git.osdn.net Git - qmiga/qemu.git/log

target/ppc: Fix timebase reset with record-replay

Timebase save uses a random number for a legacy vmstate field, which
makes rr snapshot loading unbalanced. The easiest way to deal with this
is just to skip the rng if record-replay is active.

Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Fix CPU reservation migration for record-replay

ppc only migrates reserve_addr, so the destination machine can get a
valid reservation with an incorrect reservation value of 0. Prior to
commit 392d328abe753 ("target/ppc: Ensure stcx size matches larx"),
this could permit a stcx. to incorrectly succeed. That commit
inadvertently fixed that bug because the target machine starts with an
impossible reservation size of 0, so any stcx. will fail.

This behaviour is permitted by the ISA because reservation loss may
have implementation-dependent cause. What's more, with KVM machines it
is impossible save or reasonably restore reservation state. However if
the vmstate is being used for record-replay, the reservation must be
saved and restored exactly in order for execution from snapshot to
match the record.

This patch deprecates the existing incomplete reserve_addr vmstate,
and adds a new vmstate subsection with complete reservation state.
The new vmstate is needed only when record-replay mode is active.

Acked-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Read time only once to perform decrementer write

Reading the time more than once to perform an operation always increases
complexity and fragility due to introduced deltas. Simplify the
decrementer write by reading the clock once for the operation.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Reset timebase facilities on machine reset

Lower interrupts, delete timers, and set time facility registers
back to initial state on machine reset.

This is not so important for record-replay since timebase and
decrementer are migrated, but it gives a cleaner reset state.

Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[ clg: checkpatch.pl fixes ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Migrate DECR SPR

TCG does not maintain the DEC reigster in the SPR array, so it does get
migrated. TCG also needs to re-start the decrementer timer on the
destination machine.

Load and store the decrementer into the SPR when migrating. This works
for the level-triggered (book3s) decrementer, and should be compatible
with existing KVM machines that do keep the DEC value there.

This fixes lost decrementer interrupt on migration that can cause
hangs, as well as other problems including record-replay bugs.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Always store the decrementer value

When writing a value to the decrementer that raises an exception, the
irq is raised, but the value is not stored so the store doesn't appear
to have changed the register when it is read again.

Always store the write value to the register.

Fixes: e81a982aa53 ("PPC: Clean up DECR implementation")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Sign-extend large decrementer to 64-bits

When storing a large decrementer value with the most significant
implemented bit set, it is to be treated as a negative and sign
extended.

This isn't hit for book3s DEC because of another bug, fixing it
in the next patch exposes this one and can cause additional
problems, so fix this first. It can be hit with HDECR and other
edge triggered types.

Fixes: a8dafa52518 ("target/ppc: Implement large decrementer support for TCG")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[ clg: removed extra cpu and pcc variables shadowing local variables ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Avoid decrementer rounding errors

The decrementer register contains a relative time in timebase units.
When writing to DECR this is converted and stored as an absolute value
in nanosecond units, reading DECR converts back to relative timebase.

The tb<->ns conversion of the relative part can cause rounding such that
a value writen to the decrementer can read back a different, with time
held constant. This is a particular problem for a deterministic icount
and record-replay trace.

Fix this by storing the absolute value in timebase units rather than
nanoseconds. The math before:
  store:  decr_next = now_ns + decr * ns_per_sec / tb_per_sec
  load:        decr = (decr_next - now_ns) * tb_per_sec / ns_per_sec
  load(store): decr = decr * ns_per_sec / tb_per_sec * tb_per_sec /
                      ns_per_sec

After:
  store:  decr_next = now_ns * tb_per_sec / ns_per_sec + decr
  load:        decr = decr_next - now_ns * tb_per_sec / ns_per_sec
  load(store): decr = decr

Fixes: 9fddaa0c0cab ("PowerPC merge: real time TB and decrementer - faster and simpler exception handling (Jocelyn Mayer)")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Round up the decrementer interval when converting to ns

The rule of timers is typically that they should never expire before the
timeout, but some time afterward. Rounding timer intervals up when doing
conversion is the right thing to do.

Under most circumstances it is impossible observe the decrementer
interrupt before the dec register has triggered. However with icount
timing, problems can arise. For example setting DEC to 0 can schedule
the timer for now, causing it to fire before any more instructions
have been executed and DEC is still 0.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

host-utils: Add muldiv64_round_up

This will be used for converting time intervals in different base units
to host units, for the purpose of scheduling timers to emulate target
timers. Timers typically must not fire before their requested expiry
time but may fire some time afterward, so rounding up is the right way
to implement these.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[ clg: renamed __muldiv64() to muldiv64_rounding() ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc: Introduce functions for conversion between timebase and nanoseconds

These calculations are repeated several times, and they will become
a little more complicated with subsequent changes.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ppc/ppc.c: Tidy over-long lines

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

ppc/vof: Fix missed fields in VOF cleanup

Failing to reset the of_instance_last makes ihandle allocation continue
to increase, which causes record-replay replay fail to match the
recorded trace.

Not resetting claimed_base makes VOF eventually run out of memory after
some resets.

Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Fixes: fc8c745d501 ("spapr: Implement Open Firmware client interface")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

ppc/vhyp: reset exception state when handling vhyp hcall

Convention is to reset the exception_index and error_code after handling
an interrupt. The vhyp hcall handler fails to do this. This does not
appear to have ill effects because cpu_handle_exception() clears
exception_index later, but it is fragile and inconsistent. Reset the
exception state after handling vhyp hcall like other handlers.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

spapr: implement H_SET_MODE debug facilities

Wire up the H_SET_MODE debug resources to the CIABR and DAWR0 debug
facilities in TCG.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Implement watchpoint debug facility for v2.07S

ISA v2.07S introduced the watchpoint facility based on the DAWR0
and DAWRX0 SPRs. Implement this in TCG.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Implement breakpoint debug facility for v2.07S

ISA v2.07S introduced the breakpoint facility based on the CIABR SPR.
Implement this in TCG.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Suppress single step interrupts on rfi-type instructions

BookS does not take single step interrupts on completion of rfi and
similar (rfid, hrfid, rfscv). This is not a completely clean way to
do it, but in general non-branch instructions that change NIP on
completion are excluded.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Improve book3s branch trace interrupt for v2.07S

Improve the emulation accuracy of the single step and branch trace
interrupts for v2.07S. Set SRR1[33]=1, and set SIAR to completed
instruction address.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Remove single-step suppression inside 0x100-0xf00

Single-step interrupts are suppressed if the nip is between 0x100 and
0xf00. This has been the case for a long time and it's not clear what
the intention is. Likely either an attempt to suppress trace interrupts
for instructions that cause an interrupt on completion, or a workaround
to prevent software tripping over itself single stepping its interrupt
handlers.

