[Qemu-devel] [PATCH 00/24] target-arm: implement some AArch64 system registers

[Qemu-devel] [PATCH 00/24] target-arm: implement some AArch64 system registers

[Peter Maydell]

This is a chunk of patches which make a start on the AArch64
system emulation. Specifically, most of them are providing
AArch64 system registers used by Linux as it boots. There
are also a few patches adding extra instruction support, like
the system mode store-exclusives and MSR-immediate.

This together with another half-dozen or so rather hackier
patches is sufficient to get an AArch64 mach-virt kernel
image to boot enough to send messages to the UART (before
it gets roadblocked by interrupts and exceptions being
totally broken).
[if you really like living on the bleeding edge you can find
the version with the extra hacks here:
  git://git.linaro.org/people/peter.maydell/qemu-arm.git a64-system
though it may well be broken at any given moment since it's
my working tree.]

If people would rather wait for a more complete and vaguely
functional system mode before starting review that's fine,
but I figured since these patches are all I think correct
and clean enough to commit I might as well send them out now.

A git branch with this patchset is:
  git://git.linaro.org/people/peter.maydell/qemu-arm.git a64-system-sysregs

thanks
-- PMM

Peter Maydell (24):
  target-arm/kvm-consts.h: Define QEMU constants for known KVM CPUs
  target-arm: Define names for SCTLR bits
  target-arm: Restrict check_ap() use of S and R bits to v6 and earlier
  target-arm: Log bad system register accesses with LOG_UNIMP
  target-arm: Add exception level to the AArch64 TB flags
  target-arm: A64: Implement store-exclusive for system mode
  target-arm: A64: Make cache ID registers visible to AArch64
  target-arm: A64: Implement MSR (immediate) instructions
  target-arm: Implement AArch64 CurrentEL sysreg
  target-arm: Implement AArch64 MIDR_EL1
  target-arm: Implement AArch64 DAIF system register
  target-arm: Implement AArch64 cache invalidate/clean ops
  target-arm: Implement AArch64 TLB invalidate ops
  target-arm: Implement AArch64 dummy MDSCR_EL1
  target-arm: Implement AArch64 memory attribute registers
  target-arm: Implement AArch64 SCTLR_EL1
  target-arm: Implement AArch64 TCR_EL1
  target-arm: Implement AArch64 VBAR_EL1
  target-arm: Implement AArch64 TTBR*
  target-arm: Implement AArch64 MPIDR
  target-arm: Implement AArch64 generic timers
  target-arm: Implement AArch64 ID and feature registers
  target-arm: Implement AArch64 dummy breakpoint and watchpoint
    registers
  target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI

 hw/arm/pxa2xx.c            |   2 +-
 target-arm/cpu-qom.h       |  10 +
 target-arm/cpu.c           |   4 +-
 target-arm/cpu.h           |  92 ++++++--
 target-arm/cpu64.c         |   1 +
 target-arm/helper.c        | 565 +++++++++++++++++++++++++++++++++++++--------
 target-arm/helper.h        |   2 +
 target-arm/kvm-consts.h    |  16 +-
 target-arm/op_helper.c     |  25 ++
 target-arm/translate-a64.c | 106 ++++++++-
 target-arm/translate.c     |  13 ++
 11 files changed, 713 insertions(+), 123 deletions(-)

-- 
1.8.5

[Qemu-devel] [PATCH 01/24] target-arm/kvm-consts.h: Define QEMU constants for known KVM CPUs

[Peter Maydell]

Extend the set of CPUs for which we provide a QEMU_KVM_ARM_TARGET_*
constant to include all the ones currently supported by the kernel
headers we are using.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/kvm-consts.h | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target-arm/kvm-consts.h b/target-arm/kvm-consts.h
index 0e7f889..c8dfdd6 100644
--- a/target-arm/kvm-consts.h
+++ b/target-arm/kvm-consts.h
@@ -50,15 +50,29 @@ MISMATCH_CHECK(PSCI_FN_CPU_OFF, KVM_PSCI_FN_CPU_OFF)
 MISMATCH_CHECK(PSCI_FN_CPU_ON, KVM_PSCI_FN_CPU_ON)
 MISMATCH_CHECK(PSCI_FN_MIGRATE, KVM_PSCI_FN_MIGRATE)
 
+/* Note that KVM uses overlapping values for AArch32 and AArch64
+ * target CPU numbers. AArch32 targets:
+ */
 #define QEMU_KVM_ARM_TARGET_CORTEX_A15 0
+#define QEMU_KVM_ARM_TARGET_CORTEX_A7 1
+
+/* AArch64 targets: */
+#define QEMU_KVM_ARM_TARGET_AEM_V8 0
+#define QEMU_KVM_ARM_TARGET_FOUNDATION_V8 1
+#define QEMU_KVM_ARM_TARGET_CORTEX_A57 2
 
 /* There's no kernel define for this: sentinel value which
  * matches no KVM target value for either 64 or 32 bit
  */
 #define QEMU_KVM_ARM_TARGET_NONE UINT_MAX
 
-#ifndef TARGET_AARCH64
+#ifdef TARGET_AARCH64
+MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_AEM_V8, KVM_ARM_TARGET_ARM_V8)
+MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_FOUNDATION_V8, KVM_ARM_TARGET_FOUNDATION_V8)
+MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_CORTEX_A57, KVM_ARM_TARGET_CORTEX_A57)
+#else
 MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_CORTEX_A15, KVM_ARM_TARGET_CORTEX_A15)
+MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_CORTEX_A7, KVM_ARM_TARGET_CORTEX_A7)
 #endif
 
 #define CP_REG_ARM64                   0x6000000000000000ULL
-- 
1.8.5

[Qemu-devel] [PATCH 02/24] target-arm: Define names for SCTLR bits

[Peter Maydell]

The SCTLR is full of bits for enabling or disabling various things, and so
there are many places in the code which check if certain bits are set.
Define some named constants for the SCTLR bits so these checks are easier
to read.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c    |  2 +-
 target-arm/cpu.h    | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 target-arm/helper.c | 16 ++++++++--------
 3 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 52efd5d..c1e55c8 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -128,7 +128,7 @@ static void arm_cpu_reset(CPUState *s)
         }
     }
 
