[PULL 00/41] target-arm queue

[PULL 00/41] target-arm queue

[Peter Maydell]

The big thing in here is RTH's caching-of-tb-flags patchset
which should improve TCG performance.

thanks
-- PMM

The following changes since commit 2152e740a8938b3bad73bfe1a01f8b94dab02d41:

  Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-10-22 12:03:03 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191022

for you to fetch changes up to 833043a060f7d0e95ded88e61e992466305c0345:

  hw/arm/digic4: Inline digic4_board_setup_ram() function (2019-10-22 14:21:57 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix sign-extension for SMLAL* instructions
 * aspeed: Add an AST2600 eval board
 * Various ptimer device conversions to new transaction API
 * Cache TB flags to avoid expensively recomputing them every time
 * Add a dummy Samsung SDHCI controller model to exynos4 boards
 * Minor refactorings of RAM creation for some arm boards

----------------------------------------------------------------
Cédric Le Goater (1):
      aspeed: Add an AST2600 eval board

Guenter Roeck (1):
      hw/timer/exynos4210_mct: Initialize ptimer before starting it

Peter Maydell (7):
      hw/timer/arm_mptimer.c: Undo accidental rename of arm_mptimer_init()
      hw/timer/puv3_ost.c: Switch to transaction-based ptimer API
      hw/timer/sh_timer: Switch to transaction-based ptimer API
      hw/timer/lm32_timer: Switch to transaction-based ptimer API
      hw/timer/altera_timer.c: Switch to transaction-based ptimer API
      hw/watchdog/etraxfs_timer.c: Switch to transaction-based ptimer API
      hw/m68k/mcf5208.c: Switch to transaction-based ptimer API

Philippe Mathieu-Daudé (9):
      hw/sd/sdhci: Add a comment to distinct the i.MX eSDHC functions
      hw/sd/sdhci: Add dummy Samsung SDHCI controller
      hw/arm/exynos4210: Use the Samsung s3c SDHCI controller
      hw/arm/xilinx_zynq: Use the IEC binary prefix definitions
      hw/arm/mps2: Use the IEC binary prefix definitions
      hw/arm/collie: Create the RAM in the board
      hw/arm/omap2: Create the RAM in the board
      hw/arm/omap1: Create the RAM in the board
      hw/arm/digic4: Inline digic4_board_setup_ram() function

Richard Henderson (23):
      target/arm: Fix sign-extension for SMLAL*
      target/arm: Split out rebuild_hflags_common
      target/arm: Split out rebuild_hflags_a64
      target/arm: Split out rebuild_hflags_common_32
      target/arm: Split arm_cpu_data_is_big_endian
      target/arm: Split out rebuild_hflags_m32
      target/arm: Reduce tests vs M-profile in cpu_get_tb_cpu_state
      target/arm: Split out rebuild_hflags_a32
      target/arm: Split out rebuild_hflags_aprofile
      target/arm: Hoist XSCALE_CPAR, VECLEN, VECSTRIDE in cpu_get_tb_cpu_state
      target/arm: Simplify set of PSTATE_SS in cpu_get_tb_cpu_state
      target/arm: Hoist computation of TBFLAG_A32.VFPEN
      target/arm: Add arm_rebuild_hflags
      target/arm: Split out arm_mmu_idx_el
      target/arm: Hoist store to cs_base in cpu_get_tb_cpu_state
      target/arm: Add HELPER(rebuild_hflags_{a32, a64, m32})
      target/arm: Rebuild hflags at EL changes
      target/arm: Rebuild hflags at MSR writes
      target/arm: Rebuild hflags at CPSR writes
      target/arm: Rebuild hflags at Xscale SCTLR writes
      target/arm: Rebuild hflags for M-profile
      target/arm: Rebuild hflags for M-profile NVIC
      target/arm: Rely on hflags correct in cpu_get_tb_cpu_state

 hw/arm/strongarm.h         |   4 +-
 include/hw/arm/aspeed.h    |   1 +
 include/hw/arm/omap.h      |  10 +-
 include/hw/sd/sdhci.h      |   2 +
 target/arm/cpu.h           |  84 ++++++----
 target/arm/helper.h        |   4 +
 target/arm/internals.h     |   9 ++
 hw/arm/aspeed.c            |  23 +++
 hw/arm/collie.c            |   8 +-
 hw/arm/digic_boards.c      |   9 +-
 hw/arm/exynos4210.c        |   2 +-
 hw/arm/mps2-tz.c           |   3 +-
 hw/arm/mps2.c              |   3 +-
 hw/arm/nseries.c           |  10 +-
 hw/arm/omap1.c             |  12 +-
 hw/arm/omap2.c             |  13 +-
 hw/arm/omap_sx1.c          |   8 +-
 hw/arm/palm.c              |   8 +-
 hw/arm/strongarm.c         |   7 +-
 hw/arm/xilinx_zynq.c       |   3 +-
 hw/intc/armv7m_nvic.c      |  22 +--
 hw/m68k/mcf5208.c          |   9 +-
 hw/sd/sdhci.c              |  68 +++++++-
 hw/timer/altera_timer.c    |  13 +-
 hw/timer/arm_mptimer.c     |   4 +-
 hw/timer/etraxfs_timer.c   |  23 +--
 hw/timer/exynos4210_mct.c  |   2 +-
 hw/timer/lm32_timer.c      |  13 +-
 hw/timer/puv3_ost.c        |   9 +-
 hw/timer/sh_timer.c        |  13 +-
 linux-user/syscall.c       |   1 +
 target/arm/cpu.c           |   1 +
 target/arm/helper-a64.c    |   3 +
 target/arm/helper.c        | 393 +++++++++++++++++++++++++++++----------------
 target/arm/m_helper.c      |   6 +
 target/arm/machine.c       |   1 +
 target/arm/op_helper.c     |   4 +
 target/arm/translate-a64.c |  13 +-
 target/arm/translate.c     |  37 ++++-
 39 files changed, 588 insertions(+), 270 deletions(-)

[PULL 01/41] target/arm: Fix sign-extension for SMLAL*

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

The 32-bit product should be sign-extended, not zero-extended.

Fixes: ea96b374641b
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190912183058.17947-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 698c594e8ce..96340520ee2 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8045,7 +8045,9 @@ static bool op_smlaxxx(DisasContext *s, arg_rrrr *a,
     case 2:
         tl = load_reg(s, a->ra);
         th = load_reg(s, a->rd);
-        t1 = tcg_const_i32(0);
+        /* Sign-extend the 32-bit product to 64 bits.  */
+        t1 = tcg_temp_new_i32();
+        tcg_gen_sari_i32(t1, t0, 31);
         tcg_gen_add2_i32(tl, th, tl, th, t0, t1);
         tcg_temp_free_i32(t0);
         tcg_temp_free_i32(t1);
-- 
2.20.1

[PULL 02/41] aspeed: Add an AST2600 eval board

[Peter Maydell]

From: Cédric Le Goater <clg@kaod.org>

Define the board with 1 GiB of RAM but some boards can have up to 2
GiB.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20191016090745.15334-1-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/aspeed.h |  1 +
 hw/arm/aspeed.c         | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
index 02073a6b4d6..f49bc7081e4 100644
--- a/include/hw/arm/aspeed.h
+++ b/include/hw/arm/aspeed.h
@@ -18,6 +18,7 @@ typedef struct AspeedBoardConfig {
     const char *desc;
     const char *soc_name;
     uint32_t hw_strap1;
+    uint32_t hw_strap2;
     const char *fmc_model;
     const char *spi_model;
     uint32_t num_cs;
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 52993f84b46..028191ff36f 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -88,6 +88,10 @@ struct AspeedBoardState {
 /* Witherspoon hardware value: 0xF10AD216 (but use romulus definition) */
 #define WITHERSPOON_BMC_HW_STRAP1 ROMULUS_BMC_HW_STRAP1
 
+/* AST2600 evb hardware value */
+#define AST2600_EVB_HW_STRAP1 0x000000C0
+#define AST2600_EVB_HW_STRAP2 0x00000003
+
 /*
  * The max ram region is for firmwares that scan the address space
  * with load/store to guess how much RAM the SoC has.
@@ -187,6 +191,8 @@ static void aspeed_board_init(MachineState *machine,
                              &error_abort);
     object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap1, "hw-strap1",
                             &error_abort);
+    object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap2, "hw-strap2",
+                            &error_abort);
     object_property_set_int(OBJECT(&bmc->soc), cfg->num_cs, "num-cs",
                             &error_abort);
     object_property_set_int(OBJECT(&bmc->soc), machine->smp.cpus, "num-cpus",
@@ -308,6 +314,12 @@ static void ast2500_evb_i2c_init(AspeedBoardState *bmc)
     i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 11), "ds1338", 0x32);
 }
 
+static void ast2600_evb_i2c_init(AspeedBoardState *bmc)
+{
+    /* Start with some devices on our I2C busses */
+    ast2500_evb_i2c_init(bmc);
+}
+
 static void romulus_bmc_i2c_init(AspeedBoardState *bmc)
 {
     AspeedSoCState *soc = &bmc->soc;
@@ -455,6 +467,17 @@ static const AspeedBoardConfig aspeed_boards[] = {
         .num_cs    = 2,
         .i2c_init  = witherspoon_bmc_i2c_init,
         .ram       = 512 * MiB,
+    }, {
+        .name      = MACHINE_TYPE_NAME("ast2600-evb"),
+        .desc      = "Aspeed AST2600 EVB (Cortex A7)",
+        .soc_name  = "ast2600-a0",
+        .hw_strap1 = AST2600_EVB_HW_STRAP1,
+        .hw_strap2 = AST2600_EVB_HW_STRAP2,
+        .fmc_model = "w25q512jv",
+        .spi_model = "mx66u51235f",
+        .num_cs    = 1,
+        .i2c_init  = ast2600_evb_i2c_init,
+        .ram       = 1 * GiB,
     },
 };
 
-- 
2.20.1

[PULL 03/41] hw/timer/exynos4210_mct: Initialize ptimer before starting it

[Peter Maydell]

From: Guenter Roeck <linux@roeck-us.net>

When booting a recent Linux kernel, the qemu message "Timer with delta
zero, disabling" is seen, apparently because a ptimer is started before
being initialized.  Fix the problem by initializing the offending ptimer
before starting it.

The bug is effectively harmless in the old QEMUBH setup
because the sequence of events is:
 * the delta zero means the timer expires immediately
 * ptimer_reload() arranges for exynos4210_gfrc_event() to be called
 * ptimer_reload() notices the zero delta and disables the timer
 * later, the QEMUBH runs, and exynos4210_gfrc_event() correctly
   configures the timer and restarts it

In the new transaction based API the bug is still harmless,
but differences of when the callback function runs mean the
message is not printed any more:
 * ptimer_run() does nothing as it's inside a transaction block
 * ptimer_transaction_commit() sees it has work to do and
   calls ptimer_reload()
 * the zero delta means the timer expires immediately
 * ptimer_reload() calls exynos4210_gfrc_event() directly
 * exynos4210_gfrc_event() configures the timer
 * the delta is no longer zero so ptimer_reload() doesn't complain
   (the zero-delta test is after the trigger-callback in
   the ptimer_reload() function)

Regardless, the behaviour here was not intentional, and we should
just program the ptimer correctly to start with.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20191018143149.9216-1-peter.maydell@linaro.org
[PMM: Expansion/clarification of the commit message:
 the message is about a zero delta, not a zero period;
 added detail to the commit message of the analysis of what
 is happening and why the kernel boots even with the message;
 added note that the message goes away with the new ptimer API]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/timer/exynos4210_mct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index 72257584145..944120aea59 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -1254,7 +1254,7 @@ static void exynos4210_mct_write(void *opaque, hwaddr offset,
         /* Start FRC if transition from disabled to enabled */
         if ((value & G_TCON_TIMER_ENABLE) > (old_val &
                 G_TCON_TIMER_ENABLE)) {
-            exynos4210_gfrc_start(&s->g_timer);
+            exynos4210_gfrc_restart(s);
         }
         if ((value & G_TCON_TIMER_ENABLE) < (old_val &
                 G_TCON_TIMER_ENABLE)) {
-- 
2.20.1

[PULL 04/41] hw/timer/arm_mptimer.c: Undo accidental rename of arm_mptimer_init()

[Peter Maydell]

In commit b01422622b we did an automated rename of the ptimer_init()
function to ptimer_init_with_bh().  Unfortunately this caught the
unrelated arm_mptimer_init() function.  Undo that accidental
renaming.

Fixes: b01422622b7c7293196fdaf1dbb4f495af44ecf9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017133331.5901-1-peter.maydell@linaro.org
---
 hw/timer/arm_mptimer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index fdf97d1800f..2bf11f788c3 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -237,7 +237,7 @@ static void arm_mptimer_reset(DeviceState *dev)
     }
 }
 
-static void arm_mptimer_init_with_bh(Object *obj)
+static void arm_mptimer_init(Object *obj)
 {
     ARMMPTimerState *s = ARM_MPTIMER(obj);
 
@@ -319,7 +319,7 @@ static const TypeInfo arm_mptimer_info = {
     .name          = TYPE_ARM_MPTIMER,
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(ARMMPTimerState),
-    .instance_init = arm_mptimer_init_with_bh,
+    .instance_init = arm_mptimer_init,
     .class_init    = arm_mptimer_class_init,
 };
 
-- 
2.20.1

[PULL 05/41] hw/timer/puv3_ost.c: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the puv3_ost code away from bottom-half based ptimers to the
new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the timer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017132905.5604-2-peter.maydell@linaro.org
---
 hw/timer/puv3_ost.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/timer/puv3_ost.c b/hw/timer/puv3_ost.c
index 0898da5ce97..697519593bb 100644
--- a/hw/timer/puv3_ost.c
+++ b/hw/timer/puv3_ost.c
@@ -13,7 +13,6 @@
 #include "hw/sysbus.h"
 #include "hw/irq.h"
 #include "hw/ptimer.h"
-#include "qemu/main-loop.h"
 #include "qemu/module.h"
 
 #undef DEBUG_PUV3
@@ -27,7 +26,6 @@ typedef struct PUV3OSTState {
     SysBusDevice parent_obj;
 
     MemoryRegion iomem;
-    QEMUBH *bh;
     qemu_irq irq;
     ptimer_state *ptimer;
 
@@ -68,6 +66,7 @@ static void puv3_ost_write(void *opaque, hwaddr offset,
     DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
     switch (offset) {
     case 0x00: /* Match Register 0 */
+        ptimer_transaction_begin(s->ptimer);
         s->reg_OSMR0 = value;
         if (s->reg_OSMR0 > s->reg_OSCR) {
             ptimer_set_count(s->ptimer, s->reg_OSMR0 - s->reg_OSCR);
@@ -76,6 +75,7 @@ static void puv3_ost_write(void *opaque, hwaddr offset,
                     (0xffffffff - s->reg_OSCR));
         }
         ptimer_run(s->ptimer, 2);
+        ptimer_transaction_commit(s->ptimer);
         break;
     case 0x14: /* Status Register */
         assert(value == 0);
@@ -128,9 +128,10 @@ static void puv3_ost_realize(DeviceState *dev, Error **errp)
 
     sysbus_init_irq(sbd, &s->irq);
 
-    s->bh = qemu_bh_new(puv3_ost_tick, s);
-    s->ptimer = ptimer_init_with_bh(s->bh, PTIMER_POLICY_DEFAULT);
+    s->ptimer = ptimer_init(puv3_ost_tick, s, PTIMER_POLICY_DEFAULT);
+    ptimer_transaction_begin(s->ptimer);
     ptimer_set_freq(s->ptimer, 50 * 1000 * 1000);
+    ptimer_transaction_commit(s->ptimer);
 
     memory_region_init_io(&s->iomem, OBJECT(s), &puv3_ost_ops, s, "puv3_ost",
             PUV3_REGS_OFFSET);
-- 
2.20.1

[PULL 06/41] hw/timer/sh_timer: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the sh_timer code away from bottom-half based ptimers to the
new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the timer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017132905.5604-3-peter.maydell@linaro.org
---
 hw/timer/sh_timer.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/timer/sh_timer.c b/hw/timer/sh_timer.c
index 48a81b4dc79..13c4051808f 100644
--- a/hw/timer/sh_timer.c
+++ b/hw/timer/sh_timer.c
@@ -13,7 +13,6 @@
 #include "hw/irq.h"
 #include "hw/sh4/sh.h"
 #include "qemu/timer.h"
-#include "qemu/main-loop.h"
 #include "hw/ptimer.h"
 
 //#define DEBUG_TIMER
@@ -91,13 +90,18 @@ static void sh_timer_write(void *opaque, hwaddr offset,
     switch (offset >> 2) {
     case OFFSET_TCOR:
         s->tcor = value;
+        ptimer_transaction_begin(s->timer);
         ptimer_set_limit(s->timer, s->tcor, 0);
+        ptimer_transaction_commit(s->timer);
         break;
     case OFFSET_TCNT:
         s->tcnt = value;
+        ptimer_transaction_begin(s->timer);
         ptimer_set_count(s->timer, s->tcnt);
+        ptimer_transaction_commit(s->timer);
         break;
     case OFFSET_TCR:
+        ptimer_transaction_begin(s->timer);
         if (s->enabled) {
             /* Pause the timer if it is running.  This may cause some
                inaccuracy dure to rounding, but avoids a whole lot of other
@@ -148,6 +152,7 @@ static void sh_timer_write(void *opaque, hwaddr offset,
             /* Restart the timer if still enabled.  */
             ptimer_run(s->timer, 0);
         }
+        ptimer_transaction_commit(s->timer);
         break;
     case OFFSET_TCPR:
         if (s->feat & TIMER_FEAT_CAPT) {
@@ -168,12 +173,14 @@ static void sh_timer_start_stop(void *opaque, int enable)
     printf("sh_timer_start_stop %d (%d)\n", enable, s->enabled);
 #endif
 
+    ptimer_transaction_begin(s->timer);
     if (s->enabled && !enable) {
         ptimer_stop(s->timer);
     }
     if (!s->enabled && enable) {
         ptimer_run(s->timer, 0);
     }
+    ptimer_transaction_commit(s->timer);
     s->enabled = !!enable;
 
 #ifdef DEBUG_TIMER
@@ -191,7 +198,6 @@ static void sh_timer_tick(void *opaque)
 static void *sh_timer_init(uint32_t freq, int feat, qemu_irq irq)
 {
     sh_timer_state *s;
-    QEMUBH *bh;
 
     s = (sh_timer_state *)g_malloc0(sizeof(sh_timer_state));
     s->freq = freq;
@@ -203,8 +209,7 @@ static void *sh_timer_init(uint32_t freq, int feat, qemu_irq irq)
     s->enabled = 0;
     s->irq = irq;
 
-    bh = qemu_bh_new(sh_timer_tick, s);
-    s->timer = ptimer_init_with_bh(bh, PTIMER_POLICY_DEFAULT);
+    s->timer = ptimer_init(sh_timer_tick, s, PTIMER_POLICY_DEFAULT);
 
     sh_timer_write(s, OFFSET_TCOR >> 2, s->tcor);
     sh_timer_write(s, OFFSET_TCNT >> 2, s->tcnt);
-- 
2.20.1

[PULL 07/41] hw/timer/lm32_timer: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the lm32_timer code away from bottom-half based ptimers to the
new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the ytimer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017132905.5604-4-peter.maydell@linaro.org
---
 hw/timer/lm32_timer.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/timer/lm32_timer.c b/hw/timer/lm32_timer.c
index fabde760b2d..3fdecd09fe2 100644
--- a/hw/timer/lm32_timer.c
+++ b/hw/timer/lm32_timer.c
@@ -30,7 +30,6 @@
 #include "hw/ptimer.h"
 #include "hw/qdev-properties.h"
 #include "qemu/error-report.h"
-#include "qemu/main-loop.h"
 #include "qemu/module.h"
 
 #define DEFAULT_FREQUENCY (50*1000000)
@@ -63,7 +62,6 @@ struct LM32TimerState {
 
     MemoryRegion iomem;
 
-    QEMUBH *bh;
     ptimer_state *ptimer;
 
     qemu_irq irq;
@@ -119,6 +117,7 @@ static void timer_write(void *opaque, hwaddr addr,
         s->regs[R_SR] &= ~SR_TO;
         break;
     case R_CR:
+        ptimer_transaction_begin(s->ptimer);
         s->regs[R_CR] = value;
         if (s->regs[R_CR] & CR_START) {
             ptimer_run(s->ptimer, 1);
@@ -126,10 +125,13 @@ static void timer_write(void *opaque, hwaddr addr,
         if (s->regs[R_CR] & CR_STOP) {
             ptimer_stop(s->ptimer);
         }
+        ptimer_transaction_commit(s->ptimer);
         break;
     case R_PERIOD:
         s->regs[R_PERIOD] = value;
+        ptimer_transaction_begin(s->ptimer);
         ptimer_set_count(s->ptimer, value);
+        ptimer_transaction_commit(s->ptimer);
         break;
     case R_SNAPSHOT:
         error_report("lm32_timer: write access to read only register 0x"
@@ -176,7 +178,9 @@ static void timer_reset(DeviceState *d)
     for (i = 0; i < R_MAX; i++) {
         s->regs[i] = 0;
     }
+    ptimer_transaction_begin(s->ptimer);
     ptimer_stop(s->ptimer);
+    ptimer_transaction_commit(s->ptimer);
 }
 
 static void lm32_timer_init(Object *obj)
@@ -195,10 +199,11 @@ static void lm32_timer_realize(DeviceState *dev, Error **errp)
 {
     LM32TimerState *s = LM32_TIMER(dev);
 
