[Qemu-devel] [PULL 0/4] target-arm queue

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

Hi; this is a pullreq for the current target-arm queue. Some
minor tweaks and the patch which handles get/put_user() failure
in the semihosting code. Please pull.

thanks
-- PMM

The following changes since commit a8170e5e97ad17ca169c64ba87ae2f53850dab4c:

  Rename target_phys_addr_t to hwaddr (2012-10-23 08:58:25 -0500)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream

for you to fetch changes up to 8b279a60dc3ca53923701dfec6e54bea9d13cfb7:

  target-arm: Remove out of date FIXME regarding saturating arithmetic (2012-10-24 13:33:29 +0100)

----------------------------------------------------------------
Peter Maydell (4):
      arm-semi.c: Handle get/put_user() failure accessing arguments
      target-arm: Use TCG operation for Neon 64 bit negation
      target-arm: Implement abs_i32 inline rather than as a helper
      target-arm: Remove out of date FIXME regarding saturating arithmetic

 target-arm/arm-semi.c    |  167 +++++++++++++++++++++++++++++-----------------
 target-arm/helper.c      |    5 --
 target-arm/helper.h      |    2 -
 target-arm/neon_helper.c |    6 --
 target-arm/op_helper.c   |    2 -
 target-arm/translate.c   |   15 ++++-
 6 files changed, 118 insertions(+), 79 deletions(-)

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Blue Swirl]

On Wed, Oct 24, 2012 at 1:02 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Hi; this is a pullreq for the current target-arm queue. Some
> minor tweaks and the patch which handles get/put_user() failure
> in the semihosting code. Please pull.

Thanks, pulled.

>
> thanks
> -- PMM
>
> The following changes since commit a8170e5e97ad17ca169c64ba87ae2f53850dab4c:
>
>   Rename target_phys_addr_t to hwaddr (2012-10-23 08:58:25 -0500)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream
>
> for you to fetch changes up to 8b279a60dc3ca53923701dfec6e54bea9d13cfb7:
>
>   target-arm: Remove out of date FIXME regarding saturating arithmetic (2012-10-24 13:33:29 +0100)
>
> ----------------------------------------------------------------
> Peter Maydell (4):
>       arm-semi.c: Handle get/put_user() failure accessing arguments
>       target-arm: Use TCG operation for Neon 64 bit negation
>       target-arm: Implement abs_i32 inline rather than as a helper
>       target-arm: Remove out of date FIXME regarding saturating arithmetic
>
>  target-arm/arm-semi.c    |  167 +++++++++++++++++++++++++++++-----------------
>  target-arm/helper.c      |    5 --
>  target-arm/helper.h      |    2 -
>  target-arm/neon_helper.c |    6 --
>  target-arm/op_helper.c   |    2 -
>  target-arm/translate.c   |   15 ++++-
>  6 files changed, 118 insertions(+), 79 deletions(-)

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

target-arm pullreq, containing a fix for a dumb SRS bug I
introduced, and the update to migration to use vmstate
(both of which have been on the list since before freeze).
Please pull.

thanks
-- PMM

The following changes since commit 09dada400328d75daf79e3eca1e48e024fec148d:

  configure: remove duplicate test (2013-04-18 14:12:31 +0200)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.next

for you to fetch changes up to e91f229a253f489f6d12b946ad7bdcdc158c5b67:

  target-arm: Correctly restore FPSCR (2013-04-19 12:24:19 +0100)

----------------------------------------------------------------
Juan Quintela (1):
      target-arm: port ARM CPU save/load to use VMState

Peter Chubb (1):
      target-arm: Reinsert missing return statement in ARM mode SRS decode

Peter Maydell (2):
      target-arm: Add some missing CPU state fields to VMState
      target-arm: Correctly restore FPSCR

 target-arm/cpu-qom.h   |    4 +
 target-arm/cpu.c       |    1 +
 target-arm/cpu.h       |    2 -
 target-arm/machine.c   |  430 ++++++++++++++++++++++++------------------------
 target-arm/translate.c |    1 +
 5 files changed, 222 insertions(+), 216 deletions(-)

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Blue Swirl]

Thanks, pulled.