-    if (env->cp15.c1_sys & (1 << 13)) {
+    if (env->cp15.c1_sys & SCTLR_V) {
             env->regs[15] = 0xFFFF0000;
     }
 
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 198b6b8..735f385 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -337,6 +337,58 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
                               int mmu_idx);
 #define cpu_handle_mmu_fault cpu_arm_handle_mmu_fault
 
+/* SCTLR bit meanings. Several bits have been reused in newer
+ * versions of the architecture; in that case we define constants
+ * for both old and new bit meanings. Code which tests against those
+ * bits should probably check or otherwise arrange that the CPU
+ * is the architectural version it expects.
+ */
+#define SCTLR_M       (1U << 0)
+#define SCTLR_A       (1U << 1)
+#define SCTLR_C       (1U << 2)
+#define SCTLR_W       (1U << 3) /* up to v6; RAO in v7 */
+#define SCTLR_SA      (1U << 3)
+#define SCTLR_P       (1U << 4) /* up to v5; RAO in v6 and v7 */
+#define SCTLR_SA0     (1U << 4) /* v8 onward, AArch64 only */
+#define SCTLR_D       (1U << 5) /* up to v5; RAO in v6 */
+#define SCTLR_CP15BEN (1U << 5) /* v7 onward */
+#define SCTLR_L       (1U << 6) /* up to v5; RAO in v6 and v7; RAZ in v8 */
+#define SCTLR_B       (1U << 7) /* up to v6; RAZ in v7 */
+#define SCTLR_ITD     (1U << 7) /* v8 onward */
+#define SCTLR_S       (1U << 8) /* up to v6; RAZ in v7 */
+#define SCTLR_SED     (1U << 8) /* v8 onward */
+#define SCTLR_R       (1U << 9) /* up to v6; RAZ in v7 */
+#define SCTLR_UMA     (1U << 9) /* v8 onward, AArch64 only */
+#define SCTLR_F       (1U << 10) /* up to v6 */
+#define SCTLR_SW      (1U << 10) /* v7 onward */
+#define SCTLR_Z       (1U << 11)
+#define SCTLR_I       (1U << 12)
+#define SCTLR_V       (1U << 13)
+#define SCTLR_RR      (1U << 14) /* up to v7 */
+#define SCTLR_DZE     (1U << 14) /* v8 onward, AArch64 only */
+#define SCTLR_L4      (1U << 15) /* up to v6; RAZ in v7 */
+#define SCTLR_UCT     (1U << 15) /* v8 onward, AArch64 only */
+#define SCTLR_DT      (1U << 16) /* up to ??, RAO in v6 and v7 */
+#define SCTLR_nTWI    (1U << 16) /* v8 onward */
+#define SCTLR_HA      (1U << 17)
+#define SCTLR_IT      (1U << 18) /* up to ??, RAO in v6 and v7 */
+#define SCTLR_nTWE    (1U << 18) /* v8 onward */
+#define SCTLR_WXN     (1U << 19)
+#define SCTLR_ST      (1U << 20) /* up to ??, RAZ in v6 */
+#define SCTLR_UWXN    (1U << 20) /* v7 onward */
+#define SCTLR_FI      (1U << 21)
+#define SCTLR_U       (1U << 22)
+#define SCTLR_XP      (1U << 23) /* up to v6; v7 onward RAO */
+#define SCTLR_VE      (1U << 24) /* up to v7 */
+#define SCTLR_E0E     (1U << 24) /* v8 onward, AArch64 only */
+#define SCTLR_EE      (1U << 25)
+#define SCTLR_L2      (1U << 26) /* up to v6, RAZ in v7 */
+#define SCTLR_UCI     (1U << 26) /* v8 onward, AArch64 only */
+#define SCTLR_NMFI    (1U << 27)
+#define SCTLR_TRE     (1U << 28)
+#define SCTLR_AFE     (1U << 29)
+#define SCTLR_TE      (1U << 30)
+
 #define CPSR_M (0x1fU)
 #define CPSR_T (1U << 5)
 #define CPSR_F (1U << 6)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index c708f15..792953e 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2716,7 +2716,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
         return; /* Never happens.  Keep compiler happy.  */
     }
     /* High vectors.  */
-    if (env->cp15.c1_sys & (1 << 13)) {
+    if (env->cp15.c1_sys & SCTLR_V) {
         /* when enabled, base address cannot be remapped.  */
         addr += 0xffff0000;
     } else {
@@ -2739,7 +2739,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
     /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
      * and we should just guard the thumb mode on V4 */
     if (arm_feature(env, ARM_FEATURE_V4T)) {
-        env->thumb = (env->cp15.c1_sys & (1 << 30)) != 0;
+        env->thumb = (env->cp15.c1_sys & SCTLR_TE) != 0;
     }
     env->regs[14] = env->regs[15] + offset;
     env->regs[15] = addr;
@@ -2767,10 +2767,10 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
   case 0:
       if (access_type == 1)
           return 0;
-      switch ((env->cp15.c1_sys >> 8) & 3) {
-      case 1:
+      switch (env->cp15.c1_sys & (SCTLR_S | SCTLR_R)) {
+      case SCTLR_S:
           return is_user ? 0 : PAGE_READ;
-      case 2:
+      case SCTLR_R:
           return PAGE_READ;
       default:
           return 0;
@@ -2999,7 +2999,7 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
             goto do_fault;
 
         /* The simplified model uses AP[0] as an access control bit.  */
-        if ((env->cp15.c1_sys & (1 << 29)) && (ap & 1) == 0) {
+        if ((env->cp15.c1_sys & SCTLR_AFE) && (ap & 1) == 0) {
             /* Access flag fault.  */
             code = (code == 15) ? 6 : 3;
             goto do_fault;
@@ -3290,7 +3290,7 @@ static inline int get_phys_addr(CPUARMState *env, uint32_t address,
     if (address < 0x02000000)
         address += env->cp15.c13_fcse;
 
-    if ((env->cp15.c1_sys & 1) == 0) {
+    if ((env->cp15.c1_sys & SCTLR_M) == 0) {
         /* MMU/MPU disabled.  */
         *phys_ptr = address;
         *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -3303,7 +3303,7 @@ static inline int get_phys_addr(CPUARMState *env, uint32_t address,
     } else if (extended_addresses_enabled(env)) {
         return get_phys_addr_lpae(env, address, access_type, is_user, phys_ptr,
                                   prot, page_size);
-    } else if (env->cp15.c1_sys & (1 << 23)) {
+    } else if (env->cp15.c1_sys & SCTLR_XP) {
         return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
                                 prot, page_size);
     } else {
-- 
1.8.5

