Commit graph

708 commits

Author SHA1 Message Date
Aaron Lindsay 4ff0389d2d
target/arm: Implement PMOVSSET
Add an array for PMOVSSET so we only define it for v7ve+ platforms

Backports commit 327dd5108bb3b66bb5102b659e83a4348a005f5e from qemu
2019-01-22 17:25:22 -05:00
Aaron Lindsay d6d1d49cdd
target/arm: Allow AArch32 access for PMCCFILTR
Backports commit 4b8afa1f99c3575f6cfb26770f90e9fd7bc45468 from qemu
2019-01-22 17:19:03 -05:00
Aaron Lindsay b916fb2cae
target/arm: Filter cycle counter based on PMCCFILTR_EL0
Rename arm_ccnt_enabled to pmu_counter_enabled, and add logic to only
return 'true' if the specified counter is enabled and neither prohibited
or filtered.

Backports commit 033614c47de78409ad3fb39bb7bd1483b71c6789 from qemu
2019-01-22 17:12:46 -05:00
Aaron Lindsay b6b0c18ce5
target/arm: Swap PMU values before/after migrations
Because of the PMU's design, many register accesses have side effects
which are inter-related, meaning that the normal method of saving CP
registers can result in inconsistent state. These side-effects are
largely handled in pmu_op_start/finish functions which can be called
before and after the state is saved/restored. By doing this and adding
raw read/write functions for the affected registers, we avoid
migration-related inconsistencies.

Backports relevant parts of commit
980ebe87053792a5bdefaa87777c40914fd4f673 from qemu
2019-01-22 17:01:34 -05:00
Aaron Lindsay 001283c45b
target/arm: Reorganize PMCCNTR accesses
pmccntr_read and pmccntr_write contained duplicate code that was already
being handled by pmccntr_sync. Consolidate the duplicated code into two
functions: pmccntr_op_start and pmccntr_op_finish. Add a companion to
c15_ccnt in CPUARMState so that we can simultaneously save both the
architectural register value and the last underlying cycle count - this
ensures time isn't lost and will also allow us to access the 'old'
architectural register value in order to detect overflows in later
patches.

Backports commit 5d05b9d462666ed21b7fef61aa45dec9aaa9f0ff from qemu
2019-01-22 16:57:29 -05:00
Richard Henderson 8c14f0ea57
target/arm: Tidy TBI handling in gen_a64_set_pc
We can perform this with fewer operations.

Backports commit 8733d762d5e089a017ac7c5bc71077a8d75d1b46 from qemu
2019-01-22 16:46:11 -05:00
Richard Henderson 1939b28276
target/arm: Enable PAuth for user-only
Add 4 attributes that controls the EL1 enable bits, as we may not
always want to turn on pointer authentication with -cpu max.
However, by default they are enabled.

Backports relevant parts of commit
1ae9cfbd470bffb8d9bacd761344e9b5e8adecb6 from qemu.
2019-01-22 16:42:18 -05:00
Richard Henderson 7f03b024d2
target/arm: Enable PAuth for -cpu max
Backports commit 1ce32e47db52e3511132c7104770eae65d412144 from qemu
2019-01-22 16:38:07 -05:00
Richard Henderson 6e1c9df11f
target/arm: Add PAuth system registers
Backports commit 967aa94f2b0df08d744b6d0bfa21031175e8a0e6 from qemu
2019-01-22 16:36:55 -05:00
Richard Henderson d633a04e61
target/arm: Implement pauth_computepac
This is the main crypto routine, an implementation of QARMA.
This matches, as much as possible, ARM pseudocode.

Backports commit 990870b205ddfdba3fd3c1321e6083005ef59d1a from qemu
2019-01-22 16:35:07 -05:00
Richard Henderson e23d1ef408
target/arm: Implement pauth_addpac
This is not really functional yet, because the crypto is not yet
implemented. This, however follows the AddPAC pseudo function.

Backports commit 63ff0ca94cb84764d2aee45b37c5502a54811dab from qemu
2019-01-22 16:33:25 -05:00
Richard Henderson 4281ae11c4
target/arm: Implement pauth_auth
This is not really functional yet, because the crypto is not yet
implemented. This, however follows the Auth pseudo function.

Backports commit a7bfa086c973a51fc18116c9d2e22a0e0069edba from qemu
2019-01-22 16:32:19 -05:00
Richard Henderson 2545f8cf84
target/arm: Implement pauth_strip
Stripping out the authentication data does not require any crypto,
it merely requires the virtual address parameters.

Backports commit 04d13549fa10bb9775a90701e4e6fd0a2cbf83cb from qemu
2019-01-22 16:31:11 -05:00
Richard Henderson 048d8da45c
target/arm: Reuse aa64_va_parameters for setting tbflags
The arm_regime_tbi{0,1} functions are replacable with the new function
by giving the lowest and highest address.

