* [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps
@ 2023-01-27 17:54 Peter Maydell
2023-01-27 17:54 ` [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly Peter Maydell
` (23 more replies)
0 siblings, 24 replies; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
This series implements the FEAT_FGT fine-grained traps architectural
feature. The bulk of this is new system registers HFGRTR_EL2, HFGWTR_EL2,
HFGITR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, which have bits that enable
trapping of system register and system instruction accesses on a
fine-grained basis (typically one or a few sysregs at a time).
In theory we could implement this with our existing ARMCPRegInfo::accessfn
machinery, but we would end up with many many very nearly identical
access functions. Instead this series adds a new ARMCPRegInfo::fgt
field, which specifies which bit in which FGT register should be
checked; this is then tested by code in the access_check_cp_reg
helper function.
A few bits in HFGITR_EL2 allow trapping of instructions which aren't
handled by the ARMCPRegInfo mechanism: ERET and SVC. These we just
implement "by hand". FEAT_FGT also adds new MDCR_EL3.TDCC and
MDCR_EL2.TDCC bits for trapping the Debug Comms Channel registers;
these we implement with a standard accessfn.
The first seven patches are various cleanups and bugfixes that
I noticed while I was doing the FEAT_FGT work. In particular, we
weren't getting the priority of HSTR_EL2 traps right -- these should
take priority over UNDEF-at-EL traps but not over UNDEF-at-EL0 traps.
The rest of the series is FEAT_FGT itself.
thanks
-- PMM
Peter Maydell (23):
target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly
target/arm: Correct syndrome for ATS12NSO* at Secure EL1
target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2,EL3}
target/arm: Move do_coproc_insn() syndrome calculation earlier
target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps
target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
target/arm: Disable HSTR_EL2 traps if EL2 is not enabled
target/arm: Define the FEAT_FGT registers
target/arm: Implement FGT trapping infrastructure
target/arm: Mark up sysregs for HFGRTR bits 0..11
target/arm: Mark up sysregs for HFGRTR bits 12..23
target/arm: Mark up sysregs for HFGRTR bits 24..35
target/arm: Mark up sysregs for HFGRTR bits 36..63
target/arm: Mark up sysregs for HDFGRTR bits 0..11
target/arm: Mark up sysregs for HDFGRTR bits 12..63
target/arm: Mark up sysregs for HFGITR bits 0..11
target/arm: Mark up sysregs for HFGITR bits 12..17
target/arm: Mark up sysregs for HFGITR bits 18..47
target/arm: Mark up sysregs for HFGITR bits 48..63
target/arm: Implement the HFGITR_EL2.ERET trap
target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps
target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps
target/arm: Enable FEAT_FGT on '-cpu max'
docs/system/arm/emulation.rst | 1 +
target/arm/cpregs.h | 484 +++++++++++++++++++++++++++++++++-
target/arm/cpu.h | 18 ++
target/arm/helper.h | 1 +
target/arm/internals.h | 20 ++
target/arm/syndrome.h | 10 +
target/arm/translate.h | 6 +
hw/intc/arm_gicv3_cpuif.c | 2 +
target/arm/cpu64.c | 1 +
target/arm/debug_helper.c | 46 +++-
target/arm/helper.c | 245 ++++++++++++++++-
target/arm/op_helper.c | 65 ++++-
target/arm/translate-a64.c | 22 +-
target/arm/translate.c | 132 ++++++----
14 files changed, 986 insertions(+), 67 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:01 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1 Peter Maydell
` (22 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
The encodings 0,0,C7,C9,0 and 0,0,C7,C9,1 are AT SP1E1RP and AT
S1E1WP, but our ARMCPRegInfo definitions for them incorrectly name
them AT S1E1R and AT S1E1W (which are entirely different
instructions). Fix the names.
(This has no guest-visible effect as the names are for debug purposes
only.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 72b37b7cf17..ccb7d1e1712 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7734,11 +7734,11 @@ static const ARMCPRegInfo vhe_reginfo[] = {
#ifndef CONFIG_USER_ONLY
static const ARMCPRegInfo ats1e1_reginfo[] = {
- { .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
+ { .name = "AT_S1E1RP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.writefn = ats_write64 },
- { .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
+ { .name = "AT_S1E1WP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.writefn = ats_write64 },
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
2023-01-27 17:54 ` [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:04 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3} Peter Maydell
` (21 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
The AArch32 ATS12NSO* address translation operations are supposed to
trap to either EL2 or EL3 if they're executed at Secure EL1 (which
can only happen if EL3 is AArch64). We implement this, but we got
the syndrome value wrong: like other traps to EL2 or EL3 on an
AArch32 cpreg access, they should report the 0x3 syndrome, not the
0x0 'uncategorized' syndrome. This is clear in the access pseudocode
for these instructions.
Fix the syndrome value for these operations by correcting the
returned value from the ats_access() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ccb7d1e1712..6f6772d8e04 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3284,9 +3284,9 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
if (arm_current_el(env) == 1) {
if (arm_is_secure_below_el3(env)) {
if (env->cp15.scr_el3 & SCR_EEL2) {
- return CP_ACCESS_TRAP_UNCATEGORIZED_EL2;
+ return CP_ACCESS_TRAP_EL2;
}
- return CP_ACCESS_TRAP_UNCATEGORIZED_EL3;
+ return CP_ACCESS_TRAP_EL3;
}
return CP_ACCESS_TRAP_UNCATEGORIZED;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3}
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
2023-01-27 17:54 ` [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly Peter Maydell
2023-01-27 17:54 ` [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:11 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier Peter Maydell
` (20 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
We added the CPAccessResult values CP_ACCESS_TRAP_UNCATEGORIZED_EL2
and CP_ACCESS_TRAP_UNCATEGORIZED_EL3 purely in order to use them in
the ats_access() function, but doing so was incorrect (a bug fixed in
a previous commit). There aren't any cases where we want an access
function to be able to request a trap to EL2 or EL3 with a zero
syndrome value, so remove these enum values.
As well as cleaning up dead code, the motivation here is that
we'd like to implement fine-grained-trap handling in
helper_access_check_cp_reg(). Although the fine-grained traps
to EL2 are always lower priority than trap-to-same-EL and
higher priority than trap-to-EL3, they are in the middle of
various other kinds of trap-to-EL2. Knowing that a trap-to-EL2
must always for us have the same syndrome (ie that an access
function will return CP_ACCESS_TRAP_EL2 and there is no other
kind of trap-to-EL2 enum value) means we don't have to try
to choose which of the two syndrome values to report if the
access would trap to EL2 both for the fine-grained-trap and
because the access function requires it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
This isn't just "not used in QEMU"; the architecture doesn't have
any cases where you need to do this, except for the FPCR/FPSR
with HCR_TGE case, which we handle in raise_exception() by
squashing the EC_ADVSIMDFPACCESSTRAP to uncategorized.
---
target/arm/cpregs.h | 4 ++--
target/arm/op_helper.c | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 7e78c2c05c6..9744179df01 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -224,10 +224,10 @@ typedef enum CPAccessResult {
* Access fails and results in an exception syndrome 0x0 ("uncategorized").
* Note that this is not a catch-all case -- the set of cases which may
* result in this failure is specifically defined by the architecture.
+ * This trap is always to the usual target EL, never directly to a
+ * specified target EL.
*/
CP_ACCESS_TRAP_UNCATEGORIZED = (2 << 2),
- CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = CP_ACCESS_TRAP_UNCATEGORIZED | 2,
- CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = CP_ACCESS_TRAP_UNCATEGORIZED | 3,
} CPAccessResult;
typedef struct ARMCPRegInfo ARMCPRegInfo;
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 31f89db8997..def5d3515e2 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -673,6 +673,8 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
case CP_ACCESS_TRAP:
break;
case CP_ACCESS_TRAP_UNCATEGORIZED:
+ /* Only CP_ACCESS_TRAP traps are direct to a specified EL */
+ assert((res & CP_ACCESS_EL_MASK) == 0);
if (cpu_isar_feature(aa64_ids, cpu) && isread &&
arm_cpreg_in_idspace(ri)) {
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (2 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3} Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:13 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps Peter Maydell
` (19 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Rearrange the code in do_coproc_insn() so that we calculate the
syndrome value for a potential trap early; we're about to add a
second check that wants this value earlier than where it is currently
determined.
(Specifically, a trap to EL2 because of HSTR_EL2 should take
priority over an UNDEF to EL1, even when the UNDEF is because
the register does not exist at all or because its ri->access
bits non-configurably fail the access. So the check we put in
for HSTR_EL2 trapping at EL1 (which needs the syndrome) is
going to have to be done before the check "is the ARMCPRegInfo
pointer NULL".)
This commit is just code motion; the change to HSTR_EL2
handling that will use the 'syndrome' variable is in a
subsequent commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/translate.c | 83 +++++++++++++++++++++---------------------
1 file changed, 41 insertions(+), 42 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 365e02fb0b8..9252a464a12 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4718,6 +4718,47 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);
TCGv_ptr tcg_ri = NULL;
bool need_exit_tb;
+ uint32_t syndrome;
+
+ /*
+ * Note that since we are an implementation which takes an
+ * exception on a trapped conditional instruction only if the
+ * instruction passes its condition code check, we can take
+ * advantage of the clause in the ARM ARM that allows us to set
+ * the COND field in the instruction to 0xE in all cases.
+ * We could fish the actual condition out of the insn (ARM)
+ * or the condexec bits (Thumb) but it isn't necessary.
+ */
+ switch (cpnum) {
+ case 14:
+ if (is64) {
+ syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
+ isread, false);
+ } else {
+ syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
+ rt, isread, false);
+ }
+ break;
+ case 15:
+ if (is64) {
+ syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
+ isread, false);
+ } else {
+ syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
+ rt, isread, false);
+ }
+ break;
+ default:
+ /*
+ * ARMv8 defines that only coprocessors 14 and 15 exist,
+ * so this can only happen if this is an ARMv7 or earlier CPU,
+ * in which case the syndrome information won't actually be
+ * guest visible.
+ */
+ assert(!arm_dc_feature(s, ARM_FEATURE_V8));
+ syndrome = syn_uncategorized();
+ break;
+ }
if (!ri) {
/*
@@ -4755,48 +4796,6 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
* Note that on XScale all cp0..c13 registers do an access check
* call in order to handle c15_cpar.
*/
- uint32_t syndrome;
-
- /*
- * Note that since we are an implementation which takes an
- * exception on a trapped conditional instruction only if the
- * instruction passes its condition code check, we can take
- * advantage of the clause in the ARM ARM that allows us to set
- * the COND field in the instruction to 0xE in all cases.
- * We could fish the actual condition out of the insn (ARM)
- * or the condexec bits (Thumb) but it isn't necessary.
- */
- switch (cpnum) {
- case 14:
- if (is64) {
- syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
- isread, false);
- } else {
- syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
- rt, isread, false);
- }
- break;
- case 15:
- if (is64) {
- syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
- isread, false);
- } else {
- syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
- rt, isread, false);
- }
- break;
- default:
- /*
- * ARMv8 defines that only coprocessors 14 and 15 exist,
- * so this can only happen if this is an ARMv7 or earlier CPU,
- * in which case the syndrome information won't actually be
- * guest visible.
- */
- assert(!arm_dc_feature(s, ARM_FEATURE_V8));
- syndrome = syn_uncategorized();
- break;
- }
-
gen_set_condexec(s);
gen_update_pc(s, 0);
tcg_ri = tcg_temp_new_ptr();
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (3 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:24 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1 Peter Maydell
` (18 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
The HSTR_EL2 register has a collection of trap bits which allow
trapping to EL2 for AArch32 EL0 or EL1 accesses to coprocessor
registers. The specification of these bits is that when the bit is
set we should trap
* EL1 accesses
* EL0 accesses, if the access is not UNDEFINED when the
trap bit is 0
In other words, all UNDEF traps from EL0 to EL1 take precedence over
the HSTR_EL2 trap to EL2. (Since this is all AArch32, the only kind
of trap-to-EL1 is the UNDEF.)
Our implementation doesn't quite get this right -- we check for traps
in the order:
* no such register
* ARMCPRegInfo::access bits
* HSTR_EL2 trap bits
* ARMCPRegInfo::accessfn
So UNDEFs that happen because of the access bits or because the
register doesn't exist at all correctly take priority over the
HSTR_EL2 trap, but where a register can UNDEF at EL0 because of the
accessfn we are incorrectly always taking the HSTR_EL2 trap. There
aren't many of these, but one example is the PMCR; if you look at the
access pseudocode for this register you can see that UNDEFs taken
because of the value of PMUSERENR.EN are checked before the HSTR_EL2
bit.
Rearrange helper_access_check_cp_reg() so that we always call the
accessfn, and use its return value if it indicates that the access
traps to EL0 rather than continuing to do the HSTR_EL2 check.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/op_helper.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index def5d3515e2..660dae696dd 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -640,10 +640,24 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
goto fail;
}
+ if (ri->accessfn) {
+ res = ri->accessfn(env, ri, isread);
+ }
+
/*
- * Check for an EL2 trap due to HSTR_EL2. We expect EL0 accesses
- * to sysregs non accessible at EL0 to have UNDEF-ed already.
+ * If the access function indicates a trap from EL0 to EL1 then
+ * that always takes priority over the HSTR_EL2 trap. (If it indicates
+ * a trap to EL3, then the HSTR_EL2 trap takes priority; if it indicates
+ * a trap to EL2, then the syndrome is the same either way so we don't
+ * care whether technically the architecture says that HSTR_EL2 trap or
+ * the other trap takes priority. So we take the "check HSTR_EL2" path
+ * for all of those cases.)
*/
+ if (res != CP_ACCESS_OK && ((res & CP_ACCESS_EL_MASK) == 0) &&
+ arm_current_el(env) == 0) {
+ goto fail;
+ }
+
if (!is_a64(env) && arm_current_el(env) < 2 && ri->cp == 15 &&
(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
uint32_t mask = 1 << ri->crn;
@@ -661,9 +675,6 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
}
}
- if (ri->accessfn) {
- res = ri->accessfn(env, ri, isread);
- }
if (likely(res == CP_ACCESS_OK)) {
return ri;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (4 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:47 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled Peter Maydell
` (17 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
The semantics of HSTR_EL2 require that it traps cpreg accesses
to EL2 for:
* EL1 accesses
* EL0 accesses, if the access is not UNDEFINED when the
trap bit is 0
(You can see this in the I_ZFGJP priority ordering, where HSTR_EL2
traps from EL1 to EL2 are priority 12, UNDEFs are priority 13, and
HSTR_EL2 traps from EL0 are priority 15.)
However, we don't get this right for EL1 accesses which UNDEF because
the register doesn't exist at all or because its ri->access bits
non-configurably forbid the access. At EL1, check for the HSTR_EL2
trap early, before either of these UNDEF reasons.
We have to retain the HSTR_EL2 check in access_check_cp_reg(),
because at EL0 any kind of UNDEF-to-EL1 (including "no such
register", "bad ri->access" and "ri->accessfn returns 'trap to EL1'")
takes precedence over the trap to EL2. But we only need to do that
check for EL0 now.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.h | 1 +
target/arm/op_helper.c | 13 ++++++++++++-
target/arm/translate.c | 37 ++++++++++++++++++++++++++++++++-----
3 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 018b00ea75b..17634b3e7b6 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -81,6 +81,7 @@ DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, i32)
DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)
+DEF_HELPER_3(hstr_trap_check, void, env, i32, i32)
DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)
DEF_HELPER_2(get_cp_reg, i32, env, cptr)
DEF_HELPER_3(set_cp_reg64, void, env, cptr, i64)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 660dae696dd..8ac176e0742 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -624,6 +624,13 @@ uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)
}
}
+void HELPER(hstr_trap_check)(CPUARMState *env, uint32_t mask, uint32_t syndrome)
+{
+ if (env->cp15.hstr_el2 & mask) {
+ raise_exception(env, EXCP_UDEF, syndrome, 2);
+ }
+}
+
const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
uint32_t syndrome, uint32_t isread)
{
@@ -658,7 +665,11 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
goto fail;
}
- if (!is_a64(env) && arm_current_el(env) < 2 && ri->cp == 15 &&
+ /*
+ * HSTR_EL2 traps from EL1 are checked earlier, via hstr_trap_check;
+ * we only need to check here for traps from EL0.
+ */
+ if (!is_a64(env) && arm_current_el(env) == 0 && ri->cp == 15 &&
(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
uint32_t mask = 1 << ri->crn;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 9252a464a12..ec1f2288ff8 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4719,6 +4719,7 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
TCGv_ptr tcg_ri = NULL;
bool need_exit_tb;
uint32_t syndrome;
+ bool emitted_update_pc = false;
/*
* Note that since we are an implementation which takes an
@@ -4760,6 +4761,28 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
break;
}
+ if (s->hstr_active && cpnum == 15 && s->current_el == 1) {
+ /*
+ * At EL1, check for a HSTR_EL2 trap, which must take precedence
+ * over the UNDEF for "no such register" or the UNDEF for "access
+ * permissions forbid this EL1 access". HSTR_EL2 traps from EL0
+ * only happen if the cpreg doesn't UNDEF at EL0, so we do those in
+ * access_check_cp_reg(), after the checks for whether the access
+ * configurably trapped to EL1.
+ */
+ uint32_t maskbit = is64 ? crm : crn;
+
+ if (maskbit != 4 && maskbit != 14) {
+ /* T4 and T14 are RES0 so never cause traps */
+ gen_set_condexec(s);
+ gen_update_pc(s, 0);
+ emitted_update_pc = true;
+ gen_helper_hstr_trap_check(cpu_env,
+ tcg_constant_i32(1 << maskbit),
+ tcg_constant_i32(syndrome));
+ }
+ }
+
if (!ri) {
/*
* Unknown register; this might be a guest error or a QEMU
@@ -4788,7 +4811,7 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
return;
}
- if (s->hstr_active || ri->accessfn ||
+ if ((s->hstr_active && s->current_el == 0) || ri->accessfn ||
(arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
/*
* Emit code to perform further access permissions checks at
@@ -4796,8 +4819,10 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
* Note that on XScale all cp0..c13 registers do an access check
* call in order to handle c15_cpar.
*/
- gen_set_condexec(s);
- gen_update_pc(s, 0);
+ if (!emitted_update_pc) {
+ gen_set_condexec(s);
+ gen_update_pc(s, 0);
+ }
tcg_ri = tcg_temp_new_ptr();
gen_helper_access_check_cp_reg(tcg_ri, cpu_env,
tcg_constant_i32(key),
@@ -4808,8 +4833,10 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
* The readfn or writefn might raise an exception;
* synchronize the CPU state in case it does.
