[Qemu-devel] [PULL 0/8] target-arm queue

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

target-arm queue: a smallish set of patches for rc1 tomorrow.
I've included the tcg patches because RTH has no others that
would merit a pullreq.

I haven't included Thomas Huth's 17-patch set to deal with
the introspection crashes, to give that a little more time
on-list for review.

thanks
-- PMM

The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716

for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:

  accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)

----------------------------------------------------------------
target-arm queue:
 * accel/tcg: Use correct test when looking in victim TLB for code
 * bcm2835_aux: Swap RX and TX interrupt assignments
 * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
 * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
 * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
 * aspeed: Implement write-1-{set, clear} for AST2500 strapping
 * target/arm: Fix LD1W and LDFF1W (scalar plus vector)

----------------------------------------------------------------
Andrew Jeffery (1):
      aspeed: Implement write-1-{set, clear} for AST2500 strapping

Guenter Roeck (1):
      bcm2835_aux: Swap RX and TX interrupt assignments

Peter Maydell (4):
      hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
      hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
      accel/tcg: Use correct test when looking in victim TLB for code
      accel/tcg: Assert that tlb fill gave us a valid TLB entry

Richard Henderson (1):
      target/arm: Fix LD1W and LDFF1W (scalar plus vector)

Thomas Huth (1):
      hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false

 include/hw/misc/aspeed_scu.h |  2 ++
 accel/tcg/cputlb.c           |  6 +++---
 hw/arm/bcm2836.c             |  2 ++
 hw/char/bcm2835_aux.c        |  4 ++--
 hw/intc/arm_gic.c            | 22 +++++++++++++++++++---
 hw/misc/aspeed_scu.c         | 19 +++++++++++++++++--
 target/arm/sve_helper.c      |  4 ++--
 7 files changed, 47 insertions(+), 12 deletions(-)

[Qemu-devel] [PULL 1/8] target/arm: Fix LD1W and LDFF1W (scalar plus vector)

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

'I' was being double-incremented; correctly within the inner loop
and incorrectly within the outer loop.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180711103957.3040-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/sve_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index a03ca773542..54795c91945 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -4459,7 +4459,7 @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm,       \
     intptr_t i, oprsz = simd_oprsz(desc);                               \
     unsigned scale = simd_data(desc);                                   \
     uintptr_t ra = GETPC();                                             \
-    for (i = 0; i < oprsz; i++) {                                       \
+    for (i = 0; i < oprsz; ) {                                          \
         uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3));                 \
         do {                                                            \
             TYPEM m = 0;                                                \
@@ -4540,7 +4540,7 @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm,       \
     uintptr_t ra = GETPC();                                             \
     bool first = true;                                                  \
     mmap_lock();                                                        \
-    for (i = 0; i < oprsz; i++) {                                       \
+    for (i = 0; i < oprsz; ) {                                          \
         uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3));                 \
         do {                                                            \
             TYPEM m = 0;                                                \
-- 
2.17.1

[Qemu-devel] [PULL 2/8] aspeed: Implement write-1-{set, clear} for AST2500 strapping

[Peter Maydell]

From: Andrew Jeffery <andrew@aj.id.au>

The AST2500 SoC family changes the runtime behaviour of the hardware
strapping register (SCU70) to write-1-set/write-1-clear, with
write-1-clear implemented on the "read-only" SoC revision register
(SCU7C). For the the AST2400, the hardware strapping is
runtime-configured with read-modify-write semantics.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20180709143524.17480-1-andrew@aj.id.au
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/misc/aspeed_scu.h |  2 ++
 hw/misc/aspeed_scu.c         | 19 +++++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index f662c38188f..38996adc59f 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -41,6 +41,8 @@ typedef struct AspeedSCUState {
 #define AST2500_A0_SILICON_REV   0x04000303U
 #define AST2500_A1_SILICON_REV   0x04010303U
 
+#define ASPEED_IS_AST2500(si_rev)     ((((si_rev) >> 24) & 0xff) == 0x04)
+
 extern bool is_supported_silicon_rev(uint32_t silicon_rev);
 
