target/arm: Enforce access to ZCR_EL at translation

This also makes sure that we get the correct ordering of SVE vs FP exceptions. Backports commit 490aa7f13a2ad31f92205879c4dc2387b602ef14 from qemu
2024-12-23 18:15:30 +00:00 · 2018-03-08 09:16:29 -05:00 · 2018-03-08 09:16:29 -05:00 · 07b928eca4
parent c095dc9e83
commit 07b928eca4
4 changed files with 31 additions and 22 deletions
--- a/qemu/target/arm/cpu.h
+++ b/qemu/target/arm/cpu.h
@ -1716,10 +1716,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_DC_ZVA            (ARM_CP_SPECIAL | 0x0500)
 #define ARM_LAST_SPECIAL         ARM_CP_DC_ZVA
 #define ARM_CP_FPU               0x1000
+#define ARM_CP_SVE               0x2000
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL          0xffff
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK         0x10ff
+#define ARM_CP_FLAG_MASK         0x30ff

 /* Valid values for ARMCPRegInfo state field, indicating which of
 * the AArch32 and AArch64 execution states this register is visible in.
--- a/qemu/target/arm/helper.c
+++ b/qemu/target/arm/helper.c
@ -3814,20 +3814,6 @@ static int sve_exception_el(CPUARMState *env)
    return 0;
 }

-static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,
-                                 bool isread)
-{
-    switch (sve_exception_el(env)) {
-    case 3:
-        return CP_ACCESS_TRAP_EL3;
-    case 2:
-        return CP_ACCESS_TRAP_EL2;
-    case 1:
-        return CP_ACCESS_TRAP;
-    }
-    return CP_ACCESS_OK;
-}
-
 static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                      uint64_t value)
 {
@ -3836,27 +3822,27 @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 }

 static const ARMCPRegInfo zcr_el1_reginfo = {
-    "ZCR_EL1", 0,1,2, 3,0,0, ARM_CP_STATE_AA64, 0,
+    "ZCR_EL1", 0,1,2, 3,0,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
    PL1_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[1]), {0, 0},
-    zcr_access, NULL, zcr_write, NULL, raw_write
+    NULL, NULL, zcr_write, NULL, raw_write
 };

 static const ARMCPRegInfo zcr_el2_reginfo = {
-    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, 0,
+    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
    PL2_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[2]), {0, 0},
-    zcr_access, NULL, zcr_write, NULL, raw_write
+    NULL, NULL, zcr_write, NULL, raw_write
 };

 static const ARMCPRegInfo zcr_no_el2_reginfo = {
-    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, 0,
+    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
    PL2_RW, 0, NULL, 0, 0, {0, 0},
    NULL, arm_cp_read_zero, arm_cp_write_ignore
 };

 static const ARMCPRegInfo zcr_el3_reginfo = {
-    "ZCR_EL3", 0,1,2, 3,6,0, ARM_CP_STATE_AA64, 0,
+    "ZCR_EL3", 0,1,2, 3,6,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
    PL3_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[3]), {0, 0},
-    zcr_access, NULL, zcr_write, NULL, raw_write
+    NULL, NULL, zcr_write, NULL, raw_write
 };

 void hw_watchpoint_update(ARMCPU *cpu, int n)
--- a/qemu/target/arm/internals.h
+++ b/qemu/target/arm/internals.h
@ -245,6 +245,7 @@ enum arm_exception_class {
    EC_AA64_HVC               = 0x16,
    EC_AA64_SMC               = 0x17,
    EC_SYSTEMREGISTERTRAP     = 0x18,
+    EC_SVEACCESSTRAP          = 0x19,
    EC_INSNABORT              = 0x20,
    EC_INSNABORT_SAME_EL      = 0x21,
    EC_PCALIGNMENT            = 0x22,
@ -383,6 +384,11 @@ static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)
        | (cv << 24) | (cond << 20);
 }

+static inline uint32_t syn_sve_access_trap(void)
+{
+    return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
+}
+
 static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
 {
    return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
--- a/qemu/target/arm/translate-a64.c
+++ b/qemu/target/arm/translate-a64.c
@ -1238,6 +1238,19 @@ static inline bool fp_access_check(DisasContext *s)
    return false;
 }

+/* Check that SVE access is enabled.  If it is, return true.
+ * If not, emit code to generate an appropriate exception and return false.
+ */
+static inline bool sve_access_check(DisasContext *s)
+{
+    if (s->sve_excp_el) {
+        gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),
+                           s->sve_excp_el);
+        return false;
+    }
+    return true;
+}
+
 /*
 * This utility function is for doing register extension with an
 * optional shift. You will likely want to pass a temporary for the
@ -1690,6 +1703,9 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
    default:
        break;
    }
+    if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
+        return;
+    }
    if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
        return;
    }