In an LPAE format descriptor in ARMv8 the address field extends
up to bit 47, not just bit 39. Correct the masking so we don't
give incorrect results if the output address size is greater
than 40 bits, as it can be for AArch64.
(Note that we don't yet support the new-in-v8 Address Size fault which
should be generated if any translation table entry or TTBR contains
an address with non-zero bits above the most significant bit of the
maximum output address size.)
Backports commit 6109769a8b42bd0c3d5b1601c9b35fe7ea6a603e from qemu
Architectural breakpoint check could raise an exceptions, thus condexec
bits should be updated before calling gen_helper_check_breakpoints().
Backports commit ce8a1b5449cd8c4c2831abb581d3208c3a3745a0 from qemu
Coprocessor access instructions are allowed inside IT block.
gen_helper_access_check_cp_reg() can raise an exceptions thus condexec
bits should be updated before.
Backports commit 43bfa4a100687af8d293fef0a197839b51400fca from qemu
AArch32 translation code does not distinguish between DISAS_UPDATE and
DISAS_JUMP. Thus, we cannot use any of them without first updating PC in
CPU state. Furthermore, it is too complicated to update PC in CPU state
before PC gets updated in disas context. So it is hardly possible to
correctly end TB early if is is not likely to be executed before calling
disas_*_insn(), e.g. just after calling breakpoint check helper.
Modify DISAS_UPDATE and DISAS_JUMP usage in AArch32 translation and
apply to them the same semantic as AArch64 translation does:
- DISAS_UPDATE: update PC in CPU state when finishing translation
- DISAS_JUMP: preserve current PC value in CPU state when finishing
translation
This patch fixes a bug in AArch32 breakpoint handling: when
check_breakpoints helper does not generate an exception, ending the TB
early with DISAS_UPDATE couldn't update PC in CPU state and execution
hangs.
Backports commit 577bf808958d06497928c639efaa473bf8c5e099 from qemu
Do not raise a CPU exception if no CPU breakpoint has fired, since
singlestep is also done by generating a debug internal exception. This
fixes a bug with singlestepping in gdbstub.
Backports commit 5c629f4ff4dc9ae79cc732f59a8df15ede796ff7 from qemu
If this CPU supports EL3, enhance the printing of the current
CPU mode in debug logging to distinguish S from NS modes as
appropriate.
Backports commit 06e5cf7acd1f94ab7c1cd6945974a1f039672940 from qemu
The AArch64 debug CPU display of PSTATE as "PSTATE=200003c5 (flags --C-)"
on the end of the same line as the last of the general purpose registers
is unnecessarily different from the AArch32 display of PSR as
"PSR=200001d3 --C- A svc32" on its own line. Update the AArch64
code to put PSTATE in its own line and in the same format, including
printing the exception level (mode).
Backports commit 08b8e0f527930208a548b424d2ab3103bf3c8c02 from qemu
Some targets already had this within their logic, but make sure
it's present for all targets.
Backports commit 522a0d4e3c0d397ffb45ec400d8cbd426dad9d17 from qemu
Reduce the boilerplate required for each target. At the same time,
move the test for breakpoint after calling tcg_gen_insn_start.
Note that arm and aarch64 do not use cpu_breakpoint_test, but still
move the inline test down after tcg_gen_insn_start.
Backports commit b933066ae03d924a92b2616b4a24e7d91cd5b841 from qemu
Introduce ARMMMUFaultInfo to propagate MMU Fault information
across the MMU translation code path. This is in preparation for
adding Stage-2 translation.
No functional changes.
Backports commit e14b5a23d8c83304559f31397f95d22ada60a19a from qemu
The starting level for S2 pagetable walks is computed
differently from the S1 starting level. Implement the S2
variant.
Backports commit 1853d5a9dcac910322c6cc5b2fddec45fd052d25 from qemu
Rename granule_sz to stride to better match the reference manuals.
No functional change.
Backports commit 973a5434825c076995218868b5b3047e5de400c6 from qemu
Remove the tsz variable and introduce inputsize.
This simplifies the code a little and makes it easier to
compare with the reference manuals.
No functional change.
Backports commit 4ca6a051758edf625a17dfc4ce4ab72edabac170 from qemu
Add support for AArch32 S2 negative t0sz. In preparation for
using 40bit IPAs on AArch32.
Backports commit 4ee38098010240e0b390061fdd0151ff62d80279 from qemu
Move declaration of t0sz and t1sz to the top of the function
avoiding a mix of code and variable declarations.
No functional change.
Backports commit 1f4c8c18a5b6f4fad13e13b7e3828124c6c8f34d from qemu
Make t0sz and t1sz signed integers to match tsz and to make
it easier to implement support for AArch32 negative t0sz.
t1sz is changed for consistensy.
No functional change.
Backports commit 5c31a10d16c595d6a59e3e7fc1808c3b1d03e02f from qemu
When the memory we're trying to translate code from is not executable we have
to turn this into a guest fault. In order to report the correct PC for this
fault, and to make sure it is not reported until after any other possible
faults for instructions earlier in execution, we must terminate TBs at
the end of a page, in case the next instruction is in a non-executable page.
