• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revision110b1a8c7c2b70487a77419e0426a8be4a6269cc (tree)
Zeit2018-12-15 01:03:33
AutorPeter Maydell <peter.maydell@lina...>
CommiterPeter Maydell

Log Message

target-arm queue:
  • Convert various devices from sysbus init to instance_init
  • Remove the now unused sysbus init support entirely
  • Allow AArch64 processors to boot from a kernel placed over 4GB
  • hw: arm: musicpal: drop TYPE_WM8750 in object_property_set_link()
  • versal: minor fixes to virtio-mmio instantation
  • arm: Implement the ARMv8.1-HPD extension
  • arm: Implement the ARMv8.2-AA32HPD extension
  • arm: Implement the ARMv8.1-LOR extension (as the trivial
    "no limited ordering regions provided" minimum)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAABCAAGBQJcEnIpAAoJEDwlJe0UNgzeLJ8P/j1KGpnnOy4Cdxal4zRd8sWF
    iMMVzuzUzcrMWy0gFCHsioSxsvlAidNnPp2Vbf4wmmZnoresKMWvojPke8RWJsL3
    4X80cVTYDjjwIVSvXs9SntWQmLREffPOSNlAIP2WfPq+5sjxzrytcXB1Nc7V/zKJ
    9b7R1a4ea1ZET+C3c9QMf4VwAoo/jf5VzA7gE4f8ePYwKH7HluiJSDhUaUrxsnZr
    ibjQCF+/4DYkI5DGKVRltR6vPcsKUJomn7ImQylIQkkyCiA3WjFJ5Mc+BHYOj3pm
    UbW/sxI6ONjoW6KHwg/15R3UZFhzTkQMUHGY6n6oLosN4IoPt3c7vUtnNjtqaU1D
    +EBZHdUMYnZMJp2XD1Nyv9iR0v/A9MI1ldx0fBjqPsFGx48DOKTYwBloiz+0o2z7
    g3GC/Tjpcs37GrieNuJ7HB1NefNPW2Hk1xitTPegMfjO8ukg3tccCuY9KCBlAnOe
    hGJsrl0NM4E/s98PEMEEgcZf/fmE2fCNZgLPAGOYXNHZku1reLg6yCIpIZSusLOd
    gLmndngGZbWm39h6uBrEthnZ+3ktRe+T7ERAKsv/o2p06XWF0tbBd0AjQvnOBRgR
    uYFJ416xVOYULXme+oJO0Vt6mM41UstACKCtUOkk3jmIY3xmAxGfxu6nC/p+iIR6
    5djxiqi/JqccdpafWF2V
    =fIbS
    -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20181213' into staging

target-arm queue:

  • Convert various devices from sysbus init to instance_init
  • Remove the now unused sysbus init support entirely
  • Allow AArch64 processors to boot from a kernel placed over 4GB
  • hw: arm: musicpal: drop TYPE_WM8750 in object_property_set_link()
  • versal: minor fixes to virtio-mmio instantation
  • arm: Implement the ARMv8.1-HPD extension
  • arm: Implement the ARMv8.2-AA32HPD extension
  • arm: Implement the ARMv8.1-LOR extension (as the trivial
    "no limited ordering regions provided" minimum)

# gpg: Signature made Thu 13 Dec 2018 14:52:25 GMT
# gpg: using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20181213: (37 commits)

target/arm: Implement the ARMv8.1-LOR extension
target/arm: Use arm_hcr_el2_eff more places
target/arm: Introduce arm_hcr_el2_eff
target/arm: Implement the ARMv8.2-AA32HPD extension
target/arm: Implement the ARMv8.1-HPD extension
target/arm: Tidy scr_write
target/arm: Fix HCR_EL2.TGE check in arm_phys_excp_target_el
target/arm: Add SCR_EL3 bits up to ARMv8.5
target/arm: Add HCR_EL2 bits up to ARMv8.5
target/arm: Move id_aa64mmfr* to ARMISARegisters
hw/arm: versal: Correct the nr of IRQs to 192
hw/arm: versal: Use IRQs 111 - 118 for virtio-mmio
hw/arm: versal: Reduce number of virtio-mmio instances
hw/arm: versal: Remove bogus virtio-mmio creation
core/sysbus: remove the SysBusDeviceClass::init path
xen_backend: remove xen_sysdev_init() function
usb/tusb6010: Convert sysbus init function to realize function
timer/puv3_ost: Convert sysbus init function to realize function
timer/grlib_gptimer: Convert sysbus init function to realize function
timer/etraxfs_timer: Convert sysbus init function to realize function
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Ändern Zusammenfassung

Diff

--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -63,8 +63,10 @@ typedef enum {
6363 FIXUP_TERMINATOR, /* end of insns */
6464 FIXUP_BOARDID, /* overwrite with board ID number */
6565 FIXUP_BOARD_SETUP, /* overwrite with board specific setup code address */
66- FIXUP_ARGPTR, /* overwrite with pointer to kernel args */
67- FIXUP_ENTRYPOINT, /* overwrite with kernel entry point */
66+ FIXUP_ARGPTR_LO, /* overwrite with pointer to kernel args */
67+ FIXUP_ARGPTR_HI, /* overwrite with pointer to kernel args (high half) */
68+ FIXUP_ENTRYPOINT_LO, /* overwrite with kernel entry point */
69+ FIXUP_ENTRYPOINT_HI, /* overwrite with kernel entry point (high half) */
6870 FIXUP_GIC_CPU_IF, /* overwrite with GIC CPU interface address */
6971 FIXUP_BOOTREG, /* overwrite with boot register address */
7072 FIXUP_DSB, /* overwrite with correct DSB insn for cpu */
@@ -83,10 +85,10 @@ static const ARMInsnFixup bootloader_aarch64[] = {
8385 { 0xaa1f03e3 }, /* mov x3, xzr */
8486 { 0x58000084 }, /* ldr x4, entry ; Load the lower 32-bits of kernel entry */
8587 { 0xd61f0080 }, /* br x4 ; Jump to the kernel entry point */
86- { 0, FIXUP_ARGPTR }, /* arg: .word @DTB Lower 32-bits */
87- { 0 }, /* .word @DTB Higher 32-bits */
88- { 0, FIXUP_ENTRYPOINT }, /* entry: .word @Kernel Entry Lower 32-bits */
89- { 0 }, /* .word @Kernel Entry Higher 32-bits */
88+ { 0, FIXUP_ARGPTR_LO }, /* arg: .word @DTB Lower 32-bits */
89+ { 0, FIXUP_ARGPTR_HI}, /* .word @DTB Higher 32-bits */
90+ { 0, FIXUP_ENTRYPOINT_LO }, /* entry: .word @Kernel Entry Lower 32-bits */
91+ { 0, FIXUP_ENTRYPOINT_HI }, /* .word @Kernel Entry Higher 32-bits */
9092 { 0, FIXUP_TERMINATOR }
9193 };
9294
@@ -106,8 +108,8 @@ static const ARMInsnFixup bootloader[] = {
106108 { 0xe59f2004 }, /* ldr r2, [pc, #4] */
107109 { 0xe59ff004 }, /* ldr pc, [pc, #4] */
108110 { 0, FIXUP_BOARDID },
109- { 0, FIXUP_ARGPTR },
110- { 0, FIXUP_ENTRYPOINT },
111+ { 0, FIXUP_ARGPTR_LO },
112+ { 0, FIXUP_ENTRYPOINT_LO },
111113 { 0, FIXUP_TERMINATOR }
112114 };
113115
@@ -174,8 +176,10 @@ static void write_bootloader(const char *name, hwaddr addr,
174176 break;
175177 case FIXUP_BOARDID:
176178 case FIXUP_BOARD_SETUP:
177- case FIXUP_ARGPTR:
178- case FIXUP_ENTRYPOINT:
179+ case FIXUP_ARGPTR_LO:
180+ case FIXUP_ARGPTR_HI:
181+ case FIXUP_ENTRYPOINT_LO:
182+ case FIXUP_ENTRYPOINT_HI:
179183 case FIXUP_GIC_CPU_IF:
180184 case FIXUP_BOOTREG:
181185 case FIXUP_DSB:
@@ -1152,9 +1156,13 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
11521156 /* Place the DTB after the initrd in memory with alignment. */
11531157 info->dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size,
11541158 align);
1155- fixupcontext[FIXUP_ARGPTR] = info->dtb_start;
1159+ fixupcontext[FIXUP_ARGPTR_LO] = info->dtb_start;
1160+ fixupcontext[FIXUP_ARGPTR_HI] = info->dtb_start >> 32;
11561161 } else {
1157- fixupcontext[FIXUP_ARGPTR] = info->loader_start + KERNEL_ARGS_ADDR;
1162+ fixupcontext[FIXUP_ARGPTR_LO] =
1163+ info->loader_start + KERNEL_ARGS_ADDR;
1164+ fixupcontext[FIXUP_ARGPTR_HI] =
1165+ (info->loader_start + KERNEL_ARGS_ADDR) >> 32;
11581166 if (info->ram_size >= (1ULL << 32)) {
11591167 error_report("RAM size must be less than 4GB to boot"
11601168 " Linux kernel using ATAGS (try passing a device tree"
@@ -1162,7 +1170,8 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
11621170 exit(1);
11631171 }
11641172 }
1165- fixupcontext[FIXUP_ENTRYPOINT] = entry;
1173+ fixupcontext[FIXUP_ENTRYPOINT_LO] = entry;
1174+ fixupcontext[FIXUP_ENTRYPOINT_HI] = entry >> 32;
11661175
11671176 write_bootloader("bootloader", info->loader_start,
11681177 primary_loader, fixupcontext, as);
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -1147,14 +1147,13 @@ static const MemoryRegionOps mv88w8618_wlan_ops = {
11471147 .endianness = DEVICE_NATIVE_ENDIAN,
11481148 };
11491149
1150-static int mv88w8618_wlan_init(SysBusDevice *dev)
1150+static void mv88w8618_wlan_realize(DeviceState *dev, Error **errp)
11511151 {
11521152 MemoryRegion *iomem = g_new(MemoryRegion, 1);
11531153
11541154 memory_region_init_io(iomem, OBJECT(dev), &mv88w8618_wlan_ops, NULL,
11551155 "musicpal-wlan", MP_WLAN_SIZE);
1156- sysbus_init_mmio(dev, iomem);
1157- return 0;
1156+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), iomem);
11581157 }
11591158
11601159 /* GPIO register offsets */
@@ -1696,7 +1695,7 @@ static void musicpal_init(MachineState *machine)
16961695 dev = qdev_create(NULL, TYPE_MV88W8618_AUDIO);
16971696 s = SYS_BUS_DEVICE(dev);
16981697 object_property_set_link(OBJECT(dev), OBJECT(wm8750_dev),
1699- TYPE_WM8750, NULL);
1698+ "wm8750", NULL);
17001699 qdev_init_nofail(dev);
17011700 sysbus_mmio_map(s, 0, MP_AUDIO_BASE);
17021701 sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]);
@@ -1720,9 +1719,9 @@ DEFINE_MACHINE("musicpal", musicpal_machine_init)
17201719
17211720 static void mv88w8618_wlan_class_init(ObjectClass *klass, void *data)
17221721 {
1723- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
1722+ DeviceClass *dc = DEVICE_CLASS(klass);
17241723
1725- sdc->init = mv88w8618_wlan_init;
1724+ dc->realize = mv88w8618_wlan_realize;
17261725 }
17271726
17281727 static const TypeInfo mv88w8618_wlan_info = {
--- a/hw/arm/xlnx-versal-virt.c
+++ b/hw/arm/xlnx-versal-virt.c
@@ -342,7 +342,7 @@ static void *versal_virt_get_dtb(const struct arm_boot_info *binfo,
342342 return board->fdt;
343343 }
344344
345-#define NUM_VIRTIO_TRANSPORT 32
345+#define NUM_VIRTIO_TRANSPORT 8
346346 static void create_virtio_regions(VersalVirt *s)
347347 {
348348 int virtio_mmio_size = 0x200;
@@ -351,7 +351,7 @@ static void create_virtio_regions(VersalVirt *s)
