* [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
@ 2022-07-03 8:23 Richard Henderson
2022-07-03 8:23 ` [PATCH 01/62] accel/tcg: Introduce PageEntryExtra Richard Henderson
` (63 more replies)
0 siblings, 64 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This is a major reorg to arm page table walking. While the result
here is "merely" Hardware-assited Access Flag and Dirty Bit Setting
(HAFDBS), the ultimate goal is the Realm Management Extension (RME).
RME "recommends" that HAFDBS be implemented (I_CSLWZ).
For HAFDBS, being able to find a host pointer for the ram that
backs a given page table entry is required in order to perform the
atomic update to that PTE. The easiest way to find a host pointer
is to use the existing softtlb mechanism. Thus all of the page
table walkers have been adjusted to take an mmu_idx that corresponds
to the regime in which the page table is stored. In some cases,
this is a new "physical" mmu_idx that has a permanent 1-1 mapping.
For RME, "physical" addresses also have page permissions, coming
from the Root realm Granule Protection Table, which can be thought
of as a third stage page table lookup. So eventually the new
Secure and Nonsecure physical mmu indexes will joined by
Realm and Root physical mmu indexes, and all of them will take
the new Granule Page Table into account.
Previously, we had A-profile allocate separate mmu_idx for secure
vs non-secure. I've done away with that. Now, I flush all mmu_idx
when SCR_EL3.NS is changed. I did not see how we could reasonably
add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
Trusted Firmware, at the code paths used to change between Secure
and Nonsecure. We wind up flushing all of these mmu_idx anyway while
swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
to keep them live at the same time within qemu.
r~
Richard Henderson (62):
accel/tcg: Introduce PageEntryExtra
target/arm: Enable PageEntryExtra
target/arm: Fix MTE check in sve_ldnfff1_r
target/arm: Record tagged bit for user-only in sve_probe_page
target/arm: Use PageEntryExtra for MTE
target/arm: Use PageEntryExtra for BTI
include/exec: Remove target_tlb_bitN from MemTxAttrs
target/arm: Create GetPhysAddrResult
target/arm: Fix ipa_secure in get_phys_addr
target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
target/arm: Use GetPhysAddrResult in get_phys_addr_v6
target/arm: Use GetPhysAddrResult in get_phys_addr_v5
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
target/arm: Add is_secure parameter to v8m_security_lookup
target/arm: Add is_secure parameter to pmsav8_mpu_lookup
target/arm: Add is_secure parameter to get_phys_addr_v5
target/arm: Add is_secure parameter to get_phys_addr_v6
target/arm: Add secure parameter to get_phys_addr_pmsav8
target/arm: Add is_secure parameter to pmsav7_use_background_region
target/arm: Add is_secure parameter to get_phys_addr_lpae
target/arm: Add is_secure parameter to get_phys_addr_pmsav7
target/arm: Add is_secure parameter to regime_translation_disabled
target/arm: Add is_secure parameter to get_phys_addr_pmsav5
target/arm: Split out get_phys_addr_with_secure
target/arm: Add is_secure parameter to v7m_read_half_insn
target/arm: Add TBFLAG_M32.SECURE
target/arm: Merge regime_is_secure into get_phys_addr
target/arm: Add is_secure parameter to do_ats_write
target/arm: Fold secure and non-secure a-profile mmu indexes
target/arm: Reorg regime_translation_disabled
target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
target/arm: Introduce arm_hcr_el2_eff_secstate
target/arm: Hoist read of *is_secure in S1_ptw_translate
target/arm: Fix S2 disabled check in S1_ptw_translate
target/arm: Remove env argument from combined_attrs_fwb
target/arm: Pass HCR to attribute subroutines.
target/arm: Fix ATS12NSO* from S PL1
target/arm: Split out get_phys_addr_disabled
target/arm: Reorg get_phys_addr_disabled
target/arm: Add ARMMMUIdx_Phys_{S,NS}
target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx
target/arm: Use softmmu tlbs for page table walking
target/arm: Hoist check for disabled stage2 translation.
target/arm: Split out get_phys_addr_twostage
target/arm: Use bool consistently for get_phys_addr subroutines
target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation
target/arm: Add ptw_idx argument to S1_ptw_translate
target/arm: Add isar predicates for FEAT_HAFDBS
target/arm: Extract HA and HD in aa64_va_parameters
target/arm: Split out S1TranslateResult type
target/arm: Move be test for regime into S1TranslateResult
target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
target/arm: Add ARMFault_UnsuppAtomicUpdate
target/arm: Remove loop from get_phys_addr_lpae
target/arm: Fix fault reporting in get_phys_addr_lpae
target/arm: Don't shift attrs in get_phys_addr_lpae
target/arm: Consider GP an attribute in get_phys_addr_lpae
target/arm: Implement FEAT_HAFDBS
docs/system/arm/emulation.rst | 1 +
include/exec/cpu-defs.h | 5 +
include/exec/exec-all.h | 26 +-
include/exec/memattrs.h | 10 -
include/qemu/typedefs.h | 1 +
target/arm/cpu-param.h | 10 +-
target/arm/cpu.h | 138 ++--
target/arm/internals.h | 118 +--
target/arm/sve_ldst_internal.h | 1 +
accel/tcg/cputlb.c | 73 +-
target/arm/cpu64.c | 1 +
target/arm/helper.c | 213 +++--
target/arm/m_helper.c | 83 +-
target/arm/mte_helper.c | 52 +-
target/arm/ptw.c | 1346 +++++++++++++++++++-------------
target/arm/sve_helper.c | 50 +-
target/arm/tlb_helper.c | 51 +-
target/arm/translate-a64.c | 30 +-
target/arm/translate.c | 9 +-
19 files changed, 1194 insertions(+), 1024 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 100+ messages in thread
* [PATCH 01/62] accel/tcg: Introduce PageEntryExtra
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-04 15:28 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 02/62] target/arm: Enable PageEntryExtra Richard Henderson
` (62 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Add an optional structure, controlled by TARGET_PAGE_ENTRY_EXTRA,
that allows arbitrary extra data to be saved in the TLB for a
given page. Set it with tlb_set_page_with_extra() and fetch it
with probe_access_extra().
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/cpu-defs.h | 5 +++
include/exec/exec-all.h | 26 +++++++++++++--
include/qemu/typedefs.h | 1 +
accel/tcg/cputlb.c | 73 ++++++++++++++++++++++++++++++-----------
4 files changed, 84 insertions(+), 21 deletions(-)
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index ba3cd32a1e..f14586e219 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -76,6 +76,10 @@ typedef uint64_t target_ulong;
#if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
+#ifndef TARGET_PAGE_ENTRY_EXTRA
+struct PageEntryExtra { };
+#endif
+
/* use a fully associative victim tlb of 8 entries */
#define CPU_VTLB_SIZE 8
@@ -148,6 +152,7 @@ typedef struct CPUIOTLBEntry {
*/
hwaddr addr;
MemTxAttrs attrs;
+ PageEntryExtra extra;
} CPUIOTLBEntry;
/*
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 311e5fb422..2c036de3d8 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -259,11 +259,12 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
unsigned bits);
/**
- * tlb_set_page_with_attrs:
+ * tlb_set_page_with_extra:
* @cpu: CPU to add this TLB entry for
* @vaddr: virtual address of page to add entry for
* @paddr: physical address of the page
* @attrs: memory transaction attributes
+ * @extra: cpu specific extra information
* @prot: access permissions (PAGE_READ/PAGE_WRITE/PAGE_EXEC bits)
* @mmu_idx: MMU index to insert TLB entry for
* @size: size of the page in bytes
@@ -279,11 +280,25 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
* At most one entry for a given virtual address is permitted. Only a
* single TARGET_PAGE_SIZE region is mapped; the supplied @size is only
* used by tlb_flush_page.
+ *
+ * The @extra information is target-specific, and may be retrieved
+ * by calling probe_access_extra().
+ */
+void tlb_set_page_with_extra(CPUState *cpu, target_ulong vaddr, hwaddr paddr,
+ MemTxAttrs attrs, PageEntryExtra extra,
+ int prot, int mmu_idx, target_ulong size);
+
+/**
+ * tlb_set_page_with_attrs:
+ *
+ * This function is equivalent to calling tlb_set_page_with_extra()
+ * with an @extra argument of all zeros.
*/
void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
hwaddr paddr, MemTxAttrs attrs,
int prot, int mmu_idx, target_ulong size);
-/* tlb_set_page:
+/**
+ * tlb_set_page:
*
* This function is equivalent to calling tlb_set_page_with_attrs()
* with an @attrs argument of MEMTXATTRS_UNSPECIFIED. It's provided
@@ -435,6 +450,13 @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
MMUAccessType access_type, int mmu_idx,
bool nonfault, void **phost, uintptr_t retaddr);
+#ifdef CONFIG_SOFTMMU
+int probe_access_extra(CPUArchState *env, target_ulong addr,
+ MMUAccessType access_type, int mmu_idx,
+ bool nonfault, void **phost, MemTxAttrs *pattrs,
+ PageEntryExtra *pextra, uintptr_t retaddr);
+#endif
+
#define CODE_GEN_ALIGN 16 /* must be >= of the size of a icache line */
/* Estimated block size for TB allocation. */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 42f4ceb701..a4de3bb07c 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -82,6 +82,7 @@ typedef struct NodeInfo NodeInfo;
typedef struct NumaNodeMem NumaNodeMem;
typedef struct Object Object;
typedef struct ObjectClass ObjectClass;
+typedef struct PageEntryExtra PageEntryExtra;
typedef struct PCIBridge PCIBridge;
typedef struct PCIBus PCIBus;
typedef struct PCIDevice PCIDevice;
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index f90f4312ea..05555961c9 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1095,16 +1095,21 @@ static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
}
-/* Add a new TLB entry. At most one entry for a given virtual address
+/*
+ * Add a new TLB entry. At most one entry for a given virtual address
* is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
* supplied size is only used by tlb_flush_page.
*
* Called from TCG-generated code, which is under an RCU read-side
* critical section.
+ *
+ * Returns a pointer to the iotlb entry, with env_tlb(env)->c.lock
+ * still locked, for final additions to the iotlb entry. The caller
+ * must unlock the lock.
*/
-void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
- hwaddr paddr, MemTxAttrs attrs, int prot,
- int mmu_idx, target_ulong size)
+void tlb_set_page_with_extra(CPUState *cpu, target_ulong vaddr, hwaddr paddr,
+ MemTxAttrs attrs, PageEntryExtra extra,
+ int prot, int mmu_idx, target_ulong size)
{
CPUArchState *env = cpu->env_ptr;
CPUTLB *tlb = env_tlb(env);
@@ -1238,6 +1243,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
*/
desc->iotlb[index].addr = iotlb - vaddr_page;
desc->iotlb[index].attrs = attrs;
+ desc->iotlb[index].extra = extra;
/* Now calculate the new entry */
tn.addend = addend - vaddr_page;
@@ -1272,7 +1278,23 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
qemu_spin_unlock(&tlb->c.lock);
}
-/* Add a new TLB entry, but without specifying the memory
+/*
+ * Add a new TLB entry, specifying the memory transaction
+ * attributes to be used.
+ */
+void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
+ hwaddr paddr, MemTxAttrs attrs, int prot,
+ int mmu_idx, target_ulong size)
+{
+ PageEntryExtra extra;
+
+ memset(&extra, 0, sizeof(extra));
+ tlb_set_page_with_extra(cpu, vaddr, paddr, attrs, extra,
+ prot, mmu_idx, size);
+}
+
+/*
+ * Add a new TLB entry, but without specifying the memory
* transaction attributes to be used.
*/
void tlb_set_page(CPUState *cpu, target_ulong vaddr,
@@ -1633,25 +1655,38 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
return flags;
}
+int probe_access_extra(CPUArchState *env, target_ulong addr,
+ MMUAccessType access_type, int mmu_idx,
+ bool nonfault, void **phost, MemTxAttrs *pattrs,
+ PageEntryExtra *pextra, uintptr_t retaddr)
+{
+ int flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
+ nonfault, phost, retaddr);
+
+ if (likely(!(flags & TLB_INVALID_MASK))) {
+ uintptr_t index = tlb_index(env, mmu_idx, addr);
+ CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+
+ /* Handle clean RAM pages. */
+ if (unlikely(flags & TLB_NOTDIRTY)) {
+ notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
+ flags &= ~TLB_NOTDIRTY;
+ }
+ *pattrs = iotlbentry->attrs;
+ *pextra = iotlbentry->extra;
+ }
+ return flags;
+}
+
int probe_access_flags(CPUArchState *env, target_ulong addr,
MMUAccessType access_type, int mmu_idx,
bool nonfault, void **phost, uintptr_t retaddr)
{
- int flags;
+ MemTxAttrs attrs;
+ PageEntryExtra extra;
- flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
- nonfault, phost, retaddr);
-
- /* Handle clean RAM pages. */
- if (unlikely(flags & TLB_NOTDIRTY)) {
- uintptr_t index = tlb_index(env, mmu_idx, addr);
- CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
-
- notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
- flags &= ~TLB_NOTDIRTY;
- }
-
- return flags;
+ return probe_access_extra(env, addr, access_type, mmu_idx, nonfault,
+ phost, &attrs, &extra, retaddr);
}
void *probe_access(CPUArchState *env, target_ulong addr, int size,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 02/62] target/arm: Enable PageEntryExtra
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-07-03 8:23 ` [PATCH 01/62] accel/tcg: Introduce PageEntryExtra Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-04 15:22 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r Richard Henderson
` (61 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Copy attrs, sharability, and the NS bit into the TLB.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 8 ++++++++
target/arm/internals.h | 5 +++++
target/arm/tlb_helper.c | 14 ++++++++++++--
3 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 68ffb12427..a14f167d11 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -30,6 +30,14 @@
*/
# define TARGET_PAGE_BITS_VARY
# define TARGET_PAGE_BITS_MIN 10
+/*
+ * Extra information stored in softmmu page tables.
+ */
+# define TARGET_PAGE_ENTRY_EXTRA
+struct PageEntryExtra {
+ /* See PAGEENTRYEXTRA fields in cpu.h */
+ uint64_t x;
+};
#endif
#define NB_MMU_MODES 15
diff --git a/target/arm/internals.h b/target/arm/internals.h
index c66f74a0db..2b38a83574 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -74,6 +74,11 @@ FIELD(V7M_EXCRET, DCRS, 5, 1)
FIELD(V7M_EXCRET, S, 6, 1)
FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
+/* Bit definitions for PageEntryExtra */
+FIELD(PAGEENTRYEXTRA, ATTRS, 0, 8)
+FIELD(PAGEENTRYEXTRA, SHAREABILITY, 8, 2)
+FIELD(PAGEENTRYEXTRA, PA, 12, 52)
+
/* Minimum value which is a magic number for exception return */
#define EXC_RETURN_MIN_MAGIC 0xff000000
/* Minimum number which is a magic number for function or exception return
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 7d8a86b3c4..9de3099153 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -226,21 +226,31 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
&phys_addr, &attrs, &prot, &page_size,
&fi, &cacheattrs);
if (likely(!ret)) {
+ PageEntryExtra extra = {};
+
/*
* Map a single [sub]page. Regions smaller than our declared
* target page size are handled specially, so for those we
- * pass in the exact addresses.
+ * pass in the exact addresses. This only happens for M-profile,
+ * which does not use or require PageEntryExtra.
*/
if (page_size >= TARGET_PAGE_SIZE) {
phys_addr &= TARGET_PAGE_MASK;
address &= TARGET_PAGE_MASK;
+
+ /* Record some particulars for later lookup. */
+ extra.x = phys_addr;
+ extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, ATTRS,
+ cacheattrs.attrs);
+ extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
+ cacheattrs.shareability);
}
/* Notice and record tagged memory. */
if (cpu_isar_feature(aa64_mte, cpu) && cacheattrs.attrs == 0xf0) {
arm_tlb_mte_tagged(&attrs) = true;
}
- tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
+ tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
prot, mmu_idx, page_size);
return true;
} else if (probe) {
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-07-03 8:23 ` [PATCH 01/62] accel/tcg: Introduce PageEntryExtra Richard Henderson
2022-07-03 8:23 ` [PATCH 02/62] target/arm: Enable PageEntryExtra Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-05 12:05 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page Richard Henderson
` (60 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The comment was correct, but the test was not:
disable mte if tagged is *not* set.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/sve_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 1654c0bbf9..db15d03ded 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5986,7 +5986,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
* Disable MTE checking if the Tagged bit is not set. Since TBI must
* be set within MTEDESC for MTE, !mtedesc => !mte_active.
*/
- if (arm_tlb_mte_tagged(&info.page[0].attrs)) {
+ if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
mtedesc = 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (2 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-05 12:09 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 05/62] target/arm: Use PageEntryExtra for MTE Richard Henderson
` (59 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Fixes a bug in that we were not honoring MTE from user-only
SVE. Copy the user-only MTE logic from allocation_tag_mem
into sve_probe_page.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/sve_helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index db15d03ded..0c6379e6e8 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5337,6 +5337,9 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
#ifdef CONFIG_USER_ONLY
memset(&info->attrs, 0, sizeof(info->attrs));
+ /* Require both MAP_ANON and PROT_MTE -- see allocation_tag_mem. */
+ arm_tlb_mte_tagged(&info->attrs) =
+ (flags & PAGE_ANON) && (flags & PAGE_MTE);
#else
/*
* Find the iotlbentry for addr and return the transaction attributes.
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 05/62] target/arm: Use PageEntryExtra for MTE
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (3 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-05 12:47 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 06/62] target/arm: Use PageEntryExtra for BTI Richard Henderson
` (58 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Tagged pages are indicated by the page attributes, so we
don't need to use a separate bit in MemTxAttrs. Further,
we store the PA, so we don't need to recover it by walking
the tree of memory regions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 1 -
target/arm/sve_ldst_internal.h | 1 +
target/arm/mte_helper.c | 52 +++++++--------------------------
target/arm/sve_helper.c | 53 +++++++++++-----------------------
target/arm/tlb_helper.c | 4 ---
5 files changed, 28 insertions(+), 83 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4a4342f262..a26b9437e9 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3369,7 +3369,6 @@ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
* generic target bits directly.
*/
#define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
-#define arm_tlb_mte_tagged(x) (typecheck_memtxattrs(x)->target_tlb_bit1)
/*
* AArch64 usage of the PAGE_TARGET_* bits for linux-user.
diff --git a/target/arm/sve_ldst_internal.h b/target/arm/sve_ldst_internal.h
index b5c473fc48..4f159ec4ad 100644
--- a/target/arm/sve_ldst_internal.h
+++ b/target/arm/sve_ldst_internal.h
@@ -134,6 +134,7 @@ typedef struct {
void *host;
int flags;
MemTxAttrs attrs;
+ bool tagged;
} SVEHostPage;
bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index d11a8c70d0..5327df96d9 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -105,10 +105,9 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
TARGET_PAGE_BITS - LOG2_TAG_GRANULE - 1);
return tags + index;
#else
- uintptr_t index;
- CPUIOTLBEntry *iotlbentry;
+ MemTxAttrs attrs;
+ PageEntryExtra extra;
int in_page, flags;
- ram_addr_t ptr_ra;
hwaddr ptr_paddr, tag_paddr, xlat;
MemoryRegion *mr;
ARMASIdx tag_asi;
@@ -124,30 +123,12 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
* valid. Indicate to probe_access_flags no-fault, then assert that
* we received a valid page.
*/
- flags = probe_access_flags(env, ptr, ptr_access, ptr_mmu_idx,
- ra == 0, &host, ra);
+ flags = probe_access_extra(env, ptr, ptr_access, ptr_mmu_idx,
+ ra == 0, &host, &attrs, &extra, ra);
assert(!(flags & TLB_INVALID_MASK));
- /*
- * Find the iotlbentry for ptr. This *must* be present in the TLB
- * because we just found the mapping.
- * TODO: Perhaps there should be a cputlb helper that returns a
- * matching tlb entry + iotlb entry.
- */
- index = tlb_index(env, ptr_mmu_idx, ptr);
-# ifdef CONFIG_DEBUG_TCG
- {
- CPUTLBEntry *entry = tlb_entry(env, ptr_mmu_idx, ptr);
- target_ulong comparator = (ptr_access == MMU_DATA_LOAD
- ? entry->addr_read
- : tlb_addr_write(entry));
- g_assert(tlb_hit(comparator, ptr));
- }
-# endif
- iotlbentry = &env_tlb(env)->d[ptr_mmu_idx].iotlb[index];
-
/* If the virtual page MemAttr != Tagged, access unchecked. */
- if (!arm_tlb_mte_tagged(&iotlbentry->attrs)) {
+ if (FIELD_EX64(extra.x, PAGEENTRYEXTRA, ATTRS) != 0xf0) {
return NULL;
}
@@ -180,33 +161,20 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
if (unlikely(flags & TLB_WATCHPOINT)) {
int wp = ptr_access == MMU_DATA_LOAD ? BP_MEM_READ : BP_MEM_WRITE;
assert(ra != 0);
- cpu_check_watchpoint(env_cpu(env), ptr, ptr_size,
- iotlbentry->attrs, wp, ra);
+ cpu_check_watchpoint(env_cpu(env), ptr, ptr_size, attrs, wp, ra);
}
- /*
- * Find the physical address within the normal mem space.
- * The memory region lookup must succeed because TLB_MMIO was
- * not set in the cputlb lookup above.
- */
- mr = memory_region_from_host(host, &ptr_ra);
- tcg_debug_assert(mr != NULL);
- tcg_debug_assert(memory_region_is_ram(mr));
- ptr_paddr = ptr_ra;
- do {
- ptr_paddr += mr->addr;
- mr = mr->container;
- } while (mr);
+ /* Recover the physical address from PageEntryExtra. */
+ ptr_paddr = extra.x & R_PAGEENTRYEXTRA_PA_MASK;
/* Convert to the physical address in tag space. */
tag_paddr = ptr_paddr >> (LOG2_TAG_GRANULE + 1);
/* Look up the address in tag space. */
- tag_asi = iotlbentry->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
+ tag_asi = attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
tag_as = cpu_get_address_space(env_cpu(env), tag_asi);
mr = address_space_translate(tag_as, tag_paddr, &xlat, NULL,
- tag_access == MMU_DATA_STORE,
- iotlbentry->attrs);
+ tag_access == MMU_DATA_STORE, attrs);
/*
* Note that @mr will never be NULL. If there is nothing in the address
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 0c6379e6e8..4b853a25aa 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5323,8 +5323,18 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
*/
addr = useronly_clean_ptr(addr);
+#ifdef CONFIG_USER_ONLY
flags = probe_access_flags(env, addr, access_type, mmu_idx, nofault,
&info->host, retaddr);
+ memset(&info->attrs, 0, sizeof(info->attrs));
+ /* Require both ANON and MTE; see allocation_tag_mem(). */
+ info->tagged = (flags & PAGE_ANON) && (flags & PAGE_MTE);
+#else
+ PageEntryExtra extra;
+ flags = probe_access_extra(env, addr, access_type, mmu_idx, nofault,
+ &info->host, &info->attrs, &extra, retaddr);
+ info->tagged = FIELD_EX64(extra.x, PAGEENTRYEXTRA, ATTRS) == 0xf0;
+#endif
info->flags = flags;
if (flags & TLB_INVALID_MASK) {
@@ -5334,33 +5344,6 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
/* Ensure that info->host[] is relative to addr, not addr + mem_off. */
info->host -= mem_off;
-
-#ifdef CONFIG_USER_ONLY
- memset(&info->attrs, 0, sizeof(info->attrs));
- /* Require both MAP_ANON and PROT_MTE -- see allocation_tag_mem. */
- arm_tlb_mte_tagged(&info->attrs) =
- (flags & PAGE_ANON) && (flags & PAGE_MTE);
-#else
- /*
- * Find the iotlbentry for addr and return the transaction attributes.
- * This *must* be present in the TLB because we just found the mapping.
- */
- {
- uintptr_t index = tlb_index(env, mmu_idx, addr);
-
-# ifdef CONFIG_DEBUG_TCG
- CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
- target_ulong comparator = (access_type == MMU_DATA_LOAD
- ? entry->addr_read
- : tlb_addr_write(entry));
- g_assert(tlb_hit(comparator, addr));
-# endif
-
- CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
- info->attrs = iotlbentry->attrs;
- }
-#endif
-
return true;
}
@@ -5589,7 +5572,7 @@ void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
intptr_t mem_off, reg_off, reg_last;
/* Process the page only if MemAttr == Tagged. */
- if (arm_tlb_mte_tagged(&info->page[0].attrs)) {
+ if (info->page[0].tagged) {
mem_off = info->mem_off_first[0];
reg_off = info->reg_off_first[0];
reg_last = info->reg_off_split;
@@ -5610,7 +5593,7 @@ void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
}
mem_off = info->mem_off_first[1];
- if (mem_off >= 0 && arm_tlb_mte_tagged(&info->page[1].attrs)) {
+ if (mem_off >= 0 && info->page[1].tagged) {
reg_off = info->reg_off_first[1];
reg_last = info->reg_off_last[1];
@@ -5989,7 +5972,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
* Disable MTE checking if the Tagged bit is not set. Since TBI must
* be set within MTEDESC for MTE, !mtedesc => !mte_active.
*/
- if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
+ if (!info.page[0].tagged) {
mtedesc = 0;
}
@@ -6540,7 +6523,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
cpu_check_watchpoint(env_cpu(env), addr, msize,
info.attrs, BP_MEM_READ, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
if (unlikely(info.flags & TLB_MMIO)) {
@@ -6557,7 +6540,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
msize, info.attrs,
BP_MEM_READ, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
tlb_fn(env, &scratch, reg_off, addr, retaddr);
@@ -6758,9 +6741,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
(env_cpu(env), addr, msize) & BP_MEM_READ)) {
goto fault;
}
- if (mtedesc &&
- arm_tlb_mte_tagged(&info.attrs) &&
- !mte_probe(env, mtedesc, addr)) {
+ if (mtedesc && info.tagged && !mte_probe(env, mtedesc, addr)) {
goto fault;
}
@@ -6946,7 +6927,7 @@ void sve_st1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
info.attrs, BP_MEM_WRITE, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
}
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 9de3099153..1305b6ec7d 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -245,10 +245,6 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
cacheattrs.shareability);
}
- /* Notice and record tagged memory. */
- if (cpu_isar_feature(aa64_mte, cpu) && cacheattrs.attrs == 0xf0) {
- arm_tlb_mte_tagged(&attrs) = true;
- }
tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
prot, mmu_idx, page_size);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 06/62] target/arm: Use PageEntryExtra for BTI
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (4 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 05/62] target/arm: Use PageEntryExtra for MTE Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-05 14:12 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
` (57 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Add a bit to ARMCacheAttrs to hold the guarded bit between
get_phys_addr_lpae and arm_cpu_tlb_fill, then put the bit
into PageEntryExtra.
In is_guarded_page, use probe_access_extra instead of just
guessing that the tlb entry is still present. Also handles
the FIXME about executing from device memory.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 13 -------------
target/arm/internals.h | 2 ++
target/arm/ptw.c | 4 ++--
target/arm/tlb_helper.c | 2 ++
target/arm/translate-a64.c | 22 ++++++++--------------
5 files changed, 14 insertions(+), 29 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a26b9437e9..4a41b5dcef 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3357,19 +3357,6 @@ static inline uint64_t *aa64_vfp_qreg(CPUARMState *env, unsigned regno)
/* Shared between translate-sve.c and sve_helper.c. */
extern const uint64_t pred_esz_masks[4];
-/* Helper for the macros below, validating the argument type. */
-static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
-{
- return x;
-}
-
-/*
- * Lvalue macros for ARM TLB bits that we must cache in the TCG TLB.
- * Using these should be a bit more self-documenting than using the
- * generic target bits directly.
- */
-#define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
-
/*
* AArch64 usage of the PAGE_TARGET_* bits for linux-user.
*/
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 2b38a83574..268c3c7380 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -77,6 +77,7 @@ FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
/* Bit definitions for PageEntryExtra */
FIELD(PAGEENTRYEXTRA, ATTRS, 0, 8)
FIELD(PAGEENTRYEXTRA, SHAREABILITY, 8, 2)
+FIELD(PAGEENTRYEXTRA, GUARDED, 10, 1)
FIELD(PAGEENTRYEXTRA, PA, 12, 52)
/* Minimum value which is a magic number for exception return */
@@ -1129,6 +1130,7 @@ typedef struct ARMCacheAttrs {
unsigned int attrs:8;
unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */
bool is_s2_format:1;
+ bool guarded:1; /* guarded bit of the v8-64 PTE */
} ARMCacheAttrs;
bool get_phys_addr(CPUARMState *env, target_ulong address,
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index da478104f0..204c820026 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1320,8 +1320,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
txattrs->secure = false;
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
- if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
- arm_tlb_bti_gp(txattrs) = true;
+ if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+ cacheattrs->guarded = guarded;
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 1305b6ec7d..7476fcafeb 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -244,6 +244,8 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
cacheattrs.attrs);
extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
cacheattrs.shareability);
+ extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, GUARDED,
+ cacheattrs.guarded);
}
tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c86b97b1d4..57f492ccef 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14543,22 +14543,16 @@ static bool is_guarded_page(CPUARMState *env, DisasContext *s)
#ifdef CONFIG_USER_ONLY
return page_get_flags(addr) & PAGE_BTI;
#else
+ MemTxAttrs attrs;
+ PageEntryExtra extra;
+ void *host;
int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
- unsigned int index = tlb_index(env, mmu_idx, addr);
- CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+ int flags;
- /*
- * We test this immediately after reading an insn, which means
- * that any normal page must be in the TLB. The only exception
- * would be for executing from flash or device memory, which
- * does not retain the TLB entry.
- *
- * FIXME: Assume false for those, for now. We could use
- * arm_cpu_get_phys_page_attrs_debug to re-read the page
- * table entry even for that case.
- */
- return (tlb_hit(entry->addr_code, addr) &&
- arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].iotlb[index].attrs));
+ flags = probe_access_extra(env, addr, MMU_INST_FETCH, mmu_idx,
+ false, &host, &attrs, &extra, 0);
+ assert(!(flags & TLB_INVALID_MASK));
+ return FIELD_EX64(extra.x, PAGEENTRYEXTRA, GUARDED);
#endif
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (5 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 06/62] target/arm: Use PageEntryExtra for BTI Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-05 14:12 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 08/62] target/arm: Create GetPhysAddrResult Richard Henderson
` (56 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We have now moved all uses to PageEntryExtra.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/memattrs.h | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index 9fb98bc1ef..1bd7b6c5ca 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -47,16 +47,6 @@ typedef struct MemTxAttrs {
unsigned int requester_id:16;
/* Invert endianness for this page */
unsigned int byte_swap:1;
- /*
- * The following are target-specific page-table bits. These are not
- * related to actual memory transactions at all. However, this structure
- * is part of the tlb_fill interface, cached in the cputlb structure,
- * and has unused bits. These fields will be read by target-specific
- * helpers using env->iotlb[mmu_idx][tlb_index()].attrs.target_tlb_bitN.
- */
- unsigned int target_tlb_bit0 : 1;
- unsigned int target_tlb_bit1 : 1;
- unsigned int target_tlb_bit2 : 1;
} MemTxAttrs;
/* Bus masters which don't specify any attributes will get this,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 08/62] target/arm: Create GetPhysAddrResult
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (6 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:02 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 09/62] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
` (55 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Combine 5 output pointer argument from get_phys_addr
into a single struct. Adjust all callers.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 13 ++++-
target/arm/helper.c | 27 ++++-----
target/arm/m_helper.c | 52 +++++------------
target/arm/ptw.c | 125 +++++++++++++++++++++-------------------
target/arm/tlb_helper.c | 26 ++++-----
5 files changed, 113 insertions(+), 130 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 268c3c7380..7d08917f88 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1133,11 +1133,18 @@ typedef struct ARMCacheAttrs {
bool guarded:1; /* guarded bit of the v8-64 PTE */
} ARMCacheAttrs;
+/* Fields that are valid upon success. */
+typedef struct GetPhysAddrResult {
+ hwaddr phys;
+ target_ulong page_size;
+ int prot;
+ MemTxAttrs attrs;
+ ARMCacheAttrs cacheattrs;
+} GetPhysAddrResult;
+
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f6dcb1a115..fb13e0f4c0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3173,24 +3173,19 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
MMUAccessType access_type, ARMMMUIdx mmu_idx)
{
- hwaddr phys_addr;
- target_ulong page_size;
- int prot;
bool ret;
uint64_t par64;
bool format64 = false;
- MemTxAttrs attrs = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
+ GetPhysAddrResult res = {};
- ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
- &prot, &page_size, &fi, &cacheattrs);
+ ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
* have to deal with the ARMCacheAttrs format for S2 only.
*/
- assert(!cacheattrs.is_s2_format);
+ assert(!res.cacheattrs.is_s2_format);
if (ret) {
/*
@@ -3296,12 +3291,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
/* Create a 64-bit PAR */
par64 = (1 << 11); /* LPAE bit always set */
if (!ret) {
- par64 |= phys_addr & ~0xfffULL;
- if (!attrs.secure) {
+ par64 |= res.phys & ~0xfffULL;
+ if (!res.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
- par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */
- par64 |= cacheattrs.shareability << 7; /* SH */
+ par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
+ par64 |= res.cacheattrs.shareability << 7; /* SH */
} else {
uint32_t fsr = arm_fi_to_lfsc(&fi);
@@ -3321,13 +3316,13 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
*/
if (!ret) {
/* We do not set any attribute bits in the PAR */
- if (page_size == (1 << 24)
+ if (res.page_size == (1 << 24)
&& arm_feature(env, ARM_FEATURE_V7)) {
- par64 = (phys_addr & 0xff000000) | (1 << 1);
+ par64 = (res.phys & 0xff000000) | (1 << 1);
} else {
- par64 = phys_addr & 0xfffff000;
+ par64 = res.phys & 0xfffff000;
}
- if (!attrs.secure) {
+ if (!res.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
} else {
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 308610f6b4..84c6796b8d 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -183,19 +183,14 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
{
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
bool secure = mmu_idx & ARM_MMU_IDX_M_S;
int exc;
bool exc_secure;
- if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
if (mode == STACK_LAZYFP) {
@@ -228,8 +223,8 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
}
goto pend_fault;
}
- address_space_stl_le(arm_addressspace(cs, attrs), physaddr, value,
- attrs, &txres);
+ address_space_stl_le(arm_addressspace(cs, res.attrs), res.phys, value,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to write the data */
if (mode == STACK_LAZYFP) {
@@ -276,20 +271,15 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
{
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
bool secure = mmu_idx & ARM_MMU_IDX_M_S;
int exc;
bool exc_secure;
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
@@ -308,8 +298,8 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
goto pend_fault;
}
- value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
@@ -2008,13 +1998,9 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
V8M_SAttributes sattrs = {};
- MemTxAttrs attrs = {};
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
@@ -2028,16 +2014,15 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
"...really SecureFault with SFSR.INVEP\n");
return false;
}
- if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &res, &fi)) {
/* the MPU lookup failed */
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
qemu_log_mask(CPU_LOG_INT, "...really MemManage with CFSR.IACCVIOL\n");
return false;
}
- *insn = address_space_lduw_le(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ *insn = address_space_lduw_le(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
@@ -2060,17 +2045,12 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
*/
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
@@ -2088,8 +2068,8 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
}
return false;
}
- value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT,
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 204c820026..1a946f3757 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2296,18 +2296,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
- * @phys_ptr: set to the physical address corresponding to the virtual address
- * @attrs: set to the memory transaction attributes to use
- * @prot: set to the permissions for the page containing phys_ptr
- * @page_size: set to the size of the page containing phys_ptr
+ * @result: set on translation success.
* @fi: set to fault info if the translation fails
- * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
*/
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
@@ -2318,43 +2312,53 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
*/
if (arm_feature(env, ARM_FEATURE_EL2)) {
hwaddr ipa;
- int s2_prot;
+ int s1_prot;
int ret;
bool ipa_secure;
- ARMCacheAttrs cacheattrs2 = {};
+ ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
bool is_el0;
- ret = get_phys_addr(env, address, access_type, s1_mmu_idx, &ipa,
- attrs, prot, page_size, fi, cacheattrs);
+ ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
+ result, fi);
/* If S1 fails or S2 is disabled, return early. */
if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
- *phys_ptr = ipa;
return ret;
}
- ipa_secure = attrs->secure;
+ ipa = result->phys;
+ ipa_secure = result->attrs.secure;
if (arm_is_secure_below_el3(env)) {
- if (ipa_secure) {
- attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
- } else {
- attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
- }
+ result->attrs.secure =
+ (ipa_secure
+ ? !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW)
+ : !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW));
} else {
assert(!ipa_secure);
}
- s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ s2_mmu_idx = (result->attrs.secure
+ ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
- /* S1 is done. Now do S2 translation. */
+ /*
+ * S1 is done, now do S2 translation.
+ * Save the stage1 results so that we may merge
+ * prot and cacheattrs later.
+ */
+ s1_prot = result->prot;
+ cacheattrs1 = result->cacheattrs;
+ memset(result, 0, sizeof(*result));
+
ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0,
- phys_ptr, attrs, &s2_prot,
- page_size, fi, &cacheattrs2);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size,
+ fi, &result->cacheattrs);
fi->s2addr = ipa;
+
/* Combine the S1 and S2 perms. */
- *prot &= s2_prot;
+ result->prot &= s1_prot;
/* If S2 fails, return early. */
if (ret) {
@@ -2370,20 +2374,21 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* Outer Write-Back Read-Allocate Write-Allocate.
* Do not overwrite Tagged within attrs.
*/
- if (cacheattrs->attrs != 0xf0) {
- cacheattrs->attrs = 0xff;
+ if (cacheattrs1.attrs != 0xf0) {
+ cacheattrs1.attrs = 0xff;
}
- cacheattrs->shareability = 0;
+ cacheattrs1.shareability = 0;
}
- *cacheattrs = combine_cacheattrs(env, *cacheattrs, cacheattrs2);
+ result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
+ result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
if (arm_is_secure_below_el3(env)) {
if (ipa_secure) {
- attrs->secure =
+ result->attrs.secure =
!(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
} else {
- attrs->secure =
+ result->attrs.secure =
!((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
|| (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
}
@@ -2402,8 +2407,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* cannot upgrade an non-secure translation regime's attributes
* to secure.
*/
- attrs->secure = regime_is_secure(env, mmu_idx);
- attrs->user = regime_is_user(env, mmu_idx);
+ result->attrs.secure = regime_is_secure(env, mmu_idx);
+ result->attrs.user = regime_is_user(env, mmu_idx);
/*
* Fast Context Switch Extension. This doesn't exist at all in v8.
@@ -2420,20 +2425,22 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_PMSA)) {
bool ret;
- *page_size = TARGET_PAGE_SIZE;
+ result->page_size = TARGET_PAGE_SIZE;
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size, fi);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- phys_ptr, prot, page_size, fi);
+ &result->phys, &result->prot,
+ &result->page_size, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- phys_ptr, prot, fi);
+ &result->phys, &result->prot, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
@@ -2441,9 +2448,9 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
(access_type == MMU_DATA_STORE ? "writing" : "execute"),
(uint32_t)address, mmu_idx,
ret ? "Miss" : "Hit",
- *prot & PAGE_READ ? 'r' : '-',
- *prot & PAGE_WRITE ? 'w' : '-',
- *prot & PAGE_EXEC ? 'x' : '-');
+ result->prot & PAGE_READ ? 'r' : '-',
+ result->prot & PAGE_WRITE ? 'w' : '-',
+ result->prot & PAGE_EXEC ? 'x' : '-');
return ret;
}
@@ -2488,14 +2495,14 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
address = extract64(address, 0, 52);
}
}
- *phys_ptr = address;
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
- *page_size = TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->page_size = TARGET_PAGE_SIZE;
/* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
hcr = arm_hcr_el2_eff(env);
- cacheattrs->shareability = 0;
- cacheattrs->is_s2_format = false;
+ result->cacheattrs.shareability = 0;
+ result->cacheattrs.is_s2_format = false;
if (hcr & HCR_DC) {
if (hcr & HCR_DCT) {
memattr = 0xf0; /* Tagged, Normal, WB, RWA */
@@ -2508,24 +2515,27 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
memattr = 0x44; /* Normal, NC, No */
}
- cacheattrs->shareability = 2; /* outer sharable */
+ result->cacheattrs.shareability = 2; /* outer sharable */
} else {
memattr = 0x00; /* Device, nGnRnE */
}
- cacheattrs->attrs = memattr;
+ result->cacheattrs.attrs = memattr;
return 0;
}
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- phys_ptr, attrs, prot, page_size,
- fi, cacheattrs);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size,
+ fi, &result->cacheattrs);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size, fi);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- phys_ptr, prot, page_size, fi);
+ &result->phys, &result->prot,
+ &result->page_size, fi);
}
}
@@ -2534,21 +2544,16 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
- hwaddr phys_addr;
- target_ulong page_size;
- int prot;
- bool ret;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
ARMMMUIdx mmu_idx = arm_mmu_idx(env);
- ARMCacheAttrs cacheattrs = {};
+ bool ret;
- *attrs = (MemTxAttrs) {};
-
- ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &phys_addr,
- attrs, &prot, &page_size, &fi, &cacheattrs);
+ ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi);
+ *attrs = res.attrs;
if (ret) {
return -1;
}
- return phys_addr;
+ return res.phys;
}
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 7476fcafeb..28495ff525 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -209,11 +209,8 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
{
ARMCPU *cpu = ARM_CPU(cs);
ARMMMUFaultInfo fi = {};
- hwaddr phys_addr;
- target_ulong page_size;
- int prot, ret;
- MemTxAttrs attrs = {};
- ARMCacheAttrs cacheattrs = {};
+ GetPhysAddrResult res = {};
+ int ret;
/*
* Walk the page table and (if the mapping exists) add the page
@@ -223,8 +220,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
*/
ret = get_phys_addr(&cpu->env, address, access_type,
core_to_arm_mmu_idx(&cpu->env, mmu_idx),
- &phys_addr, &attrs, &prot, &page_size,
- &fi, &cacheattrs);
+ &res, &fi);
if (likely(!ret)) {
PageEntryExtra extra = {};
@@ -234,22 +230,22 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
* pass in the exact addresses. This only happens for M-profile,
* which does not use or require PageEntryExtra.
*/
- if (page_size >= TARGET_PAGE_SIZE) {
- phys_addr &= TARGET_PAGE_MASK;
+ if (res.page_size >= TARGET_PAGE_SIZE) {
+ res.phys &= TARGET_PAGE_MASK;
address &= TARGET_PAGE_MASK;
/* Record some particulars for later lookup. */
- extra.x = phys_addr;
+ extra.x = res.phys;
extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, ATTRS,
- cacheattrs.attrs);
+ res.cacheattrs.attrs);
extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
- cacheattrs.shareability);
+ res.cacheattrs.shareability);
extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, GUARDED,
- cacheattrs.guarded);
+ res.cacheattrs.guarded);
}
- tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
- prot, mmu_idx, page_size);
+ tlb_set_page_with_extra(cs, address, res.phys, res.attrs, extra,
+ res.prot, mmu_idx, res.page_size);
return true;
} else if (probe) {
return false;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 09/62] target/arm: Fix ipa_secure in get_phys_addr
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (7 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 08/62] target/arm: Create GetPhysAddrResult Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
` (54 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The starting security state comes with the translation regime,
not the current state of arm_is_secure_below_el3().
More use of the local variable, ipa_secure, which does not need
to be written back to result->attrs.secure -- we compute that
value later, after the S2 walk is complete.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1a946f3757..b78658161f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2304,6 +2304,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
+ bool is_secure = regime_is_secure(env, mmu_idx);
if (mmu_idx != s1_mmu_idx) {
/*
@@ -2328,18 +2329,16 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
ipa = result->phys;
- ipa_secure = result->attrs.secure;
- if (arm_is_secure_below_el3(env)) {
- result->attrs.secure =
- (ipa_secure
- ? !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW)
- : !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW));
+ if (is_secure) {
+ /* Select TCR based on the NS bit from the S1 walk. */
+ ipa_secure = !(result->attrs.secure
+ ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
+ : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
} else {
- assert(!ipa_secure);
+ ipa_secure = false;
}
- s2_mmu_idx = (result->attrs.secure
- ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
/*
@@ -2383,7 +2382,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
- if (arm_is_secure_below_el3(env)) {
+ if (is_secure) {
if (ipa_secure) {
result->attrs.secure =
!(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
@@ -2407,7 +2406,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* cannot upgrade an non-secure translation regime's attributes
* to secure.
*/
- result->attrs.secure = regime_is_secure(env, mmu_idx);
+ result->attrs.secure = is_secure;
result->attrs.user = regime_is_user(env, mmu_idx);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (8 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 09/62] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:04 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
` (53 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 69 ++++++++++++++++++------------------------------
1 file changed, 26 insertions(+), 43 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b78658161f..5e79c9be98 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -16,10 +16,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, hwaddr *phys_ptr,
- MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ bool s1_is_el0, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
@@ -204,18 +202,13 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
{
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
!regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
- target_ulong s2size;
- hwaddr s2pa;
- int s2prot;
- int ret;
ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
: ARMMMUIdx_Stage2;
- ARMCacheAttrs cacheattrs = {};
- MemTxAttrs txattrs = {};
+ GetPhysAddrResult s2 = {};
+ int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false,
- &s2pa, &txattrs, &s2prot, &s2size, fi,
- &cacheattrs);
+ &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
@@ -225,7 +218,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return ~0;
}
if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
- ptw_attrs_are_device(env, cacheattrs)) {
+ ptw_attrs_are_device(env, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -249,7 +242,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
assert(!*is_secure);
}
- addr = s2pa;
+ addr = s2.phys;
}
return addr;
}
@@ -968,19 +961,13 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
* table walk), must be true if this is stage 2 of a stage 1+2
* walk for an EL0 access. If @mmu_idx is anything else,
* @s1_is_el0 is ignored.
- * @phys_ptr: set to the physical address corresponding to the virtual address
- * @attrs: set to the memory transaction attributes to use
- * @prot: set to the permissions for the page containing phys_ptr
- * @page_size_ptr: set to the size of the page containing phys_ptr
+ * @result: set on translation success,
* @fi: set to fault info if the translation fails
- * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, hwaddr *phys_ptr,
- MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ bool s1_is_el0, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
/* Read an LPAE long-descriptor translation table. */
@@ -1298,16 +1285,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
ns = mmu_idx == ARMMMUIdx_Stage2;
xn = extract32(attrs, 11, 2);
- *prot = get_S2prot(env, ap, xn, s1_is_el0);
+ result->prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
ns = extract32(attrs, 3, 1);
xn = extract32(attrs, 12, 1);
pxn = extract32(attrs, 11, 1);
- *prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+ result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
fault_type = ARMFault_Permission;
- if (!(*prot & (1 << access_type))) {
+ if (!(result->prot & (1 << access_type))) {
goto do_fault;
}
@@ -1317,23 +1304,23 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- txattrs->secure = false;
+ result->attrs.secure = false;
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
- cacheattrs->guarded = guarded;
+ result->cacheattrs.guarded = guarded;
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
- cacheattrs->is_s2_format = true;
- cacheattrs->attrs = extract32(attrs, 0, 4);
+ result->cacheattrs.is_s2_format = true;
+ result->cacheattrs.attrs = extract32(attrs, 0, 4);
} else {
/* Index into MAIR registers for cache attributes */
uint8_t attrindx = extract32(attrs, 0, 3);
uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
assert(attrindx <= 7);
- cacheattrs->is_s2_format = false;
- cacheattrs->attrs = extract64(mair, attrindx * 8, 8);
+ result->cacheattrs.is_s2_format = false;
+ result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
}
/*
@@ -1342,13 +1329,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* that case comes from TCR_ELx, which we extracted earlier.
*/
if (param.ds) {
- cacheattrs->shareability = param.sh;
+ result->cacheattrs.shareability = param.sh;
} else {
- cacheattrs->shareability = extract32(attrs, 6, 2);
+ result->cacheattrs.shareability = extract32(attrs, 6, 2);
}
- *phys_ptr = descaddr;
- *page_size_ptr = page_size;
+ result->phys = descaddr;
+ result->page_size = page_size;
return false;
do_fault:
@@ -2350,10 +2337,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size,
- fi, &result->cacheattrs);
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ is_el0, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
@@ -2524,9 +2509,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size,
- fi, &result->cacheattrs);
+ result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
&result->phys, &result->attrs,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (9 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:04 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
` (52 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 30 ++++++++++++++----------------
1 file changed, 14 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5e79c9be98..d70c9120fc 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -532,8 +532,7 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, ARMMMUFaultInfo *fi)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -593,11 +592,11 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
phys_addr |= (uint64_t)extract32(desc, 20, 4) << 32;
phys_addr |= (uint64_t)extract32(desc, 5, 4) << 36;
- *page_size = 0x1000000;
+ result->page_size = 0x1000000;
} else {
/* Section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
- *page_size = 0x100000;
+ result->page_size = 0x100000;
}
ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
xn = desc & (1 << 4);
@@ -623,12 +622,12 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
xn = desc & (1 << 15);
- *page_size = 0x10000;
+ result->page_size = 0x10000;
break;
case 2: case 3: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
xn = desc & 1;
- *page_size = 0x1000;
+ result->page_size = 0x1000;
break;
default:
/* Never happens, but compiler isn't smart enough to tell. */
@@ -636,7 +635,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
}
}
if (domain_prot == 3) {
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
} else {
if (pxn && !regime_is_user(env, mmu_idx)) {
xn = 1;
@@ -654,14 +653,14 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- *prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
+ result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
} else {
- *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
}
- if (*prot && !xn) {
- *prot |= PAGE_EXEC;
+ if (result->prot && !xn) {
+ result->prot |= PAGE_EXEC;
}
- if (!(*prot & (1 << access_type))) {
+ if (!(result->prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
@@ -672,9 +671,9 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- attrs->secure = false;
+ result->attrs.secure = false;
}
- *phys_ptr = phys_addr;
+ result->phys = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -2512,8 +2511,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size, fi);
+ result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
&result->phys, &result->prot,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (10 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:05 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
` (51 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d70c9120fc..490a57ec5a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -410,9 +410,7 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -460,7 +458,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* 1Mb section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
ap = (desc >> 10) & 3;
- *page_size = 1024 * 1024;
+ result->page_size = 1024 * 1024;
} else {
/* Lookup l2 entry. */
if (type == 1) {
@@ -482,12 +480,12 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
- *page_size = 0x10000;
+ result->page_size = 0x10000;
break;
case 2: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
ap = (desc >> (4 + ((address >> 9) & 6))) & 3;
- *page_size = 0x1000;
+ result->page_size = 0x1000;
break;
case 3: /* 1k page, or ARMv6/XScale "extended small (4k) page" */
if (type == 1) {
@@ -495,7 +493,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
if (arm_feature(env, ARM_FEATURE_XSCALE)
|| arm_feature(env, ARM_FEATURE_V6)) {
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
- *page_size = 0x1000;
+ result->page_size = 0x1000;
} else {
/*
* UNPREDICTABLE in ARMv5; we choose to take a
@@ -506,7 +504,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
}
} else {
phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
- *page_size = 0x400;
+ result->page_size = 0x400;
}
ap = (desc >> 4) & 3;
break;
@@ -515,14 +513,14 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
g_assert_not_reached();
}
}
- *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
- *prot |= *prot ? PAGE_EXEC : 0;
- if (!(*prot & (1 << access_type))) {
+ result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->prot |= result->prot ? PAGE_EXEC : 0;
+ if (!(result->prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
}
- *phys_ptr = phys_addr;
+ result->phys = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -2514,8 +2512,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- &result->phys, &result->prot,
- &result->page_size, fi);
+ result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (11 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:05 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
` (50 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 490a57ec5a..f2e429574d 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1347,7 +1347,7 @@ do_fault:
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
int n;
@@ -1357,12 +1357,12 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
if (regime_translation_disabled(env, mmu_idx)) {
/* MPU disabled. */
- *phys_ptr = address;
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
return false;
}
- *phys_ptr = address;
+ result->phys = address;
for (n = 7; n >= 0; n--) {
base = env->cp15.c6_region[n];
if ((base & 1) == 0) {
@@ -1398,16 +1398,16 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot = PAGE_READ | PAGE_WRITE;
+ result->prot = PAGE_READ | PAGE_WRITE;
break;
case 2:
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
if (!is_user) {
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
}
break;
case 3:
- *prot = PAGE_READ | PAGE_WRITE;
+ result->prot = PAGE_READ | PAGE_WRITE;
break;
case 5:
if (is_user) {
@@ -1415,10 +1415,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
break;
case 6:
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
break;
default:
/* Bad permission. */
@@ -1426,7 +1426,7 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot |= PAGE_EXEC;
+ result->prot |= PAGE_EXEC;
return false;
}
@@ -2421,7 +2421,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- &result->phys, &result->prot, fi);
+ result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (12 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:06 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
` (49 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f2e429574d..4b69ecb1b9 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1509,17 +1509,16 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
- target_ulong *page_size,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int n;
bool is_user = regime_is_user(env, mmu_idx);
- *phys_ptr = address;
- *page_size = TARGET_PAGE_SIZE;
- *prot = 0;
+ result->phys = address;
+ result->page_size = TARGET_PAGE_SIZE;
+ result->prot = 0;
if (regime_translation_disabled(env, mmu_idx) ||
m_is_ppb_region(env, address)) {
@@ -1531,7 +1530,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
* which always does a direct read using address_space_ldl(), rather
* than going via this function, so we don't need to check that here.
*/
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else { /* MPU enabled */
for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
/* region search */
@@ -1573,7 +1572,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
if (ranges_overlap(base, rmask,
address & TARGET_PAGE_MASK,
TARGET_PAGE_SIZE)) {
- *page_size = 1;
+ result->page_size = 1;
}
continue;
}
@@ -1611,7 +1610,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
continue;
}
if (rsize < TARGET_PAGE_BITS) {
- *page_size = 1 << rsize;
+ result->page_size = 1 << rsize;
}
break;
}
@@ -1622,7 +1621,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Background;
return true;
}
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else { /* a MPU hit! */
uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);
uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
@@ -1639,16 +1638,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 5:
break; /* no access */
case 3:
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
/* fall through */
case 2:
case 6:
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1664,16 +1663,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 1:
case 2:
case 3:
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
/* fall through */
case 5:
case 6:
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1686,14 +1685,14 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
/* execute never */
if (xn) {
- *prot &= ~PAGE_EXEC;
+ result->prot &= ~PAGE_EXEC;
}
}
}
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(*prot & (1 << access_type));
+ return !(result->prot & (1 << access_type));
}
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
@@ -2416,8 +2415,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- &result->phys, &result->prot,
- &result->page_size, fi);
+ result, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (13 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:06 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
` (48 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4b69ecb1b9..ef28258d51 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1963,8 +1963,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, target_ulong *page_size,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
uint32_t secure = regime_is_secure(env, mmu_idx);
@@ -1999,9 +1998,9 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
} else {
fi->type = ARMFault_QEMU_SFault;
}
- *page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- *phys_ptr = address;
- *prot = 0;
+ result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = 0;
return true;
}
} else {
@@ -2011,7 +2010,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* might downgrade a secure access to nonsecure.
*/
if (sattrs.ns) {
- txattrs->secure = false;
+ result->attrs.secure = false;
} else if (!secure) {
/*
* NS access to S memory must fault.
@@ -2024,17 +2023,19 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
*/
fi->type = ARMFault_QEMU_SFault;
- *page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- *phys_ptr = address;
- *prot = 0;
+ result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = 0;
return true;
}
}
}
- ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
- txattrs, prot, &mpu_is_subpage, fi, NULL);
- *page_size = sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
+ ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
+ &result->phys, &result->attrs, &result->prot,
+ &mpu_is_subpage, fi, NULL);
+ result->page_size =
+ sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
return ret;
}
@@ -2410,8 +2411,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size, fi);
+ result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (14 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:09 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
` (47 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 11 +++++------
target/arm/m_helper.c | 16 +++++++---------
target/arm/ptw.c | 20 +++++++++-----------
3 files changed, 21 insertions(+), 26 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 7d08917f88..a817acaaf4 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1115,12 +1115,6 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
V8M_SAttributes *sattrs);
-bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion);
-
/* Cacheability and shareability attributes for a memory access */
typedef struct ARMCacheAttrs {
/*
@@ -1147,6 +1141,11 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
+bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ GetPhysAddrResult *result, bool *is_subpage,
+ ARMMMUFaultInfo *fi, uint32_t *mregion);
+
void arm_log_exception(CPUState *cs);
#endif /* !CONFIG_USER_ONLY */
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 84c6796b8d..69d4a63fa6 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2770,15 +2770,10 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
V8M_SAttributes sattrs = {};
uint32_t tt_resp;
bool r, rw, nsr, nsrw, mrvalid;
- int prot;
- ARMMMUFaultInfo fi = {};
- MemTxAttrs attrs = {};
- hwaddr phys_addr;
ARMMMUIdx mmu_idx;
uint32_t mregion;
bool targetpriv;
bool targetsec = env->v7m.secure;
- bool is_subpage;
/*
* Work out what the security state and privilege level we're
@@ -2809,18 +2804,21 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
* inspecting the other MPU state.
*/
if (arm_current_el(env) != 0 || alt) {
+ GetPhysAddrResult res = {};
+ ARMMMUFaultInfo fi = {};
+ bool is_subpage;
+
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &phys_addr, &attrs, &prot, &is_subpage,
- &fi, &mregion);
+ &res, &is_subpage, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
mregion = 0;
} else {
mrvalid = true;
}
- r = prot & PAGE_READ;
- rw = prot & PAGE_WRITE;
+ r = res.prot & PAGE_READ;
+ rw = res.prot & PAGE_WRITE;
} else {
r = false;
rw = false;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ef28258d51..b012577f17 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1697,8 +1697,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, bool *is_subpage,
+ GetPhysAddrResult *result, bool *is_subpage,
ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/*
@@ -1720,8 +1719,8 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
*is_subpage = false;
- *phys_ptr = address;
- *prot = 0;
+ result->phys = address;
+ result->prot = 0;
if (mregion) {
*mregion = -1;
}
@@ -1803,7 +1802,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
if (matchregion == -1) {
/* hit using the background region */
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else {
uint32_t ap = extract32(env->pmsav8.rbar[secure][matchregion], 1, 2);
uint32_t xn = extract32(env->pmsav8.rbar[secure][matchregion], 0, 1);
@@ -1818,9 +1817,9 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
xn = 1;
}
- *prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
- if (*prot && !xn && !(pxn && !is_user)) {
- *prot |= PAGE_EXEC;
+ result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
+ if (result->prot && !xn && !(pxn && !is_user)) {
+ result->prot |= PAGE_EXEC;
}
/*
* We don't need to look the attribute up in the MAIR0/MAIR1
@@ -1833,7 +1832,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(*prot & (1 << access_type));
+ return !(result->prot & (1 << access_type));
}
static bool v8m_is_sau_exempt(CPUARMState *env,
@@ -2032,8 +2031,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs, &result->prot,
- &mpu_is_subpage, fi, NULL);
+ result, &mpu_is_subpage, fi, NULL);
result->page_size =
sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (15 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:11 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
` (46 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This can be made redundant with result->page_size, by moving
the basic set of page_size from get_phys_addr_pmsav8. We still
need to overwrite page_size when v8m_security_lookup signals
a subpage.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/m_helper.c | 3 +--
target/arm/ptw.c | 19 ++++++++++---------
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index a817acaaf4..f6a9b963d3 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1143,8 +1143,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion);
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
+ uint32_t *mregion);
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 69d4a63fa6..01263990dc 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2806,11 +2806,10 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
if (arm_current_el(env) != 0 || alt) {
GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- bool is_subpage;
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &res, &is_subpage, &fi, &mregion);
+ &res, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
mregion = 0;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b012577f17..5274d0b304 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1697,8 +1697,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
+ uint32_t *mregion)
{
/*
* Perform a PMSAv8 MPU lookup (without also doing the SAU check
@@ -1715,10 +1715,10 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
int n;
int matchregion = -1;
bool hit = false;
+ bool is_subpage = false;
uint32_t addr_page_base = address & TARGET_PAGE_MASK;
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
- *is_subpage = false;
result->phys = address;
result->prot = 0;
if (mregion) {
@@ -1770,13 +1770,13 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
ranges_overlap(base, limit - base + 1,
addr_page_base,
TARGET_PAGE_SIZE)) {
- *is_subpage = true;
+ is_subpage = true;
}
continue;
}
if (base > addr_page_base || limit < addr_page_limit) {
- *is_subpage = true;
+ is_subpage = true;
}
if (matchregion != -1) {
@@ -1793,6 +1793,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
hit = true;
}
}
+ result->page_size = is_subpage ? 1 : TARGET_PAGE_SIZE;
if (!hit) {
/* background fault */
@@ -1968,7 +1969,6 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
uint32_t secure = regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs = {};
bool ret;
- bool mpu_is_subpage;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
@@ -2031,9 +2031,10 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
- result, &mpu_is_subpage, fi, NULL);
- result->page_size =
- sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
+ result, fi, NULL);
+ if (sattrs.subpage) {
+ result->page_size = 1;
+ }
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (16 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:13 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup Richard Henderson
` (45 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from v8m_security_lookup.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 +-
target/arm/m_helper.c | 9 ++++++---
target/arm/ptw.c | 9 +++++----
3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index f6a9b963d3..30bda00a09 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1113,7 +1113,7 @@ typedef struct V8M_SAttributes {
void v8m_security_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- V8M_SAttributes *sattrs);
+ bool secure, V8M_SAttributes *sattrs);
/* Cacheability and shareability attributes for a memory access */
typedef struct ARMCacheAttrs {
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 01263990dc..45fbf19559 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -689,7 +689,8 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
V8M_SAttributes sattrs = {};
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ targets_secure, &sattrs);
if (sattrs.ns) {
attrs.secure = false;
} else if (!targets_secure) {
@@ -2002,7 +2003,8 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo fi = {};
MemTxResult txres;
- v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx,
+ regime_is_secure(env, mmu_idx), &sattrs);
if (!sattrs.nsc || sattrs.ns) {
/*
* This must be the second half of the insn, and it straddles a
@@ -2826,7 +2828,8 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
}
if (env->v7m.secure) {
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ targetsec, &sattrs);
nsr = sattrs.ns && r;
nsrw = sattrs.ns && rw;
} else {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5274d0b304..3b70c423a8 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1853,8 +1853,8 @@ static bool v8m_is_sau_exempt(CPUARMState *env,
}
void v8m_security_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- V8M_SAttributes *sattrs)
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure, V8M_SAttributes *sattrs)
{
/*
* Look up the security attributes for this address. Compare the
@@ -1882,7 +1882,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
}
if (idau_exempt || v8m_is_sau_exempt(env, address, access_type)) {
- sattrs->ns = !regime_is_secure(env, mmu_idx);
+ sattrs->ns = !is_secure;
return;
}
@@ -1971,7 +1971,8 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
bool ret;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
+ v8m_security_lookup(env, address, access_type, mmu_idx,
+ secure, &sattrs);
if (access_type == MMU_INST_FETCH) {
/*
* Instruction fetches always use the MMU bank and the
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (17 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
` (44 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from pmsav8_mpu_lookup.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/m_helper.c | 2 +-
target/arm/ptw.c | 7 +++----
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 30bda00a09..f75ac2e1b7 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1143,8 +1143,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
- uint32_t *mregion);
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi, uint32_t *mregion);
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 45fbf19559..5ee4ee15b3 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2810,7 +2810,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
ARMMMUFaultInfo fi = {};
/* We can ignore the return value as prot is always set */
- pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, targetsec,
&res, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3b70c423a8..1a0e708d11 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1697,8 +1697,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
- uint32_t *mregion)
+ bool secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/*
* Perform a PMSAv8 MPU lookup (without also doing the SAU check
@@ -1711,7 +1711,6 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
*/
ARMCPU *cpu = env_archcpu(env);
bool is_user = regime_is_user(env, mmu_idx);
- uint32_t secure = regime_is_secure(env, mmu_idx);
int n;
int matchregion = -1;
bool hit = false;
@@ -2031,7 +2030,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
}
- ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
+ ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure,
result, fi, NULL);
if (sattrs.subpage) {
result->page_size = 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (18 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
` (43 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_v5.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1a0e708d11..1bef9c6c60 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -410,7 +410,8 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -429,8 +430,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -468,8 +468,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2509,7 +2508,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (19 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
` (42 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_v6.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1bef9c6c60..d424dec729 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -529,7 +529,8 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -552,8 +553,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -606,8 +606,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2505,7 +2504,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
is_secure, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (20 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:16 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
` (41 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_pmsav8.
Since we already had a local variable named secure, use that.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d424dec729..f7892a0c48 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- uint32_t secure = regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs = {};
bool ret;
@@ -2408,7 +2407,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (21 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:17 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
` (40 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from pmsav7_use_background_region.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f7892a0c48..23cfccce6c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1485,7 +1485,7 @@ static bool m_is_system_region(CPUARMState *env, uint32_t address)
}
static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
- bool is_user)
+ bool is_secure, bool is_user)
{
/*
* Return true if we should use the default memory map as a
@@ -1498,8 +1498,7 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
}
if (arm_feature(env, ARM_FEATURE_M)) {
- return env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)]
- & R_V7M_MPU_CTRL_PRIVDEFENA_MASK;
+ return env->v7m.mpu_ctrl[is_secure] & R_V7M_MPU_CTRL_PRIVDEFENA_MASK;
} else {
return regime_sctlr(env, mmu_idx) & SCTLR_BR;
}
@@ -1512,6 +1511,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
{
ARMCPU *cpu = env_archcpu(env);
int n;
+ bool secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
result->phys = address;
@@ -1614,7 +1614,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
}
if (n == -1) { /* no hits */
- if (!pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
+ if (!pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) {
/* background fault */
fi->type = ARMFault_Background;
return true;
@@ -1734,7 +1734,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
} else if (m_is_ppb_region(env, address)) {
hit = true;
} else {
- if (pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
+ if (pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) {
hit = true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (22 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7 Richard Henderson
` (39 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_lpae.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 23cfccce6c..b883826643 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -16,8 +16,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ bool is_secure, bool s1_is_el0,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
@@ -207,8 +207,8 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
GetPhysAddrResult s2 = {};
int ret;
- ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false,
- &s2, fi);
+ ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
+ *is_secure, false, &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
@@ -961,8 +961,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ bool is_secure, bool s1_is_el0,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
/* Read an LPAE long-descriptor translation table. */
@@ -1179,7 +1179,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* remain non-secure. We implement this by just ORing in the NSTable/NS
* bits at each step.
*/
- tableattrs = regime_is_secure(env, mmu_idx) ? 0 : (1 << 4);
+ tableattrs = is_secure ? 0 : (1 << 4);
for (;;) {
uint64_t descriptor;
bool nstable;
@@ -2331,7 +2331,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
memset(result, 0, sizeof(*result));
ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
- is_el0, result, fi);
+ ipa_secure, is_el0, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
@@ -2499,8 +2499,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- result, fi);
+ return get_phys_addr_lpae(env, address, access_type, mmu_idx,
+ is_secure, false, result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
is_secure, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (23 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
` (38 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_pmsav7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b883826643..33fa8f094b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1506,12 +1506,11 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int n;
- bool secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
result->phys = address;
@@ -2411,7 +2410,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (24 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
` (37 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from regime_translation_disabled.
This fixes a bug in S1_ptw_translate and get_phys_addr where we had
passed ARMMMUIdx_Stage2 and not ARMMMUIdx_Stage2_S to determine if
Stage2 is disabled, affecting FEAT_SEL2.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 33fa8f094b..8313a2d74a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -131,12 +131,13 @@ static uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, int ttbrn)
}
/* Return true if the specified stage of address translation is disabled */
-static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
+static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
+ bool is_secure)
{
uint64_t hcr_el2;
if (arm_feature(env, ARM_FEATURE_M)) {
- switch (env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)] &
+ switch (env->v7m.mpu_ctrl[is_secure] &
(R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) {
case R_V7M_MPU_CTRL_ENABLE_MASK:
/* Enabled, but not for HardFault and NMI */
@@ -163,7 +164,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
if (hcr_el2 & HCR_TGE) {
/* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!regime_is_secure(env, mmu_idx) && regime_el(env, mmu_idx) == 1) {
+ if (!is_secure && regime_el(env, mmu_idx) == 1) {
return true;
}
}
@@ -201,7 +202,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo *fi)
{
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, *is_secure)) {
ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
: ARMMMUIdx_Stage2;
GetPhysAddrResult s2 = {};
@@ -1351,9 +1352,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
int n;
uint32_t mask;
uint32_t base;
+ bool is_secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
- if (regime_translation_disabled(env, mmu_idx)) {
+ if (regime_translation_disabled(env, mmu_idx, is_secure)) {
/* MPU disabled. */
result->phys = address;
result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -1517,7 +1519,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
result->page_size = TARGET_PAGE_SIZE;
result->prot = 0;
- if (regime_translation_disabled(env, mmu_idx) ||
+ if (regime_translation_disabled(env, mmu_idx, secure) ||
m_is_ppb_region(env, address)) {
/*
* MPU disabled or M profile PPB access: use default memory map.
@@ -1728,7 +1730,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
* are done in arm_v7m_load_vector(), which always does a direct
* read using address_space_ldl(), rather than going via this function.
*/
- if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
+ if (regime_translation_disabled(env, mmu_idx, secure)) { /* MPU disabled */
hit = true;
} else if (m_is_ppb_region(env, address)) {
hit = true;
@@ -2303,7 +2305,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
/* If S1 fails or S2 is disabled, return early. */
- if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
+ if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
+ is_secure)) {
return ret;
}
@@ -2431,7 +2434,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
- if (regime_translation_disabled(env, mmu_idx)) {
+ if (regime_translation_disabled(env, mmu_idx, is_secure)) {
uint64_t hcr;
uint8_t memattr;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (25 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 28/62] target/arm: Split out get_phys_addr_with_secure Richard Henderson
` (36 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from get_phys_addr_pmsav5.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8313a2d74a..340f73997a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1346,13 +1346,12 @@ do_fault:
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool is_secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
int n;
uint32_t mask;
uint32_t base;
- bool is_secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
@@ -2417,7 +2416,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 28/62] target/arm: Split out get_phys_addr_with_secure
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (26 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
` (35 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Retain the existing get_phys_addr interface using
the security state derived from mmu_idx.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 6 ++++++
target/arm/ptw.c | 21 +++++++++++++++------
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index f75ac2e1b7..81c386ee15 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1136,6 +1136,12 @@ typedef struct GetPhysAddrResult {
ARMCacheAttrs cacheattrs;
} GetPhysAddrResult;
+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ __attribute__((nonnull));
+
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 340f73997a..b25e3a8c87 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2279,12 +2279,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*/
-bool get_phys_addr(CPUARMState *env, target_ulong address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
- bool is_secure = regime_is_secure(env, mmu_idx);
if (mmu_idx != s1_mmu_idx) {
/*
@@ -2300,8 +2300,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
ARMMMUIdx s2_mmu_idx;
bool is_el0;
- ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
- result, fi);
+ ret = get_phys_addr_with_secure(env, address, access_type,
+ s1_mmu_idx, is_secure, result, fi);
/* If S1 fails or S2 is disabled, return early. */
if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
@@ -2511,6 +2511,15 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
}
+bool get_phys_addr(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+{
+ return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
+ regime_is_secure(env, mmu_idx),
+ result, fi);
+}
+
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
MemTxAttrs *attrs)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (27 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 28/62] target/arm: Split out get_phys_addr_with_secure Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-08-10 13:27 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 30/62] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
` (34 subsequent siblings)
63 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from v7m_read_half_insn.
As it happens, both callers pass true, but that is a detail
of v7m_handle_execute_nsc we need not expose to the callee.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/m_helper.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 5ee4ee15b3..203ba411f6 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -1981,7 +1981,7 @@ static bool do_v7m_function_return(ARMCPU *cpu)
return true;
}
-static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
+static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
uint32_t addr, uint16_t *insn)
{
/*
@@ -2003,8 +2003,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo fi = {};
MemTxResult txres;
- v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx,
- regime_is_secure(env, mmu_idx), &sattrs);
+ v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, secure, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
/*
* This must be the second half of the insn, and it straddles a
@@ -2109,7 +2108,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
/* We want to do the MPU lookup as secure; work out what mmu_idx that is */
mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
- if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15], &insn)) {
+ if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15], &insn)) {
return false;
}
@@ -2125,7 +2124,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
goto gen_invep;
}
- if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15] + 2, &insn)) {
+ if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15] + 2, &insn)) {
return false;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 30/62] target/arm: Add TBFLAG_M32.SECURE
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (28 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 31/62] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
` (33 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from arm_tr_init_disas_context.
Instead, provide the value of v8m_secure directly from tb_flags.
Rather than use regime_is_secure, use the env->v7m.secure directly,
as per arm_mmu_idx_el.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/helper.c | 4 ++++
target/arm/translate.c | 3 +--
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4a41b5dcef..919e7c27a3 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3162,6 +3162,8 @@ FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 3, 1) /* Not cached. */
FIELD(TBFLAG_M32, FPCCR_S_WRONG, 4, 1) /* Not cached. */
/* Set if MVE insns are definitely not predicated by VPR or LTPSIZE */
FIELD(TBFLAG_M32, MVE_NO_PRED, 5, 1) /* Not cached. */
+/* Set if in secure mode */
+FIELD(TBFLAG_M32, SECURE, 6, 1)
/*
* Bit usage when in AArch64 state
diff --git a/target/arm/helper.c b/target/arm/helper.c
index fb13e0f4c0..0908c20215 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11281,6 +11281,10 @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
DP_TBFLAG_M32(flags, STACKCHECK, 1);
}
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) && env->v7m.secure) {
+ DP_TBFLAG_M32(flags, SECURE, 1);
+ }
+
return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 6617de775f..540ce84d95 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9359,8 +9359,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->vfp_enabled = 1;
dc->be_data = MO_TE;
dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER);
- dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
- regime_is_secure(env, dc->mmu_idx);
+ dc->v8m_secure = EX_TBFLAG_M32(tb_flags, SECURE);
dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK);
dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG);
dc->v7m_new_fp_ctxt_needed =
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 31/62] target/arm: Merge regime_is_secure into get_phys_addr
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (29 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 30/62] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 32/62] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
` (32 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This is the last use of regime_is_secure; remove it
entirely before changing the layout of ARMMMUIdx.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 42 ----------------------------------------
target/arm/ptw.c | 44 ++++++++++++++++++++++++++++++++++++++++--
2 files changed, 42 insertions(+), 44 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 81c386ee15..d7062c6503 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -676,48 +676,6 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
}
}
-/* Return true if this address translation regime is secure */
-static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
-{
- switch (mmu_idx) {
- case ARMMMUIdx_E10_0:
- case ARMMMUIdx_E10_1:
- case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_E20_0:
- case ARMMMUIdx_E20_2:
- case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_Stage1_E0:
- case ARMMMUIdx_Stage1_E1:
- case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_E2:
- case ARMMMUIdx_Stage2:
- case ARMMMUIdx_MPrivNegPri:
- case ARMMMUIdx_MUserNegPri:
- case ARMMMUIdx_MPriv:
- case ARMMMUIdx_MUser:
- return false;
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_SE2:
- case ARMMMUIdx_Stage2_S:
- case ARMMMUIdx_MSPrivNegPri:
- case ARMMMUIdx_MSUserNegPri:
- case ARMMMUIdx_MSPriv:
- case ARMMMUIdx_MSUser:
- return true;
- default:
- g_assert_not_reached();
- }
-}
-
static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b25e3a8c87..a7c0d616a0 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2515,9 +2515,49 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
+ bool is_secure;
+
+ switch (mmu_idx) {
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_MPrivNegPri:
+ case ARMMMUIdx_MUserNegPri:
+ case ARMMMUIdx_MPriv:
+ case ARMMMUIdx_MUser:
+ is_secure = false;
+ break;
+ case ARMMMUIdx_SE3:
+ case ARMMMUIdx_SE10_0:
+ case ARMMMUIdx_SE10_1:
+ case ARMMMUIdx_SE10_1_PAN:
+ case ARMMMUIdx_SE20_0:
+ case ARMMMUIdx_SE20_2:
+ case ARMMMUIdx_SE20_2_PAN:
+ case ARMMMUIdx_Stage1_SE0:
+ case ARMMMUIdx_Stage1_SE1:
+ case ARMMMUIdx_Stage1_SE1_PAN:
+ case ARMMMUIdx_SE2:
+ case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_MSPrivNegPri:
+ case ARMMMUIdx_MSUserNegPri:
+ case ARMMMUIdx_MSPriv:
+ case ARMMMUIdx_MSUser:
+ is_secure = true;
+ break;
+ default:
+ g_assert_not_reached();
+ }
return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
- regime_is_secure(env, mmu_idx),
- result, fi);
+ is_secure, result, fi);
}
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 32/62] target/arm: Add is_secure parameter to do_ats_write
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (30 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 31/62] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 33/62] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
` (31 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use get_phys_addr_with_secure directly. This is the one place
where the value of is_secure may not equal arm_is_secure(env).
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0908c20215..e98fc75646 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3171,7 +3171,8 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
#ifdef CONFIG_TCG
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
- MMUAccessType access_type, ARMMMUIdx mmu_idx)
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure)
{
bool ret;
uint64_t par64;
@@ -3179,7 +3180,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
- ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
+ ret = get_phys_addr_with_secure(env, value, access_type, mmu_idx,
+ is_secure, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
@@ -3351,6 +3353,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_SE3;
+ secure = true;
break;
case 2:
g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
@@ -3372,6 +3375,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_SE10_0;
+ secure = true;
break;
case 2:
g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
@@ -3387,16 +3391,18 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
case 4:
/* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
mmu_idx = ARMMMUIdx_E10_1;
+ secure = false;
break;
case 6:
/* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
mmu_idx = ARMMMUIdx_E10_0;
+ secure = false;
break;
default:
g_assert_not_reached();
}
- par64 = do_ats_write(env, value, access_type, mmu_idx);
+ par64 = do_ats_write(env, value, access_type, mmu_idx, secure);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3412,7 +3418,8 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
uint64_t par64;
- par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2);
+ /* There is no SecureEL2 for AArch32. */
+ par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3455,6 +3462,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_SE3;
+ secure = true;
break;
default:
g_assert_not_reached();
@@ -3473,7 +3481,8 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
g_assert_not_reached();
}
- env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx);
+ env->cp15.par_el[1] = do_ats_write(env, value, access_type,
+ mmu_idx, secure);
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 33/62] target/arm: Fold secure and non-secure a-profile mmu indexes
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (31 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 32/62] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 34/62] target/arm: Reorg regime_translation_disabled Richard Henderson
` (30 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
For a-profile, which does not bank system registers, it takes
quite a lot of code to switch between security states. In the
process, registers such as TCR_EL{1,2} must be swapped, which in
itself requires the flushing of softmmu tlbs. Therefore it
doesn't buy us anything to separate tlbs by security state.
Retain the distinction between Stage2 and Stage2_S.
This will be important as we implement FEAT_RME, and do not
wish to add a third set of mmu indexes for Realm state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 69 +++++++-----------
target/arm/internals.h | 31 +-------
target/arm/helper.c | 144 +++++++++++++------------------------
target/arm/ptw.c | 25 ++-----
target/arm/translate-a64.c | 8 ---
target/arm/translate.c | 6 +-
7 files changed, 83 insertions(+), 202 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index a14f167d11..6f702f58d9 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -40,6 +40,6 @@ struct PageEntryExtra {
};
#endif
-#define NB_MMU_MODES 15
+#define NB_MMU_MODES 8
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 919e7c27a3..04423f8d6c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2848,26 +2848,26 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
* table over and over.
* 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access
* Never (PAN) bit within PSTATE.
+ * 7. we fold together the secure and non-secure regimes for A-profile,
+ * because there are no banked system registers, so the process of
+ * switching between secure and non-secure is already heavyweight.
*
* This gives us the following list of cases:
*
- * NS EL0 EL1&0 stage 1+2 (aka NS PL0)
- * NS EL1 EL1&0 stage 1+2 (aka NS PL1)
- * NS EL1 EL1&0 stage 1+2 +PAN
- * NS EL0 EL2&0
- * NS EL2 EL2&0
- * NS EL2 EL2&0 +PAN
- * NS EL2 (aka NS PL2)
- * S EL0 EL1&0 (aka S PL0)
- * S EL1 EL1&0 (not used if EL3 is 32 bit)
- * S EL1 EL1&0 +PAN
- * S EL3 (aka S PL1)
+ * EL0 EL1&0 stage 1+2 (aka NS PL0)
+ * EL1 EL1&0 stage 1+2 (aka NS PL1)
+ * EL1 EL1&0 stage 1+2 +PAN
+ * EL0 EL2&0
+ * EL2 EL2&0
+ * EL2 EL2&0 +PAN
+ * EL2 (aka NS PL2)
+ * EL3 (aka S PL1)
*
* for a total of 11 different mmu_idx.
*
* R profile CPUs have an MPU, but can use the same set of MMU indexes
- * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
- * NS EL2 if we ever model a Cortex-R52).
+ * as A profile. They only need to distinguish EL0 and EL1 (and
+ * EL2 if we ever model a Cortex-R52).
*
* M profile CPUs are rather different as they do not have a true MMU.
* They have the following different MMU indexes:
@@ -2906,9 +2906,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */
#define ARM_MMU_IDX_M 0x40 /* M profile */
-/* Meanings of the bits for A profile mmu idx values */
-#define ARM_MMU_IDX_A_NS 0x8
-
/* Meanings of the bits for M profile mmu idx values */
#define ARM_MMU_IDX_M_PRIV 0x1
#define ARM_MMU_IDX_M_NEGPRI 0x2
@@ -2922,22 +2919,14 @@ typedef enum ARMMMUIdx {
/*
* A-profile.
*/
- ARMMMUIdx_SE10_0 = 0 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_0 = 1 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE10_1 = 2 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_2 = 3 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE10_1_PAN = 4 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_2_PAN = 5 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE2 = 6 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE3 = 7 | ARM_MMU_IDX_A,
-
- ARMMMUIdx_E10_0 = ARMMMUIdx_SE10_0 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_0 = ARMMMUIdx_SE20_0 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E10_1 = ARMMMUIdx_SE10_1 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_2 = ARMMMUIdx_SE20_2 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E10_1_PAN = ARMMMUIdx_SE10_1_PAN | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_2_PAN = ARMMMUIdx_SE20_2_PAN | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E2 = ARMMMUIdx_SE2 | ARM_MMU_IDX_A_NS,
+ ARMMMUIdx_E10_0 = 0 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_0 = 1 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E10_1 = 2 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_2 = 3 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E10_1_PAN = 4 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_2_PAN = 5 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
/*
* These are not allocated TLBs and are used only for AT system
@@ -2946,9 +2935,6 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE0 = 3 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE1 = 4 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE1_PAN = 5 | ARM_MMU_IDX_NOTLB,
/*
* Not allocated a TLB: used only for second stage of an S12 page
* table walk, or for descriptor loads during first stage of an S1
@@ -2956,8 +2942,8 @@ typedef enum ARMMMUIdx {
* then various TLB flush insns which currently are no-ops or flush
* only stage 1 MMU indexes will need to change to flush stage 2.
*/
- ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage2_S = 7 | ARM_MMU_IDX_NOTLB,
+ ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB,
+ ARMMMUIdx_Stage2_S = 4 | ARM_MMU_IDX_NOTLB,
/*
* M-profile.
@@ -2987,14 +2973,7 @@ typedef enum ARMMMUIdxBit {
TO_CORE_BIT(E2),
TO_CORE_BIT(E20_2),
TO_CORE_BIT(E20_2_PAN),
- TO_CORE_BIT(SE10_0),
- TO_CORE_BIT(SE20_0),
- TO_CORE_BIT(SE10_1),
- TO_CORE_BIT(SE20_2),
- TO_CORE_BIT(SE10_1_PAN),
- TO_CORE_BIT(SE20_2_PAN),
- TO_CORE_BIT(SE2),
- TO_CORE_BIT(SE3),
+ TO_CORE_BIT(E3),
TO_CORE_BIT(MUser),
TO_CORE_BIT(MPriv),
diff --git a/target/arm/internals.h b/target/arm/internals.h
index d7062c6503..1bbe4d950e 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -655,21 +655,12 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return true;
default:
return false;
@@ -680,11 +671,8 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE1_PAN:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_2_PAN:
return true;
default:
return false;
@@ -695,30 +683,20 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
- case ARMMMUIdx_SE2:
case ARMMMUIdx_E2:
return 2;
- case ARMMMUIdx_SE3:
+ case ARMMMUIdx_E3:
return 3;
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_Stage1_SE0:
- return arm_el_is_aa64(env, 3) ? 1 : 3;
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
+ case ARMMMUIdx_E10_0:
case ARMMMUIdx_Stage1_E0:
+ return arm_el_is_aa64(env, 3) || !arm_is_secure_below_el3(env) ? 1 : 3;
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_MPrivNegPri:
@@ -944,9 +922,6 @@ static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx mmu_idx)
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
return true;
default:
return false;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e98fc75646..7d9d4a9ad9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1737,6 +1737,7 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* Begin with base v8.0 state. */
uint32_t valid_mask = 0x3fff;
ARMCPU *cpu = env_archcpu(env);
+ uint64_t changed;
/*
* Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
@@ -1796,7 +1797,22 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* Clear all-context RES0 bits. */
value &= valid_mask;
- raw_write(env, ri, value);
+ changed = env->cp15.scr_el3 ^ value;
+ env->cp15.scr_el3 = value;
+
+ /*
+ * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
+ * we must invalidate all TLBs below EL3.