*/
- gen_set_condexec(s);
- gen_update_pc(s, 0);
+ if (!emitted_update_pc) {
+ gen_set_condexec(s);
+ gen_update_pc(s, 0);
+ }
}
/* Handle special cases first */
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (5 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 1:51 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 08/23] target/arm: Define the FEAT_FGT registers Peter Maydell
` (16 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
The HSTR_EL2 register is not supposed to have an effect unless EL2 is
enabled in the current security state. We weren't checking for this,
which meant that if the guest set up the HSTR_EL2 register we would
incorrectly trap even for accesses from Secure EL0 and EL1.
Add the missing checks. (Other places where we look at HSTR_EL2
for the not-in-v8A bits TTEE and TJDBX are already checking that
we are in NS EL0 or EL1, so there we alredy know EL2 is enabled.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 2 +-
target/arm/op_helper.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6f6772d8e04..66966869218 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11716,7 +11716,7 @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
DP_TBFLAG_A32(flags, VFPEN, 1);
}
- if (el < 2 && env->cp15.hstr_el2 &&
+ if (el < 2 && env->cp15.hstr_el2 && arm_is_el2_enabled(env) &&
(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
}
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 8ac176e0742..5c17a5bd176 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -670,6 +670,7 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
* we only need to check here for traps from EL0.
*/
if (!is_a64(env) && arm_current_el(env) == 0 && ri->cp == 15 &&
+ arm_is_el2_enabled(env) &&
(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
uint32_t mask = 1 << ri->crn;
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 08/23] target/arm: Define the FEAT_FGT registers
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (6 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:31 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 09/23] target/arm: Implement FGT trapping infrastructure Peter Maydell
` (15 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Define the system registers which are provided by the
FEAT_FGT fine-grained trap architectural feature:
HFGRTR_EL2, HFGWTR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, HFGITR_EL2
All these registers are a set of bit fields, where each bit is set
for a trap and clear to not trap on a particular system register
access. The R and W register pairs are for system registers,
allowing trapping to be done separately for reads and writes; the I
register is for system instructions where trapping is on instruction
execution.
The data storage in the CPU state struct is arranged as a set of
arrays rather than separate fields so that when we're looking up the
bits for a system register access we can just index into the array
rather than having to use a switch to select a named struct member.
The later FEAT_FGT2 will add extra elements to these arrays.
The field definitions for the new registers are in cpregs.h because
in practice the code that needs them is code that also needs
the cpregs information; cpu.h is included in a lot more files.
We're also going to add some FGT-specific definitions to cpregs.h
in the next commit.
We do not implement HAFGRTR_EL2, because we don't implement
FEAT_AMUv1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 285 ++++++++++++++++++++++++++++++++++++++++++++
target/arm/cpu.h | 15 +++
target/arm/helper.c | 40 +++++++
3 files changed, 340 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 9744179df01..cb3dc567819 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -230,6 +230,291 @@ typedef enum CPAccessResult {
CP_ACCESS_TRAP_UNCATEGORIZED = (2 << 2),
} CPAccessResult;
+/* Indexes into fgt_read[] */
+#define FGTREG_HFGRTR 0
+#define FGTREG_HDFGRTR 1
+/* Indexes into fgt_write[] */
+#define FGTREG_HFGWTR 0
+#define FGTREG_HDFGWTR 1
+/* Indexes into fgt_exec[] */
+#define FGTREG_HFGITR 0
+
+FIELD(HFGRTR_EL2, AFSR0_EL1, 0, 1)
+FIELD(HFGRTR_EL2, AFSR1_EL1, 1, 1)
+FIELD(HFGRTR_EL2, AIDR_EL1, 2, 1)
+FIELD(HFGRTR_EL2, AMAIR_EL1, 3, 1)
+FIELD(HFGRTR_EL2, APDAKEY, 4, 1)
+FIELD(HFGRTR_EL2, APDBKEY, 5, 1)
+FIELD(HFGRTR_EL2, APGAKEY, 6, 1)
+FIELD(HFGRTR_EL2, APIAKEY, 7, 1)
+FIELD(HFGRTR_EL2, APIBKEY, 8, 1)
+FIELD(HFGRTR_EL2, CCSIDR_EL1, 9, 1)
+FIELD(HFGRTR_EL2, CLIDR_EL1, 10, 1)
+FIELD(HFGRTR_EL2, CONTEXTIDR_EL1, 11, 1)
+FIELD(HFGRTR_EL2, CPACR_EL1, 12, 1)
+FIELD(HFGRTR_EL2, CSSELR_EL1, 13, 1)
+FIELD(HFGRTR_EL2, CTR_EL0, 14, 1)
+FIELD(HFGRTR_EL2, DCZID_EL0, 15, 1)
+FIELD(HFGRTR_EL2, ESR_EL1, 16, 1)
+FIELD(HFGRTR_EL2, FAR_EL1, 17, 1)
+FIELD(HFGRTR_EL2, ISR_EL1, 18, 1)
+FIELD(HFGRTR_EL2, LORC_EL1, 19, 1)
+FIELD(HFGRTR_EL2, LOREA_EL1, 20, 1)
+FIELD(HFGRTR_EL2, LORID_EL1, 21, 1)
+FIELD(HFGRTR_EL2, LORN_EL1, 22, 1)
+FIELD(HFGRTR_EL2, LORSA_EL1, 23, 1)
+FIELD(HFGRTR_EL2, MAIR_EL1, 24, 1)
+FIELD(HFGRTR_EL2, MIDR_EL1, 25, 1)
+FIELD(HFGRTR_EL2, MPIDR_EL1, 26, 1)
+FIELD(HFGRTR_EL2, PAR_EL1, 27, 1)
+FIELD(HFGRTR_EL2, REVIDR_EL1, 28, 1)
+FIELD(HFGRTR_EL2, SCTLR_EL1, 29, 1)
+FIELD(HFGRTR_EL2, SCXTNUM_EL1, 30, 1)
+FIELD(HFGRTR_EL2, SCXTNUM_EL0, 31, 1)
+FIELD(HFGRTR_EL2, TCR_EL1, 32, 1)
+FIELD(HFGRTR_EL2, TPIDR_EL1, 33, 1)
+FIELD(HFGRTR_EL2, TPIDRRO_EL0, 34, 1)
+FIELD(HFGRTR_EL2, TPIDR_EL0, 35, 1)
+FIELD(HFGRTR_EL2, TTBR0_EL1, 36, 1)
+FIELD(HFGRTR_EL2, TTBR1_EL1, 37, 1)
+FIELD(HFGRTR_EL2, VBAR_EL1, 38, 1)
+FIELD(HFGRTR_EL2, ICC_IGRPENN_EL1, 39, 1)
+FIELD(HFGRTR_EL2, ERRIDR_EL1, 40, 1)
+FIELD(HFGRTR_EL2, ERRSELR_EL1, 41, 1)
+FIELD(HFGRTR_EL2, ERXFR_EL1, 42, 1)
+FIELD(HFGRTR_EL2, ERXCTLR_EL1, 43, 1)
+FIELD(HFGRTR_EL2, ERXSTATUS_EL1, 44, 1)
+FIELD(HFGRTR_EL2, ERXMISCN_EL1, 45, 1)
+FIELD(HFGRTR_EL2, ERXPFGF_EL1, 46, 1)
+FIELD(HFGRTR_EL2, ERXPFGCTL_EL1, 47, 1)
+FIELD(HFGRTR_EL2, ERXPFGCDN_EL1, 48, 1)
+FIELD(HFGRTR_EL2, ERXADDR_EL1, 49, 1)
+FIELD(HFGRTR_EL2, NACCDATA_EL1, 50, 1)
+/* 51-53: RES0 */
+FIELD(HFGRTR_EL2, NSMPRI_EL1, 54, 1)
+FIELD(HFGRTR_EL2, NTPIDR2_EL0, 55, 1)
+/* 56-63: RES0 */
+
+/* These match HFGRTR but bits for RO registers are RES0 */
+FIELD(HFGWTR_EL2, AFSR0_EL1, 0, 1)
+FIELD(HFGWTR_EL2, AFSR1_EL1, 1, 1)
+FIELD(HFGWTR_EL2, AMAIR_EL1, 3, 1)
+FIELD(HFGWTR_EL2, APDAKEY, 4, 1)
+FIELD(HFGWTR_EL2, APDBKEY, 5, 1)
+FIELD(HFGWTR_EL2, APGAKEY, 6, 1)
+FIELD(HFGWTR_EL2, APIAKEY, 7, 1)
+FIELD(HFGWTR_EL2, APIBKEY, 8, 1)
+FIELD(HFGWTR_EL2, CONTEXTIDR_EL1, 11, 1)
+FIELD(HFGWTR_EL2, CPACR_EL1, 12, 1)
+FIELD(HFGWTR_EL2, CSSELR_EL1, 13, 1)
+FIELD(HFGWTR_EL2, ESR_EL1, 16, 1)
+FIELD(HFGWTR_EL2, FAR_EL1, 17, 1)
+FIELD(HFGWTR_EL2, LORC_EL1, 19, 1)
+FIELD(HFGWTR_EL2, LOREA_EL1, 20, 1)
+FIELD(HFGWTR_EL2, LORN_EL1, 22, 1)
+FIELD(HFGWTR_EL2, LORSA_EL1, 23, 1)
+FIELD(HFGWTR_EL2, MAIR_EL1, 24, 1)
+FIELD(HFGWTR_EL2, PAR_EL1, 27, 1)
+FIELD(HFGWTR_EL2, SCTLR_EL1, 29, 1)
+FIELD(HFGWTR_EL2, SCXTNUM_EL1, 30, 1)
+FIELD(HFGWTR_EL2, SCXTNUM_EL0, 31, 1)
+FIELD(HFGWTR_EL2, TCR_EL1, 32, 1)
+FIELD(HFGWTR_EL2, TPIDR_EL1, 33, 1)
+FIELD(HFGWTR_EL2, TPIDRRO_EL0, 34, 1)
+FIELD(HFGWTR_EL2, TPIDR_EL0, 35, 1)
+FIELD(HFGWTR_EL2, TTBR0_EL1, 36, 1)
+FIELD(HFGWTR_EL2, TTBR1_EL1, 37, 1)
+FIELD(HFGWTR_EL2, VBAR_EL1, 38, 1)
+FIELD(HFGWTR_EL2, ICC_IGRPENN_EL1, 39, 1)
+FIELD(HFGWTR_EL2, ERRSELR_EL1, 41, 1)
+FIELD(HFGWTR_EL2, ERXCTLR_EL1, 43, 1)
+FIELD(HFGWTR_EL2, ERXSTATUS_EL1, 44, 1)
+FIELD(HFGWTR_EL2, ERXMISCN_EL1, 45, 1)
+FIELD(HFGWTR_EL2, ERXPFGCTL_EL1, 47, 1)
+FIELD(HFGWTR_EL2, ERXPFGCDN_EL1, 48, 1)
+FIELD(HFGWTR_EL2, ERXADDR_EL1, 49, 1)
+FIELD(HFGWTR_EL2, NACCDATA_EL1, 50, 1)
+FIELD(HFGWTR_EL2, NSMPRI_EL1, 54, 1)
+FIELD(HFGWTR_EL2, NTPIDR2_EL0, 55, 1)
+
+FIELD(HFGITR_EL2, ICIALLUIS, 0, 1)
+FIELD(HFGITR_EL2, ICIALLU, 1, 1)
+FIELD(HFGITR_EL2, ICIVAU, 2, 1)
+FIELD(HFGITR_EL2, DCIVAC, 3, 1)
+FIELD(HFGITR_EL2, DCISW, 4, 1)
+FIELD(HFGITR_EL2, DCCSW, 5, 1)
+FIELD(HFGITR_EL2, DCCISW, 6, 1)
+FIELD(HFGITR_EL2, DCCVAU, 7, 1)
+FIELD(HFGITR_EL2, DCCVAP, 8, 1)
+FIELD(HFGITR_EL2, DCCVADP, 9, 1)
+FIELD(HFGITR_EL2, DCCIVAC, 10, 1)
+FIELD(HFGITR_EL2, DCZVA, 11, 1)
+FIELD(HFGITR_EL2, ATS1E1R, 12, 1)
+FIELD(HFGITR_EL2, ATS1E1W, 13, 1)
+FIELD(HFGITR_EL2, ATS1E0R, 14, 1)
+FIELD(HFGITR_EL2, ATS1E0W, 15, 1)
+FIELD(HFGITR_EL2, ATS1E1RP, 16, 1)
+FIELD(HFGITR_EL2, ATS1E1WP, 17, 1)
+FIELD(HFGITR_EL2, TLBIVMALLE1OS, 18, 1)
+FIELD(HFGITR_EL2, TLBIVAE1OS, 19, 1)
+FIELD(HFGITR_EL2, TLBIASIDE1OS, 20, 1)
+FIELD(HFGITR_EL2, TLBIVAAE1OS, 21, 1)
+FIELD(HFGITR_EL2, TLBIVALE1OS, 22, 1)
+FIELD(HFGITR_EL2, TLBIVAALE1OS, 23, 1)
+FIELD(HFGITR_EL2, TLBIRVAE1OS, 24, 1)
+FIELD(HFGITR_EL2, TLBIRVAAE1OS, 25, 1)
+FIELD(HFGITR_EL2, TLBIRVALE1OS, 26, 1)
+FIELD(HFGITR_EL2, TLBIRVAALE1OS, 27, 1)
+FIELD(HFGITR_EL2, TLBIVMALLE1IS, 28, 1)
+FIELD(HFGITR_EL2, TLBIVAE1IS, 29, 1)
+FIELD(HFGITR_EL2, TLBIASIDE1IS, 30, 1)
+FIELD(HFGITR_EL2, TLBIVAAE1IS, 31, 1)
+FIELD(HFGITR_EL2, TLBIVALE1IS, 32, 1)
+FIELD(HFGITR_EL2, TLBIVAALE1IS, 33, 1)
+FIELD(HFGITR_EL2, TLBIRVAE1IS, 34, 1)
+FIELD(HFGITR_EL2, TLBIRVAAE1IS, 35, 1)
+FIELD(HFGITR_EL2, TLBIRVALE1IS, 36, 1)
+FIELD(HFGITR_EL2, TLBIRVAALE1IS, 37, 1)
+FIELD(HFGITR_EL2, TLBIRVAE1, 38, 1)
+FIELD(HFGITR_EL2, TLBIRVAAE1, 39, 1)
+FIELD(HFGITR_EL2, TLBIRVALE1, 40, 1)
+FIELD(HFGITR_EL2, TLBIRVAALE1, 41, 1)
+FIELD(HFGITR_EL2, TLBIVMALLE1, 42, 1)
+FIELD(HFGITR_EL2, TLBIVAE1, 43, 1)
+FIELD(HFGITR_EL2, TLBIASIDE1, 44, 1)
+FIELD(HFGITR_EL2, TLBIVAAE1, 45, 1)
+FIELD(HFGITR_EL2, TLBIVALE1, 46, 1)
+FIELD(HFGITR_EL2, TLBIVAALE1, 47, 1)
+FIELD(HFGITR_EL2, CFPRCTX, 48, 1)
+FIELD(HFGITR_EL2, DVPRCTX, 49, 1)
+FIELD(HFGITR_EL2, CPPRCTX, 50, 1)
+FIELD(HFGITR_EL2, ERET, 51, 1)
+FIELD(HFGITR_EL2, SVC_EL0, 52, 1)
+FIELD(HFGITR_EL2, SVC_EL1, 53, 1)
+FIELD(HFGITR_EL2, DCCVAC, 54, 1)
+FIELD(HFGITR_EL2, NBRBINJ, 55, 1)
+FIELD(HFGITR_EL2, NBRBIALL, 56, 1)
+
+FIELD(HDFGRTR_EL2, DBGBCRN_EL1, 0, 1)
+FIELD(HDFGRTR_EL2, DBGBVRN_EL1, 1, 1)
+FIELD(HDFGRTR_EL2, DBGWCRN_EL1, 2, 1)
+FIELD(HDFGRTR_EL2, DBGWVRN_EL1, 3, 1)
+FIELD(HDFGRTR_EL2, MDSCR_EL1, 4, 1)
+FIELD(HDFGRTR_EL2, DBGCLAIM, 5, 1)
+FIELD(HDFGRTR_EL2, DBGAUTHSTATUS_EL1, 6, 1)
+FIELD(HDFGRTR_EL2, DBGPRCR_EL1, 7, 1)
+/* 8: RES0: OSLAR_EL1 is WO */
+FIELD(HDFGRTR_EL2, OSLSR_EL1, 9, 1)
+FIELD(HDFGRTR_EL2, OSECCR_EL1, 10, 1)
+FIELD(HDFGRTR_EL2, OSDLR_EL1, 11, 1)
+FIELD(HDFGRTR_EL2, PMEVCNTRN_EL0, 12, 1)
+FIELD(HDFGRTR_EL2, PMEVTYPERN_EL0, 13, 1)
+FIELD(HDFGRTR_EL2, PMCCFILTR_EL0, 14, 1)
+FIELD(HDFGRTR_EL2, PMCCNTR_EL0, 15, 1)
+FIELD(HDFGRTR_EL2, PMCNTEN, 16, 1)
+FIELD(HDFGRTR_EL2, PMINTEN, 17, 1)
+FIELD(HDFGRTR_EL2, PMOVS, 18, 1)
+FIELD(HDFGRTR_EL2, PMSELR_EL0, 19, 1)
+/* 20: RES0: PMSWINC_EL0 is WO */
+/* 21: RES0: PMCR_EL0 is WO */
+FIELD(HDFGRTR_EL2, PMMIR_EL1, 22, 1)
+FIELD(HDFGRTR_EL2, PMBLIMITR_EL1, 23, 1)
+FIELD(HDFGRTR_EL2, PMBPTR_EL1, 24, 1)
+FIELD(HDFGRTR_EL2, PMBSR_EL1, 25, 1)
+FIELD(HDFGRTR_EL2, PMSCR_EL1, 26, 1)
+FIELD(HDFGRTR_EL2, PMSEVFR_EL1, 27, 1)
+FIELD(HDFGRTR_EL2, PMSFCR_EL1, 28, 1)
+FIELD(HDFGRTR_EL2, PMSICR_EL1, 29, 1)
+FIELD(HDFGRTR_EL2, PMSIDR_EL1, 30, 1)
+FIELD(HDFGRTR_EL2, PMSIRR_EL1, 31, 1)
+FIELD(HDFGRTR_EL2, PMSLATFR_EL1, 32, 1)
+FIELD(HDFGRTR_EL2, TRC, 33, 1)
+FIELD(HDFGRTR_EL2, TRCAUTHSTATUS, 34, 1)
+FIELD(HDFGRTR_EL2, TRCAUXCTLR, 35, 1)
+FIELD(HDFGRTR_EL2, TRCCLAIM, 36, 1)
+FIELD(HDFGRTR_EL2, TRCCNTVRn, 37, 1)
+/* 38, 39: RES0 */
+FIELD(HDFGRTR_EL2, TRCID, 40, 1)
+FIELD(HDFGRTR_EL2, TRCIMSPECN, 41, 1)
+/* 42: RES0: TRCOSLAR is WO */
+FIELD(HDFGRTR_EL2, TRCOSLSR, 43, 1)
+FIELD(HDFGRTR_EL2, TRCPRGCTLR, 44, 1)
+FIELD(HDFGRTR_EL2, TRCSEQSTR, 45, 1)
+FIELD(HDFGRTR_EL2, TRCSSCSRN, 46, 1)
+FIELD(HDFGRTR_EL2, TRCSTATR, 47, 1)
+FIELD(HDFGRTR_EL2, TRCVICTLR, 48, 1)
+/* 49: RES0: TRFCR_EL1 is WO */
+FIELD(HDFGRTR_EL2, TRBBASER_EL1, 50, 1)
+FIELD(HDFGRTR_EL2, TRBIDR_EL1, 51, 1)
+FIELD(HDFGRTR_EL2, TRBLIMITR_EL1, 52, 1)
+FIELD(HDFGRTR_EL2, TRBMAR_EL1, 53, 1)
+FIELD(HDFGRTR_EL2, TRBPTR_EL1, 54, 1)
+FIELD(HDFGRTR_EL2, TRBSR_EL1, 55, 1)
+FIELD(HDFGRTR_EL2, TRBTRG_EL1, 56, 1)
+FIELD(HDFGRTR_EL2, PMUSERENR_EL0, 57, 1)
+FIELD(HDFGRTR_EL2, PMCEIDN_EL0, 58, 1)
+FIELD(HDFGRTR_EL2, NBRBIDR, 59, 1)
+FIELD(HDFGRTR_EL2, NBRBCTL, 60, 1)
+FIELD(HDFGRTR_EL2, NBRBDATA, 61, 1)
+FIELD(HDFGRTR_EL2, NPMSNEVFR_EL1, 62, 1)
+FIELD(HDFGRTR_EL2, PMBIDR_EL1, 63, 1)
+
+/*
+ * These match HDFGRTR_EL2, but bits for RO registers are RES0.