-    s->bh = qemu_bh_new(timer_hit, s);
-    s->ptimer = ptimer_init_with_bh(s->bh, PTIMER_POLICY_DEFAULT);
+    s->ptimer = ptimer_init(timer_hit, s, PTIMER_POLICY_DEFAULT);
 
+    ptimer_transaction_begin(s->ptimer);
     ptimer_set_freq(s->ptimer, s->freq_hz);
+    ptimer_transaction_commit(s->ptimer);
 }
 
 static const VMStateDescription vmstate_lm32_timer = {
-- 
2.20.1

[PULL 08/41] hw/timer/altera_timer.c: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the altera_timer code away from bottom-half based ptimers to
the new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the timer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017132905.5604-6-peter.maydell@linaro.org
---
 hw/timer/altera_timer.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/timer/altera_timer.c b/hw/timer/altera_timer.c
index ee32e0ec1ff..79fc381252d 100644
--- a/hw/timer/altera_timer.c
+++ b/hw/timer/altera_timer.c
@@ -19,7 +19,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "qemu/module.h"
 #include "qapi/error.h"
 
@@ -53,7 +52,6 @@ typedef struct AlteraTimer {
     MemoryRegion  mmio;
     qemu_irq      irq;
     uint32_t      freq_hz;
-    QEMUBH       *bh;
     ptimer_state *ptimer;
     uint32_t      regs[R_MAX];
 } AlteraTimer;
@@ -105,6 +103,7 @@ static void timer_write(void *opaque, hwaddr addr,
         break;
 
     case R_CONTROL:
+        ptimer_transaction_begin(t->ptimer);
         t->regs[R_CONTROL] = value & (CONTROL_ITO | CONTROL_CONT);
         if ((value & CONTROL_START) &&
             !(t->regs[R_STATUS] & STATUS_RUN)) {
@@ -115,10 +114,12 @@ static void timer_write(void *opaque, hwaddr addr,
             ptimer_stop(t->ptimer);
             t->regs[R_STATUS] &= ~STATUS_RUN;
         }
+        ptimer_transaction_commit(t->ptimer);
         break;
 
     case R_PERIODL:
     case R_PERIODH:
+        ptimer_transaction_begin(t->ptimer);
         t->regs[addr] = value & 0xFFFF;
         if (t->regs[R_STATUS] & STATUS_RUN) {
             ptimer_stop(t->ptimer);
@@ -126,6 +127,7 @@ static void timer_write(void *opaque, hwaddr addr,
         }
         tvalue = (t->regs[R_PERIODH] << 16) | t->regs[R_PERIODL];
         ptimer_set_limit(t->ptimer, tvalue + 1, 1);
+        ptimer_transaction_commit(t->ptimer);
         break;
 
     case R_SNAPL:
@@ -183,9 +185,10 @@ static void altera_timer_realize(DeviceState *dev, Error **errp)
         return;
     }
 
-    t->bh = qemu_bh_new(timer_hit, t);
-    t->ptimer = ptimer_init_with_bh(t->bh, PTIMER_POLICY_DEFAULT);
+    t->ptimer = ptimer_init(timer_hit, t, PTIMER_POLICY_DEFAULT);
+    ptimer_transaction_begin(t->ptimer);
     ptimer_set_freq(t->ptimer, t->freq_hz);
+    ptimer_transaction_commit(t->ptimer);
 
     memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t,
                           TYPE_ALTERA_TIMER, R_MAX * sizeof(uint32_t));
@@ -204,8 +207,10 @@ static void altera_timer_reset(DeviceState *dev)
 {
     AlteraTimer *t = ALTERA_TIMER(dev);
 
+    ptimer_transaction_begin(t->ptimer);
     ptimer_stop(t->ptimer);
     ptimer_set_limit(t->ptimer, 0xffffffff, 1);
+    ptimer_transaction_commit(t->ptimer);
     memset(t->regs, 0, sizeof(t->regs));
 }
 
-- 
2.20.1

[PULL 09/41] hw/watchdog/etraxfs_timer.c: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the etraxfs_timer code away from bottom-half based ptimers to
the new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the timer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20191017132905.5604-7-peter.maydell@linaro.org
---
 hw/timer/etraxfs_timer.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/hw/timer/etraxfs_timer.c b/hw/timer/etraxfs_timer.c
index ab27fe1895b..afe3d30a8ea 100644
--- a/hw/timer/etraxfs_timer.c
+++ b/hw/timer/etraxfs_timer.c
@@ -26,7 +26,6 @@
 #include "hw/sysbus.h"
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
-#include "qemu/main-loop.h"
 #include "qemu/module.h"
 #include "qemu/timer.h"
 #include "hw/irq.h"
@@ -59,9 +58,6 @@ typedef struct ETRAXTimerState {
     qemu_irq irq;
     qemu_irq nmi;
 
-    QEMUBH *bh_t0;
-    QEMUBH *bh_t1;
-    QEMUBH *bh_wd;
     ptimer_state *ptimer_t0;
     ptimer_state *ptimer_t1;
     ptimer_state *ptimer_wd;
@@ -155,6 +151,7 @@ static void update_ctrl(ETRAXTimerState *t, int tnum)
     }
 
     D(printf ("freq_hz=%d div=%d\n", freq_hz, div));
+    ptimer_transaction_begin(timer);
     ptimer_set_freq(timer, freq_hz);
     ptimer_set_limit(timer, div, 0);
 
@@ -176,6 +173,7 @@ static void update_ctrl(ETRAXTimerState *t, int tnum)
             abort();
             break;
     }
+    ptimer_transaction_commit(timer);
 }
 
 static void timer_update_irq(ETRAXTimerState *t)
@@ -240,6 +238,7 @@ static inline void timer_watchdog_update(ETRAXTimerState *t, uint32_t value)
 
     t->wd_hits = 0;
 
+    ptimer_transaction_begin(t->ptimer_wd);
     ptimer_set_freq(t->ptimer_wd, 760);
     if (wd_cnt == 0)
         wd_cnt = 256;
@@ -250,6 +249,7 @@ static inline void timer_watchdog_update(ETRAXTimerState *t, uint32_t value)
         ptimer_stop(t->ptimer_wd);
 
     t->rw_wd_ctrl = value;
+    ptimer_transaction_commit(t->ptimer_wd);
 }
 
 static void
@@ -311,9 +311,15 @@ static void etraxfs_timer_reset(void *opaque)
 {
     ETRAXTimerState *t = opaque;
 
+    ptimer_transaction_begin(t->ptimer_t0);
     ptimer_stop(t->ptimer_t0);
+    ptimer_transaction_commit(t->ptimer_t0);
+    ptimer_transaction_begin(t->ptimer_t1);
     ptimer_stop(t->ptimer_t1);
+    ptimer_transaction_commit(t->ptimer_t1);
+    ptimer_transaction_begin(t->ptimer_wd);
     ptimer_stop(t->ptimer_wd);
+    ptimer_transaction_commit(t->ptimer_wd);
     t->rw_wd_ctrl = 0;
     t->r_intr = 0;
     t->rw_intr_mask = 0;
@@ -325,12 +331,9 @@ static void etraxfs_timer_realize(DeviceState *dev, Error **errp)
     ETRAXTimerState *t = ETRAX_TIMER(dev);
     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
-    t->bh_t0 = qemu_bh_new(timer0_hit, t);
-    t->bh_t1 = qemu_bh_new(timer1_hit, t);
-    t->bh_wd = qemu_bh_new(watchdog_hit, t);
-    t->ptimer_t0 = ptimer_init_with_bh(t->bh_t0, PTIMER_POLICY_DEFAULT);
-    t->ptimer_t1 = ptimer_init_with_bh(t->bh_t1, PTIMER_POLICY_DEFAULT);
-    t->ptimer_wd = ptimer_init_with_bh(t->bh_wd, PTIMER_POLICY_DEFAULT);
+    t->ptimer_t0 = ptimer_init(timer0_hit, t, PTIMER_POLICY_DEFAULT);
+    t->ptimer_t1 = ptimer_init(timer1_hit, t, PTIMER_POLICY_DEFAULT);
+    t->ptimer_wd = ptimer_init(watchdog_hit, t, PTIMER_POLICY_DEFAULT);
 
     sysbus_init_irq(sbd, &t->irq);
     sysbus_init_irq(sbd, &t->nmi);
-- 
2.20.1

[PULL 10/41] hw/m68k/mcf5208.c: Switch to transaction-based ptimer API

[Peter Maydell]

Switch the mcf5208 code away from bottom-half based ptimers to
the new transaction-based ptimer API.  This just requires adding
begin/commit calls around the various places that modify the ptimer
state, and using the new ptimer_init() function to create the timer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Thomas Huth <huth@tuxfamily.org>
Message-id: 20191017132905.5604-9-peter.maydell@linaro.org
---
 hw/m68k/mcf5208.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index 34d34eba17c..158c5e4be75 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -9,7 +9,6 @@
 #include "qemu/osdep.h"
 #include "qemu/units.h"
 #include "qemu/error-report.h"
-#include "qemu/main-loop.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
@@ -79,6 +78,7 @@ static void m5208_timer_write(void *opaque, hwaddr offset,
             return;
         }
 
+        ptimer_transaction_begin(s->timer);
         if (s->pcsr & PCSR_EN)
             ptimer_stop(s->timer);
 
@@ -94,8 +94,10 @@ static void m5208_timer_write(void *opaque, hwaddr offset,
 
         if (s->pcsr & PCSR_EN)
             ptimer_run(s->timer, 0);
+        ptimer_transaction_commit(s->timer);
         break;
     case 2:
+        ptimer_transaction_begin(s->timer);
         s->pmr = value;
         s->pcsr &= ~PCSR_PIF;
         if ((s->pcsr & PCSR_RLD) == 0) {
@@ -104,6 +106,7 @@ static void m5208_timer_write(void *opaque, hwaddr offset,
         } else {
             ptimer_set_limit(s->timer, value, s->pcsr & PCSR_OVW);
         }
+        ptimer_transaction_commit(s->timer);
         break;
     case 4:
         break;
@@ -182,7 +185,6 @@ static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic)
 {
     MemoryRegion *iomem = g_new(MemoryRegion, 1);
     m5208_timer_state *s;
-    QEMUBH *bh;
     int i;
 
     /* SDRAMC.  */
@@ -191,8 +193,7 @@ static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic)
     /* Timers.  */
     for (i = 0; i < 2; i++) {
         s = g_new0(m5208_timer_state, 1);
-        bh = qemu_bh_new(m5208_timer_trigger, s);
-        s->timer = ptimer_init_with_bh(bh, PTIMER_POLICY_DEFAULT);
+        s->timer = ptimer_init(m5208_timer_trigger, s, PTIMER_POLICY_DEFAULT);
         memory_region_init_io(&s->iomem, NULL, &m5208_timer_ops, s,
                               "m5208-timer", 0x00004000);
         memory_region_add_subregion(address_space, 0xfc080000 + 0x4000 * i,
-- 
2.20.1

[PULL 11/41] target/arm: Split out rebuild_hflags_common

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Create a function to compute the values of the TBFLAG_ANY bits
that will be cached.  For now, the env->hflags variable is not
used, and the results are fed back to cpu_get_tb_cpu_state.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 29 ++++++++++++++++++-----------
 target/arm/helper.c | 26 +++++++++++++++++++-------
 2 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 297ad5e47ad..ad79a6153bb 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -231,6 +231,9 @@ typedef struct CPUARMState {
     uint32_t pstate;
     uint32_t aarch64; /* 1 if CPU is in aarch64 state; inverse of PSTATE.nRW */
 
+    /* Cached TBFLAGS state.  See below for which bits are included.  */
+    uint32_t hflags;
+
     /* Frequently accessed CPSR bits are stored separately for efficiency.
        This contains all the other bits.  Use cpsr_{read,write} to access
        the whole CPSR.  */
@@ -3140,15 +3143,18 @@ typedef ARMCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
-/* Bit usage in the TB flags field: bit 31 indicates whether we are
+/*
+ * Bit usage in the TB flags field: bit 31 indicates whether we are
  * in 32 or 64 bit mode. The meaning of the other bits depends on that.
  * We put flags which are shared between 32 and 64 bit mode at the top
  * of the word, and flags which apply to only one mode at the bottom.
+ *
+ * Unless otherwise noted, these bits are cached in env->hflags.
  */
 FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
 FIELD(TBFLAG_ANY, MMUIDX, 28, 3)
 FIELD(TBFLAG_ANY, SS_ACTIVE, 27, 1)
-FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)
+FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)     /* Not cached. */
 /* Target EL if we take a floating-point-disabled exception */
 FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
 FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
@@ -3159,13 +3165,14 @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
 FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
 
 /* Bit usage when in AArch32 state: */
-FIELD(TBFLAG_A32, THUMB, 0, 1)
-FIELD(TBFLAG_A32, VECLEN, 1, 3)
-FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)
+FIELD(TBFLAG_A32, THUMB, 0, 1)          /* Not cached. */
+FIELD(TBFLAG_A32, VECLEN, 1, 3)         /* Not cached. */
+FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)      /* Not cached. */
 /*
  * We store the bottom two bits of the CPAR as TB flags and handle
  * checks on the other bits at runtime. This shares the same bits as
  * VECSTRIDE, which is OK as no XScale CPU has VFP.
+ * Not cached, because VECLEN+VECSTRIDE are not cached.
  */
 FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
 /*
@@ -3174,15 +3181,15 @@ FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
  * the same thing as the current security state of the processor!
  */
 FIELD(TBFLAG_A32, NS, 6, 1)
-FIELD(TBFLAG_A32, VFPEN, 7, 1)
-FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
+FIELD(TBFLAG_A32, VFPEN, 7, 1)          /* Not cached. */
+FIELD(TBFLAG_A32, CONDEXEC, 8, 8)       /* Not cached. */
 FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
 /* For M profile only, set if FPCCR.LSPACT is set */
-FIELD(TBFLAG_A32, LSPACT, 18, 1)
+FIELD(TBFLAG_A32, LSPACT, 18, 1)        /* Not cached. */
 /* For M profile only, set if we must create a new FP context */
-FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1)
+FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* Not cached. */
 /* For M profile only, set if FPCCR.S does not match current security state */
-FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1)
+FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* Not cached. */
 /* For M profile only, Handler (ie not Thread) mode */
 FIELD(TBFLAG_A32, HANDLER, 21, 1)
 /* For M profile only, whether we should generate stack-limit checks */
@@ -3194,7 +3201,7 @@ FIELD(TBFLAG_A64, SVEEXC_EL, 2, 2)
 FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
 FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
 FIELD(TBFLAG_A64, BT, 9, 1)
-FIELD(TBFLAG_A64, BTYPE, 10, 2)
+FIELD(TBFLAG_A64, BTYPE, 10, 2)         /* Not cached. */
 FIELD(TBFLAG_A64, TBID, 12, 2)
 
 static inline bool bswap_code(bool sctlr_b)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0d9a2d2ab74..8829d91ae1d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11054,6 +11054,22 @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
 }
 #endif
 
+static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
+                                      ARMMMUIdx mmu_idx, uint32_t flags)
+{
+    flags = FIELD_DP32(flags, TBFLAG_ANY, FPEXC_EL, fp_el);
+    flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX,
+                       arm_to_core_mmu_idx(mmu_idx));
+
+    if (arm_cpu_data_is_big_endian(env)) {
+        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+    }
+    if (arm_singlestep_active(env)) {
+        flags = FIELD_DP32(flags, TBFLAG_ANY, SS_ACTIVE, 1);
+    }
+    return flags;
+}
+
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
@@ -11145,7 +11161,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     }
 
-    flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
+    flags = rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 
     /* The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
      * states defined in the ARM ARM for software singlestep:
@@ -11153,9 +11169,9 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
      *     0            x       Inactive (the TB flag for SS is always 0)
      *     1            0       Active-pending
      *     1            1       Active-not-pending
+     * SS_ACTIVE is set in hflags; PSTATE_SS is computed every TB.
      */
-    if (arm_singlestep_active(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, SS_ACTIVE, 1);
+    if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE)) {
         if (is_a64(env)) {
             if (env->pstate & PSTATE_SS) {
                 flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
@@ -11166,10 +11182,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             }
         }
     }
-    if (arm_cpu_data_is_big_endian(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
-    }
-    flags = FIELD_DP32(flags, TBFLAG_ANY, FPEXC_EL, fp_el);
 
     if (arm_v7m_is_handler_mode(env)) {
         flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
-- 
2.20.1

[PULL 12/41] target/arm: Split out rebuild_hflags_a64

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Create a function to compute the values of the TBFLAG_A64 bits
that will be cached.  For now, the env->hflags variable is not
used, and the results are fed back to cpu_get_tb_cpu_state.

Note that not all BTI related flags are cached, so we have to
test the BTI feature twice -- once for those bits moved out to
rebuild_hflags_a64 and once for those bits that remain in
cpu_get_tb_cpu_state.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 131 +++++++++++++++++++++++---------------------
 1 file changed, 69 insertions(+), 62 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8829d91ae1d..69da04786e8 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11070,6 +11070,71 @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
     return flags;
 }
 
+static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
+                                   ARMMMUIdx mmu_idx)
+{
+    ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
+    ARMVAParameters p0 = aa64_va_parameters_both(env, 0, stage1);
+    uint32_t flags = 0;
+    uint64_t sctlr;
+    int tbii, tbid;
+
+    flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
+
+    /* FIXME: ARMv8.1-VHE S2 translation regime.  */
+    if (regime_el(env, stage1) < 2) {
+        ARMVAParameters p1 = aa64_va_parameters_both(env, -1, stage1);
+        tbid = (p1.tbi << 1) | p0.tbi;
+        tbii = tbid & ~((p1.tbid << 1) | p0.tbid);
+    } else {
+        tbid = p0.tbi;
+        tbii = tbid & !p0.tbid;
+    }
+
+    flags = FIELD_DP32(flags, TBFLAG_A64, TBII, tbii);
+    flags = FIELD_DP32(flags, TBFLAG_A64, TBID, tbid);
+
+    if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
+        int sve_el = sve_exception_el(env, el);
+        uint32_t zcr_len;
+
+        /*
+         * If SVE is disabled, but FP is enabled,
+         * then the effective len is 0.
+         */
+        if (sve_el != 0 && fp_el == 0) {
+            zcr_len = 0;
+        } else {
+            zcr_len = sve_zcr_len_for_el(env, el);
+        }
+        flags = FIELD_DP32(flags, TBFLAG_A64, SVEEXC_EL, sve_el);
+        flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
+    }
+
+    sctlr = arm_sctlr(env, el);
+
+    if (cpu_isar_feature(aa64_pauth, env_archcpu(env))) {
+        /*
+         * In order to save space in flags, we record only whether
+         * pauth is "inactive", meaning all insns are implemented as
+         * a nop, or "active" when some action must be performed.
+         * The decision of which action to take is left to a helper.
+         */
+        if (sctlr & (SCTLR_EnIA | SCTLR_EnIB | SCTLR_EnDA | SCTLR_EnDB)) {
+            flags = FIELD_DP32(flags, TBFLAG_A64, PAUTH_ACTIVE, 1);
+        }
+    }
+
+    if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
+        /* Note that SCTLR_EL[23].BT == SCTLR_BT1.  */
+        if (sctlr & (el == 0 ? SCTLR_BT0 : SCTLR_BT1)) {
+            flags = FIELD_DP32(flags, TBFLAG_A64, BT, 1);
+        }
+    }
+
+    return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
+}
+
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
@@ -11079,67 +11144,9 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     uint32_t flags = 0;
 
     if (is_a64(env)) {
-        ARMCPU *cpu = env_archcpu(env);
-        uint64_t sctlr;
-
         *pc = env->pc;
-        flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
-
-        /* Get control bits for tagged addresses.  */
-        {
-            ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
-            ARMVAParameters p0 = aa64_va_parameters_both(env, 0, stage1);
-            int tbii, tbid;
-
-            /* FIXME: ARMv8.1-VHE S2 translation regime.  */
-            if (regime_el(env, stage1) < 2) {
-                ARMVAParameters p1 = aa64_va_parameters_both(env, -1, stage1);
-                tbid = (p1.tbi << 1) | p0.tbi;
-                tbii = tbid & ~((p1.tbid << 1) | p0.tbid);
-            } else {
-                tbid = p0.tbi;
-                tbii = tbid & !p0.tbid;
-            }
-
-            flags = FIELD_DP32(flags, TBFLAG_A64, TBII, tbii);
-            flags = FIELD_DP32(flags, TBFLAG_A64, TBID, tbid);
-        }
-
-        if (cpu_isar_feature(aa64_sve, cpu)) {
-            int sve_el = sve_exception_el(env, current_el);
-            uint32_t zcr_len;
-
-            /* If SVE is disabled, but FP is enabled,
-             * then the effective len is 0.
-             */
-            if (sve_el != 0 && fp_el == 0) {
-                zcr_len = 0;
-            } else {
-                zcr_len = sve_zcr_len_for_el(env, current_el);
-            }
-            flags = FIELD_DP32(flags, TBFLAG_A64, SVEEXC_EL, sve_el);
-            flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
-        }
-
-        sctlr = arm_sctlr(env, current_el);
-
-        if (cpu_isar_feature(aa64_pauth, cpu)) {
-            /*
-             * In order to save space in flags, we record only whether
-             * pauth is "inactive", meaning all insns are implemented as
-             * a nop, or "active" when some action must be performed.
-             * The decision of which action to take is left to a helper.
-             */
-            if (sctlr & (SCTLR_EnIA | SCTLR_EnIB | SCTLR_EnDA | SCTLR_EnDB)) {
-                flags = FIELD_DP32(flags, TBFLAG_A64, PAUTH_ACTIVE, 1);
-            }
-        }
-
-        if (cpu_isar_feature(aa64_bti, cpu)) {
-            /* Note that SCTLR_EL[23].BT == SCTLR_BT1.  */
-            if (sctlr & (current_el == 0 ? SCTLR_BT0 : SCTLR_BT1)) {
-                flags = FIELD_DP32(flags, TBFLAG_A64, BT, 1);
-            }
+        flags = rebuild_hflags_a64(env, current_el, fp_el, mmu_idx);
+        if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
             flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
         }
     } else {
@@ -11159,9 +11166,9 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             flags = FIELD_DP32(flags, TBFLAG_A32,
                                XSCALE_CPAR, env->cp15.c15_cpar);
         }
-    }
 
