Commit graph

71 commits

Author SHA1 Message Date
Edgar E. Iglesias efe96d29f3
target-arm: Correct accessfn for CNTV_TVAL_EL0
Backports commit b65c08ee1a05760c1c5a786a6cedf240f924c53e from qemu
2018-02-12 21:37:14 -05:00
Edgar E. Iglesias a28d3e4bb7
target-arm: Correct accessfn for CNTP_{CT}VAL_EL0
Backports commit 12cde08aaf571de65d3fbbdf93c83f0a4321267f from qemu
2018-02-12 21:36:10 -05:00
Greg Bellows dbe23a7196
target-arm: Add EL3 and EL2 TCR checking
Updated get_phys_addr_lpae to check the appropriate TTBCR/TCR depending on the
current EL. Support includes using the different TCR format as well as checks to
insure TTBR1 is not used when in EL2 or EL3.

Backports commit 88e8add8b6656c349a96b447b074688d02dc5415 from qemu
2018-02-12 21:31:58 -05:00
Greg Bellows 61c9858458
target-arm: Add TTBR regime function and use
Add a utility function for choosing the correct TTBR system register based on
the specified MMU index. Add use of function on physical address lookup.

Backports commit aef878be4e7ab1bdb30b408007320400b0a29c83 from qemu
2018-02-12 21:29:35 -05:00
Sergey Fedorov 96a99a1bbe
Allow ARMv8 SCR.SMD updates
Updated scr_write to always allow updates to the SCR.SMD bit on ARMv8
regardless of whether virtualization (EL2) is enabled or not.

Backports commit 4eb276408363aef5435a72a8e818f24220b5edd0 from qemu
2018-02-12 20:48:34 -05:00
Sergey Fedorov dd9e33bb6d
target-arm: rename c1_coproc to cpacr_el1
Rename the field holding CPACR_EL1 system register state in AArch64
naming style.

Backports commit 7ebd5f2e03a00889619bb97e83062d27066d4a26 from qemu
2018-02-12 20:46:00 -05:00
Peter Maydell e1a7c13fb4
target-arm: Add user-mode transaction attribute
Add a transaction attribute indicating that a memory access is being
done from user-mode (unprivileged). This corresponds to an equivalent
signal in ARM AMBA buses.

Backports commit 0995bf8cd91b81ec9c1078e37b808794080dc5c0 from qemu
2018-02-12 20:41:58 -05:00
Peter Maydell 2281d6c4c9
target-arm: Use correct memory attributes for page table walks
Factor out the page table walk memory accesses into their own function,
so that we can specify the correct S/NS memory attributes for them.
This will also provide a place to use the correct endianness and
handle the need for a stage-2 translation when virtualization is
supported.

Backports commit ebca90e4c3aaaae5ed1ee7c569dea00d5d6ed476 from qemu
2018-02-12 20:40:19 -05:00
Peter Maydell 6c8b7e0fed
target-arm: Honour NS bits in page tables
Honour the NS bit in ARM page tables:
* when adding entries to the TLB, include the Secure/NonSecure
transaction attribute
* set the NS bit in the PAR when doing ATS operations

Note that we don't yet correctly use the NSTable bit to
cause the page table walk itself to use the right attributes.

Backports commit 8bf5b6a9c1911d2c8473385fc0cebfaaeef42dbc from qem
2018-02-12 20:36:35 -05:00
Andrew Jones 92b1f22a45
target-arm: get_phys_addr_lpae: more xn control
This patch makes the following changes to the determination of
whether an address is executable, when translating addresses
using LPAE.

1. No longer assumes that PL0 can't execute when it can't read.
   It can in AArch64, a difference from AArch32.
2. Use va_size == 64 to determine we're in AArch64, rather than
   arm_feature(env, ARM_FEATURE_V8), which is insufficient.
3. Add additional XN determinants
   - NS && is_secure && (SCR & SCR_SIF)
   - WXN && (prot & PAGE_WRITE)
   - AArch64: (prot_PL0 & PAGE_WRITE)
   - AArch32: UWXN && (prot_PL0 & PAGE_WRITE)
   - XN determination should also work in secure mode (untested)
   - XN may even work in EL2 (currently impossible to test)
4. Cleans up the bloated PAGE_EXEC condition - by removing it.

The helper get_S1prot is introduced. It may even work in EL2,
when support for that comes, but, as the function name implies,
it only works for stage 1 translations.

Backports commit d8e052b387635639a6ba4a09a7874fd2f113b218 from qemu
2018-02-12 20:28:29 -05:00
Andrew Jones ea94701bd0
target-arm: fix get_phys_addr_v6/SCTLR_AFE access check
Introduce simple_ap_to_rw_prot(), which has the same behavior as
ap_to_rw_prot(), but takes the 2-bit simple AP[2:1] instead of
the 3-bit AP[2:0]. Use this in get_phys_addr_v6 when SCTLR_AFE
is set, as that bit indicates we should be using the simple AP
format.

It's unlikely this path is getting used. I don't see CR_AFE
getting used by Linux, so possibly not. If it had been, then
the check would have been wrong for all but AP[2:1] = 0b11.
Anyway, this should fix it up, in case it ever does get used.

Backports commit d76951b65dfb1be4e41cfae6abebf8db7a1243a3 from qemu
2018-02-12 20:22:55 -05:00
Andrew Jones dd8d05620f
target-arm: convert check_ap to ap_to_rw_prot
Instead of mixing access permission checking with access permissions
to page protection flags translation, just do the translation, and
leave it to the caller to check the protection flags against the access
type. Also rename to ap_to_rw_prot to better describe the new behavior.

Backports commit 0fbf5238203041f734c51b49778223686f14366b from qemu
2018-02-12 20:17:49 -05:00
Peter Maydell d723e590f2
target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)
The AArch64 SPSR_EL1 register is architecturally mandated to
be mapped to the AArch32 SPSR_svc register. This means its
state should live in QEMU's env->banked_spsr[1] field.
Correct the various places in the code that incorrectly
put it in banked_spsr[0].

Backports commit 7847f9ea9fce15a9ecfb62ab72c1e84ff516b0db from qemu
2018-02-12 16:36:44 -05:00
Peter Maydell 6bd44fb70a
target-arm: Ignore low bit of PC in M-profile exception return
For the ARM M-profile cores, exception return pops various registers
including the PC from the stack. The architecture defines that if the
lowest bit in the new PC value is set (ie the PC is not halfword
aligned) then behaviour is UNPREDICTABLE. In practice hardware
implementations seem to simply ignore the low bit, and some buggy
RTOSes incorrectly rely on this. QEMU's behaviour was architecturally
permitted, but bringing QEMU into line with the hardware behaviour
allows more guest code to run. We log the situation as a guest error.

This was reported as LP:1428657.

Backports commit fcf83ab103dce6d2951f24f48e30820e7dbb3622 from qemu
2018-02-12 16:18:07 -05:00
Greg Bellows 8612f1d3e7
target-arm: Add 32/64-bit register sync
Add AArch32 to AArch64 register sychronization functions.
Replace manual register synchronization with new functions in
aarch64_cpu_do_interrupt() and HELPER(exception_return)().

Backports commit ce02049dbf1828b4bc77d921b108a9d84246e5aa from qemu
2018-02-12 14:57:20 -05:00
Ildar Isaev 73fa78f0bc
target-arm: fix for exponent comparison in recpe_f64
f64 exponent in HELPER(recpe_f64) should be compared to 2045 rather than 1023
(FPRecipEstimate in ARMV8 spec). This fixes incorrect underflow handling when
flushing denormals to zero in the FRECPE instructions operating on 64-bit
values.

Backports commit fc1792e9aa36227ee9994757974f9397684e1a48 from qemu
2018-02-12 12:04:39 -05:00
Peter Maydell e3c3cccb7a
target-arm: Fix brace style in reindented code
This patch fixes the brace style in the code reindented in the
previous commit.

Backports commit 87c3d486150917c8e286d29166c98a2035377b52 from qemu
2018-02-12 11:56:39 -05:00
Peter Maydell 11c6c143d7
target-arm: Reindent ancient page-table-walk code
A few of the oldest parts of the page-table-walk code have broken indent
(either hardcoded tabs or two-spaces). Reindent these sections.

For ease of review, this patch does not touch the brace style and
so is a whitespace-only change.

Backports commit 554b0b09aec4579c8164f363b18a263150e91a2c from qemu
2018-02-12 11:54:11 -05:00
Peter Maydell 0046642958
target-arm: Use mmu_idx in get_phys_addr()
Now we have the mmu_idx in get_phys_addr(), use it correctly to
determine the behaviour of virtual to physical address translations,
rather than using just an is_user flag and the current CPU state.

Some TODO comments have been added to indicate where changes will
need to be made to add EL2 and 64-bit EL3 support.

Backports commit 0480f69abf849ca0d48928cc6c669c1c7264239b from qemu
2018-02-12 11:49:55 -05:00
Peter Maydell 6031ae6540
target-arm: Pass mmu_idx to get_phys_addr()
Make all the callers of get_phys_addr() pass it the correct
mmu_idx rather than just a simple "is_user" flag. This includes
properly decoding the AT/ATS system instructions; we include the
logic for handling all the opc1/opc2 cases because we'll need
them later for supporting EL2/EL3, even if we don't have the
regdef stanzas yet.

Backports commit d364970287c0ba68979711928c15e5d37414f87f from qemu
2018-02-12 11:41:38 -05:00
Peter Maydell 04f30f91ed
target-arm: Split AArch64 cases out of ats_write()
Instead of simply reusing ats_write() as the handler for both AArch32
and AArch64 address translation operations, use a different function
for each with the common code in a third function. This is necessary
because the semantics for selecting the right translation regime are
different; we are only getting away with sharing currently because
we don't support EL2 and only support EL3 in AArch32.

Backports commit 060e8a48cb84d41d4ac36e4bb29d9c14ed7168b6 from qemu
2018-02-12 11:36:11 -05:00
Peter Maydell 3261ed5801
target-arm: Define correct mmu_idx values and pass them in TB flags
We currently claim that for ARM the mmu_idx should simply be the current
exception level. However this isn't actually correct -- secure EL0 and EL1
should have separate indexes from non-secure EL0 and EL1 since their
VA->PA mappings may differ. We also will want an index for stage 2
translations when we properly support EL2.

Define and document all seven mmu index values that we require, and
pass the mmu index in the TB flags rather than exception level or
priv/user bit.

This change doesn't update the get_phys_addr() code, so our page
table walking still assumes a simplistic "user or priv?" model for
the moment.

Backports commit c1e3781090b9d36c60e1a254ba297cb34011d3d4 from qemu
2018-02-12 11:21:19 -05:00
Peter Maydell 337e658869
target-arm: Add checks that cpreg raw accesses are handled
Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.

Backports commit 375421ccaeebae8212eb8f9a36835ad4d9dc60a8 from qemu
2018-02-12 11:02:00 -05:00
Peter Maydell 52afb392f2
target-arm: Split NO_MIGRATE into ALIAS and NO_RAW
We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
some other register, and that other register is the one
responsible for migrating the state
2) register is not actually state at all (for instance the TLB
or cache maintenance operation "registers") and it makes no
sense to attempt to migrate it or otherwise access the raw state

This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)

Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.

Backports commit 7a0e58fa648736a75f2a6943afd2ab08ea15b8e0 from qemu
2018-02-12 10:59:36 -05:00
Greg Bellows 301c3737e3
target-arm: Add missing SP_ELx register definition
Added CP register definitions for SP_EL1 and SP_EL2.

Backports commit 884b4deeeb8b158ed3db5792161902bc8b41b62d from qemu
2018-02-12 10:40:53 -05:00
Greg Bellows 2cce33295b
target-arm: Add extended RVBAR support
Added RVBAR_EL2 and RVBAR_EL3 CP register support. All RVBAR_EL# registers
point to the same location and only the highest EL version exists at any one
time.