 #define ASPEED_SCU_PROT_KEY      0x1688A8A8
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 59333b50abd..c8217740efc 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -247,11 +247,26 @@ static void aspeed_scu_write(void *opaque, hwaddr offset, uint64_t data,
         s->regs[reg] = data;
         aspeed_scu_set_apb_freq(s);
         break;
-
+    case HW_STRAP1:
+        if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
+            s->regs[HW_STRAP1] |= data;
+            return;
+        }
+        /* Jump to assignment below */
+        break;
+    case SILICON_REV:
+        if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
+            s->regs[HW_STRAP1] &= ~data;
+        } else {
+            qemu_log_mask(LOG_GUEST_ERROR,
+                          "%s: Write to read-only offset 0x%" HWADDR_PRIx "\n",
+                          __func__, offset);
+        }
+        /* Avoid assignment below, we've handled everything */
+        return;
     case FREQ_CNTR_EVAL:
     case VGA_SCRATCH1 ... VGA_SCRATCH8:
     case RNG_DATA:
-    case SILICON_REV:
     case FREE_CNTR4:
     case FREE_CNTR4_EXT:
         qemu_log_mask(LOG_GUEST_ERROR,
-- 
2.17.1

[Qemu-devel] [PULL 3/8] hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()

[Peter Maydell]

In gic_deactivate_irq() the interrupt number comes from the guest
(on a write to the GICC_DIR register), so we need to sanity check
that it isn't out of range before we use it as an array index.
Handle this in a similar manner to the check we do in
gic_complete_irq() for the GICC_EOI register.

The array overrun is not disastrous because the calling code
uses (value & 0x3ff) to extract the interrupt field, so the
only out-of-range values possible are 1020..1023, which allow
overrunning only from irq_state[] into the following
irq_target[] array which the guest can already manipulate.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index ea0323f9691..b0a69d6386e 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -543,7 +543,21 @@ static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs)
 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
 {
     int cm = 1 << cpu;
-    int group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
+    int group;
+
+    if (irq >= s->num_irq) {
+        /*
+         * This handles two cases:
+         * 1. If software writes the ID of a spurious interrupt [ie 1023]
+         * to the GICC_DIR, the GIC ignores that write.
+         * 2. If software writes the number of a non-existent interrupt
+         * this must be a subcase of "value written is not an active interrupt"
+         * and so this is UNPREDICTABLE. We choose to ignore it.
+         */
+        return;
+    }
+
+    group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
 
     if (!gic_eoi_split(s, cpu, attrs)) {
         /* This is UNPREDICTABLE; we choose to ignore it */
-- 
2.17.1

[Qemu-devel] [PULL 4/8] hw/intc/arm_gic: Fix handling of GICD_ITARGETSR

[Peter Maydell]

The GICD_ITARGETSR implementation still has some 11MPCore behaviour
that we were incorrectly using in our GICv1 and GICv2 implementations
for the case where the interrupt number is less than GIC_INTERNAL.
The desired behaviour here is:
 * for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
   CPU doing the read for irqs 29..31
 * for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
   number matching the CPU doing the read for all irqs < 32

Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
is an 11MPCore GIC.

Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
---
 hw/intc/arm_gic.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index b0a69d6386e..34dc84ae813 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -751,7 +751,9 @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
             if (irq >= s->num_irq) {
                 goto bad_reg;
             }
-            if (irq >= 29 && irq <= 31) {
+            if (irq < 29 && s->revision == REV_11MPCORE) {
+                res = 0;
+            } else if (irq < GIC_INTERNAL) {
                 res = cm;
             } else {
                 res = GIC_TARGET(irq);
@@ -1014,7 +1016,7 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
             if (irq >= s->num_irq) {
                 goto bad_reg;
             }
-            if (irq < 29) {
+            if (irq < 29 && s->revision == REV_11MPCORE) {
                 value = 0;
             } else if (irq < GIC_INTERNAL) {
                 value = ALL_CPU_MASK;
-- 
2.17.1

[Qemu-devel] [PULL 5/8] hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false

[Peter Maydell]

