[PULL 0/9] target-arm queue

[PULL 0/9] target-arm queue

[Peter Maydell]

target-arm queue: nothing major here, but no point
sitting on them waiting for more stuff to come along.

thanks
-- PMM

The following changes since commit 1329132d28bf14b9508f7a1f04a2c63422bc3f99:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2019-09-26 16:14:03 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190927

for you to fetch changes up to e4e34855e658b78ecac50a651cc847662ff02cfd:

  hw/arm/boot: Use the IEC binary prefix definitions (2019-09-27 11:44:39 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix the CBAR register implementation for Cortex-A53,
   Cortex-A57, Cortex-A72
 * Fix direct booting of Linux kernels on emulated CPUs
   which have an AArch32 EL3 (incorrect NSACR settings
   meant they could not access the FPU)
 * semihosting cleanup: do more work at translate time
   and less work at runtime

----------------------------------------------------------------
Alex Bennée (6):
      tests/tcg: clean-up some comments after the de-tangling
      target/arm: handle M-profile semihosting at translate time
      target/arm: handle A-profile semihosting at translate time
      target/arm: remove run time semihosting checks
      target/arm: remove run-time semihosting checks for linux-user
      tests/tcg: add linux-user semihosting smoke test for ARM

Luc Michel (1):
      target/arm: fix CBAR register for AArch64 CPUs

Peter Maydell (1):
      hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots

Philippe Mathieu-Daudé (1):
      hw/arm/boot: Use the IEC binary prefix definitions

 tests/tcg/Makefile.target         |   7 ++-
 tests/tcg/aarch64/Makefile.target |   8 ++-
 tests/tcg/arm/Makefile.target     |  20 ++++---
 linux-user/arm/target_syscall.h   |   3 -
 hw/arm/boot.c                     |  12 ++--
 linux-user/arm/cpu_loop.c         |   3 -
 target/arm/helper.c               | 115 +++++++++++++-------------------------
 target/arm/m_helper.c             |  18 ++----
 target/arm/translate.c            |  30 ++++++++--
 tests/tcg/arm/semihosting.c       |  45 +++++++++++++++
 10 files changed, 146 insertions(+), 115 deletions(-)
 create mode 100644 tests/tcg/arm/semihosting.c

[PULL 1/9] target/arm: fix CBAR register for AArch64 CPUs

[Peter Maydell]

From: Luc Michel <luc.michel@greensocs.com>

For AArch64 CPUs with a CBAR register, we have two views for it:
  - in AArch64 state, the CBAR_EL1 register (S3_1_C15_C3_0), returns the
    full 64 bits CBAR value
  - in AArch32 state, the CBAR register (cp15, opc1=1, CRn=15, CRm=3, opc2=0)
    returns a 32 bits view such that:
      CBAR = CBAR_EL1[31:18] 0..0 CBAR_EL1[43:32]

This commit fixes the current implementation where:
  - CBAR_EL1 was returning the 32 bits view instead of the full 64 bits
    value,
  - CBAR was returning a truncated 32 bits version of the full 64 bits
    one, instead of the 32 bits view
  - CBAR was declared as cp15, opc1=4, CRn=15, CRm=0, opc2=0, which is
    the CBAR register found in the ARMv7 Cortex-Ax CPUs, but not in
    ARMv8 CPUs.

Signed-off-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20190912110103.1417887-1-luc.michel@greensocs.com
[PMM: Added a comment about the two different kinds of CBAR]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 507026c9154..bc1130d989d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6733,6 +6733,19 @@ void register_cp_regs_for_features(ARMCPU *cpu)
     }
 
     if (arm_feature(env, ARM_FEATURE_CBAR)) {
+        /*
+         * CBAR is IMPDEF, but common on Arm Cortex-A implementations.
+         * There are two flavours:
+         *  (1) older 32-bit only cores have a simple 32-bit CBAR
+         *  (2) 64-bit cores have a 64-bit CBAR visible to AArch64, plus a
+         *      32-bit register visible to AArch32 at a different encoding
+         *      to the "flavour 1" register and with the bits rearranged to
+         *      be able to squash a 64-bit address into the 32-bit view.
+         * We distinguish the two via the ARM_FEATURE_AARCH64 flag, but
+         * in future if we support AArch32-only configs of some of the
+         * AArch64 cores we might need to add a specific feature flag
+         * to indicate cores with "flavour 2" CBAR.
+         */
         if (arm_feature(env, ARM_FEATURE_AARCH64)) {
             /* 32 bit view is [31:18] 0...0 [43:32]. */
             uint32_t cbar32 = (extract64(cpu->reset_cbar, 18, 14) << 18)
@@ -6740,12 +6753,12 @@ void register_cp_regs_for_features(ARMCPU *cpu)
             ARMCPRegInfo cbar_reginfo[] = {
                 { .name = "CBAR",
                   .type = ARM_CP_CONST,
-                  .cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 0,
-                  .access = PL1_R, .resetvalue = cpu->reset_cbar },
+                  .cp = 15, .crn = 15, .crm = 3, .opc1 = 1, .opc2 = 0,
+                  .access = PL1_R, .resetvalue = cbar32 },
                 { .name = "CBAR_EL1", .state = ARM_CP_STATE_AA64,
                   .type = ARM_CP_CONST,
                   .opc0 = 3, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 0,
-                  .access = PL1_R, .resetvalue = cbar32 },
+                  .access = PL1_R, .resetvalue = cpu->reset_cbar },
                 REGINFO_SENTINEL
             };
             /* We don't implement a r/w 64 bit CBAR currently */
-- 
2.20.1

