/22 Checking commit 1f99e8c899f8 (target/arm: Add BT and BTYPE to tb->flags)
4/22 Checking commit 74d53e27f036 (exec: Add target-specific tlb bits to MemTxAttrs)
ERROR: spaces prohibited around that ':' (ctx:WxW)
#31: FILE: include/exec/memattrs.h:47:
+    unsigned int target_tlb_bit0 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#32: FILE: include/exec/memattrs.h:48:
+    unsigned int target_tlb_bit1 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#33: FILE: include/exec/memattrs.h:49:
+    unsigned int target_tlb_bit2 : 1;
                                  ^

total: 3 errors, 0 warnings, 16 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/22 Checking commit a853f2b383d2 (target/arm: Cache the GP bit for a page in MemTxAttrs)
6/22 Checking commit d58c736883d2 (target/arm: Default handling of BTYPE during translation)
ERROR: return is not a function, parentheses are not required
#99: FILE: target/arm/translate-a64.c:13796:
+    return (tlb_hit(entry->addr_code, addr) &&

total: 1 errors, 0 warnings, 196 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

7/22 Checking commit 668e1edaf5b8 (target/arm: Reset btype for direct branches)
8/22 Checking commit 45c6a616a907 (target/arm: Set btype for indirect branches)
9/22 Checking commit 39bd3e614f92 (target/arm: Enable BTI for -cpu max)
10/22 Checking commit 642c75987d31 (linux-user: Implement PR_PAC_RESET_KEYS)
11/22 Checking commit 959de989c7b4 (tests/tcg/aarch64: Add pauth smoke test)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#34: 
new file mode 100644

total: 0 errors, 1 warnings, 38 lines checked

Patch 11/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/22 Checking commit 0f5454a0fe1d (target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore)
13/22 Checking commit 1fc2220bbf43 (target/arm: Clean TBI for data operations in the translator)
WARNING: Block comments use a leading /* on a separate line
#514: FILE: target/arm/translate-a64.c:3256:
+    do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,

total: 0 errors, 1 warnings, 574 lines checked

Patch 13/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/22 Checking commit 362b79acbbb0 (target/arm: Compute TB_FLAGS for TBI for user-only)
15/22 Checking commit 721a4323d693 (target/arm: Enable TBI for user-only)
16/22 Checking commit 78941d8842e8 (gdbstub: allow killing QEMU via vKill command)
17/22 Checking commit aca9c240aa47 (hw/arm/boot: Fix block comment style in arm_load_kernel())
18/22 Checking commit 50de45269e4d (hw/arm/boot: Factor out "direct kernel boot" code into its own function)
19/22 Checking commit 25e1889da8c6 (hw/arm/boot: Factor out "set up firmware boot" code)
20/22 Checking commit 7bd500bd874d (hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info)
21/22 Checking commit 30bbbd5fe454 (hw/arm/boot: Support DTB autoload for firmware-only boots)
22/22 Checking commit 6ffc7d7c6eef (target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190205170510.21984-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190205170510.21984-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULL 00/22] target-arm queue
Type: series
Message-id: 20190205170510.21984-1-peter.maydell@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   68df0c30ed..9669c97562  master     -> master
 t [tag update]            patchew/20190129175403.18017-1-philmd@redhat.com -> patchew/20190129175403.18017-1-philmd@redhat.com
 t [tag update]            patchew/20190205170510.21984-1-peter.maydell@linaro.org -> patchew/20190205170510.21984-1-peter.maydell@linaro.org
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
66423fc523 target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
a61dad4237 hw/arm/boot: Support DTB autoload for firmware-only boots
7688aee282 hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info
80cc07245c hw/arm/boot: Factor out "set up firmware boot" code
7151744025 hw/arm/boot: Factor out "direct kernel boot" code into its own function
c12bf1852c hw/arm/boot: Fix block comment style in arm_load_kernel()
ce81361fe5 gdbstub: allow killing QEMU via vKill command
93b4d61e49 target/arm: Enable TBI for user-only
61fd950037 target/arm: Compute TB_FLAGS for TBI for user-only
0f01045999 target/arm: Clean TBI for data operations in the translator
53da7d98c9 target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
1815ecd95b tests/tcg/aarch64: Add pauth smoke test
7d72b64304 linux-user: Implement PR_PAC_RESET_KEYS
3ace79750d target/arm: Enable BTI for -cpu max
30d7f17830 target/arm: Set btype for indirect branches
073d6dfba5 target/arm: Reset btype for direct branches
db8941f759 target/arm: Default handling of BTYPE during translation
81ac570579 target/arm: Cache the GP bit for a page in MemTxAttrs
f214b66195 exec: Add target-specific tlb bits to MemTxAttrs
61280f6f09 target/arm: Add BT and BTYPE to tb->flags
eee1d0b7f2 target/arm: Add PSTATE.BTYPE
45b2d8472f target/arm: Introduce isar_feature_aa64_bti

