QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE
@ 2019-12-03  2:28 Richard Henderson
  2019-12-03  2:28 ` [PATCH v4 01/40] target/arm: Define isar_feature_aa64_vh Richard Henderson
                   ` (39 more replies)
  0 siblings, 40 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:28 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Version 3 was posted back in August.  Though quite a lot has changed
and perhaps there's no use in comparing.  I haven't done a list.

Against master, it is the first version that can actually boot a
nested kernel under kvm, so that's certainly a change for the better.

It's not even particularly slow.  With both outer and nested kernel
using a minimal busybox initrd, the outer kernel boots in 4.0 seconds
and the nested kernel boots in 6.7 seconds.


r~


Alex Bennée (1):
  target/arm: check TGE and E2H flags for EL0 pauth traps

Richard Henderson (39):
  target/arm: Define isar_feature_aa64_vh
  target/arm: Enable HCR_E2H for VHE
  target/arm: Add CONTEXTIDR_EL2
  target/arm: Add TTBR1_EL2
  target/arm: Update CNTVCT_EL0 for VHE
  target/arm: Split out vae1_tlbmask, vmalle1_tlbmask
  target/arm: Simplify tlb_force_broadcast alternatives
  target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2
  target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E*
  target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE*
  target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3
  target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2
  target/arm: Recover 4 bits from TBFLAGs
  target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits
  target/arm: Rearrange ARMMMUIdxBit
  target/arm: Tidy ARMMMUIdx m-profile definitions
  target/arm: Reorganize ARMMMUIdx
  target/arm: Add regime_has_2_ranges
  target/arm: Update arm_mmu_idx for VHE
  target/arm: Update arm_sctlr for VHE
  target/arm: Update aa64_zva_access for EL2
  target/arm: Update ctr_el0_access for EL2
  target/arm: Add the hypervisor virtual counter
  target/arm: Update timer access for VHE
  target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  target/arm: Add VHE system register redirection and aliasing
  target/arm: Add VHE timer register redirection and aliasing
  target/arm: Flush tlb for ASID changes in EL2&0 translation regime
  target/arm: Flush tlbs for E2&0 translation regime
  target/arm: Update arm_phys_excp_target_el for TGE
  target/arm: Update {fp,sve}_exception_el for VHE
  target/arm: Update get_a64_user_mem_index for VHE
  target/arm: Update arm_cpu_do_interrupt_aarch64 for VHE
  target/arm: Enable ARMv8.1-VHE in -cpu max
  target/arm: Move arm_excp_unmasked to cpu.c
  target/arm: Pass more cpu state to arm_excp_unmasked
  target/arm: Use bool for unmasked in arm_excp_unmasked
  target/arm: Raise only one interrupt in arm_cpu_exec_interrupt

 target/arm/cpu-param.h     |    2 +-
 target/arm/cpu-qom.h       |    1 +
 target/arm/cpu.h           |  434 +++++--------
 target/arm/internals.h     |   71 ++-
 target/arm/translate.h     |    4 +-
 target/arm/cpu.c           |  161 ++++-
 target/arm/cpu64.c         |    1 +
 target/arm/debug_helper.c  |   50 +-
 target/arm/helper-a64.c    |    2 +-
 target/arm/helper.c        | 1219 +++++++++++++++++++++++++++---------
 target/arm/pauth_helper.c  |   14 +-
 target/arm/translate-a64.c |   47 +-
 target/arm/translate.c     |   73 ++-
 13 files changed, 1397 insertions(+), 682 deletions(-)

-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 01/40] target/arm: Define isar_feature_aa64_vh
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
@ 2019-12-03  2:28 ` Richard Henderson
  2019-12-03  2:28 ` [PATCH v4 02/40] target/arm: Enable HCR_E2H for VHE Richard Henderson
                   ` (38 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:28 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 83a809d4ba..994cad2014 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3632,6 +3632,11 @@ static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
     return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
 }
 
+static inline bool isar_feature_aa64_vh(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, VH) != 0;
+}
+
 static inline bool isar_feature_aa64_lor(const ARMISARegisters *id)
 {
     return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, LO) != 0;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 02/40] target/arm: Enable HCR_E2H for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
  2019-12-03  2:28 ` [PATCH v4 01/40] target/arm: Define isar_feature_aa64_vh Richard Henderson
@ 2019-12-03  2:28 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 03/40] target/arm: Add CONTEXTIDR_EL2 Richard Henderson
                   ` (37 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:28 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h    | 7 -------
 target/arm/helper.c | 6 +++++-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 994cad2014..9729e62d2c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1387,13 +1387,6 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
 #define HCR_ATA       (1ULL << 56)
 #define HCR_DCT       (1ULL << 57)
 
-/*
- * When we actually implement ARMv8.1-VHE we should add HCR_E2H to
- * HCR_MASK and then clear it again if the feature bit is not set in
- * hcr_write().
- */
-#define HCR_MASK      ((1ULL << 34) - 1)
-
 #define SCR_NS                (1U << 0)
 #define SCR_IRQ               (1U << 1)
 #define SCR_FIQ               (1U << 2)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0bf8f53d4b..d81daadf45 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4672,7 +4672,8 @@ static const ARMCPRegInfo el3_no_el2_v8_cp_reginfo[] = {
 static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
 {
     ARMCPU *cpu = env_archcpu(env);
-    uint64_t valid_mask = HCR_MASK;
+    /* Begin with bits defined in base ARMv8.0.  */
+    uint64_t valid_mask = MAKE_64BIT_MASK(0, 34);
 
     if (arm_feature(env, ARM_FEATURE_EL3)) {
         valid_mask &= ~HCR_HCD;
@@ -4686,6 +4687,9 @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
          */
         valid_mask &= ~HCR_TSC;
     }
+    if (cpu_isar_feature(aa64_vh, cpu)) {
+        valid_mask |= HCR_E2H;
+    }
     if (cpu_isar_feature(aa64_lor, cpu)) {
         valid_mask |= HCR_TLOR;
     }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 03/40] target/arm: Add CONTEXTIDR_EL2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
  2019-12-03  2:28 ` [PATCH v4 01/40] target/arm: Define isar_feature_aa64_vh Richard Henderson
  2019-12-03  2:28 ` [PATCH v4 02/40] target/arm: Enable HCR_E2H for VHE Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 04/40] target/arm: Add TTBR1_EL2 Richard Henderson
                   ` (36 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Not all of the breakpoint types are supported, but those that
only examine contextidr are extended to support the new register.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/debug_helper.c | 50 +++++++++++++++++++++++++++++----------
 target/arm/helper.c       | 11 +++++++++
 2 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index dde80273ff..2e3e90c6a5 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -20,6 +20,7 @@ static bool linked_bp_matches(ARMCPU *cpu, int lbn)
     int ctx_cmps = extract32(cpu->dbgdidr, 20, 4);
     int bt;
     uint32_t contextidr;
+    uint64_t hcr_el2;
 
     /*
      * Links to unimplemented or non-context aware breakpoints are
@@ -40,24 +41,44 @@ static bool linked_bp_matches(ARMCPU *cpu, int lbn)
     }
 
     bt = extract64(bcr, 20, 4);
-
-    /*
-     * We match the whole register even if this is AArch32 using the
-     * short descriptor format (in which case it holds both PROCID and ASID),
-     * since we don't implement the optional v7 context ID masking.
-     */
-    contextidr = extract64(env->cp15.contextidr_el[1], 0, 32);
+    hcr_el2 = arm_hcr_el2_eff(env);
 
     switch (bt) {
     case 3: /* linked context ID match */
-        if (arm_current_el(env) > 1) {
-            /* Context matches never fire in EL2 or (AArch64) EL3 */
+        switch (arm_current_el(env)) {
+        default:
+            /* Context matches never fire in AArch64 EL3 */
             return false;
+        case 2:
+            if (!(hcr_el2 & HCR_E2H)) {
+                /* Context matches never fire in EL2 without E2H enabled. */
+                return false;
+            }
+            contextidr = env->cp15.contextidr_el[2];
+            break;
+        case 1:
+            contextidr = env->cp15.contextidr_el[1];
+            break;
+        case 0:
+            if ((hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+                contextidr = env->cp15.contextidr_el[2];
+            } else {
+                contextidr = env->cp15.contextidr_el[1];
+            }
+            break;
         }
-        return (contextidr == extract64(env->cp15.dbgbvr[lbn], 0, 32));
-    case 5: /* linked address mismatch (reserved in AArch64) */
+        break;
+
+    case 7:  /* linked contextidr_el1 match */
+        contextidr = env->cp15.contextidr_el[1];
+        break;
+    case 13: /* linked contextidr_el2 match */
+        contextidr = env->cp15.contextidr_el[2];
+        break;
+
     case 9: /* linked VMID match (reserved if no EL2) */
     case 11: /* linked context ID and VMID match (reserved if no EL2) */
+    case 15: /* linked full context ID match */
     default:
         /*
          * Links to Unlinked context breakpoints must generate no
@@ -66,7 +87,12 @@ static bool linked_bp_matches(ARMCPU *cpu, int lbn)
         return false;
     }
 
-    return false;
+    /*
+     * We match the whole register even if this is AArch32 using the
+     * short descriptor format (in which case it holds both PROCID and ASID),
+     * since we don't implement the optional v7 context ID masking.
+     */
+    return contextidr == (uint32_t)env->cp15.dbgbvr[lbn];
 }
 
 static bool bp_wp_matches(ARMCPU *cpu, int n, bool is_wp)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d81daadf45..b4d774632d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6953,6 +6953,17 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         define_arm_cp_regs(cpu, lor_reginfo);
     }
 
+    if (arm_feature(env, ARM_FEATURE_EL2) && cpu_isar_feature(aa64_vh, cpu)) {
+        static const ARMCPRegInfo vhe_reginfo[] = {
+            { .name = "CONTEXTIDR_EL2", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 4, .crn = 13, .crm = 0, .opc2 = 1,
+              .access = PL2_RW,
+              .fieldoffset = offsetof(CPUARMState, cp15.contextidr_el[2]) },
+            REGINFO_SENTINEL
+        };
+        define_arm_cp_regs(cpu, vhe_reginfo);
+    }
+
     if (cpu_isar_feature(aa64_sve, cpu)) {
         define_one_arm_cp_reg(cpu, &zcr_el1_reginfo);
         if (arm_feature(env, ARM_FEATURE_EL2)) {
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 04/40] target/arm: Add TTBR1_EL2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (2 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 03/40] target/arm: Add CONTEXTIDR_EL2 Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 05/40] target/arm: Update CNTVCT_EL0 for VHE Richard Henderson
                   ` (35 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

At the same time, add writefn to TTBR0_EL2 and TCR_EL2.
A later patch will update any ASID therein.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index b4d774632d..06ec4641f3 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3484,6 +3484,12 @@ static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     raw_write(env, ri, value);
 }
 
+static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                    uint64_t value)
+{
+    raw_write(env, ri, value);
+}
+
 static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                         uint64_t value)
 {
@@ -4893,10 +4899,8 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .resetvalue = 0 },
     { .name = "TCR_EL2", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 2,
-      .access = PL2_RW,
-      /* no .writefn needed as this can't cause an ASID change;
-       * no .raw_writefn or .resetfn needed as we never use mask/base_mask
-       */
+      .access = PL2_RW, .writefn = vmsa_tcr_ttbr_el2_write,
+      /* no .raw_writefn or .resetfn needed as we never use mask/base_mask */
       .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) },
     { .name = "VTCR", .state = ARM_CP_STATE_AA32,
       .cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
@@ -4930,7 +4934,7 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .fieldoffset = offsetof(CPUARMState, cp15.tpidr_el[2]) },
     { .name = "TTBR0_EL2", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 0,
-      .access = PL2_RW, .resetvalue = 0,
+      .access = PL2_RW, .resetvalue = 0, .writefn = vmsa_tcr_ttbr_el2_write,
       .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el[2]) },
     { .name = "HTTBR", .cp = 15, .opc1 = 4, .crm = 2,
       .access = PL2_RW, .type = ARM_CP_64BIT | ARM_CP_ALIAS,
@@ -6959,6 +6963,10 @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .opc0 = 3, .opc1 = 4, .crn = 13, .crm = 0, .opc2 = 1,
               .access = PL2_RW,
               .fieldoffset = offsetof(CPUARMState, cp15.contextidr_el[2]) },
+            { .name = "TTBR1_EL2", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 1,
+              .access = PL2_RW, .writefn = vmsa_tcr_ttbr_el2_write,
+              .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el[2]) },
             REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, vhe_reginfo);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 05/40] target/arm: Update CNTVCT_EL0 for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (3 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 04/40] target/arm: Add TTBR1_EL2 Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask Richard Henderson
                   ` (34 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The virtual offset may be 0 depending on EL, E2H and TGE.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 06ec4641f3..731507a82f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2475,9 +2475,31 @@ static uint64_t gt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri)
     return gt_get_countervalue(env);
 }
 
+static uint64_t gt_virt_cnt_offset(CPUARMState *env)
+{
+    uint64_t hcr;
+
+    switch (arm_current_el(env)) {
+    case 2:
+        hcr = arm_hcr_el2_eff(env);
+        if (hcr & HCR_E2H) {
+            return 0;
+        }
+        break;
+    case 0:
+        hcr = arm_hcr_el2_eff(env);
+        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+            return 0;
+        }
+        break;
+    }
+
+    return env->cp15.cntvoff_el2;
+}
+
 static uint64_t gt_virt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri)
 {
-    return gt_get_countervalue(env) - env->cp15.cntvoff_el2;
+    return gt_get_countervalue(env) - gt_virt_cnt_offset(env);
 }
 
 static void gt_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -2492,7 +2514,13 @@ static void gt_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static uint64_t gt_tval_read(CPUARMState *env, const ARMCPRegInfo *ri,
                              int timeridx)
 {
-    uint64_t offset = timeridx == GTIMER_VIRT ? env->cp15.cntvoff_el2 : 0;
+    uint64_t offset = 0;
+
+    switch (timeridx) {
+    case GTIMER_VIRT:
+        offset = gt_virt_cnt_offset(env);
+        break;
+    }
 
     return (uint32_t)(env->cp15.c14_timer[timeridx].cval -
                       (gt_get_countervalue(env) - offset));
@@ -2502,7 +2530,13 @@ static void gt_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
                           int timeridx,
                           uint64_t value)
 {
-    uint64_t offset = timeridx == GTIMER_VIRT ? env->cp15.cntvoff_el2 : 0;
+    uint64_t offset = 0;
+
+    switch (timeridx) {
+    case GTIMER_VIRT:
+        offset = gt_virt_cnt_offset(env);
+        break;
+    }
 
     trace_arm_gt_tval_write(timeridx, value);
     env->cp15.c14_timer[timeridx].cval = gt_get_countervalue(env) - offset +
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (4 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 05/40] target/arm: Update CNTVCT_EL0 for VHE Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  6:25   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 07/40] target/arm: Simplify tlb_force_broadcast alternatives Richard Henderson
                   ` (33 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

No functional change, but unify code sequences.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 118 ++++++++++++++------------------------------
 1 file changed, 37 insertions(+), 81 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 731507a82f..0b0130d814 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3890,70 +3890,61 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
  * Page D4-1736 (DDI0487A.b)
  */
 
+static int vae1_tlbmask(CPUARMState *env)
+{
+    if (arm_is_secure_below_el3(env)) {
+        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
+    } else {
+        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
+    }
+}
+
 static void tlbi_aa64_vmalle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                       uint64_t value)
 {
     CPUState *cs = env_cpu(env);
-    bool sec = arm_is_secure_below_el3(env);
+    int mask = vae1_tlbmask(env);
 
-    if (sec) {
-        tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                            ARMMMUIdxBit_S1SE1 |
-                                            ARMMMUIdxBit_S1SE0);
-    } else {
-        tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                            ARMMMUIdxBit_S12NSE1 |
-                                            ARMMMUIdxBit_S12NSE0);
-    }
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
 }
 
 static void tlbi_aa64_vmalle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                     uint64_t value)
 {
     CPUState *cs = env_cpu(env);
+    int mask = vae1_tlbmask(env);
 
     if (tlb_force_broadcast(env)) {
         tlbi_aa64_vmalle1is_write(env, NULL, value);
         return;
     }
 
+    tlb_flush_by_mmuidx(cs, mask);
+}
+
+static int vmalle1_tlbmask(CPUARMState *env)
+{
+    /*
+     * Note that the 'ALL' scope must invalidate both stage 1 and
+     * stage 2 translations, whereas most other scopes only invalidate
+     * stage 1 translations.
+     */
     if (arm_is_secure_below_el3(env)) {
-        tlb_flush_by_mmuidx(cs,
-                            ARMMMUIdxBit_S1SE1 |
-                            ARMMMUIdxBit_S1SE0);
+        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
+    } else if (arm_feature(env, ARM_FEATURE_EL2)) {
+        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0 | ARMMMUIdxBit_S2NS;
     } else {
-        tlb_flush_by_mmuidx(cs,
-                            ARMMMUIdxBit_S12NSE1 |
-                            ARMMMUIdxBit_S12NSE0);
+        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
     }
 }
 
 static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                   uint64_t value)
 {
-    /* Note that the 'ALL' scope must invalidate both stage 1 and
-     * stage 2 translations, whereas most other scopes only invalidate
-     * stage 1 translations.
-     */
-    ARMCPU *cpu = env_archcpu(env);
-    CPUState *cs = CPU(cpu);
+    CPUState *cs = env_cpu(env);
+    int mask = vmalle1_tlbmask(env);
 
-    if (arm_is_secure_below_el3(env)) {
-        tlb_flush_by_mmuidx(cs,
-                            ARMMMUIdxBit_S1SE1 |
-                            ARMMMUIdxBit_S1SE0);
-    } else {
-        if (arm_feature(env, ARM_FEATURE_EL2)) {
-            tlb_flush_by_mmuidx(cs,
-                                ARMMMUIdxBit_S12NSE1 |
-                                ARMMMUIdxBit_S12NSE0 |
-                                ARMMMUIdxBit_S2NS);
-        } else {
-            tlb_flush_by_mmuidx(cs,
-                                ARMMMUIdxBit_S12NSE1 |
-                                ARMMMUIdxBit_S12NSE0);
-        }
-    }
+    tlb_flush_by_mmuidx(cs, mask);
 }
 
 static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -3977,28 +3968,10 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                     uint64_t value)
 {
-    /* Note that the 'ALL' scope must invalidate both stage 1 and
-     * stage 2 translations, whereas most other scopes only invalidate
-     * stage 1 translations.
-     */
     CPUState *cs = env_cpu(env);
-    bool sec = arm_is_secure_below_el3(env);
-    bool has_el2 = arm_feature(env, ARM_FEATURE_EL2);
+    int mask = vmalle1_tlbmask(env);
 
-    if (sec) {
-        tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                            ARMMMUIdxBit_S1SE1 |
-                                            ARMMMUIdxBit_S1SE0);
-    } else if (has_el2) {
-        tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                            ARMMMUIdxBit_S12NSE1 |
-                                            ARMMMUIdxBit_S12NSE0 |
-                                            ARMMMUIdxBit_S2NS);
-    } else {
-          tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                              ARMMMUIdxBit_S12NSE1 |
-                                              ARMMMUIdxBit_S12NSE0);
-    }
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
 }
 
 static void tlbi_aa64_alle2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4048,20 +4021,11 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                    uint64_t value)
 {
-    ARMCPU *cpu = env_archcpu(env);
-    CPUState *cs = CPU(cpu);
-    bool sec = arm_is_secure_below_el3(env);
+    CPUState *cs = env_cpu(env);
+    int mask = vae1_tlbmask(env);
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
-    if (sec) {
-        tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                                 ARMMMUIdxBit_S1SE1 |
-                                                 ARMMMUIdxBit_S1SE0);
-    } else {
-        tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                                 ARMMMUIdxBit_S12NSE1 |
-                                                 ARMMMUIdxBit_S12NSE0);
-    }
+    tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr, mask);
 }
 
 static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4072,8 +4036,8 @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
      * since we don't support flush-for-specific-ASID-only or
      * flush-last-level-only.
      */
-    ARMCPU *cpu = env_archcpu(env);
-    CPUState *cs = CPU(cpu);
+    CPUState *cs = env_cpu(env);
+    int mask = vae1_tlbmask(env);
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
     if (tlb_force_broadcast(env)) {
@@ -4081,15 +4045,7 @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
         return;
     }
 
-    if (arm_is_secure_below_el3(env)) {
-        tlb_flush_page_by_mmuidx(cs, pageaddr,
-                                 ARMMMUIdxBit_S1SE1 |
-                                 ARMMMUIdxBit_S1SE0);
-    } else {
-        tlb_flush_page_by_mmuidx(cs, pageaddr,
-                                 ARMMMUIdxBit_S12NSE1 |
-                                 ARMMMUIdxBit_S12NSE0);
-    }
+    tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
 }
 
 static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 07/40] target/arm: Simplify tlb_force_broadcast alternatives
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (5 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_* Richard Henderson
                   ` (32 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Rather than call to a separate function and re-compute any
parameters for the flush, simply use the correct flush
function directly.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 52 +++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 28 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0b0130d814..6c09cda4ea 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -614,56 +614,54 @@ static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
                           uint64_t value)
 {
     /* Invalidate all (TLBIALL) */
-    ARMCPU *cpu = env_archcpu(env);
+    CPUState *cs = env_cpu(env);
 
     if (tlb_force_broadcast(env)) {
-        tlbiall_is_write(env, NULL, value);
-        return;
+        tlb_flush_all_cpus_synced(cs);
+    } else {
+        tlb_flush(cs);
     }
-
-    tlb_flush(CPU(cpu));
 }
 
 static void tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
                           uint64_t value)
 {
     /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
-    ARMCPU *cpu = env_archcpu(env);
+    CPUState *cs = env_cpu(env);
 
+    value &= TARGET_PAGE_MASK;
     if (tlb_force_broadcast(env)) {
-        tlbimva_is_write(env, NULL, value);
-        return;
+        tlb_flush_page_all_cpus_synced(cs, value);
+    } else {
+        tlb_flush_page(cs, value);
     }
-
-    tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
 }
 
 static void tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
                            uint64_t value)
 {
     /* Invalidate by ASID (TLBIASID) */
-    ARMCPU *cpu = env_archcpu(env);
+    CPUState *cs = env_cpu(env);
 
     if (tlb_force_broadcast(env)) {
-        tlbiasid_is_write(env, NULL, value);
-        return;
+        tlb_flush_all_cpus_synced(cs);
+    } else {
+        tlb_flush(cs);
     }
-
-    tlb_flush(CPU(cpu));
 }
 
 static void tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
                            uint64_t value)
 {
     /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
-    ARMCPU *cpu = env_archcpu(env);
+    CPUState *cs = env_cpu(env);
 
+    value &= TARGET_PAGE_MASK;
     if (tlb_force_broadcast(env)) {
-        tlbimvaa_is_write(env, NULL, value);
-        return;
+        tlb_flush_page_all_cpus_synced(cs, value);
+    } else {
+        tlb_flush_page(cs, value);
     }
-
-    tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
 }
 
 static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -3915,11 +3913,10 @@ static void tlbi_aa64_vmalle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
     int mask = vae1_tlbmask(env);
 
     if (tlb_force_broadcast(env)) {
-        tlbi_aa64_vmalle1is_write(env, NULL, value);
-        return;
+        tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
+    } else {
+        tlb_flush_by_mmuidx(cs, mask);
     }
-
-    tlb_flush_by_mmuidx(cs, mask);
 }
 
 static int vmalle1_tlbmask(CPUARMState *env)
@@ -4041,11 +4038,10 @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
     if (tlb_force_broadcast(env)) {
-        tlbi_aa64_vae1is_write(env, NULL, value);
-        return;
+        tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr, mask);
+    } else {
+        tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
     }
-
-    tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
 }
 
 static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (6 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 07/40] target/arm: Simplify tlb_force_broadcast alternatives Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 10:38   ` Alex Bennée
  2019-12-06 15:45   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2 Richard Henderson
                   ` (31 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This is part of a reorganization to the set of mmu_idx.
This emphasizes that they apply to the EL1&0 regime.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h           |  8 ++++----
 target/arm/internals.h     |  4 ++--
 target/arm/helper.c        | 40 +++++++++++++++++++-------------------
 target/arm/translate-a64.c |  4 ++--
 target/arm/translate.c     |  6 +++---
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9729e62d2c..802cddd2df 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2864,8 +2864,8 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
 #define ARM_MMU_IDX_COREIDX_MASK 0x7
 
 typedef enum ARMMMUIdx {
-    ARMMMUIdx_S12NSE0 = 0 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S12NSE1 = 1 | ARM_MMU_IDX_A,
+    ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
+    ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
@@ -2890,8 +2890,8 @@ typedef enum ARMMMUIdx {
  * for use when calling tlb_flush_by_mmuidx() and friends.
  */
 typedef enum ARMMMUIdxBit {
-    ARMMMUIdxBit_S12NSE0 = 1 << 0,
-    ARMMMUIdxBit_S12NSE1 = 1 << 1,
+    ARMMMUIdxBit_EL10_0 = 1 << 0,
+    ARMMMUIdxBit_EL10_1 = 1 << 1,
     ARMMMUIdxBit_S1E2 = 1 << 2,
     ARMMMUIdxBit_S1E3 = 1 << 3,
     ARMMMUIdxBit_S1SE0 = 1 << 4,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index f5313dd3d4..54142dd789 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -808,8 +808,8 @@ static inline void arm_call_el_change_hook(ARMCPU *cpu)
 static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
-    case ARMMMUIdx_S12NSE0:
-    case ARMMMUIdx_S12NSE1:
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL10_1:
     case ARMMMUIdx_S1NSE0:
     case ARMMMUIdx_S1NSE1:
     case ARMMMUIdx_S1E2:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6c09cda4ea..d2b90763ca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -670,8 +670,8 @@ static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
     CPUState *cs = env_cpu(env);
 
     tlb_flush_by_mmuidx(cs,
-                        ARMMMUIdxBit_S12NSE1 |
-                        ARMMMUIdxBit_S12NSE0 |
+                        ARMMMUIdxBit_EL10_1 |
+                        ARMMMUIdxBit_EL10_0 |
                         ARMMMUIdxBit_S2NS);
 }
 
@@ -681,8 +681,8 @@ static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     CPUState *cs = env_cpu(env);
 
     tlb_flush_by_mmuidx_all_cpus_synced(cs,
-                                        ARMMMUIdxBit_S12NSE1 |
-                                        ARMMMUIdxBit_S12NSE0 |
+                                        ARMMMUIdxBit_EL10_1 |
+                                        ARMMMUIdxBit_EL10_0 |
                                         ARMMMUIdxBit_S2NS);
 }
 
@@ -3068,7 +3068,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
         format64 = arm_s1_regime_using_lpae_format(env, mmu_idx);
 
         if (arm_feature(env, ARM_FEATURE_EL2)) {
-            if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
+            if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
                 format64 |= env->cp15.hcr_el2 & (HCR_VM | HCR_DC);
             } else {
                 format64 |= arm_current_el(env) == 2;
@@ -3167,11 +3167,11 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
         break;
     case 4:
         /* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
-        mmu_idx = ARMMMUIdx_S12NSE1;
+        mmu_idx = ARMMMUIdx_EL10_1;
         break;
     case 6:
         /* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
-        mmu_idx = ARMMMUIdx_S12NSE0;
+        mmu_idx = ARMMMUIdx_EL10_0;
         break;
     default:
         g_assert_not_reached();
@@ -3229,10 +3229,10 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
         mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S1NSE0;
         break;
     case 4: /* AT S12E1R, AT S12E1W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_S12NSE1;
+        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_EL10_1;
         break;
     case 6: /* AT S12E0R, AT S12E0W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S12NSE0;
+        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_EL10_0;
         break;
     default:
         g_assert_not_reached();
@@ -3531,8 +3531,8 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     /* Accesses to VTTBR may change the VMID so we must flush the TLB.  */
     if (raw_read(env, ri) != value) {
         tlb_flush_by_mmuidx(cs,
-                            ARMMMUIdxBit_S12NSE1 |
-                            ARMMMUIdxBit_S12NSE0 |
+                            ARMMMUIdxBit_EL10_1 |
+                            ARMMMUIdxBit_EL10_0 |
                             ARMMMUIdxBit_S2NS);
         raw_write(env, ri, value);
     }
@@ -3893,7 +3893,7 @@ static int vae1_tlbmask(CPUARMState *env)
     if (arm_is_secure_below_el3(env)) {
         return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
     } else {
-        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
+        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
     }
 }
 
@@ -3929,9 +3929,9 @@ static int vmalle1_tlbmask(CPUARMState *env)
     if (arm_is_secure_below_el3(env)) {
         return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
     } else if (arm_feature(env, ARM_FEATURE_EL2)) {
-        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0 | ARMMMUIdxBit_S2NS;
+        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_S2NS;
     } else {
-        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
+        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
     }
 }
 
@@ -8671,8 +8671,8 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
  */
 static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
 {
-    if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
-        mmu_idx += (ARMMMUIdx_S1NSE0 - ARMMMUIdx_S12NSE0);
+    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
+        mmu_idx += (ARMMMUIdx_S1NSE0 - ARMMMUIdx_EL10_0);
     }
     return mmu_idx;
 }
@@ -8715,8 +8715,8 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
         return true;
     default:
         return false;
-    case ARMMMUIdx_S12NSE0:
-    case ARMMMUIdx_S12NSE1:
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL10_1:
         g_assert_not_reached();
     }
 }
@@ -10620,7 +10620,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
                    target_ulong *page_size,
                    ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
 {
-    if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
+    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
         /* Call ourselves recursively to do the stage 1 and then stage 2
          * translations.
          */
@@ -11148,7 +11148,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
     if (el < 2 && arm_is_secure_below_el3(env)) {
         return ARMMMUIdx_S1SE0 + el;
     } else {
-        return ARMMMUIdx_S12NSE0 + el;
+        return ARMMMUIdx_EL10_0 + el;
     }
 }
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d4bebbe629..2703ebf32a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -113,8 +113,8 @@ static inline int get_a64_user_mem_index(DisasContext *s)
     ARMMMUIdx useridx;
 
     switch (s->mmu_idx) {
-    case ARMMMUIdx_S12NSE1:
-        useridx = ARMMMUIdx_S12NSE0;
+    case ARMMMUIdx_EL10_1:
+        useridx = ARMMMUIdx_EL10_0;
         break;
     case ARMMMUIdx_S1SE1:
         useridx = ARMMMUIdx_S1SE0;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 4d5d4bd888..e3deea50e0 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -153,9 +153,9 @@ static inline int get_a32_user_mem_index(DisasContext *s)
      */
     switch (s->mmu_idx) {
     case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
-    case ARMMMUIdx_S12NSE0:
-    case ARMMMUIdx_S12NSE1:
-        return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL10_1:
+        return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
     case ARMMMUIdx_S1E3:
     case ARMMMUIdx_S1SE0:
     case ARMMMUIdx_S1SE1:
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (7 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_* Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 10:40   ` Alex Bennée
  2019-12-06 15:46   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E* Richard Henderson
                   ` (30 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The EL1&0 regime is the only one that uses 2-stage translation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h           |  4 +--
 target/arm/internals.h     |  2 +-
 target/arm/helper.c        | 57 ++++++++++++++++++++------------------
 target/arm/translate-a64.c |  2 +-
 target/arm/translate.c     |  2 +-
 5 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 802cddd2df..fdb868f2e9 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2870,7 +2870,7 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1SE1 = 5 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S2NS = 6 | ARM_MMU_IDX_A,
+    ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
     ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
     ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
     ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
@@ -2896,7 +2896,7 @@ typedef enum ARMMMUIdxBit {
     ARMMMUIdxBit_S1E3 = 1 << 3,
     ARMMMUIdxBit_S1SE0 = 1 << 4,
     ARMMMUIdxBit_S1SE1 = 1 << 5,
-    ARMMMUIdxBit_S2NS = 1 << 6,
+    ARMMMUIdxBit_Stage2 = 1 << 6,
     ARMMMUIdxBit_MUser = 1 << 0,
     ARMMMUIdxBit_MPriv = 1 << 1,
     ARMMMUIdxBit_MUserNegPri = 1 << 2,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 54142dd789..ca8be78bbf 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -813,7 +813,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_S1NSE0:
     case ARMMMUIdx_S1NSE1:
     case ARMMMUIdx_S1E2:
-    case ARMMMUIdx_S2NS:
+    case ARMMMUIdx_Stage2:
     case ARMMMUIdx_MPrivNegPri:
     case ARMMMUIdx_MUserNegPri:
     case ARMMMUIdx_MPriv:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d2b90763ca..97677f8482 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -672,7 +672,7 @@ static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
     tlb_flush_by_mmuidx(cs,
                         ARMMMUIdxBit_EL10_1 |
                         ARMMMUIdxBit_EL10_0 |
-                        ARMMMUIdxBit_S2NS);
+                        ARMMMUIdxBit_Stage2);
 }
 
 static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -683,7 +683,7 @@ static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     tlb_flush_by_mmuidx_all_cpus_synced(cs,
                                         ARMMMUIdxBit_EL10_1 |
                                         ARMMMUIdxBit_EL10_0 |
-                                        ARMMMUIdxBit_S2NS);
+                                        ARMMMUIdxBit_Stage2);
 }
 
 static void tlbiipas2_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -704,7 +704,7 @@ static void tlbiipas2_write(CPUARMState *env, const ARMCPRegInfo *ri,
 
     pageaddr = sextract64(value << 12, 0, 40);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S2NS);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_Stage2);
 }
 
 static void tlbiipas2_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -720,7 +720,7 @@ static void tlbiipas2_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     pageaddr = sextract64(value << 12, 0, 40);
 
     tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                             ARMMMUIdxBit_S2NS);
+                                             ARMMMUIdxBit_Stage2);
 }
 
 static void tlbiall_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -3528,12 +3528,15 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     ARMCPU *cpu = env_archcpu(env);
     CPUState *cs = CPU(cpu);
 
-    /* Accesses to VTTBR may change the VMID so we must flush the TLB.  */
+    /*
+     * A change in VMID to the stage2 page table (Stage2) invalidates
+     * the combined stage 1&2 tlbs (EL10_1 and EL10_0).
+     */
     if (raw_read(env, ri) != value) {
         tlb_flush_by_mmuidx(cs,
                             ARMMMUIdxBit_EL10_1 |
                             ARMMMUIdxBit_EL10_0 |
-                            ARMMMUIdxBit_S2NS);
+                            ARMMMUIdxBit_Stage2);
         raw_write(env, ri, value);
     }
 }
@@ -3929,7 +3932,7 @@ static int vmalle1_tlbmask(CPUARMState *env)
     if (arm_is_secure_below_el3(env)) {
         return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
     } else if (arm_feature(env, ARM_FEATURE_EL2)) {
-        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_S2NS;
+        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
     } else {
         return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
     }
@@ -4083,7 +4086,7 @@ static void tlbi_aa64_ipas2e1_write(CPUARMState *env, const ARMCPRegInfo *ri,
 
     pageaddr = sextract64(value << 12, 0, 48);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S2NS);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_Stage2);
 }
 
 static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4099,7 +4102,7 @@ static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     pageaddr = sextract64(value << 12, 0, 48);
 
     tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                             ARMMMUIdxBit_S2NS);
+                                             ARMMMUIdxBit_Stage2);
 }
 
 static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -8560,7 +8563,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
 static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
-    case ARMMMUIdx_S2NS:
+    case ARMMMUIdx_Stage2:
     case ARMMMUIdx_S1E2:
         return 2;
     case ARMMMUIdx_S1E3:
@@ -8614,7 +8617,7 @@ static inline bool regime_translation_disabled(CPUARMState *env,
         }
     }
 
-    if (mmu_idx == ARMMMUIdx_S2NS) {
+    if (mmu_idx == ARMMMUIdx_Stage2) {
         /* HCR.DC means HCR.VM behaves as 1 */
         return (env->cp15.hcr_el2 & (HCR_DC | HCR_VM)) == 0;
     }
@@ -8645,7 +8648,7 @@ static inline bool regime_translation_big_endian(CPUARMState *env,
 static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx,
                                    int ttbrn)
 {
-    if (mmu_idx == ARMMMUIdx_S2NS) {
+    if (mmu_idx == ARMMMUIdx_Stage2) {
         return env->cp15.vttbr_el2;
     }
     if (ttbrn == 0) {
@@ -8660,7 +8663,7 @@ static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx,
 /* Return the TCR controlling this translation regime */
 static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
-    if (mmu_idx == ARMMMUIdx_S2NS) {
+    if (mmu_idx == ARMMMUIdx_Stage2) {
         return &env->cp15.vtcr_el2;
     }
     return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
@@ -8847,7 +8850,7 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
     bool have_wxn;
     int wxn = 0;
 
-    assert(mmu_idx != ARMMMUIdx_S2NS);
+    assert(mmu_idx != ARMMMUIdx_Stage2);
 
     user_rw = simple_ap_to_rw_prot_is_user(ap, true);
     if (is_user) {
@@ -8939,7 +8942,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
                                ARMMMUFaultInfo *fi)
 {
     if ((mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1) &&
-        !regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
+        !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
         target_ulong s2size;
         hwaddr s2pa;
         int s2prot;
@@ -8956,7 +8959,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
             pcacheattrs = &cacheattrs;
         }
 
-        ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
+        ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_Stage2, &s2pa,
                                  &txattrs, &s2prot, &s2size, fi, pcacheattrs);
         if (ret) {
             assert(fi->type != ARMFault_None);
@@ -9428,7 +9431,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
         tsz = extract32(tcr, 0, 6);
         using64k = extract32(tcr, 14, 1);
         using16k = extract32(tcr, 15, 1);
-        if (mmu_idx == ARMMMUIdx_S2NS) {
+        if (mmu_idx == ARMMMUIdx_Stage2) {
             /* VTCR_EL2 */
             tbi = tbid = hpd = false;
         } else {
@@ -9489,7 +9492,7 @@ static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va,
     int select, tsz;
     bool epd, hpd;
 
-    if (mmu_idx == ARMMMUIdx_S2NS) {
+    if (mmu_idx == ARMMMUIdx_Stage2) {
         /* VTCR */
         bool sext = extract32(tcr, 4, 1);
         bool sign = extract32(tcr, 3, 1);
@@ -9591,7 +9594,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
         level = 1;
         /* There is no TTBR1 for EL2 */
         ttbr1_valid = (el != 2);
-        addrsize = (mmu_idx == ARMMMUIdx_S2NS ? 40 : 32);
+        addrsize = (mmu_idx == ARMMMUIdx_Stage2 ? 40 : 32);
         inputsize = addrsize - param.tsz;
     }
 
@@ -9642,7 +9645,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
         goto do_fault;
     }
 
-    if (mmu_idx != ARMMMUIdx_S2NS) {
+    if (mmu_idx != ARMMMUIdx_Stage2) {
         /* The starting level depends on the virtual address size (which can
          * be up to 48 bits) and the translation granule size. It indicates
          * the number of strides (stride bits at a time) needed to
@@ -9742,7 +9745,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
         attrs = extract64(descriptor, 2, 10)
             | (extract64(descriptor, 52, 12) << 10);
 
-        if (mmu_idx == ARMMMUIdx_S2NS) {
+        if (mmu_idx == ARMMMUIdx_Stage2) {
             /* Stage 2 table descriptors do not include any attribute fields */
             break;
         }
@@ -9773,7 +9776,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
     ap = extract32(attrs, 4, 2);
     xn = extract32(attrs, 12, 1);
 
-    if (mmu_idx == ARMMMUIdx_S2NS) {
+    if (mmu_idx == ARMMMUIdx_Stage2) {
         ns = true;
         *prot = get_S2prot(env, ap, xn);
     } else {
@@ -9800,7 +9803,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
     }
 
     if (cacheattrs != NULL) {
-        if (mmu_idx == ARMMMUIdx_S2NS) {
+        if (mmu_idx == ARMMMUIdx_Stage2) {
             cacheattrs->attrs = convert_stage2_attrs(env,
                                                      extract32(attrs, 0, 4));
         } else {
@@ -9821,7 +9824,7 @@ do_fault:
     fi->type = fault_type;
     fi->level = level;
     /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2.  */
-    fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_S2NS);
+    fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2);
     return true;
 }
 
@@ -10635,13 +10638,13 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
                                 prot, page_size, fi, cacheattrs);
 
             /* If S1 fails or S2 is disabled, return early.  */
-            if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
+            if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
                 *phys_ptr = ipa;
                 return ret;
             }
 
             /* S1 is done. Now do S2 translation.  */
-            ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS,
+            ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_Stage2,
                                      phys_ptr, attrs, &s2_prot,
                                      page_size, fi,
                                      cacheattrs != NULL ? &cacheattrs2 : NULL);
@@ -10683,7 +10686,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
     /* Fast Context Switch Extension. This doesn't exist at all in v8.
      * In v7 and earlier it affects all stage 1 translations.
      */
-    if (address < 0x02000000 && mmu_idx != ARMMMUIdx_S2NS
+    if (address < 0x02000000 && mmu_idx != ARMMMUIdx_Stage2
         && !arm_feature(env, ARM_FEATURE_V8)) {
         if (regime_el(env, mmu_idx) == 3) {
             address += env->cp15.fcseidr_s;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 2703ebf32a..3a39315a6c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -119,7 +119,7 @@ static inline int get_a64_user_mem_index(DisasContext *s)
     case ARMMMUIdx_S1SE1:
         useridx = ARMMMUIdx_S1SE0;
         break;
-    case ARMMMUIdx_S2NS:
+    case ARMMMUIdx_Stage2:
         g_assert_not_reached();
     default:
         useridx = s->mmu_idx;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index e3deea50e0..1716bbb615 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -172,7 +172,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
     case ARMMMUIdx_MSUserNegPri:
     case ARMMMUIdx_MSPrivNegPri:
         return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
-    case ARMMMUIdx_S2NS:
+    case ARMMMUIdx_Stage2:
     default:
         g_assert_not_reached();
     }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E*
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (8 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2 Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:00   ` Alex Bennée
  2019-12-06 15:47   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE* Richard Henderson
                   ` (29 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This is part of a reorganization to the set of mmu_idx.
The EL1&0 regime is the only one that uses 2-stage translation.
Spelling out Stage avoids confusion with Secure.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h       |  4 ++--
 target/arm/internals.h |  6 +++---
 target/arm/helper.c    | 27 ++++++++++++++-------------
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index fdb868f2e9..0714c52176 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2882,8 +2882,8 @@ typedef enum ARMMMUIdx {
     /* Indexes below here don't have TLBs and are used only for AT system
      * instructions or for the first stage of an S12 page table walk.
      */
-    ARMMMUIdx_S1NSE0 = 0 | ARM_MMU_IDX_NOTLB,
-    ARMMMUIdx_S1NSE1 = 1 | ARM_MMU_IDX_NOTLB,
+    ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
+    ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
 } ARMMMUIdx;
 
 /* Bit macros for the core-mmu-index values for each index,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index ca8be78bbf..3fd1518f3b 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -810,8 +810,8 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     switch (mmu_idx) {
     case ARMMMUIdx_EL10_0:
     case ARMMMUIdx_EL10_1:
-    case ARMMMUIdx_S1NSE0:
-    case ARMMMUIdx_S1NSE1:
+    case ARMMMUIdx_Stage1_E0:
+    case ARMMMUIdx_Stage1_E1:
     case ARMMMUIdx_S1E2:
     case ARMMMUIdx_Stage2:
     case ARMMMUIdx_MPrivNegPri:
@@ -975,7 +975,7 @@ ARMMMUIdx arm_mmu_idx(CPUARMState *env);
 #ifdef CONFIG_USER_ONLY
 static inline ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
 {
-    return ARMMMUIdx_S1NSE0;
+    return ARMMMUIdx_Stage1_E0;
 }
 #else
 ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 97677f8482..a34accec20 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2992,7 +2992,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
         bool take_exc = false;
 
         if (fi.s1ptw && current_el == 1 && !arm_is_secure(env)
-            && (mmu_idx == ARMMMUIdx_S1NSE1 || mmu_idx == ARMMMUIdx_S1NSE0)) {
+            && (mmu_idx == ARMMMUIdx_Stage1_E1
+                || mmu_idx == ARMMMUIdx_Stage1_E0)) {
             /*
              * Synchronous stage 2 fault on an access made as part of the
              * translation table walk for AT S1E0* or AT S1E1* insn
@@ -3140,10 +3141,10 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
             mmu_idx = ARMMMUIdx_S1E3;
             break;
         case 2:
-            mmu_idx = ARMMMUIdx_S1NSE1;
+            mmu_idx = ARMMMUIdx_Stage1_E1;
             break;
         case 1:
-            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_S1NSE1;
+            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
             break;
         default:
             g_assert_not_reached();
@@ -3156,10 +3157,10 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
             mmu_idx = ARMMMUIdx_S1SE0;
             break;
         case 2:
-            mmu_idx = ARMMMUIdx_S1NSE0;
+            mmu_idx = ARMMMUIdx_Stage1_E0;
             break;
         case 1:
-            mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S1NSE0;
+            mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
             break;
         default:
             g_assert_not_reached();
@@ -3213,7 +3214,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
     case 0:
         switch (ri->opc1) {
         case 0: /* AT S1E1R, AT S1E1W */
-            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_S1NSE1;
+            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
             break;
         case 4: /* AT S1E2R, AT S1E2W */
             mmu_idx = ARMMMUIdx_S1E2;
@@ -3226,7 +3227,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
         }
         break;
     case 2: /* AT S1E0R, AT S1E0W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S1NSE0;
+        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
         break;
     case 4: /* AT S12E1R, AT S12E1W */
         mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_EL10_1;
@@ -8571,8 +8572,8 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_S1SE0:
         return arm_el_is_aa64(env, 3) ? 1 : 3;
     case ARMMMUIdx_S1SE1:
-    case ARMMMUIdx_S1NSE0:
-    case ARMMMUIdx_S1NSE1:
+    case ARMMMUIdx_Stage1_E0:
+    case ARMMMUIdx_Stage1_E1:
     case ARMMMUIdx_MPrivNegPri:
     case ARMMMUIdx_MUserNegPri:
     case ARMMMUIdx_MPriv:
@@ -8630,7 +8631,7 @@ static inline bool regime_translation_disabled(CPUARMState *env,
     }
 
     if ((env->cp15.hcr_el2 & HCR_DC) &&
-        (mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1)) {
+        (mmu_idx == ARMMMUIdx_Stage1_E0 || mmu_idx == ARMMMUIdx_Stage1_E1)) {
         /* HCR.DC means SCTLR_EL1.M behaves as 0 */
         return true;
     }
@@ -8675,7 +8676,7 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
 static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
 {
     if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
-        mmu_idx += (ARMMMUIdx_S1NSE0 - ARMMMUIdx_EL10_0);
+        mmu_idx += (ARMMMUIdx_Stage1_E0 - ARMMMUIdx_EL10_0);
     }
     return mmu_idx;
 }
@@ -8710,7 +8711,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
     case ARMMMUIdx_S1SE0:
-    case ARMMMUIdx_S1NSE0:
+    case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_MUser:
     case ARMMMUIdx_MSUser:
     case ARMMMUIdx_MUserNegPri:
@@ -8941,7 +8942,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
                                hwaddr addr, MemTxAttrs txattrs,
                                ARMMMUFaultInfo *fi)
 {
-    if ((mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1) &&
+    if ((mmu_idx == ARMMMUIdx_Stage1_E0 || mmu_idx == ARMMMUIdx_Stage1_E1) &&
         !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
         target_ulong s2size;
         hwaddr s2pa;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE*
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (9 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E* Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:01   ` Alex Bennée
  2019-12-06 15:47   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3 Richard Henderson
                   ` (28 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This is part of a reorganization to the set of mmu_idx.
The Secure regimes all have a single stage translation;
there is no point in pointing out that the idx is for stage1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h           |  8 ++++----
 target/arm/internals.h     |  4 ++--
 target/arm/translate.h     |  2 +-
 target/arm/helper.c        | 26 +++++++++++++-------------
 target/arm/translate-a64.c |  4 ++--
 target/arm/translate.c     |  6 +++---
 6 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 0714c52176..e8ee316e05 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2868,8 +2868,8 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S1SE1 = 5 | ARM_MMU_IDX_A,
+    ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
+    ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
     ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
     ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
     ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
@@ -2894,8 +2894,8 @@ typedef enum ARMMMUIdxBit {
     ARMMMUIdxBit_EL10_1 = 1 << 1,
     ARMMMUIdxBit_S1E2 = 1 << 2,
     ARMMMUIdxBit_S1E3 = 1 << 3,
-    ARMMMUIdxBit_S1SE0 = 1 << 4,
-    ARMMMUIdxBit_S1SE1 = 1 << 5,
+    ARMMMUIdxBit_SE0 = 1 << 4,
+    ARMMMUIdxBit_SE1 = 1 << 5,
     ARMMMUIdxBit_Stage2 = 1 << 6,
     ARMMMUIdxBit_MUser = 1 << 0,
     ARMMMUIdxBit_MPriv = 1 << 1,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3fd1518f3b..3600bf9122 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -820,8 +820,8 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_MUser:
         return false;
     case ARMMMUIdx_S1E3:
-    case ARMMMUIdx_S1SE0:
-    case ARMMMUIdx_S1SE1:
+    case ARMMMUIdx_SE0:
+    case ARMMMUIdx_SE1:
     case ARMMMUIdx_MSPrivNegPri:
     case ARMMMUIdx_MSUserNegPri:
     case ARMMMUIdx_MSPriv:
diff --git a/target/arm/translate.h b/target/arm/translate.h
index dd24f91f26..3760159661 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -124,7 +124,7 @@ static inline int default_exception_el(DisasContext *s)
      * exceptions can only be routed to ELs above 1, so we target the higher of
      * 1 or the current EL.
      */
-    return (s->mmu_idx == ARMMMUIdx_S1SE0 && s->secure_routed_to_el3)
+    return (s->mmu_idx == ARMMMUIdx_SE0 && s->secure_routed_to_el3)
             ? 3 : MAX(1, s->current_el);
 }
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a34accec20..377825431a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3144,7 +3144,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
             mmu_idx = ARMMMUIdx_Stage1_E1;
             break;
         case 1:
-            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
+            mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
             break;
         default:
             g_assert_not_reached();
@@ -3154,13 +3154,13 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
         /* stage 1 current state PL0: ATS1CUR, ATS1CUW */
         switch (el) {
         case 3:
-            mmu_idx = ARMMMUIdx_S1SE0;
+            mmu_idx = ARMMMUIdx_SE0;
             break;
         case 2:
             mmu_idx = ARMMMUIdx_Stage1_E0;
             break;
         case 1:
-            mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
+            mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_Stage1_E0;
             break;
         default:
             g_assert_not_reached();
@@ -3214,7 +3214,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
     case 0:
         switch (ri->opc1) {
         case 0: /* AT S1E1R, AT S1E1W */
-            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
+            mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
             break;
         case 4: /* AT S1E2R, AT S1E2W */
             mmu_idx = ARMMMUIdx_S1E2;
@@ -3227,13 +3227,13 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
         }
         break;
     case 2: /* AT S1E0R, AT S1E0W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
+        mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_Stage1_E0;
         break;
     case 4: /* AT S12E1R, AT S12E1W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_EL10_1;
+        mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_EL10_1;
         break;
     case 6: /* AT S12E0R, AT S12E0W */
-        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_EL10_0;
+        mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_EL10_0;
         break;
     default:
         g_assert_not_reached();
@@ -3895,7 +3895,7 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
 static int vae1_tlbmask(CPUARMState *env)
 {
     if (arm_is_secure_below_el3(env)) {
-        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
+        return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
     } else {
         return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
     }
@@ -3931,7 +3931,7 @@ static int vmalle1_tlbmask(CPUARMState *env)
      * stage 1 translations.
      */
     if (arm_is_secure_below_el3(env)) {
-        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
+        return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
     } else if (arm_feature(env, ARM_FEATURE_EL2)) {
         return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
     } else {
@@ -8569,9 +8569,9 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
         return 2;
     case ARMMMUIdx_S1E3:
         return 3;
-    case ARMMMUIdx_S1SE0:
+    case ARMMMUIdx_SE0:
         return arm_el_is_aa64(env, 3) ? 1 : 3;
-    case ARMMMUIdx_S1SE1:
+    case ARMMMUIdx_SE1:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_Stage1_E1:
     case ARMMMUIdx_MPrivNegPri:
@@ -8710,7 +8710,7 @@ bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx)
 static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
-    case ARMMMUIdx_S1SE0:
+    case ARMMMUIdx_SE0:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_MUser:
     case ARMMMUIdx_MSUser:
@@ -11150,7 +11150,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
     }
 
     if (el < 2 && arm_is_secure_below_el3(env)) {
-        return ARMMMUIdx_S1SE0 + el;
+        return ARMMMUIdx_SE0 + el;
     } else {
         return ARMMMUIdx_EL10_0 + el;
     }
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 3a39315a6c..885c99f0c9 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -116,8 +116,8 @@ static inline int get_a64_user_mem_index(DisasContext *s)
     case ARMMMUIdx_EL10_1:
         useridx = ARMMMUIdx_EL10_0;
         break;
-    case ARMMMUIdx_S1SE1:
-        useridx = ARMMMUIdx_S1SE0;
+    case ARMMMUIdx_SE1:
+        useridx = ARMMMUIdx_SE0;
         break;
     case ARMMMUIdx_Stage2:
         g_assert_not_reached();
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 1716bbb615..787e34f258 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -157,9 +157,9 @@ static inline int get_a32_user_mem_index(DisasContext *s)
     case ARMMMUIdx_EL10_1:
         return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
     case ARMMMUIdx_S1E3:
-    case ARMMMUIdx_S1SE0:
-    case ARMMMUIdx_S1SE1:
-        return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
+    case ARMMMUIdx_SE0:
+    case ARMMMUIdx_SE1:
+        return arm_to_core_mmu_idx(ARMMMUIdx_SE0);
     case ARMMMUIdx_MUser:
     case ARMMMUIdx_MPriv:
         return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (10 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE* Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:02   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2 Richard Henderson
                   ` (27 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This is part of a reorganization to the set of mmu_idx.
The EL3 regime only has a single stage translation, and
is always secure.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h       |  4 ++--
 target/arm/internals.h |  2 +-
 target/arm/helper.c    | 14 +++++++-------
 target/arm/translate.c |  2 +-
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e8ee316e05..f307de561a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2867,7 +2867,7 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
     ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
     ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
+    ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
     ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
@@ -2893,7 +2893,7 @@ typedef enum ARMMMUIdxBit {
     ARMMMUIdxBit_EL10_0 = 1 << 0,
     ARMMMUIdxBit_EL10_1 = 1 << 1,
     ARMMMUIdxBit_S1E2 = 1 << 2,
-    ARMMMUIdxBit_S1E3 = 1 << 3,
+    ARMMMUIdxBit_SE3 = 1 << 3,
     ARMMMUIdxBit_SE0 = 1 << 4,
     ARMMMUIdxBit_SE1 = 1 << 5,
     ARMMMUIdxBit_Stage2 = 1 << 6,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3600bf9122..50d258b0e1 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -819,7 +819,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_MPriv:
     case ARMMMUIdx_MUser:
         return false;
-    case ARMMMUIdx_S1E3:
+    case ARMMMUIdx_SE3:
     case ARMMMUIdx_SE0:
     case ARMMMUIdx_SE1:
     case ARMMMUIdx_MSPrivNegPri:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 377825431a..98d00b4549 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3138,7 +3138,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
         /* stage 1 current state PL1: ATS1CPR, ATS1CPW */
         switch (el) {
         case 3:
-            mmu_idx = ARMMMUIdx_S1E3;
+            mmu_idx = ARMMMUIdx_SE3;
             break;
         case 2:
             mmu_idx = ARMMMUIdx_Stage1_E1;
@@ -3220,7 +3220,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
             mmu_idx = ARMMMUIdx_S1E2;
             break;
         case 6: /* AT S1E3R, AT S1E3W */
-            mmu_idx = ARMMMUIdx_S1E3;
+            mmu_idx = ARMMMUIdx_SE3;
             break;
         default:
             g_assert_not_reached();
@@ -3963,7 +3963,7 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
     ARMCPU *cpu = env_archcpu(env);
     CPUState *cs = CPU(cpu);
 
-    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E3);
+    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_SE3);
 }
 
 static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -3988,7 +3988,7 @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     CPUState *cs = env_cpu(env);
 
-    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E3);
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_SE3);
 }
 
 static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4016,7 +4016,7 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
     CPUState *cs = CPU(cpu);
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E3);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_SE3);
 }
 
 static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4065,7 +4065,7 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
     tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                             ARMMMUIdxBit_S1E3);
+                                             ARMMMUIdxBit_SE3);
 }
 
 static void tlbi_aa64_ipas2e1_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -8567,7 +8567,7 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_Stage2:
     case ARMMMUIdx_S1E2:
         return 2;
-    case ARMMMUIdx_S1E3:
+    case ARMMMUIdx_SE3:
         return 3;
     case ARMMMUIdx_SE0:
         return arm_el_is_aa64(env, 3) ? 1 : 3;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 787e34f258..6cf2fe2806 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -156,7 +156,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
     case ARMMMUIdx_EL10_0:
     case ARMMMUIdx_EL10_1:
         return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
-    case ARMMMUIdx_S1E3:
+    case ARMMMUIdx_SE3:
     case ARMMMUIdx_SE0:
     case ARMMMUIdx_SE1:
         return arm_to_core_mmu_idx(ARMMMUIdx_SE0);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (11 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3 Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:03   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs Richard Henderson
                   ` (26 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This is part of a reorganization to the set of mmu_idx.
The non-secure EL2 regime only has a single stage translation;
there is no point in pointing out that the idx is for stage1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h       |  4 ++--
 target/arm/internals.h |  2 +-
 target/arm/helper.c    | 22 +++++++++++-----------
 target/arm/translate.c |  2 +-
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index f307de561a..28259be733 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2866,7 +2866,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
 typedef enum ARMMMUIdx {
     ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
     ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
-    ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
+    ARMMMUIdx_E2 = 2 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
@@ -2892,7 +2892,7 @@ typedef enum ARMMMUIdx {
 typedef enum ARMMMUIdxBit {
     ARMMMUIdxBit_EL10_0 = 1 << 0,
     ARMMMUIdxBit_EL10_1 = 1 << 1,
-    ARMMMUIdxBit_S1E2 = 1 << 2,
+    ARMMMUIdxBit_E2 = 1 << 2,
     ARMMMUIdxBit_SE3 = 1 << 3,
     ARMMMUIdxBit_SE0 = 1 << 4,
     ARMMMUIdxBit_SE1 = 1 << 5,
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 50d258b0e1..aee54dc105 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -812,7 +812,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_EL10_1:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_Stage1_E1:
-    case ARMMMUIdx_S1E2:
+    case ARMMMUIdx_E2:
     case ARMMMUIdx_Stage2:
     case ARMMMUIdx_MPrivNegPri:
     case ARMMMUIdx_MUserNegPri:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 98d00b4549..5172843667 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -728,7 +728,7 @@ static void tlbiall_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     CPUState *cs = env_cpu(env);
 
-    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E2);
+    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
 }
 
 static void tlbiall_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -736,7 +736,7 @@ static void tlbiall_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     CPUState *cs = env_cpu(env);
 
-    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E2);
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E2);
 }
 
 static void tlbimva_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -745,7 +745,7 @@ static void tlbimva_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
     CPUState *cs = env_cpu(env);
     uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E2);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E2);
 }
 
 static void tlbimva_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -755,7 +755,7 @@ static void tlbimva_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12);
 
     tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                             ARMMMUIdxBit_S1E2);
+                                             ARMMMUIdxBit_E2);
 }
 
 static const ARMCPRegInfo cp_reginfo[] = {
@@ -3189,7 +3189,7 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
     MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
     uint64_t par64;
 
-    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_S1E2);
+    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2);
 
     A32_BANKED_CURRENT_REG_SET(env, par, par64);
 }
@@ -3217,7 +3217,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
             mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
             break;
         case 4: /* AT S1E2R, AT S1E2W */
-            mmu_idx = ARMMMUIdx_S1E2;
+            mmu_idx = ARMMMUIdx_E2;
             break;
         case 6: /* AT S1E3R, AT S1E3W */
             mmu_idx = ARMMMUIdx_SE3;
@@ -3954,7 +3954,7 @@ static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
     ARMCPU *cpu = env_archcpu(env);
     CPUState *cs = CPU(cpu);
 
-    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E2);
+    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
 }
 
 static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -3980,7 +3980,7 @@ static void tlbi_aa64_alle2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     CPUState *cs = env_cpu(env);
 
-    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E2);
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E2);
 }
 
 static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4002,7 +4002,7 @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
     CPUState *cs = CPU(cpu);
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E2);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E2);
 }
 
 static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4055,7 +4055,7 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
     tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
-                                             ARMMMUIdxBit_S1E2);
+                                             ARMMMUIdxBit_E2);
 }
 
 static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -8565,7 +8565,7 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
     case ARMMMUIdx_Stage2:
-    case ARMMMUIdx_S1E2:
+    case ARMMMUIdx_E2:
         return 2;
     case ARMMMUIdx_SE3:
         return 3;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 6cf2fe2806..51ea99e6f9 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -152,7 +152,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
      *  otherwise, access as if at PL0.
      */
     switch (s->mmu_idx) {
-    case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
+    case ARMMMUIdx_E2:        /* this one is UNPREDICTABLE */
     case ARMMMUIdx_EL10_0:
     case ARMMMUIdx_EL10_1:
         return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (12 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2 Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:43   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits Richard Henderson
                   ` (25 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

We had completely run out of TBFLAG bits.
Split A- and M-profile bits into two overlapping buckets.
This results in 4 free bits.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h       | 52 ++++++++++++++++++++++++---------------
 target/arm/helper.c    | 17 ++++++-------
 target/arm/translate.c | 56 +++++++++++++++++++++++-------------------
 3 files changed, 70 insertions(+), 55 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 28259be733..ae9fc1ded3 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3188,38 +3188,50 @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
  */
 FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
 
-/* Bit usage when in AArch32 state: */
-FIELD(TBFLAG_A32, THUMB, 0, 1)          /* Not cached. */
-FIELD(TBFLAG_A32, VECLEN, 1, 3)         /* Not cached. */
-FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)      /* Not cached. */
+/*
+ * Bit usage when in AArch32 state, both A- and M-profile.
+ */
+FIELD(TBFLAG_AM32, CONDEXEC, 0, 8)      /* Not cached. */
+FIELD(TBFLAG_AM32, THUMB, 8, 1)         /* Not cached. */
+
+/*
+ * Bit usage when in AArch32 state, for A-profile only.
+ */
+FIELD(TBFLAG_A32, VECLEN, 9, 3)         /* Not cached. */
+FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
 /*
  * We store the bottom two bits of the CPAR as TB flags and handle
  * checks on the other bits at runtime. This shares the same bits as
  * VECSTRIDE, which is OK as no XScale CPU has VFP.
  * Not cached, because VECLEN+VECSTRIDE are not cached.
  */
-FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
+FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
+FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
+FIELD(TBFLAG_A32, SCTLR_B, 15, 1)
 /*
  * Indicates whether cp register reads and writes by guest code should access
  * the secure or nonsecure bank of banked registers; note that this is not
  * the same thing as the current security state of the processor!
  */
-FIELD(TBFLAG_A32, NS, 6, 1)
-FIELD(TBFLAG_A32, VFPEN, 7, 1)          /* Partially cached, minus FPEXC. */
-FIELD(TBFLAG_A32, CONDEXEC, 8, 8)       /* Not cached. */
-FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
-/* For M profile only, set if FPCCR.LSPACT is set */
-FIELD(TBFLAG_A32, LSPACT, 18, 1)        /* Not cached. */
-/* For M profile only, set if we must create a new FP context */
-FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* Not cached. */
-/* For M profile only, set if FPCCR.S does not match current security state */
-FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* Not cached. */
-/* For M profile only, Handler (ie not Thread) mode */
-FIELD(TBFLAG_A32, HANDLER, 21, 1)
-/* For M profile only, whether we should generate stack-limit checks */
-FIELD(TBFLAG_A32, STACKCHECK, 22, 1)
+FIELD(TBFLAG_A32, NS, 16, 1)
 
-/* Bit usage when in AArch64 state */
+/*
+ * Bit usage when in AArch32 state, for M-profile only.
+ */
+/* Handler (ie not Thread) mode */
+FIELD(TBFLAG_M32, HANDLER, 9, 1)
+/* Whether we should generate stack-limit checks */
+FIELD(TBFLAG_M32, STACKCHECK, 10, 1)
+/* Set if FPCCR.LSPACT is set */
+FIELD(TBFLAG_M32, LSPACT, 11, 1)                 /* Not cached. */
+/* Set if we must create a new FP context */
+FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 12, 1)     /* Not cached. */
+/* Set if FPCCR.S does not match current security state */
+FIELD(TBFLAG_M32, FPCCR_S_WRONG, 13, 1)          /* Not cached. */
+
+/*
+ * Bit usage when in AArch64 state
+ */
 FIELD(TBFLAG_A64, TBII, 0, 2)
 FIELD(TBFLAG_A64, SVEEXC_EL, 2, 2)
 FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5172843667..ec5c7fa325 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11207,11 +11207,8 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
 {
     uint32_t flags = 0;
 
-    /* v8M always enables the fpu.  */
-    flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
-
     if (arm_v7m_is_handler_mode(env)) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
+        flags = FIELD_DP32(flags, TBFLAG_M32, HANDLER, 1);
     }
 
     /*
@@ -11222,7 +11219,7 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
     if (arm_feature(env, ARM_FEATURE_V8) &&
         !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
           (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
-        flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1);
+        flags = FIELD_DP32(flags, TBFLAG_M32, STACKCHECK, 1);
     }
 
     return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
@@ -11385,7 +11382,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
                 FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
                 != env->v7m.secure) {
-                flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
+                flags = FIELD_DP32(flags, TBFLAG_M32, FPCCR_S_WRONG, 1);
             }
 
             if ((env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
@@ -11397,12 +11394,12 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                  * active FP context; we must create a new FP context before
                  * executing any FP insn.
                  */
-                flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
+                flags = FIELD_DP32(flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED, 1);
             }
 
             bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
             if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
-                flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
+                flags = FIELD_DP32(flags, TBFLAG_M32, LSPACT, 1);
             }
         } else {
             /*
@@ -11423,8 +11420,8 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             }
         }
 
-        flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
-        flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
+        flags = FIELD_DP32(flags, TBFLAG_AM32, THUMB, env->thumb);
+        flags = FIELD_DP32(flags, TBFLAG_AM32, CONDEXEC, env->condexec_bits);
         pstate_for_ss = env->uncached_cpsr;
     }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 51ea99e6f9..cd757165e1 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -10841,37 +10841,46 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      */
     dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
                                !arm_el_is_aa64(env, 3);
-    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
-    dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
-    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
-    condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
+    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_AM32, THUMB);
+    condexec = FIELD_EX32(tb_flags, TBFLAG_AM32, CONDEXEC);
     dc->condexec_mask = (condexec & 0xf) << 1;
     dc->condexec_cond = condexec >> 4;
+
     core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
     dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
     dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
 #if !defined(CONFIG_USER_ONLY)
     dc->user = (dc->current_el == 0);
 #endif
-    dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
     dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
-    dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
-    dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
-    if (arm_feature(env, ARM_FEATURE_XSCALE)) {
-        dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
-        dc->vec_stride = 0;
+
+    if (arm_feature(env, ARM_FEATURE_M)) {
+        dc->vfp_enabled = 1;
+        dc->be_data = MO_TE;
+        dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_M32, HANDLER);
+        dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
+            regime_is_secure(env, dc->mmu_idx);
+        dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_M32, STACKCHECK);
+        dc->v8m_fpccr_s_wrong =
+            FIELD_EX32(tb_flags, TBFLAG_M32, FPCCR_S_WRONG);
+        dc->v7m_new_fp_ctxt_needed =
+            FIELD_EX32(tb_flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED);
+        dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_M32, LSPACT);
     } else {
-        dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
-        dc->c15_cpar = 0;
+        dc->be_data =
+            FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
+        dc->debug_target_el =
+            FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
+        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
+        dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
+        dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
+        if (arm_feature(env, ARM_FEATURE_XSCALE)) {
+            dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
+        } else {
+            dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
+            dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
+        }
     }
-    dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
-    dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
-        regime_is_secure(env, dc->mmu_idx);
-    dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
-    dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
-    dc->v7m_new_fp_ctxt_needed =
-        FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
-    dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
     dc->cp_regs = cpu->cp_regs;
     dc->features = env->features;
 
@@ -10893,9 +10902,6 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
     dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
     dc->is_ldex = false;
-    if (!arm_feature(env, ARM_FEATURE_M)) {
-        dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
-    }
 
     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
 
@@ -11332,10 +11338,10 @@ static const TranslatorOps thumb_translator_ops = {
 /* generate intermediate code for basic block 'tb'.  */
 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
 {
-    DisasContext dc;
+    DisasContext dc = { };
     const TranslatorOps *ops = &arm_translator_ops;
 
-    if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
+    if (FIELD_EX32(tb->flags, TBFLAG_AM32, THUMB)) {
         ops = &thumb_translator_ops;
     }
 #ifdef TARGET_AARCH64
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (13 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:48   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit Richard Henderson
                   ` (24 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

We are about to expand the number of mmuidx to 10, and so need 4 bits.
For the benefit of reading the number out of -d exec, align it to the
penultimate nibble.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ae9fc1ded3..5f295c7e60 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3176,17 +3176,17 @@ typedef ARMCPU ArchCPU;
  * Unless otherwise noted, these bits are cached in env->hflags.
  */
 FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
-FIELD(TBFLAG_ANY, MMUIDX, 28, 3)
-FIELD(TBFLAG_ANY, SS_ACTIVE, 27, 1)
-FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)     /* Not cached. */
+FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
+FIELD(TBFLAG_ANY, PSTATE_SS, 29, 1)     /* Not cached. */
+FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
+FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
 /* Target EL if we take a floating-point-disabled exception */
-FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
-FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
+FIELD(TBFLAG_ANY, FPEXC_EL, 22, 2)
 /*
  * For A-profile only, target EL for debug exceptions.
  * Note that this overlaps with the M-profile-only HANDLER and STACKCHECK bits.
  */
-FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
+FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
 
 /*
  * Bit usage when in AArch32 state, both A- and M-profile.
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (14 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 11:56   ` Alex Bennée
  2019-12-04 16:01   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions Richard Henderson
                   ` (23 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Define via macro expansion, so that renumbering of the base ARMMMUIdx
symbols is automatically reflexed in the bit definitions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5f295c7e60..6ba5126852 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2886,27 +2886,34 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
 } ARMMMUIdx;
 
-/* Bit macros for the core-mmu-index values for each index,
+/*
+ * Bit macros for the core-mmu-index values for each index,
  * for use when calling tlb_flush_by_mmuidx() and friends.
  */
+#define TO_CORE_BIT(NAME) \
+    ARMMMUIdxBit_##NAME = 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_MASK)
+
 typedef enum ARMMMUIdxBit {
-    ARMMMUIdxBit_EL10_0 = 1 << 0,
-    ARMMMUIdxBit_EL10_1 = 1 << 1,
-    ARMMMUIdxBit_E2 = 1 << 2,
-    ARMMMUIdxBit_SE3 = 1 << 3,
-    ARMMMUIdxBit_SE0 = 1 << 4,
-    ARMMMUIdxBit_SE1 = 1 << 5,
-    ARMMMUIdxBit_Stage2 = 1 << 6,
-    ARMMMUIdxBit_MUser = 1 << 0,
-    ARMMMUIdxBit_MPriv = 1 << 1,
-    ARMMMUIdxBit_MUserNegPri = 1 << 2,
-    ARMMMUIdxBit_MPrivNegPri = 1 << 3,
-    ARMMMUIdxBit_MSUser = 1 << 4,
-    ARMMMUIdxBit_MSPriv = 1 << 5,
-    ARMMMUIdxBit_MSUserNegPri = 1 << 6,
-    ARMMMUIdxBit_MSPrivNegPri = 1 << 7,
+    TO_CORE_BIT(EL10_0),
+    TO_CORE_BIT(EL10_1),
+    TO_CORE_BIT(E2),
+    TO_CORE_BIT(SE0),
+    TO_CORE_BIT(SE1),
+    TO_CORE_BIT(SE3),
+    TO_CORE_BIT(Stage2),
+
+    TO_CORE_BIT(MUser),
+    TO_CORE_BIT(MPriv),
+    TO_CORE_BIT(MUserNegPri),
+    TO_CORE_BIT(MPrivNegPri),
+    TO_CORE_BIT(MSUser),
+    TO_CORE_BIT(MSPriv),
+    TO_CORE_BIT(MSUserNegPri),
+    TO_CORE_BIT(MSPrivNegPri),
 } ARMMMUIdxBit;
 
+#undef TO_CORE_BIT
+
 #define MMU_USER_IDX 0
 
 static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (15 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  6:27   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx Richard Henderson
                   ` (22 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Replace the magic numbers with the relevant ARM_MMU_IDX_M_* constants.
Keep the definitions short by referencing previous symbols.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6ba5126852..015301e93a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2871,14 +2871,14 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
     ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
     ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
-    ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MPrivNegPri = 3 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MSUser = 4 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MSPriv = 5 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MSUserNegPri = 6 | ARM_MMU_IDX_M,
-    ARMMMUIdx_MSPrivNegPri = 7 | ARM_MMU_IDX_M,
+    ARMMMUIdx_MUser = ARM_MMU_IDX_M,
+    ARMMMUIdx_MPriv = ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV,
+    ARMMMUIdx_MUserNegPri = ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI,
+    ARMMMUIdx_MPrivNegPri = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI,
+    ARMMMUIdx_MSUser = ARMMMUIdx_MUser | ARM_MMU_IDX_M_S,
+    ARMMMUIdx_MSPriv = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S,
+    ARMMMUIdx_MSUserNegPri = ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S,
+    ARMMMUIdx_MSPrivNegPri = ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S,
     /* Indexes below here don't have TLBs and are used only for AT system
      * instructions or for the first stage of an S12 page table walk.
      */
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (16 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 13:44   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 19/40] target/arm: Add regime_has_2_ranges Richard Henderson
                   ` (21 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Prepare for, but do not yet implement, the EL2&0 regime.
This involves adding the new MMUIdx enumerators and adjusting
some of the MMUIdx related predicates to match.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu-param.h |   2 +-
 target/arm/cpu.h       | 128 ++++++++++++++++++-----------------------
 target/arm/internals.h |  37 +++++++++++-
 target/arm/helper.c    |  66 ++++++++++++++++++---
 target/arm/translate.c |   1 -
 5 files changed, 150 insertions(+), 84 deletions(-)

diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 6e6948e960..18ac562346 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -29,6 +29,6 @@
 # define TARGET_PAGE_BITS_MIN  10
 #endif
 
-#define NB_MMU_MODES 8
+#define NB_MMU_MODES 9
 
 #endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 015301e93a..bf8eb57e3a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2778,7 +2778,9 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
  *  + NonSecure EL1 & 0 stage 1
  *  + NonSecure EL1 & 0 stage 2
  *  + NonSecure EL2
- *  + Secure EL1 & EL0
+ *  + NonSecure EL2 & 0   (ARMv8.1-VHE)
+ *  + Secure EL0
+ *  + Secure EL1
  *  + Secure EL3
  * If EL3 is 32-bit:
  *  + NonSecure PL1 & 0 stage 1
@@ -2788,8 +2790,9 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
  * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.)
  *
  * For QEMU, an mmu_idx is not quite the same as a translation regime because:
- *  1. we need to split the "EL1 & 0" regimes into two mmu_idxes, because they
- *     may differ in access permissions even if the VA->PA map is the same
+ *  1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_idxes,
+ *     because they may differ in access permissions even if the VA->PA map is
+ *     the same
  *  2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage 1+2
  *     translation, which means that we have one mmu_idx that deals with two
  *     concatenated translation regimes [this sort of combined s1+2 TLB is
@@ -2801,19 +2804,23 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
  *  4. we can also safely fold together the "32 bit EL3" and "64 bit EL3"
  *     translation regimes, because they map reasonably well to each other
  *     and they can't both be active at the same time.
- * This gives us the following list of mmu_idx values:
+ *  5. we want to be able to use the TLB for accesses done as part of a
+ *     stage1 page table walk, rather than having to walk the stage2 page
+ *     table over and over.
  *
- * NS EL0 (aka NS PL0) stage 1+2
- * NS EL1 (aka NS PL1) stage 1+2
+ * This gives us the following list of cases:
+ *
+ * NS EL0 (aka NS PL0) EL1&0 stage 1+2
+ * NS EL1 (aka NS PL1) EL1&0 stage 1+2
+ * NS EL0 EL2&0
+ * NS EL2 EL2&0
  * NS EL2 (aka NS PL2)
- * S EL3 (aka S PL1)
  * S EL0 (aka S PL0)
  * S EL1 (not used if EL3 is 32 bit)
- * NS EL0+1 stage 2
+ * S EL3 (aka S PL1)
+ * NS EL0&1 stage 2
  *
- * (The last of these is an mmu_idx because we want to be able to use the TLB
- * for the accesses done as part of a stage 1 page table walk, rather than
- * having to walk the stage 2 page table over and over.)
+ * for a total of 9 different mmu_idx.
  *
  * R profile CPUs have an MPU, but can use the same set of MMU indexes
  * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
@@ -2851,26 +2858,47 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
  * For M profile we arrange them to have a bit for priv, a bit for negpri
  * and a bit for secure.
  */
-#define ARM_MMU_IDX_A 0x10 /* A profile */
-#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */
-#define ARM_MMU_IDX_M 0x40 /* M profile */
+#define ARM_MMU_IDX_A     0x10  /* A profile */
+#define ARM_MMU_IDX_NOTLB 0x20  /* does not have a TLB */
+#define ARM_MMU_IDX_M     0x40  /* M profile */
 
-/* meanings of the bits for M profile mmu idx values */
-#define ARM_MMU_IDX_M_PRIV 0x1
+/* Meanings of the bits for M profile mmu idx values */
+#define ARM_MMU_IDX_M_PRIV   0x1
 #define ARM_MMU_IDX_M_NEGPRI 0x2
-#define ARM_MMU_IDX_M_S 0x4
+#define ARM_MMU_IDX_M_S      0x4  /* Secure */
 
-#define ARM_MMU_IDX_TYPE_MASK (~0x7)
-#define ARM_MMU_IDX_COREIDX_MASK 0x7
+#define ARM_MMU_IDX_TYPE_MASK \
+    (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB)
+#define ARM_MMU_IDX_COREIDX_MASK 0xf
 
 typedef enum ARMMMUIdx {
+    /*
+     * A-profile.
+     */
     ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
-    ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
-    ARMMMUIdx_E2 = 2 | ARM_MMU_IDX_A,
-    ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
-    ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
-    ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
-    ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
+    ARMMMUIdx_EL20_0 = 1 | ARM_MMU_IDX_A,
+
+    ARMMMUIdx_EL10_1 = 2 | ARM_MMU_IDX_A,
+
+    ARMMMUIdx_E2 =     3 | ARM_MMU_IDX_A,
+    ARMMMUIdx_EL20_2 = 4 | ARM_MMU_IDX_A,
+
+    ARMMMUIdx_SE0 =    5 | ARM_MMU_IDX_A,
+    ARMMMUIdx_SE1 =    6 | ARM_MMU_IDX_A,
+    ARMMMUIdx_SE3 =    7 | ARM_MMU_IDX_A,
+
+    ARMMMUIdx_Stage2 = 8 | ARM_MMU_IDX_A,
+
+    /*
+     * These are not allocated TLBs and are used only for AT system
+     * instructions or for the first stage of an S12 page table walk.
+     */
+    ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
+    ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
+
+    /*
+     * M-profile.
+     */
     ARMMMUIdx_MUser = ARM_MMU_IDX_M,
     ARMMMUIdx_MPriv = ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV,
     ARMMMUIdx_MUserNegPri = ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI,
@@ -2879,11 +2907,6 @@ typedef enum ARMMMUIdx {
     ARMMMUIdx_MSPriv = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S,
     ARMMMUIdx_MSUserNegPri = ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S,
     ARMMMUIdx_MSPrivNegPri = ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S,
-    /* Indexes below here don't have TLBs and are used only for AT system
-     * instructions or for the first stage of an S12 page table walk.
-     */
-    ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
-    ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
 } ARMMMUIdx;
 
 /*
@@ -2895,8 +2918,10 @@ typedef enum ARMMMUIdx {
 
 typedef enum ARMMMUIdxBit {
     TO_CORE_BIT(EL10_0),
+    TO_CORE_BIT(EL20_0),
     TO_CORE_BIT(EL10_1),
     TO_CORE_BIT(E2),
+    TO_CORE_BIT(EL20_2),
     TO_CORE_BIT(SE0),
     TO_CORE_BIT(SE1),
     TO_CORE_BIT(SE3),
@@ -2916,49 +2941,6 @@ typedef enum ARMMMUIdxBit {
 
 #define MMU_USER_IDX 0
 
-static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
-{
-    return mmu_idx & ARM_MMU_IDX_COREIDX_MASK;
-}
-
-static inline ARMMMUIdx core_to_arm_mmu_idx(CPUARMState *env, int mmu_idx)
-{
-    if (arm_feature(env, ARM_FEATURE_M)) {
-        return mmu_idx | ARM_MMU_IDX_M;
-    } else {
-        return mmu_idx | ARM_MMU_IDX_A;
-    }
-}
-
-/* Return the exception level we're running at if this is our mmu_idx */
-static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
-{
-    switch (mmu_idx & ARM_MMU_IDX_TYPE_MASK) {
-    case ARM_MMU_IDX_A:
-        return mmu_idx & 3;
-    case ARM_MMU_IDX_M:
-        return mmu_idx & ARM_MMU_IDX_M_PRIV;
-    default:
-        g_assert_not_reached();
-    }
-}
-
-/*
- * Return the MMU index for a v7M CPU with all relevant information
- * manually specified.
- */
-ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
-                              bool secstate, bool priv, bool negpri);
-
-/* Return the MMU index for a v7M CPU in the specified security and
- * privilege state.
- */
-ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
-                                                bool secstate, bool priv);
-
-/* Return the MMU index for a v7M CPU in the specified security state */
-ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate);
-
 /**
  * cpu_mmu_index:
  * @env: The cpu environment
diff --git a/target/arm/internals.h b/target/arm/internals.h
index aee54dc105..d73615064c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -769,6 +769,39 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                       MMUAccessType access_type, int mmu_idx,
                       bool probe, uintptr_t retaddr);
 
+static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
+{
+    return mmu_idx & ARM_MMU_IDX_COREIDX_MASK;
+}
+
+static inline ARMMMUIdx core_to_arm_mmu_idx(CPUARMState *env, int mmu_idx)
+{
+    if (arm_feature(env, ARM_FEATURE_M)) {
+        return mmu_idx | ARM_MMU_IDX_M;
+    } else {
+        return mmu_idx | ARM_MMU_IDX_A;
+    }
+}
+
+int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx);
+
+/*
+ * Return the MMU index for a v7M CPU with all relevant information
+ * manually specified.
+ */
+ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
+                              bool secstate, bool priv, bool negpri);
+
+/*
+ * Return the MMU index for a v7M CPU in the specified security and
+ * privilege state.
+ */
+ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
+                                                bool secstate, bool priv);
+
+/* Return the MMU index for a v7M CPU in the specified security state */
+ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate);
+
 /* Return true if the stage 1 translation regime is using LPAE format page
  * tables */
 bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx);
@@ -810,6 +843,8 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     switch (mmu_idx) {
     case ARMMMUIdx_EL10_0:
     case ARMMMUIdx_EL10_1:
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_EL20_2:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_Stage1_E1:
     case ARMMMUIdx_E2:
@@ -819,9 +854,9 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_MPriv:
     case ARMMMUIdx_MUser:
         return false;
-    case ARMMMUIdx_SE3:
     case ARMMMUIdx_SE0:
     case ARMMMUIdx_SE1:
+    case ARMMMUIdx_SE3:
     case ARMMMUIdx_MSPrivNegPri:
     case ARMMMUIdx_MSUserNegPri:
     case ARMMMUIdx_MSPriv:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ec5c7fa325..f86285ffbe 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8561,9 +8561,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
 #endif /* !CONFIG_USER_ONLY */
 
 /* Return the exception level which controls this address translation regime */
-static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
+static uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_EL20_2:
     case ARMMMUIdx_Stage2:
     case ARMMMUIdx_E2:
         return 2;
@@ -8574,6 +8576,8 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
     case ARMMMUIdx_SE1:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_Stage1_E1:
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL10_1:
     case ARMMMUIdx_MPrivNegPri:
     case ARMMMUIdx_MUserNegPri:
     case ARMMMUIdx_MPriv:
@@ -8675,10 +8679,14 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
  */
 static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
 {
-    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
-        mmu_idx += (ARMMMUIdx_Stage1_E0 - ARMMMUIdx_EL10_0);
+    switch (mmu_idx) {
+    case ARMMMUIdx_EL10_0:
+        return ARMMMUIdx_Stage1_E0;
+    case ARMMMUIdx_EL10_1:
+        return ARMMMUIdx_Stage1_E1;
+    default:
+        return mmu_idx;
     }
-    return mmu_idx;
 }
 
 /* Return true if the translation regime is using LPAE format page tables */
@@ -8711,6 +8719,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     switch (mmu_idx) {
     case ARMMMUIdx_SE0:
+    case ARMMMUIdx_EL20_0:
     case ARMMMUIdx_Stage1_E0:
     case ARMMMUIdx_MUser:
     case ARMMMUIdx_MSUser:
@@ -11136,6 +11145,31 @@ int fp_exception_el(CPUARMState *env, int cur_el)
     return 0;
 }
 
+/* Return the exception level we're running at if this is our mmu_idx */
+int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
+{
+    if (mmu_idx & ARM_MMU_IDX_M) {
+        return mmu_idx & ARM_MMU_IDX_M_PRIV;
+    }
+
+    switch (mmu_idx) {
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_SE0:
+        return 0;
+    case ARMMMUIdx_EL10_1:
+    case ARMMMUIdx_SE1:
+        return 1;
+    case ARMMMUIdx_E2:
+    case ARMMMUIdx_EL20_2:
+        return 2;
+    case ARMMMUIdx_SE3:
+        return 3;
+    default:
+        g_assert_not_reached();
+    }
+}
+
 #ifndef CONFIG_TCG
 ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
 {
@@ -11149,10 +11183,26 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
         return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
     }
 
-    if (el < 2 && arm_is_secure_below_el3(env)) {
-        return ARMMMUIdx_SE0 + el;
-    } else {
-        return ARMMMUIdx_EL10_0 + el;
+    switch (el) {
+    case 0:
+        /* TODO: ARMv8.1-VHE */
+        if (arm_is_secure_below_el3(env)) {
+            return ARMMMUIdx_SE0;
+        }
+        return ARMMMUIdx_EL10_0;
+    case 1:
+        if (arm_is_secure_below_el3(env)) {
+            return ARMMMUIdx_SE1;
+        }
+        return ARMMMUIdx_EL10_1;
+    case 2:
+        /* TODO: ARMv8.1-VHE */
+        /* TODO: ARMv8.4-SecEL2 */
+        return ARMMMUIdx_E2;
+    case 3:
+        return ARMMMUIdx_SE3;
+    default:
+        g_assert_not_reached();
     }
 }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index cd757165e1..b7f726e733 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -172,7 +172,6 @@ static inline int get_a32_user_mem_index(DisasContext *s)
     case ARMMMUIdx_MSUserNegPri:
     case ARMMMUIdx_MSPrivNegPri:
         return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
-    case ARMMMUIdx_Stage2:
     default:
         g_assert_not_reached();
     }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 19/40] target/arm: Add regime_has_2_ranges
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (17 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 14:16   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE Richard Henderson
                   ` (20 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/internals.h     | 16 ++++++++++++++++
 target/arm/helper.c        | 23 ++++++-----------------
 target/arm/translate-a64.c |  3 +--
 3 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index d73615064c..1ca9a7cc78 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -837,6 +837,22 @@ static inline void arm_call_el_change_hook(ARMCPU *cpu)
     }
 }
 
+/* Return true if this address translation regime has two ranges.  */
+static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
+{
+    switch (mmu_idx) {
+    case ARMMMUIdx_Stage1_E0:
+    case ARMMMUIdx_Stage1_E1:
+    case ARMMMUIdx_EL10_0:
+    case ARMMMUIdx_EL10_1:
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_EL20_2:
+        return true;
+    default:
+        return false;
+    }
+}
+
 /* Return true if this address translation regime is secure */
 static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f86285ffbe..27adf24fa6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8885,15 +8885,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
     }
 
     if (is_aa64) {
-        switch (regime_el(env, mmu_idx)) {
-        case 1:
-            if (!is_user) {
-                xn = pxn || (user_rw & PAGE_WRITE);
-            }
-            break;
-        case 2:
-        case 3:
-            break;
+        if (regime_has_2_ranges(mmu_idx) && !is_user) {
+            xn = pxn || (user_rw & PAGE_WRITE);
         }
     } else if (arm_feature(env, ARM_FEATURE_V7)) {
         switch (regime_el(env, mmu_idx)) {
@@ -9427,7 +9420,6 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
                                         ARMMMUIdx mmu_idx)
 {
     uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
-    uint32_t el = regime_el(env, mmu_idx);
     bool tbi, tbid, epd, hpd, using16k, using64k;
     int select, tsz;
 
@@ -9437,7 +9429,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
      */
     select = extract64(va, 55, 1);
 
-    if (el > 1) {
+    if (!regime_has_2_ranges(mmu_idx)) {
         tsz = extract32(tcr, 0, 6);
         using64k = extract32(tcr, 14, 1);
         using16k = extract32(tcr, 15, 1);
@@ -9593,10 +9585,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
         param = aa64_va_parameters(env, address, mmu_idx,
                                    access_type != MMU_INST_FETCH);
         level = 0;
-        /* If we are in 64-bit EL2 or EL3 then there is no TTBR1, so mark it
-         * invalid.
-         */
-        ttbr1_valid = (el < 2);
+        ttbr1_valid = regime_has_2_ranges(mmu_idx);
         addrsize = 64 - 8 * param.tbi;
         inputsize = 64 - param.tsz;
     } else {
@@ -11306,8 +11295,8 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
 
     flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
 
-    /* FIXME: ARMv8.1-VHE S2 translation regime.  */
-    if (regime_el(env, stage1) < 2) {
+    /* Get control bits for tagged addresses.  */
+    if (regime_has_2_ranges(mmu_idx)) {
         ARMVAParameters p1 = aa64_va_parameters_both(env, -1, stage1);
         tbid = (p1.tbi << 1) | p0.tbi;
         tbii = tbid & ~((p1.tbid << 1) | p0.tbid);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 885c99f0c9..d0b65c49e2 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -175,8 +175,7 @@ static void gen_top_byte_ignore(DisasContext *s, TCGv_i64 dst,
     if (tbi == 0) {
         /* Load unmodified address */
         tcg_gen_mov_i64(dst, src);
-    } else if (s->current_el >= 2) {
-        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
+    } else if (!regime_has_2_ranges(s->mmu_idx)) {
         /* Force tag byte to all zero */
         tcg_gen_extract_i64(dst, src, 0, 56);
     } else {
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (18 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 19/40] target/arm: Add regime_has_2_ranges Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 14:37   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 21/40] target/arm: Update arm_sctlr " Richard Henderson
                   ` (19 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Return the indexes for the EL2&0 regime when the appropriate bits
are set within HCR_EL2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 27adf24fa6..c6b4c0a25f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11172,12 +11172,16 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
         return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
     }
 
+    /* See ARM pseudo-function ELIsInHost.  */
     switch (el) {
     case 0:
-        /* TODO: ARMv8.1-VHE */
         if (arm_is_secure_below_el3(env)) {
             return ARMMMUIdx_SE0;
         }
+        if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)
+            && arm_el_is_aa64(env, 2)) {
+            return ARMMMUIdx_EL20_0;
+        }
         return ARMMMUIdx_EL10_0;
     case 1:
         if (arm_is_secure_below_el3(env)) {
@@ -11185,8 +11189,11 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
         }
         return ARMMMUIdx_EL10_1;
     case 2:
-        /* TODO: ARMv8.1-VHE */
         /* TODO: ARMv8.4-SecEL2 */
+        /* Note that TGE does not apply at EL2.  */
+        if ((env->cp15.hcr_el2 & HCR_E2H) && arm_el_is_aa64(env, 2)) {
+            return ARMMMUIdx_EL20_2;
+        }
         return ARMMMUIdx_E2;
     case 3:
         return ARMMMUIdx_SE3;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 21/40] target/arm: Update arm_sctlr for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (19 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2 Richard Henderson
                   ` (18 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Use the correct sctlr for EL2&0 regime.  Due to header ordering,
and where arm_mmu_idx_el is declared, we need to move the function
out of line.  Use the function in many more places in order to
select the correct control.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h          | 10 +---------
 target/arm/helper-a64.c   |  2 +-
 target/arm/helper.c       | 20 +++++++++++++++-----
 target/arm/pauth_helper.c |  9 +--------
 4 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index bf8eb57e3a..8aa625734f 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3100,15 +3100,7 @@ static inline bool arm_sctlr_b(CPUARMState *env)
         (env->cp15.sctlr_el[1] & SCTLR_B) != 0;
 }
 
-static inline uint64_t arm_sctlr(CPUARMState *env, int el)
-{
-    if (el == 0) {
-        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
-        return env->cp15.sctlr_el[1];
-    } else {
-        return env->cp15.sctlr_el[el];
-    }
-}
+uint64_t arm_sctlr(CPUARMState *env, int el);
 
 static inline bool arm_cpu_data_is_big_endian_a32(CPUARMState *env,
                                                   bool sctlr_b)
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index b4cd680fc4..abf15cdd3f 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -70,7 +70,7 @@ static void daif_check(CPUARMState *env, uint32_t op,
                        uint32_t imm, uintptr_t ra)
 {
     /* DAIF update to PSTATE. This is OK from EL0 only if UMA is set.  */
-    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) {
+    if (arm_current_el(env) == 0 && !(arm_sctlr(env, 0) & SCTLR_UMA)) {
         raise_exception_ra(env, EXCP_UDEF,
                            syn_aa64_sysregtrap(0, extract32(op, 0, 3),
                                                extract32(op, 3, 3), 4,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c6b4c0a25f..4f5e0b656c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3863,7 +3863,7 @@ static void aa64_fpsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static CPAccessResult aa64_daif_access(CPUARMState *env, const ARMCPRegInfo *ri,
                                        bool isread)
 {
-    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) {
+    if (arm_current_el(env) == 0 && !(arm_sctlr(env, 0) & SCTLR_UMA)) {
         return CP_ACCESS_TRAP;
     }
     return CP_ACCESS_OK;
@@ -3882,7 +3882,7 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
     /* Cache invalidate/clean: NOP, but EL0 must UNDEF unless
      * SCTLR_EL1.UCI is set.
      */
-    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UCI)) {
+    if (arm_current_el(env) == 0 && !(arm_sctlr(env, 0) & SCTLR_UCI)) {
         return CP_ACCESS_TRAP;
     }
     return CP_ACCESS_OK;
@@ -8592,14 +8592,24 @@ static uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
     }
 }
 
-#ifndef CONFIG_USER_ONLY
+uint64_t arm_sctlr(CPUARMState *env, int el)
+{
+    /* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
+    if (el == 0) {
+        ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
+        el = (mmu_idx == ARMMMUIdx_EL20_0 ? 2 : 1);
+    }
+    return env->cp15.sctlr_el[el];
+}
 
 /* Return the SCTLR value which controls this address translation regime */
-static inline uint32_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
+static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
 {
     return env->cp15.sctlr_el[regime_el(env, mmu_idx)];
 }
 
+#ifndef CONFIG_USER_ONLY
+
 /* Return true if the specified stage of address translation is disabled */
 static inline bool regime_translation_disabled(CPUARMState *env,
                                                ARMMMUIdx mmu_idx)
@@ -11332,7 +11342,7 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
         flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
     }
 
-    sctlr = arm_sctlr(env, el);
+    sctlr = regime_sctlr(env, stage1);
 
     if (arm_cpu_data_is_big_endian_a64(el, sctlr)) {
         flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1);
diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
index d3194f2043..42c9141bb7 100644
--- a/target/arm/pauth_helper.c
+++ b/target/arm/pauth_helper.c
@@ -386,14 +386,7 @@ static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra)
 
 static bool pauth_key_enabled(CPUARMState *env, int el, uint32_t bit)
 {
-    uint32_t sctlr;
-    if (el == 0) {
-        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
-        sctlr = env->cp15.sctlr_el[1];
-    } else {
-        sctlr = env->cp15.sctlr_el[el];
-    }
-    return (sctlr & bit) != 0;
+    return (arm_sctlr(env, el) & bit) != 0;
 }
 
 uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (20 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 21/40] target/arm: Update arm_sctlr " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 15:01   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 23/40] target/arm: Update ctr_el0_access " Richard Henderson
                   ` (17 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The comment that we don't support EL2 is somewhat out of date.
Update to include checks against HCR_EL2.TDZ.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4f5e0b656c..ffa82b5509 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4109,11 +4109,27 @@ static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri,
                                       bool isread)
 {
-    /* We don't implement EL2, so the only control on DC ZVA is the
-     * bit in the SCTLR which can prohibit access for EL0.
-     */
-    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_DZE)) {
-        return CP_ACCESS_TRAP;
+    int cur_el = arm_current_el(env);
+
+    if (cur_el < 2) {
+        uint64_t hcr = arm_hcr_el2_eff(env);
+
+        if (cur_el == 0) {
+            if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+                if (!(env->cp15.sctlr_el[2] & SCTLR_DZE)) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            } else {
+                if (!(env->cp15.sctlr_el[1] & SCTLR_DZE)) {
+                    return CP_ACCESS_TRAP;
+                }
+                if (hcr & HCR_TDZ) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            }
+        } else if (hcr & HCR_TDZ) {
+            return CP_ACCESS_TRAP_EL2;
+        }
     }
     return CP_ACCESS_OK;
 }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 23/40] target/arm: Update ctr_el0_access for EL2
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (21 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2 Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-04 16:11   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 24/40] target/arm: Add the hypervisor virtual counter Richard Henderson
                   ` (16 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Update to include checks against HCR_EL2.TID2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ffa82b5509..9ad5015d5c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5212,11 +5212,27 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
 static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
                                      bool isread)
 {
-    /* Only accessible in EL0 if SCTLR.UCT is set (and only in AArch64,
-     * but the AArch32 CTR has its own reginfo struct)
-     */
-    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UCT)) {
-        return CP_ACCESS_TRAP;
+    int cur_el = arm_current_el(env);
+
+    if (cur_el < 2) {
+        uint64_t hcr = arm_hcr_el2_eff(env);
+
+        if (cur_el == 0) {
+            if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+                if (!(env->cp15.sctlr_el[2] & SCTLR_UCT)) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            } else {
+                if (!(env->cp15.sctlr_el[1] & SCTLR_UCT)) {
+                    return CP_ACCESS_TRAP;
+                }
+                if (hcr & HCR_TID2) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            }
+        } else if (hcr & HCR_TID2) {
+            return CP_ACCESS_TRAP_EL2;
+        }
     }
     return CP_ACCESS_OK;
 }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 24/40] target/arm: Add the hypervisor virtual counter
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (22 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 23/40] target/arm: Update ctr_el0_access " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 25/40] target/arm: Update timer access for VHE Richard Henderson
                   ` (15 subsequent siblings)
  39 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu-qom.h |  1 +
 target/arm/cpu.h     | 11 +++++----
 target/arm/cpu.c     |  2 ++
 target/arm/helper.c  | 57 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index 7f5b244bde..3a9d31ea9d 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -76,6 +76,7 @@ void arm_gt_ptimer_cb(void *opaque);
 void arm_gt_vtimer_cb(void *opaque);
 void arm_gt_htimer_cb(void *opaque);
 void arm_gt_stimer_cb(void *opaque);
+void arm_gt_hvtimer_cb(void *opaque);
 
 #define ARM_AFF0_SHIFT 0
 #define ARM_AFF0_MASK  (0xFFULL << ARM_AFF0_SHIFT)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8aa625734f..4bd1bf915c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -144,11 +144,12 @@ typedef struct ARMGenericTimer {
     uint64_t ctl; /* Timer Control register */
 } ARMGenericTimer;
 
-#define GTIMER_PHYS 0
-#define GTIMER_VIRT 1
-#define GTIMER_HYP  2
-#define GTIMER_SEC  3
-#define NUM_GTIMERS 4
+#define GTIMER_PHYS     0
+#define GTIMER_VIRT     1
+#define GTIMER_HYP      2
+#define GTIMER_SEC      3
+#define GTIMER_HYPVIRT  4
+#define NUM_GTIMERS     5
 
 typedef struct {
     uint64_t raw_tcr;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 7a4ac9339b..81c33221f7 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1259,6 +1259,8 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
                                           arm_gt_htimer_cb, cpu);
     cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
                                           arm_gt_stimer_cb, cpu);
+    cpu->gt_timer[GTIMER_HYPVIRT] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
+                                              arm_gt_hvtimer_cb, cpu);
 #endif
 
     cpu_exec_realizefn(cs, &local_err);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9ad5015d5c..a4a7f82661 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2516,6 +2516,7 @@ static uint64_t gt_tval_read(CPUARMState *env, const ARMCPRegInfo *ri,
 
     switch (timeridx) {
     case GTIMER_VIRT:
+    case GTIMER_HYPVIRT:
         offset = gt_virt_cnt_offset(env);
         break;
     }
@@ -2532,6 +2533,7 @@ static void gt_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
 
     switch (timeridx) {
     case GTIMER_VIRT:
+    case GTIMER_HYPVIRT:
         offset = gt_virt_cnt_offset(env);
         break;
     }
@@ -2687,6 +2689,34 @@ static void gt_sec_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
     gt_ctl_write(env, ri, GTIMER_SEC, value);
 }
 
+static void gt_hv_timer_reset(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+    gt_timer_reset(env, ri, GTIMER_HYPVIRT);
+}
+
+static void gt_hv_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    gt_cval_write(env, ri, GTIMER_HYPVIRT, value);
+}
+
+static uint64_t gt_hv_tval_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+    return gt_tval_read(env, ri, GTIMER_HYPVIRT);
+}
+
+static void gt_hv_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    gt_tval_write(env, ri, GTIMER_HYPVIRT, value);
+}
+
+static void gt_hv_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                            uint64_t value)
+{
+    gt_ctl_write(env, ri, GTIMER_HYPVIRT, value);
+}
+
 void arm_gt_ptimer_cb(void *opaque)
 {
     ARMCPU *cpu = opaque;
@@ -2715,6 +2745,13 @@ void arm_gt_stimer_cb(void *opaque)
     gt_recalc_timer(cpu, GTIMER_SEC);
 }
 
+void arm_gt_hvtimer_cb(void *opaque)
+{
+    ARMCPU *cpu = opaque;
+
+    gt_recalc_timer(cpu, GTIMER_HYPVIRT);
+}
+
 static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
     /* Note that CNTFRQ is purely reads-as-written for the benefit
      * of software; writing it doesn't actually change the timer frequency.
@@ -6989,6 +7026,26 @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 1,
               .access = PL2_RW, .writefn = vmsa_tcr_ttbr_el2_write,
               .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el[2]) },
+#ifndef CONFIG_USER_ONLY
+            { .name = "CNTHV_CVAL_EL2", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 3, .opc2 = 2,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_HYPVIRT].cval),
+              .type = ARM_CP_IO, .access = PL2_RW,
+              .writefn = gt_hv_cval_write, .raw_writefn = raw_write },
+            { .name = "CNTHV_TVAL_EL2", .state = ARM_CP_STATE_BOTH,
+              .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 3, .opc2 = 0,
+              .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL2_RW,
+              .resetfn = gt_hv_timer_reset,
+              .readfn = gt_hv_tval_read, .writefn = gt_hv_tval_write },
+            { .name = "CNTHV_CTL_EL2", .state = ARM_CP_STATE_BOTH,
+              .type = ARM_CP_IO,
+              .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 3, .opc2 = 1,
+              .access = PL2_RW,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_HYPVIRT].ctl),
+              .writefn = gt_hv_ctl_write, .raw_writefn = raw_write },
+#endif
             REGINFO_SENTINEL
         };
         define_arm_cp_regs(cpu, vhe_reginfo);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 25/40] target/arm: Update timer access for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (23 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 24/40] target/arm: Add the hypervisor virtual counter Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-04 18:35   ` Alex Bennée
  2019-12-03  2:29 ` [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque " Richard Henderson
                   ` (14 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 102 +++++++++++++++++++++++++++++++++++---------
 1 file changed, 81 insertions(+), 21 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index a4a7f82661..023b8963cf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2287,10 +2287,18 @@ static CPAccessResult gt_cntfrq_access(CPUARMState *env, const ARMCPRegInfo *ri,
      * Writable only at the highest implemented exception level.
      */
     int el = arm_current_el(env);
+    uint64_t hcr;
+    uint32_t cntkctl;
 
     switch (el) {
     case 0:
-        if (!extract32(env->cp15.c14_cntkctl, 0, 2)) {
+        hcr = arm_hcr_el2_eff(env);
+        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+            cntkctl = env->cp15.cnthctl_el2;
+        } else {
+            cntkctl = env->cp15.c14_cntkctl;
+        }
+        if (!extract32(cntkctl, 0, 2)) {
             return CP_ACCESS_TRAP;
         }
         break;
@@ -2318,17 +2326,47 @@ static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx,
 {
     unsigned int cur_el = arm_current_el(env);
     bool secure = arm_is_secure(env);
+    uint64_t hcr = arm_hcr_el2_eff(env);
 
-    /* CNT[PV]CT: not visible from PL0 if ELO[PV]CTEN is zero */
-    if (cur_el == 0 &&
-        !extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
-        return CP_ACCESS_TRAP;
-    }
+    switch (cur_el) {
+    case 0:
+        /* If HCR_EL2.<E2H,TGE> == '11': check CNTHCTL_EL2.EL0[PV]CTEN. */
+        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+            return (extract32(env->cp15.cnthctl_el2, timeridx, 1)
+                    ? CP_ACCESS_OK : CP_ACCESS_TRAP_EL2);
+        }
 
-    if (arm_feature(env, ARM_FEATURE_EL2) &&
-        timeridx == GTIMER_PHYS && !secure && cur_el < 2 &&
-        !extract32(env->cp15.cnthctl_el2, 0, 1)) {
-        return CP_ACCESS_TRAP_EL2;
+        /* CNT[PV]CT: not visible from PL0 if EL0[PV]CTEN is zero */
+        if (!extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
+            return CP_ACCESS_TRAP;
+        }
+
+        /* If HCR_EL2.<E2H,TGE> == '10': check CNTHCTL_EL2.EL1PCTEN. */
+        if (hcr & HCR_E2H) {
+            if (timeridx == GTIMER_PHYS &&
+                !extract32(env->cp15.cnthctl_el2, 10, 1)) {
+                return CP_ACCESS_TRAP_EL2;
+            }
+        } else {
+            /* If HCR_EL2.<E2H> == 0: check CNTHCTL_EL2.EL1PCEN. */
+            if (arm_feature(env, ARM_FEATURE_EL2) &&
+                timeridx == GTIMER_PHYS && !secure &&
+                !extract32(env->cp15.cnthctl_el2, 1, 1)) {
+                return CP_ACCESS_TRAP_EL2;
+            }
+        }
+        break;
+
+    case 1:
+        /* Check CNTHCTL_EL2.EL1PCTEN, which changes location based on E2H. */
+        if (arm_feature(env, ARM_FEATURE_EL2) &&
+            timeridx == GTIMER_PHYS && !secure &&
+            (hcr & HCR_E2H
+             ? !extract32(env->cp15.cnthctl_el2, 10, 1)
+             : !extract32(env->cp15.cnthctl_el2, 0, 1))) {
+            return CP_ACCESS_TRAP_EL2;
+        }
+        break;
     }
     return CP_ACCESS_OK;
 }
@@ -2338,19 +2376,41 @@ static CPAccessResult gt_timer_access(CPUARMState *env, int timeridx,
 {
     unsigned int cur_el = arm_current_el(env);
     bool secure = arm_is_secure(env);
+    uint64_t hcr = arm_hcr_el2_eff(env);
 
-    /* CNT[PV]_CVAL, CNT[PV]_CTL, CNT[PV]_TVAL: not visible from PL0 if
-     * EL0[PV]TEN is zero.
-     */
-    if (cur_el == 0 &&
-        !extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
-        return CP_ACCESS_TRAP;
-    }
+    switch (cur_el) {
+    case 0:
+        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+            /* If HCR_EL2.<E2H,TGE> == '11': check CNTHCTL_EL2.EL0[PV]TEN. */
+            return (extract32(env->cp15.cnthctl_el2, 9 - timeridx, 1)
+                    ? CP_ACCESS_OK : CP_ACCESS_TRAP_EL2);
+        }
 
-    if (arm_feature(env, ARM_FEATURE_EL2) &&
-        timeridx == GTIMER_PHYS && !secure && cur_el < 2 &&
-        !extract32(env->cp15.cnthctl_el2, 1, 1)) {
-        return CP_ACCESS_TRAP_EL2;
+        /*
+         * CNT[PV]_CVAL, CNT[PV]_CTL, CNT[PV]_TVAL: not visible from
+         * EL0 if EL0[PV]TEN is zero.
+         */
+        if (!extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
+            return CP_ACCESS_TRAP;
+        }
+        /* fall through */
+
+    case 1:
+        if (arm_feature(env, ARM_FEATURE_EL2) &&
+            timeridx == GTIMER_PHYS && !secure) {
+            if (hcr & HCR_E2H) {
+                /* If HCR_EL2.<E2H,TGE> == '10': check CNTHCTL_EL2.EL1PTEN. */
+                if (!extract32(env->cp15.cnthctl_el2, 11, 1)) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            } else {
+                /* If HCR_EL2.<E2H> == 0: check CNTHCTL_EL2.EL1PCEN. */
+                if (!extract32(env->cp15.cnthctl_el2, 1, 1)) {
+                    return CP_ACCESS_TRAP_EL2;
+                }
+            }
+        }
+        break;
     }
     return CP_ACCESS_OK;
 }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (24 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 25/40] target/arm: Update timer access for VHE Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-04 18:58   ` Alex Bennée
  2019-12-06 15:53   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing Richard Henderson
                   ` (13 subsequent siblings)
  39 siblings, 2 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

For ARMv8.1, op1 == 5 is reserved for EL2 aliases of
EL1 and EL0 registers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 023b8963cf..1812588fa1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
             mask = PL0_RW;
             break;
         case 4:
+        case 5:
             /* min_EL EL2 */
             mask = PL2_RW;
             break;
-        case 5:
-            /* unallocated encoding, so not possible */
-            assert(false);
-            break;
         case 6:
             /* min_EL EL3 */
             mask = PL3_RW;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (25 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 17:24   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 28/40] target/arm: Add VHE timer " Richard Henderson
                   ` (12 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Several of the EL1/0 registers are redirected to the EL2 version when in
EL2 and HCR_EL2.E2H is set.  Many of these registers have side effects.
Link together the two ARMCPRegInfo structures after they have been
properly instantiated.  Install common dispatch routines to all of the
relevant registers.

The same set of registers that are redirected also have additional
EL12/EL02 aliases created to access the original register that was
redirected.

Omit the generic timer registers from redirection here, because we'll
need multiple kinds of redirection from both EL0 and EL2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h    |  44 ++++++++----
 target/arm/helper.c | 162 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4bd1bf915c..bb5a72520e 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2488,19 +2488,6 @@ struct ARMCPRegInfo {
      */
     ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
 
-    /* Offsets of the secure and non-secure fields in CPUARMState for the
-     * register if it is banked.  These fields are only used during the static
-     * registration of a register.  During hashing the bank associated
-     * with a given security state is copied to fieldoffset which is used from
-     * there on out.
-     *
-     * It is expected that register definitions use either fieldoffset or
-     * bank_fieldoffsets in the definition but not both.  It is also expected
-     * that both bank offsets are set when defining a banked register.  This
-     * use indicates that a register is banked.
-     */
-    ptrdiff_t bank_fieldoffsets[2];
-
     /* Function for making any access checks for this register in addition to
      * those specified by the 'access' permissions bits. If NULL, no extra
      * checks required. The access check is performed at runtime, not at
@@ -2535,6 +2522,37 @@ struct ARMCPRegInfo {
      * fieldoffset is 0 then no reset will be done.
      */
     CPResetFn *resetfn;
+
+    union {
+        /*
+         * Offsets of the secure and non-secure fields in CPUARMState for
+         * the register if it is banked.  These fields are only used during
+         * the static registration of a register.  During hashing the bank
+         * associated with a given security state is copied to fieldoffset
+         * which is used from there on out.
+         *
+         * It is expected that register definitions use either fieldoffset
+         * or bank_fieldoffsets in the definition but not both.  It is also
+         * expected that both bank offsets are set when defining a banked
+         * register.  This use indicates that a register is banked.
+         */
+        ptrdiff_t bank_fieldoffsets[2];
+
+        /*
+         * "Original" writefn and readfn.
+         * For ARMv8.1-VHE register aliases, we overwrite the read/write
+         * accessor functions of various EL1/EL0 to perform the runtime
+         * check for which sysreg should actually be modified, and then
+         * forwards the operation.  Before overwriting the accessors,
+         * the original function is copied here, so that accesses that
+         * really do go to the EL1/EL0 version proceed normally.
+         * (The corresponding EL2 register is linked via opaque.)
+         */
+        struct {
+            CPReadFn *orig_readfn;
+            CPWriteFn *orig_writefn;
+        };
+    };
 };
 
 /* Macros which are lvalues for the field in CPUARMState for the
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1812588fa1..0baf188078 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5306,6 +5306,158 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
     REGINFO_SENTINEL
 };
 
+#ifndef CONFIG_USER_ONLY
+/* Test if system register redirection is to occur in the current state.  */
+static bool redirect_for_e2h(CPUARMState *env)
+{
+    return arm_current_el(env) == 2 && (arm_hcr_el2_eff(env) & HCR_E2H);
+}
+
+static uint64_t el2_e2h_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+    CPReadFn *readfn;
+
+    if (redirect_for_e2h(env)) {
+        /* Switch to the saved EL2 version of the register.  */
+        ri = ri->opaque;
+        readfn = ri->readfn;
+    } else {
+        readfn = ri->orig_readfn;
+    }
+    if (readfn == NULL) {
+        readfn = raw_read;
+    }
+    return readfn(env, ri);
+}
+
+static void el2_e2h_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                          uint64_t value)
+{
+    CPWriteFn *writefn;
+
+    if (redirect_for_e2h(env)) {
+        /* Switch to the saved EL2 version of the register.  */
+        ri = ri->opaque;
+        writefn = ri->writefn;
+    } else {
+        writefn = ri->orig_writefn;
+    }
+    if (writefn == NULL) {
+        writefn = raw_write;
+    }
+    writefn(env, ri, value);
+}
+
+static void define_arm_vh_e2h_redirects_aliases(ARMCPU *cpu)
+{
+    struct E2HAlias {
+        uint32_t src_key, dst_key, new_key;
+        const char *src_name, *dst_name, *new_name;
+        bool (*feature)(const ARMISARegisters *id);
+    };
+
+#define K(op0, op1, crn, crm, op2) \
+    ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP, crn, crm, op0, op1, op2)
+
+    static const struct E2HAlias aliases[] = {
+        { K(3, 0,  1, 0, 0), K(3, 4,  1, 0, 0), K(3, 5, 1, 0, 0),
+          "SCTLR", "SCTLR_EL2", "SCTLR_EL12" },
+        { K(3, 0,  1, 0, 2), K(3, 4,  1, 1, 2), K(3, 5, 1, 0, 2),
+          "CPACR", "CPTR_EL2", "CPACR_EL12" },
+        { K(3, 0,  2, 0, 0), K(3, 4,  2, 0, 0), K(3, 5, 2, 0, 0),
+          "TTBR0_EL1", "TTBR0_EL2", "TTBR0_EL12" },
+        { K(3, 0,  2, 0, 1), K(3, 4,  2, 0, 1), K(3, 5, 2, 0, 1),
+          "TTBR1_EL1", "TTBR1_EL2", "TTBR1_EL12" },
+        { K(3, 0,  2, 0, 2), K(3, 4,  2, 0, 2), K(3, 5, 2, 0, 2),
+          "TCR_EL1", "TCR_EL2", "TCR_EL12" },
+        { K(3, 0,  4, 0, 0), K(3, 4,  4, 0, 0), K(3, 5, 4, 0, 0),
+          "SPSR_EL1", "SPSR_EL2", "SPSR_EL12" },
+        { K(3, 0,  4, 0, 1), K(3, 4,  4, 0, 1), K(3, 5, 4, 0, 1),
+          "ELR_EL1", "ELR_EL2", "ELR_EL12" },
+        { K(3, 0,  5, 1, 0), K(3, 4,  5, 1, 0), K(3, 5, 5, 1, 0),
+          "AFSR0_EL1", "AFSR0_EL2", "AFSR0_EL12" },
+        { K(3, 0,  5, 1, 1), K(3, 4,  5, 1, 1), K(3, 5, 5, 1, 1),
+          "AFSR1_EL1", "AFSR1_EL2", "AFSR1_EL12" },
+        { K(3, 0,  5, 2, 0), K(3, 4,  5, 2, 0), K(3, 5, 5, 2, 0),
+          "ESR_EL1", "ESR_EL2", "ESR_EL12" },
+        { K(3, 0,  6, 0, 0), K(3, 4,  6, 0, 0), K(3, 5, 6, 0, 0),
+          "FAR_EL1", "FAR_EL2", "FAR_EL12" },
+        { K(3, 0, 10, 2, 0), K(3, 4, 10, 2, 0), K(3, 5, 10, 2, 0),
+          "MAIR_EL1", "MAIR_EL2", "MAIR_EL12" },
+        { K(3, 0, 10, 3, 0), K(3, 4, 10, 3, 0), K(3, 5, 10, 3, 0),
+          "AMAIR0", "AMAIR_EL2", "AMAIR_EL12" },
+        { K(3, 0, 12, 0, 0), K(3, 4, 12, 0, 0), K(3, 5, 12, 0, 0),
+          "VBAR", "VBAR_EL2", "VBAR_EL12" },
+        { K(3, 0, 13, 0, 1), K(3, 4, 13, 0, 1), K(3, 5, 13, 0, 1),
+          "CONTEXTIDR_EL1", "CONTEXTIDR_EL2", "CONTEXTIDR_EL12" },
+        { K(3, 0, 14, 1, 0), K(3, 4, 14, 1, 0), K(3, 5, 14, 1, 0),
+          "CNTKCTL", "CNTHCTL_EL2", "CNTKCTL_EL12" },
+
+        /*
+         * Note that redirection of ZCR is mentioned in the description
+         * of ZCR_EL2, and aliasing in the description of ZCR_EL1, but
+         * not in the summary table.
+         */
+        { K(3, 0,  1, 2, 0), K(3, 4,  1, 2, 0), K(3, 5, 1, 2, 0),
+          "ZCR_EL1", "ZCR_EL2", "ZCR_EL12", isar_feature_aa64_sve },
+
+        /* TODO: ARMv8.2-SPE -- PMSCR_EL2 */
+        /* TODO: ARMv8.4-Trace -- TRFCR_EL2 */
+    };
+#undef K
+
+    size_t i;
+
+    for (i = 0; i < ARRAY_SIZE(aliases); i++) {
+        const struct E2HAlias *a = &aliases[i];
+        ARMCPRegInfo *src_reg, *dst_reg;
+
+        if (a->feature && !a->feature(&cpu->isar)) {
+            continue;
+        }
+
+        src_reg = g_hash_table_lookup(cpu->cp_regs, &a->src_key);
+        dst_reg = g_hash_table_lookup(cpu->cp_regs, &a->dst_key);
+        g_assert(src_reg != NULL);
+        g_assert(dst_reg != NULL);
+
+        /* Cross-compare names to detect typos in the keys.  */
+        g_assert(strcmp(src_reg->name, a->src_name) == 0);
+        g_assert(strcmp(dst_reg->name, a->dst_name) == 0);
+
+        /* None of the core system registers use opaque; we will.  */
+        g_assert(src_reg->opaque == NULL);
+
+        /* Create alias before redirection so we dup the right data. */
+        if (a->new_key) {
+            ARMCPRegInfo *new_reg = g_memdup(src_reg, sizeof(ARMCPRegInfo));
+            uint32_t *new_key = g_memdup(&a->new_key, sizeof(uint32_t));
+            bool ok;
+
+            new_reg->name = a->new_name;
+            new_reg->type |= ARM_CP_ALIAS;
+            /* Remove PL1/PL0 access, leaving PL2/PL3 R/W in place.  */
+            new_reg->access &= 0xf0;
+
+            ok = g_hash_table_insert(cpu->cp_regs, new_key, new_reg);
+            g_assert(ok);
+        }
+
+        src_reg->opaque = dst_reg;
+        src_reg->orig_readfn = src_reg->readfn ?: raw_read;
+        src_reg->orig_writefn = src_reg->writefn ?: raw_write;
+        if (!src_reg->raw_readfn) {
+            src_reg->raw_readfn = raw_read;
+        }
+        if (!src_reg->raw_writefn) {
+            src_reg->raw_writefn = raw_write;
+        }
+        src_reg->readfn = el2_e2h_read;
+        src_reg->writefn = el2_e2h_write;
+    }
+}
+#endif
+
 static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
                                      bool isread)
 {
@@ -7142,6 +7294,16 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         : cpu_isar_feature(aa32_predinv, cpu)) {
         define_arm_cp_regs(cpu, predinv_reginfo);
     }
+
+#ifndef CONFIG_USER_ONLY
+    /*
+     * Register redirections and aliases must be done last,
+     * after the registers from the other extensions have been defined.
+     */
+    if (arm_feature(env, ARM_FEATURE_EL2) && cpu_isar_feature(aa64_vh, cpu)) {
+        define_arm_vh_e2h_redirects_aliases(cpu);
+    }
+#endif
 }
 
 void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 28/40] target/arm: Add VHE timer register redirection and aliasing
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (26 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-06 17:33   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime Richard Henderson
                   ` (11 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Apart from the wholesale redirection that HCR_EL2.E2H performs
for EL2, there's a separate redirection specific to the timers
that happens for EL0 when running in the EL2&0 regime.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 191 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 179 insertions(+), 12 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0baf188078..9df55a8d6b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2655,6 +2655,70 @@ static void gt_phys_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
     gt_ctl_write(env, ri, GTIMER_PHYS, value);
 }
 
+static int gt_phys_redir_timeridx(CPUARMState *env)
+{
+    switch (arm_mmu_idx(env)) {
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_EL20_2:
+        return GTIMER_HYP;
+    default:
+        return GTIMER_PHYS;
+    }
+}
+
+static int gt_virt_redir_timeridx(CPUARMState *env)
+{
+    switch (arm_mmu_idx(env)) {
+    case ARMMMUIdx_EL20_0:
+    case ARMMMUIdx_EL20_2:
+        return GTIMER_HYPVIRT;
+    default:
+        return GTIMER_VIRT;
+    }
+}
+
+static uint64_t gt_phys_redir_cval_read(CPUARMState *env,
+                                        const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    return env->cp15.c14_timer[timeridx].cval;
+}
+
+static void gt_phys_redir_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                     uint64_t value)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    gt_cval_write(env, ri, timeridx, value);
+}
+
+static uint64_t gt_phys_redir_tval_read(CPUARMState *env,
+                                        const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    return gt_tval_read(env, ri, timeridx);
+}
+
+static void gt_phys_redir_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                     uint64_t value)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    gt_tval_write(env, ri, timeridx, value);
+}
+
+static uint64_t gt_phys_redir_ctl_read(CPUARMState *env,
+                                       const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    return env->cp15.c14_timer[timeridx].ctl;
+}
+
+static void gt_phys_redir_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                    uint64_t value)
+{
+    int timeridx = gt_phys_redir_timeridx(env);
+    gt_ctl_write(env, ri, timeridx, value);
+}
+
 static void gt_virt_timer_reset(CPUARMState *env, const ARMCPRegInfo *ri)
 {
     gt_timer_reset(env, ri, GTIMER_VIRT);
@@ -2693,6 +2757,48 @@ static void gt_cntvoff_write(CPUARMState *env, const ARMCPRegInfo *ri,
     gt_recalc_timer(cpu, GTIMER_VIRT);
 }
 
+static uint64_t gt_virt_redir_cval_read(CPUARMState *env,
+                                        const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    return env->cp15.c14_timer[timeridx].cval;
+}
+
+static void gt_virt_redir_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                     uint64_t value)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    gt_cval_write(env, ri, timeridx, value);
+}
+
+static uint64_t gt_virt_redir_tval_read(CPUARMState *env,
+                                        const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    return gt_tval_read(env, ri, timeridx);
+}
+
+static void gt_virt_redir_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                     uint64_t value)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    gt_tval_write(env, ri, timeridx, value);
+}
+
+static uint64_t gt_virt_redir_ctl_read(CPUARMState *env,
+                                       const ARMCPRegInfo *ri)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    return env->cp15.c14_timer[timeridx].ctl;
+}
+
+static void gt_virt_redir_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                    uint64_t value)
+{
+    int timeridx = gt_virt_redir_timeridx(env);
+    gt_ctl_write(env, ri, timeridx, value);
+}
+
 static void gt_hyp_timer_reset(CPUARMState *env, const ARMCPRegInfo *ri)
 {
     gt_timer_reset(env, ri, GTIMER_HYP);
@@ -2842,7 +2948,8 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .accessfn = gt_ptimer_access,
       .fieldoffset = offsetoflow32(CPUARMState,
                                    cp15.c14_timer[GTIMER_PHYS].ctl),
-      .writefn = gt_phys_ctl_write, .raw_writefn = raw_write,
+      .readfn = gt_phys_redir_ctl_read, .raw_readfn = raw_read,
+      .writefn = gt_phys_redir_ctl_write, .raw_writefn = raw_write,
     },
     { .name = "CNTP_CTL_S",
       .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,
@@ -2859,14 +2966,16 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .accessfn = gt_ptimer_access,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].ctl),
       .resetvalue = 0,
-      .writefn = gt_phys_ctl_write, .raw_writefn = raw_write,
+      .readfn = gt_phys_redir_ctl_read, .raw_readfn = raw_read,
+      .writefn = gt_phys_redir_ctl_write, .raw_writefn = raw_write,
     },
     { .name = "CNTV_CTL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 1,
       .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL0_RW,
       .accessfn = gt_vtimer_access,
       .fieldoffset = offsetoflow32(CPUARMState,
                                    cp15.c14_timer[GTIMER_VIRT].ctl),
-      .writefn = gt_virt_ctl_write, .raw_writefn = raw_write,
+      .readfn = gt_virt_redir_ctl_read, .raw_readfn = raw_read,
+      .writefn = gt_virt_redir_ctl_write, .raw_writefn = raw_write,
     },
     { .name = "CNTV_CTL_EL0", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 1,
@@ -2874,14 +2983,15 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .accessfn = gt_vtimer_access,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].ctl),
       .resetvalue = 0,
-      .writefn = gt_virt_ctl_write, .raw_writefn = raw_write,
+      .readfn = gt_virt_redir_ctl_read, .raw_readfn = raw_read,
+      .writefn = gt_virt_redir_ctl_write, .raw_writefn = raw_write,
     },
     /* TimerValue views: a 32 bit downcounting view of the underlying state */
     { .name = "CNTP_TVAL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,
       .secure = ARM_CP_SECSTATE_NS,
       .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,
       .accessfn = gt_ptimer_access,
-      .readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,
+      .readfn = gt_phys_redir_tval_read, .writefn = gt_phys_redir_tval_write,
     },
     { .name = "CNTP_TVAL_S",
       .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,
@@ -2894,18 +3004,18 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 0,
       .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,
       .accessfn = gt_ptimer_access, .resetfn = gt_phys_timer_reset,
-      .readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,
+      .readfn = gt_phys_redir_tval_read, .writefn = gt_phys_redir_tval_write,
     },
     { .name = "CNTV_TVAL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 0,
       .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,
       .accessfn = gt_vtimer_access,
-      .readfn = gt_virt_tval_read, .writefn = gt_virt_tval_write,
+      .readfn = gt_virt_redir_tval_read, .writefn = gt_virt_redir_tval_write,
     },
     { .name = "CNTV_TVAL_EL0", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 0,
       .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,
       .accessfn = gt_vtimer_access, .resetfn = gt_virt_timer_reset,
-      .readfn = gt_virt_tval_read, .writefn = gt_virt_tval_write,
+      .readfn = gt_virt_redir_tval_read, .writefn = gt_virt_redir_tval_write,
     },
     /* The counter itself */
     { .name = "CNTPCT", .cp = 15, .crm = 14, .opc1 = 0,
@@ -2935,7 +3045,8 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
       .accessfn = gt_ptimer_access,
-      .writefn = gt_phys_cval_write, .raw_writefn = raw_write,
+      .readfn = gt_phys_redir_cval_read, .raw_readfn = raw_read,
+      .writefn = gt_phys_redir_cval_write, .raw_writefn = raw_write,
     },
     { .name = "CNTP_CVAL_S", .cp = 15, .crm = 14, .opc1 = 2,
       .secure = ARM_CP_SECSTATE_S,
@@ -2951,14 +3062,16 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .type = ARM_CP_IO,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
       .resetvalue = 0, .accessfn = gt_ptimer_access,
-      .writefn = gt_phys_cval_write, .raw_writefn = raw_write,
+      .readfn = gt_phys_redir_cval_read, .raw_readfn = raw_read,
+      .writefn = gt_phys_redir_cval_write, .raw_writefn = raw_write,
     },
     { .name = "CNTV_CVAL", .cp = 15, .crm = 14, .opc1 = 3,
       .access = PL0_RW,
       .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
       .accessfn = gt_vtimer_access,
-      .writefn = gt_virt_cval_write, .raw_writefn = raw_write,
+      .readfn = gt_virt_redir_cval_read, .raw_readfn = raw_read,
+      .writefn = gt_virt_redir_cval_write, .raw_writefn = raw_write,
     },
     { .name = "CNTV_CVAL_EL0", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 2,
@@ -2966,7 +3079,8 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .type = ARM_CP_IO,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
       .resetvalue = 0, .accessfn = gt_vtimer_access,
-      .writefn = gt_virt_cval_write, .raw_writefn = raw_write,
+      .readfn = gt_virt_redir_cval_read, .raw_readfn = raw_read,
+      .writefn = gt_virt_redir_cval_write, .raw_writefn = raw_write,
     },
     /* Secure timer -- this is actually restricted to only EL3
      * and configurably Secure-EL1 via the accessfn.
@@ -2997,6 +3111,15 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
     REGINFO_SENTINEL
 };
 
+static CPAccessResult e2h_access(CPUARMState *env, const ARMCPRegInfo *ri,
+                                 bool isread)
+{
+    if (!(arm_hcr_el2_eff(env) & HCR_E2H)) {
+        return CP_ACCESS_TRAP;
+    }
+    return CP_ACCESS_OK;
+}
+
 #else
 
 /* In user-mode most of the generic timer registers are inaccessible
@@ -7257,6 +7380,50 @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .fieldoffset =
                 offsetof(CPUARMState, cp15.c14_timer[GTIMER_HYPVIRT].ctl),
               .writefn = gt_hv_ctl_write, .raw_writefn = raw_write },
+            { .name = "CNTP_CTL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 2, .opc2 = 1,
+              .type = ARM_CP_IO | ARM_CP_ALIAS,
+              .access = PL2_RW, .accessfn = e2h_access,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].ctl),
+              .writefn = gt_phys_ctl_write, .raw_writefn = raw_write,
+            },
+            { .name = "CNTV_CTL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 3, .opc2 = 1,
+              .type = ARM_CP_IO | ARM_CP_ALIAS,
+              .access = PL2_RW, .accessfn = e2h_access,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].ctl),
+              .writefn = gt_virt_ctl_write, .raw_writefn = raw_write,
+            },
+            { .name = "CNTP_TVAL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 2, .opc2 = 0,
+              .type = ARM_CP_NO_RAW | ARM_CP_IO | ARM_CP_ALIAS,
+              .access = PL2_RW, .accessfn = e2h_access,
+              .readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,
+            },
+            { .name = "CNTV_TVAL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 3, .opc2 = 0,
+              .type = ARM_CP_NO_RAW | ARM_CP_IO | ARM_CP_ALIAS,
+              .access = PL2_RW, .accessfn = e2h_access,
+              .readfn = gt_virt_tval_read, .writefn = gt_virt_tval_write,
+            },
+            { .name = "CNTP_CVAL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 2, .opc2 = 2,
+              .type = ARM_CP_IO | ARM_CP_ALIAS,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
+              .access = PL2_RW, .accessfn = e2h_access,
+              .writefn = gt_phys_cval_write, .raw_writefn = raw_write,
+            },
+            { .name = "CNTV_CVAL_EL02", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 5, .crn = 14, .crm = 3, .opc2 = 2,
+              .type = ARM_CP_IO | ARM_CP_ALIAS,
+              .fieldoffset =
+                offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
+              .access = PL2_RW, .accessfn = e2h_access,
+              .writefn = gt_virt_cval_write, .raw_writefn = raw_write,
+            },
 #endif
             REGINFO_SENTINEL
         };
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (27 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 28/40] target/arm: Add VHE timer " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 17:05   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 " Richard Henderson
                   ` (10 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Since we only support a single ASID, flush the tlb when it changes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9df55a8d6b..2a4d4c2c0d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3740,6 +3740,15 @@ static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                     uint64_t value)
 {
+    /*
+     * If we are running with E2&0 regime, then the ASID is active.
+     * Flush if that changes.
+     */
+    if ((arm_hcr_el2_eff(env) & HCR_E2H) &&
+        extract64(raw_read(env, ri) ^ value, 48, 16)) {
+        tlb_flush_by_mmuidx(env_cpu(env),
+                            ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0);
+    }
     raw_write(env, ri, value);
 }
 
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 translation regime
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (28 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-06 17:14   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE Richard Henderson
                   ` (9 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2a4d4c2c0d..b059d9f81a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4123,8 +4123,12 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
 
 static int vae1_tlbmask(CPUARMState *env)
 {
+    /* Since we exclude secure first, we may read HCR_EL2 directly. */
     if (arm_is_secure_below_el3(env)) {
         return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
+    } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE))
+               == (HCR_E2H | HCR_TGE)) {
+        return ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0;
     } else {
         return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
     }
@@ -4158,9 +4162,14 @@ static int vmalle1_tlbmask(CPUARMState *env)
      * Note that the 'ALL' scope must invalidate both stage 1 and
      * stage 2 translations, whereas most other scopes only invalidate
      * stage 1 translations.
+     *
+     * Since we exclude secure first, we may read HCR_EL2 directly.
      */
     if (arm_is_secure_below_el3(env)) {
         return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
+    } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE))
+               == (HCR_E2H | HCR_TGE)) {
+        return ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0;
     } else if (arm_feature(env, ARM_FEATURE_EL2)) {
         return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
     } else {
@@ -4177,13 +4186,22 @@ static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
     tlb_flush_by_mmuidx(cs, mask);
 }
 
+static int vae2_tlbmask(CPUARMState *env)
+{
+    if (arm_hcr_el2_eff(env) & HCR_E2H) {
+        return ARMMMUIdxBit_EL20_0 | ARMMMUIdxBit_EL20_2;
+    } else {
+        return ARMMMUIdxBit_E2;
+    }
+}
+
 static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                   uint64_t value)
 {
-    ARMCPU *cpu = env_archcpu(env);
-    CPUState *cs = CPU(cpu);
+    CPUState *cs = env_cpu(env);
+    int mask = vae2_tlbmask(env);
 
-    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
+    tlb_flush_by_mmuidx(cs, mask);
 }
 
 static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4208,8 +4226,9 @@ static void tlbi_aa64_alle2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
                                     uint64_t value)
 {
     CPUState *cs = env_cpu(env);
+    int mask = vae2_tlbmask(env);
 
-    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E2);
+    tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
 }
 
 static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4227,11 +4246,11 @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
      * Currently handles both VAE2 and VALE2, since we don't support
      * flush-last-level-only.
      */
-    ARMCPU *cpu = env_archcpu(env);
-    CPUState *cs = CPU(cpu);
+    CPUState *cs = env_cpu(env);
+    int mask = vae2_tlbmask(env);
     uint64_t pageaddr = sextract64(value << 12, 0, 56);
 
-    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E2);
+    tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
 }
 
 static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (29 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 16:59   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 32/40] target/arm: Update {fp,sve}_exception_el for VHE Richard Henderson
                   ` (8 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The TGE bit routes all asynchronous exceptions to EL2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index b059d9f81a..e0b8c81c5f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8316,6 +8316,12 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
         break;
     };
 
+    /*
+     * For these purposes, TGE and AMO/IMO/FMO both force the
+     * interrupt to EL2.  Fold TGE into the bit extracted above.
+     */
+    hcr |= (hcr_el2 & HCR_TGE) != 0;
+
     /* Perform a table-lookup for the target EL given the current state */
     target_el = target_el_table[is64][scr][rw][hcr][secure][cur_el];
 
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 32/40] target/arm: Update {fp,sve}_exception_el for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (30 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 16:50   ` [PATCH v4 32/40] target/arm: Update {fp, sve}_exception_el " Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps Richard Henderson
                   ` (7 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

When TGE+E2H are both set, CPACR_EL1 is ignored.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 53 ++++++++++++++++++++++++---------------------
 1 file changed, 28 insertions(+), 25 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index e0b8c81c5f..3e025eb22e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5743,7 +5743,9 @@ static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
 int sve_exception_el(CPUARMState *env, int el)
 {
 #ifndef CONFIG_USER_ONLY
-    if (el <= 1) {
+    uint64_t hcr_el2 = arm_hcr_el2_eff(env);
+
+    if (el <= 1 && (hcr_el2 & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
         bool disabled = false;
 
         /* The CPACR.ZEN controls traps to EL1:
@@ -5758,8 +5760,7 @@ int sve_exception_el(CPUARMState *env, int el)
         }
         if (disabled) {
             /* route_to_el2 */
-            return (arm_feature(env, ARM_FEATURE_EL2)
-                    && (arm_hcr_el2_eff(env) & HCR_TGE) ? 2 : 1);
+            return hcr_el2 & HCR_TGE ? 2 : 1;
         }
 
         /* Check CPACR.FPEN.  */
@@ -11565,8 +11566,6 @@ uint32_t HELPER(crc32c)(uint32_t acc, uint32_t val, uint32_t bytes)
 int fp_exception_el(CPUARMState *env, int cur_el)
 {
 #ifndef CONFIG_USER_ONLY
-    int fpen;
-
     /* CPACR and the CPTR registers don't exist before v6, so FP is
      * always accessible
      */
@@ -11594,30 +11593,34 @@ int fp_exception_el(CPUARMState *env, int cur_el)
      * 0, 2 : trap EL0 and EL1/PL1 accesses
      * 1    : trap only EL0 accesses
      * 3    : trap no accesses
+     * This register is ignored if E2H+TGE are both set.
      */
-    fpen = extract32(env->cp15.cpacr_el1, 20, 2);
-    switch (fpen) {
-    case 0:
-    case 2:
-        if (cur_el == 0 || cur_el == 1) {
-            /* Trap to PL1, which might be EL1 or EL3 */
-            if (arm_is_secure(env) && !arm_el_is_aa64(env, 3)) {
+    if ((arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+        int fpen = extract32(env->cp15.cpacr_el1, 20, 2);
+
+        switch (fpen) {
+        case 0:
+        case 2:
+            if (cur_el == 0 || cur_el == 1) {
+                /* Trap to PL1, which might be EL1 or EL3 */
+                if (arm_is_secure(env) && !arm_el_is_aa64(env, 3)) {
+                    return 3;
+                }
+                return 1;
+            }
+            if (cur_el == 3 && !is_a64(env)) {
+                /* Secure PL1 running at EL3 */
                 return 3;
             }
-            return 1;
+            break;
+        case 1:
+            if (cur_el == 0) {
+                return 1;
+            }
+            break;
+        case 3:
+            break;
         }
-        if (cur_el == 3 && !is_a64(env)) {
-            /* Secure PL1 running at EL3 */
-            return 3;
-        }
-        break;
-    case 1:
-        if (cur_el == 0) {
-            return 1;
-        }
-        break;
-    case 3:
-        break;
     }
 
     /*
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (31 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 32/40] target/arm: Update {fp,sve}_exception_el for VHE Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 16:08   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE Richard Henderson
                   ` (6 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

From: Alex Bennée <alex.bennee@linaro.org>

According to ARM ARM we should only trap from the EL1&0 regime.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/pauth_helper.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
index 42c9141bb7..c3cb7c8d52 100644
--- a/target/arm/pauth_helper.c
+++ b/target/arm/pauth_helper.c
@@ -371,7 +371,10 @@ static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra)
     if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
         uint64_t hcr = arm_hcr_el2_eff(env);
         bool trap = !(hcr & HCR_API);
-        /* FIXME: ARMv8.1-VHE: trap only applies to EL1&0 regime.  */
+        if (el == 0) {
+            /* Trap only applies to EL1&0 regime.  */
+            trap &= (hcr & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE);
+        }
         /* FIXME: ARMv8.3-NV: HCR_NV trap takes precedence for ERETA[AB].  */
         if (trap) {
             pauth_trap(env, 2, ra);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (32 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 16:46   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 " Richard Henderson
                   ` (5 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The EL2&0 translation regime is affected by Load Register (unpriv).

The code structure used here will facilitate later changes in this
area for implementing UAO and NV.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h           |  1 +
 target/arm/translate.h     |  2 ++
 target/arm/helper.c        | 22 +++++++++++++++++++
 target/arm/translate-a64.c | 44 ++++++++++++++++++++++++--------------
 4 files changed, 53 insertions(+), 16 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index bb5a72520e..8e5aaaf415 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3239,6 +3239,7 @@ FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
 FIELD(TBFLAG_A64, BT, 9, 1)
 FIELD(TBFLAG_A64, BTYPE, 10, 2)         /* Not cached. */
 FIELD(TBFLAG_A64, TBID, 12, 2)
+FIELD(TBFLAG_A64, UNPRIV, 14, 1)
 
 static inline bool bswap_code(bool sctlr_b)
 {
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 3760159661..d31d9ad858 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -73,6 +73,8 @@ typedef struct DisasContext {
      * ie A64 LDX*, LDAX*, A32/T32 LDREX*, LDAEX*.
      */
     bool is_ldex;
+    /* True if AccType_UNPRIV should be used for LDTR et al */
+    bool unpriv;
     /* True if v8.3-PAuth is active.  */
     bool pauth_active;
     /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3e025eb22e..f2d18bd51a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11879,6 +11879,28 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
         }
     }
 
+    /* Compute the condition for using AccType_UNPRIV for LDTR et al. */
+    /* TODO: ARMv8.2-UAO */
+    switch (mmu_idx) {
+    case ARMMMUIdx_EL10_1:
+    case ARMMMUIdx_SE1:
+        /* TODO: ARMv8.3-NV */
+        flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+        break;
+    case ARMMMUIdx_EL20_2:
+        /* TODO: ARMv8.4-SecEL2 */
+        /*
+         * Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is
+         * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
+         */
+        if (env->cp15.hcr_el2 & HCR_TGE) {
+            flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+        }
+        break;
+    default:
+        break;
+    }
+
     return rebuild_hflags_common(env, fp_el, mmu_idx, flags);
 }
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d0b65c49e2..fe492bea90 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -105,25 +105,36 @@ void a64_translate_init(void)
         offsetof(CPUARMState, exclusive_high), "exclusive_high");
 }
 
-static inline int get_a64_user_mem_index(DisasContext *s)
+/*
+ * Return the core mmu_idx to use for A64 "unprivileged load/store" insns
+ */
+static int get_a64_user_mem_index(DisasContext *s)
 {
-    /* Return the core mmu_idx to use for A64 "unprivileged load/store" insns:
-     *  if EL1, access as if EL0; otherwise access at current EL
+    /*
+     * If AccType_UNPRIV is not used, the insn uses AccType_NORMAL,
+     * which is the usual mmu_idx for this cpu state.
      */
-    ARMMMUIdx useridx;
+    ARMMMUIdx useridx = s->mmu_idx;
 
-    switch (s->mmu_idx) {
-    case ARMMMUIdx_EL10_1:
-        useridx = ARMMMUIdx_EL10_0;
-        break;
-    case ARMMMUIdx_SE1:
-        useridx = ARMMMUIdx_SE0;
-        break;
-    case ARMMMUIdx_Stage2:
-        g_assert_not_reached();
-    default:
-        useridx = s->mmu_idx;
-        break;
+    if (s->unpriv) {
+        /*
+         * We have pre-computed the condition for AccType_UNPRIV.
+         * Therefore we should never get here with a mmu_idx for
+         * which we do not know the corresponding user mmu_idx.
+         */
+        switch (useridx) {
+        case ARMMMUIdx_EL10_1:
+            useridx = ARMMMUIdx_EL10_0;
+            break;
+        case ARMMMUIdx_EL20_2:
+            useridx = ARMMMUIdx_EL20_0;
+            break;
+        case ARMMMUIdx_SE1:
+            useridx = ARMMMUIdx_SE0;
+            break;
+        default:
+            g_assert_not_reached();
+        }
     }
     return arm_to_core_mmu_idx(useridx);
 }
@@ -14169,6 +14180,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
     dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
     dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
+    dc->unpriv = FIELD_EX32(tb_flags, TBFLAG_A64, UNPRIV);
     dc->vec_len = 0;
     dc->vec_stride = 0;
     dc->cp_regs = arm_cpu->cp_regs;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 for VHE
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (33 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE Richard Henderson
@ 2019-12-03  2:29 ` " Richard Henderson
  2019-12-06 16:03   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max Richard Henderson
                   ` (4 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

When VHE is enabled, we need to take the aa32-ness of EL0
from PSTATE not HCR_EL2, which is controlling EL1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index f2d18bd51a..f3785d5ad6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8887,14 +8887,19 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
          * immediately lower than the target level is using AArch32 or AArch64
          */
         bool is_aa64;
+        uint64_t hcr;
 
         switch (new_el) {
         case 3:
             is_aa64 = (env->cp15.scr_el3 & SCR_RW) != 0;
             break;
         case 2:
-            is_aa64 = (env->cp15.hcr_el2 & HCR_RW) != 0;
-            break;
+            hcr = arm_hcr_el2_eff(env);
+            if ((hcr & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+                is_aa64 = (hcr & HCR_RW) != 0;
+                break;
+            }
+            /* fall through */
         case 1:
             is_aa64 = is_a64(env);
             break;
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (34 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 " Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 15:57   ` Peter Maydell
  2019-12-03  2:29 ` [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c Richard Henderson
                   ` (3 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu64.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index a39d6fcea3..009411813f 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -670,6 +670,7 @@ static void aarch64_max_initfn(Object *obj)
         t = cpu->isar.id_aa64mmfr1;
         t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */
         t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1);
+        t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1);
         cpu->isar.id_aa64mmfr1 = t;
 
         /* Replicate the same data to the 32-bit id registers.  */
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (35 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  6:28   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked Richard Henderson
                   ` (2 subsequent siblings)
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

This inline function has one user in cpu.c, and need not be exposed
otherwise.  Code movement only, with fixups for checkpatch.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.h | 111 -------------------------------------------
 target/arm/cpu.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+), 111 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8e5aaaf415..22935e4433 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2673,117 +2673,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
 #define ARM_CPUID_TI915T      0x54029152
 #define ARM_CPUID_TI925T      0x54029252
 
-static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
-                                     unsigned int target_el)
-{
-    CPUARMState *env = cs->env_ptr;
-    unsigned int cur_el = arm_current_el(env);
-    bool secure = arm_is_secure(env);
-    bool pstate_unmasked;
-    int8_t unmasked = 0;
-    uint64_t hcr_el2;
-
-    /* Don't take exceptions if they target a lower EL.
-     * This check should catch any exceptions that would not be taken but left
-     * pending.
-     */
-    if (cur_el > target_el) {
-        return false;
-    }
-
-    hcr_el2 = arm_hcr_el2_eff(env);
-
-    switch (excp_idx) {
-    case EXCP_FIQ:
-        pstate_unmasked = !(env->daif & PSTATE_F);
-        break;
-
-    case EXCP_IRQ:
-        pstate_unmasked = !(env->daif & PSTATE_I);
-        break;
-
-    case EXCP_VFIQ:
-        if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
-            /* VFIQs are only taken when hypervized and non-secure.  */
-            return false;
-        }
-        return !(env->daif & PSTATE_F);
-    case EXCP_VIRQ:
-        if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
-            /* VIRQs are only taken when hypervized and non-secure.  */
-            return false;
-        }
-        return !(env->daif & PSTATE_I);
-    default:
-        g_assert_not_reached();
-    }
-
-    /* Use the target EL, current execution state and SCR/HCR settings to
-     * determine whether the corresponding CPSR bit is used to mask the
-     * interrupt.
-     */
-    if ((target_el > cur_el) && (target_el != 1)) {
-        /* Exceptions targeting a higher EL may not be maskable */
-        if (arm_feature(env, ARM_FEATURE_AARCH64)) {
-            /* 64-bit masking rules are simple: exceptions to EL3
-             * can't be masked, and exceptions to EL2 can only be
-             * masked from Secure state. The HCR and SCR settings
-             * don't affect the masking logic, only the interrupt routing.
-             */
-            if (target_el == 3 || !secure) {
-                unmasked = 1;
-            }
-        } else {
-            /* The old 32-bit-only environment has a more complicated
-             * masking setup. HCR and SCR bits not only affect interrupt
-             * routing but also change the behaviour of masking.
-             */
-            bool hcr, scr;
-
-            switch (excp_idx) {
-            case EXCP_FIQ:
-                /* If FIQs are routed to EL3 or EL2 then there are cases where
-                 * we override the CPSR.F in determining if the exception is
-                 * masked or not. If neither of these are set then we fall back
-                 * to the CPSR.F setting otherwise we further assess the state
-                 * below.
-                 */
-                hcr = hcr_el2 & HCR_FMO;
-                scr = (env->cp15.scr_el3 & SCR_FIQ);
-
-                /* When EL3 is 32-bit, the SCR.FW bit controls whether the
-                 * CPSR.F bit masks FIQ interrupts when taken in non-secure
-                 * state. If SCR.FW is set then FIQs can be masked by CPSR.F
-                 * when non-secure but only when FIQs are only routed to EL3.
-                 */
-                scr = scr && !((env->cp15.scr_el3 & SCR_FW) && !hcr);
-                break;
-            case EXCP_IRQ:
-                /* When EL3 execution state is 32-bit, if HCR.IMO is set then
-                 * we may override the CPSR.I masking when in non-secure state.
-                 * The SCR.IRQ setting has already been taken into consideration
-                 * when setting the target EL, so it does not have a further
-                 * affect here.
-                 */
-                hcr = hcr_el2 & HCR_IMO;
-                scr = false;
-                break;
-            default:
-                g_assert_not_reached();
-            }
-
-            if ((scr || hcr) && !secure) {
-                unmasked = 1;
-            }
-        }
-    }
-
-    /* The PSTATE bits only mask the interrupt if we have not overriden the
-     * ability above.
-     */
-    return unmasked || pstate_unmasked;
-}
-
 #define ARM_CPU_TYPE_SUFFIX "-" TYPE_ARM_CPU
 #define ARM_CPU_TYPE_NAME(name) (name ARM_CPU_TYPE_SUFFIX)
 #define CPU_RESOLVING_TYPE TYPE_ARM_CPU
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 81c33221f7..a36344d4c7 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -410,6 +410,125 @@ static void arm_cpu_reset(CPUState *s)
     arm_rebuild_hflags(env);
 }
 
+static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
+                                     unsigned int target_el)
+{
+    CPUARMState *env = cs->env_ptr;
+    unsigned int cur_el = arm_current_el(env);
+    bool secure = arm_is_secure(env);
+    bool pstate_unmasked;
+    int8_t unmasked = 0;
+    uint64_t hcr_el2;
+
+    /*
+     * Don't take exceptions if they target a lower EL.
+     * This check should catch any exceptions that would not be taken
+     * but left pending.
+     */
+    if (cur_el > target_el) {
+        return false;
+    }
+
+    hcr_el2 = arm_hcr_el2_eff(env);
+
+    switch (excp_idx) {
+    case EXCP_FIQ:
+        pstate_unmasked = !(env->daif & PSTATE_F);
+        break;
+
+    case EXCP_IRQ:
+        pstate_unmasked = !(env->daif & PSTATE_I);
+        break;
+
+    case EXCP_VFIQ:
+        if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
+            /* VFIQs are only taken when hypervized and non-secure.  */
+            return false;
+        }
+        return !(env->daif & PSTATE_F);
+    case EXCP_VIRQ:
+        if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
+            /* VIRQs are only taken when hypervized and non-secure.  */
+            return false;
+        }
+        return !(env->daif & PSTATE_I);
+    default:
+        g_assert_not_reached();
+    }
+
+    /*
+     * Use the target EL, current execution state and SCR/HCR settings to
+     * determine whether the corresponding CPSR bit is used to mask the
+     * interrupt.
+     */
+    if ((target_el > cur_el) && (target_el != 1)) {
+        /* Exceptions targeting a higher EL may not be maskable */
+        if (arm_feature(env, ARM_FEATURE_AARCH64)) {
+            /*
+             * 64-bit masking rules are simple: exceptions to EL3
+             * can't be masked, and exceptions to EL2 can only be
+             * masked from Secure state. The HCR and SCR settings
+             * don't affect the masking logic, only the interrupt routing.
+             */
+            if (target_el == 3 || !secure) {
+                unmasked = 1;
+            }
+        } else {
+            /*
+             * The old 32-bit-only environment has a more complicated
+             * masking setup. HCR and SCR bits not only affect interrupt
+             * routing but also change the behaviour of masking.
+             */
+            bool hcr, scr;
+
+            switch (excp_idx) {
+            case EXCP_FIQ:
+                /*
+                 * If FIQs are routed to EL3 or EL2 then there are cases where
+                 * we override the CPSR.F in determining if the exception is
+                 * masked or not. If neither of these are set then we fall back
+                 * to the CPSR.F setting otherwise we further assess the state
+                 * below.
+                 */
+                hcr = hcr_el2 & HCR_FMO;
+                scr = (env->cp15.scr_el3 & SCR_FIQ);
+
+                /*
+                 * When EL3 is 32-bit, the SCR.FW bit controls whether the
+                 * CPSR.F bit masks FIQ interrupts when taken in non-secure
+                 * state. If SCR.FW is set then FIQs can be masked by CPSR.F
+                 * when non-secure but only when FIQs are only routed to EL3.
+                 */
+                scr = scr && !((env->cp15.scr_el3 & SCR_FW) && !hcr);
+                break;
+            case EXCP_IRQ:
+                /*
+                 * When EL3 execution state is 32-bit, if HCR.IMO is set then
+                 * we may override the CPSR.I masking when in non-secure state.
+                 * The SCR.IRQ setting has already been taken into consideration
+                 * when setting the target EL, so it does not have a further
+                 * affect here.
+                 */
+                hcr = hcr_el2 & HCR_IMO;
+                scr = false;
+                break;
+            default:
+                g_assert_not_reached();
+            }
+
+            if ((scr || hcr) && !secure) {
+                unmasked = 1;
+            }
+        }
+    }
+
+    /*
+     * The PSTATE bits only mask the interrupt if we have not overriden the
+     * ability above.
+     */
+    return unmasked || pstate_unmasked;
+}
+
 bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 {
     CPUClass *cc = CPU_GET_CLASS(cs);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (36 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  6:29   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked Richard Henderson
  2019-12-03  2:29 ` [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt Richard Henderson
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

