aboutsummaryrefslogtreecommitdiff
path: root/target/arm
AgeCommit message (Collapse)Author
2023-02-04target/arm: Use tcg_gen_atomic_cmpxchg_i128 for CASPRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20221112042555.2622152-3-richard.henderson@linaro.org>
2023-02-04target/arm: Use tcg_gen_atomic_cmpxchg_i128 for STXPRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20221112042555.2622152-2-richard.henderson@linaro.org>
2023-02-03target/arm: Enable FEAT_FGT on '-cpu max'Peter Maydell
Update the ID registers for TCG's '-cpu max' to report the presence of FEAT_FGT Fine-Grained Traps support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-24-peter.maydell@linaro.org Message-id: 20230127175507.2895013-24-peter.maydell@linaro.org
2023-02-03target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC trapsPeter Maydell
FEAT_FGT also implements an extra trap bit in the MDCR_EL2 and MDCR_EL3 registers: bit TDCC enables trapping of use of the Debug Comms Channel registers OSDTRRX_EL1, OSDTRTX_EL1, MDCCSR_EL0, MDCCINT_EL0, DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0 (and their AArch32 equivalents). This trapping is independent of whether fine-grained traps are enabled or not. Implement these extra traps. (We don't implement DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-23-peter.maydell@linaro.org Message-id: 20230127175507.2895013-23-peter.maydell@linaro.org
2023-02-03target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 trapsPeter Maydell
Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 fine-grained traps. These trap execution of the SVC instruction from AArch32 and AArch64. (As usual, AArch32 can only trap from EL0, as fine grained traps are disabled with an AArch32 EL1.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-22-peter.maydell@linaro.org Message-id: 20230127175507.2895013-22-peter.maydell@linaro.org
2023-02-03target/arm: Implement the HFGITR_EL2.ERET trapPeter Maydell
Implement the HFGITR_EL2.ERET fine-grained trap. This traps execution from AArch64 EL1 of ERET, ERETAA and ERETAB. The trap is reported with a syndrome value of 0x1a. The trap must take precedence over a possible pointer-authentication trap for ERETAA and ERETAB. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-21-peter.maydell@linaro.org Message-id: 20230127175507.2895013-21-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 48..63Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 48..63. Some of these bits are for trapping instructions which are not in the system instruction encoding (i.e. which are not handled by the ARMCPRegInfo mechanism): * ERET, ERETAA, ERETAB * SVC We will have to handle those separately and manually. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-20-peter.maydell@linaro.org Message-id: 20230127175507.2895013-20-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 18..47Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 18..47. These bits cover TLBI TLB maintenance instructions. (If we implemented FEAT_XS we would need to trap some of the instructions added by that feature using these bits; but we don't yet, so will need to add the .fgt markup when we do.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-19-peter.maydell@linaro.org Message-id: 20230127175507.2895013-19-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 12..17Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 12..17. These bits cover AT address translation instructions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-18-peter.maydell@linaro.org Message-id: 20230127175507.2895013-18-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 0..11Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 0..11. These bits cover various cache maintenance operations. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-17-peter.maydell@linaro.org Message-id: 20230127175507.2895013-17-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HDFGRTR bits 12..63Peter Maydell
Mark up the sysreg definitions for the registers trapped by HDFGRTR/HDFGWTR bits 12..x. Bits 12..22 and bit 58 are for PMU registers. The remaining bits in HDFGRTR/HDFGWTR are for traps on registers that are part of features we don't implement: Bits 23..32 and 63 : FEAT_SPE Bits 33..48 : FEAT_ETE Bits 50..56 : FEAT_TRBE Bits 59..61 : FEAT_BRBE Bit 62 : FEAT_SPEv1p2. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-16-peter.maydell@linaro.org Message-id: 20230127175507.2895013-16-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HDFGRTR bits 0..11Peter Maydell
Mark up the sysreg definitons for the registers trapped by HDFGRTR/HDFGWTR bits 0..11. These cover various debug related registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-15-peter.maydell@linaro.org Message-id: 20230127175507.2895013-15-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 36..63Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 36..63. Of these, some correspond to RAS registers which we implement as always-UNDEF: these don't need any extra handling for FGT because the UNDEF-to-EL1 always takes priority over any theoretical FGT-trap-to-EL2. Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part of the FEAT_LS64_ACCDATA feature which we don't yet implement. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-14-peter.maydell@linaro.org Message-id: 20230127175507.2895013-14-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 24..35Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 24..35. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-13-peter.maydell@linaro.org Message-id: 20230127175507.2895013-13-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 12..23Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 12..23. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-12-peter.maydell@linaro.org Message-id: 20230127175507.2895013-12-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 0..11Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 0..11. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-11-peter.maydell@linaro.org Message-id: 20230127175507.2895013-11-peter.maydell@linaro.org
2023-02-03target/arm: Implement FGT trapping infrastructurePeter Maydell
Implement the machinery for fine-grained traps on normal sysregs. Any sysreg with a fine-grained trap will set the new field to indicate which FGT register bit it should trap on. FGT traps only happen when an AArch64 EL2 enables them for an AArch64 EL1. They therefore are only relevant for AArch32 cpregs when the cpreg can be accessed from EL0. The logic in access_check_cp_reg() will check this, so it is safe to add a .fgt marking to an ARM_CP_STATE_BOTH ARMCPRegInfo. The DO_BIT and DO_REV_BIT macros define enum constants FGT_##bitname which can be used to specify the FGT bit, eg .fgt = FGT_AFSR0_EL1 (We assume that there is no bit name duplication across the FGT registers, for brevity's sake.) Subsequent commits will add the .fgt fields to the relevant register definitions and define the FGT_nnn values for them. Note that some of the FGT traps are for instructions that we don't handle via the cpregs mechanisms (mostly these are instruction traps). Those we will have to handle separately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-10-peter.maydell@linaro.org Message-id: 20230127175507.2895013-10-peter.maydell@linaro.org
2023-02-03target/arm: Define the FEAT_FGT registersPeter Maydell
Define the system registers which are provided by the FEAT_FGT fine-grained trap architectural feature: HFGRTR_EL2, HFGWTR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, HFGITR_EL2 All these registers are a set of bit fields, where each bit is set for a trap and clear to not trap on a particular system register access. The R and W register pairs are for system registers, allowing trapping to be done separately for reads and writes; the I register is for system instructions where trapping is on instruction execution. The data storage in the CPU state struct is arranged as a set of arrays rather than separate fields so that when we're looking up the bits for a system register access we can just index into the array rather than having to use a switch to select a named struct member. The later FEAT_FGT2 will add extra elements to these arrays. The field definitions for the new registers are in cpregs.h because in practice the code that needs them is code that also needs the cpregs information; cpu.h is included in a lot more files. We're also going to add some FGT-specific definitions to cpregs.h in the next commit. We do not implement HAFGRTR_EL2, because we don't implement FEAT_AMUv1. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-9-peter.maydell@linaro.org Message-id: 20230127175507.2895013-9-peter.maydell@linaro.org
2023-02-03target/arm: Disable HSTR_EL2 traps if EL2 is not enabledPeter Maydell
The HSTR_EL2 register is not supposed to have an effect unless EL2 is enabled in the current security state. We weren't checking for this, which meant that if the guest set up the HSTR_EL2 register we would incorrectly trap even for accesses from Secure EL0 and EL1. Add the missing checks. (Other places where we look at HSTR_EL2 for the not-in-v8A bits TTEE and TJDBX are already checking that we are in NS EL0 or EL1, so there we alredy know EL2 is enabled.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-8-peter.maydell@linaro.org Message-id: 20230127175507.2895013-8-peter.maydell@linaro.org
2023-02-03target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1Peter Maydell
The semantics of HSTR_EL2 require that it traps cpreg accesses to EL2 for: * EL1 accesses * EL0 accesses, if the access is not UNDEFINED when the trap bit is 0 (You can see this in the I_ZFGJP priority ordering, where HSTR_EL2 traps from EL1 to EL2 are priority 12, UNDEFs are priority 13, and HSTR_EL2 traps from EL0 are priority 15.) However, we don't get this right for EL1 accesses which UNDEF because the register doesn't exist at all or because its ri->access bits non-configurably forbid the access. At EL1, check for the HSTR_EL2 trap early, before either of these UNDEF reasons. We have to retain the HSTR_EL2 check in access_check_cp_reg(), because at EL0 any kind of UNDEF-to-EL1 (including "no such register", "bad ri->access" and "ri->accessfn returns 'trap to EL1'") takes precedence over the trap to EL2. But we only need to do that check for EL0 now. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230130182459.3309057-7-peter.maydell@linaro.org Message-id: 20230127175507.2895013-7-peter.maydell@linaro.org
2023-02-03target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 trapsPeter Maydell
The HSTR_EL2 register has a collection of trap bits which allow trapping to EL2 for AArch32 EL0 or EL1 accesses to coprocessor registers. The specification of these bits is that when the bit is set we should trap * EL1 accesses * EL0 accesses, if the access is not UNDEFINED when the trap bit is 0 In other words, all UNDEF traps from EL0 to EL1 take precedence over the HSTR_EL2 trap to EL2. (Since this is all AArch32, the only kind of trap-to-EL1 is the UNDEF.) Our implementation doesn't quite get this right -- we check for traps in the order: * no such register * ARMCPRegInfo::access bits * HSTR_EL2 trap bits * ARMCPRegInfo::accessfn So UNDEFs that happen because of the access bits or because the register doesn't exist at all correctly take priority over the HSTR_EL2 trap, but where a register can UNDEF at EL0 because of the accessfn we are incorrectly always taking the HSTR_EL2 trap. There aren't many of these, but one example is the PMCR; if you look at the access pseudocode for this register you can see that UNDEFs taken because of the value of PMUSERENR.EN are checked before the HSTR_EL2 bit. Rearrange helper_access_check_cp_reg() so that we always call the accessfn, and use its return value if it indicates that the access traps to EL0 rather than continuing to do the HSTR_EL2 check. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-6-peter.maydell@linaro.org Message-id: 20230127175507.2895013-6-peter.maydell@linaro.org
2023-02-03target/arm: Move do_coproc_insn() syndrome calculation earlierPeter Maydell
Rearrange the code in do_coproc_insn() so that we calculate the syndrome value for a potential trap early; we're about to add a second check that wants this value earlier than where it is currently determined. (Specifically, a trap to EL2 because of HSTR_EL2 should take priority over an UNDEF to EL1, even when the UNDEF is because the register does not exist at all or because its ri->access bits non-configurably fail the access. So the check we put in for HSTR_EL2 trapping at EL1 (which needs the syndrome) is going to have to be done before the check "is the ARMCPRegInfo pointer NULL".) This commit is just code motion; the change to HSTR_EL2 handling that will use the 'syndrome' variable is in a subsequent commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-5-peter.maydell@linaro.org Message-id: 20230127175507.2895013-5-peter.maydell@linaro.org
2023-02-03target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3}Peter Maydell
We added the CPAccessResult values CP_ACCESS_TRAP_UNCATEGORIZED_EL2 and CP_ACCESS_TRAP_UNCATEGORIZED_EL3 purely in order to use them in the ats_access() function, but doing so was incorrect (a bug fixed in a previous commit). There aren't any cases where we want an access function to be able to request a trap to EL2 or EL3 with a zero syndrome value, so remove these enum values. As well as cleaning up dead code, the motivation here is that we'd like to implement fine-grained-trap handling in helper_access_check_cp_reg(). Although the fine-grained traps to EL2 are always lower priority than trap-to-same-EL and higher priority than trap-to-EL3, they are in the middle of various other kinds of trap-to-EL2. Knowing that a trap-to-EL2 must always for us have the same syndrome (ie that an access function will return CP_ACCESS_TRAP_EL2 and there is no other kind of trap-to-EL2 enum value) means we don't have to try to choose which of the two syndrome values to report if the access would trap to EL2 both for the fine-grained-trap and because the access function requires it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-4-peter.maydell@linaro.org Message-id: 20230127175507.2895013-4-peter.maydell@linaro.org
2023-02-03target/arm: Correct syndrome for ATS12NSO* at Secure EL1Peter Maydell
The AArch32 ATS12NSO* address translation operations are supposed to trap to either EL2 or EL3 if they're executed at Secure EL1 (which can only happen if EL3 is AArch64). We implement this, but we got the syndrome value wrong: like other traps to EL2 or EL3 on an AArch32 cpreg access, they should report the 0x3 syndrome, not the 0x0 'uncategorized' syndrome. This is clear in the access pseudocode for these instructions. Fix the syndrome value for these operations by correcting the returned value from the ats_access() function. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-3-peter.maydell@linaro.org Message-id: 20230127175507.2895013-3-peter.maydell@linaro.org
2023-02-03target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctlyPeter Maydell
The encodings 0,0,C7,C9,0 and 0,0,C7,C9,1 are AT SP1E1RP and AT S1E1WP, but our ARMCPRegInfo definitions for them incorrectly name them AT S1E1R and AT S1E1W (which are entirely different instructions). Fix the names. (This has no guest-visible effect as the names are for debug purposes only.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-2-peter.maydell@linaro.org Message-id: 20230127175507.2895013-2-peter.maydell@linaro.org
2023-02-03hvf: arm: Add support for GICv3Alexander Graf
We currently only support GICv2 emulation. To also support GICv3, we will need to pass a few system registers into their respective handler functions. This patch adds support for HVF to call into the TCG callbacks for GICv3 system register handlers. This is safe because the GICv3 TCG code is generic as long as we limit ourselves to EL0 and EL1 - which are the only modes supported by HVF. To make sure nobody trips over that, we also annotate callbacks that don't work in HVF mode, such as EL state change hooks. With GICv3 support in place, we can run with more than 8 vCPUs. Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-id: 20230128224459.70676-1-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-03target/arm: Fix physical address resolution for Stage2Richard Henderson
Conversion to probe_access_full missed applying the page offset. Cc: qemu-stable@nongnu.org Reported-by: Sid Manning <sidneym@quicinc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230126233134.103193-1-richard.henderson@linaro.org Fixes: f3639a64f602 ("target/arm: Use softmmu tlbs for page table walking") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Look up ARMCPRegInfo at runtimeRichard Henderson
Do not encode the pointer as a constant in the opcode stream. This pointer is specific to the cpu that first generated the translation, which runs into problems with both hot-pluggable cpus and user-only threads, as cpus are removed. It's also a potential correctness issue in the theoretical case of a slightly-heterogenous system, because if CPU 0 generates a TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's hash table, which might have a wrong set of registers in it. (All our current systems are either completely homogenous, M-profile, or have CPUs sufficiently different that they wouldn't be sharing TBs anyway because the differences would show up in the TB flags, so the correctness issue is only theoretical, not practical.) Perform the lookup in either helper_access_check_cp_reg, or a new helper_lookup_cp_reg. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org [PMM: added note in commit message about correctness issue] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Reorg do_coproc_insnRichard Henderson
Move the ri == NULL case to the top of the function and return. This allows the else to be removed and the code unindented. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230106194451.1213153-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: provide stubs for more external debug registersEvgeny Iakovlev
Qemu doesn't implement Debug Communication Channel, as well as the rest of external debug interface. However, Microsoft Hyper-V in tries to access some of those registers during an EL2 context switch. Since there is no architectural way to not advertise support for external debug, provide RAZ/WI stubs for OSDTRRX_EL1, OSDTRTX_EL1 and OSECCR_EL1 registers in the same way the rest of DCM is currently done. Do account for access traps though with access_tda. Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230120155929.32384-3-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: implement DBGCLAIM registersEvgeny Iakovlev
The architecture does not define any functionality for the CLAIM tag bits. So we will just keep the raw bits, as per spec. Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230120155929.32384-2-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Don't set EXC_RETURN.ES if Security Extension not presentPeter Maydell
In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if either the exception targets Secure or if the CPU doesn't implement the Security Extension. This is incorrect: the v8M Arm ARM specifies that the ES bit should be RES0 if the Security Extension is not implemented, and the pseudocode agrees. Remove the incorrect condition, so that we leave the ES bit 0 if the Security Extension isn't implemented. This doesn't have any guest-visible effects for our current set of emulated CPUs, because all our v8M CPUs implement the Security Extension; but it's worth fixing in case we add a v8M CPU without the extension in future. Reported-by: Igor Kotrasinski <i.kotrasinsk@samsung.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-01-23target/arm: Fix in_debug path in S1_ptw_translateRichard Henderson
During the conversion, the test against get_phys_addr_lpae got inverted, meaning that successful translations went to the 'failed' label. Cc: qemu-stable@nongnu.org Fixes: f3639a64f60 ("target/arm: Use softmmu tlbs for page table walking") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230114054605.2977022-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Fix physical address resolution for MTERichard Henderson
Conversion to probe_access_full missed applying the page offset. Fixes: b8967ddf ("target/arm: Use probe_access_full for MTE") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1416 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230114031213.2970349-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()Richard Henderson
Unify the two helper_set_pstate_{sm,za} in this function. Do not call helper_* functions from svcr_write. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-8-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Rebuild hflags in aarch64_set_svcr()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-7-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Reset ZA state in aarch64_set_svcr()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-6-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Reset SVE state in aarch64_set_svcr()Richard Henderson
Move arm_reset_sve_state() calls to aarch64_set_svcr(). Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-5-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Introduce aarch64_set_svcr()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-4-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Rebuild hflags in set_pstate() helpersRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-3-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Reorg SME access handling in handle_msr_i()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-2-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Unify checking for M Main Extension in MRS/MSRDavid Reiss
BASEPRI, FAULTMASK, and their _NS equivalents only exist on devices with the Main Extension. However, the MRS instruction did not check this, and the MSR instruction handled it inconsistently (warning BASEPRI, but silently ignoring writes to BASEPRI_NS). Unify this behavior and always warn when reading or writing any of these registers if the extension is not present. Signed-off-by: David Reiss <dreiss@meta.com> Message-id: 167330628518.10497.13100425787268927786-0@git.sr.ht Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Widen cnthctl_el2 to uint64_tRichard Henderson
This is a 64-bit register on AArch64, even if the high 44 bits are RES0. Because this is defined as ARM_CP_STATE_BOTH, we are asserting that the cpreg field is 64-bits. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1400 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230115171633.3171890-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-13target/arm: allow writes to SCR_EL3.HXEn bit when FEAT_HCX is enabledEvgeny Iakovlev
ARM trusted firmware, when built with FEAT_HCX support, sets SCR_EL3.HXEn bit to allow EL2 to modify HCRX_EL2 register without trapping it in EL3. Qemu uses a valid mask to clear unsupported SCR_EL3 bits when emulating SCR_EL3 write, and that mask doesn't include SCR_EL3.HXEn bit even if FEAT_HCX is enabled and exposed to the guest. As a result EL3 writes of that bit are ignored. Cc: qemu-stable@nongnu.org Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Message-id: 20230105221251.17896-4-eiakovlev@linux.microsoft.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-12target/arm: Fix sve_probe_pageRichard Henderson
Don't dereference CPUTLBEntryFull until we verify that the page is valid. Move the other user-only info field updates after the valid check to match. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1412 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230104190056.305143-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-05target/arm: align exposed ID registers with LinuxZhuojia Shen
In CPUID registers exposed to userspace, some registers were missing and some fields were not exposed. This patch aligns exposed ID registers and their fields with what the upstream kernel currently exposes. Specifically, the following new ID registers/fields are exposed to userspace: ID_AA64PFR1_EL1.BT: bits 3-0 ID_AA64PFR1_EL1.MTE: bits 11-8 ID_AA64PFR1_EL1.SME: bits 27-24 ID_AA64ZFR0_EL1.SVEver: bits 3-0 ID_AA64ZFR0_EL1.AES: bits 7-4 ID_AA64ZFR0_EL1.BitPerm: bits 19-16 ID_AA64ZFR0_EL1.BF16: bits 23-20 ID_AA64ZFR0_EL1.SHA3: bits 35-32 ID_AA64ZFR0_EL1.SM4: bits 43-40 ID_AA64ZFR0_EL1.I8MM: bits 47-44 ID_AA64ZFR0_EL1.F32MM: bits 55-52 ID_AA64ZFR0_EL1.F64MM: bits 59-56 ID_AA64SMFR0_EL1.F32F32: bit 32 ID_AA64SMFR0_EL1.B16F32: bit 34 ID_AA64SMFR0_EL1.F16F32: bit 35 ID_AA64SMFR0_EL1.I8I32: bits 39-36 ID_AA64SMFR0_EL1.F64F64: bit 48 ID_AA64SMFR0_EL1.I16I64: bits 55-52 ID_AA64SMFR0_EL1.FA64: bit 63 ID_AA64MMFR0_EL1.ECV: bits 63-60 ID_AA64MMFR1_EL1.AFP: bits 47-44 ID_AA64MMFR2_EL1.AT: bits 35-32 ID_AA64ISAR0_EL1.RNDR: bits 63-60 ID_AA64ISAR1_EL1.FRINTTS: bits 35-32 ID_AA64ISAR1_EL1.BF16: bits 47-44 ID_AA64ISAR1_EL1.DGH: bits 51-48 ID_AA64ISAR1_EL1.I8MM: bits 55-52 ID_AA64ISAR2_EL1.WFxT: bits 3-0 ID_AA64ISAR2_EL1.RPRES: bits 7-4 ID_AA64ISAR2_EL1.GPA3: bits 11-8 ID_AA64ISAR2_EL1.APA3: bits 15-12 The code is also refactored to use symbolic names for ID register fields for better readability and maintainability. The test case in tests/tcg/aarch64/sysregs.c is also updated to match the intended behavior. Signed-off-by: Zhuojia Shen <chaosdefinition@hotmail.com> Message-id: DS7PR12MB6309FB585E10772928F14271ACE79@DS7PR12MB6309.namprd12.prod.outlook.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: use Sn_n_Cn_Cn_n syntax to work with older assemblers that don't recognize id_aa64isar2_el1 and id_aa64mmfr2_el1] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-05target/arm: cleanup cpu includesClaudio Fontana
Remove some unused headers. Signed-off-by: Claudio Fontana <cfontana@suse.de> Acked-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de> Message-id: 20221213190537.511-7-farosas@suse.de [added back some includes that are still needed at this point] Signed-off-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-05target/arm: Remove unused includes from helper.cFabiano Rosas
Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20221213190537.511-6-farosas@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-05target/arm: Remove unused includes from m_helper.cFabiano Rosas
Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20221213190537.511-5-farosas@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-05target/arm: Fix checkpatch brace errors in helper.cFabiano Rosas
Fix this: ERROR: braces {} are necessary for all arms of this statement Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20221213190537.511-4-farosas@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>