=== OUTPUT BEGIN ===
1/22 Checking commit 45b2d8472f6a (target/arm: Introduce isar_feature_aa64_bti)
2/22 Checking commit eee1d0b7f24a (target/arm: Add PSTATE.BTYPE)
3/22 Checking commit 61280f6f09c7 (target/arm: Add BT and BTYPE to tb->flags)
4/22 Checking commit f214b66195e4 (exec: Add target-specific tlb bits to MemTxAttrs)
ERROR: spaces prohibited around that ':' (ctx:WxW)
#31: FILE: include/exec/memattrs.h:47:
+    unsigned int target_tlb_bit0 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#32: FILE: include/exec/memattrs.h:48:
+    unsigned int target_tlb_bit1 : 1;
                                  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#33: FILE: include/exec/memattrs.h:49:
+    unsigned int target_tlb_bit2 : 1;
                                  ^

total: 3 errors, 0 warnings, 16 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/22 Checking commit 81ac57057995 (target/arm: Cache the GP bit for a page in MemTxAttrs)
6/22 Checking commit db8941f759b6 (target/arm: Default handling of BTYPE during translation)
ERROR: return is not a function, parentheses are not required
#99: FILE: target/arm/translate-a64.c:13796:
+    return (tlb_hit(entry->addr_code, addr) &&

total: 1 errors, 0 warnings, 196 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

7/22 Checking commit 073d6dfba51c (target/arm: Reset btype for direct branches)
8/22 Checking commit 30d7f17830ae (target/arm: Set btype for indirect branches)
9/22 Checking commit 3ace79750d7a (target/arm: Enable BTI for -cpu max)
10/22 Checking commit 7d72b6430427 (linux-user: Implement PR_PAC_RESET_KEYS)
11/22 Checking commit 1815ecd95bfc (tests/tcg/aarch64: Add pauth smoke test)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#34: 
new file mode 100644

total: 0 errors, 1 warnings, 38 lines checked

Patch 11/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/22 Checking commit 53da7d98c9f3 (target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore)
13/22 Checking commit 0f01045999c8 (target/arm: Clean TBI for data operations in the translator)
WARNING: Block comments use a leading /* on a separate line
#514: FILE: target/arm/translate-a64.c:3256:
+    do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,

total: 0 errors, 1 warnings, 574 lines checked

Patch 13/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/22 Checking commit 61fd950037dc (target/arm: Compute TB_FLAGS for TBI for user-only)
15/22 Checking commit 93b4d61e491f (target/arm: Enable TBI for user-only)
16/22 Checking commit ce81361fe5a6 (gdbstub: allow killing QEMU via vKill command)
17/22 Checking commit c12bf1852c42 (hw/arm/boot: Fix block comment style in arm_load_kernel())
18/22 Checking commit 7151744025df (hw/arm/boot: Factor out "direct kernel boot" code into its own function)
19/22 Checking commit 80cc07245c6e (hw/arm/boot: Factor out "set up firmware boot" code)
20/22 Checking commit 7688aee28231 (hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set env->boot_info)
21/22 Checking commit a61dad42374b (hw/arm/boot: Support DTB autoload for firmware-only boots)
22/22 Checking commit 66423fc5237a (target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190205170510.21984-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:05, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm stuff, mostly patches from RTH.
>
> thanks
> -- PMM
>
> The following changes since commit 01a9a51ffaf4699827ea6425cb2b834a356e159d:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190205-pull-request' into staging (2019-02-05 14:01:29 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190205
>
> for you to fetch changes up to a15945d98d3a3390c3da344d1b47218e91e49d8b:
>
>   target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI (2019-02-05 16:52:42 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Implement Armv8.5-BTI extension for system emulation mode
>  * Implement the PR_PAC_RESET_KEYS prctl() for linux-user mode's Armv8.3-PAuth support
>  * Support TBI (top-byte-ignore) properly for linux-user mode
>  * gdbstub: allow killing QEMU via vKill command
>  * hw/arm/boot: Support DTB autoload for firmware-only boots
>  * target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

target-arm queue for softfreeze:
This has all the big stuff I want to get in for softfreeze;
there may be one or two smaller patches I pick up later in
the week.

thanks
-- PMM

The following changes since commit 0984a157c1c053394adbf64ed7de97f1aebe6a2d:

  Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2019-03-05 09:33:20 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190305

for you to fetch changes up to 566528f823d1a2e9eb2d7b2ed839547cb31bfc34:

  hw/arm/stellaris: Implement watchdog timer (2019-03-05 15:55:09 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix PC test for LDM (exception return)
 * Implement ARMv8.0-SB
 * Implement ARMv8.0-PredInv
 * Implement ARMv8.4-CondM
 * Implement ARMv8.5-CondM
 * Implement ARMv8.5-FRINT
 * hw/arm/stellaris: Implement watchdog timer
 * virt: support more than 255GB of RAM

----------------------------------------------------------------
Eric Auger (9):
      hw/arm/virt: Rename highmem IO regions
      hw/arm/virt: Split the memory map description
      hw/boards: Add a MachineState parameter to kvm_type callback
      kvm: add kvm_arm_get_max_vm_ipa_size
      vl: Set machine ram_size, maxram_size and ram_slots earlier
      hw/arm/virt: Dynamic memory map depending on RAM requirements
      hw/arm/virt: Implement kvm_type function for 4.0 machine
      hw/arm/virt: Check the VCPU PA range in TCG mode
      hw/arm/virt: Bump the 255GB initial RAM limit

Michel Heily (1):
      hw/arm/stellaris: Implement watchdog timer

Richard Henderson (11):
      target/arm: Fix PC test for LDM (exception return)
      target/arm: Split out arm_sctlr
      target/arm: Implement ARMv8.0-SB
      target/arm: Implement ARMv8.0-PredInv
      target/arm: Split helper_msr_i_pstate into 3
      target/arm: Add set/clear_pstate_bits, share gen_ss_advance
      target/arm: Rearrange disas_data_proc_reg
      target/arm: Implement ARMv8.4-CondM
      target/arm: Implement ARMv8.5-CondM
      target/arm: Restructure handle_fp_1src_{single, double}
      target/arm: Implement ARMv8.5-FRINT

Shameer Kolothum (1):
      hw/arm/boot: introduce fdt_add_memory_node helper

 include/hw/arm/virt.h                    |  16 +-
 include/hw/boards.h                      |   5 +-
 include/hw/watchdog/cmsdk-apb-watchdog.h |   8 +
 target/arm/cpu.h                         |  64 ++++-
 target/arm/helper-a64.h                  |   3 +
 target/arm/helper.h                      |   8 +-
 target/arm/internals.h                   |  15 +
 target/arm/kvm_arm.h                     |  13 +
 target/arm/translate.h                   |  34 +++
 accel/kvm/kvm-all.c                      |   2 +-
 hw/arm/boot.c                            |  54 ++--
 hw/arm/stellaris.c                       |  22 +-
 hw/arm/virt-acpi-build.c                 |  10 +-
 hw/arm/virt.c                            | 196 ++++++++++---
 hw/ppc/mac_newworld.c                    |   3 +-
 hw/ppc/mac_oldworld.c                    |   2 +-
 hw/ppc/spapr.c                           |   2 +-
 hw/watchdog/cmsdk-apb-watchdog.c         |  74 ++++-
 linux-user/elfload.c                     |   2 +
 target/arm/cpu.c                         |   2 +
 target/arm/cpu64.c                       |   6 +
 target/arm/helper-a64.c                  |  30 ++
 target/arm/helper.c                      |  63 +++-
 target/arm/kvm.c                         |  10 +
 target/arm/op_helper.c                   |  47 ---
 target/arm/translate-a64.c               | 478 +++++++++++++++++++++++--------
 target/arm/translate.c                   |  35 ++-
 target/arm/vfp_helper.c                  |  96 +++++++
 vl.c                                     |   6 +-
 29 files changed, 1032 insertions(+), 274 deletions(-)

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On Tue, 5 Mar 2019 at 16:50, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> target-arm queue for softfreeze:
> This has all the big stuff I want to get in for softfreeze;
> there may be one or two smaller patches I pick up later in
> the week.
>
> thanks
> -- PMM
>
> The following changes since commit 0984a157c1c053394adbf64ed7de97f1aebe6a2d:
>
>   Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2019-03-05 09:33:20 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190305
>
> for you to fetch changes up to 566528f823d1a2e9eb2d7b2ed839547cb31bfc34:
>
>   hw/arm/stellaris: Implement watchdog timer (2019-03-05 15:55:09 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Fix PC test for LDM (exception return)
>  * Implement ARMv8.0-SB
>  * Implement ARMv8.0-PredInv
>  * Implement ARMv8.4-CondM
>  * Implement ARMv8.5-CondM
>  * Implement ARMv8.5-FRINT
>  * hw/arm/stellaris: Implement watchdog timer
>  * virt: support more than 255GB of RAM
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM