[PULL 0/4] target-arm queue

[PULL 0/4] target-arm queue

[Peter Maydell]

Arm patches for rc3 : just a handful of bug fixes.

thanks
-- PMM


The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:

  Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126

for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:

  target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)

----------------------------------------------------------------
target-arm queue:
 * handle FTYPE flag correctly in v7M exception return
   for v7M CPUs with an FPU (v8M CPUs were already correct)
 * versal: Add the CRP as unimplemented
 * Fix ISR_EL1 tracking when executing at EL2
 * Honor HCR_EL2.TID3 trapping requirements

----------------------------------------------------------------
Edgar E. Iglesias (1):
      hw/arm: versal: Add the CRP as unimplemented

Jean-Hugues Deschênes (1):
      target/arm: Fix handling of cortex-m FTYPE flag in EXCRET

Marc Zyngier (2):
      target/arm: Fix ISR_EL1 tracking when executing at EL2
      target/arm: Honor HCR_EL2.TID3 trapping requirements

 include/hw/arm/xlnx-versal.h |  3 ++
 hw/arm/xlnx-versal.c         |  2 ++
 target/arm/helper.c          | 83 ++++++++++++++++++++++++++++++++++++++++++--
 target/arm/m_helper.c        |  7 ++--
 4 files changed, 89 insertions(+), 6 deletions(-)

Re: [PULL 0/4] target-arm queue

[Peter Maydell]

On Tue, 26 Nov 2019 at 14:12, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm patches for rc3 : just a handful of bug fixes.
>
> thanks
> -- PMM
>
>
> The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
>
>   Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
>
> for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
>
>   target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
>  * handle FTYPE flag correctly in v7M exception return
>    for v7M CPUs with an FPU (v8M CPUs were already correct)
>  * versal: Add the CRP as unimplemented
>  * Fix ISR_EL1 tracking when executing at EL2
>  * Honor HCR_EL2.TID3 trapping requirements
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.

-- PMM

[PULL 0/4] target-arm queue

[Peter Maydell]

Hi; some minor changes for 6.2, which I think can be classified
as bug fixes and are OK for this point in the release cycle.
(Wouldn't be the end of the world if they slipped to 7.0.)

-- PMM

The following changes since commit 42f6c9179be4401974dd3a75ee72defd16b5092d:

  Merge tag 'pull-ppc-20211112' of https://github.com/legoater/qemu into staging (2021-11-12 12:28:25 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211115-1

for you to fetch changes up to 1adf528ec3bdf62ea3b580b7ad562534a3676ff5:

  hw/rtc/pl031: Send RTC_CHANGE QMP event (2021-11-15 18:53:00 +0000)

----------------------------------------------------------------
target-arm queue:
 * Support multiple redistributor regions for TCG GICv3
 * Send RTC_CHANGE QMP event from pl031

----------------------------------------------------------------
Eric Auger (1):
      hw/rtc/pl031: Send RTC_CHANGE QMP event

Peter Maydell (3):
      hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
      hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
      hw/intc/arm_gicv3: Support multiple redistributor regions

 include/hw/intc/arm_gicv3_common.h | 14 ++++++++--
 hw/intc/arm_gicv3.c                | 12 +-------
 hw/intc/arm_gicv3_common.c         | 56 ++++++++++++++++++++++++--------------
 hw/intc/arm_gicv3_kvm.c            | 10 ++-----
 hw/intc/arm_gicv3_redist.c         | 40 +++++++++++++++------------
 hw/rtc/pl031.c                     | 10 ++++++-
 hw/rtc/meson.build                 |  2 +-
 7 files changed, 83 insertions(+), 61 deletions(-)

Re: [PULL 0/4] target-arm queue

[Richard Henderson]