Avoid redundant computation of cpu state by passing it in
from the caller, which has already computed it for itself.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a36344d4c7..7a1177b883 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -411,14 +411,13 @@ static void arm_cpu_reset(CPUState *s)
 }
 
 static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
-                                     unsigned int target_el)
+                                     unsigned int target_el,
+                                     unsigned int cur_el, bool secure,
+                                     uint64_t hcr_el2)
 {
     CPUARMState *env = cs->env_ptr;
-    unsigned int cur_el = arm_current_el(env);
-    bool secure = arm_is_secure(env);
     bool pstate_unmasked;
     int8_t unmasked = 0;
-    uint64_t hcr_el2;
 
     /*
      * Don't take exceptions if they target a lower EL.
@@ -429,8 +428,6 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
         return false;
     }
 
-    hcr_el2 = arm_hcr_el2_eff(env);
-
     switch (excp_idx) {
     case EXCP_FIQ:
         pstate_unmasked = !(env->daif & PSTATE_F);
@@ -535,6 +532,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     CPUARMState *env = cs->env_ptr;
     uint32_t cur_el = arm_current_el(env);
     bool secure = arm_is_secure(env);
+    uint64_t hcr_el2 = arm_hcr_el2_eff(env);
     uint32_t target_el;
     uint32_t excp_idx;
     bool ret = false;
@@ -542,7 +540,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     if (interrupt_request & CPU_INTERRUPT_FIQ) {
         excp_idx = EXCP_FIQ;
         target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
-        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
+        if (arm_excp_unmasked(cs, excp_idx, target_el,
+                              cur_el, secure, hcr_el2)) {
             cs->exception_index = excp_idx;
             env->exception.target_el = target_el;
             cc->do_interrupt(cs);
@@ -552,7 +551,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     if (interrupt_request & CPU_INTERRUPT_HARD) {
         excp_idx = EXCP_IRQ;
         target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
-        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
+        if (arm_excp_unmasked(cs, excp_idx, target_el,
+                              cur_el, secure, hcr_el2)) {
             cs->exception_index = excp_idx;
             env->exception.target_el = target_el;
             cc->do_interrupt(cs);
@@ -562,7 +562,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     if (interrupt_request & CPU_INTERRUPT_VIRQ) {
         excp_idx = EXCP_VIRQ;
         target_el = 1;
-        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
+        if (arm_excp_unmasked(cs, excp_idx, target_el,
+                              cur_el, secure, hcr_el2)) {
             cs->exception_index = excp_idx;
             env->exception.target_el = target_el;
             cc->do_interrupt(cs);
@@ -572,7 +573,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     if (interrupt_request & CPU_INTERRUPT_VFIQ) {
         excp_idx = EXCP_VFIQ;
         target_el = 1;
-        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
+        if (arm_excp_unmasked(cs, excp_idx, target_el,
+                              cur_el, secure, hcr_el2)) {
             cs->exception_index = excp_idx;
             env->exception.target_el = target_el;
             cc->do_interrupt(cs);
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (37 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-03  6:30   ` Philippe Mathieu-Daudé
  2019-12-03  2:29 ` [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt Richard Henderson
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The value computed is fully boolean; using int8_t is odd.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 7a1177b883..a366448c6d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -417,7 +417,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
 {
     CPUARMState *env = cs->env_ptr;
     bool pstate_unmasked;
-    int8_t unmasked = 0;
+    bool unmasked = false;
 
     /*
      * Don't take exceptions if they target a lower EL.
@@ -468,7 +468,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
              * don't affect the masking logic, only the interrupt routing.
              */
             if (target_el == 3 || !secure) {
-                unmasked = 1;
+                unmasked = true;
             }
         } else {
             /*
@@ -514,7 +514,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
             }
 
             if ((scr || hcr) && !secure) {
-                unmasked = 1;
+                unmasked = true;
             }
         }
     }
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt
  2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
                   ` (38 preceding siblings ...)
  2019-12-03  2:29 ` [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked Richard Henderson
@ 2019-12-03  2:29 ` Richard Henderson
  2019-12-06 15:57   ` Peter Maydell
  39 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-03  2:29 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, alex.bennee

The fall through organization of this function meant that we
would raise an interrupt, then might overwrite that with another.
Since interrupt prioritization is IMPLEMENTATION DEFINED, we
can recognize these in any order we choose.

Unify the code to raise the interrupt in a block at the end.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/cpu.c | 30 ++++++++++++------------------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a366448c6d..f3360dbb98 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -535,17 +535,15 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     uint64_t hcr_el2 = arm_hcr_el2_eff(env);
     uint32_t target_el;
     uint32_t excp_idx;
-    bool ret = false;
+
+    /* The prioritization of interrupts is IMPLEMENTATION DEFINED. */
 
     if (interrupt_request & CPU_INTERRUPT_FIQ) {
         excp_idx = EXCP_FIQ;
         target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
         if (arm_excp_unmasked(cs, excp_idx, target_el,
                               cur_el, secure, hcr_el2)) {
-            cs->exception_index = excp_idx;
-            env->exception.target_el = target_el;
-            cc->do_interrupt(cs);
-            ret = true;
+            goto found;
         }
     }
     if (interrupt_request & CPU_INTERRUPT_HARD) {
@@ -553,10 +551,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
         target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
         if (arm_excp_unmasked(cs, excp_idx, target_el,
                               cur_el, secure, hcr_el2)) {
-            cs->exception_index = excp_idx;
-            env->exception.target_el = target_el;
-            cc->do_interrupt(cs);
-            ret = true;
+            goto found;
         }
     }
     if (interrupt_request & CPU_INTERRUPT_VIRQ) {
@@ -564,10 +559,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
         target_el = 1;
         if (arm_excp_unmasked(cs, excp_idx, target_el,
                               cur_el, secure, hcr_el2)) {
-            cs->exception_index = excp_idx;
-            env->exception.target_el = target_el;
-            cc->do_interrupt(cs);
-            ret = true;
+            goto found;
         }
     }
     if (interrupt_request & CPU_INTERRUPT_VFIQ) {
@@ -575,14 +567,16 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
         target_el = 1;
         if (arm_excp_unmasked(cs, excp_idx, target_el,
                               cur_el, secure, hcr_el2)) {
-            cs->exception_index = excp_idx;
-            env->exception.target_el = target_el;
-            cc->do_interrupt(cs);
-            ret = true;
+            goto found;
         }
     }
+    return false;
 
-    return ret;
+ found:
+    cs->exception_index = excp_idx;
+    env->exception.target_el = target_el;
+    cc->do_interrupt(cs);
+    return true;
 }
 
 #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
-- 
2.17.1



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask
  2019-12-03  2:29 ` [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask Richard Henderson
@ 2019-12-03  6:25   ` Philippe Mathieu-Daudé
  2019-12-03 22:01     ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-03  6:25 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> No functional change, but unify code sequences.
> 
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Easier to review in 2 patches: vae1_tlbmask first, then vmalle1_tlbmask.

If you need to respin, the 2 patches are welcome. Regardless:
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   target/arm/helper.c | 118 ++++++++++++++------------------------------
>   1 file changed, 37 insertions(+), 81 deletions(-)
> 
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 731507a82f..0b0130d814 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3890,70 +3890,61 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
>    * Page D4-1736 (DDI0487A.b)
>    */
>   
> +static int vae1_tlbmask(CPUARMState *env)
> +{
> +    if (arm_is_secure_below_el3(env)) {
> +        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
> +    } else {
> +        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
> +    }
> +}
> +
>   static void tlbi_aa64_vmalle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                         uint64_t value)
>   {
>       CPUState *cs = env_cpu(env);
> -    bool sec = arm_is_secure_below_el3(env);
> +    int mask = vae1_tlbmask(env);
>   
> -    if (sec) {
> -        tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                            ARMMMUIdxBit_S1SE1 |
> -                                            ARMMMUIdxBit_S1SE0);
> -    } else {
> -        tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                            ARMMMUIdxBit_S12NSE1 |
> -                                            ARMMMUIdxBit_S12NSE0);
> -    }
> +    tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
>   }
>   
>   static void tlbi_aa64_vmalle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                       uint64_t value)
>   {
>       CPUState *cs = env_cpu(env);
> +    int mask = vae1_tlbmask(env);
>   
>       if (tlb_force_broadcast(env)) {
>           tlbi_aa64_vmalle1is_write(env, NULL, value);
>           return;
>       }
>   
> +    tlb_flush_by_mmuidx(cs, mask);
> +}
> +
> +static int vmalle1_tlbmask(CPUARMState *env)
> +{
> +    /*
> +     * Note that the 'ALL' scope must invalidate both stage 1 and
> +     * stage 2 translations, whereas most other scopes only invalidate
> +     * stage 1 translations.
> +     */
>       if (arm_is_secure_below_el3(env)) {
> -        tlb_flush_by_mmuidx(cs,
> -                            ARMMMUIdxBit_S1SE1 |
> -                            ARMMMUIdxBit_S1SE0);
> +        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
> +    } else if (arm_feature(env, ARM_FEATURE_EL2)) {
> +        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0 | ARMMMUIdxBit_S2NS;
>       } else {
> -        tlb_flush_by_mmuidx(cs,
> -                            ARMMMUIdxBit_S12NSE1 |
> -                            ARMMMUIdxBit_S12NSE0);
> +        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
>       }
>   }
>   
>   static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                     uint64_t value)
>   {
> -    /* Note that the 'ALL' scope must invalidate both stage 1 and
> -     * stage 2 translations, whereas most other scopes only invalidate
> -     * stage 1 translations.
> -     */
> -    ARMCPU *cpu = env_archcpu(env);
> -    CPUState *cs = CPU(cpu);
> +    CPUState *cs = env_cpu(env);
> +    int mask = vmalle1_tlbmask(env);
>   
> -    if (arm_is_secure_below_el3(env)) {
> -        tlb_flush_by_mmuidx(cs,
> -                            ARMMMUIdxBit_S1SE1 |
> -                            ARMMMUIdxBit_S1SE0);
> -    } else {
> -        if (arm_feature(env, ARM_FEATURE_EL2)) {
> -            tlb_flush_by_mmuidx(cs,
> -                                ARMMMUIdxBit_S12NSE1 |
> -                                ARMMMUIdxBit_S12NSE0 |
> -                                ARMMMUIdxBit_S2NS);
> -        } else {
> -            tlb_flush_by_mmuidx(cs,
> -                                ARMMMUIdxBit_S12NSE1 |
> -                                ARMMMUIdxBit_S12NSE0);
> -        }
> -    }
> +    tlb_flush_by_mmuidx(cs, mask);
>   }
>   
>   static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -3977,28 +3968,10 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
>   static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                       uint64_t value)
>   {
> -    /* Note that the 'ALL' scope must invalidate both stage 1 and
> -     * stage 2 translations, whereas most other scopes only invalidate
> -     * stage 1 translations.
> -     */
>       CPUState *cs = env_cpu(env);
> -    bool sec = arm_is_secure_below_el3(env);
> -    bool has_el2 = arm_feature(env, ARM_FEATURE_EL2);
> +    int mask = vmalle1_tlbmask(env);
>   
> -    if (sec) {
> -        tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                            ARMMMUIdxBit_S1SE1 |
> -                                            ARMMMUIdxBit_S1SE0);
> -    } else if (has_el2) {
> -        tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                            ARMMMUIdxBit_S12NSE1 |
> -                                            ARMMMUIdxBit_S12NSE0 |
> -                                            ARMMMUIdxBit_S2NS);
> -    } else {
> -          tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                              ARMMMUIdxBit_S12NSE1 |
> -                                              ARMMMUIdxBit_S12NSE0);
> -    }
> +    tlb_flush_by_mmuidx_all_cpus_synced(cs, mask);
>   }
>   
>   static void tlbi_aa64_alle2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4048,20 +4021,11 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
>   static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                      uint64_t value)
>   {
> -    ARMCPU *cpu = env_archcpu(env);
> -    CPUState *cs = CPU(cpu);
> -    bool sec = arm_is_secure_below_el3(env);
> +    CPUState *cs = env_cpu(env);
> +    int mask = vae1_tlbmask(env);
>       uint64_t pageaddr = sextract64(value << 12, 0, 56);
>   
> -    if (sec) {
> -        tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                                 ARMMMUIdxBit_S1SE1 |
> -                                                 ARMMMUIdxBit_S1SE0);
> -    } else {
> -        tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                                 ARMMMUIdxBit_S12NSE1 |
> -                                                 ARMMMUIdxBit_S12NSE0);
> -    }
> +    tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr, mask);
>   }
>   
>   static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4072,8 +4036,8 @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>        * since we don't support flush-for-specific-ASID-only or
>        * flush-last-level-only.
>        */
> -    ARMCPU *cpu = env_archcpu(env);
> -    CPUState *cs = CPU(cpu);
> +    CPUState *cs = env_cpu(env);
> +    int mask = vae1_tlbmask(env);
>       uint64_t pageaddr = sextract64(value << 12, 0, 56);
>   
>       if (tlb_force_broadcast(env)) {
> @@ -4081,15 +4045,7 @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>           return;
>       }
>   
> -    if (arm_is_secure_below_el3(env)) {
> -        tlb_flush_page_by_mmuidx(cs, pageaddr,
> -                                 ARMMMUIdxBit_S1SE1 |
> -                                 ARMMMUIdxBit_S1SE0);
> -    } else {
> -        tlb_flush_page_by_mmuidx(cs, pageaddr,
> -                                 ARMMMUIdxBit_S12NSE1 |
> -                                 ARMMMUIdxBit_S12NSE0);
> -    }
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
>   }
>   
>   static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> 



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions
  2019-12-03  2:29 ` [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions Richard Henderson
@ 2019-12-03  6:27   ` Philippe Mathieu-Daudé
  0 siblings, 0 replies; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-03  6:27 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> Replace the magic numbers with the relevant ARM_MMU_IDX_M_* constants.
> Keep the definitions short by referencing previous symbols.

Nice trick :)

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/arm/cpu.h | 16 ++++++++--------
>   1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 6ba5126852..015301e93a 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2871,14 +2871,14 @@ typedef enum ARMMMUIdx {
>       ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
>       ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
>       ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MPrivNegPri = 3 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MSUser = 4 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MSPriv = 5 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MSUserNegPri = 6 | ARM_MMU_IDX_M,
> -    ARMMMUIdx_MSPrivNegPri = 7 | ARM_MMU_IDX_M,
> +    ARMMMUIdx_MUser = ARM_MMU_IDX_M,
> +    ARMMMUIdx_MPriv = ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV,
> +    ARMMMUIdx_MUserNegPri = ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI,
> +    ARMMMUIdx_MPrivNegPri = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI,
> +    ARMMMUIdx_MSUser = ARMMMUIdx_MUser | ARM_MMU_IDX_M_S,
> +    ARMMMUIdx_MSPriv = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S,
> +    ARMMMUIdx_MSUserNegPri = ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S,
> +    ARMMMUIdx_MSPrivNegPri = ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S,
>       /* Indexes below here don't have TLBs and are used only for AT system
>        * instructions or for the first stage of an S12 page table walk.
>        */
> 



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c
  2019-12-03  2:29 ` [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c Richard Henderson
@ 2019-12-03  6:28   ` Philippe Mathieu-Daudé
  0 siblings, 0 replies; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-03  6:28 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> This inline function has one user in cpu.c, and need not be exposed
> otherwise.  Code movement only, with fixups for checkpatch.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   target/arm/cpu.h | 111 -------------------------------------------
>   target/arm/cpu.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++
>   2 files changed, 119 insertions(+), 111 deletions(-)
> 
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 8e5aaaf415..22935e4433 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2673,117 +2673,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
>   #define ARM_CPUID_TI915T      0x54029152
>   #define ARM_CPUID_TI925T      0x54029252
>   
> -static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
> -                                     unsigned int target_el)
> -{
> -    CPUARMState *env = cs->env_ptr;
> -    unsigned int cur_el = arm_current_el(env);
> -    bool secure = arm_is_secure(env);
> -    bool pstate_unmasked;
> -    int8_t unmasked = 0;
> -    uint64_t hcr_el2;
> -
> -    /* Don't take exceptions if they target a lower EL.
> -     * This check should catch any exceptions that would not be taken but left
> -     * pending.
> -     */
> -    if (cur_el > target_el) {
> -        return false;
> -    }
> -
> -    hcr_el2 = arm_hcr_el2_eff(env);
> -
> -    switch (excp_idx) {
> -    case EXCP_FIQ:
> -        pstate_unmasked = !(env->daif & PSTATE_F);
> -        break;
> -
> -    case EXCP_IRQ:
> -        pstate_unmasked = !(env->daif & PSTATE_I);
> -        break;
> -
> -    case EXCP_VFIQ:
> -        if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
> -            /* VFIQs are only taken when hypervized and non-secure.  */
> -            return false;
> -        }
> -        return !(env->daif & PSTATE_F);
> -    case EXCP_VIRQ:
> -        if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
> -            /* VIRQs are only taken when hypervized and non-secure.  */
> -            return false;
> -        }
> -        return !(env->daif & PSTATE_I);
> -    default:
> -        g_assert_not_reached();
> -    }
> -
> -    /* Use the target EL, current execution state and SCR/HCR settings to
> -     * determine whether the corresponding CPSR bit is used to mask the
> -     * interrupt.
> -     */
> -    if ((target_el > cur_el) && (target_el != 1)) {
> -        /* Exceptions targeting a higher EL may not be maskable */
> -        if (arm_feature(env, ARM_FEATURE_AARCH64)) {
> -            /* 64-bit masking rules are simple: exceptions to EL3
> -             * can't be masked, and exceptions to EL2 can only be
> -             * masked from Secure state. The HCR and SCR settings
> -             * don't affect the masking logic, only the interrupt routing.
> -             */
> -            if (target_el == 3 || !secure) {
> -                unmasked = 1;
> -            }
> -        } else {
> -            /* The old 32-bit-only environment has a more complicated
> -             * masking setup. HCR and SCR bits not only affect interrupt
> -             * routing but also change the behaviour of masking.
> -             */
> -            bool hcr, scr;
> -
> -            switch (excp_idx) {
> -            case EXCP_FIQ:
> -                /* If FIQs are routed to EL3 or EL2 then there are cases where
> -                 * we override the CPSR.F in determining if the exception is
> -                 * masked or not. If neither of these are set then we fall back
> -                 * to the CPSR.F setting otherwise we further assess the state
> -                 * below.
> -                 */
> -                hcr = hcr_el2 & HCR_FMO;
> -                scr = (env->cp15.scr_el3 & SCR_FIQ);
> -
> -                /* When EL3 is 32-bit, the SCR.FW bit controls whether the
> -                 * CPSR.F bit masks FIQ interrupts when taken in non-secure
> -                 * state. If SCR.FW is set then FIQs can be masked by CPSR.F
> -                 * when non-secure but only when FIQs are only routed to EL3.
> -                 */
> -                scr = scr && !((env->cp15.scr_el3 & SCR_FW) && !hcr);
> -                break;
> -            case EXCP_IRQ:
> -                /* When EL3 execution state is 32-bit, if HCR.IMO is set then
> -                 * we may override the CPSR.I masking when in non-secure state.
> -                 * The SCR.IRQ setting has already been taken into consideration
> -                 * when setting the target EL, so it does not have a further
> -                 * affect here.
> -                 */
> -                hcr = hcr_el2 & HCR_IMO;
> -                scr = false;
> -                break;
> -            default:
> -                g_assert_not_reached();
> -            }
> -
> -            if ((scr || hcr) && !secure) {
> -                unmasked = 1;
> -            }
> -        }
> -    }
> -
> -    /* The PSTATE bits only mask the interrupt if we have not overriden the
> -     * ability above.
> -     */
> -    return unmasked || pstate_unmasked;
> -}
> -
>   #define ARM_CPU_TYPE_SUFFIX "-" TYPE_ARM_CPU
>   #define ARM_CPU_TYPE_NAME(name) (name ARM_CPU_TYPE_SUFFIX)
>   #define CPU_RESOLVING_TYPE TYPE_ARM_CPU
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 81c33221f7..a36344d4c7 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -410,6 +410,125 @@ static void arm_cpu_reset(CPUState *s)
>       arm_rebuild_hflags(env);
>   }
>   
> +static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
> +                                     unsigned int target_el)
> +{
> +    CPUARMState *env = cs->env_ptr;
> +    unsigned int cur_el = arm_current_el(env);
> +    bool secure = arm_is_secure(env);
> +    bool pstate_unmasked;
> +    int8_t unmasked = 0;
> +    uint64_t hcr_el2;
> +
> +    /*
> +     * Don't take exceptions if they target a lower EL.
> +     * This check should catch any exceptions that would not be taken
> +     * but left pending.
> +     */
> +    if (cur_el > target_el) {
> +        return false;
> +    }
> +
> +    hcr_el2 = arm_hcr_el2_eff(env);
> +
> +    switch (excp_idx) {
> +    case EXCP_FIQ:
> +        pstate_unmasked = !(env->daif & PSTATE_F);
> +        break;
> +
> +    case EXCP_IRQ:
> +        pstate_unmasked = !(env->daif & PSTATE_I);
> +        break;
> +
> +    case EXCP_VFIQ:
> +        if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
> +            /* VFIQs are only taken when hypervized and non-secure.  */
> +            return false;
> +        }
> +        return !(env->daif & PSTATE_F);
> +    case EXCP_VIRQ:
> +        if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
> +            /* VIRQs are only taken when hypervized and non-secure.  */
> +            return false;
> +        }
> +        return !(env->daif & PSTATE_I);
> +    default:
> +        g_assert_not_reached();
> +    }
> +
> +    /*
> +     * Use the target EL, current execution state and SCR/HCR settings to
> +     * determine whether the corresponding CPSR bit is used to mask the
> +     * interrupt.
> +     */
> +    if ((target_el > cur_el) && (target_el != 1)) {
> +        /* Exceptions targeting a higher EL may not be maskable */
> +        if (arm_feature(env, ARM_FEATURE_AARCH64)) {
> +            /*
> +             * 64-bit masking rules are simple: exceptions to EL3
> +             * can't be masked, and exceptions to EL2 can only be
> +             * masked from Secure state. The HCR and SCR settings
> +             * don't affect the masking logic, only the interrupt routing.
> +             */
> +            if (target_el == 3 || !secure) {
> +                unmasked = 1;
> +            }
> +        } else {
> +            /*
> +             * The old 32-bit-only environment has a more complicated
> +             * masking setup. HCR and SCR bits not only affect interrupt
> +             * routing but also change the behaviour of masking.
> +             */
> +            bool hcr, scr;
> +
> +            switch (excp_idx) {
> +            case EXCP_FIQ:
> +                /*
> +                 * If FIQs are routed to EL3 or EL2 then there are cases where
> +                 * we override the CPSR.F in determining if the exception is
> +                 * masked or not. If neither of these are set then we fall back
> +                 * to the CPSR.F setting otherwise we further assess the state
> +                 * below.
> +                 */
> +                hcr = hcr_el2 & HCR_FMO;
> +                scr = (env->cp15.scr_el3 & SCR_FIQ);
> +
> +                /*
> +                 * When EL3 is 32-bit, the SCR.FW bit controls whether the
> +                 * CPSR.F bit masks FIQ interrupts when taken in non-secure
> +                 * state. If SCR.FW is set then FIQs can be masked by CPSR.F
> +                 * when non-secure but only when FIQs are only routed to EL3.
> +                 */
> +                scr = scr && !((env->cp15.scr_el3 & SCR_FW) && !hcr);
> +                break;
> +            case EXCP_IRQ:
> +                /*
> +                 * When EL3 execution state is 32-bit, if HCR.IMO is set then
> +                 * we may override the CPSR.I masking when in non-secure state.
> +                 * The SCR.IRQ setting has already been taken into consideration
> +                 * when setting the target EL, so it does not have a further
> +                 * affect here.
> +                 */
> +                hcr = hcr_el2 & HCR_IMO;
> +                scr = false;
> +                break;
> +            default:
> +                g_assert_not_reached();
> +            }
> +
> +            if ((scr || hcr) && !secure) {
> +                unmasked = 1;
> +            }
> +        }
> +    }
> +
> +    /*
> +     * The PSTATE bits only mask the interrupt if we have not overriden the
> +     * ability above.
> +     */
> +    return unmasked || pstate_unmasked;
> +}
> +
>   bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>   {
>       CPUClass *cc = CPU_GET_CLASS(cs);
> 



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked
  2019-12-03  2:29 ` [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked Richard Henderson
@ 2019-12-03  6:29   ` Philippe Mathieu-Daudé
  0 siblings, 0 replies; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-03  6:29 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> Avoid redundant computation of cpu state by passing it in
> from the caller, which has already computed it for itself.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   target/arm/cpu.c | 22 ++++++++++++----------
>   1 file changed, 12 insertions(+), 10 deletions(-)
> 
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index a36344d4c7..7a1177b883 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -411,14 +411,13 @@ static void arm_cpu_reset(CPUState *s)
>   }
>   
>   static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
> -                                     unsigned int target_el)
> +                                     unsigned int target_el,
> +                                     unsigned int cur_el, bool secure,
> +                                     uint64_t hcr_el2)
>   {
>       CPUARMState *env = cs->env_ptr;
> -    unsigned int cur_el = arm_current_el(env);
> -    bool secure = arm_is_secure(env);
>       bool pstate_unmasked;
>       int8_t unmasked = 0;
> -    uint64_t hcr_el2;
>   
>       /*
>        * Don't take exceptions if they target a lower EL.
> @@ -429,8 +428,6 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>           return false;
>       }
>   
> -    hcr_el2 = arm_hcr_el2_eff(env);
> -
>       switch (excp_idx) {
>       case EXCP_FIQ:
>           pstate_unmasked = !(env->daif & PSTATE_F);
> @@ -535,6 +532,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>       CPUARMState *env = cs->env_ptr;
>       uint32_t cur_el = arm_current_el(env);
>       bool secure = arm_is_secure(env);
> +    uint64_t hcr_el2 = arm_hcr_el2_eff(env);
>       uint32_t target_el;
>       uint32_t excp_idx;
>       bool ret = false;
> @@ -542,7 +540,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>       if (interrupt_request & CPU_INTERRUPT_FIQ) {
>           excp_idx = EXCP_FIQ;
>           target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
> -        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
> +        if (arm_excp_unmasked(cs, excp_idx, target_el,
> +                              cur_el, secure, hcr_el2)) {
>               cs->exception_index = excp_idx;
>               env->exception.target_el = target_el;
>               cc->do_interrupt(cs);
> @@ -552,7 +551,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>       if (interrupt_request & CPU_INTERRUPT_HARD) {
>           excp_idx = EXCP_IRQ;
>           target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
> -        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
> +        if (arm_excp_unmasked(cs, excp_idx, target_el,
> +                              cur_el, secure, hcr_el2)) {
>               cs->exception_index = excp_idx;
>               env->exception.target_el = target_el;
>               cc->do_interrupt(cs);
> @@ -562,7 +562,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>       if (interrupt_request & CPU_INTERRUPT_VIRQ) {
>           excp_idx = EXCP_VIRQ;
>           target_el = 1;
> -        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
> +        if (arm_excp_unmasked(cs, excp_idx, target_el,
> +                              cur_el, secure, hcr_el2)) {
>               cs->exception_index = excp_idx;
>               env->exception.target_el = target_el;
>               cc->do_interrupt(cs);
> @@ -572,7 +573,8 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>       if (interrupt_request & CPU_INTERRUPT_VFIQ) {
>           excp_idx = EXCP_VFIQ;
>           target_el = 1;
> -        if (arm_excp_unmasked(cs, excp_idx, target_el)) {
> +        if (arm_excp_unmasked(cs, excp_idx, target_el,
> +                              cur_el, secure, hcr_el2)) {
>               cs->exception_index = excp_idx;
>               env->exception.target_el = target_el;
>               cc->do_interrupt(cs);
> 



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked
  2019-12-03  2:29 ` [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked Richard Henderson
@ 2019-12-03  6:30   ` Philippe Mathieu-Daudé
  0 siblings, 0 replies; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-03  6:30 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> The value computed is fully boolean; using int8_t is odd.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   target/arm/cpu.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 7a1177b883..a366448c6d 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -417,7 +417,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>   {
>       CPUARMState *env = cs->env_ptr;
>       bool pstate_unmasked;
> -    int8_t unmasked = 0;
> +    bool unmasked = false;
>   
>       /*
>        * Don't take exceptions if they target a lower EL.
> @@ -468,7 +468,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>                * don't affect the masking logic, only the interrupt routing.
>                */
>               if (target_el == 3 || !secure) {
> -                unmasked = 1;
> +                unmasked = true;
>               }
>           } else {
>               /*
> @@ -514,7 +514,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>               }
>   
>               if ((scr || hcr) && !secure) {
> -                unmasked = 1;
> +                unmasked = true;
>               }
>           }
>       }
> 



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask
  2019-12-03  6:25   ` Philippe Mathieu-Daudé
@ 2019-12-03 22:01     ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-03 22:01 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/2/19 10:25 PM, Philippe Mathieu-Daudé wrote:
> On 12/3/19 3:29 AM, Richard Henderson wrote:
>> No functional change, but unify code sequences.
>>
>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> 
> Easier to review in 2 patches: vae1_tlbmask first, then vmalle1_tlbmask.

Ok, done.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  2019-12-03  2:29 ` [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_* Richard Henderson
@ 2019-12-04 10:38   ` Alex Bennée
  2019-12-06 15:45   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 10:38 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> This is part of a reorganization to the set of mmu_idx.
> This emphasizes that they apply to the EL1&0 regime.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h           |  8 ++++----
>  target/arm/internals.h     |  4 ++--
>  target/arm/helper.c        | 40 +++++++++++++++++++-------------------
>  target/arm/translate-a64.c |  4 ++--
>  target/arm/translate.c     |  6 +++---
>  5 files changed, 31 insertions(+), 31 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 9729e62d2c..802cddd2df 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2864,8 +2864,8 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>  #define ARM_MMU_IDX_COREIDX_MASK 0x7
>  
>  typedef enum ARMMMUIdx {
> -    ARMMMUIdx_S12NSE0 = 0 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S12NSE1 = 1 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
> @@ -2890,8 +2890,8 @@ typedef enum ARMMMUIdx {
>   * for use when calling tlb_flush_by_mmuidx() and friends.
>   */
>  typedef enum ARMMMUIdxBit {
> -    ARMMMUIdxBit_S12NSE0 = 1 << 0,
> -    ARMMMUIdxBit_S12NSE1 = 1 << 1,
> +    ARMMMUIdxBit_EL10_0 = 1 << 0,
> +    ARMMMUIdxBit_EL10_1 = 1 << 1,
>      ARMMMUIdxBit_S1E2 = 1 << 2,
>      ARMMMUIdxBit_S1E3 = 1 << 3,
>      ARMMMUIdxBit_S1SE0 = 1 << 4,
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index f5313dd3d4..54142dd789 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -808,8 +808,8 @@ static inline void arm_call_el_change_hook(ARMCPU *cpu)
>  static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
> -    case ARMMMUIdx_S12NSE0:
> -    case ARMMMUIdx_S12NSE1:
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL10_1:
>      case ARMMMUIdx_S1NSE0:
>      case ARMMMUIdx_S1NSE1:
>      case ARMMMUIdx_S1E2:
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 6c09cda4ea..d2b90763ca 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -670,8 +670,8 @@ static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      CPUState *cs = env_cpu(env);
>  
>      tlb_flush_by_mmuidx(cs,
> -                        ARMMMUIdxBit_S12NSE1 |
> -                        ARMMMUIdxBit_S12NSE0 |
> +                        ARMMMUIdxBit_EL10_1 |
> +                        ARMMMUIdxBit_EL10_0 |
>                          ARMMMUIdxBit_S2NS);
>  }
>  
> @@ -681,8 +681,8 @@ static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      CPUState *cs = env_cpu(env);
>  
>      tlb_flush_by_mmuidx_all_cpus_synced(cs,
> -                                        ARMMMUIdxBit_S12NSE1 |
> -                                        ARMMMUIdxBit_S12NSE0 |
> +                                        ARMMMUIdxBit_EL10_1 |
> +                                        ARMMMUIdxBit_EL10_0 |
>                                          ARMMMUIdxBit_S2NS);
>  }
>  
> @@ -3068,7 +3068,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
>          format64 = arm_s1_regime_using_lpae_format(env, mmu_idx);
>  
>          if (arm_feature(env, ARM_FEATURE_EL2)) {
> -            if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
> +            if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
>                  format64 |= env->cp15.hcr_el2 & (HCR_VM | HCR_DC);
>              } else {
>                  format64 |= arm_current_el(env) == 2;
> @@ -3167,11 +3167,11 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>          break;
>      case 4:
>          /* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
> -        mmu_idx = ARMMMUIdx_S12NSE1;
> +        mmu_idx = ARMMMUIdx_EL10_1;
>          break;
>      case 6:
>          /* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
> -        mmu_idx = ARMMMUIdx_S12NSE0;
> +        mmu_idx = ARMMMUIdx_EL10_0;
>          break;
>      default:
>          g_assert_not_reached();
> @@ -3229,10 +3229,10 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
>          mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S1NSE0;
>          break;
>      case 4: /* AT S12E1R, AT S12E1W */
> -        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_S12NSE1;
> +        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_EL10_1;
>          break;
>      case 6: /* AT S12E0R, AT S12E0W */
> -        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_S12NSE0;
> +        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_EL10_0;
>          break;
>      default:
>          g_assert_not_reached();
> @@ -3531,8 +3531,8 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      /* Accesses to VTTBR may change the VMID so we must flush the TLB.  */
>      if (raw_read(env, ri) != value) {
>          tlb_flush_by_mmuidx(cs,
> -                            ARMMMUIdxBit_S12NSE1 |
> -                            ARMMMUIdxBit_S12NSE0 |
> +                            ARMMMUIdxBit_EL10_1 |
> +                            ARMMMUIdxBit_EL10_0 |
>                              ARMMMUIdxBit_S2NS);
>          raw_write(env, ri, value);
>      }
> @@ -3893,7 +3893,7 @@ static int vae1_tlbmask(CPUARMState *env)
>      if (arm_is_secure_below_el3(env)) {
>          return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
>      } else {
> -        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
> +        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
>      }
>  }
>  
> @@ -3929,9 +3929,9 @@ static int vmalle1_tlbmask(CPUARMState *env)
>      if (arm_is_secure_below_el3(env)) {
>          return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
>      } else if (arm_feature(env, ARM_FEATURE_EL2)) {
> -        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0 | ARMMMUIdxBit_S2NS;
> +        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_S2NS;
>      } else {
> -        return ARMMMUIdxBit_S12NSE1 | ARMMMUIdxBit_S12NSE0;
> +        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
>      }
>  }
>  
> @@ -8671,8 +8671,8 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
>   */
>  static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
>  {
> -    if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
> -        mmu_idx += (ARMMMUIdx_S1NSE0 - ARMMMUIdx_S12NSE0);
> +    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
> +        mmu_idx += (ARMMMUIdx_S1NSE0 - ARMMMUIdx_EL10_0);
>      }
>      return mmu_idx;
>  }
> @@ -8715,8 +8715,8 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
>          return true;
>      default:
>          return false;
> -    case ARMMMUIdx_S12NSE0:
> -    case ARMMMUIdx_S12NSE1:
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL10_1:
>          g_assert_not_reached();
>      }
>  }
> @@ -10620,7 +10620,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
>                     target_ulong *page_size,
>                     ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
>  {
> -    if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
> +    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
>          /* Call ourselves recursively to do the stage 1 and then stage 2
>           * translations.
>           */
> @@ -11148,7 +11148,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
>      if (el < 2 && arm_is_secure_below_el3(env)) {
>          return ARMMMUIdx_S1SE0 + el;
>      } else {
> -        return ARMMMUIdx_S12NSE0 + el;
> +        return ARMMMUIdx_EL10_0 + el;
>      }
>  }
>  
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index d4bebbe629..2703ebf32a 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -113,8 +113,8 @@ static inline int get_a64_user_mem_index(DisasContext *s)
>      ARMMMUIdx useridx;
>  
>      switch (s->mmu_idx) {
> -    case ARMMMUIdx_S12NSE1:
> -        useridx = ARMMMUIdx_S12NSE0;
> +    case ARMMMUIdx_EL10_1:
> +        useridx = ARMMMUIdx_EL10_0;
>          break;
>      case ARMMMUIdx_S1SE1:
>          useridx = ARMMMUIdx_S1SE0;
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 4d5d4bd888..e3deea50e0 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -153,9 +153,9 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>       */
>      switch (s->mmu_idx) {
>      case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
> -    case ARMMMUIdx_S12NSE0:
> -    case ARMMMUIdx_S12NSE1:
> -        return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL10_1:
> +        return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
>      case ARMMMUIdx_S1E3:
>      case ARMMMUIdx_S1SE0:
>      case ARMMMUIdx_S1SE1:


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2
  2019-12-03  2:29 ` [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2 Richard Henderson
@ 2019-12-04 10:40   ` Alex Bennée
  2019-12-06 15:46   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 10:40 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> The EL1&0 regime is the only one that uses 2-stage translation.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h           |  4 +--
>  target/arm/internals.h     |  2 +-
>  target/arm/helper.c        | 57 ++++++++++++++++++++------------------
>  target/arm/translate-a64.c |  2 +-
>  target/arm/translate.c     |  2 +-
>  5 files changed, 35 insertions(+), 32 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 802cddd2df..fdb868f2e9 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2870,7 +2870,7 @@ typedef enum ARMMMUIdx {
>      ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1SE1 = 5 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S2NS = 6 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
>      ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
>      ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
>      ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
> @@ -2896,7 +2896,7 @@ typedef enum ARMMMUIdxBit {
>      ARMMMUIdxBit_S1E3 = 1 << 3,
>      ARMMMUIdxBit_S1SE0 = 1 << 4,
>      ARMMMUIdxBit_S1SE1 = 1 << 5,
> -    ARMMMUIdxBit_S2NS = 1 << 6,
> +    ARMMMUIdxBit_Stage2 = 1 << 6,
>      ARMMMUIdxBit_MUser = 1 << 0,
>      ARMMMUIdxBit_MPriv = 1 << 1,
>      ARMMMUIdxBit_MUserNegPri = 1 << 2,
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 54142dd789..ca8be78bbf 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -813,7 +813,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_S1NSE0:
>      case ARMMMUIdx_S1NSE1:
>      case ARMMMUIdx_S1E2:
> -    case ARMMMUIdx_S2NS:
> +    case ARMMMUIdx_Stage2:
>      case ARMMMUIdx_MPrivNegPri:
>      case ARMMMUIdx_MUserNegPri:
>      case ARMMMUIdx_MPriv:
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index d2b90763ca..97677f8482 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -672,7 +672,7 @@ static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      tlb_flush_by_mmuidx(cs,
>                          ARMMMUIdxBit_EL10_1 |
>                          ARMMMUIdxBit_EL10_0 |
> -                        ARMMMUIdxBit_S2NS);
> +                        ARMMMUIdxBit_Stage2);
>  }
>  
>  static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -683,7 +683,7 @@ static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      tlb_flush_by_mmuidx_all_cpus_synced(cs,
>                                          ARMMMUIdxBit_EL10_1 |
>                                          ARMMMUIdxBit_EL10_0 |
> -                                        ARMMMUIdxBit_S2NS);
> +                                        ARMMMUIdxBit_Stage2);
>  }
>  
>  static void tlbiipas2_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -704,7 +704,7 @@ static void tlbiipas2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  
>      pageaddr = sextract64(value << 12, 0, 40);
>  
> -    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S2NS);
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_Stage2);
>  }
>  
>  static void tlbiipas2_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -720,7 +720,7 @@ static void tlbiipas2_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      pageaddr = sextract64(value << 12, 0, 40);
>  
>      tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                             ARMMMUIdxBit_S2NS);
> +                                             ARMMMUIdxBit_Stage2);
>  }
>  
>  static void tlbiall_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -3528,12 +3528,15 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      ARMCPU *cpu = env_archcpu(env);
>      CPUState *cs = CPU(cpu);
>  
> -    /* Accesses to VTTBR may change the VMID so we must flush the TLB.  */
> +    /*
> +     * A change in VMID to the stage2 page table (Stage2) invalidates
> +     * the combined stage 1&2 tlbs (EL10_1 and EL10_0).
> +     */
>      if (raw_read(env, ri) != value) {
>          tlb_flush_by_mmuidx(cs,
>                              ARMMMUIdxBit_EL10_1 |
>                              ARMMMUIdxBit_EL10_0 |
> -                            ARMMMUIdxBit_S2NS);
> +                            ARMMMUIdxBit_Stage2);
>          raw_write(env, ri, value);
>      }
>  }
> @@ -3929,7 +3932,7 @@ static int vmalle1_tlbmask(CPUARMState *env)
>      if (arm_is_secure_below_el3(env)) {
>          return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
>      } else if (arm_feature(env, ARM_FEATURE_EL2)) {
> -        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_S2NS;
> +        return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
>      } else {
>          return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
>      }
> @@ -4083,7 +4086,7 @@ static void tlbi_aa64_ipas2e1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  
>      pageaddr = sextract64(value << 12, 0, 48);
>  
> -    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S2NS);
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_Stage2);
>  }
>  
>  static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4099,7 +4102,7 @@ static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      pageaddr = sextract64(value << 12, 0, 48);
>  
>      tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                             ARMMMUIdxBit_S2NS);
> +                                             ARMMMUIdxBit_Stage2);
>  }
>  
>  static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -8560,7 +8563,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
>  static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
> -    case ARMMMUIdx_S2NS:
> +    case ARMMMUIdx_Stage2:
>      case ARMMMUIdx_S1E2:
>          return 2;
>      case ARMMMUIdx_S1E3:
> @@ -8614,7 +8617,7 @@ static inline bool regime_translation_disabled(CPUARMState *env,
>          }
>      }
>  
> -    if (mmu_idx == ARMMMUIdx_S2NS) {
> +    if (mmu_idx == ARMMMUIdx_Stage2) {
>          /* HCR.DC means HCR.VM behaves as 1 */
>          return (env->cp15.hcr_el2 & (HCR_DC | HCR_VM)) == 0;
>      }
> @@ -8645,7 +8648,7 @@ static inline bool regime_translation_big_endian(CPUARMState *env,
>  static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx,
>                                     int ttbrn)
>  {
> -    if (mmu_idx == ARMMMUIdx_S2NS) {
> +    if (mmu_idx == ARMMMUIdx_Stage2) {
>          return env->cp15.vttbr_el2;
>      }
>      if (ttbrn == 0) {
> @@ -8660,7 +8663,7 @@ static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx,
>  /* Return the TCR controlling this translation regime */
>  static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
> -    if (mmu_idx == ARMMMUIdx_S2NS) {
> +    if (mmu_idx == ARMMMUIdx_Stage2) {
>          return &env->cp15.vtcr_el2;
>      }
>      return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
> @@ -8847,7 +8850,7 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
>      bool have_wxn;
>      int wxn = 0;
>  
> -    assert(mmu_idx != ARMMMUIdx_S2NS);
> +    assert(mmu_idx != ARMMMUIdx_Stage2);
>  
>      user_rw = simple_ap_to_rw_prot_is_user(ap, true);
>      if (is_user) {
> @@ -8939,7 +8942,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
>                                 ARMMMUFaultInfo *fi)
>  {
>      if ((mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1) &&
> -        !regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
> +        !regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
>          target_ulong s2size;
>          hwaddr s2pa;
>          int s2prot;
> @@ -8956,7 +8959,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
>              pcacheattrs = &cacheattrs;
>          }
>  
> -        ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
> +        ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_Stage2, &s2pa,
>                                   &txattrs, &s2prot, &s2size, fi, pcacheattrs);
>          if (ret) {
>              assert(fi->type != ARMFault_None);
> @@ -9428,7 +9431,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
>          tsz = extract32(tcr, 0, 6);
>          using64k = extract32(tcr, 14, 1);
>          using16k = extract32(tcr, 15, 1);
> -        if (mmu_idx == ARMMMUIdx_S2NS) {
> +        if (mmu_idx == ARMMMUIdx_Stage2) {
>              /* VTCR_EL2 */
>              tbi = tbid = hpd = false;
>          } else {
> @@ -9489,7 +9492,7 @@ static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va,
>      int select, tsz;
>      bool epd, hpd;
>  
> -    if (mmu_idx == ARMMMUIdx_S2NS) {
> +    if (mmu_idx == ARMMMUIdx_Stage2) {
>          /* VTCR */
>          bool sext = extract32(tcr, 4, 1);
>          bool sign = extract32(tcr, 3, 1);
> @@ -9591,7 +9594,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>          level = 1;
>          /* There is no TTBR1 for EL2 */
>          ttbr1_valid = (el != 2);
> -        addrsize = (mmu_idx == ARMMMUIdx_S2NS ? 40 : 32);
> +        addrsize = (mmu_idx == ARMMMUIdx_Stage2 ? 40 : 32);
>          inputsize = addrsize - param.tsz;
>      }
>  
> @@ -9642,7 +9645,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>          goto do_fault;
>      }
>  
> -    if (mmu_idx != ARMMMUIdx_S2NS) {
> +    if (mmu_idx != ARMMMUIdx_Stage2) {
>          /* The starting level depends on the virtual address size (which can
>           * be up to 48 bits) and the translation granule size. It indicates
>           * the number of strides (stride bits at a time) needed to
> @@ -9742,7 +9745,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>          attrs = extract64(descriptor, 2, 10)
>              | (extract64(descriptor, 52, 12) << 10);
>  
> -        if (mmu_idx == ARMMMUIdx_S2NS) {
> +        if (mmu_idx == ARMMMUIdx_Stage2) {
>              /* Stage 2 table descriptors do not include any attribute fields */
>              break;
>          }
> @@ -9773,7 +9776,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>      ap = extract32(attrs, 4, 2);
>      xn = extract32(attrs, 12, 1);
>  
> -    if (mmu_idx == ARMMMUIdx_S2NS) {
> +    if (mmu_idx == ARMMMUIdx_Stage2) {
>          ns = true;
>          *prot = get_S2prot(env, ap, xn);
>      } else {
> @@ -9800,7 +9803,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>      }
>  
>      if (cacheattrs != NULL) {
> -        if (mmu_idx == ARMMMUIdx_S2NS) {
> +        if (mmu_idx == ARMMMUIdx_Stage2) {
>              cacheattrs->attrs = convert_stage2_attrs(env,
>                                                       extract32(attrs, 0, 4));
>          } else {
> @@ -9821,7 +9824,7 @@ do_fault:
>      fi->type = fault_type;
>      fi->level = level;
>      /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2.  */
> -    fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_S2NS);
> +    fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2);
>      return true;
>  }
>  
> @@ -10635,13 +10638,13 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
>                                  prot, page_size, fi, cacheattrs);
>  
>              /* If S1 fails or S2 is disabled, return early.  */
> -            if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
> +            if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) {
>                  *phys_ptr = ipa;
>                  return ret;
>              }
>  
>              /* S1 is done. Now do S2 translation.  */
> -            ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS,
> +            ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_Stage2,
>                                       phys_ptr, attrs, &s2_prot,
>                                       page_size, fi,
>                                       cacheattrs != NULL ? &cacheattrs2 : NULL);
> @@ -10683,7 +10686,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
>      /* Fast Context Switch Extension. This doesn't exist at all in v8.
>       * In v7 and earlier it affects all stage 1 translations.
>       */
> -    if (address < 0x02000000 && mmu_idx != ARMMMUIdx_S2NS
> +    if (address < 0x02000000 && mmu_idx != ARMMMUIdx_Stage2
>          && !arm_feature(env, ARM_FEATURE_V8)) {
>          if (regime_el(env, mmu_idx) == 3) {
>              address += env->cp15.fcseidr_s;
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 2703ebf32a..3a39315a6c 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -119,7 +119,7 @@ static inline int get_a64_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_S1SE1:
>          useridx = ARMMMUIdx_S1SE0;
>          break;
> -    case ARMMMUIdx_S2NS:
> +    case ARMMMUIdx_Stage2:
>          g_assert_not_reached();
>      default:
>          useridx = s->mmu_idx;
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index e3deea50e0..1716bbb615 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -172,7 +172,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_MSUserNegPri:
>      case ARMMMUIdx_MSPrivNegPri:
>          return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
> -    case ARMMMUIdx_S2NS:
> +    case ARMMMUIdx_Stage2:
>      default:
>          g_assert_not_reached();
>      }


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E*
  2019-12-03  2:29 ` [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E* Richard Henderson
@ 2019-12-04 11:00   ` Alex Bennée
  2019-12-06 15:47   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:00 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> This is part of a reorganization to the set of mmu_idx.
> The EL1&0 regime is the only one that uses 2-stage translation.
> Spelling out Stage avoids confusion with Secure.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
<snip>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 97677f8482..a34accec20 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -2992,7 +2992,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
>          bool take_exc = false;
>  
>          if (fi.s1ptw && current_el == 1 && !arm_is_secure(env)
> -            && (mmu_idx == ARMMMUIdx_S1NSE1 || mmu_idx == ARMMMUIdx_S1NSE0)) {
> +            && (mmu_idx == ARMMMUIdx_Stage1_E1
> +                || mmu_idx == ARMMMUIdx_Stage1_E0)) {

Personal nit: I think ||\nfoo == scans more nicely as it lines up but
maybe that's just me.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE*
  2019-12-03  2:29 ` [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE* Richard Henderson
@ 2019-12-04 11:01   ` Alex Bennée
  2019-12-06 15:47   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:01 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> This is part of a reorganization to the set of mmu_idx.
> The Secure regimes all have a single stage translation;
> there is no point in pointing out that the idx is for stage1.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h           |  8 ++++----
>  target/arm/internals.h     |  4 ++--
>  target/arm/translate.h     |  2 +-
>  target/arm/helper.c        | 26 +++++++++++++-------------
>  target/arm/translate-a64.c |  4 ++--
>  target/arm/translate.c     |  6 +++---
>  6 files changed, 25 insertions(+), 25 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 0714c52176..e8ee316e05 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2868,8 +2868,8 @@ typedef enum ARMMMUIdx {
>      ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S1SE1 = 5 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
>      ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
>      ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
>      ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
> @@ -2894,8 +2894,8 @@ typedef enum ARMMMUIdxBit {
>      ARMMMUIdxBit_EL10_1 = 1 << 1,
>      ARMMMUIdxBit_S1E2 = 1 << 2,
>      ARMMMUIdxBit_S1E3 = 1 << 3,
> -    ARMMMUIdxBit_S1SE0 = 1 << 4,
> -    ARMMMUIdxBit_S1SE1 = 1 << 5,
> +    ARMMMUIdxBit_SE0 = 1 << 4,
> +    ARMMMUIdxBit_SE1 = 1 << 5,
>      ARMMMUIdxBit_Stage2 = 1 << 6,
>      ARMMMUIdxBit_MUser = 1 << 0,
>      ARMMMUIdxBit_MPriv = 1 << 1,
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 3fd1518f3b..3600bf9122 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -820,8 +820,8 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_MUser:
>          return false;
>      case ARMMMUIdx_S1E3:
> -    case ARMMMUIdx_S1SE0:
> -    case ARMMMUIdx_S1SE1:
> +    case ARMMMUIdx_SE0:
> +    case ARMMMUIdx_SE1:
>      case ARMMMUIdx_MSPrivNegPri:
>      case ARMMMUIdx_MSUserNegPri:
>      case ARMMMUIdx_MSPriv:
> diff --git a/target/arm/translate.h b/target/arm/translate.h
> index dd24f91f26..3760159661 100644
> --- a/target/arm/translate.h
> +++ b/target/arm/translate.h
> @@ -124,7 +124,7 @@ static inline int default_exception_el(DisasContext *s)
>       * exceptions can only be routed to ELs above 1, so we target the higher of
>       * 1 or the current EL.
>       */
> -    return (s->mmu_idx == ARMMMUIdx_S1SE0 && s->secure_routed_to_el3)
> +    return (s->mmu_idx == ARMMMUIdx_SE0 && s->secure_routed_to_el3)
>              ? 3 : MAX(1, s->current_el);
>  }
>  
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index a34accec20..377825431a 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3144,7 +3144,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>              mmu_idx = ARMMMUIdx_Stage1_E1;
>              break;
>          case 1:
> -            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
> +            mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
>              break;
>          default:
>              g_assert_not_reached();
> @@ -3154,13 +3154,13 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>          /* stage 1 current state PL0: ATS1CUR, ATS1CUW */
>          switch (el) {
>          case 3:
> -            mmu_idx = ARMMMUIdx_S1SE0;
> +            mmu_idx = ARMMMUIdx_SE0;
>              break;
>          case 2:
>              mmu_idx = ARMMMUIdx_Stage1_E0;
>              break;
>          case 1:
> -            mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
> +            mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_Stage1_E0;
>              break;
>          default:
>              g_assert_not_reached();
> @@ -3214,7 +3214,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
>      case 0:
>          switch (ri->opc1) {
>          case 0: /* AT S1E1R, AT S1E1W */
> -            mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_Stage1_E1;
> +            mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
>              break;
>          case 4: /* AT S1E2R, AT S1E2W */
>              mmu_idx = ARMMMUIdx_S1E2;
> @@ -3227,13 +3227,13 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
>          }
>          break;
>      case 2: /* AT S1E0R, AT S1E0W */
> -        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_Stage1_E0;
> +        mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_Stage1_E0;
>          break;
>      case 4: /* AT S12E1R, AT S12E1W */
> -        mmu_idx = secure ? ARMMMUIdx_S1SE1 : ARMMMUIdx_EL10_1;
> +        mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_EL10_1;
>          break;
>      case 6: /* AT S12E0R, AT S12E0W */
> -        mmu_idx = secure ? ARMMMUIdx_S1SE0 : ARMMMUIdx_EL10_0;
> +        mmu_idx = secure ? ARMMMUIdx_SE0 : ARMMMUIdx_EL10_0;
>          break;
>      default:
>          g_assert_not_reached();
> @@ -3895,7 +3895,7 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
>  static int vae1_tlbmask(CPUARMState *env)
>  {
>      if (arm_is_secure_below_el3(env)) {
> -        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
> +        return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
>      } else {
>          return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
>      }
> @@ -3931,7 +3931,7 @@ static int vmalle1_tlbmask(CPUARMState *env)
>       * stage 1 translations.
>       */
>      if (arm_is_secure_below_el3(env)) {
> -        return ARMMMUIdxBit_S1SE1 | ARMMMUIdxBit_S1SE0;
> +        return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
>      } else if (arm_feature(env, ARM_FEATURE_EL2)) {
>          return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
>      } else {
> @@ -8569,9 +8569,9 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>          return 2;
>      case ARMMMUIdx_S1E3:
>          return 3;
> -    case ARMMMUIdx_S1SE0:
> +    case ARMMMUIdx_SE0:
>          return arm_el_is_aa64(env, 3) ? 1 : 3;
> -    case ARMMMUIdx_S1SE1:
> +    case ARMMMUIdx_SE1:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_Stage1_E1:
>      case ARMMMUIdx_MPrivNegPri:
> @@ -8710,7 +8710,7 @@ bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx)
>  static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
> -    case ARMMMUIdx_S1SE0:
> +    case ARMMMUIdx_SE0:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_MUser:
>      case ARMMMUIdx_MSUser:
> @@ -11150,7 +11150,7 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
>      }
>  
>      if (el < 2 && arm_is_secure_below_el3(env)) {
> -        return ARMMMUIdx_S1SE0 + el;
> +        return ARMMMUIdx_SE0 + el;
>      } else {
>          return ARMMMUIdx_EL10_0 + el;
>      }
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 3a39315a6c..885c99f0c9 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -116,8 +116,8 @@ static inline int get_a64_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_EL10_1:
>          useridx = ARMMMUIdx_EL10_0;
>          break;
> -    case ARMMMUIdx_S1SE1:
> -        useridx = ARMMMUIdx_S1SE0;
> +    case ARMMMUIdx_SE1:
> +        useridx = ARMMMUIdx_SE0;
>          break;
>      case ARMMMUIdx_Stage2:
>          g_assert_not_reached();
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 1716bbb615..787e34f258 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -157,9 +157,9 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_EL10_1:
>          return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
>      case ARMMMUIdx_S1E3:
> -    case ARMMMUIdx_S1SE0:
> -    case ARMMMUIdx_S1SE1:
> -        return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
> +    case ARMMMUIdx_SE0:
> +    case ARMMMUIdx_SE1:
> +        return arm_to_core_mmu_idx(ARMMMUIdx_SE0);
>      case ARMMMUIdx_MUser:
>      case ARMMMUIdx_MPriv:
>          return arm_to_core_mmu_idx(ARMMMUIdx_MUser);


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3
  2019-12-03  2:29 ` [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3 Richard Henderson
@ 2019-12-04 11:02   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:02 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> This is part of a reorganization to the set of mmu_idx.
> The EL3 regime only has a single stage translation, and
> is always secure.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h       |  4 ++--
>  target/arm/internals.h |  2 +-
>  target/arm/helper.c    | 14 +++++++-------
>  target/arm/translate.c |  2 +-
>  4 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index e8ee316e05..f307de561a 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2867,7 +2867,7 @@ typedef enum ARMMMUIdx {
>      ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
>      ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
>      ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S1E3 = 3 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
>      ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
>      ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
>      ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
> @@ -2893,7 +2893,7 @@ typedef enum ARMMMUIdxBit {
>      ARMMMUIdxBit_EL10_0 = 1 << 0,
>      ARMMMUIdxBit_EL10_1 = 1 << 1,
>      ARMMMUIdxBit_S1E2 = 1 << 2,
> -    ARMMMUIdxBit_S1E3 = 1 << 3,
> +    ARMMMUIdxBit_SE3 = 1 << 3,
>      ARMMMUIdxBit_SE0 = 1 << 4,
>      ARMMMUIdxBit_SE1 = 1 << 5,
>      ARMMMUIdxBit_Stage2 = 1 << 6,
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 3600bf9122..50d258b0e1 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -819,7 +819,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_MPriv:
>      case ARMMMUIdx_MUser:
>          return false;
> -    case ARMMMUIdx_S1E3:
> +    case ARMMMUIdx_SE3:
>      case ARMMMUIdx_SE0:
>      case ARMMMUIdx_SE1:
>      case ARMMMUIdx_MSPrivNegPri:
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 377825431a..98d00b4549 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3138,7 +3138,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>          /* stage 1 current state PL1: ATS1CPR, ATS1CPW */
>          switch (el) {
>          case 3:
> -            mmu_idx = ARMMMUIdx_S1E3;
> +            mmu_idx = ARMMMUIdx_SE3;
>              break;
>          case 2:
>              mmu_idx = ARMMMUIdx_Stage1_E1;
> @@ -3220,7 +3220,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
>              mmu_idx = ARMMMUIdx_S1E2;
>              break;
>          case 6: /* AT S1E3R, AT S1E3W */
> -            mmu_idx = ARMMMUIdx_S1E3;
> +            mmu_idx = ARMMMUIdx_SE3;
>              break;
>          default:
>              g_assert_not_reached();
> @@ -3963,7 +3963,7 @@ static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      ARMCPU *cpu = env_archcpu(env);
>      CPUState *cs = CPU(cpu);
>  
> -    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E3);
> +    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_SE3);
>  }
>  
>  static void tlbi_aa64_alle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -3988,7 +3988,7 @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  {
>      CPUState *cs = env_cpu(env);
>  
> -    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E3);
> +    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_SE3);
>  }
>  
>  static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4016,7 +4016,7 @@ static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      CPUState *cs = CPU(cpu);
>      uint64_t pageaddr = sextract64(value << 12, 0, 56);
>  
> -    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E3);
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_SE3);
>  }
>  
>  static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4065,7 +4065,7 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      uint64_t pageaddr = sextract64(value << 12, 0, 56);
>  
>      tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                             ARMMMUIdxBit_S1E3);
> +                                             ARMMMUIdxBit_SE3);
>  }
>  
>  static void tlbi_aa64_ipas2e1_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -8567,7 +8567,7 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_Stage2:
>      case ARMMMUIdx_S1E2:
>          return 2;
> -    case ARMMMUIdx_S1E3:
> +    case ARMMMUIdx_SE3:
>          return 3;
>      case ARMMMUIdx_SE0:
>          return arm_el_is_aa64(env, 3) ? 1 : 3;
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 787e34f258..6cf2fe2806 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -156,7 +156,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_EL10_0:
>      case ARMMMUIdx_EL10_1:
>          return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);
> -    case ARMMMUIdx_S1E3:
> +    case ARMMMUIdx_SE3:
>      case ARMMMUIdx_SE0:
>      case ARMMMUIdx_SE1:
>          return arm_to_core_mmu_idx(ARMMMUIdx_SE0);


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2
  2019-12-03  2:29 ` [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2 Richard Henderson
@ 2019-12-04 11:03   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:03 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> This is part of a reorganization to the set of mmu_idx.
> The non-secure EL2 regime only has a single stage translation;
> there is no point in pointing out that the idx is for stage1.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h       |  4 ++--
>  target/arm/internals.h |  2 +-
>  target/arm/helper.c    | 22 +++++++++++-----------
>  target/arm/translate.c |  2 +-
>  4 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index f307de561a..28259be733 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2866,7 +2866,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>  typedef enum ARMMMUIdx {
>      ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
>      ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_S1E2 = 2 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_E2 = 2 | ARM_MMU_IDX_A,
>      ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
>      ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
>      ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
> @@ -2892,7 +2892,7 @@ typedef enum ARMMMUIdx {
>  typedef enum ARMMMUIdxBit {
>      ARMMMUIdxBit_EL10_0 = 1 << 0,
>      ARMMMUIdxBit_EL10_1 = 1 << 1,
> -    ARMMMUIdxBit_S1E2 = 1 << 2,
> +    ARMMMUIdxBit_E2 = 1 << 2,
>      ARMMMUIdxBit_SE3 = 1 << 3,
>      ARMMMUIdxBit_SE0 = 1 << 4,
>      ARMMMUIdxBit_SE1 = 1 << 5,
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 50d258b0e1..aee54dc105 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -812,7 +812,7 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_EL10_1:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_Stage1_E1:
> -    case ARMMMUIdx_S1E2:
> +    case ARMMMUIdx_E2:
>      case ARMMMUIdx_Stage2:
>      case ARMMMUIdx_MPrivNegPri:
>      case ARMMMUIdx_MUserNegPri:
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 98d00b4549..5172843667 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -728,7 +728,7 @@ static void tlbiall_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  {
>      CPUState *cs = env_cpu(env);
>  
> -    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E2);
> +    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbiall_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -736,7 +736,7 @@ static void tlbiall_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  {
>      CPUState *cs = env_cpu(env);
>  
> -    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E2);
> +    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbimva_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -745,7 +745,7 @@ static void tlbimva_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      CPUState *cs = env_cpu(env);
>      uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12);
>  
> -    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E2);
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbimva_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -755,7 +755,7 @@ static void tlbimva_hyp_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      uint64_t pageaddr = value & ~MAKE_64BIT_MASK(0, 12);
>  
>      tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                             ARMMMUIdxBit_S1E2);
> +                                             ARMMMUIdxBit_E2);
>  }
>  
>  static const ARMCPRegInfo cp_reginfo[] = {
> @@ -3189,7 +3189,7 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
>      uint64_t par64;
>  
> -    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_S1E2);
> +    par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2);
>  
>      A32_BANKED_CURRENT_REG_SET(env, par, par64);
>  }
> @@ -3217,7 +3217,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
>              mmu_idx = secure ? ARMMMUIdx_SE1 : ARMMMUIdx_Stage1_E1;
>              break;
>          case 4: /* AT S1E2R, AT S1E2W */
> -            mmu_idx = ARMMMUIdx_S1E2;
> +            mmu_idx = ARMMMUIdx_E2;
>              break;
>          case 6: /* AT S1E3R, AT S1E3W */
>              mmu_idx = ARMMMUIdx_SE3;
> @@ -3954,7 +3954,7 @@ static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      ARMCPU *cpu = env_archcpu(env);
>      CPUState *cs = CPU(cpu);
>  
> -    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_S1E2);
> +    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbi_aa64_alle3_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -3980,7 +3980,7 @@ static void tlbi_aa64_alle2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  {
>      CPUState *cs = env_cpu(env);
>  
> -    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_S1E2);
> +    tlb_flush_by_mmuidx_all_cpus_synced(cs, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4002,7 +4002,7 @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      CPUState *cs = CPU(cpu);
>      uint64_t pageaddr = sextract64(value << 12, 0, 56);
>  
> -    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_S1E2);
> +    tlb_flush_page_by_mmuidx(cs, pageaddr, ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -4055,7 +4055,7 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      uint64_t pageaddr = sextract64(value << 12, 0, 56);
>  
>      tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
> -                                             ARMMMUIdxBit_S1E2);
> +                                             ARMMMUIdxBit_E2);
>  }
>  
>  static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -8565,7 +8565,7 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
>      case ARMMMUIdx_Stage2:
> -    case ARMMMUIdx_S1E2:
> +    case ARMMMUIdx_E2:
>          return 2;
>      case ARMMMUIdx_SE3:
>          return 3;
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 6cf2fe2806..51ea99e6f9 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -152,7 +152,7 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>       *  otherwise, access as if at PL0.
>       */
>      switch (s->mmu_idx) {
> -    case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
> +    case ARMMMUIdx_E2:        /* this one is UNPREDICTABLE */
>      case ARMMMUIdx_EL10_0:
>      case ARMMMUIdx_EL10_1:
>          return arm_to_core_mmu_idx(ARMMMUIdx_EL10_0);


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs
  2019-12-03  2:29 ` [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs Richard Henderson
@ 2019-12-04 11:43   ` Alex Bennée
  2019-12-04 14:27     ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:43 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> We had completely run out of TBFLAG bits.
> Split A- and M-profile bits into two overlapping buckets.
> This results in 4 free bits.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/cpu.h       | 52 ++++++++++++++++++++++++---------------
>  target/arm/helper.c    | 17 ++++++-------
>  target/arm/translate.c | 56 +++++++++++++++++++++++-------------------
>  3 files changed, 70 insertions(+), 55 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 28259be733..ae9fc1ded3 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -3188,38 +3188,50 @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
>   */
>  FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)

I'm not sure if this visual aid helps but here you go:

 *  31                  20 19    16 15         10 9            0
 * +----------------------+--------+-------------+--------------+
 * |                      |        |       TBFLAG_A64           |
 * |                      |     +--+-------------+--------------+
 * |     TBFLAG_ANY       |     |   TBFLAG_A32   |              |
 * |                      |     +-----+----------+  TBFLAG_AM32 |
 * |                      |           |TBFLAG_M32|              |
 * +----------------------+-----------+----------+--------------+

>  
> -/* Bit usage when in AArch32 state: */
> -FIELD(TBFLAG_A32, THUMB, 0, 1)          /* Not cached. */
> -FIELD(TBFLAG_A32, VECLEN, 1, 3)         /* Not cached. */
> -FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)      /* Not cached. */
> +/*
> + * Bit usage when in AArch32 state, both A- and M-profile.
> + */
> +FIELD(TBFLAG_AM32, CONDEXEC, 0, 8)      /* Not cached. */
> +FIELD(TBFLAG_AM32, THUMB, 8, 1)         /* Not cached. */
> +
> +/*
> + * Bit usage when in AArch32 state, for A-profile only.
> + */
> +FIELD(TBFLAG_A32, VECLEN, 9, 3)         /* Not cached. */
> +FIELD(TBFLAG_A32, VECSTRIDE, 12, 2)     /* Not cached. */
>  /*
>   * We store the bottom two bits of the CPAR as TB flags and handle
>   * checks on the other bits at runtime. This shares the same bits as
>   * VECSTRIDE, which is OK as no XScale CPU has VFP.
>   * Not cached, because VECLEN+VECSTRIDE are not cached.
>   */
> -FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
> +FIELD(TBFLAG_A32, XSCALE_CPAR, 12, 2)
> +FIELD(TBFLAG_A32, VFPEN, 14, 1)         /* Partially cached, minus FPEXC. */
> +FIELD(TBFLAG_A32, SCTLR_B, 15, 1)
>  /*
>   * Indicates whether cp register reads and writes by guest code should access
>   * the secure or nonsecure bank of banked registers; note that this is not
>   * the same thing as the current security state of the processor!
>   */
> -FIELD(TBFLAG_A32, NS, 6, 1)
> -FIELD(TBFLAG_A32, VFPEN, 7, 1)          /* Partially cached, minus FPEXC. */
> -FIELD(TBFLAG_A32, CONDEXEC, 8, 8)       /* Not cached. */
> -FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
> -/* For M profile only, set if FPCCR.LSPACT is set */
> -FIELD(TBFLAG_A32, LSPACT, 18, 1)        /* Not cached. */
> -/* For M profile only, set if we must create a new FP context */
> -FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* Not cached. */
> -/* For M profile only, set if FPCCR.S does not match current security state */
> -FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* Not cached. */
> -/* For M profile only, Handler (ie not Thread) mode */
> -FIELD(TBFLAG_A32, HANDLER, 21, 1)
> -/* For M profile only, whether we should generate stack-limit checks */
> -FIELD(TBFLAG_A32, STACKCHECK, 22, 1)
> +FIELD(TBFLAG_A32, NS, 16, 1)
>  
> -/* Bit usage when in AArch64 state */
> +/*
> + * Bit usage when in AArch32 state, for M-profile only.
> + */
> +/* Handler (ie not Thread) mode */
> +FIELD(TBFLAG_M32, HANDLER, 9, 1)
> +/* Whether we should generate stack-limit checks */
> +FIELD(TBFLAG_M32, STACKCHECK, 10, 1)
> +/* Set if FPCCR.LSPACT is set */
> +FIELD(TBFLAG_M32, LSPACT, 11, 1)                 /* Not cached. */
> +/* Set if we must create a new FP context */
> +FIELD(TBFLAG_M32, NEW_FP_CTXT_NEEDED, 12, 1)     /* Not cached. */
> +/* Set if FPCCR.S does not match current security state */
> +FIELD(TBFLAG_M32, FPCCR_S_WRONG, 13, 1)          /* Not cached. */
> +
> +/*
> + * Bit usage when in AArch64 state
> + */
>  FIELD(TBFLAG_A64, TBII, 0, 2)
>  FIELD(TBFLAG_A64, SVEEXC_EL, 2, 2)
>  FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 5172843667..ec5c7fa325 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -11207,11 +11207,8 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
>  {
>      uint32_t flags = 0;
>  
> -    /* v8M always enables the fpu.  */
> -    flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
> -
>      if (arm_v7m_is_handler_mode(env)) {
> -        flags = FIELD_DP32(flags, TBFLAG_A32, HANDLER, 1);
> +        flags = FIELD_DP32(flags, TBFLAG_M32, HANDLER, 1);
>      }
>  
>      /*
> @@ -11222,7 +11219,7 @@ static uint32_t rebuild_hflags_m32(CPUARMState *env, int fp_el,
>      if (arm_feature(env, ARM_FEATURE_V8) &&
>          !((mmu_idx & ARM_MMU_IDX_M_NEGPRI) &&
>            (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKOFHFNMIGN_MASK))) {
> -        flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1);
> +        flags = FIELD_DP32(flags, TBFLAG_M32, STACKCHECK, 1);
>      }
>  
>      return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
> @@ -11385,7 +11382,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
>              if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
>                  FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S)
>                  != env->v7m.secure) {
> -                flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
> +                flags = FIELD_DP32(flags, TBFLAG_M32, FPCCR_S_WRONG, 1);
>              }
>  
>              if ((env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
> @@ -11397,12 +11394,12 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
>                   * active FP context; we must create a new FP context before
>                   * executing any FP insn.
>                   */
> -                flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
> +                flags = FIELD_DP32(flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED, 1);
>              }
>  
>              bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
>              if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
> -                flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
> +                flags = FIELD_DP32(flags, TBFLAG_M32, LSPACT, 1);
>              }
>          } else {
>              /*
> @@ -11423,8 +11420,8 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
>              }
>          }
>  
> -        flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
> -        flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
> +        flags = FIELD_DP32(flags, TBFLAG_AM32, THUMB, env->thumb);
> +        flags = FIELD_DP32(flags, TBFLAG_AM32, CONDEXEC, env->condexec_bits);
>          pstate_for_ss = env->uncached_cpsr;
>      }
>  
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 51ea99e6f9..cd757165e1 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -10841,37 +10841,46 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
>       */
>      dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
>                                 !arm_el_is_aa64(env, 3);
> -    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
> -    dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
> -    dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
> -    condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
> +    dc->thumb = FIELD_EX32(tb_flags, TBFLAG_AM32, THUMB);
> +    condexec = FIELD_EX32(tb_flags, TBFLAG_AM32, CONDEXEC);
>      dc->condexec_mask = (condexec & 0xf) << 1;
>      dc->condexec_cond = condexec >> 4;
> +
>      core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
>      dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
>      dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
>  #if !defined(CONFIG_USER_ONLY)
>      dc->user = (dc->current_el == 0);
>  #endif
> -    dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
>      dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
> -    dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
> -    dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
> -    if (arm_feature(env, ARM_FEATURE_XSCALE)) {
> -        dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
> -        dc->vec_stride = 0;
> +
> +    if (arm_feature(env, ARM_FEATURE_M)) {
> +        dc->vfp_enabled = 1;
> +        dc->be_data = MO_TE;
> +        dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_M32, HANDLER);
> +        dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
> +            regime_is_secure(env, dc->mmu_idx);
> +        dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_M32, STACKCHECK);
> +        dc->v8m_fpccr_s_wrong =
> +            FIELD_EX32(tb_flags, TBFLAG_M32, FPCCR_S_WRONG);
> +        dc->v7m_new_fp_ctxt_needed =
> +            FIELD_EX32(tb_flags, TBFLAG_M32, NEW_FP_CTXT_NEEDED);
> +        dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_M32, LSPACT);
>      } else {
> -        dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
> -        dc->c15_cpar = 0;
> +        dc->be_data =
> +            FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
> +        dc->debug_target_el =
> +            FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
> +        dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
> +        dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
> +        dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
> +        if (arm_feature(env, ARM_FEATURE_XSCALE)) {
> +            dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
> +        } else {
> +            dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
> +            dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
> +        }
>      }
> -    dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
> -    dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
> -        regime_is_secure(env, dc->mmu_idx);
> -    dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
> -    dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
> -    dc->v7m_new_fp_ctxt_needed =
> -        FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
> -    dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
>      dc->cp_regs = cpu->cp_regs;
>      dc->features = env->features;
>  
> @@ -10893,9 +10902,6 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
>      dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
>      dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
>      dc->is_ldex = false;
> -    if (!arm_feature(env, ARM_FEATURE_M)) {
> -        dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
> -    }
>  
>      dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
>  
> @@ -11332,10 +11338,10 @@ static const TranslatorOps thumb_translator_ops = {
>  /* generate intermediate code for basic block 'tb'.  */
>  void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
>  {
> -    DisasContext dc;
> +    DisasContext dc = { };

We seemed to have dropped an initialise here which seems unrelated.