+ * A few bits are for WO registers, where the HDFGRTR_EL2 bit is RES0.
+ */
+FIELD(HDFGWTR_EL2, DBGBCRN_EL1, 0, 1)
+FIELD(HDFGWTR_EL2, DBGBVRN_EL1, 1, 1)
+FIELD(HDFGWTR_EL2, DBGWCRN_EL1, 2, 1)
+FIELD(HDFGWTR_EL2, DBGWVRN_EL1, 3, 1)
+FIELD(HDFGWTR_EL2, MDSCR_EL1, 4, 1)
+FIELD(HDFGWTR_EL2, DBGCLAIM, 5, 1)
+FIELD(HDFGWTR_EL2, DBGPRCR_EL1, 7, 1)
+FIELD(HDFGWTR_EL2, OSLAR_EL1, 8, 1)
+FIELD(HDFGWTR_EL2, OSLSR_EL1, 9, 1)
+FIELD(HDFGWTR_EL2, OSECCR_EL1, 10, 1)
+FIELD(HDFGWTR_EL2, OSDLR_EL1, 11, 1)
+FIELD(HDFGWTR_EL2, PMEVCNTRN_EL0, 12, 1)
+FIELD(HDFGWTR_EL2, PMEVTYPERN_EL0, 13, 1)
+FIELD(HDFGWTR_EL2, PMCCFILTR_EL0, 14, 1)
+FIELD(HDFGWTR_EL2, PMCCNTR_EL0, 15, 1)
+FIELD(HDFGWTR_EL2, PMCNTEN, 16, 1)
+FIELD(HDFGWTR_EL2, PMINTEN, 17, 1)
+FIELD(HDFGWTR_EL2, PMOVS, 18, 1)
+FIELD(HDFGWTR_EL2, PMSELR_EL0, 19, 1)
+FIELD(HDFGWTR_EL2, PMSWINC_EL0, 20, 1)
+FIELD(HDFGWTR_EL2, PMCR_EL0, 21, 1)
+FIELD(HDFGWTR_EL2, PMBLIMITR_EL1, 23, 1)
+FIELD(HDFGWTR_EL2, PMBPTR_EL1, 24, 1)
+FIELD(HDFGWTR_EL2, PMBSR_EL1, 25, 1)
+FIELD(HDFGWTR_EL2, PMSCR_EL1, 26, 1)
+FIELD(HDFGWTR_EL2, PMSEVFR_EL1, 27, 1)
+FIELD(HDFGWTR_EL2, PMSFCR_EL1, 28, 1)
+FIELD(HDFGWTR_EL2, PMSICR_EL1, 29, 1)
+FIELD(HDFGWTR_EL2, PMSIRR_EL1, 31, 1)
+FIELD(HDFGWTR_EL2, PMSLATFR_EL1, 32, 1)
+FIELD(HDFGWTR_EL2, TRC, 33, 1)
+FIELD(HDFGWTR_EL2, TRCAUXCTLR, 35, 1)
+FIELD(HDFGWTR_EL2, TRCCLAIM, 36, 1)
+FIELD(HDFGWTR_EL2, TRCCNTVRn, 37, 1)
+FIELD(HDFGWTR_EL2, TRCIMSPECN, 41, 1)
+FIELD(HDFGWTR_EL2, TRCOSLAR, 42, 1)
+FIELD(HDFGWTR_EL2, TRCPRGCTLR, 44, 1)
+FIELD(HDFGWTR_EL2, TRCSEQSTR, 45, 1)
+FIELD(HDFGWTR_EL2, TRCSSCSRN, 46, 1)
+FIELD(HDFGWTR_EL2, TRCVICTLR, 48, 1)
+FIELD(HDFGWTR_EL2, TRFCR_EL1, 49, 1)
+FIELD(HDFGWTR_EL2, TRBBASER_EL1, 50, 1)
+FIELD(HDFGWTR_EL2, TRBLIMITR_EL1, 52, 1)
+FIELD(HDFGWTR_EL2, TRBMAR_EL1, 53, 1)
+FIELD(HDFGWTR_EL2, TRBPTR_EL1, 54, 1)
+FIELD(HDFGWTR_EL2, TRBSR_EL1, 55, 1)
+FIELD(HDFGWTR_EL2, TRBTRG_EL1, 56, 1)
+FIELD(HDFGWTR_EL2, PMUSERENR_EL0, 57, 1)
+FIELD(HDFGWTR_EL2, NBRBCTL, 60, 1)
+FIELD(HDFGWTR_EL2, NBRBDATA, 61, 1)
+FIELD(HDFGWTR_EL2, NPMSNEVFR_EL1, 62, 1)
+
typedef struct ARMCPRegInfo ARMCPRegInfo;
/*
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8cf70693be4..063024508af 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -529,6 +529,16 @@ typedef struct CPUArchState {
uint64_t disr_el1;
uint64_t vdisr_el2;
uint64_t vsesr_el2;
+
+ /*
+ * Fine-Grained Trap registers. We store these as arrays so the
+ * access checking code doesn't have to manually select
+ * HFGRTR_EL2 vs HFDFGRTR_EL2 etc when looking up the bit to test.
+ * FEAT_FGT2 will add more elements to these arrays.
+ */
+ uint64_t fgt_read[2]; /* HFGRTR, HDFGRTR */
+ uint64_t fgt_write[2]; /* HFGWTR, HDFGWTR */
+ uint64_t fgt_exec[1]; /* HFGITR */
} cp15;
struct {
@@ -4164,6 +4174,11 @@ static inline bool isar_feature_aa64_tgran64_2(const ARMISARegisters *id)
return t >= 2 || (t == 0 && isar_feature_aa64_tgran64(id));
}
+static inline bool isar_feature_aa64_fgt(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, FGT) != 0;
+}
+
static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 66966869218..20527995359 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1869,6 +1869,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
if (cpu_isar_feature(aa64_hcx, cpu)) {
valid_mask |= SCR_HXEN;
}
+ if (cpu_isar_feature(aa64_fgt, cpu)) {
+ valid_mask |= SCR_FGTEN;
+ }
} else {
valid_mask &= ~(SCR_RW | SCR_ST);
if (cpu_isar_feature(aa32_ras, cpu)) {
@@ -7546,6 +7549,39 @@ static const ARMCPRegInfo scxtnum_reginfo[] = {
.access = PL3_RW,
.fieldoffset = offsetof(CPUARMState, scxtnum_el[3]) },
};
+
+static CPAccessResult access_fgt(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ if (arm_current_el(env) == 2 &&
+ arm_feature(env, ARM_FEATURE_EL3) && !(env->cp15.scr_el3 & SCR_FGTEN)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
+static const ARMCPRegInfo fgt_reginfo[] = {
+ { .name = "HFGRTR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 4,
+ .access = PL2_RW, .accessfn = access_fgt,
+ .fieldoffset = offsetof(CPUARMState, cp15.fgt_read[FGTREG_HFGRTR]) },
+ { .name = "HFGWTR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 5,
+ .access = PL2_RW, .accessfn = access_fgt,
+ .fieldoffset = offsetof(CPUARMState, cp15.fgt_write[FGTREG_HFGWTR]) },
+ { .name = "HDFGRTR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 3, .crm = 1, .opc2 = 4,
+ .access = PL2_RW, .accessfn = access_fgt,
+ .fieldoffset = offsetof(CPUARMState, cp15.fgt_read[FGTREG_HDFGRTR]) },
+ { .name = "HDFGWTR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 3, .crm = 1, .opc2 = 5,
+ .access = PL2_RW, .accessfn = access_fgt,
+ .fieldoffset = offsetof(CPUARMState, cp15.fgt_write[FGTREG_HDFGWTR]) },
+ { .name = "HFGITR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 6,
+ .access = PL2_RW, .accessfn = access_fgt,
+ .fieldoffset = offsetof(CPUARMState, cp15.fgt_exec[FGTREG_HFGITR]) },
+};
#endif /* TARGET_AARCH64 */
static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -8933,6 +8969,10 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (cpu_isar_feature(aa64_scxtnum, cpu)) {
define_arm_cp_regs(cpu, scxtnum_reginfo);
}
+
+ if (cpu_isar_feature(aa64_fgt, cpu)) {
+ define_arm_cp_regs(cpu, fgt_reginfo);
+ }
#endif
if (cpu_isar_feature(any_predinv, cpu)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 09/23] target/arm: Implement FGT trapping infrastructure
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (7 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 08/23] target/arm: Define the FEAT_FGT registers Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:36 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11 Peter Maydell
` (14 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Implement the machinery for fine-grained traps on normal sysregs.
Any sysreg with a fine-grained trap will set the new field to
indicate which FGT register bit it should trap on.
FGT traps only happen when an AArch64 EL2 enables them for
an AArch64 EL1. They therefore are only relevant for AArch32
cpregs when the cpreg can be accessed from EL0. The logic
in access_check_cp_reg() will check this, so it is safe to
add a .fgt marking to an ARM_CP_STATE_BOTH ARMCPRegInfo.
The DO_BIT and DO_REV_BIT macros define enum constants FGT_##bitname
which can be used to specify the FGT bit, eg
.fgt = FGT_AFSR0_EL1
(We assume that there is no bit name duplication across the FGT
registers, for brevity's sake.)
Subsequent commits will add the .fgt fields to the relevant register
definitions and define the FGT_nnn values for them.
Note that some of the FGT traps are for instructions that we don't
handle via the cpregs mechanisms (mostly these are instruction traps).
Those we will have to handle separately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 72 ++++++++++++++++++++++++++++++++++++++
target/arm/cpu.h | 1 +
target/arm/internals.h | 20 +++++++++++
target/arm/translate.h | 2 ++
target/arm/helper.c | 9 +++++
target/arm/op_helper.c | 30 ++++++++++++++++
target/arm/translate-a64.c | 3 +-
target/arm/translate.c | 2 ++
8 files changed, 138 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index cb3dc567819..8cc12045af6 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -515,6 +515,73 @@ FIELD(HDFGWTR_EL2, NBRBCTL, 60, 1)
FIELD(HDFGWTR_EL2, NBRBDATA, 61, 1)
FIELD(HDFGWTR_EL2, NPMSNEVFR_EL1, 62, 1)
+/* Which fine-grained trap bit register to check, if any */
+FIELD(FGT, TYPE, 10, 3)
+FIELD(FGT, REV, 9, 1) /* Is bit sense reversed? */
+FIELD(FGT, IDX, 6, 3) /* Index within a uint64_t[] array */
+FIELD(FGT, BITPOS, 0, 6) /* Bit position within the uint64_t */
+
+/*
+ * Macros to define FGT_##bitname enum constants to use in ARMCPRegInfo::fgt
+ * fields. We assume for brevity's sake that there are no duplicated
+ * bit names across the various FGT registers.
+ */
+#define DO_BIT(REG, BITNAME) \
+ FGT_##BITNAME = FGT_##REG | R_##REG##_EL2_##BITNAME##_SHIFT
+
+/* Some bits have reversed sense, so 0 means trap and 1 means not */
+#define DO_REV_BIT(REG, BITNAME) \
+ FGT_##BITNAME = FGT_##REG | FGT_REV | R_##REG##_EL2_##BITNAME##_SHIFT
+
+typedef enum FGTBit {
+ /*
+ * These bits tell us which register arrays to use:
+ * if FGT_R is set then reads are checked against fgt_read[];
+ * if FGT_W is set then writes are checked against fgt_write[];
+ * if FGT_EXEC is set then all accesses are checked against fgt_exec[].
+ *
+ * For almost all bits in the R/W register pairs, the bit exists in
+ * both registers for a RW register, in HFGRTR/HDFGRTR for a RO register
+ * with the corresponding HFGWTR/HDFGTWTR bit being RES0, and vice-versa
+ * for a WO register. There are unfortunately a couple of exceptions
+ * (PMCR_EL0, TRFCR_EL1) where the register being trapped is RW but
+ * the FGT system only allows trapping of writes, not reads.
+ *
+ * Note that we arrange these bits so that a 0 FGTBit means "no trap".
+ */
+ FGT_R = 1 << R_FGT_TYPE_SHIFT,
+ FGT_W = 2 << R_FGT_TYPE_SHIFT,
+ FGT_EXEC = 4 << R_FGT_TYPE_SHIFT,
+ FGT_RW = FGT_R | FGT_W,
+ /* Bit to identify whether trap bit is reversed sense */
+ FGT_REV = R_FGT_REV_MASK,
+
+ /*
+ * If a bit exists in HFGRTR/HDFGRTR then either the register being
+ * trapped is RO or the bit also exists in HFGWTR/HDFGWTR, so we either
+ * want to trap for both reads and writes or else it's harmless to mark
+ * it as trap-on-writes.
+ * If a bit exists only in HFGWTR/HDFGWTR then either the register being
+ * trapped is WO, or else it is one of the two oddball special cases
+ * which are RW but have only a write trap. We mark these as only
+ * FGT_W so we get the right behaviour for those special cases.
+ * (If a bit was added in future that provided only a read trap for an
+ * RW register we'd need to do something special to get the FGT_R bit
+ * only. But this seems unlikely to happen.)
+ *
+ * So for the DO_BIT/DO_REV_BIT macros: use FGT_HFGRTR/FGT_HDFGRTR if
+ * the bit exists in that register. Otherwise use FGT_HFGWTR/FGT_HDFGWTR.
+ */
+ FGT_HFGRTR = FGT_RW | (FGTREG_HFGRTR << R_FGT_IDX_SHIFT),
+ FGT_HFGWTR = FGT_W | (FGTREG_HFGWTR << R_FGT_IDX_SHIFT),
+ FGT_HDFGRTR = FGT_RW | (FGTREG_HDFGRTR << R_FGT_IDX_SHIFT),
+ FGT_HDFGWTR = FGT_W | (FGTREG_HDFGWTR << R_FGT_IDX_SHIFT),
+ FGT_HFGITR = FGT_EXEC | (FGTREG_HFGITR << R_FGT_IDX_SHIFT),
+} FGTBit;
+
+#undef DO_BIT
+#undef DO_REV_BIT
+
typedef struct ARMCPRegInfo ARMCPRegInfo;
/*
@@ -569,6 +636,11 @@ struct ARMCPRegInfo {
CPAccessRights access;
/* Security state: ARM_CP_SECSTATE_* bits/values */
CPSecureState secure;
+ /*
+ * Which fine-grained trap register bit to check, if any. This
+ * value encodes both the trap register and bit within it.
+ */
+ FGTBit fgt;
/*
* The opaque pointer passed to define_arm_cp_regs_with_opaque() when
* this register was defined: can be used to hand data through to the
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 063024508af..5cc81bec9bf 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3170,6 +3170,7 @@ FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
/* Memory operations require alignment: SCTLR_ELx.A or CCR.UNALIGN_TRP */
FIELD(TBFLAG_ANY, ALIGN_MEM, 10, 1)
FIELD(TBFLAG_ANY, PSTATE__IL, 11, 1)
+FIELD(TBFLAG_ANY, FGT_ACTIVE, 12, 1)
/*
* Bit usage when in AArch32 state, both A- and M-profile.
diff --git a/target/arm/internals.h b/target/arm/internals.h
index d9555309df0..e1e018da463 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1377,4 +1377,24 @@ static inline uint64_t arm_mdcr_el2_eff(CPUARMState *env)
((1 << (1 - 1)) | (1 << (2 - 1)) | \
(1 << (4 - 1)) | (1 << (8 - 1)) | (1 << (16 - 1)))
+/*
+ * Return true if it is possible to take a fine-grained-trap to EL2.
+ */
+static inline bool arm_fgt_active(CPUARMState *env, int el)
+{
+ /*
+ * The Arm ARM only requires the "{E2H,TGE} != {1,1}" test for traps
+ * that can affect EL0, but it is harmless to do the test also for
+ * traps on registers that are only accessible at EL1 because if the test
+ * returns true then we can't be executing at EL1 anyway.
+ * FGT traps only happen when EL2 is enabled and EL1 is AArch64;
+ * traps from AArch32 only happen for the EL0 is AArch32 case.
+ */
+ return cpu_isar_feature(aa64_fgt, env_archcpu(env)) &&
+ el < 2 && arm_is_el2_enabled(env) &&
+ arm_el_is_aa64(env, 1) &&
+ (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE) &&
+ (!arm_feature(env, ARM_FEATURE_EL3) || (env->cp15.scr_el3 & SCR_FGTEN));
+}
+
#endif
diff --git a/target/arm/translate.h b/target/arm/translate.h
index f17f095cbe2..599902016dc 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -130,6 +130,8 @@ typedef struct DisasContext {
bool is_nonstreaming;
/* True if MVE insns are definitely not predicated by VPR or LTPSIZE */
bool mve_no_pred;
+ /* True if fine-grained traps are active */
+ bool fgt_active;
/*
* >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
* < 0, set by the current instruction.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 20527995359..2389e41bd07 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11689,6 +11689,7 @@ static CPUARMTBFlags rebuild_hflags_common(CPUARMState *env, int fp_el,
if (arm_singlestep_active(env)) {
DP_TBFLAG_ANY(flags, SS_ACTIVE, 1);
}
+
return flags;
}
@@ -11761,6 +11762,10 @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
DP_TBFLAG_A32(flags, HSTR_ACTIVE, 1);
}
+ if (arm_fgt_active(env, el)) {
+ DP_TBFLAG_ANY(flags, FGT_ACTIVE, 1);
+ }
+
if (env->uncached_cpsr & CPSR_IL) {
DP_TBFLAG_ANY(flags, PSTATE__IL, 1);
}
@@ -11895,6 +11900,10 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
DP_TBFLAG_ANY(flags, PSTATE__IL, 1);
}
+ if (arm_fgt_active(env, el)) {
+ DP_TBFLAG_ANY(flags, FGT_ACTIVE, 1);
+ }
+
if (cpu_isar_feature(aa64_mte, env_archcpu(env))) {
/*
* Set MTE_ACTIVE if any access may be Checked, and leave clear
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 5c17a5bd176..6787834502b 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -687,6 +687,36 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
}
}
+ /*
+ * Fine-grained traps also are lower priority than undef-to-EL1,
+ * higher priority than trap-to-EL3, and we don't care about priority
+ * order with other EL2 traps because the syndrome value is the same.
+ */
+ if (arm_fgt_active(env, arm_current_el(env))) {
+ uint64_t trapword = 0;
+ unsigned int idx = FIELD_EX32(ri->fgt, FGT, IDX);
+ unsigned int bitpos = FIELD_EX32(ri->fgt, FGT, BITPOS);
+ bool rev = FIELD_EX32(ri->fgt, FGT, REV);
+ bool trapbit;
+
+ if (ri->fgt & FGT_EXEC) {
+ assert(idx < ARRAY_SIZE(env->cp15.fgt_exec));
+ trapword = env->cp15.fgt_exec[idx];
+ } else if (isread && (ri->fgt & FGT_R)) {
+ assert(idx < ARRAY_SIZE(env->cp15.fgt_read));
+ trapword = env->cp15.fgt_read[idx];
+ } else if (!isread && (ri->fgt & FGT_W)) {
+ assert(idx < ARRAY_SIZE(env->cp15.fgt_write));
+ trapword = env->cp15.fgt_write[idx];
+ }
+
+ trapbit = extract64(trapword, bitpos, 1);
+ if (trapbit != rev) {
+ res = CP_ACCESS_TRAP_EL2;
+ goto fail;
+ }
+ }
+
if (likely(res == CP_ACCESS_OK)) {
return ri;
}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 52b1b8a1f0a..a47dab4f1dd 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1962,7 +1962,7 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
return;
}
- if (ri->accessfn) {
+ if (ri->accessfn || (ri->fgt && s->fgt_active)) {
/* Emit code to perform further access permissions checks at
* runtime; this may result in an exception.
*/
@@ -14741,6 +14741,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL);
+ dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE);
dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
dc->sme_excp_el = EX_TBFLAG_A64(tb_flags, SMEEXC_EL);
dc->vl = (EX_TBFLAG_A64(tb_flags, VL) + 1) * 16;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index ec1f2288ff8..c23ba5fa7d9 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4812,6 +4812,7 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
}
if ((s->hstr_active && s->current_el == 0) || ri->accessfn ||
+ (ri->fgt && s->fgt_active) ||
(arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
/*
* Emit code to perform further access permissions checks at
@@ -9416,6 +9417,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL);
dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL);
+ dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE);
if (arm_feature(env, ARM_FEATURE_M)) {
dc->vfp_enabled = 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (8 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 09/23] target/arm: Implement FGT trapping infrastructure Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:36 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23 Peter Maydell
` (13 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the registers trapped
by HFGRTR/HFGWTR bits 0..11.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
The annotation of the cpreg definitions is split into multiple
patches for ease of review, 12 bits or so at a time.
---
target/arm/cpregs.h | 14 ++++++++++++++
target/arm/helper.c | 17 +++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 8cc12045af6..82f2cefff0a 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -577,6 +577,20 @@ typedef enum FGTBit {
FGT_HDFGRTR = FGT_RW | (FGTREG_HDFGRTR << R_FGT_IDX_SHIFT),
FGT_HDFGWTR = FGT_W | (FGTREG_HDFGWTR << R_FGT_IDX_SHIFT),
FGT_HFGITR = FGT_EXEC | (FGTREG_HFGITR << R_FGT_IDX_SHIFT),
+
+ /* Trap bits in HFGRTR_EL2 / HFGWTR_EL2, starting from bit 0. */
+ DO_BIT(HFGRTR, AFSR0_EL1),
+ DO_BIT(HFGRTR, AFSR1_EL1),
+ DO_BIT(HFGRTR, AIDR_EL1),
+ DO_BIT(HFGRTR, AMAIR_EL1),
+ DO_BIT(HFGRTR, APDAKEY),
+ DO_BIT(HFGRTR, APDBKEY),
+ DO_BIT(HFGRTR, APGAKEY),
+ DO_BIT(HFGRTR, APIAKEY),
+ DO_BIT(HFGRTR, APIBKEY),
+ DO_BIT(HFGRTR, CCSIDR_EL1),
+ DO_BIT(HFGRTR, CLIDR_EL1),
+ DO_BIT(HFGRTR, CONTEXTIDR_EL1),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2389e41bd07..30e54455ac7 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -633,6 +633,7 @@ static const ARMCPRegInfo cp_reginfo[] = {
{ .name = "CONTEXTIDR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 1,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_CONTEXTIDR_EL1,
.secure = ARM_CP_SECSTATE_NS,
.fieldoffset = offsetof(CPUARMState, cp15.contextidr_el[1]),
.resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, },
@@ -2163,6 +2164,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
.access = PL1_R,
.accessfn = access_tid4,
+ .fgt = FGT_CCSIDR_EL1,
.readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
{ .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
@@ -2179,6 +2181,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 7,
.access = PL1_R, .type = ARM_CP_CONST,
.accessfn = access_aa64_tid1,
+ .fgt = FGT_AIDR_EL1,
.resetvalue = 0 },
/*
* Auxiliary fault status registers: these also are IMPDEF, and we
@@ -2187,10 +2190,12 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
{ .name = "AFSR0_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 5, .crm = 1, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_AFSR0_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "AFSR1_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 5, .crm = 1, .opc2 = 1,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_AFSR1_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
/*
* MAIR can just read-as-written because we don't implement caches
@@ -4392,6 +4397,7 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
{ .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_AMAIR_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
/* AMAIR1 is mapped to AMAIR_EL1[63:32] */
{ .name = "AMAIR1", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 1,
@@ -7041,42 +7047,52 @@ static const ARMCPRegInfo pauth_reginfo[] = {
{ .name = "APDAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APDAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apda.lo) },
{ .name = "APDAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APDAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apda.hi) },
{ .name = "APDBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APDBKEY,
.fieldoffset = offsetof(CPUARMState, keys.apdb.lo) },
{ .name = "APDBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APDBKEY,
.fieldoffset = offsetof(CPUARMState, keys.apdb.hi) },
{ .name = "APGAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APGAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apga.lo) },
{ .name = "APGAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APGAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apga.hi) },
{ .name = "APIAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APIAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apia.lo) },
{ .name = "APIAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APIAKEY,
.fieldoffset = offsetof(CPUARMState, keys.apia.hi) },
{ .name = "APIBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APIBKEY,
.fieldoffset = offsetof(CPUARMState, keys.apib.lo) },
{ .name = "APIBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
+ .fgt = FGT_APIBKEY,
.fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
};
@@ -7940,6 +7956,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
.access = PL1_R, .type = ARM_CP_CONST,
.accessfn = access_tid4,
+ .fgt = FGT_CLIDR_EL1,
.resetvalue = cpu->clidr
};
define_one_arm_cp_reg(cpu, &clidr);
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (9 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:41 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35 Peter Maydell
` (12 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the registers trapped
by HFGRTR/HFGWTR bits 12..23.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 12 ++++++++++++
target/arm/helper.c | 12 ++++++++++++
2 files changed, 24 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 82f2cefff0a..67d87ae8bf5 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -591,6 +591,18 @@ typedef enum FGTBit {
DO_BIT(HFGRTR, CCSIDR_EL1),
DO_BIT(HFGRTR, CLIDR_EL1),
DO_BIT(HFGRTR, CONTEXTIDR_EL1),
+ DO_BIT(HFGRTR, CPACR_EL1),
+ DO_BIT(HFGRTR, CSSELR_EL1),
+ DO_BIT(HFGRTR, CTR_EL0),
+ DO_BIT(HFGRTR, DCZID_EL0),
+ DO_BIT(HFGRTR, ESR_EL1),
+ DO_BIT(HFGRTR, FAR_EL1),
+ DO_BIT(HFGRTR, ISR_EL1),
+ DO_BIT(HFGRTR, LORC_EL1),
+ DO_BIT(HFGRTR, LOREA_EL1),
+ DO_BIT(HFGRTR, LORID_EL1),
+ DO_BIT(HFGRTR, LORN_EL1),
+ DO_BIT(HFGRTR, LORSA_EL1),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 30e54455ac7..c059935d0e6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -869,6 +869,7 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
.access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0, },
{ .name = "CPACR", .state = ARM_CP_STATE_BOTH, .opc0 = 3,
.crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2, .accessfn = cpacr_access,
+ .fgt = FGT_CPACR_EL1,
.access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.cpacr_el1),
.resetfn = cpacr_reset, .writefn = cpacr_write, .readfn = cpacr_read },
};
@@ -2170,6 +2171,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
.access = PL1_RW,
.accessfn = access_tid4,
+ .fgt = FGT_CSSELR_EL1,
.writefn = csselr_write, .resetvalue = 0,
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
offsetof(CPUARMState, cp15.csselr_ns) } },
@@ -2233,6 +2235,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.resetfn = arm_cp_reset_ignore },
{ .name = "ISR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 12, .crm = 1, .opc2 = 0,
+ .fgt = FGT_ISR_EL1,
.type = ARM_CP_NO_RAW, .access = PL1_R, .readfn = isr_read },
/* 32 bit ITLB invalidates */
{ .name = "ITLBIALL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 0,
@@ -4135,6 +4138,7 @@ static const ARMCPRegInfo vmsa_pmsa_cp_reginfo[] = {
{ .name = "FAR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_FAR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.far_el[1]),
.resetvalue = 0, },
};
@@ -4143,6 +4147,7 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = "ESR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .crn = 5, .crm = 2, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_ESR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.esr_el[1]), .resetvalue = 0, },
{ .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 0,
@@ -5215,6 +5220,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
.access = PL0_R, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_DCZID_EL0,
.readfn = aa64_dczid_read },
{ .name = "DC_ZVA", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 4, .opc2 = 1,
@@ -7005,22 +7011,27 @@ static const ARMCPRegInfo lor_reginfo[] = {
{ .name = "LORSA_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 0,
.access = PL1_RW, .accessfn = access_lor_other,
+ .fgt = FGT_LORSA_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "LOREA_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 1,
.access = PL1_RW, .accessfn = access_lor_other,
+ .fgt = FGT_LOREA_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "LORN_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 2,
.access = PL1_RW, .accessfn = access_lor_other,
+ .fgt = FGT_LORN_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "LORC_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 3,
.access = PL1_RW, .accessfn = access_lor_other,
+ .fgt = FGT_LORC_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "LORID_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7,
.access = PL1_R, .accessfn = access_lor_ns,
+ .fgt = FGT_LORID_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
};
@@ -8619,6 +8630,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
{ .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
.access = PL0_R, .accessfn = ctr_el0_access,
+ .fgt = FGT_CTR_EL0,
.type = ARM_CP_CONST, .resetvalue = cpu->ctr },
/* TCMTR and TLBTR exist in v8 but have no 64-bit versions */
{ .name = "TCMTR",
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (10 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:43 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63 Peter Maydell
` (11 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the registers trapped
by HFGRTR/HFGWTR bits 24..35.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 12 ++++++++++++
target/arm/helper.c | 14 ++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 67d87ae8bf5..1b219242d5d 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -603,6 +603,18 @@ typedef enum FGTBit {
DO_BIT(HFGRTR, LORID_EL1),
DO_BIT(HFGRTR, LORN_EL1),
DO_BIT(HFGRTR, LORSA_EL1),
+ DO_BIT(HFGRTR, MAIR_EL1),
+ DO_BIT(HFGRTR, MIDR_EL1),
+ DO_BIT(HFGRTR, MPIDR_EL1),
+ DO_BIT(HFGRTR, PAR_EL1),
+ DO_BIT(HFGRTR, REVIDR_EL1),
+ DO_BIT(HFGRTR, SCTLR_EL1),
+ DO_BIT(HFGRTR, SCXTNUM_EL1),
+ DO_BIT(HFGRTR, SCXTNUM_EL0),
+ DO_BIT(HFGRTR, TCR_EL1),
+ DO_BIT(HFGRTR, TPIDR_EL1),
+ DO_BIT(HFGRTR, TPIDRRO_EL0),
+ DO_BIT(HFGRTR, TPIDR_EL0),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c059935d0e6..9f6d9e2a3c9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2206,6 +2206,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
{ .name = "MAIR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_MAIR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.mair_el[1]),
.resetvalue = 0 },
{ .name = "MAIR_EL3", .state = ARM_CP_STATE_AA64,
@@ -2349,25 +2350,30 @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
{ .name = "TPIDR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .opc2 = 2, .crn = 13, .crm = 0,
.access = PL0_RW,
+ .fgt = FGT_TPIDR_EL0,
.fieldoffset = offsetof(CPUARMState, cp15.tpidr_el[0]), .resetvalue = 0 },
{ .name = "TPIDRURW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL0_RW,
+ .fgt = FGT_TPIDR_EL0,
.bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tpidrurw_s),
offsetoflow32(CPUARMState, cp15.tpidrurw_ns) },
.resetfn = arm_cp_reset_ignore },
{ .name = "TPIDRRO_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .opc2 = 3, .crn = 13, .crm = 0,
.access = PL0_R | PL1_W,
+ .fgt = FGT_TPIDRRO_EL0,
.fieldoffset = offsetof(CPUARMState, cp15.tpidrro_el[0]),
.resetvalue = 0},
{ .name = "TPIDRURO", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
.access = PL0_R | PL1_W,
+ .fgt = FGT_TPIDRRO_EL0,
.bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tpidruro_s),
offsetoflow32(CPUARMState, cp15.tpidruro_ns) },
.resetfn = arm_cp_reset_ignore },
{ .name = "TPIDR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .opc2 = 4, .crn = 13, .crm = 0,
.access = PL1_RW,
+ .fgt = FGT_TPIDR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.tpidr_el[1]), .resetvalue = 0 },
{ .name = "TPIDRPRW", .opc1 = 0, .cp = 15, .crn = 13, .crm = 0, .opc2 = 4,
.access = PL1_RW,
@@ -4164,6 +4170,7 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_TCR_EL1,
.writefn = vmsa_tcr_el12_write,
.raw_writefn = raw_write,
.resetvalue = 0,
@@ -5399,6 +5406,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 0, .crn = 7, .crm = 4, .opc2 = 0,
.access = PL1_RW, .resetvalue = 0,
+ .fgt = FGT_PAR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.par_el[1]),
.writefn = par_write },
#endif
@@ -7562,10 +7570,12 @@ static const ARMCPRegInfo scxtnum_reginfo[] = {
{ .name = "SCXTNUM_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 13, .crm = 0, .opc2 = 7,
.access = PL0_RW, .accessfn = access_scxtnum,
+ .fgt = FGT_SCXTNUM_EL0,
.fieldoffset = offsetof(CPUARMState, scxtnum_el[0]) },
{ .name = "SCXTNUM_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 7,
.access = PL1_RW, .accessfn = access_scxtnum,
+ .fgt = FGT_SCXTNUM_EL1,
.fieldoffset = offsetof(CPUARMState, scxtnum_el[1]) },
{ .name = "SCXTNUM_EL2", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 4, .crn = 13, .crm = 0, .opc2 = 7,
@@ -8604,6 +8614,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
{ .name = "MIDR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 0,
.access = PL1_R, .type = ARM_CP_NO_RAW, .resetvalue = cpu->midr,
+ .fgt = FGT_MIDR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid),
.readfn = midr_read },
/* crn = 0 op1 = 0 crm = 0 op2 = 7 : AArch32 aliases of MIDR */
@@ -8614,6 +8625,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 6,
.access = PL1_R,
.accessfn = access_aa64_tid1,
+ .fgt = FGT_REVIDR_EL1,
.type = ARM_CP_CONST, .resetvalue = cpu->revidr },
};
ARMCPRegInfo id_v8_midr_alias_cp_reginfo = {
@@ -8785,6 +8797,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
ARMCPRegInfo mpidr_cp_reginfo[] = {
{ .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+ .fgt = FGT_MPIDR_EL1,
.access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
};
#ifdef CONFIG_USER_ONLY
@@ -8884,6 +8897,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
.name = "SCTLR", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_SCTLR_EL1,
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.sctlr_s),
offsetof(CPUARMState, cp15.sctlr_ns) },
.writefn = sctlr_write, .resetvalue = cpu->reset_sctlr,
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (11 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:50 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11 Peter Maydell
` (10 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the registers trapped
by HFGRTR/HFGWTR bits 36..63.