+ */
+ if (changed & SCR_NS) {
+ tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
+ ARMMMUIdxBit_E20_0 |
+ ARMMMUIdxBit_E10_1 |
+ ARMMMUIdxBit_E20_2 |
+ ARMMMUIdxBit_E10_1_PAN |
+ ARMMMUIdxBit_E20_2_PAN |
+ ARMMMUIdxBit_E2));
+ }
}
static void scr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -2627,9 +2643,6 @@ static int gt_phys_redir_timeridx(CPUARMState *env)
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return GTIMER_HYP;
default:
return GTIMER_PHYS;
@@ -2642,9 +2655,6 @@ static int gt_virt_redir_timeridx(CPUARMState *env)
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return GTIMER_HYPVIRT;
default:
return GTIMER_VIRT;
@@ -3352,7 +3362,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* stage 1 current state PL1: ATS1CPR, ATS1CPW, ATS1CPRP, ATS1CPWP */
switch (el) {
case 3:
- mmu_idx = ARMMMUIdx_SE3;
+ mmu_idx = ARMMMUIdx_E3;
secure = true;
break;
case 2:
@@ -3360,10 +3370,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* fall through */
case 1:
if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) {
- mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
- : ARMMMUIdx_Stage1_E1_PAN);
+ mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
} else {
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
+ mmu_idx = ARMMMUIdx_Stage1_E1;
}
break;
default:
@@ -3374,7 +3383,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* stage 1 current state PL0: ATS1CUR, ATS1CUW */
switch (el) {
case 3:
- mmu_idx = ARMMMUIdx_SE10_0;
+ mmu_idx = ARMMMUIdx_E10_0;
secure = true;
break;
case 2:
@@ -3382,7 +3391,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 1:
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
+ mmu_idx = ARMMMUIdx_Stage1_E0;
break;
default:
g_assert_not_reached();
@@ -3451,17 +3460,16 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
switch (ri->opc1) {
case 0: /* AT S1E1R, AT S1E1W, AT S1E1RP, AT S1E1WP */
if (ri->crm == 9 && (env->pstate & PSTATE_PAN)) {
- mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
- : ARMMMUIdx_Stage1_E1_PAN);
+ mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
} else {
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
+ mmu_idx = ARMMMUIdx_Stage1_E1;
}
break;
case 4: /* AT S1E2R, AT S1E2W */
- mmu_idx = secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2;
+ mmu_idx = ARMMMUIdx_E2;
break;
case 6: /* AT S1E3R, AT S1E3W */
- mmu_idx = ARMMMUIdx_SE3;
+ mmu_idx = ARMMMUIdx_E3;
secure = true;
break;
default:
@@ -3469,13 +3477,13 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
}
break;
case 2: /* AT S1E0R, AT S1E0W */
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
+ mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 4: /* AT S12E1R, AT S12E1W */
- mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_E10_1;
+ mmu_idx = ARMMMUIdx_E10_1;
break;
case 6: /* AT S12E0R, AT S12E0W */
- mmu_idx = secure ? ARMMMUIdx_SE10_0 : ARMMMUIdx_E10_0;
+ mmu_idx = ARMMMUIdx_E10_0;
break;
default:
g_assert_not_reached();
@@ -3775,11 +3783,6 @@ static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint16_t mask = ARMMMUIdxBit_E20_2 |
ARMMMUIdxBit_E20_2_PAN |
ARMMMUIdxBit_E20_0;
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
tlb_flush_by_mmuidx(env_cpu(env), mask);
}
raw_write(env, ri, value);
@@ -3799,11 +3802,6 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint16_t mask = ARMMMUIdxBit_E10_1 |
ARMMMUIdxBit_E10_1_PAN |
ARMMMUIdxBit_E10_0;
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
tlb_flush_by_mmuidx(cs, mask);
raw_write(env, ri, value);
}
@@ -4274,11 +4272,6 @@ static int vae1_tlbmask(CPUARMState *env)
ARMMMUIdxBit_E10_1_PAN |
ARMMMUIdxBit_E10_0;
}
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
return mask;
}
@@ -4305,10 +4298,6 @@ static int vae1_tlbbits(CPUARMState *env, uint64_t addr)
mmu_idx = ARMMMUIdx_E10_0;
}
- if (arm_is_secure_below_el3(env)) {
- mmu_idx &= ~ARM_MMU_IDX_A_NS;
- }
-
return tlbbits_for_regime(env, mmu_idx, addr);
}
@@ -4341,30 +4330,17 @@ static int alle1_tlbmask(CPUARMState *env)
* stage 2 translations, whereas most other scopes only invalidate
* stage 1 translations.
*/
- if (arm_is_secure_below_el3(env)) {
- return ARMMMUIdxBit_SE10_1 |
- ARMMMUIdxBit_SE10_1_PAN |
- ARMMMUIdxBit_SE10_0;
- } else {
- return ARMMMUIdxBit_E10_1 |
- ARMMMUIdxBit_E10_1_PAN |
- ARMMMUIdxBit_E10_0;
- }
+ return (ARMMMUIdxBit_E10_1 |
+ ARMMMUIdxBit_E10_1_PAN |
+ ARMMMUIdxBit_E10_0);
}
static int e2_tlbmask(CPUARMState *env)
{
- if (arm_is_secure_below_el3(env)) {
- return ARMMMUIdxBit_SE20_0 |
- ARMMMUIdxBit_SE20_2 |
- ARMMMUIdxBit_SE20_2_PAN |
- ARMMMUIdxBit_SE2;
- } else {
- return ARMMMUIdxBit_E20_0 |
- ARMMMUIdxBit_E20_2 |
- ARMMMUIdxBit_E20_2_PAN |
- ARMMMUIdxBit_E2;
- }
+ return (ARMMMUIdxBit_E20_0 |
+ ARMMMUIdxBit_E20_2 |
+ ARMMMUIdxBit_E20_2_PAN |
+ ARMMMUIdxBit_E2);
}
static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4391,7 +4367,7 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
ARMCPU *cpu = env_archcpu(env);
CPUState *cs = CPU(cpu);
- tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_SE3);
+ tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4417,7 +4393,7 @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
- tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_SE3);
+ tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4445,7 +4421,7 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
CPUState *cs = CPU(cpu);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_SE3);
+ tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4484,12 +4460,10 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- bool secure = arm_is_secure_below_el3(env);
- int mask = secure ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2;
- int bits = tlbbits_for_regime(env, secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2,
- pageaddr);
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr);
- tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
+ ARMMMUIdxBit_E2, bits);
}
static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4497,10 +4471,10 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- int bits = tlbbits_for_regime(env, ARMMMUIdx_SE3, pageaddr);
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_E3, pageaddr);
tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
- ARMMMUIdxBit_SE3, bits);
+ ARMMMUIdxBit_E3, bits);
}
#ifdef TARGET_AARCH64
@@ -4606,8 +4580,7 @@ static void tlbi_aa64_rvae1is_write(CPUARMState *env,
static int vae2_tlbmask(CPUARMState *env)
{
- return (arm_is_secure_below_el3(env)
- ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2);
+ return ARMMMUIdxBit_E2;
}
static void tlbi_aa64_rvae2_write(CPUARMState *env,
@@ -4653,8 +4626,7 @@ static void tlbi_aa64_rvae3_write(CPUARMState *env,
* flush-last-level-only.
*/
- do_rvae_write(env, value, ARMMMUIdxBit_SE3,
- tlb_force_broadcast(env));
+ do_rvae_write(env, value, ARMMMUIdxBit_E3, tlb_force_broadcast(env));
}
static void tlbi_aa64_rvae3is_write(CPUARMState *env,
@@ -4668,7 +4640,7 @@ static void tlbi_aa64_rvae3is_write(CPUARMState *env,
* flush-last-level-only or inner/outer specific flushes.
*/
- do_rvae_write(env, value, ARMMMUIdxBit_SE3, true);
+ do_rvae_write(env, value, ARMMMUIdxBit_E3, true);
}
#endif
@@ -10604,8 +10576,7 @@ uint64_t arm_sctlr(CPUARMState *env, int el)
/* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
if (el == 0) {
ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
- el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0)
- ? 2 : 1;
+ el = mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1;
}
return env->cp15.sctlr_el[el];
}
@@ -11149,22 +11120,15 @@ int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
switch (mmu_idx) {
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E20_0:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE20_0:
return 0;
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
return 1;
case ARMMMUIdx_E2:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE2:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return 2;
- case ARMMMUIdx_SE3:
+ case ARMMMUIdx_E3:
return 3;
default:
g_assert_not_reached();
@@ -11217,15 +11181,11 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
}
break;
case 3:
- return ARMMMUIdx_SE3;
+ return ARMMMUIdx_E3;
default:
g_assert_not_reached();
}
- if (arm_is_secure_below_el3(env)) {
- idx &= ~ARM_MMU_IDX_A_NS;
- }
-
return idx;
}
@@ -11407,15 +11367,11 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
switch (mmu_idx) {
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
/* TODO: ARMv8.3-NV */
DP_TBFLAG_A64(flags, UNPRIV, 1);
break;
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
/*
* Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is
* gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a7c0d616a0..1fb4d44600 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -65,12 +65,6 @@ unsigned int arm_pamax(ARMCPU *cpu)
ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE10_0:
- return ARMMMUIdx_Stage1_SE0;
- case ARMMMUIdx_SE10_1:
- return ARMMMUIdx_Stage1_SE1;
- case ARMMMUIdx_SE10_1_PAN:
- return ARMMMUIdx_Stage1_SE1_PAN;
case ARMMMUIdx_E10_0:
return ARMMMUIdx_Stage1_E0;
case ARMMMUIdx_E10_1:
@@ -95,11 +89,8 @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE10_0:
case ARMMMUIdx_E20_0:
- case ARMMMUIdx_SE20_0:
case ARMMMUIdx_Stage1_E0:
- case ARMMMUIdx_Stage1_SE0:
case ARMMMUIdx_MUser:
case ARMMMUIdx_MSUser:
case ARMMMUIdx_MUserNegPri:
@@ -2320,7 +2311,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
- is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
+ is_el0 = mmu_idx == ARMMMUIdx_E10_0;
/*
* S1 is done, now do S2 translation.
@@ -2528,6 +2519,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
case ARMMMUIdx_E2:
+ is_secure = arm_is_secure_below_el3(env);
+ break;
case ARMMMUIdx_Stage2:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
@@ -2535,17 +2528,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_MUser:
is_secure = false;
break;
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_SE2:
+ case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 57f492ccef..ff14c90997 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -111,14 +111,6 @@ static int get_a64_user_mem_index(DisasContext *s)
case ARMMMUIdx_E20_2_PAN:
useridx = ARMMMUIdx_E20_0;
break;
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- useridx = ARMMMUIdx_SE10_0;
- break;
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- useridx = ARMMMUIdx_SE20_0;
- break;
default:
g_assert_not_reached();
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 540ce84d95..f6e61dffe9 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -237,16 +237,12 @@ static inline int get_a32_user_mem_index(DisasContext *s)
* otherwise, access as if at PL0.
*/
switch (s->mmu_idx) {
+ case ARMMMUIdx_E3:
case ARMMMUIdx_E2: /* this one is UNPREDICTABLE */
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
return arm_to_core_mmu_idx(ARMMMUIdx_E10_0);
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- return arm_to_core_mmu_idx(ARMMMUIdx_SE10_0);
case ARMMMUIdx_MUser:
case ARMMMUIdx_MPriv:
return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 34/62] target/arm: Reorg regime_translation_disabled
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (32 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 33/62] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 35/62] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
` (29 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use a switch on mmu_idx for the a-profile indexes, instead of
three different if's vs regime_el and arm_mmu_idx_is_stage1_of_2.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1fb4d44600..8b80716e38 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -148,21 +148,39 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
hcr_el2 = arm_hcr_el2_eff(env);
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Stage2_S:
/* HCR.DC means HCR.VM behaves as 1 */
return (hcr_el2 & (HCR_DC | HCR_VM)) == 0;
- }
- if (hcr_el2 & HCR_TGE) {
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
/* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!is_secure && regime_el(env, mmu_idx) == 1) {
+ if (!is_secure && (hcr_el2 & HCR_TGE)) {
return true;
}
- }
+ break;
- if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) {
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
/* HCR.DC means SCTLR_EL1.M behaves as 0 */
- return true;
+ if (hcr_el2 & HCR_DC) {
+ return true;
+ }
+ break;
+
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E3:
+ break;
+
+ default:
+ g_assert_not_reached();
}
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 35/62] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (33 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 34/62] target/arm: Reorg regime_translation_disabled Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 36/62] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
` (28 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The effect of TGE does not only apply to non-secure state,
now that Secure EL2 exists.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8b80716e38..f76a8e931a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -157,8 +157,8 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!is_secure && (hcr_el2 & HCR_TGE)) {
+ /* TGE means that EL0/1 act as if SCTLR_EL1.M is zero */
+ if (hcr_el2 & HCR_TGE) {
return true;
}
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 36/62] target/arm: Introduce arm_hcr_el2_eff_secstate
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (34 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 35/62] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 37/62] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
` (27 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
For page walking, we may require HCR for a security state
that is not "current".
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 20 +++++++++++++-------
target/arm/helper.c | 11 ++++++++---
2 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 04423f8d6c..dd577a08bc 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2376,15 +2376,15 @@ static inline bool arm_is_secure(CPUARMState *env)
* Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
* This corresponds to the pseudocode EL2Enabled()
*/
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+{
+ return (arm_feature(env, ARM_FEATURE_EL2)
+ && (!secure || (env->cp15.scr_el3 & SCR_EEL2)));
+}
+
static inline bool arm_is_el2_enabled(CPUARMState *env)
{
- if (arm_feature(env, ARM_FEATURE_EL2)) {
- if (arm_is_secure_below_el3(env)) {
- return (env->cp15.scr_el3 & SCR_EEL2) != 0;
- }
- return true;
- }
- return false;
+ return arm_is_el2_enabled_secstate(env, arm_is_secure_below_el3(env));
}
#else
@@ -2398,6 +2398,11 @@ static inline bool arm_is_secure(CPUARMState *env)
return false;
}
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+{
+ return false;
+}
+
static inline bool arm_is_el2_enabled(CPUARMState *env)
{
return false;
@@ -2410,6 +2415,7 @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
* "for all purposes other than a direct read or write access of HCR_EL2."
* Not included here is HCR_RW.
*/
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure);
uint64_t arm_hcr_el2_eff(CPUARMState *env);
uint64_t arm_hcrx_el2_eff(CPUARMState *env);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7d9d4a9ad9..176be48c46 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5197,15 +5197,15 @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri,
}
/*
- * Return the effective value of HCR_EL2.
+ * Return the effective value of HCR_EL2, at the given security state.
* Bits that are not included here:
* RW (read from SCR_EL3.RW as needed)
*/
-uint64_t arm_hcr_el2_eff(CPUARMState *env)
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure)
{
uint64_t ret = env->cp15.hcr_el2;
- if (!arm_is_el2_enabled(env)) {
+ if (!arm_is_el2_enabled_secstate(env, secure)) {
/*
* "This register has no effect if EL2 is not enabled in the
* current Security state". This is ARMv8.4-SecEL2 speak for
@@ -5264,6 +5264,11 @@ uint64_t arm_hcr_el2_eff(CPUARMState *env)
return ret;
}
+uint64_t arm_hcr_el2_eff(CPUARMState *env)
+{
+ return arm_hcr_el2_eff_secstate(env, arm_is_secure_below_el3(env));
+}
+
/*
* Corresponds to ARM pseudocode function ELIsInHost().
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 37/62] target/arm: Hoist read of *is_secure in S1_ptw_translate
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (35 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 36/62] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 38/62] target/arm: Fix S2 disabled check " Richard Henderson
` (26 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Rename the argument to is_secure_ptr, and introduce a
local variable is_secure with the value. We only write
back to the pointer toward the end of the function.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f76a8e931a..12288ac365 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -207,24 +207,26 @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
/* Translate a S1 pagetable walk through S2 if needed. */
static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
- hwaddr addr, bool *is_secure,
+ hwaddr addr, bool *is_secure_ptr,
ARMMMUFaultInfo *fi)
{
+ bool is_secure = *is_secure_ptr;
+
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, *is_secure)) {
- ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
- : ARMMMUIdx_Stage2;
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
+ ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S
+ : ARMMMUIdx_Stage2;
GetPhysAddrResult s2 = {};
int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
- *is_secure, false, &s2, fi);
+ is_secure, false, &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !*is_secure;
+ fi->s1ns = !is_secure;
return ~0;
}
if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
@@ -237,19 +239,20 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !*is_secure;
+ fi->s1ns = !is_secure;
return ~0;
}
if (arm_is_secure_below_el3(env)) {
/* Check if page table walk is to secure or non-secure PA space. */
- if (*is_secure) {
- *is_secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
+ if (is_secure) {
+ is_secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
} else {
- *is_secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
+ is_secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
}
+ *is_secure_ptr = is_secure;
} else {
- assert(!*is_secure);
+ assert(!is_secure);
}
addr = s2.phys;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 38/62] target/arm: Fix S2 disabled check in S1_ptw_translate
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (36 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 37/62] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 39/62] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
` (25 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Pass the correct stage2 mmu_idx to regime_translation_disabled,
which we computed afterward.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 12288ac365..12b6c2c98b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -211,11 +211,10 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
+ ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
- ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S
- : ARMMMUIdx_Stage2;
+ !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
GetPhysAddrResult s2 = {};
int ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 39/62] target/arm: Remove env argument from combined_attrs_fwb
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (37 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 38/62] target/arm: Fix S2 disabled check " Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 40/62] target/arm: Pass HCR to attribute subroutines Richard Henderson
` (24 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This value is unused.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 12b6c2c98b..93c533e60d 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2168,8 +2168,7 @@ static uint8_t force_cacheattr_nibble_wb(uint8_t attr)
* s1 and s2 for the HCR_EL2.FWB == 1 case, returning the
* combined attributes in MAIR_EL1 format.
*/
-static uint8_t combined_attrs_fwb(CPUARMState *env,
- ARMCacheAttrs s1, ARMCacheAttrs s2)
+static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
{
switch (s2.attrs) {
case 7:
@@ -2242,7 +2241,7 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
/* Combine memory type and cacheability attributes */
if (arm_hcr_el2_eff(env) & HCR_FWB) {
- ret.attrs = combined_attrs_fwb(env, s1, s2);
+ ret.attrs = combined_attrs_fwb(s1, s2);
} else {
ret.attrs = combined_attrs_nofwb(env, s1, s2);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 40/62] target/arm: Pass HCR to attribute subroutines.
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (38 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 39/62] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 41/62] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
` (23 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
These subroutines did not need ENV for anything except
retrieving the effective value of HCR anyway.
We have computed the effective value of HCR in the callers,
and this will be especially important for interpreting HCR
in a non-current security state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 93c533e60d..a760ab86c5 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -186,7 +186,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
-static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
+static bool ptw_attrs_are_device(uint64_t hcr, ARMCacheAttrs cacheattrs)
{
/*
* For an S1 page table walk, the stage 1 attributes are always
@@ -198,7 +198,7 @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
* when cacheattrs.attrs bit [2] is 0.
*/
assert(cacheattrs.is_s2_format);
- if (arm_hcr_el2_eff(env) & HCR_FWB) {
+ if (hcr & HCR_FWB) {
return (cacheattrs.attrs & 0x4) == 0;
} else {
return (cacheattrs.attrs & 0xc) == 0;
@@ -216,6 +216,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
!regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
GetPhysAddrResult s2 = {};
+ uint64_t hcr;
int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
@@ -228,8 +229,9 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->s1ns = !is_secure;
return ~0;
}
- if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
- ptw_attrs_are_device(env, s2.cacheattrs)) {
+
+ hcr = arm_hcr_el2_eff(env);
+ if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -2055,14 +2057,14 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* ref: shared/translation/attrs/S2AttrDecode()
* .../S2ConvertAttrsHints()
*/
-static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs)
+static uint8_t convert_stage2_attrs(uint64_t hcr, uint8_t s2attrs)
{
uint8_t hiattr = extract32(s2attrs, 2, 2);
uint8_t loattr = extract32(s2attrs, 0, 2);
uint8_t hihint = 0, lohint = 0;
if (hiattr != 0) { /* normal memory */
- if (arm_hcr_el2_eff(env) & HCR_CD) { /* cache disabled */
+ if (hcr & HCR_CD) { /* cache disabled */
hiattr = loattr = 1; /* non-cacheable */
} else {
if (hiattr != 1) { /* Write-through or write-back */
@@ -2108,12 +2110,12 @@ static uint8_t combine_cacheattr_nibble(uint8_t s1, uint8_t s2)
* s1 and s2 for the HCR_EL2.FWB == 0 case, returning the
* combined attributes in MAIR_EL1 format.
*/
-static uint8_t combined_attrs_nofwb(CPUARMState *env,
+static uint8_t combined_attrs_nofwb(uint64_t hcr,
ARMCacheAttrs s1, ARMCacheAttrs s2)
{
uint8_t s1lo, s2lo, s1hi, s2hi, s2_mair_attrs, ret_attrs;
- s2_mair_attrs = convert_stage2_attrs(env, s2.attrs);
+ s2_mair_attrs = convert_stage2_attrs(hcr, s2.attrs);
s1lo = extract32(s1.attrs, 0, 4);
s2lo = extract32(s2_mair_attrs, 0, 4);
@@ -2213,7 +2215,7 @@ static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
* @s1: Attributes from stage 1 walk
* @s2: Attributes from stage 2 walk
*/
-static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
+static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
ARMCacheAttrs s1, ARMCacheAttrs s2)
{
ARMCacheAttrs ret;
@@ -2240,10 +2242,10 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
}
/* Combine memory type and cacheability attributes */
- if (arm_hcr_el2_eff(env) & HCR_FWB) {
+ if (hcr & HCR_FWB) {
ret.attrs = combined_attrs_fwb(s1, s2);
} else {
- ret.attrs = combined_attrs_nofwb(env, s1, s2);
+ ret.attrs = combined_attrs_nofwb(hcr, s1, s2);
}
/*
@@ -2309,6 +2311,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
bool is_el0;
+ uint64_t hcr;
ret = get_phys_addr_with_secure(env, address, access_type,
s1_mmu_idx, is_secure, result, fi);
@@ -2354,7 +2357,8 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
/* Combine the S1 and S2 cache attributes. */
- if (arm_hcr_el2_eff(env) & HCR_DC) {
+ hcr = arm_hcr_el2_eff(env);
+ if (hcr & HCR_DC) {
/*
* HCR.DC forces the first stage attributes to
* Normal Non-Shareable,
@@ -2367,7 +2371,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
cacheattrs1.shareability = 0;
}
- result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
+ result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 41/62] target/arm: Fix ATS12NSO* from S PL1
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (39 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 40/62] target/arm: Pass HCR to attribute subroutines Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 42/62] target/arm: Split out get_phys_addr_disabled Richard Henderson
` (22 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This has been broken since arm_hcr_el2_eff gained a check for
"el2 enabled" for Secure EL2.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a760ab86c5..43a82c3c7f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -146,7 +146,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
- hcr_el2 = arm_hcr_el2_eff(env);
+ hcr_el2 = arm_hcr_el2_eff_secstate(env, is_secure);
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
@@ -230,7 +230,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return ~0;
}
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
@@ -2357,7 +2357,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
/* Combine the S1 and S2 cache attributes. */
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
if (hcr & HCR_DC) {
/*
* HCR.DC forces the first stage attributes to
@@ -2490,7 +2490,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
result->page_size = TARGET_PAGE_SIZE;
/* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
result->cacheattrs.shareability = 0;
result->cacheattrs.is_s2_format = false;
if (hcr & HCR_DC) {
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 42/62] target/arm: Split out get_phys_addr_disabled
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (40 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 41/62] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
@ 2022-07-03 8:23 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 43/62] target/arm: Reorg get_phys_addr_disabled Richard Henderson
` (21 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 138 +++++++++++++++++++++++++----------------------
1 file changed, 74 insertions(+), 64 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 43a82c3c7f..0f4b9b0166 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2268,6 +2268,78 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
return ret;
}
+/*
+ * MMU disabled. S1 addresses within aa64 translation regimes are
+ * still checked for bounds -- see AArch64.S1DisabledOutput().
+ */
+static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
+{
+ uint64_t hcr;
+ uint8_t memattr;
+
+ if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
+ int r_el = regime_el(env, mmu_idx);
+ if (arm_el_is_aa64(env, r_el)) {
+ int pamax = arm_pamax(env_archcpu(env));
+ uint64_t tcr = env->cp15.tcr_el[r_el].raw_tcr;
+ int addrtop, tbi;
+
+ tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
+ if (access_type == MMU_INST_FETCH) {
+ tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ }
+ tbi = (tbi >> extract64(address, 55, 1)) & 1;
+ addrtop = (tbi ? 55 : 63);
+
+ if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
+ fi->type = ARMFault_AddressSize;
+ fi->level = 0;
+ fi->stage2 = false;
+ return 1;
+ }
+
+ /*
+ * When TBI is disabled, we've just validated that all of the
+ * bits above PAMax are zero, so logically we only need to
+ * clear the top byte for TBI. But it's clearer to follow
+ * the pseudocode set of addrdesc.paddress.
+ */
+ address = extract64(address, 0, 52);
+ }
+ }
+
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->page_size = TARGET_PAGE_SIZE;
+
+ /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ result->cacheattrs.shareability = 0;
+ result->cacheattrs.is_s2_format = false;
+ if (hcr & HCR_DC) {
+ if (hcr & HCR_DCT) {
+ memattr = 0xf0; /* Tagged, Normal, WB, RWA */
+ } else {
+ memattr = 0xff; /* Normal, WB, RWA */
+ }
+ } else if (access_type == MMU_INST_FETCH) {
+ if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
+ memattr = 0xee; /* Normal, WT, RA, NT */
+ } else {
+ memattr = 0x44; /* Normal, NC, No */
+ }
+ result->cacheattrs.shareability = 2; /* outer sharable */
+ } else {
+ memattr = 0x00; /* Device, nGnRnE */
+ }
+ result->cacheattrs.attrs = memattr;
+ return 0;
+}
+
/**
* get_phys_addr - get the physical address for this virtual address
*
@@ -2448,71 +2520,9 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
- uint64_t hcr;
- uint8_t memattr;
-
- /*
- * MMU disabled. S1 addresses within aa64 translation regimes are
- * still checked for bounds -- see AArch64.TranslateAddressS1Off.
- */
- if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
- int r_el = regime_el(env, mmu_idx);
- if (arm_el_is_aa64(env, r_el)) {
- int pamax = arm_pamax(env_archcpu(env));
- uint64_t tcr = env->cp15.tcr_el[r_el].raw_tcr;
- int addrtop, tbi;
-
- tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
- if (access_type == MMU_INST_FETCH) {
- tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
- }
- tbi = (tbi >> extract64(address, 55, 1)) & 1;
- addrtop = (tbi ? 55 : 63);
-
- if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
- fi->type = ARMFault_AddressSize;
- fi->level = 0;
- fi->stage2 = false;
- return 1;
- }
-
- /*
- * When TBI is disabled, we've just validated that all of the
- * bits above PAMax are zero, so logically we only need to
- * clear the top byte for TBI. But it's clearer to follow
- * the pseudocode set of addrdesc.paddress.
- */
- address = extract64(address, 0, 52);
- }
- }
- result->phys = address;
- result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
- result->page_size = TARGET_PAGE_SIZE;
-
- /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- result->cacheattrs.shareability = 0;
- result->cacheattrs.is_s2_format = false;
- if (hcr & HCR_DC) {
- if (hcr & HCR_DCT) {
- memattr = 0xf0; /* Tagged, Normal, WB, RWA */
- } else {
- memattr = 0xff; /* Normal, WB, RWA */
- }
- } else if (access_type == MMU_INST_FETCH) {
- if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
- memattr = 0xee; /* Normal, WT, RA, NT */
- } else {
- memattr = 0x44; /* Normal, NC, No */
- }
- result->cacheattrs.shareability = 2; /* outer sharable */
- } else {
- memattr = 0x00; /* Device, nGnRnE */
- }
- result->cacheattrs.attrs = memattr;
- return 0;
+ return get_phys_addr_disabled(env, address, access_type, mmu_idx,
+ is_secure, result, fi);
}
-
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx,
is_secure, false, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 43/62] target/arm: Reorg get_phys_addr_disabled
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (41 preceding siblings ...)
2022-07-03 8:23 ` [PATCH 42/62] target/arm: Split out get_phys_addr_disabled Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 44/62] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
` (20 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use a switch. Do not apply memattr or shareability for Stage2
translations. Make sure to apply HCR_{DC,DCT} only to Regime_EL10,
per the pseudocode in AArch64.S1DisabledOutput.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 115 +++++++++++++++++++++++++++--------------------
1 file changed, 67 insertions(+), 48 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 0f4b9b0166..3a098882a6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2278,64 +2278,83 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- uint64_t hcr;
- uint8_t memattr;
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint8_t memattr, shareability;
- if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
- int r_el = regime_el(env, mmu_idx);
- if (arm_el_is_aa64(env, r_el)) {
- int pamax = arm_pamax(env_archcpu(env));
- uint64_t tcr = env->cp15.tcr_el[r_el].raw_tcr;
- int addrtop, tbi;
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Stage2_S:
+ memattr = 0x00; /* unused, but Device, nGnRnE */
+ shareability = 0; /* unused, but non-shareable */
+ break;
- tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
- if (access_type == MMU_INST_FETCH) {
- tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
+ if (hcr & HCR_DC) {
+ if (hcr & HCR_DCT) {
+ memattr = 0xf0; /* Tagged, Normal, WB, RWA */
+ } else {
+ memattr = 0xff; /* Normal, WB, RWA */
}
- tbi = (tbi >> extract64(address, 55, 1)) & 1;
- addrtop = (tbi ? 55 : 63);
-
- if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
- fi->type = ARMFault_AddressSize;
- fi->level = 0;
- fi->stage2 = false;
- return 1;
- }
-
- /*
- * When TBI is disabled, we've just validated that all of the
- * bits above PAMax are zero, so logically we only need to
- * clear the top byte for TBI. But it's clearer to follow
- * the pseudocode set of addrdesc.paddress.
- */
- address = extract64(address, 0, 52);
+ shareability = 0; /* non-shareable */
+ goto check_range;
}
+ /* fall through */
+
+ default:
+ if (access_type == MMU_INST_FETCH) {
+ if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
+ memattr = 0xee; /* Normal, WT, RA, NT */
+ } else {
+ memattr = 0x44; /* Normal, NC, No */
+ }
+ shareability = 2; /* Outer sharable */
+ } else {
+ memattr = 0x00; /* unused, but Device, nGnRnE */
+ shareability = 0; /* non-shareable */
+ }
+ /* fall through */
+
+ check_range:
+ {
+ int r_el = regime_el(env, mmu_idx);
+ if (arm_el_is_aa64(env, r_el)) {
+ int pamax = arm_pamax(env_archcpu(env));
+ uint64_t tcr = env->cp15.tcr_el[r_el].raw_tcr;
+ int addrtop, tbi;
+
+ tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
+ if (access_type == MMU_INST_FETCH) {
+ tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ }
+ tbi = (tbi >> extract64(address, 55, 1)) & 1;
+ addrtop = (tbi ? 55 : 63);
+
+ if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
+ fi->type = ARMFault_AddressSize;
+ fi->level = 0;
+ fi->stage2 = false;
+ return 1;
+ }
+
+ /*
+ * When TBI is disabled, we've just validated that all of
+ * the bits above PAMax are zero, so logically we only
+ * need to clear the top byte for TBI. But it's clearer
+ * to follow the pseudocode set of addrdesc.paddress.
+ */
+ address = extract64(address, 0, 52);
+ }
+ }
+ break;
}
result->phys = address;
result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
result->page_size = TARGET_PAGE_SIZE;
-
- /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- result->cacheattrs.shareability = 0;
result->cacheattrs.is_s2_format = false;
- if (hcr & HCR_DC) {
- if (hcr & HCR_DCT) {
- memattr = 0xf0; /* Tagged, Normal, WB, RWA */
- } else {
- memattr = 0xff; /* Normal, WB, RWA */
- }
- } else if (access_type == MMU_INST_FETCH) {
- if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
- memattr = 0xee; /* Normal, WT, RA, NT */
- } else {
- memattr = 0x44; /* Normal, NC, No */
- }
- result->cacheattrs.shareability = 2; /* outer sharable */
- } else {
- memattr = 0x00; /* Device, nGnRnE */
- }
+ result->cacheattrs.shareability = shareability;
result->cacheattrs.attrs = memattr;
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 44/62] target/arm: Add ARMMMUIdx_Phys_{S,NS}
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (42 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 43/62] target/arm: Reorg get_phys_addr_disabled Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 45/62] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
` (19 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Not yet used, but add mmu indexes for 1-1 mapping
to physical addresses.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 4 ++++
target/arm/ptw.c | 9 +++++++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 6f702f58d9..931808f2e7 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -40,6 +40,6 @@ struct PageEntryExtra {
};
#endif
-#define NB_MMU_MODES 8
+#define NB_MMU_MODES 10
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index dd577a08bc..c5aec164ba 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2934,6 +2934,10 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
+ /* TLBs with 1-1 mapping to the physical address spaces. */
+ ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
+
/*
* These are not allocated TLBs and are used only for AT system
* instructions or for the first stage of an S12 page table walk.
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3a098882a6..7510a9276a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -179,6 +179,11 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_E3:
break;
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_S:
+ /* No translation for physical address spaces. */
+ return true;
+
default:
g_assert_not_reached();
}
@@ -2284,6 +2289,8 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_S:
memattr = 0x00; /* unused, but Device, nGnRnE */
shareability = 0; /* unused, but non-shareable */
break;
@@ -2574,6 +2581,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
is_secure = arm_is_secure_below_el3(env);
break;
case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
@@ -2582,6 +2590,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
break;
case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_Phys_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 45/62] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (43 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 44/62] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 46/62] target/arm: Use softmmu tlbs for page table walking Richard Henderson
` (18 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We had been marking this ARM_MMU_IDX_NOTLB, move it to a real tlb.
Flush the tlb when invalidating stage 1+2 translations.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 20 +++++++++++---------
target/arm/helper.c | 4 +++-
3 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 931808f2e7..ddbb2db1b9 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -40,6 +40,6 @@ struct PageEntryExtra {
};
#endif
-#define NB_MMU_MODES 10
+#define NB_MMU_MODES 12
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c5aec164ba..8ea9f08511 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2938,6 +2938,15 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
+ /*
+ * Used for second stage of an S12 page table walk, or for descriptor
+ * loads during first stage of an S1 page table walk. Note that both
+ * are in use simultaneously for SecureEL2: the security state for
+ * the S2 ptw is selected by the NS bit from the S1 ptw.
+ */
+ ARMMMUIdx_Stage2 = 10 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Stage2_S = 11 | ARM_MMU_IDX_A,
+
/*
* These are not allocated TLBs and are used only for AT system
* instructions or for the first stage of an S12 page table walk.
@@ -2945,15 +2954,6 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
- /*
- * Not allocated a TLB: used only for second stage of an S12 page
- * table walk, or for descriptor loads during first stage of an S1
- * page table walk. Note that if we ever want to have a TLB for this
- * then various TLB flush insns which currently are no-ops or flush
- * only stage 1 MMU indexes will need to change to flush stage 2.
- */
- ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage2_S = 4 | ARM_MMU_IDX_NOTLB,
/*
* M-profile.
@@ -2984,6 +2984,8 @@ typedef enum ARMMMUIdxBit {
TO_CORE_BIT(E20_2),
TO_CORE_BIT(E20_2_PAN),
TO_CORE_BIT(E3),
+ TO_CORE_BIT(Stage2),
+ TO_CORE_BIT(Stage2_S),
TO_CORE_BIT(MUser),
TO_CORE_BIT(MPriv),
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 176be48c46..499577f24e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4332,7 +4332,9 @@ static int alle1_tlbmask(CPUARMState *env)
*/
return (ARMMMUIdxBit_E10_1 |
ARMMMUIdxBit_E10_1_PAN |
- ARMMMUIdxBit_E10_0);
+ ARMMMUIdxBit_E10_0 |
+ ARMMMUIdxBit_Stage2 |
+ ARMMMUIdxBit_Stage2_S);
}
static int e2_tlbmask(CPUARMState *env)
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 46/62] target/arm: Use softmmu tlbs for page table walking
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (44 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 45/62] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 47/62] target/arm: Hoist check for disabled stage2 translation Richard Henderson
` (17 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
So far, limit the change to S1_ptw_translate, arm_ldl_ptw,
and arm_ldq_ptw. Use probe_access_extra to find the host
address, and if so use a host load. If the probe fails,
we've got our fault info already. On the off chance that
page tables are not in RAM, continue to use the
address_space_ld* functions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 5 +
target/arm/ptw.c | 206 +++++++++++++++++++++++-----------------
target/arm/tlb_helper.c | 17 +++-
3 files changed, 139 insertions(+), 89 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8ea9f08511..e5e3084ec9 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -231,6 +231,8 @@ typedef struct CPUARMTBFlags {
target_ulong flags2;
} CPUARMTBFlags;
+typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
+
typedef struct CPUArchState {
/* Regs for current mode. */
uint32_t regs[16];
@@ -720,6 +722,9 @@ typedef struct CPUArchState {
struct CPUBreakpoint *cpu_breakpoint[16];
struct CPUWatchpoint *cpu_watchpoint[16];
+ /* Optional fault info across tlb lookup. */
+ ARMMMUFaultInfo *tlb_fi;
+
/* Fields up to this point are cleared by a CPU reset */
struct {} end_reset_fields;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7510a9276a..ed25f4b91e 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -9,6 +9,7 @@
#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qemu/range.h"
+#include "exec/exec-all.h"
#include "cpu.h"
#include "internals.h"
#include "idau.h"
@@ -191,52 +192,58 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
-static bool ptw_attrs_are_device(uint64_t hcr, ARMCacheAttrs cacheattrs)
-{
- /*
- * For an S1 page table walk, the stage 1 attributes are always
- * some form of "this is Normal memory". The combined S1+S2
- * attributes are therefore only Device if stage 2 specifies Device.
- * With HCR_EL2.FWB == 0 this is when descriptor bits [5:4] are 0b00,
- * ie when cacheattrs.attrs bits [3:2] are 0b00.
- * With HCR_EL2.FWB == 1 this is when descriptor bit [4] is 0, ie
- * when cacheattrs.attrs bit [2] is 0.
- */
- assert(cacheattrs.is_s2_format);
- if (hcr & HCR_FWB) {
- return (cacheattrs.attrs & 0x4) == 0;
- } else {
- return (cacheattrs.attrs & 0xc) == 0;
- }
-}
-
/* Translate a S1 pagetable walk through S2 if needed. */
-static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
- hwaddr addr, bool *is_secure_ptr,
- ARMMMUFaultInfo *fi)
+static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
+ bool *is_secure_ptr, void **hphys, hwaddr *gphys,
+ ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ MemTxAttrs attrs = {};
+ PageEntryExtra extra;
+ int flags;
- if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
- GetPhysAddrResult s2 = {};
- uint64_t hcr;
- int ret;
+ if (!arm_mmu_idx_is_stage1_of_2(mmu_idx)
+ || regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
+ s2_mmu_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ }
- ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
- is_secure, false, &s2, fi);
- if (ret) {
- assert(fi->type != ARMFault_None);
- fi->s2addr = addr;
- fi->stage2 = true;
- fi->s1ptw = true;
- fi->s1ns = !is_secure;
- return ~0;
+ env->tlb_fi = fi;
+ flags = probe_access_extra(env, addr, MMU_DATA_LOAD,
+ arm_to_core_mmu_idx(s2_mmu_idx),
+ true, hphys, &attrs, &extra, 0);
+ env->tlb_fi = NULL;
+
+ if (unlikely(flags & TLB_INVALID_MASK)) {
+ assert(fi->type != ARMFault_None);
+ fi->s2addr = addr;
+ fi->stage2 = true;
+ fi->s1ptw = true;
+ fi->s1ns = !is_secure;
+ return false;
+ }
+
+ if (s2_mmu_idx == ARMMMUIdx_Stage2 || s2_mmu_idx == ARMMMUIdx_Stage2_S) {
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint8_t s2attrs = FIELD_EX64(extra.x, PAGEENTRYEXTRA, ATTRS);
+ bool is_device;
+
+ /*
+ * For an S1 page table walk, the stage 1 attributes are always
+ * some form of "this is Normal memory". The combined S1+S2
+ * attributes are therefore only Device if stage 2 specifies Device.
+ * With HCR_EL2.FWB == 0 this is when descriptor bits [5:4] are 0b00,
+ * ie when s2attrs bits [3:2] are 0b00.
+ * With HCR_EL2.FWB == 1 this is when descriptor bit [4] is 0, ie
+ * when s2attrs bit [2] is 0.
+ */
+ if (hcr & HCR_FWB) {
+ is_device = (s2attrs & 0x4) == 0;
+ } else {
+ is_device = (s2attrs & 0xc) == 0;
}
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
+ if ((hcr & HCR_PTW) && is_device) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -246,24 +253,19 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->stage2 = true;
fi->s1ptw = true;
fi->s1ns = !is_secure;
- return ~0;
+ return false;
}
-
- if (arm_is_secure_below_el3(env)) {
- /* Check if page table walk is to secure or non-secure PA space. */
- if (is_secure) {
- is_secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
- } else {
- is_secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
- }
- *is_secure_ptr = is_secure;
- } else {
- assert(!is_secure);
- }
-
- addr = s2.phys;
}
- return addr;
+
+ if (is_secure) {
+ /* Check if page table walk is to secure or non-secure PA space. */
+ *is_secure_ptr = !(attrs.secure
+ ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
+ : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
+ }
+
+ *gphys = extra.x & R_PAGEENTRYEXTRA_PA_MASK;
+ return true;
}
/* All loads done in the course of a page table walk go through here. */
@@ -271,56 +273,88 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- MemTxAttrs attrs = {};
- MemTxResult result = MEMTX_OK;
- AddressSpace *as;
+ void *hphys;
+ hwaddr gphys;
uint32_t data;
+ bool be;
- addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi);
- attrs.secure = is_secure;
- as = arm_addressspace(cs, attrs);
- if (fi->s1ptw) {
+ if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ &hphys, &gphys, fi)) {
+ /* Failure. */
+ assert(fi->s1ptw);
return 0;
}
- if (regime_translation_big_endian(env, mmu_idx)) {
- data = address_space_ldl_be(as, addr, attrs, &result);
+
+ be = regime_translation_big_endian(env, mmu_idx);
+ if (likely(hphys)) {
+ /* Page tables are in RAM, and we have the host address. */
+ if (be) {
+ data = ldl_be_p(hphys);
+ } else {
+ data = ldl_le_p(hphys);
+ }
} else {
- data = address_space_ldl_le(as, addr, attrs, &result);
+ /* Page tables are in MMIO. */
+ MemTxAttrs attrs = { .secure = is_secure };
+ AddressSpace *as = arm_addressspace(cs, attrs);
+ MemTxResult result = MEMTX_OK;
+
+ if (be) {
+ data = address_space_ldl_be(as, gphys, attrs, &result);
+ } else {
+ data = address_space_ldl_le(as, gphys, attrs, &result);
+ }
+ if (unlikely(result != MEMTX_OK)) {
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
+ }
}
- if (result == MEMTX_OK) {
- return data;
- }
- fi->type = ARMFault_SyncExternalOnWalk;
- fi->ea = arm_extabort_type(result);
- return 0;
+ return data;
}
static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- MemTxAttrs attrs = {};
- MemTxResult result = MEMTX_OK;
- AddressSpace *as;
+ void *hphys;
+ hwaddr gphys;
uint64_t data;
+ bool be;
- addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi);
- attrs.secure = is_secure;
- as = arm_addressspace(cs, attrs);
- if (fi->s1ptw) {
+ if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ &hphys, &gphys, fi)) {
+ /* Failure. */
+ assert(fi->s1ptw);
return 0;
}
- if (regime_translation_big_endian(env, mmu_idx)) {
- data = address_space_ldq_be(as, addr, attrs, &result);
+
+ be = regime_translation_big_endian(env, mmu_idx);
+ if (likely(hphys)) {
+ /* Page tables are in RAM, and we have the host address. */
+ if (be) {
+ data = ldq_be_p(hphys);
+ } else {
+ data = ldq_le_p(hphys);
+ }
} else {
- data = address_space_ldq_le(as, addr, attrs, &result);
+ /* Page tables are in MMIO. */
+ MemTxAttrs attrs = { .secure = is_secure };
+ AddressSpace *as = arm_addressspace(cs, attrs);
+ MemTxResult result = MEMTX_OK;
+
+ if (be) {
+ data = address_space_ldq_be(as, gphys, attrs, &result);
+ } else {
+ data = address_space_ldq_le(as, gphys, attrs, &result);
+ }
+ if (unlikely(result != MEMTX_OK)) {
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
+ }
}
- if (result == MEMTX_OK) {
- return data;
- }
- fi->type = ARMFault_SyncExternalOnWalk;
- fi->ea = arm_extabort_type(result);
- return 0;
+ return data;
}
static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 28495ff525..d0b978bb9a 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -208,10 +208,21 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
bool probe, uintptr_t retaddr)
{
ARMCPU *cpu = ARM_CPU(cs);
- ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
+ ARMMMUFaultInfo local_fi, *fi;
int ret;
+ /*
+ * Allow S1_ptw_translate to see any fault generated here.
+ * Since this may recurse, read and clear.
+ */
+ fi = cpu->env.tlb_fi;
+ if (fi) {
+ cpu->env.tlb_fi = NULL;
+ } else {
+ fi = memset(&local_fi, 0, sizeof(local_fi));
+ }
+
/*
* Walk the page table and (if the mapping exists) add the page
* to the TLB. On success, return true. Otherwise, if probing,
@@ -220,7 +231,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
*/
ret = get_phys_addr(&cpu->env, address, access_type,
core_to_arm_mmu_idx(&cpu->env, mmu_idx),
- &res, &fi);
+ &res, fi);
if (likely(!ret)) {
PageEntryExtra extra = {};
@@ -252,7 +263,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
} else {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr, true);
- arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi);
+ arm_deliver_fault(cpu, address, access_type, mmu_idx, fi);
}
}
#else
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 47/62] target/arm: Hoist check for disabled stage2 translation.
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (45 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 46/62] target/arm: Use softmmu tlbs for page table walking Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 48/62] target/arm: Split out get_phys_addr_twostage Richard Henderson
` (16 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
If stage2 translation is disabled, E1&0 translation is
just a single stage. Use the complete single stage path
rather than breaking out of the middle of the two stage path.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ed25f4b91e..84d72ac249 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2433,9 +2433,10 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
if (mmu_idx != s1_mmu_idx) {
/*
* Call ourselves recursively to do the stage 1 and then stage 2
- * translations if mmu_idx is a two-stage regime.
+ * translations if mmu_idx is a two-stage regime, and stage2 enabled.
*/
- if (arm_feature(env, ARM_FEATURE_EL2)) {
+ if (arm_feature(env, ARM_FEATURE_EL2) &&
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
hwaddr ipa;
int s1_prot;
int ret;
@@ -2448,9 +2449,8 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
ret = get_phys_addr_with_secure(env, address, access_type,
s1_mmu_idx, is_secure, result, fi);
- /* If S1 fails or S2 is disabled, return early. */
- if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
- is_secure)) {
+ /* If S1 fails, return early. */
+ if (ret) {
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 48/62] target/arm: Split out get_phys_addr_twostage
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (46 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 47/62] target/arm: Hoist check for disabled stage2 translation Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 49/62] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
` (15 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 182 +++++++++++++++++++++++++----------------------
1 file changed, 96 insertions(+), 86 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 84d72ac249..993f015904 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2400,6 +2400,95 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
return 0;
}
+static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx s1_mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
+{
+ hwaddr ipa;
+ int s1_prot;
+ int ret;
+ bool ipa_secure;
+ ARMCacheAttrs cacheattrs1;
+ ARMMMUIdx s2_mmu_idx;
+ bool is_el0;
+ uint64_t hcr;
+
+ ret = get_phys_addr_with_secure(env, address, access_type, s1_mmu_idx,
+ is_secure, result, fi);
+
+ /* If S1 fails, return early. */
+ if (ret) {
+ return ret;
+ }
+
+ ipa = result->phys;
+ if (is_secure) {
+ /* Select TCR based on the NS bit from the S1 walk. */
+ ipa_secure = !(result->attrs.secure
+ ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
+ : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
+ } else {
+ ipa_secure = false;
+ }
+
+ s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ is_el0 = s1_mmu_idx == ARMMMUIdx_Stage1_E0;
+
+ /*
+ * S1 is done, now do S2 translation.
+ * Save the stage1 results so that we may merge
+ * prot and cacheattrs later.
+ */
+ s1_prot = result->prot;
+ cacheattrs1 = result->cacheattrs;
+ memset(result, 0, sizeof(*result));
+
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ ipa_secure, is_el0, result, fi);
+ fi->s2addr = ipa;
+
+ /* Combine the S1 and S2 perms. */
+ result->prot &= s1_prot;
+
+ /* If S2 fails, return early. */
+ if (ret) {
+ return ret;
+ }
+
+ /* Combine the S1 and S2 cache attributes. */
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ if (hcr & HCR_DC) {
+ /*
+ * HCR.DC forces the first stage attributes to
+ * Normal Non-Shareable,
+ * Inner Write-Back Read-Allocate Write-Allocate,
+ * Outer Write-Back Read-Allocate Write-Allocate.
+ * Do not overwrite Tagged within attrs.
+ */
+ if (cacheattrs1.attrs != 0xf0) {
+ cacheattrs1.attrs = 0xff;
+ }
+ cacheattrs1.shareability = 0;
+ }
+ result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
+ result->cacheattrs);
+
+ /* Check if IPA translates to secure or non-secure PA space. */
+ if (is_secure) {
+ if (ipa_secure) {
+ result->attrs.secure =
+ !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
+ } else {
+ result->attrs.secure =
+ !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW)) ||
+ (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
+ }
+ }
+ return 0;
+}
+
/**
* get_phys_addr - get the physical address for this virtual address
*
@@ -2437,93 +2526,14 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
*/
if (arm_feature(env, ARM_FEATURE_EL2) &&
!regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
- hwaddr ipa;
- int s1_prot;
- int ret;
- bool ipa_secure;
- ARMCacheAttrs cacheattrs1;
- ARMMMUIdx s2_mmu_idx;
- bool is_el0;
- uint64_t hcr;
-
- ret = get_phys_addr_with_secure(env, address, access_type,
- s1_mmu_idx, is_secure, result, fi);
-
- /* If S1 fails, return early. */
- if (ret) {
- return ret;
- }
-
- ipa = result->phys;
- if (is_secure) {
- /* Select TCR based on the NS bit from the S1 walk. */
- ipa_secure = !(result->attrs.secure
- ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
- : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
- } else {
- ipa_secure = false;
- }
-
- s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
- is_el0 = mmu_idx == ARMMMUIdx_E10_0;
-
- /*
- * S1 is done, now do S2 translation.
- * Save the stage1 results so that we may merge
- * prot and cacheattrs later.
- */
- s1_prot = result->prot;
- cacheattrs1 = result->cacheattrs;
- memset(result, 0, sizeof(*result));
-
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
- ipa_secure, is_el0, result, fi);
- fi->s2addr = ipa;
-
- /* Combine the S1 and S2 perms. */
- result->prot &= s1_prot;
-
- /* If S2 fails, return early. */
- if (ret) {
- return ret;
- }
-
- /* Combine the S1 and S2 cache attributes. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- if (hcr & HCR_DC) {
- /*
- * HCR.DC forces the first stage attributes to
- * Normal Non-Shareable,
- * Inner Write-Back Read-Allocate Write-Allocate,
- * Outer Write-Back Read-Allocate Write-Allocate.
- * Do not overwrite Tagged within attrs.
- */
- if (cacheattrs1.attrs != 0xf0) {
- cacheattrs1.attrs = 0xff;
- }
- cacheattrs1.shareability = 0;
- }
- result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
- result->cacheattrs);
-
- /* Check if IPA translates to secure or non-secure PA space. */
- if (is_secure) {
- if (ipa_secure) {
- result->attrs.secure =
- !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
- } else {
- result->attrs.secure =
- !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
- || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
- }
- }
- return 0;
- } else {
- /*
- * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
- */
- mmu_idx = stage_1_mmu_idx(mmu_idx);
+ return get_phys_addr_twostage(env, address, access_type,
+ s1_mmu_idx, is_secure,
+ result, fi);
}
+ /*
+ * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
+ */
+ mmu_idx = s1_mmu_idx;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 49/62] target/arm: Use bool consistently for get_phys_addr subroutines
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (47 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 48/62] target/arm: Split out get_phys_addr_twostage Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 50/62] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
` (14 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The return type of the functions is already bool, but in a few
instances we used an integer type with the return statement.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 993f015904..a2c441d947 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2376,7 +2376,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
fi->type = ARMFault_AddressSize;
fi->level = 0;
fi->stage2 = false;
- return 1;
+ return true;
}
/*
@@ -2397,7 +2397,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
result->cacheattrs.is_s2_format = false;
result->cacheattrs.shareability = shareability;
result->cacheattrs.attrs = memattr;
- return 0;
+ return false;
}
static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
@@ -2408,7 +2408,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
{
hwaddr ipa;
int s1_prot;
- int ret;
+ bool ret;
bool ipa_secure;
ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
@@ -2486,7 +2486,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
}
}
- return 0;
+ return false;
}
/**
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 50/62] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (48 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 49/62] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 51/62] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
` (13 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
If stage2 is disabled, we do not need to adjust mmu_idx.
Below, we'll use get_phys_addr_lpae and not recurse.
Adjust regime_is_user so that it can be used for E10_0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a2c441d947..e42286b4c1 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -90,6 +90,7 @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
+ case ARMMMUIdx_E10_0:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_MUser:
@@ -99,10 +100,6 @@ static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
return true;
default:
return false;
- case ARMMMUIdx_E10_0:
- case ARMMMUIdx_E10_1:
- case ARMMMUIdx_E10_1_PAN:
- g_assert_not_reached();
}
}
@@ -2530,10 +2527,6 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
s1_mmu_idx, is_secure,
result, fi);
}
- /*
- * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
- */
- mmu_idx = s1_mmu_idx;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 51/62] target/arm: Add ptw_idx argument to S1_ptw_translate
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (49 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 50/62] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 52/62] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
` (12 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Hoist the computation of the mmu_idx for the ptw up to
get_phys_addr_with_secure and get_phys_addr_twostage.
This removes the duplicate check for stage2 disabled
from the middle of the walk, performing it only once.
