* [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS
@ 2022-08-22 15:26 Richard Henderson
2022-08-22 15:26 ` [PATCH v2 01/66] target/arm: Create GetPhysAddrResult Richard Henderson
` (66 more replies)
0 siblings, 67 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This is a major reorg to arm page table walking. While the result
here is "merely" Hardware-assited Access Flag and Dirty Bit Setting
(HAFDBS), the ultimate goal is the Realm Management Extension (RME).
RME "recommends" that HAFDBS be implemented (I_CSLWZ).
For HAFDBS, being able to find a host pointer for the ram that
backs a given page table entry is required in order to perform the
atomic update to that PTE. The easiest way to find a host pointer
is to use the existing softtlb mechanism. Thus all of the page
table walkers have been adjusted to take an mmu_idx that corresponds
to the regime in which the page table is stored. In some cases,
this is a new "physical" mmu_idx that has a permanent 1-1 mapping.
For RME, "physical" addresses also have page permissions, coming
from the Root realm Granule Protection Table, which can be thought
of as a third stage page table lookup. So eventually the new
Secure and Nonsecure physical mmu indexes will joined by
Realm and Root physical mmu indexes, and all of them will take
the new Granule Page Table into account.
Previously, we had A-profile allocate separate mmu_idx for secure
vs non-secure. I've done away with that. Now, I flush all mmu_idx
when SCR_EL3.NS is changed. I did not see how we could reasonably
add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
Trusted Firmware, at the code paths used to change between Secure
and Nonsecure. We wind up flushing all of these mmu_idx anyway while
swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
to keep them live at the same time within qemu.
Major changes for v2:
* Sort as much pure arm cleanup to the front. Most, but
not all, of the first 20 have been reviewed.
* The accel/tcg changes are completely different. I have renamed the
IOTLB, because it's no longer IO specific. I've dropped the
PageEntryExtra struct, and standardized on the renamed CPUTLBEntryFull
struct, which now includes the phys_addr, page protection, and log2
page size; the target-specific fields are included via macro.
The whole CPUTLBEntryFull struct is passed to the new tlb_set_page_full,
simplifying usage; the struct is returned by the new probe_access_full.
I've been working on an x86_64 conversion to CPUTLBEntryFull as well,
both to figure out what another target needs, and to fix
https://gitlab.com/qemu-project/qemu/-/issues/279
r~
Richard Henderson (66):
target/arm: Create GetPhysAddrResult
target/arm: Fix ipa_secure in get_phys_addr
target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
target/arm: Use GetPhysAddrResult in get_phys_addr_v6
target/arm: Use GetPhysAddrResult in get_phys_addr_v5
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
target/arm: Add is_secure parameter to v8m_security_lookup
target/arm: Add secure parameter to pmsav8_mpu_lookup
target/arm: Add is_secure parameter to get_phys_addr_v5
target/arm: Add is_secure parameter to get_phys_addr_v6
target/arm: Add secure parameter to get_phys_addr_pmsav8
target/arm: Add is_secure parameter to pmsav7_use_background_region
target/arm: Add is_secure parameter to get_phys_addr_lpae
target/arm: Add secure parameter to get_phys_addr_pmsav7
target/arm: Add is_secure parameter to regime_translation_disabled
target/arm: Add is_secure parameter to get_phys_addr_pmsav5
target/arm: Split out get_phys_addr_with_secure
target/arm: Add is_secure parameter to v7m_read_half_insn
target/arm: Add TBFLAG_M32.SECURE
target/arm: Merge regime_is_secure into get_phys_addr
target/arm: Add is_secure parameter to do_ats_write
target/arm: Fold secure and non-secure a-profile mmu indexes
target/arm: Reorg regime_translation_disabled
target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
target/arm: Introduce arm_hcr_el2_eff_secstate
target/arm: Hoist read of *is_secure in S1_ptw_translate
target/arm: Fix S2 disabled check in S1_ptw_translate
target/arm: Remove env argument from combined_attrs_fwb
target/arm: Pass HCR to attribute subroutines.
target/arm: Fix ATS12NSO* from S PL1
target/arm: Split out get_phys_addr_disabled
target/arm: Reorg get_phys_addr_disabled
accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
accel/tcg: Drop addr member from SavedIOTLB
accel/tcg: Suppress auto-invalidate in probe_access_internal
accel/tcg: Introduce probe_access_full
accel/tcg: Introduce tlb_set_page_full
target/arm: Use tlb_set_page_full
include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
target/arm: Enable TARGET_PAGE_ENTRY_EXTRA
target/arm: Use probe_access_full for MTE
target/arm: Use probe_access_full for BTI
include/exec: Remove target_tlb_bitN from MemTxAttrs
target/arm: Add ARMMMUIdx_Phys_{S,NS}
target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx
target/arm: Use softmmu tlbs for page table walking
target/arm: Hoist check for disabled stage2 translation.
target/arm: Split out get_phys_addr_twostage
target/arm: Use bool consistently for get_phys_addr subroutines
target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation
target/arm: Add ptw_idx argument to S1_ptw_translate
target/arm: Add isar predicates for FEAT_HAFDBS
target/arm: Extract HA and HD in aa64_va_parameters
target/arm: Split out S1TranslateResult type
target/arm: Move be test for regime into S1TranslateResult
target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
target/arm: Add ARMFault_UnsuppAtomicUpdate
target/arm: Remove loop from get_phys_addr_lpae
target/arm: Fix fault reporting in get_phys_addr_lpae
target/arm: Don't shift attrs in get_phys_addr_lpae
target/arm: Consider GP an attribute in get_phys_addr_lpae
target/arm: Implement FEAT_HAFDBS
docs/system/arm/emulation.rst | 1 +
include/exec/cpu-defs.h | 45 +-
include/exec/exec-all.h | 33 +
include/exec/memattrs.h | 10 -
include/hw/core/cpu.h | 1 -
target/arm/cpu-param.h | 10 +-
target/arm/cpu.h | 138 ++--
target/arm/internals.h | 109 +--
target/arm/sve_ldst_internal.h | 1 +
accel/tcg/cputlb.c | 214 ++---
target/arm/cpu64.c | 1 +
target/arm/helper.c | 213 +++--
target/arm/m_helper.c | 83 +-
target/arm/mte_helper.c | 63 +-
target/arm/ptw.c | 1343 +++++++++++++++++++-------------
target/arm/sve_helper.c | 54 +-
target/arm/tlb_helper.c | 39 +-
target/arm/translate-a64.c | 30 +-
target/arm/translate.c | 9 +-
target/s390x/tcg/mem_helper.c | 4 -
20 files changed, 1287 insertions(+), 1114 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 106+ messages in thread
* [PATCH v2 01/66] target/arm: Create GetPhysAddrResult
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 13:50 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
` (65 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Combine 5 output pointer arguments from get_phys_addr
into a single struct. Adjust all callers.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 13 ++++-
target/arm/helper.c | 27 ++++-----
target/arm/m_helper.c | 52 ++++++-----------
target/arm/ptw.c | 120 +++++++++++++++++++++-------------------
target/arm/tlb_helper.c | 22 +++-----
5 files changed, 109 insertions(+), 125 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index b8fefdff67..293e27b996 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1142,11 +1142,18 @@ typedef struct ARMCacheAttrs {
bool is_s2_format:1;
} ARMCacheAttrs;
+/* Fields that are valid upon success. */
+typedef struct GetPhysAddrResult {
+ hwaddr phys;
+ target_ulong page_size;
+ int prot;
+ MemTxAttrs attrs;
+ ARMCacheAttrs cacheattrs;
+} GetPhysAddrResult;
+
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d7bc467a2a..68373bc0a9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3107,24 +3107,19 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
MMUAccessType access_type, ARMMMUIdx mmu_idx)
{
- hwaddr phys_addr;
- target_ulong page_size;
- int prot;
bool ret;
uint64_t par64;
bool format64 = false;
- MemTxAttrs attrs = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
+ GetPhysAddrResult res = {};
- ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
- &prot, &page_size, &fi, &cacheattrs);
+ ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
* have to deal with the ARMCacheAttrs format for S2 only.
*/
- assert(!cacheattrs.is_s2_format);
+ assert(!res.cacheattrs.is_s2_format);
if (ret) {
/*
@@ -3230,12 +3225,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
/* Create a 64-bit PAR */
par64 = (1 << 11); /* LPAE bit always set */
if (!ret) {
- par64 |= phys_addr & ~0xfffULL;
- if (!attrs.secure) {
+ par64 |= res.phys & ~0xfffULL;
+ if (!res.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
- par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */
- par64 |= cacheattrs.shareability << 7; /* SH */
+ par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
+ par64 |= res.cacheattrs.shareability << 7; /* SH */
} else {
uint32_t fsr = arm_fi_to_lfsc(&fi);
@@ -3255,13 +3250,13 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
*/
if (!ret) {
/* We do not set any attribute bits in the PAR */
- if (page_size == (1 << 24)
+ if (res.page_size == (1 << 24)
&& arm_feature(env, ARM_FEATURE_V7)) {
- par64 = (phys_addr & 0xff000000) | (1 << 1);
+ par64 = (res.phys & 0xff000000) | (1 << 1);
} else {
- par64 = phys_addr & 0xfffff000;
+ par64 = res.phys & 0xfffff000;
}
- if (!attrs.secure) {
+ if (!res.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
} else {
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 308610f6b4..84c6796b8d 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -183,19 +183,14 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
{
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
bool secure = mmu_idx & ARM_MMU_IDX_M_S;
int exc;
bool exc_secure;
- if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
if (mode == STACK_LAZYFP) {
@@ -228,8 +223,8 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
}
goto pend_fault;
}
- address_space_stl_le(arm_addressspace(cs, attrs), physaddr, value,
- attrs, &txres);
+ address_space_stl_le(arm_addressspace(cs, res.attrs), res.phys, value,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to write the data */
if (mode == STACK_LAZYFP) {
@@ -276,20 +271,15 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
{
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
bool secure = mmu_idx & ARM_MMU_IDX_M_S;
int exc;
bool exc_secure;
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
@@ -308,8 +298,8 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
goto pend_fault;
}
- value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
@@ -2008,13 +1998,9 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
V8M_SAttributes sattrs = {};
- MemTxAttrs attrs = {};
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
@@ -2028,16 +2014,15 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
"...really SecureFault with SFSR.INVEP\n");
return false;
}
- if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, &res, &fi)) {
/* the MPU lookup failed */
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
qemu_log_mask(CPU_LOG_INT, "...really MemManage with CFSR.IACCVIOL\n");
return false;
}
- *insn = address_space_lduw_le(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ *insn = address_space_lduw_le(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
@@ -2060,17 +2045,12 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
*/
CPUState *cs = CPU(cpu);
CPUARMState *env = &cpu->env;
- MemTxAttrs attrs = {};
MemTxResult txres;
- target_ulong page_size;
- hwaddr physaddr;
- int prot;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- ARMCacheAttrs cacheattrs = {};
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
- &attrs, &prot, &page_size, &fi, &cacheattrs)) {
+ if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
@@ -2088,8 +2068,8 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
}
return false;
}
- value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
- attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
+ res.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT,
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3261039d93..8db2abac01 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2300,18 +2300,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
- * @phys_ptr: set to the physical address corresponding to the virtual address
- * @attrs: set to the memory transaction attributes to use
- * @prot: set to the permissions for the page containing phys_ptr
- * @page_size: set to the size of the page containing phys_ptr
+ * @result: set on translation success.
* @fi: set to fault info if the translation fails
- * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
*/
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
@@ -2322,43 +2316,54 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
*/
if (arm_feature(env, ARM_FEATURE_EL2)) {
hwaddr ipa;
- int s2_prot;
+ int s1_prot;
int ret;
bool ipa_secure;
- ARMCacheAttrs cacheattrs2 = {};
+ ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
bool is_el0;
- ret = get_phys_addr(env, address, access_type, s1_mmu_idx, &ipa,
- attrs, prot, page_size, fi, cacheattrs);
+ ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
+ result, fi);
/* If S1 fails or S2 is disabled, return early. */
if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
- *phys_ptr = ipa;
return ret;
}
- ipa_secure = attrs->secure;
+ ipa = result->phys;
+ ipa_secure = result->attrs.secure;
if (arm_is_secure_below_el3(env)) {
if (ipa_secure) {
- attrs->secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
+ result->attrs.secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
} else {
- attrs->secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
+ result->attrs.secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
}
} else {
assert(!ipa_secure);
}
- s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ s2_mmu_idx = (result->attrs.secure
+ ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
- /* S1 is done. Now do S2 translation. */
+ /*
+ * S1 is done, now do S2 translation.
+ * Save the stage1 results so that we may merge
+ * prot and cacheattrs later.
+ */
+ s1_prot = result->prot;
+ cacheattrs1 = result->cacheattrs;
+ memset(result, 0, sizeof(*result));
+
ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0,
- phys_ptr, attrs, &s2_prot,
- page_size, fi, &cacheattrs2);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size,
+ fi, &result->cacheattrs);
fi->s2addr = ipa;
+
/* Combine the S1 and S2 perms. */
- *prot &= s2_prot;
+ result->prot &= s1_prot;
/* If S2 fails, return early. */
if (ret) {
@@ -2374,20 +2379,21 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* Outer Write-Back Read-Allocate Write-Allocate.
* Do not overwrite Tagged within attrs.
*/
- if (cacheattrs->attrs != 0xf0) {
- cacheattrs->attrs = 0xff;
+ if (cacheattrs1.attrs != 0xf0) {
+ cacheattrs1.attrs = 0xff;
}
- cacheattrs->shareability = 0;
+ cacheattrs1.shareability = 0;
}
- *cacheattrs = combine_cacheattrs(env, *cacheattrs, cacheattrs2);
+ result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
+ result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
if (arm_is_secure_below_el3(env)) {
if (ipa_secure) {
- attrs->secure =
+ result->attrs.secure =
!(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
} else {
- attrs->secure =
+ result->attrs.secure =
!((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
|| (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
}
@@ -2406,8 +2412,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* cannot upgrade an non-secure translation regime's attributes
* to secure.
*/
- attrs->secure = regime_is_secure(env, mmu_idx);
- attrs->user = regime_is_user(env, mmu_idx);
+ result->attrs.secure = regime_is_secure(env, mmu_idx);
+ result->attrs.user = regime_is_user(env, mmu_idx);
/*
* Fast Context Switch Extension. This doesn't exist at all in v8.
@@ -2424,20 +2430,22 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_PMSA)) {
bool ret;
- *page_size = TARGET_PAGE_SIZE;
+ result->page_size = TARGET_PAGE_SIZE;
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size, fi);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- phys_ptr, prot, page_size, fi);
+ &result->phys, &result->prot,
+ &result->page_size, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- phys_ptr, prot, fi);
+ &result->phys, &result->prot, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
@@ -2445,9 +2453,9 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
(access_type == MMU_DATA_STORE ? "writing" : "execute"),
(uint32_t)address, mmu_idx,
ret ? "Miss" : "Hit",
- *prot & PAGE_READ ? 'r' : '-',
- *prot & PAGE_WRITE ? 'w' : '-',
- *prot & PAGE_EXEC ? 'x' : '-');
+ result->prot & PAGE_READ ? 'r' : '-',
+ result->prot & PAGE_WRITE ? 'w' : '-',
+ result->prot & PAGE_EXEC ? 'x' : '-');
return ret;
}
@@ -2492,14 +2500,14 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
address = extract64(address, 0, 52);
}
}
- *phys_ptr = address;
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
- *page_size = TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->page_size = TARGET_PAGE_SIZE;
/* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
hcr = arm_hcr_el2_eff(env);
- cacheattrs->shareability = 0;
- cacheattrs->is_s2_format = false;
+ result->cacheattrs.shareability = 0;
+ result->cacheattrs.is_s2_format = false;
if (hcr & HCR_DC) {
if (hcr & HCR_DCT) {
memattr = 0xf0; /* Tagged, Normal, WB, RWA */
@@ -2512,24 +2520,27 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
memattr = 0x44; /* Normal, NC, No */
}
- cacheattrs->shareability = 2; /* outer sharable */
+ result->cacheattrs.shareability = 2; /* outer sharable */
} else {
memattr = 0x00; /* Device, nGnRnE */
}
- cacheattrs->attrs = memattr;
+ result->cacheattrs.attrs = memattr;
return 0;
}
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- phys_ptr, attrs, prot, page_size,
- fi, cacheattrs);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size,
+ fi, &result->cacheattrs);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size, fi);
+ &result->phys, &result->attrs,
+ &result->prot, &result->page_size, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- phys_ptr, prot, page_size, fi);
+ &result->phys, &result->prot,
+ &result->page_size, fi);
}
}
@@ -2538,21 +2549,16 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
- hwaddr phys_addr;
- target_ulong page_size;
- int prot;
- bool ret;
+ GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
ARMMMUIdx mmu_idx = arm_mmu_idx(env);
- ARMCacheAttrs cacheattrs = {};
+ bool ret;
- *attrs = (MemTxAttrs) {};
-
- ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &phys_addr,
- attrs, &prot, &page_size, &fi, &cacheattrs);
+ ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi);
+ *attrs = res.attrs;
if (ret) {
return -1;
}
- return phys_addr;
+ return res.phys;
}
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 5a709eab56..ad225b1cb2 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -209,11 +209,8 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
{
ARMCPU *cpu = ARM_CPU(cs);
ARMMMUFaultInfo fi = {};
- hwaddr phys_addr;
- target_ulong page_size;
- int prot, ret;
- MemTxAttrs attrs = {};
- ARMCacheAttrs cacheattrs = {};
+ GetPhysAddrResult res = {};
+ int ret;
/*
* Walk the page table and (if the mapping exists) add the page
@@ -223,25 +220,24 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
*/
ret = get_phys_addr(&cpu->env, address, access_type,
core_to_arm_mmu_idx(&cpu->env, mmu_idx),
- &phys_addr, &attrs, &prot, &page_size,
- &fi, &cacheattrs);
+ &res, &fi);
if (likely(!ret)) {
/*
* Map a single [sub]page. Regions smaller than our declared
* target page size are handled specially, so for those we
* pass in the exact addresses.
*/
- if (page_size >= TARGET_PAGE_SIZE) {
- phys_addr &= TARGET_PAGE_MASK;
+ if (res.page_size >= TARGET_PAGE_SIZE) {
+ res.phys &= TARGET_PAGE_MASK;
address &= TARGET_PAGE_MASK;
}
/* Notice and record tagged memory. */
- if (cpu_isar_feature(aa64_mte, cpu) && cacheattrs.attrs == 0xf0) {
- arm_tlb_mte_tagged(&attrs) = true;
+ if (cpu_isar_feature(aa64_mte, cpu) && res.cacheattrs.attrs == 0xf0) {
+ arm_tlb_mte_tagged(&res.attrs) = true;
}
- tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
- prot, mmu_idx, page_size);
+ tlb_set_page_with_attrs(cs, address, res.phys, res.attrs,
+ res.prot, mmu_idx, res.page_size);
return true;
} else if (probe) {
return false;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-08-22 15:26 ` [PATCH v2 01/66] target/arm: Create GetPhysAddrResult Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:21 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
` (64 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The starting security state comes with the translation regime,
not the current state of arm_is_secure_below_el3().
More use of the local variable, ipa_secure, which does not need
to be written back to result->attrs.secure -- we compute that
value later, after the S2 walk is complete.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8db2abac01..478ff74550 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2308,6 +2308,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
+ bool is_secure = regime_is_secure(env, mmu_idx);
if (mmu_idx != s1_mmu_idx) {
/*
@@ -2332,19 +2333,16 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
ipa = result->phys;
- ipa_secure = result->attrs.secure;
- if (arm_is_secure_below_el3(env)) {
- if (ipa_secure) {
- result->attrs.secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
- } else {
- result->attrs.secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
- }
+ if (is_secure) {
+ /* Select TCR based on the NS bit from the S1 walk. */
+ ipa_secure = !(result->attrs.secure
+ ? env->cp15.vstcr_el2 & VSTCR_SW
+ : env->cp15.vtcr_el2 & VTCR_NSW);
} else {
- assert(!ipa_secure);
+ ipa_secure = false;
}
- s2_mmu_idx = (result->attrs.secure
- ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
/*
@@ -2388,7 +2386,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
- if (arm_is_secure_below_el3(env)) {
+ if (is_secure) {
if (ipa_secure) {
result->attrs.secure =
!(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
@@ -2412,7 +2410,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
* cannot upgrade an non-secure translation regime's attributes
* to secure.
*/
- result->attrs.secure = regime_is_secure(env, mmu_idx);
+ result->attrs.secure = is_secure;
result->attrs.user = regime_is_user(env, mmu_idx);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-08-22 15:26 ` [PATCH v2 01/66] target/arm: Create GetPhysAddrResult Richard Henderson
2022-08-22 15:26 ` [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:24 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
` (63 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 69 ++++++++++++++++++------------------------------
1 file changed, 26 insertions(+), 43 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 478ff74550..4f248f6266 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -16,10 +16,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, hwaddr *phys_ptr,
- MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ bool s1_is_el0, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
@@ -204,18 +202,13 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
{
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
!regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
- target_ulong s2size;
- hwaddr s2pa;
- int s2prot;
- int ret;
ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
: ARMMMUIdx_Stage2;
- ARMCacheAttrs cacheattrs = {};
- MemTxAttrs txattrs = {};
+ GetPhysAddrResult s2 = {};
+ int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false,
- &s2pa, &txattrs, &s2prot, &s2size, fi,
- &cacheattrs);
+ &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
@@ -225,7 +218,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return ~0;
}
if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
- ptw_attrs_are_device(env, cacheattrs)) {
+ ptw_attrs_are_device(env, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -249,7 +242,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
assert(!*is_secure);
}
- addr = s2pa;
+ addr = s2.phys;
}
return addr;
}
@@ -972,19 +965,13 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
* table walk), must be true if this is stage 2 of a stage 1+2
* walk for an EL0 access. If @mmu_idx is anything else,
* @s1_is_el0 is ignored.
- * @phys_ptr: set to the physical address corresponding to the virtual address
- * @attrs: set to the memory transaction attributes to use
- * @prot: set to the permissions for the page containing phys_ptr
- * @page_size_ptr: set to the size of the page containing phys_ptr
+ * @result: set on translation success,
* @fi: set to fault info if the translation fails
- * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, hwaddr *phys_ptr,
- MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr,
- ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
+ bool s1_is_el0, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
/* Read an LPAE long-descriptor translation table. */
@@ -1302,16 +1289,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
ns = mmu_idx == ARMMMUIdx_Stage2;
xn = extract32(attrs, 11, 2);
- *prot = get_S2prot(env, ap, xn, s1_is_el0);
+ result->prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
ns = extract32(attrs, 3, 1);
xn = extract32(attrs, 12, 1);
pxn = extract32(attrs, 11, 1);
- *prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+ result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
fault_type = ARMFault_Permission;
- if (!(*prot & (1 << access_type))) {
+ if (!(result->prot & (1 << access_type))) {
goto do_fault;
}
@@ -1321,23 +1308,23 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- txattrs->secure = false;
+ result->attrs.secure = false;
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
- arm_tlb_bti_gp(txattrs) = true;
+ arm_tlb_bti_gp(&result->attrs) = true;
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
- cacheattrs->is_s2_format = true;
- cacheattrs->attrs = extract32(attrs, 0, 4);
+ result->cacheattrs.is_s2_format = true;
+ result->cacheattrs.attrs = extract32(attrs, 0, 4);
} else {
/* Index into MAIR registers for cache attributes */
uint8_t attrindx = extract32(attrs, 0, 3);
uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
assert(attrindx <= 7);
- cacheattrs->is_s2_format = false;
- cacheattrs->attrs = extract64(mair, attrindx * 8, 8);
+ result->cacheattrs.is_s2_format = false;
+ result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
}
/*
@@ -1346,13 +1333,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* that case comes from TCR_ELx, which we extracted earlier.
*/
if (param.ds) {
- cacheattrs->shareability = param.sh;
+ result->cacheattrs.shareability = param.sh;
} else {
- cacheattrs->shareability = extract32(attrs, 6, 2);
+ result->cacheattrs.shareability = extract32(attrs, 6, 2);
}
- *phys_ptr = descaddr;
- *page_size_ptr = page_size;
+ result->phys = descaddr;
+ result->page_size = page_size;
return false;
do_fault:
@@ -2354,10 +2341,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size,
- fi, &result->cacheattrs);
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ is_el0, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
@@ -2528,9 +2513,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size,
- fi, &result->cacheattrs);
+ result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
&result->phys, &result->attrs,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (2 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:25 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
` (62 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 30 ++++++++++++++----------------
1 file changed, 14 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4f248f6266..4961bc2f9f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -536,8 +536,7 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, ARMMMUFaultInfo *fi)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -597,11 +596,11 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
phys_addr |= (uint64_t)extract32(desc, 20, 4) << 32;
phys_addr |= (uint64_t)extract32(desc, 5, 4) << 36;
- *page_size = 0x1000000;
+ result->page_size = 0x1000000;
} else {
/* Section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
- *page_size = 0x100000;
+ result->page_size = 0x100000;
}
ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
xn = desc & (1 << 4);
@@ -627,12 +626,12 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
xn = desc & (1 << 15);
- *page_size = 0x10000;
+ result->page_size = 0x10000;
break;
case 2: case 3: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
xn = desc & 1;
- *page_size = 0x1000;
+ result->page_size = 0x1000;
break;
default:
/* Never happens, but compiler isn't smart enough to tell. */
@@ -640,7 +639,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
}
}
if (domain_prot == 3) {
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
} else {
if (pxn && !regime_is_user(env, mmu_idx)) {
xn = 1;
@@ -658,14 +657,14 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- *prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
+ result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
} else {
- *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
}
- if (*prot && !xn) {
- *prot |= PAGE_EXEC;
+ if (result->prot && !xn) {
+ result->prot |= PAGE_EXEC;
}
- if (!(*prot & (1 << access_type))) {
+ if (!(result->prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
@@ -676,9 +675,9 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- attrs->secure = false;
+ result->attrs.secure = false;
}
- *phys_ptr = phys_addr;
+ result->phys = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -2516,8 +2515,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size, fi);
+ result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
&result->phys, &result->prot,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (3 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:25 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
` (61 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4961bc2f9f..b006e87a63 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -414,9 +414,7 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
- target_ulong *page_size,
- ARMMMUFaultInfo *fi)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -464,7 +462,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* 1Mb section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
ap = (desc >> 10) & 3;
- *page_size = 1024 * 1024;
+ result->page_size = 1024 * 1024;
} else {
/* Lookup l2 entry. */
if (type == 1) {
@@ -486,12 +484,12 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
- *page_size = 0x10000;
+ result->page_size = 0x10000;
break;
case 2: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
ap = (desc >> (4 + ((address >> 9) & 6))) & 3;
- *page_size = 0x1000;
+ result->page_size = 0x1000;
break;
case 3: /* 1k page, or ARMv6/XScale "extended small (4k) page" */
if (type == 1) {
@@ -499,7 +497,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
if (arm_feature(env, ARM_FEATURE_XSCALE)
|| arm_feature(env, ARM_FEATURE_V6)) {
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
- *page_size = 0x1000;
+ result->page_size = 0x1000;
} else {
/*
* UNPREDICTABLE in ARMv5; we choose to take a
@@ -510,7 +508,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
}
} else {
phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
- *page_size = 0x400;
+ result->page_size = 0x400;
}
ap = (desc >> 4) & 3;
break;
@@ -519,14 +517,14 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
g_assert_not_reached();
}
}
- *prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
- *prot |= *prot ? PAGE_EXEC : 0;
- if (!(*prot & (1 << access_type))) {
+ result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->prot |= result->prot ? PAGE_EXEC : 0;
+ if (!(result->prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
}
- *phys_ptr = phys_addr;
+ result->phys = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -2518,8 +2516,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- &result->phys, &result->prot,
- &result->page_size, fi);
+ result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (4 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:26 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
` (60 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b006e87a63..15d152432f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1351,7 +1351,7 @@ do_fault:
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
int n;
@@ -1361,12 +1361,12 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
if (regime_translation_disabled(env, mmu_idx)) {
/* MPU disabled. */
- *phys_ptr = address;
- *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
return false;
}
- *phys_ptr = address;
+ result->phys = address;
for (n = 7; n >= 0; n--) {
base = env->cp15.c6_region[n];
if ((base & 1) == 0) {
@@ -1402,16 +1402,16 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot = PAGE_READ | PAGE_WRITE;
+ result->prot = PAGE_READ | PAGE_WRITE;
break;
case 2:
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
if (!is_user) {
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
}
break;
case 3:
- *prot = PAGE_READ | PAGE_WRITE;
+ result->prot = PAGE_READ | PAGE_WRITE;
break;
case 5:
if (is_user) {
@@ -1419,10 +1419,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
break;
case 6:
- *prot = PAGE_READ;
+ result->prot = PAGE_READ;
break;
default:
/* Bad permission. */
@@ -1430,7 +1430,7 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- *prot |= PAGE_EXEC;
+ result->prot |= PAGE_EXEC;
return false;
}
@@ -2425,7 +2425,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- &result->phys, &result->prot, fi);
+ result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (5 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:26 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
` (59 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 15d152432f..3dd6708eee 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1513,17 +1513,16 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot,
- target_ulong *page_size,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int n;
bool is_user = regime_is_user(env, mmu_idx);
- *phys_ptr = address;
- *page_size = TARGET_PAGE_SIZE;
- *prot = 0;
+ result->phys = address;
+ result->page_size = TARGET_PAGE_SIZE;
+ result->prot = 0;
if (regime_translation_disabled(env, mmu_idx) ||
m_is_ppb_region(env, address)) {
@@ -1535,7 +1534,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
* which always does a direct read using address_space_ldl(), rather
* than going via this function, so we don't need to check that here.
*/
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else { /* MPU enabled */
for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
/* region search */
@@ -1577,7 +1576,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
if (ranges_overlap(base, rmask,
address & TARGET_PAGE_MASK,
TARGET_PAGE_SIZE)) {
- *page_size = 1;
+ result->page_size = 1;
}
continue;
}
@@ -1615,7 +1614,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
continue;
}
if (rsize < TARGET_PAGE_BITS) {
- *page_size = 1 << rsize;
+ result->page_size = 1 << rsize;
}
break;
}
@@ -1626,7 +1625,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Background;
return true;
}
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else { /* a MPU hit! */
uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);
uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
@@ -1643,16 +1642,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 5:
break; /* no access */
case 3:
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
/* fall through */
case 2:
case 6:
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1668,16 +1667,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 1:
case 2:
case 3:
- *prot |= PAGE_WRITE;
+ result->prot |= PAGE_WRITE;
/* fall through */
case 5:
case 6:
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- *prot |= PAGE_READ | PAGE_EXEC;
+ result->prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1690,14 +1689,14 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
/* execute never */
if (xn) {
- *prot &= ~PAGE_EXEC;
+ result->prot &= ~PAGE_EXEC;
}
}
}
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(*prot & (1 << access_type));
+ return !(result->prot & (1 << access_type));
}
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
@@ -2420,8 +2419,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- &result->phys, &result->prot,
- &result->page_size, fi);
+ result, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (6 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:28 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
` (58 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 3dd6708eee..225405de3b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1967,8 +1967,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, target_ulong *page_size,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
uint32_t secure = regime_is_secure(env, mmu_idx);
@@ -2003,9 +2002,9 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
} else {
fi->type = ARMFault_QEMU_SFault;
}
- *page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- *phys_ptr = address;
- *prot = 0;
+ result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = 0;
return true;
}
} else {
@@ -2015,7 +2014,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* might downgrade a secure access to nonsecure.
*/
if (sattrs.ns) {
- txattrs->secure = false;
+ result->attrs.secure = false;
} else if (!secure) {
/*
* NS access to S memory must fault.
@@ -2028,17 +2027,19 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
*/
fi->type = ARMFault_QEMU_SFault;
- *page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- *phys_ptr = address;
- *prot = 0;
+ result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
+ result->phys = address;
+ result->prot = 0;
return true;
}
}
}
- ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
- txattrs, prot, &mpu_is_subpage, fi, NULL);
- *page_size = sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
+ ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
+ &result->phys, &result->attrs, &result->prot,
+ &mpu_is_subpage, fi, NULL);
+ result->page_size =
+ sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
return ret;
}
@@ -2414,8 +2415,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs,
- &result->prot, &result->page_size, fi);
+ result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (7 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:30 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
` (57 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 11 +++++------
target/arm/m_helper.c | 16 +++++++---------
target/arm/ptw.c | 20 +++++++++-----------
3 files changed, 21 insertions(+), 26 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 293e27b996..6786e08a78 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1125,12 +1125,6 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
V8M_SAttributes *sattrs);
-bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion);
-
/* Cacheability and shareability attributes for a memory access */
typedef struct ARMCacheAttrs {
/*
@@ -1156,6 +1150,11 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
+bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ GetPhysAddrResult *result, bool *is_subpage,
+ ARMMMUFaultInfo *fi, uint32_t *mregion);
+
void arm_log_exception(CPUState *cs);
#endif /* !CONFIG_USER_ONLY */
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 84c6796b8d..69d4a63fa6 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2770,15 +2770,10 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
V8M_SAttributes sattrs = {};
uint32_t tt_resp;
bool r, rw, nsr, nsrw, mrvalid;
- int prot;
- ARMMMUFaultInfo fi = {};
- MemTxAttrs attrs = {};
- hwaddr phys_addr;
ARMMMUIdx mmu_idx;
uint32_t mregion;
bool targetpriv;
bool targetsec = env->v7m.secure;
- bool is_subpage;
/*
* Work out what the security state and privilege level we're
@@ -2809,18 +2804,21 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
* inspecting the other MPU state.
*/
if (arm_current_el(env) != 0 || alt) {
+ GetPhysAddrResult res = {};
+ ARMMMUFaultInfo fi = {};
+ bool is_subpage;
+
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &phys_addr, &attrs, &prot, &is_subpage,
- &fi, &mregion);
+ &res, &is_subpage, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
mregion = 0;
} else {
mrvalid = true;
}
- r = prot & PAGE_READ;
- rw = prot & PAGE_WRITE;
+ r = res.prot & PAGE_READ;
+ rw = res.prot & PAGE_WRITE;
} else {
r = false;
rw = false;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 225405de3b..48c9363159 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1701,8 +1701,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, bool *is_subpage,
+ GetPhysAddrResult *result, bool *is_subpage,
ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/*
@@ -1724,8 +1723,8 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
*is_subpage = false;
- *phys_ptr = address;
- *prot = 0;
+ result->phys = address;
+ result->prot = 0;
if (mregion) {
*mregion = -1;
}
@@ -1807,7 +1806,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
if (matchregion == -1) {
/* hit using the background region */
- get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
} else {
uint32_t ap = extract32(env->pmsav8.rbar[secure][matchregion], 1, 2);
uint32_t xn = extract32(env->pmsav8.rbar[secure][matchregion], 0, 1);
@@ -1822,9 +1821,9 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
xn = 1;
}
- *prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
- if (*prot && !xn && !(pxn && !is_user)) {
- *prot |= PAGE_EXEC;
+ result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
+ if (result->prot && !xn && !(pxn && !is_user)) {
+ result->prot |= PAGE_EXEC;
}
/*
* We don't need to look the attribute up in the MAIR0/MAIR1
@@ -1837,7 +1836,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(*prot & (1 << access_type));
+ return !(result->prot & (1 << access_type));
}
static bool v8m_is_sau_exempt(CPUARMState *env,
@@ -2036,8 +2035,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
- &result->phys, &result->attrs, &result->prot,
- &mpu_is_subpage, fi, NULL);
+ result, &mpu_is_subpage, fi, NULL);
result->page_size =
sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (8 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:35 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
` (56 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This can be made redundant with result->page_size, by moving the basic
set of page_size from get_phys_addr_pmsav8. We still need to overwrite
page_size when v8m_security_lookup signals a subpage.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/m_helper.c | 3 +--
target/arm/ptw.c | 18 +++++++++---------
3 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 6786e08a78..fa8553a17e 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1152,8 +1152,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion);
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
+ uint32_t *mregion);
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 69d4a63fa6..01263990dc 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2806,11 +2806,10 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
if (arm_current_el(env) != 0 || alt) {
GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- bool is_subpage;
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &res, &is_subpage, &fi, &mregion);
+ &res, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
mregion = 0;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 48c9363159..ec66ba6777 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1701,8 +1701,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, bool *is_subpage,
- ARMMMUFaultInfo *fi, uint32_t *mregion)
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
+ uint32_t *mregion)
{
/*
* Perform a PMSAv8 MPU lookup (without also doing the SAU check
@@ -1722,7 +1722,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
uint32_t addr_page_base = address & TARGET_PAGE_MASK;
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
- *is_subpage = false;
+ result->page_size = TARGET_PAGE_SIZE;
result->phys = address;
result->prot = 0;
if (mregion) {
@@ -1774,13 +1774,13 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
ranges_overlap(base, limit - base + 1,
addr_page_base,
TARGET_PAGE_SIZE)) {
- *is_subpage = true;
+ result->page_size = 1;
}
continue;
}
if (base > addr_page_base || limit < addr_page_limit) {
- *is_subpage = true;
+ result->page_size = 1;
}
if (matchregion != -1) {
@@ -1972,7 +1972,6 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
uint32_t secure = regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs = {};
bool ret;
- bool mpu_is_subpage;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
@@ -2035,9 +2034,10 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
- result, &mpu_is_subpage, fi, NULL);
- result->page_size =
- sattrs.subpage || mpu_is_subpage ? 1 : TARGET_PAGE_SIZE;
+ result, fi, NULL);
+ if (sattrs.subpage) {
+ result->page_size = 1;
+ }
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (9 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:42 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup Richard Henderson
` (55 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from v8m_security_lookup,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 +-
target/arm/m_helper.c | 9 ++++++---
target/arm/ptw.c | 9 +++++----
3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index fa8553a17e..7f3b5bb406 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1123,7 +1123,7 @@ typedef struct V8M_SAttributes {
void v8m_security_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- V8M_SAttributes *sattrs);
+ bool secure, V8M_SAttributes *sattrs);
/* Cacheability and shareability attributes for a memory access */
typedef struct ARMCacheAttrs {
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 01263990dc..45fbf19559 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -689,7 +689,8 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
V8M_SAttributes sattrs = {};
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ targets_secure, &sattrs);
if (sattrs.ns) {
attrs.secure = false;
} else if (!targets_secure) {
@@ -2002,7 +2003,8 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo fi = {};
MemTxResult txres;
- v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx,
+ regime_is_secure(env, mmu_idx), &sattrs);
if (!sattrs.nsc || sattrs.ns) {
/*
* This must be the second half of the insn, and it straddles a
@@ -2826,7 +2828,8 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
}
if (env->v7m.secure) {
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ targetsec, &sattrs);
nsr = sattrs.ns && r;
nsrw = sattrs.ns && rw;
} else {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ec66ba6777..bbfb80f4dd 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1856,8 +1856,8 @@ static bool v8m_is_sau_exempt(CPUARMState *env,
}
void v8m_security_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- V8M_SAttributes *sattrs)
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure, V8M_SAttributes *sattrs)
{
/*
* Look up the security attributes for this address. Compare the
@@ -1885,7 +1885,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
}
if (idau_exempt || v8m_is_sau_exempt(env, address, access_type)) {
- sattrs->ns = !regime_is_secure(env, mmu_idx);
+ sattrs->ns = !is_secure;
return;
}
@@ -1974,7 +1974,8 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
bool ret;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
+ v8m_security_lookup(env, address, access_type, mmu_idx,
+ secure, &sattrs);
if (access_type == MMU_INST_FETCH) {
/*
* Instruction fetches always use the MMU bank and the
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (10 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:43 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
` (54 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from pmsav8_mpu_lookup,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/m_helper.c | 2 +-
target/arm/ptw.c | 7 +++----
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 7f3b5bb406..ee40f41c12 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1152,8 +1152,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
- uint32_t *mregion);
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi, uint32_t *mregion);
void arm_log_exception(CPUState *cs);
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 45fbf19559..5ee4ee15b3 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -2810,7 +2810,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
ARMMMUFaultInfo fi = {};
/* We can ignore the return value as prot is always set */
- pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, targetsec,
&res, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index bbfb80f4dd..5628581ddc 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1701,8 +1701,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi,
- uint32_t *mregion)
+ bool secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/*
* Perform a PMSAv8 MPU lookup (without also doing the SAU check
@@ -1715,7 +1715,6 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
*/
ARMCPU *cpu = env_archcpu(env);
bool is_user = regime_is_user(env, mmu_idx);
- uint32_t secure = regime_is_secure(env, mmu_idx);
int n;
int matchregion = -1;
bool hit = false;
@@ -2034,7 +2033,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
}
- ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx,
+ ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure,
result, fi, NULL);
if (sattrs.subpage) {
result->page_size = 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (11 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:44 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
` (53 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_v5,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5628581ddc..4609278b42 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -414,7 +414,8 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -433,8 +434,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -472,8 +472,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2512,7 +2511,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (12 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:45 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
` (52 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_v6,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4609278b42..a6880d051b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -533,7 +533,8 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -556,8 +557,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -610,8 +610,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2508,7 +2507,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
is_secure, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (13 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:46 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
` (51 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_pmsav8.
Since we already had a local variable named secure, use that.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a6880d051b..fccac2d71f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1963,10 +1963,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- uint32_t secure = regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs = {};
bool ret;
@@ -2411,7 +2410,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (14 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:46 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
` (50 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from pmsav7_use_background_region,
using the new parameter instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fccac2d71f..b7911e88c1 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1489,7 +1489,7 @@ static bool m_is_system_region(CPUARMState *env, uint32_t address)
}
static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
- bool is_user)
+ bool is_secure, bool is_user)
{
/*
* Return true if we should use the default memory map as a
@@ -1502,8 +1502,7 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
}
if (arm_feature(env, ARM_FEATURE_M)) {
- return env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)]
- & R_V7M_MPU_CTRL_PRIVDEFENA_MASK;
+ return env->v7m.mpu_ctrl[is_secure] & R_V7M_MPU_CTRL_PRIVDEFENA_MASK;
} else {
return regime_sctlr(env, mmu_idx) & SCTLR_BR;
}
@@ -1516,6 +1515,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
{
ARMCPU *cpu = env_archcpu(env);
int n;
+ bool secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
result->phys = address;
@@ -1618,7 +1618,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
}
if (n == -1) { /* no hits */
- if (!pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
+ if (!pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) {
/* background fault */
fi->type = ARMFault_Background;
return true;
@@ -1738,7 +1738,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
} else if (m_is_ppb_region(env, address)) {
hit = true;
} else {
- if (pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
+ if (pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) {
hit = true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (15 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 14:52 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7 Richard Henderson
` (49 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_lpae,
using the new parameter instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b7911e88c1..e95fd6b0d9 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -16,8 +16,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ bool is_secure, bool s1_is_el0,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
@@ -207,8 +207,8 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
GetPhysAddrResult s2 = {};
int ret;
- ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false,
- &s2, fi);
+ ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
+ *is_secure, false, &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
@@ -965,8 +965,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool s1_is_el0, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ bool is_secure, bool s1_is_el0,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
/* Read an LPAE long-descriptor translation table. */
@@ -1183,7 +1183,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* remain non-secure. We implement this by just ORing in the NSTable/NS
* bits at each step.
*/
- tableattrs = regime_is_secure(env, mmu_idx) ? 0 : (1 << 4);
+ tableattrs = is_secure ? 0 : (1 << 4);
for (;;) {
uint64_t descriptor;
bool nstable;
@@ -2334,7 +2334,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
memset(result, 0, sizeof(*result));
ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
- is_el0, result, fi);
+ ipa_secure, is_el0, result, fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
@@ -2502,8 +2502,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, address, access_type, mmu_idx, false,
- result, fi);
+ return get_phys_addr_lpae(env, address, access_type, mmu_idx,
+ is_secure, false, result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
is_secure, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (16 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:15 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
` (48 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_pmsav7,
using the new parameter instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e95fd6b0d9..224ba09ecd 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1510,12 +1510,11 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int n;
- bool secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
result->phys = address;
@@ -2414,7 +2413,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (17 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:17 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
` (47 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from regime_translation_disabled,
using the new parameter instead.
This fixes a bug in S1_ptw_translate and get_phys_addr where we had
passed ARMMMUIdx_Stage2 and not ARMMMUIdx_Stage2_S to determine if
Stage2 is disabled, affecting FEAT_SEL2.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 224ba09ecd..eca7763367 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -131,12 +131,13 @@ static uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, int ttbrn)
}
/* Return true if the specified stage of address translation is disabled */
-static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
+static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
+ bool is_secure)
{
uint64_t hcr_el2;
if (arm_feature(env, ARM_FEATURE_M)) {
- switch (env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)] &
+ switch (env->v7m.mpu_ctrl[is_secure] &
(R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) {
case R_V7M_MPU_CTRL_ENABLE_MASK:
/* Enabled, but not for HardFault and NMI */
@@ -163,7 +164,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx)
if (hcr_el2 & HCR_TGE) {
/* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!regime_is_secure(env, mmu_idx) && regime_el(env, mmu_idx) == 1) {
+ if (!is_secure && regime_el(env, mmu_idx) == 1) {
return true;
}
}
@@ -201,7 +202,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo *fi)
{
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, *is_secure)) {
ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
: ARMMMUIdx_Stage2;
GetPhysAddrResult s2 = {};
@@ -1355,9 +1356,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
int n;
uint32_t mask;
uint32_t base;
+ bool is_secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
- if (regime_translation_disabled(env, mmu_idx)) {
+ if (regime_translation_disabled(env, mmu_idx, is_secure)) {
/* MPU disabled. */
result->phys = address;
result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -1521,7 +1523,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
result->page_size = TARGET_PAGE_SIZE;
result->prot = 0;
- if (regime_translation_disabled(env, mmu_idx) ||
+ if (regime_translation_disabled(env, mmu_idx, secure) ||
m_is_ppb_region(env, address)) {
/*
* MPU disabled or M profile PPB access: use default memory map.
@@ -1732,7 +1734,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
* are done in arm_v7m_load_vector(), which always does a direct
* read using address_space_ldl(), rather than going via this function.
*/
- if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
+ if (regime_translation_disabled(env, mmu_idx, secure)) { /* MPU disabled */
hit = true;
} else if (m_is_ppb_region(env, address)) {
hit = true;
@@ -2306,7 +2308,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
result, fi);
/* If S1 fails or S2 is disabled, return early. */
- if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
+ if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
+ is_secure)) {
return ret;
}
@@ -2434,7 +2437,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
- if (regime_translation_disabled(env, mmu_idx)) {
+ if (regime_translation_disabled(env, mmu_idx, is_secure)) {
uint64_t hcr;
uint8_t memattr;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (18 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:18 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure Richard Henderson
` (46 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from get_phys_addr_pmsav5.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index eca7763367..c338e2324a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1350,13 +1350,12 @@ do_fault:
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool is_secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
int n;
uint32_t mask;
uint32_t base;
- bool is_secure = regime_is_secure(env, mmu_idx);
bool is_user = regime_is_user(env, mmu_idx);
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
@@ -2420,7 +2419,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- result, fi);
+ is_secure, result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (19 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:19 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
` (45 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Retain the existing get_phys_addr interface using
the security state derived from mmu_idx.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 6 ++++++
target/arm/ptw.c | 21 +++++++++++++++------
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index ee40f41c12..3ccc79f3d9 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1145,6 +1145,12 @@ typedef struct GetPhysAddrResult {
ARMCacheAttrs cacheattrs;
} GetPhysAddrResult;
+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+ __attribute__((nonnull));
+
bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index c338e2324a..c132d0cada 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2282,12 +2282,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*/
-bool get_phys_addr(CPUARMState *env, target_ulong address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
- bool is_secure = regime_is_secure(env, mmu_idx);
if (mmu_idx != s1_mmu_idx) {
/*
@@ -2303,8 +2303,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
ARMMMUIdx s2_mmu_idx;
bool is_el0;
- ret = get_phys_addr(env, address, access_type, s1_mmu_idx,
- result, fi);
+ ret = get_phys_addr_with_secure(env, address, access_type,
+ s1_mmu_idx, is_secure, result, fi);
/* If S1 fails or S2 is disabled, return early. */
if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
@@ -2514,6 +2514,15 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
}
+bool get_phys_addr(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+{
+ return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
+ regime_is_secure(env, mmu_idx),
+ result, fi);
+}
+
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
MemTxAttrs *attrs)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (20 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:22 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
` (44 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Remove the use of regime_is_secure from v7m_read_half_insn, using
the new parameter instead.
As it happens, both callers pass true, propagated from the argument
to arm_v7m_mmu_idx_for_secstate which created the mmu_idx argument,
but that is a detail of v7m_handle_execute_nsc we need not expose
to the callee.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/m_helper.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 5ee4ee15b3..203ba411f6 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -1981,7 +1981,7 @@ static bool do_v7m_function_return(ARMCPU *cpu)
return true;
}
-static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
+static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
uint32_t addr, uint16_t *insn)
{
/*
@@ -2003,8 +2003,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo fi = {};
MemTxResult txres;
- v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx,
- regime_is_secure(env, mmu_idx), &sattrs);
+ v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, secure, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
/*
* This must be the second half of the insn, and it straddles a
@@ -2109,7 +2108,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
/* We want to do the MPU lookup as secure; work out what mmu_idx that is */
mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
- if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15], &insn)) {
+ if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15], &insn)) {
return false;
}
@@ -2125,7 +2124,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
goto gen_invep;
}
- if (!v7m_read_half_insn(cpu, mmu_idx, env->regs[15] + 2, &insn)) {
+ if (!v7m_read_half_insn(cpu, mmu_idx, true, env->regs[15] + 2, &insn)) {
return false;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (21 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:24 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
` (43 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Remove the use of regime_is_secure from arm_tr_init_disas_context.
Instead, provide the value of v8m_secure directly from tb_flags.
Rather than use regime_is_secure, use the env->v7m.secure directly,
as per arm_mmu_idx_el.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/helper.c | 4 ++++
target/arm/translate.c | 3 +--
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5168e3d837..ee94d8e653 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3192,6 +3192,8 @@ FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 3, 1) /* Not cached. */
FIELD(TBFLAG_M32, FPCCR_S_WRONG, 4, 1) /* Not cached. */
/* Set if MVE insns are definitely not predicated by VPR or LTPSIZE */
FIELD(TBFLAG_M32, MVE_NO_PRED, 5, 1) /* Not cached. */
+/* Set if in secure mode */
+FIELD(TBFLAG_M32, SECURE, 6, 1)
/*
* Bit usage when in AArch64 state
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 68373bc0a9..1fcfc85b76 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10764,6 +10764,10 @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
DP_TBFLAG_M32(flags, STACKCHECK, 1);
}
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) && env->v7m.secure) {
+ DP_TBFLAG_M32(flags, SECURE, 1);
+ }
+
return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index ad617b9948..bf30231079 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9359,8 +9359,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->vfp_enabled = 1;
dc->be_data = MO_TE;
dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER);
- dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
- regime_is_secure(env, dc->mmu_idx);
+ dc->v8m_secure = EX_TBFLAG_M32(tb_flags, SECURE);
dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK);
dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG);
dc->v7m_new_fp_ctxt_needed =
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (22 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
@ 2022-08-22 15:26 ` Richard Henderson
2022-09-20 15:25 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
` (42 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:26 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This is the last use of regime_is_secure; remove it
entirely before changing the layout of ARMMMUIdx.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 42 ----------------------------------------
target/arm/ptw.c | 44 ++++++++++++++++++++++++++++++++++++++++--
2 files changed, 42 insertions(+), 44 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3ccc79f3d9..a231000965 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -670,48 +670,6 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
}
}
-/* Return true if this address translation regime is secure */
-static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
-{
- switch (mmu_idx) {
- case ARMMMUIdx_E10_0:
- case ARMMMUIdx_E10_1:
- case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_E20_0:
- case ARMMMUIdx_E20_2:
- case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_Stage1_E0:
- case ARMMMUIdx_Stage1_E1:
- case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_E2:
- case ARMMMUIdx_Stage2:
- case ARMMMUIdx_MPrivNegPri:
- case ARMMMUIdx_MUserNegPri:
- case ARMMMUIdx_MPriv:
- case ARMMMUIdx_MUser:
- return false;
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_SE2:
- case ARMMMUIdx_Stage2_S:
- case ARMMMUIdx_MSPrivNegPri:
- case ARMMMUIdx_MSUserNegPri:
- case ARMMMUIdx_MSPriv:
- case ARMMMUIdx_MSUser:
- return true;
- default:
- g_assert_not_reached();
- }
-}
-
static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index c132d0cada..400ef00b63 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2518,9 +2518,49 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
+ bool is_secure;
+
+ switch (mmu_idx) {
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_MPrivNegPri:
+ case ARMMMUIdx_MUserNegPri:
+ case ARMMMUIdx_MPriv:
+ case ARMMMUIdx_MUser:
+ is_secure = false;
+ break;
+ case ARMMMUIdx_SE3:
+ case ARMMMUIdx_SE10_0:
+ case ARMMMUIdx_SE10_1:
+ case ARMMMUIdx_SE10_1_PAN:
+ case ARMMMUIdx_SE20_0:
+ case ARMMMUIdx_SE20_2:
+ case ARMMMUIdx_SE20_2_PAN:
+ case ARMMMUIdx_Stage1_SE0:
+ case ARMMMUIdx_Stage1_SE1:
+ case ARMMMUIdx_Stage1_SE1_PAN:
+ case ARMMMUIdx_SE2:
+ case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_MSPrivNegPri:
+ case ARMMMUIdx_MSUserNegPri:
+ case ARMMMUIdx_MSPriv:
+ case ARMMMUIdx_MSUser:
+ is_secure = true;
+ break;
+ default:
+ g_assert_not_reached();
+ }
return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
- regime_is_secure(env, mmu_idx),
- result, fi);
+ is_secure, result, fi);
}
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (23 preceding siblings ...)
2022-08-22 15:26 ` [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:33 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
` (41 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use get_phys_addr_with_secure directly. This is the one place
where the value of is_secure may not equal arm_is_secure(env).
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1fcfc85b76..09990ca096 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3105,7 +3105,8 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
#ifdef CONFIG_TCG
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
- MMUAccessType access_type, ARMMMUIdx mmu_idx)
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ bool is_secure)
{
bool ret;
uint64_t par64;
@@ -3113,7 +3114,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
- ret = get_phys_addr(env, value, access_type, mmu_idx, &res, &fi);
+ ret = get_phys_addr_with_secure(env, value, access_type, mmu_idx,
+ is_secure, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
@@ -3285,6 +3287,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_SE3;
+ secure = true;
break;
case 2:
g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
@@ -3306,6 +3309,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_SE10_0;
+ secure = true;
break;
case 2:
g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
@@ -3321,16 +3325,18 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
case 4:
/* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
mmu_idx = ARMMMUIdx_E10_1;
+ secure = false;
break;
case 6:
/* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
mmu_idx = ARMMMUIdx_E10_0;
+ secure = false;
break;
default:
g_assert_not_reached();
}
- par64 = do_ats_write(env, value, access_type, mmu_idx);
+ par64 = do_ats_write(env, value, access_type, mmu_idx, secure);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3346,7 +3352,8 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
uint64_t par64;
- par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2);
+ /* There is no SecureEL2 for AArch32. */
+ par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3389,6 +3396,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_SE3;
+ secure = true;
break;
default:
g_assert_not_reached();
@@ -3407,7 +3415,8 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
g_assert_not_reached();
}
- env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx);
+ env->cp15.par_el[1] = do_ats_write(env, value, access_type,
+ mmu_idx, secure);
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (24 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:44 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled Richard Henderson
` (40 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
For a-profile, which does not bank system registers, it takes
quite a lot of code to switch between security states. In the
process, registers such as TCR_EL{1,2} must be swapped, which in
itself requires the flushing of softmmu tlbs. Therefore it
doesn't buy us anything to separate tlbs by security state.
Retain the distinction between Stage2 and Stage2_S.
This will be important as we implement FEAT_RME, and do not
wish to add a third set of mmu indexes for Realm state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 69 +++++++-----------
target/arm/internals.h | 31 +-------
target/arm/helper.c | 144 +++++++++++++------------------------
target/arm/ptw.c | 25 ++-----
target/arm/translate-a64.c | 8 ---
target/arm/translate.c | 6 +-
7 files changed, 83 insertions(+), 202 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 68ffb12427..08681828ac 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -32,6 +32,6 @@
# define TARGET_PAGE_BITS_MIN 10
#endif
-#define NB_MMU_MODES 15
+#define NB_MMU_MODES 8
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ee94d8e653..cea2121f67 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2873,26 +2873,26 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
* table over and over.
* 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access
* Never (PAN) bit within PSTATE.
+ * 7. we fold together the secure and non-secure regimes for A-profile,
+ * because there are no banked system registers, so the process of
+ * switching between secure and non-secure is already heavyweight.
*
* This gives us the following list of cases:
*
- * NS EL0 EL1&0 stage 1+2 (aka NS PL0)
- * NS EL1 EL1&0 stage 1+2 (aka NS PL1)
- * NS EL1 EL1&0 stage 1+2 +PAN
- * NS EL0 EL2&0
- * NS EL2 EL2&0
- * NS EL2 EL2&0 +PAN
- * NS EL2 (aka NS PL2)
- * S EL0 EL1&0 (aka S PL0)
- * S EL1 EL1&0 (not used if EL3 is 32 bit)
- * S EL1 EL1&0 +PAN
- * S EL3 (aka S PL1)
+ * EL0 EL1&0 stage 1+2 (aka NS PL0)
+ * EL1 EL1&0 stage 1+2 (aka NS PL1)
+ * EL1 EL1&0 stage 1+2 +PAN
+ * EL0 EL2&0
+ * EL2 EL2&0
+ * EL2 EL2&0 +PAN
+ * EL2 (aka NS PL2)
+ * EL3 (aka S PL1)
*
* for a total of 11 different mmu_idx.
*
* R profile CPUs have an MPU, but can use the same set of MMU indexes
- * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
- * NS EL2 if we ever model a Cortex-R52).
+ * as A profile. They only need to distinguish EL0 and EL1 (and
+ * EL2 if we ever model a Cortex-R52).
*
* M profile CPUs are rather different as they do not have a true MMU.
* They have the following different MMU indexes:
@@ -2931,9 +2931,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */
#define ARM_MMU_IDX_M 0x40 /* M profile */
-/* Meanings of the bits for A profile mmu idx values */
-#define ARM_MMU_IDX_A_NS 0x8
-
/* Meanings of the bits for M profile mmu idx values */
#define ARM_MMU_IDX_M_PRIV 0x1
#define ARM_MMU_IDX_M_NEGPRI 0x2
@@ -2947,22 +2944,14 @@ typedef enum ARMMMUIdx {
/*
* A-profile.
*/
- ARMMMUIdx_SE10_0 = 0 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_0 = 1 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE10_1 = 2 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_2 = 3 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE10_1_PAN = 4 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE20_2_PAN = 5 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE2 = 6 | ARM_MMU_IDX_A,
- ARMMMUIdx_SE3 = 7 | ARM_MMU_IDX_A,
-
- ARMMMUIdx_E10_0 = ARMMMUIdx_SE10_0 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_0 = ARMMMUIdx_SE20_0 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E10_1 = ARMMMUIdx_SE10_1 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_2 = ARMMMUIdx_SE20_2 | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E10_1_PAN = ARMMMUIdx_SE10_1_PAN | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E20_2_PAN = ARMMMUIdx_SE20_2_PAN | ARM_MMU_IDX_A_NS,
- ARMMMUIdx_E2 = ARMMMUIdx_SE2 | ARM_MMU_IDX_A_NS,
+ ARMMMUIdx_E10_0 = 0 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_0 = 1 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E10_1 = 2 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_2 = 3 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E10_1_PAN = 4 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E20_2_PAN = 5 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
+ ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
/*
* These are not allocated TLBs and are used only for AT system
@@ -2971,9 +2960,6 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE0 = 3 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE1 = 4 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage1_SE1_PAN = 5 | ARM_MMU_IDX_NOTLB,
/*
* Not allocated a TLB: used only for second stage of an S12 page
* table walk, or for descriptor loads during first stage of an S1
@@ -2981,8 +2967,8 @@ typedef enum ARMMMUIdx {
* then various TLB flush insns which currently are no-ops or flush
* only stage 1 MMU indexes will need to change to flush stage 2.
*/
- ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage2_S = 7 | ARM_MMU_IDX_NOTLB,
+ ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB,
+ ARMMMUIdx_Stage2_S = 4 | ARM_MMU_IDX_NOTLB,
/*
* M-profile.
@@ -3012,14 +2998,7 @@ typedef enum ARMMMUIdxBit {
TO_CORE_BIT(E2),
TO_CORE_BIT(E20_2),
TO_CORE_BIT(E20_2_PAN),
- TO_CORE_BIT(SE10_0),
- TO_CORE_BIT(SE20_0),
- TO_CORE_BIT(SE10_1),
- TO_CORE_BIT(SE20_2),
- TO_CORE_BIT(SE10_1_PAN),
- TO_CORE_BIT(SE20_2_PAN),
- TO_CORE_BIT(SE2),
- TO_CORE_BIT(SE3),
+ TO_CORE_BIT(E3),
TO_CORE_BIT(MUser),
TO_CORE_BIT(MPriv),
diff --git a/target/arm/internals.h b/target/arm/internals.h
index a231000965..a21a21299c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -649,21 +649,12 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return true;
default:
return false;
@@ -674,11 +665,8 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE1_PAN:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_2_PAN:
return true;
default:
return false;
@@ -689,30 +677,20 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
- case ARMMMUIdx_SE2:
case ARMMMUIdx_E2:
return 2;
- case ARMMMUIdx_SE3:
+ case ARMMMUIdx_E3:
return 3;
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_Stage1_SE0:
- return arm_el_is_aa64(env, 3) ? 1 : 3;
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
+ case ARMMMUIdx_E10_0:
case ARMMMUIdx_Stage1_E0:
+ return arm_el_is_aa64(env, 3) || !arm_is_secure_below_el3(env) ? 1 : 3;
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
case ARMMMUIdx_MPrivNegPri:
@@ -954,9 +932,6 @@ static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx mmu_idx)
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
return true;
default:
return false;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 09990ca096..b9f1a3d826 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1671,6 +1671,7 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* Begin with base v8.0 state. */
uint32_t valid_mask = 0x3fff;
ARMCPU *cpu = env_archcpu(env);
+ uint64_t changed;
/*
* Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
@@ -1730,7 +1731,22 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* Clear all-context RES0 bits. */
value &= valid_mask;
- raw_write(env, ri, value);
+ changed = env->cp15.scr_el3 ^ value;
+ env->cp15.scr_el3 = value;
+
+ /*
+ * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
+ * we must invalidate all TLBs below EL3.
+ */
+ if (changed & SCR_NS) {
+ tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
+ ARMMMUIdxBit_E20_0 |
+ ARMMMUIdxBit_E10_1 |
+ ARMMMUIdxBit_E20_2 |
+ ARMMMUIdxBit_E10_1_PAN |
+ ARMMMUIdxBit_E20_2_PAN |
+ ARMMMUIdxBit_E2));
+ }
}
static void scr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
@@ -2561,9 +2577,6 @@ static int gt_phys_redir_timeridx(CPUARMState *env)
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return GTIMER_HYP;
default:
return GTIMER_PHYS;
@@ -2576,9 +2589,6 @@ static int gt_virt_redir_timeridx(CPUARMState *env)
case ARMMMUIdx_E20_0:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return GTIMER_HYPVIRT;
default:
return GTIMER_VIRT;
@@ -3286,7 +3296,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* stage 1 current state PL1: ATS1CPR, ATS1CPW, ATS1CPRP, ATS1CPWP */
switch (el) {
case 3:
- mmu_idx = ARMMMUIdx_SE3;
+ mmu_idx = ARMMMUIdx_E3;
secure = true;
break;
case 2:
@@ -3294,10 +3304,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* fall through */
case 1:
if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) {
- mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
- : ARMMMUIdx_Stage1_E1_PAN);
+ mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
} else {
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
+ mmu_idx = ARMMMUIdx_Stage1_E1;
}
break;
default:
@@ -3308,7 +3317,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
/* stage 1 current state PL0: ATS1CUR, ATS1CUW */
switch (el) {
case 3:
- mmu_idx = ARMMMUIdx_SE10_0;
+ mmu_idx = ARMMMUIdx_E10_0;
secure = true;
break;
case 2:
@@ -3316,7 +3325,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 1:
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
+ mmu_idx = ARMMMUIdx_Stage1_E0;
break;
default:
g_assert_not_reached();
@@ -3385,17 +3394,16 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
switch (ri->opc1) {
case 0: /* AT S1E1R, AT S1E1W, AT S1E1RP, AT S1E1WP */
if (ri->crm == 9 && (env->pstate & PSTATE_PAN)) {
- mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN
- : ARMMMUIdx_Stage1_E1_PAN);
+ mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
} else {
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1;
+ mmu_idx = ARMMMUIdx_Stage1_E1;
}
break;
case 4: /* AT S1E2R, AT S1E2W */
- mmu_idx = secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2;
+ mmu_idx = ARMMMUIdx_E2;
break;
case 6: /* AT S1E3R, AT S1E3W */
- mmu_idx = ARMMMUIdx_SE3;
+ mmu_idx = ARMMMUIdx_E3;
secure = true;
break;
default:
@@ -3403,13 +3411,13 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
}
break;
case 2: /* AT S1E0R, AT S1E0W */
- mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0;
+ mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 4: /* AT S12E1R, AT S12E1W */
- mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_E10_1;
+ mmu_idx = ARMMMUIdx_E10_1;
break;
case 6: /* AT S12E0R, AT S12E0W */
- mmu_idx = secure ? ARMMMUIdx_SE10_0 : ARMMMUIdx_E10_0;
+ mmu_idx = ARMMMUIdx_E10_0;
break;
default:
g_assert_not_reached();
@@ -3679,11 +3687,6 @@ static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint16_t mask = ARMMMUIdxBit_E20_2 |
ARMMMUIdxBit_E20_2_PAN |
ARMMMUIdxBit_E20_0;
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
tlb_flush_by_mmuidx(env_cpu(env), mask);
}
raw_write(env, ri, value);
@@ -3703,11 +3706,6 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint16_t mask = ARMMMUIdxBit_E10_1 |
ARMMMUIdxBit_E10_1_PAN |
ARMMMUIdxBit_E10_0;
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
tlb_flush_by_mmuidx(cs, mask);
raw_write(env, ri, value);
}
@@ -4178,11 +4176,6 @@ static int vae1_tlbmask(CPUARMState *env)
ARMMMUIdxBit_E10_1_PAN |
ARMMMUIdxBit_E10_0;
}
-
- if (arm_is_secure_below_el3(env)) {
- mask >>= ARM_MMU_IDX_A_NS;
- }
-
return mask;
}
@@ -4209,10 +4202,6 @@ static int vae1_tlbbits(CPUARMState *env, uint64_t addr)
mmu_idx = ARMMMUIdx_E10_0;
}
- if (arm_is_secure_below_el3(env)) {
- mmu_idx &= ~ARM_MMU_IDX_A_NS;
- }
-
return tlbbits_for_regime(env, mmu_idx, addr);
}
@@ -4245,30 +4234,17 @@ static int alle1_tlbmask(CPUARMState *env)
* stage 2 translations, whereas most other scopes only invalidate
* stage 1 translations.
*/
- if (arm_is_secure_below_el3(env)) {
- return ARMMMUIdxBit_SE10_1 |
- ARMMMUIdxBit_SE10_1_PAN |
- ARMMMUIdxBit_SE10_0;
- } else {
- return ARMMMUIdxBit_E10_1 |
- ARMMMUIdxBit_E10_1_PAN |
- ARMMMUIdxBit_E10_0;
- }
+ return (ARMMMUIdxBit_E10_1 |
+ ARMMMUIdxBit_E10_1_PAN |
+ ARMMMUIdxBit_E10_0);
}
static int e2_tlbmask(CPUARMState *env)
{
- if (arm_is_secure_below_el3(env)) {
- return ARMMMUIdxBit_SE20_0 |
- ARMMMUIdxBit_SE20_2 |
- ARMMMUIdxBit_SE20_2_PAN |
- ARMMMUIdxBit_SE2;
- } else {
- return ARMMMUIdxBit_E20_0 |
- ARMMMUIdxBit_E20_2 |
- ARMMMUIdxBit_E20_2_PAN |
- ARMMMUIdxBit_E2;
- }
+ return (ARMMMUIdxBit_E20_0 |
+ ARMMMUIdxBit_E20_2 |
+ ARMMMUIdxBit_E20_2_PAN |
+ ARMMMUIdxBit_E2);
}
static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4295,7 +4271,7 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
ARMCPU *cpu = env_archcpu(env);
CPUState *cs = CPU(cpu);
- tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_SE3);
+ tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4321,7 +4297,7 @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
- tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_SE3);
+ tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4349,7 +4325,7 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
CPUState *cs = CPU(cpu);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_SE3);
+ tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E3);
}
static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4388,12 +4364,10 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- bool secure = arm_is_secure_below_el3(env);
- int mask = secure ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2;
- int bits = tlbbits_for_regime(env, secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2,
- pageaddr);
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr);
- tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
+ ARMMMUIdxBit_E2, bits);
}
static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4401,10 +4375,10 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
CPUState *cs = env_cpu(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- int bits = tlbbits_for_regime(env, ARMMMUIdx_SE3, pageaddr);
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_E3, pageaddr);
tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
- ARMMMUIdxBit_SE3, bits);
+ ARMMMUIdxBit_E3, bits);
}
#ifdef TARGET_AARCH64
@@ -4510,8 +4484,7 @@ static void tlbi_aa64_rvae1is_write(CPUARMState *env,
static int vae2_tlbmask(CPUARMState *env)
{
- return (arm_is_secure_below_el3(env)
- ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2);
+ return ARMMMUIdxBit_E2;
}
static void tlbi_aa64_rvae2_write(CPUARMState *env,
@@ -4557,8 +4530,7 @@ static void tlbi_aa64_rvae3_write(CPUARMState *env,
* flush-last-level-only.
*/
- do_rvae_write(env, value, ARMMMUIdxBit_SE3,
- tlb_force_broadcast(env));
+ do_rvae_write(env, value, ARMMMUIdxBit_E3, tlb_force_broadcast(env));
}
static void tlbi_aa64_rvae3is_write(CPUARMState *env,
@@ -4572,7 +4544,7 @@ static void tlbi_aa64_rvae3is_write(CPUARMState *env,
* flush-last-level-only or inner/outer specific flushes.
*/
- do_rvae_write(env, value, ARMMMUIdxBit_SE3, true);
+ do_rvae_write(env, value, ARMMMUIdxBit_E3, true);
}
#endif
@@ -10087,8 +10059,7 @@ uint64_t arm_sctlr(CPUARMState *env, int el)
/* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
if (el == 0) {
ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
- el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0)
- ? 2 : 1;
+ el = mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1;
}
return env->cp15.sctlr_el[el];
}
@@ -10632,22 +10603,15 @@ int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
switch (mmu_idx) {
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E20_0:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE20_0:
return 0;
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
return 1;
case ARMMMUIdx_E2:
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE2:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
return 2;
- case ARMMMUIdx_SE3:
+ case ARMMMUIdx_E3:
return 3;
default:
g_assert_not_reached();
@@ -10700,15 +10664,11 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
}
break;
case 3:
- return ARMMMUIdx_SE3;
+ return ARMMMUIdx_E3;
default:
g_assert_not_reached();
}
- if (arm_is_secure_below_el3(env)) {
- idx &= ~ARM_MMU_IDX_A_NS;
- }
-
return idx;
}
@@ -10911,15 +10871,11 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
switch (mmu_idx) {
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
/* TODO: ARMv8.3-NV */
DP_TBFLAG_A64(flags, UNPRIV, 1);
break;
case ARMMMUIdx_E20_2:
case ARMMMUIdx_E20_2_PAN:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
/*
* Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is
* gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 400ef00b63..2c13586396 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -65,12 +65,6 @@ unsigned int arm_pamax(ARMCPU *cpu)
ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE10_0:
- return ARMMMUIdx_Stage1_SE0;
- case ARMMMUIdx_SE10_1:
- return ARMMMUIdx_Stage1_SE1;
- case ARMMMUIdx_SE10_1_PAN:
- return ARMMMUIdx_Stage1_SE1_PAN;
case ARMMMUIdx_E10_0:
return ARMMMUIdx_Stage1_E0;
case ARMMMUIdx_E10_1:
@@ -95,11 +89,8 @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
- case ARMMMUIdx_SE10_0:
case ARMMMUIdx_E20_0:
- case ARMMMUIdx_SE20_0:
case ARMMMUIdx_Stage1_E0:
- case ARMMMUIdx_Stage1_SE0:
case ARMMMUIdx_MUser:
case ARMMMUIdx_MSUser:
case ARMMMUIdx_MUserNegPri:
@@ -2323,7 +2314,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
- is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
+ is_el0 = mmu_idx == ARMMMUIdx_E10_0;
/*
* S1 is done, now do S2 translation.
@@ -2531,6 +2522,8 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
case ARMMMUIdx_E2:
+ is_secure = arm_is_secure_below_el3(env);
+ break;
case ARMMMUIdx_Stage2:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
@@ -2538,17 +2531,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
case ARMMMUIdx_MUser:
is_secure = false;
break;
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- case ARMMMUIdx_SE20_0:
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- case ARMMMUIdx_Stage1_SE0:
- case ARMMMUIdx_Stage1_SE1:
- case ARMMMUIdx_Stage1_SE1_PAN:
- case ARMMMUIdx_SE2:
+ case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 163df8c615..1b593ada36 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -111,14 +111,6 @@ static int get_a64_user_mem_index(DisasContext *s)
case ARMMMUIdx_E20_2_PAN:
useridx = ARMMMUIdx_E20_0;
break;
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- useridx = ARMMMUIdx_SE10_0;
- break;
- case ARMMMUIdx_SE20_2:
- case ARMMMUIdx_SE20_2_PAN:
- useridx = ARMMMUIdx_SE20_0;
- break;
default:
g_assert_not_reached();
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index bf30231079..27e344d486 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -237,16 +237,12 @@ static inline int get_a32_user_mem_index(DisasContext *s)
* otherwise, access as if at PL0.
*/
switch (s->mmu_idx) {
+ case ARMMMUIdx_E3:
case ARMMMUIdx_E2: /* this one is UNPREDICTABLE */
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
return arm_to_core_mmu_idx(ARMMMUIdx_E10_0);
- case ARMMMUIdx_SE3:
- case ARMMMUIdx_SE10_0:
- case ARMMMUIdx_SE10_1:
- case ARMMMUIdx_SE10_1_PAN:
- return arm_to_core_mmu_idx(ARMMMUIdx_SE10_0);
case ARMMMUIdx_MUser:
case ARMMMUIdx_MPriv:
return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (25 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:46 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
` (39 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use a switch on mmu_idx for the a-profile indexes, instead of
three different if's vs regime_el and arm_mmu_idx_is_stage1_of_2.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 2c13586396..ae9552f46f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -148,21 +148,39 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
hcr_el2 = arm_hcr_el2_eff(env);
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Stage2_S:
/* HCR.DC means HCR.VM behaves as 1 */
return (hcr_el2 & (HCR_DC | HCR_VM)) == 0;
- }
- if (hcr_el2 & HCR_TGE) {
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
/* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!is_secure && regime_el(env, mmu_idx) == 1) {
+ if (!is_secure && (hcr_el2 & HCR_TGE)) {
return true;
}
- }
+ break;
- if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) {
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
/* HCR.DC means SCTLR_EL1.M behaves as 0 */
- return true;
+ if (hcr_el2 & HCR_DC) {
+ return true;
+ }
+ break;
+
+ case ARMMMUIdx_E20_0:
+ case ARMMMUIdx_E20_2:
+ case ARMMMUIdx_E20_2_PAN:
+ case ARMMMUIdx_E2:
+ case ARMMMUIdx_E3:
+ break;
+
+ default:
+ g_assert_not_reached();
}
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (26 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:49 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
` (38 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The effect of TGE does not only apply to non-secure state,
now that Secure EL2 exists.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ae9552f46f..7c0a4316a3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -157,8 +157,8 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
- /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */
- if (!is_secure && (hcr_el2 & HCR_TGE)) {
+ /* TGE means that EL0/1 act as if SCTLR_EL1.M is zero */
+ if (hcr_el2 & HCR_TGE) {
return true;
}
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (27 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:52 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
` (37 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
For page walking, we may require HCR for a security state
that is not "current".
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 20 +++++++++++++-------
target/arm/helper.c | 11 ++++++++---
2 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index cea2121f67..a08e546de4 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2401,15 +2401,15 @@ static inline bool arm_is_secure(CPUARMState *env)
* Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
* This corresponds to the pseudocode EL2Enabled()
*/
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+{
+ return (arm_feature(env, ARM_FEATURE_EL2)
+ && (!secure || (env->cp15.scr_el3 & SCR_EEL2)));
+}
+
static inline bool arm_is_el2_enabled(CPUARMState *env)
{
- if (arm_feature(env, ARM_FEATURE_EL2)) {
- if (arm_is_secure_below_el3(env)) {
- return (env->cp15.scr_el3 & SCR_EEL2) != 0;
- }
- return true;
- }
- return false;
+ return arm_is_el2_enabled_secstate(env, arm_is_secure_below_el3(env));
}
#else
@@ -2423,6 +2423,11 @@ static inline bool arm_is_secure(CPUARMState *env)
return false;
}
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+{
+ return false;
+}
+
static inline bool arm_is_el2_enabled(CPUARMState *env)
{
return false;
@@ -2435,6 +2440,7 @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
* "for all purposes other than a direct read or write access of HCR_EL2."
* Not included here is HCR_RW.
*/
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure);
uint64_t arm_hcr_el2_eff(CPUARMState *env);
uint64_t arm_hcrx_el2_eff(CPUARMState *env);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b9f1a3d826..55355197b8 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5101,15 +5101,15 @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri,
}
/*
- * Return the effective value of HCR_EL2.
+ * Return the effective value of HCR_EL2, at the given security state.
* Bits that are not included here:
* RW (read from SCR_EL3.RW as needed)
*/
-uint64_t arm_hcr_el2_eff(CPUARMState *env)
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure)
{
uint64_t ret = env->cp15.hcr_el2;
- if (!arm_is_el2_enabled(env)) {
+ if (!arm_is_el2_enabled_secstate(env, secure)) {
/*
* "This register has no effect if EL2 is not enabled in the
* current Security state". This is ARMv8.4-SecEL2 speak for
@@ -5168,6 +5168,11 @@ uint64_t arm_hcr_el2_eff(CPUARMState *env)
return ret;
}
+uint64_t arm_hcr_el2_eff(CPUARMState *env)
+{
+ return arm_hcr_el2_eff_secstate(env, arm_is_secure_below_el3(env));
+}
+
/*
* Corresponds to ARM pseudocode function ELIsInHost().
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (28 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 15:53 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 31/66] target/arm: Fix S2 disabled check " Richard Henderson
` (36 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Rename the argument to is_secure_ptr, and introduce a
local variable is_secure with the value. We only write
back to the pointer toward the end of the function.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7c0a4316a3..dbe5852af6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -207,24 +207,26 @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
/* Translate a S1 pagetable walk through S2 if needed. */
static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
- hwaddr addr, bool *is_secure,
+ hwaddr addr, bool *is_secure_ptr,
ARMMMUFaultInfo *fi)
{
+ bool is_secure = *is_secure_ptr;
+
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, *is_secure)) {
- ARMMMUIdx s2_mmu_idx = *is_secure ? ARMMMUIdx_Stage2_S
- : ARMMMUIdx_Stage2;
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
+ ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S
+ : ARMMMUIdx_Stage2;
GetPhysAddrResult s2 = {};
int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
- *is_secure, false, &s2, fi);
+ is_secure, false, &s2, fi);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !*is_secure;
+ fi->s1ns = !is_secure;
return ~0;
}
if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
@@ -237,19 +239,20 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !*is_secure;
+ fi->s1ns = !is_secure;
return ~0;
}
if (arm_is_secure_below_el3(env)) {
/* Check if page table walk is to secure or non-secure PA space. */
- if (*is_secure) {
- *is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
+ if (is_secure) {
+ is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
} else {
- *is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
+ is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
}
+ *is_secure_ptr = is_secure;
} else {
- assert(!*is_secure);
+ assert(!is_secure);
}
addr = s2.phys;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 31/66] target/arm: Fix S2 disabled check in S1_ptw_translate
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (29 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:01 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
` (35 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Pass the correct stage2 mmu_idx to regime_translation_disabled,
which we computed afterward.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index dbe5852af6..680139b478 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -211,11 +211,10 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
+ ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
- ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S
- : ARMMMUIdx_Stage2;
+ !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
GetPhysAddrResult s2 = {};
int ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (30 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 31/66] target/arm: Fix S2 disabled check " Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:05 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines Richard Henderson
` (34 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This value is unused.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 680139b478..5c6e5eea88 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2171,8 +2171,7 @@ static uint8_t force_cacheattr_nibble_wb(uint8_t attr)
* s1 and s2 for the HCR_EL2.FWB == 1 case, returning the
* combined attributes in MAIR_EL1 format.
*/
-static uint8_t combined_attrs_fwb(CPUARMState *env,
- ARMCacheAttrs s1, ARMCacheAttrs s2)
+static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
{
switch (s2.attrs) {
case 7:
@@ -2245,7 +2244,7 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
/* Combine memory type and cacheability attributes */
if (arm_hcr_el2_eff(env) & HCR_FWB) {
- ret.attrs = combined_attrs_fwb(env, s1, s2);
+ ret.attrs = combined_attrs_fwb(s1, s2);
} else {
ret.attrs = combined_attrs_nofwb(env, s1, s2);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines.
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (31 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:07 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
` (33 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
These subroutines did not need ENV for anything except
retrieving the effective value of HCR anyway.
We have computed the effective value of HCR in the callers,
and this will be especially important for interpreting HCR
in a non-current security state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5c6e5eea88..fe06bb032b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -186,7 +186,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
-static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
+static bool ptw_attrs_are_device(uint64_t hcr, ARMCacheAttrs cacheattrs)
{
/*
* For an S1 page table walk, the stage 1 attributes are always
@@ -198,7 +198,7 @@ static bool ptw_attrs_are_device(CPUARMState *env, ARMCacheAttrs cacheattrs)
* when cacheattrs.attrs bit [2] is 0.
*/
assert(cacheattrs.is_s2_format);
- if (arm_hcr_el2_eff(env) & HCR_FWB) {
+ if (hcr & HCR_FWB) {
return (cacheattrs.attrs & 0x4) == 0;
} else {
return (cacheattrs.attrs & 0xc) == 0;
@@ -216,6 +216,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
!regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
GetPhysAddrResult s2 = {};
+ uint64_t hcr;
int ret;
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
@@ -228,8 +229,9 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->s1ns = !is_secure;
return ~0;
}
- if ((arm_hcr_el2_eff(env) & HCR_PTW) &&
- ptw_attrs_are_device(env, s2.cacheattrs)) {
+
+ hcr = arm_hcr_el2_eff(env);
+ if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -2058,14 +2060,14 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* ref: shared/translation/attrs/S2AttrDecode()
* .../S2ConvertAttrsHints()
*/
-static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs)
+static uint8_t convert_stage2_attrs(uint64_t hcr, uint8_t s2attrs)
{
uint8_t hiattr = extract32(s2attrs, 2, 2);
uint8_t loattr = extract32(s2attrs, 0, 2);
uint8_t hihint = 0, lohint = 0;
if (hiattr != 0) { /* normal memory */
- if (arm_hcr_el2_eff(env) & HCR_CD) { /* cache disabled */
+ if (hcr & HCR_CD) { /* cache disabled */
hiattr = loattr = 1; /* non-cacheable */
} else {
if (hiattr != 1) { /* Write-through or write-back */
@@ -2111,12 +2113,12 @@ static uint8_t combine_cacheattr_nibble(uint8_t s1, uint8_t s2)
* s1 and s2 for the HCR_EL2.FWB == 0 case, returning the
* combined attributes in MAIR_EL1 format.
*/
-static uint8_t combined_attrs_nofwb(CPUARMState *env,
+static uint8_t combined_attrs_nofwb(uint64_t hcr,
ARMCacheAttrs s1, ARMCacheAttrs s2)
{
uint8_t s1lo, s2lo, s1hi, s2hi, s2_mair_attrs, ret_attrs;
- s2_mair_attrs = convert_stage2_attrs(env, s2.attrs);
+ s2_mair_attrs = convert_stage2_attrs(hcr, s2.attrs);
s1lo = extract32(s1.attrs, 0, 4);
s2lo = extract32(s2_mair_attrs, 0, 4);
@@ -2216,7 +2218,7 @@ static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
* @s1: Attributes from stage 1 walk
* @s2: Attributes from stage 2 walk
*/
-static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
+static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
ARMCacheAttrs s1, ARMCacheAttrs s2)
{
ARMCacheAttrs ret;
@@ -2243,10 +2245,10 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
}
/* Combine memory type and cacheability attributes */
- if (arm_hcr_el2_eff(env) & HCR_FWB) {
+ if (hcr & HCR_FWB) {
ret.attrs = combined_attrs_fwb(s1, s2);
} else {
- ret.attrs = combined_attrs_nofwb(env, s1, s2);
+ ret.attrs = combined_attrs_nofwb(hcr, s1, s2);
}
/*
@@ -2312,6 +2314,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
bool is_el0;
+ uint64_t hcr;
ret = get_phys_addr_with_secure(env, address, access_type,
s1_mmu_idx, is_secure, result, fi);
@@ -2357,7 +2360,8 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
/* Combine the S1 and S2 cache attributes. */
- if (arm_hcr_el2_eff(env) & HCR_DC) {
+ hcr = arm_hcr_el2_eff(env);
+ if (hcr & HCR_DC) {
/*
* HCR.DC forces the first stage attributes to
* Normal Non-Shareable,
@@ -2370,7 +2374,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
cacheattrs1.shareability = 0;
}
- result->cacheattrs = combine_cacheattrs(env, cacheattrs1,
+ result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
result->cacheattrs);
/* Check if IPA translates to secure or non-secure PA space. */
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (32 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:09 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled Richard Henderson
` (32 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use arm_hcr_el2_eff_secstate instead of arm_hcr_el2_eff, so
that we use is_state instead of the currend security state.
These AT* operations have been broken since arm_hcr_el2_eff
gained a check for "el2 enabled" for Secure EL2.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fe06bb032b..4da932b464 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -146,7 +146,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
- hcr_el2 = arm_hcr_el2_eff(env);
+ hcr_el2 = arm_hcr_el2_eff_secstate(env, is_secure);
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
@@ -230,7 +230,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return ~0;
}
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
/*
* PTW set and S1 walk touched S2 Device memory:
@@ -2360,7 +2360,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
}
/* Combine the S1 and S2 cache attributes. */
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
if (hcr & HCR_DC) {
/*
* HCR.DC forces the first stage attributes to
@@ -2493,7 +2493,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
result->page_size = TARGET_PAGE_SIZE;
/* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff(env);
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
result->cacheattrs.shareability = 0;
result->cacheattrs.is_s2_format = false;
if (hcr & HCR_DC) {
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (33 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:11 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled Richard Henderson
` (31 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 138 +++++++++++++++++++++++++----------------------
1 file changed, 74 insertions(+), 64 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4da932b464..c798b30db2 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2271,6 +2271,78 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
return ret;
}
+/*
+ * MMU disabled. S1 addresses within aa64 translation regimes are
+ * still checked for bounds -- see AArch64.S1DisabledOutput().
+ */
+static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
+{
+ uint64_t hcr;
+ uint8_t memattr;
+
+ if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
+ int r_el = regime_el(env, mmu_idx);
+ if (arm_el_is_aa64(env, r_el)) {
+ int pamax = arm_pamax(env_archcpu(env));
+ uint64_t tcr = env->cp15.tcr_el[r_el];
+ int addrtop, tbi;
+
+ tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
+ if (access_type == MMU_INST_FETCH) {
+ tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ }
+ tbi = (tbi >> extract64(address, 55, 1)) & 1;
+ addrtop = (tbi ? 55 : 63);
+
+ if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
+ fi->type = ARMFault_AddressSize;
+ fi->level = 0;
+ fi->stage2 = false;
+ return 1;
+ }
+
+ /*
+ * When TBI is disabled, we've just validated that all of the
+ * bits above PAMax are zero, so logically we only need to
+ * clear the top byte for TBI. But it's clearer to follow
+ * the pseudocode set of addrdesc.paddress.
+ */
+ address = extract64(address, 0, 52);
+ }
+ }
+
+ result->phys = address;
+ result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->page_size = TARGET_PAGE_SIZE;
+
+ /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ result->cacheattrs.shareability = 0;
+ result->cacheattrs.is_s2_format = false;
+ if (hcr & HCR_DC) {
+ if (hcr & HCR_DCT) {
+ memattr = 0xf0; /* Tagged, Normal, WB, RWA */
+ } else {
+ memattr = 0xff; /* Normal, WB, RWA */
+ }
+ } else if (access_type == MMU_INST_FETCH) {
+ if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
+ memattr = 0xee; /* Normal, WT, RA, NT */
+ } else {
+ memattr = 0x44; /* Normal, NC, No */
+ }
+ result->cacheattrs.shareability = 2; /* outer sharable */
+ } else {
+ memattr = 0x00; /* Device, nGnRnE */
+ }
+ result->cacheattrs.attrs = memattr;
+ return 0;
+}
+
/**
* get_phys_addr - get the physical address for this virtual address
*
@@ -2451,71 +2523,9 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
- uint64_t hcr;
- uint8_t memattr;
-
- /*
- * MMU disabled. S1 addresses within aa64 translation regimes are
- * still checked for bounds -- see AArch64.TranslateAddressS1Off.
- */
- if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
- int r_el = regime_el(env, mmu_idx);
- if (arm_el_is_aa64(env, r_el)) {
- int pamax = arm_pamax(env_archcpu(env));
- uint64_t tcr = env->cp15.tcr_el[r_el];
- int addrtop, tbi;
-
- tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
- if (access_type == MMU_INST_FETCH) {
- tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
- }
- tbi = (tbi >> extract64(address, 55, 1)) & 1;
- addrtop = (tbi ? 55 : 63);
-
- if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
- fi->type = ARMFault_AddressSize;
- fi->level = 0;
- fi->stage2 = false;
- return 1;
- }
-
- /*
- * When TBI is disabled, we've just validated that all of the
- * bits above PAMax are zero, so logically we only need to
- * clear the top byte for TBI. But it's clearer to follow
- * the pseudocode set of addrdesc.paddress.
- */
- address = extract64(address, 0, 52);
- }
- }
- result->phys = address;
- result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
- result->page_size = TARGET_PAGE_SIZE;
-
- /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- result->cacheattrs.shareability = 0;
- result->cacheattrs.is_s2_format = false;
- if (hcr & HCR_DC) {
- if (hcr & HCR_DCT) {
- memattr = 0xf0; /* Tagged, Normal, WB, RWA */
- } else {
- memattr = 0xff; /* Normal, WB, RWA */
- }
- } else if (access_type == MMU_INST_FETCH) {
- if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
- memattr = 0xee; /* Normal, WT, RA, NT */
- } else {
- memattr = 0x44; /* Normal, NC, No */
- }
- result->cacheattrs.shareability = 2; /* outer sharable */
- } else {
- memattr = 0x00; /* Device, nGnRnE */
- }
- result->cacheattrs.attrs = memattr;
- return 0;
+ return get_phys_addr_disabled(env, address, access_type, mmu_idx,
+ is_secure, result, fi);
}
-
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx,
is_secure, false, result, fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (34 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-20 16:21 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 37/66] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull Richard Henderson
` (30 subsequent siblings)
66 siblings, 1 reply; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Use a switch. Do not apply memattr or shareability for Stage2
translations. Make sure to apply HCR_{DC,DCT} only to Regime_EL10,
per the pseudocode in AArch64.S1DisabledOutput.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 115 +++++++++++++++++++++++++++--------------------
1 file changed, 67 insertions(+), 48 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index c798b30db2..fa76f98b04 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2281,64 +2281,83 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- uint64_t hcr;
- uint8_t memattr;
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint8_t memattr, shareability;
- if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
- int r_el = regime_el(env, mmu_idx);
- if (arm_el_is_aa64(env, r_el)) {
- int pamax = arm_pamax(env_archcpu(env));
- uint64_t tcr = env->cp15.tcr_el[r_el];
- int addrtop, tbi;
+ switch (mmu_idx) {
+ case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Stage2_S:
+ memattr = 0x00; /* unused, but Device, nGnRnE */
+ shareability = 0; /* unused, but non-shareable */
+ break;
- tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
- if (access_type == MMU_INST_FETCH) {
- tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E10_1:
+ case ARMMMUIdx_E10_1_PAN:
+ if (hcr & HCR_DC) {
+ if (hcr & HCR_DCT) {
+ memattr = 0xf0; /* Tagged, Normal, WB, RWA */
+ } else {
+ memattr = 0xff; /* Normal, WB, RWA */
}
- tbi = (tbi >> extract64(address, 55, 1)) & 1;
- addrtop = (tbi ? 55 : 63);
-
- if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
- fi->type = ARMFault_AddressSize;
- fi->level = 0;
- fi->stage2 = false;
- return 1;
- }
-
- /*
- * When TBI is disabled, we've just validated that all of the
- * bits above PAMax are zero, so logically we only need to
- * clear the top byte for TBI. But it's clearer to follow
- * the pseudocode set of addrdesc.paddress.
- */
- address = extract64(address, 0, 52);
+ shareability = 0; /* non-shareable */
+ goto check_range;
}
+ /* fall through */
+
+ default:
+ if (access_type == MMU_INST_FETCH) {
+ if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
+ memattr = 0xee; /* Normal, WT, RA, NT */
+ } else {
+ memattr = 0x44; /* Normal, NC, No */
+ }
+ shareability = 2; /* Outer sharable */
+ } else {
+ memattr = 0x00; /* unused, but Device, nGnRnE */
+ shareability = 0; /* non-shareable */
+ }
+ /* fall through */
+
+ check_range:
+ {
+ int r_el = regime_el(env, mmu_idx);
+ if (arm_el_is_aa64(env, r_el)) {
+ int pamax = arm_pamax(env_archcpu(env));
+ uint64_t tcr = env->cp15.tcr_el[r_el];
+ int addrtop, tbi;
+
+ tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
+ if (access_type == MMU_INST_FETCH) {
+ tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
+ }
+ tbi = (tbi >> extract64(address, 55, 1)) & 1;
+ addrtop = (tbi ? 55 : 63);
+
+ if (extract64(address, pamax, addrtop - pamax + 1) != 0) {
+ fi->type = ARMFault_AddressSize;
+ fi->level = 0;
+ fi->stage2 = false;
+ return 1;
+ }
+
+ /*
+ * When TBI is disabled, we've just validated that all of
+ * the bits above PAMax are zero, so logically we only
+ * need to clear the top byte for TBI. But it's clearer
+ * to follow the pseudocode set of addrdesc.paddress.
+ */
+ address = extract64(address, 0, 52);
+ }
+ }
+ break;
}
result->phys = address;
result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
result->page_size = TARGET_PAGE_SIZE;
-
- /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- result->cacheattrs.shareability = 0;
result->cacheattrs.is_s2_format = false;
- if (hcr & HCR_DC) {
- if (hcr & HCR_DCT) {
- memattr = 0xf0; /* Tagged, Normal, WB, RWA */
- } else {
- memattr = 0xff; /* Normal, WB, RWA */
- }
- } else if (access_type == MMU_INST_FETCH) {
- if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
- memattr = 0xee; /* Normal, WT, RA, NT */
- } else {
- memattr = 0x44; /* Normal, NC, No */
- }
- result->cacheattrs.shareability = 2; /* outer sharable */
- } else {
- memattr = 0x00; /* Device, nGnRnE */
- }
+ result->cacheattrs.shareability = shareability;
result->cacheattrs.attrs = memattr;
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 37/66] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (35 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 38/66] accel/tcg: Drop addr member from SavedIOTLB Richard Henderson
` (29 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This structure will shortly contain more than just
data for accessing MMIO. Rename the 'addr' member
to 'xlat_section' to more clearly indicate its purpose.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/cpu-defs.h | 22 ++++----
accel/tcg/cputlb.c | 102 +++++++++++++++++++------------------
target/arm/mte_helper.c | 14 ++---
target/arm/sve_helper.c | 4 +-
target/arm/translate-a64.c | 2 +-
5 files changed, 73 insertions(+), 71 deletions(-)
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index ba3cd32a1e..f70f54d850 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -108,6 +108,7 @@ typedef uint64_t target_ulong;
# endif
# endif
+/* Minimalized TLB entry for use by TCG fast path. */
typedef struct CPUTLBEntry {
/* bit TARGET_LONG_BITS to TARGET_PAGE_BITS : virtual address
bit TARGET_PAGE_BITS-1..4 : Nonzero for accesses that should not
@@ -131,14 +132,14 @@ typedef struct CPUTLBEntry {
QEMU_BUILD_BUG_ON(sizeof(CPUTLBEntry) != (1 << CPU_TLB_ENTRY_BITS));
-/* The IOTLB is not accessed directly inline by generated TCG code,
- * so the CPUIOTLBEntry layout is not as critical as that of the
- * CPUTLBEntry. (This is also why we don't want to combine the two
- * structs into one.)