Of these, some correspond to RAS registers which we implement as
always-UNDEF: these don't need any extra handling for FGT because the
UNDEF-to-EL1 always takes priority over any theoretical
FGT-trap-to-EL2.
Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part
of the FEAT_LS64_ACCDATA feature which we don't yet implement.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 7 +++++++
hw/intc/arm_gicv3_cpuif.c | 2 ++
target/arm/helper.c | 10 ++++++++++
3 files changed, 19 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 1b219242d5d..fef8ad08acc 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -615,6 +615,13 @@ typedef enum FGTBit {
DO_BIT(HFGRTR, TPIDR_EL1),
DO_BIT(HFGRTR, TPIDRRO_EL0),
DO_BIT(HFGRTR, TPIDR_EL0),
+ DO_BIT(HFGRTR, TTBR0_EL1),
+ DO_BIT(HFGRTR, TTBR1_EL1),
+ DO_BIT(HFGRTR, VBAR_EL1),
+ DO_BIT(HFGRTR, ICC_IGRPENN_EL1),
+ DO_BIT(HFGRTR, ERRIDR_EL1),
+ DO_REV_BIT(HFGRTR, NSMPRI_EL1),
+ DO_REV_BIT(HFGRTR, NTPIDR2_EL0),
} FGTBit;
#undef DO_BIT
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index b17b29288c7..6a3ca482fff 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -2376,6 +2376,7 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
.opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6,
.type = ARM_CP_IO | ARM_CP_NO_RAW,
.access = PL1_RW, .accessfn = gicv3_fiq_access,
+ .fgt = FGT_ICC_IGRPENN_EL1,
.readfn = icc_igrpen_read,
.writefn = icc_igrpen_write,
},
@@ -2384,6 +2385,7 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
.opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7,
.type = ARM_CP_IO | ARM_CP_NO_RAW,
.access = PL1_RW, .accessfn = gicv3_irq_access,
+ .fgt = FGT_ICC_IGRPENN_EL1,
.readfn = icc_igrpen_read,
.writefn = icc_igrpen_write,
},
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9f6d9e2a3c9..a48b022def6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4158,12 +4158,14 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
{ .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_TTBR0_EL1,
.writefn = vmsa_ttbr_write, .resetvalue = 0,
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr0_s),
offsetof(CPUARMState, cp15.ttbr0_ns) } },
{ .name = "TTBR1_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 1,
.access = PL1_RW, .accessfn = access_tvm_trvm,
+ .fgt = FGT_TTBR1_EL1,
.writefn = vmsa_ttbr_write, .resetvalue = 0,
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr1_s),
offsetof(CPUARMState, cp15.ttbr1_ns) } },
@@ -6488,6 +6490,10 @@ static void disr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t val)
* ERRSELR_EL1
* may generate UNDEFINED, which is the effect we get by not
* listing them at all.
+ *
+ * These registers have fine-grained trap bits, but UNDEF-to-EL1
+ * is higher priority than FGT-to-EL2 so we do not need to list them
+ * in order to check for an FGT.
*/
static const ARMCPRegInfo minimal_ras_reginfo[] = {
{ .name = "DISR_EL1", .state = ARM_CP_STATE_BOTH,
@@ -6497,6 +6503,7 @@ static const ARMCPRegInfo minimal_ras_reginfo[] = {
{ .name = "ERRIDR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 5, .crm = 3, .opc2 = 0,
.access = PL1_R, .accessfn = access_terr,
+ .fgt = FGT_ERRIDR_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "VDISR_EL2", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 1, .opc2 = 1,
@@ -6819,6 +6826,7 @@ static const ARMCPRegInfo sme_reginfo[] = {
{ .name = "TPIDR2_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 13, .crm = 0, .opc2 = 5,
.access = PL0_RW, .accessfn = access_tpidr2,
+ .fgt = FGT_NTPIDR2_EL0,
.fieldoffset = offsetof(CPUARMState, cp15.tpidr2_el0) },
{ .name = "SVCR", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 2,
@@ -6856,6 +6864,7 @@ static const ARMCPRegInfo sme_reginfo[] = {
{ .name = "SMPRI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 4,
.access = PL1_RW, .accessfn = access_esm,
+ .fgt = FGT_NSMPRI_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "SMPRIMAP_EL2", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 5,
@@ -8884,6 +8893,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
{ .name = "VBAR", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
.access = PL1_RW, .writefn = vbar_write,
+ .fgt = FGT_VBAR_EL1,
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
offsetof(CPUARMState, cp15.vbar_ns) },
.resetvalue = 0 },
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (12 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 2:52 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63 Peter Maydell
` (9 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitons for the registers trapped
by HDFGRTR/HDFGWTR bits 0..11. These cover various debug
related registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 12 ++++++++++++
target/arm/debug_helper.c | 11 +++++++++++
2 files changed, 23 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index fef8ad08acc..7c4d07ed9c6 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -622,6 +622,18 @@ typedef enum FGTBit {
DO_BIT(HFGRTR, ERRIDR_EL1),
DO_REV_BIT(HFGRTR, NSMPRI_EL1),
DO_REV_BIT(HFGRTR, NTPIDR2_EL0),
+
+ /* Trap bits in HDFGRTR_EL2 / HDFGWTR_EL2, starting from bit 0. */
+ DO_BIT(HDFGRTR, DBGBCRN_EL1),
+ DO_BIT(HDFGRTR, DBGBVRN_EL1),
+ DO_BIT(HDFGRTR, DBGWCRN_EL1),
+ DO_BIT(HDFGRTR, DBGWVRN_EL1),
+ DO_BIT(HDFGRTR, MDSCR_EL1),
+ DO_BIT(HDFGRTR, DBGCLAIM),
+ DO_BIT(HDFGWTR, OSLAR_EL1),
+ DO_BIT(HDFGRTR, OSLSR_EL1),
+ DO_BIT(HDFGRTR, OSECCR_EL1),
+ DO_BIT(HDFGRTR, OSDLR_EL1),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index cced3f168d0..b106746b0e1 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -672,6 +672,7 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
{ .name = "MDSCR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_MDSCR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1),
.resetvalue = 0 },
/*
@@ -702,6 +703,7 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
{ .name = "OSECCR_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
.opc0 = 2, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_OSECCR_EL1,
.type = ARM_CP_CONST, .resetvalue = 0 },
/*
* DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
@@ -717,16 +719,19 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
.access = PL1_W, .type = ARM_CP_NO_RAW,
.accessfn = access_tdosa,
+ .fgt = FGT_OSLAR_EL1,
.writefn = oslar_write },
{ .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
.access = PL1_R, .resetvalue = 10,
.accessfn = access_tdosa,
+ .fgt = FGT_OSLSR_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
/* Dummy OSDLR_EL1: 32-bit Linux will read this */
{ .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
.access = PL1_RW, .accessfn = access_tdosa,
+ .fgt = FGT_OSDLR_EL1,
.writefn = osdlr_write,
.fieldoffset = offsetof(CPUARMState, cp15.osdlr_el1) },
/*
@@ -763,10 +768,12 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 6,
.type = ARM_CP_ALIAS,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGCLAIM,
.writefn = dbgclaimset_write, .readfn = dbgclaimset_read },
{ .name = "DBGCLAIMCLR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 6,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGCLAIM,
.writefn = dbgclaimclr_write, .raw_writefn = raw_write,
.fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },
};
@@ -1127,12 +1134,14 @@ void define_debug_regs(ARMCPU *cpu)
{ .name = dbgbvr_el1_name, .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGBVRN_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]),
.writefn = dbgbvr_write, .raw_writefn = raw_write
},
{ .name = dbgbcr_el1_name, .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGBCRN_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
.writefn = dbgbcr_write, .raw_writefn = raw_write
},
@@ -1149,12 +1158,14 @@ void define_debug_regs(ARMCPU *cpu)
{ .name = dbgwvr_el1_name, .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGWVRN_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]),
.writefn = dbgwvr_write, .raw_writefn = raw_write
},
{ .name = dbgwcr_el1_name, .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
.access = PL1_RW, .accessfn = access_tda,
+ .fgt = FGT_DBGWCRN_EL1,
.fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
.writefn = dbgwcr_write, .raw_writefn = raw_write
},
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (13 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11 Peter Maydell
@ 2023-01-27 17:54 ` Peter Maydell
2023-01-28 23:44 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11 Peter Maydell
` (8 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:54 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the registers trapped
by HDFGRTR/HDFGWTR bits 12..x.
Bits 12..22 and bit 58 are for PMU registers.
The remaining bits in HDFGRTR/HDFGWTR are for traps on
registers that are part of features we don't implement:
Bits 23..32 and 63 : FEAT_SPE
Bits 33..48 : FEAT_ETE
Bits 50..56 : FEAT_TRBE
Bits 59..61 : FEAT_BRBE
Bit 62 : FEAT_SPEv1p2.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 12 ++++++++++++
target/arm/helper.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 7c4d07ed9c6..c37e013b8f3 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -634,6 +634,18 @@ typedef enum FGTBit {
DO_BIT(HDFGRTR, OSLSR_EL1),
DO_BIT(HDFGRTR, OSECCR_EL1),
DO_BIT(HDFGRTR, OSDLR_EL1),
+ DO_BIT(HDFGRTR, PMEVCNTRN_EL0),
+ DO_BIT(HDFGRTR, PMEVTYPERN_EL0),
+ DO_BIT(HDFGRTR, PMCCFILTR_EL0),
+ DO_BIT(HDFGRTR, PMCCNTR_EL0),
+ DO_BIT(HDFGRTR, PMCNTEN),
+ DO_BIT(HDFGRTR, PMINTEN),
+ DO_BIT(HDFGRTR, PMOVS),
+ DO_BIT(HDFGRTR, PMSELR_EL0),
+ DO_BIT(HDFGWTR, PMSWINC_EL0),
+ DO_BIT(HDFGWTR, PMCR_EL0),
+ DO_BIT(HDFGRTR, PMMIR_EL1),
+ DO_BIT(HDFGRTR, PMCEIDN_EL0),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a48b022def6..2e494b8f924 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2035,21 +2035,25 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten),
.writefn = pmcntenset_write,
.accessfn = pmreg_access,
+ .fgt = FGT_PMCNTEN,
.raw_writefn = raw_write },
{ .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64, .type = ARM_CP_IO,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 1,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMCNTEN,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .resetvalue = 0,
.writefn = pmcntenset_write, .raw_writefn = raw_write },
{ .name = "PMCNTENCLR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 2,
.access = PL0_RW,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten),
.accessfn = pmreg_access,
+ .fgt = FGT_PMCNTEN,
.writefn = pmcntenclr_write,
.type = ARM_CP_ALIAS | ARM_CP_IO },
{ .name = "PMCNTENCLR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 2,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMCNTEN,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
.writefn = pmcntenclr_write },
@@ -2057,41 +2061,49 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.access = PL0_RW, .type = ARM_CP_IO,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr),
.accessfn = pmreg_access,
+ .fgt = FGT_PMOVS,
.writefn = pmovsr_write,
.raw_writefn = raw_write },
{ .name = "PMOVSCLR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 3,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMOVS,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
.writefn = pmovsr_write,
.raw_writefn = raw_write },
{ .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
.access = PL0_W, .accessfn = pmreg_access_swinc,
+ .fgt = FGT_PMSWINC_EL0,
.type = ARM_CP_NO_RAW | ARM_CP_IO,
.writefn = pmswinc_write },
{ .name = "PMSWINC_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 4,
.access = PL0_W, .accessfn = pmreg_access_swinc,
+ .fgt = FGT_PMSWINC_EL0,
.type = ARM_CP_NO_RAW | ARM_CP_IO,
.writefn = pmswinc_write },
{ .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
.access = PL0_RW, .type = ARM_CP_ALIAS,
+ .fgt = FGT_PMSELR_EL0,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr),
.accessfn = pmreg_access_selr, .writefn = pmselr_write,
.raw_writefn = raw_write},
{ .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5,
.access = PL0_RW, .accessfn = pmreg_access_selr,
+ .fgt = FGT_PMSELR_EL0,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
.writefn = pmselr_write, .raw_writefn = raw_write, },
{ .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
.access = PL0_RW, .resetvalue = 0, .type = ARM_CP_ALIAS | ARM_CP_IO,
+ .fgt = FGT_PMCCNTR_EL0,
.readfn = pmccntr_read, .writefn = pmccntr_write32,
.accessfn = pmreg_access_ccntr },
{ .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 0,
.access = PL0_RW, .accessfn = pmreg_access_ccntr,
+ .fgt = FGT_PMCCNTR_EL0,
.type = ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c15_ccnt),
.readfn = pmccntr_read, .writefn = pmccntr_write,
@@ -2099,32 +2111,38 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
{ .name = "PMCCFILTR", .cp = 15, .opc1 = 0, .crn = 14, .crm = 15, .opc2 = 7,
.writefn = pmccfiltr_write_a32, .readfn = pmccfiltr_read_a32,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMCCFILTR_EL0,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.resetvalue = 0, },
{ .name = "PMCCFILTR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 15, .opc2 = 7,
.writefn = pmccfiltr_write, .raw_writefn = raw_write,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMCCFILTR_EL0,
.type = ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.pmccfiltr_el0),
.resetvalue = 0, },
{ .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1,
.access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO,
.accessfn = pmreg_access,
+ .fgt = FGT_PMEVTYPERN_EL0,
.writefn = pmxevtyper_write, .readfn = pmxevtyper_read },
{ .name = "PMXEVTYPER_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 1,
.access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO,
.accessfn = pmreg_access,
+ .fgt = FGT_PMEVTYPERN_EL0,
.writefn = pmxevtyper_write, .readfn = pmxevtyper_read },
{ .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
.access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO,
.accessfn = pmreg_access_xevcntr,
+ .fgt = FGT_PMEVCNTRN_EL0,
.writefn = pmxevcntr_write, .readfn = pmxevcntr_read },
{ .name = "PMXEVCNTR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 2,
.access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO,
.accessfn = pmreg_access_xevcntr,
+ .fgt = FGT_PMEVCNTRN_EL0,
.writefn = pmxevcntr_write, .readfn = pmxevcntr_read },
{ .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
.access = PL0_R | PL1_RW, .accessfn = access_tpm,
@@ -2139,6 +2157,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.writefn = pmuserenr_write, .raw_writefn = raw_write },
{ .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1,
.access = PL1_RW, .accessfn = access_tpm,
+ .fgt = FGT_PMINTEN,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pminten),
.resetvalue = 0,
@@ -2146,18 +2165,21 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
{ .name = "PMINTENSET_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 1,
.access = PL1_RW, .accessfn = access_tpm,
+ .fgt = FGT_PMINTEN,
.type = ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.writefn = pmintenset_write, .raw_writefn = raw_write,
.resetvalue = 0x0 },
{ .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .accessfn = access_tpm,
+ .fgt = FGT_PMINTEN,
.type = ARM_CP_ALIAS | ARM_CP_IO | ARM_CP_NO_RAW,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.writefn = pmintenclr_write, },
{ .name = "PMINTENCLR_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 2,
.access = PL1_RW, .accessfn = access_tpm,
+ .fgt = FGT_PMINTEN,
.type = ARM_CP_ALIAS | ARM_CP_IO | ARM_CP_NO_RAW,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
.writefn = pmintenclr_write },
@@ -2293,6 +2315,7 @@ static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
/* PMOVSSET is not implemented in v7 before v7ve */
{ .name = "PMOVSSET", .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 3,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMOVS,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr),
.writefn = pmovsset_write,
@@ -2300,6 +2323,7 @@ static const ARMCPRegInfo pmovsset_cp_reginfo[] = {
{ .name = "PMOVSSET_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 14, .opc2 = 3,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMOVS,
.type = ARM_CP_ALIAS | ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
.writefn = pmovsset_write,
@@ -6884,6 +6908,7 @@ static void define_pmu_regs(ARMCPU *cpu)
ARMCPRegInfo pmcr = {
.name = "PMCR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 0,
.access = PL0_RW,
+ .fgt = FGT_PMCR_EL0,
.type = ARM_CP_IO | ARM_CP_ALIAS,
.fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcr),
.accessfn = pmreg_access, .writefn = pmcr_write,
@@ -6893,6 +6918,7 @@ static void define_pmu_regs(ARMCPU *cpu)
.name = "PMCR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 0,
.access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMCR_EL0,
.type = ARM_CP_IO,
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr),
.resetvalue = cpu->isar.reset_pmcr_el0,
@@ -6910,23 +6936,27 @@ static void define_pmu_regs(ARMCPU *cpu)
{ .name = pmevcntr_name, .cp = 15, .crn = 14,
.crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
.access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
+ .fgt = FGT_PMEVCNTRN_EL0,
.readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
.accessfn = pmreg_access_xevcntr },
{ .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
.opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access_xevcntr,
.type = ARM_CP_IO,
+ .fgt = FGT_PMEVCNTRN_EL0,
.readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
.raw_readfn = pmevcntr_rawread,
.raw_writefn = pmevcntr_rawwrite },
{ .name = pmevtyper_name, .cp = 15, .crn = 14,
.crm = 12 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
.access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
+ .fgt = FGT_PMEVTYPERN_EL0,
.readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
.accessfn = pmreg_access },
{ .name = pmevtyper_el0_name, .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 12 | (3 & (i >> 3)),
.opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
+ .fgt = FGT_PMEVTYPERN_EL0,
.type = ARM_CP_IO,
.readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
.raw_writefn = pmevtyper_rawwrite },
@@ -6942,10 +6972,12 @@ static void define_pmu_regs(ARMCPU *cpu)
{ .name = "PMCEID2", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 4,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = extract64(cpu->pmceid0, 32, 32) },
{ .name = "PMCEID3", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 5,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = extract64(cpu->pmceid1, 32, 32) },
};
define_arm_cp_regs(cpu, v81_pmu_regs);
@@ -6955,6 +6987,7 @@ static void define_pmu_regs(ARMCPU *cpu)
.name = "PMMIR_EL1", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 6,
.access = PL1_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMMIR_EL1,
.resetvalue = 0
};
define_one_arm_cp_reg(cpu, &v84_pmmir);
@@ -8251,18 +8284,22 @@ void register_cp_regs_for_features(ARMCPU *cpu)
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = extract64(cpu->pmceid0, 0, 32) },
{ .name = "PMCEID0_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 6,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = cpu->pmceid0 },
{ .name = "PMCEID1", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 7,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = extract64(cpu->pmceid1, 0, 32) },
{ .name = "PMCEID1_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 7,
.access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST,
+ .fgt = FGT_PMCEIDN_EL0,
.resetvalue = cpu->pmceid1 },
};
#ifdef CONFIG_USER_ONLY
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (14 preceding siblings ...)