Pass ptw_idx through get_phys_addr_{v5,v6,lpae} and
arm_{ldl,ldq}_ptw.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 100 +++++++++++++++++++++++++++++++----------------
1 file changed, 67 insertions(+), 33 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e42286b4c1..6eb61849d3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -17,7 +17,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, bool s1_is_el0,
+ ARMMMUIdx ptw_idx, bool is_secure,
+ bool s1_is_el0,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
@@ -190,21 +191,16 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
}
/* Translate a S1 pagetable walk through S2 if needed. */
-static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
+static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
+ ARMMMUIdx s2_mmu_idx, hwaddr addr,
bool *is_secure_ptr, void **hphys, hwaddr *gphys,
ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
- ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
MemTxAttrs attrs = {};
PageEntryExtra extra;
int flags;
- if (!arm_mmu_idx_is_stage1_of_2(mmu_idx)
- || regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
- s2_mmu_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
- }
-
env->tlb_fi = fi;
flags = probe_access_extra(env, addr, MMU_DATA_LOAD,
arm_to_core_mmu_idx(s2_mmu_idx),
@@ -267,7 +263,8 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
/* All loads done in the course of a page table walk go through here. */
static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+ ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
void *hphys;
@@ -275,7 +272,7 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
uint32_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
&hphys, &gphys, fi)) {
/* Failure. */
assert(fi->s1ptw);
@@ -311,7 +308,8 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
}
static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+ ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
void *hphys;
@@ -319,7 +317,7 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
uint64_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
&hphys, &gphys, fi)) {
/* Failure. */
assert(fi->s1ptw);
@@ -460,8 +458,8 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx ptw_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -480,7 +478,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -518,7 +516,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -579,8 +577,8 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx ptw_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -603,7 +601,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -656,7 +654,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -1011,7 +1009,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, bool s1_is_el0,
+ ARMMMUIdx ptw_idx, bool is_secure,
+ bool s1_is_el0,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
@@ -1237,7 +1236,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, fi);
+ descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2408,7 +2407,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
bool ret;
bool ipa_secure;
ARMCacheAttrs cacheattrs1;
- ARMMMUIdx s2_mmu_idx;
+ ARMMMUIdx s2_mmu_idx, s2_ptw_idx;
bool is_el0;
uint64_t hcr;
@@ -2430,7 +2429,13 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
ipa_secure = false;
}
- s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ if (ipa_secure) {
+ s2_mmu_idx = ARMMMUIdx_Stage2_S;
+ s2_ptw_idx = ARMMMUIdx_Phys_S;
+ } else {
+ s2_mmu_idx = ARMMMUIdx_Stage2;
+ s2_ptw_idx = ARMMMUIdx_Phys_NS;
+ }
is_el0 = s1_mmu_idx == ARMMMUIdx_Stage1_E0;
/*
@@ -2442,7 +2447,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, s2_ptw_idx,
ipa_secure, is_el0, result, fi);
fi->s2addr = ipa;
@@ -2514,19 +2519,49 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
bool is_secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
+ ARMMMUIdx s1_mmu_idx, s2_mmu_idx, ptw_idx;
- if (mmu_idx != s1_mmu_idx) {
+ switch (mmu_idx) {
+ case ARMMMUIdx_Phys_S:
+ case ARMMMUIdx_Phys_NS:
+ do_disabled:
+ /* Checking Phys early avoids special casing later vs regime_el. */
+ return get_phys_addr_disabled(env, address, access_type, mmu_idx,
+ is_secure, result, fi);
+
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ /* First stage lookup uses second stage for ptw. */
+ ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ break;
+
+ case ARMMMUIdx_E10_0:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E0;
+ goto do_twostage;
+ case ARMMMUIdx_E10_1:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1;
+ goto do_twostage;
+ case ARMMMUIdx_E10_1_PAN:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
+ do_twostage:
/*
* Call ourselves recursively to do the stage 1 and then stage 2
* translations if mmu_idx is a two-stage regime, and stage2 enabled.
*/
+ s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
if (arm_feature(env, ARM_FEATURE_EL2) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
+ !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
return get_phys_addr_twostage(env, address, access_type,
s1_mmu_idx, is_secure,
result, fi);
}
+ /* fall through */
+
+ default:
+ /* Single stage and second stage uses physical for ptw. */
+ ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ break;
}
/*
@@ -2583,18 +2618,17 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
- return get_phys_addr_disabled(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ goto do_disabled;
}
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx,
- is_secure, false, result, fi);
+ ptw_idx, is_secure, false, result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ptw_idx, is_secure, result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ptw_idx, is_secure, result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 52/62] target/arm: Add isar predicates for FEAT_HAFDBS
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (50 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 51/62] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 53/62] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
` (11 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The MMFR1 field may indicate support for hardware update of
access flag alone, or access flag and dirty bit.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e5e3084ec9..6484abcf1f 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4034,6 +4034,16 @@ static inline bool isar_feature_aa64_lva(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0;
}
+static inline bool isar_feature_aa64_hafs(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) != 0;
+}
+
+static inline bool isar_feature_aa64_hdbs(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) >= 2;
+}
+
static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 53/62] target/arm: Extract HA and HD in aa64_va_parameters
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (51 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 52/62] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 54/62] target/arm: Split out S1TranslateResult type Richard Henderson
` (10 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 ++
target/arm/helper.c | 8 +++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 1bbe4d950e..f2a421972e 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1004,6 +1004,8 @@ typedef struct ARMVAParameters {
bool using64k : 1;
bool tsz_oob : 1; /* tsz has been clamped to legal range */
bool ds : 1;
+ bool ha : 1;
+ bool hd : 1;
} ARMVAParameters;
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 499577f24e..9aea6ad5f4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10626,7 +10626,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
ARMMMUIdx mmu_idx, bool data)
{
uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
- bool epd, hpd, using16k, using64k, tsz_oob, ds;
+ bool epd, hpd, using16k, using64k, tsz_oob, ds, ha, hd;
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
ARMCPU *cpu = env_archcpu(env);
@@ -10644,6 +10644,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
epd = false;
sh = extract32(tcr, 12, 2);
ps = extract32(tcr, 16, 3);
+ ha = extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu);
+ hd = extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu);
ds = extract64(tcr, 32, 1);
} else {
/*
@@ -10668,6 +10670,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
hpd = extract64(tcr, 42, 1);
}
ps = extract64(tcr, 32, 3);
+ ha = extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu);
+ hd = extract64(tcr, 40, 1) && cpu_isar_feature(aa64_hdbs, cpu);
ds = extract64(tcr, 59, 1);
}
@@ -10739,6 +10743,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
.using64k = using64k,
.tsz_oob = tsz_oob,
.ds = ds,
+ .ha = ha,
+ .hd = ha & hd,
};
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 54/62] target/arm: Split out S1TranslateResult type
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (52 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 53/62] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 55/62] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
` (9 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Consolidate the results of S1_ptw_translate in one struct.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 60 ++++++++++++++++++++++++------------------------
1 file changed, 30 insertions(+), 30 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 6eb61849d3..32937ec7db 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -190,13 +190,18 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
+typedef struct {
+ bool is_secure;
+ void *hphys;
+ hwaddr gphys;
+} S1TranslateResult;
+
/* Translate a S1 pagetable walk through S2 if needed. */
static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUIdx s2_mmu_idx, hwaddr addr,
- bool *is_secure_ptr, void **hphys, hwaddr *gphys,
+ bool is_secure, S1TranslateResult *res,
ARMMMUFaultInfo *fi)
{
- bool is_secure = *is_secure_ptr;
MemTxAttrs attrs = {};
PageEntryExtra extra;
int flags;
@@ -204,7 +209,7 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
env->tlb_fi = fi;
flags = probe_access_extra(env, addr, MMU_DATA_LOAD,
arm_to_core_mmu_idx(s2_mmu_idx),
- true, hphys, &attrs, &extra, 0);
+ true, &res->hphys, &attrs, &extra, 0);
env->tlb_fi = NULL;
if (unlikely(flags & TLB_INVALID_MASK)) {
@@ -250,14 +255,13 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
- if (is_secure) {
- /* Check if page table walk is to secure or non-secure PA space. */
- *is_secure_ptr = !(attrs.secure
- ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
- : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
- }
+ /* Check if page table walk is to secure or non-secure PA space. */
+ res->is_secure = (is_secure &&
+ !(attrs.secure
+ ? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
+ : env->cp15.vtcr_el2.raw_tcr & VTCR_NSW));
- *gphys = extra.x & R_PAGEENTRYEXTRA_PA_MASK;
+ res->gphys = extra.x & R_PAGEENTRYEXTRA_PA_MASK;
return true;
}
@@ -267,36 +271,34 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- void *hphys;
- hwaddr gphys;
+ S1TranslateResult s1;
uint32_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
- &hphys, &gphys, fi)) {
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
assert(fi->s1ptw);
return 0;
}
be = regime_translation_big_endian(env, mmu_idx);
- if (likely(hphys)) {
+ if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
if (be) {
- data = ldl_be_p(hphys);
+ data = ldl_be_p(s1.hphys);
} else {
- data = ldl_le_p(hphys);
+ data = ldl_le_p(s1.hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = is_secure };
+ MemTxAttrs attrs = { .secure = s1.is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
if (be) {
- data = address_space_ldl_be(as, gphys, attrs, &result);
+ data = address_space_ldl_be(as, s1.gphys, attrs, &result);
} else {
- data = address_space_ldl_le(as, gphys, attrs, &result);
+ data = address_space_ldl_le(as, s1.gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -312,36 +314,34 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- void *hphys;
- hwaddr gphys;
+ S1TranslateResult s1;
uint64_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
- &hphys, &gphys, fi)) {
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
assert(fi->s1ptw);
return 0;
}
be = regime_translation_big_endian(env, mmu_idx);
- if (likely(hphys)) {
+ if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
if (be) {
- data = ldq_be_p(hphys);
+ data = ldq_be_p(s1.hphys);
} else {
- data = ldq_le_p(hphys);
+ data = ldq_le_p(s1.hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = is_secure };
+ MemTxAttrs attrs = { .secure = s1.is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
if (be) {
- data = address_space_ldq_be(as, gphys, attrs, &result);
+ data = address_space_ldq_be(as, s1.gphys, attrs, &result);
} else {
- data = address_space_ldq_le(as, gphys, attrs, &result);
+ data = address_space_ldq_le(as, s1.gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 55/62] target/arm: Move be test for regime into S1TranslateResult
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (53 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 54/62] target/arm: Split out S1TranslateResult type Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 56/62] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
` (8 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Hoist this test out of arm_ld[lq]_ptw into S1_ptw_translate.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 32937ec7db..b5105a2e92 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -192,6 +192,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
typedef struct {
bool is_secure;
+ bool be;
void *hphys;
hwaddr gphys;
} S1TranslateResult;
@@ -261,6 +262,7 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
? env->cp15.vstcr_el2.raw_tcr & VSTCR_SW
: env->cp15.vtcr_el2.raw_tcr & VTCR_NSW));
+ res->be = regime_translation_big_endian(env, mmu_idx);
res->gphys = extra.x & R_PAGEENTRYEXTRA_PA_MASK;
return true;
}
@@ -273,7 +275,6 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
CPUState *cs = env_cpu(env);
S1TranslateResult s1;
uint32_t data;
- bool be;
if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
@@ -281,10 +282,9 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return 0;
}
- be = regime_translation_big_endian(env, mmu_idx);
if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (be) {
+ if (s1.be) {
data = ldl_be_p(s1.hphys);
} else {
data = ldl_le_p(s1.hphys);
@@ -295,7 +295,7 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (be) {
+ if (s1.be) {
data = address_space_ldl_be(as, s1.gphys, attrs, &result);
} else {
data = address_space_ldl_le(as, s1.gphys, attrs, &result);
@@ -316,7 +316,6 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
CPUState *cs = env_cpu(env);
S1TranslateResult s1;
uint64_t data;
- bool be;
if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
@@ -324,10 +323,9 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return 0;
}
- be = regime_translation_big_endian(env, mmu_idx);
if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (be) {
+ if (s1.be) {
data = ldq_be_p(s1.hphys);
} else {
data = ldq_le_p(s1.hphys);
@@ -338,7 +336,7 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (be) {
+ if (s1.be) {
data = address_space_ldq_be(as, s1.gphys, attrs, &result);
} else {
data = address_space_ldq_le(as, s1.gphys, attrs, &result);
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 56/62] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (54 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 55/62] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 57/62] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
` (7 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Separate S1 translation from the actual lookup.
Will enable lpae hardware updates.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 83 +++++++++++++++++++++++++-----------------------
1 file changed, 44 insertions(+), 39 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b5105a2e92..dee857ae89 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -268,37 +268,29 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
}
/* All loads done in the course of a page table walk go through here. */
-static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+static uint32_t arm_ldl_ptw(CPUARMState *env, const S1TranslateResult *s1,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- S1TranslateResult s1;
uint32_t data;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
- /* Failure. */
- assert(fi->s1ptw);
- return 0;
- }
-
- if (likely(s1.hphys)) {
+ if (likely(s1->hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (s1.be) {
- data = ldl_be_p(s1.hphys);
+ if (s1->be) {
+ data = ldl_be_p(s1->hphys);
} else {
- data = ldl_le_p(s1.hphys);
+ data = ldl_le_p(s1->hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = s1.is_secure };
+ MemTxAttrs attrs = { .secure = s1->is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (s1.be) {
- data = address_space_ldl_be(as, s1.gphys, attrs, &result);
+ if (s1->be) {
+ data = address_space_ldl_be(as, s1->gphys, attrs, &result);
} else {
- data = address_space_ldl_le(as, s1.gphys, attrs, &result);
+ data = address_space_ldl_le(as, s1->gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -309,37 +301,29 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return data;
}
-static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+static uint64_t arm_ldq_ptw(CPUARMState *env, const S1TranslateResult *s1,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- S1TranslateResult s1;
uint64_t data;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
- /* Failure. */
- assert(fi->s1ptw);
- return 0;
- }
-
- if (likely(s1.hphys)) {
+ if (likely(s1->hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (s1.be) {
- data = ldq_be_p(s1.hphys);
+ if (s1->be) {
+ data = ldq_be_p(s1->hphys);
} else {
- data = ldq_le_p(s1.hphys);
+ data = ldq_le_p(s1->hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = s1.is_secure };
+ MemTxAttrs attrs = { .secure = s1->is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (s1.be) {
- data = address_space_ldq_be(as, s1.gphys, attrs, &result);
+ if (s1->be) {
+ data = address_space_ldq_be(as, s1->gphys, attrs, &result);
} else {
- data = address_space_ldq_le(as, s1.gphys, attrs, &result);
+ data = address_space_ldq_le(as, s1->gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -467,6 +451,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
int domain = 0;
int domain_prot;
hwaddr phys_addr;
+ S1TranslateResult s1;
uint32_t dacr;
/* Pagetable walk. */
@@ -476,7 +461,10 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table, is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -514,7 +502,11 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table,
+ is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -590,6 +582,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
int domain_prot;
hwaddr phys_addr;
uint32_t dacr;
+ S1TranslateResult s1;
bool ns;
/* Pagetable walk. */
@@ -599,7 +592,10 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table, is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -652,7 +648,11 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table,
+ is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -1228,13 +1228,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
*/
tableattrs = is_secure ? 0 : (1 << 4);
for (;;) {
+ S1TranslateResult s1;
uint64_t descriptor;
bool nstable;
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
+ !nstable, &s1, fi)) {
+ goto do_fault;
+ }
+ descriptor = arm_ldq_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 57/62] target/arm: Add ARMFault_UnsuppAtomicUpdate
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (55 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 56/62] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 58/62] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
` (6 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This fault type is to be used with FEAT_HAFDBS when
the guest enables hw updates, but places the tables
in memory where atomic updates are unsupported.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index f2a421972e..b1a5219aa3 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -344,6 +344,7 @@ typedef enum ARMFaultType {
ARMFault_AsyncExternal,
ARMFault_Debug,
ARMFault_TLBConflict,
+ ARMFault_UnsuppAtomicUpdate,
ARMFault_Lockdown,
ARMFault_Exclusive,
ARMFault_ICacheMaint,
@@ -530,6 +531,9 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
case ARMFault_TLBConflict:
fsc = 0x30;
break;
+ case ARMFault_UnsuppAtomicUpdate:
+ fsc = 0x31;
+ break;
case ARMFault_Lockdown:
fsc = 0x34;
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 58/62] target/arm: Remove loop from get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (56 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 57/62] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 59/62] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
` (5 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The unconditional loop was used both to iterate over levels
and to control parsing of attributes. Use an explicit goto
in both cases.
While this appears less clean for iterating over levels, we
will need to jump back into the middle of this loop for
atomic updates, which is even uglier.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 176 +++++++++++++++++++++++------------------------
1 file changed, 88 insertions(+), 88 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index dee857ae89..a3f063e0bc 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1029,6 +1029,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
bool guarded = false;
+ S1TranslateResult s1;
+ uint64_t descriptor;
+ bool nstable;
/* TODO: This code does not support shareability levels. */
if (aarch64) {
@@ -1227,96 +1230,93 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* bits at each step.
*/
tableattrs = is_secure ? 0 : (1 << 4);
- for (;;) {
- S1TranslateResult s1;
- uint64_t descriptor;
- bool nstable;
- descaddr |= (address >> (stride * (4 - level))) & indexmask;
- descaddr &= ~7ULL;
- nstable = extract32(tableattrs, 4, 1);
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
- !nstable, &s1, fi)) {
- goto do_fault;
- }
- descriptor = arm_ldq_ptw(env, &s1, fi);
- if (fi->type != ARMFault_None) {
- goto do_fault;
- }
-
- if (!(descriptor & 1) ||
- (!(descriptor & 2) && (level == 3))) {
- /* Invalid, or the Reserved level 3 encoding */
- goto do_fault;
- }
-
- descaddr = descriptor & descaddrmask;
-
- /*
- * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
- * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
- * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
- * raise AddressSizeFault.
- */
- if (outputsize > 48) {
- if (param.ds) {
- descaddr |= extract64(descriptor, 8, 2) << 50;
- } else {
- descaddr |= extract64(descriptor, 12, 4) << 48;
- }
- } else if (descaddr >> outputsize) {
- fault_type = ARMFault_AddressSize;
- goto do_fault;
- }
-
- if ((descriptor & 2) && (level < 3)) {
- /*
- * Table entry. The top five bits are attributes which may
- * propagate down through lower levels of the table (and
- * which are all arranged so that 0 means "no effect", so
- * we can gather them up by ORing in the bits at each level).
- */
- tableattrs |= extract64(descriptor, 59, 5);
- level++;
- indexmask = indexmask_grainsize;
- continue;
- }
- /*
- * Block entry at level 1 or 2, or page entry at level 3.
- * These are basically the same thing, although the number
- * of bits we pull in from the vaddr varies. Note that although
- * descaddrmask masks enough of the low bits of the descriptor
- * to give a correct page or table address, the address field
- * in a block descriptor is smaller; so we need to explicitly
- * clear the lower bits here before ORing in the low vaddr bits.
- */
- page_size = (1ULL << ((stride * (4 - level)) + 3));
- descaddr &= ~(page_size - 1);
- descaddr |= (address & (page_size - 1));
- /* Extract attributes from the descriptor */
- attrs = extract64(descriptor, 2, 10)
- | (extract64(descriptor, 52, 12) << 10);
-
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
- /* Stage 2 table descriptors do not include any attribute fields */
- break;
- }
- /* Merge in attributes from table descriptors */
- attrs |= nstable << 3; /* NS */
- guarded = extract64(descriptor, 50, 1); /* GP */
- if (param.hpd) {
- /* HPD disables all the table attributes except NSTable. */
- break;
- }
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
- /*
- * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
- * means "force PL1 access only", which means forcing AP[1] to 0.
- */
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
- break;
+ next_level:
+ descaddr |= (address >> (stride * (4 - level))) & indexmask;
+ descaddr &= ~7ULL;
+ nstable = extract32(tableattrs, 4, 1);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
+ !nstable, &s1, fi)) {
+ goto do_fault;
}
+ descriptor = arm_ldq_ptw(env, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+
+ if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
+ /* Invalid, or the Reserved level 3 encoding */
+ goto do_fault;
+ }
+
+ descaddr = descriptor & descaddrmask;
+
+ /*
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
+ * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
+ * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
+ * raise AddressSizeFault.
+ */
+ if (outputsize > 48) {
+ if (param.ds) {
+ descaddr |= extract64(descriptor, 8, 2) << 50;
+ } else {
+ descaddr |= extract64(descriptor, 12, 4) << 48;
+ }
+ } else if (descaddr >> outputsize) {
+ fault_type = ARMFault_AddressSize;
+ goto do_fault;
+ }
+
+ if ((descriptor & 2) && (level < 3)) {
+ /*
+ * Table entry. The top five bits are attributes which may
+ * propagate down through lower levels of the table (and
+ * which are all arranged so that 0 means "no effect", so
+ * we can gather them up by ORing in the bits at each level).
+ */
+ tableattrs |= extract64(descriptor, 59, 5);
+ level++;
+ indexmask = indexmask_grainsize;
+ goto next_level;
+ }
+
+ /*
+ * Block entry at level 1 or 2, or page entry at level 3.
+ * These are basically the same thing, although the number
+ * of bits we pull in from the vaddr varies. Note that although
+ * descaddrmask masks enough of the low bits of the descriptor
+ * to give a correct page or table address, the address field
+ * in a block descriptor is smaller; so we need to explicitly
+ * clear the lower bits here before ORing in the low vaddr bits.
+ */
+ page_size = (1ULL << ((stride * (4 - level)) + 3));
+ descaddr &= ~(page_size - 1);
+ descaddr |= (address & (page_size - 1));
+ /* Extract attributes from the descriptor */
+ attrs = extract64(descriptor, 2, 10)
+ | (extract64(descriptor, 52, 12) << 10);
+
+ if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ /* Stage 2 table descriptors do not include any attribute fields */
+ goto skip_attrs;
+ }
+ /* Merge in attributes from table descriptors */
+ attrs |= nstable << 3; /* NS */
+ guarded = extract64(descriptor, 50, 1); /* GP */
+ if (param.hpd) {
+ /* HPD disables all the table attributes except NSTable. */
+ goto skip_attrs;
+ }
+ attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
+ /*
+ * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
+ * means "force PL1 access only", which means forcing AP[1] to 0.
+ */
+ attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
+ attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
+ skip_attrs:
+
/*
* Here descaddr is the final physical address, and attributes
* are all in attrs.
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 59/62] target/arm: Fix fault reporting in get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (57 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 58/62] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 60/62] target/arm: Don't shift attrs " Richard Henderson
` (4 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Always overriding fi->type was incorrect, as we would not
properly propagate the fault type from S1_ptw_translate,
or arm_ldq_ptw. Simplify things by providing a new label
for reporting a translation fault. For other faults, store
into fi directly.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 31 +++++++++++++------------------
1 file changed, 13 insertions(+), 18 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a3f063e0bc..678ad2ac0c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1012,8 +1012,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
- /* Read an LPAE long-descriptor translation table. */
- ARMFaultType fault_type = ARMFault_Translation;
uint32_t level;
ARMVAParameters param;
uint64_t ttbr;
@@ -1051,8 +1049,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* so our choice is to always raise the fault.
*/
if (param.tsz_oob) {
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
addrsize = 64 - 8 * param.tbi;
@@ -1089,8 +1086,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
addrsize - inputsize);
if (-top_bits != param.select) {
/* The gap between the two regions is a Translation fault */
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
}
@@ -1122,7 +1118,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* Translation table walk disabled => Translation fault on TLB miss
* Note: This is always 0 on 64-bit EL2 and EL3.
*/
- goto do_fault;
+ goto do_translation_fault;
}
if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
@@ -1153,8 +1149,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (param.ds && stride == 9 && sl2) {
if (sl0 != 0) {
level = 0;
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
startlevel = -1;
} else if (!aarch64 || stride == 9) {
@@ -1173,8 +1168,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
inputsize, stride, outputsize);
if (!ok) {
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
level = startlevel;
}
@@ -1196,7 +1190,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= extract64(ttbr, 2, 4) << 48;
} else if (descaddr >> outputsize) {
level = 0;
- fault_type = ARMFault_AddressSize;
+ fi->type = ARMFault_AddressSize;
goto do_fault;
}
@@ -1246,7 +1240,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
- goto do_fault;
+ goto do_translation_fault;
}
descaddr = descriptor & descaddrmask;
@@ -1264,7 +1258,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= extract64(descriptor, 12, 4) << 48;
}
} else if (descaddr >> outputsize) {
- fault_type = ARMFault_AddressSize;
+ fi->type = ARMFault_AddressSize;
goto do_fault;
}
@@ -1321,9 +1315,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
- fault_type = ARMFault_AccessFlag;
if ((attrs & (1 << 8)) == 0) {
/* Access flag */
+ fi->type = ARMFault_AccessFlag;
goto do_fault;
}
@@ -1340,8 +1334,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
- fault_type = ARMFault_Permission;
if (!(result->prot & (1 << access_type))) {
+ fi->type = ARMFault_Permission;
goto do_fault;
}
@@ -1385,8 +1379,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
result->page_size = page_size;
return false;
-do_fault:
- fi->type = fault_type;
+ do_translation_fault:
+ fi->type = ARMFault_Translation;
+ do_fault:
fi->level = level;
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 ||
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 60/62] target/arm: Don't shift attrs in get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (58 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 59/62] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 61/62] target/arm: Consider GP an attribute " Richard Henderson
` (3 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Leave the upper and lower attributes in the place they originate
from in the descriptor. Shifting them around is confusing, since
one cannot read the bit numbers out of the manual. Also, new
attributes have been added which would alter the shifts.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 678ad2ac0c..e7569ece33 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1018,7 +1018,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
hwaddr descaddr, indexmask, indexmask_grainsize;
uint32_t tableattrs;
target_ulong page_size;
- uint32_t attrs;
+ uint64_t attrs;
int32_t stride;
int addrsize, inputsize, outputsize;
TCR *tcr = regime_tcr(env, mmu_idx);
@@ -1288,49 +1288,48 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr &= ~(page_size - 1);
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor */
- attrs = extract64(descriptor, 2, 10)
- | (extract64(descriptor, 52, 12) << 10);
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
/* Stage 2 table descriptors do not include any attribute fields */
goto skip_attrs;
}
/* Merge in attributes from table descriptors */
- attrs |= nstable << 3; /* NS */
+ attrs |= nstable << 5; /* NS */
guarded = extract64(descriptor, 50, 1); /* GP */
if (param.hpd) {
/* HPD disables all the table attributes except NSTable. */
goto skip_attrs;
}
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
+ attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
/*
* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
* means "force PL1 access only", which means forcing AP[1] to 0.
*/
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
+ attrs &= ~(extract64(tableattrs, 2, 1) << 6); /* !APT[0] => AP[1] */
+ attrs |= extract32(tableattrs, 3, 1) << 7; /* APT[1] => AP[2] */
skip_attrs:
/*
* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
- if ((attrs & (1 << 8)) == 0) {
+ if ((attrs & (1 << 10)) == 0) {
/* Access flag */
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- ap = extract32(attrs, 4, 2);
+ ap = extract32(attrs, 6, 2);
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
ns = mmu_idx == ARMMMUIdx_Stage2;
- xn = extract32(attrs, 11, 2);
+ xn = extract64(attrs, 54, 2);
result->prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
- ns = extract32(attrs, 3, 1);
- xn = extract32(attrs, 12, 1);
- pxn = extract32(attrs, 11, 1);
+ ns = extract32(attrs, 5, 1);
+ xn = extract64(attrs, 54, 1);
+ pxn = extract64(attrs, 53, 1);
result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
@@ -1354,10 +1353,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
result->cacheattrs.is_s2_format = true;
- result->cacheattrs.attrs = extract32(attrs, 0, 4);
+ result->cacheattrs.attrs = extract32(attrs, 2, 4);
} else {
/* Index into MAIR registers for cache attributes */
- uint8_t attrindx = extract32(attrs, 0, 3);
+ uint8_t attrindx = extract32(attrs, 2, 3);
uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
assert(attrindx <= 7);
result->cacheattrs.is_s2_format = false;
@@ -1372,7 +1371,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (param.ds) {
result->cacheattrs.shareability = param.sh;
} else {
- result->cacheattrs.shareability = extract32(attrs, 6, 2);
+ result->cacheattrs.shareability = extract32(attrs, 8, 2);
}
result->phys = descaddr;
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 61/62] target/arm: Consider GP an attribute in get_phys_addr_lpae
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (59 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 60/62] target/arm: Don't shift attrs " Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-03 8:24 ` [PATCH 62/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (2 subsequent siblings)
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Both GP and DBM are in the upper attribute block.
Extend the computation of attrs to include them,
then simplify the setting of guarded.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e7569ece33..07ed49bd70 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1026,7 +1026,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
uint32_t el = regime_el(env, mmu_idx);
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
- bool guarded = false;
S1TranslateResult s1;
uint64_t descriptor;
bool nstable;
@@ -1288,7 +1287,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr &= ~(page_size - 1);
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor */
- attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
/* Stage 2 table descriptors do not include any attribute fields */
@@ -1296,7 +1295,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
/* Merge in attributes from table descriptors */
attrs |= nstable << 5; /* NS */
- guarded = extract64(descriptor, 50, 1); /* GP */
if (param.hpd) {
/* HPD disables all the table attributes except NSTable. */
goto skip_attrs;
@@ -1348,7 +1346,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
- result->cacheattrs.guarded = guarded;
+ result->cacheattrs.guarded = extract64(attrs, 50, 1); /* GP */
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* [PATCH 62/62] target/arm: Implement FEAT_HAFDBS
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (60 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 61/62] target/arm: Consider GP an attribute " Richard Henderson
@ 2022-07-03 8:24 ` Richard Henderson
2022-07-04 14:54 ` [PATCH 00/62] " Peter Maydell
2022-08-12 16:31 ` Peter Maydell
63 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-03 8:24 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Perform the atomic update for hardware management of the
access flag and the dirty bit.
A limitation of the implementation so far is that the
page table must itself be writable. This is allowed because
it is CONSTRAINED UNPREDICTABLE whether any atomic update
happens at all. Any implementation is allowed to simply
fall back on software update at any time.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
docs/system/arm/emulation.rst | 1 +
target/arm/cpu64.c | 1 +
target/arm/ptw.c | 128 ++++++++++++++++++++++++++++++++--
3 files changed, 123 insertions(+), 7 deletions(-)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 83b4410065..ccbb61feb1 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -30,6 +30,7 @@ the following architecture extensions:
- FEAT_FRINTTS (Floating-point to integer instructions)
- FEAT_FlagM (Flag manipulation instructions v2)
- FEAT_FlagM2 (Enhancements to flag manipulation instructions)
+- FEAT_HAFDBS (Hardware management of the access flag and dirty bit state)
- FEAT_HCX (Support for the HCRX_EL2 register)
- FEAT_HPDS (Hierarchical permission disables)
- FEAT_I8MM (AArch64 Int8 matrix multiplication instructions)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 19188d6cc2..0eb2e46bbc 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -1030,6 +1030,7 @@ static void aarch64_max_initfn(Object *obj)
cpu->isar.id_aa64mmfr0 = t;
t = cpu->isar.id_aa64mmfr1;
+ t = FIELD_DP64(t, ID_AA64MMFR1, HAFDBS, 2); /* FEAT_HAFDBS */
t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* FEAT_VMID16 */
t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); /* FEAT_VHE */
t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* FEAT_HPDS */
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 07ed49bd70..608956bee6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -193,6 +193,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
typedef struct {
bool is_secure;
bool be;
+ bool rw;
void *hphys;
hwaddr gphys;
} S1TranslateResult;
@@ -205,11 +206,12 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
{
MemTxAttrs attrs = {};
PageEntryExtra extra;
- int flags;
+ CPUTLBEntry *entry;
+ int flags, s2_core_idx;
env->tlb_fi = fi;
- flags = probe_access_extra(env, addr, MMU_DATA_LOAD,
- arm_to_core_mmu_idx(s2_mmu_idx),
+ s2_core_idx = arm_to_core_mmu_idx(s2_mmu_idx);
+ flags = probe_access_extra(env, addr, MMU_DATA_LOAD, s2_core_idx,
true, &res->hphys, &attrs, &extra, 0);
env->tlb_fi = NULL;
@@ -222,6 +224,14 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return false;
}
+ /*
+ * The page must be in the tlb, because we just probed it.
+ * Remember if the page is also writable, for FEAT_HAFDBS.
+ */
+ entry = tlb_entry(env, s2_core_idx, addr);
+ assert(tlb_hit(entry->addr_read, addr));
+ res->rw = tlb_hit(tlb_addr_write(entry), addr);
+
if (s2_mmu_idx == ARMMMUIdx_Stage2 || s2_mmu_idx == ARMMMUIdx_Stage2_S) {
uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
uint8_t s2attrs = FIELD_EX64(extra.x, PAGEENTRYEXTRA, ATTRS);
@@ -334,6 +344,56 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, const S1TranslateResult *s1,
return data;
}
+static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
+ uint64_t new_val, const S1TranslateResult *s1,
+ ARMMMUFaultInfo *fi)
+{
+ uint64_t cur_val;
+
+ if (unlikely(!s1->hphys)) {
+ fi->type = ARMFault_UnsuppAtomicUpdate;
+ fi->s1ptw = true;
+ return 0;
+ }
+
+#ifndef CONFIG_ATOMIC64
+ /*
+ * We can't support the atomic operation on the host. We should be
+ * running in round-robin mode though, which means that we would only
+ * race with dma i/o.
+ */
+ qemu_mutex_lock_iothread();
+ if (s1->be) {
+ cur_val = ldq_be_p(s1->hphys);
+ if (cur_val == old_val) {
+ stq_be_p(s1->hphys, new_val);
+ }
+ } else {
+ cur_val = ldq_le_p(s1->hphys);
+ if (cur_val == old_val) {
+ stq_le_p(s1->hphys, new_val);
+ }
+ }
+ qemu_mutex_unlock_iothread();
+#else
+ if (s1->be) {
+ old_val = cpu_to_be64(old_val);
+ new_val = cpu_to_be64(new_val);
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)s1->hphys,
+ old_val, new_val);
+ cur_val = be64_to_cpu(cur_val);
+ } else {
+ old_val = cpu_to_le64(old_val);
+ new_val = cpu_to_le64(new_val);
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)s1->hphys,
+ old_val, new_val);
+ cur_val = le64_to_cpu(cur_val);
+ }
+#endif
+
+ return cur_val;
+}
+
static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
uint32_t *table, uint32_t address)
{
@@ -1237,6 +1297,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
goto do_fault;
}
+ restart_atomic_update:
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
goto do_translation_fault;
@@ -1314,8 +1375,26 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
*/
if ((attrs & (1 << 10)) == 0) {
/* Access flag */
- fi->type = ARMFault_AccessFlag;
- goto do_fault;
+ uint64_t new_des, old_des;
+
+ /*
+ * If HA is disabled, or if the pte is not writable,
+ * pass on the access fault to software.
+ */
+ if (!param.ha || !s1.rw) {
+ fi->type = ARMFault_AccessFlag;
+ goto do_fault;
+ }
+
+ old_des = descriptor;
+ new_des = descriptor | (1 << 10); /* AF */
+ descriptor = arm_casq_ptw(env, old_des, new_des, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+ if (old_des != descriptor) {
+ goto restart_atomic_update;
+ }
}
ap = extract32(attrs, 6, 2);
@@ -1332,8 +1411,43 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
if (!(result->prot & (1 << access_type))) {
- fi->type = ARMFault_Permission;
- goto do_fault;
+ uint64_t new_des, old_des;
+
+ /* Writes may set dirty if DBM attribute is set. */
+ if (!param.hd
+ || access_type != MMU_DATA_STORE
+ || !extract64(attrs, 51, 1) /* DBM */
+ || !s1.rw) {
+ fi->type = ARMFault_Permission;
+ goto do_fault;
+ }
+
+ old_des = descriptor;
+ if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ new_des = descriptor | (1ull << 7); /* S2AP[1] */
+ } else {
+ new_des = descriptor & ~(1ull << 7); /* AP[2] */
+ }
+
+ /*
+ * If the descriptor didn't change, then attributes weren't the
+ * reason for the permission fault, so deliver it.
+ */
+ if (old_des == new_des) {
+ fi->type = ARMFault_Permission;
+ goto do_fault;
+ }
+
+ descriptor = arm_casq_ptw(env, old_des, new_des, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+ if (old_des != descriptor) {
+ goto restart_atomic_update;
+ }
+
+ /* Success: the page is now writable. */
+ result->prot |= 1 << MMU_DATA_STORE;
}
if (ns) {
--
2.34.1
^ permalink raw reply related [flat|nested] 100+ messages in thread
* Re: [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (61 preceding siblings ...)
2022-07-03 8:24 ` [PATCH 62/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
@ 2022-07-04 14:54 ` Peter Maydell
2022-07-04 14:58 ` Richard Henderson
2022-08-12 16:31 ` Peter Maydell
63 siblings, 1 reply; 100+ messages in thread
From: Peter Maydell @ 2022-07-04 14:54 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:25, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is a major reorg to arm page table walking. While the result
> here is "merely" Hardware-assited Access Flag and Dirty Bit Setting
> (HAFDBS), the ultimate goal is the Realm Management Extension (RME).
> RME "recommends" that HAFDBS be implemented (I_CSLWZ).
>
> For HAFDBS, being able to find a host pointer for the ram that
> backs a given page table entry is required in order to perform the
> atomic update to that PTE. The easiest way to find a host pointer
> is to use the existing softtlb mechanism. Thus all of the page
> table walkers have been adjusted to take an mmu_idx that corresponds
> to the regime in which the page table is stored. In some cases,
> this is a new "physical" mmu_idx that has a permanent 1-1 mapping.
>
> For RME, "physical" addresses also have page permissions, coming
> from the Root realm Granule Protection Table, which can be thought
> of as a third stage page table lookup. So eventually the new
> Secure and Nonsecure physical mmu indexes will joined by
> Realm and Root physical mmu indexes, and all of them will take
> the new Granule Page Table into account.
>
> Previously, we had A-profile allocate separate mmu_idx for secure
> vs non-secure. I've done away with that. Now, I flush all mmu_idx
> when SCR_EL3.NS is changed. I did not see how we could reasonably
> add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
> Trusted Firmware, at the code paths used to change between Secure
> and Nonsecure. We wind up flushing all of these mmu_idx anyway while
> swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
> to keep them live at the same time within qemu.
Is there no SMC/interrupt/etc at all which is handled as a "just do the
thing at EL3" without dropping down to secure EL2/EL1 ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
2022-07-04 14:54 ` [PATCH 00/62] " Peter Maydell
@ 2022-07-04 14:58 ` Richard Henderson
2022-07-04 15:57 ` Peter Maydell
0 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-07-04 14:58 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 7/4/22 20:24, Peter Maydell wrote:
>> Previously, we had A-profile allocate separate mmu_idx for secure
>> vs non-secure. I've done away with that. Now, I flush all mmu_idx
>> when SCR_EL3.NS is changed. I did not see how we could reasonably
>> add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
>> Trusted Firmware, at the code paths used to change between Secure
>> and Nonsecure. We wind up flushing all of these mmu_idx anyway while
>> swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
>> to keep them live at the same time within qemu.
>
> Is there no SMC/interrupt/etc at all which is handled as a "just do the
> thing at EL3" without dropping down to secure EL2/EL1 ?
I'm sure there is, but it's only swapping between S EL[012] and NS EL[012] that concerned
me. Is there something that I'm missing?
r~
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 02/62] target/arm: Enable PageEntryExtra
2022-07-03 8:23 ` [PATCH 02/62] target/arm: Enable PageEntryExtra Richard Henderson
@ 2022-07-04 15:22 ` Peter Maydell
2022-07-05 1:01 ` Richard Henderson
0 siblings, 1 reply; 100+ messages in thread
From: Peter Maydell @ 2022-07-04 15:22 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:25, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Copy attrs, sharability, and the NS bit into the TLB.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/cpu-param.h | 8 ++++++++
> target/arm/internals.h | 5 +++++
> target/arm/tlb_helper.c | 14 ++++++++++++--
> 3 files changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
> index 68ffb12427..a14f167d11 100644
> --- a/target/arm/cpu-param.h
> +++ b/target/arm/cpu-param.h
> @@ -30,6 +30,14 @@
> */
> # define TARGET_PAGE_BITS_VARY
> # define TARGET_PAGE_BITS_MIN 10
> +/*
> + * Extra information stored in softmmu page tables.
> + */
> +# define TARGET_PAGE_ENTRY_EXTRA
> +struct PageEntryExtra {
> + /* See PAGEENTRYEXTRA fields in cpu.h */
> + uint64_t x;
> +};
> #endif
>
> #define NB_MMU_MODES 15
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index c66f74a0db..2b38a83574 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -74,6 +74,11 @@ FIELD(V7M_EXCRET, DCRS, 5, 1)
> FIELD(V7M_EXCRET, S, 6, 1)
> FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
>
> +/* Bit definitions for PageEntryExtra */
> +FIELD(PAGEENTRYEXTRA, ATTRS, 0, 8)
> +FIELD(PAGEENTRYEXTRA, SHAREABILITY, 8, 2)
> +FIELD(PAGEENTRYEXTRA, PA, 12, 52)
So why do we want these things in particular? It would be
helpful to describe the intended uses in the commit message
to save the reader having to read the next 60 patches to
find out :-)
Is wanting to cache the physaddr an Arm-specific thing, or is it
something we should consider having in the core softmmu code?
> +
> /* Minimum value which is a magic number for exception return */
> #define EXC_RETURN_MIN_MAGIC 0xff000000
> /* Minimum number which is a magic number for function or exception return
> diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
> index 7d8a86b3c4..9de3099153 100644
> --- a/target/arm/tlb_helper.c
> +++ b/target/arm/tlb_helper.c
> @@ -226,21 +226,31 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> &phys_addr, &attrs, &prot, &page_size,
> &fi, &cacheattrs);
> if (likely(!ret)) {
> + PageEntryExtra extra = {};
> +
> /*
> * Map a single [sub]page. Regions smaller than our declared
> * target page size are handled specially, so for those we
> - * pass in the exact addresses.
> + * pass in the exact addresses. This only happens for M-profile,
> + * which does not use or require PageEntryExtra.
> */
Do we have to exclude M-profile here because the PageEntryExtra
data is strictly-per-page, or because the way we've formatted
our extra uint64_t requires the physaddr to be page-aligned, or both?
> if (page_size >= TARGET_PAGE_SIZE) {
> phys_addr &= TARGET_PAGE_MASK;
> address &= TARGET_PAGE_MASK;
> +
> + /* Record some particulars for later lookup. */
> + extra.x = phys_addr;
> + extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, ATTRS,
> + cacheattrs.attrs);
> + extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
> + cacheattrs.shareability);
> }
> /* Notice and record tagged memory. */
> if (cpu_isar_feature(aa64_mte, cpu) && cacheattrs.attrs == 0xf0) {
> arm_tlb_mte_tagged(&attrs) = true;
> }
>
> - tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
> + tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
> prot, mmu_idx, page_size);
> return true;
> } else if (probe) {
> --
> 2.34.1
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 01/62] accel/tcg: Introduce PageEntryExtra
2022-07-03 8:23 ` [PATCH 01/62] accel/tcg: Introduce PageEntryExtra Richard Henderson
@ 2022-07-04 15:28 ` Peter Maydell
2022-07-05 0:35 ` Richard Henderson
0 siblings, 1 reply; 100+ messages in thread
From: Peter Maydell @ 2022-07-04 15:28 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:25, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Add an optional structure, controlled by TARGET_PAGE_ENTRY_EXTRA,
> that allows arbitrary extra data to be saved in the TLB for a
> given page. Set it with tlb_set_page_with_extra() and fetch it
> with probe_access_extra().
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> -/* Add a new TLB entry. At most one entry for a given virtual address
> +/*
> + * Add a new TLB entry. At most one entry for a given virtual address
> * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
> * supplied size is only used by tlb_flush_page.
> *
> * Called from TCG-generated code, which is under an RCU read-side
> * critical section.
> + *
> + * Returns a pointer to the iotlb entry, with env_tlb(env)->c.lock
> + * still locked, for final additions to the iotlb entry. The caller
> + * must unlock the lock.
> */
> -void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
> - hwaddr paddr, MemTxAttrs attrs, int prot,
> - int mmu_idx, target_ulong size)
> +void tlb_set_page_with_extra(CPUState *cpu, target_ulong vaddr, hwaddr paddr,
> + MemTxAttrs attrs, PageEntryExtra extra,
> + int prot, int mmu_idx, target_ulong size)
The comment claims it returns a pointer to the iotlb entry, but
the code says it returns void... leftover from a previous design?
> {
> CPUArchState *env = cpu->env_ptr;
> CPUTLB *tlb = env_tlb(env);
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
2022-07-04 14:58 ` Richard Henderson
@ 2022-07-04 15:57 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-04 15:57 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 4 Jul 2022 at 15:58, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 7/4/22 20:24, Peter Maydell wrote:
> >> Previously, we had A-profile allocate separate mmu_idx for secure
> >> vs non-secure. I've done away with that. Now, I flush all mmu_idx
> >> when SCR_EL3.NS is changed. I did not see how we could reasonably
> >> add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
> >> Trusted Firmware, at the code paths used to change between Secure
> >> and Nonsecure. We wind up flushing all of these mmu_idx anyway while
> >> swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
> >> to keep them live at the same time within qemu.
> >
> > Is there no SMC/interrupt/etc at all which is handled as a "just do the
> > thing at EL3" without dropping down to secure EL2/EL1 ?
>
> I'm sure there is, but it's only swapping between S EL[012] and NS EL[012] that concerned
> me. Is there something that I'm missing?
Oh, right, EL3 remains its own mmu_idx, of course. (And I guess
also Monitor mode for AArch32 EL3, though the degree to which we
care about performance of emulation there is decreasing I suspect.)
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 01/62] accel/tcg: Introduce PageEntryExtra
2022-07-04 15:28 ` Peter Maydell
@ 2022-07-05 0:35 ` Richard Henderson
0 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-05 0:35 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 7/4/22 20:58, Peter Maydell wrote:
>> + * Returns a pointer to the iotlb entry, with env_tlb(env)->c.lock
>> + * still locked, for final additions to the iotlb entry. The caller
>> + * must unlock the lock.
>> */
>> -void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
>> - hwaddr paddr, MemTxAttrs attrs, int prot,
>> - int mmu_idx, target_ulong size)
>> +void tlb_set_page_with_extra(CPUState *cpu, target_ulong vaddr, hwaddr paddr,
>> + MemTxAttrs attrs, PageEntryExtra extra,
>> + int prot, int mmu_idx, target_ulong size)
>
> The comment claims it returns a pointer to the iotlb entry, but
> the code says it returns void... leftover from a previous design?
Whoops, yes. In the end I thought that was a bit too much internals exposed.
r~
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 02/62] target/arm: Enable PageEntryExtra
2022-07-04 15:22 ` Peter Maydell
@ 2022-07-05 1:01 ` Richard Henderson
0 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-07-05 1:01 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 7/4/22 20:52, Peter Maydell wrote:
> On Sun, 3 Jul 2022 at 09:25, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> Copy attrs, sharability, and the NS bit into the TLB.
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/arm/cpu-param.h | 8 ++++++++
>> target/arm/internals.h | 5 +++++
>> target/arm/tlb_helper.c | 14 ++++++++++++--
>> 3 files changed, 25 insertions(+), 2 deletions(-)
>>
>> diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
>> index 68ffb12427..a14f167d11 100644
>> --- a/target/arm/cpu-param.h
>> +++ b/target/arm/cpu-param.h
>> @@ -30,6 +30,14 @@
>> */
>> # define TARGET_PAGE_BITS_VARY
>> # define TARGET_PAGE_BITS_MIN 10
>> +/*
>> + * Extra information stored in softmmu page tables.
>> + */
>> +# define TARGET_PAGE_ENTRY_EXTRA
>> +struct PageEntryExtra {
>> + /* See PAGEENTRYEXTRA fields in cpu.h */
>> + uint64_t x;
>> +};
>> #endif
>>
>> #define NB_MMU_MODES 15
>> diff --git a/target/arm/internals.h b/target/arm/internals.h
>> index c66f74a0db..2b38a83574 100644
>> --- a/target/arm/internals.h
>> +++ b/target/arm/internals.h
>> @@ -74,6 +74,11 @@ FIELD(V7M_EXCRET, DCRS, 5, 1)
>> FIELD(V7M_EXCRET, S, 6, 1)
>> FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
>>
>> +/* Bit definitions for PageEntryExtra */
>> +FIELD(PAGEENTRYEXTRA, ATTRS, 0, 8)
>> +FIELD(PAGEENTRYEXTRA, SHAREABILITY, 8, 2)
>> +FIELD(PAGEENTRYEXTRA, PA, 12, 52)
>
> So why do we want these things in particular? It would be
> helpful to describe the intended uses in the commit message
> to save the reader having to read the next 60 patches to
> find out :-)
Heh, yes. Basically, it's what S1_ptw_translate requires (pa, attrs), so that we can
report a stage1 ptw failure, and what do_ats_write requires (pa, sh, attrs) for filling in
PAR_EL1. Although within these 62 patches I didn't came back to finish converting
do_ats_write to use probe_access_flags_extra instead of using get_phys_addr directly, it
was a goal.
> Is wanting to cache the physaddr an Arm-specific thing, or is it
> something we should consider having in the core softmmu code?
I'm not sure what other targets require for their 2-stage page table walks. I guess I
should have a look (riscv, i386, ?).
It *is* possible to recover the phys addr from the iommutlb, because I was doing that in
mte_helper.c (see code removed in patch 5), but it's certainly not simple.
>> if (likely(!ret)) {
>> + PageEntryExtra extra = {};
>> +
>> /*
>> * Map a single [sub]page. Regions smaller than our declared
>> * target page size are handled specially, so for those we
>> - * pass in the exact addresses.
>> + * pass in the exact addresses. This only happens for M-profile,
>> + * which does not use or require PageEntryExtra.
>> */
>
> Do we have to exclude M-profile here because the PageEntryExtra
> data is strictly-per-page, or because the way we've formatted
> our extra uint64_t requires the physaddr to be page-aligned, or both?
Because our extra uint64_t requires page alignment, and reuses those bits.
r~
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r
2022-07-03 8:23 ` [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r Richard Henderson
@ 2022-07-05 12:05 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-05 12:05 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:25, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The comment was correct, but the test was not:
> disable mte if tagged is *not* set.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/sve_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index 1654c0bbf9..db15d03ded 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -5986,7 +5986,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
> * Disable MTE checking if the Tagged bit is not set. Since TBI must
> * be set within MTEDESC for MTE, !mtedesc => !mte_active.
> */
> - if (arm_tlb_mte_tagged(&info.page[0].attrs)) {
> + if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
> mtedesc = 0;
> }
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Since this is a standalone bugfix I've put it in target-arm.next
so it doesn't get held up while we review the rest of the series.
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page
2022-07-03 8:23 ` [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page Richard Henderson
@ 2022-07-05 12:09 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-05 12:09 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:27, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Fixes a bug in that we were not honoring MTE from user-only
> SVE. Copy the user-only MTE logic from allocation_tag_mem
> into sve_probe_page.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/sve_helper.c | 3 +++
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
and added to target-arm.next as a bugfix.
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 05/62] target/arm: Use PageEntryExtra for MTE
2022-07-03 8:23 ` [PATCH 05/62] target/arm: Use PageEntryExtra for MTE Richard Henderson
@ 2022-07-05 12:47 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-05 12:47 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:28, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Tagged pages are indicated by the page attributes, so we
> don't need to use a separate bit in MemTxAttrs. Further,
> we store the PA, so we don't need to recover it by walking
> the tree of memory regions.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Getting rid of the messing about with the iotlbentry and
the memory regions makes this PageEntryExtra work seem
worthwhile on its own, I think...
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 06/62] target/arm: Use PageEntryExtra for BTI
2022-07-03 8:23 ` [PATCH 06/62] target/arm: Use PageEntryExtra for BTI Richard Henderson
@ 2022-07-05 14:12 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-05 14:12 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:27, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Add a bit to ARMCacheAttrs to hold the guarded bit between
> get_phys_addr_lpae and arm_cpu_tlb_fill, then put the bit
> into PageEntryExtra.
>
> In is_guarded_page, use probe_access_extra instead of just
> guessing that the tlb entry is still present. Also handles
> the FIXME about executing from device memory.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs
2022-07-03 8:23 ` [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
@ 2022-07-05 14:12 ` Peter Maydell
0 siblings, 0 replies; 100+ messages in thread
From: Peter Maydell @ 2022-07-05 14:12 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:35, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> We have now moved all uses to PageEntryExtra.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 08/62] target/arm: Create GetPhysAddrResult
2022-07-03 8:23 ` [PATCH 08/62] target/arm: Create GetPhysAddrResult Richard Henderson
@ 2022-08-10 13:02 ` Alex Bennée
2022-08-19 17:31 ` Richard Henderson
0 siblings, 1 reply; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:02 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Combine 5 output pointer argument from get_phys_addr
> into a single struct. Adjust all callers.
This looks to be an improvement - I guess the real benefit is the
compiler isn't jamming so many closely aligned pointers on the stack
frame for all the return values?
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/internals.h | 13 ++++-
> target/arm/helper.c | 27 ++++-----
> target/arm/m_helper.c | 52 +++++------------
> target/arm/ptw.c | 125 +++++++++++++++++++++-------------------
> target/arm/tlb_helper.c | 26 ++++-----
> 5 files changed, 113 insertions(+), 130 deletions(-)
>
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 268c3c7380..7d08917f88 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -1133,11 +1133,18 @@ typedef struct ARMCacheAttrs {
> bool guarded:1; /* guarded bit of the v8-64 PTE */
> } ARMCacheAttrs;
>
> +/* Fields that are valid upon success. */
> +typedef struct GetPhysAddrResult {
> + hwaddr phys;
> + target_ulong page_size;
> + int prot;
> + MemTxAttrs attrs;
> + ARMCacheAttrs cacheattrs;
> +} GetPhysAddrResult;
> +
> bool get_phys_addr(CPUARMState *env, target_ulong address,
> MMUAccessType access_type, ARMMMUIdx mmu_idx,
> - hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
> - target_ulong *page_size,
> - ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
> + GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
> __attribute__((nonnull));
>
> void arm_log_exception(CPUState *cs);
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index f6dcb1a115..fb13e0f4c0 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3173,24 +3173,19 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
> static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
> MMUAccessType access_type, ARMMMUIdx mmu_idx)
> {
> - hwaddr phys_addr;
> - target_ulong page_size;
> - int prot;
> bool ret;
> uint64_t par64;
> bool format64 = false;
> - MemTxAttrs attrs = {};
> ARMMMUFaultInfo fi = {};
> - ARMCacheAttrs cacheattrs = {};
> + GetPhysAddrResult res = {};
>
> - ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
> - &prot, &page_size, &fi, &cacheattrs);
> + ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
>
> /*
> * ATS operations only do S1 or S1+S2 translations, so we never
> * have to deal with the ARMCacheAttrs format for S2 only.