On 11/15/21 9:19 PM, Peter Maydell wrote:
> Hi; some minor changes for 6.2, which I think can be classified
> as bug fixes and are OK for this point in the release cycle.
> (Wouldn't be the end of the world if they slipped to 7.0.)
> 
> -- PMM
> 
> The following changes since commit 42f6c9179be4401974dd3a75ee72defd16b5092d:
> 
>    Merge tag 'pull-ppc-20211112' of https://github.com/legoater/qemu into staging (2021-11-12 12:28:25 +0100)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211115-1
> 
> for you to fetch changes up to 1adf528ec3bdf62ea3b580b7ad562534a3676ff5:
> 
>    hw/rtc/pl031: Send RTC_CHANGE QMP event (2021-11-15 18:53:00 +0000)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * Support multiple redistributor regions for TCG GICv3
>   * Send RTC_CHANGE QMP event from pl031
> 
> ----------------------------------------------------------------
> Eric Auger (1):
>        hw/rtc/pl031: Send RTC_CHANGE QMP event
> 
> Peter Maydell (3):
>        hw/intc/arm_gicv3: Move checking of redist-region-count to arm_gicv3_common_realize
>        hw/intc/arm_gicv3: Set GICR_TYPER.Last correctly when nb_redist_regions > 1
>        hw/intc/arm_gicv3: Support multiple redistributor regions
> 
>   include/hw/intc/arm_gicv3_common.h | 14 ++++++++--
>   hw/intc/arm_gicv3.c                | 12 +-------
>   hw/intc/arm_gicv3_common.c         | 56 ++++++++++++++++++++++++--------------
>   hw/intc/arm_gicv3_kvm.c            | 10 ++-----
>   hw/intc/arm_gicv3_redist.c         | 40 +++++++++++++++------------
>   hw/rtc/pl031.c                     | 10 ++++++-
>   hw/rtc/meson.build                 |  2 +-
>   7 files changed, 83 insertions(+), 61 deletions(-)

Applied, thanks.


r~

[PULL 0/4] target-arm queue

[Peter Maydell]

The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d:

  Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403

for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001:

  hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100)

----------------------------------------------------------------
 * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
 * hw/arm: do not free machine->fdt in arm_load_dtb()
 * target/arm: Fix generated code for cpreg reads when HSTR is active
 * hw/ssi: Fix Linux driver init issue with xilinx_spi

----------------------------------------------------------------
Chris Rauer (1):
      hw/ssi: Fix Linux driver init issue with xilinx_spi

Markus Armbruster (1):
      hw/arm: do not free machine->fdt in arm_load_dtb()

Peter Maydell (1):
      target/arm: Fix generated code for cpreg reads when HSTR is active

Philippe Mathieu-Daudé (1):
      target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()

 target/arm/internals.h        | 15 ++++++++++-----
 hw/arm/boot.c                 |  5 ++++-
 hw/ssi/xilinx_spi.c           |  1 +
 target/arm/gdbstub64.c        |  7 +++++--
 target/arm/tcg/pauth_helper.c | 18 +-----------------
 target/arm/tcg/translate.c    |  6 ++++++
 6 files changed, 27 insertions(+), 25 deletions(-)

Re: [PULL 0/4] target-arm queue

[Peter Maydell]

On Mon, 3 Apr 2023 at 17:01, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d:
>
>   Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403
>
> for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001:
>
>   hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100)
>
> ----------------------------------------------------------------
>  * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
>  * hw/arm: do not free machine->fdt in arm_load_dtb()
>  * target/arm: Fix generated code for cpreg reads when HSTR is active
>  * hw/ssi: Fix Linux driver init issue with xilinx_spi
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0
for any user-visible changes.

-- PMM

[PULL 0/4] target-arm queue

[Peter Maydell]

Hi; here are a handful of small bug fixes for Arm guests for rc0.

thanks
-- PMM

The following changes since commit 69680740eafa1838527c90155a7432d51b8ff203:

  Merge tag 'qdev-array-prop' of https://repo.or.cz/qemu/kevin into staging (2023-11-11 11:23:25 +0800)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20231113

for you to fetch changes up to f6e8d1ef05a126de796ae03dd81e048e3ff48ff1:

  target/arm/tcg: enable PMU feature for Cortex-A8 and A9 (2023-11-13 16:31:41 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/virt: fix GIC maintenance IRQ registration
 * target/arm: HVC at EL3 should go to EL3, not EL2
 * target/arm: Correct MTE tag checking for reverse-copy MOPS
 * target/arm/tcg: enable PMU feature for Cortex-A8 and A9

----------------------------------------------------------------
Jean-Philippe Brucker (1):
      hw/arm/virt: fix GIC maintenance IRQ registration

Nikita Ostrenkov (1):
      target/arm/tcg: enable PMU feature for Cortex-A8 and A9

Peter Maydell (2):
      target/arm: HVC at EL3 should go to EL3, not EL2
      target/arm: Correct MTE tag checking for reverse-copy MOPS

 hw/arm/virt.c                  |  6 ++++--
 target/arm/tcg/cpu32.c         |  2 ++
 target/arm/tcg/mte_helper.c    | 12 ++++++++++--
 target/arm/tcg/translate-a64.c |  4 +++-
 4 files changed, 19 insertions(+), 5 deletions(-)

Re: [PULL 0/4] target-arm queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 115 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[PULL 0/4] target-arm queue

[Peter Maydell]

Just 4 bug fixes here...

thanks
-- PMM

The following changes since commit e9d2db818ff934afb366aea566d0b33acf7bced1:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2024-08-01 07:31:49 +1000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240801

for you to fetch changes up to 5e8e4f098d872818aa9a138a171200068b81c8d1:

  target/xtensa: Correct assert condition in handle_interrupt() (2024-08-01 10:59:01 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/arm/mps2-tz.c: fix RX/TX interrupts order
 * accel/kvm/kvm-all: Fixes the missing break in vCPU unpark logic
 * target/arm: Handle denormals correctly for FMOPA (widening)
 * target/xtensa: Correct assert condition in handle_interrupt()

----------------------------------------------------------------
Marco Palumbi (1):
      hw/arm/mps2-tz.c: fix RX/TX interrupts order

Peter Maydell (2):
      target/arm: Handle denormals correctly for FMOPA (widening)
      target/xtensa: Correct assert condition in handle_interrupt()

Salil Mehta (1):
      accel/kvm/kvm-all: Fixes the missing break in vCPU unpark logic

 target/arm/tcg/helper-sme.h    |  2 +-
 accel/kvm/kvm-all.c            |  1 +
 hw/arm/mps2-tz.c               |  6 +++---
 target/arm/tcg/sme_helper.c    | 39 +++++++++++++++++++++++++++------------
 target/arm/tcg/translate-sme.c | 25 +++++++++++++++++++++++--
 target/xtensa/exc_helper.c     |  2 +-
 6 files changed, 56 insertions(+), 19 deletions(-)

Re: [PULL 0/4] target-arm queue

[Richard Henderson]

On 8/2/24 00:23, Peter Maydell wrote:
> Just 4 bug fixes here...
> 
> thanks
> -- PMM
> 
> The following changes since commit e9d2db818ff934afb366aea566d0b33acf7bced1:
> 
>    Merge tag 'for-upstream' ofhttps://gitlab.com/bonzini/qemu into staging (2024-08-01 07:31:49 +1000)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240801
> 
> for you to fetch changes up to 5e8e4f098d872818aa9a138a171200068b81c8d1:
> 
>    target/xtensa: Correct assert condition in handle_interrupt() (2024-08-01 10:59:01 +0100)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * hw/arm/mps2-tz.c: fix RX/TX interrupts order
>   * accel/kvm/kvm-all: Fixes the missing break in vCPU unpark logic
>   * target/arm: Handle denormals correctly for FMOPA (widening)
>   * target/xtensa: Correct assert condition in handle_interrupt()

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.

r~

[PULL 0/4] target-arm queue

[Peter Maydell]

Three last bugfixes to sneak into rc2 if we can. The fix
for the EL3-is-AArch32-and-we-run-code-at-EL0 bug is the
most important one here I think (though also the most risky).

thanks
-- PMM

The following changes since commit 9eb51530c12ae645b91e308d16196c68563ea883:

  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2024-08-13 07:59:32 +1000)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240813

for you to fetch changes up to 4c2c0474693229c1f533239bb983495c5427784d:

  target/arm: Fix usage of MMU indexes when EL3 is AArch32 (2024-08-13 11:44:53 +0100)

----------------------------------------------------------------
target-arm queue:
 * hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
 * target/arm: Clear high SVE elements in handle_vec_simd_wshli
 * target/arm: Fix usage of MMU indexes when EL3 is AArch32

----------------------------------------------------------------
Peter Maydell (2):
      target/arm: Update translation regime comment for new features
      target/arm: Fix usage of MMU indexes when EL3 is AArch32

Richard Henderson (1):
      target/arm: Clear high SVE elements in handle_vec_simd_wshli

Zheyu Ma (1):
      hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values

 target/arm/cpu.h               | 50 +++++++++++++++++++++++++++---------------
 target/arm/internals.h         | 27 +++++++++++++++++++----
 target/arm/tcg/translate.h     |  2 ++
 hw/misc/stm32l4x5_rcc.c        | 28 ++++++++++++++++-------
 target/arm/helper.c            | 34 ++++++++++++++++++----------
 target/arm/ptw.c               |  6 ++++-
 target/arm/tcg/hflags.c        |  4 ++++
 target/arm/tcg/translate-a64.c |  3 ++-
 target/arm/tcg/translate.c     |  9 ++++----
 9 files changed, 116 insertions(+), 47 deletions(-)

Re: [PULL 0/4] target-arm queue

[Richard Henderson]

