From 537ff96e347a4753a3ff9f1a20024d58a8426dc3 Mon Sep 17 00:00:00 2001
From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue, 20 Feb 2018 14:52:46 -0500
Subject: [PATCH] target-arm: Implement MDCR_EL3.TDOSA and MDCR_EL2.TDOSA traps

Implement the traps to EL2 and EL3 controlled by the bits
MDCR_EL2.TDOSA MDCR_EL3.TDOSA. These can configurably trap
accesses to the "powerdown debug" registers.

Backports commit 187f678d5c28251dba2b44127e59966b14518ef7 from qemu
---
 qemu/target-arm/cpu.h    | 12 ++++++++++++
 qemu/target-arm/helper.c | 26 +++++++++++++++++++++++---
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/qemu/target-arm/cpu.h b/qemu/target-arm/cpu.h
index c4a369a0..29358b00 100644
--- a/qemu/target-arm/cpu.h
+++ b/qemu/target-arm/cpu.h
@@ -600,6 +600,18 @@ void pmccntr_sync(CPUARMState *env);
 #define CPTR_TTA      (1U << 20)
 #define CPTR_TFP      (1U << 10)
 
+#define MDCR_EPMAD    (1U << 21)
+#define MDCR_EDAD     (1U << 20)
+#define MDCR_SPME     (1U << 17)
+#define MDCR_SDD      (1U << 16)
+#define MDCR_TDRA     (1U << 11)
+#define MDCR_TDOSA    (1U << 10)
+#define MDCR_TDA      (1U << 9)
+#define MDCR_TDE      (1U << 8)
+#define MDCR_HPME     (1U << 7)
+#define MDCR_TPM      (1U << 6)
+#define MDCR_TPMCR    (1U << 5)
+
 #define CPSR_M (0x1fU)
 #define CPSR_T (1U << 5)
 #define CPSR_F (1U << 6)
diff --git a/qemu/target-arm/helper.c b/qemu/target-arm/helper.c
index 0dbfc171..9ade9d74 100644
--- a/qemu/target-arm/helper.c
+++ b/qemu/target-arm/helper.c
@@ -292,6 +292,24 @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env,
     return CP_ACCESS_TRAP_UNCATEGORIZED;
 }
 
+/* Check for traps to "powerdown debug" registers, which are controlled
+ * by MDCR.TDOSA
+ */
+static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
+                                   bool isread)
+{
+    int el = arm_current_el(env);
+
+    if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TDOSA)
+        && !arm_is_secure_below_el3(env)) {
+        return CP_ACCESS_TRAP_EL2;
+    }
+    if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
+        return CP_ACCESS_TRAP_EL3;
+    }
+    return CP_ACCESS_OK;
+}
+
 static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
 {
     ARMCPU *cpu = arm_env_get_cpu(env);
@@ -3263,12 +3281,14 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
       NULL, NULL, NULL, NULL, NULL, NULL },
     { "OSLAR_EL1", 14,1,0, 2,0,4, ARM_CP_STATE_BOTH, ARM_CP_NO_RAW,
       PL1_W, 0, NULL, 0, 0, {0, 0},
-      NULL, NULL, oslar_write },
+      access_tdosa, NULL, oslar_write },
     { "OSLSR_EL1", 14,1,1, 2,0,4, ARM_CP_STATE_BOTH, 0,
-      PL1_R, 0, NULL, 10, offsetof(CPUARMState, cp15.oslsr_el1) },
+      PL1_R, 0, NULL, 10, offsetof(CPUARMState, cp15.oslsr_el1), {0, 0},
+      access_tdosa },
     /* Dummy OSDLR_EL1: 32-bit Linux will read this */
     { "OSDLR_EL1", 14,1,3, 2,0,4, ARM_CP_STATE_BOTH,
-      ARM_CP_NOP, PL1_RW, },
+      ARM_CP_NOP, PL1_RW, 0, NULL, 0, 0, {0, 0},
+      access_tdosa },
     /* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
      * implement vector catch debug events yet.
      */