Backports commit be8e8128595b41b9f609c1507e67d121e65e7173 from qemu
2018-02-12 10:40:53 -05:00
Greg Bellows 6c33ec25fc
target-arm: Fix RVBAR_EL1 register encoding
Fix the RVBAR_EL1 CP register opc2 encoding from 2 to 1

Backports commit 569b49f864e7593a14182acae5a7f5981f6ec24f from qemu
2018-02-12 10:40:53 -05:00
Greg Bellows c457067e47
target-arm: Merge EL3 CP15 register lists
Merge of the v8_el2_cp_reginfo and el3_cp_reginfo ARMCPRegInfo lists.
Previously, some EL3 registers were restricted to the ARMv8 list under the
impression that they were not needed on ARMv7. However, this is not the case
as the ARMv7/32-bit variants rely on the ARMv8/64-bit variants to handle
migration and reset. For this reason they must always exist.

Backports commit 60fb1a87b47b14e4ea67043aa56f353e77fbd70a from qemu
2018-02-12 10:40:52 -05:00
Greg Bellows b711147cc3
target-arm: make MAIR0/1 banked
Added CP register info entries for the ARMv7 MAIR0/1 secure banks.

Backports commit be693c87e440e671ed913784554384349ce8331d from qemu
2018-02-12 10:40:52 -05:00
Fabian Aggeler 4bf69e19c6
target-arm: make c13 cp regs banked (FCSEIDR, ...)
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.

Backports commit 54bf36ed351c526cde0c853079f9ff1ab7e2ff89 from qemu
2018-02-12 10:40:51 -05:00
Greg Bellows 153e7e7331
target-arm: make VBAR banked
When EL3 is running in Aarch32 (or ARMv7 with Security Extensions)
VBAR has a secure and a non-secure instance, which are mapped to
VBAR_EL1 and VBAR_EL3.

Backports commit fb6c91ba2bb0b1c1b8662ceeeeb9474a025f9a6b from qemu
2018-02-12 10:40:51 -05:00
Fabian Aggeler ccccef3d41
target-arm: make PAR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.

Backports commit 01c097f7960b330c4bf038d34bae17ad6c1ba499 from qemu
2018-02-12 10:40:51 -05:00
Fabian Aggeler ff1ca0608d
target-arm: make IFAR/DFAR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFAR and DFAR have a secure and a non-secure instance.

Backports commit b848ce2b9cbd38da3f2530fd93dba76dba0621c0 from qemu
2018-02-12 10:40:51 -05:00
Fabian Aggeler 27ba8b30c5
target-arm: make DFSR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DFSR has a secure and a non-secure instance.

Backports commit 4a7e2d7315bd2ce28e49ccd0bde73eabdfd7437b from qemu
2018-02-12 10:40:51 -05:00
Fabian Aggeler 192c5c665a
target-arm: make IFSR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFSR has a secure and a non-secure instance. Adds IFSR32_EL2 definition and
storage.

Backports commit 88ca1c2d70523486a952065f3ed7b8fc823b5863 from qemu
2018-02-12 10:40:45 -05:00
Fabian Aggeler e955687ca5
target-arm: make DACR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance. Adds definition for DACR32_EL2.

Backports commit 0c17d68c1d3d6c35f37f5692042d2edb65c8bcc0 from qemu
2018-02-12 09:01:38 -05:00
Fabian Aggeler e90e4b7190
target-arm: make TTBCR banked
Adds secure and non-secure bank register suport for TTBCR.
Added new struct to compartmentalize the TCR data and masks. Removed old
tcr/ttbcr data and added a 4 element array of the new structs in cp15. This
allows for one entry per EL. Added a CP register definition for TCR_EL3.

Backports commit 11f136ee25232a00f433cefe98ee33cd614ecccc from qemu
2018-02-11 19:59:03 -05:00
Fabian Aggeler adf48a1f81
target-arm: make TTBR0/1 banked
Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3. Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.

Backports commit 7dd8c9af0d9d18fb3e54a4843b3bb1398bd330bc to qemu
2018-02-11 19:46:15 -05:00
Fabian Aggeler 673cb7d93e
target-arm: make CSSELR banked
Rename CSSELR (cache size selection register) and add secure
instance (AArch32).

Backports commit b85a1fd61c4d72c7928cd9b70f9f59fb2895936d from qemu
2018-02-11 19:35:02 -05:00
Fabian Aggeler 44fc779c6a
target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
Add checks of SCR AW/FW bits when performing writes of CPSR. These SCR bits
are used to control whether the CPSR masking bits can be adjusted from
non-secure state.

Backports commit 6e8801f9dea9e10449f4fd7d85dbe8cab708a686 from qemu
2018-02-11 19:30:21 -05:00
Fabian Aggeler 9087027b85
target-arm: add SCTLR_EL3 and make SCTLR banked
Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.

Backports commit 137feaa9a1622620adf19c0b707883dd990738e2 from qemu
2018-02-11 19:28:34 -05:00
Fabian Aggeler ca0608f68d
target-arm: add MVBAR support
Use MVBAR register as exception vector base address for
exceptions taken to CPU monitor mode.

Backports commit e89e51a17ea0d8aef9bf9b766c98f963e835fbf2 from qemu
2018-02-11 19:09:28 -05:00
Greg Bellows e49d9d3f30
target-arm: add SDER definition
Added CP register defintions for SDER and SDER32_EL3 as well as cp15.sder for
register storage.

Backports commit 144634ae6c1618dcee6aced9c0d4427844154091 from qemu
2018-02-11 19:03:18 -05:00
Fabian Aggeler 461944980c
target-arm: add NSACR register
Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.

Backports commit 770225764f831031d2e1453f69c365eb1b647d87 from qemu
2018-02-11 18:57:34 -05:00
Fabian Aggeler f120ad5308
target-arm: implement IRQ/FIQ routing to Monitor mode
SCR.{IRQ/FIQ} bits allow to route IRQ/FIQ exceptions to monitor CPU
mode. When taking IRQ exception to monitor mode FIQ exception is
additionally masked.

Backports commit de38d23b542efca54108ef28bcc0efe96f378d2e from qemu
2018-02-11 18:51:21 -05:00
Fabian Aggeler 4d9c9f893e
target-arm: move AArch32 SCR into security reglist
Define a new ARM CP register info list for the ARMv7 Security Extension
feature. Register that list only for ARM cores with Security Extension/EL3
support. Moving AArch32 SCR into Security Extension register group.

Backports commit 0f1a3b2470d798ad5335eb9d6236f02ff64e31a8 from qemu
2018-02-11 18:48:33 -05:00
Fabian Aggeler 3494160ea6
target-arm: insert AArch32 cpregs twice into hashtable
Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.

Backports commit 3f3c82a57d128aa3ec823aa8032867c3a6e2e795 from qemu
2018-02-11 18:41:25 -05:00
Peter Maydell fb78e79d72
target-arm: add secure state bit to CPREG hash
Added additional NS-bit to CPREG hash encoding. Updated hash lookup
locations to specify hash bit currently set to non-secure.

Backports commit 51a79b039728277e35fd19f7a7b4bc6cb323697f from qemu
2018-02-11 18:35:52 -05:00
Fabian Aggeler 4f5106b56d
target-arm: add CPREG secure state support
Prepare ARMCPRegInfo to support specifying two fieldoffsets per
register definition. This will allow us to keep one register
definition for banked registers (different offsets for secure/
non-secure world).

Also added secure state tracking field and flags. This allows for
identification of the register info secure state.

Backports commit c3e302606253a17568dc3ef30238f102468f7ee1 from qemu
2018-02-11 18:29:35 -05:00
Greg Bellows 67d68df401
target-arm: add async excp target_el function
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions. The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.

Backports commit 0eeb17d618361a0f4faddc160e33598b23da6dd5 from qemu
2018-02-11 17:45:09 -05:00