Otherwise:

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>


>      const TranslatorOps *ops = &arm_translator_ops;
>  
> -    if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
> +    if (FIELD_EX32(tb->flags, TBFLAG_AM32, THUMB)) {
>          ops = &thumb_translator_ops;
>      }
>  #ifdef TARGET_AARCH64


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits
  2019-12-03  2:29 ` [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits Richard Henderson
@ 2019-12-04 11:48   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:48 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> We are about to expand the number of mmuidx to 10, and so need 4 bits.
> For the benefit of reading the number out of -d exec, align it to the
> penultimate nibble.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index ae9fc1ded3..5f295c7e60 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -3176,17 +3176,17 @@ typedef ARMCPU ArchCPU;
>   * Unless otherwise noted, these bits are cached in env->hflags.
>   */
>  FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
> -FIELD(TBFLAG_ANY, MMUIDX, 28, 3)
> -FIELD(TBFLAG_ANY, SS_ACTIVE, 27, 1)
> -FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)     /* Not cached. */
> +FIELD(TBFLAG_ANY, SS_ACTIVE, 30, 1)
> +FIELD(TBFLAG_ANY, PSTATE_SS, 29, 1)     /* Not cached. */
> +FIELD(TBFLAG_ANY, BE_DATA, 28, 1)
> +FIELD(TBFLAG_ANY, MMUIDX, 24, 4)
>  /* Target EL if we take a floating-point-disabled exception */
> -FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
> -FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
> +FIELD(TBFLAG_ANY, FPEXC_EL, 22, 2)
>  /*
>   * For A-profile only, target EL for debug exceptions.
>   * Note that this overlaps with the M-profile-only HANDLER and STACKCHECK bits.
>   */
> -FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
> +FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 20, 2)
>  
>  /*
>   * Bit usage when in AArch32 state, both A- and M-profile.


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit
  2019-12-03  2:29 ` [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit Richard Henderson
@ 2019-12-04 11:56   ` Alex Bennée
  2019-12-04 16:01   ` Philippe Mathieu-Daudé
  1 sibling, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 11:56 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Define via macro expansion, so that renumbering of the base ARMMMUIdx
> symbols is automatically reflexed in the bit definitions.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu.h | 39 +++++++++++++++++++++++----------------
>  1 file changed, 23 insertions(+), 16 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 5f295c7e60..6ba5126852 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2886,27 +2886,34 @@ typedef enum ARMMMUIdx {
>      ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
>  } ARMMMUIdx;
>  
> -/* Bit macros for the core-mmu-index values for each index,
> +/*
> + * Bit macros for the core-mmu-index values for each index,
>   * for use when calling tlb_flush_by_mmuidx() and friends.
>   */
> +#define TO_CORE_BIT(NAME) \
> +    ARMMMUIdxBit_##NAME = 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_MASK)
> +
>  typedef enum ARMMMUIdxBit {
> -    ARMMMUIdxBit_EL10_0 = 1 << 0,
> -    ARMMMUIdxBit_EL10_1 = 1 << 1,
> -    ARMMMUIdxBit_E2 = 1 << 2,
> -    ARMMMUIdxBit_SE3 = 1 << 3,
> -    ARMMMUIdxBit_SE0 = 1 << 4,
> -    ARMMMUIdxBit_SE1 = 1 << 5,
> -    ARMMMUIdxBit_Stage2 = 1 << 6,
> -    ARMMMUIdxBit_MUser = 1 << 0,
> -    ARMMMUIdxBit_MPriv = 1 << 1,
> -    ARMMMUIdxBit_MUserNegPri = 1 << 2,
> -    ARMMMUIdxBit_MPrivNegPri = 1 << 3,
> -    ARMMMUIdxBit_MSUser = 1 << 4,
> -    ARMMMUIdxBit_MSPriv = 1 << 5,
> -    ARMMMUIdxBit_MSUserNegPri = 1 << 6,
> -    ARMMMUIdxBit_MSPrivNegPri = 1 << 7,
> +    TO_CORE_BIT(EL10_0),
> +    TO_CORE_BIT(EL10_1),
> +    TO_CORE_BIT(E2),
> +    TO_CORE_BIT(SE0),
> +    TO_CORE_BIT(SE1),
> +    TO_CORE_BIT(SE3),
> +    TO_CORE_BIT(Stage2),
> +
> +    TO_CORE_BIT(MUser),
> +    TO_CORE_BIT(MPriv),
> +    TO_CORE_BIT(MUserNegPri),
> +    TO_CORE_BIT(MPrivNegPri),
> +    TO_CORE_BIT(MSUser),
> +    TO_CORE_BIT(MSPriv),
> +    TO_CORE_BIT(MSUserNegPri),
> +    TO_CORE_BIT(MSPrivNegPri),
>  } ARMMMUIdxBit;
>  
> +#undef TO_CORE_BIT
> +
>  #define MMU_USER_IDX 0
>  
>  static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx
  2019-12-03  2:29 ` [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx Richard Henderson
@ 2019-12-04 13:44   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 13:44 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Prepare for, but do not yet implement, the EL2&0 regime.
> This involves adding the new MMUIdx enumerators and adjusting
> some of the MMUIdx related predicates to match.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/cpu-param.h |   2 +-
>  target/arm/cpu.h       | 128 ++++++++++++++++++-----------------------
>  target/arm/internals.h |  37 +++++++++++-
>  target/arm/helper.c    |  66 ++++++++++++++++++---
>  target/arm/translate.c |   1 -
>  5 files changed, 150 insertions(+), 84 deletions(-)
>
> diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
> index 6e6948e960..18ac562346 100644
> --- a/target/arm/cpu-param.h
> +++ b/target/arm/cpu-param.h
> @@ -29,6 +29,6 @@
>  # define TARGET_PAGE_BITS_MIN  10
>  #endif
>  
> -#define NB_MMU_MODES 8
> +#define NB_MMU_MODES 9
>  
>  #endif
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 015301e93a..bf8eb57e3a 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2778,7 +2778,9 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>   *  + NonSecure EL1 & 0 stage 1
>   *  + NonSecure EL1 & 0 stage 2
>   *  + NonSecure EL2
> - *  + Secure EL1 & EL0
> + *  + NonSecure EL2 & 0   (ARMv8.1-VHE)
> + *  + Secure EL0
> + *  + Secure EL1
>   *  + Secure EL3
>   * If EL3 is 32-bit:
>   *  + NonSecure PL1 & 0 stage 1
> @@ -2788,8 +2790,9 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>   * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.)
>   *
>   * For QEMU, an mmu_idx is not quite the same as a translation regime because:
> - *  1. we need to split the "EL1 & 0" regimes into two mmu_idxes, because they
> - *     may differ in access permissions even if the VA->PA map is the same
> + *  1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_idxes,
> + *     because they may differ in access permissions even if the VA->PA map is
> + *     the same
>   *  2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage 1+2
>   *     translation, which means that we have one mmu_idx that deals with two
>   *     concatenated translation regimes [this sort of combined s1+2 TLB is
> @@ -2801,19 +2804,23 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>   *  4. we can also safely fold together the "32 bit EL3" and "64 bit EL3"
>   *     translation regimes, because they map reasonably well to each other
>   *     and they can't both be active at the same time.
> - * This gives us the following list of mmu_idx values:
> + *  5. we want to be able to use the TLB for accesses done as part of a
> + *     stage1 page table walk, rather than having to walk the stage2 page
> + *     table over and over.
>   *
> - * NS EL0 (aka NS PL0) stage 1+2
> - * NS EL1 (aka NS PL1) stage 1+2
> + * This gives us the following list of cases:
> + *
> + * NS EL0 (aka NS PL0) EL1&0 stage 1+2
> + * NS EL1 (aka NS PL1) EL1&0 stage 1+2
> + * NS EL0 EL2&0
> + * NS EL2 EL2&0
>   * NS EL2 (aka NS PL2)
> - * S EL3 (aka S PL1)
>   * S EL0 (aka S PL0)
>   * S EL1 (not used if EL3 is 32 bit)
> - * NS EL0+1 stage 2
> + * S EL3 (aka S PL1)
> + * NS EL0&1 stage 2
>   *
> - * (The last of these is an mmu_idx because we want to be able to use the TLB
> - * for the accesses done as part of a stage 1 page table walk, rather than
> - * having to walk the stage 2 page table over and over.)
> + * for a total of 9 different mmu_idx.
>   *
>   * R profile CPUs have an MPU, but can use the same set of MMU indexes
>   * as A profile. They only need to distinguish NS EL0 and NS EL1 (and
> @@ -2851,26 +2858,47 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
>   * For M profile we arrange them to have a bit for priv, a bit for negpri
>   * and a bit for secure.
>   */
> -#define ARM_MMU_IDX_A 0x10 /* A profile */
> -#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */
> -#define ARM_MMU_IDX_M 0x40 /* M profile */
> +#define ARM_MMU_IDX_A     0x10  /* A profile */
> +#define ARM_MMU_IDX_NOTLB 0x20  /* does not have a TLB */
> +#define ARM_MMU_IDX_M     0x40  /* M profile */
>  
> -/* meanings of the bits for M profile mmu idx values */
> -#define ARM_MMU_IDX_M_PRIV 0x1
> +/* Meanings of the bits for M profile mmu idx values */
> +#define ARM_MMU_IDX_M_PRIV   0x1
>  #define ARM_MMU_IDX_M_NEGPRI 0x2
> -#define ARM_MMU_IDX_M_S 0x4
> +#define ARM_MMU_IDX_M_S      0x4  /* Secure */
>  
> -#define ARM_MMU_IDX_TYPE_MASK (~0x7)
> -#define ARM_MMU_IDX_COREIDX_MASK 0x7
> +#define ARM_MMU_IDX_TYPE_MASK \
> +    (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB)
> +#define ARM_MMU_IDX_COREIDX_MASK 0xf
>  
>  typedef enum ARMMMUIdx {
> +    /*
> +     * A-profile.
> +     */
>      ARMMMUIdx_EL10_0 = 0 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_EL10_1 = 1 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_E2 = 2 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_SE3 = 3 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_SE0 = 4 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_SE1 = 5 | ARM_MMU_IDX_A,
> -    ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_EL20_0 = 1 | ARM_MMU_IDX_A,
> +
> +    ARMMMUIdx_EL10_1 = 2 | ARM_MMU_IDX_A,
> +
> +    ARMMMUIdx_E2 =     3 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_EL20_2 = 4 | ARM_MMU_IDX_A,
> +
> +    ARMMMUIdx_SE0 =    5 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_SE1 =    6 | ARM_MMU_IDX_A,
> +    ARMMMUIdx_SE3 =    7 | ARM_MMU_IDX_A,
> +
> +    ARMMMUIdx_Stage2 = 8 | ARM_MMU_IDX_A,
> +
> +    /*
> +     * These are not allocated TLBs and are used only for AT system
> +     * instructions or for the first stage of an S12 page table walk.
> +     */
> +    ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
> +    ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
> +
> +    /*
> +     * M-profile.
> +     */
>      ARMMMUIdx_MUser = ARM_MMU_IDX_M,
>      ARMMMUIdx_MPriv = ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV,
>      ARMMMUIdx_MUserNegPri = ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI,
> @@ -2879,11 +2907,6 @@ typedef enum ARMMMUIdx {
>      ARMMMUIdx_MSPriv = ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S,
>      ARMMMUIdx_MSUserNegPri = ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S,
>      ARMMMUIdx_MSPrivNegPri = ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S,
> -    /* Indexes below here don't have TLBs and are used only for AT system
> -     * instructions or for the first stage of an S12 page table walk.
> -     */
> -    ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
> -    ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
>  } ARMMMUIdx;
>  
>  /*
> @@ -2895,8 +2918,10 @@ typedef enum ARMMMUIdx {
>  
>  typedef enum ARMMMUIdxBit {
>      TO_CORE_BIT(EL10_0),
> +    TO_CORE_BIT(EL20_0),
>      TO_CORE_BIT(EL10_1),
>      TO_CORE_BIT(E2),
> +    TO_CORE_BIT(EL20_2),
>      TO_CORE_BIT(SE0),
>      TO_CORE_BIT(SE1),
>      TO_CORE_BIT(SE3),
> @@ -2916,49 +2941,6 @@ typedef enum ARMMMUIdxBit {
>  
>  #define MMU_USER_IDX 0
>  
> -static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
> -{
> -    return mmu_idx & ARM_MMU_IDX_COREIDX_MASK;
> -}
> -
> -static inline ARMMMUIdx core_to_arm_mmu_idx(CPUARMState *env, int mmu_idx)
> -{
> -    if (arm_feature(env, ARM_FEATURE_M)) {
> -        return mmu_idx | ARM_MMU_IDX_M;
> -    } else {
> -        return mmu_idx | ARM_MMU_IDX_A;
> -    }
> -}
> -
> -/* Return the exception level we're running at if this is our mmu_idx */
> -static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
> -{
> -    switch (mmu_idx & ARM_MMU_IDX_TYPE_MASK) {
> -    case ARM_MMU_IDX_A:
> -        return mmu_idx & 3;
> -    case ARM_MMU_IDX_M:
> -        return mmu_idx & ARM_MMU_IDX_M_PRIV;
> -    default:
> -        g_assert_not_reached();
> -    }
> -}
> -
> -/*
> - * Return the MMU index for a v7M CPU with all relevant information
> - * manually specified.
> - */
> -ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
> -                              bool secstate, bool priv, bool negpri);
> -
> -/* Return the MMU index for a v7M CPU in the specified security and
> - * privilege state.
> - */
> -ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
> -                                                bool secstate, bool priv);
> -
> -/* Return the MMU index for a v7M CPU in the specified security state */
> -ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate);
> -
>  /**
>   * cpu_mmu_index:
>   * @env: The cpu environment
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index aee54dc105..d73615064c 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -769,6 +769,39 @@ bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
>                        MMUAccessType access_type, int mmu_idx,
>                        bool probe, uintptr_t retaddr);
>  
> +static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
> +{
> +    return mmu_idx & ARM_MMU_IDX_COREIDX_MASK;
> +}
> +
> +static inline ARMMMUIdx core_to_arm_mmu_idx(CPUARMState *env, int mmu_idx)
> +{
> +    if (arm_feature(env, ARM_FEATURE_M)) {
> +        return mmu_idx | ARM_MMU_IDX_M;
> +    } else {
> +        return mmu_idx | ARM_MMU_IDX_A;
> +    }
> +}
> +
> +int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx);
> +
> +/*
> + * Return the MMU index for a v7M CPU with all relevant information
> + * manually specified.
> + */
> +ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
> +                              bool secstate, bool priv, bool negpri);
> +
> +/*
> + * Return the MMU index for a v7M CPU in the specified security and
> + * privilege state.
> + */
> +ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
> +                                                bool secstate, bool priv);
> +
> +/* Return the MMU index for a v7M CPU in the specified security state */
> +ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate);
> +
>  /* Return true if the stage 1 translation regime is using LPAE format page
>   * tables */
>  bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx);
> @@ -810,6 +843,8 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      switch (mmu_idx) {
>      case ARMMMUIdx_EL10_0:
>      case ARMMMUIdx_EL10_1:
> +    case ARMMMUIdx_EL20_0:
> +    case ARMMMUIdx_EL20_2:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_Stage1_E1:
>      case ARMMMUIdx_E2:
> @@ -819,9 +854,9 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_MPriv:
>      case ARMMMUIdx_MUser:
>          return false;
> -    case ARMMMUIdx_SE3:
>      case ARMMMUIdx_SE0:
>      case ARMMMUIdx_SE1:
> +    case ARMMMUIdx_SE3:
>      case ARMMMUIdx_MSPrivNegPri:
>      case ARMMMUIdx_MSUserNegPri:
>      case ARMMMUIdx_MSPriv:
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index ec5c7fa325..f86285ffbe 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -8561,9 +8561,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
>  #endif /* !CONFIG_USER_ONLY */
>  
>  /* Return the exception level which controls this address translation regime */
> -static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
> +static uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
> +    case ARMMMUIdx_EL20_0:
> +    case ARMMMUIdx_EL20_2:
>      case ARMMMUIdx_Stage2:
>      case ARMMMUIdx_E2:
>          return 2;
> @@ -8574,6 +8576,8 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
>      case ARMMMUIdx_SE1:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_Stage1_E1:
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL10_1:
>      case ARMMMUIdx_MPrivNegPri:
>      case ARMMMUIdx_MUserNegPri:
>      case ARMMMUIdx_MPriv:
> @@ -8675,10 +8679,14 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
>   */
>  static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
>  {
> -    if (mmu_idx == ARMMMUIdx_EL10_0 || mmu_idx == ARMMMUIdx_EL10_1) {
> -        mmu_idx += (ARMMMUIdx_Stage1_E0 - ARMMMUIdx_EL10_0);
> +    switch (mmu_idx) {
> +    case ARMMMUIdx_EL10_0:
> +        return ARMMMUIdx_Stage1_E0;
> +    case ARMMMUIdx_EL10_1:
> +        return ARMMMUIdx_Stage1_E1;
> +    default:
> +        return mmu_idx;
>      }
> -    return mmu_idx;
>  }
>  
>  /* Return true if the translation regime is using LPAE format page tables */
> @@ -8711,6 +8719,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
>      switch (mmu_idx) {
>      case ARMMMUIdx_SE0:
> +    case ARMMMUIdx_EL20_0:
>      case ARMMMUIdx_Stage1_E0:
>      case ARMMMUIdx_MUser:
>      case ARMMMUIdx_MSUser:
> @@ -11136,6 +11145,31 @@ int fp_exception_el(CPUARMState *env, int cur_el)
>      return 0;
>  }
>  
> +/* Return the exception level we're running at if this is our mmu_idx */
> +int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
> +{
> +    if (mmu_idx & ARM_MMU_IDX_M) {
> +        return mmu_idx & ARM_MMU_IDX_M_PRIV;
> +    }
> +
> +    switch (mmu_idx) {
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL20_0:
> +    case ARMMMUIdx_SE0:
> +        return 0;
> +    case ARMMMUIdx_EL10_1:
> +    case ARMMMUIdx_SE1:
> +        return 1;
> +    case ARMMMUIdx_E2:
> +    case ARMMMUIdx_EL20_2:
> +        return 2;
> +    case ARMMMUIdx_SE3:
> +        return 3;
> +    default:
> +        g_assert_not_reached();
> +    }
> +}
> +
>  #ifndef CONFIG_TCG
>  ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
>  {
> @@ -11149,10 +11183,26 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
>          return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
>      }
>  
> -    if (el < 2 && arm_is_secure_below_el3(env)) {
> -        return ARMMMUIdx_SE0 + el;
> -    } else {
> -        return ARMMMUIdx_EL10_0 + el;
> +    switch (el) {
> +    case 0:
> +        /* TODO: ARMv8.1-VHE */
> +        if (arm_is_secure_below_el3(env)) {
> +            return ARMMMUIdx_SE0;
> +        }
> +        return ARMMMUIdx_EL10_0;
> +    case 1:
> +        if (arm_is_secure_below_el3(env)) {
> +            return ARMMMUIdx_SE1;
> +        }
> +        return ARMMMUIdx_EL10_1;
> +    case 2:
> +        /* TODO: ARMv8.1-VHE */
> +        /* TODO: ARMv8.4-SecEL2 */
> +        return ARMMMUIdx_E2;
> +    case 3:
> +        return ARMMMUIdx_SE3;
> +    default:
> +        g_assert_not_reached();
>      }
>  }
>  
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index cd757165e1..b7f726e733 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -172,7 +172,6 @@ static inline int get_a32_user_mem_index(DisasContext *s)
>      case ARMMMUIdx_MSUserNegPri:
>      case ARMMMUIdx_MSPrivNegPri:
>          return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
> -    case ARMMMUIdx_Stage2:
>      default:
>          g_assert_not_reached();
>      }


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 19/40] target/arm: Add regime_has_2_ranges
  2019-12-03  2:29 ` [PATCH v4 19/40] target/arm: Add regime_has_2_ranges Richard Henderson
@ 2019-12-04 14:16   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 14:16 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/internals.h     | 16 ++++++++++++++++
>  target/arm/helper.c        | 23 ++++++-----------------
>  target/arm/translate-a64.c |  3 +--
>  3 files changed, 23 insertions(+), 19 deletions(-)
>
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index d73615064c..1ca9a7cc78 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -837,6 +837,22 @@ static inline void arm_call_el_change_hook(ARMCPU *cpu)
>      }
>  }
>  
> +/* Return true if this address translation regime has two ranges.  */
> +static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx)
> +{
> +    switch (mmu_idx) {
> +    case ARMMMUIdx_Stage1_E0:
> +    case ARMMMUIdx_Stage1_E1:
> +    case ARMMMUIdx_EL10_0:
> +    case ARMMMUIdx_EL10_1:
> +    case ARMMMUIdx_EL20_0:
> +    case ARMMMUIdx_EL20_2:
> +        return true;
> +    default:
> +        return false;
> +    }
> +}
> +
>  /* Return true if this address translation regime is secure */
>  static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
>  {
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index f86285ffbe..27adf24fa6 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -8885,15 +8885,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
>      }
>  
>      if (is_aa64) {
> -        switch (regime_el(env, mmu_idx)) {
> -        case 1:
> -            if (!is_user) {
> -                xn = pxn || (user_rw & PAGE_WRITE);
> -            }
> -            break;
> -        case 2:
> -        case 3:
> -            break;
> +        if (regime_has_2_ranges(mmu_idx) && !is_user) {
> +            xn = pxn || (user_rw & PAGE_WRITE);
>          }
>      } else if (arm_feature(env, ARM_FEATURE_V7)) {
>          switch (regime_el(env, mmu_idx)) {
> @@ -9427,7 +9420,6 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
>                                          ARMMMUIdx mmu_idx)
>  {
>      uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
> -    uint32_t el = regime_el(env, mmu_idx);
>      bool tbi, tbid, epd, hpd, using16k, using64k;
>      int select, tsz;
>  
> @@ -9437,7 +9429,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
>       */
>      select = extract64(va, 55, 1);
>  
> -    if (el > 1) {
> +    if (!regime_has_2_ranges(mmu_idx)) {
>          tsz = extract32(tcr, 0, 6);
>          using64k = extract32(tcr, 14, 1);
>          using16k = extract32(tcr, 15, 1);
> @@ -9593,10 +9585,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>          param = aa64_va_parameters(env, address, mmu_idx,
>                                     access_type != MMU_INST_FETCH);
>          level = 0;
> -        /* If we are in 64-bit EL2 or EL3 then there is no TTBR1, so mark it
> -         * invalid.
> -         */
> -        ttbr1_valid = (el < 2);
> +        ttbr1_valid = regime_has_2_ranges(mmu_idx);
>          addrsize = 64 - 8 * param.tbi;
>          inputsize = 64 - param.tsz;
>      } else {
> @@ -11306,8 +11295,8 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
>  
>      flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
>  
> -    /* FIXME: ARMv8.1-VHE S2 translation regime.  */
> -    if (regime_el(env, stage1) < 2) {
> +    /* Get control bits for tagged addresses.  */
> +    if (regime_has_2_ranges(mmu_idx)) {
>          ARMVAParameters p1 = aa64_va_parameters_both(env, -1, stage1);
>          tbid = (p1.tbi << 1) | p0.tbi;
>          tbii = tbid & ~((p1.tbid << 1) | p0.tbid);
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 885c99f0c9..d0b65c49e2 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -175,8 +175,7 @@ static void gen_top_byte_ignore(DisasContext *s, TCGv_i64 dst,
>      if (tbi == 0) {
>          /* Load unmodified address */
>          tcg_gen_mov_i64(dst, src);
> -    } else if (s->current_el >= 2) {
> -        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
> +    } else if (!regime_has_2_ranges(s->mmu_idx)) {
>          /* Force tag byte to all zero */
>          tcg_gen_extract_i64(dst, src, 0, 56);
>      } else {


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs
  2019-12-04 11:43   ` Alex Bennée
@ 2019-12-04 14:27     ` Richard Henderson
  2019-12-04 15:53       ` Alex Bennée
  0 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-04 14:27 UTC (permalink / raw)
  To: Alex Bennée; +Cc: peter.maydell, qemu-devel

On 12/4/19 3:43 AM, Alex Bennée wrote:
> I'm not sure if this visual aid helps but here you go:
> 
>  *  31                  20 19    16 15         10 9            0
>  * +----------------------+--------+-------------+--------------+
>  * |                      |        |       TBFLAG_A64           |
>  * |                      |     +--+-------------+--------------+
>  * |     TBFLAG_ANY       |     |   TBFLAG_A32   |              |
>  * |                      |     +-----+----------+  TBFLAG_AM32 |
>  * |                      |           |TBFLAG_M32|              |
>  * +----------------------+-----------+----------+--------------+

Oooh ahh.  Pretty.  Sure, that's helpful.  We'll see how irritating it is to
keep up-to-date as time goes on.  ;-)


>>  void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
>>  {
>> -    DisasContext dc;
>> +    DisasContext dc = { };
> 
> We seemed to have dropped an initialise here which seems unrelated.

Added, not dropped.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE
  2019-12-03  2:29 ` [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE Richard Henderson
@ 2019-12-04 14:37   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 14:37 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Return the indexes for the EL2&0 regime when the appropriate bits
> are set within HCR_EL2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/helper.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 27adf24fa6..c6b4c0a25f 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -11172,12 +11172,16 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
>          return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
>      }
>  
> +    /* See ARM pseudo-function ELIsInHost.  */
>      switch (el) {
>      case 0:
> -        /* TODO: ARMv8.1-VHE */
>          if (arm_is_secure_below_el3(env)) {
>              return ARMMMUIdx_SE0;
>          }
> +        if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)
> +            && arm_el_is_aa64(env, 2)) {
> +            return ARMMMUIdx_EL20_0;
> +        }
>          return ARMMMUIdx_EL10_0;
>      case 1:
>          if (arm_is_secure_below_el3(env)) {
> @@ -11185,8 +11189,11 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
>          }
>          return ARMMMUIdx_EL10_1;
>      case 2:
> -        /* TODO: ARMv8.1-VHE */
>          /* TODO: ARMv8.4-SecEL2 */
> +        /* Note that TGE does not apply at EL2.  */
> +        if ((env->cp15.hcr_el2 & HCR_E2H) && arm_el_is_aa64(env, 2)) {
> +            return ARMMMUIdx_EL20_2;
> +        }
>          return ARMMMUIdx_E2;
>      case 3:
>          return ARMMMUIdx_SE3;


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2
  2019-12-03  2:29 ` [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2 Richard Henderson
@ 2019-12-04 15:01   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 15:01 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> The comment that we don't support EL2 is somewhat out of date.
> Update to include checks against HCR_EL2.TDZ.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/helper.c | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 4f5e0b656c..ffa82b5509 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -4109,11 +4109,27 @@ static void tlbi_aa64_ipas2e1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri,
>                                        bool isread)
>  {
> -    /* We don't implement EL2, so the only control on DC ZVA is the
> -     * bit in the SCTLR which can prohibit access for EL0.
> -     */
> -    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_DZE)) {
> -        return CP_ACCESS_TRAP;
> +    int cur_el = arm_current_el(env);
> +
> +    if (cur_el < 2) {
> +        uint64_t hcr = arm_hcr_el2_eff(env);
> +
> +        if (cur_el == 0) {
> +            if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
> +                if (!(env->cp15.sctlr_el[2] & SCTLR_DZE)) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            } else {
> +                if (!(env->cp15.sctlr_el[1] & SCTLR_DZE)) {
> +                    return CP_ACCESS_TRAP;
> +                }
> +                if (hcr & HCR_TDZ) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            }
> +        } else if (hcr & HCR_TDZ) {
> +            return CP_ACCESS_TRAP_EL2;
> +        }
>      }
>      return CP_ACCESS_OK;
>  }


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs
  2019-12-04 14:27     ` Richard Henderson
@ 2019-12-04 15:53       ` Alex Bennée
  2019-12-04 16:19         ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 15:53 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> On 12/4/19 3:43 AM, Alex Bennée wrote:
<snip>
>>>  void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
>>>  {
>>> -    DisasContext dc;
>>> +    DisasContext dc = { };
>> 
>> We seemed to have dropped an initialise here which seems unrelated.
>
> Added, not dropped.

But is it related to this patch or fixing another bug?


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit
  2019-12-03  2:29 ` [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit Richard Henderson
  2019-12-04 11:56   ` Alex Bennée
@ 2019-12-04 16:01   ` Philippe Mathieu-Daudé
  1 sibling, 0 replies; 94+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-04 16:01 UTC (permalink / raw)
  To: Richard Henderson, qemu-devel; +Cc: peter.maydell, alex.bennee

On 12/3/19 3:29 AM, Richard Henderson wrote:
> Define via macro expansion, so that renumbering of the base ARMMMUIdx
> symbols is automatically reflexed in the bit definitions.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/arm/cpu.h | 39 +++++++++++++++++++++++----------------
>   1 file changed, 23 insertions(+), 16 deletions(-)
> 
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 5f295c7e60..6ba5126852 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2886,27 +2886,34 @@ typedef enum ARMMMUIdx {
>       ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
>   } ARMMMUIdx;
>   
> -/* Bit macros for the core-mmu-index values for each index,
> +/*
> + * Bit macros for the core-mmu-index values for each index,
>    * for use when calling tlb_flush_by_mmuidx() and friends.
>    */
> +#define TO_CORE_BIT(NAME) \
> +    ARMMMUIdxBit_##NAME = 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_MASK)
> +
>   typedef enum ARMMMUIdxBit {
> -    ARMMMUIdxBit_EL10_0 = 1 << 0,
> -    ARMMMUIdxBit_EL10_1 = 1 << 1,
> -    ARMMMUIdxBit_E2 = 1 << 2,
> -    ARMMMUIdxBit_SE3 = 1 << 3,
> -    ARMMMUIdxBit_SE0 = 1 << 4,
> -    ARMMMUIdxBit_SE1 = 1 << 5,
> -    ARMMMUIdxBit_Stage2 = 1 << 6,
> -    ARMMMUIdxBit_MUser = 1 << 0,
> -    ARMMMUIdxBit_MPriv = 1 << 1,
> -    ARMMMUIdxBit_MUserNegPri = 1 << 2,
> -    ARMMMUIdxBit_MPrivNegPri = 1 << 3,
> -    ARMMMUIdxBit_MSUser = 1 << 4,
> -    ARMMMUIdxBit_MSPriv = 1 << 5,
> -    ARMMMUIdxBit_MSUserNegPri = 1 << 6,
> -    ARMMMUIdxBit_MSPrivNegPri = 1 << 7,
> +    TO_CORE_BIT(EL10_0),
> +    TO_CORE_BIT(EL10_1),
> +    TO_CORE_BIT(E2),
> +    TO_CORE_BIT(SE0),
> +    TO_CORE_BIT(SE1),
> +    TO_CORE_BIT(SE3),
> +    TO_CORE_BIT(Stage2),
> +
> +    TO_CORE_BIT(MUser),
> +    TO_CORE_BIT(MPriv),
> +    TO_CORE_BIT(MUserNegPri),
> +    TO_CORE_BIT(MPrivNegPri),
> +    TO_CORE_BIT(MSUser),
> +    TO_CORE_BIT(MSPriv),
> +    TO_CORE_BIT(MSUserNegPri),
> +    TO_CORE_BIT(MSPrivNegPri),
>   } ARMMMUIdxBit;
>   
> +#undef TO_CORE_BIT
> +
>   #define MMU_USER_IDX 0
>   
>   static inline int arm_to_core_mmu_idx(ARMMMUIdx mmu_idx)
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 23/40] target/arm: Update ctr_el0_access for EL2
  2019-12-03  2:29 ` [PATCH v4 23/40] target/arm: Update ctr_el0_access " Richard Henderson
@ 2019-12-04 16:11   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 16:11 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Update to include checks against HCR_EL2.TID2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/helper.c | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index ffa82b5509..9ad5015d5c 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -5212,11 +5212,27 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
>  static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
>                                       bool isread)
>  {
> -    /* Only accessible in EL0 if SCTLR.UCT is set (and only in AArch64,
> -     * but the AArch32 CTR has its own reginfo struct)
> -     */
> -    if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UCT)) {
> -        return CP_ACCESS_TRAP;
> +    int cur_el = arm_current_el(env);
> +
> +    if (cur_el < 2) {
> +        uint64_t hcr = arm_hcr_el2_eff(env);
> +
> +        if (cur_el == 0) {
> +            if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
> +                if (!(env->cp15.sctlr_el[2] & SCTLR_UCT)) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            } else {
> +                if (!(env->cp15.sctlr_el[1] & SCTLR_UCT)) {
> +                    return CP_ACCESS_TRAP;
> +                }
> +                if (hcr & HCR_TID2) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            }
> +        } else if (hcr & HCR_TID2) {
> +            return CP_ACCESS_TRAP_EL2;
> +        }
>      }
>      return CP_ACCESS_OK;
>  }


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs
  2019-12-04 15:53       ` Alex Bennée
@ 2019-12-04 16:19         ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-04 16:19 UTC (permalink / raw)
  To: Alex Bennée; +Cc: peter.maydell, qemu-devel

On 12/4/19 7:53 AM, Alex Bennée wrote:
> 
> Richard Henderson <richard.henderson@linaro.org> writes:
> 
>> On 12/4/19 3:43 AM, Alex Bennée wrote:
> <snip>
>>>>  void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
>>>>  {
>>>> -    DisasContext dc;
>>>> +    DisasContext dc = { };
>>>
>>> We seemed to have dropped an initialise here which seems unrelated.
>>
>> Added, not dropped.
> 
> But is it related to this patch or fixing another bug?

It is related to the patch.

We used to initialize all of the a32 and m32 fields in DisasContext by
assignment.  Now we only initialize either the a32 or m32 by assignment,
because the bits overlap in tbflags.  So zero out the other bits here.

I'll add this to the commit message.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 25/40] target/arm: Update timer access for VHE
  2019-12-03  2:29 ` [PATCH v4 25/40] target/arm: Update timer access for VHE Richard Henderson
@ 2019-12-04 18:35   ` Alex Bennée
  0 siblings, 0 replies; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 18:35 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  target/arm/helper.c | 102 +++++++++++++++++++++++++++++++++++---------
>  1 file changed, 81 insertions(+), 21 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index a4a7f82661..023b8963cf 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -2287,10 +2287,18 @@ static CPAccessResult gt_cntfrq_access(CPUARMState *env, const ARMCPRegInfo *ri,
>       * Writable only at the highest implemented exception level.
>       */
>      int el = arm_current_el(env);
> +    uint64_t hcr;
> +    uint32_t cntkctl;
>  
>      switch (el) {
>      case 0:
> -        if (!extract32(env->cp15.c14_cntkctl, 0, 2)) {
> +        hcr = arm_hcr_el2_eff(env);
> +        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
> +            cntkctl = env->cp15.cnthctl_el2;
> +        } else {
> +            cntkctl = env->cp15.c14_cntkctl;
> +        }
> +        if (!extract32(cntkctl, 0, 2)) {
>              return CP_ACCESS_TRAP;
>          }
>          break;
> @@ -2318,17 +2326,47 @@ static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx,
>  {
>      unsigned int cur_el = arm_current_el(env);
>      bool secure = arm_is_secure(env);
> +    uint64_t hcr = arm_hcr_el2_eff(env);
>  
> -    /* CNT[PV]CT: not visible from PL0 if ELO[PV]CTEN is zero */
> -    if (cur_el == 0 &&
> -        !extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
> -        return CP_ACCESS_TRAP;
> -    }
> +    switch (cur_el) {
> +    case 0:
> +        /* If HCR_EL2.<E2H,TGE> == '11': check CNTHCTL_EL2.EL0[PV]CTEN. */
> +        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
> +            return (extract32(env->cp15.cnthctl_el2, timeridx, 1)
> +                    ? CP_ACCESS_OK : CP_ACCESS_TRAP_EL2);
> +        }
>  
> -    if (arm_feature(env, ARM_FEATURE_EL2) &&
> -        timeridx == GTIMER_PHYS && !secure && cur_el < 2 &&
> -        !extract32(env->cp15.cnthctl_el2, 0, 1)) {
> -        return CP_ACCESS_TRAP_EL2;
> +        /* CNT[PV]CT: not visible from PL0 if EL0[PV]CTEN is zero */
> +        if (!extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
> +            return CP_ACCESS_TRAP;
> +        }
> +
> +        /* If HCR_EL2.<E2H,TGE> == '10': check CNTHCTL_EL2.EL1PCTEN. */
> +        if (hcr & HCR_E2H) {
> +            if (timeridx == GTIMER_PHYS &&
> +                !extract32(env->cp15.cnthctl_el2, 10, 1)) {
> +                return CP_ACCESS_TRAP_EL2;
> +            }
> +        } else {
> +            /* If HCR_EL2.<E2H> == 0: check CNTHCTL_EL2.EL1PCEN. */
> +            if (arm_feature(env, ARM_FEATURE_EL2) &&
> +                timeridx == GTIMER_PHYS && !secure &&
> +                !extract32(env->cp15.cnthctl_el2, 1, 1)) {
> +                return CP_ACCESS_TRAP_EL2;
> +            }
> +        }
> +        break;
> +
> +    case 1:
> +        /* Check CNTHCTL_EL2.EL1PCTEN, which changes location based on E2H. */
> +        if (arm_feature(env, ARM_FEATURE_EL2) &&
> +            timeridx == GTIMER_PHYS && !secure &&
> +            (hcr & HCR_E2H
> +             ? !extract32(env->cp15.cnthctl_el2, 10, 1)
> +             : !extract32(env->cp15.cnthctl_el2, 0, 1))) {
> +            return CP_ACCESS_TRAP_EL2;
> +        }
> +        break;
>      }
>      return CP_ACCESS_OK;
>  }
> @@ -2338,19 +2376,41 @@ static CPAccessResult gt_timer_access(CPUARMState *env, int timeridx,
>  {
>      unsigned int cur_el = arm_current_el(env);
>      bool secure = arm_is_secure(env);
> +    uint64_t hcr = arm_hcr_el2_eff(env);
>  
> -    /* CNT[PV]_CVAL, CNT[PV]_CTL, CNT[PV]_TVAL: not visible from PL0 if
> -     * EL0[PV]TEN is zero.
> -     */
> -    if (cur_el == 0 &&
> -        !extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
> -        return CP_ACCESS_TRAP;
> -    }
> +    switch (cur_el) {
> +    case 0:
> +        if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
> +            /* If HCR_EL2.<E2H,TGE> == '11': check CNTHCTL_EL2.EL0[PV]TEN. */
> +            return (extract32(env->cp15.cnthctl_el2, 9 - timeridx, 1)
> +                    ? CP_ACCESS_OK : CP_ACCESS_TRAP_EL2);
> +        }
>  
> -    if (arm_feature(env, ARM_FEATURE_EL2) &&
> -        timeridx == GTIMER_PHYS && !secure && cur_el < 2 &&
> -        !extract32(env->cp15.cnthctl_el2, 1, 1)) {
> -        return CP_ACCESS_TRAP_EL2;
> +        /*
> +         * CNT[PV]_CVAL, CNT[PV]_CTL, CNT[PV]_TVAL: not visible from
> +         * EL0 if EL0[PV]TEN is zero.
> +         */
> +        if (!extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
> +            return CP_ACCESS_TRAP;
> +        }
> +        /* fall through */
> +
> +    case 1:
> +        if (arm_feature(env, ARM_FEATURE_EL2) &&
> +            timeridx == GTIMER_PHYS && !secure) {
> +            if (hcr & HCR_E2H) {
> +                /* If HCR_EL2.<E2H,TGE> == '10': check CNTHCTL_EL2.EL1PTEN. */
> +                if (!extract32(env->cp15.cnthctl_el2, 11, 1)) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            } else {
> +                /* If HCR_EL2.<E2H> == 0: check CNTHCTL_EL2.EL1PCEN. */
> +                if (!extract32(env->cp15.cnthctl_el2, 1, 1)) {
> +                    return CP_ACCESS_TRAP_EL2;
> +                }
> +            }
> +        }
> +        break;
>      }
>      return CP_ACCESS_OK;
>  }


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-03  2:29 ` [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque " Richard Henderson
@ 2019-12-04 18:58   ` Alex Bennée
  2019-12-04 19:47     ` Richard Henderson
  2019-12-06 15:53   ` Peter Maydell
  1 sibling, 1 reply; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 18:58 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> For ARMv8.1, op1 == 5 is reserved for EL2 aliases of
> EL1 and EL0 registers.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 023b8963cf..1812588fa1 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
>              mask = PL0_RW;
>              break;
>          case 4:
> +        case 5:
>              /* min_EL EL2 */
>              mask = PL2_RW;
>              break;
> -        case 5:
> -            /* unallocated encoding, so not possible */
> -            assert(false);
> -            break;

This change is fine - I don't think we should have asserted here anyway.
But don't we generate an unallocated exception if the CPU is v8.0?


