Commit graph

1240 commits

Author SHA1 Message Date
Peter Maydell 1d4dba1e5a target/arm: Convert VCADD (vector) to decodetree
Convert the VCADD (vector) insns to decodetree.

Backports commit 94d5eb7b3f72fbbdee55d7908e9cb6de95949f4b from qemu
2020-05-07 09:05:55 -04:00
Peter Maydell d8287755b2 target/arm: Convert VCMLA (vector) to decodetree
Convert the VCMLA (vector) insns in the 3same extension group to
decodetree.

Backports commit afff8de0d4d55b4ce7c36eb9cdfafe477a35dd75 from qemu
2020-05-07 09:02:52 -04:00
Peter Maydell c2c628eb71 target/arm: Add stubs for AArch32 Neon decodetree
Add the infrastructure for building and invoking a decodetree decoder
for the AArch32 Neon encodings. At the moment the new decoder covers
nothing, so we always fall back to the existing hand-written decode.

We follow the same pattern we did for the VFP decodetree conversion
(commit 78e138bc1f672c145ef6ace74617d and following): code that deals
with Neon will be moving gradually out to translate-neon.vfp.inc,
which we #include into translate.c.

In order to share the decode files between A32 and T32, we
split Neon into 3 parts:
* data-processing
* load-store
* 'shared' encodings

The first two groups of instructions have similar but not identical
A32 and T32 encodings, so we need to manually transform the T32
encoding into the A32 one before calling the decoder; the third group
covers the Neon instructions which are identical in A32 and T32.

Backports commit 625e3dd44a15dfbe9532daa6454df3f86cf04d3e from qemu
2020-05-07 08:59:42 -04:00
Peter Maydell 518d18062f target/arm: Don't allow Thumb Neon insns without FEATURE_NEON
We were accidentally permitting decode of Thumb Neon insns even if
the CPU didn't have the FEATURE_NEON bit set, because the feature
check was being done before the call to disas_neon_data_insn() and
disas_neon_ls_insn() in the Arm decoder but was omitted from the
Thumb decoder. Push the feature bit check down into the called
functions so it is done for both Arm and Thumb encodings.

Backports commit d1a6d3b594157425232a1ae5ea7f51b7a1c1aa2e from qemu
2020-05-07 08:55:02 -04:00
Peter Maydell 1964e4b9c9 target/arm/translate-vfp.inc.c: Remove duplicate simd_r32 check
Somewhere along theline we accidentally added a duplicate
"using D16-D31 when they don't exist" check to do_vfm_dp()
(probably an artifact of a patchseries rebase). Remove it.

Backports commit 0d787cf1f3c88fa29477e054f8523f6d82d91c98 from qemu
2020-05-07 08:52:42 -04:00
Philippe Mathieu-Daudé 8f90b77a6d target/arm: Use uint64_t for midr field in CPU state struct
MIDR_EL1 is a 64-bit system register with the top 32-bit being RES0.
Represent it in QEMU's ARMCPU struct with a uint64_t, not a
uint32_t.

This fixes an error when compiling with -Werror=conversion
because we were manipulating the register value using a
local uint64_t variable:

target/arm/cpu64.c: In function ‘aarch64_max_initfn’:
target/arm/cpu64.c:628:21: error: conversion from ‘uint64_t’ {aka ‘long unsigned int’} to ‘uint32_t’ {aka ‘unsigned int’} may change value [-Werror=conversion]
628 | cpu->midr = t;
| ^

and future-proofs us against a possible future architecture
change using some of the top 32 bits.

Backports commit e544f80030121040c8932ff1bd4006f390266c0f from qemu
2020-05-07 08:51:28 -04:00
Peter Maydell d28059f4ea target/arm: Use correct variable for setting 'max' cpu's ID_AA64DFR0
In aarch64_max_initfn() we update both 32-bit and 64-bit ID
registers. The intended pattern is that for 64-bit ID registers we
use FIELD_DP64 and the uint64_t 't' register, while 32-bit ID
registers use FIELD_DP32 and the uint32_t 'u' register. For
ID_AA64DFR0 we accidentally used 'u', meaning that the top 32 bits of
this 64-bit ID register would end up always zero. Luckily at the
moment that's what they should be anyway, so this bug has no visible
effects.

Use the right-sized variable.

Backports commit 5a89dd2385a193aa954a7c9bf4e381f2ba6ae359 from qemu
2020-05-07 08:50:40 -04:00
Peter Maydell b427549ce4 target/arm: Implement ARMv8.2-TTS2UXN
The ARMv8.2-TTS2UXN feature extends the XN field in stage 2
translation table descriptors from just bit [54] to bits [54:53],
allowing stage 2 to control execution permissions separately for EL0
and EL1. Implement the new semantics of the XN field and enable
the feature for our 'max' CPU.

Backports commit ce3125bed935a12e619a8253c19340ecaa899347 from qemu
2020-05-07 08:49:18 -04:00
Peter Maydell 1e75276a89 target/arm: Add new 's1_is_el0' argument to get_phys_addr_lpae()
For ARMv8.2-TTS2UXN, the stage 2 page table walk wants to know
whether the stage 1 access is for EL0 or not, because whether
exec permission is given can depend on whether this is an EL0
or EL1 access. Add a new argument to get_phys_addr_lpae() so
the call sites can pass this information in.

Since get_phys_addr_lpae() doesn't already have a doc comment,
add one so we have a place to put the documentation of the
semantics of the new s1_is_el0 argument.

Backports commit ff7de2fc2c994030bfb83af9ddc9a3cd70ce3e88 from qemu
2020-05-07 08:45:23 -04:00
Peter Maydell bec9ee21b6 target/arm: Use enum constant in get_phys_addr_lpae() call
The access_type argument to get_phys_addr_lpae() is an MMUAccessType;
use the enum constant MMU_DATA_LOAD rather than a literal 0 when we
call it in S1_ptw_translate().

Backports commit 59dff859cd850876df2cfa561c7bcfc4bdda4599 from qemu
2020-05-07 08:42:41 -04:00
Peter Maydell 3df93e463d target/arm: Don't use a TLB for ARMMMUIdx_Stage2
We define ARMMMUIdx_Stage2 as being an MMU index which uses a QEMU
TLB. However we never actually use the TLB -- all stage 2 lookups
are done by direct calls to get_phys_addr_lpae() followed by a
physical address load via address_space_ld*().

Remove Stage2 from the list of ARM MMU indexes which correspond to
real core MMU indexes, and instead put it in the set of "NOTLB" ARM
MMU indexes.

This allows us to drop NB_MMU_MODES to 11. It also means we can
safely add support for the ARMv8.3-TTS2UXN extension, which adds
permission bits to the stage 2 descriptors which define execute
permission separatel for EL0 and EL1; supporting that while keeping
Stage2 in a QEMU TLB would require us to use separate TLBs for
"Stage2 for an EL0 access" and "Stage2 for an EL1 access", which is a
lot of extra complication given we aren't even using the QEMU TLB.

In the process of updating the comment on our MMU index use,
fix a couple of other minor errors:
* NS EL2 EL2&0 was missing from the list in the comment
* some text hadn't been updated from when we bumped NB_MMU_MODES
above 8

Backports commit bf05340cb655637451162c02dadcd6581a05c02c from qemu
2020-05-07 08:40:06 -04:00
Fredrik Strupe 65200d8aad target/arm: Make VQDMULL undefined when U=1
According to Arm ARM, VQDMULL is only valid when U=0, while having
U=1 is unallocated.

Backports commit ab553ef74ee52c0889679d0bd0da084aaf938f5c from qemu
2020-05-07 08:34:56 -04:00
Philippe Mathieu-Daudé 12cad29510 target/arm/cpu: Update coding style to make checkpatch.pl happy
We will move this code in the next commit. Clean it up
first to avoid checkpatch.pl errors.