> */
> - assert(!cacheattrs.is_s2_format);
> + assert(!res.cacheattrs.is_s2_format);
>
> if (ret) {
> /*
> @@ -3296,12 +3291,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
> /* Create a 64-bit PAR */
> par64 = (1 << 11); /* LPAE bit always set */
> if (!ret) {
> - par64 |= phys_addr & ~0xfffULL;
> - if (!attrs.secure) {
> + par64 |= res.phys & ~0xfffULL;
> + if (!res.attrs.secure) {
> par64 |= (1 << 9); /* NS */
> }
> - par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */
> - par64 |= cacheattrs.shareability << 7; /* SH */
> + par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
> + par64 |= res.cacheattrs.shareability << 7; /* SH */
> } else {
> uint32_t fsr = arm_fi_to_lfsc(&fi);
>
> @@ -3321,13 +3316,13 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
> */
> if (!ret) {
> /* We do not set any attribute bits in the PAR */
> - if (page_size == (1 << 24)
> + if (res.page_size == (1 << 24)
> && arm_feature(env, ARM_FEATURE_V7)) {
> - par64 = (phys_addr & 0xff000000) | (1 << 1);
> + par64 = (res.phys & 0xff000000) | (1 << 1);
> } else {
> - par64 = phys_addr & 0xfffff000;
> + par64 = res.phys & 0xfffff000;
> }
> - if (!attrs.secure) {
> + if (!res.attrs.secure) {
> par64 |= (1 << 9); /* NS */
> }
> } else {
> diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
> index 308610f6b4..84c6796b8d 100644
> --- a/target/arm/m_helper.c
> +++ b/target/arm/m_helper.c
> @@ -183,19 +183,14 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
> {
> CPUState *cs = CPU(cpu);
> CPUARMState *env = &cpu->env;
> - MemTxAttrs attrs = {};
> MemTxResult txres;
> - target_ulong page_size;
> - hwaddr physaddr;
> - int prot;
> + GetPhysAddrResult res = {};
> ARMMMUFaultInfo fi = {};
> - ARMCacheAttrs cacheattrs = {};
> bool secure = mmu_idx & ARM_MMU_IDX_M_S;
> int exc;
> bool exc_secure;
>
> - if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &physaddr,
> - &attrs, &prot, &page_size, &fi, &cacheattrs)) {
> + if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &res, &fi)) {
> /* MPU/SAU lookup failed */
> if (fi.type == ARMFault_QEMU_SFault) {
> if (mode == STACK_LAZYFP) {
> @@ -228,8 +223,8 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
> }
> goto pend_fault;
> }
> - address_space_stl_le(arm_addressspace(cs, attrs), physaddr, value,
> - attrs, &txres);
> + address_space_stl_le(arm_addressspace(cs, res.attrs), res.phys, value,
> + res.attrs, &txres);
> if (txres != MEMTX_OK) {
> /* BusFault trying to write the data */
> if (mode == STACK_LAZYFP) {
> @@ -276,20 +271,15 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
> {
> CPUState *cs = CPU(cpu);
> CPUARMState *env = &cpu->env;
> - MemTxAttrs attrs = {};
> MemTxResult txres;
> - target_ulong page_size;
> - hwaddr physaddr;
> - int prot;
> + GetPhysAddrResult res = {};
> ARMMMUFaultInfo fi = {};
> - ARMCacheAttrs cacheattrs = {};
> bool secure = mmu_idx & ARM_MMU_IDX_M_S;
> int exc;
> bool exc_secure;
> uint32_t value;
>
> - if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
> - &attrs, &prot, &page_size, &fi, &cacheattrs)) {
> + if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
> /* MPU/SAU lookup failed */
> if (fi.type == ARMFault_QEMU_SFault) {
> qemu_log_mask(CPU_LOG_INT,
> @@ -308,8 +298,8 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
> goto pend_fault;
> }
>
> - value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
> - attrs, &txres);
> + value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
> + res.attrs, &txres);
> if (txres != MEMTX_OK) {
> /* BusFault trying to read the data */
> qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
> @@ -2008,13 +1998,9 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
> CPUState *cs = CPU(cpu);
> CPUARMState *env = &cpu->env;
> V8M_SAttributes sattrs = {};
> - MemTxAttrs attrs = {};
> + GetPhysAddrResult res = {};
> ARMMMUFaultInfo fi = {};
> - ARMCacheAttrs cacheattrs = {};
> MemTxResult txres;
> - target_ulong page_size;
> - hwaddr physaddr;
> - int prot;
>
> v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
> if (!sattrs.nsc || sattrs.ns) {
> @@ -2028,16 +2014,15 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
> "...really SecureFault with SFSR.INVEP\n");
> return false;
> }
> - if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &physaddr,
> - &attrs, &prot, &page_size, &fi, &cacheattrs)) {
> + if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &res, &fi)) {
> /* the MPU lookup failed */
> env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
> armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
> qemu_log_mask(CPU_LOG_INT, "...really MemManage with CFSR.IACCVIOL\n");
> return false;
> }
> - *insn = address_space_lduw_le(arm_addressspace(cs, attrs), physaddr,
> - attrs, &txres);
> + *insn = address_space_lduw_le(arm_addressspace(cs, res.attrs), res.phys,
> + res.attrs, &txres);
> if (txres != MEMTX_OK) {
> env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
> armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
> @@ -2060,17 +2045,12 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
> */
> CPUState *cs = CPU(cpu);
> CPUARMState *env = &cpu->env;
> - MemTxAttrs attrs = {};
> MemTxResult txres;
> - target_ulong page_size;
> - hwaddr physaddr;
> - int prot;
> + GetPhysAddrResult res = {};
> ARMMMUFaultInfo fi = {};
> - ARMCacheAttrs cacheattrs = {};
> uint32_t value;
>
> - if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
> - &attrs, &prot, &page_size, &fi, &cacheattrs)) {
> + if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
> /* MPU/SAU lookup failed */
> if (fi.type == ARMFault_QEMU_SFault) {
> qemu_log_mask(CPU_LOG_INT,
> @@ -2088,8 +2068,8 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
> }
> return false;
> }
> - value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
> - attrs, &txres);
> + value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
> + res.attrs, &txres);
> if (txres != MEMTX_OK) {
> /* BusFault trying to read the data */
> qemu_log_mask(CPU_LOG_INT,
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index 204c820026..1a946f3757 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -2296,18 +2296,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
> * @address: virtual address to get physical address for
> * @access_type: 0 for read, 1 for write, 2 for execute
> * @mmu_idx: MMU index indicating required translation regime
> - * @phys_ptr: set to the physical address corresponding to the virtual address
> - * @attrs: set to the memory transaction attributes to use
> - * @prot: set to the permissions for the page containing phys_ptr
> - * @page_size: set to the size of the page containing phys_ptr
> + * @result: set on translation success.
> * @fi: set to fault info if the translation fails
> - * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
> */
> bool get_phys_addr(CPUARMState *env, target_ulong address,
> MMUAccessType access_type, ARMMMUIdx mmu_idx,
> - hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
> - target_ulong *page_size,
> - ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
> + GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
> {
> ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
>
> @@ -2318,43 +2312,53 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> */
> if (arm_feature(env, ARM_FEATURE_EL2)) {
> hwaddr ipa;
> - int s2_prot;
> + int s1_prot;
> int ret;
> bool ipa_secure;
> - ARMCacheAttrs cacheattrs2 = {};
> + ARMCacheAttrs cacheattrs1;
> ARMMMUIdx s2_mmu_idx;
> bool is_el0;
>
> - ret = get_phys_addr(env, address, access_type, s1_mmu_idx, &ipa,
> - attrs, prot, page_size, fi, cacheattrs);
> + ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
> + result, fi);
>
> /* If S1 fails or S2 is disabled, return early. */
> if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
> - *phys_ptr = ipa;
> return ret;
> }
>
> - ipa_secure = attrs->secure;
> + ipa = result->phys;
> + ipa_secure = result->attrs.secure;
> if (arm_is_secure_below_el3(env)) {
> - if (ipa_secure) {
> - attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
> - } else {
> - attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
> - }
> + result->attrs.secure =
> + (ipa_secure
> + ? !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW)
> + : !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW));
> } else {
> assert(!ipa_secure);
> }
>
> - s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
> + s2_mmu_idx = (result->attrs.secure
> + ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
> is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
>
> - /* S1 is done. Now do S2 translation. */
> + /*
> + * S1 is done, now do S2 translation.
> + * Save the stage1 results so that we may merge
> + * prot and cacheattrs later.
> + */
> + s1_prot = result->prot;
> + cacheattrs1 = result->cacheattrs;
> + memset(result, 0, sizeof(*result));
> +
> ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0,
> - phys_ptr, attrs, &s2_prot,
> - page_size, fi, &cacheattrs2);
> + &result->phys, &result->attrs,
> + &result->prot, &result->page_size,
> + fi, &result->cacheattrs);
> fi->s2addr = ipa;
> +
> /* Combine the S1 and S2 perms. */
> - *prot &= s2_prot;
> + result->prot &= s1_prot;
>
> /* If S2 fails, return early. */
> if (ret) {
> @@ -2370,20 +2374,21 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> * Outer Write-Back Read-Allocate Write-Allocate.
> * Do not overwrite Tagged within attrs.
> */
> - if (cacheattrs->attrs != 0xf0) {
> - cacheattrs->attrs = 0xff;
> + if (cacheattrs1.attrs != 0xf0) {
> + cacheattrs1.attrs = 0xff;
> }
> - cacheattrs->shareability = 0;
> + cacheattrs1.shareability = 0;
> }
> - *cacheattrs = combine_cacheattrs(env, *cacheattrs, cacheattrs2);
> + result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
> + result->cacheattrs);
>
> /* Check if IPA translates to secure or non-secure PA space. */
> if (arm_is_secure_below_el3(env)) {
> if (ipa_secure) {
> - attrs->secure =
> + result->attrs.secure =
> !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
> } else {
> - attrs->secure =
> + result->attrs.secure =
> !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
> || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
> }
> @@ -2402,8 +2407,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> * cannot upgrade an non-secure translation regime's attributes
> * to secure.
> */
> - attrs->secure = regime_is_secure(env, mmu_idx);
> - attrs->user = regime_is_user(env, mmu_idx);
> + result->attrs.secure = regime_is_secure(env, mmu_idx);
> + result->attrs.user = regime_is_user(env, mmu_idx);
>
> /*
> * Fast Context Switch Extension. This doesn't exist at all in v8.
> @@ -2420,20 +2425,22 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
>
> if (arm_feature(env, ARM_FEATURE_PMSA)) {
> bool ret;
> - *page_size = TARGET_PAGE_SIZE;
> + result->page_size = TARGET_PAGE_SIZE;
>
> if (arm_feature(env, ARM_FEATURE_V8)) {
> /* PMSAv8 */
> ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
> - phys_ptr, attrs, prot, page_size, fi);
> + &result->phys, &result->attrs,
> + &result->prot, &result->page_size, fi);
> } else if (arm_feature(env, ARM_FEATURE_V7)) {
> /* PMSAv7 */
> ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
> - phys_ptr, prot, page_size, fi);
> + &result->phys, &result->prot,
> + &result->page_size, fi);
> } else {
> /* Pre-v7 MPU */
> ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
> - phys_ptr, prot, fi);
> + &result->phys, &result->prot, fi);
> }
> qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
> " mmu_idx %u -> %s (prot %c%c%c)\n",
> @@ -2441,9 +2448,9 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> (access_type == MMU_DATA_STORE ? "writing" : "execute"),
> (uint32_t)address, mmu_idx,
> ret ? "Miss" : "Hit",
> - *prot & PAGE_READ ? 'r' : '-',
> - *prot & PAGE_WRITE ? 'w' : '-',
> - *prot & PAGE_EXEC ? 'x' : '-');
> + result->prot & PAGE_READ ? 'r' : '-',
> + result->prot & PAGE_WRITE ? 'w' : '-',
> + result->prot & PAGE_EXEC ? 'x' : '-');
>
> return ret;
> }
> @@ -2488,14 +2495,14 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> address = extract64(address, 0, 52);
> }
> }
> - *phys_ptr = address;
> - *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> - *page_size = TARGET_PAGE_SIZE;
> + result->phys = address;
> + result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> + result->page_size = TARGET_PAGE_SIZE;
>
> /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
> hcr = arm_hcr_el2_eff(env);
> - cacheattrs->shareability = 0;
> - cacheattrs->is_s2_format = false;
> + result->cacheattrs.shareability = 0;
> + result->cacheattrs.is_s2_format = false;
> if (hcr & HCR_DC) {
> if (hcr & HCR_DCT) {
> memattr = 0xf0; /* Tagged, Normal, WB, RWA */
> @@ -2508,24 +2515,27 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> } else {
> memattr = 0x44; /* Normal, NC, No */
> }
> - cacheattrs->shareability = 2; /* outer sharable */
> + result->cacheattrs.shareability = 2; /* outer sharable */
> } else {
> memattr = 0x00; /* Device, nGnRnE */
> }
> - cacheattrs->attrs = memattr;
> + result->cacheattrs.attrs = memattr;
> return 0;
> }
>
> if (regime_using_lpae_format(env, mmu_idx)) {
> return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
> - phys_ptr, attrs, prot, page_size,
> - fi, cacheattrs);
> + &result->phys, &result->attrs,
> + &result->prot, &result->page_size,
> + fi, &result->cacheattrs);
> } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
> return get_phys_addr_v6(env, address, access_type, mmu_idx,
> - phys_ptr, attrs, prot, page_size, fi);
> + &result->phys, &result->attrs,
> + &result->prot, &result->page_size, fi);
> } else {
> return get_phys_addr_v5(env, address, access_type, mmu_idx,
> - phys_ptr, prot, page_size, fi);
> + &result->phys, &result->prot,
> + &result->page_size, fi);
> }
> }
>
> @@ -2534,21 +2544,16 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
> {
> ARMCPU *cpu = ARM_CPU(cs);
> CPUARMState *env = &cpu->env;
> - hwaddr phys_addr;
> - target_ulong page_size;
> - int prot;
> - bool ret;
> + GetPhysAddrResult res = {};
> ARMMMUFaultInfo fi = {};
> ARMMMUIdx mmu_idx = arm_mmu_idx(env);
> - ARMCacheAttrs cacheattrs = {};
> + bool ret;
>
> - *attrs = (MemTxAttrs) {};
> -
> - ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &phys_addr,
> - attrs, &prot, &page_size, &fi, &cacheattrs);
> + ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi);
> + *attrs = res.attrs;
>
> if (ret) {
> return -1;
> }
> - return phys_addr;
> + return res.phys;
> }
> diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
> index 7476fcafeb..28495ff525 100644
> --- a/target/arm/tlb_helper.c
> +++ b/target/arm/tlb_helper.c
> @@ -209,11 +209,8 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> {
> ARMCPU *cpu = ARM_CPU(cs);
> ARMMMUFaultInfo fi = {};
> - hwaddr phys_addr;
> - target_ulong page_size;
> - int prot, ret;
> - MemTxAttrs attrs = {};
> - ARMCacheAttrs cacheattrs = {};
> + GetPhysAddrResult res = {};
> + int ret;
>
> /*
> * Walk the page table and (if the mapping exists) add the page
> @@ -223,8 +220,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> */
> ret = get_phys_addr(&cpu->env, address, access_type,
> core_to_arm_mmu_idx(&cpu->env, mmu_idx),
> - &phys_addr, &attrs, &prot, &page_size,
> - &fi, &cacheattrs);
> + &res, &fi);
> if (likely(!ret)) {
> PageEntryExtra extra = {};
>
> @@ -234,22 +230,22 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> * pass in the exact addresses. This only happens for M-profile,
> * which does not use or require PageEntryExtra.
> */
> - if (page_size >= TARGET_PAGE_SIZE) {
> - phys_addr &= TARGET_PAGE_MASK;
> + if (res.page_size >= TARGET_PAGE_SIZE) {
> + res.phys &= TARGET_PAGE_MASK;
> address &= TARGET_PAGE_MASK;
>
> /* Record some particulars for later lookup. */
> - extra.x = phys_addr;
> + extra.x = res.phys;
> extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, ATTRS,
> - cacheattrs.attrs);
> + res.cacheattrs.attrs);
> extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, SHAREABILITY,
> - cacheattrs.shareability);
> + res.cacheattrs.shareability);
> extra.x = FIELD_DP64(extra.x, PAGEENTRYEXTRA, GUARDED,
> - cacheattrs.guarded);
> + res.cacheattrs.guarded);
> }
>
> - tlb_set_page_with_extra(cs, address, phys_addr, attrs, extra,
> - prot, mmu_idx, page_size);
> + tlb_set_page_with_extra(cs, address, res.phys, res.attrs, extra,
> + res.prot, mmu_idx, res.page_size);
> return true;
> } else if (probe) {
> return false;
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
2022-07-03 8:23 ` [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
@ 2022-08-10 13:04 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:04 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6
2022-07-03 8:23 ` [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
@ 2022-08-10 13:04 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:04 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5
2022-07-03 8:23 ` [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
@ 2022-08-10 13:05 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:05 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
2022-07-03 8:23 ` [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
@ 2022-08-10 13:05 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:05 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
2022-07-03 8:23 ` [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
@ 2022-08-10 13:06 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:06 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
2022-07-03 8:23 ` [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
@ 2022-08-10 13:06 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:06 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
2022-07-03 8:23 ` [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
@ 2022-08-10 13:09 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:09 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
2022-07-03 8:23 ` [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
@ 2022-08-10 13:11 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:11 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> This can be made redundant with result->page_size, by moving
> the basic set of page_size from get_phys_addr_pmsav8. We still
> need to overwrite page_size when v8m_security_lookup signals
> a subpage.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
<snip>
>
> ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
> - result, &mpu_is_subpage, fi, NULL);
> - result->page_size =
> - sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
> + result, fi, NULL);
> + if (sattrs.subpage) {
> + result->page_size = 1;
> + }
We should probably document the meaning of page_size == 1 in the
comments for the definition of GetPhysAddrResult.
> return ret;
> }
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup
2022-07-03 8:23 ` [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
@ 2022-08-10 13:13 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:13 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from v8m_security_lookup.
s/./ and pass its status down to the lookup instead./ ?
Anyway:
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup
2022-07-03 8:23 ` [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup Richard Henderson
@ 2022-08-10 13:15 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:15 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from pmsav8_mpu_lookup.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5
2022-07-03 8:23 ` [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
@ 2022-08-10 13:15 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:15 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_v5.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6
2022-07-03 8:23 ` [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
@ 2022-08-10 13:15 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:15 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_v6.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-07-03 8:23 ` [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
@ 2022-08-10 13:16 ` Alex Bennée
2022-08-10 15:33 ` Richard Henderson
0 siblings, 1 reply; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:16 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_pmsav8.
> Since we already had a local variable named secure, use that.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index d424dec729..f7892a0c48 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
>
> static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
> MMUAccessType access_type, ARMMMUIdx mmu_idx,
> - GetPhysAddrResult *result,
> + bool secure, GetPhysAddrResult
> *result,
NIT: why not use is_secure like all the other functions (and reformat
the commit subject to match too).
Otherwise:
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region
2022-07-03 8:23 ` [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
@ 2022-08-10 13:17 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:17 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from pmsav7_use_background_region.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae
2022-07-03 8:23 ` [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
@ 2022-08-10 13:18 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:18 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_lpae.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7
2022-07-03 8:23 ` [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7 Richard Henderson
@ 2022-08-10 13:18 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:18 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_pmsav7
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled
2022-07-03 8:23 ` [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
@ 2022-08-10 13:18 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:18 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from regime_translation_disabled.
>
> This fixes a bug in S1_ptw_translate and get_phys_addr where we had
> passed ARMMMUIdx_Stage2 and not ARMMMUIdx_Stage2_S to determine if
> Stage2 is disabled, affecting FEAT_SEL2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5
2022-07-03 8:23 ` [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
@ 2022-08-10 13:18 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:18 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from get_phys_addr_pmsav5.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn
2022-07-03 8:23 ` [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
@ 2022-08-10 13:27 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 13:27 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> Remove the use of regime_is_secure from v7m_read_half_insn.
> As it happens, both callers pass true, but that is a detail
> of v7m_handle_execute_nsc we need not expose to the callee.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-08-10 13:16 ` Alex Bennée
@ 2022-08-10 15:33 ` Richard Henderson
2022-08-10 18:46 ` Alex Bennée
0 siblings, 1 reply; 100+ messages in thread
From: Richard Henderson @ 2022-08-10 15:33 UTC (permalink / raw)
To: Alex Bennée; +Cc: qemu-devel, qemu-arm
On 8/10/22 06:16, Alex Bennée wrote:
>
> Richard Henderson <richard.henderson@linaro.org> writes:
>
>> Remove the use of regime_is_secure from get_phys_addr_pmsav8.
>> Since we already had a local variable named secure, use that.
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/arm/ptw.c | 5 ++---
>> 1 file changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
>> index d424dec729..f7892a0c48 100644
>> --- a/target/arm/ptw.c
>> +++ b/target/arm/ptw.c
>> @@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
>>
>> static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
>> MMUAccessType access_type, ARMMMUIdx mmu_idx,
>> - GetPhysAddrResult *result,
>> + bool secure, GetPhysAddrResult
>> *result,
>
> NIT: why not use is_secure like all the other functions (and reformat
> the commit subject to match too).
It's right there in the commit message -- there was an existing local variable.
r~
>
> Otherwise:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-08-10 15:33 ` Richard Henderson
@ 2022-08-10 18:46 ` Alex Bennée
0 siblings, 0 replies; 100+ messages in thread
From: Alex Bennée @ 2022-08-10 18:46 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
Richard Henderson <richard.henderson@linaro.org> writes:
> On 8/10/22 06:16, Alex Bennée wrote:
>> Richard Henderson <richard.henderson@linaro.org> writes:
>>
>>> Remove the use of regime_is_secure from get_phys_addr_pmsav8.
>>> Since we already had a local variable named secure, use that.
>>>
>>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>> ---
>>> target/arm/ptw.c | 5 ++---
>>> 1 file changed, 2 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
>>> index d424dec729..f7892a0c48 100644
>>> --- a/target/arm/ptw.c
>>> +++ b/target/arm/ptw.c
>>> @@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
>>> static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t
>>> address,
>>> MMUAccessType access_type, ARMMMUIdx mmu_idx,
>>> - GetPhysAddrResult *result,
>>> + bool secure, GetPhysAddrResult
>>> *result,
>> NIT: why not use is_secure like all the other functions (and
>> reformat
>> the commit subject to match too).
>
> It's right there in the commit message -- there was an existing local
> variable.
doh - sorry so focused on the mechanics I missed the explanation!
>
>
> r~
>
>> Otherwise:
>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>
--
Alex Bennée
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (62 preceding siblings ...)
2022-07-04 14:54 ` [PATCH 00/62] " Peter Maydell
@ 2022-08-12 16:31 ` Peter Maydell
2022-08-12 17:54 ` Richard Henderson
63 siblings, 1 reply; 100+ messages in thread
From: Peter Maydell @ 2022-08-12 16:31 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Sun, 3 Jul 2022 at 09:25, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is a major reorg to arm page table walking. While the result
> here is "merely" Hardware-assited Access Flag and Dirty Bit Setting
> (HAFDBS), the ultimate goal is the Realm Management Extension (RME).
> RME "recommends" that HAFDBS be implemented (I_CSLWZ).
> Richard Henderson (62):
> accel/tcg: Introduce PageEntryExtra
> target/arm: Enable PageEntryExtra
> target/arm: Fix MTE check in sve_ldnfff1_r
> target/arm: Record tagged bit for user-only in sve_probe_page
> target/arm: Use PageEntryExtra for MTE
> target/arm: Use PageEntryExtra for BTI
> include/exec: Remove target_tlb_bitN from MemTxAttrs
> target/arm: Create GetPhysAddrResult
> target/arm: Fix ipa_secure in get_phys_addr
> target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
> target/arm: Use GetPhysAddrResult in get_phys_addr_v6
> target/arm: Use GetPhysAddrResult in get_phys_addr_v5
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
> target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
> target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
> target/arm: Add is_secure parameter to v8m_security_lookup
> target/arm: Add is_secure parameter to pmsav8_mpu_lookup
> target/arm: Add is_secure parameter to get_phys_addr_v5
> target/arm: Add is_secure parameter to get_phys_addr_v6
> target/arm: Add secure parameter to get_phys_addr_pmsav8
> target/arm: Add is_secure parameter to pmsav7_use_background_region
> target/arm: Add is_secure parameter to get_phys_addr_lpae
> target/arm: Add is_secure parameter to get_phys_addr_pmsav7
> target/arm: Add is_secure parameter to regime_translation_disabled
> target/arm: Add is_secure parameter to get_phys_addr_pmsav5
Is it possible to rearrange this patchset so the easy
refactoring patches that do "use a struct to return
values from get_phys_addr and friends" are at the front
(ie before the stuff that touches core code) ?
That way they're easy to take into the tree early while
the rest of the series is still under review...
thanks
-- PMM
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 00/62] target/arm: Implement FEAT_HAFDBS
2022-08-12 16:31 ` Peter Maydell
@ 2022-08-12 17:54 ` Richard Henderson
0 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-08-12 17:54 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 8/12/22 09:31, Peter Maydell wrote:
> Is it possible to rearrange this patchset so the easy
> refactoring patches that do "use a struct to return
> values from get_phys_addr and friends" are at the front
> (ie before the stuff that touches core code) ?
> That way they're easy to take into the tree early while
> the rest of the series is still under review...
Yes, I think so.
r~
^ permalink raw reply [flat|nested] 100+ messages in thread
* Re: [PATCH 08/62] target/arm: Create GetPhysAddrResult
2022-08-10 13:02 ` Alex Bennée
@ 2022-08-19 17:31 ` Richard Henderson
0 siblings, 0 replies; 100+ messages in thread
From: Richard Henderson @ 2022-08-19 17:31 UTC (permalink / raw)
To: Alex Bennée; +Cc: qemu-devel, qemu-arm
On 8/10/22 06:02, Alex Bennée wrote:
>
> Richard Henderson <richard.henderson@linaro.org> writes:
>
>> Combine 5 output pointer argument from get_phys_addr
>> into a single struct. Adjust all callers.
>
> This looks to be an improvement - I guess the real benefit is the
> compiler isn't jamming so many closely aligned pointers on the stack
> frame for all the return values?
Correct. The number of parameters is also down to 6, which fits all in register arguments
for most hosts, including x86_64. And in turn, we need to copy fewer arguments down to
the subroutines.
r~
^ permalink raw reply [flat|nested] 100+ messages in thread
end of thread, other threads:[~2022-08-19 18:08 UTC | newest]
Thread overview: 100+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-03 8:23 [PATCH 00/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-07-03 8:23 ` [PATCH 01/62] accel/tcg: Introduce PageEntryExtra Richard Henderson
2022-07-04 15:28 ` Peter Maydell
2022-07-05 0:35 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 02/62] target/arm: Enable PageEntryExtra Richard Henderson
2022-07-04 15:22 ` Peter Maydell
2022-07-05 1:01 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 03/62] target/arm: Fix MTE check in sve_ldnfff1_r Richard Henderson
2022-07-05 12:05 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 04/62] target/arm: Record tagged bit for user-only in sve_probe_page Richard Henderson
2022-07-05 12:09 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 05/62] target/arm: Use PageEntryExtra for MTE Richard Henderson
2022-07-05 12:47 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 06/62] target/arm: Use PageEntryExtra for BTI Richard Henderson
2022-07-05 14:12 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 07/62] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
2022-07-05 14:12 ` Peter Maydell
2022-07-03 8:23 ` [PATCH 08/62] target/arm: Create GetPhysAddrResult Richard Henderson
2022-08-10 13:02 ` Alex Bennée
2022-08-19 17:31 ` Richard Henderson
2022-07-03 8:23 ` [PATCH 09/62] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
2022-07-03 8:23 ` [PATCH 10/62] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
2022-08-10 13:04 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 11/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
2022-08-10 13:04 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 12/62] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
2022-08-10 13:05 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 13/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
2022-08-10 13:05 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 14/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
2022-08-10 13:06 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 15/62] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
2022-08-10 13:06 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 16/62] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
2022-08-10 13:09 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 17/62] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
2022-08-10 13:11 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 18/62] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
2022-08-10 13:13 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 20/62] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 21/62] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
2022-08-10 13:15 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
2022-08-10 13:16 ` Alex Bennée
2022-08-10 15:33 ` Richard Henderson
2022-08-10 18:46 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 23/62] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
2022-08-10 13:17 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 24/62] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7 Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 26/62] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
2022-08-10 13:18 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 28/62] target/arm: Split out get_phys_addr_with_secure Richard Henderson
2022-07-03 8:23 ` [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
2022-08-10 13:27 ` Alex Bennée
2022-07-03 8:23 ` [PATCH 30/62] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
2022-07-03 8:23 ` [PATCH 31/62] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
2022-07-03 8:23 ` [PATCH 32/62] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
2022-07-03 8:23 ` [PATCH 33/62] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
2022-07-03 8:23 ` [PATCH 34/62] target/arm: Reorg regime_translation_disabled Richard Henderson
2022-07-03 8:23 ` [PATCH 35/62] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
2022-07-03 8:23 ` [PATCH 36/62] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
2022-07-03 8:23 ` [PATCH 37/62] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
2022-07-03 8:23 ` [PATCH 38/62] target/arm: Fix S2 disabled check " Richard Henderson
2022-07-03 8:23 ` [PATCH 39/62] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
2022-07-03 8:23 ` [PATCH 40/62] target/arm: Pass HCR to attribute subroutines Richard Henderson
2022-07-03 8:23 ` [PATCH 41/62] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
2022-07-03 8:23 ` [PATCH 42/62] target/arm: Split out get_phys_addr_disabled Richard Henderson
2022-07-03 8:24 ` [PATCH 43/62] target/arm: Reorg get_phys_addr_disabled Richard Henderson
2022-07-03 8:24 ` [PATCH 44/62] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
2022-07-03 8:24 ` [PATCH 45/62] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
2022-07-03 8:24 ` [PATCH 46/62] target/arm: Use softmmu tlbs for page table walking Richard Henderson
2022-07-03 8:24 ` [PATCH 47/62] target/arm: Hoist check for disabled stage2 translation Richard Henderson
2022-07-03 8:24 ` [PATCH 48/62] target/arm: Split out get_phys_addr_twostage Richard Henderson
2022-07-03 8:24 ` [PATCH 49/62] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
2022-07-03 8:24 ` [PATCH 50/62] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
2022-07-03 8:24 ` [PATCH 51/62] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
2022-07-03 8:24 ` [PATCH 52/62] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
2022-07-03 8:24 ` [PATCH 53/62] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
2022-07-03 8:24 ` [PATCH 54/62] target/arm: Split out S1TranslateResult type Richard Henderson
2022-07-03 8:24 ` [PATCH 55/62] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
2022-07-03 8:24 ` [PATCH 56/62] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
2022-07-03 8:24 ` [PATCH 57/62] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
2022-07-03 8:24 ` [PATCH 58/62] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
2022-07-03 8:24 ` [PATCH 59/62] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
2022-07-03 8:24 ` [PATCH 60/62] target/arm: Don't shift attrs " Richard Henderson
2022-07-03 8:24 ` [PATCH 61/62] target/arm: Consider GP an attribute " Richard Henderson
2022-07-03 8:24 ` [PATCH 62/62] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-07-04 14:54 ` [PATCH 00/62] " Peter Maydell
2022-07-04 14:58 ` Richard Henderson
2022-07-04 15:57 ` Peter Maydell
2022-08-12 16:31 ` Peter Maydell
2022-08-12 17:54 ` Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.