Commit graph

778 commits

Author SHA1 Message Date
cfrantz 5ad3a0ea82
Add support for the ARM IPSR register. (#1067)
1. Create an enum name for the IPSR register.
2. Implement read and write of the IPSR via the xpsr helper functions.

Fixes #1065

Backports commit 6c319941a5462ee3a4af4593c371f5674394d6ce from unicorn.
2019-02-28 16:40:54 -05:00
Richard Henderson fbe1ee25ff
target/arm: Enable ARMv8.2-FHM for -cpu max
Backports commit 991c05995a7bbafbebc1e4d405e947f2edcee063 from qemu
2019-02-28 15:47:03 -05:00
Richard Henderson 4ae3ff8e61
target/arm: Implement VFMAL and VFMSL for aarch32
Backports commit 87732318c5d68a366fc2d6fc394d9c20412099fa from qemu
2019-02-28 15:44:59 -05:00
Richard Henderson 625d3f3cfb
target/arm: Implement FMLAL and FMLSL for aarch64
Backports commit 0caa5af802ff622c854ff4ee2e2b8cdd135b4d73 from qemu
2019-02-28 15:36:41 -05:00
Richard Henderson 5473c3603f
target/arm: Add helpers for FMLAL
Note that float16_to_float32 rightly squashes SNaN to QNaN.
But of course pickNaNMulAdd, for ARM, selects SNaNs first.
So we have to preserve SNaN long enough for the correct NaN
to be selected. Thus float16_to_float32_by_bits.

Backports commit a4e943a716d5fac923d82df3eabc65d1e3624019 from qemu
2019-02-28 15:31:48 -05:00
Peter Maydell 82b8e97f76
target/arm: Gate "miscellaneous FP" insns by ID register field
There is a set of VFP instructions which we implement in
disas_vfp_v8_insn() and gate on the ARM_FEATURE_V8 bit.
These were all first introduced in v8 for A-profile, but in
M-profile they appeared in v7M. Gate them on the MVFR2
FPMisc field instead, and rename the function appropriately.

Backports commit c0c760afe800b60b48c80ddf3509fec413594778 from qemu
2019-02-28 15:26:27 -05:00
Peter Maydell 118a2bde5c
target/arm: Use MVFR1 feature bits to gate A32/T32 FP16 instructions
Instead of gating the A32/T32 FP16 conversion instructions on
the ARM_FEATURE_VFP_FP16 flag, switch to our new approach of
looking at ID register bits. In this case MVFR1 fields FPHP
and SIMDHP indicate the presence of these insns.

This change doesn't alter behaviour for any of our CPUs.

Backports commit 602f6e42cfbfe9278be34e9b91d2ceb695837e02 from qemu
2019-02-28 15:23:51 -05:00
Richard Henderson c9ad233678
target/arm: Implement ARMv8.3-JSConv
Backports commit 6c1f6f2733a7692793135ea5ce72b829add99a50 from qemu
2019-02-22 19:08:57 -05:00
Richard Henderson f16dcbe226
target/arm: Rearrange Floating-point data-processing (2 regs)
There are lots of special cases within these insns. Split the
major argument decode/loading/saving into no_output (compares),
rd_is_dp, and rm_is_dp.

We still need to special case argument load for compare (rd as
input, rm as zero) and vcvt fixed (rd as input+output), but lots
of special cases do disappear.

Now that we have a full switch at the beginning, hoist the ISA
checks from the code generation.

Backports commit e80941bd64cc388554770fd72334e9e7d459a1ef from qemu
2019-02-22 18:57:25 -05:00
Richard Henderson dbe623dacc
target/arm: Split out vfp_helper.c
Move all of the fp helpers out of helper.c into a new file.
This is code movement only. Since helper.c has no copyright
header, take the one from cpu.h for the new file.

