From: Zenghui Yu <zenghui.yu@linux.dev>
To: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, richard.henderson@linaro.org,
Zenghui Yu <zenghui.yu@linux.dev>
Subject: [PATCH v2] target/arm: Don't skip access flag fault for AccessType_AT
Date: Wed, 25 Mar 2026 00:03:21 +0800 [thread overview]
Message-ID: <20260324160321.96347-1-zenghui.yu@linux.dev> (raw)
As per the pseudo code from DDI0487 M.a.a (on J1-16021) AArch64.S1Walk():
// Check descriptor AF bit
elsif (descriptor<10> == '0' && walkparams.ha == '0' &&
(!accdesc.acctype IN {AccessType_DC, AccessType_IC} ||
boolean IMPLEMENTATION_DEFINED "Generate access flag fault on IC/DC operations")) then
fault.statuscode = Fault_AccessFlag;
an access flag fault should be generated for AccessType_AT, if the AF bit
is 0 and !param.ha.
Besides, we should continue to not raise the access flag fault for
in_debug = true which is what we've been doing previously (before commit
efebeec13d07) for LPAE and is what intention of the debugger access
codepath is.
Fixes: efebeec13d07 ("target/arm: Skip AF and DB updates for AccessType_AT")
Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev>
---
* From v1 [1]:
- handles in_debug = true (Peter)
[1] https://lore.kernel.org/r/20260317122517.47627-1-zenghui.yu@linux.dev
target/arm/ptw.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8b8dc09e72..fa6db9e5a2 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2118,6 +2118,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
descaddr &= ~(hwaddr)(page_size - 1);
descaddr |= (address & (page_size - 1));
+ if (likely(!ptw->in_debug)) {
+ /* Check descriptor AF bit */
+ if (!(descriptor & (1 << 10)) && !param.ha) {
+ fi->type = ARMFault_AccessFlag;
+ goto do_fault;
+ }
+ }
+
/*
* For AccessType_AT, DB is not updated (AArch64.SetDirtyFlag),
* and it is IMPLEMENTATION DEFINED whether AF is updated
@@ -2127,15 +2135,9 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
/*
* Access flag.
* If HA is enabled, prepare to update the descriptor below.
- * Otherwise, pass the access fault on to software.
*/
- if (!(descriptor & (1 << 10))) {
- if (param.ha) {
- new_descriptor |= 1 << 10; /* AF */
- } else {
- fi->type = ARMFault_AccessFlag;
- goto do_fault;
- }
+ if (!(descriptor & (1 << 10)) && param.ha) {
+ new_descriptor |= 1 << 10; /* AF */
}
/*
--
2.53.0
next reply other threads:[~2026-03-24 16:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-24 16:03 Zenghui Yu [this message]
2026-03-27 16:56 ` [PATCH v2] target/arm: Don't skip access flag fault for AccessType_AT Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260324160321.96347-1-zenghui.yu@linux.dev \
--to=zenghui.yu@linux.dev \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox