From 758b71f7a3855cc8a3e3ae120b70294fa1502835 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 27 Jul 2018 14:54:06 +0100 Subject: [PATCH 1/6] arm/smmuv3: Fix missing VMSD terminator The 'vmstate_smmuv3_queue' is missing the end-of-list marker. Fixes: 10a83cb9887 Signed-off-by: Dr. David Alan Gilbert Message-id: 20180727135406.15132-1-dgilbert@redhat.com Reviewed-by: Peter Maydell [PMM: dropped stray blank line] Signed-off-by: Peter Maydell --- hw/arm/smmuv3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 39fbcbf577..bb6a24e9b8 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1414,6 +1414,7 @@ static const VMStateDescription vmstate_smmuv3_queue = { VMSTATE_UINT32(prod, SMMUQueue), VMSTATE_UINT32(cons, SMMUQueue), VMSTATE_UINT8(log2size, SMMUQueue), + VMSTATE_END_OF_LIST(), }, }; From d1fb710a9b88fa6e11476ba7536b1c5cc2a55b19 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Wed, 25 Jul 2018 13:30:00 +0200 Subject: [PATCH 2/6] hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() When copy_properties_from_host() ignores the error for an optional property, it frees the error, but fails to reset it. Hence if two or more optional properties are missing, an assertion is triggered: util/error.c:57: error_setv: Assertion `*errp == NULL' failed. Fis this by resetting err to NULL after ignoring the error. Fixes: 9481cf2e5f2f2bb6 ("hw/arm/sysbus-fdt: helpers for clock node generation") Signed-off-by: Geert Uytterhoeven Message-id: 20180725113000.11014-1-geert+renesas@glider.be Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/sysbus-fdt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c index 0d4c75702c..43d6a7bb48 100644 --- a/hw/arm/sysbus-fdt.c +++ b/hw/arm/sysbus-fdt.c @@ -107,6 +107,7 @@ static void copy_properties_from_host(HostProperty *props, int nb_props, /* mandatory property not found: bail out */ exit(1); } + err = NULL; } } } From 942566ffc189ad1ea09d350860d08d95597537ca Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 27 Jul 2018 12:38:53 +0100 Subject: [PATCH 3/6] armv7m_nvic: Fix m-security subsection name The vmstate save/load code insists that subsections of a VMState must have names which include their parent VMState's name as a leading substring. Unfortunately it neither documents this nor checks it on device init or state save, but instead fails state load with a confusing error message ("Missing section footer for armv7m_nvic"). Fix the name of the m-security subsection of the NVIC, so that state save/load works correctly for the security-enabled NVIC. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20180727113854.20283-2-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 6be7fc5266..cd1e7f1729 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -2064,7 +2064,7 @@ static int nvic_security_post_load(void *opaque, int version_id) } static const VMStateDescription vmstate_nvic_security = { - .name = "nvic/m-security", + .name = "armv7m_nvic/m-security", .version_id = 1, .minimum_version_id = 1, .needed = nvic_security_needed, From 984b0c100f74eb4a32b3d44eb80963ee82ebfba5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 27 Jul 2018 12:38:54 +0100 Subject: [PATCH 4/6] hw/arm/iotkit: Fix IRQ number for timer1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cut-and-paste error meant we were incorrectly wiring up the timer1 IRQ to IRQ3. IRQ3 is the interrupt for timer0 -- move timer0 to IRQ4 where it belongs. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180727113854.20283-3-peter.maydell@linaro.org --- hw/arm/iotkit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c index c76d3ed743..8cadc8b160 100644 --- a/hw/arm/iotkit.c +++ b/hw/arm/iotkit.c @@ -382,7 +382,7 @@ static void iotkit_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer1), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 3)); + qdev_get_gpio_in(DEVICE(&s->armv7m), 4)); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer1), 0); object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[1]", &err); if (err) { From 218fe5ce402986cf2cf246d65bf71de9f3508fe3 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 24 Jul 2018 16:36:16 +0100 Subject: [PATCH 5/6] hw/misc/tz-mpc: Zero the LUT on initialization, not just reset In the tz-mpc device we allocate a data block for the LUT, which we then clear to zero in the device's reset method. This is conceptually fine, but unfortunately results in a valgrind complaint about use of uninitialized data on startup: ==30906== Conditional jump or move depends on uninitialised value(s) ==30906== at 0x503609: tz_mpc_translate (tz-mpc.c:439) ==30906== by 0x3F3D90: address_space_translate_iommu (exec.c:511) ==30906== by 0x3F3FF8: flatview_do_translate (exec.c:584) ==30906== by 0x3F4292: flatview_translate (exec.c:644) ==30906== by 0x3F2120: address_space_translate (memory.h:1962) ==30906== by 0x3FB753: address_space_ldl_internal (memory_ldst.inc.c:36) ==30906== by 0x3FB8A6: address_space_ldl (memory_ldst.inc.c:80) ==30906== by 0x619037: ldl_phys (memory_ldst_phys.inc.h:25) ==30906== by 0x61985D: arm_cpu_reset (cpu.c:255) ==30906== by 0x98791B: cpu_reset (cpu.c:249) ==30906== by 0x57FFDB: armv7m_reset (armv7m.c:265) ==30906== by 0x7B1775: qemu_devices_reset (reset.c:69) This is because of a reset ordering problem -- the TZ MPC resets after the CPU, but an M-profile CPU's reset function includes memory loads to get the initial PC and SP, which then go through an MPC that hasn't yet been reset. The simplest fix for this is to zero the LUT when we initialize the data, which will result in the MPC's translate function giving the right answers for these early memory accesses. Reported-by: Thomas Huth Signed-off-by: Peter Maydell Tested-by: Thomas Huth Message-id: 20180724153616.32352-1-peter.maydell@linaro.org --- hw/misc/tz-mpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/tz-mpc.c b/hw/misc/tz-mpc.c index 8316079b4b..e0c58ba37e 100644 --- a/hw/misc/tz-mpc.c +++ b/hw/misc/tz-mpc.c @@ -547,7 +547,7 @@ static void tz_mpc_realize(DeviceState *dev, Error **errp) address_space_init(&s->blocked_io_as, &s->blocked_io, "tz-mpc-blocked-io"); - s->blk_lut = g_new(uint32_t, s->blk_max); + s->blk_lut = g_new0(uint32_t, s->blk_max); } static int tz_mpc_post_load(void *opaque, int version_id) From 0261fb805c00a6f97d143235e7b06b0906bdf898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 27 Jul 2018 10:23:11 -0300 Subject: [PATCH 6/6] target/arm: Remove duplicate 'host' entry in '-cpu ?' output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since 86f0a186d6f the TYPE_ARM_HOST_CPU is only compiled when CONFIG_KVM is enabled. Remove the now redundant special-case introduced in a96c0514ab7, to avoid: $ qemu-system-aarch64 -machine virt -cpu \? | fgrep host host host (only available in KVM mode) Signed-off-by: Philippe Mathieu-Daudé Message-id: 20180727132311.2777-1-f4bug@amsat.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/helper.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 22d812240a..66afb08ee0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5591,12 +5591,6 @@ void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf) (*cpu_fprintf)(f, "Available CPUs:\n"); g_slist_foreach(list, arm_cpu_list_entry, &s); g_slist_free(list); -#ifdef CONFIG_KVM - /* The 'host' CPU type is dynamically registered only if KVM is - * enabled, so we have to special-case it here: - */ - (*cpu_fprintf)(f, " host (only available in KVM mode)\n"); -#endif } static void arm_cpu_add_definition(gpointer data, gpointer user_data)