[Qemu-devel] [PATCH 03/24] target-arm: Restrict check_ap() use of S and R bits to v6 and earlier

[Peter Maydell]

The SCTLR bits S and R (8 and 9) only exist in ARMv6 and earlier.
In ARMv7 these bits RAZ, and in ARMv8 they are reassigned. Guard
the use of them in check_ap() so that we don't get incorrect results
for ARMv8 CPUs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 792953e..205e36a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2765,6 +2765,9 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
 
   switch (ap) {
   case 0:
+      if (arm_feature(env, ARM_FEATURE_V7)) {
+          return 0;
+      }
       if (access_type == 1)
           return 0;
       switch (env->cp15.c1_sys & (SCTLR_S | SCTLR_R)) {
-- 
1.8.5

[Qemu-devel] [PATCH 04/24] target-arm: Log bad system register accesses with LOG_UNIMP

[Peter Maydell]

Log guest attempts to access unimplemented system registers via
the LOG_UNIMP reporting mechanism (for both the 32 bit and 64 bit
instruction sets). This is particularly useful for debugging
problems where the guest is trying to use a system register that
QEMU doesn't implement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/translate-a64.c |  7 ++++++-
 target-arm/translate.c     | 13 +++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a808a88..e0f6765 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1121,7 +1121,12 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
                                                crn, crm, op0, op1, op2));
 
     if (!ri) {
-        /* Unknown register */
+        /* Unknown register; this might be a guest error or a QEMU
+         * unimplemented feature.
+         */
+        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch64 "
+                      "system register op0:%d op1:%d crn:%d crm:%d op2:%d\n",
+                      isread ? "read" : "write", op0, op1, crn, crm, op2);
         unallocated_encoding(s);
         return;
     }
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 8d240e1..59a206d 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -6672,6 +6672,19 @@ static int disas_coproc_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
         return 0;
     }
 
+    /* Unknown register; this might be a guest error or a QEMU
+     * unimplemented feature.
+     */
+    if (is64) {
+        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
+                      "64 bit system register cp:%d opc1: %d crm:%d\n",
+                      isread ? "read" : "write", cpnum, opc1, crm);
+    } else {
+        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
+                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d\n",
+                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2);
+    }
+
     return 1;
 }
 
-- 
1.8.5

[Qemu-devel] [PATCH 05/24] target-arm: Add exception level to the AArch64 TB flags

[Peter Maydell]

We already implicitly rely on the exception level being
part of the TB flags for coprocessor access, so actually
include it. (This makes no difference for linux-user mode,
which is always in EL0, but will be needed for correct
operation in system emulation.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 735f385..1aa4495 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1051,7 +1051,9 @@ static inline int cpu_mmu_index (CPUARMState *env)
 #define ARM_TBFLAG_BSWAP_CODE_SHIFT 16
 #define ARM_TBFLAG_BSWAP_CODE_MASK  (1 << ARM_TBFLAG_BSWAP_CODE_SHIFT)
 
-/* Bit usage when in AArch64 state: currently no bits defined */
+/* Bit usage when in AArch64 state */
+#define ARM_TBFLAG_AA64_EL_SHIFT    0
+#define ARM_TBFLAG_AA64_EL_MASK     (0x3 << ARM_TBFLAG_AA64_EL_SHIFT)
 
 /* some convenience accessor macros */
 #define ARM_TBFLAG_AARCH64_STATE(F) \
@@ -1070,13 +1072,16 @@ static inline int cpu_mmu_index (CPUARMState *env)
     (((F) & ARM_TBFLAG_CONDEXEC_MASK) >> ARM_TBFLAG_CONDEXEC_SHIFT)
 #define ARM_TBFLAG_BSWAP_CODE(F) \
     (((F) & ARM_TBFLAG_BSWAP_CODE_MASK) >> ARM_TBFLAG_BSWAP_CODE_SHIFT)
+#define ARM_TBFLAG_AA64_EL(F) \
+    (((F) & ARM_TBFLAG_AA64_EL_MASK) >> ARM_TBFLAG_AA64_EL_SHIFT)
 
 static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                                         target_ulong *cs_base, int *flags)
 {
     if (is_a64(env)) {
         *pc = env->pc;
-        *flags = ARM_TBFLAG_AARCH64_STATE_MASK;
+        *flags = ARM_TBFLAG_AARCH64_STATE_MASK
+            | arm_current_pl(env) << ARM_TBFLAG_AA64_EL_SHIFT;
     } else {
         int privmode;
         *pc = env->regs[15];
-- 
1.8.5

[Qemu-devel] [PATCH 06/24] target-arm: A64: Implement store-exclusive for system mode

[Peter Maydell]