From: Thomas Huth <thuth@redhat.com>

These devices are currently causing some problems when a user is trying
to hot-plug or introspect them during runtime. Since these devices can
not be instantiated by the user at all (they need to be wired up in code
instead), we should mark them with user_creatable = false anyway, then we
avoid at least the crashes with the hot-plugging. The introspection problem
will be handled by a separate patch.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/bcm2836.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 6805a7d7c81..45d9e40c454 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -185,6 +185,8 @@ static void bcm283x_class_init(ObjectClass *oc, void *data)
     bc->info = data;
     dc->realize = bcm2836_realize;
     dc->props = bcm2836_props;
+    /* Reason: Must be wired up in code (see raspi_init() function) */
+    dc->user_creatable = false;
 }
 
 static const TypeInfo bcm283x_type_info = {
-- 
2.17.1

[Qemu-devel] [PULL 6/8] bcm2835_aux: Swap RX and TX interrupt assignments

[Peter Maydell]

From: Guenter Roeck <linux@roeck-us.net>

RX and TX interrupt bits were reversed, resulting in an endless sequence
of serial interupts in the emulated system and the following repeated
error message when booting Linux.

serial8250: too much work for irq61

This results in a boot failure most of the time.

Qemu command line used to reproduce the problem:

	qemu-system-aarch64 -M raspi3 -m 1024 \
	-kernel arch/arm64/boot/Image \
	--append "rdinit=/sbin/init console=ttyS1,115200"
	-initrd rootfs.cpio \
	-dtb arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb \
	-nographic -monitor null -serial null -serial stdio

This is with arm64:defconfig. The root file system was generated using
buildroot.

NB that this error likely arises from an erratum in the
BCM2835 datasheet where the TX and RX bits were swapped
in the AU_MU_IER_REG description (but correct for IIR):
 https://elinux.org/BCM2835_datasheet_errata#p12

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 1529355846-25102-1-git-send-email-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added NB about datasheet]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/bcm2835_aux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index 370dc7e2968..0364596c552 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -39,8 +39,8 @@
 #define AUX_MU_BAUD_REG 0x68
 
 /* bits in IER/IIR registers */
-#define TX_INT  0x1
-#define RX_INT  0x2
+#define RX_INT  0x1
+#define TX_INT  0x2
 
 static void bcm2835_aux_update(BCM2835AuxState *s)
 {
-- 
2.17.1

[Qemu-devel] [PULL 7/8] accel/tcg: Use correct test when looking in victim TLB for code

[Peter Maydell]

In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
---
 accel/tcg/cputlb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 20c147d6554..2d5fb15d9a3 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = cpu_mmu_index(env, true);
     if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
-        if (!VICTIM_TLB_HIT(addr_read, addr)) {
+        if (!VICTIM_TLB_HIT(addr_code, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
         }
     }
-- 
2.17.1

[Qemu-devel] [PULL 8/8] accel/tcg: Assert that tlb fill gave us a valid TLB entry

[Peter Maydell]

In commit 4b1a3e1e34ad97 we added a check for whether the TLB entry
we had following a tlb_fill had the INVALID bit set.  This could
happen in some circumstances because a stale or wrong TLB entry was
pulled out of the victim cache.  However, after commit
68fea038553039e (which prevents stale entries being in the victim
cache) and the previous commit (which ensures we don't incorrectly
hit in the victim cache)) this should never be possible.

Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
condition, and instead assert that the tlb fill procedure has given
us a valid TLB entry (or longjumped out with a guest exception).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-3-peter.maydell@linaro.org
---
 accel/tcg/cputlb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 2d5fb15d9a3..563fa30117e 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -970,10 +970,10 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
         if (!VICTIM_TLB_HIT(addr_code, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
         }
+        assert(tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr));
     }
 
-    if (unlikely((env->tlb_table[mmu_idx][index].addr_code &
-                  (TLB_RECHECK | TLB_INVALID_MASK)) == TLB_RECHECK)) {
+    if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) {
         /*
          * This is a TLB_RECHECK access, where the MMU protection
          * covers a smaller range than a target page, and we must
-- 
2.17.1

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 16 July 2018 at 17:42, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm queue: a smallish set of patches for rc1 tomorrow.
> I've included the tcg patches because RTH has no others that
> would merit a pullreq.
>
> I haven't included Thomas Huth's 17-patch set to deal with
> the introspection crashes, to give that a little more time
> on-list for review.
>
> thanks
> -- PMM
>
> The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716
>
> for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:
>
>   accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * accel/tcg: Use correct test when looking in victim TLB for code
>  * bcm2835_aux: Swap RX and TX interrupt assignments
>  * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
>  * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
>  * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
>  * aspeed: Implement write-1-{set, clear} for AST2500 strapping
>  * target/arm: Fix LD1W and LDFF1W (scalar plus vector)
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Pull request with what I hope are the last ARM fixes for 2.3...