Backports commit 51c510aa5876a681cd0059ed3bacaa17590dc2d5 from qemu
2020-04-30 21:40:07 -04:00
Thomas Huth 84f2729a29 target/arm: Make cpu_register() available for other files
Make cpu_register() (renamed to arm_cpu_register()) available
from internals.h so we can register CPUs also from other files
in the future.

Backports commit 37bcf244454f4efb82e2c0c64bbd7eabcc165a0c from qemu
2020-04-30 21:38:42 -04:00
Philippe Mathieu-Daudé afeb8ff2dc target/arm: Restrict the Address Translate write operation to TCG accel
Under KVM these registers are written by the hardware.
Restrict the writefn handlers to TCG to avoid when building
without TCG:

LINK aarch64-softmmu/qemu-system-aarch64
target/arm/helper.o: In function `do_ats_write':
target/arm/helper.c:3524: undefined reference to `raise_exception'

Backports commit 9fb005b02dbda7f47b789b7f19bf5f73622a4756 from qemu
2020-04-30 21:31:22 -04:00
Richard Henderson b26b4c06cd target/arm: Vectorize integer comparison vs zero
These instructions are often used in glibc's string routines.
They were the final uses of the 32-bit at a time neon helpers.

Backports commit 6b375d3546b009d1e63e07397ec9c6af256e15e9 from qemu
2020-04-30 21:29:17 -04:00
Peter Maydell a4a171a9c9 target/arm: Fix ID_MMFR4 value on AArch64 'max' CPU
In commit 41a4bf1feab098da4cd the added code to set the CNP
field in ID_MMFR4 for the AArch64 'max' CPU had a typo
where it used the wrong variable name, resulting in ID_MMFR4
fields AC2, XNX and LSM being wrong. Fix the typo.

Fixes: 41a4bf1feab098da4cd

Backports commit e73c4443473107ddf11ad3a7fea5bef2001ee802 from qemu
2020-04-30 07:29:06 -04:00
Peter Maydell 6a015761ac target/arm: Remove obsolete TODO note from get_phys_addr_lpae()
An old comment in get_phys_addr_lpae() claims that the code does not
support the different format TCR for VTCR_EL2. This used to be true
but it is not true now (in particular the aa64_va_parameters() and
aa32_va_parameters() functions correctly handle the different
register format by checking whether the mmu_idx is Stage2).
Remove the out of date parts of the comment.

Backports commit 07d1be3b3aac20c21ac4a95c7f3f01a3622a31a3 from qemu
2020-04-30 07:21:17 -04:00
Peter Maydell 4228e7f155 target/arm: PSTATE.PAN should not clear exec bits
Our implementation of the PSTATE.PAN bit incorrectly cleared all
access permission bits for privileged access to memory which is
user-accessible. It should only affect the privileged read and write
permissions; execute permission is dealt with via XN/PXN instead.

Fixes: 81636b70c226dc27d7ebc8d

Backports commit f4e1dbc578a051db08a40c05276ebf525b98f949 from qemu
2020-04-30 07:20:20 -04:00
Changbin Du 1e274425bd target/arm: fix incorrect current EL bug in aarch32 exception emulation
The arm_current_el() should be invoked after mode switching. Otherwise, we
get a wrong current EL value, since current EL is also determined by
current mode.

Fixes: 4a2696c0d4 ("target/arm: Set PAN bit as required on exception entry")

Backports commit 88828bf133b64b7a860c166af3423ef1a47c5d3b from qemu
2020-04-30 06:57:36 -04:00
Richard Henderson c9ee9a2729 target/arm: Move computation of index in handle_simd_dupe
Coverity reports a BAD_SHIFT with ctz32(imm5), with imm5 == 0.
This is an invalid encoding, but we diagnose that just below
by rejecting size > 3. Avoid the warning by sinking the
computation of index below the check.

Backports commit 550a04893c2bd4442211b353680b9a6408d94dba from qemu
2020-04-30 06:54:39 -04:00
Richard Henderson fd4ce2cba0 target/arm: Assert immh != 0 in disas_simd_shift_imm
Coverity raised a shed-load of errors cascading from inferring
that clz32(immh) might yield 32, from immh might be 0.

While immh cannot be 0 from encoding, it is not obvious even to
a human how we've checked that: via the filtering provided by
data_proc_simd[].

Backports commit 3944d58db3fc5bf131345a21a44013bc13849a12 from qemu
2020-04-30 06:53:54 -04:00
Richard Henderson d5234c8b3d target/arm: Rearrange disabled check for watchpoints
Coverity rightly notes that ctz32(bas) on 0 will return 32,
which makes the len calculation a BAD_SHIFT.

A value of 0 in DBGWCR<n>_EL1.BAS is reserved. Simply move
the existing check we have for this case

Backports commit ae1111d4def40c6f592c3a307c599272b778eb65 from qemu
2020-04-30 06:52:38 -04:00
Alex Bennée 46e1dab19e target/arm: don't bother with id_aa64pfr0_read for USER_ONLY
For system emulation we need to check the state of the GIC before we
report the value. However this isn't relevant to exporting of the
value to linux-user and indeed breaks the exported value as set by
modify_arm_cp_regs.

Backports commit 976b99b6ec2e15cd7c36d72fdb9b60c37c5494f8 from qemu
2020-04-30 06:24:10 -04:00
Richard Henderson 6c8172fd08 target/arm: Disable clean_data_tbi for system mode
We must include the tag in the FAR_ELx register when raising
an addressing exception. Which means that we should not clear
out the tag during translation.

We cannot at present comply with this for user mode, so we
retain the clean_data_tbi function for the moment, though it
no longer does what it says on the tin for system mode. This
function is to be replaced with MTE, so don't worry about the
slight misnaming.

Buglink: https://bugs.launchpad.net/qemu/+bug/1867072

Backports commit 38d931687fa196a7ef860f8583815abc7fd5521a from qemu
2020-04-30 06:18:31 -04:00
Richard Henderson e040675fbf target/arm: Clean address for DC ZVA
This data access was forgotten when we added support for cleaning
addresses of TBI information.

Fixes: 3a471103ac1823ba

Backports commit 597d61a3b1f94c53a3aaa77671697c0c5f797dbf from qemu.
2020-04-30 06:16:03 -04:00
Richard Henderson a37d9b2be5 target/arm: Use DEF_HELPER_FLAGS for helper_dc_zva
The function does not write registers, and only reads them by
implication via the exception path.

Backports commit 1371b02c5a060e423e70560dbca769b54e471ba9 from qemu
2020-04-30 06:14:45 -04:00
Richard Henderson 3cb68bc44e target/arm: Move helper_dc_zva to helper-a64.c
This is an aarch64-only function. Move it out of the shared file.
This patch is code movement only.

Backports commit 7b182eb2467af6c47c9c77c64bbbeed8ed53c330 from qemu
2020-04-30 06:12:26 -04:00
Richard Henderson a22a2a8b71 target/arm: Introduce core_to_aa64_mmu_idx
If by context we know that we're in AArch64 mode, we need not
test for M-profile when reconstructing the full ARMMMUIdx.

Backports commit 20dc67c947a691fa9df05e76aec6df50204b4b94 from qemu
2020-04-30 05:58:59 -04:00
Richard Henderson d3a5843aeb target/arm: Replicate TBI/TBID bits for single range regimes
Replicate the single TBI bit from TCR_EL2 and TCR_EL3 so that
we can unconditionally use pointer bit 55 to index into our
composite TBI1:TBI0 field.

Backports commit 3e270f67f0f05277021763af119a6ce195f8ed51 from qemu
2020-04-30 05:58:59 -04:00
Richard Henderson cc32a96183 target/arm: Honor the HCR_EL2.TTLB bit
This bit traps EL1 access to tlb maintenance insns.

Backports commit 30881b7353b5bb41210c32cd8e00421da757808c from qemu
2020-04-30 05:58:59 -04:00
Richard Henderson 74d6aa6012 target/arm: Honor the HCR_EL2.TPU bit
This bit traps EL1 access to cache maintenance insns that operate
to the point of unification. There are no longer any references to
plain aa64_cacheop_access, so remove it.

Backports commit 38262d8a732f8bd0e9ca3dc064f6e73d00c08b9a from qemu
2020-04-30 05:58:59 -04:00
Richard Henderson f35a83d5ff target/arm: Honor the HCR_EL2.TPCP bit
This bit traps EL1 access to cache maintenance insns that operate
to the point of coherency or persistence.

Backports commit 1bed4d2e55459129c19f5952bcfc65bd0c70db5b from qemu
2020-03-22 02:44:41 -04:00
Richard Henderson 8ff8ff0c4a target/arm: Honor the HCR_EL2.TACR bit
This bit traps EL1 access to the auxiliary control registers.

Backports commit 9960237769ada2faaaf1898b96da7a55e1691cf4 from qemu
2020-03-22 02:42:05 -04:00
Richard Henderson d252af2069 target/arm: Honor the HCR_EL2.TSW bit
These bits trap EL1 access to set/way cache maintenance insns.

Backports commit 1803d2713b29d85031cc964d545036bda9880f26 from qemu
2020-03-22 02:40:10 -04:00
Richard Henderson 7ee27e5d93 target/arm: Honor the HCR_EL2.{TVM,TRVM} bits
These bits trap EL1 access to various virtual memory controls.

Backports commit 84929218512c19ec9a296fbfd7b39219e0c592ae from qemu
2020-03-22 02:38:03 -04:00
Richard Henderson 7cd75be7c8 target/arm: Improve masking in arm_hcr_el2_eff
Update the {TGE,E2H} == '11' masking to ARMv8.6.
If EL2 is configured for aarch32, disable all of
the bits that are RES0 in aarch32 mode.

Backports commit 4990e1d3c128580dd2fa0bbb1a42b6d63ba1ac28 from qemu
2020-03-22 02:32:35 -04:00
Richard Henderson fa599a9538 target/arm: Add HCR_EL2 bit definitions from ARMv8.6
Backports commit e0a38bb35aa930c2d3b9982914297f0c0e8fd5c8 from qemu
2020-03-22 02:31:19 -04:00
Richard Henderson c4b2493c2e target/arm: Improve masking of HCR/HCR2 RES0 bits
Don't merely start with v8.0, handle v7VE as well. Ensure that writes
from aarch32 mode do not change bits in the other half of the register.
Protect reads of aa64 id registers with ARM_FEATURE_AARCH64.

Backports commit d1fb4da208411ce7b3dafb9f9e7726ebcec14edb from qemu
2020-03-22 02:28:41 -04:00
Peter Maydell 32b0e506e6 target/arm: Implement (trivially) ARMv8.2-TTCNP
The ARMv8.2-TTCNP extension allows an implementation to optimize by
sharing TLB entries between multiple cores, provided that software
declares that it's ready to deal with this by setting a CnP bit in
the TTBRn_ELx. It is mandatory from ARMv8.2 onward.

For QEMU's TLB implementation, sharing TLB entries between different
cores would not really benefit us and would be a lot of work to
implement. So we implement this extension in the "trivial" manner:
we allow the guest to set and read back the CnP bit, but don't change
our behaviour (this is an architecturally valid implementation
choice).

The only code path which looks at the TTBRn_ELx values for the
long-descriptor format where the CnP bit is defined is already doing
enough masking to not get confused when the CnP bit at the bottom of
the register is set, so we can simply add a comment noting why we're
relying on that mask.

Backports commit 41a4bf1feab098da4cd5495cd56a99b0339e2275 from qemu
2020-03-22 02:24:48 -04:00
Peter Maydell 7271ebf96d target/arm: Implement ARMv8.3-CCIDX
The ARMv8.3-CCIDX extension makes the CCSIDR_EL1 system ID registers
have a format that uses the full 64 bit width of the register, and
adds a new CCSIDR2 register so AArch32 can get at the high 32 bits.

QEMU doesn't implement caches, so we just treat these ID registers as
opaque values that are set to the correct constant values for each
CPU. The only thing we need to do is allow 64-bit values in our
cssidr[] array and provide the CCSIDR2 accessors.