-    flags = rebuild_hflags_common(env, fp_el, mmu_idx, flags);
+        flags = rebuild_hflags_common(env, fp_el, mmu_idx, flags);
+    }
 
     /* The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
      * states defined in the ARM ARM for software singlestep:
-- 
2.20.1

[PULL 13/41] target/arm: Split out rebuild_hflags_common_32

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Create a function to compute the values of the TBFLAG_A32 bits
that will be cached, and are used by all profiles.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 69da04786e8..f05d0424745 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11070,6 +11070,15 @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
     return flags;
 }
 
+static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
+                                         ARMMMUIdx mmu_idx, uint32_t flags)
+{
+    flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, arm_sctlr_b(env));
+    flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
+
+    return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
+}
+
 static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
@@ -11141,7 +11150,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
     int current_el = arm_current_el(env);
     int fp_el = fp_exception_el(env, current_el);
-    uint32_t flags = 0;
+    uint32_t flags;
 
     if (is_a64(env)) {
         *pc = env->pc;
@@ -11151,12 +11160,11 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     } else {
         *pc = env->regs[15];
+        flags = rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
         flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN, env->vfp.vec_len);
         flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE, env->vfp.vec_stride);
         flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
-        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, arm_sctlr_b(env));
-        flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
         if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)
             || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
             flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
@@ -11166,8 +11174,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             flags = FIELD_DP32(flags, TBFLAG_A32,
                                XSCALE_CPAR, env->cp15.c15_cpar);
         }
-
-        flags = rebuild_hflags_common(env, fp_el, mmu_idx, flags);
     }
 
     /* The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
-- 
2.20.1

[PULL 14/41] target/arm: Split arm_cpu_data_is_big_endian

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Set TBFLAG_ANY.BE_DATA in rebuild_hflags_common_32 and
rebuild_hflags_a64 instead of rebuild_hflags_common, where we do
not need to re-test is_a64() nor re-compute the various inputs.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 49 +++++++++++++++++++++++++++------------------
 target/arm/helper.c | 16 +++++++++++----
 2 files changed, 42 insertions(+), 23 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ad79a6153bb..4d961474ce7 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3108,33 +3108,44 @@ static inline uint64_t arm_sctlr(CPUARMState *env, int el)
     }
 }
 
+static inline bool arm_cpu_data_is_big_endian_a32(CPUARMState *env,
+                                                  bool sctlr_b)
+{
+#ifdef CONFIG_USER_ONLY
+    /*
+     * In system mode, BE32 is modelled in line with the
+     * architecture (as word-invariant big-endianness), where loads
+     * and stores are done little endian but from addresses which
+     * are adjusted by XORing with the appropriate constant. So the
+     * endianness to use for the raw data access is not affected by
+     * SCTLR.B.
+     * In user mode, however, we model BE32 as byte-invariant
+     * big-endianness (because user-only code cannot tell the
+     * difference), and so we need to use a data access endianness
+     * that depends on SCTLR.B.
+     */
+    if (sctlr_b) {
+        return true;
+    }
+#endif
+    /* In 32bit endianness is determined by looking at CPSR's E bit */
+    return env->uncached_cpsr & CPSR_E;
+}
+
+static inline bool arm_cpu_data_is_big_endian_a64(int el, uint64_t sctlr)
+{
+    return sctlr & (el ? SCTLR_EE : SCTLR_E0E);
+}
 
 /* Return true if the processor is in big-endian mode. */
 static inline bool arm_cpu_data_is_big_endian(CPUARMState *env)
 {
-    /* In 32bit endianness is determined by looking at CPSR's E bit */
     if (!is_a64(env)) {
-        return
-#ifdef CONFIG_USER_ONLY
-            /* In system mode, BE32 is modelled in line with the
-             * architecture (as word-invariant big-endianness), where loads
-             * and stores are done little endian but from addresses which
-             * are adjusted by XORing with the appropriate constant. So the
-             * endianness to use for the raw data access is not affected by
-             * SCTLR.B.
-             * In user mode, however, we model BE32 as byte-invariant
-             * big-endianness (because user-only code cannot tell the
-             * difference), and so we need to use a data access endianness
-             * that depends on SCTLR.B.
-             */
-            arm_sctlr_b(env) ||
-#endif
-                ((env->uncached_cpsr & CPSR_E) ? 1 : 0);
+        return arm_cpu_data_is_big_endian_a32(env, arm_sctlr_b(env));
     } else {
         int cur_el = arm_current_el(env);
         uint64_t sctlr = arm_sctlr(env, cur_el);
-
-        return (sctlr & (cur_el ? SCTLR_EE : SCTLR_E0E)) != 0;
+        return arm_cpu_data_is_big_endian_a64(cur_el, sctlr);
     }
 }
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f05d0424745..4c65476d936 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11061,9 +11061,6 @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
     flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX,
                        arm_to_core_mmu_idx(mmu_idx));
 
-    if (arm_cpu_data_is_big_endian(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
-    }
     if (arm_singlestep_active(env)) {
         flags = FIELD_DP32(flags, TBFLAG_ANY, SS_ACTIVE, 1);
     }
@@ -11073,7 +11070,14 @@ static uint32_t rebuild_hflags_common(CPUARMState *env, int fp_el,
 static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
                                          ARMMMUIdx mmu_idx, uint32_t flags)
 {
-    flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, arm_sctlr_b(env));
+    bool sctlr_b = arm_sctlr_b(env);
+
+    if (sctlr_b) {
+        flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, 1);
+    }
+    if (arm_cpu_data_is_big_endian_a32(env, sctlr_b)) {
+        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+    }
     flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
 
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
@@ -11122,6 +11126,10 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
 
     sctlr = arm_sctlr(env, el);
 
+    if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
+        flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
+    }
+
     if (cpu_isar_feature(aa64_pauth, env_archcpu(env))) {
         /*
          * In order to save space in flags, we record only whether
-- 
2.20.1

[PULL 15/41] target/arm: Split out rebuild_hflags_m32

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Create a function to compute the values of the TBFLAG_A32 bits
that will be cached, and are used by M-profile.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 45 ++++++++++++++++++++++++++++++---------------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4c65476d936..d4303420daf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11083,6 +11083,29 @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
 
+static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
+                                   ARMMMUIdx mmu_idx)
+{
+    uint32_t flags = 0;
+
+    if (arm_v7m_is_handler_mode(env)) {
+        flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
+    }
+
+    /*
+     * v8M always applies stack limit checks unless CCR.STKOFHFNMIGN
+     * is suppressing them because the requested execution priority
+     * is less than 0.
+     */
+    if (arm_feature(env, ARM_FEATURE_V8) &&
+        !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
+          (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
+        flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1);
+    }
+
+    return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
+}
+
 static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
@@ -11168,7 +11191,13 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     } else {
         *pc = env->regs[15];
-        flags = rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
+
+        if (arm_feature(env, ARM_FEATURE_M)) {
+            flags = rebuild_hflags_m32(env, fp_el, mmu_idx);
+        } else {
+            flags = rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
+        }
+
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
         flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN, env->vfp.vec_len);
         flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE, env->vfp.vec_stride);
@@ -11204,20 +11233,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     }
 
-    if (arm_v7m_is_handler_mode(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
-    }
-
-    /* v8M always applies stack limit checks unless CCR.STKOFHFNMIGN is
-     * suppressing them because the requested execution priority is less than 0.
-     */
-    if (arm_feature(env, ARM_FEATURE_V8) &&
-        arm_feature(env, ARM_FEATURE_M) &&
-        !((mmu_idx  & ARM_MMU_IDX_M_NEGPRI) &&
-          (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1);
-    }
-
     if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
         FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S) != env->v7m.secure) {
         flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
-- 
2.20.1

[PULL 16/41] target/arm: Reduce tests vs M-profile in cpu_get_tb_cpu_state

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Hoist the computation of some TBFLAG_A32 bits that only apply to
M-profile under a single test for ARM_FEATURE_M.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 49 +++++++++++++++++++++------------------------
 1 file changed, 23 insertions(+), 26 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4303420daf..296a4b2232c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11194,6 +11194,29 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
 
         if (arm_feature(env, ARM_FEATURE_M)) {
             flags = rebuild_hflags_m32(env, fp_el, mmu_idx);
+
+            if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
+                FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
+                != env->v7m.secure) {
+                flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
+            }
+
+            if ((env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
+                (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) ||
+                 (env->v7m.secure &&
+                  !(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)))) {
+                /*
+                 * ASPEN is set, but FPCA/SFPA indicate that there is no
+                 * active FP context; we must create a new FP context before
+                 * executing any FP insn.
+                 */
+                flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
+            }
+
+            bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
+            if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
+                flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
+            }
         } else {
             flags = rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
         }
@@ -11233,32 +11256,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     }
 
-    if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
-        FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S) != env->v7m.secure) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
-    }
-
-    if (arm_feature(env, ARM_FEATURE_M) &&
-        (env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
-        (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) ||
-         (env->v7m.secure &&
-          !(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)))) {
-        /*
-         * ASPEN is set, but FPCA/SFPA indicate that there is no active
-         * FP context; we must create a new FP context before executing
-         * any FP insn.
-         */
-        flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
-    }
-
-    if (arm_feature(env, ARM_FEATURE_M)) {
-        bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
-
-        if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
-            flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
-        }
-    }
-
     if (!arm_feature(env, ARM_FEATURE_M)) {
         int target_el = arm_debug_target_el(env);
 
-- 
2.20.1

[PULL 17/41] target/arm: Split out rebuild_hflags_a32

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Currently a trivial wrapper for rebuild_hflags_common_32.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 296a4b2232c..d1cd54cc931 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11106,6 +11106,12 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
+static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
+                                   ARMMMUIdx mmu_idx)
+{
+    return rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
+}
+
 static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
@@ -11218,7 +11224,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                 flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
             }
         } else {
-            flags = rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
+            flags = rebuild_hflags_a32(env, fp_el, mmu_idx);
         }
 
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
-- 
2.20.1

[PULL 18/41] target/arm: Split out rebuild_hflags_aprofile

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Create a function to compute the values of the TBFLAG_ANY bits
that will be cached, and are used by A-profile.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d1cd54cc931..ddd21edfcf1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11106,18 +11106,28 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
+static uint32_t rebuild_hflags_aprofile(CPUARMState *env)
+{
+    int flags = 0;
+
+    flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL,
+                       arm_debug_target_el(env));
+    return flags;
+}
+
 static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
-    return rebuild_hflags_common_32(env, fp_el, mmu_idx, 0);
+    uint32_t flags = rebuild_hflags_aprofile(env);
+    return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
 static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
+    uint32_t flags = rebuild_hflags_aprofile(env);
     ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
     ARMVAParameters p0 = aa64_va_parameters_both(env, 0, stage1);
-    uint32_t flags = 0;
     uint64_t sctlr;
     int tbii, tbid;
 
@@ -11262,12 +11272,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     }
 
-    if (!arm_feature(env, ARM_FEATURE_M)) {
-        int target_el = arm_debug_target_el(env);
-
-        flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL, target_el);
-    }
-
     *pflags = flags;
     *cs_base = 0;
 }
-- 
2.20.1

[PULL 19/41] target/arm: Hoist XSCALE_CPAR, VECLEN, VECSTRIDE in cpu_get_tb_cpu_state

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

We do not need to compute any of these values for M-profile.
Further, XSCALE_CPAR overlaps VECSTRIDE so obviously the two
sets must be mutually exclusive.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ddd21edfcf1..e2a62cf19a0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11235,21 +11235,28 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             }
         } else {
             flags = rebuild_hflags_a32(env, fp_el, mmu_idx);
+
+            /*
+             * Note that XSCALE_CPAR shares bits with VECSTRIDE.
+             * Note that VECLEN+VECSTRIDE are RES0 for M-profile.
+             */
+            if (arm_feature(env, ARM_FEATURE_XSCALE)) {
+                flags = FIELD_DP32(flags, TBFLAG_A32,
+                                   XSCALE_CPAR, env->cp15.c15_cpar);
+            } else {
+                flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN,
+                                   env->vfp.vec_len);
+                flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE,
+                                   env->vfp.vec_stride);
+            }
         }
 
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
-        flags = FIELD_DP32(flags, TBFLAG_A32, VECLEN, env->vfp.vec_len);
-        flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE, env->vfp.vec_stride);
         flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
         if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)
             || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
             flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
         }
-        /* Note that XSCALE_CPAR shares bits with VECSTRIDE */
-        if (arm_feature(env, ARM_FEATURE_XSCALE)) {
-            flags = FIELD_DP32(flags, TBFLAG_A32,
-                               XSCALE_CPAR, env->cp15.c15_cpar);
-        }
     }
 
     /* The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
-- 
2.20.1

[PULL 20/41] target/arm: Simplify set of PSTATE_SS in cpu_get_tb_cpu_state

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Hoist the variable load for PSTATE into the existing test vs is_a64.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index e2a62cf19a0..398e5f5d6df 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11197,7 +11197,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
     int current_el = arm_current_el(env);
     int fp_el = fp_exception_el(env, current_el);
-    uint32_t flags;
+    uint32_t flags, pstate_for_ss;
 
     if (is_a64(env)) {
         *pc = env->pc;
@@ -11205,6 +11205,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
             flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
         }
+        pstate_for_ss = env->pstate;
     } else {
         *pc = env->regs[15];
 
@@ -11257,9 +11258,11 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
             flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
         }
+        pstate_for_ss = env->uncached_cpsr;
     }
 
-    /* The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
+    /*
+     * The SS_ACTIVE and PSTATE_SS bits correspond to the state machine
      * states defined in the ARM ARM for software singlestep:
      *  SS_ACTIVE   PSTATE.SS   State
      *     0            x       Inactive (the TB flag for SS is always 0)
@@ -11267,16 +11270,9 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
      *     1            1       Active-not-pending
      * SS_ACTIVE is set in hflags; PSTATE_SS is computed every TB.
      */
-    if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE)) {
-        if (is_a64(env)) {
-            if (env->pstate & PSTATE_SS) {
-                flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
-            }
-        } else {
-            if (env->uncached_cpsr & PSTATE_SS) {
-                flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
-            }
-        }
+    if (FIELD_EX32(flags, TBFLAG_ANY, SS_ACTIVE) &&
+        (pstate_for_ss & PSTATE_SS)) {
+        flags = FIELD_DP32(flags, TBFLAG_ANY, PSTATE_SS, 1);
     }
 
     *pflags = flags;
-- 
2.20.1

[PULL 21/41] target/arm: Hoist computation of TBFLAG_A32.VFPEN

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

There are 3 conditions that each enable this flag.  M-profile always
enables; A-profile with EL1 as AA64 always enables.  Both of these
conditions can easily be cached.  The final condition relies on the
FPEXC register which we are not prepared to cache.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    |  2 +-
 target/arm/helper.c | 14 ++++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4d961474ce7..9909ff89d4f 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3192,7 +3192,7 @@ FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
  * the same thing as the current security state of the processor!
  */
 FIELD(TBFLAG_A32, NS, 6, 1)
-FIELD(TBFLAG_A32, VFPEN, 7, 1)          /* Not cached. */
+FIELD(TBFLAG_A32, VFPEN, 7, 1)          /* Partially cached, minus FPEXC. */
 FIELD(TBFLAG_A32, CONDEXEC, 8, 8)       /* Not cached. */
 FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
 /* For M profile only, set if FPCCR.LSPACT is set */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 398e5f5d6df..89aa6fd9339 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11088,6 +11088,9 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
 {
     uint32_t flags = 0;
 
+    /* v8M always enables the fpu.  */
+    flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
+
     if (arm_v7m_is_handler_mode(env)) {
         flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
     }
@@ -11119,6 +11122,10 @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, int fp_el,
                                    ARMMMUIdx mmu_idx)
 {
     uint32_t flags = rebuild_hflags_aprofile(env);
+
+    if (arm_el_is_aa64(env, 1)) {
+        flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
+    }
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
@@ -11250,14 +11257,13 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                 flags = FIELD_DP32(flags, TBFLAG_A32, VECSTRIDE,
                                    env->vfp.vec_stride);
             }
+            if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)) {
+                flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
+            }
         }
 
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
         flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
-        if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)
-            || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
-            flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
-        }
         pstate_for_ss = env->uncached_cpsr;
     }
 
-- 
2.20.1

[PULL 22/41] target/arm: Add arm_rebuild_hflags

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

This function assumes nothing about the current state of the cpu,
and writes the computed value to env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    |  6 ++++++
 target/arm/helper.c | 30 ++++++++++++++++++++++--------
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9909ff89d4f..d844ea21d8d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3297,6 +3297,12 @@ void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
 void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void
         *opaque);
 
+/**
+ * arm_rebuild_hflags:
+ * Rebuild the cached TBFLAGS for arbitrary changed processor state.
+ */
+void arm_rebuild_hflags(CPUARMState *env);
+
 /**
  * aa32_vfp_dreg:
  * Return a pointer to the Dn register within env in 32-bit mode.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 89aa6fd9339..85de96d071a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11198,17 +11198,35 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
 
+static uint32_t rebuild_hflags_internal(CPUARMState *env)
+{
+    int el = arm_current_el(env);
+    int fp_el = fp_exception_el(env, el);
+    ARMMMUIdx mmu_idx = arm_mmu_idx(env);
+
+    if (is_a64(env)) {
+        return rebuild_hflags_a64(env, el, fp_el, mmu_idx);
+    } else if (arm_feature(env, ARM_FEATURE_M)) {
+        return rebuild_hflags_m32(env, fp_el, mmu_idx);
+    } else {
+        return rebuild_hflags_a32(env, fp_el, mmu_idx);
+    }
+}
+
+void arm_rebuild_hflags(CPUARMState *env)
+{
+    env->hflags = rebuild_hflags_internal(env);
+}
+
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
-    ARMMMUIdx mmu_idx = arm_mmu_idx(env);
-    int current_el = arm_current_el(env);
-    int fp_el = fp_exception_el(env, current_el);
     uint32_t flags, pstate_for_ss;
 
+    flags = rebuild_hflags_internal(env);
+
     if (is_a64(env)) {
         *pc = env->pc;
-        flags = rebuild_hflags_a64(env, current_el, fp_el, mmu_idx);
         if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
             flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
         }
@@ -11217,8 +11235,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         *pc = env->regs[15];
 
         if (arm_feature(env, ARM_FEATURE_M)) {
-            flags = rebuild_hflags_m32(env, fp_el, mmu_idx);
-
             if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
                 FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
                 != env->v7m.secure) {
@@ -11242,8 +11258,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                 flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
             }
         } else {
-            flags = rebuild_hflags_a32(env, fp_el, mmu_idx);
-
             /*
              * Note that XSCALE_CPAR shares bits with VECSTRIDE.
              * Note that VECLEN+VECSTRIDE are RES0 for M-profile.
-- 
2.20.1

[PULL 23/41] target/arm: Split out arm_mmu_idx_el

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Avoid calling arm_current_el() twice.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/internals.h |  9 +++++++++
 target/arm/helper.c    | 12 +++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 232d9638753..f5313dd3d42 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -949,6 +949,15 @@ void arm_cpu_update_virq(ARMCPU *cpu);
  */
 void arm_cpu_update_vfiq(ARMCPU *cpu);
 
+/**
+ * arm_mmu_idx_el:
+ * @env: The cpu environment
+ * @el: The EL to use.
+ *
+ * Return the full ARMMMUIdx for the translation regime for EL.
+ */
+ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el);
+
 /**
  * arm_mmu_idx:
  * @env: The cpu environment
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 85de96d071a..3f7d3f257d8 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11026,15 +11026,12 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
 }
 #endif
 
-ARMMMUIdx arm_mmu_idx(CPUARMState *env)
+ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
 {
-    int el;
-
     if (arm_feature(env, ARM_FEATURE_M)) {
         return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
     }
 
-    el = arm_current_el(env);
     if (el < 2 && arm_is_secure_below_el3(env)) {
         return ARMMMUIdx_S1SE0 + el;
     } else {
@@ -11042,6 +11039,11 @@ ARMMMUIdx arm_mmu_idx(CPUARMState *env)
     }
 }
 