>          case 6:
>              /* min_EL EL3 */
>              mask = PL3_RW;


-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-04 18:58   ` Alex Bennée
@ 2019-12-04 19:47     ` Richard Henderson
  2019-12-04 22:38       ` Alex Bennée
  0 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-04 19:47 UTC (permalink / raw)
  To: Alex Bennée; +Cc: peter.maydell, qemu-devel

On 12/4/19 10:58 AM, Alex Bennée wrote:
>> @@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
>>              mask = PL0_RW;
>>              break;
>>          case 4:
>> +        case 5:
>>              /* min_EL EL2 */
>>              mask = PL2_RW;
>>              break;
>> -        case 5:
>> -            /* unallocated encoding, so not possible */
>> -            assert(false);
>> -            break;
> 
> This change is fine - I don't think we should have asserted here anyway.
> But don't we generate an unallocated exception if the CPU is v8.0?

This change is only for validation of the system registers themselves.  It has
nothing to do with the usage of system registers from the actual guest.


r~



^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-04 19:47     ` Richard Henderson
@ 2019-12-04 22:38       ` Alex Bennée
  2019-12-05 15:09         ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Alex Bennée @ 2019-12-04 22:38 UTC (permalink / raw)
  To: Richard Henderson; +Cc: peter.maydell, qemu-devel


Richard Henderson <richard.henderson@linaro.org> writes:

> On 12/4/19 10:58 AM, Alex Bennée wrote:
>>> @@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
>>>              mask = PL0_RW;
>>>              break;
>>>          case 4:
>>> +        case 5:
>>>              /* min_EL EL2 */
>>>              mask = PL2_RW;
>>>              break;
>>> -        case 5:
>>> -            /* unallocated encoding, so not possible */
>>> -            assert(false);
>>> -            break;
>> 
>> This change is fine - I don't think we should have asserted here anyway.
>> But don't we generate an unallocated exception if the CPU is v8.0?
>
> This change is only for validation of the system registers themselves.  It has
> nothing to do with the usage of system registers from the actual guest.

So what is the mechanism that feeds back to the translator?
access_check_cp_reg only seems to care about XSCALE. I guess
cp_access_ok would trip if you weren't at EL2 but what if you are a v8.0
at EL2?

-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-04 22:38       ` Alex Bennée
@ 2019-12-05 15:09         ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-05 15:09 UTC (permalink / raw)
  To: Alex Bennée; +Cc: peter.maydell, qemu-devel

On 12/4/19 2:38 PM, Alex Bennée wrote:
> 
> Richard Henderson <richard.henderson@linaro.org> writes:
> 
>> On 12/4/19 10:58 AM, Alex Bennée wrote:
>>>> @@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
>>>>              mask = PL0_RW;
>>>>              break;
>>>>          case 4:
>>>> +        case 5:
>>>>              /* min_EL EL2 */
>>>>              mask = PL2_RW;
>>>>              break;
>>>> -        case 5:
>>>> -            /* unallocated encoding, so not possible */
>>>> -            assert(false);
>>>> -            break;
>>>
>>> This change is fine - I don't think we should have asserted here anyway.
>>> But don't we generate an unallocated exception if the CPU is v8.0?
>>
>> This change is only for validation of the system registers themselves.  It has
>> nothing to do with the usage of system registers from the actual guest.
> 
> So what is the mechanism that feeds back to the translator?

The existence of a structure in the hash table.

> access_check_cp_reg only seems to care about XSCALE. I guess
> cp_access_ok would trip if you weren't at EL2 but what if you are a v8.0
> at EL2?

This is sanity-checking the structure as it goes into the hash table.  The
version check happens when creating the structure -- we don't create registers
that exist only for v8+ if the cpu is a v7.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  2019-12-03  2:29 ` [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_* Richard Henderson
  2019-12-04 10:38   ` Alex Bennée
@ 2019-12-06 15:45   ` Peter Maydell
  2019-12-06 18:00     ` Richard Henderson
  1 sibling, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:45 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is part of a reorganization to the set of mmu_idx.
> This emphasizes that they apply to the EL1&0 regime.

It loses the important point that they are stage 1&2
translations rather than stage 1 or stage 2, though,
and also now they're out of line with the naming convention
that all the other indexes use :-(

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2
  2019-12-03  2:29 ` [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2 Richard Henderson
  2019-12-04 10:40   ` Alex Bennée
@ 2019-12-06 15:46   ` Peter Maydell
  2019-12-06 18:05     ` Richard Henderson
  1 sibling, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:46 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The EL1&0 regime is the only one that uses 2-stage translation.

...now what happens when we support secure EL2 and we need a
secure stage 2 MMUIdx ?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E*
  2019-12-03  2:29 ` [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E* Richard Henderson
  2019-12-04 11:00   ` Alex Bennée
@ 2019-12-06 15:47   ` Peter Maydell
  2019-12-06 18:20     ` Richard Henderson
  1 sibling, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:47 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is part of a reorganization to the set of mmu_idx.
> The EL1&0 regime is the only one that uses 2-stage translation.
> Spelling out Stage avoids confusion with Secure.

If you didn't delete the 'NS' from the name then it
wouldn't be confusing...

-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE*
  2019-12-03  2:29 ` [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE* Richard Henderson
  2019-12-04 11:01   ` Alex Bennée
@ 2019-12-06 15:47   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:47 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:29, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is part of a reorganization to the set of mmu_idx.
> The Secure regimes all have a single stage translation;
> there is no point in pointing out that the idx is for stage1.

...until we do support secure EL2, and then there might
be a stage 2 again.

-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque for VHE
  2019-12-03  2:29 ` [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque " Richard Henderson
  2019-12-04 18:58   ` Alex Bennée
@ 2019-12-06 15:53   ` Peter Maydell
  1 sibling, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:53 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> For ARMv8.1, op1 == 5 is reserved for EL2 aliases of
> EL1 and EL0 registers.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 023b8963cf..1812588fa1 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -7437,13 +7437,10 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
>              mask = PL0_RW;
>              break;
>          case 4:
> +        case 5:
>              /* min_EL EL2 */
>              mask = PL2_RW;
>              break;
> -        case 5:
> -            /* unallocated encoding, so not possible */
> -            assert(false);
> -            break;
>          case 6:
>              /* min_EL EL3 */
>              mask = PL3_RW;
> --

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt
  2019-12-03  2:29 ` [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt Richard Henderson
@ 2019-12-06 15:57   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:57 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The fall through organization of this function meant that we
> would raise an interrupt, then might overwrite that with another.
> Since interrupt prioritization is IMPLEMENTATION DEFINED, we
> can recognize these in any order we choose.
>
> Unify the code to raise the interrupt in a block at the end.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max
  2019-12-03  2:29 ` [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max Richard Henderson
@ 2019-12-06 15:57   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 15:57 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/cpu64.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
> index a39d6fcea3..009411813f 100644
> --- a/target/arm/cpu64.c
> +++ b/target/arm/cpu64.c
> @@ -670,6 +670,7 @@ static void aarch64_max_initfn(Object *obj)
>          t = cpu->isar.id_aa64mmfr1;
>          t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */
>          t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1);
> +        t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1);
>          cpu->isar.id_aa64mmfr1 = t;
>
>          /* Replicate the same data to the 32-bit id registers.  */
> --
> 2.17.1


Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 for VHE
  2019-12-03  2:29 ` [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 " Richard Henderson
@ 2019-12-06 16:03   ` Peter Maydell
  2019-12-06 18:51     ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 16:03 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> When VHE is enabled, we need to take the aa32-ness of EL0
> from PSTATE not HCR_EL2, which is controlling EL1.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index f2d18bd51a..f3785d5ad6 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -8887,14 +8887,19 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
>           * immediately lower than the target level is using AArch32 or AArch64
>           */
>          bool is_aa64;
> +        uint64_t hcr;
>
>          switch (new_el) {
>          case 3:
>              is_aa64 = (env->cp15.scr_el3 & SCR_RW) != 0;
>              break;
>          case 2:
> -            is_aa64 = (env->cp15.hcr_el2 & HCR_RW) != 0;
> -            break;
> +            hcr = arm_hcr_el2_eff(env);
> +            if ((hcr & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
> +                is_aa64 = (hcr & HCR_RW) != 0;
> +                break;
> +            }
> +            /* fall through */
>          case 1:
>              is_aa64 = is_a64(env);
>              break;
> --

The commit message is confusing me. Per the comment
in the code, what we're asking is "is the EL immediately
lower than the target level using AArch64?". We never
took the aa32ness of EL0 from HCR_EL2: that code is
looking at "what's the aa32ness of EL1", because in a non-VHE
setup EL1 is always the EL immediately lower than EL2.

So I *think* what the code is doing is:

 When VHE is enabled, the exception level below EL2 is
 not EL1, but EL0, and so to identify the entry vector
 offset for exceptions targeting EL2 we need to look
 at the width of EL0, not of EL1.

Is that right?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps
  2019-12-03  2:29 ` [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps Richard Henderson
@ 2019-12-06 16:08   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 16:08 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> From: Alex Bennée <alex.bennee@linaro.org>
>
> According to ARM ARM we should only trap from the EL1&0 regime.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/pauth_helper.c | 5 ++++-

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE
  2019-12-03  2:29 ` [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE Richard Henderson
@ 2019-12-06 16:46   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 16:46 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The EL2&0 translation regime is affected by Load Register (unpriv).
>
> The code structure used here will facilitate later changes in this
> area for implementing UAO and NV.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 32/40] target/arm: Update {fp, sve}_exception_el for VHE
  2019-12-03  2:29 ` [PATCH v4 32/40] target/arm: Update {fp,sve}_exception_el for VHE Richard Henderson
@ 2019-12-06 16:50   ` " Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 16:50 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> When TGE+E2H are both set, CPACR_EL1 is ignored.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE
  2019-12-03  2:29 ` [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE Richard Henderson
@ 2019-12-06 16:59   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 16:59 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The TGE bit routes all asynchronous exceptions to EL2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index b059d9f81a..e0b8c81c5f 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -8316,6 +8316,12 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
>          break;
>      };
>
> +    /*
> +     * For these purposes, TGE and AMO/IMO/FMO both force the
> +     * interrupt to EL2.  Fold TGE into the bit extracted above.
> +     */
> +    hcr |= (hcr_el2 & HCR_TGE) != 0;
> +

This only has an effect if HCR_EL2.E2H is 1, because if
E2H is 0 then arm_hcr_el2_eff() has already forced
the AMO/IMO/FMO bits to 1. But it seems to match the
way the Arm ARM phrases things in section D1.13.1 and
its accompanying tables.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime
  2019-12-03  2:29 ` [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime Richard Henderson
@ 2019-12-06 17:05   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 17:05 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Since we only support a single ASID, flush the tlb when it changes.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 9df55a8d6b..2a4d4c2c0d 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3740,6 +3740,15 @@ static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                      uint64_t value)
>  {
> +    /*
> +     * If we are running with E2&0 regime, then the ASID is active.
> +     * Flush if that changes.
> +     */
> +    if ((arm_hcr_el2_eff(env) & HCR_E2H) &&
> +        extract64(raw_read(env, ri) ^ value, 48, 16)) {
> +        tlb_flush_by_mmuidx(env_cpu(env),
> +                            ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0);
> +    }
>      raw_write(env, ri, value);
>  }

For the existing EL1 setup we have separate write functions
for TTBR registers and for TCR_EL1 (vmsa_tcr_el1_write()
and vmsa_ttbr_write()), rather than a single one, and they
don't do the same thing. Why do we use a single writefn
here? It looks particularly odd because we're actually looking
at the value written here.

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 translation regime
  2019-12-03  2:29 ` [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 " Richard Henderson
@ 2019-12-06 17:14   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 17:14 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 33 ++++++++++++++++++++++++++-------
>  1 file changed, 26 insertions(+), 7 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 2a4d4c2c0d..b059d9f81a 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -4123,8 +4123,12 @@ static CPAccessResult aa64_cacheop_access(CPUARMState *env,
>
>  static int vae1_tlbmask(CPUARMState *env)
>  {
> +    /* Since we exclude secure first, we may read HCR_EL2 directly. */
>      if (arm_is_secure_below_el3(env)) {
>          return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
> +    } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE))
> +               == (HCR_E2H | HCR_TGE)) {
> +        return ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0;
>      } else {
>          return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0;
>      }
> @@ -4158,9 +4162,14 @@ static int vmalle1_tlbmask(CPUARMState *env)
>       * Note that the 'ALL' scope must invalidate both stage 1 and
>       * stage 2 translations, whereas most other scopes only invalidate
>       * stage 1 translations.
> +     *
> +     * Since we exclude secure first, we may read HCR_EL2 directly.
>       */
>      if (arm_is_secure_below_el3(env)) {
>          return ARMMMUIdxBit_SE1 | ARMMMUIdxBit_SE0;
> +    } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE))
> +               == (HCR_E2H | HCR_TGE)) {
> +        return ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_EL20_0;
>      } else if (arm_feature(env, ARM_FEATURE_EL2)) {
>          return ARMMMUIdxBit_EL10_1 | ARMMMUIdxBit_EL10_0 | ARMMMUIdxBit_Stage2;
>      } else {
> @@ -4177,13 +4186,22 @@ static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      tlb_flush_by_mmuidx(cs, mask);
>  }
>
> +static int vae2_tlbmask(CPUARMState *env)
> +{
> +    if (arm_hcr_el2_eff(env) & HCR_E2H) {
> +        return ARMMMUIdxBit_EL20_0 | ARMMMUIdxBit_EL20_2;
> +    } else {
> +        return ARMMMUIdxBit_E2;
> +    }
> +}
> +
>  static void tlbi_aa64_alle2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                    uint64_t value)
>  {
> -    ARMCPU *cpu = env_archcpu(env);
> -    CPUState *cs = CPU(cpu);
> +    CPUState *cs = env_cpu(env);
> +    int mask = vae2_tlbmask(env);

Why do we use the 'v' mask function for a non 'v' TLB op?

>
> -    tlb_flush_by_mmuidx(cs, ARMMMUIdxBit_E2);
> +    tlb_flush_by_mmuidx(cs, mask);

The spec fror TLBI ALLE2 doesn't say it depends on
what the E2H setting is. It says it flushes all entries
for either NS EL2 or NS EL2&0 translation regimes.
Wouldn't that be
ARMMMUIdxBit_EL20_0 | ARMMMUIdxBit_EL20_2 | ARMMMUIdxBit_E2
?

Contrast TLBI VAE2, which does say that the entries it
flushes depend on the current setting of HCR_EL2.E2H.

>  }


thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing
  2019-12-03  2:29 ` [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing Richard Henderson
@ 2019-12-06 17:24   ` Peter Maydell
  2019-12-06 18:36     ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 17:24 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Several of the EL1/0 registers are redirected to the EL2 version when in
> EL2 and HCR_EL2.E2H is set.  Many of these registers have side effects.
> Link together the two ARMCPRegInfo structures after they have been
> properly instantiated.  Install common dispatch routines to all of the
> relevant registers.
>
> The same set of registers that are redirected also have additional
> EL12/EL02 aliases created to access the original register that was
> redirected.
>
> Omit the generic timer registers from redirection here, because we'll
> need multiple kinds of redirection from both EL0 and EL2.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/cpu.h    |  44 ++++++++----
>  target/arm/helper.c | 162 ++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 193 insertions(+), 13 deletions(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4bd1bf915c..bb5a72520e 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2488,19 +2488,6 @@ struct ARMCPRegInfo {
>       */
>      ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
>
> -    /* Offsets of the secure and non-secure fields in CPUARMState for the
> -     * register if it is banked.  These fields are only used during the static
> -     * registration of a register.  During hashing the bank associated
> -     * with a given security state is copied to fieldoffset which is used from
> -     * there on out.
> -     *
> -     * It is expected that register definitions use either fieldoffset or
> -     * bank_fieldoffsets in the definition but not both.  It is also expected
> -     * that both bank offsets are set when defining a banked register.  This
> -     * use indicates that a register is banked.
> -     */
> -    ptrdiff_t bank_fieldoffsets[2];
> -
>      /* Function for making any access checks for this register in addition to
>       * those specified by the 'access' permissions bits. If NULL, no extra
>       * checks required. The access check is performed at runtime, not at
> @@ -2535,6 +2522,37 @@ struct ARMCPRegInfo {
>       * fieldoffset is 0 then no reset will be done.
>       */
>      CPResetFn *resetfn;
> +
> +    union {
> +        /*
> +         * Offsets of the secure and non-secure fields in CPUARMState for
> +         * the register if it is banked.  These fields are only used during
> +         * the static registration of a register.  During hashing the bank
> +         * associated with a given security state is copied to fieldoffset
> +         * which is used from there on out.
> +         *
> +         * It is expected that register definitions use either fieldoffset
> +         * or bank_fieldoffsets in the definition but not both.  It is also
> +         * expected that both bank offsets are set when defining a banked
> +         * register.  This use indicates that a register is banked.
> +         */
> +        ptrdiff_t bank_fieldoffsets[2];
> +
> +        /*
> +         * "Original" writefn and readfn.
> +         * For ARMv8.1-VHE register aliases, we overwrite the read/write
> +         * accessor functions of various EL1/EL0 to perform the runtime
> +         * check for which sysreg should actually be modified, and then
> +         * forwards the operation.  Before overwriting the accessors,
> +         * the original function is copied here, so that accesses that
> +         * really do go to the EL1/EL0 version proceed normally.
> +         * (The corresponding EL2 register is linked via opaque.)
> +         */
> +        struct {
> +            CPReadFn *orig_readfn;
> +            CPWriteFn *orig_writefn;
> +        };

Does this really need to be a union ? It's not clear to me
why we know the two halves of it are never used at the same time.

> +    };
>  };
>
>  /* Macros which are lvalues for the field in CPUARMState for the
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 1812588fa1..0baf188078 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -5306,6 +5306,158 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
>      REGINFO_SENTINEL
>  };
>
> +#ifndef CONFIG_USER_ONLY
> +/* Test if system register redirection is to occur in the current state.  */
> +static bool redirect_for_e2h(CPUARMState *env)
> +{
> +    return arm_current_el(env) == 2 && (arm_hcr_el2_eff(env) & HCR_E2H);
> +}
> +
> +static uint64_t el2_e2h_read(CPUARMState *env, const ARMCPRegInfo *ri)
> +{
> +    CPReadFn *readfn;
> +
> +    if (redirect_for_e2h(env)) {
> +        /* Switch to the saved EL2 version of the register.  */
> +        ri = ri->opaque;
> +        readfn = ri->readfn;
> +    } else {
> +        readfn = ri->orig_readfn;
> +    }
> +    if (readfn == NULL) {
> +        readfn = raw_read;
> +    }
> +    return readfn(env, ri);
> +}
> +
> +static void el2_e2h_write(CPUARMState *env, const ARMCPRegInfo *ri,
> +                          uint64_t value)
> +{
> +    CPWriteFn *writefn;
> +
> +    if (redirect_for_e2h(env)) {
> +        /* Switch to the saved EL2 version of the register.  */
> +        ri = ri->opaque;
> +        writefn = ri->writefn;
> +    } else {
> +        writefn = ri->orig_writefn;
> +    }
> +    if (writefn == NULL) {
> +        writefn = raw_write;
> +    }
> +    writefn(env, ri, value);
> +}

I see how this works when we have a readfn or writefn,
but how does the redirection work where the access
goes directly via .fieldoffset ?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 28/40] target/arm: Add VHE timer register redirection and aliasing
  2019-12-03  2:29 ` [PATCH v4 28/40] target/arm: Add VHE timer " Richard Henderson
@ 2019-12-06 17:33   ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 17:33 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Tue, 3 Dec 2019 at 02:30, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Apart from the wholesale redirection that HCR_EL2.E2H performs
> for EL2, there's a separate redirection specific to the timers
> that happens for EL0 when running in the EL2&0 regime.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  target/arm/helper.c | 191 +++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 179 insertions(+), 12 deletions(-)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  2019-12-06 15:45   ` Peter Maydell
@ 2019-12-06 18:00     ` Richard Henderson
  2019-12-06 18:01       ` Peter Maydell
  0 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:00 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 7:45 AM, Peter Maydell wrote:
> On Tue, 3 Dec 2019 at 02:29, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> This is part of a reorganization to the set of mmu_idx.
>> This emphasizes that they apply to the EL1&0 regime.
> 
> It loses the important point that they are stage 1&2
> translations rather than stage 1 or stage 2, though,
> and also now they're out of line with the naming convention
> that all the other indexes use :-(

It won't be out of line once all of the other renamings are done.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_*
  2019-12-06 18:00     ` Richard Henderson
@ 2019-12-06 18:01       ` Peter Maydell
  0 siblings, 0 replies; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 18:01 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Fri, 6 Dec 2019 at 18:00, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 12/6/19 7:45 AM, Peter Maydell wrote:
> > On Tue, 3 Dec 2019 at 02:29, Richard Henderson
> > <richard.henderson@linaro.org> wrote:
> >>
> >> This is part of a reorganization to the set of mmu_idx.
> >> This emphasizes that they apply to the EL1&0 regime.
> >
> > It loses the important point that they are stage 1&2
> > translations rather than stage 1 or stage 2, though,
> > and also now they're out of line with the naming convention
> > that all the other indexes use :-(
>
> It won't be out of line once all of the other renamings are done.

I think it might be easier to review if I could see
the intended final set of names in one place (eg in
the commit message to this patch), rather than getting
them a bit at a time (though that is definitely the right
way to structure the code changes themselves).

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2
  2019-12-06 15:46   ` Peter Maydell
@ 2019-12-06 18:05     ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:05 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 7:46 AM, Peter Maydell wrote:
> On Tue, 3 Dec 2019 at 02:29, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> The EL1&0 regime is the only one that uses 2-stage translation.
> 
> ...now what happens when we support secure EL2 and we need a
> secure stage 2 MMUIdx ?

ARMMMUIdx_SStage2?

Or probably some other massive rearrangement, because SecEL2 looks as if it
might need 4 new mmu_idx (secure el2&0-el0, secure el2&0-el2, secure
el2&0-el2-pan, secure stage2), which would put the total at 18, which overflows
the current limit of 16.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E*
  2019-12-06 15:47   ` Peter Maydell
@ 2019-12-06 18:20     ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:20 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 7:47 AM, Peter Maydell wrote:
> On Tue, 3 Dec 2019 at 02:29, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> This is part of a reorganization to the set of mmu_idx.
>> The EL1&0 regime is the only one that uses 2-stage translation.
>> Spelling out Stage avoids confusion with Secure.
> 
> If you didn't delete the 'NS' from the name then it
> wouldn't be confusing...

It is not obvious to my eye how to break up S1NSE0 -- 'NS' is buried in the
middle.  It might be different if these names were architectural, as if the AT
names, but they're not.

I think it is clearer to reserve 'S' for 'Secure', and use it consistently.
E.g. not the current "S1E3" (stage 1 e3), but "SE3" (secure e3).

I think it is clearer to simply document that, unless "Stage" is present in the
name, the tlb contains the complete translation.  This makes "S12" redundant
off of "NSE0", and "S1" off of "E3".

We'll still need a renaming of with SecEL2, since "SE0" is no longer complete;
we will need to specify "Secure EL1&0" vs "Secure EL2&0".  Thus perhaps
"SEL10_0" to match the "EL10_0" name that I'm using in this series.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing
  2019-12-06 17:24   ` Peter Maydell
@ 2019-12-06 18:36     ` Richard Henderson
  2019-12-06 18:41       ` Peter Maydell
  0 siblings, 1 reply; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:36 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 9:24 AM, Peter Maydell wrote:
>> +    union {
>> +        /*
>> +         * Offsets of the secure and non-secure fields in CPUARMState for
>> +         * the register if it is banked.  These fields are only used during
>> +         * the static registration of a register.  During hashing the bank
>> +         * associated with a given security state is copied to fieldoffset
>> +         * which is used from there on out.
>> +         *
>> +         * It is expected that register definitions use either fieldoffset
>> +         * or bank_fieldoffsets in the definition but not both.  It is also
>> +         * expected that both bank offsets are set when defining a banked
>> +         * register.  This use indicates that a register is banked.
>> +         */
>> +        ptrdiff_t bank_fieldoffsets[2];
>> +
>> +        /*
>> +         * "Original" writefn and readfn.
>> +         * For ARMv8.1-VHE register aliases, we overwrite the read/write
>> +         * accessor functions of various EL1/EL0 to perform the runtime
>> +         * check for which sysreg should actually be modified, and then
>> +         * forwards the operation.  Before overwriting the accessors,
>> +         * the original function is copied here, so that accesses that
>> +         * really do go to the EL1/EL0 version proceed normally.
>> +         * (The corresponding EL2 register is linked via opaque.)
>> +         */
>> +        struct {
>> +            CPReadFn *orig_readfn;
>> +            CPWriteFn *orig_writefn;
>> +        };
> 
> Does this really need to be a union ? It's not clear to me
> why we know the two halves of it are never used at the same time.

We don't really need to use a union.  I should probably change that.  I think
AJB had the same question vs one of the previous revisions.

We know they're not used at the same time because bank_fieldoffsets is only
used *before* the structure is duplicated and added into the hash table
(overwriting .fieldoffset depending on the bank as they are duplicated), and
orig_{read,write}fn are only used *after* the structure has been added to the
hash table.

>> +static void el2_e2h_write(CPUARMState *env, const ARMCPRegInfo *ri,
>> +                          uint64_t value)
>> +{
>> +    CPWriteFn *writefn;
>> +
>> +    if (redirect_for_e2h(env)) {
>> +        /* Switch to the saved EL2 version of the register.  */
>> +        ri = ri->opaque;
>> +        writefn = ri->writefn;
>> +    } else {
>> +        writefn = ri->orig_writefn;
>> +    }
>> +    if (writefn == NULL) {
>> +        writefn = raw_write;
>> +    }
>> +    writefn(env, ri, value);
>> +}
> 
> I see how this works when we have a readfn or writefn,
> but how does the redirection work where the access
> goes directly via .fieldoffset ?

When there is no .writefn, we use raw_write, which uses fieldoffset.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing
  2019-12-06 18:36     ` Richard Henderson
@ 2019-12-06 18:41       ` Peter Maydell
  2019-12-06 18:53         ` Richard Henderson
  0 siblings, 1 reply; 94+ messages in thread
From: Peter Maydell @ 2019-12-06 18:41 UTC (permalink / raw)
  To: Richard Henderson; +Cc: Alex Bennée, QEMU Developers

On Fri, 6 Dec 2019 at 18:36, Richard Henderson
<richard.henderson@linaro.org> wrote:

> >> +static void el2_e2h_write(CPUARMState *env, const ARMCPRegInfo *ri,
> >> +                          uint64_t value)
> >> +{
> >> +    CPWriteFn *writefn;
> >> +
> >> +    if (redirect_for_e2h(env)) {
> >> +        /* Switch to the saved EL2 version of the register.  */
> >> +        ri = ri->opaque;
> >> +        writefn = ri->writefn;
> >> +    } else {
> >> +        writefn = ri->orig_writefn;
> >> +    }
> >> +    if (writefn == NULL) {
> >> +        writefn = raw_write;
> >> +    }
> >> +    writefn(env, ri, value);
> >> +}
> >
> > I see how this works when we have a readfn or writefn,
> > but how does the redirection work where the access
> > goes directly via .fieldoffset ?
>
> When there is no .writefn, we use raw_write, which uses fieldoffset.

Yes, that's what I mean. There's no 'if redirect then this
fieldoffset else that fieldoffset' codepath, so how does
it update the right field?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 for VHE
  2019-12-06 16:03   ` Peter Maydell
@ 2019-12-06 18:51     ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:51 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 8:03 AM, Peter Maydell wrote:
> So I *think* what the code is doing is:
> 
>  When VHE is enabled, the exception level below EL2 is
>  not EL1, but EL0, and so to identify the entry vector
>  offset for exceptions targeting EL2 we need to look
>  at the width of EL0, not of EL1.
> 
> Is that right?

Correct.  Much better wording, thanks.  Will update.


r~


^ permalink raw reply	[flat|nested] 94+ messages in thread

* Re: [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing
  2019-12-06 18:41       ` Peter Maydell
@ 2019-12-06 18:53         ` Richard Henderson
  0 siblings, 0 replies; 94+ messages in thread
From: Richard Henderson @ 2019-12-06 18:53 UTC (permalink / raw)
  To: Peter Maydell; +Cc: Alex Bennée, QEMU Developers

On 12/6/19 10:41 AM, Peter Maydell wrote:
> On Fri, 6 Dec 2019 at 18:36, Richard Henderson
> <richard.henderson@linaro.org> wrote:
> 
>>>> +static void el2_e2h_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>>> +                          uint64_t value)
>>>> +{
>>>> +    CPWriteFn *writefn;
>>>> +
>>>> +    if (redirect_for_e2h(env)) {
>>>> +        /* Switch to the saved EL2 version of the register.  */
>>>> +        ri = ri->opaque;
>>>> +        writefn = ri->writefn;
>>>> +    } else {
>>>> +        writefn = ri->orig_writefn;
>>>> +    }
>>>> +    if (writefn == NULL) {
>>>> +        writefn = raw_write;
>>>> +    }
>>>> +    writefn(env, ri, value);
>>>> +}
>>>
>>> I see how this works when we have a readfn or writefn,
>>> but how does the redirection work where the access
>>> goes directly via .fieldoffset ?
>>
>> When there is no .writefn, we use raw_write, which uses fieldoffset.
> 
> Yes, that's what I mean. There's no 'if redirect then this
> fieldoffset else that fieldoffset' codepath, so how does
> it update the right field?

Oh, for the redirected system registers, there will *always* be a .writefn --
el2_e2h_write.  What there will not necessarily be is a .orig_writefn -- in
which case we'll use raw_write.


r~



^ permalink raw reply	[flat|nested] 94+ messages in thread

end of thread, back to index

Thread overview: 94+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-03  2:28 [PATCH v4 00/40] target/arm: Implement ARMv8.1-VHE Richard Henderson
2019-12-03  2:28 ` [PATCH v4 01/40] target/arm: Define isar_feature_aa64_vh Richard Henderson
2019-12-03  2:28 ` [PATCH v4 02/40] target/arm: Enable HCR_E2H for VHE Richard Henderson
2019-12-03  2:29 ` [PATCH v4 03/40] target/arm: Add CONTEXTIDR_EL2 Richard Henderson
2019-12-03  2:29 ` [PATCH v4 04/40] target/arm: Add TTBR1_EL2 Richard Henderson
2019-12-03  2:29 ` [PATCH v4 05/40] target/arm: Update CNTVCT_EL0 for VHE Richard Henderson
2019-12-03  2:29 ` [PATCH v4 06/40] target/arm: Split out vae1_tlbmask, vmalle1_tlbmask Richard Henderson
2019-12-03  6:25   ` Philippe Mathieu-Daudé
2019-12-03 22:01     ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 07/40] target/arm: Simplify tlb_force_broadcast alternatives Richard Henderson
2019-12-03  2:29 ` [PATCH v4 08/40] target/arm: Rename ARMMMUIdx*_S12NSE* to ARMMMUIdx*_E10_* Richard Henderson
2019-12-04 10:38   ` Alex Bennée
2019-12-06 15:45   ` Peter Maydell
2019-12-06 18:00     ` Richard Henderson
2019-12-06 18:01       ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 09/40] target/arm: Rename ARMMMUIdx_S2NS to ARMMMUIdx_Stage2 Richard Henderson
2019-12-04 10:40   ` Alex Bennée
2019-12-06 15:46   ` Peter Maydell
2019-12-06 18:05     ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 10/40] target/arm: Rename ARMMMUIdx_S1NSE* to ARMMMUIdx_Stage1_E* Richard Henderson
2019-12-04 11:00   ` Alex Bennée
2019-12-06 15:47   ` Peter Maydell
2019-12-06 18:20     ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 11/40] target/arm: Rename ARMMMUIdx_S1SE* to ARMMMUIdx_SE* Richard Henderson
2019-12-04 11:01   ` Alex Bennée
2019-12-06 15:47   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 12/40] target/arm: Rename ARMMMUIdx*_S1E3 to ARMMMUIdx*_SE3 Richard Henderson
2019-12-04 11:02   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 13/40] target/arm: Rename ARMMMUIdx_S1E2 to ARMMMUIdx_E2 Richard Henderson
2019-12-04 11:03   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 14/40] target/arm: Recover 4 bits from TBFLAGs Richard Henderson
2019-12-04 11:43   ` Alex Bennée
2019-12-04 14:27     ` Richard Henderson
2019-12-04 15:53       ` Alex Bennée
2019-12-04 16:19         ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 15/40] target/arm: Expand TBFLAG_ANY.MMUIDX to 4 bits Richard Henderson
2019-12-04 11:48   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 16/40] target/arm: Rearrange ARMMMUIdxBit Richard Henderson
2019-12-04 11:56   ` Alex Bennée
2019-12-04 16:01   ` Philippe Mathieu-Daudé
2019-12-03  2:29 ` [PATCH v4 17/40] target/arm: Tidy ARMMMUIdx m-profile definitions Richard Henderson
2019-12-03  6:27   ` Philippe Mathieu-Daudé
2019-12-03  2:29 ` [PATCH v4 18/40] target/arm: Reorganize ARMMMUIdx Richard Henderson
2019-12-04 13:44   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 19/40] target/arm: Add regime_has_2_ranges Richard Henderson
2019-12-04 14:16   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 20/40] target/arm: Update arm_mmu_idx for VHE Richard Henderson
2019-12-04 14:37   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 21/40] target/arm: Update arm_sctlr " Richard Henderson
2019-12-03  2:29 ` [PATCH v4 22/40] target/arm: Update aa64_zva_access for EL2 Richard Henderson
2019-12-04 15:01   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 23/40] target/arm: Update ctr_el0_access " Richard Henderson
2019-12-04 16:11   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 24/40] target/arm: Add the hypervisor virtual counter Richard Henderson
2019-12-03  2:29 ` [PATCH v4 25/40] target/arm: Update timer access for VHE Richard Henderson
2019-12-04 18:35   ` Alex Bennée
2019-12-03  2:29 ` [PATCH v4 26/40] target/arm: Update define_one_arm_cp_reg_with_opaque " Richard Henderson
2019-12-04 18:58   ` Alex Bennée
2019-12-04 19:47     ` Richard Henderson
2019-12-04 22:38       ` Alex Bennée
2019-12-05 15:09         ` Richard Henderson
2019-12-06 15:53   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 27/40] target/arm: Add VHE system register redirection and aliasing Richard Henderson
2019-12-06 17:24   ` Peter Maydell
2019-12-06 18:36     ` Richard Henderson
2019-12-06 18:41       ` Peter Maydell
2019-12-06 18:53         ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 28/40] target/arm: Add VHE timer " Richard Henderson
2019-12-06 17:33   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 29/40] target/arm: Flush tlb for ASID changes in EL2&0 translation regime Richard Henderson
2019-12-06 17:05   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 30/40] target/arm: Flush tlbs for E2&0 " Richard Henderson
2019-12-06 17:14   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 31/40] target/arm: Update arm_phys_excp_target_el for TGE Richard Henderson
2019-12-06 16:59   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 32/40] target/arm: Update {fp,sve}_exception_el for VHE Richard Henderson
2019-12-06 16:50   ` [PATCH v4 32/40] target/arm: Update {fp, sve}_exception_el " Peter Maydell
2019-12-03  2:29 ` [PATCH v4 33/40] target/arm: check TGE and E2H flags for EL0 pauth traps Richard Henderson
2019-12-06 16:08   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 34/40] target/arm: Update get_a64_user_mem_index for VHE Richard Henderson
2019-12-06 16:46   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 35/40] target/arm: Update arm_cpu_do_interrupt_aarch64 " Richard Henderson
2019-12-06 16:03   ` Peter Maydell
2019-12-06 18:51     ` Richard Henderson
2019-12-03  2:29 ` [PATCH v4 36/40] target/arm: Enable ARMv8.1-VHE in -cpu max Richard Henderson
2019-12-06 15:57   ` Peter Maydell
2019-12-03  2:29 ` [PATCH v4 37/40] target/arm: Move arm_excp_unmasked to cpu.c Richard Henderson
2019-12-03  6:28   ` Philippe Mathieu-Daudé
2019-12-03  2:29 ` [PATCH v4 38/40] target/arm: Pass more cpu state to arm_excp_unmasked Richard Henderson
2019-12-03  6:29   ` Philippe Mathieu-Daudé
2019-12-03  2:29 ` [PATCH v4 39/40] target/arm: Use bool for unmasked in arm_excp_unmasked Richard Henderson
2019-12-03  6:30   ` Philippe Mathieu-Daudé
2019-12-03  2:29 ` [PATCH v4 40/40] target/arm: Raise only one interrupt in arm_cpu_exec_interrupt Richard Henderson
2019-12-06 15:57   ` Peter Maydell

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
		qemu-devel@nongnu.org
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.nongnu.qemu-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git