System mode store-exclusive use a different code path to usermode ones;
implement this missing code, in a similar way to the 32 bit version.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/translate-a64.c | 68 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 62 insertions(+), 6 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e0f6765..5aa1f17 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1422,12 +1422,68 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
 }
 #else
 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
-                                TCGv_i64 addr, int size, int is_pair)
-{
-    qemu_log_mask(LOG_UNIMP,
-                  "%s:%d: system mode store_exclusive unsupported "
-                  "at pc=%016" PRIx64 "\n",
-                  __FILE__, __LINE__, s->pc - 4);
+                                TCGv_i64 inaddr, int size, int is_pair)
+{
+    /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]
+     *     && (!is_pair || env->exclusive_high == [addr + datasize])) {
+     *     [addr] = {Rt};
+     *     if (is_pair) {
+     *         [addr + datasize] = {Rt2};
+     *     }
+     *     {Rd} = 0;
+     * } else {
+     *     {Rd} = 1;
+     * }
+     * env->exclusive_addr = -1;
+     */
+    int fail_label = gen_new_label();
+    int done_label = gen_new_label();
+    TCGv_i64 addr = tcg_temp_local_new_i64();
+    TCGv_i64 tmp;
+
+    /* Copy input into a local temp so it is not trashed when the
+     * basic block ends at the branch insn.
+     */
+    tcg_gen_mov_i64(addr, inaddr);
+    tcg_gen_brcond_i64(TCG_COND_NE, addr, cpu_exclusive_addr, fail_label);
+
+    tmp = tcg_temp_new_i64();
+    tcg_gen_qemu_ld_i64(tmp, addr, get_mem_index(s), MO_TE + size);
+    tcg_gen_brcond_i64(TCG_COND_NE, tmp, cpu_exclusive_val, fail_label);
+    tcg_temp_free_i64(tmp);
+
+    if (is_pair) {
+        TCGv_i64 addrhi = tcg_temp_new_i64();
+        TCGv_i64 tmphi = tcg_temp_new_i64();
+
+        tcg_gen_addi_i64(addrhi, addr, 1 << size);
+        tcg_gen_qemu_ld_i64(tmphi, addrhi, get_mem_index(s), MO_TE + size);
+        tcg_gen_brcond_i64(TCG_COND_NE, tmp, cpu_exclusive_high, fail_label);
+
+        tcg_temp_free_i64(tmphi);
+        tcg_temp_free_i64(addrhi);
+    }
+
+    /* We seem to still have the exclusive monitor, so do the store */
+    tcg_gen_qemu_st_i64(cpu_reg(s, rt), addr, get_mem_index(s), MO_TE + size);
+    if (is_pair) {
+        TCGv_i64 addrhi = tcg_temp_new_i64();
+
+        tcg_gen_addi_i64(addrhi, addr, 1 << size);
+        tcg_gen_qemu_st_i64(cpu_reg(s, rt2), addrhi,
+                            get_mem_index(s), MO_TE + size);
+        tcg_temp_free_i64(addrhi);
+    }
+
+    tcg_temp_free_i64(addr);
+
+    tcg_gen_movi_i64(cpu_reg(s, rd), 0);
+    tcg_gen_br(done_label);
+    gen_set_label(fail_label);
+    tcg_gen_movi_i64(cpu_reg(s, rd), 1);
+    gen_set_label(done_label);
+    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
+
 }
 #endif
 
-- 
1.8.5

[Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Maydell]

Make the cache ID system registers (CLIDR, CCSELR, CCSIDR, CTR)
visible to AArch64. These are mostly simple 64-bit extensions of the
existing 32 bit system registers and so can share reginfo definitions.
CTR needs to have a split definition, but we can clean up the
temporary user-mode implementation in favour of using the CPU-specified
reset value, and implement the system-mode-required semantics of
restricting its EL0 accessibility if SCTLR.UCT is not set.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c    |  2 ++
 target-arm/cpu.h    |  2 +-
 target-arm/cpu64.c  |  1 +
 target-arm/helper.c | 33 +++++++++++++++++++++++----------
 4 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index c1e55c8..1e08802 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -91,6 +91,8 @@ static void arm_cpu_reset(CPUState *s)
         env->aarch64 = 1;
 #if defined(CONFIG_USER_ONLY)
         env->pstate = PSTATE_MODE_EL0t;
+        /* Userspace expects access to CTL_EL0 */
+        env->cp15.c1_sys |= SCTLR_UCT;
 #else
         env->pstate = PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F
             | PSTATE_MODE_EL1h;
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1aa4495..1966a19 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -166,7 +166,7 @@ typedef struct CPUARMState {
     /* System control coprocessor (cp15) */
     struct {
         uint32_t c0_cpuid;
-        uint32_t c0_cssel; /* Cache size selection.  */
+        uint64_t c0_cssel; /* Cache size selection.  */
         uint32_t c1_sys; /* System control register.  */
         uint32_t c1_coproc; /* Coprocessor access register.  */
         uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index a639c2e..8426bf1 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -45,6 +45,7 @@ static void aarch64_any_initfn(Object *obj)
     set_feature(&cpu->env, ARM_FEATURE_ARM_DIV);
     set_feature(&cpu->env, ARM_FEATURE_V7MP);
     set_feature(&cpu->env, ARM_FEATURE_AARCH64);
+    cpu->ctr = 0x80030003; /* 32 byte I and D cacheline size, VIPT icache */
 }
 #endif
 
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 205e36a..204d7c3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -676,9 +676,11 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
     { .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
       .resetvalue = 0, },
-    { .name = "CCSIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
+    { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
       .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
-    { .name = "CSSELR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
+    { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
       .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
       .writefn = csselr_write, .resetvalue = 0 },
     /* Auxiliary ID register: this actually has an IMPDEF value but for now
@@ -1601,13 +1603,6 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "FPSR", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
       .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
-    /* This claims a 32 byte cacheline size for icache and dcache, VIPT icache.
-     * It will eventually need to have a CPU-specified reset value.
-     */
-    { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
-      .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
-      .access = PL0_R, .type = ARM_CP_CONST,
-      .resetvalue = 0x80030003 },
     /* Prohibit use of DC ZVA. OPTME: implement DC ZVA and allow its use.
      * For system mode the DZP bit here will need to be computed, not constant.
      */
@@ -1627,6 +1622,20 @@ static int sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
     return 0;
 }
 
+static int ctr_el0_read(CPUARMState *env, const ARMCPRegInfo *ri,
+                        uint64_t *value)
+{
+    /* This register is constant, but only accessible in AArch64 EL0 if
+     * SCTLR.UCT is set.
+     */
+    ARMCPU *cpu = arm_env_get_cpu(env);
+    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCT)) {
+        return EXCP_UDEF;
+    }
+    *value = cpu->ctr;
+    return 0;
+}
+
 void register_cp_regs_for_features(ARMCPU *cpu)
 {
     /* Register all the coprocessor registers based on feature bits */
@@ -1711,7 +1720,8 @@ void register_cp_regs_for_features(ARMCPU *cpu)
             .raw_readfn = raw_read, .raw_writefn = raw_write,
         };
         ARMCPRegInfo clidr = {
-            .name = "CLIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
+            .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
+            .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
             .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->clidr
         };
         define_one_arm_cp_reg(cpu, &pmcr);
@@ -1790,6 +1800,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
             { .name = "CTR",
               .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
               .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
+            { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
+              .access = PL0_R, .readfn = ctr_el0_read },
             { .name = "TCMTR",
               .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
               .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
-- 
1.8.5

[Qemu-devel] [PATCH 08/24] target-arm: A64: Implement MSR (immediate) instructions

[Peter Maydell]

Implement the MSR (immediate) instructions, which can update the
PSTATE SP and DAIF fields.
---
 target-arm/cpu.h           |  1 +
 target-arm/helper.h        |  2 ++
 target-arm/op_helper.c     | 25 +++++++++++++++++++++++++
 target-arm/translate-a64.c | 24 +++++++++++++++++++++++-
 4 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1966a19..1dce28b 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -431,6 +431,7 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
 #define PSTATE_Z (1U << 30)
 #define PSTATE_N (1U << 31)
 #define PSTATE_NZCV (PSTATE_N | PSTATE_Z | PSTATE_C | PSTATE_V)
+#define PSTATE_DAIF (PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F)
 #define CACHED_PSTATE_BITS (PSTATE_NZCV)
 /* Mode values for AArch64 */
 #define PSTATE_MODE_EL3h 13
diff --git a/target-arm/helper.h b/target-arm/helper.h
index 70872df..638c91a 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -62,6 +62,8 @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr)
 DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
 DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
 
+DEF_HELPER_3(msr_i_pstate, void, env, i32, i32)
+
 DEF_HELPER_2(get_r13_banked, i32, env, i32)
 DEF_HELPER_3(set_r13_banked, void, env, i32, i32)
 
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index a918e5b..c812a9f 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -313,6 +313,31 @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
     return value;
 }
 
+void HELPER(msr_i_pstate)(CPUARMState *env, uint32_t op, uint32_t imm)
+{
+    /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set.
+     * Note that SPSel is never OK from EL0; we rely on handle_msr_i()
+     * to catch that case at translate time.
+     */
+    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
+        raise_exception(env, EXCP_UDEF);
+    }
+
+    switch (op) {
+    case 0x05: /* SPSel */
+        env->pstate = deposit32(env->pstate, 0, 1, imm);
+        break;
+    case 0x1e: /* DAIFSet */
+        env->pstate |= (imm << 6) & PSTATE_DAIF;
+        break;
+    case 0x1f: /* DAIFClear */
+        env->pstate &= ~((imm << 6) & PSTATE_DAIF);
+        break;
+    default:
+        g_assert_not_reached();
+    }
+}
+
 /* ??? Flag setting arithmetic is awkward because we need to do comparisons.
    The only way to do that in TCG is a conditional branch, which clobbers
    all our temporaries.  For now implement these as helper functions.  */
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 5aa1f17..802d733 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1055,7 +1055,29 @@ static void handle_sync(DisasContext *s, uint32_t insn,
 static void handle_msr_i(DisasContext *s, uint32_t insn,
                          unsigned int op1, unsigned int op2, unsigned int crm)
 {
-    unsupported_encoding(s, insn);
+    int op = op1 << 3 | op2;
+    switch (op) {
+    case 0x05: /* SPSel */
+        if (s->current_pl == 0) {
+            unallocated_encoding(s);
+            return;
+        }
+        /* fall through */
+    case 0x1e: /* DAIFSet */
+    case 0x1f: /* DAIFClear */
+    {
+        TCGv_i32 tcg_imm = tcg_const_i32(crm);
+        TCGv_i32 tcg_op = tcg_const_i32(op);
+        gen_helper_msr_i_pstate(cpu_env, tcg_op, tcg_imm);
+        tcg_temp_free_i32(tcg_imm);
+        tcg_temp_free_i32(tcg_op);
+        s->is_jmp = DISAS_UPDATE;
+        break;
+    }
+    default:
+        unallocated_encoding(s);
+        return;
+    }
 }
 
 static void gen_get_nzcv(TCGv_i64 tcg_rt)
-- 
1.8.5

[Qemu-devel] [PATCH 09/24] target-arm: Implement AArch64 CurrentEL sysreg

[Peter Maydell]

Implement the CurrentEL sysreg.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h           | 3 ++-
 target-arm/helper.c        | 3 +++
 target-arm/translate-a64.c | 7 +++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1dce28b..2e04a6d 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -735,7 +735,8 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_NOP (ARM_CP_SPECIAL | (1 << 8))
 #define ARM_CP_WFI (ARM_CP_SPECIAL | (2 << 8))
 #define ARM_CP_NZCV (ARM_CP_SPECIAL | (3 << 8))
-#define ARM_LAST_SPECIAL ARM_CP_NZCV
+#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4 << 8))
+#define ARM_LAST_SPECIAL ARM_CP_CURRENTEL
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL 0xffff
 /* Mask of only the flag bits in a type field */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 204d7c3..9a15b48 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1610,6 +1610,9 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
       .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
       .access = PL0_R, .type = ARM_CP_CONST,
       .resetvalue = 0x10 },
+    { .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .opc2 = 2, .crn = 4, .crm = 2,
+      .access = PL1_R, .type = ARM_CP_CURRENTEL },
     REGINFO_SENTINEL
 };
 
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 802d733..ae4da25 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1171,6 +1171,13 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
             gen_set_nzcv(tcg_rt);
         }
         return;
+    case ARM_CP_CURRENTEL:
+        /* Reads as current EL value from pstate, which is
+         * guaranteed to be constant by the tb flags.
+         */
+        tcg_rt = cpu_reg(s, rt);
+        tcg_gen_movi_i64(tcg_rt, s->current_pl << 2);
+        return;
     default:
         break;
     }
-- 
1.8.5

[Qemu-devel] [PATCH 10/24] target-arm: Implement AArch64 MIDR_EL1

[Peter Maydell]

Implement the AArch64 view of the MIDR system register
(for AArch64 it is a simple constant, unlike the complicated
mess that TI925 imposes on the 32-bit view).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 9a15b48..51b71a4 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1800,6 +1800,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .writefn = arm_cp_write_ignore, .raw_writefn = raw_write,
               .fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid),
               .type = ARM_CP_OVERRIDE },
+            { .name = "MIDR_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .opc2 = 0, .crn = 0, .crm = 0,
+              .access = PL1_R, .resetvalue = cpu->midr, .type = ARM_CP_CONST },
             { .name = "CTR",
               .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
               .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
-- 
1.8.5

[Qemu-devel] [PATCH 11/24] target-arm: Implement AArch64 DAIF system register

[Peter Maydell]

Implement the DAIF system register which is a view of the
DAIF bits in PSTATE.