+ARMMMUIdx arm_mmu_idx(CPUARMState *env)
+{
+    return arm_mmu_idx_el(env, arm_current_el(env));
+}
+
 int cpu_mmu_index(CPUARMState *env, bool ifetch)
 {
     return arm_to_core_mmu_idx(arm_mmu_idx(env));
@@ -11202,7 +11204,7 @@ static uint32_t rebuild_hflags_internal(CPUARMState *env)
 {
     int el = arm_current_el(env);
     int fp_el = fp_exception_el(env, el);
-    ARMMMUIdx mmu_idx = arm_mmu_idx(env);
+    ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
 
     if (is_a64(env)) {
         return rebuild_hflags_a64(env, el, fp_el, mmu_idx);
-- 
2.20.1

[PULL 24/41] target/arm: Hoist store to cs_base in cpu_get_tb_cpu_state

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

By performing this store early, we avoid having to save and restore
the register holding the address around any function calls.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3f7d3f257d8..37424e3d4dd 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11225,6 +11225,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
 {
     uint32_t flags, pstate_for_ss;
 
+    *cs_base = 0;
     flags = rebuild_hflags_internal(env);
 
     if (is_a64(env)) {
@@ -11298,7 +11299,6 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     }
 
     *pflags = flags;
-    *cs_base = 0;
 }
 
 #ifdef TARGET_AARCH64
-- 
2.20.1

[PULL 25/41] target/arm: Add HELPER(rebuild_hflags_{a32, a64, m32})

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

This functions are given the mode and el state of the cpu
and writes the computed value to env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-16-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.h |  4 ++++
 target/arm/helper.c | 24 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 1fb2cb5a777..3d4ec267a2c 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -90,6 +90,10 @@ DEF_HELPER_4(msr_banked, void, env, i32, i32, i32)
 DEF_HELPER_2(get_user_reg, i32, env, i32)
 DEF_HELPER_3(set_user_reg, void, env, i32, i32)
 
+DEF_HELPER_FLAGS_2(rebuild_hflags_m32, TCG_CALL_NO_RWG, void, env, int)
+DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, int)
+DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, void, env, int)
+
 DEF_HELPER_1(vfp_get_fpscr, i32, env)
 DEF_HELPER_2(vfp_set_fpscr, void, env, i32)
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 37424e3d4dd..b2d701cf004 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11220,6 +11220,30 @@ void arm_rebuild_hflags(CPUARMState *env)
     env->hflags = rebuild_hflags_internal(env);
 }
 
+void HELPER(rebuild_hflags_m32)(CPUARMState *env, int el)
+{
+    int fp_el = fp_exception_el(env, el);
+    ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
+
+    env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx);
+}
+
+void HELPER(rebuild_hflags_a32)(CPUARMState *env, int el)
+{
+    int fp_el = fp_exception_el(env, el);
+    ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
+
+    env->hflags = rebuild_hflags_a32(env, fp_el, mmu_idx);
+}
+
+void HELPER(rebuild_hflags_a64)(CPUARMState *env, int el)
+{
+    int fp_el = fp_exception_el(env, el);
+    ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
+
+    env->hflags = rebuild_hflags_a64(env, el, fp_el, mmu_idx);
+}
+
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
-- 
2.20.1

[PULL 26/41] target/arm: Rebuild hflags at EL changes

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Begin setting, but not relying upon, env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 linux-user/syscall.c    | 1 +
 target/arm/cpu.c        | 1 +
 target/arm/helper-a64.c | 3 +++
 target/arm/helper.c     | 2 ++
 target/arm/machine.c    | 1 +
 target/arm/op_helper.c  | 1 +
 6 files changed, 9 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index f1ab81b9177..530c8433036 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9984,6 +9984,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
                     aarch64_sve_narrow_vq(env, vq);
                 }
                 env->vfp.zcr_el[1] = vq - 1;
+                arm_rebuild_hflags(env);
                 ret = vq * 16;
             }
             return ret;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 13813fb2135..ab3e1a03616 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -406,6 +406,7 @@ static void arm_cpu_reset(CPUState *s)
 
     hw_breakpoint_update_all(cpu);
     hw_watchpoint_update_all(cpu);
+    arm_rebuild_hflags(env);
 }
 
 bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index bca80bdc38b..b4cd680fc48 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -1025,6 +1025,7 @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
         } else {
             env->regs[15] = new_pc & ~0x3;
         }
+        helper_rebuild_hflags_a32(env, new_el);
         qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
                       "AArch32 EL%d PC 0x%" PRIx32 "\n",
                       cur_el, new_el, env->regs[15]);
@@ -1036,10 +1037,12 @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
         }
         aarch64_restore_sp(env, new_el);
         env->pc = new_pc;
+        helper_rebuild_hflags_a64(env, new_el);
         qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
                       "AArch64 EL%d PC 0x%" PRIx64 "\n",
                       cur_el, new_el, env->pc);
     }
+
     /*
      * Note that cur_el can never be 0.  If new_el is 0, then
      * el0_a64 is return_to_aa64, else el0_a64 is ignored.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b2d701cf004..aae7b62458f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7998,6 +7998,7 @@ static void take_aarch32_exception(CPUARMState *env, int new_mode,
         env->regs[14] = env->regs[15] + offset;
     }
     env->regs[15] = newpc;
+    arm_rebuild_hflags(env);
 }
 
 static void arm_cpu_do_interrupt_aarch32_hyp(CPUState *cs)
@@ -8345,6 +8346,7 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
     pstate_write(env, PSTATE_DAIF | new_mode);
     env->aarch64 = 1;
     aarch64_restore_sp(env, new_el);
+    helper_rebuild_hflags_a64(env, new_el);
 
     env->pc = addr;
 
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 5c36707a7c9..eb28b2381bb 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -756,6 +756,7 @@ static int cpu_post_load(void *opaque, int version_id)
     if (!kvm_enabled()) {
         pmu_op_finish(&cpu->env);
     }
+    arm_rebuild_hflags(&cpu->env);
 
     return 0;
 }
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 0fd4bd02385..ccc2cecb467 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -404,6 +404,7 @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
      * state. Do the masking now.
      */
     env->regs[15] &= (env->thumb ? ~1 : ~3);
+    arm_rebuild_hflags(env);
 
     qemu_mutex_lock_iothread();
     arm_call_el_change_hook(env_archcpu(env));
-- 
2.20.1

[PULL 27/41] target/arm: Rebuild hflags at MSR writes

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Continue setting, but not relying upon, env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 13 +++++++++++--
 target/arm/translate.c     | 28 +++++++++++++++++++++++-----
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 2d6cd09634c..d4bebbe6295 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1789,8 +1789,17 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
     if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
         /* I/O operations must end the TB here (whether read or write) */
         s->base.is_jmp = DISAS_UPDATE;
-    } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
-        /* We default to ending the TB on a coprocessor register write,
+    }
+    if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
+        /*
+         * A write to any coprocessor regiser that ends a TB
+         * must rebuild the hflags for the next TB.
+         */
+        TCGv_i32 tcg_el = tcg_const_i32(s->current_el);
+        gen_helper_rebuild_hflags_a64(cpu_env, tcg_el);
+        tcg_temp_free_i32(tcg_el);
+        /*
+         * We default to ending the TB on a coprocessor register write,
          * but allow this to be suppressed by the register definition
          * (usually only necessary to work around guest bugs).
          */
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 96340520ee2..46a0bf51c95 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6890,6 +6890,8 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
     ri = get_arm_cp_reginfo(s->cp_regs,
             ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
     if (ri) {
+        bool need_exit_tb;
+
         /* Check access permissions */
         if (!cp_access_ok(s->current_el, ri, isread)) {
             return 1;
@@ -7068,14 +7070,30 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
             }
         }
 
-        if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
-            /* I/O operations must end the TB here (whether read or write) */
-            gen_lookup_tb(s);
-        } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
-            /* We default to ending the TB on a coprocessor register write,
+        /* I/O operations must end the TB here (whether read or write) */
+        need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&
+                        (ri->type & ARM_CP_IO));
+
+        if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
+            /*
+             * A write to any coprocessor regiser that ends a TB
+             * must rebuild the hflags for the next TB.
+             */
+            TCGv_i32 tcg_el = tcg_const_i32(s->current_el);
+            if (arm_dc_feature(s, ARM_FEATURE_M)) {
+                gen_helper_rebuild_hflags_m32(cpu_env, tcg_el);
+            } else {
+                gen_helper_rebuild_hflags_a32(cpu_env, tcg_el);
+            }
+            tcg_temp_free_i32(tcg_el);
+            /*
+             * We default to ending the TB on a coprocessor register write,
              * but allow this to be suppressed by the register definition
              * (usually only necessary to work around guest bugs).
              */
+            need_exit_tb = true;
+        }
+        if (need_exit_tb) {
             gen_lookup_tb(s);
         }
 
-- 
2.20.1

[PULL 28/41] target/arm: Rebuild hflags at CPSR writes

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Continue setting, but not relying upon, env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/op_helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index ccc2cecb467..b529d6c1bf7 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -224,6 +224,7 @@ uint32_t HELPER(usat16)(CPUARMState *env, uint32_t x, uint32_t shift)
 void HELPER(setend)(CPUARMState *env)
 {
     env->uncached_cpsr ^= CPSR_E;
+    arm_rebuild_hflags(env);
 }
 
 /* Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
@@ -387,6 +388,8 @@ uint32_t HELPER(cpsr_read)(CPUARMState *env)
 void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask)
 {
     cpsr_write(env, val, mask, CPSRWriteByInstr);
+    /* TODO: Not all cpsr bits are relevant to hflags.  */
+    arm_rebuild_hflags(env);
 }
 
 /* Write the CPSR for a 32-bit exception return */
-- 
2.20.1

[PULL 29/41] target/arm: Rebuild hflags at Xscale SCTLR writes

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Continue setting, but not relying upon, env->hflags.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-20-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index aae7b62458f..c55783e5406 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4174,6 +4174,16 @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     /* ??? Lots of these bits are not implemented.  */
     /* This may enable/disable the MMU, so do a TLB flush.  */
     tlb_flush(CPU(cpu));
+
+    if (ri->type & ARM_CP_SUPPRESS_TB_END) {
+        /*
+         * Normally we would always end the TB on an SCTLR write; see the
+         * comment in ARMCPRegInfo sctlr initialization below for why Xscale
+         * is special.  Setting ARM_CP_SUPPRESS_TB_END also stops the rebuild
+         * of hflags from the translator, so do it here.
+         */
+        arm_rebuild_hflags(env);
+    }
 }
 
 static CPAccessResult fpexc32_access(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.20.1

[PULL 30/41] target/arm: Rebuild hflags for M-profile

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Continue setting, but not relying upon, env->hflags.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-21-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/m_helper.c  | 6 ++++++
 target/arm/translate.c | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 27cd2f3f964..f2512e448e2 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -494,6 +494,7 @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest)
     switch_v7m_security_state(env, dest & 1);
     env->thumb = 1;
     env->regs[15] = dest & ~1;
+    arm_rebuild_hflags(env);
 }
 
 void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
@@ -555,6 +556,7 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
     switch_v7m_security_state(env, 0);
     env->thumb = 1;
     env->regs[15] = dest;
+    arm_rebuild_hflags(env);
 }
 
 static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,
@@ -895,6 +897,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
     env->regs[14] = lr;
     env->regs[15] = addr & 0xfffffffe;
     env->thumb = addr & 1;
+    arm_rebuild_hflags(env);
 }
 
 static void v7m_update_fpccr(CPUARMState *env, uint32_t frameptr,
@@ -1765,6 +1768,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 
     /* Otherwise, we have a successful exception exit. */
     arm_clear_exclusive(env);
+    arm_rebuild_hflags(env);
     qemu_log_mask(CPU_LOG_INT, "...successful exception return\n");
 }
 
@@ -1837,6 +1841,7 @@ static bool do_v7m_function_return(ARMCPU *cpu)
     xpsr_write(env, 0, XPSR_IT);
     env->thumb = newpc & 1;
     env->regs[15] = newpc & ~1;
+    arm_rebuild_hflags(env);
 
     qemu_log_mask(CPU_LOG_INT, "...function return successful\n");
     return true;
@@ -1959,6 +1964,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
     switch_v7m_security_state(env, true);
     xpsr_write(env, 0, XPSR_IT);
     env->regs[15] += 4;
+    arm_rebuild_hflags(env);
     return true;
 
 gen_invep:
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 46a0bf51c95..2ea9da7637b 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8327,7 +8327,7 @@ static bool trans_MRS_v7m(DisasContext *s, arg_MRS_v7m *a)
 
 static bool trans_MSR_v7m(DisasContext *s, arg_MSR_v7m *a)
 {
-    TCGv_i32 addr, reg;
+    TCGv_i32 addr, reg, el;
 
     if (!arm_dc_feature(s, ARM_FEATURE_M)) {
         return false;
@@ -8337,6 +8337,9 @@ static bool trans_MSR_v7m(DisasContext *s, arg_MSR_v7m *a)
     gen_helper_v7m_msr(cpu_env, addr, reg);
     tcg_temp_free_i32(addr);
     tcg_temp_free_i32(reg);
+    el = tcg_const_i32(s->current_el);
+    gen_helper_rebuild_hflags_m32(cpu_env, el);
+    tcg_temp_free_i32(el);
     gen_lookup_tb(s);
     return true;
 }
-- 
2.20.1

[PULL 31/41] target/arm: Rebuild hflags for M-profile NVIC

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

Continue setting, but not relying upon, env->hflags.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-22-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/armv7m_nvic.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 8e93e51e815..e8c74f9ebaf 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -2251,7 +2251,7 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
             }
         }
         nvic_irq_update(s);
-        return MEMTX_OK;
+        goto exit_ok;
     case 0x200 ... 0x23f: /* NVIC Set pend */
         /* the special logic in armv7m_nvic_set_pending()
          * is not needed since IRQs are never escalated
@@ -2269,9 +2269,9 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
             }
         }
         nvic_irq_update(s);
-        return MEMTX_OK;
+        goto exit_ok;
     case 0x300 ... 0x33f: /* NVIC Active */
-        return MEMTX_OK; /* R/O */
+        goto exit_ok; /* R/O */
     case 0x400 ... 0x5ef: /* NVIC Priority */
         startvec = (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
 
@@ -2281,10 +2281,10 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
             }
         }
         nvic_irq_update(s);
-        return MEMTX_OK;
+        goto exit_ok;
     case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
         if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
-            return MEMTX_OK;
+            goto exit_ok;
         }
         /* fall through */
     case 0xd1c ... 0xd23: /* System Handler Priority (SHPR2, SHPR3) */
@@ -2299,10 +2299,10 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
             set_prio(s, hdlidx, sbank, newprio);
         }
         nvic_irq_update(s);
-        return MEMTX_OK;
+        goto exit_ok;
     case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
         if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
-            return MEMTX_OK;
+            goto exit_ok;
         }
         /* All bits are W1C, so construct 32 bit value with 0s in
          * the parts not written by the access size
@@ -2322,15 +2322,19 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
              */
             s->cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
         }
-        return MEMTX_OK;
+        goto exit_ok;
     }
     if (size == 4) {
         nvic_writel(s, offset, value, attrs);
-        return MEMTX_OK;
+        goto exit_ok;
     }
     qemu_log_mask(LOG_GUEST_ERROR,
                   "NVIC: Bad write of size %d at offset 0x%x\n", size, offset);
     /* This is UNPREDICTABLE; treat as RAZ/WI */
+
+ exit_ok:
+    /* Ensure any changes made are reflected in the cached hflags.  */
+    arm_rebuild_hflags(&s->cpu->env);
     return MEMTX_OK;
 }
 
-- 
2.20.1

[PULL 32/41] target/arm: Rely on hflags correct in cpu_get_tb_cpu_state

[Peter Maydell]

From: Richard Henderson <richard.henderson@linaro.org>

This is the payoff.

From perf record -g data of ubuntu 18 boot and shutdown:

BEFORE:

-   23.02%     2.82%  qemu-system-aar  [.] helper_lookup_tb_ptr
   - 20.22% helper_lookup_tb_ptr
      + 10.05% tb_htable_lookup
      - 9.13% cpu_get_tb_cpu_state
           3.20% aa64_va_parameters_both
           0.55% fp_exception_el

-   11.66%     4.74%  qemu-system-aar  [.] cpu_get_tb_cpu_state
   - 6.96% cpu_get_tb_cpu_state
        3.63% aa64_va_parameters_both
        0.60% fp_exception_el
        0.53% sve_exception_el

AFTER:

-   16.40%     3.40%  qemu-system-aar  [.] helper_lookup_tb_ptr
   - 13.03% helper_lookup_tb_ptr
      + 11.19% tb_htable_lookup
        0.55% cpu_get_tb_cpu_state

     0.98%     0.71%  qemu-system-aar  [.] cpu_get_tb_cpu_state

     0.87%     0.24%  qemu-system-aar  [.] rebuild_hflags_a64

Before, helper_lookup_tb_ptr is the second hottest function in the
application, consuming almost a quarter of the runtime.  Within the
entire execution, cpu_get_tb_cpu_state consumes about 12%.

After, helper_lookup_tb_ptr has dropped to the fourth hottest function,
with consumption dropping to a sixth of the runtime.  Within the
entire execution, cpu_get_tb_cpu_state has dropped below 1%, and the
supporting function to rebuild hflags also consumes about 1%.

Assertions are retained for --enable-debug-tcg.

Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191018174431.1784-23-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index c55783e5406..63815fc4cfc 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11259,12 +11259,15 @@ void HELPER(rebuild_hflags_a64)(CPUARMState *env, int el)
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
-    uint32_t flags, pstate_for_ss;
+    uint32_t flags = env->hflags;
+    uint32_t pstate_for_ss;
 
     *cs_base = 0;
-    flags = rebuild_hflags_internal(env);
+#ifdef CONFIG_DEBUG_TCG
+    assert(flags == rebuild_hflags_internal(env));
+#endif
 
-    if (is_a64(env)) {
+    if (FIELD_EX32(flags, TBFLAG_ANY, AARCH64_STATE)) {
         *pc = env->pc;
         if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
             flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
-- 
2.20.1

[PULL 33/41] hw/sd/sdhci: Add a comment to distinct the i.MX eSDHC functions

[Peter Maydell]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

This file keeps the various QDev blocks separated by comments.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Message-id: 20191005154748.21718-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/sd/sdhci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index e08ec3e3985..82ec5c1b4a4 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1532,6 +1532,8 @@ static const TypeInfo sdhci_bus_info = {
     .class_init = sdhci_bus_class_init,
 };
 
+/* --- qdev i.MX eSDHC --- */
+
 static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size)
 {
     SDHCIState *s = SYSBUS_SDHCI(opaque);
@@ -1734,7 +1736,6 @@ usdhc_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
     }
 }
 
-
 static const MemoryRegionOps usdhc_mmio_ops = {
     .read = usdhc_read,
     .write = usdhc_write,
-- 
2.20.1

[PULL 34/41] hw/sd/sdhci: Add dummy Samsung SDHCI controller

[Peter Maydell]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The Linux kernel access few S3C-specific registers [1] to set some
clock. We don't care about this part for device emulation [2]. Add
a dummy device to properly ignore these accesses, so we can focus
on the important registers missing.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/mmc/host/sdhci-s3c-regs.h?h=cc014f3
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/mmc/host/sdhci-s3c.c?h=v5.3#n263

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Message-id: 20191005154748.21718-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/sd/sdhci.h |  2 ++
 hw/sd/sdhci.c         | 65 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index cbf415e43ab..c6868c96994 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -116,4 +116,6 @@ typedef struct SDHCIState {
 
 #define TYPE_IMX_USDHC "imx-usdhc"
 
+#define TYPE_S3C_SDHCI "s3c-sdhci"
+
 #endif /* SDHCI_H */
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 82ec5c1b4a4..88404d0e9d5 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1761,11 +1761,76 @@ static const TypeInfo imx_usdhc_info = {
     .instance_init = imx_usdhc_init,
 };
 
+/* --- qdev Samsung s3c --- */
+
+#define S3C_SDHCI_CONTROL2      0x80
+#define S3C_SDHCI_CONTROL3      0x84
+#define S3C_SDHCI_CONTROL4      0x8c
+
+static uint64_t sdhci_s3c_read(void *opaque, hwaddr offset, unsigned size)
+{
+    uint64_t ret;
+
+    switch (offset) {
+    case S3C_SDHCI_CONTROL2:
+    case S3C_SDHCI_CONTROL3:
+    case S3C_SDHCI_CONTROL4:
+        /* ignore */
+        ret = 0;
+        break;
+    default:
+        ret = sdhci_read(opaque, offset, size);
+        break;
+    }
+
+    return ret;
+}
+
+static void sdhci_s3c_write(void *opaque, hwaddr offset, uint64_t val,
+                            unsigned size)
+{
+    switch (offset) {
+    case S3C_SDHCI_CONTROL2:
+    case S3C_SDHCI_CONTROL3:
+    case S3C_SDHCI_CONTROL4:
+        /* ignore */
+        break;
+    default:
+        sdhci_write(opaque, offset, val, size);
+        break;
+    }
+}
+
+static const MemoryRegionOps sdhci_s3c_mmio_ops = {
+    .read = sdhci_s3c_read,
+    .write = sdhci_s3c_write,
+    .valid = {
+        .min_access_size = 1,
+        .max_access_size = 4,
+        .unaligned = false
+    },
+    .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void sdhci_s3c_init(Object *obj)
+{
+    SDHCIState *s = SYSBUS_SDHCI(obj);
+
+    s->io_ops = &sdhci_s3c_mmio_ops;
+}
+
+static const TypeInfo sdhci_s3c_info = {
+    .name = TYPE_S3C_SDHCI  ,
+    .parent = TYPE_SYSBUS_SDHCI,
+    .instance_init = sdhci_s3c_init,
+};
+
 static void sdhci_register_types(void)
 {
     type_register_static(&sdhci_sysbus_info);
     type_register_static(&sdhci_bus_info);
     type_register_static(&imx_usdhc_info);
+    type_register_static(&sdhci_s3c_info);
 }
 
 type_init(sdhci_register_types)
-- 
2.20.1

[PULL 35/41] hw/arm/exynos4210: Use the Samsung s3c SDHCI controller

[Peter Maydell]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

The Exynos SoC has specific SDHCI registers. Use the s3c SDHCI
model which handle these specific registers.