+/*
+ * The full TLB entry, which is not accessed by generated TCG code,
+ * so the layout is not as critical as that of CPUTLBEntry. This is
+ * also why we don't want to combine the two structs.
*/
-typedef struct CPUIOTLBEntry {
+typedef struct CPUTLBEntryFull {
/*
- * @addr contains:
+ * @xlat_section contains:
* - in the lower TARGET_PAGE_BITS, a physical section number
* - with the lower TARGET_PAGE_BITS masked off, an offset which
* must be added to the virtual address to obtain:
@@ -146,9 +147,9 @@ typedef struct CPUIOTLBEntry {
* number is PHYS_SECTION_NOTDIRTY or PHYS_SECTION_ROM)
* + the offset within the target MemoryRegion (otherwise)
*/
- hwaddr addr;
+ hwaddr xlat_section;
MemTxAttrs attrs;
-} CPUIOTLBEntry;
+} CPUTLBEntryFull;
/*
* Data elements that are per MMU mode, minus the bits accessed by
@@ -172,9 +173,8 @@ typedef struct CPUTLBDesc {
size_t vindex;
/* The tlb victim table, in two parts. */
CPUTLBEntry vtable[CPU_VTLB_SIZE];
- CPUIOTLBEntry viotlb[CPU_VTLB_SIZE];
- /* The iotlb. */
- CPUIOTLBEntry *iotlb;
+ CPUTLBEntryFull vfulltlb[CPU_VTLB_SIZE];
+ CPUTLBEntryFull *fulltlb;
} CPUTLBDesc;
/*
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index a46f3a654d..a37275bf8e 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -200,13 +200,13 @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
}
g_free(fast->table);
- g_free(desc->iotlb);
+ g_free(desc->fulltlb);
tlb_window_reset(desc, now, 0);
/* desc->n_used_entries is cleared by the caller */
fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
fast->table = g_try_new(CPUTLBEntry, new_size);
- desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
+ desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
/*
* If the allocations fail, try smaller sizes. We just freed some
@@ -215,7 +215,7 @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
* allocations to fail though, so we progressively reduce the allocation
* size, aborting if we cannot even allocate the smallest TLB we support.
*/
- while (fast->table == NULL || desc->iotlb == NULL) {
+ while (fast->table == NULL || desc->fulltlb == NULL) {
if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
error_report("%s: %s", __func__, strerror(errno));
abort();
@@ -224,9 +224,9 @@ static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
g_free(fast->table);
- g_free(desc->iotlb);
+ g_free(desc->fulltlb);
fast->table = g_try_new(CPUTLBEntry, new_size);
- desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
+ desc->fulltlb = g_try_new(CPUTLBEntryFull, new_size);
}
}
@@ -258,7 +258,7 @@ static void tlb_mmu_init(CPUTLBDesc *desc, CPUTLBDescFast *fast, int64_t now)
desc->n_used_entries = 0;
fast->mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
fast->table = g_new(CPUTLBEntry, n_entries);
- desc->iotlb = g_new(CPUIOTLBEntry, n_entries);
+ desc->fulltlb = g_new(CPUTLBEntryFull, n_entries);
tlb_mmu_flush_locked(desc, fast);
}
@@ -299,7 +299,7 @@ void tlb_destroy(CPUState *cpu)
CPUTLBDescFast *fast = &env_tlb(env)->f[i];
g_free(fast->table);
- g_free(desc->iotlb);
+ g_free(desc->fulltlb);
}
}
@@ -1219,7 +1219,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
/* Evict the old entry into the victim tlb. */
copy_tlb_helper_locked(tv, te);
- desc->viotlb[vidx] = desc->iotlb[index];
+ desc->vfulltlb[vidx] = desc->fulltlb[index];
tlb_n_used_entries_dec(env, mmu_idx);
}
@@ -1236,8 +1236,8 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
* subtract here is that of the page base, and not the same as the
* vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
*/
- desc->iotlb[index].addr = iotlb - vaddr_page;
- desc->iotlb[index].attrs = attrs;
+ desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
+ desc->fulltlb[index].attrs = attrs;
/* Now calculate the new entry */
tn.addend = addend - vaddr_page;
@@ -1341,7 +1341,7 @@ static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
}
}
-static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
int mmu_idx, target_ulong addr, uintptr_t retaddr,
MMUAccessType access_type, MemOp op)
{
@@ -1353,9 +1353,9 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
bool locked = false;
MemTxResult r;
- section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+ section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
mr = section->mr;
- mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+ mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
cpu->mem_io_pc = retaddr;
if (!cpu->can_do_io) {
cpu_io_recompile(cpu, retaddr);
@@ -1365,14 +1365,14 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
qemu_mutex_lock_iothread();
locked = true;
}
- r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
+ r = memory_region_dispatch_read(mr, mr_offset, &val, op, full->attrs);
if (r != MEMTX_OK) {
hwaddr physaddr = mr_offset +
section->offset_within_address_space -
section->offset_within_region;
cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
- mmu_idx, iotlbentry->attrs, r, retaddr);
+ mmu_idx, full->attrs, r, retaddr);
}
if (locked) {
qemu_mutex_unlock_iothread();
@@ -1382,8 +1382,8 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
}
/*
- * Save a potentially trashed IOTLB entry for later lookup by plugin.
- * This is read by tlb_plugin_lookup if the iotlb entry doesn't match
+ * Save a potentially trashed CPUTLBEntryFull for later lookup by plugin.
+ * This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
* because of the side effect of io_writex changing memory layout.
*/
static void save_iotlb_data(CPUState *cs, hwaddr addr,
@@ -1397,7 +1397,7 @@ static void save_iotlb_data(CPUState *cs, hwaddr addr,
#endif
}
-static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
int mmu_idx, uint64_t val, target_ulong addr,
uintptr_t retaddr, MemOp op)
{
@@ -1408,9 +1408,9 @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
bool locked = false;
MemTxResult r;
- section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+ section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
mr = section->mr;
- mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+ mr_offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
if (!cpu->can_do_io) {
cpu_io_recompile(cpu, retaddr);
}
@@ -1420,20 +1420,20 @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
* The memory_region_dispatch may trigger a flush/resize
* so for plugins we save the iotlb_data just in case.
*/
- save_iotlb_data(cpu, iotlbentry->addr, section, mr_offset);
+ save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
if (!qemu_mutex_iothread_locked()) {
qemu_mutex_lock_iothread();
locked = true;
}
- r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
+ r = memory_region_dispatch_write(mr, mr_offset, val, op, full->attrs);
if (r != MEMTX_OK) {
hwaddr physaddr = mr_offset +
section->offset_within_address_space -
section->offset_within_region;
cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
- MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
+ MMU_DATA_STORE, mmu_idx, full->attrs, r,
retaddr);
}
if (locked) {
@@ -1480,9 +1480,10 @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
copy_tlb_helper_locked(vtlb, &tmptlb);
qemu_spin_unlock(&env_tlb(env)->c.lock);
- CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
- CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
- tmpio = *io; *io = *vio; *vio = tmpio;
+ CPUTLBEntryFull *f1 = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+ CPUTLBEntryFull *f2 = &env_tlb(env)->d[mmu_idx].vfulltlb[vidx];
+ CPUTLBEntryFull tmpf;
+ tmpf = *f1; *f1 = *f2; *f2 = tmpf;
return true;
}
}
@@ -1550,9 +1551,9 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
}
static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
- CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
+ CPUTLBEntryFull *full, uintptr_t retaddr)
{
- ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
+ ram_addr_t ram_addr = mem_vaddr + full->xlat_section;
trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
@@ -1645,9 +1646,9 @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
/* Handle clean RAM pages. */
if (unlikely(flags & TLB_NOTDIRTY)) {
uintptr_t index = tlb_index(env, mmu_idx, addr);
- CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+ CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
- notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
+ notdirty_write(env_cpu(env), addr, 1, full, retaddr);
flags &= ~TLB_NOTDIRTY;
}
@@ -1672,19 +1673,19 @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
uintptr_t index = tlb_index(env, mmu_idx, addr);
- CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+ CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
/* Handle watchpoints. */
if (flags & TLB_WATCHPOINT) {
int wp_access = (access_type == MMU_DATA_STORE
? BP_MEM_WRITE : BP_MEM_READ);
cpu_check_watchpoint(env_cpu(env), addr, size,
- iotlbentry->attrs, wp_access, retaddr);
+ full->attrs, wp_access, retaddr);
}
/* Handle clean RAM pages. */
if (flags & TLB_NOTDIRTY) {
- notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
+ notdirty_write(env_cpu(env), addr, 1, full, retaddr);
}
}
@@ -1715,7 +1716,7 @@ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
* should have just filled the TLB. The one corner case is io_writex
* which can cause TLB flushes and potential resizing of the TLBs
* losing the information we need. In those cases we need to recover
- * data from a copy of the iotlbentry. As long as this always occurs
+ * data from a copy of the CPUTLBEntryFull. As long as this always occurs
* from the same thread (which a mem callback will be) this is safe.
*/
@@ -1730,11 +1731,12 @@ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
if (likely(tlb_hit(tlb_addr, addr))) {
/* We must have an iotlb entry for MMIO */
if (tlb_addr & TLB_MMIO) {
- CPUIOTLBEntry *iotlbentry;
- iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+ CPUTLBEntryFull *full;
+ full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
data->is_io = true;
- data->v.io.section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
- data->v.io.offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+ data->v.io.section =
+ iotlb_to_section(cpu, full->xlat_section, full->attrs);
+ data->v.io.offset = (full->xlat_section & TARGET_PAGE_MASK) + addr;
} else {
data->is_io = false;
data->v.ram.hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
@@ -1842,7 +1844,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
notdirty_write(env_cpu(env), addr, size,
- &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
+ &env_tlb(env)->d[mmu_idx].fulltlb[index], retaddr);
}
return hostaddr;
@@ -1950,7 +1952,7 @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
/* Handle anything that isn't just a straight memory access. */
if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
- CPUIOTLBEntry *iotlbentry;
+ CPUTLBEntryFull *full;
bool need_swap;
/* For anything that is unaligned, recurse through full_load. */
@@ -1958,20 +1960,20 @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
goto do_unaligned_access;
}
- iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+ full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
/* Handle watchpoints. */
if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
/* On watchpoint hit, this will longjmp out. */
cpu_check_watchpoint(env_cpu(env), addr, size,
- iotlbentry->attrs, BP_MEM_READ, retaddr);
+ full->attrs, BP_MEM_READ, retaddr);
}
need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
/* Handle I/O access. */
if (likely(tlb_addr & TLB_MMIO)) {
- return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
+ return io_readx(env, full, mmu_idx, addr, retaddr,
access_type, op ^ (need_swap * MO_BSWAP));
}
@@ -2286,12 +2288,12 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
*/
if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
cpu_check_watchpoint(env_cpu(env), addr, size - size2,
- env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
+ env_tlb(env)->d[mmu_idx].fulltlb[index].attrs,
BP_MEM_WRITE, retaddr);
}
if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
cpu_check_watchpoint(env_cpu(env), page2, size2,
- env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
+ env_tlb(env)->d[mmu_idx].fulltlb[index2].attrs,
BP_MEM_WRITE, retaddr);
}
@@ -2355,7 +2357,7 @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
/* Handle anything that isn't just a straight memory access. */
if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
- CPUIOTLBEntry *iotlbentry;
+ CPUTLBEntryFull *full;
bool need_swap;
/* For anything that is unaligned, recurse through byte stores. */
@@ -2363,20 +2365,20 @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
goto do_unaligned_access;
}
- iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
+ full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
/* Handle watchpoints. */
if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
/* On watchpoint hit, this will longjmp out. */
cpu_check_watchpoint(env_cpu(env), addr, size,
- iotlbentry->attrs, BP_MEM_WRITE, retaddr);
+ full->attrs, BP_MEM_WRITE, retaddr);
}
need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
/* Handle I/O access. */
if (tlb_addr & TLB_MMIO) {
- io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
+ io_writex(env, full, mmu_idx, val, addr, retaddr,
op ^ (need_swap * MO_BSWAP));
return;
}
@@ -2388,7 +2390,7 @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
/* Handle clean RAM pages. */
if (tlb_addr & TLB_NOTDIRTY) {
- notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
+ notdirty_write(env_cpu(env), addr, size, full, retaddr);
}
haddr = (void *)((uintptr_t)addr + entry->addend);
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index d11a8c70d0..fdd23ab3f8 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -106,7 +106,7 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
return tags + index;
#else
uintptr_t index;
- CPUIOTLBEntry *iotlbentry;
+ CPUTLBEntryFull *full;
int in_page, flags;
ram_addr_t ptr_ra;
hwaddr ptr_paddr, tag_paddr, xlat;
@@ -129,7 +129,7 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
assert(!(flags & TLB_INVALID_MASK));
/*
- * Find the iotlbentry for ptr. This *must* be present in the TLB
+ * Find the CPUTLBEntryFull for ptr. This *must* be present in the TLB
* because we just found the mapping.
* TODO: Perhaps there should be a cputlb helper that returns a
* matching tlb entry + iotlb entry.
@@ -144,10 +144,10 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
g_assert(tlb_hit(comparator, ptr));
}
# endif
- iotlbentry = &env_tlb(env)->d[ptr_mmu_idx].iotlb[index];
+ full = &env_tlb(env)->d[ptr_mmu_idx].fulltlb[index];
/* If the virtual page MemAttr != Tagged, access unchecked. */
- if (!arm_tlb_mte_tagged(&iotlbentry->attrs)) {
+ if (!arm_tlb_mte_tagged(&full->attrs)) {
return NULL;
}
@@ -181,7 +181,7 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
int wp = ptr_access == MMU_DATA_LOAD ? BP_MEM_READ : BP_MEM_WRITE;
assert(ra != 0);
cpu_check_watchpoint(env_cpu(env), ptr, ptr_size,
- iotlbentry->attrs, wp, ra);
+ full->attrs, wp, ra);
}
/*
@@ -202,11 +202,11 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
tag_paddr = ptr_paddr >> (LOG2_TAG_GRANULE + 1);
/* Look up the address in tag space. */
- tag_asi = iotlbentry->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
+ tag_asi = full->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
tag_as = cpu_get_address_space(env_cpu(env), tag_asi);
mr = address_space_translate(tag_as, tag_paddr, &xlat, NULL,
tag_access == MMU_DATA_STORE,
- iotlbentry->attrs);
+ full->attrs);
/*
* Note that @mr will never be NULL. If there is nothing in the address
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index d6f7ef94fe..9cae8fd352 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5384,8 +5384,8 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
g_assert(tlb_hit(comparator, addr));
# endif
- CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
- info->attrs = iotlbentry->attrs;
+ CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+ info->attrs = full->attrs;
}
#endif
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 1b593ada36..305044a141 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14626,7 +14626,7 @@ static bool is_guarded_page(CPUARMState *env, DisasContext *s)
* table entry even for that case.
*/
return (tlb_hit(entry->addr_code, addr) &&
- arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].iotlb[index].attrs));
+ arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].fulltlb[index].attrs));
#endif
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 38/66] accel/tcg: Drop addr member from SavedIOTLB
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (36 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 37/66] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 39/66] accel/tcg: Suppress auto-invalidate in probe_access_internal Richard Henderson
` (28 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This field is only written, not read; remove it.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/hw/core/cpu.h | 1 -
accel/tcg/cputlb.c | 7 +++----
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 500503da13..9e47184513 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -218,7 +218,6 @@ struct CPUWatchpoint {
* the memory regions get moved around by io_writex.
*/
typedef struct SavedIOTLB {
- hwaddr addr;
MemoryRegionSection *section;
hwaddr mr_offset;
} SavedIOTLB;
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index a37275bf8e..1509df96b4 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1386,12 +1386,11 @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
* This is read by tlb_plugin_lookup if the fulltlb entry doesn't match
* because of the side effect of io_writex changing memory layout.
*/
-static void save_iotlb_data(CPUState *cs, hwaddr addr,
- MemoryRegionSection *section, hwaddr mr_offset)
+static void save_iotlb_data(CPUState *cs, MemoryRegionSection *section,
+ hwaddr mr_offset)
{
#ifdef CONFIG_PLUGIN
SavedIOTLB *saved = &cs->saved_iotlb;
- saved->addr = addr;
saved->section = section;
saved->mr_offset = mr_offset;
#endif
@@ -1420,7 +1419,7 @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
* The memory_region_dispatch may trigger a flush/resize
* so for plugins we save the iotlb_data just in case.
*/
- save_iotlb_data(cpu, full->xlat_section, section, mr_offset);
+ save_iotlb_data(cpu, section, mr_offset);
if (!qemu_mutex_iothread_locked()) {
qemu_mutex_lock_iothread();
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 39/66] accel/tcg: Suppress auto-invalidate in probe_access_internal
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (37 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 38/66] accel/tcg: Drop addr member from SavedIOTLB Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 40/66] accel/tcg: Introduce probe_access_full Richard Henderson
` (27 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, David Hildenbrand
When PAGE_WRITE_INV is set when calling tlb_set_page,
we immediately set TLB_INVALID_MASK in order to force
tlb_fill to be called on the next lookup. Here in
probe_access_internal, we have just called tlb_fill
and eliminated true misses, thus the lookup must be valid.
This allows us to remove a warning comment from s390x.
There doesn't seem to be a reason to change the code though.
Cc: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
accel/tcg/cputlb.c | 10 +++++++++-
target/s390x/tcg/mem_helper.c | 4 ----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 1509df96b4..5359113e8d 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1602,6 +1602,7 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
}
tlb_addr = tlb_read_ofs(entry, elt_ofs);
+ flags = TLB_FLAGS_MASK;
page_addr = addr & TARGET_PAGE_MASK;
if (!tlb_hit_page(tlb_addr, page_addr)) {
if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
@@ -1617,10 +1618,17 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
/* TLB resize via tlb_fill may have moved the entry. */
entry = tlb_entry(env, mmu_idx, addr);
+
+ /*
+ * With PAGE_WRITE_INV, we set TLB_INVALID_MASK immediately,
+ * to force the next access through tlb_fill. We've just
+ * called tlb_fill, so we know that this entry *is* valid.
+ */
+ flags &= ~TLB_INVALID_MASK;
}
tlb_addr = tlb_read_ofs(entry, elt_ofs);
}
- flags = tlb_addr & TLB_FLAGS_MASK;
+ flags &= tlb_addr;
/* Fold all "mmio-like" bits into TLB_MMIO. This is not RAM. */
if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index fc52aa128b..3758b9e688 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -148,10 +148,6 @@ static int s390_probe_access(CPUArchState *env, target_ulong addr, int size,
#else
int flags;
- /*
- * For !CONFIG_USER_ONLY, we cannot rely on TLB_INVALID_MASK or haddr==NULL
- * to detect if there was an exception during tlb_fill().
- */
env->tlb_fill_exc = 0;
flags = probe_access_flags(env, addr, access_type, mmu_idx, nonfault, phost,
ra);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 40/66] accel/tcg: Introduce probe_access_full
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (38 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 39/66] accel/tcg: Suppress auto-invalidate in probe_access_internal Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 41/66] accel/tcg: Introduce tlb_set_page_full Richard Henderson
` (26 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Add an interface to return the CPUTLBEntryFull struct
that goes with the lookup. The result is not intended
to be valid across multiple lookups, so the user must
use the results immediately.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/exec-all.h | 11 +++++++++++
accel/tcg/cputlb.c | 44 +++++++++++++++++++++++++----------------
2 files changed, 38 insertions(+), 17 deletions(-)
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 311e5fb422..e366b5c1ba 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -435,6 +435,17 @@ int probe_access_flags(CPUArchState *env, target_ulong addr,
MMUAccessType access_type, int mmu_idx,
bool nonfault, void **phost, uintptr_t retaddr);
+#ifndef CONFIG_USER_ONLY
+/**
+ * probe_access_full:
+ * Like probe_access_flags, except also return into @pfull.
+ */
+int probe_access_full(CPUArchState *env, target_ulong addr,
+ MMUAccessType access_type, int mmu_idx,
+ bool nonfault, void **phost,
+ CPUTLBEntryFull **pfull, uintptr_t retaddr);
+#endif
+
#define CODE_GEN_ALIGN 16 /* must be >= of the size of a icache line */
/* Estimated block size for TB allocation. */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 5359113e8d..1c59e701e6 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1579,7 +1579,8 @@ static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
static int probe_access_internal(CPUArchState *env, target_ulong addr,
int fault_size, MMUAccessType access_type,
int mmu_idx, bool nonfault,
- void **phost, uintptr_t retaddr)
+ void **phost, CPUTLBEntryFull **pfull,
+ uintptr_t retaddr)
{
uintptr_t index = tlb_index(env, mmu_idx, addr);
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
@@ -1613,10 +1614,12 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
mmu_idx, nonfault, retaddr)) {
/* Non-faulting page table read failed. */
*phost = NULL;
+ *pfull = NULL;
return TLB_INVALID_MASK;
}
/* TLB resize via tlb_fill may have moved the entry. */
+ index = tlb_index(env, mmu_idx, addr);
entry = tlb_entry(env, mmu_idx, addr);
/*
@@ -1630,6 +1633,8 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
}
flags &= tlb_addr;
+ *pfull = &env_tlb(env)->d[mmu_idx].fulltlb[index];
+
/* Fold all "mmio-like" bits into TLB_MMIO. This is not RAM. */
if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
*phost = NULL;
@@ -1641,37 +1646,44 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
return flags;
}
-int probe_access_flags(CPUArchState *env, target_ulong addr,
- MMUAccessType access_type, int mmu_idx,
- bool nonfault, void **phost, uintptr_t retaddr)
+int probe_access_full(CPUArchState *env, target_ulong addr,
+ MMUAccessType access_type, int mmu_idx,
+ bool nonfault, void **phost, CPUTLBEntryFull **pfull,
+ uintptr_t retaddr)
{
- int flags;
-
- flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
- nonfault, phost, retaddr);
+ int flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
+ nonfault, phost, pfull, retaddr);
/* Handle clean RAM pages. */
if (unlikely(flags & TLB_NOTDIRTY)) {
- uintptr_t index = tlb_index(env, mmu_idx, addr);
- CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
-
- notdirty_write(env_cpu(env), addr, 1, full, retaddr);
+ notdirty_write(env_cpu(env), addr, 1, *pfull, retaddr);
flags &= ~TLB_NOTDIRTY;
}
return flags;
}
+int probe_access_flags(CPUArchState *env, target_ulong addr,
+ MMUAccessType access_type, int mmu_idx,
+ bool nonfault, void **phost, uintptr_t retaddr)
+{
+ CPUTLBEntryFull *full;
+
+ return probe_access_full(env, addr, access_type, mmu_idx,
+ nonfault, phost, &full, retaddr);
+}
+
void *probe_access(CPUArchState *env, target_ulong addr, int size,
MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
{
+ CPUTLBEntryFull *full;
void *host;
int flags;
g_assert(-(addr | TARGET_PAGE_MASK) >= size);
flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
- false, &host, retaddr);
+ false, &host, &full, retaddr);
/* Per the interface, size == 0 merely faults the access. */
if (size == 0) {
@@ -1679,9 +1691,6 @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
}
if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
- uintptr_t index = tlb_index(env, mmu_idx, addr);
- CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
-
/* Handle watchpoints. */
if (flags & TLB_WATCHPOINT) {
int wp_access = (access_type == MMU_DATA_STORE
@@ -1702,11 +1711,12 @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
MMUAccessType access_type, int mmu_idx)
{
+ CPUTLBEntryFull *full;
void *host;
int flags;
flags = probe_access_internal(env, addr, 0, access_type,
- mmu_idx, true, &host, 0);
+ mmu_idx, true, &host, &full, 0);
/* No combination of flags are expected by the caller. */
return flags ? NULL : host;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 41/66] accel/tcg: Introduce tlb_set_page_full
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (39 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 40/66] accel/tcg: Introduce probe_access_full Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 42/66] target/arm: Use tlb_set_page_full Richard Henderson
` (25 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Now that we have collected all of the page data into
CPUTLBEntryFull, provide an interface to record that
all in one go, instead of using 4 arguments. This interface
allows CPUTLBEntryFull to be extended without having to
change the number of arguments.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/cpu-defs.h | 14 ++++++++++
include/exec/exec-all.h | 22 +++++++++++++++
accel/tcg/cputlb.c | 61 +++++++++++++++++++++++++++--------------
3 files changed, 77 insertions(+), 20 deletions(-)
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index f70f54d850..5e12cc1854 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -148,7 +148,21 @@ typedef struct CPUTLBEntryFull {
* + the offset within the target MemoryRegion (otherwise)
*/
hwaddr xlat_section;
+
+ /*
+ * @phys_addr contains the physical address in the address space
+ * given by cpu_asidx_from_attrs(cpu, @attrs).
+ */
+ hwaddr phys_addr;
+
+ /* @attrs contains the memory transaction attributes for the page. */
MemTxAttrs attrs;
+
+ /* @prot contains the complete protections for the page. */
+ uint8_t prot;
+
+ /* @lg_page_size contains the log2 of the page size. */
+ uint8_t lg_page_size;
} CPUTLBEntryFull;
/*
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e366b5c1ba..e7b54e8e5c 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -258,6 +258,28 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
uint16_t idxmap,
unsigned bits);
+/**
+ * tlb_set_page_full:
+ * @cpu: CPU context
+ * @mmu_idx: mmu index of the tlb to modify
+ * @vaddr: virtual address of the entry to add
+ * @full: the details of the tlb entry
+ *
+ * Add an entry to @cpu tlb index @mmu_idx. All of the fields of
+ * @full must be filled, except for xlat_section, and constitute
+ * the complete description of the translated page.
+ *
+ * This is generally called by the target tlb_fill function after
+ * having performed a successful page table walk to find the physical
+ * address and attributes for the translation.
+ *
+ * At most one entry for a given virtual address is permitted. Only a
+ * single TARGET_PAGE_SIZE region is mapped; @full->ld_page_size is only
+ * used by tlb_flush_page.
+ */
+void tlb_set_page_full(CPUState *cpu, int mmu_idx, target_ulong vaddr,
+ CPUTLBEntryFull *full);
+
/**
* tlb_set_page_with_attrs:
* @cpu: CPU to add this TLB entry for
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 1c59e701e6..8c95f57266 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1095,16 +1095,16 @@ static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
}
-/* Add a new TLB entry. At most one entry for a given virtual address
+/*
+ * Add a new TLB entry. At most one entry for a given virtual address
* is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
* supplied size is only used by tlb_flush_page.
*
* Called from TCG-generated code, which is under an RCU read-side
* critical section.
*/
-void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
- hwaddr paddr, MemTxAttrs attrs, int prot,
- int mmu_idx, target_ulong size)
+void tlb_set_page_full(CPUState *cpu, int mmu_idx,
+ target_ulong vaddr, CPUTLBEntryFull *full)
{
CPUArchState *env = cpu->env_ptr;
CPUTLB *tlb = env_tlb(env);
@@ -1117,35 +1117,36 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
CPUTLBEntry *te, tn;
hwaddr iotlb, xlat, sz, paddr_page;
target_ulong vaddr_page;
- int asidx = cpu_asidx_from_attrs(cpu, attrs);
- int wp_flags;
+ int asidx, wp_flags, prot;
bool is_ram, is_romd;
assert_cpu_is_self(cpu);
- if (size <= TARGET_PAGE_SIZE) {
+ if (full->lg_page_size <= TARGET_PAGE_BITS) {
sz = TARGET_PAGE_SIZE;
} else {
- tlb_add_large_page(env, mmu_idx, vaddr, size);
- sz = size;
+ sz = (hwaddr)1 << full->lg_page_size;
+ tlb_add_large_page(env, mmu_idx, vaddr, sz);
}
vaddr_page = vaddr & TARGET_PAGE_MASK;
- paddr_page = paddr & TARGET_PAGE_MASK;
+ paddr_page = full->phys_addr & TARGET_PAGE_MASK;
+ prot = full->prot;
+ asidx = cpu_asidx_from_attrs(cpu, full->attrs);
section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
- &xlat, &sz, attrs, &prot);
+ &xlat, &sz, full->attrs, &prot);
assert(sz >= TARGET_PAGE_SIZE);
tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
" prot=%x idx=%d\n",
- vaddr, paddr, prot, mmu_idx);
+ vaddr, full->phys_addr, prot, mmu_idx);
address = vaddr_page;
- if (size < TARGET_PAGE_SIZE) {
+ if (full->lg_page_size < TARGET_PAGE_BITS) {
/* Repeat the MMU check and TLB fill on every access. */
address |= TLB_INVALID_MASK;
}
- if (attrs.byte_swap) {
+ if (full->attrs.byte_swap) {
address |= TLB_BSWAP;
}
@@ -1236,8 +1237,9 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
* subtract here is that of the page base, and not the same as the
* vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
*/
+ desc->fulltlb[index] = *full;
desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
- desc->fulltlb[index].attrs = attrs;
+ desc->fulltlb[index].prot = prot;
/* Now calculate the new entry */
tn.addend = addend - vaddr_page;
@@ -1272,15 +1274,34 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
qemu_spin_unlock(&tlb->c.lock);
}
-/* Add a new TLB entry, but without specifying the memory
- * transaction attributes to be used.
- */
+void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
+ hwaddr paddr, MemTxAttrs attrs, int prot,
+ int mmu_idx, target_ulong size)
+{
+ CPUTLBEntryFull full = {
+ .phys_addr = paddr,
+ .attrs = attrs,
+ .prot = prot,
+ .lg_page_size = ctz64(size)
+ };
+
+ assert(is_power_of_2(size));
+ tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
+}
+
void tlb_set_page(CPUState *cpu, target_ulong vaddr,
hwaddr paddr, int prot,
int mmu_idx, target_ulong size)
{
- tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
- prot, mmu_idx, size);
+ CPUTLBEntryFull full = {
+ .phys_addr = paddr,
+ .attrs = MEMTXATTRS_UNSPECIFIED,
+ .prot = prot,
+ .lg_page_size = ctz64(size)
+ };
+
+ assert(is_power_of_2(size));
+ tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
}
static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 42/66] target/arm: Use tlb_set_page_full
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (40 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 41/66] accel/tcg: Introduce tlb_set_page_full Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 43/66] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA Richard Henderson
` (24 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Adjust GetPhysAddrResult to fill in CPUTLBEntryFull,
so that it may be passed directly to tlb_set_page_full.
The change is large, but mostly mechanical. The major
non-mechanical change is page_size -> lg_page_size.
Most of the time this is obvious, and is related to
TARGET_PAGE_BITS.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 5 +-
target/arm/helper.c | 12 +--
target/arm/m_helper.c | 20 ++---
target/arm/ptw.c | 181 ++++++++++++++++++++--------------------
target/arm/tlb_helper.c | 9 +-
5 files changed, 112 insertions(+), 115 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index a21a21299c..e914227e55 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1071,10 +1071,7 @@ typedef struct ARMCacheAttrs {
/* Fields that are valid upon success. */
typedef struct GetPhysAddrResult {
- hwaddr phys;
- target_ulong page_size;
- int prot;
- MemTxAttrs attrs;
+ CPUTLBEntryFull f;
ARMCacheAttrs cacheattrs;
} GetPhysAddrResult;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 55355197b8..887f613b40 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3237,8 +3237,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
/* Create a 64-bit PAR */
par64 = (1 << 11); /* LPAE bit always set */
if (!ret) {
- par64 |= res.phys & ~0xfffULL;
- if (!res.attrs.secure) {
+ par64 |= res.f.phys_addr & ~0xfffULL;
+ if (!res.f.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
@@ -3262,13 +3262,13 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
*/
if (!ret) {
/* We do not set any attribute bits in the PAR */
- if (res.page_size == (1 << 24)
+ if (res.f.lg_page_size == 24
&& arm_feature(env, ARM_FEATURE_V7)) {
- par64 = (res.phys & 0xff000000) | (1 << 1);
+ par64 = (res.f.phys_addr & 0xff000000) | (1 << 1);
} else {
- par64 = res.phys & 0xfffff000;
+ par64 = res.f.phys_addr & 0xfffff000;
}
- if (!res.attrs.secure) {
+ if (!res.f.attrs.secure) {
par64 |= (1 << 9); /* NS */
}
} else {
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index 203ba411f6..355cd4d60a 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -223,8 +223,8 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
}
goto pend_fault;
}
- address_space_stl_le(arm_addressspace(cs, res.attrs), res.phys, value,
- res.attrs, &txres);
+ address_space_stl_le(arm_addressspace(cs, res.f.attrs), res.f.phys_addr,
+ value, res.f.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to write the data */
if (mode == STACK_LAZYFP) {
@@ -298,8 +298,8 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
goto pend_fault;
}
- value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
- res.attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.f.attrs),
+ res.f.phys_addr, res.f.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
@@ -2022,8 +2022,8 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
qemu_log_mask(CPU_LOG_INT, "...really MemManage with CFSR.IACCVIOL\n");
return false;
}
- *insn = address_space_lduw_le(arm_addressspace(cs, res.attrs), res.phys,
- res.attrs, &txres);
+ *insn = address_space_lduw_le(arm_addressspace(cs, res.f.attrs),
+ res.f.phys_addr, res.f.attrs, &txres);
if (txres != MEMTX_OK) {
env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
@@ -2069,8 +2069,8 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
}
return false;
}
- value = address_space_ldl(arm_addressspace(cs, res.attrs), res.phys,
- res.attrs, &txres);
+ value = address_space_ldl(arm_addressspace(cs, res.f.attrs),
+ res.f.phys_addr, res.f.attrs, &txres);
if (txres != MEMTX_OK) {
/* BusFault trying to read the data */
qemu_log_mask(CPU_LOG_INT,
@@ -2817,8 +2817,8 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
} else {
mrvalid = true;
}
- r = res.prot & PAGE_READ;
- rw = res.prot & PAGE_WRITE;
+ r = res.f.prot & PAGE_READ;
+ rw = res.f.prot & PAGE_WRITE;
} else {
r = false;
rw = false;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fa76f98b04..dafbf71d00 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -256,7 +256,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
assert(!is_secure);
}
- addr = s2.phys;
+ addr = s2.f.phys_addr;
}
return addr;
}
@@ -476,7 +476,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* 1Mb section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
ap = (desc >> 10) & 3;
- result->page_size = 1024 * 1024;
+ result->f.lg_page_size = 20; /* 1MB */
} else {
/* Lookup l2 entry. */
if (type == 1) {
@@ -497,12 +497,12 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
- result->page_size = 0x10000;
+ result->f.lg_page_size = 16;
break;
case 2: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
ap = (desc >> (4 + ((address >> 9) & 6))) & 3;
- result->page_size = 0x1000;
+ result->f.lg_page_size = 12;
break;
case 3: /* 1k page, or ARMv6/XScale "extended small (4k) page" */
if (type == 1) {
@@ -510,7 +510,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
if (arm_feature(env, ARM_FEATURE_XSCALE)
|| arm_feature(env, ARM_FEATURE_V6)) {
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
- result->page_size = 0x1000;
+ result->f.lg_page_size = 12;
} else {
/*
* UNPREDICTABLE in ARMv5; we choose to take a
@@ -521,7 +521,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
}
} else {
phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
- result->page_size = 0x400;
+ result->f.lg_page_size = 10;
}
ap = (desc >> 4) & 3;
break;
@@ -530,14 +530,14 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
g_assert_not_reached();
}
}
- result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
- result->prot |= result->prot ? PAGE_EXEC : 0;
- if (!(result->prot & (1 << access_type))) {
+ result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->f.prot |= result->f.prot ? PAGE_EXEC : 0;
+ if (!(result->f.prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
}
- result->phys = phys_addr;
+ result->f.phys_addr = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -607,11 +607,11 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
phys_addr |= (uint64_t)extract32(desc, 20, 4) << 32;
phys_addr |= (uint64_t)extract32(desc, 5, 4) << 36;
- result->page_size = 0x1000000;
+ result->f.lg_page_size = 24; /* 16MB */
} else {
/* Section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
- result->page_size = 0x100000;
+ result->f.lg_page_size = 20; /* 1MB */
}
ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
xn = desc & (1 << 4);
@@ -636,12 +636,12 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
xn = desc & (1 << 15);
- result->page_size = 0x10000;
+ result->f.lg_page_size = 16;
break;
case 2: case 3: /* 4k page. */
phys_addr = (desc & 0xfffff000) | (address & 0xfff);
xn = desc & 1;
- result->page_size = 0x1000;
+ result->f.lg_page_size = 12;
break;
default:
/* Never happens, but compiler isn't smart enough to tell. */
@@ -649,7 +649,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
}
}
if (domain_prot == 3) {
- result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
} else {
if (pxn && !regime_is_user(env, mmu_idx)) {
xn = 1;
@@ -667,14 +667,14 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
+ result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
} else {
- result->prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
+ result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
}
- if (result->prot && !xn) {
- result->prot |= PAGE_EXEC;
+ if (result->f.prot && !xn) {
+ result->f.prot |= PAGE_EXEC;
}
- if (!(result->prot & (1 << access_type))) {
+ if (!(result->f.prot & (1 << access_type))) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
@@ -685,9 +685,9 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- result->attrs.secure = false;
+ result->f.attrs.secure = false;
}
- result->phys = phys_addr;
+ result->f.phys_addr = phys_addr;
return false;
do_fault:
fi->domain = domain;
@@ -1298,16 +1298,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
ns = mmu_idx == ARMMMUIdx_Stage2;
xn = extract32(attrs, 11, 2);
- result->prot = get_S2prot(env, ap, xn, s1_is_el0);
+ result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
ns = extract32(attrs, 3, 1);
xn = extract32(attrs, 12, 1);
pxn = extract32(attrs, 11, 1);
- result->prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
fault_type = ARMFault_Permission;
- if (!(result->prot & (1 << access_type))) {
+ if (!(result->f.prot & (1 << access_type))) {
goto do_fault;
}
@@ -1317,11 +1317,11 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* the CPU doesn't support TZ or this is a non-secure translation
* regime, because the attribute will already be non-secure.
*/
- result->attrs.secure = false;
+ result->f.attrs.secure = false;
}
/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
- arm_tlb_bti_gp(&result->attrs) = true;
+ arm_tlb_bti_gp(&result->f.attrs) = true;
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
@@ -1347,8 +1347,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
result->cacheattrs.shareability = extract32(attrs, 6, 2);
}
- result->phys = descaddr;
- result->page_size = page_size;
+ result->f.phys_addr = descaddr;
+ result->f.lg_page_size = ctz64(page_size);
return false;
do_fault:
@@ -1373,12 +1373,12 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
/* MPU disabled. */
- result->phys = address;
- result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->f.phys_addr = address;
+ result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
return false;
}
- result->phys = address;
+ result->f.phys_addr = address;
for (n = 7; n >= 0; n--) {
base = env->cp15.c6_region[n];
if ((base & 1) == 0) {
@@ -1414,16 +1414,16 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- result->prot = PAGE_READ | PAGE_WRITE;
+ result->f.prot = PAGE_READ | PAGE_WRITE;
break;
case 2:
- result->prot = PAGE_READ;
+ result->f.prot = PAGE_READ;
if (!is_user) {
- result->prot |= PAGE_WRITE;
+ result->f.prot |= PAGE_WRITE;
}
break;
case 3:
- result->prot = PAGE_READ | PAGE_WRITE;
+ result->f.prot = PAGE_READ | PAGE_WRITE;
break;
case 5:
if (is_user) {
@@ -1431,10 +1431,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- result->prot = PAGE_READ;
+ result->f.prot = PAGE_READ;
break;
case 6:
- result->prot = PAGE_READ;
+ result->f.prot = PAGE_READ;
break;
default:
/* Bad permission. */
@@ -1442,12 +1442,12 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
fi->level = 1;
return true;
}
- result->prot |= PAGE_EXEC;
+ result->f.prot |= PAGE_EXEC;
return false;
}
static void get_phys_addr_pmsav7_default(CPUARMState *env, ARMMMUIdx mmu_idx,
- int32_t address, int *prot)
+ int32_t address, uint8_t *prot)
{
if (!arm_feature(env, ARM_FEATURE_M)) {
*prot = PAGE_READ | PAGE_WRITE;
@@ -1531,9 +1531,9 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
int n;
bool is_user = regime_is_user(env, mmu_idx);
- result->phys = address;
- result->page_size = TARGET_PAGE_SIZE;
- result->prot = 0;
+ result->f.phys_addr = address;
+ result->f.lg_page_size = TARGET_PAGE_BITS;
+ result->f.prot = 0;
if (regime_translation_disabled(env, mmu_idx, secure) ||
m_is_ppb_region(env, address)) {
@@ -1545,7 +1545,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
* which always does a direct read using address_space_ldl(), rather
* than going via this function, so we don't need to check that here.
*/
- get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot);
} else { /* MPU enabled */
for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
/* region search */
@@ -1587,7 +1587,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
if (ranges_overlap(base, rmask,
address & TARGET_PAGE_MASK,
TARGET_PAGE_SIZE)) {
- result->page_size = 1;
+ result->f.lg_page_size = 0;
}
continue;
}
@@ -1625,7 +1625,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
continue;
}
if (rsize < TARGET_PAGE_BITS) {
- result->page_size = 1 << rsize;
+ result->f.lg_page_size = rsize;
}
break;
}
@@ -1636,7 +1636,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Background;
return true;
}
- get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address,
+ &result->f.prot);
} else { /* a MPU hit! */
uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);
uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
@@ -1653,16 +1654,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 5:
break; /* no access */
case 3:
- result->prot |= PAGE_WRITE;
+ result->f.prot |= PAGE_WRITE;
/* fall through */
case 2:
case 6:
- result->prot |= PAGE_READ | PAGE_EXEC;
+ result->f.prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- result->prot |= PAGE_READ | PAGE_EXEC;
+ result->f.prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1678,16 +1679,16 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
case 1:
case 2:
case 3:
- result->prot |= PAGE_WRITE;
+ result->f.prot |= PAGE_WRITE;
/* fall through */
case 5:
case 6:
- result->prot |= PAGE_READ | PAGE_EXEC;
+ result->f.prot |= PAGE_READ | PAGE_EXEC;
break;
case 7:
/* for v7M, same as 6; for R profile a reserved value */
if (arm_feature(env, ARM_FEATURE_M)) {
- result->prot |= PAGE_READ | PAGE_EXEC;
+ result->f.prot |= PAGE_READ | PAGE_EXEC;
break;
}
/* fall through */
@@ -1700,14 +1701,14 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
/* execute never */
if (xn) {
- result->prot &= ~PAGE_EXEC;
+ result->f.prot &= ~PAGE_EXEC;
}
}
}
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(result->prot & (1 << access_type));
+ return !(result->f.prot & (1 << access_type));
}
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
@@ -1732,9 +1733,9 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
uint32_t addr_page_base = address & TARGET_PAGE_MASK;
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
- result->page_size = TARGET_PAGE_SIZE;
- result->phys = address;
- result->prot = 0;
+ result->f.lg_page_size = TARGET_PAGE_BITS;
+ result->f.phys_addr = address;
+ result->f.prot = 0;
if (mregion) {
*mregion = -1;
}
@@ -1784,13 +1785,13 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
ranges_overlap(base, limit - base + 1,
addr_page_base,
TARGET_PAGE_SIZE)) {
- result->page_size = 1;
+ result->f.lg_page_size = 0;
}
continue;
}
if (base > addr_page_base || limit < addr_page_limit) {
- result->page_size = 1;
+ result->f.lg_page_size = 0;
}
if (matchregion != -1) {
@@ -1816,7 +1817,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
if (matchregion == -1) {
/* hit using the background region */
- get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->prot);
+ get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot);
} else {
uint32_t ap = extract32(env->pmsav8.rbar[secure][matchregion], 1, 2);
uint32_t xn = extract32(env->pmsav8.rbar[secure][matchregion], 0, 1);
@@ -1831,9 +1832,9 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
xn = 1;
}
- result->prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
- if (result->prot && !xn && !(pxn && !is_user)) {
- result->prot |= PAGE_EXEC;
+ result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
+ if (result->f.prot && !xn && !(pxn && !is_user)) {
+ result->f.prot |= PAGE_EXEC;
}
/*
* We don't need to look the attribute up in the MAIR0/MAIR1
@@ -1846,7 +1847,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(result->prot & (1 << access_type));
+ return !(result->f.prot & (1 << access_type));
}
static bool v8m_is_sau_exempt(CPUARMState *env,
@@ -2010,9 +2011,9 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
} else {
fi->type = ARMFault_QEMU_SFault;
}
- result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- result->phys = address;
- result->prot = 0;
+ result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS;
+ result->f.phys_addr = address;
+ result->f.prot = 0;
return true;
}
} else {
@@ -2022,7 +2023,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* might downgrade a secure access to nonsecure.
*/
if (sattrs.ns) {
- result->attrs.secure = false;
+ result->f.attrs.secure = false;
} else if (!secure) {
/*
* NS access to S memory must fault.
@@ -2035,9 +2036,9 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
*/
fi->type = ARMFault_QEMU_SFault;
- result->page_size = sattrs.subpage ? 1 : TARGET_PAGE_SIZE;
- result->phys = address;
- result->prot = 0;
+ result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS;
+ result->f.phys_addr = address;
+ result->f.prot = 0;
return true;
}
}
@@ -2046,7 +2047,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure,
result, fi, NULL);
if (sattrs.subpage) {
- result->page_size = 1;
+ result->f.lg_page_size = 0;
}
return ret;
}
@@ -2353,9 +2354,9 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
break;
}
- result->phys = address;
- result->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
- result->page_size = TARGET_PAGE_SIZE;
+ result->f.phys_addr = address;
+ result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ result->f.lg_page_size = TARGET_PAGE_BITS;
result->cacheattrs.is_s2_format = false;
result->cacheattrs.shareability = shareability;
result->cacheattrs.attrs = memattr;
@@ -2416,10 +2417,10 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
return ret;
}
- ipa = result->phys;
+ ipa = result->f.phys_addr;
if (is_secure) {
/* Select TCR based on the NS bit from the S1 walk. */
- ipa_secure = !(result->attrs.secure
+ ipa_secure = !(result->f.attrs.secure
? env->cp15.vstcr_el2 & VSTCR_SW
: env->cp15.vtcr_el2 & VTCR_NSW);
} else {
@@ -2434,7 +2435,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
* Save the stage1 results so that we may merge
* prot and cacheattrs later.
*/
- s1_prot = result->prot;
+ s1_prot = result->f.prot;
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
@@ -2443,7 +2444,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
- result->prot &= s1_prot;
+ result->f.prot &= s1_prot;
/* If S2 fails, return early. */
if (ret) {
@@ -2471,10 +2472,10 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
/* Check if IPA translates to secure or non-secure PA space. */
if (is_secure) {
if (ipa_secure) {
- result->attrs.secure =
+ result->f.attrs.secure =
!(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
} else {
- result->attrs.secure =
+ result->f.attrs.secure =
!((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
|| (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
}
@@ -2493,8 +2494,8 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
* cannot upgrade an non-secure translation regime's attributes
* to secure.
*/
- result->attrs.secure = is_secure;
- result->attrs.user = regime_is_user(env, mmu_idx);
+ result->f.attrs.secure = is_secure;
+ result->f.attrs.user = regime_is_user(env, mmu_idx);
/*
* Fast Context Switch Extension. This doesn't exist at all in v8.
@@ -2511,7 +2512,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_PMSA)) {
bool ret;
- result->page_size = TARGET_PAGE_SIZE;
+ result->f.lg_page_size = TARGET_PAGE_BITS;
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
@@ -2532,9 +2533,9 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
(access_type == MMU_DATA_STORE ? "writing" : "execute"),
(uint32_t)address, mmu_idx,
ret ? "Miss" : "Hit",
- result->prot & PAGE_READ ? 'r' : '-',
- result->prot & PAGE_WRITE ? 'w' : '-',
- result->prot & PAGE_EXEC ? 'x' : '-');
+ result->f.prot & PAGE_READ ? 'r' : '-',
+ result->f.prot & PAGE_WRITE ? 'w' : '-',
+ result->f.prot & PAGE_EXEC ? 'x' : '-');
return ret;
}
@@ -2609,10 +2610,10 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
bool ret;
ret = get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &res, &fi);
- *attrs = res.attrs;
+ *attrs = res.f.attrs;
if (ret) {
return -1;
}
- return res.phys;
+ return res.f.phys_addr;
}
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index ad225b1cb2..49601394ec 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -227,17 +227,16 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
* target page size are handled specially, so for those we
* pass in the exact addresses.
*/
- if (res.page_size >= TARGET_PAGE_SIZE) {
- res.phys &= TARGET_PAGE_MASK;
+ if (res.f.lg_page_size >= TARGET_PAGE_BITS) {
+ res.f.phys_addr &= TARGET_PAGE_MASK;
address &= TARGET_PAGE_MASK;
}
/* Notice and record tagged memory. */
if (cpu_isar_feature(aa64_mte, cpu) && res.cacheattrs.attrs == 0xf0) {
- arm_tlb_mte_tagged(&res.attrs) = true;
+ arm_tlb_mte_tagged(&res.f.attrs) = true;
}
- tlb_set_page_with_attrs(cs, address, res.phys, res.attrs,
- res.prot, mmu_idx, res.page_size);
+ tlb_set_page_full(cs, mmu_idx, address, &res.f);
return true;
} else if (probe) {
return false;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 43/66] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (41 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 42/66] target/arm: Use tlb_set_page_full Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 44/66] target/arm: Enable TARGET_PAGE_ENTRY_EXTRA Richard Henderson
` (23 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Allow the target to cache items from the guest page tables.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/cpu-defs.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 5e12cc1854..67239b4e5e 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -163,6 +163,15 @@ typedef struct CPUTLBEntryFull {
/* @lg_page_size contains the log2 of the page size. */
uint8_t lg_page_size;
+
+ /*
+ * Allow target-specific additions to this structure.
+ * This may be used to cache items from the guest cpu
+ * page tables for later use by the implementation.
+ */
+#ifdef TARGET_PAGE_ENTRY_EXTRA
+ TARGET_PAGE_ENTRY_EXTRA
+#endif
} CPUTLBEntryFull;
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 44/66] target/arm: Enable TARGET_PAGE_ENTRY_EXTRA
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (42 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 43/66] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 45/66] target/arm: Use probe_access_full for MTE Richard Henderson
` (22 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Copy attrs and sharability, into the TLB. This will eventually
be used by S1_ptw_translate to report stage1 translation failures,
and by do_ats_write to fill in PAR_EL1.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 8 ++++++++
target/arm/tlb_helper.c | 3 +++
2 files changed, 11 insertions(+)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 08681828ac..118ca0e5c0 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -30,6 +30,14 @@
*/
# define TARGET_PAGE_BITS_VARY
# define TARGET_PAGE_BITS_MIN 10
+
+/*
+ * Cache the attrs and sharability fields from the page table entry.
+ */
+# define TARGET_PAGE_ENTRY_EXTRA \
+ uint8_t pte_attrs; \
+ uint8_t shareability;
+
#endif
#define NB_MMU_MODES 8
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 49601394ec..353edbeb1d 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -236,6 +236,9 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
arm_tlb_mte_tagged(&res.f.attrs) = true;
}
+ res.f.pte_attrs = res.cacheattrs.attrs;
+ res.f.shareability = res.cacheattrs.shareability;
+
tlb_set_page_full(cs, mmu_idx, address, &res.f);
return true;
} else if (probe) {
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 45/66] target/arm: Use probe_access_full for MTE
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (43 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 44/66] target/arm: Enable TARGET_PAGE_ENTRY_EXTRA Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 46/66] target/arm: Use probe_access_full for BTI Richard Henderson
` (21 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The CPUTLBEntryFull structure now stores the original pte attributes, as
well as the physical address. Therefore, we no longer need a separate
bit in MemTxAttrs, nor do we need to walk the tree of memory regions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 1 -
target/arm/sve_ldst_internal.h | 1 +
target/arm/mte_helper.c | 61 +++++++++-------------------------
target/arm/sve_helper.c | 54 ++++++++++--------------------
target/arm/tlb_helper.c | 4 ---
5 files changed, 35 insertions(+), 86 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a08e546de4..8230a0b141 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3388,7 +3388,6 @@ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
* generic target bits directly.
*/
#define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
-#define arm_tlb_mte_tagged(x) (typecheck_memtxattrs(x)->target_tlb_bit1)
/*
* AArch64 usage of the PAGE_TARGET_* bits for linux-user.
diff --git a/target/arm/sve_ldst_internal.h b/target/arm/sve_ldst_internal.h
index b5c473fc48..4f159ec4ad 100644
--- a/target/arm/sve_ldst_internal.h
+++ b/target/arm/sve_ldst_internal.h
@@ -134,6 +134,7 @@ typedef struct {
void *host;
int flags;
MemTxAttrs attrs;
+ bool tagged;
} SVEHostPage;
bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index fdd23ab3f8..a81c4a3318 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -105,10 +105,9 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
TARGET_PAGE_BITS - LOG2_TAG_GRANULE - 1);
return tags + index;
#else
- uintptr_t index;
CPUTLBEntryFull *full;
+ MemTxAttrs attrs;
int in_page, flags;
- ram_addr_t ptr_ra;
hwaddr ptr_paddr, tag_paddr, xlat;
MemoryRegion *mr;
ARMASIdx tag_asi;
@@ -124,30 +123,12 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
* valid. Indicate to probe_access_flags no-fault, then assert that
* we received a valid page.
*/
- flags = probe_access_flags(env, ptr, ptr_access, ptr_mmu_idx,
- ra == 0, &host, ra);
+ flags = probe_access_full(env, ptr, ptr_access, ptr_mmu_idx,
+ ra == 0, &host, &full, ra);
assert(!(flags & TLB_INVALID_MASK));
- /*
- * Find the CPUTLBEntryFull for ptr. This *must* be present in the TLB
- * because we just found the mapping.
- * TODO: Perhaps there should be a cputlb helper that returns a
- * matching tlb entry + iotlb entry.
- */
- index = tlb_index(env, ptr_mmu_idx, ptr);
-# ifdef CONFIG_DEBUG_TCG
- {
- CPUTLBEntry *entry = tlb_entry(env, ptr_mmu_idx, ptr);
- target_ulong comparator = (ptr_access == MMU_DATA_LOAD
- ? entry->addr_read
- : tlb_addr_write(entry));
- g_assert(tlb_hit(comparator, ptr));
- }
-# endif
- full = &env_tlb(env)->d[ptr_mmu_idx].fulltlb[index];
-
/* If the virtual page MemAttr != Tagged, access unchecked. */
- if (!arm_tlb_mte_tagged(&full->attrs)) {
+ if (full->pte_attrs != 0xf0) {
return NULL;
}
@@ -162,6 +143,13 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
return NULL;
}
+ /*
+ * Remember these values across the second lookup below,
+ * which may invalidate this pointer via tlb resize.
+ */
+ ptr_paddr = full->phys_addr;
+ attrs = full->attrs;
+
/*
* The Normal memory access can extend to the next page. E.g. a single
* 8-byte access to the last byte of a page will check only the last
@@ -170,9 +158,8 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
*/
in_page = -(ptr | TARGET_PAGE_MASK);
if (unlikely(ptr_size > in_page)) {
- void *ignore;
- flags |= probe_access_flags(env, ptr + in_page, ptr_access,
- ptr_mmu_idx, ra == 0, &ignore, ra);
+ flags |= probe_access_full(env, ptr + in_page, ptr_access,
+ ptr_mmu_idx, ra == 0, &host, &full, ra);
assert(!(flags & TLB_INVALID_MASK));
}
@@ -180,33 +167,17 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
if (unlikely(flags & TLB_WATCHPOINT)) {
int wp = ptr_access == MMU_DATA_LOAD ? BP_MEM_READ : BP_MEM_WRITE;
assert(ra != 0);
- cpu_check_watchpoint(env_cpu(env), ptr, ptr_size,
- full->attrs, wp, ra);
+ cpu_check_watchpoint(env_cpu(env), ptr, ptr_size, attrs, wp, ra);
}
- /*
- * Find the physical address within the normal mem space.
- * The memory region lookup must succeed because TLB_MMIO was
- * not set in the cputlb lookup above.
- */
- mr = memory_region_from_host(host, &ptr_ra);
- tcg_debug_assert(mr != NULL);
- tcg_debug_assert(memory_region_is_ram(mr));
- ptr_paddr = ptr_ra;
- do {
- ptr_paddr += mr->addr;
- mr = mr->container;
- } while (mr);
-
/* Convert to the physical address in tag space. */
tag_paddr = ptr_paddr >> (LOG2_TAG_GRANULE + 1);
/* Look up the address in tag space. */
- tag_asi = full->attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
+ tag_asi = attrs.secure ? ARMASIdx_TagS : ARMASIdx_TagNS;
tag_as = cpu_get_address_space(env_cpu(env), tag_asi);
mr = address_space_translate(tag_as, tag_paddr, &xlat, NULL,
- tag_access == MMU_DATA_STORE,
- full->attrs);
+ tag_access == MMU_DATA_STORE, attrs);
/*
* Note that @mr will never be NULL. If there is nothing in the address
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 9cae8fd352..3d0d2987cd 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5351,8 +5351,19 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
*/
addr = useronly_clean_ptr(addr);
+#ifdef CONFIG_USER_ONLY
flags = probe_access_flags(env, addr, access_type, mmu_idx, nofault,
&info->host, retaddr);
+ memset(&info->attrs, 0, sizeof(info->attrs));
+ /* Require both ANON and MTE; see allocation_tag_mem(). */
+ info->tagged = (flags & PAGE_ANON) && (flags & PAGE_MTE);
+#else
+ CPUTLBEntryFull *full;
+ flags = probe_access_full(env, addr, access_type, mmu_idx, nofault,
+ &info->host, &full, retaddr);
+ info->attrs = full->attrs;
+ info->tagged = full->pte_attrs == 0xf0;
+#endif
info->flags = flags;
if (flags & TLB_INVALID_MASK) {
@@ -5362,33 +5373,6 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
/* Ensure that info->host[] is relative to addr, not addr + mem_off. */
info->host -= mem_off;
-
-#ifdef CONFIG_USER_ONLY
- memset(&info->attrs, 0, sizeof(info->attrs));
- /* Require both MAP_ANON and PROT_MTE -- see allocation_tag_mem. */
- arm_tlb_mte_tagged(&info->attrs) =
- (flags & PAGE_ANON) && (flags & PAGE_MTE);
-#else
- /*
- * Find the iotlbentry for addr and return the transaction attributes.
- * This *must* be present in the TLB because we just found the mapping.
- */
- {
- uintptr_t index = tlb_index(env, mmu_idx, addr);
-
-# ifdef CONFIG_DEBUG_TCG
- CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
- target_ulong comparator = (access_type == MMU_DATA_LOAD
- ? entry->addr_read
- : tlb_addr_write(entry));
- g_assert(tlb_hit(comparator, addr));
-# endif
-
- CPUTLBEntryFull *full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
- info->attrs = full->attrs;
- }
-#endif
-
return true;
}
@@ -5617,7 +5601,7 @@ void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
intptr_t mem_off, reg_off, reg_last;
/* Process the page only if MemAttr == Tagged. */
- if (arm_tlb_mte_tagged(&info->page[0].attrs)) {
+ if (info->page[0].tagged) {
mem_off = info->mem_off_first[0];
reg_off = info->reg_off_first[0];
reg_last = info->reg_off_split;
@@ -5638,7 +5622,7 @@ void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
}
mem_off = info->mem_off_first[1];
- if (mem_off >= 0 && arm_tlb_mte_tagged(&info->page[1].attrs)) {
+ if (mem_off >= 0 && info->page[1].tagged) {
reg_off = info->reg_off_first[1];
reg_last = info->reg_off_last[1];
@@ -6017,7 +6001,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
* Disable MTE checking if the Tagged bit is not set. Since TBI must
* be set within MTEDESC for MTE, !mtedesc => !mte_active.
*/
- if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
+ if (!info.page[0].tagged) {
mtedesc = 0;
}
@@ -6568,7 +6552,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
cpu_check_watchpoint(env_cpu(env), addr, msize,
info.attrs, BP_MEM_READ, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
if (unlikely(info.flags & TLB_MMIO)) {
@@ -6585,7 +6569,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
msize, info.attrs,
BP_MEM_READ, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
tlb_fn(env, &scratch, reg_off, addr, retaddr);
@@ -6786,9 +6770,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
(env_cpu(env), addr, msize) & BP_MEM_READ)) {
goto fault;
}
- if (mtedesc &&
- arm_tlb_mte_tagged(&info.attrs) &&
- !mte_probe(env, mtedesc, addr)) {
+ if (mtedesc && info.tagged && !mte_probe(env, mtedesc, addr)) {
goto fault;
}
@@ -6974,7 +6956,7 @@ void sve_st1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
info.attrs, BP_MEM_WRITE, retaddr);
}
- if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
+ if (mtedesc && info.tagged) {
mte_check(env, mtedesc, addr, retaddr);
}
}
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 353edbeb1d..3462a6ea14 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -231,10 +231,6 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
res.f.phys_addr &= TARGET_PAGE_MASK;
address &= TARGET_PAGE_MASK;
}
- /* Notice and record tagged memory. */
- if (cpu_isar_feature(aa64_mte, cpu) && res.cacheattrs.attrs == 0xf0) {
- arm_tlb_mte_tagged(&res.f.attrs) = true;
- }
res.f.pte_attrs = res.cacheattrs.attrs;
res.f.shareability = res.cacheattrs.shareability;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 46/66] target/arm: Use probe_access_full for BTI
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (44 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 45/66] target/arm: Use probe_access_full for MTE Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 47/66] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
` (20 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Add a field to TARGET_PAGE_ENTRY_EXTRA to hold the guarded bit.
In is_guarded_page, use probe_access_full instead of just guessing
that the tlb entry is still present. Also handles the FIXME about
executing from device memory.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 8 ++++----
target/arm/cpu.h | 13 -------------
target/arm/internals.h | 1 +
target/arm/ptw.c | 7 ++++---
target/arm/translate-a64.c | 22 ++++++++--------------
5 files changed, 17 insertions(+), 34 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 118ca0e5c0..689a9645dc 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -32,12 +32,12 @@
# define TARGET_PAGE_BITS_MIN 10
/*
- * Cache the attrs and sharability fields from the page table entry.
+ * Cache the attrs, sharability, and gp fields from the page table entry.
*/
# define TARGET_PAGE_ENTRY_EXTRA \
- uint8_t pte_attrs; \
- uint8_t shareability;
-
+ uint8_t pte_attrs; \
+ uint8_t shareability; \
+ bool guarded;
#endif
#define NB_MMU_MODES 8
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8230a0b141..f48dcadad6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3376,19 +3376,6 @@ static inline uint64_t *aa64_vfp_qreg(CPUARMState *env, unsigned regno)
/* Shared between translate-sve.c and sve_helper.c. */
extern const uint64_t pred_esz_masks[5];
-/* Helper for the macros below, validating the argument type. */
-static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
-{
- return x;
-}
-
-/*
- * Lvalue macros for ARM TLB bits that we must cache in the TCG TLB.
- * Using these should be a bit more self-documenting than using the
- * generic target bits directly.
- */
-#define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
-
/*
* AArch64 usage of the PAGE_TARGET_* bits for linux-user.
* Note that with the Linux kernel, PROT_MTE may not be cleared by mprotect
diff --git a/target/arm/internals.h b/target/arm/internals.h
index e914227e55..bab3e89227 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1067,6 +1067,7 @@ typedef struct ARMCacheAttrs {
unsigned int attrs:8;
unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */
bool is_s2_format:1;
+ bool guarded:1; /* guarded bit of the v8-64 PTE */
} ARMCacheAttrs;
/* Fields that are valid upon success. */
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index dafbf71d00..69c22c039b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1319,9 +1319,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
*/
result->f.attrs.secure = false;
}
- /* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB. */
- if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
- arm_tlb_bti_gp(&result->f.attrs) = true;
+
+ /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+ if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+ result->f.guarded = guarded;
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 305044a141..afabd77694 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14611,22 +14611,16 @@ static bool is_guarded_page(CPUARMState *env, DisasContext *s)
#ifdef CONFIG_USER_ONLY
return page_get_flags(addr) & PAGE_BTI;
#else
+ CPUTLBEntryFull *full;
+ void *host;
int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
- unsigned int index = tlb_index(env, mmu_idx, addr);
- CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+ int flags;
- /*
- * We test this immediately after reading an insn, which means
- * that any normal page must be in the TLB. The only exception
- * would be for executing from flash or device memory, which
- * does not retain the TLB entry.
- *
- * FIXME: Assume false for those, for now. We could use
- * arm_cpu_get_phys_page_attrs_debug to re-read the page
- * table entry even for that case.
- */
- return (tlb_hit(entry->addr_code, addr) &&
- arm_tlb_bti_gp(&env_tlb(env)->d[mmu_idx].fulltlb[index].attrs));
+ flags = probe_access_full(env, addr, MMU_INST_FETCH, mmu_idx,
+ false, &host, &full, 0);
+ assert(!(flags & TLB_INVALID_MASK));
+
+ return full->guarded;
#endif
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 47/66] include/exec: Remove target_tlb_bitN from MemTxAttrs
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (45 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 46/66] target/arm: Use probe_access_full for BTI Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 48/66] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
` (19 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We have now moved all uses to PageEntryExtra.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/memattrs.h | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index 9fb98bc1ef..1bd7b6c5ca 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -47,16 +47,6 @@ typedef struct MemTxAttrs {
unsigned int requester_id:16;
/* Invert endianness for this page */
unsigned int byte_swap:1;
- /*
- * The following are target-specific page-table bits. These are not
- * related to actual memory transactions at all. However, this structure
- * is part of the tlb_fill interface, cached in the cputlb structure,
- * and has unused bits. These fields will be read by target-specific
- * helpers using env->iotlb[mmu_idx][tlb_index()].attrs.target_tlb_bitN.
- */
- unsigned int target_tlb_bit0 : 1;
- unsigned int target_tlb_bit1 : 1;
- unsigned int target_tlb_bit2 : 1;
} MemTxAttrs;
/* Bus masters which don't specify any attributes will get this,
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 48/66] target/arm: Add ARMMMUIdx_Phys_{S,NS}
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (46 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 47/66] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 49/66] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
` (18 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Not yet used, but add mmu indexes for 1-1 mapping
to physical addresses.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 4 ++++
target/arm/ptw.c | 9 +++++++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 689a9645dc..98bd9e435e 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -40,6 +40,6 @@
bool guarded;
#endif
-#define NB_MMU_MODES 8
+#define NB_MMU_MODES 10
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index f48dcadad6..76391dc47d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2959,6 +2959,10 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
+ /* TLBs with 1-1 mapping to the physical address spaces. */
+ ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
+
/*
* These are not allocated TLBs and are used only for AT system
* instructions or for the first stage of an S12 page table walk.
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 69c22c039b..e409c8034f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -179,6 +179,11 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_E3:
break;
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_S:
+ /* No translation for physical address spaces. */
+ return true;
+
default:
g_assert_not_reached();
}
@@ -2289,6 +2294,8 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_Phys_NS:
+ case ARMMMUIdx_Phys_S:
memattr = 0x00; /* unused, but Device, nGnRnE */
shareability = 0; /* unused, but non-shareable */
break;
@@ -2579,6 +2586,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
is_secure = arm_is_secure_below_el3(env);
break;
case ARMMMUIdx_Stage2:
+ case ARMMMUIdx_Phys_NS:
case ARMMMUIdx_MPrivNegPri:
case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
@@ -2587,6 +2595,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
break;
case ARMMMUIdx_E3:
case ARMMMUIdx_Stage2_S:
+ case ARMMMUIdx_Phys_S:
case ARMMMUIdx_MSPrivNegPri:
case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 49/66] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (47 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 48/66] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 50/66] target/arm: Use softmmu tlbs for page table walking Richard Henderson
` (17 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We had been marking this ARM_MMU_IDX_NOTLB, move it to a real tlb.
Flush the tlb when invalidating stage 1+2 translations.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu-param.h | 2 +-
target/arm/cpu.h | 20 +++++++++++---------
target/arm/helper.c | 4 +++-
3 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 98bd9e435e..283618f601 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -40,6 +40,6 @@
bool guarded;
#endif
-#define NB_MMU_MODES 10
+#define NB_MMU_MODES 12
#endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 76391dc47d..4ab0cac8b6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2963,6 +2963,15 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
+ /*
+ * Used for second stage of an S12 page table walk, or for descriptor
+ * loads during first stage of an S1 page table walk. Note that both
+ * are in use simultaneously for SecureEL2: the security state for
+ * the S2 ptw is selected by the NS bit from the S1 ptw.
+ */
+ ARMMMUIdx_Stage2 = 10 | ARM_MMU_IDX_A,
+ ARMMMUIdx_Stage2_S = 11 | ARM_MMU_IDX_A,
+
/*
* These are not allocated TLBs and are used only for AT system
* instructions or for the first stage of an S12 page table walk.
@@ -2970,15 +2979,6 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
- /*
- * Not allocated a TLB: used only for second stage of an S12 page
- * table walk, or for descriptor loads during first stage of an S1
- * page table walk. Note that if we ever want to have a TLB for this
- * then various TLB flush insns which currently are no-ops or flush
- * only stage 1 MMU indexes will need to change to flush stage 2.
- */
- ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB,
- ARMMMUIdx_Stage2_S = 4 | ARM_MMU_IDX_NOTLB,
/*
* M-profile.
@@ -3009,6 +3009,8 @@ typedef enum ARMMMUIdxBit {
TO_CORE_BIT(E20_2),
TO_CORE_BIT(E20_2_PAN),
TO_CORE_BIT(E3),
+ TO_CORE_BIT(Stage2),
+ TO_CORE_BIT(Stage2_S),
TO_CORE_BIT(MUser),
TO_CORE_BIT(MPriv),
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 887f613b40..765638f002 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4236,7 +4236,9 @@ static int alle1_tlbmask(CPUARMState *env)
*/
return (ARMMMUIdxBit_E10_1 |
ARMMMUIdxBit_E10_1_PAN |
- ARMMMUIdxBit_E10_0);
+ ARMMMUIdxBit_E10_0 |
+ ARMMMUIdxBit_Stage2 |
+ ARMMMUIdxBit_Stage2_S);
}
static int e2_tlbmask(CPUARMState *env)
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 50/66] target/arm: Use softmmu tlbs for page table walking
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (48 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 49/66] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 51/66] target/arm: Hoist check for disabled stage2 translation Richard Henderson
` (16 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
So far, limit the change to S1_ptw_translate, arm_ldl_ptw, and
arm_ldq_ptw. Use probe_access_full to find the host address,
and if so use a host load. If the probe fails, we've got our
fault info already. On the off chance that page tables are not
in RAM, continue to use the address_space_ld* functions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 5 +
target/arm/ptw.c | 205 +++++++++++++++++++++++-----------------
target/arm/tlb_helper.c | 17 +++-
3 files changed, 138 insertions(+), 89 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4ab0cac8b6..8fb4baf604 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -225,6 +225,8 @@ typedef struct CPUARMTBFlags {
target_ulong flags2;
} CPUARMTBFlags;
+typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
+
typedef struct CPUArchState {
/* Regs for current mode. */
uint32_t regs[16];
@@ -715,6 +717,9 @@ typedef struct CPUArchState {
struct CPUBreakpoint *cpu_breakpoint[16];
struct CPUWatchpoint *cpu_watchpoint[16];
+ /* Optional fault info across tlb lookup. */
+ ARMMMUFaultInfo *tlb_fi;
+
/* Fields up to this point are cleared by a CPU reset */
struct {} end_reset_fields;
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e409c8034f..628c046cab 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -9,6 +9,7 @@
#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qemu/range.h"
+#include "exec/exec-all.h"
#include "cpu.h"
#include "internals.h"
#include "idau.h"
@@ -191,52 +192,57 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
-static bool ptw_attrs_are_device(uint64_t hcr, ARMCacheAttrs cacheattrs)
-{
- /*
- * For an S1 page table walk, the stage 1 attributes are always
- * some form of "this is Normal memory". The combined S1+S2
- * attributes are therefore only Device if stage 2 specifies Device.
- * With HCR_EL2.FWB == 0 this is when descriptor bits [5:4] are 0b00,
- * ie when cacheattrs.attrs bits [3:2] are 0b00.
- * With HCR_EL2.FWB == 1 this is when descriptor bit [4] is 0, ie
- * when cacheattrs.attrs bit [2] is 0.
- */
- assert(cacheattrs.is_s2_format);
- if (hcr & HCR_FWB) {
- return (cacheattrs.attrs & 0x4) == 0;
- } else {
- return (cacheattrs.attrs & 0xc) == 0;
- }
-}
-
/* Translate a S1 pagetable walk through S2 if needed. */
-static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
- hwaddr addr, bool *is_secure_ptr,
- ARMMMUFaultInfo *fi)
+static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
+ bool *is_secure_ptr, void **hphys, hwaddr *gphys,
+ ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ CPUTLBEntryFull *full;
+ int flags;
- if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
- !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
- GetPhysAddrResult s2 = {};
- uint64_t hcr;
- int ret;
+ if (!arm_mmu_idx_is_stage1_of_2(mmu_idx)
+ || regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
+ s2_mmu_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ }
- ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx,
- is_secure, false, &s2, fi);
- if (ret) {
- assert(fi->type != ARMFault_None);
- fi->s2addr = addr;
- fi->stage2 = true;
- fi->s1ptw = true;
- fi->s1ns = !is_secure;
- return ~0;
+ env->tlb_fi = fi;
+ flags = probe_access_full(env, addr, MMU_DATA_LOAD,
+ arm_to_core_mmu_idx(s2_mmu_idx),
+ true, hphys, &full, 0);
+ env->tlb_fi = NULL;
+
+ if (unlikely(flags & TLB_INVALID_MASK)) {
+ assert(fi->type != ARMFault_None);
+ fi->s2addr = addr;
+ fi->stage2 = true;
+ fi->s1ptw = true;
+ fi->s1ns = !is_secure;
+ return false;
+ }
+
+ if (s2_mmu_idx == ARMMMUIdx_Stage2 || s2_mmu_idx == ARMMMUIdx_Stage2_S) {
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint8_t s2attrs = full->pte_attrs;
+ bool is_device;
+
+ /*
+ * For an S1 page table walk, the stage 1 attributes are always
+ * some form of "this is Normal memory". The combined S1+S2
+ * attributes are therefore only Device if stage 2 specifies Device.
+ * With HCR_EL2.FWB == 0 this is when descriptor bits [5:4] are 0b00,
+ * ie when s2attrs bits [3:2] are 0b00.
+ * With HCR_EL2.FWB == 1 this is when descriptor bit [4] is 0, ie
+ * when s2attrs bit [2] is 0.
+ */
+ if (hcr & HCR_FWB) {
+ is_device = (s2attrs & 0x4) == 0;
+ } else {
+ is_device = (s2attrs & 0xc) == 0;
}
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
+ if ((hcr & HCR_PTW) && is_device) {
/*
* PTW set and S1 walk touched S2 Device memory:
* generate Permission fault.
@@ -246,24 +252,19 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
fi->stage2 = true;
fi->s1ptw = true;
fi->s1ns = !is_secure;
- return ~0;
+ return false;
}
-
- if (arm_is_secure_below_el3(env)) {
- /* Check if page table walk is to secure or non-secure PA space. */
- if (is_secure) {
- is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
- } else {
- is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
- }
- *is_secure_ptr = is_secure;
- } else {
- assert(!is_secure);
- }
-
- addr = s2.f.phys_addr;
}
- return addr;
+
+ if (is_secure) {
+ /* Check if page table walk is to secure or non-secure PA space. */
+ *is_secure_ptr = !(full->attrs.secure
+ ? env->cp15.vstcr_el2 & VSTCR_SW
+ : env->cp15.vtcr_el2 & VTCR_NSW);
+ }
+
+ *gphys = full->phys_addr;
+ return true;
}
/* All loads done in the course of a page table walk go through here. */
@@ -271,56 +272,88 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- MemTxAttrs attrs = {};
- MemTxResult result = MEMTX_OK;
- AddressSpace *as;
+ void *hphys;
+ hwaddr gphys;
uint32_t data;
+ bool be;
- addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi);
- attrs.secure = is_secure;
- as = arm_addressspace(cs, attrs);
- if (fi->s1ptw) {
+ if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ &hphys, &gphys, fi)) {
+ /* Failure. */
+ assert(fi->s1ptw);
return 0;
}
- if (regime_translation_big_endian(env, mmu_idx)) {
- data = address_space_ldl_be(as, addr, attrs, &result);
+
+ be = regime_translation_big_endian(env, mmu_idx);
+ if (likely(hphys)) {
+ /* Page tables are in RAM, and we have the host address. */
+ if (be) {
+ data = ldl_be_p(hphys);
+ } else {
+ data = ldl_le_p(hphys);
+ }
} else {
- data = address_space_ldl_le(as, addr, attrs, &result);
+ /* Page tables are in MMIO. */
+ MemTxAttrs attrs = { .secure = is_secure };
+ AddressSpace *as = arm_addressspace(cs, attrs);
+ MemTxResult result = MEMTX_OK;
+
+ if (be) {
+ data = address_space_ldl_be(as, gphys, attrs, &result);
+ } else {
+ data = address_space_ldl_le(as, gphys, attrs, &result);
+ }
+ if (unlikely(result != MEMTX_OK)) {
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
+ }
}
- if (result == MEMTX_OK) {
- return data;
- }
- fi->type = ARMFault_SyncExternalOnWalk;
- fi->ea = arm_extabort_type(result);
- return 0;
+ return data;
}
static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- MemTxAttrs attrs = {};
- MemTxResult result = MEMTX_OK;
- AddressSpace *as;
+ void *hphys;
+ hwaddr gphys;
uint64_t data;
+ bool be;
- addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi);
- attrs.secure = is_secure;
- as = arm_addressspace(cs, attrs);
- if (fi->s1ptw) {
+ if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ &hphys, &gphys, fi)) {
+ /* Failure. */
+ assert(fi->s1ptw);
return 0;
}
- if (regime_translation_big_endian(env, mmu_idx)) {
- data = address_space_ldq_be(as, addr, attrs, &result);
+
+ be = regime_translation_big_endian(env, mmu_idx);
+ if (likely(hphys)) {
+ /* Page tables are in RAM, and we have the host address. */
+ if (be) {
+ data = ldq_be_p(hphys);
+ } else {
+ data = ldq_le_p(hphys);
+ }
} else {
- data = address_space_ldq_le(as, addr, attrs, &result);
+ /* Page tables are in MMIO. */
+ MemTxAttrs attrs = { .secure = is_secure };
+ AddressSpace *as = arm_addressspace(cs, attrs);
+ MemTxResult result = MEMTX_OK;
+
+ if (be) {
+ data = address_space_ldq_be(as, gphys, attrs, &result);
+ } else {
+ data = address_space_ldq_le(as, gphys, attrs, &result);
+ }
+ if (unlikely(result != MEMTX_OK)) {
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
+ }
}
- if (result == MEMTX_OK) {
- return data;
- }
- fi->type = ARMFault_SyncExternalOnWalk;
- fi->ea = arm_extabort_type(result);
- return 0;
+ return data;
}
static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 3462a6ea14..69b0dc69df 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -208,10 +208,21 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
bool probe, uintptr_t retaddr)
{
ARMCPU *cpu = ARM_CPU(cs);
- ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
+ ARMMMUFaultInfo local_fi, *fi;
int ret;
+ /*
+ * Allow S1_ptw_translate to see any fault generated here.
+ * Since this may recurse, read and clear.
+ */
+ fi = cpu->env.tlb_fi;
+ if (fi) {
+ cpu->env.tlb_fi = NULL;
+ } else {
+ fi = memset(&local_fi, 0, sizeof(local_fi));
+ }
+
/*
* Walk the page table and (if the mapping exists) add the page
* to the TLB. On success, return true. Otherwise, if probing,
@@ -220,7 +231,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
*/
ret = get_phys_addr(&cpu->env, address, access_type,
core_to_arm_mmu_idx(&cpu->env, mmu_idx),
- &res, &fi);
+ &res, fi);
if (likely(!ret)) {
/*
* Map a single [sub]page. Regions smaller than our declared
@@ -242,7 +253,7 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
} else {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr, true);
- arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi);
+ arm_deliver_fault(cpu, address, access_type, mmu_idx, fi);
}
}
#else
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 51/66] target/arm: Hoist check for disabled stage2 translation.
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (49 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 50/66] target/arm: Use softmmu tlbs for page table walking Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 52/66] target/arm: Split out get_phys_addr_twostage Richard Henderson
` (15 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
If stage2 translation is disabled, E1&0 translation is
just a single stage. Use the complete single stage path
rather than breaking out of the middle of the two stage path.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 628c046cab..d9daaf7536 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2437,9 +2437,10 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
if (mmu_idx != s1_mmu_idx) {
/*
* Call ourselves recursively to do the stage 1 and then stage 2
- * translations if mmu_idx is a two-stage regime.
+ * translations if mmu_idx is a two-stage regime, and stage2 enabled.
*/
- if (arm_feature(env, ARM_FEATURE_EL2)) {
+ if (arm_feature(env, ARM_FEATURE_EL2) &&
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
hwaddr ipa;
int s1_prot;
int ret;
@@ -2452,9 +2453,8 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
ret = get_phys_addr_with_secure(env, address, access_type,
s1_mmu_idx, is_secure, result, fi);
- /* If S1 fails or S2 is disabled, return early. */
- if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2,
- is_secure)) {
+ /* If S1 fails, return early. */
+ if (ret) {
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 52/66] target/arm: Split out get_phys_addr_twostage
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (50 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 51/66] target/arm: Hoist check for disabled stage2 translation Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 53/66] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
` (14 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 182 +++++++++++++++++++++++++----------------------
1 file changed, 96 insertions(+), 86 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d9daaf7536..e13a8442c5 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2404,6 +2404,95 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
return 0;
}
+static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx s1_mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
+{
+ hwaddr ipa;
+ int s1_prot;
+ int ret;
+ bool ipa_secure;
+ ARMCacheAttrs cacheattrs1;
+ ARMMMUIdx s2_mmu_idx;
+ bool is_el0;
+ uint64_t hcr;
+
+ ret = get_phys_addr_with_secure(env, address, access_type, s1_mmu_idx,
+ is_secure, result, fi);
+
+ /* If S1 fails, return early. */
+ if (ret) {
+ return ret;
+ }
+
+ ipa = result->f.phys_addr;
+ if (is_secure) {
+ /* Select TCR based on the NS bit from the S1 walk. */
+ ipa_secure = !(result->f.attrs.secure
+ ? env->cp15.vstcr_el2 & VSTCR_SW
+ : env->cp15.vtcr_el2 & VTCR_NSW);
+ } else {
+ ipa_secure = false;
+ }
+
+ s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ is_el0 = s1_mmu_idx == ARMMMUIdx_Stage1_E0;
+
+ /*
+ * S1 is done, now do S2 translation.
+ * Save the stage1 results so that we may merge
+ * prot and cacheattrs later.
+ */
+ s1_prot = result->f.prot;
+ cacheattrs1 = result->cacheattrs;
+ memset(result, 0, sizeof(*result));
+
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ ipa_secure, is_el0, result, fi);
+ fi->s2addr = ipa;
+
+ /* Combine the S1 and S2 perms. */
+ result->f.prot &= s1_prot;
+
+ /* If S2 fails, return early. */
+ if (ret) {
+ return ret;
+ }
+
+ /* Combine the S1 and S2 cache attributes. */
+ hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ if (hcr & HCR_DC) {
+ /*
+ * HCR.DC forces the first stage attributes to
+ * Normal Non-Shareable,
+ * Inner Write-Back Read-Allocate Write-Allocate,
+ * Outer Write-Back Read-Allocate Write-Allocate.
+ * Do not overwrite Tagged within attrs.
+ */
+ if (cacheattrs1.attrs != 0xf0) {
+ cacheattrs1.attrs = 0xff;
+ }
+ cacheattrs1.shareability = 0;
+ }
+ result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
+ result->cacheattrs);
+
+ /* Check if IPA translates to secure or non-secure PA space. */
+ if (is_secure) {
+ if (ipa_secure) {
+ result->f.attrs.secure =
+ !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
+ } else {
+ result->f.attrs.secure =
+ !((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
+ || (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
+ }
+ }
+ return 0;
+}
+
/**
* get_phys_addr - get the physical address for this virtual address
*
@@ -2441,93 +2530,14 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
*/
if (arm_feature(env, ARM_FEATURE_EL2) &&
!regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
- hwaddr ipa;
- int s1_prot;
- int ret;
- bool ipa_secure;
- ARMCacheAttrs cacheattrs1;
- ARMMMUIdx s2_mmu_idx;
- bool is_el0;
- uint64_t hcr;
-
- ret = get_phys_addr_with_secure(env, address, access_type,
- s1_mmu_idx, is_secure, result, fi);
-
- /* If S1 fails, return early. */
- if (ret) {
- return ret;
- }
-
- ipa = result->f.phys_addr;
- if (is_secure) {
- /* Select TCR based on the NS bit from the S1 walk. */
- ipa_secure = !(result->f.attrs.secure
- ? env->cp15.vstcr_el2 & VSTCR_SW
- : env->cp15.vtcr_el2 & VTCR_NSW);
- } else {
- ipa_secure = false;
- }
-
- s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
- is_el0 = mmu_idx == ARMMMUIdx_E10_0;
-
- /*
- * S1 is done, now do S2 translation.
- * Save the stage1 results so that we may merge
- * prot and cacheattrs later.
- */
- s1_prot = result->f.prot;
- cacheattrs1 = result->cacheattrs;
- memset(result, 0, sizeof(*result));
-
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
- ipa_secure, is_el0, result, fi);
- fi->s2addr = ipa;
-
- /* Combine the S1 and S2 perms. */
- result->f.prot &= s1_prot;
-
- /* If S2 fails, return early. */
- if (ret) {
- return ret;
- }
-
- /* Combine the S1 and S2 cache attributes. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
- if (hcr & HCR_DC) {
- /*
- * HCR.DC forces the first stage attributes to
- * Normal Non-Shareable,
- * Inner Write-Back Read-Allocate Write-Allocate,
- * Outer Write-Back Read-Allocate Write-Allocate.
- * Do not overwrite Tagged within attrs.
- */
- if (cacheattrs1.attrs != 0xf0) {
- cacheattrs1.attrs = 0xff;
- }
- cacheattrs1.shareability = 0;
- }
- result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1,
- result->cacheattrs);
-
- /* Check if IPA translates to secure or non-secure PA space. */
- if (is_secure) {
- if (ipa_secure) {
- result->f.attrs.secure =
- !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
- } else {
- result->f.attrs.secure =
- !((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
- || (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
- }
- }
- return 0;
- } else {
- /*
- * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
- */
- mmu_idx = stage_1_mmu_idx(mmu_idx);
+ return get_phys_addr_twostage(env, address, access_type,
+ s1_mmu_idx, is_secure,
+ result, fi);
}
+ /*
+ * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
+ */
+ mmu_idx = s1_mmu_idx;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 53/66] target/arm: Use bool consistently for get_phys_addr subroutines
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (51 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 52/66] target/arm: Split out get_phys_addr_twostage Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 54/66] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
` (13 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The return type of the functions is already bool, but in a few
instances we used an integer type with the return statement.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e13a8442c5..46f5178692 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2380,7 +2380,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
fi->type = ARMFault_AddressSize;
fi->level = 0;
fi->stage2 = false;
- return 1;
+ return true;
}
/*
@@ -2401,7 +2401,7 @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
result->cacheattrs.is_s2_format = false;
result->cacheattrs.shareability = shareability;
result->cacheattrs.attrs = memattr;
- return 0;
+ return false;
}
static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
@@ -2412,7 +2412,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
{
hwaddr ipa;
int s1_prot;
- int ret;
+ bool ret;
bool ipa_secure;
ARMCacheAttrs cacheattrs1;
ARMMMUIdx s2_mmu_idx;
@@ -2490,7 +2490,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
|| (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
}
}
- return 0;
+ return false;
}
/**
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 54/66] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (52 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 53/66] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 55/66] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
` (12 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
If stage2 is disabled, we do not need to adjust mmu_idx.
Below, we'll use get_phys_addr_lpae and not recurse.
Adjust regime_is_user so that it can be used for E10_0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 46f5178692..9366066ae0 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -90,6 +90,7 @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
{
switch (mmu_idx) {
+ case ARMMMUIdx_E10_0:
case ARMMMUIdx_E20_0:
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_MUser:
@@ -99,10 +100,6 @@ static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
return true;
default:
return false;
- case ARMMMUIdx_E10_0:
- case ARMMMUIdx_E10_1:
- case ARMMMUIdx_E10_1_PAN:
- g_assert_not_reached();
}
}
@@ -2534,10 +2531,6 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
s1_mmu_idx, is_secure,
result, fi);
}
- /*
- * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
- */
- mmu_idx = s1_mmu_idx;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 55/66] target/arm: Add ptw_idx argument to S1_ptw_translate
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (53 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 54/66] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 56/66] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
` (11 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Hoist the computation of the mmu_idx for the ptw up to
get_phys_addr_with_secure and get_phys_addr_twostage.
This removes the duplicate check for stage2 disabled
from the middle of the walk, performing it only once.
Pass ptw_idx through get_phys_addr_{v5,v6,lpae} and arm_{ldl,ldq}_ptw.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 100 +++++++++++++++++++++++++++++++----------------
1 file changed, 67 insertions(+), 33 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 9366066ae0..9673b97f79 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -17,7 +17,8 @@
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, bool s1_is_el0,
+ ARMMMUIdx ptw_idx, bool is_secure,
+ bool s1_is_el0,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
@@ -190,20 +191,15 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
}
/* Translate a S1 pagetable walk through S2 if needed. */
-static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
+static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
+ ARMMMUIdx s2_mmu_idx, hwaddr addr,
bool *is_secure_ptr, void **hphys, hwaddr *gphys,
ARMMMUFaultInfo *fi)
{
bool is_secure = *is_secure_ptr;
- ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
CPUTLBEntryFull *full;
int flags;
- if (!arm_mmu_idx_is_stage1_of_2(mmu_idx)
- || regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
- s2_mmu_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
- }
-
env->tlb_fi = fi;
flags = probe_access_full(env, addr, MMU_DATA_LOAD,
arm_to_core_mmu_idx(s2_mmu_idx),
@@ -266,7 +262,8 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr,
/* All loads done in the course of a page table walk go through here. */
static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+ ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
void *hphys;
@@ -274,7 +271,7 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
uint32_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
&hphys, &gphys, fi)) {
/* Failure. */
assert(fi->s1ptw);
@@ -310,7 +307,8 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
}
static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+ ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
void *hphys;
@@ -318,7 +316,7 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
uint64_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, addr, &is_secure,
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
&hphys, &gphys, fi)) {
/* Failure. */
assert(fi->s1ptw);
@@ -463,8 +461,8 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx ptw_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
int level = 1;
uint32_t table;
@@ -483,7 +481,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -521,7 +519,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -582,8 +580,8 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx ptw_idx, bool is_secure,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int level = 1;
@@ -606,7 +604,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -659,7 +657,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, fi);
+ desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -1014,7 +1012,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
*/
static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, bool s1_is_el0,
+ ARMMMUIdx ptw_idx, bool is_secure,
+ bool s1_is_el0,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
@@ -1240,7 +1239,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, fi);
+ descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, ptw_idx, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -2412,7 +2411,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
bool ret;
bool ipa_secure;
ARMCacheAttrs cacheattrs1;
- ARMMMUIdx s2_mmu_idx;
+ ARMMMUIdx s2_mmu_idx, s2_ptw_idx;
bool is_el0;
uint64_t hcr;
@@ -2434,7 +2433,13 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
ipa_secure = false;
}
- s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
+ if (ipa_secure) {
+ s2_mmu_idx = ARMMMUIdx_Stage2_S;
+ s2_ptw_idx = ARMMMUIdx_Phys_S;
+ } else {
+ s2_mmu_idx = ARMMMUIdx_Stage2;
+ s2_ptw_idx = ARMMMUIdx_Phys_NS;
+ }
is_el0 = s1_mmu_idx == ARMMMUIdx_Stage1_E0;
/*
@@ -2446,7 +2451,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, target_ulong address,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
+ ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, s2_ptw_idx,
ipa_secure, is_el0, result, fi);
fi->s2addr = ipa;
@@ -2518,19 +2523,49 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
bool is_secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
+ ARMMMUIdx s1_mmu_idx, s2_mmu_idx, ptw_idx;
- if (mmu_idx != s1_mmu_idx) {
+ switch (mmu_idx) {
+ case ARMMMUIdx_Phys_S:
+ case ARMMMUIdx_Phys_NS:
+ do_disabled:
+ /* Checking Phys early avoids special casing later vs regime_el. */
+ return get_phys_addr_disabled(env, address, access_type, mmu_idx,
+ is_secure, result, fi);
+
+ case ARMMMUIdx_Stage1_E0:
+ case ARMMMUIdx_Stage1_E1:
+ case ARMMMUIdx_Stage1_E1_PAN:
+ /* First stage lookup uses second stage for ptw. */
+ ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ break;
+
+ case ARMMMUIdx_E10_0:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E0;
+ goto do_twostage;
+ case ARMMMUIdx_E10_1:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1;
+ goto do_twostage;
+ case ARMMMUIdx_E10_1_PAN:
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
+ do_twostage:
/*
* Call ourselves recursively to do the stage 1 and then stage 2
* translations if mmu_idx is a two-stage regime, and stage2 enabled.