The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150401

for you to fetch changes up to 25b9fb107bc1f6735fdb3fce537792f5db95f78d:

  target-arm: kvm64 fix save/restore of SPSR regs (2015-04-01 17:57:30 +0100)

----------------------------------------------------------------
target-arm:
 * Fix broken migration on AArch64 KVM
 * Fix minor memory leaks in virt, vexpress, highbank
 * Honour requested filename when loading highbank rom image

----------------------------------------------------------------
Alex Bennée (4):
      target-arm: kvm: save/restore mp state
      hw/intc: arm_gic_kvm.c restore config first
      target-arm: kvm64 sync FP register state
      target-arm: kvm64 fix save/restore of SPSR regs

Peter Maydell (1):
      target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)

Stefan Weil (3):
      hw/arm/highbank: Fix resource leak and wrong image loading
      hw/arm/vexpress: Fix memory leak reported by Coverity
      hw/arm/virt: Fix memory leak reported by Coverity

 hw/arm/highbank.c       |   3 +-
 hw/arm/vexpress.c       |  11 ++++-
 hw/arm/virt.c           |   9 +++-
 hw/intc/arm_gic_kvm.c   |   7 ++-
 target-arm/helper-a64.c |   2 +-
 target-arm/helper.c     |   2 +-
 target-arm/internals.h  |   5 +-
 target-arm/kvm.c        |  44 ++++++++++++++++++
 target-arm/kvm32.c      |   4 ++
 target-arm/kvm64.c      | 118 ++++++++++++++++++++++++++++++++++++++++++++++--
 target-arm/kvm_arm.h    |  17 +++++++
 11 files changed, 207 insertions(+), 15 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 1 April 2015 at 18:08, Peter Maydell <peter.maydell@linaro.org> wrote:
> Pull request with what I hope are the last ARM fixes for 2.3...
>
>
> The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150401
>
> for you to fetch changes up to 25b9fb107bc1f6735fdb3fce537792f5db95f78d:
>
>   target-arm: kvm64 fix save/restore of SPSR regs (2015-04-01 17:57:30 +0100)
>
> ----------------------------------------------------------------
> target-arm:
>  * Fix broken migration on AArch64 KVM
>  * Fix minor memory leaks in virt, vexpress, highbank
>  * Honour requested filename when loading highbank rom image
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Last target-arm pull before hardfreeze; nothing much
exciting here.

thanks
-- PMM


The following changes since commit 9328cfd2fe4a7ff86a41b2c26ea33974241d7d4e:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-06-29 18:09:51 +0100)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140630

for you to fetch changes up to ffebe8997523fd922da58a8e19ddffee6b035429:

  disas/libvixl: Fix wrong format strings (2014-06-29 22:04:28 +0100)

----------------------------------------------------------------
target-arm:
 * provide PL031 RTC in virt board
 * fix missing pxa2xx and strongarm vmstate
 * convert cadence_ttc to instance_init
 * fix libvixl format strings and README

----------------------------------------------------------------
Alistair Francis (1):
      timer: cadence_ttc: Convert to instance_init

Peter Maydell (5):
      hw/arm/virt: Provide PL031 RTC
      hw/arm/strongarm: Fix handling of GPSR/GPCR reads
      hw/arm/strongarm: Wire up missing GPIO and PPC vmstate
      hw/arm/pxa2xx_gpio: Fix handling of GPSR/GPCR reads
      hw/arm/pxa2xx_gpio: Correct and register vmstate

Richard Henderson (1):
      disas/libvixl: Update README for version base

Stefan Weil (1):
      disas/libvixl: Fix wrong format strings

 disas/libvixl/README            |  2 +-
 disas/libvixl/a64/disasm-a64.cc | 20 ++++++++++----------
 hw/arm/pxa2xx_gpio.c            | 17 ++++++++---------
 hw/arm/strongarm.c              | 18 ++++++++++--------
 hw/arm/virt.c                   | 30 ++++++++++++++++++++++++++++++
 hw/timer/cadence_ttc.c          | 15 ++++++---------
 6 files changed, 65 insertions(+), 37 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

On 30 June 2014 13:47, Peter Maydell <peter.maydell@linaro.org> wrote:
> Last target-arm pull before hardfreeze; nothing much
> exciting here.
>
> thanks
> -- PMM
>
>
> The following changes since commit 9328cfd2fe4a7ff86a41b2c26ea33974241d7d4e:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-06-29 18:09:51 +0100)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140630
>
> for you to fetch changes up to ffebe8997523fd922da58a8e19ddffee6b035429:
>
>   disas/libvixl: Fix wrong format strings (2014-06-29 22:04:28 +0100)

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

target-arm pullreq for softfreeze: bugfixes and cleanups and
the first traces of ARMv8 support in the shape of LDA/STL 
instructions. (There will be more of that in QEMU 1.7, I'm sure.)
Please pull.
 
thanks
-- PMM

The following changes since commit c3cb8e77804313e1be99b5f28a34a346736707a5:

  ioport: remove LITTLE_ENDIAN mark for portio (2013-07-12 14:37:47 -0500)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20130715-1

for you to fetch changes up to 82a3a11897308b606120f7235001e87809708f85:

  target-arm: Avoid g_hash_table_get_keys() (2013-07-15 17:13:51 +0100)

----------------------------------------------------------------
target-arm queue

----------------------------------------------------------------
Mans Rullgard (3):
      target-arm: add feature flag for ARMv8
      target-arm: implement LDA/STL instructions
      target-arm: explicitly decode SEVL instruction

Peter Crosthwaite (3):
      target-arm/helper.c: OMAP/StrongARM cp15 crn=0 cleanup
      target-arm/helper.c: Implement MIDR aliases
      target-arm/helper.c: Allow const opaques in arm CP

Peter Maydell (2):
      target-arm: avoid undefined behaviour when writing TTBCR
      target-arm: Avoid g_hash_table_get_keys()

 target-arm/cpu.c       |    7 ++-
 target-arm/cpu.h       |    1 +
 target-arm/helper.c    |   51 ++++++++++++-------
 target-arm/translate.c |  133 ++++++++++++++++++++++++++++++++++++++++++++----
 4 files changed, 161 insertions(+), 31 deletions(-)

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Hi; this is the usual target-arm pullreq, mostly just the cpregs
migration patchset that I posted a while back.

NB: I've updated my make-pullreq script to create a GPG-signed
pull request, but I'm not sure if I got it right -- feedback
welcome :-)

In particular, target-arm.for-upstream is still a branch name
as usual; the signed tag is "pull-target-arm-20130625"; I'm
not sure whether the tag should be the thing named in the
'available at' line below rather than the branch.


The following changes since commit baf8673ca802cb3ea2cdbe94813441d23bde223b:

  Merge remote-tracking branch 'stefanha/block' into staging (2013-06-24 14:33:17 -0500)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

for you to fetch changes up to bdcc150dc44ea96152f05f9e68970b63508d5ae7:

  target-arm: Make LPAE feature imply V7MP (2013-06-25 18:16:10 +0100)

----------------------------------------------------------------
target-arm queue

----------------------------------------------------------------
Peter Maydell (8):
      target-arm: Allow special cpregs to have flags set
      target-arm: Add raw_readfn and raw_writefn to ARMCPRegInfo
      target-arm: mark up cpregs for no-migrate or raw access
      target-arm: Convert TCG to using (index,value) list for cp migration
      target-arm: Initialize cpreg list from KVM when using KVM
      target-arm: Reinitialize all KVM VCPU registers on reset
      target-arm: Use tuple list to sync cp regs with KVM
      target-arm: Make LPAE feature imply V7MP

 target-arm/Makefile.objs |    1 +
 target-arm/cpu-qom.h     |   24 ++++
 target-arm/cpu.c         |    4 +-
 target-arm/cpu.h         |   89 ++++++++++++-
 target-arm/helper.c      |  327 +++++++++++++++++++++++++++++++++++++++-------
 target-arm/kvm-stub.c    |   23 ++++
 target-arm/kvm.c         |  292 +++++++++++++++++++++++++++++++----------
 target-arm/kvm_arm.h     |   33 +++++
 target-arm/machine.c     |  134 ++++++++++++-------
 9 files changed, 760 insertions(+), 167 deletions(-)
 create mode 100644 target-arm/kvm-stub.c

[Qemu-devel] [PULL 0/8] target-arm queue

[Peter Maydell]

Usual target-arm pullreq; mostly Aurelien's performance
improvement patches. The 'drop macro' patch has only been on
the list a few days but it's completely trivial so I threw it
in too. Please pull.

thanks
-- PMM

The following changes since commit a14c74928ba1fdaada515717f4d3c3fa3275d6f7:

  Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging (2012-10-04 19:56:26 -0500)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

for you to fetch changes up to 1273d9ca09e91bb290d10f704055f6abec363dd6:

  target-arm: Drop unused DECODE_CPREG_CRN macro (2012-10-05 15:04:45 +0100)

----------------------------------------------------------------
Aurelien Jarno (5):
      target-arm: use globals for CC flags
      target-arm: convert add_cc and sub_cc helpers to TCG
      target-arm: convert sar, shl and shr helpers to TCG
      target-arm: mark a few integer helpers const and pure
      target-arm: use deposit instead of hardcoded version

Peter Maydell (3):
      cpu_dump_state: move DUMP_FPU and DUMP_CCOP flags from x86-only to generic
      target-arm: Reinstate display of VFP registers in cpu_dump_state
      target-arm: Drop unused DECODE_CPREG_CRN macro

 cpu-all.h                |    3 +
 cpu-exec.c               |    2 +-
 cpus.c                   |    6 +-
 exec.c                   |   12 +-
 monitor.c                |    8 +-
 target-arm/cpu.h         |    2 -
 target-arm/helper.h      |   24 ++--
 target-arm/op_helper.c   |   44 -------
 target-arm/translate.c   |  302 ++++++++++++++++++++++++----------------------
 target-i386/cpu.c        |    2 +-
 target-i386/cpu.h        |    4 -
 target-i386/helper.c     |    4 +-
 target-i386/seg_helper.c |    4 +-
 target-i386/smm_helper.c |    4 +-
 14 files changed, 183 insertions(+), 238 deletions(-)

Re: [Qemu-devel] [PULL 0/8] target-arm queue

[Aurelien Jarno]

On Fri, Oct 05, 2012 at 03:35:18PM +0100, Peter Maydell wrote:
> Usual target-arm pullreq; mostly Aurelien's performance
> improvement patches. The 'drop macro' patch has only been on
> the list a few days but it's completely trivial so I threw it
> in too. Please pull.
> 
> thanks
> -- PMM
> 
> The following changes since commit a14c74928ba1fdaada515717f4d3c3fa3275d6f7:
> 
>   Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging (2012-10-04 19:56:26 -0500)
> 
> are available in the git repository at:
> 
> 
>   git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream
> 
> for you to fetch changes up to 1273d9ca09e91bb290d10f704055f6abec363dd6:
> 
>   target-arm: Drop unused DECODE_CPREG_CRN macro (2012-10-05 15:04:45 +0100)
> 
> ----------------------------------------------------------------
> Aurelien Jarno (5):
>       target-arm: use globals for CC flags
>       target-arm: convert add_cc and sub_cc helpers to TCG
>       target-arm: convert sar, shl and shr helpers to TCG
>       target-arm: mark a few integer helpers const and pure
>       target-arm: use deposit instead of hardcoded version
> 
> Peter Maydell (3):
>       cpu_dump_state: move DUMP_FPU and DUMP_CCOP flags from x86-only to generic
>       target-arm: Reinstate display of VFP registers in cpu_dump_state
>       target-arm: Drop unused DECODE_CPREG_CRN macro
> 
>  cpu-all.h                |    3 +
>  cpu-exec.c               |    2 +-
>  cpus.c                   |    6 +-
>  exec.c                   |   12 +-
>  monitor.c                |    8 +-
>  target-arm/cpu.h         |    2 -
>  target-arm/helper.h      |   24 ++--
>  target-arm/op_helper.c   |   44 -------
>  target-arm/translate.c   |  302 ++++++++++++++++++++++++----------------------
>  target-i386/cpu.c        |    2 +-
>  target-i386/cpu.h        |    4 -
>  target-i386/helper.c     |    4 +-
>  target-i386/seg_helper.c |    4 +-
>  target-i386/smm_helper.c |    4 +-
>  14 files changed, 183 insertions(+), 238 deletions(-)
> 

Thanks, pulled.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net