Add checks of SCR AW/FW bits when performing writes of CPSR. These SCR bits
are used to control whether the CPSR masking bits can be adjusted from
non-secure state.
Backports commit 6e8801f9dea9e10449f4fd7d85dbe8cab708a686 from qemu
Use MVBAR register as exception vector base address for
exceptions taken to CPU monitor mode.
Backports commit e89e51a17ea0d8aef9bf9b766c98f963e835fbf2 from qemu
Added CP register defintions for SDER and SDER32_EL3 as well as cp15.sder for
register storage.
Backports commit 144634ae6c1618dcee6aced9c0d4427844154091 from qemu
Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.
Backports commit 770225764f831031d2e1453f69c365eb1b647d87 from qemu
SCR.{IRQ/FIQ} bits allow to route IRQ/FIQ exceptions to monitor CPU
mode. When taking IRQ exception to monitor mode FIQ exception is
additionally masked.
Backports commit de38d23b542efca54108ef28bcc0efe96f378d2e from qemu
Define a new ARM CP register info list for the ARMv7 Security Extension
feature. Register that list only for ARM cores with Security Extension/EL3
support. Moving AArch32 SCR into Security Extension register group.
Backports commit 0f1a3b2470d798ad5335eb9d6236f02ff64e31a8 from qemu
Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.
Backports commit 3f3c82a57d128aa3ec823aa8032867c3a6e2e795 from qemu
Added additional NS-bit to CPREG hash encoding. Updated hash lookup
locations to specify hash bit currently set to non-secure.
Backports commit 51a79b039728277e35fd19f7a7b4bc6cb323697f from qemu
Prepare ARMCPRegInfo to support specifying two fieldoffsets per
register definition. This will allow us to keep one register
definition for banked registers (different offsets for secure/
non-secure world).
Also added secure state tracking field and flags. This allows for
identification of the register info secure state.
Backports commit c3e302606253a17568dc3ef30238f102468f7ee1 from qemu
This patch is based on idea found in patch at
git://github.com/jowinter/qemu-trustzone.git
f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by
Johannes Winter <johannes.winter@iaik.tugraz.at>.
The TBFLAG captures the SCR NS secure state at the time when a TB is created so
the correct bank is accessed on system register accesses.
Backports commit 3f342b9e0e64ad681cd39840bfa75ef12d2807c1 from qemu
If EL3 is in AArch32 state certain cp registers are banked (secure and
non-secure instance). When reading or writing to coprocessor registers
the following macros can be used.
- A32_BANKED macros are used for choosing the banked register based on provided
input security argument. This macro is used to choose the bank during
translation of MRC/MCR instructions that are dependent on something other
than the current secure state.
- A32_BANKED_CURRENT macros are used for choosing the banked register based on
current secure state. This is NOT to be used for choosing the bank used
during translation as it breaks monitor mode.
If EL3 is operating in AArch64 state coprocessor registers are not
banked anymore. The macros use the non-secure instance (_ns) in this
case, which is architecturally mapped to the AArch64 EL register.
Backports commit ea30a4b824ecc3c829b70eb9999ac5457dc5790f from qemu
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions. The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.
Backports commit 0eeb17d618361a0f4faddc160e33598b23da6dd5 from qemu
This patch extends arm_excp_unmasked() to use lookup tables for determining
whether IRQ and FIQ exceptions are masked. The lookup tables are based on the
ARMv8 and ARMv7 specification physical interrupt masking tables.
If EL3 is using AArch64 IRQ/FIQ masking is ignored in all exception levels
other than EL3 if SCR.{FIQ|IRQ} is set to 1 (routed to EL3).
Backports commit 57e3a0c7cb0ac2f0288890482e0a463adce2080a from qemu
While we're at it, emit the opcode adjacent to where we currently
record data for search_pc. This puts gen_io_start et al on the
"correct" side of the marker.
Backports commit 667b8e29c5b1d8c5b4e6ad5f780ca60914eb6e96 from qemu
Usually, eliminate an operation from the translator by combining
a shift with an extract.
In the case of gen_set_NZ64, we don't need a boolean value for cpu_ZF,
merely a non-zero value. Given that we can extract both halves of a
64-bit input in one call, this simplifies the code.
Backports commit 7cb36e18b2f1c1f971ebdc2121de22a8c2e94fd6 from qemu
For !SF, this initial ext32u can't be optimized away by the
current TCG code generator. (It would require backward bit
liveness propagation.)
Backports commit d3a77b42decd0cbfa62a5526e67d1d6d380c83a9 from qemu
This can allow much of a ccmp to be elided when particular
flags are subsequently dead.
Backports commit 7dd03d773e0dafae9271318fc8d6b2b14de74403 from qemu
Handling this with TCG_COND_ALWAYS will allow these unlikely
cases to be handled without special cases in the rest of the
translator. The TCG optimizer ought to be able to reduce
these ALWAYS conditions completely.
Backports commit 9305eac09e61d857c9cc11e20db754dfc25a82db from qemu
Split arm_gen_test_cc into 3 functions, so that it can be reused
for non-branch TCG comparisons.
Backports commit 6c2c63d3a02c79e9035ca0370cc549d0f938a4dd from qemu
The extra information is not yet used but it is now available.
This requires minor changes through all of the tcg backends.
Backports commit 3972ef6f830d65e9bacbd31257abedc055fd6dc8 from qemu
This is improved type checking for the translators -- it's no longer
possible to accidentally swap arguments to the branch functions.
Note that the code generating backends still manipulate labels as int.
With notable exceptions, the scope of the change is just a few lines
for each target, so it's not worth building extra machinery to do this
change in per-target increments.
Backports commit 42a268c241183877192c376d03bd9b6d527407c7 from qemu
The method by which we count the number of ops emitted
is going to change. Abstract that away into some inlines.
Backports commit fe700adb3db5b028b504423b946d4ee5200a8f2f from qemu.
Thus, use cpu_env as the parameter, not TCG_AREG0 directly.
Update all uses in the translators.
Backports commit e1ccc05444676b92c63708096e36582be27fbee1 from qemu
* arm64eb: arm64 big endian also using little endian instructions.
* arm64: using another example that depends on endians.
example:
1. store a word: 0x12345678
2. load a byte:
* little endian : 0x78
* big endian : 0x12
* uc_reg_read & uc_reg_write now support ARM64 Neon registers
* Do not reuse uc_x86_xmm for uc_arm64_neon128. TODO: refactor both classes to use the same parent.
* reg_read and reg_write now work with registers W0 through W30 in Aarch64 emulaton
* Added a regress test for the ARM64 reg_read and reg_write on 32-bit registers (W0-W30)
Added a new macro in uc_priv.h (WRITE_DWORD_TO_QWORD), in order to write to the lower 32 bits of a 64 bit value without overwriting the whole value when using reg_write
* Fixed WRITE_DWORD macro
reg_write would zero out the high order bits when writing to 32 bit registers
e.g. uc.reg_write(UC_X86_REG_EAX, 0) would also set register RAX to zero