2023-01-27 17:54 ` [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63 Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:47 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17 Peter Maydell
` (7 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 0..11. These bits cover various
cache maintenance operations.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 14 ++++++++++++++
target/arm/helper.c | 28 ++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index c37e013b8f3..6596c2a1233 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -646,6 +646,20 @@ typedef enum FGTBit {
DO_BIT(HDFGWTR, PMCR_EL0),
DO_BIT(HDFGRTR, PMMIR_EL1),
DO_BIT(HDFGRTR, PMCEIDN_EL0),
+
+ /* Trap bits in HFGITR_EL2, starting from bit 0 */
+ DO_BIT(HFGITR, ICIALLUIS),
+ DO_BIT(HFGITR, ICIALLU),
+ DO_BIT(HFGITR, ICIVAU),
+ DO_BIT(HFGITR, DCIVAC),
+ DO_BIT(HFGITR, DCISW),
+ DO_BIT(HFGITR, DCCSW),
+ DO_BIT(HFGITR, DCCISW),
+ DO_BIT(HFGITR, DCCVAU),
+ DO_BIT(HFGITR, DCCVAP),
+ DO_BIT(HFGITR, DCCVADP),
+ DO_BIT(HFGITR, DCCIVAC),
+ DO_BIT(HFGITR, DCZVA),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2e494b8f924..51866ba70e9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5261,6 +5261,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
#ifndef CONFIG_USER_ONLY
/* Avoid overhead of an access check that always passes in user-mode */
.accessfn = aa64_zva_access,
+ .fgt = FGT_DCZVA,
#endif
},
{ .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,
@@ -5270,21 +5271,26 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NOP,
+ .fgt = FGT_ICIALLUIS,
.accessfn = access_ticab },
{ .name = "IC_IALLU", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NOP,
+ .fgt = FGT_ICIALLU,
.accessfn = access_tocu },
{ .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NOP,
+ .fgt = FGT_ICIVAU,
.accessfn = access_tocu },
{ .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
.access = PL1_W, .accessfn = aa64_cacheop_poc_access,
+ .fgt = FGT_DCIVAC,
.type = ARM_CP_NOP },
{ .name = "DC_ISW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 2,
+ .fgt = FGT_DCISW,
.access = PL1_W, .accessfn = access_tsw, .type = ARM_CP_NOP },
{ .name = "DC_CVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 1,
@@ -5292,17 +5298,21 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
+ .fgt = FGT_DCCSW,
.access = PL1_W, .accessfn = access_tsw, .type = ARM_CP_NOP },
{ .name = "DC_CVAU", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 11, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NOP,
+ .fgt = FGT_DCCVAU,
.accessfn = access_tocu },
{ .name = "DC_CIVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NOP,
+ .fgt = FGT_DCCIVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CISW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
+ .fgt = FGT_DCCISW,
.access = PL1_W, .accessfn = access_tsw, .type = ARM_CP_NOP },
/* TLBI operations */
{ .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
@@ -7413,6 +7423,7 @@ static const ARMCPRegInfo dcpop_reg[] = {
{ .name = "DC_CVAP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
+ .fgt = FGT_DCCVAP,
.accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
};
@@ -7420,6 +7431,7 @@ static const ARMCPRegInfo dcpodp_reg[] = {
{ .name = "DC_CVADP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
+ .fgt = FGT_DCCVADP,
.accessfn = aa64_cacheop_poc_access, .writefn = dccvap_writefn },
};
#endif /*CONFIG_USER_ONLY*/
@@ -7499,28 +7511,36 @@ static const ARMCPRegInfo mte_reginfo[] = {
{ .name = "DC_IGVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 3,
.type = ARM_CP_NOP, .access = PL1_W,
+ .fgt = FGT_DCIVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_IGSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 4,
+ .fgt = FGT_DCISW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
{ .name = "DC_IGDVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL1_W,
+ .fgt = FGT_DCIVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_IGDSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 6,
+ .fgt = FGT_DCISW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
{ .name = "DC_CGSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 4,
+ .fgt = FGT_DCCSW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
{ .name = "DC_CGDSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 6,
+ .fgt = FGT_DCCSW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
{ .name = "DC_CIGSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 4,
+ .fgt = FGT_DCCISW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
{ .name = "DC_CIGDSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 6,
+ .fgt = FGT_DCCISW,
.type = ARM_CP_NOP, .access = PL1_W, .accessfn = access_tsw },
};
@@ -7542,26 +7562,32 @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
{ .name = "DC_CGVAP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 3,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVAP,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CGDVAP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVAP,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CGVADP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 3,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVADP,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CGDVADP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVADP,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CIGVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 3,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCIVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CIGDVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCIVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_GVA", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 4, .opc2 = 3,
@@ -7569,6 +7595,7 @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
#ifndef CONFIG_USER_ONLY
/* Avoid overhead of an access check that always passes in user-mode */
.accessfn = aa64_zva_access,
+ .fgt = FGT_DCZVA,
#endif
},
{ .name = "DC_GZVA", .state = ARM_CP_STATE_AA64,
@@ -7577,6 +7604,7 @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
#ifndef CONFIG_USER_ONLY
/* Avoid overhead of an access check that always passes in user-mode */
.accessfn = aa64_zva_access,
+ .fgt = FGT_DCZVA,
#endif
},
};
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (15 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11 Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:47 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47 Peter Maydell
` (6 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 12..17. These bits cover AT address
translation instructions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 6 ++++++
target/arm/helper.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 6596c2a1233..1f74308ef5d 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -660,6 +660,12 @@ typedef enum FGTBit {
DO_BIT(HFGITR, DCCVADP),
DO_BIT(HFGITR, DCCIVAC),
DO_BIT(HFGITR, DCZVA),
+ DO_BIT(HFGITR, ATS1E1R),
+ DO_BIT(HFGITR, ATS1E1W),
+ DO_BIT(HFGITR, ATS1E0R),
+ DO_BIT(HFGITR, ATS1E0W),
+ DO_BIT(HFGITR, ATS1E1RP),
+ DO_BIT(HFGITR, ATS1E1WP),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 51866ba70e9..8b9c7fcc3a4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5400,18 +5400,22 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E1R,
.writefn = ats_write64 },
{ .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E1W,
.writefn = ats_write64 },
{ .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E0R,
.writefn = ats_write64 },
{ .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E0W,
.writefn = ats_write64 },
{ .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4,
@@ -7880,10 +7884,12 @@ static const ARMCPRegInfo ats1e1_reginfo[] = {
{ .name = "AT_S1E1RP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E1RP,
.writefn = ats_write64 },
{ .name = "AT_S1E1WP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E1WP,
.writefn = ats_write64 },
};
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (16 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17 Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:49 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63 Peter Maydell
` (5 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 18..47. These bits cover TLBI
TLB maintenance instructions.
(If we implemented FEAT_XS we would need to trap some of the
instructions added by that feature using these bits; but we don't
yet, so will need to add the .fgt markup when we do.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 30 ++++++++++++++++++++++++++++++
target/arm/helper.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 60 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 1f74308ef5d..2e5ac6b4f98 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -666,6 +666,36 @@ typedef enum FGTBit {
DO_BIT(HFGITR, ATS1E0W),
DO_BIT(HFGITR, ATS1E1RP),
DO_BIT(HFGITR, ATS1E1WP),
+ DO_BIT(HFGITR, TLBIVMALLE1OS),
+ DO_BIT(HFGITR, TLBIVAE1OS),
+ DO_BIT(HFGITR, TLBIASIDE1OS),
+ DO_BIT(HFGITR, TLBIVAAE1OS),
+ DO_BIT(HFGITR, TLBIVALE1OS),
+ DO_BIT(HFGITR, TLBIVAALE1OS),
+ DO_BIT(HFGITR, TLBIRVAE1OS),
+ DO_BIT(HFGITR, TLBIRVAAE1OS),
+ DO_BIT(HFGITR, TLBIRVALE1OS),
+ DO_BIT(HFGITR, TLBIRVAALE1OS),
+ DO_BIT(HFGITR, TLBIVMALLE1IS),
+ DO_BIT(HFGITR, TLBIVAE1IS),
+ DO_BIT(HFGITR, TLBIASIDE1IS),
+ DO_BIT(HFGITR, TLBIVAAE1IS),
+ DO_BIT(HFGITR, TLBIVALE1IS),
+ DO_BIT(HFGITR, TLBIVAALE1IS),
+ DO_BIT(HFGITR, TLBIRVAE1IS),
+ DO_BIT(HFGITR, TLBIRVAAE1IS),
+ DO_BIT(HFGITR, TLBIRVALE1IS),
+ DO_BIT(HFGITR, TLBIRVAALE1IS),
+ DO_BIT(HFGITR, TLBIRVAE1),
+ DO_BIT(HFGITR, TLBIRVAAE1),
+ DO_BIT(HFGITR, TLBIRVALE1),
+ DO_BIT(HFGITR, TLBIRVAALE1),
+ DO_BIT(HFGITR, TLBIVMALLE1),
+ DO_BIT(HFGITR, TLBIVAE1),
+ DO_BIT(HFGITR, TLBIASIDE1),
+ DO_BIT(HFGITR, TLBIVAAE1),
+ DO_BIT(HFGITR, TLBIVALE1),
+ DO_BIT(HFGITR, TLBIVAALE1),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8b9c7fcc3a4..5b9cc087e28 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5318,50 +5318,62 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVMALLE1IS,
.writefn = tlbi_aa64_vmalle1is_write },
{ .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAE1IS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIASIDE1IS,
.writefn = tlbi_aa64_vmalle1is_write },
{ .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAAE1IS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVALE1IS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAALE1IS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVMALLE1,
.writefn = tlbi_aa64_vmalle1_write },
{ .name = "TLBI_VAE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 1,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAE1,
.writefn = tlbi_aa64_vae1_write },
{ .name = "TLBI_ASIDE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 2,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIASIDE1,
.writefn = tlbi_aa64_vmalle1_write },
{ .name = "TLBI_VAAE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAAE1,
.writefn = tlbi_aa64_vae1_write },
{ .name = "TLBI_VALE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVALE1,
.writefn = tlbi_aa64_vae1_write },
{ .name = "TLBI_VAALE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAALE1,
.writefn = tlbi_aa64_vae1_write },
{ .name = "TLBI_IPAS2E1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 8, .crm = 0, .opc2 = 1,
@@ -7175,50 +7187,62 @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
{ .name = "TLBI_RVAE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 1,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAE1IS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAAE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAAE1IS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVALE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVALE1IS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAALE1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlbis, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAALE1IS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAE1OS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAAE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAAE1OS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVALE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVALE1OS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAALE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAALE1OS,
.writefn = tlbi_aa64_rvae1is_write },
{ .name = "TLBI_RVAE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 1,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAE1,
.writefn = tlbi_aa64_rvae1_write },
{ .name = "TLBI_RVAAE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAAE1,
.writefn = tlbi_aa64_rvae1_write },
{ .name = "TLBI_RVALE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVALE1,
.writefn = tlbi_aa64_rvae1_write },
{ .name = "TLBI_RVAALE1", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIRVAALE1,
.writefn = tlbi_aa64_rvae1_write },
{ .name = "TLBI_RIPAS2E1IS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 8, .crm = 0, .opc2 = 2,
@@ -7290,26 +7314,32 @@ static const ARMCPRegInfo tlbios_reginfo[] = {
{ .name = "TLBI_VMALLE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 0,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVMALLE1OS,
.writefn = tlbi_aa64_vmalle1is_write },
{ .name = "TLBI_VAE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 1,
+ .fgt = FGT_TLBIVAE1OS,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_ASIDE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 2,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIASIDE1OS,
.writefn = tlbi_aa64_vmalle1is_write },
{ .name = "TLBI_VAAE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 3,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAAE1OS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_VALE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 5,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVALE1OS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_VAALE1OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 7,
.access = PL1_W, .accessfn = access_ttlbos, .type = ARM_CP_NO_RAW,
+ .fgt = FGT_TLBIVAALE1OS,
.writefn = tlbi_aa64_vae1is_write },
{ .name = "TLBI_ALLE2OS", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 0,
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (17 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47 Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:50 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap Peter Maydell
` (4 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Mark up the sysreg definitions for the system instructions
trapped by HFGITR bits 48..63.
Some of these bits are for trapping instructions which are
not in the system instruction encoding (i.e. which are
not handled by the ARMCPRegInfo mechanism):
* ERET, ERETAA, ERETAB
* SVC
We will have to handle those separately and manually.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpregs.h | 4 ++++
target/arm/helper.c | 9 +++++++++
2 files changed, 13 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 2e5ac6b4f98..efcf9181b97 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -696,6 +696,10 @@ typedef enum FGTBit {
DO_BIT(HFGITR, TLBIVAAE1),
DO_BIT(HFGITR, TLBIVALE1),
DO_BIT(HFGITR, TLBIVAALE1),
+ DO_BIT(HFGITR, CFPRCTX),
+ DO_BIT(HFGITR, DVPRCTX),
+ DO_BIT(HFGITR, CPPRCTX),
+ DO_BIT(HFGITR, DCCVAC),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5b9cc087e28..c0403aadae2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5295,6 +5295,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "DC_CVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 1,
.access = PL0_W, .type = ARM_CP_NOP,
+ .fgt = FGT_DCCVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CSW", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
@@ -7588,10 +7589,12 @@ static const ARMCPRegInfo mte_el0_cacheop_reginfo[] = {
{ .name = "DC_CGVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 3,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CGDVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL0_W,
+ .fgt = FGT_DCCVAC,
.accessfn = aa64_cacheop_poc_access },
{ .name = "DC_CGVAP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 3,
@@ -7747,24 +7750,30 @@ static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
static const ARMCPRegInfo predinv_reginfo[] = {
{ .name = "CFP_RCTX", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 4,
+ .fgt = FGT_CFPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
{ .name = "DVP_RCTX", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 5,
+ .fgt = FGT_DVPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
{ .name = "CPP_RCTX", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 7,
+ .fgt = FGT_CPPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
/*
* Note the AArch32 opcodes have a different OPC1.
*/
{ .name = "CFPRCTX", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 4,
+ .fgt = FGT_CFPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
{ .name = "DVPRCTX", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 5,
+ .fgt = FGT_DVPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
{ .name = "CPPRCTX", .state = ARM_CP_STATE_AA32,
.cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 7,
+ .fgt = FGT_CPPRCTX,
.type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv },
};
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (18 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63 Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:53 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps Peter Maydell
` (3 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Implement the HFGITR_EL2.ERET fine-grained trap. This traps
execution from AArch64 EL1 of ERET, ERETAA and ERETAB. The trap is
reported with a syndrome value of 0x1a.
The trap must take precedence over a possible pointer-authentication
trap for ERETAA and ERETAB.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 1 +
target/arm/syndrome.h | 10 ++++++++++
target/arm/translate.h | 2 ++
target/arm/helper.c | 3 +++
target/arm/translate-a64.c | 10 ++++++++++
5 files changed, 26 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5cc81bec9bf..ec2a7716ce7 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3245,6 +3245,7 @@ FIELD(TBFLAG_A64, PSTATE_ZA, 23, 1)
FIELD(TBFLAG_A64, SVL, 24, 4)
/* Indicates that SME Streaming mode is active, and SMCR_ELx.FA64 is not. */
FIELD(TBFLAG_A64, SME_TRAP_NONSTREAMING, 28, 1)
+FIELD(TBFLAG_A64, FGT_ERET, 29, 1)
/*
* Helpers for using the above.
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index 73df5e37938..d27d1bc31f0 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -48,6 +48,7 @@ enum arm_exception_class {
EC_AA64_SMC = 0x17,
EC_SYSTEMREGISTERTRAP = 0x18,
EC_SVEACCESSTRAP = 0x19,
+ EC_ERETTRAP = 0x1a,
EC_SMETRAP = 0x1d,
EC_INSNABORT = 0x20,
EC_INSNABORT_SAME_EL = 0x21,
@@ -215,6 +216,15 @@ static inline uint32_t syn_sve_access_trap(void)
return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
}
+/*
+ * eret_op is bits [1:0] of the ERET instruction, so:
+ * 0 for ERET, 2 for ERETAA, 3 for ERETAB.
+ */
+static inline uint32_t syn_erettrap(int eret_op)
+{
+ return (EC_ERETTRAP << ARM_EL_EC_SHIFT) | ARM_EL_IL | eret_op;
+}
+
static inline uint32_t syn_smetrap(SMEExceptionType etype, bool is_16bit)
{
return (EC_SMETRAP << ARM_EL_EC_SHIFT)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 599902016dc..62a7706eabd 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -132,6 +132,8 @@ typedef struct DisasContext {
bool mve_no_pred;
/* True if fine-grained traps are active */
bool fgt_active;
+ /* True if fine-grained trap on ERET is enabled */
+ bool fgt_eret;
/*
* >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
* < 0, set by the current instruction.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c0403aadae2..6151c775053 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12065,6 +12065,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
if (arm_fgt_active(env, el)) {
DP_TBFLAG_ANY(flags, FGT_ACTIVE, 1);
+ if (FIELD_EX64(env->cp15.fgt_exec[FGTREG_HFGITR], HFGITR_EL2, ERET)) {
+ DP_TBFLAG_A64(flags, FGT_ERET, 1);
+ }
}
if (cpu_isar_feature(aa64_mte, env_archcpu(env))) {
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index a47dab4f1dd..11bfa3f717a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2385,6 +2385,10 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
if (op4 != 0) {
goto do_unallocated;
}
+ if (s->fgt_eret) {
+ gen_exception_insn_el(s, 0, EXCP_UDEF, syn_erettrap(op3), 2);
+ return;
+ }
dst = tcg_temp_new_i64();
tcg_gen_ld_i64(dst, cpu_env,
offsetof(CPUARMState, elr_el[s->current_el]));
@@ -2398,6 +2402,11 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
if (rn != 0x1f || op4 != 0x1f) {
goto do_unallocated;
}
+ /* The FGT trap takes precedence over an auth trap. */
+ if (s->fgt_eret) {
+ gen_exception_insn_el(s, 0, EXCP_UDEF, syn_erettrap(op3), 2);
+ return;
+ }
dst = tcg_temp_new_i64();
tcg_gen_ld_i64(dst, cpu_env,
offsetof(CPUARMState, elr_el[s->current_el]));
@@ -14742,6 +14751,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL);
dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE);
+ dc->fgt_eret = EX_TBFLAG_A64(tb_flags, FGT_ERET);
dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
dc->sme_excp_el = EX_TBFLAG_A64(tb_flags, SMEEXC_EL);
dc->vl = (EX_TBFLAG_A64(tb_flags, VL) + 1) * 16;
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (19 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-28 23:58 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps Peter Maydell
` (2 subsequent siblings)
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 fine-grained traps.
