From patchwork Wed Aug 2 17:01:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338573 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 66F01C001DF for ; Wed, 2 Aug 2023 17:04:15 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEi-0000Po-An; Wed, 02 Aug 2023 13:02:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEg-0000NR-2q for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:10 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEd-0003Tz-J6 for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:09 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-3fbc1218262so761725e9.3 for ; Wed, 02 Aug 2023 10:02:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995725; x=1691600525; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bCTx3e049Pk+oNC5PLbeMgmbnCi39mZL9Wa/yLsQHW8=; b=WoykvEdwJkkaEbmRs8lP161neexyMuDQhPMgL/jFgM/+2tB4anrXeBOjO7ZiMod1aJ 6T5RpszWvkzQWOISyT4npZribk69Frsw0uouxMGfNBFLz38P9/6TiqzKxcDTKSwxs9k3 4vPgQXyCp+fdKPnivSA1v7ehPfRHQi8PUOQPDoxP0YYc1WctFpj2MWENW9YCAMVPzsBg glhbSJV1Gim44WiTpuUVkysRjQTAFE5fjULCtOuix30nJJH2YNRufrwseTP1JDOZ5Oje 34R42BJXVHF3fMUzTALFXR9xprIxSpooTAfnhUGGLp6zOHzQjycnYU5FuX35Ocu2Rvf4 qDsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995725; x=1691600525; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bCTx3e049Pk+oNC5PLbeMgmbnCi39mZL9Wa/yLsQHW8=; b=EVckkMeVjs53+fwkoU7CKGgMSSw1iJzu3CpPg3HWgURLBOWB6DY9xTQ47VwhxSYB+5 uArsc5Yfg8rIY6lYJ2un5KSsR7ytKj4Io1cSKgXQh5PBGLPrhHTz7Vfv3TS08JM5n3xc vG5ome43OTFD9reKqFPlHTvYEBcHgjCFbEHS4KJKIgBdrCFY1gCkyk8h0lDXyPS5In4m L7VCWmDGenpw6oCUMPph68iXxVAtChAmgwN24DH7i4dx05kuSOTnMV7L/+e0TcjHXJ2H 7G4BEZgAY39ZXDPR0xnPlj5CP+RkRuXpIVviaSdMhxc61KPg9IGSiEbJeaLmD2sosM1/ x+IA== X-Gm-Message-State: ABy/qLbC2g0yLPxxhRwbw2fja/BrWp1HeWbH2wZufW3qsCKMzgAd/xTj U8j3guUtzOpMZGF0fvQ79bilpw== X-Google-Smtp-Source: APBJJlGYk1yl3OeaVT5mJL1WN+QxJ2bJT/C/S/1uErxScnHg2dY+qqZKKUKviTjnv301EnFYcYkcTw== X-Received: by 2002:a1c:4b0b:0:b0:3f8:c70e:7ed1 with SMTP id y11-20020a1c4b0b000000b003f8c70e7ed1mr5670748wma.20.1690995724755; Wed, 02 Aug 2023 10:02:04 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:04 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 1/6] target/arm/ptw: Load stage-2 tables from realm physical space Date: Wed, 2 Aug 2023 18:01:52 +0100 Message-ID: <20230802170157.401491-2-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32d; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x32d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In realm state, stage-2 translation tables are fetched from the realm physical address space (R_PGRQD). Signed-off-by: Jean-Philippe Brucker Reviewed-by: Peter Maydell --- target/arm/ptw.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/target/arm/ptw.c b/target/arm/ptw.c index d1de934702..063adbd84a 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -157,22 +157,32 @@ static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx) /* * We're OK to check the current state of the CPU here because - * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes + * (1) we always invalidate all TLBs when the SCR_EL3.NS or SCR_EL3.NSE bit + * changes. * (2) there's no way to do a lookup that cares about Stage 2 for a * different security state to the current one for AArch64, and AArch32 * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do * an NS stage 1+2 lookup while the NS bit is 0.) */ - if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) { + if (!arm_el_is_aa64(env, 3)) { return ARMMMUIdx_Phys_NS; } - if (stage2idx == ARMMMUIdx_Stage2_S) { - s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW); - } else { - s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW); - } - return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS; + switch (arm_security_space_below_el3(env)) { + case ARMSS_NonSecure: + return ARMMMUIdx_Phys_NS; + case ARMSS_Realm: + return ARMMMUIdx_Phys_Realm; + case ARMSS_Secure: + if (stage2idx == ARMMMUIdx_Stage2_S) { + s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW); + } else { + s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW); + } + return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS; + default: + g_assert_not_reached(); + } } static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx) From patchwork Wed Aug 2 17:01:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338572 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2AF38C04A6A for ; Wed, 2 Aug 2023 17:04:12 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEj-0000Rw-Ot; Wed, 02 Aug 2023 13:02:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEg-0000NU-9b for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:10 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEd-0003U9-MF for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:09 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-3fe110de46dso826055e9.1 for ; Wed, 02 Aug 2023 10:02:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995725; x=1691600525; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xq4dJu2qLFemtsjvmEmG9U0HnzxKpgcrkh7e2iGXkwo=; b=IIAXE27qu6FnXpfPbME37q9fpI8BmLW0kAwbw94Xt32DzNhSLLI/ryeGI1pVdocs6l I9J+Hql/DzmZgDitLjw+sAryGxkl/U+QHwt1rNiDuVouslSSvwLfzvCPx9UesBbKFODL Maa0Xej6Yd6WGZSvNN7YKurRqMqp9wlcsRykIHIaB1dyjgeu1X25hsCr5AL3hog9rXmb PRVjt9xu4gV+NWWK0015w2ZqMayqyE2hn2A+L+8ZdOaciMckmzailo3OSZWx30FA2lMq mocIba8mRCTwZQ7tyL1r1Z5QAjTaZ4VOPFVJ+FDBhZZ4dfKA5/pX+Zwmv3GnuFA0rhLx /bJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995725; x=1691600525; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xq4dJu2qLFemtsjvmEmG9U0HnzxKpgcrkh7e2iGXkwo=; b=SBp7Pt53C+dFaXrtN3ZAqa4CQT2RnTAV0dOFz05JVv3RlXoQQJmq23rY67fRmwInnb 5/9VB+DiMqXJutUrcZH2qKQDaXowa54KtSiluj/TjF1vF/Eh08CCMz+J5urdkJhmMbbb rNY3pU58q6GvdSK7qGfod1l0hThRxQqVJMY9/1cYretE/Ah2c8tL8+UJfAWATSNg5AJd td1Ozyi4CMS+w3QO4+zYwI/eWmjhJUVL9i3p7kvEsmnunkhopbwAZVmE72DqTukgWeDm 1t5wAkdcnjDJn4AyObP9YcHIyoR1XAKGPfH6ZknKOLu/QEanZMGZcoHDyX23NzsU/6EO vPhA== X-Gm-Message-State: ABy/qLaKwEmRXFqOX3NttfCE4KOfvmhlfXGgbCwSyy0X5mSCc/w3/Gqg 1Cn/TqPbLUmlBLptj1SzKdk5AQ== X-Google-Smtp-Source: APBJJlFykT02LqXUa93W1GbtX03mmH4wnM+WBZCQPMpOogCVk8V79txVDiacGbOBFCn69qmRwc7L4A== X-Received: by 2002:a05:600c:281:b0:3fb:dff2:9f17 with SMTP id 1-20020a05600c028100b003fbdff29f17mr5373883wmk.15.1690995725356; Wed, 02 Aug 2023 10:02:05 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:05 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 2/6] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2* Date: Wed, 2 Aug 2023 18:01:53 +0100 Message-ID: <20230802170157.401491-3-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When HCR_EL2.E2H is enabled, TLB entries are formed using the EL2&0 translation regime, instead of the EL2 translation regime. The TLB VAE2* instructions invalidate the regime that corresponds to the current value of HCR_EL2.E2H. At the moment we only invalidate the EL2 translation regime. This causes problems with RMM, which issues TLBI VAE2IS instructions with HCR_EL2.E2H enabled. Update vae2_tlbmask() to take HCR_EL2.E2H into account. Add vae2_tlbbits() as well, since the top-byte-ignore configuration is different between the EL2&0 and EL2 regime. Signed-off-by: Jean-Philippe Brucker Reviewed-by: Peter Maydell --- target/arm/helper.c | 50 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 2959d27543..a4c2c1bde5 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4663,6 +4663,21 @@ static int vae1_tlbmask(CPUARMState *env) return mask; } +static int vae2_tlbmask(CPUARMState *env) +{ + uint64_t hcr = arm_hcr_el2_eff(env); + uint16_t mask; + + if (hcr & HCR_E2H) { + mask = ARMMMUIdxBit_E20_2 | + ARMMMUIdxBit_E20_2_PAN | + ARMMMUIdxBit_E20_0; + } else { + mask = ARMMMUIdxBit_E2; + } + return mask; +} + /* Return 56 if TBI is enabled, 64 otherwise. */ static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx, uint64_t addr) @@ -4689,6 +4704,25 @@ static int vae1_tlbbits(CPUARMState *env, uint64_t addr) return tlbbits_for_regime(env, mmu_idx, addr); } +static int vae2_tlbbits(CPUARMState *env, uint64_t addr) +{ + uint64_t hcr = arm_hcr_el2_eff(env); + ARMMMUIdx mmu_idx; + + /* + * Only the regime of the mmu_idx below is significant. + * Regime EL2&0 has two ranges with separate TBI configuration, while EL2 + * only has one. + */ + if (hcr & HCR_E2H) { + mmu_idx = ARMMMUIdx_E20_2; + } else { + mmu_idx = ARMMMUIdx_E2; + } + + return tlbbits_for_regime(env, mmu_idx, addr); +} + static void tlbi_aa64_vmalle1is_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -4781,10 +4815,11 @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri, * flush-last-level-only. */ CPUState *cs = env_cpu(env); - int mask = e2_tlbmask(env); + int mask = vae2_tlbmask(env); uint64_t pageaddr = sextract64(value << 12, 0, 56); + int bits = vae2_tlbbits(env, pageaddr); - tlb_flush_page_by_mmuidx(cs, pageaddr, mask); + tlb_flush_page_bits_by_mmuidx(cs, pageaddr, mask, bits); } static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -4838,11 +4873,11 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { CPUState *cs = env_cpu(env); + int mask = vae2_tlbmask(env); uint64_t pageaddr = sextract64(value << 12, 0, 56); - int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr); + int bits = vae2_tlbbits(env, pageaddr); - tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, - ARMMMUIdxBit_E2, bits); + tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits); } static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -5014,11 +5049,6 @@ static void tlbi_aa64_rvae1is_write(CPUARMState *env, do_rvae_write(env, value, vae1_tlbmask(env), true); } -static int vae2_tlbmask(CPUARMState *env) -{ - return ARMMMUIdxBit_E2; -} - static void tlbi_aa64_rvae2_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) From patchwork Wed Aug 2 17:01:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338575 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F3C20C04A6A for ; Wed, 2 Aug 2023 17:04:25 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEj-0000Re-Hg; Wed, 02 Aug 2023 13:02:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEh-0000Oj-Hj for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEe-0003UM-4o for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-3fbc59de009so645045e9.3 for ; Wed, 02 Aug 2023 10:02:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995726; x=1691600526; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FhowOvdNoqNAM56f9usHlhnKbRslUqskM9I47IE0+fw=; b=A6XrYYdJT40kyFInDwTzGIKYMSz2sne5NlGiuiRTu28xebGBL2X8BOAfV/LzZX+Utx uOOA+S/c6k85f6p26yaWjkKtlzHs1/Nk7AnZvR+bCiKpAeV4mFzZVkQzuQ3OuGp237uZ JQWnF5IjRbtsRIrFCiUAf/PjIonpiKJ2L+dfzsGDBn+kTSQHH3sbjzNzPJ/MMcTBNksL lfA7rO4bmQG6Hp8d5IC67IFgMWWlk+/zrVL15zglx4y0jeneTyj64qLLaUGt2k4o+vQ/ r3XSIYYp0YiVkzwlMZR67ImlRQSVNRvPm8gmKMKWUrd97dDSlwX+0xag2FQQFHZPrzuR pnEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995726; x=1691600526; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FhowOvdNoqNAM56f9usHlhnKbRslUqskM9I47IE0+fw=; b=Eol6ScWVjcjS+Fa+5qNvex4tGwpebfK1sUblImfyQIpFubGSkiwDm9OsUBpFar8myO L1mL5mZ5RFoMUkrLDIPbumAxAUAZ//pmV6lfLHm+dauBUl1/NWhG+t7J13KCtHQhtWqV EJ7ujDHOVybKJpy/W7QTkutAcWtoJCB7Ew4uuB0kGV7r72N7h0Vo1etmomEraG/V8/j1 oVA7ehohbdZFc0VAIWlcXoLh9dKlZG7HuRErk2D+p+xwZbYiKhqdHv90LXKfMwQl4n/F 1Ad32FfXfiApd/pvDZSGVFeJdWvGx0nEKamsJ8I2oi0zNOUl4FKfc11kGqdw6tHIOAqg 3Zzg== X-Gm-Message-State: ABy/qLYIAtS8C9WtiTk9Eefp6ULENFEF/WAGtPeBSZAPuuyOsKyaDlfB I99chz2QuFAZUDqjkSEFsaekwA== X-Google-Smtp-Source: APBJJlHk9NZNP8uuP5OpmDg4WbRlYG245VPVS+eNIuDLnDl/uWkCIl/jT/1P2cdTOPRYs0i2bG8vDA== X-Received: by 2002:a7b:cbc7:0:b0:3fb:abd0:2b52 with SMTP id n7-20020a7bcbc7000000b003fbabd02b52mr5200864wmi.13.1690995725911; Wed, 02 Aug 2023 10:02:05 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:05 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 3/6] target/arm: Skip granule protection checks for AT instructions Date: Wed, 2 Aug 2023 18:01:54 +0100 Message-ID: <20230802170157.401491-4-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::336; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org GPC checks are not performed on the output address for AT instructions, as stated by ARM DDI 0487J in D8.12.2: When populating PAR_EL1 with the result of an address translation instruction, granule protection checks are not performed on the final output address of a successful translation. Rename get_phys_addr_with_secure(), since it's only used to handle AT instructions. Signed-off-by: Jean-Philippe Brucker Reviewed-by: Peter Maydell --- target/arm/internals.h | 25 ++++++++++++++----------- target/arm/helper.c | 8 ++++++-- target/arm/ptw.c | 11 ++++++----- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 0f01bc32a8..fc90c364f7 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1190,12 +1190,11 @@ typedef struct GetPhysAddrResult { } GetPhysAddrResult; /** - * get_phys_addr_with_secure: get the physical address for a virtual address + * get_phys_addr: get the physical address for a virtual address * @env: CPUARMState * @address: virtual address to get physical address for * @access_type: 0 for read, 1 for write, 2 for execute * @mmu_idx: MMU index indicating required translation regime - * @is_secure: security state for the access * @result: set on translation success. * @fi: set to fault info if the translation fails * @@ -1212,26 +1211,30 @@ typedef struct GetPhysAddrResult { * * for PSMAv5 based systems we don't bother to return a full FSR format * value. */ -bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address, - MMUAccessType access_type, - ARMMMUIdx mmu_idx, bool is_secure, - GetPhysAddrResult *result, ARMMMUFaultInfo *fi) +bool get_phys_addr(CPUARMState *env, target_ulong address, + MMUAccessType access_type, ARMMMUIdx mmu_idx, + GetPhysAddrResult *result, ARMMMUFaultInfo *fi) __attribute__((nonnull)); /** - * get_phys_addr: get the physical address for a virtual address + * get_phys_addr_with_secure_nogpc: get the physical address for a virtual + * address * @env: CPUARMState * @address: virtual address to get physical address for * @access_type: 0 for read, 1 for write, 2 for execute * @mmu_idx: MMU index indicating required translation regime + * @is_secure: security state for the access * @result: set on translation success. * @fi: set to fault info if the translation fails * - * Similarly, but use the security regime of @mmu_idx. + * Similar to get_phys_addr, but use the given security regime and don't perform + * a Granule Protection Check on the resulting address. */ -bool get_phys_addr(CPUARMState *env, target_ulong address, - MMUAccessType access_type, ARMMMUIdx mmu_idx, - GetPhysAddrResult *result, ARMMMUFaultInfo *fi) +bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address, + MMUAccessType access_type, + ARMMMUIdx mmu_idx, bool is_secure, + GetPhysAddrResult *result, + ARMMMUFaultInfo *fi) __attribute__((nonnull)); bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address, diff --git a/target/arm/helper.c b/target/arm/helper.c index a4c2c1bde5..427de6bd2a 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3365,8 +3365,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, ARMMMUFaultInfo fi = {}; GetPhysAddrResult res = {}; - ret = get_phys_addr_with_secure(env, value, access_type, mmu_idx, - is_secure, &res, &fi); + /* + * I_MXTJT: Granule protection checks are not performed on the final address + * of a successful translation. + */ + ret = get_phys_addr_with_secure_nogpc(env, value, access_type, mmu_idx, + is_secure, &res, &fi); /* * ATS operations only do S1 or S1+S2 translations, so we never diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 063adbd84a..33179f3471 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3418,16 +3418,17 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw, return false; } -bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address, - MMUAccessType access_type, ARMMMUIdx mmu_idx, - bool is_secure, GetPhysAddrResult *result, - ARMMMUFaultInfo *fi) +bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address, + MMUAccessType access_type, + ARMMMUIdx mmu_idx, bool is_secure, + GetPhysAddrResult *result, + ARMMMUFaultInfo *fi) { S1Translate ptw = { .in_mmu_idx = mmu_idx, .in_space = arm_secure_to_space(is_secure), }; - return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi); + return get_phys_addr_nogpc(env, &ptw, address, access_type, result, fi); } bool get_phys_addr(CPUARMState *env, target_ulong address, From patchwork Wed Aug 2 17:01:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338569 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8EF4DC001DF for ; Wed, 2 Aug 2023 17:03:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEk-0000SS-BS; Wed, 02 Aug 2023 13:02:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEh-0000Os-Pw for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEe-0003Ue-5z for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-3fe24dd8898so717125e9.2 for ; Wed, 02 Aug 2023 10:02:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995726; x=1691600526; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xA8fBj98FjuofQKoymExQL2re0GZGratjLN/CLg4U2g=; b=CIUYtFK+LGslO5DhCEXYn3NGtj1MoQSRSRiUvghW+uxhuaz7AYNge+JOZH9GGS8qmQ js61+6b/qKHhq1bbBkGatV5MXO696kanXq9HjnoL51ERgJNYapkGzHnMDNKxQDdezTFD oTiolJQ2bbNFFBSRB3jY07dUK+/83OMZZ0k/2xWivEO03rjdyhINbR2IkJghN0ToaAMF E7H2M3WL0c0Tqcc4XIhkjZ9vdnoWZgHEBSJsN8PNaXatB9cxcIkCT7NanKJtTAPVVPti oP0CiHAIWL2tyYrCryfkTFI7JdibayCR4EZV7j+v5lKSpPZUw92U/xJlNHvAwDE3XBBR N8tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995726; x=1691600526; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xA8fBj98FjuofQKoymExQL2re0GZGratjLN/CLg4U2g=; b=TBLAPzwJea1xxREKNUWNLTuqFC1u43J7LVVATGcs68ki/jyxpD7FfVaqPx1jPsUAah zKTqe2bUsAOj/K2IxSKRNi63mID+p4scKsq+pn28OqeCKuHVZ+Qi5W+rY62NK+nkFTgj yRHkhoEzFjuHpySMd1qicbpIeckum5OKvCAjiFMTJVriy7iv7Xh0jTDru41oHBjEzN5s 9tNZ1n89q1lU6oQFg0RDaJ782lF10tmVHGCu11xOQAZexdc9gK7hy1gZ2EU69Oq+HD7Q aLvfGL7DV4y1lr22cCUIG1JSd+3WHHkaVT26aKFMSsOSgUYo37yiBkTF0wHUgovrJKOA SXfA== X-Gm-Message-State: ABy/qLa87F6YVBbOpaKE9yBulD2tUFmIT0v7C9s65pcrtRO/XI/z/ZBT 31qIM1us5VyXuaGz6h7+i1Z7VA== X-Google-Smtp-Source: APBJJlGwRMrfvJedv8cbHR74iXP+NwHpdPQZbEKAfEimIXpfRcb3m1jJvLnVMac66I21/2hm6+7wlw== X-Received: by 2002:a05:600c:3657:b0:3fe:1287:d2a0 with SMTP id y23-20020a05600c365700b003fe1287d2a0mr5037476wmq.21.1690995726652; Wed, 02 Aug 2023 10:02:06 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:06 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 4/6] target/arm: Pass security space rather than flag for AT instructions Date: Wed, 2 Aug 2023 18:01:55 +0100 Message-ID: <20230802170157.401491-5-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x330.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org At the moment we only handle Secure and Nonsecure security spaces for the AT instructions. Add support for Realm and Root. For AArch64, arm_security_space() gives the desired space. ARM DDI0487J says (R_NYXTL): If EL3 is implemented, then when an address translation instruction that applies to an Exception level lower than EL3 is executed, the Effective value of SCR_EL3.{NSE, NS} determines the target Security state that the instruction applies to. For AArch32, some instructions can access NonSecure space from Secure, so we still need to pass the state explicitly to do_ats_write(). Signed-off-by: Jean-Philippe Brucker Reviewed-by: Peter Maydell --- target/arm/internals.h | 18 +++++++++--------- target/arm/helper.c | 27 ++++++++++++--------------- target/arm/ptw.c | 12 ++++++------ 3 files changed, 27 insertions(+), 30 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index fc90c364f7..cf13bb94f5 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1217,24 +1217,24 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, __attribute__((nonnull)); /** - * get_phys_addr_with_secure_nogpc: get the physical address for a virtual - * address + * get_phys_addr_with_space_nogpc: get the physical address for a virtual + * address * @env: CPUARMState * @address: virtual address to get physical address for * @access_type: 0 for read, 1 for write, 2 for execute * @mmu_idx: MMU index indicating required translation regime - * @is_secure: security state for the access + * @space: security space for the access * @result: set on translation success. * @fi: set to fault info if the translation fails * - * Similar to get_phys_addr, but use the given security regime and don't perform + * Similar to get_phys_addr, but use the given security space and don't perform * a Granule Protection Check on the resulting address. */ -bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address, - MMUAccessType access_type, - ARMMMUIdx mmu_idx, bool is_secure, - GetPhysAddrResult *result, - ARMMMUFaultInfo *fi) +bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address, + MMUAccessType access_type, + ARMMMUIdx mmu_idx, ARMSecuritySpace space, + GetPhysAddrResult *result, + ARMMMUFaultInfo *fi) __attribute__((nonnull)); bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address, diff --git a/target/arm/helper.c b/target/arm/helper.c index 427de6bd2a..fbb03c364b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3357,7 +3357,7 @@ static int par_el1_shareability(GetPhysAddrResult *res) static uint64_t do_ats_write(CPUARMState *env, uint64_t value, MMUAccessType access_type, ARMMMUIdx mmu_idx, - bool is_secure) + ARMSecuritySpace ss) { bool ret; uint64_t par64; @@ -3369,8 +3369,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, * I_MXTJT: Granule protection checks are not performed on the final address * of a successful translation. */ - ret = get_phys_addr_with_secure_nogpc(env, value, access_type, mmu_idx, - is_secure, &res, &fi); + ret = get_phys_addr_with_space_nogpc(env, value, access_type, mmu_idx, ss, + &res, &fi); /* * ATS operations only do S1 or S1+S2 translations, so we never @@ -3535,7 +3535,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) uint64_t par64; ARMMMUIdx mmu_idx; int el = arm_current_el(env); - bool secure = arm_is_secure_below_el3(env); + ARMSecuritySpace ss = arm_security_space(env); switch (ri->opc2 & 6) { case 0: @@ -3543,10 +3543,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) switch (el) { case 3: mmu_idx = ARMMMUIdx_E3; - secure = true; break; case 2: - g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */ + g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */ /* fall through */ case 1: if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) { @@ -3564,10 +3563,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) switch (el) { case 3: mmu_idx = ARMMMUIdx_E10_0; - secure = true; break; case 2: - g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */ + g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */ mmu_idx = ARMMMUIdx_Stage1_E0; break; case 1: @@ -3580,18 +3578,18 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) case 4: /* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */ mmu_idx = ARMMMUIdx_E10_1; - secure = false; + ss = ARMSS_NonSecure; break; case 6: /* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */ mmu_idx = ARMMMUIdx_E10_0; - secure = false; + ss = ARMSS_NonSecure; break; default: g_assert_not_reached(); } - par64 = do_ats_write(env, value, access_type, mmu_idx, secure); + par64 = do_ats_write(env, value, access_type, mmu_idx, ss); A32_BANKED_CURRENT_REG_SET(env, par, par64); #else @@ -3608,7 +3606,8 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t par64; /* There is no SecureEL2 for AArch32. */ - par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false); + par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, + ARMSS_NonSecure); A32_BANKED_CURRENT_REG_SET(env, par, par64); #else @@ -3633,7 +3632,6 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, #ifdef CONFIG_TCG MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD; ARMMMUIdx mmu_idx; - int secure = arm_is_secure_below_el3(env); uint64_t hcr_el2 = arm_hcr_el2_eff(env); bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE); @@ -3653,7 +3651,6 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, break; case 6: /* AT S1E3R, AT S1E3W */ mmu_idx = ARMMMUIdx_E3; - secure = true; break; default: g_assert_not_reached(); @@ -3673,7 +3670,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, } env->cp15.par_el[1] = do_ats_write(env, value, access_type, - mmu_idx, secure); + mmu_idx, arm_security_space(env)); #else /* Handled by hardware accelerator. */ g_assert_not_reached(); diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 33179f3471..6c5ecd37cd 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3418,15 +3418,15 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw, return false; } -bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address, - MMUAccessType access_type, - ARMMMUIdx mmu_idx, bool is_secure, - GetPhysAddrResult *result, - ARMMMUFaultInfo *fi) +bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address, + MMUAccessType access_type, + ARMMMUIdx mmu_idx, ARMSecuritySpace space, + GetPhysAddrResult *result, + ARMMMUFaultInfo *fi) { S1Translate ptw = { .in_mmu_idx = mmu_idx, - .in_space = arm_secure_to_space(is_secure), + .in_space = space, }; return get_phys_addr_nogpc(env, &ptw, address, access_type, result, fi); } From patchwork Wed Aug 2 17:01:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338574 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 71C00C04E69 for ; Wed, 2 Aug 2023 17:04:16 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEj-0000Qg-29; Wed, 02 Aug 2023 13:02:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEh-0000Ov-Q0 for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEe-0003Um-LG for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:11 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-3178dd771ceso25250f8f.2 for ; Wed, 02 Aug 2023 10:02:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995727; x=1691600527; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EXteElOZ4aVLc5E6hGgaB+KaS5kQH078EqMK8VfCtIU=; b=osP7/V+tt9gOFpvVUYh4H9Bg3JMk2BUf60j/DfsZ+iYUbVGzSvwjbXNs1TYPMSs1kV 28ugNojazNQMRzwKXHmWRGivVvdjr72fiMdvfFrlGKn4HqrSPu/PJg32jnGxLLz61U/+ 4S18EDntuSF7wd5iWxnpe7uSjfHb1wLSD6wJCO/h76E8BNAq37PMNd47rB3CY7W4CaBh WGRo0FznS6GUyOFRD10l8IL009IJYZZ2BccI0wYi+dYo8q27DQwLys/5FYhLhBGbDRce 7bE4KEpDZVz5dttjF/0rOAyhaJdNc3mjaAW2oQfj5BpMOvHWm6GDbja4ZTVFNvlwiyT7 5SLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995727; x=1691600527; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EXteElOZ4aVLc5E6hGgaB+KaS5kQH078EqMK8VfCtIU=; b=e6PcYVnIv0Sqn+7rbJTeVnG78gkna42qcV1gpTPHfS1Ql7gWMrq9m0i9ua42hNEyvX ikjfEtA7xR+pPuON6+t9CzXAjBr23YDSOsudAYx0dXBbjubMPYcsJ9OcAiYWTlsmbT7l c1f1qFCoYvGt99utScgqQcFVb0ZiUVrXlW7Z67ttSccsiwwoikcxYMKjp9XQPk1TOv59 4Bk6ym3dzOcfiRAhVuVzTn3rQl163ZflFYXKPmzDwjUl5eJ4Ga5Nl+XSzfl6OoYgJyJS JPv3bL3eeRR/nYCr1f0kO2aaDv8qxwhqdfveDEbpGfZ9ilZG9DKeRbZGWlTghw29TnyP 5mBg== X-Gm-Message-State: ABy/qLaHCIWPo+e+efJ+t/XGn4RebkEUaN0T07jDkAw7f2h8KZDBLbWJ MaUIZ3/ubtdaLkwtr2ocfGDaww== X-Google-Smtp-Source: APBJJlF1z++d6YJlXe3kX3FVrF3W2xAK2s3IddLqIkuaE96rgRXd7vR6S2uO9OsIWliEnDsGVmWpDw== X-Received: by 2002:adf:f1d1:0:b0:313:ee2e:dae5 with SMTP id z17-20020adff1d1000000b00313ee2edae5mr5489652wro.21.1690995727243; Wed, 02 Aug 2023 10:02:07 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:06 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 5/6] target/arm/helper: Check SCR_EL3.{NSE, NS} encoding for AT instructions Date: Wed, 2 Aug 2023 18:01:56 +0100 Message-ID: <20230802170157.401491-6-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The AT instruction is UNDEFINED if the {NSE,NS} configuration is invalid. Add a function to check this on all AT instructions that apply to an EL lower than 3. Suggested-by: Peter Maydell Signed-off-by: Jean-Philippe Brucker Reviewed-by: Peter Maydell --- target/arm/helper.c | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index fbb03c364b..77dd80ad28 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3616,6 +3616,20 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri, #endif /* CONFIG_TCG */ } +static CPAccessResult at_e012_access(CPUARMState *env, const ARMCPRegInfo *ri, + bool isread) +{ + /* + * R_NYXTL: instruction is UNDEFINED if it applies to an Exception level + * lower than EL3 and the combination SCR_EL3.{NSE,NS} is reserved. + */ + if (cpu_isar_feature(aa64_rme, env_archcpu(env)) && + (env->cp15.scr_el3 & (SCR_NSE | SCR_NS)) == SCR_NSE) { + return CP_ACCESS_TRAP; + } + return CP_ACCESS_OK; +} + static CPAccessResult at_s1e2_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { @@ -3623,7 +3637,7 @@ static CPAccessResult at_s1e2_access(CPUARMState *env, const ARMCPRegInfo *ri, !(env->cp15.scr_el3 & (SCR_NS | SCR_EEL2))) { return CP_ACCESS_TRAP; } - return CP_ACCESS_OK; + return at_e012_access(env, ri, isread); } static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, @@ -5505,38 +5519,38 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E1R, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E1W, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E0R, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E0W, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4, .