Backports commit 37356079fcdb34e13abbed8ea0c00ca880c31247 from qemu
2019-02-22 18:48:44 -05:00
Richard Henderson d6fbc0f4f3
target/arm: Restructure disas_fp_int_conv
For opcodes 0-5, move some if conditions into the structure
of a switch statement. For opcodes 6 & 7, decode everything
at once with a second switch.

Backports commit 3c3ff68492c2d00bd8cb39ed2d02bdaf5caf5cb8 from qemu
2019-02-22 18:39:08 -05:00
Aaron Lindsay OS 5c153537f5
target/arm: Stop unintentional sign extension in pmu_init
This was introduced by
commit bf8d09694ccc07487cd73d7562081fdaec3370c8
target/arm: Don't clear supported PMU events when initializing PMCEID1
and identified by Coverity (CID 1398645).

Backports commit 67da43d668320e1bcb0a0195aaf2de4ff2a001a0 from qemu
2019-02-22 18:32:10 -05:00
Peter Maydell 928f226ed6
target/arm: v8M MPU should use background region as default, not always
The "background region" for a v8M MPU is a default which will be used
(if enabled, and if the access is privileged) if the access does
not match any specific MPU region. We were incorrectly using it
always (by putting the condition at the wrong nesting level). This
meant that we would always return the default background permissions
rather than the correct permissions for a specific region, and also
that we would not return the right information in response to a
TT instruction.

Move the check for the background region to the same place in the
logic as the equivalent v8M MPUCheck() pseudocode puts it.
This in turn means we must adjust the condition we use to detect
matches in multiple regions to avoid false-positives.

Backports commit cff21316c666c8053b1f425577e324038d0ca30d from qemu
2019-02-22 18:30:44 -05:00
Richard Henderson 5c34cab41c
target/arm: Add missing clear_tail calls
Fortunately, the functions affected are so far only called from SVE,
so there is no tail to be cleared. But as we convert more of AdvSIMD
to gvec, this will matter.

Backports commit d8efe78e8039511b95c23d75bb48eca6873fbb0f from qemu
2019-02-15 18:15:20 -05:00
Richard Henderson f3cb92c86c
target/arm: Use vector operations for saturation
For same-sign saturation, we have tcg vector operations. We can
compute the QC bit by comparing the saturated value against the
unsaturated value.

Backports commit 89e68b575e138d0af1435f11a8ffcd8779c237bd from qemu
2019-02-15 18:14:09 -05:00
Richard Henderson 10d468f601
target/arm: Split out FPSCR.QC to a vector field
Change the representation of this field such that it is easy
to set from vector code.

Backports commit a4d5846245c5e029e5aa3945a9bda1de1c3fedbf from qemu
2019-02-15 18:04:13 -05:00
Richard Henderson 356b70e931
target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
Given that we mask bits properly on set, there is no reason
to mask them again on get. We failed to clear the exception
status bits, 0x9f, which means that the wrong value would be
returned on get. Except in the (probably normal) case in which
the set clears all of the bits.

Simplify the code in set to also clear the RES0 bits.

Backports commit 18aaa59c622208743565307668a2100ab24f7de9 from qemu
2019-02-15 18:00:57 -05:00
Richard Henderson ca4bb1b4bc
target/arm: Split out flags setting from vfp compares
Minimize the code within a macro by splitting out a helper function.
Use deposit32 instead of manual bit manipulation.

Backports commit 55a889456ef78f3f9b8eae9846c2f1453b1dd77b from qemu
2019-02-15 17:59:34 -05:00
Richard Henderson 4e44043956
target/arm: Fix arm_cpu_dump_state vs FPSCR
Backports commit ec527e4eeccc31e3beadf3b61b66c61bbd873811 from qemu
2019-02-15 17:58:25 -05:00
Richard Henderson ed7c9d0710
target/arm: Remove neon min/max helpers
These are now unused.

Backports commit a5c5dc53c4688efc149b235361d2d49869e77139 from qemu
2019-02-15 17:57:18 -05:00
Richard Henderson 198befc50e
target/arm: Use tcg integer min/max primitives for neon
The 32-bit PMIN/PMAX has been decomposed to scalars,
and so can be trivially expanded inline.

Backports commit 9ecd3c5c1651fa7f9adbedff4806a2da0b50490c from qemu
2019-02-15 17:55:11 -05:00
Richard Henderson eee33bd692
target/arm: Use vector minmax expanders for aarch32
Backports commit 6f2782218230bbb33fa22f9a2f73f8a570046007 from qemu
2019-02-15 17:54:05 -05:00
Richard Henderson 96d1df966b
target/arm: Use vector minmax expanders for aarch64
Backports commit 264d2a481a6c34dfda53be3fbea66116bcef9c5a from qemu
2019-02-15 17:52:36 -05:00
Richard Henderson d147946edc
target/arm: Rely on optimization within tcg_gen_gvec_or
Since we're now handling a == b generically, we no longer need
to do it by hand within target/arm/.

Backports commit 2900847ff4c862887af750935a875059615f509a from qemu
2019-02-15 17:50:28 -05:00
Alex Bennée bf9c8499ca
target/arm: expose remaining CPUID registers as RAZ
There are a whole bunch more registers in the CPUID space which are
currently not used but are exposed as RAZ. To avoid too much
duplication we expand ARMCPRegUserSpaceInfo to understand glob
patterns so we only need one entry to tweak whole ranges of registers.

Backports commit d040242effe47850060d2ef1c461ff637d88a84d from qemu
2019-02-15 17:48:37 -05:00
Alex Bennée 890983f186
target/arm: expose MPIDR_EL1 to userspace
As this is a single register we could expose it with a simple ifdef
but we use the existing modify_arm_cp_regs mechanism for consistency.

Backports commit 522641660c3de64ed8322b8636c58625cd564a3f from qemu
2019-02-15 17:29:23 -05:00
Alex Bennée babf31dfa0
target/arm: expose CPUID registers to userspace
A number of CPUID registers are exposed to userspace by modern Linux
kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
user-mode emulation we don't need to emulate the kernels trap but just
return the value the trap would have done. To avoid too much #ifdef
hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
before defining the registers. The modify routine is driven by a
simple data structure which describes which bits are exported and
which are fixed.

Backports commit 6c5c0fec29bbfe36c64eca1edfd8455be46b77c6 from qemu
2019-02-15 17:27:30 -05:00
Alex Bennée 0a51e5055f
target/arm: relax permission checks for HWCAP_CPUID registers
Although technically not visible to userspace the kernel does make
them visible via a trap and emulate ABI. We provide a new permission
mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
the minimum permission check accordingly.

Backports commit b5bd7440422bb66deaceb812bb9287a6a3cdf10c from qemu
2019-02-15 17:18:06 -05:00
Catherine Ho 841ac2b3bb
target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be
The lo,hi order is different from the comments. And in commit
1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes
the original code logic. So just restore the old code logic before this
commit:
do_paired_cmpxchg64_be():
cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
newv = int128_make128(new_hi, new_lo);

This fixes a bug that would only be visible for big-endian
AArch64 guest code.

Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")

Backports commit abd5abc58c5d4c9bd23427b0998a44eb87ed47a2 from qemu
2019-02-15 17:16:55 -05:00
Peter Maydell 31813bafe2
target/arm: Implement HACR_EL2
HACR_EL2 is a register with IMPDEF behaviour, which allows
implementation specific trapping to EL2. Implement it as RAZ/WI,
since QEMU's implementation has no extra traps. This also
matches what h/w implementations like Cortex-A53 and A57 do.

Backports commit 831a2fca343ebcd6651eab9102bd7a36b77da65d from qemu
2019-02-15 17:15:41 -05:00
Aaron Lindsay OS af17f7fa59
target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR
This bug was introduced in:
commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59
target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER

Backports commit 62c7ec3488fe0dcbabffd543f458914e27736115 from qemu
2019-02-15 17:12:04 -05:00
Peter Maydell 04676ed074
target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
The {IOE, DZE, OFE, UFE, IXE, IDE} bits in the FPSCR/FPCR are for
enabling trapped IEEE floating point exceptions (where IEEE exception
conditions cause a CPU exception rather than updating the FPSR status
bits). QEMU doesn't implement this (and nor does the hardware we're
modelling), but for implementations which don't implement trapped
exception handling these control bits are supposed to be RAZ/WI.
This allows guest code to test for whether the feature is present
by trying to write to the bit and checking whether it sticks.

QEMU is incorrectly making these bits read as written. Make them
RAZ/WI as the architecture requires.

In particular this was causing problems for the NetBSD automatic
test suite.

Backports commit a15945d98d3a3390c3da344d1b47218e91e49d8b from qemu
2019-02-05 17:45:22 -05:00
Richard Henderson 9b0e04f3ab
target/arm: Enable TBI for user-only
This has been enabled in the linux kernel since v3.11
(commit d50240a5f6cea, 2013-09-03,
"arm64: mm: permit use of tagged pointers at EL0").

Backports commit f6a148fef63698826e69ca91cc11877ab1ed786f from qemu
2019-02-05 17:44:17 -05:00
Peter Maydell 8124b9f975
target/arm: Compute TB_FLAGS for TBI for user-only
Enables, but does not turn on, TBI for CONFIG_USER_ONLY.

Backports commit c47eaf9fc2af68cfbdbd9ae31f8e2e5ebb7022b4 from qemu
2019-02-05 17:43:11 -05:00
Richard Henderson b928902908
target/arm: Clean TBI for data operations in the translator
This will allow TBI to be used in user-only mode, as well as
avoid ping-ponging the softmmu TLB when TBI is in use. It
will also enable other armv8 extensions.

Backports commit 3a471103ac1823bafc907962dcaf6bd4fc0942a2 from qemu
2019-02-05 17:39:12 -05:00
Richard Henderson 5c6ffde710
target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
Split out gen_top_byte_ignore in preparation of handling these
data accesses; the new tbflags field is not yet honored.

Backports commit 4a9ee99db38ba513bf1e8f43665b79c60accd017 from qemu
2019-02-05 17:20:11 -05:00
Richard Henderson fbd8992e27
target/arm: Enable BTI for -cpu max
Backports commit a15daafa1cba96ff28abdfb6c860e0939655dbd1 from qemu
2019-02-05 17:15:32 -05:00
Richard Henderson 4dc5f80683
target/arm: Set btype for indirect branches
Backports commit 001d47b6efbe4795ed77366986b8ef384ab8b127 from qemu
2019-02-05 17:14:16 -05:00
Richard Henderson 11736a659b
target/arm: Reset btype for direct branches
This is all of the non-exception cases of DISAS_NORETURN.

Backports commit 358622703583d2e2967e0a93da990e747dcc3ac6 from qemu
2019-02-05 17:11:59 -05:00
Richard Henderson 88193cf7c3
target/arm: Default handling of BTYPE during translation
The branch target exception for guarded pages has high priority,
and only 8 instructions are valid for that case. Perform this
check before doing any other decode.

Clear BTYPE after all insns that neither set BTYPE nor exit via
exception (DISAS_NORETURN).

Not yet handled are insns that exit via DISAS_NORETURN for some
other reason, like direct branches.

Backports commit 51bf0d7aa91a9d4e2563240a42e6cb705cef84aa from qemu
2019-02-05 17:05:31 -05:00
Richard Henderson d594b2047f
target/arm: Cache the GP bit for a page in MemTxAttrs
Caching the bit means that we will not have to re-walk the
page tables to look up the bit during translation.