[PULL 2/9] tests/tcg: clean-up some comments after the de-tangling

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

These were missed in the recent de-tangling so have been updated to be
more actuate. I've also built up ARM_TESTS in a manner similar to
AARCH64_TESTS for better consistency.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190913151845.12582-2-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 tests/tcg/Makefile.target         |  7 +++++--
 tests/tcg/aarch64/Makefile.target |  3 ++-
 tests/tcg/arm/Makefile.target     | 15 ++++++++-------
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index 8808beaf74b..679eb56bd37 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -74,8 +74,11 @@ TIMEOUT=15
 endif
 
 ifdef CONFIG_USER_ONLY
-# The order we include is important. We include multiarch, base arch
-# and finally arch if it's not the same as base arch.
+# The order we include is important. We include multiarch first and
+# then the target. If there are common tests shared between
+# sub-targets (e.g. ARM & AArch64) then it is up to
+# $(TARGET_NAME)/Makefile.target to include the common parent
+# architecture in its VPATH.
 -include $(SRC_PATH)/tests/tcg/multiarch/Makefile.target
 -include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.target
 
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index e763dd9da37..9758f89f905 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -8,7 +8,7 @@ VPATH 		+= $(ARM_SRC)
 AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64
 VPATH 		+= $(AARCH64_SRC)
 
-# we don't build any other ARM test
+# Float-convert Tests
 AARCH64_TESTS=fcvt
 
 fcvt: LDFLAGS+=-lm
@@ -17,6 +17,7 @@ run-fcvt: fcvt
 	$(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")
 	$(call diff-out,$<,$(AARCH64_SRC)/fcvt.ref)
 
+# Pauth Tests
 AARCH64_TESTS += pauth-1 pauth-2
 run-pauth-%: QEMU_OPTS += -cpu max
 
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
index aa4e4e3782c..7347d3d0adb 100644
--- a/tests/tcg/arm/Makefile.target
+++ b/tests/tcg/arm/Makefile.target
@@ -8,25 +8,26 @@ ARM_SRC=$(SRC_PATH)/tests/tcg/arm
 # Set search path for all sources
 VPATH 		+= $(ARM_SRC)
 
-ARM_TESTS=hello-arm test-arm-iwmmxt
-
-TESTS += $(ARM_TESTS) fcvt
-
+# Basic Hello World
+ARM_TESTS = hello-arm
 hello-arm: CFLAGS+=-marm -ffreestanding
 hello-arm: LDFLAGS+=-nostdlib
 
+# IWMXT floating point extensions
+ARM_TESTS += test-arm-iwmmxt
 test-arm-iwmmxt: CFLAGS+=-marm -march=iwmmxt -mabi=aapcs -mfpu=fpv4-sp-d16
 test-arm-iwmmxt: test-arm-iwmmxt.S
 	$(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
 
-ifeq ($(TARGET_NAME), arm)
+# Float-convert Tests
+ARM_TESTS += fcvt
 fcvt: LDFLAGS+=-lm
 # fcvt: CFLAGS+=-march=armv8.2-a+fp16 -mfpu=neon-fp-armv8
-
 run-fcvt: fcvt
 	$(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)")
 	$(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref)
-endif
+
+TESTS += $(ARM_TESTS)
 
 # On ARM Linux only supports 4k pages
 EXTRA_RUNS+=run-test-mmap-4096
-- 
2.20.1

[PULL 3/9] target/arm: handle M-profile semihosting at translate time

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

We do this for other semihosting calls so we might as well do it for
M-profile as well.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190913151845.12582-3-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/m_helper.c  | 18 ++++++------------
 target/arm/translate.c | 11 ++++++++++-
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 884d35d2b02..27cd2f3f964 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2114,19 +2114,13 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
             break;
         }
         break;
+    case EXCP_SEMIHOST:
+        qemu_log_mask(CPU_LOG_INT,
+                      "...handling as semihosting call 0x%x\n",
+                      env->regs[0]);
+        env->regs[0] = do_arm_semihosting(env);
+        return;
     case EXCP_BKPT:
-        if (semihosting_enabled()) {
-            int nr;
-            nr = arm_lduw_code(env, env->regs[15], arm_sctlr_b(env)) & 0xff;
-            if (nr == 0xab) {
-                env->regs[15] += 2;
-                qemu_log_mask(CPU_LOG_INT,
-                              "...handling as semihosting call 0x%x\n",
-                              env->regs[0]);
-                env->regs[0] = do_arm_semihosting(env);
-                return;
-            }
-        }
         armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG, false);
         break;
     case EXCP_IRQ:
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 34bb280e3da..b5272119330 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8424,7 +8424,16 @@ static bool trans_BKPT(DisasContext *s, arg_BKPT *a)
     if (!ENABLE_ARCH_5) {
         return false;
     }
-    gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
+    if (arm_dc_feature(s, ARM_FEATURE_M) &&
+        semihosting_enabled() &&
+#ifndef CONFIG_USER_ONLY
+        !IS_USER(s) &&
+#endif
+        (a->imm == 0xab)) {
+        gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
+    } else {
+        gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
+    }
     return true;
 }
 
-- 
2.20.1

[PULL 4/9] target/arm: handle A-profile semihosting at translate time

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

As for the other semihosting calls we can resolve this at translate
time.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190913151845.12582-4-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index b5272119330..698c594e8ce 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -10222,14 +10222,25 @@ static bool trans_CBZ(DisasContext *s, arg_CBZ *a)
 }
 
 /*
- * Supervisor call
+ * Supervisor call - both T32 & A32 come here so we need to check
+ * which mode we are in when checking for semihosting.
  */
 
 static bool trans_SVC(DisasContext *s, arg_SVC *a)
 {
-    gen_set_pc_im(s, s->base.pc_next);
-    s->svc_imm = a->imm;
-    s->base.is_jmp = DISAS_SWI;
+    const uint32_t semihost_imm = s->thumb ? 0xab : 0x123456;
+
+    if (!arm_dc_feature(s, ARM_FEATURE_M) && semihosting_enabled() &&
+#ifndef CONFIG_USER_ONLY
+        !IS_USER(s) &&
+#endif
+        (a->imm == semihost_imm)) {
+        gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
+    } else {
+        gen_set_pc_im(s, s->base.pc_next);
+        s->svc_imm = a->imm;
+        s->base.is_jmp = DISAS_SWI;
+    }
     return true;
 }
 
-- 
2.20.1

[PULL 5/9] target/arm: remove run time semihosting checks

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

Now we do all our checking and use a common EXCP_SEMIHOST for
semihosting operations we can make helper code a lot simpler.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190913151845.12582-5-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 96 +++++++++++----------------------------------
 1 file changed, 22 insertions(+), 74 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index bc1130d989d..0d9a2d2ab74 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8352,88 +8352,32 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
                   new_el, env->pc, pstate_read(env));
 }
 
-static inline bool check_for_semihosting(CPUState *cs)
-{
+/*
+ * Do semihosting call and set the appropriate return value. All the
+ * permission and validity checks have been done at translate time.
+ *
+ * We only see semihosting exceptions in TCG only as they are not
+ * trapped to the hypervisor in KVM.
+ */
 #ifdef CONFIG_TCG
-    /* Check whether this exception is a semihosting call; if so
-     * then handle it and return true; otherwise return false.
-     */
+static void handle_semihosting(CPUState *cs)
+{
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
 
     if (is_a64(env)) {
-        if (cs->exception_index == EXCP_SEMIHOST) {
-            /* This is always the 64-bit semihosting exception.
-             * The "is this usermode" and "is semihosting enabled"
-             * checks have been done at translate time.
-             */
-            qemu_log_mask(CPU_LOG_INT,
-                          "...handling as semihosting call 0x%" PRIx64 "\n",
-                          env->xregs[0]);
-            env->xregs[0] = do_arm_semihosting(env);
-            return true;
-        }
-        return false;
+        qemu_log_mask(CPU_LOG_INT,
+                      "...handling as semihosting call 0x%" PRIx64 "\n",
+                      env->xregs[0]);
+        env->xregs[0] = do_arm_semihosting(env);
     } else {
-        uint32_t imm;
-
-        /* Only intercept calls from privileged modes, to provide some
-         * semblance of security.
-         */
-        if (cs->exception_index != EXCP_SEMIHOST &&
-            (!semihosting_enabled() ||
-             ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR))) {
-            return false;
-        }
-
-        switch (cs->exception_index) {
-        case EXCP_SEMIHOST:
-            /* This is always a semihosting call; the "is this usermode"
-             * and "is semihosting enabled" checks have been done at
-             * translate time.
-             */
-            break;
-        case EXCP_SWI:
-            /* Check for semihosting interrupt.  */
-            if (env->thumb) {
-                imm = arm_lduw_code(env, env->regs[15] - 2, arm_sctlr_b(env))
-                    & 0xff;
-                if (imm == 0xab) {
-                    break;
-                }
-            } else {
-                imm = arm_ldl_code(env, env->regs[15] - 4, arm_sctlr_b(env))
-                    & 0xffffff;
-                if (imm == 0x123456) {
-                    break;
-                }
-            }
-            return false;
-        case EXCP_BKPT:
-            /* See if this is a semihosting syscall.  */
-            if (env->thumb) {
-                imm = arm_lduw_code(env, env->regs[15], arm_sctlr_b(env))
-                    & 0xff;
-                if (imm == 0xab) {
-                    env->regs[15] += 2;
-                    break;
-                }
-            }
-            return false;
-        default:
-            return false;
-        }
-
         qemu_log_mask(CPU_LOG_INT,
                       "...handling as semihosting call 0x%x\n",
                       env->regs[0]);
         env->regs[0] = do_arm_semihosting(env);
-        return true;
     }
-#else
-    return false;
-#endif
 }
+#endif
 
 /* Handle a CPU exception for A and R profile CPUs.
  * Do any appropriate logging, handle PSCI calls, and then hand off
@@ -8464,13 +8408,17 @@ void arm_cpu_do_interrupt(CPUState *cs)
         return;
     }
 
-    /* Semihosting semantics depend on the register width of the
-     * code that caused the exception, not the target exception level,
-     * so must be handled here.
+    /*
+     * Semihosting semantics depend on the register width of the code
+     * that caused the exception, not the target exception level, so
+     * must be handled here.
      */
-    if (check_for_semihosting(cs)) {
+#ifdef CONFIG_TCG
+    if (cs->exception_index == EXCP_SEMIHOST) {
+        handle_semihosting(cs);
         return;
     }
+#endif
 
     /* Hooks may change global state so BQL should be held, also the
      * BQL needs to be held for any modification of
-- 
2.20.1

[PULL 6/9] target/arm: remove run-time semihosting checks for linux-user

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

Now we do all our checking at translate time we can make cpu_loop a
little bit simpler. We also introduce a simple linux-user semihosting
test case to defend the functionality. The out-of-tree softmmu based
semihosting tests are still more comprehensive.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190913151845.12582-6-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 linux-user/arm/target_syscall.h | 3 ---
 linux-user/arm/cpu_loop.c       | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/linux-user/arm/target_syscall.h b/linux-user/arm/target_syscall.h
index afc0772e194..f85cbdaf56f 100644
--- a/linux-user/arm/target_syscall.h
+++ b/linux-user/arm/target_syscall.h
@@ -18,9 +18,6 @@ struct target_pt_regs {
 #define ARM_NR_set_tls	  (ARM_NR_BASE + 5)
 #define ARM_NR_get_tls    (ARM_NR_BASE + 6)
 