On 8/14/24 01:20, Peter Maydell wrote:
> Three last bugfixes to sneak into rc2 if we can. The fix
> for the EL3-is-AArch32-and-we-run-code-at-EL0 bug is the
> most important one here I think (though also the most risky).
> 
> thanks
> -- PMM
> 
> The following changes since commit 9eb51530c12ae645b91e308d16196c68563ea883:
> 
>    Merge tag 'block-pull-request' ofhttps://gitlab.com/stefanha/qemu into staging (2024-08-13 07:59:32 +1000)
> 
> are available in the Git repository at:
> 
>    https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240813
> 
> for you to fetch changes up to 4c2c0474693229c1f533239bb983495c5427784d:
> 
>    target/arm: Fix usage of MMU indexes when EL3 is AArch32 (2024-08-13 11:44:53 +0100)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
>   * target/arm: Clear high SVE elements in handle_vec_simd_wshli
>   * target/arm: Fix usage of MMU indexes when EL3 is AArch32


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.

r~

[PULL 0/4] target-arm queue

[Peter Maydell]

Hi; here's an arm pullreq for rc2: three small bug fixes and
one trivial removal of a duplicated #define.

thanks
-- PMM

The following changes since commit fb241d0a1fd36a1b67ecced29d8b533316cf9e2d:

  Merge tag 'staging-pull-request' of https://gitlab.com/peterx/qemu into staging (2025-11-23 11:46:53 -0800)

are available in the Git repository at:

  https://gitlab.com/pm215/qemu.git tags/pull-target-arm-20251124

for you to fetch changes up to 579be921f509fb9d2deccc4233496e36b221abb3:

  hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() (2025-11-24 11:01:23 +0000)

----------------------------------------------------------------
target-arm queue:
 * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
 * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
 * hw/display/exynos4210_fimd: Remove duplicated definition
 * hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build

----------------------------------------------------------------
Bernhard Beschow (1):
      hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build

Peter Maydell (2):
      hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
      hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()

Philippe Mathieu-Daudé (1):
      hw/display/exynos4210_fimd: Remove duplicated definition

 hw/arm/armv7m.c              | 12 ++++++++++++
 hw/display/exynos4210_fimd.c |  8 +++++++-
 hw/arm/Kconfig               |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

[PULL 1/4] hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build

[Peter Maydell]

From: Bernhard Beschow <shentey@gmail.com>

Fixes make check failures on an aarch64 host when QEMU is configured
using '--enable-kvm --disable-tcg':
  qemu-system-aarch64: unknown type 'arm-gicv3'

Reported-by: Cornelia Huck <cohuck@redhat.com>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 20251119203759.5138-1-shentey@gmail.com
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 0cdeb60f1f2..78775063840 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -623,7 +623,7 @@ config FSL_IMX8MP_EVK
     bool
     default y
     depends on AARCH64
-    depends on TCG || KVM
+    depends on TCG
     select FSL_IMX8MP
 
 config ARM_SMMUV3
-- 
2.43.0

[PULL 2/4] hw/display/exynos4210_fimd: Remove duplicated definition

[Peter Maydell]

From: Philippe Mathieu-Daudé <philmd@linaro.org>

FIMD_VIDWADD0_END is defined twice, keep only one.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251121093509.25088-1-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/display/exynos4210_fimd.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index c61e0280a7c..6b1eb43987c 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -131,7 +131,6 @@
 /* Frame buffer address registers */
 #define FIMD_VIDWADD0_START         0x00A0
 #define FIMD_VIDWADD0_END           0x00C4
-#define FIMD_VIDWADD0_END           0x00C4
 #define FIMD_VIDWADD1_START         0x00D0
 #define FIMD_VIDWADD1_END           0x00F4
 #define FIMD_VIDWADD2_START         0x0100
-- 
2.43.0

[PULL 3/4] hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs

[Peter Maydell]

For M-profile cores which support TrustZone, there are some memory
areas which are "NS aliases" -- a Secure access to these addresses
really performs an NS access to a different part of the device.  We
implement these using MemoryRegionOps read and write functions which
pass the access on with adjusted attributes using
memory_region_dispatch_read() and memory_region_dispatch_write().

Since the MR we are dispatching to is owned by the same device that
owns the NS-alias MR (the TYPE_ARMV7M container object), this trips
the reentrancy-guard that is applied by access_with_adjusted_size().

Mark the NS alias MemoryRegions as disable_reentrancy_guard; this is
safe because v7m_sysreg_ns_read() and v7m_sysreg_ns_write() do not
touch any of the device's state.  (Any further reentrancy attempts by
the underlying MR will still be caught.)

