Commit graph

96 commits

Author SHA1 Message Date
Peter Maydell c6496ec00a
target/arm: Convert get_phys_addr_v6() to not return FSC values
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit f06cf243945ccb24cb9578304306ae7fcb4cf3fd from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 4ccf3c3927
target/arm: Convert get_phys_addr_v5() to not return FSC values
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit f989983e8dc9be6bc3468c6dbe46fcb1501a740c from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 457e4f35ac
target/arm: Remove fsr argument from arm_ld*_ptw()
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value
that those functions store in the fsr argument on failure: if they
return failure to their callers they will always overwrite the fsr
value with something else.

Remove the argument from these functions and S1_ptw_translate().
This will simplify removing fsr from the calling functions.

Backports commit 3795a6de9f7ec4a7e3dcb8bf02a88a014147b0b0 from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 8fe6b6c308
target/arm: Implement TT instruction
Implement the TT instruction which queries the security
state and access permissions of a memory location.

Backports commit 5158de241b0fb344a6c948dfcbc4e611ab5fafbe from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 4e5ec9c0dc
target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()
For the TT instruction we're going to need to do an MPU lookup that
also tells us which MPU region the access hit. This requires us
to do the MPU lookup without first doing the SAU security access
check, so pull the MPU lookup parts of get_phys_addr_pmsav8()
out into their own function.

The TT instruction also needs to know the MPU region number which
the lookup hit, so provide this information to the caller of the
MPU lookup code, even though get_phys_addr_pmsav8() doesn't
need to know it.

Backports commit 54317c0ff3a3c0f6b2c3a1d3c8b5d93686a86d24 from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 89acdeb9af
target/arm: Split M profile MNegPri mmu index into user and priv
For M profile, we currently have an mmu index MNegPri for
"requested execution priority negative". This fails to
distinguish "requested execution priority negative, privileged"
from "requested execution priority negative, usermode", but
the two can return different results for MPU lookups. Fix this
by splitting MNegPri into MNegPriPriv and MNegPriUser, and
similarly for the Secure equivalent MSNegPri.

This takes us from 6 M profile MMU modes to 8, which means
we need to bump NB_MMU_MODES; this is OK since the point
where we are forced to reduce TLB sizes is 9 MMU modes.

(It would in theory be possible to stick with 6 MMU indexes:
{mpu-disabled,user,privileged} x {secure,nonsecure} since
in the MPU-disabled case the result of an MPU lookup is
always the same for both user and privileged code. However
we would then need to rework the TB flags handling to put
user/priv into the TB flags separately from the mmuidx.
Adding an extra couple of mmu indexes is simpler.)

Backports commit 62593718d77c06ad2b5e942727cead40775d2395 from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell d877985eea
target/arm: Add missing M profile case to regime_is_user()
When we added the ARMMMUIdx_MSUser MMU index we forgot to
add it to the case statement in regime_is_user(), so we
weren't treating it as unprivileged when doing MPU lookups.
Correct the omission.

Backports commit 871bec7c44a453d9cab972ce1b5d12e1af0545ab from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 999080382f
target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL
in Handler mode. In v8M the behaviour is slightly different:
writes to the bit are permitted but will have no effect.

We've already done the hard work to handle the value in
CONTROL.SPSEL being out of sync with what stack pointer is
actually in use, so all we need to do to fix this last loose
end is to update the condition we use to guard whether we
call write_v7m_control_spsel() on the register write.

Backports commit 83d7f86d3d27473c0aac79c1baaa5c2ab01b02d9 from qemu
2018-03-05 13:48:30 -05:00
Peter Maydell 6713884243
target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads
For v8M it is possible for the CONTROL.SPSEL bit value and the
current stack to be out of sync. This means we need to update
the checks used in reads and writes of the PSP and MSP special
registers to use v7m_using_psp() rather than directly checking
the SPSEL bit in the control register.

Backports commit 1169d3aa5b19adca9384d954d80e1f48da388284 from qemu
2018-03-05 13:48:30 -05:00
Peter Maydell c01b9a3cfe
arm: check regime, not current state, for ATS write PAR format
In do_ats_write(), rather than using extended_addresses_enabled() to
decide whether the value we get back from get_phys_addr() is a 64-bit
format PAR or a 32-bit one, use arm_s1_regime_using_lpae_format().

This is not really the correct answer, because the PAR format
depends on the AT instruction being used, not just on the
translation regime. However getting this correct requires a
significant refactoring, so that get_phys_addr() returns raw
information about the fault which the caller can then assemble
into a suitable FSR/PAR/syndrome for its purposes, rather than
get_phys_addr() returning a pre-formatted FSR.

However this change at least improves the situation by making
the PAR work correctly for address translation operations done
at AArch64 EL2 on the EL2 translation regime. In particular,
this is necessary for Xen to be able to run in our emulation,
so this seems like a safer interim fix given that we are in freeze.

Backports commit 50cd71b0d347c74517dcb7da447fe657fca57d9c from qemu
2018-03-05 13:48:28 -05:00
Peter Maydell 175b632c91
target/arm: Report GICv3 sysregs present in ID registers if needed
The CPU ID registers ID_AA64PFR0_EL1, ID_PFR1_EL1 and ID_PFR1
have a field for reporting presence of GICv3 system registers.
We need to report this field correctly in order for Xen to
work as a guest inside QEMU emulation. We mustn't incorrectly
claim the sysregs exist when they don't, though, or Linux will
crash.

Unfortunately the way we've designed the GICv3 emulation in QEMU
puts the system registers as part of the GICv3 device, which
may be created after the CPU proper has been realized. This
means that we don't know at the point when we define the ID
registers what the correct value is. Handle this by switching
them to calling a function at runtime to read the value, where
we can fill in the GIC field appropriately.

Backports commit 96a8b92ed8f02d5e86ad380d3299d9f41f99b072 from qemu
2018-03-05 13:48:28 -05:00
Andrew Baumann 5250db33b5
arm: implement cache/shareability attribute bits for PAR registers
On a successful address translation instruction, PAR is supposed to
contain cacheability and shareability attributes determined by the
translation. We previously returned 0 for these bits (in line with the
general strategy of ignoring caches and memory attributes), but some
guest OSes may depend on them.

This patch collects the attribute bits in the page-table walk, and
updates PAR with the correct attributes for all LPAE translations.
Short descriptor formats still return 0 for these bits, as in the
prior implementation.

Backports commit 5b2d261d60caf9d988d91ca1e02392d6fc8ea104 from qemu
2018-03-05 11:35:28 -05:00
Peter Maydell ee9b8a20c9
target/arm: Implement secure function return
Secure function return happens when a non-secure function has been
called using BLXNS and so has a particular magic LR value (either
0xfefffffe or 0xfeffffff). The function return via BX behaves
specially when the new PC value is this magic value, in the same
way that exception returns are handled.

Adjust our BX excret guards so that they recognize the function
return magic number as well, and perform the function-return
unstacking in do_v7m_exception_exit().

Backports commit d02a8698d7ae2bfed3b11fe5b064cb0aa406863b from qemu
2018-03-05 03:33:42 -05:00
Peter Maydell e312993f1f
target/arm: Implement BLXNS
Implement the BLXNS instruction, which allows secure code to
call non-secure code.

Backports commit 3e3fa230e3b8ffe119f14ba57a6bc677a411be57 from qemu
2018-03-05 03:31:59 -05:00
Peter Maydell 2c4578f46e
target/arm: Implement SG instruction
Implement the SG instruction, which we emulate 'by hand' in the
exception handling code path.

Backports commit 333e10c51ef5876ced26f77b61b69ce0f83161a9 from qemu
2018-03-05 03:28:28 -05:00
Peter Maydell 7988aec017
target/arm: Implement security attribute lookups for memory accesses
Implement the security attribute lookups for memory accesses
in the get_phys_addr() functions, causing these to generate
various kinds of SecureFault for bad accesses.

The major subtlety in this code relates to handling of the
case when the security attributes the SAU assigns to the
address don't match the current security state of the CPU.

In the ARM ARM pseudocode for validating instruction
accesses, the security attributes of the address determine
whether the Secure or NonSecure MPU state is used. At face
value, handling this would require us to encode the relevant
bits of state into mmu_idx for both S and NS at once, which
would result in our needing 16 mmu indexes. Fortunately we
don't actually need to do this because a mismatch between
address attributes and CPU state means either:
* some kind of fault (usually a SecureFault, but in theory
perhaps a UserFault for unaligned access to Device memory)
* execution of the SG instruction in NS state from a
Secure & NonSecure code region

The purpose of SG is simply to flip the CPU into Secure
state, so we can handle it by emulating execution of that
instruction directly in arm_v7m_cpu_do_interrupt(), which
means we can treat all the mismatch cases as "throw an
exception" and we don't need to encode the state of the
other MPU bank into our mmu_idx values.

This commit doesn't include the actual emulation of SG;
it also doesn't include implementation of the IDAU, which
is a per-board way to specify hard-coded memory attributes
for addresses, which override the CPU-internal SAU if they
specify a more secure setting than the SAU is programmed to.

Backports commit 35337cc391245f251bfb9134f181c33e6375d6c1 from qemu
2018-03-05 01:57:07 -05:00
Peter Maydell 3da3a3fb41
target/arm: Add v8M support to exception entry code
Add support for v8M and in particular the security extension
to the exception entry code. This requires changes to:
* calculation of the exception-return magic LR value
* push the callee-saves registers in certain cases
* clear registers when taking non-secure exceptions to avoid
leaking information from the interrupted secure code
* switch to the correct security state on entry
* use the vector table for the security state we're targeting

Backports commit d3392718e1fcf0859fb7c0774a8e946bacb8419c from qemu
2018-03-05 01:51:22 -05:00
Peter Maydell 39466771d6
target/arm: Add support for restoring v8M additional state context
For v8M, exceptions from Secure to Non-Secure state will save
callee-saved registers to the exception frame as well as the
caller-saved registers. Add support for unstacking these
registers in exception exit when necessary.

Backports commit 907bedb3f3ce134c149599bd9cb61856d811b8ca from qemu
2018-03-05 01:47:25 -05:00
Peter Maydell 2feecbac0d
target/arm: Update excret sanity checks for v8M
In v8M, more bits are defined in the exception-return magic
values; update the code that checks these so we accept
the v8M values when the CPU permits them.

Backports commit bfb2eb52788b9605ef2fc9bc72683d4299117fde from qemu
2018-03-05 01:44:33 -05:00
Peter Maydell 7af730ed3e
target/arm: Don't warn about exception return with PC low bit set for v8M
In the v8M architecture, return from an exception to a PC which
has bit 0 set is not UNPREDICTABLE; it is defined that bit 0
is discarded [R_HRJH]. Restrict our complaint about this to v7M.

Backports commit 4e4259d3c574a8e89c3af27bcb84bc19a442efb1 from qemu
2018-03-05 01:41:51 -05:00
Peter Maydell 2aea283c4f
target/arm: Warn about restoring to unaligned stack
Attempting to do an exception return with an exception frame that
is not 8-aligned is UNPREDICTABLE in v8M; warn about this.
(It is not UNPREDICTABLE in v7M, and our implementation can
handle the merely-4-aligned case fine, so we don't need to
do anything except warn.)

Backports commit cb484f9a6e790205e69d9a444c3e353a3a1cfd84 from qemu
2018-03-05 01:40:40 -05:00
Peter Maydell 5063ca11ab
target/arm: Check for xPSR mismatch usage faults earlier for v8M
ARM v8M specifies that the INVPC usage fault for mismatched
xPSR exception field and handler mode bit should be checked
before updating the PSR and SP, so that the fault is taken
with the existing stack frame rather than by pushing a new one.
Perform this check in the right place for v8M.

Since v7M specifies in its pseudocode that this usage fault
check should happen later, we have to retain the original
code for that check rather than being able to merge the two.
(The distinction is architecturally visible but only in
very obscure corner cases like attempting an invalid exception
return with an exception frame in read only memory.)

Backports commit 224e0c300a0098fb577a03bd29d774d0769f632a from qemu
2018-03-05 01:39:39 -05:00
Peter Maydell 6f08acdcfe
target/arm: Restore SPSEL to correct CONTROL register on exception return
On exception return for v8M, the SPSEL bit in the EXC_RETURN magic
value should be restored to the SPSEL bit in the CONTROL register
banked specified by the EXC_RETURN.ES bit.

Add write_v7m_control_spsel_for_secstate() which behaves like
write_v7m_control_spsel() but allows the caller to specify which
CONTROL bank to use, reimplement write_v7m_control_spsel() in
terms of it, and use it in exception return.

Backports commit 3f0cddeee1f266d43c956581f3050058360a810d from qemu
2018-03-05 01:35:17 -05:00
Peter Maydell 0bb50b9a7e
target/arm: Restore security state on exception return
Now that we can handle the CONTROL.SPSEL bit not necessarily being
in sync with the current stack pointer, we can restore the correct
security state on exception return. This happens before we start
to read registers off the stack frame, but after we have taken
possible usage faults for bad exception return magic values and
updated CONTROL.SPSEL.

Backports commit 3919e60b6efd9a86a0e6ba637aa584222855ac3a from qemu
2018-03-05 01:31:58 -05:00
Peter Maydell c7b5fccfb8
target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
In the v7M architecture, there is an invariant that if the CPU is
in Handler mode then the CONTROL.SPSEL bit cannot be nonzero.
This in turn means that the current stack pointer is always
indicated by CONTROL.SPSEL, even though Handler mode always uses
the Main stack pointer.

In v8M, this invariant is removed, and CONTROL.SPSEL may now
be nonzero in Handler mode (though Handler mode still always
uses the Main stack pointer). In preparation for this change,
change how we handle this bit: rename switch_v7m_sp() to
the now more accurate write_v7m_control_spsel(), and make it
check both the handler mode state and the SPSEL bit.

Note that this implicitly changes the point at which we switch
active SP on exception exit from before we pop the exception
frame to after it.

Backports commit de2db7ec894f11931932ca78cd14a8d2b1389d5b from qemu
2018-03-05 01:29:54 -05:00
Peter Maydell 8036c5b3de
target/arm: Don't switch to target stack early in v7M exception return
Currently our M profile exception return code switches to the
target stack pointer relatively early in the process, before
it tries to pop the exception frame off the stack. This is
awkward for v8M for two reasons:
* in v8M the process vs main stack pointer is not selected
purely by the value of CONTROL.SPSEL, so updating SPSEL
and relying on that to switch to the right stack pointer
won't work
* the stack we should be reading the stack frame from and
the stack we will eventually switch to might not be the
same if the guest is doing strange things

Change our exception return code to use a 'frame pointer'
to read the exception frame rather than assuming that we
can switch the live stack pointer this early.

Backports commit 5b5223997c04b769bb362767cecb5f7ec382c5f0 from qemu
2018-03-05 01:26:05 -05:00
Jan Kiszka ae16a26c20
arm: Fix SMC reporting to EL2 when QEMU provides PSCI
This properly forwards SMC events to EL2 when PSCI is provided by QEMU
itself and, thus, ARM_FEATURE_EL3 is off.

Found and tested with the Jailhouse hypervisor. Solution based on
suggestions by Peter Maydell.

Backports commit 77077a83006c3c9bdca496727f1735a3c5c5355d from qemu
2018-03-05 01:19:22 -05:00
Peter Maydell 4b8bdda695
target/arm: Implement MSR/MRS access to NS banked registers
In v8M the MSR and MRS instructions have extra register value
encodings to allow secure code to access the non-secure banked
version of various special registers.

(We don't implement the MSPLIM_NS or PSPLIM_NS aliases, because
we don't currently implement the stack limit registers at all.)

Backports commit 50f11062d4c896408731d6a286bcd116d1e08465 from qemu
2018-03-05 00:53:13 -05:00
Peter Maydell 6a951f17ed
target/arm: Rename 'type' to 'excret' in do_v7m_exception_exit()
In the v7M and v8M ARM ARM, the magic exception return values are
referred to as EXC_RETURN values, and in QEMU we use V7M_EXCRET_*
constants to define bits within them. Rename the 'type' variable
which holds the exception return value in do_v7m_exception_exit()
to excret, making it clearer that it does hold an EXC_RETURN value.

Backports commit 351e527a613147aa2a2e6910f92923deef27ee48 from qemu
2018-03-04 23:14:22 -05:00
Peter Maydell 1301cb1771
target/arm: Add and use defines for EXCRET constants
The exception-return magic values get some new bits in v8M, which
makes some bit definitions for them worthwhile.

We don't use the bit definitions for the switch on the low bits
which checks the return type for v7M, because this is defined
in the v7M ARM ARM as a set of valid values rather than via
per-bit checks.