-#define ARM_NR_semihosting	  0x123456
-#define ARM_NR_thumb_semihosting  0xAB
-
 #if defined(TARGET_WORDS_BIGENDIAN)
 #define UNAME_MACHINE "armv5teb"
 #else
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index 8d65de5b9f4..e28c45cd4ab 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -325,9 +325,6 @@ void cpu_loop(CPUARMState *env)
 
                 if (n == ARM_NR_cacheflush) {
                     /* nop */
-                } else if (n == ARM_NR_semihosting
-                           || n == ARM_NR_thumb_semihosting) {
-                    env->regs[0] = do_arm_semihosting (env);
                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
                     /* linux syscall */
                     if (env->thumb || n == 0) {
-- 
2.20.1

[PULL 7/9] tests/tcg: add linux-user semihosting smoke test for ARM

[Peter Maydell]

From: Alex Bennée <alex.bennee@linaro.org>

We already use semihosting for the system stuff so this is a simple
smoke test to ensure we are working OK on linux-user.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190913151845.12582-7-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 tests/tcg/aarch64/Makefile.target |  5 ++++
 tests/tcg/arm/Makefile.target     |  5 ++++
 tests/tcg/arm/semihosting.c       | 45 +++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 tests/tcg/arm/semihosting.c

diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index 9758f89f905..509f1afa93d 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -21,4 +21,9 @@ run-fcvt: fcvt
 AARCH64_TESTS += pauth-1 pauth-2
 run-pauth-%: QEMU_OPTS += -cpu max
 
+# Semihosting smoke test for linux-user
+AARCH64_TESTS += semihosting
+run-semihosting: semihosting
+	$(call run-test,$<,$(QEMU) $< 2> $<.err, "$< on $(TARGET_NAME)")
+
 TESTS += $(AARCH64_TESTS)
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
index 7347d3d0adb..3b7fc9a64be 100644
--- a/tests/tcg/arm/Makefile.target
+++ b/tests/tcg/arm/Makefile.target
@@ -27,6 +27,11 @@ run-fcvt: fcvt
 	$(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)")
 	$(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref)
 
+# Semihosting smoke test for linux-user
+ARM_TESTS += semihosting
+run-semihosting: semihosting
+	$(call run-test,$<,$(QEMU) $< 2> $<.err, "$< on $(TARGET_NAME)")
+
 TESTS += $(ARM_TESTS)
 
 # On ARM Linux only supports 4k pages
diff --git a/tests/tcg/arm/semihosting.c b/tests/tcg/arm/semihosting.c
new file mode 100644
index 00000000000..09c89cb481a
--- /dev/null
+++ b/tests/tcg/arm/semihosting.c
@@ -0,0 +1,45 @@
+/*
+ * linux-user semihosting checks
+ *
+ * Copyright (c) 2019
+ * Written by Alex Bennée <alex.bennee@linaro.org>
+ *
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <stdint.h>
+
+#define SYS_WRITE0      0x04
+#define SYS_REPORTEXC   0x18
+
+void __semi_call(uintptr_t type, uintptr_t arg0)
+{
+#if defined(__arm__)
+    register uintptr_t t asm("r0") = type;
+    register uintptr_t a0 asm("r1") = arg0;
+    asm("svc 0xab"
+        : /* no return */
+        : "r" (t), "r" (a0));
+#else
+    register uintptr_t t asm("x0") = type;
+    register uintptr_t a0 asm("x1") = arg0;
+    asm("hlt 0xf000"
+        : /* no return */
+        : "r" (t), "r" (a0));
+#endif
+}
+
+int main(int argc, char *argv[argc])
+{
+#if defined(__arm__)
+    uintptr_t exit_code = 0x20026;
+#else
+    uintptr_t exit_block[2] = {0x20026, 0};
+    uintptr_t exit_code = (uintptr_t) &exit_block;
+#endif
+
+    __semi_call(SYS_WRITE0, (uintptr_t) "Hello World");
+    __semi_call(SYS_REPORTEXC, exit_code);
+    /* if we get here we failed */
+    return -1;
+}
-- 
2.20.1

[PULL 8/9] hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots

[Peter Maydell]

If we're booting a Linux kernel directly into Non-Secure
state on a CPU which has Secure state, then make sure we
set the NSACR CP11 and CP10 bits, so that Non-Secure is allowed
to access the FPU. Otherwise an AArch32 kernel will UNDEF as
soon as it tries to use the FPU.

It used to not matter that we didn't do this until commit
fc1120a7f5f2d4b6, where we implemented actually honouring
these NSACR bits.

The problem only exists for CPUs where EL3 is AArch32; the
equivalent AArch64 trap bits are in CPTR_EL3 and are "0 to
not trap, 1 to trap", so the reset value of the register
permits NS access, unlike NSACR.