TODO: include support for the MSR_i encodings?

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 51b71a4..f23b500 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1590,6 +1590,27 @@ static int aa64_fpsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int aa64_daif_read(CPUARMState *env, const ARMCPRegInfo *ri,
+                          uint64_t *value)
+{
+    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
+        return EXCP_UDEF;
+    }
+    *value = pstate_read(env) & PSTATE_DAIF;
+    return 0;
+}
+
+static int aa64_daif_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                           uint64_t value)
+{
+    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
+        return EXCP_UDEF;
+    }
+    env->pstate &= ~PSTATE_DAIF;
+    env->pstate |= (value & PSTATE_DAIF);
+    return 0;
+}
+
 static const ARMCPRegInfo v8_cp_reginfo[] = {
     /* Minimal set of EL0-visible registers. This will need to be expanded
      * significantly for system emulation of AArch64 CPUs.
@@ -1597,6 +1618,10 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "NZCV", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 2,
       .access = PL0_RW, .type = ARM_CP_NZCV },
+    { .name = "DAIF", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 2,
+      .access = PL0_RW, .type = ARM_CP_NO_MIGRATE,
+      .readfn = aa64_daif_read, .writefn = aa64_daif_write },
     { .name = "FPCR", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
       .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
-- 
1.8.5

[Qemu-devel] [PATCH 12/24] target-arm: Implement AArch64 cache invalidate/clean ops

[Peter Maydell]

Implement all the AArch64 cache invalidate and clean ops
(which are all NOPs since QEMU doesn't emulate the cache).
The only remaining unimplemented cache op is DC ZVA.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index f23b500..d6b69dc 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1611,6 +1611,18 @@ static int aa64_daif_write(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int aa64_cacheop_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                              uint64_t value)
+{
+    /* Cache invalidate/clean: NOP, but EL0 must UNDEF unless
+     * SCTLR_EL1.UCI is set.
+     */
+    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCI)) {
+        return EXCP_UDEF;
+    }
+    return 0;
+}
+
 static const ARMCPRegInfo v8_cp_reginfo[] = {
     /* Minimal set of EL0-visible registers. This will need to be expanded
      * significantly for system emulation of AArch64 CPUs.
@@ -1638,6 +1650,41 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 0, .opc2 = 2, .crn = 4, .crm = 2,
       .access = PL1_R, .type = ARM_CP_CURRENTEL },
+    /* Cache ops: all NOPs since we don't emulate caches */
+    { .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
+      .access = PL1_W, .type = ARM_CP_NOP },
+    { .name = "IC_IALLU", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
+      .access = PL1_W, .type = ARM_CP_NOP },
+    { .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
+      .access = PL0_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = aa64_cacheop_write },
+    { .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
+      .access = PL1_W, .type = ARM_CP_NOP },
+    { .name = "DC_ISW", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 2,
+      .access = PL1_W, .type = ARM_CP_NOP },
+    { .name = "DC_CVAC", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 1,
+      .access = PL0_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = aa64_cacheop_write },
+    { .name = "DC_CSW", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
+      .access = PL1_W, .type = ARM_CP_NOP },
+    { .name = "DC_CVAU", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 11, .opc2 = 1,
+      .access = PL0_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = aa64_cacheop_write },
+    { .name = "DC_CIVAC", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 1,
+      .access = PL0_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = aa64_cacheop_write },
+    { .name = "DC_CISW", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
+      .access = PL1_W, .type = ARM_CP_NOP },
     REGINFO_SENTINEL
 };
 
-- 
1.8.5

[Qemu-devel] [PATCH 13/24] target-arm: Implement AArch64 TLB invalidate ops

[Peter Maydell]

Implement the AArch64 TLB invalidate operations. This is
the full set of TLBI ops defined for a CPU which doesn't
implement EL2 or EL3.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index d6b69dc..ffe245f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1623,6 +1623,33 @@ static int aa64_cacheop_write(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int tlbi_aa64_va_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                              uint64_t value)
+{
+    /* Invalidate by VA (AArch64 version) */
+    uint64_t pageaddr = value << 12;
+    tlb_flush_page(env, pageaddr);
+    return 0;
+}
+
+static int tlbi_aa64_vaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                               uint64_t value)
+{
+    /* Invalidate by VA, all ASIDs (AArch64 version) */
+    uint64_t pageaddr = value << 12;
+    tlb_flush_page(env, pageaddr);
+    return 0;
+}
+
+static int tlbi_aa64_asid_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                uint64_t value)
+{
+    /* Invalidate by ASID (AArch64 version) */
+    int asid = extract64(value, 48, 16);
+    tlb_flush(env, asid == 0);
+    return 0;
+}
+
 static const ARMCPRegInfo v8_cp_reginfo[] = {
     /* Minimal set of EL0-visible registers. This will need to be expanded
      * significantly for system emulation of AArch64 CPUs.
@@ -1685,6 +1712,55 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "DC_CISW", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
       .access = PL1_W, .type = ARM_CP_NOP },
+    /* TLBI operations */
+    { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 0,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbiall_write },
+    { .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 1,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_va_write },
+    { .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 2,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_asid_write },
+    { .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 3,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_vaa_write },
+    { .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 5,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_va_write },
+    { .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 3, .opc2 = 7,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_vaa_write },
+    { .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 0,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbiall_write },
+    { .name = "TLBI_VAE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 1,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_va_write },
+    { .name = "TLBI_ASIDE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 2,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_asid_write },
+    { .name = "TLBI_VAAE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 3,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_vaa_write },
+    { .name = "TLBI_VALE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 5,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_va_write },
+    { .name = "TLBI_VAALE1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 7,
+      .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
+      .writefn = tlbi_aa64_vaa_write },
     REGINFO_SENTINEL
 };
 
-- 
1.8.5

[Qemu-devel] [PATCH 14/24] target-arm: Implement AArch64 dummy MDSCR_EL1

[Peter Maydell]

We don't support letting the guest do debug, but Linux prods the
monitor debug system control register anyway, so implement a dummy
RAZ/WI version.
---
 target-arm/helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index ffe245f..69cce6f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1761,6 +1761,12 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
       .opc0 = 1, .opc2 = 0, .crn = 8, .crm = 7, .opc2 = 7,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
       .writefn = tlbi_aa64_vaa_write },
+    /* Dummy implementation of monitor debug system control register:
+     * we don't support debug.
+     */
+    { .name = "MDSCR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
+      .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
     REGINFO_SENTINEL
 };
 
-- 
1.8.5

[Qemu-devel] [PATCH 15/24] target-arm: Implement AArch64 memory attribute registers

[Peter Maydell]

Implement the AArch64 memory attribute registers. Since QEMU doesn't
model caches it does not need to care about memory attributes at all,
and we can simply make these read-as-written.