This silents the following "SDHC ... not implemented" warnings so
we can focus on the important registers missing:

  $ qemu-system-arm ... -d unimp \
    -append "... root=/dev/mmcblk0 rootfstype=ext4 rw rootwait" \
    -drive file=linux-build-test/rootfs/arm/rootfs-armv5.ext2,if=sd,format=raw
  [...]
  [   25.744858] sdhci: Secure Digital Host Controller Interface driver
  [   25.745862] sdhci: Copyright(c) Pierre Ossman
  [   25.783188] s3c-sdhci 12530000.sdhci: clock source 2: mmc_busclk.2 (12000000 Hz)
  SDHC rd_4b @0x80 not implemented
  SDHC wr_4b @0x80 <- 0x00000020 not implemented
  SDHC wr_4b @0x8c <- 0x00030000 not implemented
  SDHC rd_4b @0x80 not implemented
  SDHC wr_4b @0x80 <- 0xc0004100 not implemented
  SDHC wr_4b @0x84 <- 0x80808080 not implemented
  [   26.013318] mmc0: SDHCI controller on samsung-hsmmc [12530000.sdhci] using ADMA
  [   26.032318] Synopsys Designware Multimedia Card Interface Driver
  [   42.024885] Waiting for root device /dev/mmcblk0...

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Message-id: 20191005154748.21718-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/exynos4210.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index a9f8a5c8688..77fbe1baabc 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -405,7 +405,7 @@ static void exynos4210_realize(DeviceState *socdev, Error **errp)
          * public datasheet which is very similar (implementing
          * MMC Specification Version 4.0 being the only difference noted)
          */
-        dev = qdev_create(NULL, TYPE_SYSBUS_SDHCI);
+        dev = qdev_create(NULL, TYPE_S3C_SDHCI);
         qdev_prop_set_uint64(dev, "capareg", EXYNOS4210_SDHCI_CAPABILITIES);
         qdev_init_nofail(dev);
 
-- 
2.20.1

[PULL 36/41] hw/arm/xilinx_zynq: Use the IEC binary prefix definitions

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/xilinx_zynq.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index c14774e542c..3a0fa5b23f7 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -16,6 +16,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
@@ -194,7 +195,7 @@ static void zynq_init(MachineState *machine)
     memory_region_add_subregion(address_space_mem, 0, ext_ram);
 
     /* 256K of on-chip memory */
-    memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 << 10,
+    memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 * KiB,
                            &error_fatal);
     memory_region_add_subregion(address_space_mem, 0xFFFC0000, ocm_ram);
 
-- 
2.20.1

[PULL 37/41] hw/arm/mps2: Use the IEC binary prefix definitions

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/mps2-tz.c | 3 ++-
 hw/arm/mps2.c    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index 6b24aaacded..f8b620bcc65 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -38,6 +38,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/arm/boot.h"
@@ -458,7 +459,7 @@ static void mps2tz_common_init(MachineState *machine)
      * call the 16MB our "system memory", as it's the largest lump.
      */
     memory_region_allocate_system_memory(&mms->psram,
-                                         NULL, "mps.ram", 0x01000000);
+                                         NULL, "mps.ram", 16 * MiB);
     memory_region_add_subregion(system_memory, 0x80000000, &mms->psram);
 
     /* The overflow IRQs for all UARTs are ORed together.
diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
index 10efff36b23..d002b126d39 100644
--- a/hw/arm/mps2.c
+++ b/hw/arm/mps2.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/arm/boot.h"
@@ -146,7 +147,7 @@ static void mps2_common_init(MachineState *machine)
      * zbt_boot_ctrl is always zero).
      */
     memory_region_allocate_system_memory(&mms->psram,
-                                         NULL, "mps.ram", 0x1000000);
+                                         NULL, "mps.ram", 16 * MiB);
     memory_region_add_subregion(system_memory, 0x21000000, &mms->psram);
 
     switch (mmc->fpga_type) {
-- 
2.20.1

[PULL 38/41] hw/arm/collie: Create the RAM in the board

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

The SDRAM is incorrectly created in the SA1110 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-4-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/strongarm.h | 4 +---
 hw/arm/collie.c    | 8 ++++++--
 hw/arm/strongarm.c | 7 +------
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/arm/strongarm.h b/hw/arm/strongarm.h
index e98840b461a..192821f6aab 100644
--- a/hw/arm/strongarm.h
+++ b/hw/arm/strongarm.h
@@ -55,7 +55,6 @@ enum {
 
 typedef struct {
     ARMCPU *cpu;
-    MemoryRegion sdram;
     DeviceState *pic;
     DeviceState *gpio;
     DeviceState *ppc;
@@ -63,7 +62,6 @@ typedef struct {
     SSIBus *ssp_bus;
 } StrongARMState;
 
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
-                            unsigned int sdram_size, const char *rev);
+StrongARMState *sa1110_init(const char *cpu_type);
 
 #endif
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index b1288ccea80..970a4405ccf 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -27,9 +27,13 @@ static void collie_init(MachineState *machine)
 {
     StrongARMState *s;
     DriveInfo *dinfo;
-    MemoryRegion *sysmem = get_system_memory();
+    MemoryRegion *sdram = g_new(MemoryRegion, 1);
 
-    s = sa1110_init(sysmem, collie_binfo.ram_size, machine->cpu_type);
+    s = sa1110_init(machine->cpu_type);
+
+    memory_region_allocate_system_memory(sdram, NULL, "strongarm.sdram",
+                                         collie_binfo.ram_size);
+    memory_region_add_subregion(get_system_memory(), SA_SDCS0, sdram);
 
     dinfo = drive_get(IF_PFLASH, 0, 0);
     pflash_cfi01_register(SA_CS0, "collie.fl1", 0x02000000,
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index dc65d88a657..6bee0349149 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -1586,8 +1586,7 @@ static const TypeInfo strongarm_ssp_info = {
 };
 
 /* Main CPU functions */
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
-                            unsigned int sdram_size, const char *cpu_type)
+StrongARMState *sa1110_init(const char *cpu_type)
 {
     StrongARMState *s;
     int i;
@@ -1601,10 +1600,6 @@ StrongARMState *sa1110_init(MemoryRegion *sysmem,
 
     s->cpu = ARM_CPU(cpu_create(cpu_type));
 
-    memory_region_allocate_system_memory(&s->sdram, NULL, "strongarm.sdram",
-                                         sdram_size);
-    memory_region_add_subregion(sysmem, SA_SDCS0, &s->sdram);
-
     s->pic = sysbus_create_varargs("strongarm_pic", 0x90050000,
                     qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ),
                     qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ),
-- 
2.20.1

[PULL 39/41] hw/arm/omap2: Create the RAM in the board

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

The SDRAM is incorrectly created in the OMAP2420 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-5-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/omap.h |  4 +---
 hw/arm/nseries.c      | 10 +++++++---
 hw/arm/omap2.c        | 13 +++++--------
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/include/hw/arm/omap.h b/include/hw/arm/omap.h
index 2fda9966484..763d8eab4fa 100644
--- a/include/hw/arm/omap.h
+++ b/include/hw/arm/omap.h
@@ -824,7 +824,6 @@ struct omap_mpu_state_s {
     MemoryRegion tap_iomem;
     MemoryRegion imif_ram;
     MemoryRegion emiff_ram;
-    MemoryRegion sdram;
     MemoryRegion sram;
 
     struct omap_dma_port_if_s {
@@ -938,8 +937,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
                 const char *core);
 
 /* omap2.c */
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
-                unsigned long sdram_size,
+struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sdram,
                 const char *core);
 
 uint32_t omap_badwidth_read8(void *opaque, hwaddr addr);
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index a36971d39aa..7e361936a9d 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -47,6 +47,7 @@
 
 /* Nokia N8x0 support */
 struct n800_s {
+    MemoryRegion sdram;
     struct omap_mpu_state_s *mpu;
 
     struct rfbi_chip_s blizzard;
@@ -1311,11 +1312,14 @@ static int n810_atag_setup(const struct arm_boot_info *info, void *p)
 static void n8x0_init(MachineState *machine,
                       struct arm_boot_info *binfo, int model)
 {
-    MemoryRegion *sysmem = get_system_memory();
     struct n800_s *s = (struct n800_s *) g_malloc0(sizeof(*s));
-    int sdram_size = binfo->ram_size;
+    uint64_t sdram_size = binfo->ram_size;
 
-    s->mpu = omap2420_mpu_init(sysmem, sdram_size, machine->cpu_type);
+    memory_region_allocate_system_memory(&s->sdram, NULL, "omap2.dram",
+                                         sdram_size);
+    memory_region_add_subregion(get_system_memory(), OMAP2_Q2_BASE, &s->sdram);
+
+    s->mpu = omap2420_mpu_init(&s->sdram, machine->cpu_type);
 
     /* Setup peripherals
      *
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index bd7ddff9831..457f152baca 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -22,6 +22,7 @@
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "exec/address-spaces.h"
 #include "sysemu/blockdev.h"
 #include "sysemu/qtest.h"
 #include "sysemu/reset.h"
@@ -2276,8 +2277,7 @@ static const struct dma_irq_map omap2_dma_irq_map[] = {
     { 0, OMAP_INT_24XX_SDMA_IRQ3 },
 };
 
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
-                unsigned long sdram_size,
+struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sdram,
                 const char *cpu_type)
 {
     struct omap_mpu_state_s *s = g_new0(struct omap_mpu_state_s, 1);
@@ -2286,11 +2286,11 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
     int i;
     SysBusDevice *busdev;
     struct omap_target_agent_s *ta;
+    MemoryRegion *sysmem = get_system_memory();
 
     /* Core */
     s->mpu_model = omap2420;
     s->cpu = ARM_CPU(cpu_create(cpu_type));
-    s->sdram_size = sdram_size;
     s->sram_size = OMAP242X_SRAM_SIZE;
 
     s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
@@ -2299,9 +2299,6 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
     omap_clk_init(s);
 
     /* Memory-mapped stuff */
-    memory_region_allocate_system_memory(&s->sdram, NULL, "omap2.dram",
-                                         s->sdram_size);
-    memory_region_add_subregion(sysmem, OMAP2_Q2_BASE, &s->sdram);
     memory_region_init_ram(&s->sram, NULL, "omap2.sram", s->sram_size,
                            &error_fatal);
     memory_region_add_subregion(sysmem, OMAP2_SRAM_BASE, &s->sram);
@@ -2338,8 +2335,8 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
     s->port->addr_valid = omap2_validate_addr;
 
     /* Register SDRAM and SRAM ports for fast DMA transfers.  */
-    soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sdram),
-                         OMAP2_Q2_BASE, s->sdram_size);
+    soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(sdram),
+                         OMAP2_Q2_BASE, memory_region_size(sdram));
     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->sram),
                          OMAP2_SRAM_BASE, s->sram_size);
 
-- 
2.20.1

[PULL 40/41] hw/arm/omap1: Create the RAM in the board

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

The SDRAM is incorrectly created in the OMAP310 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-6-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/arm/omap.h |  6 ++----
 hw/arm/omap1.c        | 12 +++++-------
 hw/arm/omap_sx1.c     |  8 ++++++--
 hw/arm/palm.c         |  8 ++++++--
 4 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/include/hw/arm/omap.h b/include/hw/arm/omap.h
index 763d8eab4fa..f3aa6700361 100644
--- a/include/hw/arm/omap.h
+++ b/include/hw/arm/omap.h
@@ -823,7 +823,6 @@ struct omap_mpu_state_s {
     MemoryRegion mpui_io_iomem;
     MemoryRegion tap_iomem;
     MemoryRegion imif_ram;
-    MemoryRegion emiff_ram;
     MemoryRegion sram;
 
     struct omap_dma_port_if_s {
@@ -835,7 +834,7 @@ struct omap_mpu_state_s {
                         hwaddr addr);
     } port[__omap_dma_port_last];
 
-    unsigned long sdram_size;
+    uint64_t sdram_size;
     unsigned long sram_size;
 
     /* MPUI-TIPB peripherals */
@@ -932,8 +931,7 @@ struct omap_mpu_state_s {
 };
 
 /* omap1.c */
-struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
-                unsigned long sdram_size,
+struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *sdram,
                 const char *core);
 
 /* omap2.c */
diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 0400593805e..6ce038a4535 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -23,6 +23,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "exec/address-spaces.h"
 #include "hw/boards.h"
 #include "hw/hw.h"
 #include "hw/irq.h"
@@ -3858,8 +3859,7 @@ static int omap_validate_tipb_mpui_addr(struct omap_mpu_state_s *s,
     return range_covers_byte(0xe1010000, 0xe1020004 - 0xe1010000, addr);
 }
 
-struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
-                unsigned long sdram_size,
+struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *dram,
                 const char *cpu_type)
 {
     int i;
@@ -3867,11 +3867,12 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
     qemu_irq dma_irqs[6];
     DriveInfo *dinfo;
     SysBusDevice *busdev;
+    MemoryRegion *system_memory = get_system_memory();
 
     /* Core */
     s->mpu_model = omap310;
     s->cpu = ARM_CPU(cpu_create(cpu_type));
-    s->sdram_size = sdram_size;
+    s->sdram_size = memory_region_size(dram);
     s->sram_size = OMAP15XX_SRAM_SIZE;
 
     s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
@@ -3880,9 +3881,6 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
     omap_clk_init(s);
 
     /* Memory-mapped stuff */
-    memory_region_allocate_system_memory(&s->emiff_ram, NULL, "omap1.dram",
-                                         s->sdram_size);
-    memory_region_add_subregion(system_memory, OMAP_EMIFF_BASE, &s->emiff_ram);
     memory_region_init_ram(&s->imif_ram, NULL, "omap1.sram", s->sram_size,
                            &error_fatal);
     memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, &s->imif_ram);
@@ -3925,7 +3923,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
     s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
 
     /* Register SDRAM and SRAM DMA ports for fast transfers.  */
-    soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->emiff_ram),
+    soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(dram),
                          OMAP_EMIFF_BASE, s->sdram_size);
     soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(&s->imif_ram),
                          OMAP_IMIF_BASE, s->sram_size);
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
index c071197be7f..be245714dbb 100644
--- a/hw/arm/omap_sx1.c
+++ b/hw/arm/omap_sx1.c
@@ -103,6 +103,7 @@ static void sx1_init(MachineState *machine, const int version)
 {
     struct omap_mpu_state_s *mpu;
     MemoryRegion *address_space = get_system_memory();
+    MemoryRegion *dram = g_new(MemoryRegion, 1);
     MemoryRegion *flash = g_new(MemoryRegion, 1);
     MemoryRegion *cs = g_new(MemoryRegion, 4);
     static uint32_t cs0val = 0x00213090;
@@ -118,8 +119,11 @@ static void sx1_init(MachineState *machine, const int version)
         flash_size = flash2_size;
     }
 
-    mpu = omap310_mpu_init(address_space, sx1_binfo.ram_size,
-                           machine->cpu_type);
+    memory_region_allocate_system_memory(dram, NULL, "omap1.dram",
+                                         sx1_binfo.ram_size);
+    memory_region_add_subregion(address_space, OMAP_EMIFF_BASE, dram);
+
+    mpu = omap310_mpu_init(dram, machine->cpu_type);
 
     /* External Flash (EMIFS) */
     memory_region_init_ram(flash, NULL, "omap_sx1.flash0-0", flash_size,
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
index 02a3a82b9b5..72eca8cc556 100644
--- a/hw/arm/palm.c
+++ b/hw/arm/palm.c
@@ -190,16 +190,20 @@ static void palmte_init(MachineState *machine)
     MemoryRegion *address_space_mem = get_system_memory();
     struct omap_mpu_state_s *mpu;
     int flash_size = 0x00800000;
-    int sdram_size = palmte_binfo.ram_size;
     static uint32_t cs0val = 0xffffffff;
     static uint32_t cs1val = 0x0000e1a0;
     static uint32_t cs2val = 0x0000e1a0;
     static uint32_t cs3val = 0xe1a0e1a0;
     int rom_size, rom_loaded = 0;
+    MemoryRegion *dram = g_new(MemoryRegion, 1);
     MemoryRegion *flash = g_new(MemoryRegion, 1);
     MemoryRegion *cs = g_new(MemoryRegion, 4);
 
-    mpu = omap310_mpu_init(address_space_mem, sdram_size, machine->cpu_type);
+    memory_region_allocate_system_memory(dram, NULL, "omap1.dram",
+                                         palmte_binfo.ram_size);
+    memory_region_add_subregion(address_space_mem, OMAP_EMIFF_BASE, dram);
+
+    mpu = omap310_mpu_init(dram, machine->cpu_type);
 
     /* External Flash (EMIFS) */
     memory_region_init_ram(flash, NULL, "palmte.flash", flash_size,
-- 
2.20.1

[PULL 41/41] hw/arm/digic4: Inline digic4_board_setup_ram() function

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Having the RAM creation code in a separate function is not
very helpful. Move this code directly inside the board_init()
function, this will later allow the board to have the QOM
ownership of the RAM.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20191021190653.9511-7-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/digic_boards.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c
index 304e4d1a294..ef3fc2b6a5f 100644
--- a/hw/arm/digic_boards.c
+++ b/hw/arm/digic_boards.c
@@ -53,12 +53,6 @@ typedef struct DigicBoard {
     const char *rom1_def_filename;
 } DigicBoard;
 
-static void digic4_board_setup_ram(DigicBoardState *s, hwaddr ram_size)
-{
-    memory_region_allocate_system_memory(&s->ram, NULL, "ram", ram_size);
-    memory_region_add_subregion(get_system_memory(), 0, &s->ram);
-}
-
 static void digic4_board_init(DigicBoard *board)
 {
     Error *err = NULL;
@@ -72,7 +66,8 @@ static void digic4_board_init(DigicBoard *board)
         exit(1);
     }
 
-    digic4_board_setup_ram(s, board->ram_size);
+    memory_region_allocate_system_memory(&s->ram, NULL, "ram", board->ram_size);
+    memory_region_add_subregion(get_system_memory(), 0, &s->ram);
 
     if (board->add_rom0) {
         board->add_rom0(s, DIGIC4_ROM0_BASE, board->rom0_def_filename);
-- 
2.20.1

[PULL 00/41] target-arm queue

[Peter Maydell]

The following changes since commit 4c41341af76cfc85b5a6c0f87de4838672ab9f89:

  Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20201020' into staging (2020-10-20 11:20:36 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201020

for you to fetch changes up to 6358890cb939192f6169fdf7664d903bf9b1d338:

  tests/tcg/aarch64: Add bti smoke tests (2020-10-20 16:12:02 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix AArch32 SMLAD incorrect setting of Q bit
 * AArch32 VCVT fixed-point to float is always round-to-nearest
 * strongarm: Fix 'time to transmit a char' unit comment
 * Restrict APEI tables generation to the 'virt' machine
 * bcm2835: minor code cleanups
 * correctly flush TLBs when TBI is enabled
 * tests/qtest: Add npcm7xx timer test
 * loads-stores.rst: add footnote that clarifies GETPC usage
 * Fix reported EL for mte_check_fail
 * Ignore HCR_EL2.ATA when {E2H,TGE} != 11
 * microbit_i2c: Fix coredump when dump-vmstate
 * nseries: Fix loading kernel image on n8x0 machines
 * Implement v8.1M low-overhead-loops
 * linux-user: Support AArch64 BTI

----------------------------------------------------------------
Emanuele Giuseppe Esposito (1):
      loads-stores.rst: add footnote that clarifies GETPC usage

Havard Skinnemoen (1):
      tests/qtest: Add npcm7xx timer test

Peng Liang (1):
      microbit_i2c: Fix coredump when dump-vmstate

Peter Maydell (12):
      target/arm: Fix SMLAD incorrect setting of Q bit
      target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest
      decodetree: Fix codegen for non-overlapping group inside overlapping group
      target/arm: Implement v8.1M NOCP handling
      target/arm: Implement v8.1M conditional-select insns
      target/arm: Make the t32 insn[25:23]=111 group non-overlapping
      target/arm: Don't allow BLX imm for M-profile
      target/arm: Implement v8.1M branch-future insns (as NOPs)
      target/arm: Implement v8.1M low-overhead-loop instructions
      target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
      target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
      target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension

Philippe Mathieu-Daudé (10):
      hw/arm/strongarm: Fix 'time to transmit a char' unit comment
      hw/arm: Restrict APEI tables generation to the 'virt' machine
      hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
      hw/timer/bcm2835: Rename variable holding CTRL_STATUS register
      hw/timer/bcm2835: Support the timer COMPARE registers
      hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
      hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
      hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
      hw/arm/nseries: Fix loading kernel image on n8x0 machines
      linux-user/elfload: Avoid leaking interp_name using GLib memory API

Richard Henderson (16):
      accel/tcg: Add tlb_flush_page_bits_by_mmuidx*
      target/arm: Use tlb_flush_page_bits_by_mmuidx*
      target/arm: Remove redundant mmu_idx lookup
      target/arm: Fix reported EL for mte_check_fail
      target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11
      linux-user/aarch64: Reset btype for signals
      linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
      include/elf: Add defines related to GNU property notes for AArch64
      linux-user/elfload: Fix coding style in load_elf_image
      linux-user/elfload: Adjust iteration over phdr
      linux-user/elfload: Move PT_INTERP detection to first loop
      linux-user/elfload: Use Error for load_elf_image
      linux-user/elfload: Use Error for load_elf_interp
      linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes
      linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND
      tests/tcg/aarch64: Add bti smoke tests

 docs/devel/loads-stores.rst             |   8 +-
 default-configs/devices/arm-softmmu.mak |   1 -
 include/elf.h                           |  22 ++
 include/exec/cpu-all.h                  |   2 +
 include/exec/exec-all.h                 |  36 ++
 include/hw/timer/bcm2835_systmr.h       |  17 +-
 linux-user/qemu.h                       |   4 +
 linux-user/syscall_defs.h               |   4 +
 target/arm/cpu.h                        |  13 +
 target/arm/helper.h                     |  13 +
 target/arm/internals.h                  |   9 +-
 target/arm/m-nocp.decode                |  10 +-
 target/arm/t32.decode                   |  50 ++-
 accel/tcg/cputlb.c                      | 275 +++++++++++++++-
 hw/arm/bcm2835_peripherals.c            |  13 +-
 hw/arm/nseries.c                        |   1 +
 hw/arm/strongarm.c                      |   2 +-
 hw/i2c/microbit_i2c.c                   |   1 +
 hw/intc/bcm2835_ic.c                    |   4 +-
 hw/intc/bcm2836_control.c               |   8 +-
 hw/timer/bcm2835_systmr.c               |  57 ++--
 linux-user/aarch64/signal.c             |  10 +-
 linux-user/elfload.c                    | 326 ++++++++++++++----
 linux-user/mmap.c                       |  16 +
 target/arm/cpu.c                        |  38 ++-
 target/arm/helper.c                     |  55 +++-
 target/arm/mte_helper.c                 |  13 +-
 target/arm/translate-a64.c              |   6 +-
 target/arm/translate.c                  | 239 +++++++++++++-
 target/arm/vfp_helper.c                 |  76 +++--
 tests/qtest/npcm7xx_timer-test.c        | 562 ++++++++++++++++++++++++++++++++
 tests/tcg/aarch64/bti-1.c               |  62 ++++
 tests/tcg/aarch64/bti-2.c               | 108 ++++++
 tests/tcg/aarch64/bti-crt.inc.c         |  51 +++
 hw/arm/Kconfig                          |   1 +
 hw/intc/trace-events                    |   4 +
 hw/timer/trace-events                   |   6 +-
 scripts/decodetree.py                   |   2 +-
 target/arm/translate-vfp.c.inc          |  41 ++-
 tests/qtest/meson.build                 |   1 +
 tests/tcg/aarch64/Makefile.target       |  10 +
 tests/tcg/configure.sh                  |   4 +
 42 files changed, 1973 insertions(+), 208 deletions(-)
 create mode 100644 tests/qtest/npcm7xx_timer-test.c
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-2.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c

Re: [PULL 00/41] target-arm queue

[Philippe Mathieu-Daudé]

On 10/20/20 5:56 PM, Peter Maydell wrote:
> The following changes since commit 4c41341af76cfc85b5a6c0f87de4838672ab9f89:
> 
>    Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20201020' into staging (2020-10-20 11:20:36 +0100)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201020
> 
> for you to fetch changes up to 6358890cb939192f6169fdf7664d903bf9b1d338:
> 
>    tests/tcg/aarch64: Add bti smoke tests (2020-10-20 16:12:02 +0100)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * Fix AArch32 SMLAD incorrect setting of Q bit
>   * AArch32 VCVT fixed-point to float is always round-to-nearest
>   * strongarm: Fix 'time to transmit a char' unit comment
>   * Restrict APEI tables generation to the 'virt' machine
>   * bcm2835: minor code cleanups

Just to clarify, the main part there is a bugfix ;) Only the first
IRQ from the SYS_timer was delivered to the ARM core. It passed my
smoke test because when I wrote the model only u-boot was using this
peripheral, then Linux started to use it.

Fixes: 0e5bbd74064 ("hw/arm/bcm2835_peripherals: Use the SYS_timer")

>   * correctly flush TLBs when TBI is enabled
>   * tests/qtest: Add npcm7xx timer test
>   * loads-stores.rst: add footnote that clarifies GETPC usage
>   * Fix reported EL for mte_check_fail
>   * Ignore HCR_EL2.ATA when {E2H,TGE} != 11
>   * microbit_i2c: Fix coredump when dump-vmstate
>   * nseries: Fix loading kernel image on n8x0 machines
>   * Implement v8.1M low-overhead-loops
>   * linux-user: Support AArch64 BTI
> 
> ----------------------------------------------------------------
> Emanuele Giuseppe Esposito (1):
>        loads-stores.rst: add footnote that clarifies GETPC usage
> 
> Havard Skinnemoen (1):
>        tests/qtest: Add npcm7xx timer test
> 
> Peng Liang (1):
>        microbit_i2c: Fix coredump when dump-vmstate
> 
> Peter Maydell (12):
>        target/arm: Fix SMLAD incorrect setting of Q bit
>        target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest
>        decodetree: Fix codegen for non-overlapping group inside overlapping group
>        target/arm: Implement v8.1M NOCP handling
>        target/arm: Implement v8.1M conditional-select insns
>        target/arm: Make the t32 insn[25:23]=111 group non-overlapping
>        target/arm: Don't allow BLX imm for M-profile
>        target/arm: Implement v8.1M branch-future insns (as NOPs)
>        target/arm: Implement v8.1M low-overhead-loop instructions
>        target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
>        target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
>        target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension
> 
> Philippe Mathieu-Daudé (10):
>        hw/arm/strongarm: Fix 'time to transmit a char' unit comment
>        hw/arm: Restrict APEI tables generation to the 'virt' machine
>        hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
>        hw/timer/bcm2835: Rename variable holding CTRL_STATUS register
>        hw/timer/bcm2835: Support the timer COMPARE registers
>        hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
>        hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
>        hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
>        hw/arm/nseries: Fix loading kernel image on n8x0 machines
>        linux-user/elfload: Avoid leaking interp_name using GLib memory API
> 
> Richard Henderson (16):
>        accel/tcg: Add tlb_flush_page_bits_by_mmuidx*
>        target/arm: Use tlb_flush_page_bits_by_mmuidx*
>        target/arm: Remove redundant mmu_idx lookup
>        target/arm: Fix reported EL for mte_check_fail
>        target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11
>        linux-user/aarch64: Reset btype for signals
>        linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
>        include/elf: Add defines related to GNU property notes for AArch64
>        linux-user/elfload: Fix coding style in load_elf_image
>        linux-user/elfload: Adjust iteration over phdr
>        linux-user/elfload: Move PT_INTERP detection to first loop
>        linux-user/elfload: Use Error for load_elf_image
>        linux-user/elfload: Use Error for load_elf_interp
>        linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes
>        linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND
>        tests/tcg/aarch64: Add bti smoke tests
> 
>   docs/devel/loads-stores.rst             |   8 +-
>   default-configs/devices/arm-softmmu.mak |   1 -
>   include/elf.h                           |  22 ++
>   include/exec/cpu-all.h                  |   2 +
>   include/exec/exec-all.h                 |  36 ++
>   include/hw/timer/bcm2835_systmr.h       |  17 +-
>   linux-user/qemu.h                       |   4 +
>   linux-user/syscall_defs.h               |   4 +
>   target/arm/cpu.h                        |  13 +
>   target/arm/helper.h                     |  13 +
>   target/arm/internals.h                  |   9 +-
>   target/arm/m-nocp.decode                |  10 +-
>   target/arm/t32.decode                   |  50 ++-
>   accel/tcg/cputlb.c                      | 275 +++++++++++++++-
>   hw/arm/bcm2835_peripherals.c            |  13 +-
>   hw/arm/nseries.c                        |   1 +
>   hw/arm/strongarm.c                      |   2 +-
>   hw/i2c/microbit_i2c.c                   |   1 +
>   hw/intc/bcm2835_ic.c                    |   4 +-
>   hw/intc/bcm2836_control.c               |   8 +-
>   hw/timer/bcm2835_systmr.c               |  57 ++--
>   linux-user/aarch64/signal.c             |  10 +-
>   linux-user/elfload.c                    | 326 ++++++++++++++----
>   linux-user/mmap.c                       |  16 +
>   target/arm/cpu.c                        |  38 ++-
>   target/arm/helper.c                     |  55 +++-
>   target/arm/mte_helper.c                 |  13 +-
>   target/arm/translate-a64.c              |   6 +-
>   target/arm/translate.c                  | 239 +++++++++++++-
>   target/arm/vfp_helper.c                 |  76 +++--
>   tests/qtest/npcm7xx_timer-test.c        | 562 ++++++++++++++++++++++++++++++++
>   tests/tcg/aarch64/bti-1.c               |  62 ++++
>   tests/tcg/aarch64/bti-2.c               | 108 ++++++
>   tests/tcg/aarch64/bti-crt.inc.c         |  51 +++
>   hw/arm/Kconfig                          |   1 +
>   hw/intc/trace-events                    |   4 +
>   hw/timer/trace-events                   |   6 +-
>   scripts/decodetree.py                   |   2 +-
>   target/arm/translate-vfp.c.inc          |  41 ++-
>   tests/qtest/meson.build                 |   1 +
>   tests/tcg/aarch64/Makefile.target       |  10 +
>   tests/tcg/configure.sh                  |   4 +
>   42 files changed, 1973 insertions(+), 208 deletions(-)
>   create mode 100644 tests/qtest/npcm7xx_timer-test.c
>   create mode 100644 tests/tcg/aarch64/bti-1.c
>   create mode 100644 tests/tcg/aarch64/bti-2.c
>   create mode 100644 tests/tcg/aarch64/bti-crt.inc.c
> 

Re: [PULL 00/41] target-arm queue

[no-reply]

Patchew URL: https://patchew.org/QEMU/20201020155656.8045-1-peter.maydell@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20201020155656.8045-1-peter.maydell@linaro.org
Subject: [PULL 00/41] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20201020155656.8045-1-peter.maydell@linaro.org -> patchew/20201020155656.8045-1-peter.maydell@linaro.org
Switched to a new branch 'test'
6abc744 tests/tcg/aarch64: Add bti smoke tests
7a68af2 linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND
01490e2 linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes
acf0bee linux-user/elfload: Use Error for load_elf_interp
91b7dd8 linux-user/elfload: Use Error for load_elf_image
7049151 linux-user/elfload: Move PT_INTERP detection to first loop
a0f6f8a linux-user/elfload: Adjust iteration over phdr
f72dee2 linux-user/elfload: Fix coding style in load_elf_image
7596df6 linux-user/elfload: Avoid leaking interp_name using GLib memory API
3fe25e0 include/elf: Add defines related to GNU property notes for AArch64
13164fa linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
c4b76c8 linux-user/aarch64: Reset btype for signals
dc528f1 target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension
de2ff37 target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
f2c3512 target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
e0a512a target/arm: Implement v8.1M low-overhead-loop instructions
06a929a target/arm: Implement v8.1M branch-future insns (as NOPs)
b4a7269 target/arm: Don't allow BLX imm for M-profile
8e904bc target/arm: Make the t32 insn[25:23]=111 group non-overlapping
e3fcb8a target/arm: Implement v8.1M conditional-select insns
d166303 target/arm: Implement v8.1M NOCP handling
2ceaf26 decodetree: Fix codegen for non-overlapping group inside overlapping group
8c0c38f hw/arm/nseries: Fix loading kernel image on n8x0 machines
99b88b1 microbit_i2c: Fix coredump when dump-vmstate
e435b66 target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11
c55690c target/arm: Fix reported EL for mte_check_fail
b7d98d6 target/arm: Remove redundant mmu_idx lookup
81baae0 hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
5860faf hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
76359b5 loads-stores.rst: add footnote that clarifies GETPC usage
b503f8f tests/qtest: Add npcm7xx timer test
37f9306 target/arm: Use tlb_flush_page_bits_by_mmuidx*
e4d595c accel/tcg: Add tlb_flush_page_bits_by_mmuidx*
323e682 hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
e10bde5 hw/timer/bcm2835: Support the timer COMPARE registers
86d375e hw/timer/bcm2835: Rename variable holding CTRL_STATUS register
5ffed07 hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
2540e23 hw/arm: Restrict APEI tables generation to the 'virt' machine
2bafeaf hw/arm/strongarm: Fix 'time to transmit a char' unit comment
8f189cc target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest
a647677 target/arm: Fix SMLAD incorrect setting of Q bit

=== OUTPUT BEGIN ===
1/41 Checking commit a6476779ea51 (target/arm: Fix SMLAD incorrect setting of Q bit)
2/41 Checking commit 8f189ccc02db (target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest)
3/41 Checking commit 2bafeaf8bf3f (hw/arm/strongarm: Fix 'time to transmit a char' unit comment)
4/41 Checking commit 2540e23a83dd (hw/arm: Restrict APEI tables generation to the 'virt' machine)
5/41 Checking commit 5ffed07b26c0 (hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition)
6/41 Checking commit 86d375e278b1 (hw/timer/bcm2835: Rename variable holding CTRL_STATUS register)
7/41 Checking commit e10bde59e2a4 (hw/timer/bcm2835: Support the timer COMPARE registers)
8/41 Checking commit 323e6827dbbc (hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs)
9/41 Checking commit e4d595cfa99f (accel/tcg: Add tlb_flush_page_bits_by_mmuidx*)
10/41 Checking commit 37f9306c03c9 (target/arm: Use tlb_flush_page_bits_by_mmuidx*)
11/41 Checking commit b503f8fa751d (tests/qtest: Add npcm7xx timer test)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#37: 
new file mode 100644

total: 0 errors, 1 warnings, 569 lines checked

Patch 11/41 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/41 Checking commit 76359b58d121 (loads-stores.rst: add footnote that clarifies GETPC usage)
13/41 Checking commit 5860faf69fb1 (hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers)
14/41 Checking commit 81baae0ed94e (hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers)
15/41 Checking commit b7d98d67ee25 (target/arm: Remove redundant mmu_idx lookup)
16/41 Checking commit c55690c5edb3 (target/arm: Fix reported EL for mte_check_fail)
17/41 Checking commit e435b66cfd75 (target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11)
18/41 Checking commit 99b88b1e120a (microbit_i2c: Fix coredump when dump-vmstate)
19/41 Checking commit 8c0c38fd2031 (hw/arm/nseries: Fix loading kernel image on n8x0 machines)
20/41 Checking commit 2ceaf26e4ebc (decodetree: Fix codegen for non-overlapping group inside overlapping group)
21/41 Checking commit d166303278b8 (target/arm: Implement v8.1M NOCP handling)
22/41 Checking commit e3fcb8a10bd0 (target/arm: Implement v8.1M conditional-select insns)
23/41 Checking commit 8e904bc6d157 (target/arm: Make the t32 insn[25:23]=111 group non-overlapping)
24/41 Checking commit b4a7269fe480 (target/arm: Don't allow BLX imm for M-profile)
25/41 Checking commit 06a929a984b3 (target/arm: Implement v8.1M branch-future insns (as NOPs))
26/41 Checking commit e0a512af2aea (target/arm: Implement v8.1M low-overhead-loop instructions)
27/41 Checking commit f2c351298873 (target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile)
28/41 Checking commit de2ff3705cdc (target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16)
29/41 Checking commit dc528f1d2564 (target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension)
30/41 Checking commit c4b76c81695c (linux-user/aarch64: Reset btype for signals)
31/41 Checking commit 13164fa337d7 (linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI)
32/41 Checking commit 3fe25e0a9b47 (include/elf: Add defines related to GNU property notes for AArch64)
33/41 Checking commit 7596df60e0a7 (linux-user/elfload: Avoid leaking interp_name using GLib memory API)
34/41 Checking commit f72dee236706 (linux-user/elfload: Fix coding style in load_elf_image)
35/41 Checking commit a0f6f8a06f8b (linux-user/elfload: Adjust iteration over phdr)
36/41 Checking commit 7049151b6492 (linux-user/elfload: Move PT_INTERP detection to first loop)
37/41 Checking commit 91b7dd86b6f2 (linux-user/elfload: Use Error for load_elf_image)
38/41 Checking commit acf0beedd932 (linux-user/elfload: Use Error for load_elf_interp)
39/41 Checking commit 01490e235e98 (linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes)
40/41 Checking commit 7a68af21bbdd (linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND)
41/41 Checking commit 6abc744a59cb (tests/tcg/aarch64: Add bti smoke tests)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#39: 
new file mode 100644

ERROR: externs should be avoided in .c files
#167: FILE: tests/tcg/aarch64/bti-2.c:56:
+extern char test_begin[], test_end[];

ERROR: use qemu_real_host_page_size instead of getpagesize()
#201: FILE: tests/tcg/aarch64/bti-2.c:90:
+    void *p = mmap(0, getpagesize(),

ERROR: externs should be avoided in .c files
#238: FILE: tests/tcg/aarch64/bti-crt.inc.c:13:
+int main(void);

total: 3 errors, 1 warnings, 247 lines checked

Patch 41/41 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20201020155656.8045-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

[PULL 00/41] target-arm queue

[Peter Maydell]

Hi; here's the latest target-arm queue. Mostly this is refactoring
and cleanup type patches.

thanks
-- PMM

The following changes since commit c60be6e3e38cb36dc66129e757ec4b34152232be:

  Merge tag 'pull-sp-20231025' of https://gitlab.com/rth7680/qemu into staging (2023-10-27 09:43:53 +0900)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20231027

for you to fetch changes up to df93de987f423a0ed918c425f5dbd9a25d3c6229:

  hw/net/cadence_gem: enforce 32 bits variable size for CRC (2023-10-27 15:27:06 +0100)

----------------------------------------------------------------
target-arm queue:
 * Correct minor errors in Cortex-A710 definition
 * Implement Neoverse N2 CPU model
 * Refactor feature test functions out into separate header
 * Fix syndrome for FGT traps on ERET
 * Remove 'hw/arm/boot.h' includes from various header files
 * pxa2xx: Refactoring/cleanup
 * Avoid using 'first_cpu' when first ARM CPU is reachable
 * misc/led: LED state is set opposite of what is expected
 * hw/net/cadence_gen: clean up to use FIELD macros
 * hw/net/cadence_gem: perform PHY access on write only
 * hw/net/cadence_gem: enforce 32 bits variable size for CRC

----------------------------------------------------------------
Glenn Miles (1):
      misc/led: LED state is set opposite of what is expected

Luc Michel (11):
      hw/net/cadence_gem: use REG32 macro for register definitions
      hw/net/cadence_gem: use FIELD for screening registers
      hw/net/cadence_gem: use FIELD to describe NWCTRL register fields
      hw/net/cadence_gem: use FIELD to describe NWCFG register fields
      hw/net/cadence_gem: use FIELD to describe DMACFG register fields
      hw/net/cadence_gem: use FIELD to describe [TX|RX]STATUS register fields
      hw/net/cadence_gem: use FIELD to describe IRQ register fields
      hw/net/cadence_gem: use FIELD to describe DESCONF6 register fields
      hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields
      hw/net/cadence_gem: perform PHY access on write only
      hw/net/cadence_gem: enforce 32 bits variable size for CRC

Peter Maydell (9):
      target/arm: Correct minor errors in Cortex-A710 definition
      target/arm: Implement Neoverse N2 CPU model
      target/arm: Move feature test functions to their own header
      target/arm: Move ID_AA64MMFR1 and ID_AA64MMFR2 tests together
      target/arm: Move ID_AA64MMFR0 tests up to before MMFR1 and MMFR2
      target/arm: Move ID_AA64ISAR* test functions together
      target/arm: Move ID_AA64PFR* tests together
      target/arm: Move ID_AA64DFR* feature tests together
      target/arm: Fix syndrome for FGT traps on ERET