BookE interrupt vectors are set by IVOR registers, and BookS has AIL
modes and new interrupt types, so there are many interrupts including
the debug interrupt which can be outside this range. So any effect it
might have had does not cover most cases (including Linux on recent
BookS CPUs).

Remove this special case.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[ clg : fixed typo in commit logs ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

ppc: Add stub implementation of TRIG SPRs

Linux sets these to control cache flush behaviour on Power9. Supervisor
and hypervisor are allowed to write, and reads are noops.

Add implementations to avoid noisy messages when booting Linux under the
pseries machine with guest_errors enabled.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

target/ppc: Generate storage interrupts for radix RC changes

Change radix model to always generate a storage interrupt when the R/C
bits are not set appropriately in a PTE instead of setting the bits
itself. According to the ISA both behaviors are valid, but in practice
this change more closely matches behavior observed on the POWER9 CPU.

From the POWER9 Processor User's Manual, Section 4.10.13.1: "When
performing Radix translation, the POWER9 hardware triggers the
appropriate interrupt ... for the mode and type of access whenever
Reference (R) and Change (C) bits require setting in either the guest or
host page-table entry (PTE)."

Signed-off-by: Shawn Anastasio <sanastasio@raptorengineering.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

Merge tag 'pull-request-2023-08-31' of https://gitlab.com/thuth/qemu into staging

* Use precise selfmodifying code mode on s390x TCG
* Check for availablility of more devices in qtests before using them
* Some other minor qtest fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmTw5v4RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbX2DRAAo7NPNPQ2nsYDdYfKAGt8OSg1BHqh1RYH
# jvLiU5xrWQ3whmSJYw4rcSyBk4yC+lIjoXT6oBn6O40Q1r7OmrWgtrn9g//3SLHb
# Wfob5bZkmRiETDZNFFpYcpRPzElF3ZqIfwOhJ3zfmAQxqeTxpTnAuq2vI38pk3Hz
# 4pQR/j2IKZFmFt6cdYUaKi32odDK6ySKAFCKy9I8sz2hJgOXQRYBkjorDx+g+hoF
# o7DTGkA3uH2xXlLQKhbEGm5xQMlcBgTMb2XeguvRbb7g/Uc046homwm0r6rejDy5
# EgW9Kx3Y34QYZt51onqmA57MNNQboubHkSz9W2b57OX+IWA3VRncdBAxdGmubRTY
# Jb6LsBZSMdKQBXxgIP3DZjvH6MxYjA9Iy3YI7Mk+hJnDACkFVJOCPxS9acnmjYE5
# Nn935GmbYMazfci0c3zc/899hAGDNglD9Tf6ourBjl1WLQstefXhlpzkbGWqSFjF
# Tovpal+Rm6KLDFSfs6TsRp6+FF8a6C1k251Ai67adkiCYM/jKwVoiHrsUJeG0vyc
# 791x5+lixxkLUHu1qNYfEdxvaOE8guhXRt3zJIjmphio3v+RFBLbzC6lTzeZbTTv
# DpnnoFJ/tCzdLew7A1QuzuW361ywyKVE4Qp8HQfaJCOJT9aGgMdyoHlpgz0ojgJm
# fD8Vfl9GZFQ=
# =tZWg
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Aug 2023 15:16:14 EDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-08-31' of https://gitlab.com/thuth/qemu:
  meson: test for CONFIG_TCG in config_all
  subprojects/berkeley-testfloat-3: Update to fix a problem with compiler warnings
  tests/qtest/bios-tables-test: Check for virtio-iommu device before using it
  tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
  tests/qtest/usb-hcd-xhci-test: Check availability of devices before using them
  tests/tcg/s390x: Test precise self-modifying code handling
  target/s390x: Define TARGET_HAS_PRECISE_SMC

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'misc-20230831' of https://github.com/philmd/qemu into staging

Misc patches queue

Build fixes:
- Only define OS_OBJECT_USE_OBJC with gcc

Overall cleanups:
- Do not declare function prototypes using 'extern' keyword
- Remove unmaintained HAX accelerator
- Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE instead of boolean
- Avoid modifying QOM class internals from instance in pmbus_device
- Avoid variable-length array in xhci_get_port_bandwidth
- Remove unuseful kvmclock_create() stub
- Style: permit inline loop variables
- Various header cleanups
- Various spelling fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTw0oUACgkQ4+MsLN6t
# wN7nZQ/+Jyrw1TnHiKV8nS5NKtQIszMTcAbrcuV8YCk0XgwprmrLzxOsOcVOU+MN
# C9SHOhGGcu8NKho73CDrsKqye/IKm8rumMm0hcZrtqGS+3MX9RQzDBUgRgihgD9b
# 78Pmiz/91mrsV4zjXBkWLILipjDUwAL0oXh+MLfkmkTdzJMVfllF5KfF+hdOipwq
# +ECOzwEAFUtCWQk51aLGfrg9SarKC2jtRBEvd1RhwfvXAMCdGP9+pfXJQqkT7ZTK
# Hf4TuOHkzZjHumHGGcJn+P1WHM6W3ILdocG7AAl+/0Jwkx4vhR+6MENJGLxqg4pa
# VTnOpJiL/HsY8319mTswTmlxqmotEDakGjdaRm4ClWPxPksF7zQkdTspBx0/Qayu
# SPr7U5gFLPXMhCpMnrznvjCS+C/dqLYrJAczs9Ecv6KawOIwMiPRzc0SyimCV4DI
# kcpL88Vn4unoBCF7AdiDluPoY2Q41TZ6gRa7B1/nI/4j9Y+Gs/gWQxYHjMlDso+O
# sNgMJ+sqIPW9n1vhl9s6AQweBYnMRW34A5iok9MV0HyFTxNKMoCoR8Ssfk9YzT+L
# mK5a9AfgT8FrhtQXQz6ojIPFM8Q4zGcAQOMudpPiDICDAJaPuUpzL3XVwStT6Rfc
# YL0+Nb+Ja5hPh0fAhgX3BH0EsqruW+DA8rEZfIgAIXDbOC5QFIo=
# =SVsZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Aug 2023 13:48:53 EDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'misc-20230831' of https://github.com/philmd/qemu: (39 commits)
  build: Only define OS_OBJECT_USE_OBJC with gcc
  tests/tcg/aarch64: Rename bti-crt.inc.c -> bti-crt.c.inc
  ui: spelling fixes
  util: spelling fixes
  util/fifo8: Fix typo in fifo8_push_all() description
  hw/i386: Rename 'hw/kvm/clock.h' -> 'hw/i386/kvm/clock.h'
  hw/i386: Remove unuseful kvmclock_create() stub
  hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()
  hw/usb: spelling fixes
  hw/sd: spelling fixes
  hw/mips: spelling fixes
  hw/display: spelling fixes
  hw/ide: spelling fixes
  hw/i2c: spelling fixes
  hw/i2c/pmbus_device: Fix modifying QOM class internals from instance
  hw/char/pl011: Replace magic values by register field definitions
  hw/char/pl011: Remove duplicated PL011_INT_[RT]X definitions
  hw/char/pl011: Display register name in trace events
  hw/char/pl011: Restrict MemoryRegionOps implementation access sizes
  hw/char: Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

