aboutsummaryrefslogtreecommitdiff
path: root/target/arm/tcg
AgeCommit message (Collapse)Author
2024-05-28target/arm: Convert Cryptographic AES to decodetreeRichard Henderson
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240524232121.284515-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Split out gengvec64.cRichard Henderson
Split some routines out of translate-a64.c and translate-sve.c that are used by both. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240524232121.284515-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Split out gengvec.cRichard Henderson
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240524232121.284515-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Verify sz=0 for Advanced SIMD scalar pairwise (fp16)Richard Henderson
All of these insns have "if sz == '1' then UNDEFINED" in their pseudocode. Fixes a RISU miscompare for invalid insn 0x5ef0c87a. Fixes: 5c36d89567c ("arm/translate-a64: add all FP16 ops in simd_scalar_pairwise") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240524232121.284515-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Fix decode of FMOV (hp) vs MOVIRichard Henderson
The decode of FMOV (vector, immediate, half-precision) vs invalid cases of MOVI are incorrect. Fixes RISU mismatch for invalid insn 0x2f01fd31. Fixes: 70b4e6a4457 ("arm/translate-a64: add FP16 FMOV to simd_mod_imm") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240524232121.284515-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Zero-extend writeback for fp16 FCVTZS (scalar, integer)Richard Henderson
Fixes RISU mismatch for "fcvtzs h31, h0, #14". Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240524232121.284515-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-28target/arm: Use PLD, PLDW, PLI not NOP for t32Richard Henderson
This fixes a bug in that neither PLI nor PLDW are present in ARMv6T2, but are introduced with ARMv7 and ARMv7MP respectively. For clarity, do not use NOP for PLD. Note that there is no PLDW (literal). Architecturally in the T1 encoding of "PLD (literal)" bit 5 is "(0)", which means that it should be zero and if it is not then the behaviour is CONSTRAINED UNPREDICTABLE (might UNDEF, NOP, or ignore the value of the bit). In our implementation we have patterns for both: + PLD 1111 1000 -001 1111 1111 ------------ # (literal) + PLD 1111 1000 -011 1111 1111 ------------ # (literal) and so we effectively ignore the value of bit 5. (This is a permitted option for this CONSTRAINED UNPREDICTABLE.) This isn't a behaviour change in this commit, since we previously had NOP lines for both those patterns. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240524232121.284515-3-richard.henderson@linaro.org [PMM: adjusted commit message to note that PLD (lit) T1 bit 5 being 1 is an UNPREDICTABLE case.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-05-15accel/tcg: Provide default implementation of disas_logRichard Henderson
Almost all of the disas_log implementations are identical. Unify them within translator_loop. Drop extra Priv/Virt logging from target/riscv. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-05-06exec/cpu: Extract page-protection definitions to page-protection.hPhilippe Mathieu-Daudé
Extract page-protection definitions from "exec/cpu-all.h" to "exec/page-protection.h". The list of files requiring the new header was generated using: $ git grep -wE \ 'PAGE_(READ|WRITE|EXEC|RWX|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)' Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Nicholas Piggin <npiggin@gmail.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240427155714.53669-3-philmd@linaro.org>
2024-04-30target/arm: Default to 1GHz cntfrq for 'max' and new CPUsPeter Maydell
In previous versions of the Arm architecture, the frequency of the generic timers as reported in CNTFRQ_EL0 could be any IMPDEF value, and for QEMU we picked 62.5MHz, giving a timer tick period of 16ns. In Armv8.6, the architecture standardized this frequency to 1GHz. Because there is no ID register feature field that indicates whether a CPU is v8.6 or that it ought to have this counter frequency, we implement this by changing our default CNTFRQ value for all CPUs, with exceptions for backwards compatibility: * CPU types which we already implement will retain the old default value. None of these are v8.6 CPUs, so this is architecturally OK. * CPUs used in versioned machine types with a version of 9.0 or earlier will retain the old default value. The upshot is that the only CPU type that changes is 'max'; but any new type we add in future (whether v8.6 or not) will also get the new 1GHz default. It remains the case that the machine model can override the default value via the 'cntfrq' QOM property (regardless of the CPU type). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240426122913.3427983-5-peter.maydell@linaro.org
2024-04-30target/arm: Enable FEAT_Spec_FPACC for -cpu maxPeter Maydell
FEAT_Spec_FPACC is a feature describing speculative behaviour in the event of a PAC authontication failure when FEAT_FPACCOMBINE is implemented. FEAT_Spec_FPACC means that the speculative use of pointers processed by a PAC Authentication is not materially different in terms of the impact on cached microarchitectural state (caches, TLBs, etc) between passing and failing of the PAC Authentication. QEMU doesn't do speculative execution, so we can advertise this feature. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240418152004.2106516-6-peter.maydell@linaro.org
2024-04-30target/arm: Enable FEAT_ETS2 for -cpu maxPeter Maydell
FEAT_ETS2 is a tighter set of guarantees about memory ordering involving translation table walks than the old FEAT_ETS; FEAT_ETS has been retired from the Arm ARM and the old ID_AA64MMFR1.ETS == 1 now gives no greater guarantees than ETS == 0. FEAT_ETS2 requires: * the virtual address of a load or store that appears in program order after a DSB cannot be translated until after the DSB completes (section B2.10.9) * TLB maintenance operations that only affect translations without execute permission are guaranteed complete after a DSB (R_BLDZX) * if a memory access RW2 is ordered-before memory access RW2, then RW1 is also ordered-before any translation table walk generated by RW2 that generates a Translation, Address size or Access flag fault (R_NNFPF, I_CLGHP) As with FEAT_ETS, QEMU is already compliant, because we do not reorder translation table walk memory accesses relative to other memory accesses, and we always guarantee to have finished TLB maintenance as soon as the TLB op is done. Update the documentation to list FEAT_ETS2 instead of the no-longer-existent FEAT_ETS, and update the 'max' CPU ID registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240418152004.2106516-4-peter.maydell@linaro.org
2024-04-30target/arm: Enable FEAT_CSV2_3 for -cpu maxPeter Maydell
FEAT_CSV2_3 adds a mechanism to identify if hardware cannot disclose information about whether branch targets and branch history trained in one hardware described context can control speculative execution in a different hardware context. There is no branch prediction in TCG, so we don't need to do anything to be compliant with this. Upadte the '-cpu max' ID registers to advertise the feature. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240418152004.2106516-3-peter.maydell@linaro.org
2024-04-30target/arm: Restrict translation disabled alignment check to VMSARichard Henderson
For cpus using PMSA, when the MPU is disabled, the default memory type is Normal, Non-cachable. This means that it should not have alignment restrictions enforced. Cc: qemu-stable@nongnu.org Fixes: 59754f85ed3 ("target/arm: Do memory type alignment check when translation disabled") Reported-by: Clément Chigot <chigot@adacore.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Clément Chigot <chigot@adacore.com> Message-id: 20240422170722.117409-1-richard.henderson@linaro.org [PMM: trivial comment, commit message tweaks] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-04-25target/arm: Add FEAT_NMI to maxJinjie Ruan
Enable FEAT_NMI on the 'max' CPU. Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240407081733.3231820-24-ruanjinjie@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-04-25target/arm: Implement ALLINT MSR (immediate)Jinjie Ruan
Add ALLINT MSR (immediate) to decodetree, in which the CRm is 0b000x. The EL0 check is necessary to ALLINT, and the EL1 check is necessary when imm == 1. So implement it inline for EL2/3, or EL1 with imm==0. Avoid the unconditional write to pc and use raise_exception_ra to unwind. Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240407081733.3231820-5-ruanjinjie@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-04-25target/arm: Add PSTATE.ALLINTJinjie Ruan
When PSTATE.ALLINT is set, an IRQ or FIQ interrupt that is targeted to ELx, with or without superpriority is masked. As Richard suggested, place ALLINT bit in PSTATE in env->pstate. In the pseudocode, AArch64.ExceptionReturn() calls SetPSTATEFromPSR(), which treats PSTATE.ALLINT as one of the bits which are reinstated from SPSR to PSTATE regardless of whether this is an illegal exception return or not. So handle PSTATE.ALLINT the same way as PSTATE.DAIF in the illegal_return exit path of the exception_return helper. With the change, exception entry and return are automatically handled. Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240407081733.3231820-3-ruanjinjie@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-04-09target/arm: Use insn_start from DisasContextBaseRichard Henderson
To keep the multiple update check, replace insn_start with insn_start_updated. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-02target/arm: take HSTR traps of cp15 accesses to EL2, not EL1Peter Maydell
The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and EL0 accesses to cp15 registers. We incorrectly implemented this so they trap to EL1 when we detect the need for a HSTR trap at code generation time. (The check in access_check_cp_reg() which we do at runtime to catch traps from EL0 is correctly routing them to EL2.) Use the correct target EL when generating the code to take the trap. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2226 Fixes: 049edada5e93df ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240325133116.2075362-1-peter.maydell@linaro.org
2024-03-08target/arm: Move v7m-related code from cpu32.c into a separate fileThomas Huth
Move the code to a separate file so that we do not have to compile it anymore if CONFIG_ARM_V7M is not set. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 20240308141051.536599-2-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-03-07target/arm: Fix 32-bit SMOPARichard Henderson
While the 8-bit input elements are sequential in the input vector, the 32-bit output elements are not sequential in the output matrix. Do not attempt to compute 2 32-bit outputs at the same time. Cc: qemu-stable@nongnu.org Fixes: 23a5e3859f5 ("target/arm: Implement SME integer outer product") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2083 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240305163931.242795-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-03-07target/arm: Enable FEAT_ECV for 'max' CPUPeter Maydell
Enable all FEAT_ECV features on the 'max' CPU. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240301183219.2424889-9-peter.maydell@linaro.org
2024-03-05target/arm: Do memory type alignment check when translation disabledRichard Henderson
If translation is disabled, the default memory type is Device, which requires alignment checking. This is more optimally done early via the MemOp given to the TCG memory operation. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reported-by: Idan Horowitz <idan.horowitz@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240301204110.656742-6-richard.henderson@linaro.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1204 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-03-05target/arm: Support 32-byte alignment in pow2_alignRichard Henderson
Now that we have removed TARGET_PAGE_BITS_MIN-6 from TLB_FLAGS_MASK, we can test for 32-byte alignment. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240301204110.656742-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15target/arm: Allow access to SPSR_hyp from hyp modePeter Maydell
Architecturally, the AArch32 MSR/MRS to/from banked register instructions are UNPREDICTABLE for attempts to access a banked register that the guest could access in a more direct way (e.g. using this insn to access r8_fiq when already in FIQ mode). QEMU has chosen to UNDEF on all of these. However, for the case of accessing SPSR_hyp from hyp mode, it turns out that real hardware permits this, with the same effect as if the guest had directly written to SPSR. Further, there is some guest code out there that assumes it can do this, because it happens to work on hardware: an example Cortex-R52 startup code fragment uses this, and it got copied into various other places, including Zephyr. Zephyr was fixed to not use this: https://github.com/zephyrproject-rtos/zephyr/issues/47330 but other examples are still out there, like the selftest binary for the MPS3-AN536. For convenience of being able to run guest code, permit this UNPREDICTABLE access instead of UNDEFing it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
2024-02-15target/arm: Add Cortex-R52 IMPDEF sysregsPeter Maydell