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S12E1W", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 5, .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S12E0R", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 6, .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S12E0W", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 7, .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, /* AT S1E2* are elsewhere as they UNDEF from EL3 if EL2 is not present */ { .name = "AT_S1E3R", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 0, @@ -8078,12 +8092,12 @@ static const ARMCPRegInfo ats1e1_reginfo[] = { .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 0, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E1RP, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, { .name = "AT_S1E1WP", .state = ARM_CP_STATE_AA64, .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1, .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .fgt = FGT_ATS1E1WP, - .writefn = ats_write64 }, + .accessfn = at_e012_access, .writefn = ats_write64 }, }; static const ARMCPRegInfo ats1cp_reginfo[] = { From patchwork Wed Aug 2 17:01:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13338571 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 520E5C04E69 for ; Wed, 2 Aug 2023 17:04:03 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qRFEk-0000SR-AR; Wed, 02 Aug 2023 13:02:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qRFEj-0000Qf-1N for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:13 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qRFEf-0003V6-30 for qemu-devel@nongnu.org; Wed, 02 Aug 2023 13:02:12 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-3fbc59de009so645215e9.3 for ; Wed, 02 Aug 2023 10:02:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690995728; x=1691600528; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WLjLyC8gD2fbH6jSf2NcFADaJFvM1nR5WGv252TlLAM=; b=fcT2NSQnqa5UWIRu65XaIsC3/04BInHoxpquOW/rauceV37IGp7JpeHXi4C+EvMwCO fy38Ocettnl5UTbflIKu38oafEbcJNMjxgKkz80GK08DQzQ6wvM1rL35UqgmSmSJCTAt dC67ocvJ0ZEJJMqJivqTxGXQ+dFDSBgzF1n2Es3MCEBKHNshniRdIuL79J520BEPXaIg W1pCO1gVRshHFv7NAGZeOr7PNtfW09tj9ShPQwfBPyqBzn5UN81l5KKM5syou6LYROgR ch6LINKb1XSs8WfVQ+t87jPZRooC3XxpcHUnN57AivKSYEgoVQ80Tidg4cWlHT7DRBeD EP3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690995728; x=1691600528; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WLjLyC8gD2fbH6jSf2NcFADaJFvM1nR5WGv252TlLAM=; b=jjjhf22baY68tEkJSeitCb4XK/lijfory89DPMbwPlCOhK0Bey5/QtSYxBTkCHKWEJ cggwWsqmHAqlAGXkRQ2bQqU0++U7tEj1JAjGcleKfMwZVBuPzWmHb+fAwJoyFZluPRsR rFXrVOd++JWbsk8A7j8UGLXvW/d4GceRKLx5fMtu5G/jAryoebiVk20aiNCFcByq5dyE B5hnRmBVQ145dOlX353h1oy8o2ThWg2gbjTH6bM4tJ2CPDuBJpaUI22ocZF740EQ3LM+ 1F1TEDV1W9juT2ifANmFOXSq3RZD7557oKvONpEO2yjZTNxPGsgLadIpGV6oZhj0ddGx 71Sg== X-Gm-Message-State: ABy/qLZkG/feUTsdf0GkNjFFKc5mPVWQNcEHSKbc+rPW1XHA9PMgSiGF InN2KBtMbcKui7LQPWT40A475w== X-Google-Smtp-Source: APBJJlGV+a0PpLBNbIdxPgG2WMuPdej3EWOnDRogvzoX5lglwabl8EBoEHAX4lFLa0V9yU+MWB4qxA== X-Received: by 2002:a7b:c5d9:0:b0:3f7:678c:74b0 with SMTP id n25-20020a7bc5d9000000b003f7678c74b0mr5514907wmk.12.1690995727720; Wed, 02 Aug 2023 10:02:07 -0700 (PDT) Received: from localhost.localdomain ([2.219.138.198]) by smtp.gmail.com with ESMTPSA id q7-20020a1cf307000000b003fa98908014sm2149081wmq.8.2023.08.02.10.02.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:02:07 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org Cc: richard.henderson@linaro.org, qemu-arm@nongnu.org, qemu-devel@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 6/6] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK Date: Wed, 2 Aug 2023 18:01:57 +0100 Message-ID: <20230802170157.401491-7-jean-philippe@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802170157.401491-1-jean-philippe@linaro.org> References: <20230802170157.401491-1-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When FEAT_RME is implemented, these bits override the value of CNT[VP]_CTL_EL0.IMASK in Realm and Root state. Move the IRQ state update into a new gt_update_irq() function and test those bits every time we recompute the IRQ state. Since we're removing the IRQ state from some trace events, add a new trace event for gt_update_irq(). Signed-off-by: Jean-Philippe Brucker --- target/arm/cpu.h | 3 +++ target/arm/helper.c | 54 ++++++++++++++++++++++++++++++++--------- target/arm/trace-events | 7 +++--- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index bcd65a63ca..bedc7ec6dc 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1743,6 +1743,9 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HSTR_TTEE (1 << 16) #define HSTR_TJDBX (1 << 17) +#define CNTHCTL_CNTVMASK (1 << 18) +#define CNTHCTL_CNTPMASK (1 << 19) + /* Return the current FPSCR value. */ uint32_t vfp_get_fpscr(CPUARMState *env); void vfp_set_fpscr(CPUARMState *env, uint32_t val); diff --git a/target/arm/helper.c b/target/arm/helper.c index 77dd80ad28..68e915ddda 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -2608,6 +2608,28 @@ static uint64_t gt_get_countervalue(CPUARMState *env) return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / gt_cntfrq_period_ns(cpu); } +static void gt_update_irq(ARMCPU *cpu, int timeridx) +{ + CPUARMState *env = &cpu->env; + uint64_t cnthctl = env->cp15.cnthctl_el2; + ARMSecuritySpace ss = arm_security_space(env); + /* ISTATUS && !IMASK */ + int irqstate = (env->cp15.c14_timer[timeridx].ctl & 6) == 4; + + /* + * If bit CNTHCTL_EL2.CNT[VP]MASK is set, it overrides IMASK. + * It is RES0 in Secure and NonSecure state. + */ + if ((ss == ARMSS_Root || ss == ARMSS_Realm) && + ((timeridx == GTIMER_VIRT && (cnthctl & CNTHCTL_CNTVMASK)) || + (timeridx == GTIMER_PHYS && (cnthctl & CNTHCTL_CNTPMASK)))) { + irqstate = 0; + } + + qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate); + trace_arm_gt_update_irq(timeridx, irqstate); +} + static void gt_recalc_timer(ARMCPU *cpu, int timeridx) { ARMGenericTimer *gt = &cpu->env.cp15.c14_timer[timeridx]; @@ -2623,13 +2645,9 @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx) /* Note that this must be unsigned 64 bit arithmetic: */ int istatus = count - offset >= gt->cval; uint64_t nexttick; - int irqstate; gt->ctl = deposit32(gt->ctl, 2, 1, istatus); - irqstate = (istatus && !(gt->ctl & 2)); - qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate); - if (istatus) { /* Next transition is when count rolls back over to zero */ nexttick = UINT64_MAX; @@ -2648,14 +2666,14 @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx) } else { timer_mod(cpu->gt_timer[timeridx], nexttick); } - trace_arm_gt_recalc(timeridx, irqstate, nexttick); + trace_arm_gt_recalc(timeridx, nexttick); } else { /* Timer disabled: ISTATUS and timer output always clear */ gt->ctl &= ~4; - qemu_set_irq(cpu->gt_timer_outputs[timeridx], 0); timer_del(cpu->gt_timer[timeridx]); trace_arm_gt_recalc_disabled(timeridx); } + gt_update_irq(cpu, timeridx); } static void gt_timer_reset(CPUARMState *env, const ARMCPRegInfo *ri, @@ -2759,10 +2777,8 @@ static void gt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri, * IMASK toggled: don't need to recalculate, * just set the interrupt line based on ISTATUS */ - int irqstate = (oldval & 4) && !(value & 2); - - trace_arm_gt_imask_toggle(timeridx, irqstate); - qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate); + trace_arm_gt_imask_toggle(timeridx); + gt_update_irq(cpu, timeridx); } } @@ -2888,6 +2904,21 @@ static void gt_virt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri, gt_ctl_write(env, ri, GTIMER_VIRT, value); } +static void gt_cnthctl_write(CPUARMState *env, const ARMCPRegInfo *ri, + uint64_t value) +{ + ARMCPU *cpu = env_archcpu(env); + uint32_t oldval = env->cp15.cnthctl_el2; + + raw_write(env, ri, value); + + if ((oldval ^ value) & CNTHCTL_CNTVMASK) { + gt_update_irq(cpu, GTIMER_VIRT); + } else if ((oldval ^ value) & CNTHCTL_CNTPMASK) { + gt_update_irq(cpu, GTIMER_PHYS); + } +} + static void gt_cntvoff_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -6200,7 +6231,8 @@ static const ARMCPRegInfo el2_cp_reginfo[] = { * reset values as IMPDEF. We choose to reset to 3 to comply with * both ARMv7 and ARMv8. */ - .access = PL2_RW, .resetvalue = 3, + .access = PL2_RW, .type = ARM_CP_IO, .resetvalue = 3, + .writefn = gt_cnthctl_write, .fieldoffset = offsetof(CPUARMState, cp15.cnthctl_el2) }, { .name = "CNTVOFF_EL2", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 4, .crn = 14, .crm = 0, .opc2 = 3, diff --git a/target/arm/trace-events b/target/arm/trace-events index 2a0ba7bffc..48cc0512db 100644 --- a/target/arm/trace-events +++ b/target/arm/trace-events @@ -1,13 +1,14 @@ # See docs/devel/tracing.rst for syntax documentation. # helper.c -arm_gt_recalc(int timer, int irqstate, uint64_t nexttick) "gt recalc: timer %d irqstate %d next tick 0x%" PRIx64 -arm_gt_recalc_disabled(int timer) "gt recalc: timer %d irqstate 0 timer disabled" +arm_gt_recalc(int timer, uint64_t nexttick) "gt recalc: timer %d next tick 0x%" PRIx64 +arm_gt_recalc_disabled(int timer) "gt recalc: timer %d timer disabled" arm_gt_cval_write(int timer, uint64_t value) "gt_cval_write: timer %d value 0x%" PRIx64 arm_gt_tval_write(int timer, uint64_t value) "gt_tval_write: timer %d value 0x%" PRIx64 arm_gt_ctl_write(int timer, uint64_t value) "gt_ctl_write: timer %d value 0x%" PRIx64 -arm_gt_imask_toggle(int timer, int irqstate) "gt_ctl_write: timer %d IMASK toggle, new irqstate %d" +arm_gt_imask_toggle(int timer) "gt_ctl_write: timer %d IMASK toggle" arm_gt_cntvoff_write(uint64_t value) "gt_cntvoff_write: value 0x%" PRIx64 +arm_gt_update_irq(int timer, int irqstate) "gt_update_irq: timer %d irqstate %d" # kvm.c kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64