build: Only define OS_OBJECT_USE_OBJC with gcc

Recent versions of macOS use clang instead of gcc. The OS_OBJECT_USE_OBJC
define is only necessary when building with gcc. Let's not define it when
building with clang.

With this patch, I can successfully include GCD headers in QEMU when
building with clang.

Signed-off-by: Alexander Graf <graf@amazon.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20230830161425.91946-2-graf@amazon.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

tests/tcg/aarch64: Rename bti-crt.inc.c -> bti-crt.c.inc

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented as the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename 'bti-crt.inc.c' as 'bti-crt.c.inc'.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230606141252.95032-6-philmd@linaro.org>

ui: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-2-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

util: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230823065335.1919380-3-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

util/fifo8: Fix typo in fifo8_push_all() description

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230522153144.30610-2-philmd@linaro.org>

hw/i386: Rename 'hw/kvm/clock.h' -> 'hw/i386/kvm/clock.h'

kvmclock_create() is only implemented in hw/i386/kvm/clock.h.
Restrict the "hw/kvm/clock.h" header to i386 by moving it to
hw/i386/.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230620083228.88796-3-philmd@linaro.org>

hw/i386: Remove unuseful kvmclock_create() stub

We shouldn't call kvmclock_create() when KVM is not available
or disabled:
- check for kvm_enabled() before calling it
- assert KVM is enabled once called
Since the call is elided when KVM is not available, we can
remove the stub (it is never compiled).

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230620083228.88796-2-philmd@linaro.org>

hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()

In xhci_get_port_bandwidth(), we use a variable-length array to
construct the buffer to send back to the guest. Avoid the VLA
by using dma_memory_set() to directly request the memory system
to fill the guest memory with a string of '80's.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230824164818.2652452-1-peter.maydell@linaro.org>

hw/usb: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-14-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/sd: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-18-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/mips: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230823065335.1919380-7-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/display: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230823065335.1919380-15-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/ide: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-14-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/i2c: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-14-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/i2c/pmbus_device: Fix modifying QOM class internals from instance

QOM object instance should not modify its class state (because
all other objects instanciated from this class get affected).

Instead of modifying the PMBusDeviceClass 'device_num_pages' field
the first time a instance is initialized (in pmbus_pages_alloc),
introduce a new pmbus_pages_num() helper which returns the page
number from the class without modifying the class state.

The code logic become slighly simplified.

Inspired-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230523064408.57941-4-philmd@linaro.org>

hw/char/pl011: Replace magic values by register field definitions

0x400 is Data Register Break Error (DR_BE),
0x10 is Line Control Register Fifo Enabled (LCR_FEN)
and 0x1 is Send Break (LCR_BRK).

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230522153144.30610-7-philmd@linaro.org>

hw/char/pl011: Remove duplicated PL011_INT_[RT]X definitions

PL011_INT_TX duplicates INT_TX, and PL011_INT_RX INT_RX.
Follow other register fields definitions from this file,
keep the shorter form.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230522153144.30610-6-philmd@linaro.org>

hw/char/pl011: Display register name in trace events

To avoid knowing the register addresses by heart,
display their name along in the trace events.

Since the MMIO region is 4K wide (0x1000 bytes),
displaying the address with 3 digits is enough,
so reduce the address format.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230522153144.30610-5-philmd@linaro.org>

hw/char/pl011: Restrict MemoryRegionOps implementation access sizes

The pl011_read() and pl011_write() handlers shift the offset
argument by 2, so are implemented on a 32-bit boundary.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230710175102.32429-2-philmd@linaro.org>

hw/char: Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE

GLib recommend to use G_SOURCE_REMOVE / G_SOURCE_CONTINUE
for GSourceFunc callbacks. Our FEWatchFunc is a GSourceFunc
returning such value. Use such definitions which are
"more memorable" [*].