This is simple for T16, A32 and A64 instructions, which are always aligned
to their size. However T32 instructions may be 32-bits but only 16-aligned,
so they can straddle a page boundary.
Correct the condition that checks whether the next instruction will touch
the following page, to ensure that if we're 2 bytes before the boundary
and this insn is T32 then we end the TB.
Backports commit 541ebcd401ee47f3c1a3ce503ef5466b75e9d20a from qemu
The code in arm_excp_unmasked() suppresses the ability of PSTATE.AIF
to mask exceptions from a lower EL targeting EL2 or EL3 if the
CPU is 64-bit. This is correct for a target of EL3, but not correct
for targeting EL2. Further, we go to some effort to calculate
scr and hcr values which are not used at all for the 64-bit CPU
case.
Rearrange the code to correctly implement the 64-bit CPU logic
and keep the hcr/scr calculations in the 32-bit CPU codepath.
Backports commit 7cd6de3bb1ca55dfa8f53fb9894803eb33f497b3 from qemu
A QEMU breakpoint match is not definitely an architectural breakpoint
match. If an exception is generated unconditionally during translation,
it is hardly possible to ignore it in the debug exception handler.
Generate a call to a helper to check CPU breakpoints and raise an
exception only if any breakpoint matches architecturally.
Backports commit 5d98bf8f38c17a348ab6e8af196088cd4953acd0 from qemu
GDB breakpoints have higher priority so they have to be checked first.
Should GDB breakpoint match, just return from the debug exception
handler.
Backports commit e63a2d4d9ed73e33a0b7483085808048be8bbcb1 from qemu
Implement debug exception routing according to ARM ARM D2.3.1 Pseudocode
description of routing debug exceptions.
Backports commit 81669b8b81eb450d7b89ee5fdd57bdb73d87022d from qemu
Add the MDCR_EL2 register. We don't implement any of
the debug-related traps this register controls yet, so
currently it simply reads back as written.
Backports commit 14cc7b54372995a6ba72c7719372e4f710fc9b5a from qemu
Added oslar_write function to OSLAR_EL1 sysreg, using a status variable
in ARMCPUState.cp15 struct (oslsr_el1). This variable is also linked
to the newly added read-only OSLSR_EL1 register.
Linux reads from this register during its suspend/resume procedure.
Backports commit 1424ca8d4320427c3e93722b65e19077969808a2 from qemu
It is incorrect to call arm_el_is_aa64() function for unimplemented EL.
This patch fixes several attempts to do so.
Backports commit 2cde031f5a34996bab32571a26b1a6bcf3e5b5d9 from qemu
If any store instruction writes the code inside the same TB
after this store insn, the execution of the TB must be stopped
to execute new code correctly.
As described in ARMv8 manual D3.4.6 self-modifying code must do an
IC invalidation to be valid, and an ISB after it. So it's enough to end
the TB after ISB instruction on the code translation.
Also this TB break is necessary to take any pending interrupts immediately
after an ISB (as required by ARMv8 ARM D1.14.4).
Backports commit 6df99dec9e81838423d723996e96236693fa31fe from qemu
It is no longer used, so tidy up everything reached by it.
This includes the gen_opc_* arrays, the search_pc parameter
and the inline gen_intermediate_code_internal functions.
Backports commit 4e5e1215156662b2b153255c49d4640d82c5568b from qemu
The gen_opc_* arrays are already redundant with the data stored in
the insn_start arguments. Transition restore_state_to_opc to use
data from the latter.
Backports commit bad729e272387de7dbfa3ec4319036552fc6c107 from qemu
The only generic code relying on this is linux-user. Linux user
already has a lot of #ifdef TARGET_ customisation so instead, define
ELF_ARCH as either EM_ARM or EM_AARCH64 appropriately.
The armv7m bootloader can just pass EM_ARM directly, as that
is architecture specific code. Note that arm_boot already has its own
logic selecting an arm specific elf machine so this makes V7M more
consistent with arm_boot.
This removes another architecture specific definition from the global
namespace.
Backports commit b597c3f7da17fcb37d394a16a6c0ef0a02846177 from qemu
Break out mpidr_read_val() to allow future sharing of the
code that conditionally sets the M and U bits of MPIDR.
No functional changes.
Backports commit 06a7e6477c129ceaa72bd400cf281d44c456be43 from qemu
Stage-2 MMU translations do not have configurable TBI as
the top byte is always 0 (48-bit IPAs).
Backports commit 1edee4708a0e3163cbf20fac325be456abd960bb from qemu
This is set to true when the index is for an instruction fetch
translation.
The core get_page_addr_code() sets it, as do the SOFTMMU_CODE_ACCESS
acessors.
All targets ignore it for now, and all other callers pass "false".
This will allow targets who wish to split the mmu index between
instruction and data accesses to do so. A subsequent patch will
do just that for PowerPC.
Backports commit 97ed5ccdee95f0b98bedc601ff979e368583472c from qemu