Backports commit 1bafc2ba7e6bfe89fff3503fdac8db39c973de48 from qemu
2019-02-05 17:02:19 -05:00
Richard Henderson cf3ac035bc
target/arm: Add BT and BTYPE to tb->flags
Backports commit 08f1434a71ddf2bdfdb034dcd24b24464d1efd72 from qemu
2019-02-05 16:59:53 -05:00
Richard Henderson a99119ce39
target/arm: Add PSTATE.BTYPE
Place this in its own field within ENV, as that will
make it easier to reset from within TCG generated code.

With the change to pstate_read/write, exception entry
and return are automatically handled.

Backports commit f6e52eaac13b6947f4406c127e3090c898e439c9 from qemu
2019-02-05 16:57:51 -05:00
Richard Henderson 6b4f7a28b5
target/arm: Introduce isar_feature_aa64_bti
Also create field definitions for id_aa64pfr1 from ARMv8.5.

Backports commit be53b6f4d7ace2e6a018e45af825069ccb7bab66 from qemu
2019-02-05 16:56:01 -05:00
Remi Denis-Courmont 0b7f1ff086
target/arm: fix decoding of B{,L}RA{A,B}
A flawed test lead to the instructions always being treated as
unallocated encodings.

Fixes: https://bugs.launchpad.net/bugs/1813460

Backports commit 1cf86a8618644beb860951ff4383457ee88a7f4a from qemu
2019-02-03 17:55:31 -05:00
Remi Denis-Courmont a20bb60f06
target/arm: fix AArch64 virtual address space size
Since QEMU does not support the ARMv8.2-LVA, Large Virtual Address,
extension (yet), the VA address space is 48-bits plus a sign bit. User
mode can only handle the positive half of the address space, so that
makes a limit of 48 bits.

(With LVA, it would be 53 and 52 bits respectively.)

The incorrectly large address space conflicts with PAuth instructions,
which use bits 48-54 and 56-63 for the pointer authentication code. This
also conflicts with (as yet unsupported by QEMU) data tagging and with
the ARMv8.5-MTE extension.

Backports commit f6768aa1b4c6a80448eabd22bb9b4123c709caea from qemu
2019-02-03 17:55:30 -05:00
Richard Henderson 932c4e8569
target/arm: Always enable pac keys for user-only
Drop the pac properties. This approach cannot work as written
because the properties are applied before arm_cpu_reset, which
zeros SCTLR_EL1 (amongst everything else).

We can re-introduce the properties if they turn out to be useful.
But since linux 5.0 enables all of the keys, they may not be.

Backports commit 276c6e813719568bdc9743e87ff8f42115006206 from qemu
2019-02-03 17:55:30 -05:00
Julia Suvorova 93acc4dc56
arm: Clarify the logic of set_pc()
Until now, the set_pc logic was unclear, which raised questions about
whether it should be used directly, applying a value to PC or adding
additional checks, for example, set the Thumb bit in Arm cpu. Let's set
the set_pc logic for “Configure the PC, as was done in the ELF file”
and implement synchronize_with_tb hook for preserving PC to cpu_tb_exec.

Backports commit 42f6ed919325413392bea247a1e6f135deb469cd from qemu
2019-02-03 17:55:30 -05:00
Richard Henderson 50cf5634da
target/arm: Enable API, APK bits in SCR, HCR
These bits become writable with the ARMv8.3-PAuth extension.

Backports commit ef682cdb4aded5c65a018e175482e875de66059d from qemu
2019-02-03 17:55:30 -05:00
Aaron Lindsay OS 0dd5bf84fc
target/arm: Send interrupts on PMU counter overflow
Whenever we notice that a counter overflow has occurred, send an
interrupt. This is made more reliable with the addition of a timer in a
follow-on commit.

Backports commit f4efb4b2a17528837cb445f9bdfaef8df4a5acf7 from qemu
2019-02-03 17:55:30 -05:00