Fixes: fc1120a7f5
Fixes: https://bugs.launchpad.net/qemu/+bug/1844597
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190920174039.3916-1-peter.maydell@linaro.org
---
 hw/arm/boot.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index bf97ef3e339..25422660545 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -754,6 +754,8 @@ static void do_cpu_reset(void *opaque)
                     (cs != first_cpu || !info->secure_board_setup)) {
                     /* Linux expects non-secure state */
                     env->cp15.scr_el3 |= SCR_NS;
+                    /* Set NSACR.{CP11,CP10} so NS can access the FPU */
+                    env->cp15.nsacr |= 3 << 10;
                 }
             }
 
-- 
2.20.1

[PULL 9/9] hw/arm/boot: Use the IEC binary prefix definitions

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190923131108.21459-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/boot.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 25422660545..c264864c11d 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -575,7 +575,7 @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
         goto fail;
     }
 
-    if (scells < 2 && binfo->ram_size >= (1ULL << 32)) {
+    if (scells < 2 && binfo->ram_size >= 4 * GiB) {
         /* This is user error so deserves a friendlier error message
          * than the failure of setprop_sized_cells would provide
          */
@@ -1097,7 +1097,7 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
      * we might still make a bad choice here.
      */
     info->initrd_start = info->loader_start +
-        MIN(info->ram_size / 2, 128 * 1024 * 1024);
+        MIN(info->ram_size / 2, 128 * MiB);
     if (image_high_addr) {
         info->initrd_start = MAX(info->initrd_start, image_high_addr);
     }
@@ -1157,13 +1157,13 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
                  *
                  * Let's play safe and prealign it to 2MB to give us some space.
                  */
-                align = 2 * 1024 * 1024;
+                align = 2 * MiB;
             } else {
                 /*
                  * Some 32bit kernels will trash anything in the 4K page the
                  * initrd ends in, so make sure the DTB isn't caught up in that.
                  */
-                align = 4096;
+                align = 4 * KiB;
             }
 
             /* Place the DTB after the initrd in memory with alignment. */
@@ -1180,7 +1180,7 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
                 info->loader_start + KERNEL_ARGS_ADDR;
             fixupcontext[FIXUP_ARGPTR_HI] =
                 (info->loader_start + KERNEL_ARGS_ADDR) >> 32;
-            if (info->ram_size >= (1ULL << 32)) {
+            if (info->ram_size >= 4 * GiB) {
                 error_report("RAM size must be less than 4GB to boot"
                              " Linux kernel using ATAGS (try passing a device tree"
                              " using -dtb)");
-- 
2.20.1

Re: [PULL 0/9] target-arm queue

[Peter Maydell]

On Fri, 27 Sep 2019 at 15:42, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> target-arm queue: nothing major here, but no point
> sitting on them waiting for more stuff to come along.
>
> thanks
> -- PMM
>
> The following changes since commit 1329132d28bf14b9508f7a1f04a2c63422bc3f99:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2019-09-26 16:14:03 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190927
>
> for you to fetch changes up to e4e34855e658b78ecac50a651cc847662ff02cfd:
>
>   hw/arm/boot: Use the IEC binary prefix definitions (2019-09-27 11:44:39 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Fix the CBAR register implementation for Cortex-A53,
>    Cortex-A57, Cortex-A72
>  * Fix direct booting of Linux kernels on emulated CPUs
>    which have an AArch32 EL3 (incorrect NSACR settings
>    meant they could not access the FPU)
>  * semihosting cleanup: do more work at translate time
>    and less work at runtime


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.

-- PMM

[PULL 0/9] target-arm queue

[Peter Maydell]

Arm queue; bugfixes only.

thanks
-- PMM

The following changes since commit 48aa8f0ac536db3550a35c295ff7de94e4c33739:

  Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-11-16' into staging (2020-11-17 11:07:00 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201117

for you to fetch changes up to ab135622cf478585bdfcb68b85e4a817d74a0c42:

  tmp105: Correct handling of temperature limit checks (2020-11-17 12:56:33 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: ARM_VIRT must select ARM_GIC
 * exynos: Fix bad printf format specifiers
 * hw/input/ps2.c: Remove remnants of printf debug
 * target/openrisc: Remove dead code attempting to check "is timer disabled"
 * register: Remove unnecessary NULL check
 * util/cutils: Fix Coverity array overrun in freq_to_str()
 * configure: Make "does libgio work" test pull in some actual functions
 * tmp105: reset the T_low and T_High registers
 * tmp105: Correct handling of temperature limit checks

----------------------------------------------------------------
Alex Chen (1):
      exynos: Fix bad printf format specifiers

Alistair Francis (1):
      register: Remove unnecessary NULL check

Andrew Jones (1):
      hw/arm/virt: ARM_VIRT must select ARM_GIC

Peter Maydell (5):
      hw/input/ps2.c: Remove remnants of printf debug
      target/openrisc: Remove dead code attempting to check "is timer disabled"
      configure: Make "does libgio work" test pull in some actual functions
      hw/misc/tmp105: reset the T_low and T_High registers
      tmp105: Correct handling of temperature limit checks

Philippe Mathieu-Daudé (1):
      util/cutils: Fix Coverity array overrun in freq_to_str()

 configure                    | 11 +++++--
 hw/misc/tmp105.h             |  7 +++++
 hw/core/register.c           |  4 ---
 hw/input/ps2.c               |  9 ------
 hw/misc/tmp105.c             | 73 ++++++++++++++++++++++++++++++++++++++------
 hw/timer/exynos4210_mct.c    |  4 +--
 hw/timer/exynos4210_pwm.c    |  8 ++---
 target/openrisc/sys_helper.c |  3 --
 util/cutils.c                |  3 +-
 hw/arm/Kconfig               |  1 +
 10 files changed, 89 insertions(+), 34 deletions(-)

Re: [PULL 0/9] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20201117134834.31731-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20201117134834.31731-1-peter.maydell@linaro.org
Type: series
Subject: [PULL 0/9] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20201117134834.31731-1-peter.maydell@linaro.org -> patchew/20201117134834.31731-1-peter.maydell@linaro.org
Switched to a new branch 'test'
bebbfa8 tmp105: Correct handling of temperature limit checks
7dbe228 hw/misc/tmp105: reset the T_low and T_High registers
46d5e2f configure: Make "does libgio work" test pull in some actual functions
4f56b5c util/cutils: Fix Coverity array overrun in freq_to_str()
1ed468a register: Remove unnecessary NULL check
7121170 target/openrisc: Remove dead code attempting to check "is timer disabled"
1050683 hw/input/ps2.c: Remove remnants of printf debug
c48562a exynos: Fix bad printf format specifiers
a560a57 hw/arm/virt: ARM_VIRT must select ARM_GIC

=== OUTPUT BEGIN ===
1/9 Checking commit a560a57bb83f (hw/arm/virt: ARM_VIRT must select ARM_GIC)
2/9 Checking commit c48562a90681 (exynos: Fix bad printf format specifiers)
3/9 Checking commit 105068325cdf (hw/input/ps2.c: Remove remnants of printf debug)
4/9 Checking commit 7121170373df (target/openrisc: Remove dead code attempting to check "is timer disabled")
5/9 Checking commit 1ed468af6090 (register: Remove unnecessary NULL check)
6/9 Checking commit 4f56b5ca0f04 (util/cutils: Fix Coverity array overrun in freq_to_str())
7/9 Checking commit 46d5e2f37130 (configure: Make "does libgio work" test pull in some actual functions)
8/9 Checking commit 7dbe228baa01 (hw/misc/tmp105: reset the T_low and T_High registers)
9/9 Checking commit bebbfa874a8a (tmp105: Correct handling of temperature limit checks)
ERROR: spaces required around that '*' (ctx:VxV)
#122: FILE: hw/misc/tmp105.c:263:
+    .subsections = (const VMStateDescription*[]) {
                                             ^

total: 1 errors, 0 warnings, 108 lines checked

Patch 9/9 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20201117134834.31731-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [PULL 0/9] target-arm queue

[Peter Maydell]

On Tue, 17 Nov 2020 at 13:48, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm queue; bugfixes only.
>
> thanks
> -- PMM
>
> The following changes since commit 48aa8f0ac536db3550a35c295ff7de94e4c33739:
>
>   Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-11-16' into staging (2020-11-17 11:07:00 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201117
>
> for you to fetch changes up to ab135622cf478585bdfcb68b85e4a817d74a0c42:
>
>   tmp105: Correct handling of temperature limit checks (2020-11-17 12:56:33 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * hw/arm/virt: ARM_VIRT must select ARM_GIC
>  * exynos: Fix bad printf format specifiers
>  * hw/input/ps2.c: Remove remnants of printf debug
>  * target/openrisc: Remove dead code attempting to check "is timer disabled"
>  * register: Remove unnecessary NULL check
>  * util/cutils: Fix Coverity array overrun in freq_to_str()
>  * configure: Make "does libgio work" test pull in some actual functions
>  * tmp105: reset the T_low and T_High registers
>  * tmp105: Correct handling of temperature limit checks
>
> ----------------------------------------------------------------



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.

-- PMM

[PULL 0/9] target-arm queue

[Peter Maydell]

My OS Lock/DoubleLock patches, plus a small selection of other
bug fixes and minor things.

thanks
-- PMM

The following changes since commit 8e9398e3b1a860b8c29c670c1b6c36afe8d87849:

  Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging (2022-07-07 06:21:05 +0530)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220707

for you to fetch changes up to c2360eaa0262a816faf8032b7762d0c73df2cc62:

  target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem (2022-07-07 11:41:04 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: dt: add rng-seed property
 * Fix MTE check in sve_ldnfff1_r
 * Record tagged bit for user-only in sve_probe_page
 * Correctly implement OS Lock and OS DoubleLock
 * Implement DBGDEVID, DBGDEVID1, DBGDEVID2 registers
 * Fix qemu-system-arm handling of LPAE block descriptors for highmem

----------------------------------------------------------------
Jason A. Donenfeld (1):
      hw/arm/virt: dt: add rng-seed property

Peter Maydell (6):
      target/arm: Fix code style issues in debug helper functions
      target/arm: Move define_debug_regs() to debug_helper.c
      target/arm: Suppress debug exceptions when OS Lock set
      target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
      target/arm: Correctly implement Feat_DoubleLock
      target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem

Richard Henderson (2):
      target/arm: Fix MTE check in sve_ldnfff1_r
      target/arm: Record tagged bit for user-only in sve_probe_page

 docs/about/deprecated.rst |   8 +
 docs/system/arm/virt.rst  |  17 +-
 include/hw/arm/virt.h     |   2 +-
 target/arm/cpregs.h       |   3 +
 target/arm/cpu.h          |  27 +++
 target/arm/internals.h    |   9 +
 hw/arm/virt.c             |  44 ++--
 target/arm/cpu64.c        |   6 +
 target/arm/cpu_tcg.c      |   6 +
 target/arm/debug_helper.c | 580 ++++++++++++++++++++++++++++++++++++++++++++++
 target/arm/helper.c       | 513 +---------------------------------------
 target/arm/ptw.c          |   2 +-
 target/arm/sve_helper.c   |   5 +-
 13 files changed, 684 insertions(+), 538 deletions(-)

Re: [PULL 0/9] target-arm queue

[Richard Henderson]