[*] https://docs.gtk.org/glib/callback.SourceFunc.html#return-value

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230705133139.54419-5-philmd@linaro.org>

chardev/char-fe: Document FEWatchFunc typedef

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230705133139.54419-4-philmd@linaro.org>

exec/translation-block: Clean up includes

'qemu/atomic.h' and 'exec/target_page.h' are not used.
'qemu/interval-tree.h' is only required for user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-12-philmd@linaro.org>

qemu/processor: Remove unused 'qemu/atomic.h' header

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-11-philmd@linaro.org>

target/xtensa: Include missing 'qemu/atomic.h' header

Since commit fa92bd4af7 ("target/xtensa: fix access to
the INTERRUPT SR") these files use QEMU atomic API.
Explicit the header inclusion instead of relying on
implicit and indirect inclusion.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-10-philmd@linaro.org>

target/mips: Remove unused headers in lcsr_helper.c

This files only access the address_space_ld/st API, declared
in "exec/cpu-all.h", already included by "cpu.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-9-philmd@linaro.org>

target/helpers: Remove unnecessary 'qemu/main-loop.h' header

"qemu/main-loop.h" declares functions related to QEMU's
main loop mutex, which these files don't access. Remove
the unused "qemu/main-loop.h" header.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-8-philmd@linaro.org>

target/helpers: Remove unnecessary 'exec/cpu_ldst.h' header

These files don't use the CPU ld/st API, remove the unnecessary
"exec/cpu_ldst.h" header.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230828221314.18435-7-philmd@linaro.org>

target/translate: Restrict 'exec/cpu_ldst.h' to user emulation

Only handle_sigsegv_accerr_write(), declared with user
emulation, requires "exec/cpu_ldst.h" (for the abi_ptr
typedef).

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-6-philmd@linaro.org>

target/translate: Remove unnecessary 'exec/cpu_ldst.h' header

All these files only access the translator_ld/st API declared
in "exec/translator.h". The CPU ld/st API from declared in
"exec/cpu_ldst.h" is not used, remove it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-5-philmd@linaro.org>

target/translate: Include missing 'exec/cpu_ldst.h' header

All these files access the CPU LD/ST API declared in "exec/cpu_ldst.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-4-philmd@linaro.org>

target/riscv/pmu: Restrict 'qemu/log.h' include to source

Declarations from "riscv/pmu.h" don't need anything from "qemu/log.h",
reduce it's inclusion to the source.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-3-philmd@linaro.org>

target/ppc/pmu: Include missing 'qemu/timer.h' header

Since commit c2eff582a3 ("target/ppc: PMU basic cycle count for
pseries TCG") pmu_update_cycles() uses QEMU_CLOCK_VIRTUAL and
calls qemu_clock_get_ns(), both defined in "qemu/timer.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230828221314.18435-2-philmd@linaro.org>

exec/address-spaces.h: Remove unuseful 'exec/memory.h' include

"exec/address-spaces.h" declares get_system_io() and
get_system_memory(), both returning a MemoryRegion pointer.
MemoryRegion is forward declared in "qemu/typedefs.h", so
we don't need any declaration from "exec/memory.h" here.
Remove it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230619074153.44268-4-philmd@linaro.org>

hw/dma/etraxfs: Include missing 'exec/memory.h' header

The 'fs_dma_ctrl' structure has a MemoryRegion 'mmio' field
which is initialized in etraxfs_dmac_init() calling
memory_region_init_io() and memory_region_add_subregion().

These functions are declared in "exec/memory.h", along with
the MemoryRegion structure. Include the missing header.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230619074153.44268-3-philmd@linaro.org>

hw/net/i82596: Include missing 'exec/address-spaces.h' header

hw/net/i82596.c access the global 'address_space_memory'
calling the ld/st_phys() API. address_space_memory is
declared in "exec/address-spaces.h". Currently this header
is indirectly pulled in via another header. Explicitly include
it to avoid when refactoring unrelated headers:

  hw/net/i82596.c:91:23: error: use of undeclared identifier 'address_space_memory'; did you mean 'address_space_destroy'?
    return ldub_phys(&address_space_memory, addr);
                      ^~~~~~~~~~~~~~~~~~~~
                      address_space_destroy

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230619074153.44268-2-philmd@linaro.org>

bulk: Do not declare function prototypes using 'extern' keyword

By default, C function prototypes declared in headers are visible,
so there is no need to declare them as 'extern' functions.
Remove this redundancy in a single bulk commit; do not modify:

  - meson.build (used to check function availability at runtime)
  - pc-bios/
  - libdecnumber/
  - tests/
  - *.c

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230605175647.88395-5-philmd@linaro.org>

qemu/uri: Use QueryParams type definition

Follow QEMU CODING_STYLE, use the type definition,
making that prototype match the following two.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230605175647.88395-4-philmd@linaro.org>

accel/tcg: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230823065335.1919380-18-mjt@tls.msk.ru>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20230823065335.1919380-19-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

accel: Remove HAX accelerator

HAX is deprecated since commits 73741fda6c ("MAINTAINERS: Abort
HAXM maintenance") and 90c167a1da ("docs/about/deprecated: Mark
HAXM in QEMU as deprecated"), released in v8.0.0.

Per the latest HAXM release (v7.8 [*]), the latest QEMU supported
is v7.2:

  Note: Up to this release, HAXM supports QEMU from 2.9.0 to 7.2.0.

The next commit (https://github.com/intel/haxm/commit/da1b8ec072)
added:

  HAXM v7.8.0 is our last release and we will not accept
  pull requests or respond to issues after this.

It became very hard to build and test HAXM. Its previous
maintainers made it clear they won't help.  It doesn't seem to be
a very good use of QEMU maintainers to spend their time in a dead
project. Save our time by removing this orphan zombie code.

[*] https://github.com/intel/haxm/releases/tag/v7.8.0

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230831082016.60885-1-philmd@linaro.org>

meson: test for CONFIG_TCG in config_all

CONFIG_TCG is not included in *-config-devices.h, so the test is
always failing.

Fixes: 74884cb1a6d ("qtest/meson.build: check CONFIG_TCG for boot-serial-test in qtests_ppc", 2022-03-14)
Fixes: 44d827ea69e ("qtest/meson.build: check CONFIG_TCG for prom-env-test in qtests_ppc", 2022-03-14)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230830095347.132485-1-pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

subprojects/berkeley-testfloat-3: Update to fix a problem with compiler warnings

Update the berkeley-testfloat-3 wrap to include a patch provided by
Olaf Hering. This fixes a problem with "control reaches end of non-void
function [-Werror=return-type]" compiler warning/errors that are now
enabled by default in certain versions of GCC.

Reported-by: Olaf Hering <olaf@aepfle.de>
Message-Id: <20230816091522.1292029-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

tests/qtest/bios-tables-test: Check for virtio-iommu device before using it

The virtio-iommu device might be missing in the QEMU binary (e.g. in
downstream RHEL builds), so let's better check for its availability first
before using it.