351351 for (i = 0; i < NUM_VIRTIO_TRANSPORT; i++) {
352352 char *name = g_strdup_printf("virtio%d", i);;
353353 hwaddr base = MM_TOP_RSVD + i * virtio_mmio_size;
354- int irq = VERSAL_RSVD_HIGH_IRQ_FIRST + i;
354+ int irq = VERSAL_RSVD_IRQ_FIRST + i;
355355 MemoryRegion *mr;
356356 DeviceState *dev;
357357 qemu_irq pic_irq;
@@ -364,12 +364,11 @@ static void create_virtio_regions(VersalVirt *s)
364364 sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic_irq);
365365 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
366366 memory_region_add_subregion(&s->soc.mr_ps, base, mr);
367- sysbus_create_simple("virtio-mmio", base, pic_irq);
368367 }
369368
370369 for (i = 0; i < NUM_VIRTIO_TRANSPORT; i++) {
371370 hwaddr base = MM_TOP_RSVD + i * virtio_mmio_size;
372- int irq = VERSAL_RSVD_HIGH_IRQ_FIRST + i;
371+ int irq = VERSAL_RSVD_IRQ_FIRST + i;
373372 char *name = g_strdup_printf("/virtio_mmio@%" PRIx64, base);
374373
375374 qemu_fdt_add_subnode(s->fdt, name);
--- a/hw/block/onenand.c
+++ b/hw/block/onenand.c
@@ -772,9 +772,9 @@ static const MemoryRegionOps onenand_ops = {
772772 .endianness = DEVICE_NATIVE_ENDIAN,
773773 };
774774
775-static int onenand_initfn(SysBusDevice *sbd)
775+static void onenand_realize(DeviceState *dev, Error **errp)
776776 {
777- DeviceState *dev = DEVICE(sbd);
777+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
778778 OneNANDState *s = ONE_NAND(dev);
779779 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
780780 void *ram;
@@ -794,14 +794,14 @@ static int onenand_initfn(SysBusDevice *sbd)
794794 0xff, size + (size >> 5));
795795 } else {
796796 if (blk_is_read_only(s->blk)) {
797- error_report("Can't use a read-only drive");
798- return -1;
797+ error_setg(errp, "Can't use a read-only drive");
798+ return;
799799 }
800800 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
801801 BLK_PERM_ALL, &local_err);
802802 if (local_err) {
803- error_report_err(local_err);
804- return -1;
803+ error_propagate(errp, local_err);
804+ return;
805805 }
806806 s->blk_cur = s->blk;
807807 }
@@ -826,7 +826,6 @@ static int onenand_initfn(SysBusDevice *sbd)
826826 | ((s->id.dev & 0xff) << 8)
827827 | (s->id.ver & 0xff),
828828 &vmstate_onenand, s);
829- return 0;
830829 }
831830
832831 static Property onenand_properties[] = {
@@ -841,9 +840,8 @@ static Property onenand_properties[] = {
841840 static void onenand_class_init(ObjectClass *klass, void *data)
842841 {
843842 DeviceClass *dc = DEVICE_CLASS(klass);
844- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
845843
846- k->init = onenand_initfn;
844+ dc->realize = onenand_realize;
847845 dc->reset = onenand_system_reset;
848846 dc->props = onenand_properties;
849847 }
--- a/hw/char/grlib_apbuart.c
+++ b/hw/char/grlib_apbuart.c
@@ -239,9 +239,10 @@ static const MemoryRegionOps grlib_apbuart_ops = {
239239 .endianness = DEVICE_NATIVE_ENDIAN,
240240 };
241241
242-static int grlib_apbuart_init(SysBusDevice *dev)
242+static void grlib_apbuart_realize(DeviceState *dev, Error **errp)
243243 {
244244 UART *uart = GRLIB_APB_UART(dev);
245+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
245246
246247 qemu_chr_fe_set_handlers(&uart->chr,
247248 grlib_apbuart_can_receive,
@@ -249,14 +250,12 @@ static int grlib_apbuart_init(SysBusDevice *dev)
249250 grlib_apbuart_event,
250251 NULL, uart, NULL, true);
251252
252- sysbus_init_irq(dev, &uart->irq);
253+ sysbus_init_irq(sbd, &uart->irq);
253254
254255 memory_region_init_io(&uart->iomem, OBJECT(uart), &grlib_apbuart_ops, uart,
255256 "uart", UART_REG_SIZE);
256257
257- sysbus_init_mmio(dev, &uart->iomem);
258-
259- return 0;
258+ sysbus_init_mmio(sbd, &uart->iomem);
260259 }
261260
262261 static void grlib_apbuart_reset(DeviceState *d)
@@ -280,9 +279,8 @@ static Property grlib_apbuart_properties[] = {
280279 static void grlib_apbuart_class_init(ObjectClass *klass, void *data)
281280 {
282281 DeviceClass *dc = DEVICE_CLASS(klass);
283- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
284282
285- k->init = grlib_apbuart_init;
283+ dc->realize = grlib_apbuart_realize;
286284 dc->reset = grlib_apbuart_reset;
287285 dc->props = grlib_apbuart_properties;
288286 }
--- a/hw/core/empty_slot.c
+++ b/hw/core/empty_slot.c
@@ -71,21 +71,20 @@ void empty_slot_init(hwaddr addr, uint64_t slot_size)
7171 }
7272 }
7373
74-static int empty_slot_init1(SysBusDevice *dev)
74+static void empty_slot_realize(DeviceState *dev, Error **errp)
7575 {
7676 EmptySlot *s = EMPTY_SLOT(dev);
7777
7878 memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s,
7979 "empty-slot", s->size);
80- sysbus_init_mmio(dev, &s->iomem);
81- return 0;
80+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
8281 }
8382
8483 static void empty_slot_class_init(ObjectClass *klass, void *data)
8584 {
86- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
85+ DeviceClass *dc = DEVICE_CLASS(klass);
8786
88- k->init = empty_slot_init1;
87+ dc->realize = empty_slot_realize;
8988 }
9089
9190 static const TypeInfo empty_slot_info = {
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -201,18 +201,13 @@ void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size)
201201 }
202202 }
203203
204-/* TODO remove once all sysbus devices have been converted to realize */
204+/* The purpose of preserving this empty realize function
205+ * is to prevent the parent_realize field of some subclasses
206+ * from being set to NULL to break the normal init/realize
207+ * of some devices.
208+ */
205209 static void sysbus_realize(DeviceState *dev, Error **errp)
206210 {
207- SysBusDevice *sd = SYS_BUS_DEVICE(dev);
208- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
209-
210- if (!sbc->init) {
211- return;
212- }
213- if (sbc->init(sd) < 0) {
214- error_setg(errp, "Device initialization failed");
215- }
216211 }
217212
218213 DeviceState *sysbus_create_varargs(const char *name,
--- a/hw/display/g364fb.c
+++ b/hw/display/g364fb.c
@@ -489,18 +489,16 @@ typedef struct {
489489 G364State g364;
490490 } G364SysBusState;
491491
492-static int g364fb_sysbus_init(SysBusDevice *sbd)
492+static void g364fb_sysbus_realize(DeviceState *dev, Error **errp)
493493 {
494- DeviceState *dev = DEVICE(sbd);
495494 G364SysBusState *sbs = G364(dev);
496495 G364State *s = &sbs->g364;
496+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
497497
498498 g364fb_init(dev, s);
499499 sysbus_init_irq(sbd, &s->irq);
500500 sysbus_init_mmio(sbd, &s->mem_ctrl);
501501 sysbus_init_mmio(sbd, &s->mem_vram);
502-
503- return 0;
504502 }
505503
506504 static void g364fb_sysbus_reset(DeviceState *d)
@@ -518,9 +516,8 @@ static Property g364fb_sysbus_properties[] = {
518516 static void g364fb_sysbus_class_init(ObjectClass *klass, void *data)
519517 {
520518 DeviceClass *dc = DEVICE_CLASS(klass);
521- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
522519
523- k->init = g364fb_sysbus_init;
520+ dc->realize = g364fb_sysbus_realize;
524521 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
525522 dc->desc = "G364 framebuffer";
526523 dc->reset = g364fb_sysbus_reset;
--- a/hw/dma/puv3_dma.c
+++ b/hw/dma/puv3_dma.c
@@ -76,7 +76,7 @@ static const MemoryRegionOps puv3_dma_ops = {
7676 .endianness = DEVICE_NATIVE_ENDIAN,
7777 };
7878
79-static int puv3_dma_init(SysBusDevice *dev)
79+static void puv3_dma_realize(DeviceState *dev, Error **errp)
8080 {
8181 PUV3DMAState *s = PUV3_DMA(dev);
8282 int i;
@@ -87,16 +87,14 @@ static int puv3_dma_init(SysBusDevice *dev)
8787
8888 memory_region_init_io(&s->iomem, OBJECT(s), &puv3_dma_ops, s, "puv3_dma",
8989 PUV3_REGS_OFFSET);
90- sysbus_init_mmio(dev, &s->iomem);
91-
92- return 0;
90+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
9391 }
9492
9593 static void puv3_dma_class_init(ObjectClass *klass, void *data)
9694 {
97- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
95+ DeviceClass *dc = DEVICE_CLASS(klass);
9896
99- sdc->init = puv3_dma_init;
97+ dc->realize = puv3_dma_realize;
10098 }
10199
102100 static const TypeInfo puv3_dma_info = {
--- a/hw/gpio/puv3_gpio.c
+++ b/hw/gpio/puv3_gpio.c
@@ -99,36 +99,35 @@ static const MemoryRegionOps puv3_gpio_ops = {
9999 .endianness = DEVICE_NATIVE_ENDIAN,
100100 };
101101
102-static int puv3_gpio_init(SysBusDevice *dev)
102+static void puv3_gpio_realize(DeviceState *dev, Error **errp)
103103 {
104104 PUV3GPIOState *s = PUV3_GPIO(dev);
105+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
105106
106107 s->reg_GPLR = 0;
107108 s->reg_GPDR = 0;
108109
109110 /* FIXME: these irqs not handled yet */
110- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW0]);
111- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW1]);
112- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW2]);
113- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW3]);
114- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW4]);
115- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW5]);
116- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW6]);
117- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW7]);
118- sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOHIGH]);
111+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW0]);
112+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW1]);
113+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW2]);
114+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW3]);
115+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW4]);
116+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW5]);
117+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW6]);
118+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW7]);
119+ sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOHIGH]);
119120
120121 memory_region_init_io(&s->iomem, OBJECT(s), &puv3_gpio_ops, s, "puv3_gpio",
121122 PUV3_REGS_OFFSET);
122- sysbus_init_mmio(dev, &s->iomem);
123-
124- return 0;
123+ sysbus_init_mmio(sbd, &s->iomem);
125124 }
126125
127126 static void puv3_gpio_class_init(ObjectClass *klass, void *data)
128127 {
129- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
128+ DeviceClass *dc = DEVICE_CLASS(klass);
130129
131- sdc->init = puv3_gpio_init;
130+ dc->realize = puv3_gpio_realize;
132131 }
133132
134133 static const TypeInfo puv3_gpio_info = {
--- a/hw/input/milkymist-softusb.c
+++ b/hw/input/milkymist-softusb.c
@@ -245,32 +245,31 @@ static void milkymist_softusb_reset(DeviceState *d)
245245 s->regs[R_CTRL] = CTRL_RESET;
246246 }
247247
248-static int milkymist_softusb_init(SysBusDevice *dev)
248+static void milkymist_softusb_realize(DeviceState *dev, Error **errp)
249249 {
250250 MilkymistSoftUsbState *s = MILKYMIST_SOFTUSB(dev);
251+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
251252
252- sysbus_init_irq(dev, &s->irq);
253+ sysbus_init_irq(sbd, &s->irq);
253254
254255 memory_region_init_io(&s->regs_region, OBJECT(s), &softusb_mmio_ops, s,
255256 "milkymist-softusb", R_MAX * 4);
256- sysbus_init_mmio(dev, &s->regs_region);
257+ sysbus_init_mmio(sbd, &s->regs_region);
257258
258259 /* register pmem and dmem */
259260 memory_region_init_ram_nomigrate(&s->pmem, OBJECT(s), "milkymist-softusb.pmem",
260261 s->pmem_size, &error_fatal);
261262 vmstate_register_ram_global(&s->pmem);
262263 s->pmem_ptr = memory_region_get_ram_ptr(&s->pmem);
263- sysbus_init_mmio(dev, &s->pmem);
264+ sysbus_init_mmio(sbd, &s->pmem);
264265 memory_region_init_ram_nomigrate(&s->dmem, OBJECT(s), "milkymist-softusb.dmem",
265266 s->dmem_size, &error_fatal);
266267 vmstate_register_ram_global(&s->dmem);
267268 s->dmem_ptr = memory_region_get_ram_ptr(&s->dmem);
268- sysbus_init_mmio(dev, &s->dmem);
269+ sysbus_init_mmio(sbd, &s->dmem);
269270
270271 hid_init(&s->hid_kbd, HID_KEYBOARD, softusb_kbd_hid_datain);
271272 hid_init(&s->hid_mouse, HID_MOUSE, softusb_mouse_hid_datain);
272-
273- return 0;
274273 }
275274
276275 static const VMStateDescription vmstate_milkymist_softusb = {
@@ -296,9 +295,8 @@ static Property milkymist_softusb_properties[] = {
296295 static void milkymist_softusb_class_init(ObjectClass *klass, void *data)
297296 {
298297 DeviceClass *dc = DEVICE_CLASS(klass);
299- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
300298
301- k->init = milkymist_softusb_init;
299+ dc->realize = milkymist_softusb_realize;
302300 dc->reset = milkymist_softusb_reset;
303301 dc->vmsd = &vmstate_milkymist_softusb;
304302 dc->props = milkymist_softusb_properties;
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -139,19 +139,19 @@ static const MemoryRegionOps pl050_ops = {
139139 .endianness = DEVICE_NATIVE_ENDIAN,
140140 };
141141
142-static int pl050_initfn(SysBusDevice *dev)
142+static void pl050_realize(DeviceState *dev, Error **errp)
143143 {
144144 PL050State *s = PL050(dev);
145+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
145146
146147 memory_region_init_io(&s->iomem, OBJECT(s), &pl050_ops, s, "pl050", 0x1000);
147- sysbus_init_mmio(dev, &s->iomem);
148- sysbus_init_irq(dev, &s->irq);
148+ sysbus_init_mmio(sbd, &s->iomem);
149+ sysbus_init_irq(sbd, &s->irq);
149150 if (s->is_mouse) {
150151 s->dev = ps2_mouse_init(pl050_update, s);
151152 } else {
152153 s->dev = ps2_kbd_init(pl050_update, s);
153154 }
154- return 0;
155155 }
156156
157157 static void pl050_keyboard_init(Object *obj)
@@ -183,9 +183,8 @@ static const TypeInfo pl050_mouse_info = {
183183 static void pl050_class_init(ObjectClass *oc, void *data)
184184 {
185185 DeviceClass *dc = DEVICE_CLASS(oc);
186- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(oc);
187186
188- sdc->init = pl050_initfn;
187+ dc->realize = pl050_realize;
189188 dc->vmsd = &vmstate_pl050;
190189 }
191190
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -85,8 +85,8 @@ static bool icv_access(CPUARMState *env, int hcr_flags)
8585 * * access if NS EL1 and either IMO or FMO == 1:
8686 * CTLR, DIR, PMR, RPR
8787 */
88- bool flagmatch = ((hcr_flags & HCR_IMO) && arm_hcr_el2_imo(env)) ||
89- ((hcr_flags & HCR_FMO) && arm_hcr_el2_fmo(env));
88+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
89+ bool flagmatch = hcr_el2 & hcr_flags & (HCR_IMO | HCR_FMO);
9090
9191 return flagmatch && arm_current_el(env) == 1
9292 && !arm_is_secure_below_el3(env);
@@ -1552,8 +1552,9 @@ static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri,
15521552 /* No need to include !IsSecure in route_*_to_el2 as it's only
15531553 * tested in cases where we know !IsSecure is true.
15541554 */
1555- route_fiq_to_el2 = arm_hcr_el2_fmo(env);
1556- route_irq_to_el2 = arm_hcr_el2_imo(env);
1555+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
1556+ route_fiq_to_el2 = hcr_el2 & HCR_FMO;
1557+ route_irq_to_el2 = hcr_el2 & HCR_IMO;
15571558
15581559 switch (arm_current_el(env)) {
15591560 case 3:
@@ -1895,8 +1896,8 @@ static CPAccessResult gicv3_irqfiq_access(CPUARMState *env,
18951896 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) {
18961897 switch (el) {
18971898 case 1:
1898- if (arm_is_secure_below_el3(env) ||
1899- (arm_hcr_el2_imo(env) == 0 && arm_hcr_el2_fmo(env) == 0)) {
1899+ /* Note that arm_hcr_el2_eff takes secure state into account. */
1900+ if ((arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) == 0) {
19001901 r = CP_ACCESS_TRAP_EL3;
19011902 }
19021903 break;
@@ -1936,8 +1937,8 @@ static CPAccessResult gicv3_dir_access(CPUARMState *env,
19361937 static CPAccessResult gicv3_sgi_access(CPUARMState *env,
19371938 const ARMCPRegInfo *ri, bool isread)
19381939 {
1939- if ((arm_hcr_el2_imo(env) || arm_hcr_el2_fmo(env)) &&
1940- arm_current_el(env) == 1 && !arm_is_secure_below_el3(env)) {
1940+ if (arm_current_el(env) == 1 &&
1941+ (arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) != 0) {
19411942 /* Takes priority over a possible EL3 trap */
19421943 return CP_ACCESS_TRAP_EL2;
19431944 }
@@ -1961,7 +1962,7 @@ static CPAccessResult gicv3_fiq_access(CPUARMState *env,
19611962 if (env->cp15.scr_el3 & SCR_FIQ) {
19621963 switch (el) {
19631964 case 1:
1964- if (arm_is_secure_below_el3(env) || !arm_hcr_el2_fmo(env)) {
1965+ if ((arm_hcr_el2_eff(env) & HCR_FMO) == 0) {
19651966 r = CP_ACCESS_TRAP_EL3;
19661967 }
19671968 break;
@@ -2000,7 +2001,7 @@ static CPAccessResult gicv3_irq_access(CPUARMState *env,
20002001 if (env->cp15.scr_el3 & SCR_IRQ) {
20012002 switch (el) {
20022003 case 1:
2003- if (arm_is_secure_below_el3(env) || !arm_hcr_el2_imo(env)) {
2004+ if ((arm_hcr_el2_eff(env) & HCR_IMO) == 0) {
20042005 r = CP_ACCESS_TRAP_EL3;
20052006 }
20062007 break;
--- a/hw/intc/puv3_intc.c
+++ b/hw/intc/puv3_intc.c
@@ -101,10 +101,10 @@ static const MemoryRegionOps puv3_intc_ops = {
101101 .endianness = DEVICE_NATIVE_ENDIAN,
102102 };
103103
104-static int puv3_intc_init(SysBusDevice *sbd)
104+static void puv3_intc_realize(DeviceState *dev, Error **errp)
105105 {
106- DeviceState *dev = DEVICE(sbd);
107106 PUV3INTCState *s = PUV3_INTC(dev);
107+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
108108
109109 qdev_init_gpio_in(dev, puv3_intc_handler, PUV3_IRQS_NR);
110110 sysbus_init_irq(sbd, &s->parent_irq);
@@ -115,15 +115,12 @@ static int puv3_intc_init(SysBusDevice *sbd)
115115 memory_region_init_io(&s->iomem, OBJECT(s), &puv3_intc_ops, s, "puv3_intc",
116116 PUV3_REGS_OFFSET);
117117 sysbus_init_mmio(sbd, &s->iomem);
118-
119- return 0;
120118 }
121119
122120 static void puv3_intc_class_init(ObjectClass *klass, void *data)
123121 {
124- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
125-
126- sdc->init = puv3_intc_init;
122+ DeviceClass *dc = DEVICE_CLASS(klass);
123+ dc->realize = puv3_intc_realize;
127124 }
128125
129126 static const TypeInfo puv3_intc_info = {
--- a/hw/misc/milkymist-hpdmc.c
+++ b/hw/misc/milkymist-hpdmc.c
@@ -129,15 +129,13 @@ static void milkymist_hpdmc_reset(DeviceState *d)
129129 | IODELAY_PLL2_LOCKED;
130130 }
131131
132-static int milkymist_hpdmc_init(SysBusDevice *dev)
132+static void milkymist_hpdmc_realize(DeviceState *dev, Error **errp)
133133 {
134134 MilkymistHpdmcState *s = MILKYMIST_HPDMC(dev);
135135
136136 memory_region_init_io(&s->regs_region, OBJECT(dev), &hpdmc_mmio_ops, s,
137137 "milkymist-hpdmc", R_MAX * 4);
138- sysbus_init_mmio(dev, &s->regs_region);
139-
140- return 0;
138+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->regs_region);
141139 }
142140
143141 static const VMStateDescription vmstate_milkymist_hpdmc = {
@@ -153,9 +151,8 @@ static const VMStateDescription vmstate_milkymist_hpdmc = {
153151 static void milkymist_hpdmc_class_init(ObjectClass *klass, void *data)
154152 {
155153 DeviceClass *dc = DEVICE_CLASS(klass);
156- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
157154
158- k->init = milkymist_hpdmc_init;
155+ dc->realize = milkymist_hpdmc_realize;
159156 dc->reset = milkymist_hpdmc_reset;
160157 dc->vmsd = &vmstate_milkymist_hpdmc;
161158 }
--- a/hw/misc/milkymist-pfpu.c
+++ b/hw/misc/milkymist-pfpu.c
@@ -497,17 +497,16 @@ static void milkymist_pfpu_reset(DeviceState *d)
497497 }
498498 }
499499
500-static int milkymist_pfpu_init(SysBusDevice *dev)
500+static void milkymist_pfpu_realize(DeviceState *dev, Error **errp)
501501 {
502502 MilkymistPFPUState *s = MILKYMIST_PFPU(dev);
503+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
503504
504- sysbus_init_irq(dev, &s->irq);
505+ sysbus_init_irq(sbd, &s->irq);
505506
506507 memory_region_init_io(&s->regs_region, OBJECT(dev), &pfpu_mmio_ops, s,
507508 "milkymist-pfpu", MICROCODE_END * 4);
508- sysbus_init_mmio(dev, &s->regs_region);
509-
510- return 0;
509+ sysbus_init_mmio(sbd, &s->regs_region);
511510 }
512511
513512 static const VMStateDescription vmstate_milkymist_pfpu = {
@@ -527,9 +526,8 @@ static const VMStateDescription vmstate_milkymist_pfpu = {
527526 static void milkymist_pfpu_class_init(ObjectClass *klass, void *data)
528527 {
529528 DeviceClass *dc = DEVICE_CLASS(klass);
530- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
531529
532- k->init = milkymist_pfpu_init;
530+ dc->realize = milkymist_pfpu_realize;
533531 dc->reset = milkymist_pfpu_reset;
534532 dc->vmsd = &vmstate_milkymist_pfpu;
535533 }
--- a/hw/misc/puv3_pm.c
+++ b/hw/misc/puv3_pm.c
@@ -119,7 +119,7 @@ static const MemoryRegionOps puv3_pm_ops = {
119119 .endianness = DEVICE_NATIVE_ENDIAN,
120120 };
121121
122-static int puv3_pm_init(SysBusDevice *dev)
122+static void puv3_pm_realize(DeviceState *dev, Error **errp)
123123 {
124124 PUV3PMState *s = PUV3_PM(dev);
125125
@@ -127,16 +127,14 @@ static int puv3_pm_init(SysBusDevice *dev)
127127
128128 memory_region_init_io(&s->iomem, OBJECT(s), &puv3_pm_ops, s, "puv3_pm",
129129 PUV3_REGS_OFFSET);
130- sysbus_init_mmio(dev, &s->iomem);
131-
132- return 0;
130+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
133131 }
134132
135133 static void puv3_pm_class_init(ObjectClass *klass, void *data)
136134 {
137- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
135+ DeviceClass *dc = DEVICE_CLASS(klass);
138136
139- sdc->init = puv3_pm_init;
137+ dc->realize = puv3_pm_realize;
140138 }
141139
142140 static const TypeInfo puv3_pm_info = {
--- a/hw/nvram/ds1225y.c
+++ b/hw/nvram/ds1225y.c
@@ -25,6 +25,7 @@
2525 #include "qemu/osdep.h"
2626 #include "hw/sysbus.h"
2727 #include "trace.h"
28+#include "qemu/error-report.h"
2829
2930 typedef struct {
3031 MemoryRegion iomem;
@@ -113,7 +114,7 @@ typedef struct {
113114 NvRamState nvram;
114115 } SysBusNvRamState;
115116
116-static int nvram_sysbus_initfn(SysBusDevice *dev)
117+static void nvram_sysbus_realize(DeviceState *dev, Error **errp)
117118 {
118119 SysBusNvRamState *sys = DS1225Y(dev);
119120 NvRamState *s = &sys->nvram;
@@ -123,20 +124,18 @@ static int nvram_sysbus_initfn(SysBusDevice *dev)
123124
124125 memory_region_init_io(&s->iomem, OBJECT(s), &nvram_ops, s,
125126 "nvram", s->chip_size);
126- sysbus_init_mmio(dev, &s->iomem);
127+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
127128
128129 /* Read current file */
129130 file = s->filename ? fopen(s->filename, "rb") : NULL;
130131 if (file) {
131132 /* Read nvram contents */
132133 if (fread(s->contents, s->chip_size, 1, file) != 1) {
133- printf("nvram_sysbus_initfn: short read\n");
134+ error_report("nvram_sysbus_realize: short read");
134135 }
135136 fclose(file);
136137 }
137138 nvram_post_load(s, 0);
138-
139- return 0;
140139 }
141140
142141 static Property nvram_sysbus_properties[] = {
@@ -148,9 +147,8 @@ static Property nvram_sysbus_properties[] = {
148147 static void nvram_sysbus_class_init(ObjectClass *klass, void *data)
149148 {
150149 DeviceClass *dc = DEVICE_CLASS(klass);
151- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
152150
153- k->init = nvram_sysbus_initfn;
151+ dc->realize = nvram_sysbus_realize;
154152 dc->vmsd = &vmstate_nvram;
155153 dc->props = nvram_sysbus_properties;
156154 }
--- a/hw/pci-bridge/dec.c
+++ b/hw/pci-bridge/dec.c
@@ -98,9 +98,10 @@ PCIBus *pci_dec_21154_init(PCIBus *parent_bus, int devfn)
9898 return pci_bridge_get_sec_bus(br);
9999 }
100100
101-static int pci_dec_21154_device_init(SysBusDevice *dev)
101+static void pci_dec_21154_device_realize(DeviceState *dev, Error **errp)
102102 {
103103 PCIHostState *phb;
104+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
104105
105106 phb = PCI_HOST_BRIDGE(dev);
106107
@@ -108,9 +109,8 @@ static int pci_dec_21154_device_init(SysBusDevice *dev)
108109 dev, "pci-conf-idx", 0x1000);
109110 memory_region_init_io(&phb->data_mem, OBJECT(dev), &pci_host_data_le_ops,
110111 dev, "pci-data-idx", 0x1000);
111- sysbus_init_mmio(dev, &phb->conf_mem);
112- sysbus_init_mmio(dev, &phb->data_mem);
113- return 0;
112+ sysbus_init_mmio(sbd, &phb->conf_mem);
113+ sysbus_init_mmio(sbd, &phb->data_mem);
114114 }
115115
116116 static void dec_21154_pci_host_realize(PCIDevice *d, Error **errp)
@@ -150,9 +150,9 @@ static const TypeInfo dec_21154_pci_host_info = {
150150
151151 static void pci_dec_21154_device_class_init(ObjectClass *klass, void *data)
152152 {
153- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
153+ DeviceClass *dc = DEVICE_CLASS(klass);
154154
155- sdc->init = pci_dec_21154_device_init;
155+ dc->realize = pci_dec_21154_device_realize;
156156 }
157157
158158 static const TypeInfo pci_dec_21154_device_info = {
--- a/hw/timer/etraxfs_timer.c
+++ b/hw/timer/etraxfs_timer.c
@@ -315,9 +315,10 @@ static void etraxfs_timer_reset(void *opaque)
315315 qemu_irq_lower(t->irq);
316316 }
317317
318-static int etraxfs_timer_init(SysBusDevice *dev)
318+static void etraxfs_timer_realize(DeviceState *dev, Error **errp)
319319 {
320320 ETRAXTimerState *t = ETRAX_TIMER(dev);
321+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
321322
322323 t->bh_t0 = qemu_bh_new(timer0_hit, t);
323324 t->bh_t1 = qemu_bh_new(timer1_hit, t);
@@ -326,21 +327,20 @@ static int etraxfs_timer_init(SysBusDevice *dev)
326327 t->ptimer_t1 = ptimer_init(t->bh_t1, PTIMER_POLICY_DEFAULT);
327328 t->ptimer_wd = ptimer_init(t->bh_wd, PTIMER_POLICY_DEFAULT);
328329
329- sysbus_init_irq(dev, &t->irq);
330- sysbus_init_irq(dev, &t->nmi);
330+ sysbus_init_irq(sbd, &t->irq);
331+ sysbus_init_irq(sbd, &t->nmi);
331332
332333 memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t,
333334 "etraxfs-timer", 0x5c);
334- sysbus_init_mmio(dev, &t->mmio);
335+ sysbus_init_mmio(sbd, &t->mmio);
335336 qemu_register_reset(etraxfs_timer_reset, t);
336- return 0;
337337 }
338338
339339 static void etraxfs_timer_class_init(ObjectClass *klass, void *data)
340340 {
341- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
341+ DeviceClass *dc = DEVICE_CLASS(klass);
342342
343- sdc->init = etraxfs_timer_init;
343+ dc->realize = etraxfs_timer_realize;
344344 }
345345
346346 static const TypeInfo etraxfs_timer_info = {
--- a/hw/timer/grlib_gptimer.c
+++ b/hw/timer/grlib_gptimer.c
@@ -347,10 +347,11 @@ static void grlib_gptimer_reset(DeviceState *d)
347347 }
348348 }
349349
350-static int grlib_gptimer_init(SysBusDevice *dev)
350+static void grlib_gptimer_realize(DeviceState *dev, Error **errp)
351351 {
352352 GPTimerUnit *unit = GRLIB_GPTIMER(dev);
353353 unsigned int i;
354+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
354355
355356 assert(unit->nr_timers > 0);
356357 assert(unit->nr_timers <= GPTIMER_MAX_TIMERS);
@@ -366,7 +367,7 @@ static int grlib_gptimer_init(SysBusDevice *dev)
366367 timer->id = i;
367368
368369 /* One IRQ line for each timer */
369- sysbus_init_irq(dev, &timer->irq);
370+ sysbus_init_irq(sbd, &timer->irq);
370371
371372 ptimer_set_freq(timer->ptimer, unit->freq_hz);
372373 }
@@ -375,8 +376,7 @@ static int grlib_gptimer_init(SysBusDevice *dev)
375376 unit, "gptimer",
376377 UNIT_REG_SIZE + GPTIMER_REG_SIZE * unit->nr_timers);
377378
378- sysbus_init_mmio(dev, &unit->iomem);
379- return 0;
379+ sysbus_init_mmio(sbd, &unit->iomem);
380380 }
381381
382382 static Property grlib_gptimer_properties[] = {
@@ -389,9 +389,8 @@ static Property grlib_gptimer_properties[] = {
389389 static void grlib_gptimer_class_init(ObjectClass *klass, void *data)
390390 {
391391 DeviceClass *dc = DEVICE_CLASS(klass);
392- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
393392
394- k->init = grlib_gptimer_init;
393+ dc->realize = grlib_gptimer_realize;
395394 dc->reset = grlib_gptimer_reset;
396395 dc->props = grlib_gptimer_properties;
397396 }
--- a/hw/timer/puv3_ost.c
+++ b/hw/timer/puv3_ost.c
@@ -113,16 +113,17 @@ static void puv3_ost_tick(void *opaque)