On 7/7/22 17:57, Peter Maydell wrote:
> My OS Lock/DoubleLock patches, plus a small selection of other
> bug fixes and minor things.
> 
> thanks
> -- PMM
> 
> The following changes since commit 8e9398e3b1a860b8c29c670c1b6c36afe8d87849:
> 
>    Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging (2022-07-07 06:21:05 +0530)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220707
> 
> for you to fetch changes up to c2360eaa0262a816faf8032b7762d0c73df2cc62:
> 
>    target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem (2022-07-07 11:41:04 +0100)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * hw/arm/virt: dt: add rng-seed property
>   * Fix MTE check in sve_ldnfff1_r
>   * Record tagged bit for user-only in sve_probe_page
>   * Correctly implement OS Lock and OS DoubleLock
>   * Implement DBGDEVID, DBGDEVID1, DBGDEVID2 registers
>   * Fix qemu-system-arm handling of LPAE block descriptors for highmem

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.


r~


> 
> ----------------------------------------------------------------
> Jason A. Donenfeld (1):
>        hw/arm/virt: dt: add rng-seed property
> 
> Peter Maydell (6):
>        target/arm: Fix code style issues in debug helper functions
>        target/arm: Move define_debug_regs() to debug_helper.c
>        target/arm: Suppress debug exceptions when OS Lock set
>        target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
>        target/arm: Correctly implement Feat_DoubleLock
>        target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
> 
> Richard Henderson (2):
>        target/arm: Fix MTE check in sve_ldnfff1_r
>        target/arm: Record tagged bit for user-only in sve_probe_page
> 
>   docs/about/deprecated.rst |   8 +
>   docs/system/arm/virt.rst  |  17 +-
>   include/hw/arm/virt.h     |   2 +-
>   target/arm/cpregs.h       |   3 +
>   target/arm/cpu.h          |  27 +++
>   target/arm/internals.h    |   9 +
>   hw/arm/virt.c             |  44 ++--
>   target/arm/cpu64.c        |   6 +
>   target/arm/cpu_tcg.c      |   6 +
>   target/arm/debug_helper.c | 580 ++++++++++++++++++++++++++++++++++++++++++++++
>   target/arm/helper.c       | 513 +---------------------------------------
>   target/arm/ptw.c          |   2 +-
>   target/arm/sve_helper.c   |   5 +-
>   13 files changed, 684 insertions(+), 538 deletions(-)
> 

[PULL 0/9] target-arm queue

[Peter Maydell]

A last lot of bug fixes before rc0...

thanks
-- PMM

The following changes since commit 0d0275c31f00b71b49eb80bbdca2cfe244cf80fb:

  Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-26 10:31:02 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220726

for you to fetch changes up to 5865d99fe88d8c8fa437c18c6b63fb2a8165634f:

  hw/display/bcm2835_fb: Fix framebuffer allocation address (2022-07-26 14:09:44 +0100)

----------------------------------------------------------------
target-arm queue:
 * Update Coverity component definitions
 * target/arm: Add MO_128 entry to pred_esz_masks[]
 * configure: Fix portability issues
 * hw/display/bcm2835_fb: Fix framebuffer allocation address

----------------------------------------------------------------
Alan Jian (1):
      hw/display/bcm2835_fb: Fix framebuffer allocation address

Peter Maydell (8):
      scripts/coverity-scan/COMPONENTS.md: Add loongarch component
      scripts/coverity-scan/COMPONENTS.md: Update slirp component info
      target/arm: Add MO_128 entry to pred_esz_masks[]
      configure: Add missing POSIX-required space
      configure: Add braces to clarify intent of $emu[[:space:]]
      configure: Don't use bash-specific string-replacement syntax
      configure: Drop dead code attempting to use -msmall-data on alpha hosts
      configure: Avoid '==' bashism

 configure                           | 20 +++++++-------------
 target/arm/cpu.h                    |  2 +-
 hw/display/bcm2835_fb.c             |  3 +--
 target/arm/translate-sve.c          |  5 +++--
 scripts/coverity-scan/COMPONENTS.md |  7 +++++--
 5 files changed, 17 insertions(+), 20 deletions(-)

Re: [PULL 0/9] target-arm queue

[Richard Henderson]

On 7/26/22 08:20, Peter Maydell wrote:
> A last lot of bug fixes before rc0...
> 
> thanks
> -- PMM
> 
> The following changes since commit 0d0275c31f00b71b49eb80bbdca2cfe244cf80fb:
> 
>    Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-26 10:31:02 +0100)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220726
> 
> for you to fetch changes up to 5865d99fe88d8c8fa437c18c6b63fb2a8165634f:
> 
>    hw/display/bcm2835_fb: Fix framebuffer allocation address (2022-07-26 14:09:44 +0100)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * Update Coverity component definitions
>   * target/arm: Add MO_128 entry to pred_esz_masks[]
>   * configure: Fix portability issues
>   * hw/display/bcm2835_fb: Fix framebuffer allocation address

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.


r~


> 
> ----------------------------------------------------------------
> Alan Jian (1):
>        hw/display/bcm2835_fb: Fix framebuffer allocation address
> 
> Peter Maydell (8):
>        scripts/coverity-scan/COMPONENTS.md: Add loongarch component
>        scripts/coverity-scan/COMPONENTS.md: Update slirp component info
>        target/arm: Add MO_128 entry to pred_esz_masks[]
>        configure: Add missing POSIX-required space
>        configure: Add braces to clarify intent of $emu[[:space:]]
>        configure: Don't use bash-specific string-replacement syntax
>        configure: Drop dead code attempting to use -msmall-data on alpha hosts
>        configure: Avoid '==' bashism
> 
>   configure                           | 20 +++++++-------------
>   target/arm/cpu.h                    |  2 +-
>   hw/display/bcm2835_fb.c             |  3 +--
>   target/arm/translate-sve.c          |  5 +++--
>   scripts/coverity-scan/COMPONENTS.md |  7 +++++--
>   5 files changed, 17 insertions(+), 20 deletions(-)
> 