Message-Id: <20230822164948.65187-1-thuth@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()

We use a variable-length array in inet_get_free_port_multiple().
This is only test code called at the start of a test, so switch to a
heap allocation instead.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230824164535.2652070-1-peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

tests/qtest/usb-hcd-xhci-test: Check availability of devices before using them

The "usb-uas" and "usb-ccid" might not be compiled into the QEMU binary,
so let's better check first whether they are available.

Message-Id: <20230822163024.61529-1-thuth@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>

tests/tcg/s390x: Test precise self-modifying code handling

Add small softmmu and user tests to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230807114921.438881-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

target/s390x: Define TARGET_HAS_PRECISE_SMC

PoP (Sequence of Storage References -> Instruction Fetching) says:

    ... if a store that is conceptually earlier is
    made by the same CPU using the same effective
    address as that by which the instruction is subse-
    quently fetched, the updated information is obtained ...

QEMU already has support for this in the common code; enable it for
s390x.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230807114921.438881-1-iii@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

Merge tag 'quick-fix-pull-request' of https://gitlab.com/bsdimp/qemu into staging

Pull request: fix ci by fixing clang-user

# -----BEGIN PGP SIGNATURE-----
# Comment: GPGTools - https://gpgtools.org
#
# iQIzBAABCgAdFiEEIDX4lLAKo898zeG3bBzRKH2wEQAFAmTvYpcACgkQbBzRKH2w
# EQCKvhAA3nfvm+UMoRbOjFGuOOZKy+HR+nk40rxHa8CzOabbJnx4EtdBZTnNJ+f5
# WxLvEIzQw6iLYoqr6Rkcn0MkfYryesDScig7tQW0A87DtivXbDyrRbcmAQuCrcSe
# EpEqjBOueiC9xe1U9hzdpNyBkuXQWFUNGKX6swR5vpOEb1hHKzFMY+60vEgcjcjQ
# /y7cQcwRJeMNyBEwAM4HSgcVIKxB8ZmIQpIbsWJPAJhEZZE6SvTiKhM0PlZvrwnv
# dlEV8F68f3cBka0QmX5JJNJQdXn+2gb2Ix06dm8z7BWtiZoH/rcJ0FfVjMk7bkcC
# 2e0J0jI9JTf1MKNGHbO8V2YoZw+jCB9nr6N8HEymgla7bK6QPD6LIdTs0i6PUEB8
# PUf902NrOS+kbWTGsb9GINegklk3pJ0jnFZagqfCUxARQ2qrqmA6q5vg9d0FjPVl
# vJ13weKkSHW126/4Wr23EhUFIoYtiuMjgz/Bjd5TvzhvnVGJiPJaY9sGpgZZ3PJJ
# EPCRms5MRut/NE0znKQ9ozAz1FMdVd2XnXeClWJd2NUmGc7ZbBGMcSvUYdC9KLIK
# oSQRBTUDgGIdHnB+g367vKs98ir+03gOcpQk9z0fy25wCymmp/Uco8jsm6hCgSGn
# x7b9R6/+92xd/IZFZm5N3/llu6JHYPEMhdg8evNp9VTFPoi9PYc=
# =jG8p
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 30 Aug 2023 11:39:03 EDT
# gpg:                using RSA key 2035F894B00AA3CF7CCDE1B76C1CD1287DB01100
# gpg: Good signature from "Warner Losh <wlosh@netflix.com>" [unknown]
# gpg:                 aka "Warner Losh <imp@bsdimp.com>" [unknown]
# gpg:                 aka "Warner Losh <imp@freebsd.org>" [unknown]
# gpg:                 aka "Warner Losh <imp@village.org>" [unknown]
# gpg:                 aka "Warner Losh <wlosh@bsdimp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2035 F894 B00A A3CF 7CCD  E1B7 6C1C D128 7DB0 1100

* tag 'quick-fix-pull-request' of https://gitlab.com/bsdimp/qemu:
  bsd-user: Move PRAGMA_DISABLE_PACKED_WARNING etc to qemu.h

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-target-arm-20230831' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Some of the preliminary patches for Cortex-A710 support
* i.MX7 and i.MX6UL refactoring
* Implement SRC device for i.MX7
* Catch illegal-exception-return from EL3 with bad NSE/NS
* Use 64-bit offsets for holding time_t differences in RTC devices
* Model correct number of MPU regions for an505, an521, an524 boards

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmTwbukZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ihBD/wK8Iz0KpTAwZBDAodnSZrh
# tQnJAvYFp8CxA4O8sZ9IeWsZh90gzsTCZi0NqUTTzvWCJfxkB7qTPdlJT5IzVxou
# oEUk2aogSJhRA3XRJzqArXsPlnZGSYDbtwKx4VtfCvOCCH08Y7nhnFaRj1oFnR4Q
# 0PE/8YtGXTBxLHrO8U3tomg7zElzOUP8ZVZtb30BOyw1jtfSD03IZR8dzpA43u1E
# Hh418WvVekmwFoFNh8yUeHzbyXMZufzvbJPuDGJ8pPWwIpvSG6chOnKF8jZll+Ur
# DqOsDkGlQgcBR2QwYfSPClrEkX8yahJ95PBfM6giG+DQC7OiElqXqTiUGZcpgUVo
# uSUbzS4YPsxCnyVV6SBXV+f/8hdXBxOSHTgl7OAFa8X9OwWwspxHJ/v2o/2ibnUT
# hTTkFp/w1nQwVEN8xf1DOUpm/J2Wr8UeH4f776daSrfKAol2BKbHb8dOgGLQCwqb
# G+iDcE4bkzRqly6f+uVk8xSEZDd9P1NYoxKV+gNlV1dTspdHVpTC+rXMa8dRw5hI
# 4KgaAslj++Xa229xkjORXCJ1cICRIebYg7+SjvTtGBYsFV7plsCcYb/R9yLmhVCf
# fKHKKaYe9sQJ82apOIkTc+nnW8BQQx6XUmU/A//iZ8JGLk6DpJcZ8f1m/2rVZTsl
# 9+lsmpBf4w+uR4o+Womhfw==
# =MFh3
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Aug 2023 06:43:53 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20230831' of https://git.linaro.org/people/pmaydell/qemu-arm: (24 commits)
  hw/arm: Set number of MPU regions correctly for an505, an521, an524
  hw/arm/armv7m: Add mpu-ns-regions and mpu-s-regions properties
  target/arm: Do all "ARM_FEATURE_X implies Y" checks in post_init
  rtc: Use time_t for passing and returning time offsets
  hw/rtc/aspeed_rtc: Use 64-bit offset for holding time_t difference
  hw/rtc/twl92230: Use int64_t for sec_offset and alm_sec
  hw/rtc/m48t59: Use 64-bit arithmetic in set_alarm()
  target/arm: Catch illegal-exception-return from EL3 with bad NSE/NS
  Add i.MX7 SRC device implementation
  Add i.MX7 missing TZ devices and memory regions
  Refactor i.MX7 processor code
  Add i.MX6UL missing devices.
  Refactor i.MX6UL processor code
  Remove i.MX7 IOMUX GPR device from i.MX6UL
  target/arm: properly document FEAT_CRC32
  target/arm: Implement FEAT_HPDS2 as a no-op
  target/arm: Suppress FEAT_TRBE (Trace Buffer Extension)
  target/arm: Apply access checks to neoverse-v1 special registers
  target/arm: Apply access checks to neoverse-n1 special registers
  target/arm: Introduce make_ccsidr64
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'xen-virtio-2-tag' of https://gitlab.com/sstabellini/qemu into staging