113113 }
114114 }
115115
116-static int puv3_ost_init(SysBusDevice *dev)
116+static void puv3_ost_realize(DeviceState *dev, Error **errp)
117117 {
118118 PUV3OSTState *s = PUV3_OST(dev);
119+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
119120
120121 s->reg_OIER = 0;
121122 s->reg_OSSR = 0;
122123 s->reg_OSMR0 = 0;
123124 s->reg_OSCR = 0;
124125
125- sysbus_init_irq(dev, &s->irq);
126+ sysbus_init_irq(sbd, &s->irq);
126127
127128 s->bh = qemu_bh_new(puv3_ost_tick, s);
128129 s->ptimer = ptimer_init(s->bh, PTIMER_POLICY_DEFAULT);
@@ -130,16 +131,14 @@ static int puv3_ost_init(SysBusDevice *dev)
130131
131132 memory_region_init_io(&s->iomem, OBJECT(s), &puv3_ost_ops, s, "puv3_ost",
132133 PUV3_REGS_OFFSET);
133- sysbus_init_mmio(dev, &s->iomem);
134-
135- return 0;
134+ sysbus_init_mmio(sbd, &s->iomem);
136135 }
137136
138137 static void puv3_ost_class_init(ObjectClass *klass, void *data)
139138 {
140- SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
139+ DeviceClass *dc = DEVICE_CLASS(klass);
141140
142- sdc->init = puv3_ost_init;
141+ dc->realize = puv3_ost_realize;
143142 }
144143
145144 static const TypeInfo puv3_ost_info = {
--- a/hw/usb/tusb6010.c
+++ b/hw/usb/tusb6010.c
@@ -808,10 +808,10 @@ static void tusb6010_reset(DeviceState *dev)
808808 musb_reset(s->musb);
809809 }
810810
811-static int tusb6010_init(SysBusDevice *sbd)
811+static void tusb6010_realize(DeviceState *dev, Error **errp)
812812 {
813- DeviceState *dev = DEVICE(sbd);
814813 TUSBState *s = TUSB(dev);
814+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
815815
816816 s->otg_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, tusb_otg_tick, s);
817817 s->pwr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, tusb_power_tick, s);
@@ -822,15 +822,13 @@ static int tusb6010_init(SysBusDevice *sbd)
822822 sysbus_init_irq(sbd, &s->irq);
823823 qdev_init_gpio_in(dev, tusb6010_irq, musb_irq_max + 1);
824824 s->musb = musb_init(dev, 1);
825- return 0;
826825 }
827826
828827 static void tusb6010_class_init(ObjectClass *klass, void *data)
829828 {
830829 DeviceClass *dc = DEVICE_CLASS(klass);
831- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
832830
833- k->init = tusb6010_init;
831+ dc->realize = tusb6010_realize;
834832 dc->reset = tusb6010_reset;
835833 }
836834
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -809,11 +809,6 @@ static const TypeInfo xensysbus_info = {
809809 }
810810 };
811811
812-static int xen_sysdev_init(SysBusDevice *dev)
813-{
814- return 0;
815-}
816-
817812 static Property xen_sysdev_properties[] = {
818813 {/* end of property list */},
819814 };
@@ -821,9 +816,7 @@ static Property xen_sysdev_properties[] = {
821816 static void xen_sysdev_class_init(ObjectClass *klass, void *data)
822817 {
823818 DeviceClass *dc = DEVICE_CLASS(klass);
824- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
825819
826- k->init = xen_sysdev_init;
827820 dc->props = xen_sysdev_properties;
828821 dc->bus_type = TYPE_XENSYSBUS;
829822 }
--- a/include/hw/arm/xlnx-versal.h
+++ b/include/hw/arm/xlnx-versal.h
@@ -22,7 +22,7 @@
2222 #define XLNX_VERSAL_NR_ACPUS 2
2323 #define XLNX_VERSAL_NR_UARTS 2
2424 #define XLNX_VERSAL_NR_GEMS 2
25-#define XLNX_VERSAL_NR_IRQS 256
25+#define XLNX_VERSAL_NR_IRQS 192
2626
2727 typedef struct Versal {
2828 /*< private >*/
@@ -75,9 +75,9 @@ typedef struct Versal {
7575 #define VERSAL_GEM1_IRQ_0 58
7676 #define VERSAL_GEM1_WAKE_IRQ_0 59
7777
78-/* Architecturally eserved IRQs suitable for virtualization. */
79-#define VERSAL_RSVD_HIGH_IRQ_FIRST 160
80-#define VERSAL_RSVD_HIGH_IRQ_LAST 255
78+/* Architecturally reserved IRQs suitable for virtualization. */
79+#define VERSAL_RSVD_IRQ_FIRST 111
80+#define VERSAL_RSVD_IRQ_LAST 118
8181
8282 #define MM_TOP_RSVD 0xa0000000U
8383 #define MM_TOP_RSVD_SIZE 0x4000000
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -38,9 +38,6 @@ typedef struct SysBusDevice SysBusDevice;
3838 typedef struct SysBusDeviceClass {
3939 /*< private >*/
4040 DeviceClass parent_class;
41- /*< public >*/
42-
43- int (*init)(SysBusDevice *dev);
4441
4542 /*
4643 * Let the sysbus device format its own non-PIO, non-MMIO unit address.
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1932,6 +1932,10 @@ static void arm_max_initfn(Object *obj)
19321932 t = cpu->isar.id_isar6;
19331933 t = FIELD_DP32(t, ID_ISAR6, DP, 1);
19341934 cpu->isar.id_isar6 = t;
1935+
1936+ t = cpu->id_mmfr4;
1937+ t = FIELD_DP32(t, ID_MMFR4, HPDS, 1); /* AA32HPD */
1938+ cpu->id_mmfr4 = t;
19351939 }
19361940 #endif
19371941 }
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -818,6 +818,8 @@ struct ARMCPU {
818818 uint64_t id_aa64isar1;
819819 uint64_t id_aa64pfr0;
820820 uint64_t id_aa64pfr1;
821+ uint64_t id_aa64mmfr0;
822+ uint64_t id_aa64mmfr1;
821823 } isar;
822824 uint32_t midr;
823825 uint32_t revidr;
@@ -839,8 +841,6 @@ struct ARMCPU {
839841 uint64_t id_aa64dfr1;
840842 uint64_t id_aa64afr0;
841843 uint64_t id_aa64afr1;
842- uint64_t id_aa64mmfr0;
843- uint64_t id_aa64mmfr1;
844844 uint32_t dbgdidr;
845845 uint32_t clidr;
846846 uint64_t mp_affinity; /* MP ID without feature bits */
@@ -1249,7 +1249,7 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
12491249 #define HCR_TIDCP (1ULL << 20)
12501250 #define HCR_TACR (1ULL << 21)
12511251 #define HCR_TSW (1ULL << 22)
1252-#define HCR_TPC (1ULL << 23)
1252+#define HCR_TPCP (1ULL << 23)
12531253 #define HCR_TPU (1ULL << 24)
12541254 #define HCR_TTLB (1ULL << 25)
12551255 #define HCR_TVM (1ULL << 26)
@@ -1261,6 +1261,26 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
12611261 #define HCR_CD (1ULL << 32)
12621262 #define HCR_ID (1ULL << 33)
12631263 #define HCR_E2H (1ULL << 34)
1264+#define HCR_TLOR (1ULL << 35)
1265+#define HCR_TERR (1ULL << 36)
1266+#define HCR_TEA (1ULL << 37)
1267+#define HCR_MIOCNCE (1ULL << 38)
1268+#define HCR_APK (1ULL << 40)
1269+#define HCR_API (1ULL << 41)
1270+#define HCR_NV (1ULL << 42)
1271+#define HCR_NV1 (1ULL << 43)
1272+#define HCR_AT (1ULL << 44)
1273+#define HCR_NV2 (1ULL << 45)
1274+#define HCR_FWB (1ULL << 46)
1275+#define HCR_FIEN (1ULL << 47)
1276+#define HCR_TID4 (1ULL << 49)
1277+#define HCR_TICAB (1ULL << 50)
1278+#define HCR_TOCU (1ULL << 52)
1279+#define HCR_TTLBIS (1ULL << 54)
1280+#define HCR_TTLBOS (1ULL << 55)
1281+#define HCR_ATA (1ULL << 56)
1282+#define HCR_DCT (1ULL << 57)
1283+
12641284 /*
12651285 * When we actually implement ARMv8.1-VHE we should add HCR_E2H to
12661286 * HCR_MASK and then clear it again if the feature bit is not set in
@@ -1282,8 +1302,16 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
12821302 #define SCR_ST (1U << 11)
12831303 #define SCR_TWI (1U << 12)
12841304 #define SCR_TWE (1U << 13)
1285-#define SCR_AARCH32_MASK (0x3fff & ~(SCR_RW | SCR_ST))
1286-#define SCR_AARCH64_MASK (0x3fff & ~SCR_NET)
1305+#define SCR_TLOR (1U << 14)
1306+#define SCR_TERR (1U << 15)
1307+#define SCR_APK (1U << 16)
1308+#define SCR_API (1U << 17)
1309+#define SCR_EEL2 (1U << 18)
1310+#define SCR_EASE (1U << 19)
1311+#define SCR_NMEA (1U << 20)
1312+#define SCR_FIEN (1U << 21)
1313+#define SCR_ENSCXT (1U << 25)
1314+#define SCR_ATA (1U << 26)
12871315
12881316 /* Return the current FPSCR value. */
12891317 uint32_t vfp_get_fpscr(CPUARMState *env);
@@ -1520,6 +1548,15 @@ FIELD(ID_ISAR6, FHM, 8, 4)
15201548 FIELD(ID_ISAR6, SB, 12, 4)
15211549 FIELD(ID_ISAR6, SPECRES, 16, 4)
15221550
1551+FIELD(ID_MMFR4, SPECSEI, 0, 4)
1552+FIELD(ID_MMFR4, AC2, 4, 4)
1553+FIELD(ID_MMFR4, XNX, 8, 4)
1554+FIELD(ID_MMFR4, CNP, 12, 4)
1555+FIELD(ID_MMFR4, HPDS, 16, 4)
1556+FIELD(ID_MMFR4, LSM, 20, 4)
1557+FIELD(ID_MMFR4, CCIDX, 24, 4)
1558+FIELD(ID_MMFR4, EVT, 28, 4)
1559+
15231560 FIELD(ID_AA64ISAR0, AES, 4, 4)
15241561 FIELD(ID_AA64ISAR0, SHA1, 8, 4)
15251562 FIELD(ID_AA64ISAR0, SHA2, 12, 4)
@@ -1557,6 +1594,28 @@ FIELD(ID_AA64PFR0, GIC, 24, 4)
15571594 FIELD(ID_AA64PFR0, RAS, 28, 4)
15581595 FIELD(ID_AA64PFR0, SVE, 32, 4)
15591596
1597+FIELD(ID_AA64MMFR0, PARANGE, 0, 4)
1598+FIELD(ID_AA64MMFR0, ASIDBITS, 4, 4)
1599+FIELD(ID_AA64MMFR0, BIGEND, 8, 4)
1600+FIELD(ID_AA64MMFR0, SNSMEM, 12, 4)
1601+FIELD(ID_AA64MMFR0, BIGENDEL0, 16, 4)
1602+FIELD(ID_AA64MMFR0, TGRAN16, 20, 4)
1603+FIELD(ID_AA64MMFR0, TGRAN64, 24, 4)
1604+FIELD(ID_AA64MMFR0, TGRAN4, 28, 4)
1605+FIELD(ID_AA64MMFR0, TGRAN16_2, 32, 4)
1606+FIELD(ID_AA64MMFR0, TGRAN64_2, 36, 4)
1607+FIELD(ID_AA64MMFR0, TGRAN4_2, 40, 4)
1608+FIELD(ID_AA64MMFR0, EXS, 44, 4)
1609+
1610+FIELD(ID_AA64MMFR1, HAFDBS, 0, 4)
1611+FIELD(ID_AA64MMFR1, VMIDBITS, 4, 4)
1612+FIELD(ID_AA64MMFR1, VH, 8, 4)
1613+FIELD(ID_AA64MMFR1, HPDS, 12, 4)
1614+FIELD(ID_AA64MMFR1, LO, 16, 4)
1615+FIELD(ID_AA64MMFR1, PAN, 20, 4)
1616+FIELD(ID_AA64MMFR1, SPECSEI, 24, 4)
1617+FIELD(ID_AA64MMFR1, XNX, 28, 4)
1618+
15601619 QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
15611620
15621621 /* If adding a feature bit which corresponds to a Linux ELF
@@ -1670,6 +1729,14 @@ static inline bool arm_is_secure(CPUARMState *env)
16701729 }
16711730 #endif
16721731
1732+/**
1733+ * arm_hcr_el2_eff(): Return the effective value of HCR_EL2.