Philippe Mathieu-Daudé (20):
      hw/arm/allwinner-a10: Remove 'hw/arm/boot.h' from header
      hw/arm/allwinner-h3: Remove 'hw/arm/boot.h' from header
      hw/arm/allwinner-r40: Remove 'hw/arm/boot.h' from header
      hw/arm/fsl-imx25: Remove 'hw/arm/boot.h' from header
      hw/arm/fsl-imx31: Remove 'hw/arm/boot.h' from header
      hw/arm/fsl-imx6: Remove 'hw/arm/boot.h' from header
      hw/arm/fsl-imx6ul: Remove 'hw/arm/boot.h' from header
      hw/arm/fsl-imx7: Remove 'hw/arm/boot.h' from header
      hw/arm/xlnx-versal: Remove 'hw/arm/boot.h' from header
      hw/arm/xlnx-zynqmp: Remove 'hw/arm/boot.h' from header
      hw/sd/pxa2xx: Realize sysbus device before accessing it
      hw/sd/pxa2xx: Do not open-code sysbus_create_simple()
      hw/pcmcia/pxa2xx: Realize sysbus device before accessing it
      hw/pcmcia/pxa2xx: Do not open-code sysbus_create_simple()
      hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init()
      hw/intc/pxa2xx: Convert to Resettable interface
      hw/intc/pxa2xx: Pass CPU reference using QOM link property
      hw/intc/pxa2xx: Factor pxa2xx_pic_realize() out of pxa2xx_pic_init()
      hw/arm/pxa2xx: Realize PXA2XX_I2C device before accessing it
      hw/arm: Avoid using 'first_cpu' when first ARM CPU is reachable

 docs/system/arm/virt.rst          |   1 +
 bsd-user/arm/target_arch.h        |   1 +
 include/hw/arm/allwinner-a10.h    |   1 -
 include/hw/arm/allwinner-h3.h     |   1 -
 include/hw/arm/allwinner-r40.h    |   1 -
 include/hw/arm/fsl-imx25.h        |   1 -
 include/hw/arm/fsl-imx31.h        |   1 -
 include/hw/arm/fsl-imx6.h         |   1 -
 include/hw/arm/fsl-imx6ul.h       |   1 -
 include/hw/arm/fsl-imx7.h         |   1 -
 include/hw/arm/pxa.h              |   2 -
 include/hw/arm/xlnx-versal.h      |   1 -
 include/hw/arm/xlnx-zynqmp.h      |   1 -
 linux-user/aarch64/target_prctl.h |   2 +
 target/arm/cpu-features.h         | 994 ++++++++++++++++++++++++++++++++++++++
 target/arm/cpu.h                  | 971 -------------------------------------
 target/arm/internals.h            |   1 +
 target/arm/tcg/translate.h        |   2 +-
 hw/arm/armv7m.c                   |   1 +
 hw/arm/bananapi_m2u.c             |   3 +-
 hw/arm/cubieboard.c               |   1 +
 hw/arm/exynos4_boards.c           |   7 +-
 hw/arm/imx25_pdk.c                |   1 +
 hw/arm/kzm.c                      |   1 +
 hw/arm/mcimx6ul-evk.c             |   1 +
 hw/arm/mcimx7d-sabre.c            |   1 +
 hw/arm/orangepi.c                 |   3 +-
 hw/arm/pxa2xx.c                   |  17 +-
 hw/arm/pxa2xx_pic.c               |  38 +-
 hw/arm/realview.c                 |   2 +-
 hw/arm/sabrelite.c                |   1 +
 hw/arm/sbsa-ref.c                 |   1 +
 hw/arm/virt.c                     |   1 +
 hw/arm/xilinx_zynq.c              |   2 +-
 hw/arm/xlnx-versal-virt.c         |   1 +
 hw/arm/xlnx-zcu102.c              |   1 +
 hw/intc/armv7m_nvic.c             |   1 +
 hw/misc/led.c                     |   2 +-
 hw/net/cadence_gem.c              | 884 ++++++++++++++++++---------------
 hw/pcmcia/pxa2xx.c                |  15 -
 hw/sd/pxa2xx_mmci.c               |   7 +-
 linux-user/aarch64/cpu_loop.c     |   1 +
 linux-user/aarch64/signal.c       |   1 +
 linux-user/arm/signal.c           |   1 +
 linux-user/elfload.c              |   4 +
 linux-user/mmap.c                 |   4 +
 target/arm/arch_dump.c            |   1 +
 target/arm/cpu.c                  |   1 +
 target/arm/cpu64.c                |   1 +
 target/arm/debug_helper.c         |   1 +
 target/arm/gdbstub.c              |   1 +
 target/arm/helper.c               |   1 +
 target/arm/kvm64.c                |   1 +
 target/arm/machine.c              |   1 +
 target/arm/ptw.c                  |   1 +
 target/arm/tcg/cpu64.c            | 115 ++++-
 target/arm/tcg/hflags.c           |   1 +
 target/arm/tcg/m_helper.c         |   1 +
 target/arm/tcg/op_helper.c        |   1 +
 target/arm/tcg/pauth_helper.c     |   1 +
 target/arm/tcg/tlb_helper.c       |   1 +
 target/arm/tcg/translate-a64.c    |   4 +-
 target/arm/vfp_helper.c           |   1 +
 63 files changed, 1702 insertions(+), 1419 deletions(-)
 create mode 100644 target/arm/cpu-features.h

Re: [PULL 00/41] target-arm queue

[Stefan Hajnoczi]

On Fri, 27 Oct 2023 at 23:41, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Hi; here's the latest target-arm queue. Mostly this is refactoring
> and cleanup type patches.
>
> thanks
> -- PMM

Hi Peter,
I can't find this email thread on lore.kernel.org and your git repo
doesn't let me fetch the tag:

  $ git fetch https://git.linaro.org/people/pmaydell/qemu-arm.git
tags/pull-target-arm-20231027
  fatal: couldn't find remote ref tags/pull-target-arm-20231027

cgit shows the tag though, for some reason:
https://git.linaro.org/people/pmaydell/qemu-arm.git/tag/?h=pull-target-arm-20231027

Any idea what's up with this pull request? Thanks!

Stefan

>
> The following changes since commit c60be6e3e38cb36dc66129e757ec4b34152232be:
>
>   Merge tag 'pull-sp-20231025' of https://gitlab.com/rth7680/qemu into staging (2023-10-27 09:43:53 +0900)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20231027
>
> for you to fetch changes up to df93de987f423a0ed918c425f5dbd9a25d3c6229:
>
>   hw/net/cadence_gem: enforce 32 bits variable size for CRC (2023-10-27 15:27:06 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Correct minor errors in Cortex-A710 definition
>  * Implement Neoverse N2 CPU model
>  * Refactor feature test functions out into separate header
>  * Fix syndrome for FGT traps on ERET
>  * Remove 'hw/arm/boot.h' includes from various header files
>  * pxa2xx: Refactoring/cleanup
>  * Avoid using 'first_cpu' when first ARM CPU is reachable
>  * misc/led: LED state is set opposite of what is expected
>  * hw/net/cadence_gen: clean up to use FIELD macros
>  * hw/net/cadence_gem: perform PHY access on write only
>  * hw/net/cadence_gem: enforce 32 bits variable size for CRC
>
> ----------------------------------------------------------------
> Glenn Miles (1):
>       misc/led: LED state is set opposite of what is expected
>
> Luc Michel (11):
>       hw/net/cadence_gem: use REG32 macro for register definitions
>       hw/net/cadence_gem: use FIELD for screening registers
>       hw/net/cadence_gem: use FIELD to describe NWCTRL register fields
>       hw/net/cadence_gem: use FIELD to describe NWCFG register fields
>       hw/net/cadence_gem: use FIELD to describe DMACFG register fields
>       hw/net/cadence_gem: use FIELD to describe [TX|RX]STATUS register fields
>       hw/net/cadence_gem: use FIELD to describe IRQ register fields
>       hw/net/cadence_gem: use FIELD to describe DESCONF6 register fields
>       hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields
>       hw/net/cadence_gem: perform PHY access on write only
>       hw/net/cadence_gem: enforce 32 bits variable size for CRC
>
> Peter Maydell (9):
>       target/arm: Correct minor errors in Cortex-A710 definition
>       target/arm: Implement Neoverse N2 CPU model
>       target/arm: Move feature test functions to their own header
>       target/arm: Move ID_AA64MMFR1 and ID_AA64MMFR2 tests together
>       target/arm: Move ID_AA64MMFR0 tests up to before MMFR1 and MMFR2
>       target/arm: Move ID_AA64ISAR* test functions together
>       target/arm: Move ID_AA64PFR* tests together
>       target/arm: Move ID_AA64DFR* feature tests together
>       target/arm: Fix syndrome for FGT traps on ERET
>
> Philippe Mathieu-Daudé (20):
>       hw/arm/allwinner-a10: Remove 'hw/arm/boot.h' from header
>       hw/arm/allwinner-h3: Remove 'hw/arm/boot.h' from header
>       hw/arm/allwinner-r40: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx25: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx31: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx6: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx6ul: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx7: Remove 'hw/arm/boot.h' from header
>       hw/arm/xlnx-versal: Remove 'hw/arm/boot.h' from header
>       hw/arm/xlnx-zynqmp: Remove 'hw/arm/boot.h' from header
>       hw/sd/pxa2xx: Realize sysbus device before accessing it
>       hw/sd/pxa2xx: Do not open-code sysbus_create_simple()
>       hw/pcmcia/pxa2xx: Realize sysbus device before accessing it
>       hw/pcmcia/pxa2xx: Do not open-code sysbus_create_simple()
>       hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init()
>       hw/intc/pxa2xx: Convert to Resettable interface
>       hw/intc/pxa2xx: Pass CPU reference using QOM link property
>       hw/intc/pxa2xx: Factor pxa2xx_pic_realize() out of pxa2xx_pic_init()
>       hw/arm/pxa2xx: Realize PXA2XX_I2C device before accessing it
>       hw/arm: Avoid using 'first_cpu' when first ARM CPU is reachable
>
>  docs/system/arm/virt.rst          |   1 +
>  bsd-user/arm/target_arch.h        |   1 +
>  include/hw/arm/allwinner-a10.h    |   1 -
>  include/hw/arm/allwinner-h3.h     |   1 -
>  include/hw/arm/allwinner-r40.h    |   1 -
>  include/hw/arm/fsl-imx25.h        |   1 -
>  include/hw/arm/fsl-imx31.h        |   1 -
>  include/hw/arm/fsl-imx6.h         |   1 -
>  include/hw/arm/fsl-imx6ul.h       |   1 -
>  include/hw/arm/fsl-imx7.h         |   1 -
>  include/hw/arm/pxa.h              |   2 -
>  include/hw/arm/xlnx-versal.h      |   1 -
>  include/hw/arm/xlnx-zynqmp.h      |   1 -
>  linux-user/aarch64/target_prctl.h |   2 +
>  target/arm/cpu-features.h         | 994 ++++++++++++++++++++++++++++++++++++++
>  target/arm/cpu.h                  | 971 -------------------------------------
>  target/arm/internals.h            |   1 +
>  target/arm/tcg/translate.h        |   2 +-
>  hw/arm/armv7m.c                   |   1 +
>  hw/arm/bananapi_m2u.c             |   3 +-
>  hw/arm/cubieboard.c               |   1 +
>  hw/arm/exynos4_boards.c           |   7 +-
>  hw/arm/imx25_pdk.c                |   1 +
>  hw/arm/kzm.c                      |   1 +
>  hw/arm/mcimx6ul-evk.c             |   1 +
>  hw/arm/mcimx7d-sabre.c            |   1 +
>  hw/arm/orangepi.c                 |   3 +-
>  hw/arm/pxa2xx.c                   |  17 +-
>  hw/arm/pxa2xx_pic.c               |  38 +-
>  hw/arm/realview.c                 |   2 +-
>  hw/arm/sabrelite.c                |   1 +
>  hw/arm/sbsa-ref.c                 |   1 +
>  hw/arm/virt.c                     |   1 +
>  hw/arm/xilinx_zynq.c              |   2 +-
>  hw/arm/xlnx-versal-virt.c         |   1 +
>  hw/arm/xlnx-zcu102.c              |   1 +
>  hw/intc/armv7m_nvic.c             |   1 +
>  hw/misc/led.c                     |   2 +-
>  hw/net/cadence_gem.c              | 884 ++++++++++++++++++---------------
>  hw/pcmcia/pxa2xx.c                |  15 -
>  hw/sd/pxa2xx_mmci.c               |   7 +-
>  linux-user/aarch64/cpu_loop.c     |   1 +
>  linux-user/aarch64/signal.c       |   1 +
>  linux-user/arm/signal.c           |   1 +
>  linux-user/elfload.c              |   4 +
>  linux-user/mmap.c                 |   4 +
>  target/arm/arch_dump.c            |   1 +
>  target/arm/cpu.c                  |   1 +
>  target/arm/cpu64.c                |   1 +
>  target/arm/debug_helper.c         |   1 +
>  target/arm/gdbstub.c              |   1 +
>  target/arm/helper.c               |   1 +
>  target/arm/kvm64.c                |   1 +
>  target/arm/machine.c              |   1 +
>  target/arm/ptw.c                  |   1 +
>  target/arm/tcg/cpu64.c            | 115 ++++-
>  target/arm/tcg/hflags.c           |   1 +
>  target/arm/tcg/m_helper.c         |   1 +
>  target/arm/tcg/op_helper.c        |   1 +
>  target/arm/tcg/pauth_helper.c     |   1 +
>  target/arm/tcg/tlb_helper.c       |   1 +
>  target/arm/tcg/translate-a64.c    |   4 +-
>  target/arm/vfp_helper.c           |   1 +
>  63 files changed, 1702 insertions(+), 1419 deletions(-)
>  create mode 100644 target/arm/cpu-features.h
>

Re: [PULL 00/41] target-arm queue

[Peter Maydell]

On Sun, 29 Oct 2023 at 23:15, Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Fri, 27 Oct 2023 at 23:41, Peter Maydell <peter.maydell@linaro.org> wrote:
> >
> > Hi; here's the latest target-arm queue. Mostly this is refactoring
> > and cleanup type patches.

> Hi Peter,
> I can't find this email thread on lore.kernel.org and your git repo
> doesn't let me fetch the tag:
>
>   $ git fetch https://git.linaro.org/people/pmaydell/qemu-arm.git
> tags/pull-target-arm-20231027
>   fatal: couldn't find remote ref tags/pull-target-arm-20231027

This works for me:

$ git fetch https://git.linaro.org/people/pmaydell/qemu-arm.git
tags/pull-target-arm-20231027
remote: Enumerating objects: 16753, done.
remote: Counting objects: 100% (16753/16753), done.
remote: Compressing objects: 100% (3181/3181), done.
remote: Total 17529 (delta 14031), reused 16255 (delta 13541), pack-reused 776
Receiving objects: 100% (17529/17529), 22.87 MiB | 10.44 MiB/s, done.
Resolving deltas: 100% (14498/14498), completed with 1672 local objects.
From https://git.linaro.org/people/pmaydell/qemu-arm
 * tag                       pull-target-arm-20231027 -> FETCH_HEAD

> cgit shows the tag though, for some reason:
> https://git.linaro.org/people/pmaydell/qemu-arm.git/tag/?h=pull-target-arm-20231027
>
> Any idea what's up with this pull request? Thanks!

'git.linaro.org' has several geolocated servers and pushes to
it should get mirrored across to all of them. Maybe the
syncing between them went wrong? You could try using one
specific one:
 https://git-us.linaro.org/people/pmaydell/qemu-arm.git
tags/pull-target-arm-20231027

git-ie.linaro.org also seems to have the tag.

If you let me know what 'git.linaro.org' resolves to for you
I can check with our IT whether the syncing has broken.

I don't know why the email hasn't hit lore.kernel.org, but
that seems likely to be a problem with lore, because the
series did reach patchew, the lists.gnu.org archive, and you:

https://patchew.org/QEMU/20231027143942.3413881-1-peter.maydell@linaro.org/
https://lists.gnu.org/archive/html/qemu-devel/2023-10/msg09548.html

thanks
-- PMM

Re: [PULL 00/41] target-arm queue

[Stefan Hajnoczi]

On Mon, 30 Oct 2023 at 19:09, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Sun, 29 Oct 2023 at 23:15, Stefan Hajnoczi <stefanha@gmail.com> wrote:
> >
> > On Fri, 27 Oct 2023 at 23:41, Peter Maydell <peter.maydell@linaro.org> wrote:
> > >
> > > Hi; here's the latest target-arm queue. Mostly this is refactoring
> > > and cleanup type patches.
>
> > Hi Peter,
> > I can't find this email thread on lore.kernel.org and your git repo
> > doesn't let me fetch the tag:
> >
> >   $ git fetch https://git.linaro.org/people/pmaydell/qemu-arm.git
> > tags/pull-target-arm-20231027
> >   fatal: couldn't find remote ref tags/pull-target-arm-20231027
>
> This works for me:
>
> $ git fetch https://git.linaro.org/people/pmaydell/qemu-arm.git
> tags/pull-target-arm-20231027
> remote: Enumerating objects: 16753, done.
> remote: Counting objects: 100% (16753/16753), done.
> remote: Compressing objects: 100% (3181/3181), done.
> remote: Total 17529 (delta 14031), reused 16255 (delta 13541), pack-reused 776
> Receiving objects: 100% (17529/17529), 22.87 MiB | 10.44 MiB/s, done.
> Resolving deltas: 100% (14498/14498), completed with 1672 local objects.
> From https://git.linaro.org/people/pmaydell/qemu-arm
>  * tag                       pull-target-arm-20231027 -> FETCH_HEAD
>
> > cgit shows the tag though, for some reason:
> > https://git.linaro.org/people/pmaydell/qemu-arm.git/tag/?h=pull-target-arm-20231027
> >
> > Any idea what's up with this pull request? Thanks!
>
> 'git.linaro.org' has several geolocated servers and pushes to
> it should get mirrored across to all of them. Maybe the
> syncing between them went wrong? You could try using one
> specific one:
>  https://git-us.linaro.org/people/pmaydell/qemu-arm.git
> tags/pull-target-arm-20231027
>
> git-ie.linaro.org also seems to have the tag.

Yes, that solves the problem. DNS was resolving to git-ap.linaro.org
for me and it doesn't have the tag.

Thanks,
Stefan

Re: [PULL 00/41] target-arm queue

[Stefan Hajnoczi]

On Fri, 27 Oct 2023 at 23:41, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Hi; here's the latest target-arm queue. Mostly this is refactoring
> and cleanup type patches.

Applied, thanks!