We did not previously implement the AArch32 versions of the MAIR
registers, which went unnoticed because of the overbroad TLB_LOCKDOWN
reginfo definition; provide them now to keep the 64<->32 register
relationship clear.

We already provided AMAIR registers for 32 bit as simple RAZ/WI;
extend that to provide a 64 bit RAZ/WI AMAIR_EL1.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |  3 +++
 target-arm/helper.c | 24 +++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 2e04a6d..c8b6cdb 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -74,8 +74,10 @@
  */
 #ifdef HOST_WORDS_BIGENDIAN
 #define offsetoflow32(S, M) (offsetof(S, M) + sizeof(uint32_t))
+#define offsetofhigh32(S, M) offsetof(S, M)
 #else
 #define offsetoflow32(S, M) offsetof(S, M)
+#define offsetofhigh32(S, M) (offsetof(S, M) + sizeof(uint32_t))
 #endif
 
 /* Meanings of the ARMCPU object's two inbound GPIO lines */
@@ -197,6 +199,7 @@ typedef struct CPUARMState {
         uint32_t c9_pmxevtyper; /* perf monitor event type */
         uint32_t c9_pmuserenr; /* perf monitor user enable */
         uint32_t c9_pminten; /* perf monitor interrupt enables */
+        uint64_t mair_el1;
         uint32_t c12_vbar; /* vector base address register */
         uint32_t c13_fcse; /* FCSE PID.  */
         uint32_t c13_context; /* Context ID.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 69cce6f..d03c0cd 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -688,6 +688,26 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
      */
     { .name = "AIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 7,
       .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+    /* MAIR can just read-as-written because we don't implement caches
+     * and so don't need to care about memory attributes.
+     */
+    { .name = "MAIR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0,
+      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el1),
+      .resetvalue = 0 },
+    /* For non-long-descriptor page tables these are PRRR and NMRR;
+     * regardless they still act as reads-as-written for QEMU.
+     * The override is necessary because of the overly-broad TLB_LOCKDOWN
+     * definition.
+     */
+    { .name = "MAIR0", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
+      .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0, .access = PL1_RW,
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.mair_el1),
+      .resetfn = arm_cp_reset_ignore },
+    { .name = "MAIR1", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
+      .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 1, .access = PL1_RW,
+      .fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el1),
+      .resetfn = arm_cp_reset_ignore },
     REGINFO_SENTINEL
 };
 
@@ -1538,9 +1558,11 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
     /* NOP AMAIR0/1: the override is because these clash with the rather
      * broadly specified TLB_LOCKDOWN entry in the generic cp_reginfo.
      */
-    { .name = "AMAIR0", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 0,
+    { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
       .resetvalue = 0 },
+    /* AMAIR1 is mapped to AMAIR_EL1[63:32] */
     { .name = "AMAIR1", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 1,
       .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
       .resetvalue = 0 },
-- 
1.8.5

[Qemu-devel] [PATCH 16/24] target-arm: Implement AArch64 SCTLR_EL1

[Peter Maydell]

Implement the AArch64 view of the system control register SCTLR_EL1.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    | 2 +-
 target-arm/helper.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c8b6cdb..16f1d27 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -169,7 +169,7 @@ typedef struct CPUARMState {
     struct {
         uint32_t c0_cpuid;
         uint64_t c0_cssel; /* Cache size selection.  */
-        uint32_t c1_sys; /* System control register.  */
+        uint64_t c1_sys; /* System control register.  */
         uint32_t c1_coproc; /* Coprocessor access register.  */
         uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
         uint32_t c1_scr; /* secure config register.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index d03c0cd..f8f034c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2055,7 +2055,8 @@ void register_cp_regs_for_features(ARMCPU *cpu)
     /* Generic registers whose values depend on the implementation */
     {
         ARMCPRegInfo sctlr = {
-            .name = "SCTLR", .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
+            .name = "SCTLR", .state = ARM_CP_STATE_BOTH,
+            .opc0 = 3, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
             .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_sys),
             .writefn = sctlr_write, .resetvalue = cpu->reset_sctlr,
             .raw_writefn = raw_write,
-- 
1.8.5

[Qemu-devel] [PATCH 17/24] target-arm: Implement AArch64 TCR_EL1

[Peter Maydell]

Implement the AArch64 TCR_EL1, which is the 64 bit view of
the AArch32 TTBCR. (The uses of the bits in the register are
completely different, but in any given situation the CPU will
always interpret them one way or the other. In fact for QEMU EL1
is always 64 bit, but we share the state field because this
is the correct mapping to permit a future implementation of EL2.)
We also make the AArch64 view the 'master' as far as migration
and reset is concerned.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |  2 +-
 target-arm/helper.c | 20 +++++++++++++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 16f1d27..a7d6274 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -177,7 +177,7 @@ typedef struct CPUARMState {
         uint32_t c2_base0_hi; /* MMU translation table base 0, high 32 bits */
         uint32_t c2_base1; /* MMU translation table base 0.  */
         uint32_t c2_base1_hi; /* MMU translation table base 1, high 32 bits */
-        uint32_t c2_control; /* MMU translation table base control.  */
+        uint64_t c2_control; /* MMU translation table base control.  */
         uint32_t c2_mask; /* MMU translation table base selection mask.  */
         uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
         uint32_t c2_data; /* MPU data cachable bits.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index f8f034c..5912b13 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1272,6 +1272,15 @@ static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
     env->cp15.c2_mask = 0;
 }
 