1734+ * E.g. when in secure state, fields in HCR_EL2 are suppressed,
1735+ * "for all purposes other than a direct read or write access of HCR_EL2."
1736+ * Not included here is HCR_RW.
1737+ */
1738+uint64_t arm_hcr_el2_eff(CPUARMState *env);
1739+
16731740 /* Return true if the specified exception level is running in AArch64 state. */
16741741 static inline bool arm_el_is_aa64(CPUARMState *env, int el)
16751742 {
@@ -2355,54 +2422,6 @@ bool write_cpustate_to_list(ARMCPU *cpu);
23552422 # define TARGET_VIRT_ADDR_SPACE_BITS 32
23562423 #endif
23572424
2358-/**
2359- * arm_hcr_el2_imo(): Return the effective value of HCR_EL2.IMO.
2360- * Depending on the values of HCR_EL2.E2H and TGE, this may be
2361- * "behaves as 1 for all purposes other than direct read/write" or
2362- * "behaves as 0 for all purposes other than direct read/write"
2363- */
2364-static inline bool arm_hcr_el2_imo(CPUARMState *env)
2365-{
2366- switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) {
2367- case HCR_TGE:
2368- return true;
2369- case HCR_TGE | HCR_E2H:
2370- return false;
2371- default:
2372- return env->cp15.hcr_el2 & HCR_IMO;
2373- }
2374-}
2375-
2376-/**
2377- * arm_hcr_el2_fmo(): Return the effective value of HCR_EL2.FMO.
2378- */
2379-static inline bool arm_hcr_el2_fmo(CPUARMState *env)
2380-{
2381- switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) {
2382- case HCR_TGE:
2383- return true;
2384- case HCR_TGE | HCR_E2H:
2385- return false;
2386- default:
2387- return env->cp15.hcr_el2 & HCR_FMO;
2388- }
2389-}
2390-
2391-/**
2392- * arm_hcr_el2_amo(): Return the effective value of HCR_EL2.AMO.
2393- */
2394-static inline bool arm_hcr_el2_amo(CPUARMState *env)
2395-{
2396- switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) {
2397- case HCR_TGE:
2398- return true;
2399- case HCR_TGE | HCR_E2H:
2400- return false;
2401- default:
2402- return env->cp15.hcr_el2 & HCR_AMO;
2403- }
2404-}
2405-
24062425 static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24072426 unsigned int target_el)
24082427 {
@@ -2411,6 +2430,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24112430 bool secure = arm_is_secure(env);
24122431 bool pstate_unmasked;
24132432 int8_t unmasked = 0;
2433+ uint64_t hcr_el2;
24142434
24152435 /* Don't take exceptions if they target a lower EL.
24162436 * This check should catch any exceptions that would not be taken but left
@@ -2420,6 +2440,8 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24202440 return false;
24212441 }
24222442
2443+ hcr_el2 = arm_hcr_el2_eff(env);
2444+
24232445 switch (excp_idx) {
24242446 case EXCP_FIQ:
24252447 pstate_unmasked = !(env->daif & PSTATE_F);
@@ -2430,13 +2452,13 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24302452 break;
24312453
24322454 case EXCP_VFIQ:
2433- if (secure || !arm_hcr_el2_fmo(env) || (env->cp15.hcr_el2 & HCR_TGE)) {
2455+ if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
24342456 /* VFIQs are only taken when hypervized and non-secure. */
24352457 return false;
24362458 }
24372459 return !(env->daif & PSTATE_F);
24382460 case EXCP_VIRQ:
2439- if (secure || !arm_hcr_el2_imo(env) || (env->cp15.hcr_el2 & HCR_TGE)) {
2461+ if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
24402462 /* VIRQs are only taken when hypervized and non-secure. */
24412463 return false;
24422464 }
@@ -2475,7 +2497,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24752497 * to the CPSR.F setting otherwise we further assess the state
24762498 * below.
24772499 */
2478- hcr = arm_hcr_el2_fmo(env);
2500+ hcr = hcr_el2 & HCR_FMO;
24792501 scr = (env->cp15.scr_el3 & SCR_FIQ);
24802502
24812503 /* When EL3 is 32-bit, the SCR.FW bit controls whether the
@@ -2492,7 +2514,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
24922514 * when setting the target EL, so it does not have a further
24932515 * affect here.
24942516 */
2495- hcr = arm_hcr_el2_imo(env);
2517+ hcr = hcr_el2 & HCR_IMO;
24962518 scr = false;
24972519 break;
24982520 default:
@@ -3318,6 +3340,11 @@ static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
33183340 return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
33193341 }
33203342
3343+static inline bool isar_feature_aa64_lor(const ARMISARegisters *id)
3344+{
3345+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, LO) != 0;
3346+}
3347+
33213348 /*
33223349 * Forward to the above feature tests given an ARMCPU pointer.
33233350 */
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -141,7 +141,7 @@ static void aarch64_a57_initfn(Object *obj)
141141 cpu->pmceid0 = 0x00000000;
142142 cpu->pmceid1 = 0x00000000;
143143 cpu->isar.id_aa64isar0 = 0x00011120;
144- cpu->id_aa64mmfr0 = 0x00001124;
144+ cpu->isar.id_aa64mmfr0 = 0x00001124;
145145 cpu->dbgdidr = 0x3516d000;
146146 cpu->clidr = 0x0a200023;
147147 cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
@@ -195,7 +195,7 @@ static void aarch64_a53_initfn(Object *obj)
195195 cpu->isar.id_aa64pfr0 = 0x00002222;
196196 cpu->id_aa64dfr0 = 0x10305106;
197197 cpu->isar.id_aa64isar0 = 0x00011120;
198- cpu->id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */
198+ cpu->isar.id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */
199199 cpu->dbgdidr = 0x3516d000;
200200 cpu->clidr = 0x0a200023;
201201 cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
@@ -249,7 +249,7 @@ static void aarch64_a72_initfn(Object *obj)
249249 cpu->pmceid0 = 0x00000000;
250250 cpu->pmceid1 = 0x00000000;
251251 cpu->isar.id_aa64isar0 = 0x00011120;
252- cpu->id_aa64mmfr0 = 0x00001124;
252+ cpu->isar.id_aa64mmfr0 = 0x00001124;
253253 cpu->dbgdidr = 0x3516d000;
254254 cpu->clidr = 0x0a200023;
255255 cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
@@ -324,6 +324,11 @@ static void aarch64_max_initfn(Object *obj)
324324 t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1);
325325 cpu->isar.id_aa64pfr0 = t;
326326
327+ t = cpu->isar.id_aa64mmfr1;
328+ t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */
329+ t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1);
330+ cpu->isar.id_aa64mmfr1 = t;
331+
327332 /* Replicate the same data to the 32-bit id registers. */
328333 u = cpu->isar.id_isar5;
329334 u = FIELD_DP32(u, ID_ISAR5, AES, 2); /* AES + PMULL */
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -448,7 +448,7 @@ static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
448448 int el = arm_current_el(env);
449449 bool mdcr_el2_tdosa = (env->cp15.mdcr_el2 & MDCR_TDOSA) ||
450450 (env->cp15.mdcr_el2 & MDCR_TDE) ||
451- (env->cp15.hcr_el2 & HCR_TGE);
451+ (arm_hcr_el2_eff(env) & HCR_TGE);
452452
453453 if (el < 2 && mdcr_el2_tdosa && !arm_is_secure_below_el3(env)) {
454454 return CP_ACCESS_TRAP_EL2;
@@ -468,7 +468,7 @@ static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
468468 int el = arm_current_el(env);
469469 bool mdcr_el2_tdra = (env->cp15.mdcr_el2 & MDCR_TDRA) ||
470470 (env->cp15.mdcr_el2 & MDCR_TDE) ||
471- (env->cp15.hcr_el2 & HCR_TGE);
471+ (arm_hcr_el2_eff(env) & HCR_TGE);
472472
473473 if (el < 2 && mdcr_el2_tdra && !arm_is_secure_below_el3(env)) {
474474 return CP_ACCESS_TRAP_EL2;
@@ -488,7 +488,7 @@ static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
488488 int el = arm_current_el(env);
489489 bool mdcr_el2_tda = (env->cp15.mdcr_el2 & MDCR_TDA) ||
490490 (env->cp15.mdcr_el2 & MDCR_TDE) ||
491- (env->cp15.hcr_el2 & HCR_TGE);
491+ (arm_hcr_el2_eff(env) & HCR_TGE);
492492
493493 if (el < 2 && mdcr_el2_tda && !arm_is_secure_below_el3(env)) {
494494 return CP_ACCESS_TRAP_EL2;
@@ -1279,11 +1279,16 @@ static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
12791279
12801280 static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
12811281 {
1282- /* We only mask off bits that are RES0 both for AArch64 and AArch32.