Without this fix, an attempt to read from an address like 0xe002e010,
which is a register in the NS systick alias, will fail and provoke

 qemu-system-arm: warning: Blocked re-entrant IO on MemoryRegion: v7m_systick at addr: 0x0

We didn't notice this earlier because almost all code accesses
the registers and systick via the non-alias addresses; the NS
aliases are only need for the rarer case of Secure code that needs
to manage the NS timer or system state on behalf of NS code.

Note that although the v7m_systick_ops read and write functions
also call memory_region_dispatch_{read,write}, this MR does not
need to have the reentrancy-guard disabled because the underlying
MR that it forwards to is owned by a different device (the
TYPE_SYSTICK timer device).

Reported via a stackoverflow question:
https://stackoverflow.com/questions/79808107/what-this-error-is-even-about-qemu-system-arm-warning-blocked-re-entrant-io

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251114155304.2662414-1-peter.maydell@linaro.org
---
 hw/arm/armv7m.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index c4a9c3ac529..7fa1b37630e 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -442,6 +442,12 @@ static void armv7m_realize(DeviceState *dev, Error **errp)
                               &v7m_sysreg_ns_ops,
                               sysbus_mmio_get_region(sbd, 0),
                               "nvic_sysregs_ns", 0x1000);
+        /*
+         * This MR calls memory_region_dispatch_read/write to access the
+         * real region for the NVIC sysregs (which is also owned by this
+         * device), so reentrancy through here is expected and safe.
+         */
+        s->sysreg_ns_mem.disable_reentrancy_guard = true;
         memory_region_add_subregion(&s->container, 0xe002e000,
                                     &s->sysreg_ns_mem);
     }
@@ -499,6 +505,12 @@ static void armv7m_realize(DeviceState *dev, Error **errp)
         memory_region_init_io(&s->systick_ns_mem, OBJECT(s),
                               &v7m_sysreg_ns_ops, &s->systickmem,
                               "v7m_systick_ns", 0xe0);
+        /*
+         * This MR calls memory_region_dispatch_read/write to access the
+         * real region for the systick regs (which is also owned by this
+         * device), so reentrancy through here is expected and safe.
+         */
+        s->systick_ns_mem.disable_reentrancy_guard = true;
         memory_region_add_subregion_overlap(&s->container, 0xe002e010,
                                             &s->systick_ns_mem, 1);
     }
-- 
2.43.0

[PULL 4/4] hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()

[Peter Maydell]

In fimd_update_memory_section() we attempt ot find and map part of
the RAM MR which backs the framebuffer, based on guest-configurable
size and start address.

If the guest configures framebuffer settings which result in a
zero-sized framebuffer, we hit an assertion(), because
memory_region_find() will return a NULL mem_section.mr.

Explicitly check for the zero-size case and treat this as a
guest error.

Because we now have a code path which can reach error_return without
calling memory_region_find to set w->mem_section, we must NULL out
w->mem_section.mr after the unref of the old MR, so that error_return
does not incorrectly double-unref the old MR.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1407
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251107143913.1341358-1-peter.maydell@linaro.org
---
 hw/display/exynos4210_fimd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index 6b1eb43987c..49c180fec0c 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -1146,6 +1146,13 @@ static void fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
     if (w->mem_section.mr) {
         memory_region_set_log(w->mem_section.mr, false, DIRTY_MEMORY_VGA);
         memory_region_unref(w->mem_section.mr);
+        w->mem_section.mr = NULL;
+    }
+
+    if (w->fb_len == 0) {
+        qemu_log_mask(LOG_GUEST_ERROR,
+                      "FIMD: Guest config means framebuffer is zero length\n");
+        goto error_return;
     }
 
     w->mem_section = memory_region_find(s->fbmem, fb_start_addr, w->fb_len);
-- 
2.43.0

Re: [PULL 0/4] target-arm queue

[Richard Henderson]

On 11/24/25 06:30, Peter Maydell wrote:
> Hi; here's an arm pullreq for rc2: three small bug fixes and
> one trivial removal of a duplicated #define.
> 
> thanks
> -- PMM
> 
> The following changes since commit fb241d0a1fd36a1b67ecced29d8b533316cf9e2d:
> 
>    Merge tag 'staging-pull-request' ofhttps://gitlab.com/peterx/qemu into staging (2025-11-23 11:46:53 -0800)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/pm215/qemu.git tags/pull-target-arm-20251124
> 
> for you to fetch changes up to 579be921f509fb9d2deccc4233496e36b221abb3:
> 
>    hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() (2025-11-24 11:01:23 +0000)
> 
> ----------------------------------------------------------------
> target-arm queue:
>   * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
>   * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
>   * hw/display/exynos4210_fimd: Remove duplicated definition
>   * hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/10.2 as appropriate.

r~