target-arm: Implement MDCR_EL3.TDOSA and MDCR_EL2.TDOSA traps

Implement the traps to EL2 and EL3 controlled by the bits MDCR_EL2.TDOSA MDCR_EL3.TDOSA. These can configurably trap accesses to the "powerdown debug" registers. Backports commit 187f678d5c28251dba2b44127e59966b14518ef7 from qemu
2025-03-23 06:25:12 +00:00 · 2018-02-20 14:52:46 -05:00 · 2018-02-20 14:52:46 -05:00 · 537ff96e34
parent 871dee4908
commit 537ff96e34
2 changed files with 35 additions and 3 deletions
--- a/qemu/target-arm/cpu.h
+++ b/qemu/target-arm/cpu.h
@ -600,6 +600,18 @@ void pmccntr_sync(CPUARMState *env);
 #define CPTR_TTA      (1U << 20)
 #define CPTR_TFP      (1U << 10)

+#define MDCR_EPMAD    (1U << 21)
+#define MDCR_EDAD     (1U << 20)
+#define MDCR_SPME     (1U << 17)
+#define MDCR_SDD      (1U << 16)
+#define MDCR_TDRA     (1U << 11)
+#define MDCR_TDOSA    (1U << 10)
+#define MDCR_TDA      (1U << 9)
+#define MDCR_TDE      (1U << 8)
+#define MDCR_HPME     (1U << 7)
+#define MDCR_TPM      (1U << 6)
+#define MDCR_TPMCR    (1U << 5)
+
 #define CPSR_M (0x1fU)
 #define CPSR_T (1U << 5)
 #define CPSR_F (1U << 6)
--- a/qemu/target-arm/helper.c
+++ b/qemu/target-arm/helper.c
@ -292,6 +292,24 @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env,
    return CP_ACCESS_TRAP_UNCATEGORIZED;
 }

+/* Check for traps to "powerdown debug" registers, which are controlled
+ * by MDCR.TDOSA
+ */
+static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
+                                   bool isread)
+{
+    int el = arm_current_el(env);
+
+    if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TDOSA)
+        && !arm_is_secure_below_el3(env)) {
+        return CP_ACCESS_TRAP_EL2;
+    }
+    if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
+        return CP_ACCESS_TRAP_EL3;
+    }
+    return CP_ACCESS_OK;
+}
+
 static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
 {
    ARMCPU *cpu = arm_env_get_cpu(env);
@ -3263,12 +3281,14 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
      NULL, NULL, NULL, NULL, NULL, NULL },
    { "OSLAR_EL1", 14,1,0, 2,0,4, ARM_CP_STATE_BOTH, ARM_CP_NO_RAW,
      PL1_W, 0, NULL, 0, 0, {0, 0},
-      NULL, NULL, oslar_write },
+      access_tdosa, NULL, oslar_write },
    { "OSLSR_EL1", 14,1,1, 2,0,4, ARM_CP_STATE_BOTH, 0,
-      PL1_R, 0, NULL, 10, offsetof(CPUARMState, cp15.oslsr_el1) },
+      PL1_R, 0, NULL, 10, offsetof(CPUARMState, cp15.oslsr_el1), {0, 0},
+      access_tdosa },
    /* Dummy OSDLR_EL1: 32-bit Linux will read this */
    { "OSDLR_EL1", 14,1,3, 2,0,4, ARM_CP_STATE_BOTH,
-      ARM_CP_NOP, PL1_RW, },
+      ARM_CP_NOP, PL1_RW, 0, NULL, 0, 0, {0, 0},
+      access_tdosa },
    /* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
     * implement vector catch debug events yet.
     */