Backports commit 5d8634f5a3a8474525edcfd581a659830e9e97c0 from qemu
2019-01-22 16:29:54 -05:00
Richard Henderson 028aef155a
target/arm: Decode TBID from TCR
Use TBID in aa64_va_parameters depending on the data parameter.
This automatically updates all existing users of the function.

Backports commit 8220af7e4d34c858898fbfe55943aeea8f4e875f from qemu
2019-01-22 16:27:37 -05:00
Richard Henderson b99e2f920b
target/arm: Add aa64_va_parameters_both
We will want to check TBI for I and D simultaneously.

Backports commit e737ed2ad8c14b4b82ed241646ffa370d29d0937 from qemu
2019-01-22 16:25:12 -05:00
Richard Henderson 23b162f2fb
target/arm: Export aa64_va_parameters to internals.h
We need to reuse this from helper-a64.c. Provide a stub
definition for CONFIG_USER_ONLY. This matches the stub
definitions that we removed for arm_regime_tbi{0,1} before.

Backports commit bf0be433878935e824479e8ae890493e1fb646ed from qemu
2019-01-22 16:22:57 -05:00
Richard Henderson 3fbde0ab73
target/arm: Merge TBFLAG_AA_TB{0, 1} to TBII
We will shortly want to talk about TBI as it relates to data.
Passing around a pair of variables is less convenient than a
single variable.

Backports commit 476a4692f06e381117fb7ad0d04d37c9c2612198 from qemu
2019-01-22 16:19:57 -05:00
Richard Henderson b6415f7a4b
target/arm: Create ARMVAParameters and helpers
Split out functions to extract the virtual address parameters.
Let the functions choose T0 or T1 address space half, if present.
Extract (most of) the control bits that vary between EL or Tx.

Backports commit ba97be9f4a4ecaf16a1454dc669e5f3d935d3b63 from qemu
2019-01-22 16:17:16 -05:00
Richard Henderson 377bd123bd
target/arm: Introduce arm_stage1_mmu_idx
While we could expose stage_1_mmu_idx, the combination is
probably going to be more useful.

Backports commit 64be86ab1b5ef10b660a4230ee7f27c0da499043 from qemu
2019-01-22 16:08:37 -05:00
Richard Henderson 9743787d0f
target/arm: Introduce arm_mmu_idx
The pattern

ARMMMUIdx mmu_idx = core_to_arm_mmu_idx(env, cpu_mmu_index(env, false));

is computing the full ARMMMUIdx, stripping off the ARM bits,
and then putting them back.

Avoid the extra two steps with the appropriate helper function.

Backports commit 50494a279dab22a015aba9501a94fcc3cd52140e from qemu
2019-01-22 16:06:34 -05:00
Richard Henderson 8856234574
target/arm: Move cpu_mmu_index out of line
This function is, or will shortly become, too big to inline.

Backports commit 65e4655c609a4a2fd428459d3efb62b704488fd6 from qemu
2019-01-22 16:02:39 -05:00
Richard Henderson 5de5903d1c
target/arm: Decode Load/store register (pac)
Not that there are any stores involved, but why argue with ARM's
naming convention.

Backports commit bd889f4810839a2b68e339696ccf7c406cd62879 from qemu
2019-01-22 15:58:22 -05:00
Richard Henderson 8356fc365f
target/arm: Decode PAuth within disas_uncond_b_reg
Backports commit 561c0a33080f1058a7671d0223122c98e4c9c1f0 from qemu
2019-01-22 15:55:14 -05:00
Richard Henderson 0c09366d68
target/arm: Rearrange decode in disas_uncond_b_reg
This will enable PAuth decode in a subsequent patch.

Backports commit f7cf3bfc1b65a8c550b8439374c0060f7311ad50 from qemu
2019-01-22 15:50:45 -05:00
Richard Henderson 4329ded5e2
target/arm: Add new_pc argument to helper_exception_return
Backports commit d9f482a0279773c3253092ea149daaf00358c635 from qemu
2019-01-22 15:48:15 -05:00
Richard Henderson 0c6f58ebc6
target/arm: Move helper_exception_return to helper-a64.c
This function is only used by AArch64. Code movement only.

Backports commit ce02fd99e6d53df6f3cf5eca85bcac403b402510 from qemu
2019-01-22 15:44:53 -05:00
Richard Henderson febfda4e98
target/arm: Decode PAuth within disas_data_proc_2src
Backports commit b6342a9f929b5946beb6726eef2ef2c5f4a11f09 from qemu
2019-01-22 15:41:44 -05:00
Richard Henderson 999222f0a1
target/arm: Decode PAuth within disas_data_proc_1src
Backports commit 95ebd99dcd37b8574426c876502bfcc7c299584b from qemu
2019-01-22 15:39:53 -05:00
Richard Henderson 967e6a1e90
target/arm: Rearrange decode in disas_data_proc_1src
Now properly signals unallocated for REV64 with SF=0.
Allows for the opcode2 field to be decoded shortly.

Backports commit 18de2813c35e359621a24a0a2a77570e83cb73b9 from qemu
2019-01-22 15:35:44 -05:00
Richard Henderson 02fd7e2472
target/arm: Decode PAuth within system hint space
Backports commit 7c94c8343c6a0eea1633a65ed27987b6a71b9089 from qemu
2019-01-22 15:33:27 -05:00
Richard Henderson e6196b2040
target/arm: Add PAuth helpers
The cryptographic internals are stubbed out for now,
but the enable and trap bits are checked.

Backports commit 0d43e1a2d29a05f7b0d5629caaff18733cbdf3bb from qemu
2019-01-22 15:27:15 -05:00
Richard Henderson 1f7d228c8a
target/arm: Introduce raise_exception_ra
This path uses cpu_loop_exit_restore to unwind current processor state.

Backports commit 7469f6c696d74ad3b22b67c08e1e8f79e2b5d3d6 from qemu
2019-01-22 15:20:06 -05:00
Richard Henderson e6ffbc22c2
target/arm: Add PAuth active bit to tbflags
There are 5 bits of state that could be added, but to save
space within tbflags, add only a single enable bit.
Helpers will determine the rest of the state at runtime.

Backports commit 0816ef1bfcd3ac53e7454b62ca436727887f6056 from qemu
2019-01-22 15:15:59 -05:00
Richard Henderson 54721be30e
target/arm: Add SCTLR bits through ARMv8.5
Post v8.4 bits taken from SysReg_v85_xml-00bet8.

Backports commit b2af69d0b6e0edcb789ca1fcc1199bbfde6ed986 from qemu
2019-01-22 15:14:02 -05:00
Richard Henderson 8ef39cc2d5
target/arm: Add state for the ARMv8.3-PAuth extension
Add storage space for the 5 encryption keys.

Backports commit 991ad91b6a1f09a6ad62b6e6da78d83b548daec7 from qemu
2019-01-22 15:11:39 -05:00
Alexander Graf f2682ff309
target/arm: Allow Aarch32 exception return to switch from Mon->Hyp
In U-boot, we switch from S-SVC -> Mon -> Hyp mode when we want to
enter Hyp mode. The change into Hyp mode is done by doing an
exception return from Mon. This doesn't work with current QEMU.

The problem is that in bad_mode_switch() we refuse to allow
the change of mode.

Note that bad_mode_switch() is used to do validation for two situations:

(1) changes to mode by instructions writing to CPSR.M
(ie not exception take/return) -- this corresponds to the
Armv8 Arm ARM pseudocode Arch32.WriteModeByInstr
(2) changes to mode by exception return

Attempting to enter or leave Hyp mode via case (1) is forbidden in
v8 and UNPREDICTABLE in v7, and QEMU is correct to disallow it
there. However, we're already doing that check at the top of the
bad_mode_switch() function, so if that passes then we should allow
the case (2) exception return mode changes to switch into Hyp mode.

We want to test whether we're trying to return to the nonexistent
"secure Hyp" mode, so we need to look at arm_is_secure_below_el3()
rather than arm_is_secure(), since the latter is always true if
we're in Mon (EL3).

Backports commit 2d2a4549cc29850aab891495685a7b31f5254b12 from qemu
2019-01-22 15:09:30 -05:00
Peter Maydell 55bc017af4
target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
Now that MTTCG is here, the comment in the 32-bit Arm decoder that
"Since the emulation does not have barriers, the acquire/release
semantics need no special handling" is no longer true. Emit the
correct barriers for the load-acquire/store-release insns, as
we already do in the A64 decoder.

Backports commit 96c552958dbb63453b5f02bea6e704006d50e39a from qemu
2019-01-13 19:48:27 -05:00
Richard Henderson 254f882efc
target/arm: SVE brk[ab] merging does not have s bit
While brk[ab] zeroing has a flags setting option, the merging variant
does not. Retain the same argument structure, to share expansion but
force the flag zero and do not decode bit 22.

Backports commit 407e6ce7f1f428cb242d424cd35381a77b5b2071 from qemu
2019-01-13 19:39:34 -05:00
Richard Henderson 4d8b7a9967
target/arm: Convert ARM_TBFLAG_* to FIELDs
Use "register" TBFLAG_ANY to indicate shared state between
A32 and A64, and "registers" TBFLAG_A32 & TBFLAG_A64 for
fields that are specific to the given cpu state.

Move ARM_TBFLAG_BE_DATA to shared state, instead of its current
placement within "Bit usage when in AArch32 state".

Backports commit aad821ac4faad369fad8941d25e59edf2514246b from qemu
2019-01-13 19:21:18 -05:00
Peter Maydell b9d5e1d927
target/arm: Free name string in ARMCPRegInfo hashtable entries'
When we add a new entry to the ARMCPRegInfo hash table in
add_cpreg_to_hashtable(), we allocate memory for tehe
ARMCPRegInfo struct itself, and we also g_strdup() the
name string. So the hashtable's value destructor function
must free the name string as well as the struct.

Spotted by clang's leak sanitizer. The leak here is a
small one-off leak at startup, because we don't support
CPU hotplug, and so the only time when we destroy
hash table entries is for the case where ARM_CP_OVERRIDE
means we register a wildcard entry and then override it later.

Backports commit ac87e5072e2cbfcf8e80caac7ef43ceb6914c7af from qemu
2018-12-18 05:09:59 -05:00
Richard Henderson 8816550c10
target/arm: Implement the ARMv8.1-LOR extension
Provide a trivial implementation with zero limited ordering regions,
which causes the LDLAR and STLLR instructions to devolve into the
LDAR and STLR instructions from the base ARMv8.0 instruction set.

Backports commit 2d7137c10fafefe40a0a049ff8a7bd78b66e661f from qemu
2018-12-18 04:36:58 -05:00
Richard Henderson 32208e482b
target/arm: Use arm_hcr_el2_eff more places
Since arm_hcr_el2_eff includes a check against
arm_is_secure_below_el3, we can often remove a
nearby check against secure state.

In some cases, sort the call to arm_hcr_el2_eff
to the end of a short-circuit logical sequence.

Backports commit 7c208e0f4171c9e2cc35efc12e1bf264a45c229f from qemu
2018-12-18 04:33:07 -05:00
Richard Henderson 78798d10eb
target/arm: Introduce arm_hcr_el2_eff
Replace arm_hcr_el2_{fmo,imo,amo} with a more general routine
that also takes SCR_EL3.NS (aka arm_is_secure_below_el3) into
account, as documented for the plethora of bits in HCR_EL2.

Backports commit f77784446045231f7dfa46c9b872091241fa1557 from qemu
2018-12-18 04:27:34 -05:00
Richard Henderson 4515df5ee7
target/arm: Implement the ARMv8.2-AA32HPD extension
The bulk of the work here, beyond base HPD, is defining the
TTBCR2 register. In addition we must check TTBCR.T2E, which
is not present (RES0) for AArch64.

Backports commit ab638a328fd099ba0b23c8c818eb39f2c35414f3 from qemu
2018-12-18 04:23:37 -05:00
Richard Henderson 3cfd660814
target/arm: Implement the ARMv8.1-HPD extension
Since the TCR_*.HPD bits were RES0 in ARMv8.0, we can simply
interpret the bits as if ARMv8.1-HPD is present without checking.
We will need a slightly different check for hpd for aarch32.

Backports commit 037c13c5904f5fc67bb0ab7dd91ae07347aedee9 from qemu
2018-12-18 04:20:39 -05:00
Richard Henderson 0e08c37773
target/arm: Tidy scr_write
Because EL3 has a fixed execution mode, we can properly decide
which of the bits are RES{0,1}.

Backports commit ea22747c63c9a894777aa41a7af85c3d08e39f81 from qemu
2018-12-18 04:18:09 -05:00
Richard Henderson 52ac2b2f7c
target/arm: Fix HCR_EL2.TGE check in arm_phys_excp_target_el
The enable for TGE has already occurred within arm_hcr_el2_amo
and friends. Moreover, when E2H is also set, the sense is
supposed to be reversed, which has also already occurred within
the helpers.

Backports commit 619959c3583dad325c36f09ce670e7d091382cae from qemu
2018-12-18 04:17:08 -05:00
Richard Henderson a8fb6fc8d5
target/arm: Add SCR_EL3 bits up to ARMv8.5
Post v8.4 bits taken from SysReg_v85_xml-00bet8.

Backports commit 99f8f86d365701fad695be606266aa7dac97ca1c from qemu
2018-12-18 04:16:30 -05:00
Richard Henderson ad27526b58
target/arm: Add HCR_EL2 bits up to ARMv8.5
Post v8.3 bits taken from SysReg_v85_xml-00bet8.

Backports commit 099bf53b7a4bf69f4c4007c769895263a9c3f6f4 from qemu
2018-12-18 04:15:50 -05:00