*/
+ s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
if (arm_feature(env, ARM_FEATURE_EL2) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
+ !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
return get_phys_addr_twostage(env, address, access_type,
s1_mmu_idx, is_secure,
result, fi);
}
+ /* fall through */
+
+ default:
+ /* Single stage and second stage uses physical for ptw. */
+ ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ break;
}
/*
@@ -2587,18 +2622,17 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
- return get_phys_addr_disabled(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ goto do_disabled;
}
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx,
- is_secure, false, result, fi);
+ ptw_idx, is_secure, false, result, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ptw_idx, is_secure, result, fi);
} else {
return get_phys_addr_v5(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ptw_idx, is_secure, result, fi);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 56/66] target/arm: Add isar predicates for FEAT_HAFDBS
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (54 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 55/66] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 57/66] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
` (10 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The MMFR1 field may indicate support for hardware update of
access flag alone, or access flag and dirty bit.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8fb4baf604..4a1a45d424 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4079,6 +4079,16 @@ static inline bool isar_feature_aa64_lva(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0;
}
+static inline bool isar_feature_aa64_hafs(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) != 0;
+}
+
+static inline bool isar_feature_aa64_hdbs(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) >= 2;
+}
+
static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 57/66] target/arm: Extract HA and HD in aa64_va_parameters
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (55 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 56/66] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 58/66] target/arm: Split out S1TranslateResult type Richard Henderson
` (9 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 ++
target/arm/helper.c | 8 +++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index bab3e89227..de8b3392a8 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1014,6 +1014,8 @@ typedef struct ARMVAParameters {
bool using64k : 1;
bool tsz_oob : 1; /* tsz has been clamped to legal range */
bool ds : 1;
+ bool ha : 1;
+ bool hd : 1;
} ARMVAParameters;
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 765638f002..9f24940d20 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10109,7 +10109,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
ARMMMUIdx mmu_idx, bool data)
{
uint64_t tcr = regime_tcr(env, mmu_idx);
- bool epd, hpd, using16k, using64k, tsz_oob, ds;
+ bool epd, hpd, using16k, using64k, tsz_oob, ds, ha, hd;
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
ARMCPU *cpu = env_archcpu(env);
@@ -10127,6 +10127,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
epd = false;
sh = extract32(tcr, 12, 2);
ps = extract32(tcr, 16, 3);
+ ha = extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu);
+ hd = extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu);
ds = extract64(tcr, 32, 1);
} else {
/*
@@ -10151,6 +10153,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
hpd = extract64(tcr, 42, 1);
}
ps = extract64(tcr, 32, 3);
+ ha = extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu);
+ hd = extract64(tcr, 40, 1) && cpu_isar_feature(aa64_hdbs, cpu);
ds = extract64(tcr, 59, 1);
}
@@ -10222,6 +10226,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
.using64k = using64k,
.tsz_oob = tsz_oob,
.ds = ds,
+ .ha = ha,
+ .hd = ha & hd,
};
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 58/66] target/arm: Split out S1TranslateResult type
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (56 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 57/66] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 59/66] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
` (8 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Consolidate the results of S1_ptw_translate in one struct.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 60 ++++++++++++++++++++++++------------------------
1 file changed, 30 insertions(+), 30 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 9673b97f79..7c44e7eadd 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -190,20 +190,25 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
+typedef struct {
+ bool is_secure;
+ void *hphys;
+ hwaddr gphys;
+} S1TranslateResult;
+
/* Translate a S1 pagetable walk through S2 if needed. */
static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMMMUIdx s2_mmu_idx, hwaddr addr,
- bool *is_secure_ptr, void **hphys, hwaddr *gphys,
+ bool is_secure, S1TranslateResult *res,
ARMMMUFaultInfo *fi)
{
- bool is_secure = *is_secure_ptr;
CPUTLBEntryFull *full;
int flags;
env->tlb_fi = fi;
flags = probe_access_full(env, addr, MMU_DATA_LOAD,
arm_to_core_mmu_idx(s2_mmu_idx),
- true, hphys, &full, 0);
+ true, &res->hphys, &full, 0);
env->tlb_fi = NULL;
if (unlikely(flags & TLB_INVALID_MASK)) {
@@ -249,14 +254,13 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
- if (is_secure) {
- /* Check if page table walk is to secure or non-secure PA space. */
- *is_secure_ptr = !(full->attrs.secure
- ? env->cp15.vstcr_el2 & VSTCR_SW
- : env->cp15.vtcr_el2 & VTCR_NSW);
- }
+ /* Check if page table walk is to secure or non-secure PA space. */
+ res->is_secure = (is_secure &&
+ !(full->attrs.secure
+ ? env->cp15.vstcr_el2 & VSTCR_SW
+ : env->cp15.vtcr_el2 & VTCR_NSW));
- *gphys = full->phys_addr;
+ res->gphys = full->phys_addr;
return true;
}
@@ -266,36 +270,34 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- void *hphys;
- hwaddr gphys;
+ S1TranslateResult s1;
uint32_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
- &hphys, &gphys, fi)) {
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
assert(fi->s1ptw);
return 0;
}
be = regime_translation_big_endian(env, mmu_idx);
- if (likely(hphys)) {
+ if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
if (be) {
- data = ldl_be_p(hphys);
+ data = ldl_be_p(s1.hphys);
} else {
- data = ldl_le_p(hphys);
+ data = ldl_le_p(s1.hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = is_secure };
+ MemTxAttrs attrs = { .secure = s1.is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
if (be) {
- data = address_space_ldl_be(as, gphys, attrs, &result);
+ data = address_space_ldl_be(as, s1.gphys, attrs, &result);
} else {
- data = address_space_ldl_le(as, gphys, attrs, &result);
+ data = address_space_ldl_le(as, s1.gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -311,36 +313,34 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- void *hphys;
- hwaddr gphys;
+ S1TranslateResult s1;
uint64_t data;
bool be;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, &is_secure,
- &hphys, &gphys, fi)) {
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
assert(fi->s1ptw);
return 0;
}
be = regime_translation_big_endian(env, mmu_idx);
- if (likely(hphys)) {
+ if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
if (be) {
- data = ldq_be_p(hphys);
+ data = ldq_be_p(s1.hphys);
} else {
- data = ldq_le_p(hphys);
+ data = ldq_le_p(s1.hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = is_secure };
+ MemTxAttrs attrs = { .secure = s1.is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
if (be) {
- data = address_space_ldq_be(as, gphys, attrs, &result);
+ data = address_space_ldq_be(as, s1.gphys, attrs, &result);
} else {
- data = address_space_ldq_le(as, gphys, attrs, &result);
+ data = address_space_ldq_le(as, s1.gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 59/66] target/arm: Move be test for regime into S1TranslateResult
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (57 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 58/66] target/arm: Split out S1TranslateResult type Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 60/66] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
` (7 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Hoist this test out of arm_ld[lq]_ptw into S1_ptw_translate.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7c44e7eadd..e898db8765 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -192,6 +192,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
typedef struct {
bool is_secure;
+ bool be;
void *hphys;
hwaddr gphys;
} S1TranslateResult;
@@ -261,6 +262,7 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
: env->cp15.vtcr_el2 & VTCR_NSW));
res->gphys = full->phys_addr;
+ res->be = regime_translation_big_endian(env, mmu_idx);
return true;
}
@@ -272,7 +274,6 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
CPUState *cs = env_cpu(env);
S1TranslateResult s1;
uint32_t data;
- bool be;
if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
@@ -280,10 +281,9 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return 0;
}
- be = regime_translation_big_endian(env, mmu_idx);
if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (be) {
+ if (s1.be) {
data = ldl_be_p(s1.hphys);
} else {
data = ldl_le_p(s1.hphys);
@@ -294,7 +294,7 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (be) {
+ if (s1.be) {
data = address_space_ldl_be(as, s1.gphys, attrs, &result);
} else {
data = address_space_ldl_le(as, s1.gphys, attrs, &result);
@@ -315,7 +315,6 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
CPUState *cs = env_cpu(env);
S1TranslateResult s1;
uint64_t data;
- bool be;
if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
/* Failure. */
@@ -323,10 +322,9 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return 0;
}
- be = regime_translation_big_endian(env, mmu_idx);
if (likely(s1.hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (be) {
+ if (s1.be) {
data = ldq_be_p(s1.hphys);
} else {
data = ldq_le_p(s1.hphys);
@@ -337,7 +335,7 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (be) {
+ if (s1.be) {
data = address_space_ldq_be(as, s1.gphys, attrs, &result);
} else {
data = address_space_ldq_le(as, s1.gphys, attrs, &result);
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 60/66] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (58 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 59/66] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 61/66] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
` (6 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Separate S1 translation from the actual lookup.
Will enable lpae hardware updates.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 83 +++++++++++++++++++++++++-----------------------
1 file changed, 44 insertions(+), 39 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index e898db8765..9ccbc9bd2b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -267,37 +267,29 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
}
/* All loads done in the course of a page table walk go through here. */
-static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+static uint32_t arm_ldl_ptw(CPUARMState *env, const S1TranslateResult *s1,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- S1TranslateResult s1;
uint32_t data;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
- /* Failure. */
- assert(fi->s1ptw);
- return 0;
- }
-
- if (likely(s1.hphys)) {
+ if (likely(s1->hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (s1.be) {
- data = ldl_be_p(s1.hphys);
+ if (s1->be) {
+ data = ldl_be_p(s1->hphys);
} else {
- data = ldl_le_p(s1.hphys);
+ data = ldl_le_p(s1->hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = s1.is_secure };
+ MemTxAttrs attrs = { .secure = s1->is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (s1.be) {
- data = address_space_ldl_be(as, s1.gphys, attrs, &result);
+ if (s1->be) {
+ data = address_space_ldl_be(as, s1->gphys, attrs, &result);
} else {
- data = address_space_ldl_le(as, s1.gphys, attrs, &result);
+ data = address_space_ldl_le(as, s1->gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -308,37 +300,29 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
return data;
}
-static uint64_t arm_ldq_ptw(CPUARMState *env, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, ARMMMUIdx ptw_idx,
+static uint64_t arm_ldq_ptw(CPUARMState *env, const S1TranslateResult *s1,
ARMMMUFaultInfo *fi)
{
CPUState *cs = env_cpu(env);
- S1TranslateResult s1;
uint64_t data;
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, addr, is_secure, &s1, fi)) {
- /* Failure. */
- assert(fi->s1ptw);
- return 0;
- }
-
- if (likely(s1.hphys)) {
+ if (likely(s1->hphys)) {
/* Page tables are in RAM, and we have the host address. */
- if (s1.be) {
- data = ldq_be_p(s1.hphys);
+ if (s1->be) {
+ data = ldq_be_p(s1->hphys);
} else {
- data = ldq_le_p(s1.hphys);
+ data = ldq_le_p(s1->hphys);
}
} else {
/* Page tables are in MMIO. */
- MemTxAttrs attrs = { .secure = s1.is_secure };
+ MemTxAttrs attrs = { .secure = s1->is_secure };
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
- if (s1.be) {
- data = address_space_ldq_be(as, s1.gphys, attrs, &result);
+ if (s1->be) {
+ data = address_space_ldq_be(as, s1->gphys, attrs, &result);
} else {
- data = address_space_ldq_le(as, s1.gphys, attrs, &result);
+ data = address_space_ldq_le(as, s1->gphys, attrs, &result);
}
if (unlikely(result != MEMTX_OK)) {
fi->type = ARMFault_SyncExternalOnWalk;
@@ -470,6 +454,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
int domain = 0;
int domain_prot;
hwaddr phys_addr;
+ S1TranslateResult s1;
uint32_t dacr;
/* Pagetable walk. */
@@ -479,7 +464,10 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table, is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -517,7 +505,11 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Fine pagetable. */
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table,
+ is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -593,6 +585,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
int domain_prot;
hwaddr phys_addr;
uint32_t dacr;
+ S1TranslateResult s1;
bool ns;
/* Pagetable walk. */
@@ -602,7 +595,10 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
fi->type = ARMFault_Translation;
goto do_fault;
}
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table, is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -655,7 +651,11 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ns = extract32(desc, 3, 1);
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
- desc = arm_ldl_ptw(env, table, is_secure, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, table,
+ is_secure, &s1, fi)) {
+ goto do_fault;
+ }
+ desc = arm_ldl_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
@@ -1231,13 +1231,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
*/
tableattrs = is_secure ? 0 : (1 << 4);
for (;;) {
+ S1TranslateResult s1;
uint64_t descriptor;
bool nstable;
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(env, descaddr, !nstable, mmu_idx, ptw_idx, fi);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
+ !nstable, &s1, fi)) {
+ goto do_fault;
+ }
+ descriptor = arm_ldq_ptw(env, &s1, fi);
if (fi->type != ARMFault_None) {
goto do_fault;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 61/66] target/arm: Add ARMFault_UnsuppAtomicUpdate
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (59 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 60/66] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 62/66] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
` (5 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
This fault type is to be used with FEAT_HAFDBS when
the guest enables hw updates, but places the tables
in memory where atomic updates are unsupported.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index de8b3392a8..46012a349b 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -338,6 +338,7 @@ typedef enum ARMFaultType {
ARMFault_AsyncExternal,
ARMFault_Debug,
ARMFault_TLBConflict,
+ ARMFault_UnsuppAtomicUpdate,
ARMFault_Lockdown,
ARMFault_Exclusive,
ARMFault_ICacheMaint,
@@ -524,6 +525,9 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
case ARMFault_TLBConflict:
fsc = 0x30;
break;
+ case ARMFault_UnsuppAtomicUpdate:
+ fsc = 0x31;
+ break;
case ARMFault_Lockdown:
fsc = 0x34;
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 62/66] target/arm: Remove loop from get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (60 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 61/66] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 63/66] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
` (4 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
The unconditional loop was used both to iterate over levels
and to control parsing of attributes. Use an explicit goto
in both cases.
While this appears less clean for iterating over levels, we
will need to jump back into the middle of this loop for
atomic updates, which is even uglier.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 176 +++++++++++++++++++++++------------------------
1 file changed, 88 insertions(+), 88 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 9ccbc9bd2b..d0981d94d1 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1032,6 +1032,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
bool guarded = false;
+ S1TranslateResult s1;
+ uint64_t descriptor;
+ bool nstable;
/* TODO: This code does not support shareability levels. */
if (aarch64) {
@@ -1230,96 +1233,93 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* bits at each step.
*/
tableattrs = is_secure ? 0 : (1 << 4);
- for (;;) {
- S1TranslateResult s1;
- uint64_t descriptor;
- bool nstable;
- descaddr |= (address >> (stride * (4 - level))) & indexmask;
- descaddr &= ~7ULL;
- nstable = extract32(tableattrs, 4, 1);
- if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
- !nstable, &s1, fi)) {
- goto do_fault;
- }
- descriptor = arm_ldq_ptw(env, &s1, fi);
- if (fi->type != ARMFault_None) {
- goto do_fault;
- }
-
- if (!(descriptor & 1) ||
- (!(descriptor & 2) && (level == 3))) {
- /* Invalid, or the Reserved level 3 encoding */
- goto do_fault;
- }
-
- descaddr = descriptor & descaddrmask;
-
- /*
- * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
- * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
- * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
- * raise AddressSizeFault.
- */
- if (outputsize > 48) {
- if (param.ds) {
- descaddr |= extract64(descriptor, 8, 2) << 50;
- } else {
- descaddr |= extract64(descriptor, 12, 4) << 48;
- }
- } else if (descaddr >> outputsize) {
- fault_type = ARMFault_AddressSize;
- goto do_fault;
- }
-
- if ((descriptor & 2) && (level < 3)) {
- /*
- * Table entry. The top five bits are attributes which may
- * propagate down through lower levels of the table (and
- * which are all arranged so that 0 means "no effect", so
- * we can gather them up by ORing in the bits at each level).
- */
- tableattrs |= extract64(descriptor, 59, 5);
- level++;
- indexmask = indexmask_grainsize;
- continue;
- }
- /*
- * Block entry at level 1 or 2, or page entry at level 3.
- * These are basically the same thing, although the number
- * of bits we pull in from the vaddr varies. Note that although
- * descaddrmask masks enough of the low bits of the descriptor
- * to give a correct page or table address, the address field
- * in a block descriptor is smaller; so we need to explicitly
- * clear the lower bits here before ORing in the low vaddr bits.
- */
- page_size = (1ULL << ((stride * (4 - level)) + 3));
- descaddr &= ~(hwaddr)(page_size - 1);
- descaddr |= (address & (page_size - 1));
- /* Extract attributes from the descriptor */
- attrs = extract64(descriptor, 2, 10)
- | (extract64(descriptor, 52, 12) << 10);
-
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
- /* Stage 2 table descriptors do not include any attribute fields */
- break;
- }
- /* Merge in attributes from table descriptors */
- attrs |= nstable << 3; /* NS */
- guarded = extract64(descriptor, 50, 1); /* GP */
- if (param.hpd) {
- /* HPD disables all the table attributes except NSTable. */
- break;
- }
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
- /*
- * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
- * means "force PL1 access only", which means forcing AP[1] to 0.
- */
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
- break;
+ next_level:
+ descaddr |= (address >> (stride * (4 - level))) & indexmask;
+ descaddr &= ~7ULL;
+ nstable = extract32(tableattrs, 4, 1);
+ if (!S1_ptw_translate(env, mmu_idx, ptw_idx, descaddr,
+ !nstable, &s1, fi)) {
+ goto do_fault;
}
+ descriptor = arm_ldq_ptw(env, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+
+ if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
+ /* Invalid, or the Reserved level 3 encoding */
+ goto do_fault;
+ }
+
+ descaddr = descriptor & descaddrmask;
+
+ /*
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
+ * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
+ * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
+ * raise AddressSizeFault.
+ */
+ if (outputsize > 48) {
+ if (param.ds) {
+ descaddr |= extract64(descriptor, 8, 2) << 50;
+ } else {
+ descaddr |= extract64(descriptor, 12, 4) << 48;
+ }
+ } else if (descaddr >> outputsize) {
+ fault_type = ARMFault_AddressSize;
+ goto do_fault;
+ }
+
+ if ((descriptor & 2) && (level < 3)) {
+ /*
+ * Table entry. The top five bits are attributes which may
+ * propagate down through lower levels of the table (and
+ * which are all arranged so that 0 means "no effect", so
+ * we can gather them up by ORing in the bits at each level).
+ */
+ tableattrs |= extract64(descriptor, 59, 5);
+ level++;
+ indexmask = indexmask_grainsize;
+ goto next_level;
+ }
+
+ /*
+ * Block entry at level 1 or 2, or page entry at level 3.
+ * These are basically the same thing, although the number
+ * of bits we pull in from the vaddr varies. Note that although
+ * descaddrmask masks enough of the low bits of the descriptor
+ * to give a correct page or table address, the address field
+ * in a block descriptor is smaller; so we need to explicitly
+ * clear the lower bits here before ORing in the low vaddr bits.
+ */
+ page_size = (1ULL << ((stride * (4 - level)) + 3));
+ descaddr &= ~(page_size - 1);
+ descaddr |= (address & (page_size - 1));
+ /* Extract attributes from the descriptor */
+ attrs = extract64(descriptor, 2, 10)
+ | (extract64(descriptor, 52, 12) << 10);
+
+ if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ /* Stage 2 table descriptors do not include any attribute fields */
+ goto skip_attrs;
+ }
+ /* Merge in attributes from table descriptors */
+ attrs |= nstable << 3; /* NS */
+ guarded = extract64(descriptor, 50, 1); /* GP */
+ if (param.hpd) {
+ /* HPD disables all the table attributes except NSTable. */
+ goto skip_attrs;
+ }
+ attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
+ /*
+ * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
+ * means "force PL1 access only", which means forcing AP[1] to 0.
+ */
+ attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
+ attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
+ skip_attrs:
+
/*
* Here descaddr is the final physical address, and attributes
* are all in attrs.
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 63/66] target/arm: Fix fault reporting in get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (61 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 62/66] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 64/66] target/arm: Don't shift attrs " Richard Henderson
` (3 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Always overriding fi->type was incorrect, as we would not properly
propagate the fault type from S1_ptw_translate, or arm_ldq_ptw.
Simplify things by providing a new label for a translation fault.
For other faults, store into fi directly.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 31 +++++++++++++------------------
1 file changed, 13 insertions(+), 18 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d0981d94d1..5f3841b466 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1015,8 +1015,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
- /* Read an LPAE long-descriptor translation table. */
- ARMFaultType fault_type = ARMFault_Translation;
uint32_t level;
ARMVAParameters param;
uint64_t ttbr;
@@ -1054,8 +1052,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* so our choice is to always raise the fault.
*/
if (param.tsz_oob) {
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
addrsize = 64 - 8 * param.tbi;
@@ -1092,8 +1089,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
addrsize - inputsize);
if (-top_bits != param.select) {
/* The gap between the two regions is a Translation fault */
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
}
@@ -1125,7 +1121,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* Translation table walk disabled => Translation fault on TLB miss
* Note: This is always 0 on 64-bit EL2 and EL3.
*/
- goto do_fault;
+ goto do_translation_fault;
}
if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
@@ -1156,8 +1152,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (param.ds && stride == 9 && sl2) {
if (sl0 != 0) {
level = 0;
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
startlevel = -1;
} else if (!aarch64 || stride == 9) {
@@ -1176,8 +1171,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
inputsize, stride, outputsize);
if (!ok) {
- fault_type = ARMFault_Translation;
- goto do_fault;
+ goto do_translation_fault;
}
level = startlevel;
}
@@ -1199,7 +1193,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= extract64(ttbr, 2, 4) << 48;
} else if (descaddr >> outputsize) {
level = 0;
- fault_type = ARMFault_AddressSize;
+ fi->type = ARMFault_AddressSize;
goto do_fault;
}
@@ -1249,7 +1243,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
- goto do_fault;
+ goto do_translation_fault;
}
descaddr = descriptor & descaddrmask;
@@ -1267,7 +1261,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr |= extract64(descriptor, 12, 4) << 48;
}
} else if (descaddr >> outputsize) {
- fault_type = ARMFault_AddressSize;
+ fi->type = ARMFault_AddressSize;
goto do_fault;
}
@@ -1324,9 +1318,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
- fault_type = ARMFault_AccessFlag;
if ((attrs & (1 << 8)) == 0) {
/* Access flag */
+ fi->type = ARMFault_AccessFlag;
goto do_fault;
}
@@ -1343,8 +1337,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
- fault_type = ARMFault_Permission;
if (!(result->f.prot & (1 << access_type))) {
+ fi->type = ARMFault_Permission;
goto do_fault;
}
@@ -1389,8 +1383,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
result->f.lg_page_size = ctz64(page_size);
return false;
-do_fault:
- fi->type = fault_type;
+ do_translation_fault:
+ fi->type = ARMFault_Translation;
+ do_fault:
fi->level = level;
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 ||
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 64/66] target/arm: Don't shift attrs in get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (62 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 63/66] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 65/66] target/arm: Consider GP an attribute " Richard Henderson
` (2 subsequent siblings)
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Leave the upper and lower attributes in the place they originate
from in the descriptor. Shifting them around is confusing, since
one cannot read the bit numbers out of the manual. Also, new
attributes have been added which would alter the shifts.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5f3841b466..068ff2025a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1021,7 +1021,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
hwaddr descaddr, indexmask, indexmask_grainsize;
uint32_t tableattrs;
target_ulong page_size;
- uint32_t attrs;
+ uint64_t attrs;
int32_t stride;
int addrsize, inputsize, outputsize;
uint64_t tcr = regime_tcr(env, mmu_idx);
@@ -1291,49 +1291,48 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr &= ~(page_size - 1);
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor */
- attrs = extract64(descriptor, 2, 10)
- | (extract64(descriptor, 52, 12) << 10);
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
/* Stage 2 table descriptors do not include any attribute fields */
goto skip_attrs;
}
/* Merge in attributes from table descriptors */
- attrs |= nstable << 3; /* NS */
+ attrs |= nstable << 5; /* NS */
guarded = extract64(descriptor, 50, 1); /* GP */
if (param.hpd) {
/* HPD disables all the table attributes except NSTable. */
goto skip_attrs;
}
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
+ attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
/*
* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
* means "force PL1 access only", which means forcing AP[1] to 0.
*/
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
+ attrs &= ~(extract64(tableattrs, 2, 1) << 6); /* !APT[0] => AP[1] */
+ attrs |= extract32(tableattrs, 3, 1) << 7; /* APT[1] => AP[2] */
skip_attrs:
/*
* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
- if ((attrs & (1 << 8)) == 0) {
+ if ((attrs & (1 << 10)) == 0) {
/* Access flag */
fi->type = ARMFault_AccessFlag;
goto do_fault;
}
- ap = extract32(attrs, 4, 2);
+ ap = extract32(attrs, 6, 2);
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
ns = mmu_idx == ARMMMUIdx_Stage2;
- xn = extract32(attrs, 11, 2);
+ xn = extract64(attrs, 54, 2);
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
} else {
- ns = extract32(attrs, 3, 1);
- xn = extract32(attrs, 12, 1);
- pxn = extract32(attrs, 11, 1);
+ ns = extract32(attrs, 5, 1);
+ xn = extract64(attrs, 54, 1);
+ pxn = extract64(attrs, 53, 1);
result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
@@ -1358,10 +1357,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
result->cacheattrs.is_s2_format = true;
- result->cacheattrs.attrs = extract32(attrs, 0, 4);
+ result->cacheattrs.attrs = extract32(attrs, 2, 4);
} else {
/* Index into MAIR registers for cache attributes */
- uint8_t attrindx = extract32(attrs, 0, 3);
+ uint8_t attrindx = extract32(attrs, 2, 3);
uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
assert(attrindx <= 7);
result->cacheattrs.is_s2_format = false;
@@ -1376,7 +1375,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
if (param.ds) {
result->cacheattrs.shareability = param.sh;
} else {
- result->cacheattrs.shareability = extract32(attrs, 6, 2);
+ result->cacheattrs.shareability = extract32(attrs, 8, 2);
}
result->f.phys_addr = descaddr;
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 65/66] target/arm: Consider GP an attribute in get_phys_addr_lpae
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (63 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 64/66] target/arm: Don't shift attrs " Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 66/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-09-22 10:56 ` [PATCH v2 00/66] " Peter Maydell
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Both GP and DBM are in the upper attribute block.
Extend the computation of attrs to include them,
then simplify the setting of guarded.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 068ff2025a..c38c7d2a65 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1029,7 +1029,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
uint32_t el = regime_el(env, mmu_idx);
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
- bool guarded = false;
S1TranslateResult s1;
uint64_t descriptor;
bool nstable;
@@ -1291,7 +1290,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr &= ~(page_size - 1);
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor */
- attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
/* Stage 2 table descriptors do not include any attribute fields */
@@ -1299,7 +1298,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
/* Merge in attributes from table descriptors */
attrs |= nstable << 5; /* NS */
- guarded = extract64(descriptor, 50, 1); /* GP */
if (param.hpd) {
/* HPD disables all the table attributes except NSTable. */
goto skip_attrs;
@@ -1352,7 +1350,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
/* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
- result->f.guarded = guarded;
+ result->f.guarded = extract64(attrs, 50, 1); /* GP */
}
if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* [PATCH v2 66/66] target/arm: Implement FEAT_HAFDBS
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (64 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 65/66] target/arm: Consider GP an attribute " Richard Henderson
@ 2022-08-22 15:27 ` Richard Henderson
2022-09-22 10:56 ` [PATCH v2 00/66] " Peter Maydell
66 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-08-22 15:27 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Perform the atomic update for hardware management of the access flag
and the dirty bit.
A limitation of the implementation so far is that the page table
itself must already be writable, i.e. the dirty bit for the stage2
page table must already be set, i.e. we cannot set both dirty bits
at the same time.
This is allowed because it is CONSTRAINED UNPREDICTABLE whether any
atomic update happens at all. The implementation is allowed to simply
fall back on software update at any time.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
docs/system/arm/emulation.rst | 1 +
target/arm/cpu64.c | 1 +
target/arm/ptw.c | 115 ++++++++++++++++++++++++++++++++--
3 files changed, 113 insertions(+), 4 deletions(-)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 8e494c8bea..3eee95c39b 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -30,6 +30,7 @@ the following architecture extensions:
- FEAT_FRINTTS (Floating-point to integer instructions)
- FEAT_FlagM (Flag manipulation instructions v2)
- FEAT_FlagM2 (Enhancements to flag manipulation instructions)
+- FEAT_HAFDBS (Hardware management of the access flag and dirty bit state)
- FEAT_HCX (Support for the HCRX_EL2 register)
- FEAT_HPDS (Hierarchical permission disables)
- FEAT_I8MM (AArch64 Int8 matrix multiplication instructions)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 78e27f778a..98771918c2 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -1037,6 +1037,7 @@ static void aarch64_max_initfn(Object *obj)
cpu->isar.id_aa64mmfr0 = t;
t = cpu->isar.id_aa64mmfr1;
+ t = FIELD_DP64(t, ID_AA64MMFR1, HAFDBS, 2); /* FEAT_HAFDBS */
t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* FEAT_VMID16 */
t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); /* FEAT_VHE */
t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* FEAT_HPDS */
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index c38c7d2a65..c81c51f60c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -193,6 +193,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
typedef struct {
bool is_secure;
bool be;
+ bool rw;
void *hphys;
hwaddr gphys;
} S1TranslateResult;
@@ -221,6 +222,8 @@ static bool S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
return false;
}
+ res->rw = full->prot & PAGE_WRITE;
+
if (s2_mmu_idx == ARMMMUIdx_Stage2 || s2_mmu_idx == ARMMMUIdx_Stage2_S) {
uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
uint8_t s2attrs = full->pte_attrs;
@@ -333,6 +336,56 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, const S1TranslateResult *s1,
return data;
}
+static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
+ uint64_t new_val, const S1TranslateResult *s1,
+ ARMMMUFaultInfo *fi)
+{
+ uint64_t cur_val;
+
+ if (unlikely(!s1->hphys)) {
+ fi->type = ARMFault_UnsuppAtomicUpdate;
+ fi->s1ptw = true;
+ return 0;
+ }
+
+#ifndef CONFIG_ATOMIC64
+ /*
+ * We can't support the atomic operation on the host. We should be
+ * running in round-robin mode though, which means that we would only
+ * race with dma i/o.
+ */
+ qemu_mutex_lock_iothread();
+ if (s1->be) {
+ cur_val = ldq_be_p(s1->hphys);
+ if (cur_val == old_val) {
+ stq_be_p(s1->hphys, new_val);
+ }
+ } else {
+ cur_val = ldq_le_p(s1->hphys);
+ if (cur_val == old_val) {
+ stq_le_p(s1->hphys, new_val);
+ }
+ }
+ qemu_mutex_unlock_iothread();
+#else
+ if (s1->be) {
+ old_val = cpu_to_be64(old_val);
+ new_val = cpu_to_be64(new_val);
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)s1->hphys,
+ old_val, new_val);
+ cur_val = be64_to_cpu(cur_val);
+ } else {
+ old_val = cpu_to_le64(old_val);
+ new_val = cpu_to_le64(new_val);
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)s1->hphys,
+ old_val, new_val);
+ cur_val = le64_to_cpu(cur_val);
+ }
+#endif
+
+ return cur_val;
+}
+
static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
uint32_t *table, uint32_t address)
{
@@ -1240,6 +1293,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
goto do_fault;
}
+ restart_atomic_update:
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
goto do_translation_fault;
@@ -1317,8 +1371,26 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
*/
if ((attrs & (1 << 10)) == 0) {
/* Access flag */
- fi->type = ARMFault_AccessFlag;
- goto do_fault;
+ uint64_t new_des, old_des;
+
+ /*
+ * If HA is disabled, or if the pte is not writable,
+ * pass on the access fault to software.
+ */
+ if (!param.ha || !s1.rw) {
+ fi->type = ARMFault_AccessFlag;
+ goto do_fault;
+ }
+
+ old_des = descriptor;
+ new_des = descriptor | (1 << 10); /* AF */
+ descriptor = arm_casq_ptw(env, old_des, new_des, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+ if (old_des != descriptor) {
+ goto restart_atomic_update;
+ }
}
ap = extract32(attrs, 6, 2);
@@ -1335,8 +1407,43 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
if (!(result->f.prot & (1 << access_type))) {
- fi->type = ARMFault_Permission;
- goto do_fault;
+ uint64_t new_des, old_des;
+
+ /* Writes may set dirty if DBM attribute is set. */
+ if (!param.hd
+ || access_type != MMU_DATA_STORE
+ || !extract64(attrs, 51, 1) /* DBM */
+ || !s1.rw) {
+ fi->type = ARMFault_Permission;
+ goto do_fault;
+ }
+
+ old_des = descriptor;
+ if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
+ new_des = descriptor | (1ull << 7); /* S2AP[1] */
+ } else {
+ new_des = descriptor & ~(1ull << 7); /* AP[2] */
+ }
+
+ /*
+ * If the descriptor didn't change, then attributes weren't the
+ * reason for the permission fault, so deliver it.
+ */
+ if (old_des == new_des) {
+ fi->type = ARMFault_Permission;
+ goto do_fault;
+ }
+
+ descriptor = arm_casq_ptw(env, old_des, new_des, &s1, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
+ if (old_des != descriptor) {
+ goto restart_atomic_update;
+ }
+
+ /* Success: the page is now writable. */
+ result->f.prot |= 1 << MMU_DATA_STORE;
}
if (ns) {
--
2.34.1
^ permalink raw reply related [flat|nested] 106+ messages in thread
* Re: [PATCH v2 01/66] target/arm: Create GetPhysAddrResult
2022-08-22 15:26 ` [PATCH v2 01/66] target/arm: Create GetPhysAddrResult Richard Henderson
@ 2022-09-20 13:50 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 13:50 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
[-- Attachment #1: Type: text/plain, Size: 328 bytes --]
On Mon, 22 Aug 2022 at 16:42, Richard Henderson <
richard.henderson@linaro.org> wrote:
>
> Combine 5 output pointer arguments from get_phys_addr
> into a single struct. Adjust all callers.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
[-- Attachment #2: Type: text/html, Size: 596 bytes --]
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr
2022-08-22 15:26 ` [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
@ 2022-09-20 14:21 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:21 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:28, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The starting security state comes with the translation regime,
> not the current state of arm_is_secure_below_el3().
>
> More use of the local variable, ipa_secure, which does not need
> to be written back to result->attrs.secure -- we compute that
> value later, after the S2 walk is complete.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 22 ++++++++++------------
> 1 file changed, 10 insertions(+), 12 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index 8db2abac01..478ff74550 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -2308,6 +2308,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
> {
> ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
> + bool is_secure = regime_is_secure(env, mmu_idx);
>
> if (mmu_idx != s1_mmu_idx) {
> /*
> @@ -2332,19 +2333,16 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> }
>
> ipa = result->phys;
> - ipa_secure = result->attrs.secure;
> - if (arm_is_secure_below_el3(env)) {
> - if (ipa_secure) {
> - result->attrs.secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
> - } else {
> - result->attrs.secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
> - }
> + if (is_secure) {
> + /* Select TCR based on the NS bit from the S1 walk. */
> + ipa_secure = !(result->attrs.secure
> + ? env->cp15.vstcr_el2 & VSTCR_SW
> + : env->cp15.vtcr_el2 & VTCR_NSW);
> } else {
> - assert(!ipa_secure);
> + ipa_secure = false;
> }
This is mixing two things up:
(1) is the IPA from a first stage translation Secure or Non-secure ?
-- this is what ipa_secure is in the current code
(2) should the s2 translation table walk be Secure or Non-secure ?
-- this is determined by either VSTCR_EL2.SW or .NSW, depending on
what ipa_secure is
This change ends up setting ipa_secure to the answer to q2. If we
want to use it for "is the s2 tt walk secure?" we should give it a
different name, eg s2walk_secure.
We also seem to have lost the assertion that if this is a non-secure
translation regime then we shouldn't have ended up claiming that the
first-stage IPA was Secure.
I agree we don't really want to silently borrow result->attrs.secure
for the place we keep the answer to q2.
>
> - s2_mmu_idx = (result->attrs.secure
> - ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
> + s2_mmu_idx = (ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2);
> is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
>
> /*
> @@ -2388,7 +2386,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> result->cacheattrs);
>
> /* Check if IPA translates to secure or non-secure PA space. */
> - if (arm_is_secure_below_el3(env)) {
> + if (is_secure) {
> if (ipa_secure) {
> result->attrs.secure =
> !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
In particular, looking at the pseudocode for AArch64.SS2OutputPASpace()
I think this code is correctly looking at ipa_secure and the change
above to what that variable is holding means it will now be wrong.
(That is, ipa_secure == true in the old code corresponds to pseudocode's
ipaspace == PAS_Secure.)
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
2022-08-22 15:26 ` [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
@ 2022-09-20 14:24 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:24 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:47, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 69 ++++++++++++++++++------------------------------
> 1 file changed, 26 insertions(+), 43 deletions(-)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6
2022-08-22 15:26 ` [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
@ 2022-09-20 14:25 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:25 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:34, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 30 ++++++++++++++----------------
> 1 file changed, 14 insertions(+), 16 deletions(-)
>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5
2022-08-22 15:26 ` [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
@ 2022-09-20 14:25 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:25 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:43, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
2022-08-22 15:26 ` [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
@ 2022-09-20 14:26 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:26 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:42, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
2022-08-22 15:26 ` [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
@ 2022-09-20 14:26 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:26 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:50, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 36 +++++++++++++++++-------------------
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
2022-08-22 15:26 ` [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
@ 2022-09-20 14:28 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:28 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
2022-08-22 15:26 ` [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
@ 2022-09-20 14:30 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:30 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:49, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
2022-08-22 15:26 ` [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
@ 2022-09-20 14:35 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:35 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:54, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This can be made redundant with result->page_size, by moving the basic
> set of page_size from get_phys_addr_pmsav8. We still need to overwrite
> page_size when v8m_security_lookup signals a subpage.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> @@ -1722,7 +1722,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
> uint32_t addr_page_base = address & TARGET_PAGE_MASK;
> uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
>
> - *is_subpage = false;
> + result->page_size = TARGET_PAGE_SIZE;
> result->phys = address;
> result->prot = 0;
> if (mregion) {
There's a comment just above this that needs updating:
* We set is_subpage to true if the region hit doesn't cover the
* entire TARGET_PAGE the address is within.
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup
2022-08-22 15:26 ` [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
@ 2022-09-20 14:42 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:42 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from v8m_security_lookup,
> passing the new parameter to the lookup instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup
2022-08-22 15:26 ` [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup Richard Henderson
@ 2022-09-20 14:43 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:43 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:53, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from pmsav8_mpu_lookup,
> passing the new parameter to the lookup instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5
2022-08-22 15:26 ` [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
@ 2022-09-20 14:44 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:44 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:59, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_v5,
> passing the new parameter to the lookup instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6
2022-08-22 15:26 ` [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
@ 2022-09-20 14:45 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:45 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:54, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_v6,
> passing the new parameter to the lookup instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8
2022-08-22 15:26 ` [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
@ 2022-09-20 14:46 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:46 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:53, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_pmsav8.
> Since we already had a local variable named secure, use that.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region
2022-08-22 15:26 ` [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
@ 2022-09-20 14:46 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:46 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:36, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from pmsav7_use_background_region,
> using the new parameter instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae
2022-08-22 15:26 ` [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
@ 2022-09-20 14:52 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 14:52 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 17:33, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_lpae,
> using the new parameter instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> @@ -2334,7 +2334,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
> memset(result, 0, sizeof(*result));
>
> ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx,
> - is_el0, result, fi);
> + ipa_secure, is_el0, result, fi);
> fi->s2addr = ipa;
Depending on how we change patch 2, this may want to be looking at
something other than ipa_secure.
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7
2022-08-22 15:26 ` [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7 Richard Henderson
@ 2022-09-20 15:15 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:15 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:58, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_pmsav7,
> using the new parameter instead.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled
2022-08-22 15:26 ` [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
@ 2022-09-20 15:17 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:17 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 16:38, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from regime_translation_disabled,
> using the new parameter instead.
>
> This fixes a bug in S1_ptw_translate and get_phys_addr where we had
> passed ARMMMUIdx_Stage2 and not ARMMMUIdx_Stage2_S to determine if
> Stage2 is disabled, affecting FEAT_SEL2.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5
2022-08-22 15:26 ` [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
@ 2022-09-20 15:18 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:18 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 17:49, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from get_phys_addr_pmsav5.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure
2022-08-22 15:26 ` [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure Richard Henderson
@ 2022-09-20 15:19 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:19 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:44, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Retain the existing get_phys_addr interface using
> the security state derived from mmu_idx.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index c338e2324a..c132d0cada 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -2282,12 +2282,12 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
> * @result: set on translation success.
> * @fi: set to fault info if the translation fails
> */
This doc comment needs updating to add the new parameter.
> -bool get_phys_addr(CPUARMState *env, target_ulong address,
> - MMUAccessType access_type, ARMMMUIdx mmu_idx,
> - GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
> +bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
> + MMUAccessType access_type, ARMMMUIdx mmu_idx,
> + bool is_secure, GetPhysAddrResult *result,
> + ARMMMUFaultInfo *fi)
> {
> ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
> - bool is_secure = regime_is_secure(env, mmu_idx);
>
> if (mmu_idx != s1_mmu_idx) {
> /*
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn
2022-08-22 15:26 ` [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
@ 2022-09-20 15:22 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:22 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm, Alex Bennée
On Mon, 22 Aug 2022 at 17:57, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from v7m_read_half_insn, using
> the new parameter instead.
>
> As it happens, both callers pass true, propagated from the argument
> to arm_v7m_mmu_idx_for_secstate which created the mmu_idx argument,
> but that is a detail of v7m_handle_execute_nsc we need not expose
> to the callee.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE
2022-08-22 15:26 ` [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
@ 2022-09-20 15:24 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:24 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:10, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Remove the use of regime_is_secure from arm_tr_init_disas_context.
> Instead, provide the value of v8m_secure directly from tb_flags.
> Rather than use regime_is_secure, use the env->v7m.secure directly,
> as per arm_mmu_idx_el.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr
2022-08-22 15:26 ` [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
@ 2022-09-20 15:25 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:25 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:56, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is the last use of regime_is_secure; remove it
> entirely before changing the layout of ARMMMUIdx.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write
2022-08-22 15:27 ` [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
@ 2022-09-20 15:33 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:33 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:54, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Use get_phys_addr_with_secure directly. This is the one place
> where the value of is_secure may not equal arm_is_secure(env).
Is there an implicit "for A-profile" here? Various of the
m_helper.c calls to get_phys_addr() still pass in an mmu_idx
requesting an access for a different security state to that
of the current state of the core, I think.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Other than the commit message,
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes
2022-08-22 15:27 ` [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
@ 2022-09-20 15:44 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:44 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 18:13, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> For a-profile, which does not bank system registers,
32-bit A-profile has a pile of banked system registers...
> it takes
> quite a lot of code to switch between security states. In the
> process, registers such as TCR_EL{1,2} must be swapped, which in
> itself requires the flushing of softmmu tlbs. Therefore it
> doesn't buy us anything to separate tlbs by security state.
>
> Retain the distinction between Stage2 and Stage2_S.
>
> This will be important as we implement FEAT_RME, and do not
> wish to add a third set of mmu indexes for Realm state.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/cpu-param.h | 2 +-
> target/arm/cpu.h | 69 +++++++-----------
> target/arm/internals.h | 31 +-------
> target/arm/helper.c | 144 +++++++++++++------------------------
> target/arm/ptw.c | 25 ++-----
> target/arm/translate-a64.c | 8 ---
> target/arm/translate.c | 6 +-
> 7 files changed, 83 insertions(+), 202 deletions(-)
>
> diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
> index 68ffb12427..08681828ac 100644
> --- a/target/arm/cpu-param.h
> +++ b/target/arm/cpu-param.h
> @@ -32,6 +32,6 @@
> # define TARGET_PAGE_BITS_MIN 10
> #endif
>
> -#define NB_MMU_MODES 15
> +#define NB_MMU_MODES 8
>
> #endif
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index ee94d8e653..cea2121f67 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2873,26 +2873,26 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
> * table over and over.
> * 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access
> * Never (PAN) bit within PSTATE.
> + * 7. we fold together the secure and non-secure regimes for A-profile,
> + * because there are no banked system registers,
ditto
> so the process of
> + * switching between secure and non-secure is already heavyweight.
> *
> * This gives us the following list of cases:
> *
> - * NS EL0 EL1&0 stage 1+2 (aka NS PL0)
> - * NS EL1 EL1&0 stage 1+2 (aka NS PL1)
> - * NS EL1 EL1&0 stage 1+2 +PAN
> - * NS EL0 EL2&0
> - * NS EL2 EL2&0
> - * NS EL2 EL2&0 +PAN
> - * NS EL2 (aka NS PL2)
> - * S EL0 EL1&0 (aka S PL0)
> - * S EL1 EL1&0 (not used if EL3 is 32 bit)
> - * S EL1 EL1&0 +PAN
> - * S EL3 (aka S PL1)
> + * EL0 EL1&0 stage 1+2 (aka NS PL0)
> + * EL1 EL1&0 stage 1+2 (aka NS PL1)
> + * EL1 EL1&0 stage 1+2 +PAN
> + * EL0 EL2&0
> + * EL2 EL2&0
> + * EL2 EL2&0 +PAN
> + * EL2 (aka NS PL2)
> + * EL3 (aka S PL1)
> *
> * for a total of 11 different mmu_idx.
This number needs updating :-)
> *
> * R profile CPUs have an MPU, but can use the same set of MMU indexes
> - * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
> - * NS EL2 if we ever model a Cortex-R52).
> + * as A profile. They only need to distinguish EL0 and EL1 (and
> + * EL2 if we ever model a Cortex-R52).
> *
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 09990ca096..b9f1a3d826 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -1671,6 +1671,7 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
> /* Begin with base v8.0 state. */
> uint32_t valid_mask = 0x3fff;
> ARMCPU *cpu = env_archcpu(env);
> + uint64_t changed;
>
> /*
> * Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
> @@ -1730,7 +1731,22 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>
> /* Clear all-context RES0 bits. */
> value &= valid_mask;
> - raw_write(env, ri, value);
> + changed = env->cp15.scr_el3 ^ value;
> + env->cp15.scr_el3 = value;
> +
> + /*
> + * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
> + * we must invalidate all TLBs below EL3.
> + */
> + if (changed & SCR_NS) {
> + tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
> + ARMMMUIdxBit_E20_0 |
> + ARMMMUIdxBit_E10_1 |
> + ARMMMUIdxBit_E20_2 |
> + ARMMMUIdxBit_E10_1_PAN |
> + ARMMMUIdxBit_E20_2_PAN |
> + ARMMMUIdxBit_E2));
In theory I suppose for a CPU without Secure EL2 support we could avoid
flushing the EL2 TLBs, but it's probably not worth worrying about.
> + }
> }
Other than the comment/commit message nits,
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled
2022-08-22 15:27 ` [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled Richard Henderson
@ 2022-09-20 15:46 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:46 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:13, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Use a switch on mmu_idx for the a-profile indexes, instead of
> three different if's vs regime_el and arm_mmu_idx_is_stage1_of_2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
2022-08-22 15:27 ` [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
@ 2022-09-20 15:49 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:49 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:50, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The effect of TGE does not only apply to non-secure state,
> now that Secure EL2 exists.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate
2022-08-22 15:27 ` [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
@ 2022-09-20 15:52 ` Peter Maydell
2022-09-28 19:38 ` Richard Henderson
0 siblings, 1 reply; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:52 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:22, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> For page walking, we may require HCR for a security state
> that is not "current".
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/cpu.h | 20 +++++++++++++-------
> target/arm/helper.c | 11 ++++++++---
> 2 files changed, 21 insertions(+), 10 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index cea2121f67..a08e546de4 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2401,15 +2401,15 @@ static inline bool arm_is_secure(CPUARMState *env)
> * Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
> * This corresponds to the pseudocode EL2Enabled()
> */
> +static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
> +{
> + return (arm_feature(env, ARM_FEATURE_EL2)
> + && (!secure || (env->cp15.scr_el3 & SCR_EEL2)));
This doesn't need the outermost set of ().
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate
2022-08-22 15:27 ` [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
@ 2022-09-20 15:53 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 15:53 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:55, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Rename the argument to is_secure_ptr, and introduce a
> local variable is_secure with the value. We only write
> back to the pointer toward the end of the function.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 31/66] target/arm: Fix S2 disabled check in S1_ptw_translate
2022-08-22 15:27 ` [PATCH v2 31/66] target/arm: Fix S2 disabled check " Richard Henderson
@ 2022-09-20 16:01 ` Peter Maydell
2022-09-28 23:31 ` Richard Henderson
0 siblings, 1 reply; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:01 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:23, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Pass the correct stage2 mmu_idx to regime_translation_disabled,
> which we computed afterward.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index dbe5852af6..680139b478 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -211,11 +211,10 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
> ARMMMUFaultInfo *fi)
> {
> bool is_secure = *is_secure_ptr;
> + ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
>
> if (arm_mmu_idx_is_stage1_of_2(mmu_idx) &&
> - !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
> - ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S
> - : ARMMMUIdx_Stage2;
> + !regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
> GetPhysAddrResult s2 = {};
> int ret;
This doesn't actually change the behaviour, though, right?
regime_translation_disabled() at this point in the patchset doesn't
do anything that makes a distinction between Stage2_S and Stage2 AFAICT.
So this is just making the code clearer; we fixed the actual bug in patch 19.
With a tweaked commit message,
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Alternatively, pull this patch earlier so it's before patch 19 and
is the one fixing the bug; then patch 19 is only adding the
is_secure argument to regime_translation_disabled() and doesn't
fix the bug in passing. That would be neater but maybe the
patchset reshuffle is too painful so I don't insist on it.
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb
2022-08-22 15:27 ` [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
@ 2022-09-20 16:05 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:05 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:41, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This value is unused.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index 680139b478..5c6e5eea88 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -2171,8 +2171,7 @@ static uint8_t force_cacheattr_nibble_wb(uint8_t attr)
> * s1 and s2 for the HCR_EL2.FWB == 1 case, returning the
> * combined attributes in MAIR_EL1 format.
> */
> -static uint8_t combined_attrs_fwb(CPUARMState *env,
> - ARMCacheAttrs s1, ARMCacheAttrs s2)
> +static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
> {
> switch (s2.attrs) {
> case 7:
> @@ -2245,7 +2244,7 @@ static ARMCacheAttrs combine_cacheattrs(CPUARMState *env,
>
> /* Combine memory type and cacheability attributes */
> if (arm_hcr_el2_eff(env) & HCR_FWB) {
> - ret.attrs = combined_attrs_fwb(env, s1, s2);
> + ret.attrs = combined_attrs_fwb(s1, s2);
> } else {
> ret.attrs = combined_attrs_nofwb(env, s1, s2);
> }
There's nothing in the git log, but I'm fairly sure I put the 'env'
argument into this function to make it parallel with the
combined_attrs_nofwb() one.
If you really want to get rid of it,
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines.
2022-08-22 15:27 ` [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines Richard Henderson
@ 2022-09-20 16:07 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:07 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:43, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> These subroutines did not need ENV for anything except
> retrieving the effective value of HCR anyway.
>
> We have computed the effective value of HCR in the callers,
> and this will be especially important for interpreting HCR
> in a non-current security state.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1
2022-08-22 15:27 ` [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
@ 2022-09-20 16:09 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:09 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 17:50, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Use arm_hcr_el2_eff_secstate instead of arm_hcr_el2_eff, so
> that we use is_state instead of the currend security state.
"is_secure", "current"
> These AT* operations have been broken since arm_hcr_el2_eff
> gained a check for "el2 enabled" for Secure EL2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index fe06bb032b..4da932b464 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -146,7 +146,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
> }
> }
>
> - hcr_el2 = arm_hcr_el2_eff(env);
> + hcr_el2 = arm_hcr_el2_eff_secstate(env, is_secure);
>
> switch (mmu_idx) {
> case ARMMMUIdx_Stage2:
> @@ -230,7 +230,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
> return ~0;
> }
>
> - hcr = arm_hcr_el2_eff(env);
> + hcr = arm_hcr_el2_eff_secstate(env, is_secure);
> if ((hcr & HCR_PTW) && ptw_attrs_are_device(hcr, s2.cacheattrs)) {
> /*
> * PTW set and S1 walk touched S2 Device memory:
> @@ -2360,7 +2360,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
> }
>
> /* Combine the S1 and S2 cache attributes. */
> - hcr = arm_hcr_el2_eff(env);
> + hcr = arm_hcr_el2_eff_secstate(env, is_secure);
> if (hcr & HCR_DC) {
> /*
> * HCR.DC forces the first stage attributes to
> @@ -2493,7 +2493,7 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
> result->page_size = TARGET_PAGE_SIZE;
>
> /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
> - hcr = arm_hcr_el2_eff(env);
> + hcr = arm_hcr_el2_eff_secstate(env, is_secure);
> result->cacheattrs.shareability = 0;
> result->cacheattrs.is_s2_format = false;
> if (hcr & HCR_DC) {
> --
> 2.34.1
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled
2022-08-22 15:27 ` [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled Richard Henderson
@ 2022-09-20 16:11 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:11 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 18:52, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 138 +++++++++++++++++++++++++----------------------
> 1 file changed, 74 insertions(+), 64 deletions(-)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled
2022-08-22 15:27 ` [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled Richard Henderson
@ 2022-09-20 16:21 ` Peter Maydell
0 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-20 16:21 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:59, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Use a switch. Do not apply memattr or shareability for Stage2
> translations. Make sure to apply HCR_{DC,DCT} only to Regime_EL10,
> per the pseudocode in AArch64.S1DisabledOutput.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> + check_range:
I'm not super keen on this goto label lurking in the switch
statement -- I would rather we keep the "how do we decide the
memattr and shareability" logic separate from the
"which mmu_idxes do we need to do the range check on" logic.
The simple
if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
range check logic;
}
that we had before seems clearer to me than this use of gotos
and fall-throughs.
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
` (65 preceding siblings ...)
2022-08-22 15:27 ` [PATCH v2 66/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
@ 2022-09-22 10:56 ` Peter Maydell
66 siblings, 0 replies; 106+ messages in thread
From: Peter Maydell @ 2022-09-22 10:56 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 22 Aug 2022 at 16:28, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is a major reorg to arm page table walking. While the result
> here is "merely" Hardware-assited Access Flag and Dirty Bit Setting
> (HAFDBS), the ultimate goal is the Realm Management Extension (RME).
> RME "recommends" that HAFDBS be implemented (I_CSLWZ).
>
> For HAFDBS, being able to find a host pointer for the ram that
> backs a given page table entry is required in order to perform the
> atomic update to that PTE. The easiest way to find a host pointer
> is to use the existing softtlb mechanism. Thus all of the page
> table walkers have been adjusted to take an mmu_idx that corresponds
> to the regime in which the page table is stored. In some cases,
> this is a new "physical" mmu_idx that has a permanent 1-1 mapping.
>
> For RME, "physical" addresses also have page permissions, coming
> from the Root realm Granule Protection Table, which can be thought
> of as a third stage page table lookup. So eventually the new
> Secure and Nonsecure physical mmu indexes will joined by
> Realm and Root physical mmu indexes, and all of them will take
> the new Granule Page Table into account.
>
> Previously, we had A-profile allocate separate mmu_idx for secure
> vs non-secure. I've done away with that. Now, I flush all mmu_idx
> when SCR_EL3.NS is changed. I did not see how we could reasonably
> add 8 more mmu_idx for Realm. Moreover, I had a look through ARM
> Trusted Firmware, at the code paths used to change between Secure
> and Nonsecure. We wind up flushing all of these mmu_idx anyway while
> swapping the EL1+EL2 cpregs, so there is no gain at all in attempting
> to keep them live at the same time within qemu.
Hi; I'm going to take patches 1, 3-16, 18 and 20 into
target-arm.next:
> target/arm: Create GetPhysAddrResult
> target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
> target/arm: Use GetPhysAddrResult in get_phys_addr_v6
> target/arm: Use GetPhysAddrResult in get_phys_addr_v5
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
> target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
> target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
> target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
> target/arm: Add is_secure parameter to v8m_security_lookup
> target/arm: Add secure parameter to pmsav8_mpu_lookup
> target/arm: Add is_secure parameter to get_phys_addr_v5
> target/arm: Add is_secure parameter to get_phys_addr_v6
> target/arm: Add secure parameter to get_phys_addr_pmsav8
> target/arm: Add is_secure parameter to pmsav7_use_background_region
> target/arm: Add secure parameter to get_phys_addr_pmsav7
> target/arm: Add is_secure parameter to get_phys_addr_pmsav5
I haven't looked at the second half of the patchset yet -- I'll
come back to this after having worked through the rest of my
to-review queue.
thanks
-- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate
2022-09-20 15:52 ` Peter Maydell
@ 2022-09-28 19:38 ` Richard Henderson
0 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-09-28 19:38 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 9/20/22 08:52, Peter Maydell wrote:
> On Mon, 22 Aug 2022 at 17:22, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> For page walking, we may require HCR for a security state
>> that is not "current".
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/arm/cpu.h | 20 +++++++++++++-------
>> target/arm/helper.c | 11 ++++++++---
>> 2 files changed, 21 insertions(+), 10 deletions(-)
>>
>> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
>> index cea2121f67..a08e546de4 100644
>> --- a/target/arm/cpu.h
>> +++ b/target/arm/cpu.h
>> @@ -2401,15 +2401,15 @@ static inline bool arm_is_secure(CPUARMState *env)
>> * Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
>> * This corresponds to the pseudocode EL2Enabled()
>> */
>> +static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
>> +{
>> + return (arm_feature(env, ARM_FEATURE_EL2)
>> + && (!secure || (env->cp15.scr_el3 & SCR_EEL2)));
>
> This doesn't need the outermost set of ().
Oh, that's an emacs alignment thing.
r~
>
> Otherwise
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> thanks
> -- PMM
^ permalink raw reply [flat|nested] 106+ messages in thread
* Re: [PATCH v2 31/66] target/arm: Fix S2 disabled check in S1_ptw_translate
2022-09-20 16:01 ` Peter Maydell
@ 2022-09-28 23:31 ` Richard Henderson
0 siblings, 0 replies; 106+ messages in thread
From: Richard Henderson @ 2022-09-28 23:31 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 9/20/22 09:01, Peter Maydell wrote:
> This doesn't actually change the behaviour, though, right?
> regime_translation_disabled() at this point in the patchset doesn't
> do anything that makes a distinction between Stage2_S and Stage2 AFAICT.
> So this is just making the code clearer; we fixed the actual bug in patch 19.
>
> With a tweaked commit message,
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> Alternatively, pull this patch earlier so it's before patch 19 and
> is the one fixing the bug; then patch 19 is only adding the
> is_secure argument to regime_translation_disabled() and doesn't
> fix the bug in passing. That would be neater but maybe the
> patchset reshuffle is too painful so I don't insist on it.
It wasn't too bad to reshuffle.
r~
^ permalink raw reply [flat|nested] 106+ messages in thread
end of thread, other threads:[~2022-09-28 23:33 UTC | newest]
Thread overview: 106+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-22 15:26 [PATCH v2 00/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-08-22 15:26 ` [PATCH v2 01/66] target/arm: Create GetPhysAddrResult Richard Henderson
2022-09-20 13:50 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 02/66] target/arm: Fix ipa_secure in get_phys_addr Richard Henderson
2022-09-20 14:21 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 03/66] target/arm: Use GetPhysAddrResult in get_phys_addr_lpae Richard Henderson
2022-09-20 14:24 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 04/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v6 Richard Henderson
2022-09-20 14:25 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 05/66] target/arm: Use GetPhysAddrResult in get_phys_addr_v5 Richard Henderson
2022-09-20 14:25 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 06/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5 Richard Henderson
2022-09-20 14:26 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 07/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7 Richard Henderson
2022-09-20 14:26 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 08/66] target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8 Richard Henderson
2022-09-20 14:28 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 09/66] target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup Richard Henderson
2022-09-20 14:30 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 10/66] target/arm: Remove is_subpage argument to pmsav8_mpu_lookup Richard Henderson
2022-09-20 14:35 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 11/66] target/arm: Add is_secure parameter to v8m_security_lookup Richard Henderson
2022-09-20 14:42 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 12/66] target/arm: Add secure parameter to pmsav8_mpu_lookup Richard Henderson
2022-09-20 14:43 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 13/66] target/arm: Add is_secure parameter to get_phys_addr_v5 Richard Henderson
2022-09-20 14:44 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 14/66] target/arm: Add is_secure parameter to get_phys_addr_v6 Richard Henderson
2022-09-20 14:45 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 15/66] target/arm: Add secure parameter to get_phys_addr_pmsav8 Richard Henderson
2022-09-20 14:46 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 16/66] target/arm: Add is_secure parameter to pmsav7_use_background_region Richard Henderson
2022-09-20 14:46 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 17/66] target/arm: Add is_secure parameter to get_phys_addr_lpae Richard Henderson
2022-09-20 14:52 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 18/66] target/arm: Add secure parameter to get_phys_addr_pmsav7 Richard Henderson
2022-09-20 15:15 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 19/66] target/arm: Add is_secure parameter to regime_translation_disabled Richard Henderson
2022-09-20 15:17 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 20/66] target/arm: Add is_secure parameter to get_phys_addr_pmsav5 Richard Henderson
2022-09-20 15:18 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 21/66] target/arm: Split out get_phys_addr_with_secure Richard Henderson
2022-09-20 15:19 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 22/66] target/arm: Add is_secure parameter to v7m_read_half_insn Richard Henderson
2022-09-20 15:22 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 23/66] target/arm: Add TBFLAG_M32.SECURE Richard Henderson
2022-09-20 15:24 ` Peter Maydell
2022-08-22 15:26 ` [PATCH v2 24/66] target/arm: Merge regime_is_secure into get_phys_addr Richard Henderson
2022-09-20 15:25 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 25/66] target/arm: Add is_secure parameter to do_ats_write Richard Henderson
2022-09-20 15:33 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 26/66] target/arm: Fold secure and non-secure a-profile mmu indexes Richard Henderson
2022-09-20 15:44 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 27/66] target/arm: Reorg regime_translation_disabled Richard Henderson
2022-09-20 15:46 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 28/66] target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M Richard Henderson
2022-09-20 15:49 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 29/66] target/arm: Introduce arm_hcr_el2_eff_secstate Richard Henderson
2022-09-20 15:52 ` Peter Maydell
2022-09-28 19:38 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 30/66] target/arm: Hoist read of *is_secure in S1_ptw_translate Richard Henderson
2022-09-20 15:53 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 31/66] target/arm: Fix S2 disabled check " Richard Henderson
2022-09-20 16:01 ` Peter Maydell
2022-09-28 23:31 ` Richard Henderson
2022-08-22 15:27 ` [PATCH v2 32/66] target/arm: Remove env argument from combined_attrs_fwb Richard Henderson
2022-09-20 16:05 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 33/66] target/arm: Pass HCR to attribute subroutines Richard Henderson
2022-09-20 16:07 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 34/66] target/arm: Fix ATS12NSO* from S PL1 Richard Henderson
2022-09-20 16:09 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 35/66] target/arm: Split out get_phys_addr_disabled Richard Henderson
2022-09-20 16:11 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 36/66] target/arm: Reorg get_phys_addr_disabled Richard Henderson
2022-09-20 16:21 ` Peter Maydell
2022-08-22 15:27 ` [PATCH v2 37/66] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull Richard Henderson
2022-08-22 15:27 ` [PATCH v2 38/66] accel/tcg: Drop addr member from SavedIOTLB Richard Henderson
2022-08-22 15:27 ` [PATCH v2 39/66] accel/tcg: Suppress auto-invalidate in probe_access_internal Richard Henderson
2022-08-22 15:27 ` [PATCH v2 40/66] accel/tcg: Introduce probe_access_full Richard Henderson
2022-08-22 15:27 ` [PATCH v2 41/66] accel/tcg: Introduce tlb_set_page_full Richard Henderson
2022-08-22 15:27 ` [PATCH v2 42/66] target/arm: Use tlb_set_page_full Richard Henderson
2022-08-22 15:27 ` [PATCH v2 43/66] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA Richard Henderson
2022-08-22 15:27 ` [PATCH v2 44/66] target/arm: Enable TARGET_PAGE_ENTRY_EXTRA Richard Henderson
2022-08-22 15:27 ` [PATCH v2 45/66] target/arm: Use probe_access_full for MTE Richard Henderson
2022-08-22 15:27 ` [PATCH v2 46/66] target/arm: Use probe_access_full for BTI Richard Henderson
2022-08-22 15:27 ` [PATCH v2 47/66] include/exec: Remove target_tlb_bitN from MemTxAttrs Richard Henderson
2022-08-22 15:27 ` [PATCH v2 48/66] target/arm: Add ARMMMUIdx_Phys_{S,NS} Richard Henderson
2022-08-22 15:27 ` [PATCH v2 49/66] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx Richard Henderson
2022-08-22 15:27 ` [PATCH v2 50/66] target/arm: Use softmmu tlbs for page table walking Richard Henderson
2022-08-22 15:27 ` [PATCH v2 51/66] target/arm: Hoist check for disabled stage2 translation Richard Henderson
2022-08-22 15:27 ` [PATCH v2 52/66] target/arm: Split out get_phys_addr_twostage Richard Henderson
2022-08-22 15:27 ` [PATCH v2 53/66] target/arm: Use bool consistently for get_phys_addr subroutines Richard Henderson
2022-08-22 15:27 ` [PATCH v2 54/66] target/arm: Only use ARMMMUIdx_Stage1* for two-stage translation Richard Henderson
2022-08-22 15:27 ` [PATCH v2 55/66] target/arm: Add ptw_idx argument to S1_ptw_translate Richard Henderson
2022-08-22 15:27 ` [PATCH v2 56/66] target/arm: Add isar predicates for FEAT_HAFDBS Richard Henderson
2022-08-22 15:27 ` [PATCH v2 57/66] target/arm: Extract HA and HD in aa64_va_parameters Richard Henderson
2022-08-22 15:27 ` [PATCH v2 58/66] target/arm: Split out S1TranslateResult type Richard Henderson
2022-08-22 15:27 ` [PATCH v2 59/66] target/arm: Move be test for regime into S1TranslateResult Richard Henderson
2022-08-22 15:27 ` [PATCH v2 60/66] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw Richard Henderson
2022-08-22 15:27 ` [PATCH v2 61/66] target/arm: Add ARMFault_UnsuppAtomicUpdate Richard Henderson
2022-08-22 15:27 ` [PATCH v2 62/66] target/arm: Remove loop from get_phys_addr_lpae Richard Henderson
2022-08-22 15:27 ` [PATCH v2 63/66] target/arm: Fix fault reporting in get_phys_addr_lpae Richard Henderson
2022-08-22 15:27 ` [PATCH v2 64/66] target/arm: Don't shift attrs " Richard Henderson
2022-08-22 15:27 ` [PATCH v2 65/66] target/arm: Consider GP an attribute " Richard Henderson
2022-08-22 15:27 ` [PATCH v2 66/66] target/arm: Implement FEAT_HAFDBS Richard Henderson
2022-09-22 10:56 ` [PATCH v2 00/66] " Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.