xen-virtio-2-tag

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEE0E4zq6UfZ7oH0wrqiU+PSHDhrpAFAmTv65wACgkQiU+PSHDh
# rpC6vg/+II8XIOTccYdrUI61irTDznlY2gWzr4oYDmW7zThO1y7wfqBTVZvOhGnC
# paPs7Xe2mJMHSci8Nx+S/jpOBGmGZ7vWxkYsLltlmEIjsdTpD1ZlGmCITNR80KG6
# edmARZ06MU21zRETXbMBmyglak+ph6BWHEOZWtokfZbGXl7oQ8kt1OvT6azuRvPF
# r6woYIg4eADE2ykReGAuw4FOrRjtKSKjAOhGrEf2jT5yemaeYYv2fPeyGoq46jAw
# +Ktn9luwkY+hgMSRm2CPrZ+nJPfDqQgfypClu5CpF0faIIvvogWW0lkJmeMKLYdM
# yQgyUAmAFQMTjwo2yWQi3BJj+550gIM3i3By7AjX5Qs2+yILec7pAvD/d8XQh2KC
# 47M/u8DMC+Cel/OHNW7eoO6jh4z0Yu6zgaa9rEusVAxZuDJpxc6kcopbrikXCgBr
# yIaO8h8ryKJISFupu4Gi/Vs0WuDDL3z1q3kdhfqkBQ9wwyK9/McZM8ue9KObH1al
# M/v5hsnnG+m/5ANH9BYpaCgjG51FGtzzgwlZGLVkCGEUMeNZ+mkROuu0krKfMeJA
# qGQOOesGyOw7tjYvBvHG2JiFQhmXqExPydkhNw+Gi1lH1C1F08jJRXM45/YRhOm/
# KlMd+dVK5BG1Hk4vhDmppMJn5iEb0UVHCaV2bXQMBVOXIRqHJ2A=
# =4KZ7
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 30 Aug 2023 21:23:40 EDT
# gpg:                using RSA key D04E33ABA51F67BA07D30AEA894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <sstabellini@kernel.org>" [unknown]
# gpg:                 aka "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" [full]
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* tag 'xen-virtio-2-tag' of https://gitlab.com/sstabellini/qemu:
  xen_arm: Initialize RAM and add hi/low memory regions
  xen_arm: Create virtio-mmio devices during initialization

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-maintainer-ominbus-300823-1' of https://gitlab.com/stsquad/qemu into staging

testing and gdbstub updates:

  - enable ccache for gitlab builds
  - fix various test info leakages for non V=1
  - update style to allow loop vars
  - bump FreeBSD to v13.2
  - clean-up gdbstub tests
  - various gdbstub doc and refactorings

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmTvS2AACgkQ+9DbCVqe
# KkRiRwgAhsinp2/KgnvkD0n6deQy/JWg9MfYIvvZacKEakIfQvCDoJ752AUZzUTw
# ggQ+W2KuaoHTzwG+AOMLdzulkmspQ8xeFuD2aIpFjRMnZrO9jN2T4L0vcGLAd95c
# 9QLqPeH8xRdhuK28+ILuYzKOKBcefQ44ufMLpxrS2iNITEsSg/Tw3MU91hbct49g
# 3OR4bD1ueG5Ib/lXp8V/4GnRmfLdnp3k0i/6OHriq7Mpz4Lia67WblVsPEple66U
# n7JCo2sI5/m+6p2tvKs7rH60xc8s1Za3kbK4ggEq3LVRfzVOordZqO+1ep6wklTY
# 6nP9Ry9nZG3gqCmcNXfhoofm0vHaZA==
# =Km9m
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 30 Aug 2023 10:00:00 EDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-maintainer-ominbus-300823-1' of https://gitlab.com/stsquad/qemu:
  gdbstub: move comment for gdb_register_coprocessor
  gdbstub: replace global gdb_has_xml with a function
  gdbstub: refactor get_feature_xml
  gdbstub: remove unused user_ctx field
  gdbstub: fixes cases where wrong threads were reported to GDB on SIGINT
  tests/tcg: clean-up gdb confirm/pagination settings
  tests: remove test-gdbstub.py
  .gitlab-ci.d/cirrus.yml: Update FreeBSD to v13.2
  docs/style: permit inline loop variables
  tests/tcg: remove quoting for info output
  tests/docker: cleanup non-verbose output
  gitlab: enable ccache for many build jobs

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/arm: Set number of MPU regions correctly for an505, an521, an524

The IoTKit, SSE200 and SSE300 all default to 8 MPU regions.  The
MPS2/MPS3 FPGA images don't override these except in the case of
AN547, which uses 16 MPU regions.