Backports commit 4d1e7a4745c050f7ccac49a1c01437526b5130b5 from qemu
2018-03-04 23:12:37 -05:00
Peter Maydell aa71933721
target/arm: Remove unnecessary '| 0xf0000000' from do_v7m_exception_exit()
In do_v7m_exception_exit(), there's no need to force the high 4
bits of 'type' to 1 when calling v7m_exception_taken(), because
we know that they're always 1 or we could not have got to this
"handle return to magic exception return address" code. Remove
the unnecessary ORs.

Backports commit 7115cdf5782922611bcc44c89eec5990db7f6466 from qemu
2018-03-04 23:11:13 -05:00
Peter Maydell 2718aa8233
target/arm: Get PRECISERR and IBUSERR the right way round
For a bus fault, the M profile BFSR bit PRECISERR means a bus
fault on a data access, and IBUSERR means a bus fault on an
instruction access. We had these the wrong way around; fix this.

Backports commit c6158878650c01b2c753b2ea7d0967c8fe5ca59e from qemu
2018-03-04 23:10:33 -05:00
Peter Maydell ceccd92940
target/arm: Clear exclusive monitor on v7M reset, exception entry/exit
For M profile we must clear the exclusive monitor on reset, exception
entry and exception exit. We weren't doing any of these things; fix
this bug.

Backports commit dc3c4c14f0f12854dbd967be3486f4db4e66d25b from qemu
2018-03-04 23:09:41 -05:00
Peter Maydell 4b816fe0aa
target/arm: Implement BXNS, and banked stack pointers
Implement the BXNS v8M instruction, which is like BX but will do a
jump-and-switch-to-NonSecure if the branch target address has bit 0
clear.

This is the first piece of code which implements "switch to the
other security state", so the commit also includes the code to
switch the stack pointers around, which is the only complicated
part of switching security state.

BLXNS is more complicated than just "BXNS but set the link register",
so we leave it for a separate commit.

Backports commit fb602cb726b3ebdd01ef3b1732d74baf9fee7ec9 from qemu
2018-03-04 21:21:23 -05:00
Peter Maydell 221232fb35
target/arm: Move regime_is_secure() to target/arm/internals.h
Move the regime_is_secure() utility function to internals.h;
we are going to want to call it from translate.c.

Backports commit 61fcd69b0db268e7612b07fadc436b93def91768 from qemu
2018-03-04 21:14:05 -05:00
Peter Maydell 07b9144ef2
target/arm: Make CFSR register banked for v8M
Make the CFSR register banked if v8M security extensions are enabled.

Not all the bits in this register are banked: the BFSR
bits [15:8] are shared between S and NS, and we store them
in the NS copy of the register.

Backports commit 334e8dad7a109d15cb20b090131374ae98682a50 from qemu
2018-03-04 21:12:55 -05:00
Peter Maydell 74c66cc2a9
target/arm: Make MMFAR banked for v8M
Make the MMFAR register banked if v8M security extensions are
enabled.

Backports commit c51a5cfc9fae82099028eb12cb1d064ee07f348e from qemu
2018-03-04 21:10:47 -05:00
Peter Maydell 4b24f6d87b
target/arm: Make CCR register banked for v8M
Make the CCR register banked if v8M security extensions are enabled.

This is slightly more complicated than the other "add banking"
patches because there is one bit in the register which is not
banked. We keep the live data in the NS copy of the register,
and adjust it on register reads and writes. (Since we don't
currently implement the behaviour that the bit controls, there
is nowhere else that needs to care.)

This patch includes the enforcement of the bits which are newly
RES1 in ARMv8M.

Backports commit 9d40cd8a68cfc7606f4548cc9e812bab15c6dc28 from qemu
2018-03-04 21:09:34 -05:00
Peter Maydell f88f4b5e31
target/arm: Make MPU_CTRL register banked for v8M
Make the MPU_CTRL register banked if v8M security extensions are
enabled.

Backports commit ecf5e8eae8b0b5fa41f00b53d67747b42fd1b8b9 from qemu
2018-03-04 21:08:16 -05:00
Peter Maydell 683830d5ac
target/arm: Make MPU_RNR register banked for v8M
Make the MPU_RNR register banked if v8M security extensions are
enabled.