[PULL 0/9] target-arm queue

[Peter Maydell]

This one's almost all docs fixes.

thanks
-- PMM

The following changes since commit ba54a7e6b86884e43bed2d2f5a79c719059652a8:

  Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2024-11-26 14:06:40 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20241126

for you to fetch changes up to d8790ead55a2ef1e65332ebec63ae3c5db598942:

  docs/system/arm/aspeed: add missing model supermicrox11spi-bmc (2024-11-26 16:22:38 +0000)

----------------------------------------------------------------
target-arm queue:
 * target/arm/tcg/cpu32.c: swap ATCM and BTCM register names
 * docs/system/arm: Fix broken links and missing feature names

----------------------------------------------------------------
Michael Tokarev (1):
      target/arm/tcg/cpu32.c: swap ATCM and BTCM register names

Pierrick Bouvier (8):
      docs/system/arm/emulation: mention armv9
      docs/system/arm/emulation: fix typo in feature name
      docs/system/arm/emulation: add FEAT_SSBS2
      target/arm/tcg/: fix typo in FEAT name
      docs/system/arm/: add FEAT_MTE_ASYNC
      docs/system/arm/: add FEAT_DoubleLock
      docs/system/arm/fby35: update link to product page
      docs/system/arm/aspeed: add missing model supermicrox11spi-bmc

 docs/system/arm/aspeed.rst    |  7 ++++---
 docs/system/arm/emulation.rst | 11 +++++++----
 docs/system/arm/fby35.rst     |  2 +-
 target/arm/tcg/cpu32.c        |  6 +++---
 4 files changed, 15 insertions(+), 11 deletions(-)

Re: [PULL 0/9] target-arm queue

[Peter Maydell]

On Tue, 26 Nov 2024 at 17:02, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> This one's almost all docs fixes.
>
> thanks
> -- PMM
>
> The following changes since commit ba54a7e6b86884e43bed2d2f5a79c719059652a8:
>
>   Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2024-11-26 14:06:40 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20241126
>
> for you to fetch changes up to d8790ead55a2ef1e65332ebec63ae3c5db598942:
>
>   docs/system/arm/aspeed: add missing model supermicrox11spi-bmc (2024-11-26 16:22:38 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * target/arm/tcg/cpu32.c: swap ATCM and BTCM register names
>  * docs/system/arm: Fix broken links and missing feature names
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/9.2
for any user-visible changes.

-- PMM

[PULL 0/9] target-arm queue

[Peter Maydell]

Hi; small pullreq with mostly just minor bug fixes in it this week.

thanks
-- PMM

The following changes since commit d9ce74873a6a5a7c504379857461e4ae64fcf0cd:

  Merge tag 'pull-vfio-20250611' of https://github.com/legoater/qemu into staging (2025-06-11 11:39:53 -0400)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20250616

for you to fetch changes up to 5ad2b1f443a96444cf3e7a2fbe17aae696201012:

  linux-user/arm: Fix return value of SYS_cacheflush (2025-06-16 11:26:25 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: Check bypass iommu is not set for iommu-map DT property
 * tests/functional: Add a test for the realview-eb-mpcore machine
 * qemu-options.hx: Fix reversed description of icount sleep behavior
 * target/arm: Define raw write for PMU CLR registers
 * docs/interop: convert qed_spec.txt to reStructuredText format
 * hw/arm: make cpu targeted by arm_load_kernel the primary CPU.
 * hw/intc/arm_gic: introduce a first-cpu-index property
 * hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions
 * linux-user/arm: Fix return value of SYS_cacheflush

----------------------------------------------------------------
Akihiko Odaki (1):
      target/arm: Define raw write for PMU CLR registers

Clément Chigot (1):
      hw/arm: make cpu targeted by arm_load_kernel the primary CPU.

Ethan Chen (1):
      qemu-options.hx: Fix reversed description of icount sleep behavior

Frederic Konrad (1):
      hw/intc/arm_gic: introduce a first-cpu-index property

J. Neuschäfer (1):
      linux-user/arm: Fix return value of SYS_cacheflush

Peter Maydell (1):
      hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions

Shameer Kolothum (1):
      hw/arm/virt: Check bypass iommu is not set for iommu-map DT property

Souleymane Conte (1):
      docs/interop: convert qed_spec.txt to reStructuredText format

Thomas Huth (1):
      tests/functional: Add a test for the realview-eb-mpcore machine

 MAINTAINERS                           |   2 +
 docs/interop/index.rst                |   1 +
 docs/interop/qed_spec.rst             | 219 ++++++++++++++++++++++++++++++++++
 docs/interop/qed_spec.txt             | 138 ---------------------
 include/hw/arm/boot.h                 |   3 +
 include/hw/intc/arm_gic.h             |   3 +
 include/hw/intc/arm_gic_common.h      |   2 +
 hw/arm/boot.c                         |  15 ++-
 hw/arm/mps2.c                         |   4 +
 hw/arm/virt.c                         |  15 ++-
 hw/intc/arm_gic.c                     |   2 +-
 hw/intc/arm_gic_common.c              |   1 +
 linux-user/arm/cpu_loop.c             |   1 +
 target/arm/helper.c                   |  12 +-
 qemu-options.hx                       |   8 +-
 tests/functional/meson.build          |   1 +
 tests/functional/test_arm_realview.py |  47 ++++++++
 17 files changed, 312 insertions(+), 162 deletions(-)
 create mode 100644 docs/interop/qed_spec.rst
 delete mode 100644 docs/interop/qed_spec.txt
 create mode 100755 tests/functional/test_arm_realview.py

Re: [PULL 0/9] target-arm queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 116 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/10.1 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]