From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37699) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZyKfO-00050a-Ge for qemu-devel@nongnu.org; Mon, 16 Nov 2015 09:22:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZyKfN-00083w-0o for qemu-devel@nongnu.org; Mon, 16 Nov 2015 09:21:58 -0500 From: Peter Maydell Date: Mon, 16 Nov 2015 14:05:04 +0000 Message-Id: <1447682723-3977-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: patches@linaro.org, qemu-arm@nongnu.org, Paolo Bonzini , "Edgar E. Iglesias" , =?UTF-8?q?Alex=20Benn=C3=A9e?= , =?UTF-8?q?Andreas=20F=C3=A4rber?= This patch series adds support to QEMU's core exec/memory code for CPUs which have more than one address space, and uses it for ARM TrustZone. In particular, a TZ CPU will have two physical address spaces (Secure and Non-secure), and the patchset allows a board model to create these both separately and connect them to the CPU, so that we can have devices or memory which are visible only in the Secure address space. (We already have support for TZ in the CPU emulation itself, and support for devices like the GIC which respond differently to Secure and Non-secure accesses, so this is the last part of the puzzle for 32-bit.) The general approach is that we allow a target-* cpu to define more than one address space at initialization, allocating each one a small integer "address space index" (asidx). The target CPU also defines the mapping from memory transaction attributes to the asidx via a new QOM CPU method asidx_from_attrs. The memory and cputlb core code then use the asidx to look up memory regions in the correct AddressSpace (both at TLB fill time and in the io_read/write stage at runtime). Changes since v1: * the biggest change is that rather than having the target-cpu code pass us an asidx and storing asidxes in the IOTLB, we now determine the address space index from the memory transaction attributes. This has had effects all through the patchstack. * some reshuffling of patch order (among other things, all the core patches are now at the front, with the target-arm patches next and the virt board last). * added missing object_ref(OBJECT(cpu->memory)) when setting the default value of cpu->memory * don't allow sharing of ASes that weren't created via address_space_init_shareable * now only allocate cpu_ases array once (target has to set cpu->num_ases before first call to cpu_address_space_init()) * new patch documenting tlb_set_page_with_attrs -- I no longer need to add a new argument to this function, but didn't want to throw away the doc comment I'd written... The 'add secure memory region to virt board' patch is still RFC because the device tree binding to say "device is secure-only" is still under discussion on the kernel mailing list; patch 19 is a pure hack, and is here for testing purposes only. You can run OP-TEE on QEMU with these patches: see https://github.com/OP-TEE/optee_os for details of how to get, build and run it. The 'make run' will use the custom QEMU version that comes with OP-TEE (do that first to make sure your OP-TEE has built and works ok). To get it to use a locally built QEMU with these patches do: make run-only QEMU_PATH=/path/to/your/qemu/build/directory QEMU_EXTRA_ARGS='-machine secure=on' Notes on a couple of things the patchset doesn't address: (1) image/romfile/kernel loading etc will load only into the nonsecure address space. This would be conceptually simple to implement (you just need to pass an AS into lots of functions) but since OP-TEE doesn't need it I felt it could safely be left for later rather than making this patchset bigger. (2) Using multiple address spaces in one CPU won't work with KVM (and we assert if you try; nothing at the moment will attempt it). Using different address spaces in different CPUs in an SMP setup will also not work with KVM, but we don't assert on that because I wasn't sure where best to put the assert. (Also, it would be nice if we could do that, because the modelling for ARM SMP setups would really be cleaner if we could put the per-CPU devices and so on in a set of per-CPU ASes.) You can find a git branch with this patchset in here: https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases thanks -- PMM Peter Crosthwaite (2): memory: Add address_space_init_shareable() qom/cpu: Add MemoryRegion property Peter Maydell (17): exec.c: Don't set cpu->as until cpu_address_space_init exec.c: Allow target CPUs to define multiple AddressSpaces exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page include/qom/cpu.h: Add new get_phys_page_attrs_debug method include/qom/cpu.h: Add new asidx_from_attrs method cputlb.c: Use correct address space when looking up MemoryRegionSection exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS exec.c: Add cpu_get_address_space() exec.c: Use cpu_get_phys_page_attrs_debug exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write target-arm: Add QOM property for Secure memory region target-arm: Implement asidx_from_attrs target-arm: Implement cpu_get_phys_page_attrs_debug target-arm: Support multiple address spaces in page table walks hw/arm/virt: Wire up memory region to CPUs explicitly [RFC] hw/arm/virt: add secure memory region and UART HACK: rearrange the virt memory map to suit OP-TEE cpus.c | 13 +++++- cputlb.c | 9 +++-- exec.c | 103 +++++++++++++++++++++++++++++++++++------------- hw/arm/virt.c | 66 +++++++++++++++++++++++++------ include/exec/exec-all.h | 69 ++++++++++++++++++++++++++++---- include/exec/memory.h | 18 +++++++++ include/hw/arm/virt.h | 1 + include/qom/cpu.h | 57 ++++++++++++++++++++++++++- memory.c | 27 +++++++++++++ softmmu_template.h | 4 +- target-arm/cpu-qom.h | 6 ++- target-arm/cpu.c | 35 +++++++++++++++- target-arm/cpu.h | 23 +++++++++++ target-arm/helper.c | 15 ++++--- target-i386/cpu.c | 7 +++- 15 files changed, 389 insertions(+), 64 deletions(-) -- 1.9.1