Stefan

>
> thanks
> -- PMM
>
> The following changes since commit c60be6e3e38cb36dc66129e757ec4b34152232be:
>
>   Merge tag 'pull-sp-20231025' of https://gitlab.com/rth7680/qemu into staging (2023-10-27 09:43:53 +0900)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20231027
>
> for you to fetch changes up to df93de987f423a0ed918c425f5dbd9a25d3c6229:
>
>   hw/net/cadence_gem: enforce 32 bits variable size for CRC (2023-10-27 15:27:06 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Correct minor errors in Cortex-A710 definition
>  * Implement Neoverse N2 CPU model
>  * Refactor feature test functions out into separate header
>  * Fix syndrome for FGT traps on ERET
>  * Remove 'hw/arm/boot.h' includes from various header files
>  * pxa2xx: Refactoring/cleanup
>  * Avoid using 'first_cpu' when first ARM CPU is reachable
>  * misc/led: LED state is set opposite of what is expected
>  * hw/net/cadence_gen: clean up to use FIELD macros
>  * hw/net/cadence_gem: perform PHY access on write only
>  * hw/net/cadence_gem: enforce 32 bits variable size for CRC
>
> ----------------------------------------------------------------
> Glenn Miles (1):
>       misc/led: LED state is set opposite of what is expected
>
> Luc Michel (11):
>       hw/net/cadence_gem: use REG32 macro for register definitions
>       hw/net/cadence_gem: use FIELD for screening registers
>       hw/net/cadence_gem: use FIELD to describe NWCTRL register fields
>       hw/net/cadence_gem: use FIELD to describe NWCFG register fields
>       hw/net/cadence_gem: use FIELD to describe DMACFG register fields
>       hw/net/cadence_gem: use FIELD to describe [TX|RX]STATUS register fields
>       hw/net/cadence_gem: use FIELD to describe IRQ register fields
>       hw/net/cadence_gem: use FIELD to describe DESCONF6 register fields
>       hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields
>       hw/net/cadence_gem: perform PHY access on write only
>       hw/net/cadence_gem: enforce 32 bits variable size for CRC
>
> Peter Maydell (9):
>       target/arm: Correct minor errors in Cortex-A710 definition
>       target/arm: Implement Neoverse N2 CPU model
>       target/arm: Move feature test functions to their own header
>       target/arm: Move ID_AA64MMFR1 and ID_AA64MMFR2 tests together
>       target/arm: Move ID_AA64MMFR0 tests up to before MMFR1 and MMFR2
>       target/arm: Move ID_AA64ISAR* test functions together
>       target/arm: Move ID_AA64PFR* tests together
>       target/arm: Move ID_AA64DFR* feature tests together
>       target/arm: Fix syndrome for FGT traps on ERET
>
> Philippe Mathieu-Daudé (20):
>       hw/arm/allwinner-a10: Remove 'hw/arm/boot.h' from header
>       hw/arm/allwinner-h3: Remove 'hw/arm/boot.h' from header
>       hw/arm/allwinner-r40: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx25: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx31: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx6: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx6ul: Remove 'hw/arm/boot.h' from header
>       hw/arm/fsl-imx7: Remove 'hw/arm/boot.h' from header
>       hw/arm/xlnx-versal: Remove 'hw/arm/boot.h' from header
>       hw/arm/xlnx-zynqmp: Remove 'hw/arm/boot.h' from header
>       hw/sd/pxa2xx: Realize sysbus device before accessing it
>       hw/sd/pxa2xx: Do not open-code sysbus_create_simple()
>       hw/pcmcia/pxa2xx: Realize sysbus device before accessing it
>       hw/pcmcia/pxa2xx: Do not open-code sysbus_create_simple()
>       hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init()
>       hw/intc/pxa2xx: Convert to Resettable interface
>       hw/intc/pxa2xx: Pass CPU reference using QOM link property
>       hw/intc/pxa2xx: Factor pxa2xx_pic_realize() out of pxa2xx_pic_init()
>       hw/arm/pxa2xx: Realize PXA2XX_I2C device before accessing it
>       hw/arm: Avoid using 'first_cpu' when first ARM CPU is reachable
>
>  docs/system/arm/virt.rst          |   1 +
>  bsd-user/arm/target_arch.h        |   1 +
>  include/hw/arm/allwinner-a10.h    |   1 -
>  include/hw/arm/allwinner-h3.h     |   1 -
>  include/hw/arm/allwinner-r40.h    |   1 -
>  include/hw/arm/fsl-imx25.h        |   1 -
>  include/hw/arm/fsl-imx31.h        |   1 -
>  include/hw/arm/fsl-imx6.h         |   1 -
>  include/hw/arm/fsl-imx6ul.h       |   1 -
>  include/hw/arm/fsl-imx7.h         |   1 -
>  include/hw/arm/pxa.h              |   2 -
>  include/hw/arm/xlnx-versal.h      |   1 -
>  include/hw/arm/xlnx-zynqmp.h      |   1 -
>  linux-user/aarch64/target_prctl.h |   2 +
>  target/arm/cpu-features.h         | 994 ++++++++++++++++++++++++++++++++++++++
>  target/arm/cpu.h                  | 971 -------------------------------------
>  target/arm/internals.h            |   1 +
>  target/arm/tcg/translate.h        |   2 +-
>  hw/arm/armv7m.c                   |   1 +
>  hw/arm/bananapi_m2u.c             |   3 +-
>  hw/arm/cubieboard.c               |   1 +
>  hw/arm/exynos4_boards.c           |   7 +-
>  hw/arm/imx25_pdk.c                |   1 +
>  hw/arm/kzm.c                      |   1 +
>  hw/arm/mcimx6ul-evk.c             |   1 +
>  hw/arm/mcimx7d-sabre.c            |   1 +
>  hw/arm/orangepi.c                 |   3 +-
>  hw/arm/pxa2xx.c                   |  17 +-
>  hw/arm/pxa2xx_pic.c               |  38 +-
>  hw/arm/realview.c                 |   2 +-
>  hw/arm/sabrelite.c                |   1 +
>  hw/arm/sbsa-ref.c                 |   1 +
>  hw/arm/virt.c                     |   1 +
>  hw/arm/xilinx_zynq.c              |   2 +-
>  hw/arm/xlnx-versal-virt.c         |   1 +
>  hw/arm/xlnx-zcu102.c              |   1 +
>  hw/intc/armv7m_nvic.c             |   1 +
>  hw/misc/led.c                     |   2 +-
>  hw/net/cadence_gem.c              | 884 ++++++++++++++++++---------------
>  hw/pcmcia/pxa2xx.c                |  15 -
>  hw/sd/pxa2xx_mmci.c               |   7 +-
>  linux-user/aarch64/cpu_loop.c     |   1 +
>  linux-user/aarch64/signal.c       |   1 +
>  linux-user/arm/signal.c           |   1 +
>  linux-user/elfload.c              |   4 +
>  linux-user/mmap.c                 |   4 +
>  target/arm/arch_dump.c            |   1 +
>  target/arm/cpu.c                  |   1 +
>  target/arm/cpu64.c                |   1 +
>  target/arm/debug_helper.c         |   1 +
>  target/arm/gdbstub.c              |   1 +
>  target/arm/helper.c               |   1 +
>  target/arm/kvm64.c                |   1 +
>  target/arm/machine.c              |   1 +
>  target/arm/ptw.c                  |   1 +
>  target/arm/tcg/cpu64.c            | 115 ++++-
>  target/arm/tcg/hflags.c           |   1 +
>  target/arm/tcg/m_helper.c         |   1 +
>  target/arm/tcg/op_helper.c        |   1 +
>  target/arm/tcg/pauth_helper.c     |   1 +
>  target/arm/tcg/tlb_helper.c       |   1 +
>  target/arm/tcg/translate-a64.c    |   4 +-
>  target/arm/vfp_helper.c           |   1 +
>  63 files changed, 1702 insertions(+), 1419 deletions(-)
>  create mode 100644 target/arm/cpu-features.h
>

Re: [PULL 00/41] target-arm queue

[Peter Maydell]

On Mon, 30 Oct 2023 at 22:09, Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Mon, 30 Oct 2023 at 19:09, Peter Maydell <peter.maydell@linaro.org> wrote:
> > 'git.linaro.org' has several geolocated servers and pushes to
> > it should get mirrored across to all of them. Maybe the
> > syncing between them went wrong? You could try using one
> > specific one:
> >  https://git-us.linaro.org/people/pmaydell/qemu-arm.git
> > tags/pull-target-arm-20231027
> >
> > git-ie.linaro.org also seems to have the tag.
>
> Yes, that solves the problem. DNS was resolving to git-ap.linaro.org
> for me and it doesn't have the tag.

This was a problem with that specific mirror server;
it has been resolved, and future pulls with 'git.linaro.org'
should work as usual.

thanks
-- PMM

[PULL 00/41] target-arm queue

[Peter Maydell]

Mostly my FEAT_NV/NV2 stuff, but some other smaller series too.

-- PMM

The following changes since commit 9468484fe904ab4691de6d9c34616667f377ceac:

  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2024-01-09 10:32:23 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240111

for you to fetch changes up to e2862554c257e908a3833265e38365e794abd362:

  target/arm: Add FEAT_NV2 to max, neoverse-n2, neoverse-v1 CPUs (2024-01-09 14:44:45 +0000)

----------------------------------------------------------------
target-arm queue:
 * Emulate FEAT_NV, FEAT_NV2
 * add cache controller for Freescale i.MX6
 * Add minimal support for the B-L475E-IOT01A board
 * Allow SoC models to configure M-profile CPUs with correct number
   of NVIC priority bits
 * Add missing QOM parent for v7-M SoCs
 * Set CTR_EL0.{IDC,DIC} for the 'max' CPU
 * hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers

----------------------------------------------------------------
Inès Varhol (2):
      hw/arm: Add minimal support for the STM32L4x5 SoC
      hw/arm: Add minimal support for the B-L475E-IOT01A board

Nikita Ostrenkov (1):
      hw/arm: add cache controller for Freescale i.MX6

Peter Maydell (34):
      target/arm: Set CTR_EL0.{IDC,DIC} for the 'max' CPU
      hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers
      target/arm: Handle HCR_EL2 accesses for bits introduced with FEAT_NV
      target/arm: Implement HCR_EL2.AT handling
      target/arm: Enable trapping of ERET for FEAT_NV
      target/arm: Always honour HCR_EL2.TSC when HCR_EL2.NV is set
      target/arm: Allow use of upper 32 bits of TBFLAG_A64
      target/arm: Record correct opcode fields in cpreg for E2H aliases
      target/arm: *_EL12 registers should UNDEF when HCR_EL2.E2H is 0
      target/arm: Make EL2 cpreg accessfns safe for FEAT_NV EL1 accesses
      target/arm: Move FPU/SVE/SME access checks up above ARM_CP_SPECIAL_MASK check
      target/arm: Trap sysreg accesses for FEAT_NV
      target/arm: Make NV reads of CurrentEL return EL2
      target/arm: Set SPSR_EL1.M correctly when nested virt is enabled
      target/arm: Trap registers when HCR_EL2.{NV, NV1} == {1, 1}
      target/arm: Always use arm_pan_enabled() when checking if PAN is enabled
      target/arm: Don't honour PSTATE.PAN when HCR_EL2.{NV, NV1} == {1, 1}
      target/arm: Treat LDTR* and STTR* as LDR/STR when NV, NV1 is 1, 1
      target/arm: Handle FEAT_NV page table attribute changes
      target/arm: Add FEAT_NV to max, neoverse-n2, neoverse-v1 CPUs
      target/arm: Handle HCR_EL2 accesses for FEAT_NV2 bits
      target/arm: Implement VNCR_EL2 register
      target/arm: Handle FEAT_NV2 changes to when SPSR_EL1.M reports EL2
      target/arm: Handle FEAT_NV2 redirection of SPSR_EL2, ELR_EL2, ESR_EL2, FAR_EL2
      target/arm: Implement FEAT_NV2 redirection of sysregs to RAM
      target/arm: Report VNCR_EL2 based faults correctly
      target/arm: Mark up VNCR offsets (offsets 0x0..0xff)
      target/arm: Mark up VNCR offsets (offsets 0x100..0x160)
      target/arm: Mark up VNCR offsets (offsets 0x168..0x1f8)
      target/arm: Mark up VNCR offsets (offsets >= 0x200, except GIC)
      hw/intc/arm_gicv3_cpuif: Mark up VNCR offsets for GIC CPU registers
      target/arm: Report HCR_EL2.{NV,NV1,NV2} in cpu dumps
      target/arm: Enhance CPU_LOG_INT to show SPSR on AArch64 exception-entry
      target/arm: Add FEAT_NV2 to max, neoverse-n2, neoverse-v1 CPUs

Philippe Mathieu-Daudé (1):
      hw/arm: Add missing QOM parent for v7-M SoCs

Samuel Tardieu (3):
      hw/intc/armv7m_nvic: add "num-prio-bits" property
      hw/arm/armv7m: alias the NVIC "num-prio-bits" property
      hw/arm/socs: configure priority bits for existing SOCs

 MAINTAINERS                             |  15 ++
 docs/system/arm/b-l475e-iot01a.rst      |  46 +++++
 docs/system/arm/emulation.rst           |   2 +
 docs/system/arm/stm32.rst               |   6 +-
 docs/system/target-arm.rst              |   1 +
 configs/devices/arm-softmmu/default.mak |   1 +
 include/hw/arm/armv7m.h                 |   1 +
 include/hw/arm/stm32l4x5_soc.h          |  57 ++++++
 target/arm/cpregs.h                     |  54 +++++-
 target/arm/cpu-features.h               |  10 +
 target/arm/cpu.h                        |  24 ++-
 target/arm/syndrome.h                   |  20 +-
 target/arm/tcg/translate.h              |  16 +-
 hw/arm/armv7m.c                         |   2 +
 hw/arm/b-l475e-iot01a.c                 |  72 +++++++
 hw/arm/fsl-imx6.c                       |   3 +
 hw/arm/msf2-som.c                       |   1 +
 hw/arm/netduino2.c                      |   1 +
 hw/arm/netduinoplus2.c                  |   1 +
 hw/arm/olimex-stm32-h405.c              |   1 +
 hw/arm/stellaris.c                      |   2 +
 hw/arm/stm32f100_soc.c                  |   1 +
 hw/arm/stm32f205_soc.c                  |   1 +
 hw/arm/stm32f405_soc.c                  |   1 +
 hw/arm/stm32l4x5_soc.c                  | 266 ++++++++++++++++++++++++++
 hw/arm/stm32vldiscovery.c               |   1 +
 hw/intc/arm_gicv3_cpuif.c               |  28 ++-
 hw/intc/armv7m_nvic.c                   |  23 ++-
 target/arm/cpu.c                        |   8 +-
 target/arm/debug_helper.c               |  13 +-
 target/arm/helper.c                     | 326 +++++++++++++++++++++++++++++---
 target/arm/ptw.c                        |  21 ++
 target/arm/tcg/cpu64.c                  |  11 ++
 target/arm/tcg/hflags.c                 |  30 ++-
 target/arm/tcg/op_helper.c              |  16 +-
 target/arm/tcg/tlb_helper.c             |  27 ++-
 target/arm/tcg/translate-a64.c          | 160 ++++++++++++++--
 hw/arm/Kconfig                          |  12 ++
 hw/arm/meson.build                      |   2 +
 39 files changed, 1203 insertions(+), 80 deletions(-)
 create mode 100644 docs/system/arm/b-l475e-iot01a.rst
 create mode 100644 include/hw/arm/stm32l4x5_soc.h
 create mode 100644 hw/arm/b-l475e-iot01a.c
 create mode 100644 hw/arm/stm32l4x5_soc.c

Re: [PULL 00/41] target-arm queue

[Peter Maydell]

On Thu, 11 Jan 2024 at 11:05, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Mostly my FEAT_NV/NV2 stuff, but some other smaller series too.
>
> -- PMM
>
> The following changes since commit 9468484fe904ab4691de6d9c34616667f377ceac:
>
>   Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2024-01-09 10:32:23 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240111
>
> for you to fetch changes up to e2862554c257e908a3833265e38365e794abd362:
>
>   target/arm: Add FEAT_NV2 to max, neoverse-n2, neoverse-v1 CPUs (2024-01-09 14:44:45 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * Emulate FEAT_NV, FEAT_NV2
>  * add cache controller for Freescale i.MX6
>  * Add minimal support for the B-L475E-IOT01A board
>  * Allow SoC models to configure M-profile CPUs with correct number
>    of NVIC priority bits
>  * Add missing QOM parent for v7-M SoCs
>  * Set CTR_EL0.{IDC,DIC} for the 'max' CPU
>  * hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/9.0
for any user-visible changes.

-- PMM

[PULL 00/41] target-arm queue

[Peter Maydell]

Hi; this pullreq contains a new board model npcm845-evb, plus some
more minor cleanups, refactorings and a few bugfixes.

thanks
-- PMM

The following changes since commit 40efe733e10cc00e4fb4f9f5790a28e744e63c62:

  Merge tag 'pull-tcg-20250215-3' of https://gitlab.com/rth7680/qemu into staging (2025-02-19 08:36:45 +0800)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20250220

for you to fetch changes up to 1c3169179b8242866316108386800379c4e22974:

  docs/system/arm: Add Description for NPCM8XX SoC (2025-02-20 15:22:22 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix some incorrect syndrome values in various sysreg traps
 * Clean up sysreg trap code to avoid similar future bugs
 * Make boards/SoCs using a9mpcore and a15mpcore objects specify
   number of GIC interrupts explicitly
 * Kconfig: Extract CONFIG_USB_CHIPIDEA from CONFIG_IMX
 * target/arm: Use uint32_t in t32_expandimm_imm()
 * New board model: NPCM845 Evaluation board "npcm845-evb"

----------------------------------------------------------------
Bernhard Beschow (1):
      Kconfig: Extract CONFIG_USB_CHIPIDEA from CONFIG_IMX

Hao Wu (17):
      roms: Update vbootrom to 1287b6e
      pc-bios: Add NPCM8XX vBootrom
      hw/ssi: Make flash size a property in NPCM7XX FIU
      hw/misc: Rename npcm7xx_gcr to npcm_gcr
      hw/misc: Move NPCM7XX GCR to NPCM GCR
      hw/misc: Add nr_regs and cold_reset_values to NPCM GCR
      hw/misc: Add support for NPCM8XX GCR
      hw/misc: Store DRAM size in NPCM8XX GCR Module
      hw/misc: Support 8-bytes memop in NPCM GCR module
      hw/misc: Rename npcm7xx_clk to npcm_clk
      hw/misc: Move NPCM7XX CLK to NPCM CLK
      hw/misc: Add nr_regs and cold_reset_values to NPCM CLK
      hw/misc: Support NPCM8XX CLK Module Registers
      hw/net: Add NPCM8XX PCS Module
      hw/arm: Add NPCM8XX SoC
      hw/arm: Add NPCM845 Evaluation board
      docs/system/arm: Add Description for NPCM8XX SoC

Peter Maydell (14):
      target/arm: Report correct syndrome for UNDEFINED CNTPS_*_EL1 from EL2 and NS EL1
      target/arm: Report correct syndrome for UNDEFINED AT ops with wrong NSE, NS
      target/arm: Report correct syndrome for UNDEFINED S1E2 AT ops at EL3
      target/arm: Report correct syndrome for UNDEFINED LOR sysregs when NS=0
      target/arm: Make CP_ACCESS_TRAPs to AArch32 EL3 be Monitor traps
      hw/intc/arm_gicv3_cpuif: Don't downgrade monitor traps for AArch32 EL3
      target/arm: Honour SDCR.TDCC and SCR.TERR in AArch32 EL3 non-Monitor modes
      hw/intc/arm_gicv3_cpuif(): Remove redundant tests of is_a64()
      target/arm: Support CP_ACCESS_TRAP_EL1 as a CPAccessResult
      target/arm: Use CP_ACCESS_TRAP_EL1 for traps that are always to EL1
      target/arm: Use TRAP_UNCATEGORIZED for XScale CPAR traps
      target/arm: Remove CP_ACCESS_TRAP handling
      target/arm: Rename CP_ACCESS_TRAP_UNCATEGORIZED to CP_ACCESS_UNDEFINED
      target/arm: Correct errors in WFI/WFE trapping

Philippe Mathieu-Daudé (8):
      hw/arm/exynos4210: Replace magic 32 by proper 'GIC_INTERNAL' definition
      hw/arm/exynos4210: Specify explicitly the GIC has 64 external IRQs
      hw/arm/realview: Specify explicitly the GIC has 64 external IRQs
      hw/arm/xilinx_zynq: Replace IRQ_OFFSET -> GIC_INTERNAL
      hw/arm/xilinx_zynq: Specify explicitly the GIC has 64 external IRQs
      hw/arm/vexpress: Specify explicitly the GIC has 64 external IRQs
      hw/arm/highbank: Specify explicitly the GIC has 128 external IRQs
      hw/cpu/arm_mpcore: Remove default values for GIC external IRQs

Stephen Longfield (1):
      target/arm: Use uint32_t in t32_expandimm_imm()

 MAINTAINERS                                   |   1 +
 docs/system/arm/nuvoton.rst                   |  27 +-
 configs/devices/aarch64-softmmu/default.mak   |   1 +
 include/hw/arm/npcm7xx.h                      |   8 +-
 include/hw/arm/npcm8xx.h                      | 127 ++++
 include/hw/misc/{npcm7xx_clk.h => npcm_clk.h} |  47 +-
 include/hw/misc/{npcm7xx_gcr.h => npcm_gcr.h} |  29 +-
 include/hw/net/npcm_pcs.h                     |  42 ++
 include/hw/ssi/npcm7xx_fiu.h                  |   1 +
 target/arm/cpregs.h                           |  15 +-
 target/arm/cpu.h                              |   6 +
 hw/arm/exynos4210.c                           |  10 +-
 hw/arm/highbank.c                             |   8 +-
 hw/arm/npcm7xx.c                              |   6 +
 hw/arm/npcm8xx.c                              | 805 ++++++++++++++++++++++++++
 hw/arm/npcm8xx_boards.c                       | 254 ++++++++
 hw/arm/realview.c                             |  11 +-
 hw/arm/vexpress.c                             |   7 +-
 hw/arm/xilinx_zynq.c                          |  43 +-
 hw/cpu/a15mpcore.c                            |  18 +-
 hw/cpu/a9mpcore.c                             |  18 +-
 hw/intc/arm_gicv3_cpuif.c                     |  15 +-
 hw/misc/npcm7xx_gcr.c                         | 264 ---------
 hw/misc/{npcm7xx_clk.c => npcm_clk.c}         | 235 ++++++--
 hw/misc/npcm_gcr.c                            | 482 +++++++++++++++
 hw/net/npcm_pcs.c                             | 410 +++++++++++++
 hw/ssi/npcm7xx_fiu.c                          |  16 +-
 target/arm/debug_helper.c                     |   5 +-
 target/arm/helper.c                           |  75 ++-
 target/arm/tcg/op_helper.c                    |  71 ++-
 target/arm/tcg/translate.c                    |   2 +-
 hw/arm/Kconfig                                |  19 +-
 hw/arm/meson.build                            |   1 +
 hw/misc/meson.build                           |   4 +-
 hw/misc/trace-events                          |  12 +-
 hw/net/meson.build                            |   1 +
 hw/net/trace-events                           |   4 +-
 hw/usb/Kconfig                                |   4 +
 hw/usb/meson.build                            |   2 +-
 pc-bios/README                                |   8 +-
 pc-bios/meson.build                           |   1 +
 pc-bios/npcm7xx_bootrom.bin                   | Bin 768 -> 768 bytes
 pc-bios/npcm8xx_bootrom.bin                   | Bin 0 -> 608 bytes
 roms/Makefile                                 |   6 +
 roms/vbootrom                                 |   2 +-
 45 files changed, 2626 insertions(+), 497 deletions(-)
 create mode 100644 include/hw/arm/npcm8xx.h
 rename include/hw/misc/{npcm7xx_clk.h => npcm_clk.h} (83%)
 rename include/hw/misc/{npcm7xx_gcr.h => npcm_gcr.h} (76%)
 create mode 100644 include/hw/net/npcm_pcs.h
 create mode 100644 hw/arm/npcm8xx.c
 create mode 100644 hw/arm/npcm8xx_boards.c
 delete mode 100644 hw/misc/npcm7xx_gcr.c
 rename hw/misc/{npcm7xx_clk.c => npcm_clk.c} (82%)
 create mode 100644 hw/misc/npcm_gcr.c
 create mode 100644 hw/net/npcm_pcs.c
 create mode 100644 pc-bios/npcm8xx_bootrom.bin

Re: [PULL 00/41] target-arm queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 116 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/10.0 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 484 bytes --]