We don't set the CCIDX field in our 'max' CPU because the CCSIDR
constant values we use are the same as the ones used by the
Cortex-A57 and they are in the old 32-bit format. This means
that the extra regdef added here is unused currently, but it
means that whenever in the future we add a CPU that does need
the new 64-bit format it will just work when we set the cssidr
values and the ID registers for it.

Backports commit 957e615503bd0de22393fd8dbcb22a5064fd2b5c from qemu
2020-03-22 00:17:37 -04:00
Peter Maydell 5416c5a672 target/arm: Implement v8.4-RCPC
The v8.4-RCPC extension implements some new instructions:
* LDAPUR, LDAPURB, LDAPURH, LDAPRSB, LDAPRSH, LDAPRSW
* STLUR, STLURB, STLURH

These are all in a new subgroup of encodings that sits below the
top-level "Loads and Stores" group in the Arm ARM.

The STLUR* instructions have standard store-release semantics; the
LDAPUR* have Load-AcquirePC semantics, but (as with LDAPR*) we choose
to implement them as the slightly stronger Load-Acquire.

Backports commit a1229109dec4375259d3fff99f362405aab7917a from qemu
2020-03-22 00:15:46 -04:00
Peter Maydell f72582bb7a target/arm: Implement v8.3-RCPC
The v8.3-RCPC extension implements three new load instructions
which provide slightly weaker consistency guarantees than the
existing load-acquire operations. For QEMU we choose to simply
implement them with a full LDAQ barrier.

Backports commit 2677cf9f92a5319bb995927f9225940414ce879d from qemu
2020-03-22 00:13:08 -04:00
Peter Maydell 8d12309fd8 target/arm: Fix wrong use of FIELD_EX32 on ID_AA64DFR0
We missed an instance of using FIELD_EX32 on a 64-bit ID
register, in isar_feature_aa64_pmu_8_4(). Fix it.

Backports commit 54117b90ffd8a3977917971c3bd99bb5242710d9 from qemu.
2020-03-22 00:10:52 -04:00
Richard Henderson c3eaaf7c33 target/arm: Split VMINMAXNM decode
Passing the raw op field from the manual is less instructive
than it might be. Do the full decode and use the existing
helpers to perform the expansion.

Since these are v8 insns, VECLEN+VECSTRIDE are already RES0.

Backports commit f2eafb75511e5d2ee601b43dc6ee0bcc6e453acd from qemu
2020-03-22 00:09:53 -04:00
Richard Henderson 303d922e5d target/arm: Split VFM decode
Passing the raw o1 and o2 fields from the manual is less
instructive than it might be. Do the full decode and let
the trans_* functions pass in booleans to a helper.

Backports commit d486f8308a13543bbcc4887f246e856df991a4bc from qemu
2020-03-22 00:07:53 -04:00
Richard Henderson a445b1dab9 target/arm: Add formats for some vfp 2 and 3-register insns
Those vfp instructions without extra opcode fields can
share a common @format for brevity.

Backports commit 906b60facc3d3dd3af56cb1a7860175d805e10a3 from qemu
2020-03-22 00:05:27 -04:00
Richard Henderson 3d2a091389 target/arm: Remove ARM_FEATURE_VFP*
We have converted all tests against these features
to ISAR tests.

Backports commit f9506e162c33e87b609549157dd8431fcc732085 from qemu
2020-03-22 00:02:13 -04:00
Richard Henderson 4ce91875e4 target/arm: Move the vfp decodetree calls next to the base isa
Have the calls adjacent as an intermediate step toward
actually merging the decodes.

Backports commit f0f6d5c81be47d593e5ece7f06df6fba4c15738b from qemu
2020-03-21 23:54:56 -04:00
Richard Henderson f1ce64857c target/arm: Move VLLDM and VLSTM to vfp.decode
Now that we no longer have an early check for ARM_FEATURE_VFP,
we can use the proper ISA check in trans_VLLDM_VLSTM.

Backports commit dc778a6873f534817a13257be2acba3ca87ec015 from qemu
2020-03-21 23:51:59 -04:00