[Qemu-devel] [PATCH 00/11] target-arm: clean up cpsr_write mode changing

[Peter Maydell <peter.maydell@linaro.org>]

This patchset cleans up our usage of cpsr_write() somewhat, and in
particular its handling of attempts to change the MODE bits.
Currently we use cpsr_write() for multiple purposes:
 * writes on inbound migration and sync with KVM, where we want
   a raw "just write these bits" and have to actively mess with
   uncached_cpsr before the write to avoid it doing a register bank
   switch
 * writes caused by guest instructions MSR and CPS
 * writes caused by guest 32-bit exception returns
 * a few other things like the gdb stub

However the required handling differs for these different cases;
in particular the set of conditions which are architecturally
defined to be an illegal mode switch is different for writes due
to MSR/CPS versus writes due to exception returns.
To fix this we add an extra argument to cpsr_write() which is an
enum indicating what kind of write is being performed.

This allows us to drop the irritating "manually write the mode
bits before the call" code in KVM/migration (and fix a bug where
we missed this out in 32-bit KVM!). We can also add the various
missing conditions:
 * changes to hyp mode
 * changes from hyp mode by MSR/CPS
 * changes to Mon from Secure EL1
 * changes from Mon to NS PL1 when HCR.TGE is set

Finally we can implement the v8 behaviour of setting PSTATE.IL
for illegal mode changes.

The series also fixes the behaviour of attempted illegal mode
changes from the gdb stub -- we ignore them, but don't set PSTATE.IL.
(Previously we had a slightly weird setup where we would permit
changes from User to the PL1 modes but not to Mon.) Not permitting
illegal changes from the debugger:
 * means we don't have to consider weird "transition is possible
   but only for the debugger" corner cases
 * matches the behaviour of a JTAG debugger doing external debug
   on real ARM hardware, where architecturally the illegal state
   transitions are enforced

PS: we don't currently implement the PSTATE.IL "any attempt to
execute an insn will UNDEF" behaviour, but it would not be hard
to add.

thanks
-- PMM


Peter Maydell (11):
  target-arm: Give CPSR setting on 32-bit exception return its own
    helper
  target-arm: Add write_type argument to cpsr_write()
  target-arm: Raw CPSR writes should skip checks and bank switching
  linux-user: Use restrictive mask when calling cpsr_write()
  target-arm: In cpsr_write() ignore mode switches from User mode
  target-arm: Add comment about not implementing NSACR.RFR
  target-arm: Add Hyp mode checks to bad_mode_switch()
  target-arm: Forbid mode switch to Mon from Secure EL1
  target-arm: In v8, make illegal AArch32 mode changes set PSTATE.IL
  target-arm: Make mode switches from Hyp via CPS and MRS illegal
  target-arm: Make Monitor->NS PL1 mode changes illegal if HCR.TGE is 1

 linux-user/arm/nwfpe/fpa11.h |  2 +-
 linux-user/main.c            |  7 +++---
 linux-user/signal.c          |  4 ++--
 target-arm/cpu.h             | 13 +++++++++--
 target-arm/gdbstub.c         |  2 +-
 target-arm/helper.c          | 54 ++++++++++++++++++++++++++++++++++++--------
 target-arm/helper.h          |  1 +
 target-arm/kvm32.c           |  2 +-
 target-arm/kvm64.c           |  3 +--
 target-arm/machine.c         |  4 +---
 target-arm/op_helper.c       | 15 +++++++++---
 target-arm/translate.c       |  6 ++---
 12 files changed, 83 insertions(+), 30 deletions(-)

-- 
1.9.1