target-arm: Provide hook to tell GICv3 about changes of security state

The GICv3 CPU interface needs to know when the CPU it is attached
to makes an exception level or mode transition that changes the
security state, because whether it is asserting IRQ or FIQ can change
depending on these things. Provide a mechanism for letting the GICv3
device register a hook to be called on such changes.

Backports commit bd7d00fc50c9960876dd194ebf0c88889b53e765 from qemu

qemu/aarch64.h

@@ -3153,6 +3153,7 @@
 #define arm64_reg_write arm64_reg_write_aarch64
 #define gen_a64_set_pc_im gen_a64_set_pc_im_aarch64
 #define aarch64_cpu_register_types aarch64_cpu_register_types_aarch64
+#define arm_register_el_change_hook arm_register_el_change_hook_aarch64
 #define helper_udiv64 helper_udiv64_aarch64
 #define helper_sdiv64 helper_sdiv64_aarch64
 #define helper_cls64 helper_cls64_aarch64

qemu/aarch64eb.h

@@ -3153,6 +3153,7 @@
 #define arm64_reg_write arm64_reg_write_aarch64eb
 #define gen_a64_set_pc_im gen_a64_set_pc_im_aarch64eb
 #define aarch64_cpu_register_types aarch64_cpu_register_types_aarch64eb
+#define arm_register_el_change_hook arm_register_el_change_hook_aarch64eb
 #define helper_udiv64 helper_udiv64_aarch64eb
 #define helper_sdiv64 helper_sdiv64_aarch64eb
 #define helper_cls64 helper_cls64_aarch64eb

qemu/arm.h

@@ -3146,5 +3146,6 @@
 #define xpsr_write xpsr_write_arm
 #define xscale_cpar_write xscale_cpar_write_arm
 #define xscale_cp_reginfo xscale_cp_reginfo_arm
+#define arm_register_el_change_hook arm_register_el_change_hook_arm
 #define ARM_REGS_STORAGE_SIZE ARM_REGS_STORAGE_SIZE_arm
 #endif

qemu/armeb.h

@@ -3146,5 +3146,6 @@
 #define xpsr_write xpsr_write_armeb
 #define xscale_cpar_write xscale_cpar_write_armeb
 #define xscale_cp_reginfo xscale_cp_reginfo_armeb
+#define arm_register_el_change_hook arm_register_el_change_hook_armeb
 #define ARM_REGS_STORAGE_SIZE ARM_REGS_STORAGE_SIZE_armeb
 #endif

qemu/header_gen.py

@@ -3155,6 +3155,7 @@ symbols = (
 )
 
 arm_symbols = (
+    'arm_register_el_change_hook',
     'ARM_REGS_STORAGE_SIZE',
 )
 
@@ -3166,6 +3167,7 @@ aarch64_symbols = (
     'arm64_reg_write',
     'gen_a64_set_pc_im',
     'aarch64_cpu_register_types',
+    'arm_register_el_change_hook',
     'helper_udiv64',
     'helper_sdiv64',
     'helper_cls64',

qemu/target-arm/cpu.c

@@ -48,6 +48,15 @@ static bool arm_cpu_has_work(CPUState *cs)
          | CPU_INTERRUPT_EXITTB);
 }
 
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
+                                 void *opaque)
+{
+    /* We currently only support registering a single hook function */
+    assert(!cpu->el_change_hook);
+    cpu->el_change_hook = hook;
+    cpu->el_change_hook_opaque = opaque;
+}
+
 static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
 {
     /* Reset a single ARMCPRegInfo register */

qemu/target-arm/cpu.h

@@ -523,6 +523,13 @@ typedef struct CPUARMState {
     struct uc_struct *uc;
 } CPUARMState;
 
+/**
+ * ARMELChangeHook:
+ * type of a function which can be registered via arm_register_el_change_hook()
+ * to get callbacks when the CPU changes its exception level or mode.
+ */
+typedef void ARMELChangeHook(ARMCPU *cpu, void *opaque);
+
 /**
  * ARMCPU:
  * @env: #CPUARMState
@@ -663,6 +670,9 @@ typedef struct ARMCPU {
     /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
     uint32_t dcz_blocksize;
     uint64_t rvbar;
+
+    ARMELChangeHook *el_change_hook;
+    void *el_change_hook_opaque;
 } ARMCPU;
 
 static inline ARMCPU *arm_env_get_cpu(CPUARMState *env)
@@ -2412,4 +2422,28 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
 }
 #endif
 
+/**
+ * arm_register_el_change_hook:
+ * Register a hook function which will be called back whenever this
+ * CPU changes exception level or mode. The hook function will be
+ * passed a pointer to the ARMCPU and the opaque data pointer passed
+ * to this function when the hook was registered.
+ *
+ * Note that we currently only support registering a single hook function,
+ * and will assert if this function is called twice.
+ * This facility is intended for the use of the GICv3 emulation.
+ */
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
+                                 void *opaque);
+
+/**
+ * arm_get_el_change_hook_opaque:
+ * Return the opaque data that will be used by the el_change_hook
+ * for this CPU.
+ */
+static inline void *arm_get_el_change_hook_opaque(ARMCPU *cpu)
+{
+    return cpu->el_change_hook_opaque;
+}
+
 #endif

qemu/target-arm/helper.c

@@ -5753,6 +5753,8 @@ void arm_cpu_do_interrupt(CPUState *cs)
         arm_cpu_do_interrupt_aarch32_(cs);
     }
 
+    arm_call_el_change_hook(cpu);
+
     // Unicorn: commented out
     //if (!kvm_enabled()) {
     cs->interrupt_request |= CPU_INTERRUPT_EXITTB;

qemu/target-arm/internals.h

@@ -482,4 +482,12 @@ bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx);
 void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, int is_write,
                                  int is_user, uintptr_t retaddr);
 
+/* Call the EL change hook if one has been registered */
+static inline void arm_call_el_change_hook(ARMCPU *cpu)
+{
+    if (cpu->el_change_hook) {
+        cpu->el_change_hook(cpu, cpu->el_change_hook_opaque);
+    }
+}
+
 #endif

qemu/target-arm/op_helper.c

@@ -474,6 +474,8 @@ void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask)
 void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
 {
     cpsr_write(env, val, CPSR_ERET_MASK, CPSRWriteExceptionReturn);
+
+    arm_call_el_change_hook(arm_env_get_cpu(env));
 }
 
 /* Access to user mode registers from privileged modes.  */
@@ -977,6 +979,8 @@ void HELPER(exception_return)(CPUARMState *env)
         env->pc = env->elr_el[cur_el];
     }
 
+    arm_call_el_change_hook(arm_env_get_cpu(env));
+
     return;
 
 illegal_return: