aboutsummaryrefslogtreecommitdiff
path: root/target/arm
AgeCommit message (Collapse)Author
2023-02-16target/arm: wrap psci call with tcg_enabledClaudio Fontana
for "all" builds (tcg + kvm), we want to avoid doing the psci check if tcg is built-in, but not enabled. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Fabiano Rosas <farosas@suse.de> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: rename handle_semihosting to tcg_handle_semihostingClaudio Fontana
make it clearer from the name that this is a tcg-only function. Signed-off-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Declare CPU <-> NVIC helpers in 'hw/intc/armv7m_nvic.h'Philippe Mathieu-Daudé
While dozens of files include "cpu.h", only 3 files require these NVIC helper declarations. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230206223502.25122-12-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Store CPUARMState::nvic as NVICState*Philippe Mathieu-Daudé
There is no point in using a void pointer to access the NVIC. Use the real type to avoid casting it while debugging. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-11-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Restrict CPUARMState::nvic to sysemuPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-10-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Restrict CPUARMState::arm_boot_info to sysemuPhilippe Mathieu-Daudé
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230206223502.25122-9-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Restrict CPUARMState::gicv3state to sysemuPhilippe Mathieu-Daudé
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230206223502.25122-8-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Avoid resetting CPUARMState::eabi fieldPhilippe Mathieu-Daudé
Although the 'eabi' field is only used in user emulation where CPU reset doesn't occur, it doesn't belong to the area to reset. Move it after the 'end_reset_fields' for consistency. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230206223502.25122-7-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Convert CPUARMState::eabi to booleanPhilippe Mathieu-Daudé
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-6-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Constify ID_PFR1 on user emulationPhilippe Mathieu-Daudé
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230206223502.25122-5-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Reduce arm_v7m_mmu_idx_[all/for_secstate_and_priv]() scopePhilippe Mathieu-Daudé
arm_v7m_mmu_idx_all() and arm_v7m_mmu_idx_for_secstate_and_priv() are only used for system emulation in m_helper.c. Move the definitions to avoid prototype forward declarations. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-4-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Simplify arm_v7m_mmu_idx_for_secstate() for user emulationPhilippe Mathieu-Daudé
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-3-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-04target/arm: Use tcg_gen_atomic_cmpxchg_i128 for CASPRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20221112042555.2622152-3-richard.henderson@linaro.org>
2023-02-04target/arm: Use tcg_gen_atomic_cmpxchg_i128 for STXPRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20221112042555.2622152-2-richard.henderson@linaro.org>
2023-02-03target/arm: Enable FEAT_FGT on '-cpu max'Peter Maydell
Update the ID registers for TCG's '-cpu max' to report the presence of FEAT_FGT Fine-Grained Traps support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-24-peter.maydell@linaro.org Message-id: 20230127175507.2895013-24-peter.maydell@linaro.org
2023-02-03target/arm: Implement MDCR_EL2.TDCC and MDCR_EL3.TDCC trapsPeter Maydell
FEAT_FGT also implements an extra trap bit in the MDCR_EL2 and MDCR_EL3 registers: bit TDCC enables trapping of use of the Debug Comms Channel registers OSDTRRX_EL1, OSDTRTX_EL1, MDCCSR_EL0, MDCCINT_EL0, DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0 (and their AArch32 equivalents). This trapping is independent of whether fine-grained traps are enabled or not. Implement these extra traps. (We don't implement DBGDTR_EL0, DBGDTRRX_EL0 and DBGDTRTX_EL0.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-23-peter.maydell@linaro.org Message-id: 20230127175507.2895013-23-peter.maydell@linaro.org
2023-02-03target/arm: Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 trapsPeter Maydell
Implement the HFGITR_EL2.SVC_EL0 and SVC_EL1 fine-grained traps. These trap execution of the SVC instruction from AArch32 and AArch64. (As usual, AArch32 can only trap from EL0, as fine grained traps are disabled with an AArch32 EL1.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-22-peter.maydell@linaro.org Message-id: 20230127175507.2895013-22-peter.maydell@linaro.org
2023-02-03target/arm: Implement the HFGITR_EL2.ERET trapPeter Maydell
Implement the HFGITR_EL2.ERET fine-grained trap. This traps execution from AArch64 EL1 of ERET, ERETAA and ERETAB. The trap is reported with a syndrome value of 0x1a. The trap must take precedence over a possible pointer-authentication trap for ERETAA and ERETAB. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-21-peter.maydell@linaro.org Message-id: 20230127175507.2895013-21-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 48..63Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 48..63. Some of these bits are for trapping instructions which are not in the system instruction encoding (i.e. which are not handled by the ARMCPRegInfo mechanism): * ERET, ERETAA, ERETAB * SVC We will have to handle those separately and manually. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-20-peter.maydell@linaro.org Message-id: 20230127175507.2895013-20-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 18..47Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 18..47. These bits cover TLBI TLB maintenance instructions. (If we implemented FEAT_XS we would need to trap some of the instructions added by that feature using these bits; but we don't yet, so will need to add the .fgt markup when we do.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-19-peter.maydell@linaro.org Message-id: 20230127175507.2895013-19-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 12..17Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 12..17. These bits cover AT address translation instructions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-18-peter.maydell@linaro.org Message-id: 20230127175507.2895013-18-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGITR bits 0..11Peter Maydell
Mark up the sysreg definitions for the system instructions trapped by HFGITR bits 0..11. These bits cover various cache maintenance operations. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-17-peter.maydell@linaro.org Message-id: 20230127175507.2895013-17-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HDFGRTR bits 12..63Peter Maydell
Mark up the sysreg definitions for the registers trapped by HDFGRTR/HDFGWTR bits 12..x. Bits 12..22 and bit 58 are for PMU registers. The remaining bits in HDFGRTR/HDFGWTR are for traps on registers that are part of features we don't implement: Bits 23..32 and 63 : FEAT_SPE Bits 33..48 : FEAT_ETE Bits 50..56 : FEAT_TRBE Bits 59..61 : FEAT_BRBE Bit 62 : FEAT_SPEv1p2. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-16-peter.maydell@linaro.org Message-id: 20230127175507.2895013-16-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HDFGRTR bits 0..11Peter Maydell
Mark up the sysreg definitons for the registers trapped by HDFGRTR/HDFGWTR bits 0..11. These cover various debug related registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-15-peter.maydell@linaro.org Message-id: 20230127175507.2895013-15-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 36..63Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 36..63. Of these, some correspond to RAS registers which we implement as always-UNDEF: these don't need any extra handling for FGT because the UNDEF-to-EL1 always takes priority over any theoretical FGT-trap-to-EL2. Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part of the FEAT_LS64_ACCDATA feature which we don't yet implement. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-14-peter.maydell@linaro.org Message-id: 20230127175507.2895013-14-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 24..35Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 24..35. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-13-peter.maydell@linaro.org Message-id: 20230127175507.2895013-13-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 12..23Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 12..23. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-12-peter.maydell@linaro.org Message-id: 20230127175507.2895013-12-peter.maydell@linaro.org
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 0..11Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 0..11. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-11-peter.maydell@linaro.org Message-id: 20230127175507.2895013-11-peter.maydell@linaro.org
2023-02-03target/arm: Implement FGT trapping infrastructurePeter Maydell
Implement the machinery for fine-grained traps on normal sysregs. Any sysreg with a fine-grained trap will set the new field to indicate which FGT register bit it should trap on. FGT traps only happen when an AArch64 EL2 enables them for an AArch64 EL1. They therefore are only relevant for AArch32 cpregs when the cpreg can be accessed from EL0. The logic in access_check_cp_reg() will check this, so it is safe to add a .fgt marking to an ARM_CP_STATE_BOTH ARMCPRegInfo. The DO_BIT and DO_REV_BIT macros define enum constants FGT_##bitname which can be used to specify the FGT bit, eg .fgt = FGT_AFSR0_EL1 (We assume that there is no bit name duplication across the FGT registers, for brevity's sake.) Subsequent commits will add the .fgt fields to the relevant register definitions and define the FGT_nnn values for them. Note that some of the FGT traps are for instructions that we don't handle via the cpregs mechanisms (mostly these are instruction traps). Those we will have to handle separately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-10-peter.maydell@linaro.org Message-id: 20230127175507.2895013-10-peter.maydell@linaro.org
2023-02-03target/arm: Define the FEAT_FGT registersPeter Maydell
Define the system registers which are provided by the FEAT_FGT fine-grained trap architectural feature: HFGRTR_EL2, HFGWTR_EL2, HDFGRTR_EL2, HDFGWTR_EL2, HFGITR_EL2 All these registers are a set of bit fields, where each bit is set for a trap and clear to not trap on a particular system register access. The R and W register pairs are for system registers, allowing trapping to be done separately for reads and writes; the I register is for system instructions where trapping is on instruction execution. The data storage in the CPU state struct is arranged as a set of arrays rather than separate fields so that when we're looking up the bits for a system register access we can just index into the array rather than having to use a switch to select a named struct member. The later FEAT_FGT2 will add extra elements to these arrays. The field definitions for the new registers are in cpregs.h because in practice the code that needs them is code that also needs the cpregs information; cpu.h is included in a lot more files. We're also going to add some FGT-specific definitions to cpregs.h in the next commit. We do not implement HAFGRTR_EL2, because we don't implement FEAT_AMUv1. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-9-peter.maydell@linaro.org Message-id: 20230127175507.2895013-9-peter.maydell@linaro.org
2023-02-03target/arm: Disable HSTR_EL2 traps if EL2 is not enabledPeter Maydell
The HSTR_EL2 register is not supposed to have an effect unless EL2 is enabled in the current security state. We weren't checking for this, which meant that if the guest set up the HSTR_EL2 register we would incorrectly trap even for accesses from Secure EL0 and EL1. Add the missing checks. (Other places where we look at HSTR_EL2 for the not-in-v8A bits TTEE and TJDBX are already checking that we are in NS EL0 or EL1, so there we alredy know EL2 is enabled.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-8-peter.maydell@linaro.org Message-id: 20230127175507.2895013-8-peter.maydell@linaro.org
2023-02-03target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1Peter Maydell
The semantics of HSTR_EL2 require that it traps cpreg accesses to EL2 for: * EL1 accesses * EL0 accesses, if the access is not UNDEFINED when the trap bit is 0 (You can see this in the I_ZFGJP priority ordering, where HSTR_EL2 traps from EL1 to EL2 are priority 12, UNDEFs are priority 13, and HSTR_EL2 traps from EL0 are priority 15.) However, we don't get this right for EL1 accesses which UNDEF because the register doesn't exist at all or because its ri->access bits non-configurably forbid the access. At EL1, check for the HSTR_EL2 trap early, before either of these UNDEF reasons. We have to retain the HSTR_EL2 check in access_check_cp_reg(), because at EL0 any kind of UNDEF-to-EL1 (including "no such register", "bad ri->access" and "ri->accessfn returns 'trap to EL1'") takes precedence over the trap to EL2. But we only need to do that check for EL0 now. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230130182459.3309057-7-peter.maydell@linaro.org Message-id: 20230127175507.2895013-7-peter.maydell@linaro.org
2023-02-03target/arm: All UNDEF-at-EL0 traps take priority over HSTR_EL2 trapsPeter Maydell
The HSTR_EL2 register has a collection of trap bits which allow trapping to EL2 for AArch32 EL0 or EL1 accesses to coprocessor registers. The specification of these bits is that when the bit is set we should trap * EL1 accesses * EL0 accesses, if the access is not UNDEFINED when the trap bit is 0 In other words, all UNDEF traps from EL0 to EL1 take precedence over the HSTR_EL2 trap to EL2. (Since this is all AArch32, the only kind of trap-to-EL1 is the UNDEF.) Our implementation doesn't quite get this right -- we check for traps in the order: * no such register * ARMCPRegInfo::access bits * HSTR_EL2 trap bits * ARMCPRegInfo::accessfn So UNDEFs that happen because of the access bits or because the register doesn't exist at all correctly take priority over the HSTR_EL2 trap, but where a register can UNDEF at EL0 because of the accessfn we are incorrectly always taking the HSTR_EL2 trap. There aren't many of these, but one example is the PMCR; if you look at the access pseudocode for this register you can see that UNDEFs taken because of the value of PMUSERENR.EN are checked before the HSTR_EL2 bit. Rearrange helper_access_check_cp_reg() so that we always call the accessfn, and use its return value if it indicates that the access traps to EL0 rather than continuing to do the HSTR_EL2 check. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-6-peter.maydell@linaro.org Message-id: 20230127175507.2895013-6-peter.maydell@linaro.org
2023-02-03target/arm: Move do_coproc_insn() syndrome calculation earlierPeter Maydell
Rearrange the code in do_coproc_insn() so that we calculate the syndrome value for a potential trap early; we're about to add a second check that wants this value earlier than where it is currently determined. (Specifically, a trap to EL2 because of HSTR_EL2 should take priority over an UNDEF to EL1, even when the UNDEF is because the register does not exist at all or because its ri->access bits non-configurably fail the access. So the check we put in for HSTR_EL2 trapping at EL1 (which needs the syndrome) is going to have to be done before the check "is the ARMCPRegInfo pointer NULL".) This commit is just code motion; the change to HSTR_EL2 handling that will use the 'syndrome' variable is in a subsequent commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-5-peter.maydell@linaro.org Message-id: 20230127175507.2895013-5-peter.maydell@linaro.org
2023-02-03target/arm: Remove CP_ACCESS_TRAP_UNCATEGORIZED_{EL2, EL3}Peter Maydell
We added the CPAccessResult values CP_ACCESS_TRAP_UNCATEGORIZED_EL2 and CP_ACCESS_TRAP_UNCATEGORIZED_EL3 purely in order to use them in the ats_access() function, but doing so was incorrect (a bug fixed in a previous commit). There aren't any cases where we want an access function to be able to request a trap to EL2 or EL3 with a zero syndrome value, so remove these enum values. As well as cleaning up dead code, the motivation here is that we'd like to implement fine-grained-trap handling in helper_access_check_cp_reg(). Although the fine-grained traps to EL2 are always lower priority than trap-to-same-EL and higher priority than trap-to-EL3, they are in the middle of various other kinds of trap-to-EL2. Knowing that a trap-to-EL2 must always for us have the same syndrome (ie that an access function will return CP_ACCESS_TRAP_EL2 and there is no other kind of trap-to-EL2 enum value) means we don't have to try to choose which of the two syndrome values to report if the access would trap to EL2 both for the fine-grained-trap and because the access function requires it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-4-peter.maydell@linaro.org Message-id: 20230127175507.2895013-4-peter.maydell@linaro.org
2023-02-03target/arm: Correct syndrome for ATS12NSO* at Secure EL1Peter Maydell
The AArch32 ATS12NSO* address translation operations are supposed to trap to either EL2 or EL3 if they're executed at Secure EL1 (which can only happen if EL3 is AArch64). We implement this, but we got the syndrome value wrong: like other traps to EL2 or EL3 on an AArch32 cpreg access, they should report the 0x3 syndrome, not the 0x0 'uncategorized' syndrome. This is clear in the access pseudocode for these instructions. Fix the syndrome value for these operations by correcting the returned value from the ats_access() function. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-3-peter.maydell@linaro.org Message-id: 20230127175507.2895013-3-peter.maydell@linaro.org
2023-02-03target/arm: Name AT_S1E1RP and AT_S1E1WP cpregs correctlyPeter Maydell
The encodings 0,0,C7,C9,0 and 0,0,C7,C9,1 are AT SP1E1RP and AT S1E1WP, but our ARMCPRegInfo definitions for them incorrectly name them AT S1E1R and AT S1E1W (which are entirely different instructions). Fix the names. (This has no guest-visible effect as the names are for debug purposes only.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-2-peter.maydell@linaro.org Message-id: 20230127175507.2895013-2-peter.maydell@linaro.org
2023-02-03hvf: arm: Add support for GICv3Alexander Graf
We currently only support GICv2 emulation. To also support GICv3, we will need to pass a few system registers into their respective handler functions. This patch adds support for HVF to call into the TCG callbacks for GICv3 system register handlers. This is safe because the GICv3 TCG code is generic as long as we limit ourselves to EL0 and EL1 - which are the only modes supported by HVF. To make sure nobody trips over that, we also annotate callbacks that don't work in HVF mode, such as EL state change hooks. With GICv3 support in place, we can run with more than 8 vCPUs. Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-id: 20230128224459.70676-1-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-03target/arm: Fix physical address resolution for Stage2Richard Henderson
Conversion to probe_access_full missed applying the page offset. Cc: qemu-stable@nongnu.org Reported-by: Sid Manning <sidneym@quicinc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230126233134.103193-1-richard.henderson@linaro.org Fixes: f3639a64f602 ("target/arm: Use softmmu tlbs for page table walking") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Look up ARMCPRegInfo at runtimeRichard Henderson
Do not encode the pointer as a constant in the opcode stream. This pointer is specific to the cpu that first generated the translation, which runs into problems with both hot-pluggable cpus and user-only threads, as cpus are removed. It's also a potential correctness issue in the theoretical case of a slightly-heterogenous system, because if CPU 0 generates a TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's hash table, which might have a wrong set of registers in it. (All our current systems are either completely homogenous, M-profile, or have CPUs sufficiently different that they wouldn't be sharing TBs anyway because the differences would show up in the TB flags, so the correctness issue is only theoretical, not practical.) Perform the lookup in either helper_access_check_cp_reg, or a new helper_lookup_cp_reg. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org [PMM: added note in commit message about correctness issue] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Reorg do_coproc_insnRichard Henderson
Move the ri == NULL case to the top of the function and return. This allows the else to be removed and the code unindented. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230106194451.1213153-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: provide stubs for more external debug registersEvgeny Iakovlev
Qemu doesn't implement Debug Communication Channel, as well as the rest of external debug interface. However, Microsoft Hyper-V in tries to access some of those registers during an EL2 context switch. Since there is no architectural way to not advertise support for external debug, provide RAZ/WI stubs for OSDTRRX_EL1, OSDTRTX_EL1 and OSECCR_EL1 registers in the same way the rest of DCM is currently done. Do account for access traps though with access_tda. Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230120155929.32384-3-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: implement DBGCLAIM registersEvgeny Iakovlev
The architecture does not define any functionality for the CLAIM tag bits. So we will just keep the raw bits, as per spec. Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230120155929.32384-2-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Don't set EXC_RETURN.ES if Security Extension not presentPeter Maydell
In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if either the exception targets Secure or if the CPU doesn't implement the Security Extension. This is incorrect: the v8M Arm ARM specifies that the ES bit should be RES0 if the Security Extension is not implemented, and the pseudocode agrees. Remove the incorrect condition, so that we leave the ES bit 0 if the Security Extension isn't implemented. This doesn't have any guest-visible effects for our current set of emulated CPUs, because all our v8M CPUs implement the Security Extension; but it's worth fixing in case we add a v8M CPU without the extension in future. Reported-by: Igor Kotrasinski <i.kotrasinsk@samsung.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-01-23target/arm: Fix in_debug path in S1_ptw_translateRichard Henderson
During the conversion, the test against get_phys_addr_lpae got inverted, meaning that successful translations went to the 'failed' label. Cc: qemu-stable@nongnu.org Fixes: f3639a64f60 ("target/arm: Use softmmu tlbs for page table walking") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230114054605.2977022-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm: Fix physical address resolution for MTERichard Henderson
Conversion to probe_access_full missed applying the page offset. Fixes: b8967ddf ("target/arm: Use probe_access_full for MTE") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1416 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230114031213.2970349-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()Richard Henderson
Unify the two helper_set_pstate_{sm,za} in this function. Do not call helper_* functions from svcr_write. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-8-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Rebuild hflags in aarch64_set_svcr()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-7-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Reset ZA state in aarch64_set_svcr()Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-6-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-23target/arm/sme: Reset SVE state in aarch64_set_svcr()Richard Henderson
Move arm_reset_sve_state() calls to aarch64_set_svcr(). Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230112102436.1913-5-philmd@linaro.org Message-Id: <20230112004322.161330-1-richard.henderson@linaro.org> [PMD: Split patch in multiple tiny steps] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>