Define properties on the ARMSSE object for the MPU regions (using the
same names as the documented RTL configuration settings, and
following the pattern we already have for this device of using
all-caps names as the RTL does), and set them in the board code.

We don't actually need to override the default except on AN547,
but it's simpler code to have the board code set them always
rather than tracking which board subtypes want to set them to
a non-default value separately from what that value is.

Tho overall effect is that for mps2-an505, mps2-an521 and mps3-an524
we now correctly use 8 MPU regions, while mps3-an547 stays at its
current 16 regions.

It's possible some guest code wrongly depended on the previous
incorrectly modeled number of memory regions. (Such guest code
should ideally check the number of regions via the MPU_TYPE
register.) The old behaviour can be obtained with additional
-global arguments to QEMU:

For mps2-an521 and mps2-an524:
-global sse-200.CPU0_MPU_NS=16 -global sse-200.CPU0_MPU_S=16 -global sse-200.CPU1_MPU_NS=16 -global sse-200.CPU1_MPU_S=16

For mps2-an505:
-global sse-200.CPU0_MPU_NS=16 -global sse-200.CPU0_MPU_S=16

NB that the way the implementation allows this use of -global
is slightly fragile: if the board code explicitly sets the
properties on the sse-200 object, this overrides the -global
command line option. So we rely on:
- the boards that need fixing all happen to use the SSE defaults
- we can write the board code to only set the property if it
   is different from the default, rather than having all boards
   explicitly set the property
- the board that does need to use a non-default value happens
   to need to set it to the same value (16) we previously used
This works, but there are some kinds of refactoring of the
mps2-tz.c code that would break the support for -global here.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1772
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230724174335.2150499-4-peter.maydell@linaro.org

hw/arm/armv7m: Add mpu-ns-regions and mpu-s-regions properties

M-profile CPUs generally allow configuration of the number of MPU
regions that they have.  We don't currently model this, so our
implementations of some of the board models provide CPUs with the
wrong number of regions.  RTOSes like Zephyr that hardcode the
expected number of regions may therefore not run on the model if they
are set up to run on real hardware.

Add properties mpu-ns-regions and mpu-s-regions to the ARMV7M object,
matching the ability of hardware to configure the number of Secure
and NonSecure regions separately.  Our actual CPU implementation
doesn't currently support that, and it happens that none of the MPS
boards we model set the number of regions differently for Secure vs
NonSecure, so we provide an interface to the boards and SoCs that
won't need to change if we ever do add that functionality in future,
but make it an error to configure the two properties to different
values.

(The property name on the CPU is the somewhat misnamed-for-M-profile
"pmsav7-dregion", so we don't follow that naming convention for
the properties here. The TRM doesn't say what the CPU configuration
variable names are, so we pick something, and follow the lowercase
convention we already have for properties here.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230724174335.2150499-3-peter.maydell@linaro.org

target/arm: Do all "ARM_FEATURE_X implies Y" checks in post_init

Where architecturally one ARM_FEATURE_X flag implies another
ARM_FEATURE_Y, we allow the CPU init function to only set X, and then
set Y for it.  Currently we do this in two places -- we set a few
flags in arm_cpu_post_init() because we need them to decide which
properties to create on the CPU object, and then we do the rest in
arm_cpu_realizefn().  However, this is fragile, because it's easy to
add a new property and not notice that this means that an X-implies-Y
check now has to move from realize to post-init.

As a specific example, the pmsav7-dregion property is conditional
on ARM_FEATURE_PMSA && ARM_FEATURE_V7, which means it won't appear
on the Cortex-M33 and -M55, because they set ARM_FEATURE_V8 and
rely on V8-implies-V7, which doesn't happen until the realizefn.

Move all of these X-implies-Y checks into a new function, which
we call at the top of arm_cpu_post_init(), so the feature bits
are available at that point.

This does now give us the reverse issue, that if there's a feature
bit which is enabled or disabled by the setting of a property then
then X-implies-Y features that are dependent on that property need to
be in realize, not in this new function.  But the only one of those
is the "EL3 implies VBAR" which is already in the right place, so
putting things this way round seems better to me.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230724174335.2150499-2-peter.maydell@linaro.org

rtc: Use time_t for passing and returning time offsets

The functions qemu_get_timedate() and qemu_timedate_diff() take
and return a time offset as an integer. Coverity points out that
means that when an RTC device implementation holds an offset
as a time_t, as the m48t59 does, the time_t will get truncated.
(CID 1507157, 1517772).

The functions work with time_t internally, so make them use that type
in their APIs.

Note that this won't help any Y2038 issues where either the device
model itself is keeping the offset in a 32-bit integer, or where the
hardware under emulation has Y2038 or other rollover problems. If we
missed any cases of the former then hopefully Coverity will warn us
about them since after this patch we'd be truncating a time_t in
assignments from qemu_timedate_diff().)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/rtc/aspeed_rtc: Use 64-bit offset for holding time_t difference

In the aspeed_rtc device we store a difference between two time_t
values in an 'int'. This is not really correct when time_t could
be 64 bits. Enlarge the field to 'int64_t'.

This is a migration compatibility break for the aspeed boards.
While we are changing the vmstate, remove the accidental
duplicate of the offset field.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>

hw/rtc/twl92230: Use int64_t for sec_offset and alm_sec

In the twl92230 device, use int64_t for the two state fields
sec_offset and alm_sec, because we set these to values that
are either time_t or differences between two time_t values.

These fields aren't saved in vmstate anywhere, so we can
safely widen them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

hw/rtc/m48t59: Use 64-bit arithmetic in set_alarm()

In the m48t59 device we almost always use 64-bit arithmetic when
dealing with time_t deltas. The one exception is in set_alarm(),
which currently uses a plain 'int' to hold the difference between two
time_t values. Switch to int64_t instead to avoid any possible
overflow issues.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

target/arm: Catch illegal-exception-return from EL3 with bad NSE/NS

The architecture requires (R_TYTWB) that an attempt to return from EL3
when SCR_EL3.{NSE,NS} are {1,0} is an illegal exception return. (This
enforces that the CPU can't ever be executing below EL3 with the
NSE,NS bits indicating an invalid security state.)

We were missing this check; add it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807150618.101357-1-peter.maydell@linaro.org

Add i.MX7 SRC device implementation

The SRC device is normally used to start the secondary CPU.