Backports commit 1bc04a8880374407c4b12d82ceb8752e12ff5336 from qemu
2018-03-04 21:06:01 -05:00
Peter Maydell 5e14b33c65
target/arm: Make MPU_RBAR, MPU_RLAR banked for v8M
Make the MPU registers MPU_MAIR0 and MPU_MAIR1 banked if v8M security
extensions are enabled.

We can freely add more items to vmstate_m_security without
breaking migration compatibility, because no CPU currently
has the ARM_FEATURE_M_SECURITY bit enabled and so this
subsection is not yet used by anything.

Backports commit 62c58ee0b24eafb44c06402fe059fbd7972eb409 from qemu
2018-03-04 21:04:41 -05:00
Peter Maydell 3e35eee327
target/arm: Make VTOR register banked for v8M
Make the VTOR register banked if v8M security extensions are enabled.

Backports commit 45db7ba681ede57113a67499840e69ee586bcdf2 from qemu
2018-03-04 21:01:51 -05:00
Peter Maydell 59c6845ada
target/arm: Make CONTROL register banked for v8M
Make the CONTROL register banked if v8M security extensions are enabled.

Backports commit 8bfc26ea302ec03585d7258a7cf8938f76512730 from qemu
2018-03-04 21:00:58 -05:00
Peter Maydell 14cb6925f3
target/arm: Make FAULTMASK register banked for v8M
Make the FAULTMASK register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of FAULTMASK to
be restricted).

This patch includes the code to determine for v8M which copy
of FAULTMASK should be updated on exception exit; further
changes will be required to the exception exit code in general
to support v8M, so this is just a small piece of that.

The v8M ARM ARM introduces a notation where individual paragraphs
are labelled with R (for rule) or I (for information) followed
by a random group of subscript letters. In comments where we want
to refer to a particular part of the manual we use this convention,
which should be more stable across document revisions than using
section or page numbers.

Backports commit 42a6686b2f6199d086a58edd7731faeb2dbe7c14 from qemu
2018-03-04 20:58:38 -05:00
Peter Maydell ff3f7811ce
target/arm: Make PRIMASK register banked for v8M
Make the PRIMASK register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of PRIMASK to
be restricted).

Backports commit 6d8048341995b31a77dc2e0dcaaf4e3df0e3121a from qemu
2018-03-04 20:55:49 -05:00
Peter Maydell c9a7aad4dc
target/arm: Make BASEPRI register banked for v8M
Make the BASEPRI register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of BASEPRI to
be restricted).

Backports commit acf949411ffb675edbfb707e235800b02e6a36f8 from qemu
2018-03-04 20:54:44 -05:00
Peter Maydell f4d155ad3a
target/arm: Add MMU indexes for secure v8M
Now that MPU lookups can return different results for v8M
when the CPU is in secure vs non-secure state, we need to
have separate MMU indexes; add the secure counterparts
to the existing three M profile MMU indexes.

Backports commit 66787c7868d05d29974e09201611b718c976f955 from qemu
2018-03-04 20:53:04 -05:00
Peter Maydell 829a34ec55
target/arm: Implement new PMSAv8 behaviour
Implement the behavioural side of the new PMSAv8 specification.

Backports commit 504e3cc36b68b34c176f3f4116b1d5677471ec20 from qemu
2018-03-04 20:47:54 -05:00
Peter Maydell 06619904c6
target/arm: Create and use new function arm_v7m_is_handler_mode()
Add a utility function for testing whether the CPU is in Handler
mode; this is just a check whether v7m.exception is non-zero, but
we do it in several places and it makes the code a bit easier
to read to not have to mentally figure out what the test is testing.

Backports commit 15b3f556bab4f961bf92141eb8521c8da3df5eb2 from qemu
2018-03-04 13:06:45 -05:00
Peter Maydell a897ee919b
target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode
For v7M, writes to the CONTROL register are only permitted for
privileged code. However even if the code is privileged, the
write must not affect the SPSEL bit in the CONTROL register
if the CPU is in Thread mode (as documented in the pseudocode
for the MSR instruction). Implement this, instead of permitting
SPSEL to be written in all cases.

This was causing mbed applications not to run, because the
RTX RTOS they use relies on this behaviour.

Backports commit 792dac309c8660306557ba058b8b5a6a75ab3c1f from qemu
2018-03-04 13:04:20 -05:00