From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43962) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aSnh7-0005WR-DL for qemu-devel@nongnu.org; Mon, 08 Feb 2016 10:25:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aSnh2-0006LM-Ev for qemu-devel@nongnu.org; Mon, 08 Feb 2016 10:25:41 -0500 References: <1454690704-16233-1-git-send-email-peter.maydell@linaro.org> <1454690704-16233-2-git-send-email-peter.maydell@linaro.org> From: Sergey Fedorov Message-ID: <56B8B366.1040203@gmail.com> Date: Mon, 8 Feb 2016 18:25:26 +0300 MIME-Version: 1.0 In-Reply-To: <1454690704-16233-2-git-send-email-peter.maydell@linaro.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 1/6] target-arm: correct CNTFRQ access rights List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell , qemu-devel@nongnu.org Cc: "Edgar E. Iglesias" , qemu-arm@nongnu.org, patches@linaro.org On 05.02.2016 19:44, Peter Maydell wrote: > Correct some corner cases we were getting wrong for > CNTFRQ access rights: > * should UNDEF from 32-bit Secure EL1 > * only writable from the highest implemented exception level, > which might not be EL1 now > > Signed-off-by: Peter Maydell > --- > target-arm/helper.c | 31 ++++++++++++++++++++++++++++--- > 1 file changed, 28 insertions(+), 3 deletions(-) > > diff --git a/target-arm/helper.c b/target-arm/helper.c > index 7a8881a..082701a 100644 > --- a/target-arm/helper.c > +++ b/target-arm/helper.c > @@ -1217,9 +1217,34 @@ static const ARMCPRegInfo v6k_cp_reginfo[] = { > static CPAccessResult gt_cntfrq_access(CPUARMState *env, const ARMCPRegInfo *ri, > bool isread) > { > - /* CNTFRQ: not visible from PL0 if both PL0PCTEN and PL0VCTEN are zero */ > - if (arm_current_el(env) == 0 && !extract32(env->cp15.c14_cntkctl, 0, 2)) { > - return CP_ACCESS_TRAP; > + /* CNTFRQ: not visible from PL0 if both PL0PCTEN and PL0VCTEN are zero. > + * Writable only at the highest implemented exception level. > + */ > + switch (arm_current_el(env)) { > + case 0: > + if (!extract32(env->cp15.c14_cntkctl, 0, 2)) { > + return CP_ACCESS_TRAP; > + } > + /* EL0 reads are forbidden by the .access fields */ s/reads/writes/ ? > + break; > + case 1: > + if (!isread && (arm_feature(env, ARM_FEATURE_EL2) > + || arm_feature(env, ARM_FEATURE_EL3))) { > + return CP_ACCESS_TRAP_UNCATEGORIZED; > + } > + if (!isread && ri->state == ARM_CP_STATE_AA32 && > + arm_is_secure_below_el3(env)) { > + /* Accesses from 32-bit Secure EL1 UNDEF (*not* trap to EL3!) */ > + return CP_ACCESS_TRAP_UNCATEGORIZED; > + } > + break; > + case 2: > + if (!isread && arm_feature(env, ARM_FEATURE_EL3)) { > + return CP_ACCESS_TRAP_UNCATEGORIZED; > + } > + break; > + case 3: > + break; > } > return CP_ACCESS_OK; > } Maybe calculating "the highest implemented exception level" could simplify reading of the code a bit? E.g.: int highest_el = arm_feature(env, ARM_FEATURE_EL3) ? 3 : arm_feature(env, ARM_FEATURE_EL2) ? 2 : 1; We would probably want to have a dedicated static inline function for this similar to HighestEL() from ARMv8 ARM pseudocode. Kind regards, Sergey