Add the Cortex-R52 IMPDEF sysregs, by defining them here and also by enabling the AUXCR feature which defines the ACTLR and HACTLR registers. As is our usual practice, we make these simple reads-as-zero stubs for now. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240206132931.38376-4-peter.maydell@linaro.org
2024-02-15target/arm: The Cortex-R52 has a read-only CBARPeter Maydell
The Cortex-R52 implements the Configuration Base Address Register (CBAR), as a read-only register. Add ARM_FEATURE_CBAR_RO to this CPU type, so that our implementation provides the register and the associated qdev property. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240206132931.38376-3-peter.maydell@linaro.org
2024-02-15target/arm: Fix SVE/SME gross MTE suppression checksRichard Henderson
The TBI and TCMA bits are located within mtedesc, not desc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15target/arm: Handle mte in do_ldrq, do_ldroRichard Henderson
These functions "use the standard load helpers", but fail to clean_data_tbi or populate mtedesc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15target/arm: Split out make_svemte_descRichard Henderson
Share code that creates mtedesc and embeds within simd_desc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15target/arm: Adjust and validate mtedesc sizem1Richard Henderson
When we added SVE_MTEDESC_SHIFT, we effectively limited the maximum size of MTEDESC. Adjust SIZEM1 to consume the remaining bits (32 - 10 - 5 - 12 == 5). Assert that the data to be stored fits within the field (expecting 8 * 4 - 1 == 31, exact fit). Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15target/arm: Fix nregs computation in do_{ld,st}_zpaRichard Henderson
The field is encoded as [0-3], which is convenient for indexing our array of function pointers, but the true value is [1-4]. Adjust before calling do_mem_zpa. Add an assert, and move the comment re passing ZT to the helper back next to the relevant code. Cc: qemu-stable@nongnu.org Fixes: 206adacfb8d ("target/arm: Add mte helpers for sve scalar + int loads") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-03target/arm: Split out arm_env_mmu_indexRichard Henderson
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-01-29include/qemu: Add TCGCPUOps typedef to typedefs.hRichard Henderson
QEMU coding style recommends using structure typedefs. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-01-29target: Use vaddr in gen_intermediate_codeAnton Johansson
Makes gen_intermediate_code() signature target agnostic so the function can be called from accel/tcg/translate-all.c without target specifics. Signed-off-by: Anton Johansson <anjo@rev.ng> Message-Id: <20240119144024.14289-9-anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-01-26target/arm: Fix A64 scalar SQSHRN and SQRSHRNPeter Maydell
In commit 1b7bc9b5c8bf374dd we changed handle_vec_simd_sqshrn() so that instead of starting with a 0 value and depositing in each new element from the narrowing operation, it instead started with the raw result of the narrowing operation of the first element. This is fine in the vector case, because the deposit operations for the second and subsequent elements will always overwrite any higher bits that might have been in the first element's result value in tcg_rd. However in the scalar case we only go through this loop once. The effect is that for a signed narrowing operation, if the result is negative then we will now return a value where the bits above the first element are incorrectly 1 (because the narrowfn returns a sign-extended result, not one that is truncated to the element size). Fix this by using an extract operation to get exactly the correct bits of the output of the narrowfn for element 1, instead of a plain move. Cc: qemu-stable@nongnu.org Fixes: 1b7bc9b5c8bf374dd3 ("target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2089 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240123153416.877308-1-peter.maydell@linaro.org
2024-01-26target/arm: Expose arm_cpu_mp_affinity() in 'multiprocessing.h' headerPhilippe Mathieu-Daudé
Declare arm_cpu_mp_affinity() prototype in the new "target/arm/multiprocessing.h" header so units in hw/arm/ can use it without having to include the huge target-specific "cpu.h". File list to include the new header generated using: $ git grep -lw arm_cpu_mp_affinity Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240118200643.29037-11-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-01-26target/arm: Create arm_cpu_mp_affinityRichard Henderson
Wrapper to return the mp affinity bits from the cpu. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240118200643.29037-10-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-01-26target/arm: Fix VNCR fault detection logicPeter Maydell
In arm_deliver_fault() we check for whether the fault is caused by a data abort due to an access to a FEAT_NV2 sysreg in the memory pointed to by the VNCR. Unfortunately part of the condition checks the wrong argument to the function, meaning that it would spuriously trigger, resulting in some instruction aborts being taken to the wrong EL and reported incorrectly. Use the right variable in the condition. Fixes: 674e5345275d425 ("target/arm: Report VNCR_EL2 based faults correctly") Reported-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-id: 20240116165605.2523055-1-peter.maydell@linaro.org
2024-01-09target/arm: Add FEAT_NV2 to max, neoverse-n2, neoverse-v1 CPUsPeter Maydell
Enable FEAT_NV2 on the 'max' CPU, and stop filtering it out for the Neoverse N2 and Neoverse V1 CPUs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Report VNCR_EL2 based faults correctlyPeter Maydell
If FEAT_NV2 redirects a system register access to a memory offset from VNCR_EL2, that access might fault. In this case we need to report the correct syndrome information: * Data Abort, from same-EL * no ISS information * the VNCR bit (bit 13) is set and the exception must be taken to EL2. Save an appropriate syndrome template when generating code; we can then use that to: * select the right target EL * reconstitute a correct final syndrome for the data abort * report the right syndrome if we take a FEAT_RME granule protection fault on the VNCR-based write Note that because VNCR is bit 13, we must start keeping bit 13 in template syndromes, by adjusting ARM_INSN_START_WORD2_SHIFT. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Implement FEAT_NV2 redirection of sysregs to RAMPeter Maydell
FEAT_NV2 requires that when HCR_EL2.{NV,NV2} == 0b11 then accesses by EL1 to certain system registers are redirected to RAM. The full list of affected registers is in the table in rule R_CSRPQ in the Arm ARM. The registers may be normally accessible at EL1 (like ACTLR_EL1), or normally UNDEF at EL1 (like HCR_EL2). Some registers redirect to RAM only when HCR_EL2.NV1 is 0, and some only when HCR_EL2.NV1 is 1; others trap in both cases. Add the infrastructure for identifying which registers should be redirected and turning them into memory accesses. This code does not set the correct syndrome or arrange for the exception to be taken to the correct target EL if the access via VNCR_EL2 faults; we will do that in the next commit. Subsequent commits will mark up the relevant regdefs to set their nv2_redirect_offset, and if relevant one of the two flags which indicates that the redirect happens only for a particular value of HCR_EL2.NV1. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2024-01-09target/arm: Handle FEAT_NV2 redirection of SPSR_EL2, ELR_EL2, ESR_EL2, FAR_EL2Peter Maydell
Under FEAT_NV2, when HCR_EL2.{NV,NV2} == 0b11 at EL1, accesses to the registers SPSR_EL2, ELR_EL2, ESR_EL2, FAR_EL2 and TFSR_EL2 (which would UNDEF without FEAT_NV or FEAT_NV2) should instead access the equivalent EL1 registers SPSR_EL1, ELR_EL1, ESR_EL1, FAR_EL1 and TFSR_EL1. Because there are only five registers involved and the encoding for the EL1 register is identical to that of the EL2 register except that opc1 is 0, we handle this by finding the EL1 register in the hash table and using it instead. Note that traps that apply to direct accesses to the EL1 register, such as active fine-grained traps or other trap bits, do not trigger when it is accessed via the EL2 encoding in this way. However, some traps that are defined by the EL2 register may apply. We therefore call the EL2 register's accessfn first. The only one of the five which has such traps is TFSR_EL2: make sure its accessfn correctly handles both FEAT_NV (where we trap to EL2 without checking ATA bits) and FEAT_NV2 (where we check ATA bits and then redirect to TFSR_EL1). (We don't need the NV1 tbflag bit until the next patch, but we introduce it here to avoid putting the NV, NV1, NV2 bits in an odd order.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Add FEAT_NV to max, neoverse-n2, neoverse-v1 CPUsPeter Maydell
Enable FEAT_NV on the 'max' CPU, and stop filtering it out for the Neoverse N2 and Neoverse V1 CPUs. We continue to downgrade FEAT_NV2 support to FEAT_NV for the latter two CPU types. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Treat LDTR* and STTR* as LDR/STR when NV, NV1 is 1, 1Peter Maydell
FEAT_NV requires (per I_JKLJK) that when HCR_EL2.{NV,NV1} is {1,1} the unprivileged-access instructions LDTR, STTR etc behave as normal loads and stores. Implement the check that handles this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Make NV reads of CurrentEL return EL2Peter Maydell
FEAT_NV requires that when HCR_EL2.NV is set reads of the CurrentEL register from EL1 always report EL2 rather than the real EL. Implement this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Trap sysreg accesses for FEAT_NVPeter Maydell
For FEAT_NV, accesses to system registers and instructions from EL1 which would normally UNDEF there but which work in EL2 need to instead be trapped to EL2. Detect this both for "we know this will UNDEF at translate time" and "we found this UNDEFs at runtime", and make the affected registers trap to EL2 instead. The Arm ARM defines the set of registers that should trap in terms of their names; for our implementation this would be both awkward and inefficent as a test, so we instead trap based on the opc1 field of the sysreg. The regularity of the architectural choice of encodings for sysregs means that in practice this captures exactly the correct set of registers. Regardless of how we try to define the registers this trapping applies to, there's going to be a certain possibility of breakage if new architectural features introduce new registers that don't follow the current rules (FEAT_MEC is one example already visible in the released sysreg XML, though not yet in the Arm ARM). This approach seems to me to be straightforward and likely to require a minimum of manual overrides. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Move FPU/SVE/SME access checks up above ARM_CP_SPECIAL_MASK checkPeter Maydell
In handle_sys() we don't do the check for whether the register is marked as needing an FPU/SVE/SME access check until after we've handled the special cases covered by ARM_CP_SPECIAL_MASK. This is conceptually the wrong way around, because if for example we happen to implement an FPU-access-checked register as ARM_CP_NOP, we should do the access check first. Move the access checks up so they are with all the other access checks, not sandwiched between the special-case read/write handling and the normal-case read/write handling. This doesn't change behaviour at the moment, because we happen not to define any cpregs with both ARM_CPU_{FPU,SVE,SME} and one of the cases dealt with by ARM_CP_SPECIAL_MASK. Moving this code also means we have the correct place to put the FEAT_NV/FEAT_NV2 access handling, which should come after the access checks and before we try to do any read/write action. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Always honour HCR_EL2.TSC when HCR_EL2.NV is setPeter Maydell
The HCR_EL2.TSC trap for trapping EL1 execution of SMC instructions has a behaviour change for FEAT_NV when EL3 is not implemented: * in older architecture versions TSC was required to have no effect (i.e. the SMC insn UNDEFs) * with FEAT_NV, when HCR_EL2.NV == 1 the trap must apply (i.e. SMC traps to EL2, as it already does in all cases when EL3 is implemented) * in newer architecture versions, the behaviour either without FEAT_NV or with FEAT_NV and HCR_EL2.NV == 0 is relaxed to an IMPDEF choice between UNDEF and trap-to-EL2 (i.e. it is permitted to always honour HCR_EL2.TSC) for AArch64 only Add the condition to honour the trap bit when HCR_EL2.NV == 1. We leave the HCR_EL2.NV == 0 case with the existing (UNDEF) behaviour, as our IMPDEF choice (both because it avoids a behaviour change for older CPU models and because we'd have to distinguish AArch32 from AArch64 if we opted to trap to EL2). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>
2024-01-09target/arm: Enable trapping of ERET for FEAT_NVPeter Maydell
When FEAT_NV is turned on via the HCR_EL2.NV bit, ERET instructions are trapped, with the same syndrome information as for the existing FEAT_FGT fine-grained trap (in the pseudocode this is handled in AArch64.CheckForEretTrap()). Rename the DisasContext and tbflag bits to reflect that they are no longer exclusively for FGT traps, and set the tbflag bit when FEAT_NV is enabled as well as when the FGT is enabled. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Miguel Luis <miguel.luis@oracle.com>