When running Linux directly, QEMU is emulating a PSCI interface that UBOOT
is installing at boot time and therefore the fact that the SRC device is
unimplemented is hidden as Qemu respond directly to PSCI requets without
using the SRC device.

But if you try to run a more bare metal application (maybe uboot itself),
then it is not possible to start the secondary CPU as the SRC is an
unimplemented device.

This patch adds the ability to start the secondary CPU through the SRC
device so that you can use this feature in bare metal applications.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: ce9a0162defd2acee5dc7f8a674743de0cded569.1692964892.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Add i.MX7 missing TZ devices and memory regions

* Add TZASC as unimplemented device.
  - Allow bare metal application to access this (unimplemented) device
* Add CSU as unimplemented device.
  - Allow bare metal application to access this (unimplemented) device
* Add various memory segments
  - OCRAM
  - OCRAM EPDC
  - OCRAM PXP
  - OCRAM S
  - ROM
  - CAAM

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: f887a3483996ba06d40bd62ffdfb0ecf68621987.1692964892.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Refactor i.MX7 processor code

* Add Addr and size definition for all i.MX7 devices in i.MX7 header file.
* Use those newly defined named constants whenever possible.
* Standardize the way we init a familly of unimplemented devices
  - SAI
  - PWM
  - CAN
* Add/rework few comments

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 59e195d33e4d486a8d131392acd46633c8c10ed7.1692964892.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Add i.MX6UL missing devices.

* Add TZASC as unimplemented device.
- Allow bare metal application to access this (unimplemented) device
* Add CSU as unimplemented device.
- Allow bare metal application to access this (unimplemented) device
* Add 4 missing PWM devices

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 59e4dc56e14eccfefd379275ec19048dff9c10b3.1692964892.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Refactor i.MX6UL processor code

* Add Addr and size definition for most i.MX6UL devices in i.MX6UL header file.
* Use those newly defined named constants whenever possible.
* Standardize the way we init a familly of unimplemented devices
  - SAI
  - PWM
  - CAN
* Add/rework few comments

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: d579043fbd4e4b490370783fda43fc02c8e9be75.1692964892.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Remove i.MX7 IOMUX GPR device from i.MX6UL

i.MX7 IOMUX GPR device is not equivalent to i.MX6UL IOMUXC GPR device.
In particular, register 22 is not present on i.MX6UL and this is actualy
The only register that is really emulated in the i.MX7 IOMUX GPR device.

Note: The i.MX6UL code is actually also implementing the IOMUX GPR device
as an unimplemented device at the same bus adress and the 2 instantiations
were actualy colliding. So we go back to the unimplemented device for now.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 48681bf51ee97646479bb261bee19abebbc8074e.1692964892.git.jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: properly document FEAT_CRC32

This is a mandatory feature for Armv8.1 architectures but we don't
state the feature clearly in our emulation list. Also include
FEAT_CRC32 comment in aarch64_max_tcg_initfn for ease of grepping.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230824075406.1515566-1-alex.bennee@linaro.org
Cc: qemu-stable@nongnu.org
Message-Id: <20230222110104.3996971-1-alex.bennee@linaro.org>
[PMM: pluralize 'instructions' in docs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Implement FEAT_HPDS2 as a no-op

This feature allows the operating system to set TCR_ELx.HWU*
to allow the implementation to use the PBHA bits from the
block and page descriptors for for IMPLEMENTATION DEFINED
purposes. Since QEMU has no need to use these bits, we may
simply ignore them.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Suppress FEAT_TRBE (Trace Buffer Extension)

Like FEAT_TRF (Self-hosted Trace Extension), suppress tracing
external to the cpu, which is out of scope for QEMU.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Apply access checks to neoverse-v1 special registers

There is only one additional EL1 register modeled, which
also needs to use access_actlr_w.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Apply access checks to neoverse-n1 special registers

Access to many of the special registers is enabled or disabled
by ACTLR_EL[23], which we implement as constant 0, which means
that all writes outside EL3 should trap.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Introduce make_ccsidr64

Do not hard-code the constants for Neoverse V1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: When tag memory is not present, set MTE=1

When the cpu support MTE, but the system does not, reduce cpu
support to user instructions at EL0 instead of completely
disabling MTE. If we encounter a cpu implementation which does
something else, we can revisit this setting.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Support more GM blocksizes

Support all of the easy GM block sizes.
Use direct memory operations, since the pointers are aligned.

While BS=2 (16 bytes, 1 tag) is a legal setting, that requires
an atomic store of one nibble. This is not difficult, but there
is also no point in supporting it until required.

Note that cortex-a710 sets GM blocksize to match its cacheline
size of 64 bytes. I expect many implementations will also
match the cacheline, which makes 16 bytes very unlikely.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230811214031.171020-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Allow cpu to configure GM blocksize

Previously we hard-coded the blocksize with GMID_EL1_BS.
But the value we choose for -cpu max does not match the
value that cortex-a710 uses.

Mirror the way we handle dcz_blocksize.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230811214031.171020-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Reduce dcz_blocksize to uint8_t

This value is only 4 bits wide.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230811214031.171020-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

xen_arm: Initialize RAM and add hi/low memory regions

In order to use virtio backends we need to initialize RAM for the
xen-mapcache (which is responsible for mapping guest memory using foreign
mapping) to work. Calculate and add hi/low memory regions based on
machine->ram_size.

Use the constants defined in public header arch-arm.h to be aligned with the xen
toolstack.

While using this machine, the toolstack should then pass real ram_size using
"-m" arg. If "-m" is not given, create a QEMU machine without IOREQ and other
emulated devices like TPM and VIRTIO. This is done to keep this QEMU machine
usable for /etc/init.d/xencommons.

Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>

xen_arm: Create virtio-mmio devices during initialization

In order to use virtio backends we need to allocate virtio-mmio
parameters (irq and base) and register corresponding buses.

Use the constants defined in public header arch-arm.h to be
aligned with the toolstack. So the number of current supported
virtio-mmio devices is 10.

For the interrupts triggering use already existing on Arm
device-model hypercall.

The toolstack should then insert the same amount of device nodes
into guest device-tree.

Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>