1283- * For bits that vary between AArch32/64, code needs to check the
1284- * current execution mode before directly using the feature bit.
1285- */
1286- uint32_t valid_mask = SCR_AARCH64_MASK | SCR_AARCH32_MASK;
1282+ /* Begin with base v8.0 state. */
1283+ uint32_t valid_mask = 0x3fff;
1284+ ARMCPU *cpu = arm_env_get_cpu(env);
1285+
1286+ if (arm_el_is_aa64(env, 3)) {
1287+ value |= SCR_FW | SCR_AW; /* these two bits are RES1. */
1288+ valid_mask &= ~SCR_NET;
1289+ } else {
1290+ valid_mask &= ~(SCR_RW | SCR_ST);
1291+ }
12871292
12881293 if (!arm_feature(env, ARM_FEATURE_EL2)) {
12891294 valid_mask &= ~SCR_HCE;
@@ -1299,6 +1304,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
12991304 valid_mask &= ~SCR_SMD;
13001305 }
13011306 }
1307+ if (cpu_isar_feature(aa64_lor, cpu)) {
1308+ valid_mask |= SCR_TLOR;
1309+ }
13021310
13031311 /* Clear all-context RES0 bits. */
13041312 value &= valid_mask;
@@ -1327,9 +1335,10 @@ static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
13271335 static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
13281336 {
13291337 CPUState *cs = ENV_GET_CPU(env);
1338+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
13301339 uint64_t ret = 0;
13311340
1332- if (arm_hcr_el2_imo(env)) {
1341+ if (hcr_el2 & HCR_IMO) {
13331342 if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
13341343 ret |= CPSR_I;
13351344 }
@@ -1339,7 +1348,7 @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
13391348 }
13401349 }
13411350
1342- if (arm_hcr_el2_fmo(env)) {
1351+ if (hcr_el2 & HCR_FMO) {
13431352 if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
13441353 ret |= CPSR_F;
13451354 }
@@ -2724,6 +2733,7 @@ static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
27242733 uint64_t value)
27252734 {
27262735 ARMCPU *cpu = arm_env_get_cpu(env);
2736+ TCR *tcr = raw_ptr(env, ri);
27272737
27282738 if (arm_feature(env, ARM_FEATURE_LPAE)) {
27292739 /* With LPAE the TTBCR could result in a change of ASID
@@ -2731,6 +2741,8 @@ static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
27312741 */
27322742 tlb_flush(CPU(cpu));
27332743 }
2744+ /* Preserve the high half of TCR_EL1, set via TTBCR2. */
2745+ value = deposit64(tcr->raw_tcr, 0, 32, value);
27342746 vmsa_ttbcr_raw_write(env, ri, value);
27352747 }
27362748
@@ -2833,6 +2845,16 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
28332845 REGINFO_SENTINEL
28342846 };
28352847
2848+/* Note that unlike TTBCR, writing to TTBCR2 does not require flushing
2849+ * qemu tlbs nor adjusting cached masks.
2850+ */
2851+static const ARMCPRegInfo ttbcr2_reginfo = {
2852+ .name = "TTBCR2", .cp = 15, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 3,
2853+ .access = PL1_RW, .type = ARM_CP_ALIAS,
2854+ .bank_fieldoffsets = { offsetofhigh32(CPUARMState, cp15.tcr_el[3]),
2855+ offsetofhigh32(CPUARMState, cp15.tcr_el[1]) },
2856+};
2857+
28362858 static void omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri,
28372859 uint64_t value)
28382860 {
@@ -3945,6 +3967,9 @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
39453967 */
39463968 valid_mask &= ~HCR_TSC;
39473969 }
3970+ if (cpu_isar_feature(aa64_lor, cpu)) {
3971+ valid_mask |= HCR_TLOR;
3972+ }
39483973
39493974 /* Clear RES0 bits. */
39503975 value &= valid_mask;
@@ -3991,6 +4016,51 @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri,
39914016 hcr_write(env, NULL, value);
39924017 }
39934018
4019+/*
4020+ * Return the effective value of HCR_EL2.
4021+ * Bits that are not included here:
4022+ * RW (read from SCR_EL3.RW as needed)
4023+ */
4024+uint64_t arm_hcr_el2_eff(CPUARMState *env)
4025+{
4026+ uint64_t ret = env->cp15.hcr_el2;
4027+
4028+ if (arm_is_secure_below_el3(env)) {
4029+ /*
4030+ * "This register has no effect if EL2 is not enabled in the
4031+ * current Security state". This is ARMv8.4-SecEL2 speak for
4032+ * !(SCR_EL3.NS==1 || SCR_EL3.EEL2==1).
4033+ *
4034+ * Prior to that, the language was "In an implementation that
4035+ * includes EL3, when the value of SCR_EL3.NS is 0 the PE behaves
4036+ * as if this field is 0 for all purposes other than a direct
4037+ * read or write access of HCR_EL2". With lots of enumeration
4038+ * on a per-field basis. In current QEMU, this is condition
4039+ * is arm_is_secure_below_el3.
4040+ *
4041+ * Since the v8.4 language applies to the entire register, and
4042+ * appears to be backward compatible, use that.
4043+ */
4044+ ret = 0;
4045+ } else if (ret & HCR_TGE) {
4046+ /* These bits are up-to-date as of ARMv8.4. */
4047+ if (ret & HCR_E2H) {
4048+ ret &= ~(HCR_VM | HCR_FMO | HCR_IMO | HCR_AMO |
4049+ HCR_BSU_MASK | HCR_DC | HCR_TWI | HCR_TWE |
4050+ HCR_TID0 | HCR_TID2 | HCR_TPCP | HCR_TPU |
4051+ HCR_TDZ | HCR_CD | HCR_ID | HCR_MIOCNCE);
4052+ } else {
4053+ ret |= HCR_FMO | HCR_IMO | HCR_AMO;
4054+ }
4055+ ret &= ~(HCR_SWIO | HCR_PTW | HCR_VF | HCR_VI | HCR_VSE |
4056+ HCR_FB | HCR_TID1 | HCR_TID3 | HCR_TSC | HCR_TACR |
4057+ HCR_TSW | HCR_TTLB | HCR_TVM | HCR_HCD | HCR_TRVM |
4058+ HCR_TLOR);
4059+ }
4060+
4061+ return ret;
4062+}
4063+
39944064 static const ARMCPRegInfo el2_cp_reginfo[] = {
39954065 { .name = "HCR_EL2", .state = ARM_CP_STATE_AA64,
39964066 .type = ARM_CP_IO,
@@ -4503,8 +4573,7 @@ int sve_exception_el(CPUARMState *env, int el)
45034573 if (disabled) {
45044574 /* route_to_el2 */
45054575 return (arm_feature(env, ARM_FEATURE_EL2)
4506- && !arm_is_secure(env)
4507- && (env->cp15.hcr_el2 & HCR_TGE) ? 2 : 1);
4576+ && (arm_hcr_el2_eff(env) & HCR_TGE) ? 2 : 1);
45084577 }
45094578
45104579 /* Check CPACR.FPEN. */
@@ -4956,6 +5025,42 @@ static uint64_t id_aa64pfr0_read(CPUARMState *env, const ARMCPRegInfo *ri)
49565025 return pfr0;
49575026 }
49585027
5028+/* Shared logic between LORID and the rest of the LOR* registers.
5029+ * Secure state has already been delt with.
5030+ */
5031+static CPAccessResult access_lor_ns(CPUARMState *env)
5032+{
5033+ int el = arm_current_el(env);
5034+
5035+ if (el < 2 && (arm_hcr_el2_eff(env) & HCR_TLOR)) {
5036+ return CP_ACCESS_TRAP_EL2;
5037+ }
5038+ if (el < 3 && (env->cp15.scr_el3 & SCR_TLOR)) {
5039+ return CP_ACCESS_TRAP_EL3;
5040+ }
5041+ return CP_ACCESS_OK;
5042+}
5043+
5044+static CPAccessResult access_lorid(CPUARMState *env, const ARMCPRegInfo *ri,
5045+ bool isread)
5046+{
5047+ if (arm_is_secure_below_el3(env)) {
5048+ /* Access ok in secure mode. */
5049+ return CP_ACCESS_OK;
5050+ }
5051+ return access_lor_ns(env);
5052+}
5053+
5054+static CPAccessResult access_lor_other(CPUARMState *env,
5055+ const ARMCPRegInfo *ri, bool isread)
5056+{
5057+ if (arm_is_secure_below_el3(env)) {
5058+ /* Access denied in secure mode. */
5059+ return CP_ACCESS_TRAP;
5060+ }
5061+ return access_lor_ns(env);
5062+}
5063+
49595064 void register_cp_regs_for_features(ARMCPU *cpu)
49605065 {
49615066 /* Register all the coprocessor registers based on feature bits */
@@ -5207,11 +5312,11 @@ void register_cp_regs_for_features(ARMCPU *cpu)
52075312 { .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
52085313 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
52095314 .access = PL1_R, .type = ARM_CP_CONST,
5210- .resetvalue = cpu->id_aa64mmfr0 },
5315+ .resetvalue = cpu->isar.id_aa64mmfr0 },
52115316 { .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
52125317 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
52135318 .access = PL1_R, .type = ARM_CP_CONST,
5214- .resetvalue = cpu->id_aa64mmfr1 },
5319+ .resetvalue = cpu->isar.id_aa64mmfr1 },
52155320 { .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
52165321 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
52175322 .access = PL1_R, .type = ARM_CP_CONST,
@@ -5433,6 +5538,10 @@ void register_cp_regs_for_features(ARMCPU *cpu)
54335538 } else {
54345539 define_arm_cp_regs(cpu, vmsa_pmsa_cp_reginfo);
54355540 define_arm_cp_regs(cpu, vmsa_cp_reginfo);
5541+ /* TTCBR2 is introduced with ARMv8.2-A32HPD. */
5542+ if (FIELD_EX32(cpu->id_mmfr4, ID_MMFR4, HPDS) != 0) {
5543+ define_one_arm_cp_reg(cpu, &ttbcr2_reginfo);
5544+ }
54365545 }
54375546 if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
54385547 define_arm_cp_regs(cpu, t2ee_cp_reginfo);
@@ -5693,6 +5802,38 @@ void register_cp_regs_for_features(ARMCPU *cpu)
56935802 define_one_arm_cp_reg(cpu, &sctlr);
56945803 }
56955804
5805+ if (cpu_isar_feature(aa64_lor, cpu)) {
5806+ /*
5807+ * A trivial implementation of ARMv8.1-LOR leaves all of these
5808+ * registers fixed at 0, which indicates that there are zero
5809+ * supported Limited Ordering regions.
5810+ */
5811+ static const ARMCPRegInfo lor_reginfo[] = {
5812+ { .name = "LORSA_EL1", .state = ARM_CP_STATE_AA64,
5813+ .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 0,
5814+ .access = PL1_RW, .accessfn = access_lor_other,
5815+ .type = ARM_CP_CONST, .resetvalue = 0 },
5816+ { .name = "LOREA_EL1", .state = ARM_CP_STATE_AA64,
5817+ .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 1,
5818+ .access = PL1_RW, .accessfn = access_lor_other,
5819+ .type = ARM_CP_CONST, .resetvalue = 0 },
5820+ { .name = "LORN_EL1", .state = ARM_CP_STATE_AA64,
5821+ .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 2,
5822+ .access = PL1_RW, .accessfn = access_lor_other,
5823+ .type = ARM_CP_CONST, .resetvalue = 0 },
5824+ { .name = "LORC_EL1", .state = ARM_CP_STATE_AA64,
5825+ .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 3,
5826+ .access = PL1_RW, .accessfn = access_lor_other,
5827+ .type = ARM_CP_CONST, .resetvalue = 0 },
5828+ { .name = "LORID_EL1", .state = ARM_CP_STATE_AA64,
5829+ .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7,
5830+ .access = PL1_R, .accessfn = access_lorid,
5831+ .type = ARM_CP_CONST, .resetvalue = 0 },
5832+ REGINFO_SENTINEL
5833+ };
5834+ define_arm_cp_regs(cpu, lor_reginfo);
5835+ }
5836+
56965837 if (cpu_isar_feature(aa64_sve, cpu)) {
56975838 define_one_arm_cp_reg(cpu, &zcr_el1_reginfo);
56985839 if (arm_feature(env, ARM_FEATURE_EL2)) {
@@ -6149,9 +6290,8 @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type)
61496290 * and CPS are treated as illegal mode changes.
61506291 */
61516292 if (write_type == CPSRWriteByInstr &&
6152- (env->cp15.hcr_el2 & HCR_TGE) &&
61536293 (env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON &&
6154- !arm_is_secure_below_el3(env)) {
6294+ (arm_hcr_el2_eff(env) & HCR_TGE)) {
61556295 return 1;
61566296 }
61576297 return 0;
@@ -6505,12 +6645,13 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
65056645 uint32_t cur_el, bool secure)
65066646 {
65076647 CPUARMState *env = cs->env_ptr;
6508- int rw;
6509- int scr;
6510- int hcr;
6648+ bool rw;
6649+ bool scr;
6650+ bool hcr;
65116651 int target_el;
65126652 /* Is the highest EL AArch64? */
6513- int is64 = arm_feature(env, ARM_FEATURE_AARCH64);
6653+ bool is64 = arm_feature(env, ARM_FEATURE_AARCH64);
6654+ uint64_t hcr_el2;
65146655
65156656 if (arm_feature(env, ARM_FEATURE_EL3)) {
65166657 rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
@@ -6522,24 +6663,22 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
65226663 rw = is64;
65236664 }
65246665
6666+ hcr_el2 = arm_hcr_el2_eff(env);
65256667 switch (excp_idx) {
65266668 case EXCP_IRQ:
65276669 scr = ((env->cp15.scr_el3 & SCR_IRQ) == SCR_IRQ);
6528- hcr = arm_hcr_el2_imo(env);
6670+ hcr = hcr_el2 & HCR_IMO;
65296671 break;
65306672 case EXCP_FIQ:
65316673 scr = ((env->cp15.scr_el3 & SCR_FIQ) == SCR_FIQ);
6532- hcr = arm_hcr_el2_fmo(env);
6674+ hcr = hcr_el2 & HCR_FMO;
65336675 break;
65346676 default:
65356677 scr = ((env->cp15.scr_el3 & SCR_EA) == SCR_EA);
6536- hcr = arm_hcr_el2_amo(env);
6678+ hcr = hcr_el2 & HCR_AMO;
65376679 break;
65386680 };
65396681
6540- /* If HCR.TGE is set then HCR is treated as being 1 */
6541- hcr |= ((env->cp15.hcr_el2 & HCR_TGE) == HCR_TGE);
6542-
65436682 /* Perform a table-lookup for the target EL given the current state */
65446683 target_el = target_el_table[is64][scr][rw][hcr][secure][cur_el];
65456684
@@ -9635,6 +9774,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
96359774 bool ttbr1_valid = true;
96369775 uint64_t descaddrmask;
96379776 bool aarch64 = arm_el_is_aa64(env, el);
9777+ bool hpd = false;
96389778
96399779 /* TODO:
96409780 * This code does not handle the different format TCR for VTCR_EL2.
@@ -9749,6 +9889,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
97499889 if (tg == 2) { /* 16KB pages */
97509890 stride = 11;
97519891 }
9892+ if (aarch64 && el > 1) {
9893+ hpd = extract64(tcr->raw_tcr, 24, 1);
9894+ } else {
9895+ hpd = extract64(tcr->raw_tcr, 41, 1);
9896+ }
9897+ if (!aarch64) {
9898+ /* For aarch32, hpd0 is not enabled without t2e as well. */
9899+ hpd &= extract64(tcr->raw_tcr, 6, 1);
9900+ }
97529901 } else {
97539902 /* We should only be here if TTBR1 is valid */
97549903 assert(ttbr1_valid);
@@ -9764,6 +9913,11 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
97649913 if (tg == 1) { /* 16KB pages */
97659914 stride = 11;
97669915 }
9916+ hpd = extract64(tcr->raw_tcr, 42, 1);
9917+ if (!aarch64) {
9918+ /* For aarch32, hpd1 is not enabled without t2e as well. */
9919+ hpd &= extract64(tcr->raw_tcr, 6, 1);
9920+ }
97679921 }
97689922
97699923 /* Here we should have set up all the parameters for the translation:
@@ -9857,7 +10011,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
985710011 descaddr = descriptor & descaddrmask;
985810012
985910013 if ((descriptor & 2) && (level < 3)) {
9860- /* Table entry. The top five bits are attributes which may
10014+ /* Table entry. The top five bits are attributes which may
986110015 * propagate down through lower levels of the table (and
986210016 * which are all arranged so that 0 means "no effect", so
986310017 * we can gather them up by ORing in the bits at each level).
@@ -9882,15 +10036,17 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
988210036 break;
988310037 }
988410038 /* Merge in attributes from table descriptors */
9885- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
9886- attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
10039+ attrs |= nstable << 3; /* NS */
10040+ if (hpd) {
10041+ /* HPD disables all the table attributes except NSTable. */
10042+ break;
10043+ }
10044+ attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
988710045 /* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
988810046 * means "force PL1 access only", which means forcing AP[1] to 0.
988910047 */
9890- if (extract32(tableattrs, 2, 1)) {
9891- attrs &= ~(1 << 4);
9892- }
9893- attrs |= nstable << 3; /* NS */
10048+ attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
10049+ attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
989410050 break;
989510051 }
989610052 /* Here descaddr is the final physical address, and attributes
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -229,7 +229,8 @@ static inline unsigned int arm_pamax(ARMCPU *cpu)
229229 [4] = 44,
230230 [5] = 48,
231231 };
232- unsigned int parange = extract32(cpu->id_aa64mmfr0, 0, 4);
232+ unsigned int parange =
233+ FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
233234
234235 /* id_aa64mmfr0 is a read-only register so values outside of the
235236 * supported mappings can be considered an implementation error. */
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -538,6 +538,10 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
538538 ARM64_SYS_REG(3, 0, 0, 6, 0));
539539 err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64isar1,
540540 ARM64_SYS_REG(3, 0, 0, 6, 1));
541+ err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr0,
542+ ARM64_SYS_REG(3, 0, 0, 7, 0));
543+ err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr1,
544+ ARM64_SYS_REG(3, 0, 0, 7, 1));
541545
542546 /*
543547 * Note that if AArch32 support is not present in the host,
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -33,8 +33,7 @@ void raise_exception(CPUARMState *env, uint32_t excp,
3333 {
3434 CPUState *cs = CPU(arm_env_get_cpu(env));
3535
36- if ((env->cp15.hcr_el2 & HCR_TGE) &&
37- target_el == 1 && !arm_is_secure(env)) {
36+ if (target_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) {
3837 /*
3938 * Redirect NS EL1 exceptions to NS EL2. These are reported with
4039 * their original syndrome register value, with the exception of
@@ -428,9 +427,9 @@ static inline int check_wfx_trap(CPUARMState *env, bool is_wfe)
428427 * No need for ARM_FEATURE check as if HCR_EL2 doesn't exist the
429428 * bits will be zero indicating no trap.
430429 */
431- if (cur_el < 2 && !arm_is_secure(env)) {
432- mask = (is_wfe) ? HCR_TWE : HCR_TWI;
433- if (env->cp15.hcr_el2 & mask) {
430+ if (cur_el < 2) {
431+ mask = is_wfe ? HCR_TWE : HCR_TWI;
432+ if (arm_hcr_el2_eff(env) & mask) {
434433 return 2;
435434 }
436435 }
@@ -995,7 +994,7 @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome)
995994 exception_target_el(env));
996995 }
997996
998- if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) {
997+ if (cur_el == 1 && (arm_hcr_el2_eff(env) & HCR_TSC)) {
999998 /* In NS EL1, HCR controlled routing to EL2 has priority over SMD.
1000999 * We also want an EL2 guest to be able to forbid its EL1 from
10011000 * making PSCI calls into QEMU's "firmware" via HCR.TSC.
@@ -1098,8 +1097,7 @@ void HELPER(exception_return)(CPUARMState *env)
10981097 goto illegal_return;
10991098 }
11001099
1101- if (new_el == 1 && (env->cp15.hcr_el2 & HCR_TGE)
1102- && !arm_is_secure_below_el3(env)) {
1100+ if (new_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) {
11031101 goto illegal_return;
11041102 }
11051103
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2290,6 +2290,12 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
22902290 }
22912291 return;
22922292
2293+ case 0x8: /* STLLR */
2294+ if (!dc_isar_feature(aa64_lor, s)) {
2295+ break;
2296+ }
2297+ /* StoreLORelease is the same as Store-Release for QEMU. */
2298+ /* fall through */
22932299 case 0x9: /* STLR */
22942300 /* Generate ISS for non-exclusive accesses including LASR. */
22952301 if (rn == 31) {
@@ -2301,6 +2307,12 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
23012307 disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
23022308 return;
23032309
2310+ case 0xc: /* LDLAR */
2311+ if (!dc_isar_feature(aa64_lor, s)) {
2312+ break;
2313+ }
2314+ /* LoadLOAcquire is the same as Load-Acquire for QEMU. */
2315+ /* fall through */
23042316 case 0xd: /* LDAR */
23052317 /* Generate ISS for non-exclusive accesses including LASR. */
23062318 if (rn == 31) {