These trap execution of the SVC instruction from AArch32 and AArch64.
(As usual, AArch32 can only trap from EL0, as fine grained traps are
disabled with an AArch32 EL1.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 1 +
target/arm/translate.h | 2 ++
target/arm/helper.c | 20 ++++++++++++++++++++
target/arm/translate-a64.c | 9 ++++++++-
target/arm/translate.c | 12 +++++++++---
5 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ec2a7716ce7..7bc97fece97 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3171,6 +3171,7 @@ FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
FIELD(TBFLAG_ANY, ALIGN_MEM, 10, 1)
FIELD(TBFLAG_ANY, PSTATE__IL, 11, 1)
FIELD(TBFLAG_ANY, FGT_ACTIVE, 12, 1)
+FIELD(TBFLAG_ANY, FGT_SVC, 13, 1)
/*
* Bit usage when in AArch32 state, both A- and M-profile.
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 62a7706eabd..3717824b754 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -134,6 +134,8 @@ typedef struct DisasContext {
bool fgt_active;
/* True if fine-grained trap on ERET is enabled */
bool fgt_eret;
+ /* True if fine-grained trap on SVC is enabled */
+ bool fgt_svc;
/*
* >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
* < 0, set by the current instruction.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6151c775053..c62ed05c122 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11842,6 +11842,20 @@ ARMMMUIdx arm_mmu_idx(CPUARMState *env)
return arm_mmu_idx_el(env, arm_current_el(env));
}
+static inline bool fgt_svc(CPUARMState *env, int el)
+{
+ /*
+ * Assuming fine-grained-traps are active, return true if we
+ * should be trapping on SVC instructions. Only AArch64 can
+ * trap on an SVC at EL1, but we don't need to special-case this
+ * because if this is AArch32 EL1 then arm_fgt_active() is false.
+ * We also know el is 0 or 1.
+ */
+ return el == 0 ?
+ FIELD_EX64(env->cp15.fgt_exec[FGTREG_HFGITR], HFGITR_EL2, SVC_EL0) :
+ FIELD_EX64(env->cp15.fgt_exec[FGTREG_HFGITR], HFGITR_EL2, SVC_EL1);
+}
+
static CPUARMTBFlags rebuild_hflags_common(CPUARMState *env, int fp_el,
ARMMMUIdx mmu_idx,
CPUARMTBFlags flags)
@@ -11927,6 +11941,9 @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
if (arm_fgt_active(env, el)) {
DP_TBFLAG_ANY(flags, FGT_ACTIVE, 1);
+ if (fgt_svc(env, el)) {
+ DP_TBFLAG_ANY(flags, FGT_SVC, 1);
+ }
}
if (env->uncached_cpsr & CPSR_IL) {
@@ -12068,6 +12085,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
if (FIELD_EX64(env->cp15.fgt_exec[FGTREG_HFGITR], HFGITR_EL2, ERET)) {
DP_TBFLAG_A64(flags, FGT_ERET, 1);
}
+ if (fgt_svc(env, el)) {
+ DP_TBFLAG_ANY(flags, FGT_SVC, 1);
+ }
}
if (cpu_isar_feature(aa64_mte, env_archcpu(env))) {
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 11bfa3f717a..bbfadb7c2e8 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2179,6 +2179,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
int opc = extract32(insn, 21, 3);
int op2_ll = extract32(insn, 0, 5);
int imm16 = extract32(insn, 5, 16);
+ uint32_t syndrome;
switch (opc) {
case 0:
@@ -2189,8 +2190,13 @@ static void disas_exc(DisasContext *s, uint32_t insn)
*/
switch (op2_ll) {
case 1: /* SVC */
+ syndrome = syn_aa64_svc(imm16);
+ if (s->fgt_svc) {
+ gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2);
+ break;
+ }
gen_ss_advance(s);
- gen_exception_insn(s, 4, EXCP_SWI, syn_aa64_svc(imm16));
+ gen_exception_insn(s, 4, EXCP_SWI, syndrome);
break;
case 2: /* HVC */
if (s->current_el == 0) {
@@ -14751,6 +14757,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL);
dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE);
+ dc->fgt_svc = EX_TBFLAG_ANY(tb_flags, FGT_SVC);
dc->fgt_eret = EX_TBFLAG_A64(tb_flags, FGT_ERET);
dc->sve_excp_el = EX_TBFLAG_A64(tb_flags, SVEEXC_EL);
dc->sme_excp_el = EX_TBFLAG_A64(tb_flags, SMEEXC_EL);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index c23ba5fa7d9..acd56c44336 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8835,9 +8835,14 @@ static bool trans_SVC(DisasContext *s, arg_SVC *a)
(a->imm == semihost_imm)) {
gen_exception_internal_insn(s, EXCP_SEMIHOST);
} else {
- gen_update_pc(s, curr_insn_len(s));
- s->svc_imm = a->imm;
- s->base.is_jmp = DISAS_SWI;
+ if (s->fgt_svc) {
+ uint32_t syndrome = syn_aa32_svc(a->imm, s->thumb);
+ gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2);
+ } else {
+ gen_update_pc(s, curr_insn_len(s));
+ s->svc_imm = a->imm;
+ s->base.is_jmp = DISAS_SWI;
+ }
}
return true;
}
@@ -9418,6 +9423,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM);
dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL);
dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE);
+ dc->fgt_svc = EX_TBFLAG_ANY(tb_flags, FGT_SVC);
if (arm_feature(env, ARM_FEATURE_M)) {
dc->vfp_enabled = 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (20 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-29 0:06 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max' Peter Maydell
2023-01-27 18:43 ` [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
FEAT_FGT also implements an extra trap bit in the MDCR_EL2 and
MDCR_EL3 registers: bit TDCC enables trapping of use of the Debug
Comms Channel registers OSDTRRX_EL1, OSDTRTX_EL1, MDCCSR_EL0,
MDCCINT_EL0, DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0 (and their
AArch32 equivalents). This trapping is independent of whether
fine-grained traps are enabled or not.
Implement these extra traps. (We don't implement DBGDTR_EL0,
DBGDTRRX_EL0 and DBGDTRTX_EL0.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/debug_helper.c | 35 +++++++++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index b106746b0e1..3c671c88c1a 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -599,6 +599,33 @@ static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
return CP_ACCESS_OK;
}
+/*
+ * Check for traps to Debug Comms Channel registers. If FEAT_FGT
+ * is implemented then these are controlled by MDCR_EL2.TDCC for
+ * EL2 and MDCR_EL3.TDCC for EL3. They are also controlled by
+ * the general debug access trap bits MDCR_EL2.TDA and MDCR_EL3.TDA.
+ */
+static CPAccessResult access_tdcc(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ int el = arm_current_el(env);
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
+ bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) ||
+ (arm_hcr_el2_eff(env) & HCR_TGE);
+ bool mdcr_el2_tdcc = cpu_isar_feature(aa64_fgt, env_archcpu(env)) &&
+ (mdcr_el2 & MDCR_TDCC);
+ bool mdcr_el3_tdcc = cpu_isar_feature(aa64_fgt, env_archcpu(env)) &&
+ (env->cp15.mdcr_el3 & MDCR_TDCC);
+
+ if (el < 2 && (mdcr_el2_tda || mdcr_el2_tdcc)) {
+ return CP_ACCESS_TRAP_EL2;
+ }
+ if (el < 3 && ((env->cp15.mdcr_el3 & MDCR_TDA) || mdcr_el3_tdcc)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
@@ -681,7 +708,7 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
*/
{ .name = "MDCCSR_EL0", .state = ARM_CP_STATE_AA64,
.opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
- .access = PL0_R, .accessfn = access_tda,
+ .access = PL0_R, .accessfn = access_tdcc,
.type = ARM_CP_CONST, .resetvalue = 0 },
/*
* OSDTRRX_EL1/OSDTRTX_EL1 are used for save and restore of DBGDTRRX_EL0.
@@ -689,11 +716,11 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
*/
{ .name = "OSDTRRX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
.opc0 = 2, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 2,
- .access = PL1_RW, .accessfn = access_tda,
+ .access = PL1_RW, .accessfn = access_tdcc,
.type = ARM_CP_CONST, .resetvalue = 0 },
{ .name = "OSDTRTX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
.opc0 = 2, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
- .access = PL1_RW, .accessfn = access_tda,
+ .access = PL1_RW, .accessfn = access_tdcc,
.type = ARM_CP_CONST, .resetvalue = 0 },
/*
* OSECCR_EL1 provides a mechanism for an operating system
@@ -757,7 +784,7 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
*/
{ .name = "MDCCINT_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
- .access = PL1_RW, .accessfn = access_tda,
+ .access = PL1_RW, .accessfn = access_tdcc,
.type = ARM_CP_NOP },
/*
* Dummy DBGCLAIM registers.
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max'
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (21 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps Peter Maydell
@ 2023-01-27 17:55 ` Peter Maydell
2023-01-29 0:07 ` Richard Henderson
2023-01-27 18:43 ` [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
23 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 17:55 UTC (permalink / raw)
To: qemu-arm, qemu-devel
Update the ID registers for TCG's '-cpu max' to report the
presence of FEAT_FGT Fine-Grained Traps support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
docs/system/arm/emulation.rst | 1 +
target/arm/cpu64.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index b33d7c28dc1..c76555f51a7 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -28,6 +28,7 @@ the following architecture extensions:
- FEAT_ETS (Enhanced Translation Synchronization)
- FEAT_EVT (Enhanced Virtualization Traps)
- FEAT_FCMA (Floating-point complex number instructions)
+- FEAT_FGT (Fine-Grained Traps)
- FEAT_FHM (Floating-point half-precision multiplication instructions)
- FEAT_FP16 (Half-precision floating-point data processing)
- FEAT_FRINTTS (Floating-point to integer instructions)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 0e021960fb5..4066950da15 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -1224,6 +1224,7 @@ static void aarch64_max_initfn(Object *obj)
t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 2); /* 16k stage2 supported */
t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN64_2, 2); /* 64k stage2 supported */
t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 2); /* 4k stage2 supported */
+ t = FIELD_DP64(t, ID_AA64MMFR0, FGT, 1); /* FEAT_FGT */
cpu->isar.id_aa64mmfr0 = t;
t = cpu->isar.id_aa64mmfr1;
--
2.34.1
^ permalink raw reply related [flat|nested] 49+ messages in thread
* Re: [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
` (22 preceding siblings ...)
2023-01-27 17:55 ` [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max' Peter Maydell
@ 2023-01-27 18:43 ` Peter Maydell
23 siblings, 0 replies; 49+ messages in thread
From: Peter Maydell @ 2023-01-27 18:43 UTC (permalink / raw)
To: qemu-arm, qemu-devel
On Fri, 27 Jan 2023 at 17:55, Peter Maydell <peter.maydell@linaro.org> wrote:
> The first seven patches are various cleanups and bugfixes that
> I noticed while I was doing the FEAT_FGT work. In particular, we
> weren't getting the priority of HSTR_EL2 traps right -- these should
> take priority over UNDEF-at-EL traps but not over UNDEF-at-EL0 traps.
> The rest of the series is FEAT_FGT itself.
Missing character here -- should be "take priority over UNDEF-at-EL1"...
-- PMM
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly
2023-01-27 17:54 ` [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly Peter Maydell
@ 2023-01-28 1:01 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:01 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> The encodings 0,0,C7,C9,0 and 0,0,C7,C9,1 are AT SP1E1RP and AT
> S1E1WP, but our ARMCPRegInfo definitions for them incorrectly name
> them AT S1E1R and AT S1E1W (which are entirely different
> instructions). Fix the names.
>
> (This has no guest-visible effect as the names are for debug purposes
> only.)
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> target/arm/helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 72b37b7cf17..ccb7d1e1712 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -7734,11 +7734,11 @@ static const ARMCPRegInfo vhe_reginfo[] = {
>
> #ifndef CONFIG_USER_ONLY
> static const ARMCPRegInfo ats1e1_reginfo[] = {
> - { .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
> + { .name = "AT_S1E1RP", .state = ARM_CP_STATE_AA64,
> .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 0,
> .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
> .writefn = ats_write64 },
> - { .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
> + { .name = "AT_S1E1WP", .state = ARM_CP_STATE_AA64,
> .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
> .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
> .writefn = ats_write64 },
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1
2023-01-27 17:54 ` [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1 Peter Maydell
@ 2023-01-28 1:04 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:04 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> The AArch32 ATS12NSO* address translation operations are supposed to
> trap to either EL2 or EL3 if they're executed at Secure EL1 (which
> can only happen if EL3 is AArch64). We implement this, but we got
> the syndrome value wrong: like other traps to EL2 or EL3 on an
> AArch32 cpreg access, they should report the 0x3 syndrome, not the
> 0x0 'uncategorized' syndrome. This is clear in the access pseudocode
> for these instructions.
>
> Fix the syndrome value for these operations by correcting the
> returned value from the ats_access() function.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> target/arm/helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index ccb7d1e1712..6f6772d8e04 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3284,9 +3284,9 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
> if (arm_current_el(env) == 1) {
> if (arm_is_secure_below_el3(env)) {
> if (env->cp15.scr_el3 & SCR_EEL2) {
> - return CP_ACCESS_TRAP_UNCATEGORIZED_EL2;
> + return CP_ACCESS_TRAP_EL2;
> }
> - return CP_ACCESS_TRAP_UNCATEGORIZED_EL3;
> + return CP_ACCESS_TRAP_EL3;
> }
> return CP_ACCESS_TRAP_UNCATEGORIZED;
> }
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3}
2023-01-27 17:54 ` [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3} Peter Maydell
@ 2023-01-28 1:11 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:11 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> We added the CPAccessResult values CP_ACCESS_TRAP_UNCATEGORIZED_EL2
> and CP_ACCESS_TRAP_UNCATEGORIZED_EL3 purely in order to use them in
> the ats_access() function, but doing so was incorrect (a bug fixed in
> a previous commit). There aren't any cases where we want an access
> function to be able to request a trap to EL2 or EL3 with a zero
> syndrome value, so remove these enum values.
>
> As well as cleaning up dead code, the motivation here is that
> we'd like to implement fine-grained-trap handling in
> helper_access_check_cp_reg(). Although the fine-grained traps
> to EL2 are always lower priority than trap-to-same-EL and
> higher priority than trap-to-EL3, they are in the middle of
> various other kinds of trap-to-EL2. Knowing that a trap-to-EL2
> must always for us have the same syndrome (ie that an access
> function will return CP_ACCESS_TRAP_EL2 and there is no other
> kind of trap-to-EL2 enum value) means we don't have to try
> to choose which of the two syndrome values to report if the
> access would trap to EL2 both for the fine-grained-trap and
> because the access function requires it.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> This isn't just "not used in QEMU"; the architecture doesn't have
> any cases where you need to do this, except for the FPCR/FPSR
> with HCR_TGE case, which we handle in raise_exception() by
> squashing the EC_ADVSIMDFPACCESSTRAP to uncategorized.
> ---
> target/arm/cpregs.h | 4 ++--
> target/arm/op_helper.c | 2 ++
> 2 files changed, 4 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier
2023-01-27 17:54 ` [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier Peter Maydell
@ 2023-01-28 1:13 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:13 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Rearrange the code in do_coproc_insn() so that we calculate the
> syndrome value for a potential trap early; we're about to add a
> second check that wants this value earlier than where it is currently
> determined.
>
> (Specifically, a trap to EL2 because of HSTR_EL2 should take
> priority over an UNDEF to EL1, even when the UNDEF is because
> the register does not exist at all or because its ri->access
> bits non-configurably fail the access. So the check we put in
> for HSTR_EL2 trapping at EL1 (which needs the syndrome) is
> going to have to be done before the check "is the ARMCPRegInfo
> pointer NULL".)
>
> This commit is just code motion; the change to HSTR_EL2
> handling that will use the 'syndrome' variable is in a
> subsequent commit.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/translate.c | 83 +++++++++++++++++++++---------------------
> 1 file changed, 41 insertions(+), 42 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps
2023-01-27 17:54 ` [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps Peter Maydell
@ 2023-01-28 1:24 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:24 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> The HSTR_EL2 register has a collection of trap bits which allow
> trapping to EL2 for AArch32 EL0 or EL1 accesses to coprocessor
> registers. The specification of these bits is that when the bit is
> set we should trap
> * EL1 accesses
> * EL0 accesses, if the access is not UNDEFINED when the
> trap bit is 0
>
> In other words, all UNDEF traps from EL0 to EL1 take precedence over
> the HSTR_EL2 trap to EL2. (Since this is all AArch32, the only kind
> of trap-to-EL1 is the UNDEF.)
>
> Our implementation doesn't quite get this right -- we check for traps
> in the order:
> * no such register
> * ARMCPRegInfo::access bits
> * HSTR_EL2 trap bits
> * ARMCPRegInfo::accessfn
>
> So UNDEFs that happen because of the access bits or because the
> register doesn't exist at all correctly take priority over the
> HSTR_EL2 trap, but where a register can UNDEF at EL0 because of the
> accessfn we are incorrectly always taking the HSTR_EL2 trap. There
> aren't many of these, but one example is the PMCR; if you look at the
> access pseudocode for this register you can see that UNDEFs taken
> because of the value of PMUSERENR.EN are checked before the HSTR_EL2
> bit.
>
> Rearrange helper_access_check_cp_reg() so that we always call the
> accessfn, and use its return value if it indicates that the access
> traps to EL0 rather than continuing to do the HSTR_EL2 check.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/op_helper.c | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
2023-01-27 17:54 ` [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1 Peter Maydell
@ 2023-01-28 1:47 ` Richard Henderson
2023-01-28 14:34 ` Peter Maydell
0 siblings, 1 reply; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:47 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> +void HELPER(hstr_trap_check)(CPUARMState *env, uint32_t mask, uint32_t syndrome)
> +{
> + if (env->cp15.hstr_el2 & mask) {
> + raise_exception(env, EXCP_UDEF, syndrome, 2);
> + }
This is so simple...
> @@ -4760,6 +4761,28 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
> break;
> }
>
> + if (s->hstr_active && cpnum == 15 && s->current_el == 1) {
> + /*
> + * At EL1, check for a HSTR_EL2 trap, which must take precedence
> + * over the UNDEF for "no such register" or the UNDEF for "access
> + * permissions forbid this EL1 access". HSTR_EL2 traps from EL0
> + * only happen if the cpreg doesn't UNDEF at EL0, so we do those in
> + * access_check_cp_reg(), after the checks for whether the access
> + * configurably trapped to EL1.
> + */
> + uint32_t maskbit = is64 ? crm : crn;
> +
> + if (maskbit != 4 && maskbit != 14) {
> + /* T4 and T14 are RES0 so never cause traps */
> + gen_set_condexec(s);
> + gen_update_pc(s, 0);
> + emitted_update_pc = true;
> + gen_helper_hstr_trap_check(cpu_env,
> + tcg_constant_i32(1 << maskbit),
> + tcg_constant_i32(syndrome));
> + }
How about
if (maskbit...) {
TCGv_i32 t = load_cpu_offset(offsetoflow32(CPUARMState, hstr_el2));
DisasLabel *over = gen_disas_label(s);
tcg_gen_andi_i32(t, t, 1u << maskbit);
tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label);
tcg_temp_free_i32(t);
gen_exception_insn(s, 0, EXCP_UDEF, syndrome);
set_disas_label(s, over);
}
which also eliminates the need for emitted_update_pc.
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled
2023-01-27 17:54 ` [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled Peter Maydell
@ 2023-01-28 1:51 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 1:51 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> The HSTR_EL2 register is not supposed to have an effect unless EL2 is
> enabled in the current security state. We weren't checking for this,
> which meant that if the guest set up the HSTR_EL2 register we would
> incorrectly trap even for accesses from Secure EL0 and EL1.
>
> Add the missing checks. (Other places where we look at HSTR_EL2
> for the not-in-v8A bits TTEE and TJDBX are already checking that
> we are in NS EL0 or EL1, so there we alredy know EL2 is enabled.)
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> target/arm/helper.c | 2 +-
> target/arm/op_helper.c | 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 6f6772d8e04..66966869218 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -11716,7 +11716,7 @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
> DP_TBFLAG_A32(flags, VFPEN, 1);
> }
>
> - if (el < 2 && env->cp15.hstr_el2 &&
> + if (el < 2 && env->cp15.hstr_el2 && arm_is_el2_enabled(env) &&
> (arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 08/23] target/arm: Define the FEAT_FGT registers
2023-01-27 17:54 ` [PATCH 08/23] target/arm: Define the FEAT_FGT registers Peter Maydell
@ 2023-01-28 2:31 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:31 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Define the system registers which are provided by the
> FEAT_FGT fine-grained trap architectural feature:
> HFGRTR_EL2, HFGWTR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, HFGITR_EL2
>
> All these registers are a set of bit fields, where each bit is set
> for a trap and clear to not trap on a particular system register
> access. The R and W register pairs are for system registers,
> allowing trapping to be done separately for reads and writes; the I
> register is for system instructions where trapping is on instruction
> execution.
>
> The data storage in the CPU state struct is arranged as a set of
> arrays rather than separate fields so that when we're looking up the
> bits for a system register access we can just index into the array
> rather than having to use a switch to select a named struct member.
> The later FEAT_FGT2 will add extra elements to these arrays.
>
> The field definitions for the new registers are in cpregs.h because
> in practice the code that needs them is code that also needs
> the cpregs information; cpu.h is included in a lot more files.
> We're also going to add some FGT-specific definitions to cpregs.h
> in the next commit.
>
> We do not implement HAFGRTR_EL2, because we don't implement
> FEAT_AMUv1.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 285 ++++++++++++++++++++++++++++++++++++++++++++
> target/arm/cpu.h | 15 +++
> target/arm/helper.c | 40 +++++++
> 3 files changed, 340 insertions(+)
I spot-checked the field definitions before my eyes crossed.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 09/23] target/arm: Implement FGT trapping infrastructure
2023-01-27 17:54 ` [PATCH 09/23] target/arm: Implement FGT trapping infrastructure Peter Maydell
@ 2023-01-28 2:36 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:36 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Implement the machinery for fine-grained traps on normal sysregs.
> Any sysreg with a fine-grained trap will set the new field to
> indicate which FGT register bit it should trap on.
>
> FGT traps only happen when an AArch64 EL2 enables them for
> an AArch64 EL1. They therefore are only relevant for AArch32
> cpregs when the cpreg can be accessed from EL0. The logic
> in access_check_cp_reg() will check this, so it is safe to
> add a .fgt marking to an ARM_CP_STATE_BOTH ARMCPRegInfo.
>
> The DO_BIT and DO_REV_BIT macros define enum constants FGT_##bitname
> which can be used to specify the FGT bit, eg
> .fgt = FGT_AFSR0_EL1
> (We assume that there is no bit name duplication across the FGT
> registers, for brevity's sake.)
>
> Subsequent commits will add the .fgt fields to the relevant register
> definitions and define the FGT_nnn values for them.
>
> Note that some of the FGT traps are for instructions that we don't
> handle via the cpregs mechanisms (mostly these are instruction traps).
> Those we will have to handle separately.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 72 ++++++++++++++++++++++++++++++++++++++
> target/arm/cpu.h | 1 +
> target/arm/internals.h | 20 +++++++++++
> target/arm/translate.h | 2 ++
> target/arm/helper.c | 9 +++++
> target/arm/op_helper.c | 30 ++++++++++++++++
> target/arm/translate-a64.c | 3 +-
> target/arm/translate.c | 2 ++
> 8 files changed, 138 insertions(+), 1 deletion(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11
2023-01-27 17:54 ` [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11 Peter Maydell
@ 2023-01-28 2:36 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:36 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitions for the registers trapped
> by HFGRTR/HFGWTR bits 0..11.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> The annotation of the cpreg definitions is split into multiple
> patches for ease of review, 12 bits or so at a time.
> ---
> target/arm/cpregs.h | 14 ++++++++++++++
> target/arm/helper.c | 17 +++++++++++++++++
> 2 files changed, 31 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23
2023-01-27 17:54 ` [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23 Peter Maydell
@ 2023-01-28 2:41 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:41 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitions for the registers trapped
> by HFGRTR/HFGWTR bits 12..23.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 12 ++++++++++++
> target/arm/helper.c | 12 ++++++++++++
> 2 files changed, 24 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35
2023-01-27 17:54 ` [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35 Peter Maydell
@ 2023-01-28 2:43 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:43 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitions for the registers trapped
> by HFGRTR/HFGWTR bits 24..35.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 12 ++++++++++++
> target/arm/helper.c | 14 ++++++++++++++
> 2 files changed, 26 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63
2023-01-27 17:54 ` [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63 Peter Maydell
@ 2023-01-28 2:50 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:50 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitions for the registers trapped
> by HFGRTR/HFGWTR bits 36..63.
>
> Of these, some correspond to RAS registers which we implement as
> always-UNDEF: these don't need any extra handling for FGT because the
> UNDEF-to-EL1 always takes priority over any theoretical
> FGT-trap-to-EL2.
>
> Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part
> of the FEAT_LS64_ACCDATA feature which we don't yet implement.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 7 +++++++
> hw/intc/arm_gicv3_cpuif.c | 2 ++
> target/arm/helper.c | 10 ++++++++++
> 3 files changed, 19 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11
2023-01-27 17:54 ` [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11 Peter Maydell
@ 2023-01-28 2:52 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 2:52 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitons for the registers trapped
> by HDFGRTR/HDFGWTR bits 0..11. These cover various debug
> related registers.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 12 ++++++++++++
> target/arm/debug_helper.c | 11 +++++++++++
> 2 files changed, 23 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1
2023-01-28 1:47 ` Richard Henderson
@ 2023-01-28 14:34 ` Peter Maydell
0 siblings, 0 replies; 49+ messages in thread
From: Peter Maydell @ 2023-01-28 14:34 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, qemu-devel
On Sat, 28 Jan 2023 at 01:47, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 1/27/23 07:54, Peter Maydell wrote:
> > +void HELPER(hstr_trap_check)(CPUARMState *env, uint32_t mask, uint32_t syndrome)
> > +{
> > + if (env->cp15.hstr_el2 & mask) {
> > + raise_exception(env, EXCP_UDEF, syndrome, 2);
> > + }
>
> This is so simple...
>
>
> > @@ -4760,6 +4761,28 @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
> > break;
> > }
> >
> > + if (s->hstr_active && cpnum == 15 && s->current_el == 1) {
> > + /*
> > + * At EL1, check for a HSTR_EL2 trap, which must take precedence
> > + * over the UNDEF for "no such register" or the UNDEF for "access
> > + * permissions forbid this EL1 access". HSTR_EL2 traps from EL0
> > + * only happen if the cpreg doesn't UNDEF at EL0, so we do those in
> > + * access_check_cp_reg(), after the checks for whether the access
> > + * configurably trapped to EL1.
> > + */
> > + uint32_t maskbit = is64 ? crm : crn;
> > +
> > + if (maskbit != 4 && maskbit != 14) {
> > + /* T4 and T14 are RES0 so never cause traps */
> > + gen_set_condexec(s);
> > + gen_update_pc(s, 0);
> > + emitted_update_pc = true;
> > + gen_helper_hstr_trap_check(cpu_env,
> > + tcg_constant_i32(1 << maskbit),
> > + tcg_constant_i32(syndrome));
> > + }
>
> How about
>
> if (maskbit...) {
> TCGv_i32 t = load_cpu_offset(offsetoflow32(CPUARMState, hstr_el2));
> DisasLabel *over = gen_disas_label(s);
>
> tcg_gen_andi_i32(t, t, 1u << maskbit);
> tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label);
> tcg_temp_free_i32(t);
>
> gen_exception_insn(s, 0, EXCP_UDEF, syndrome);
> set_disas_label(s, over);
> }
>
> which also eliminates the need for emitted_update_pc.
I really dislike use of brcond in generated TCG, because of the
massive beartrap it sets up where all your temporaries get nuked
but there's no compile-time checking that you didn't try to keep
using one after the brcond. So I generally prefer an approach that
avoids brcond over one that uses it, if it's available.
thanks
-- PMM
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63
2023-01-27 17:54 ` [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63 Peter Maydell
@ 2023-01-28 23:44 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:44 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:54, Peter Maydell wrote:
> Mark up the sysreg definitions for the registers trapped
> by HDFGRTR/HDFGWTR bits 12..x.
>
> Bits 12..22 and bit 58 are for PMU registers.
>
> The remaining bits in HDFGRTR/HDFGWTR are for traps on
> registers that are part of features we don't implement:
>
> Bits 23..32 and 63 : FEAT_SPE
> Bits 33..48 : FEAT_ETE
> Bits 50..56 : FEAT_TRBE
> Bits 59..61 : FEAT_BRBE
> Bit 62 : FEAT_SPEv1p2.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 12 ++++++++++++
> target/arm/helper.c | 37 +++++++++++++++++++++++++++++++++++++
> 2 files changed, 49 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11
2023-01-27 17:55 ` [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11 Peter Maydell
@ 2023-01-28 23:47 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:47 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Mark up the sysreg definitions for the system instructions
> trapped by HFGITR bits 0..11. These bits cover various
> cache maintenance operations.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 14 ++++++++++++++
> target/arm/helper.c | 28 ++++++++++++++++++++++++++++
> 2 files changed, 42 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17
2023-01-27 17:55 ` [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17 Peter Maydell
@ 2023-01-28 23:47 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:47 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Mark up the sysreg definitions for the system instructions
> trapped by HFGITR bits 12..17. These bits cover AT address
> translation instructions.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 6 ++++++
> target/arm/helper.c | 6 ++++++
> 2 files changed, 12 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47
2023-01-27 17:55 ` [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47 Peter Maydell
@ 2023-01-28 23:49 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:49 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Mark up the sysreg definitions for the system instructions
> trapped by HFGITR bits 18..47. These bits cover TLBI
> TLB maintenance instructions.
>
> (If we implemented FEAT_XS we would need to trap some of the
> instructions added by that feature using these bits; but we don't
> yet, so will need to add the .fgt markup when we do.)
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 30 ++++++++++++++++++++++++++++++
> target/arm/helper.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 60 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63
2023-01-27 17:55 ` [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63 Peter Maydell
@ 2023-01-28 23:50 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:50 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Mark up the sysreg definitions for the system instructions
> trapped by HFGITR bits 48..63.
>
> Some of these bits are for trapping instructions which are
> not in the system instruction encoding (i.e. which are
> not handled by the ARMCPRegInfo mechanism):
> * ERET, ERETAA, ERETAB
> * SVC
>
> We will have to handle those separately and manually.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpregs.h | 4 ++++
> target/arm/helper.c | 9 +++++++++
> 2 files changed, 13 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap
2023-01-27 17:55 ` [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap Peter Maydell
@ 2023-01-28 23:53 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:53 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Implement the HFGITR_EL2.ERET fine-grained trap. This traps
> execution from AArch64 EL1 of ERET, ERETAA and ERETAB. The trap is
> reported with a syndrome value of 0x1a.
>
> The trap must take precedence over a possible pointer-authentication
> trap for ERETAA and ERETAB.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpu.h | 1 +
> target/arm/syndrome.h | 10 ++++++++++
> target/arm/translate.h | 2 ++
> target/arm/helper.c | 3 +++
> target/arm/translate-a64.c | 10 ++++++++++
> 5 files changed, 26 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps
2023-01-27 17:55 ` [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps Peter Maydell
@ 2023-01-28 23:58 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-28 23:58 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 fine-grained traps.
> These trap execution of the SVC instruction from AArch32 and AArch64.
> (As usual, AArch32 can only trap from EL0, as fine grained traps are
> disabled with an AArch32 EL1.)
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/cpu.h | 1 +
> target/arm/translate.h | 2 ++
> target/arm/helper.c | 20 ++++++++++++++++++++
> target/arm/translate-a64.c | 9 ++++++++-
> target/arm/translate.c | 12 +++++++++---
> 5 files changed, 40 insertions(+), 4 deletion
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps
2023-01-27 17:55 ` [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps Peter Maydell
@ 2023-01-29 0:06 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-29 0:06 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> FEAT_FGT also implements an extra trap bit in the MDCR_EL2 and
> MDCR_EL3 registers: bit TDCC enables trapping of use of the Debug
> Comms Channel registers OSDTRRX_EL1, OSDTRTX_EL1, MDCCSR_EL0,
> MDCCINT_EL0, DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0 (and their
> AArch32 equivalents). This trapping is independent of whether
> fine-grained traps are enabled or not.
>
> Implement these extra traps. (We don't implement DBGDTR_EL0,
> DBGDTRRX_EL0 and DBGDTRTX_EL0.)
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> target/arm/debug_helper.c | 35 +++++++++++++++++++++++++++++++----
> 1 file changed, 31 insertions(+), 4 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max'
2023-01-27 17:55 ` [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max' Peter Maydell
@ 2023-01-29 0:07 ` Richard Henderson
0 siblings, 0 replies; 49+ messages in thread
From: Richard Henderson @ 2023-01-29 0:07 UTC (permalink / raw)
To: Peter Maydell, qemu-arm, qemu-devel
On 1/27/23 07:55, Peter Maydell wrote:
> Update the ID registers for TCG's '-cpu max' to report the
> presence of FEAT_FGT Fine-Grained Traps support.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> docs/system/arm/emulation.rst | 1 +
> target/arm/cpu64.c | 1 +
> 2 files changed, 2 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 49+ messages in thread
end of thread, other threads:[~2023-01-29 0:08 UTC | newest]
Thread overview: 49+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-27 17:54 [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
2023-01-27 17:54 ` [PATCH 01/23] target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctly Peter Maydell
2023-01-28 1:01 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 02/23] target/arm: Correct syndrome for ATS12NSO* at Secure EL1 Peter Maydell
2023-01-28 1:04 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 03/23] target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3} Peter Maydell
2023-01-28 1:11 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 04/23] target/arm: Move do_coproc_insn() syndrome calculation earlier Peter Maydell
2023-01-28 1:13 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 05/23] target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 traps Peter Maydell
2023-01-28 1:24 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 06/23] target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1 Peter Maydell
2023-01-28 1:47 ` Richard Henderson
2023-01-28 14:34 ` Peter Maydell
2023-01-27 17:54 ` [PATCH 07/23] target/arm: Disable HSTR_EL2 traps if EL2 is not enabled Peter Maydell
2023-01-28 1:51 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 08/23] target/arm: Define the FEAT_FGT registers Peter Maydell
2023-01-28 2:31 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 09/23] target/arm: Implement FGT trapping infrastructure Peter Maydell
2023-01-28 2:36 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 10/23] target/arm: Mark up sysregs for HFGRTR bits 0..11 Peter Maydell
2023-01-28 2:36 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 11/23] target/arm: Mark up sysregs for HFGRTR bits 12..23 Peter Maydell
2023-01-28 2:41 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 12/23] target/arm: Mark up sysregs for HFGRTR bits 24..35 Peter Maydell
2023-01-28 2:43 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 13/23] target/arm: Mark up sysregs for HFGRTR bits 36..63 Peter Maydell
2023-01-28 2:50 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 14/23] target/arm: Mark up sysregs for HDFGRTR bits 0..11 Peter Maydell
2023-01-28 2:52 ` Richard Henderson
2023-01-27 17:54 ` [PATCH 15/23] target/arm: Mark up sysregs for HDFGRTR bits 12..63 Peter Maydell
2023-01-28 23:44 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 16/23] target/arm: Mark up sysregs for HFGITR bits 0..11 Peter Maydell
2023-01-28 23:47 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 17/23] target/arm: Mark up sysregs for HFGITR bits 12..17 Peter Maydell
2023-01-28 23:47 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 18/23] target/arm: Mark up sysregs for HFGITR bits 18..47 Peter Maydell
2023-01-28 23:49 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 19/23] target/arm: Mark up sysregs for HFGITR bits 48..63 Peter Maydell
2023-01-28 23:50 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 20/23] target/arm: Implement the HFGITR_EL2.ERET trap Peter Maydell
2023-01-28 23:53 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 21/23] target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 traps Peter Maydell
2023-01-28 23:58 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 22/23] target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC traps Peter Maydell
2023-01-29 0:06 ` Richard Henderson
2023-01-27 17:55 ` [PATCH 23/23] target/arm: Enable FEAT_FGT on '-cpu max' Peter Maydell
2023-01-29 0:07 ` Richard Henderson
2023-01-27 18:43 ` [PATCH 00/23] target/arm: Implement FEAT_FGT fine-grained traps Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.