On Fri, Apr 19, 2013 at 3:06 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> target-arm pullreq, containing a fix for a dumb SRS bug I
> introduced, and the update to migration to use vmstate
> (both of which have been on the list since before freeze).
> Please pull.
>
> thanks
> -- PMM
>
> The following changes since commit 09dada400328d75daf79e3eca1e48e024fec148d:
>
>   configure: remove duplicate test (2013-04-18 14:12:31 +0200)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.next
>
> for you to fetch changes up to e91f229a253f489f6d12b946ad7bdcdc158c5b67:
>
>   target-arm: Correctly restore FPSCR (2013-04-19 12:24:19 +0100)
>
> ----------------------------------------------------------------
> Juan Quintela (1):
>       target-arm: port ARM CPU save/load to use VMState
>
> Peter Chubb (1):
>       target-arm: Reinsert missing return statement in ARM mode SRS decode
>
> Peter Maydell (2):
>       target-arm: Add some missing CPU state fields to VMState
>       target-arm: Correctly restore FPSCR
>
>  target-arm/cpu-qom.h   |    4 +
>  target-arm/cpu.c       |    1 +
>  target-arm/cpu.h       |    2 -
>  target-arm/machine.c   |  430 ++++++++++++++++++++++++------------------------
>  target-arm/translate.c |    1 +
>  5 files changed, 222 insertions(+), 216 deletions(-)

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

A handful of minor ARM bugfixes...

thanks
-- PMM

The following changes since commit 229c0372cf3ca201c41d2bb121627e6752e776ad:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2015-11-24 10:27:19 +0000)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151124

for you to fetch changes up to e14f0eb12f920fd96b9f79d15cedd437648e8667:

  target-arm/translate-a64.c: Correct unallocated checks for ldst_excl (2015-11-24 14:12:15 +0000)

----------------------------------------------------------------
target-arm queue:
 * fix minimum RAM check warning on xlnx-ep108
 * remove unused define from aarch64-linux-user.mak config
 * don't mask out bits [47:40] in ARMv8 LPAE descriptors
 * correct unallocated instruction checks for ldst_excl

----------------------------------------------------------------
Alistair Francis (1):
      xlnx-ep108: Fix minimum RAM check

Peter Maydell (3):
      default-configs/aarch64-linux-user.mak: Remove unused define
      target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8
      target-arm/translate-a64.c: Correct unallocated checks for ldst_excl

 default-configs/aarch64-linux-user.mak |  2 --
 hw/arm/xlnx-ep108.c                    |  2 +-
 target-arm/helper.c                    | 12 +++++++++++-
 target-arm/translate-a64.c             | 15 ++-------------
 4 files changed, 14 insertions(+), 17 deletions(-)

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

On 24 November 2015 at 14:18, Peter Maydell <peter.maydell@linaro.org> wrote:
> A handful of minor ARM bugfixes...
>
> thanks
> -- PMM
>
> The following changes since commit 229c0372cf3ca201c41d2bb121627e6752e776ad:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2015-11-24 10:27:19 +0000)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151124
>
> for you to fetch changes up to e14f0eb12f920fd96b9f79d15cedd437648e8667:
>
>   target-arm/translate-a64.c: Correct unallocated checks for ldst_excl (2015-11-24 14:12:15 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fix minimum RAM check warning on xlnx-ep108
>  * remove unused define from aarch64-linux-user.mak config
>  * don't mask out bits [47:40] in ARMv8 LPAE descriptors
>  * correct unallocated instruction checks for ldst_excl
>
> ----------------------------------------------------------------
> Alistair Francis (1):
>       xlnx-ep108: Fix minimum RAM check
>
> Peter Maydell (3):
>       default-configs/aarch64-linux-user.mak: Remove unused define
>       target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8
>       target-arm/translate-a64.c: Correct unallocated checks for ldst_excl

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

Hi; here's the last target-arm pull request before I
go off on holiday -- four fairly minor bug fixes.
Hopefully it merges without problems, because I won't
be around tomorrow to do a respin :-)

thanks
-- PMM

The following changes since commit 9226682a401f34b10fd79dfe17ba334da0800747:

  Merge remote-tracking branch 'sstabellini/tags/xen-20161102-tag' into staging (2016-11-04 09:26:24 +0000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161107

for you to fetch changes up to 9706e0162d2405218fd7376ffdf13baed8569a4b:

  hw/i2c/bitbang_i2c: Handle NACKs from devices (2016-11-07 10:01:15 +0000)

----------------------------------------------------------------
target-arm queue:
 * bitbang_i2c: Handle NACKs from devices
 * Fix corruption of CPSR when SCTLR.EE is set
 * nvic: set pending status for not active interrupts
 * char: cadence: check baud rate generator and divider values

----------------------------------------------------------------
Julian Brown (1):
      Fix corruption of CPSR when SCTLR.EE is set

Marcin Krzeminski (1):
      nvic: set pending status for not active interrupts

Peter Maydell (1):
      hw/i2c/bitbang_i2c: Handle NACKs from devices

Prasad J Pandit (1):
      char: cadence: check baud rate generator and divider values

 hw/char/cadence_uart.c | 15 +++++++++++++++
 hw/i2c/bitbang_i2c.c   | 19 +++++++++++++++----
 hw/intc/arm_gic.c      | 22 ++++++++++++++++++++--
 target-arm/helper.c    |  2 +-
 4 files changed, 51 insertions(+), 7 deletions(-)

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1865 bytes --]

On Mon, Nov 07, 2016 at 10:47:29AM +0000, Peter Maydell wrote:
> Hi; here's the last target-arm pull request before I
> go off on holiday -- four fairly minor bug fixes.
> Hopefully it merges without problems, because I won't
> be around tomorrow to do a respin :-)
> 
> thanks
> -- PMM
> 
> The following changes since commit 9226682a401f34b10fd79dfe17ba334da0800747:
> 
>   Merge remote-tracking branch 'sstabellini/tags/xen-20161102-tag' into staging (2016-11-04 09:26:24 +0000)
> 
> are available in the git repository at:
> 
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20161107
> 
> for you to fetch changes up to 9706e0162d2405218fd7376ffdf13baed8569a4b:
> 
>   hw/i2c/bitbang_i2c: Handle NACKs from devices (2016-11-07 10:01:15 +0000)
> 
> ----------------------------------------------------------------
> target-arm queue:
>  * bitbang_i2c: Handle NACKs from devices
>  * Fix corruption of CPSR when SCTLR.EE is set
>  * nvic: set pending status for not active interrupts
>  * char: cadence: check baud rate generator and divider values
> 
> ----------------------------------------------------------------
> Julian Brown (1):
>       Fix corruption of CPSR when SCTLR.EE is set
> 
> Marcin Krzeminski (1):
>       nvic: set pending status for not active interrupts
> 
> Peter Maydell (1):
>       hw/i2c/bitbang_i2c: Handle NACKs from devices
> 
> Prasad J Pandit (1):
>       char: cadence: check baud rate generator and divider values
> 
>  hw/char/cadence_uart.c | 15 +++++++++++++++
>  hw/i2c/bitbang_i2c.c   | 19 +++++++++++++++----
>  hw/intc/arm_gic.c      | 22 ++++++++++++++++++++--
>  target-arm/helper.c    |  2 +-
>  4 files changed, 51 insertions(+), 7 deletions(-)

Thanks, applied to my staging tree:
https://github.com/stefanha/qemu/commits/staging

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

A surprisingly short target-arm queue, but no point in holding
onto these waiting for more code to arrive :-)

thanks
-- PMM

The following changes since commit 3d0bf8dfdfebd7f2ae41b6f220444b8047d6b1ee:

  Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20170710a' into staging (2017-07-10 18:13:03 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170711

for you to fetch changes up to 792dac309c8660306557ba058b8b5a6a75ab3c1f:

  target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode (2017-07-11 11:21:26 +0100)

----------------------------------------------------------------
target-arm queue:
 * v7M: ignore writes to CONTROL.SPSEL from Thread mode
 * KVM: Enable in-kernel timers with user space gic
 * aspeed: Register all watchdogs
 * hw/misc: Add Exynos4210 Pseudo Random Number Generator

----------------------------------------------------------------
Alexander Graf (1):
      ARM: KVM: Enable in-kernel timers with user space gic

Joel Stanley (1):
      aspeed: Register all watchdogs

Krzysztof Kozlowski (1):
      hw/misc: Add Exynos4210 Pseudo Random Number Generator

Peter Maydell (1):
      target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode

 hw/misc/Makefile.objs       |   2 +-
 include/hw/arm/aspeed_soc.h |   4 +-
 include/sysemu/kvm.h        |  11 ++
 target/arm/cpu.h            |   3 +
 accel/kvm/kvm-all.c         |   5 +
 accel/stubs/kvm-stub.c      |   5 +
 hw/arm/aspeed_soc.c         |  25 ++--
 hw/arm/exynos4210.c         |   4 +
 hw/intc/arm_gic.c           |   7 ++
 hw/misc/exynos4210_rng.c    | 277 ++++++++++++++++++++++++++++++++++++++++++++
 target/arm/helper.c         |  13 ++-
 target/arm/kvm.c            |  51 ++++++++
 12 files changed, 394 insertions(+), 13 deletions(-)
 create mode 100644 hw/misc/exynos4210_rng.c

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

On 11 July 2017 at 11:29, Peter Maydell <peter.maydell@linaro.org> wrote:
> A surprisingly short target-arm queue, but no point in holding
> onto these waiting for more code to arrive :-)
>
> thanks
> -- PMM
>
> The following changes since commit 3d0bf8dfdfebd7f2ae41b6f220444b8047d6b1ee:
>
>   Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20170710a' into staging (2017-07-10 18:13:03 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170711
>
> for you to fetch changes up to 792dac309c8660306557ba058b8b5a6a75ab3c1f:
>
>   target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode (2017-07-11 11:21:26 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * v7M: ignore writes to CONTROL.SPSEL from Thread mode
>  * KVM: Enable in-kernel timers with user space gic
>  * aspeed: Register all watchdogs
>  * hw/misc: Add Exynos4210 Pseudo Random Number Generator
>

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

ARM queue, mostly bug fixes to go into rc0.
The integratorcp and fsl_imx* changes are migration
compat breakers but that's ok for these boards.

thanks
-- PMM


The following changes since commit ce1d20aac8533357650774c2c240e30de87dc122:

  Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-07-24' into staging (2017-07-24 16:20:47 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170724

for you to fetch changes up to b2d1b0507d1b80f23da12dd8aab56944fe380a09:

  integratorcp: Don't migrate flash using vmstate_register_ram_global() (2017-07-24 17:59:28 +0100)

----------------------------------------------------------------
target-arm queue:
 * fix a TCG temporary leak in aarch64 rev16
 * fsl_imx*: migrate the ROM contents
 * integratorcp: don't use vmstate_register_ram_global for flash
 * mps2: Correctly set parent bus for SCC device

----------------------------------------------------------------
Emilio G. Cota (1):
      target/arm: fix TCG temp leak in aarch64 rev16

Peter Maydell (3):
      fsl_imx*: Migrate ROM contents
      mps2: Correctly set parent bus for SCC device
      integratorcp: Don't migrate flash using vmstate_register_ram_global()

 hw/arm/fsl-imx25.c         | 4 ++--
 hw/arm/fsl-imx31.c         | 4 ++--
 hw/arm/fsl-imx6.c          | 4 ++--
 hw/arm/integratorcp.c      | 3 +--
 hw/arm/mps2.c              | 2 +-
 target/arm/translate-a64.c | 1 +
 6 files changed, 9 insertions(+), 9 deletions(-)

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

On 24 July 2017 at 18:06, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM queue, mostly bug fixes to go into rc0.
> The integratorcp and fsl_imx* changes are migration
> compat breakers but that's ok for these boards.
>
> thanks
> -- PMM
>
>
> The following changes since commit ce1d20aac8533357650774c2c240e30de87dc122:
>
>   Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-07-24' into staging (2017-07-24 16:20:47 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170724
>
> for you to fetch changes up to b2d1b0507d1b80f23da12dd8aab56944fe380a09:
>
>   integratorcp: Don't migrate flash using vmstate_register_ram_global() (2017-07-24 17:59:28 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * fix a TCG temporary leak in aarch64 rev16
>  * fsl_imx*: migrate the ROM contents
>  * integratorcp: don't use vmstate_register_ram_global for flash
>  * mps2: Correctly set parent bus for SCC device
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

A last handful of patches before the rc0. These are all bugfixes
so they could equally well go into rc1, but since my pullreq
queue is otherwise empty I might as well push them out. The
FPSCR bugfix is definitely one I'd like in rc0; the rest are
not really user-visible I think.

thanks
-- PMM

The following changes since commit c4107e8208d0222f9b328691b519aaee4101db87:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2019-07-08 10:26:18 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190708

for you to fetch changes up to 85795187f416326f87177cabc39fae1911f04c50:

  target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR (2019-07-08 14:11:31 +0100)

----------------------------------------------------------------
target-arm queue:
 * tests/migration-test: Fix read off end of aarch64_kernel array
 * Fix sve_zcr_len_for_el off-by-one error
 * hw/arm/sbsa-ref: Silence Coverity nit
 * vfp_helper: Call set_fpscr_to_host before updating to FPSCR

----------------------------------------------------------------
Peter Maydell (2):
      tests/migration-test: Fix read off end of aarch64_kernel array
      hw/arm/sbsa-ref: Remove unnecessary check for secure_sysmem == NULL

Philippe Mathieu-Daudé (1):
      target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR

Richard Henderson (1):
      target/arm: Fix sve_zcr_len_for_el

 hw/arm/sbsa-ref.c       |  8 ++------
 target/arm/helper.c     |  4 ++--
 target/arm/vfp_helper.c |  4 ++--
 tests/migration-test.c  | 22 +++++++---------------
 4 files changed, 13 insertions(+), 25 deletions(-)

[Qemu-devel] [PULL 1/4] target/arm: Fix sve_zcr_len_for_el

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Off by one error in the EL2 and EL3 tests.  Remove the test
against EL3 entirely, since it must always be true.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190702104732.31154-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2df7152a9cd..20f8728be11 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5283,10 +5283,10 @@ uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
     if (el <= 1) {
         zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
     }
-    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+    if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
         zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
     }
-    if (el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
+    if (arm_feature(env, ARM_FEATURE_EL3)) {
         zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
     }
     return zcr_len;
-- 
2.20.1

[Qemu-devel] [PULL 2/4] tests/migration-test: Fix read off end of aarch64_kernel array

[Peter Maydell]

The test aarch64 kernel is in an array defined with
 unsigned char aarch64_kernel[] = { [...] }

which means it could be any size; currently it's quite small.
However we write it to a file using init_bootfile(), which
writes exactly 512 bytes to the file. This will break if
we ever end up with a kernel larger than that, and will
read garbage off the end of the array in the current setup
where the kernel is smaller.

Make init_bootfile() take an argument giving the length of
the data to write. This allows us to use it for all architectures
(previously s390 had a special-purpose init_bootfile_s390x
which hardcoded the file to write so it could write the
correct length). We assert that the x86 bootfile really is
exactly 512 bytes as it should be (and as we were previously
just assuming it was).

This was detected by the clang-7 asan:
==15607==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55a796f51d20 at pc 0x55a796b89c2f bp 0x7ffc58e89160 sp 0x7ffc58e88908
READ of size 512 at 0x55a796f51d20 thread T0
    #0 0x55a796b89c2e in fwrite (/home/petmay01/linaro/qemu-from-laptop/qemu/build/sanitizers/tests/migration-test+0xb0c2e)
    #1 0x55a796c46492 in init_bootfile /home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:99:5
    #2 0x55a796c46492 in test_migrate_start /home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:593
    #3 0x55a796c44101 in test_baddest /home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:854:9
    #4 0x7f906ffd3cc9  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72cc9)
    #5 0x7f906ffd3bfa  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72bfa)
    #6 0x7f906ffd3bfa  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72bfa)
    #7 0x7f906ffd3ea1 in g_test_run_suite (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72ea1)
    #8 0x7f906ffd3ec0 in g_test_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72ec0)
    #9 0x55a796c43707 in main /home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:1187:11
    #10 0x7f906e9abb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #11 0x55a796b6c2d9 in _start (/home/petmay01/linaro/qemu-from-laptop/qemu/build/sanitizers/tests/migration-test+0x932d9)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190702150311.20467-1-peter.maydell@linaro.org
---
 tests/migration-test.c | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/tests/migration-test.c b/tests/migration-test.c
index 0cd014dbe51..b6434628e1c 100644
--- a/tests/migration-test.c
+++ b/tests/migration-test.c
@@ -91,23 +91,13 @@ static const char *tmpfs;
  */
 #include "tests/migration/i386/a-b-bootblock.h"
 #include "tests/migration/aarch64/a-b-kernel.h"
-
-static void init_bootfile(const char *bootpath, void *content)
-{
-    FILE *bootfile = fopen(bootpath, "wb");
-
-    g_assert_cmpint(fwrite(content, 512, 1, bootfile), ==, 1);
-    fclose(bootfile);
-}
-
 #include "tests/migration/s390x/a-b-bios.h"
 
-static void init_bootfile_s390x(const char *bootpath)
+static void init_bootfile(const char *bootpath, void *content, size_t len)
 {
     FILE *bootfile = fopen(bootpath, "wb");
-    size_t len = sizeof(s390x_elf);
 
-    g_assert_cmpint(fwrite(s390x_elf, len, 1, bootfile), ==, 1);
+    g_assert_cmpint(fwrite(content, len, 1, bootfile), ==, 1);
     fclose(bootfile);
 }
 
@@ -537,7 +527,9 @@ static int test_migrate_start(QTestState **from, QTestState **to,
     got_stop = false;
     bootpath = g_strdup_printf("%s/bootsect", tmpfs);
     if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
-        init_bootfile(bootpath, x86_bootsect);
+        /* the assembled x86 boot sector should be exactly one sector large */
+        assert(sizeof(x86_bootsect) == 512);
+        init_bootfile(bootpath, x86_bootsect, sizeof(x86_bootsect));
         extra_opts = use_shmem ? get_shmem_opts("150M", shmem_path) : NULL;
         cmd_src = g_strdup_printf("-machine accel=%s -m 150M"
                                   " -name source,debug-threads=on"
@@ -555,7 +547,7 @@ static int test_migrate_start(QTestState **from, QTestState **to,
         start_address = X86_TEST_MEM_START;
         end_address = X86_TEST_MEM_END;
     } else if (g_str_equal(arch, "s390x")) {
-        init_bootfile_s390x(bootpath);
+        init_bootfile(bootpath, s390x_elf, sizeof(s390x_elf));
         extra_opts = use_shmem ? get_shmem_opts("128M", shmem_path) : NULL;
         cmd_src = g_strdup_printf("-machine accel=%s -m 128M"
                                   " -name source,debug-threads=on"
@@ -590,7 +582,7 @@ static int test_migrate_start(QTestState **from, QTestState **to,
         start_address = PPC_TEST_MEM_START;
         end_address = PPC_TEST_MEM_END;
     } else if (strcmp(arch, "aarch64") == 0) {
-        init_bootfile(bootpath, aarch64_kernel);
+        init_bootfile(bootpath, aarch64_kernel, sizeof(aarch64_kernel));
         extra_opts = use_shmem ? get_shmem_opts("150M", shmem_path) : NULL;
         cmd_src = g_strdup_printf("-machine virt,accel=%s,gic-version=max "
                                   "-name vmsource,debug-threads=on -cpu max "
-- 
2.20.1

[Qemu-devel] [PULL 3/4] hw/arm/sbsa-ref: Remove unnecessary check for secure_sysmem == NULL

[Peter Maydell]

In the virt machine, we support TrustZone being either present or
absent, and so the code must deal with the secure_sysmem pointer
possibly being NULL. In the sbsa-ref machine, TrustZone is always
present, but some code and comments copied from virt still treat
it as possibly not being present.

This causes Coverity to complain (CID 1407287) that we check
secure_sysmem for being NULL after an unconditional dereference.
Simplify the code so that instead of initializing the variable
to NULL, unconditionally assigning it, and then testing it for NULL,
we just initialize it correctly in the variable declaration and
then assume it to be non-NULL. We also delete a comment which
only applied to the non-TrustZone config.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190704142004.7150-1-peter.maydell@linaro.org
Tested-by: Radosław Biernacki <radoslaw.biernacki@linaro.org>
Reviewed-by: Radosław Biernacki <radoslaw.biernacki@linaro.org>
---
 hw/arm/sbsa-ref.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index e8c65e31c70..9c67d5c6f9e 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -254,8 +254,6 @@ static void sbsa_flash_map(SBSAMachineState *sms,
      * sysmem is the system memory space. secure_sysmem is the secure view
      * of the system, and the first flash device should be made visible only
      * there. The second flash device is visible to both secure and nonsecure.
-     * If sysmem == secure_sysmem this means there is no separate Secure
-     * address space and both flash devices are generally visible.
      */
     hwaddr flashsize = sbsa_ref_memmap[SBSA_FLASH].size / 2;
     hwaddr flashbase = sbsa_ref_memmap[SBSA_FLASH].base;
@@ -591,7 +589,7 @@ static void sbsa_ref_init(MachineState *machine)
     SBSAMachineState *sms = SBSA_MACHINE(machine);
     MachineClass *mc = MACHINE_GET_CLASS(machine);
     MemoryRegion *sysmem = get_system_memory();
-    MemoryRegion *secure_sysmem = NULL;
+    MemoryRegion *secure_sysmem = g_new(MemoryRegion, 1);
     MemoryRegion *ram = g_new(MemoryRegion, 1);
     bool firmware_loaded;
     const CPUArchIdList *possible_cpus;
@@ -615,13 +613,11 @@ static void sbsa_ref_init(MachineState *machine)
      * containing the system memory at low priority; any secure-only
      * devices go in at higher priority and take precedence.
      */
-    secure_sysmem = g_new(MemoryRegion, 1);
     memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",
                        UINT64_MAX);
     memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);
 
-    firmware_loaded = sbsa_firmware_init(sms, sysmem,
-                                         secure_sysmem ?: sysmem);
+    firmware_loaded = sbsa_firmware_init(sms, sysmem, secure_sysmem);
 
     if (machine->kernel_filename && firmware_loaded) {
         error_report("sbsa-ref: No fw_cfg device on this machine, "
-- 
2.20.1

[Qemu-devel] [PULL 4/4] target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

In commit e9d652824b0 we extracted the vfp_set_fpscr_to_host()
function but failed at calling it in the correct place, we call
it after xregs[ARM_VFP_FPSCR] is modified.

Fix by calling this function before we update FPSCR.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190705124318.1075-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/vfp_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
index 46041e32949..9710ef1c3e5 100644
--- a/target/arm/vfp_helper.c
+++ b/target/arm/vfp_helper.c
@@ -197,6 +197,8 @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
         val &= 0xf7c0009f;
     }
 
+    vfp_set_fpscr_to_host(env, val);
+
     /*
      * We don't implement trapped exception handling, so the
      * trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
@@ -217,8 +219,6 @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
     env->vfp.qc[1] = 0;
     env->vfp.qc[2] = 0;
     env->vfp.qc[3] = 0;
-
-    vfp_set_fpscr_to_host(env, val);
 }
 
 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
-- 
2.20.1

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[Peter Maydell]

On Mon, 8 Jul 2019 at 14:22, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> A last handful of patches before the rc0. These are all bugfixes
> so they could equally well go into rc1, but since my pullreq
> queue is otherwise empty I might as well push them out. The
> FPSCR bugfix is definitely one I'd like in rc0; the rest are
> not really user-visible I think.
>
> thanks
> -- PMM
>
> The following changes since commit c4107e8208d0222f9b328691b519aaee4101db87:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2019-07-08 10:26:18 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190708
>
> for you to fetch changes up to 85795187f416326f87177cabc39fae1911f04c50:
>
>   target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR (2019-07-08 14:11:31 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * tests/migration-test: Fix read off end of aarch64_kernel array
>  * Fix sve_zcr_len_for_el off-by-one error
>  * hw/arm/sbsa-ref: Silence Coverity nit
>  * vfp_helper: Call set_fpscr_to_host before updating to FPSCR


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

Re: [Qemu-devel] [PULL 0/4] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190708132237.7911-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190708132237.7911-1-peter.maydell@linaro.org
Type: series
Subject: [Qemu-devel] [PULL 0/4] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 t [tag update]            patchew/20190708132237.7911-1-peter.maydell@linaro.org -> patchew/20190708132237.7911-1-peter.maydell@linaro.org
Switched to a new branch 'test'

=== OUTPUT BEGIN ===
checkpatch.pl: no revisions returned for revlist '1'
=== OUTPUT END ===

Test command exited with code: 255


The full log is available at
http://patchew.org/logs/20190708132237.7911-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com