+static int vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                              uint64_t value)
+{
+    /* For AArch64 the A1 bit could result in a change of ASID, so TLB flush. */
+    tlb_flush(env, 1);
+    env->cp15.c2_control = value;
+    return 0;
+}
+
 static const ARMCPRegInfo vmsa_cp_reginfo[] = {
     { .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW,
@@ -1285,10 +1294,15 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
     { .name = "TTBR1", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
       .access = PL1_RW,
       .fieldoffset = offsetof(CPUARMState, cp15.c2_base1), .resetvalue = 0, },
-    { .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
-      .access = PL1_RW, .writefn = vmsa_ttbcr_write,
-      .resetfn = vmsa_ttbcr_reset, .raw_writefn = vmsa_ttbcr_raw_write,
+    { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
+      .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
+      .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
       .fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
+    { .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
+      .access = PL1_RW, .type = ARM_CP_NO_MIGRATE, .writefn = vmsa_ttbcr_write,
+      .resetfn = arm_cp_reset_ignore, .raw_writefn = vmsa_ttbcr_raw_write,
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.c2_control) },
     { .name = "DFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c6_data),
       .resetvalue = 0, },
-- 
1.8.5

[Qemu-devel] [PATCH 18/24] target-arm: Implement AArch64 VBAR_EL1

[Peter Maydell]

Implement the A64 view of the VBAR system register.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    | 2 +-
 target-arm/helper.c | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index a7d6274..6f4d174 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -200,7 +200,7 @@ typedef struct CPUARMState {
         uint32_t c9_pmuserenr; /* perf monitor user enable */
         uint32_t c9_pminten; /* perf monitor interrupt enables */
         uint64_t mair_el1;
-        uint32_t c12_vbar; /* vector base address register */
+        uint64_t c12_vbar; /* vector base address register */
         uint32_t c13_fcse; /* FCSE PID.  */
         uint32_t c13_context; /* Context ID.  */
         uint64_t tpidr_el0; /* User RW Thread register.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5912b13..e2ae159 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -580,6 +580,12 @@ static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 static int vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
                       uint64_t value)
 {
+    /* Note that even though the AArch64 view of this register has bits
+     * [10:0] all RES0 we can only mask the bottom 5, to comply with the
+     * architectural requirements for bits which are RES0 only in some
+     * contexts. (ARMv8 would permit us to do no masking at all, but ARMv7
+     * requires the bottom five bits to be RAZ/WI because they're UNK/SBZP.)
+     */
     env->cp15.c12_vbar = value & ~0x1Ful;
     return 0;
 }
@@ -669,7 +675,8 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
       .resetvalue = 0, .writefn = pmintenclr_write, },
-    { .name = "VBAR", .cp = 15, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
+    { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .writefn = vbar_write,
       .fieldoffset = offsetof(CPUARMState, cp15.c12_vbar),
       .resetvalue = 0 },
-- 
1.8.5

[Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Maydell]

Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
to handle LPAE, but implemented as two separate uint32_t fields.
Combine them into a single uint64_t which can be used for all purposes.
Since this requires touching every use, take the opportunity to rename
the field to the architectural name.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/pxa2xx.c     |  2 +-
 target-arm/cpu.h    |  6 ++--
 target-arm/helper.c | 95 +++++++++++++++++------------------------------------
 3 files changed, 33 insertions(+), 70 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 02b7016..b6465d6 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -279,7 +279,7 @@ static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
             ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
         s->cpu->env.cp15.c1_sys = 0;
         s->cpu->env.cp15.c1_coproc = 0;
-        s->cpu->env.cp15.c2_base0 = 0;
+        s->cpu->env.cp15.ttbr0_el1 = 0;
         s->cpu->env.cp15.c3 = 0;
         s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
         s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6f4d174..7138882 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -173,10 +173,8 @@ typedef struct CPUARMState {
         uint32_t c1_coproc; /* Coprocessor access register.  */
         uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
         uint32_t c1_scr; /* secure config register.  */
-        uint32_t c2_base0; /* MMU translation table base 0.  */
-        uint32_t c2_base0_hi; /* MMU translation table base 0, high 32 bits */
-        uint32_t c2_base1; /* MMU translation table base 0.  */
-        uint32_t c2_base1_hi; /* MMU translation table base 1, high 32 bits */
+        uint64_t ttbr0_el1; /* MMU translation table base 0. */
+        uint32_t ttbr1_el1; /* MMU translation table base 1. */
         uint64_t c2_control; /* MMU translation table base control.  */
         uint32_t c2_mask; /* MMU translation table base selection mask.  */
         uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index e2ae159..1f1dec1 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1288,6 +1288,18 @@ static int vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    /* 64 bit accesses to the TTBRs can change the ASID and so we
+     * must flush the TLB.
+     */
+    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
+        tlb_flush(env, 1);
+    }
+    return raw_write(env, ri, value);
+}
+
 static const ARMCPRegInfo vmsa_cp_reginfo[] = {
     { .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW,
@@ -1295,12 +1307,14 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
     { .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
       .access = PL1_RW,
       .fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
-    { .name = "TTBR0", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
-      .access = PL1_RW,
-      .fieldoffset = offsetof(CPUARMState, cp15.c2_base0), .resetvalue = 0, },
-    { .name = "TTBR1", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
-      .access = PL1_RW,
-      .fieldoffset = offsetof(CPUARMState, cp15.c2_base1), .resetvalue = 0, },
+    { .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
+      .writefn = vmsa_ttbr_write, .resetvalue = 0 },
+    { .name = "TTBR1_EL1", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
+      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
+      .writefn = vmsa_ttbr_write, .resetvalue = 0 },
     { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
       .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
@@ -1525,56 +1539,6 @@ static void par64_reset(CPUARMState *env, const ARMCPRegInfo *ri)
     env->cp15.c7_par = 0;
 }
 
-static int ttbr064_read(CPUARMState *env, const ARMCPRegInfo *ri,
-                        uint64_t *value)
-{
-    *value = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
-    return 0;
-}
-
-static int ttbr064_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
-                             uint64_t value)
-{
-    env->cp15.c2_base0_hi = value >> 32;
-    env->cp15.c2_base0 = value;
-    return 0;
-}
-
-static int ttbr064_write(CPUARMState *env, const ARMCPRegInfo *ri,
-                         uint64_t value)
-{
-    /* Writes to the 64 bit format TTBRs may change the ASID */
-    tlb_flush(env, 1);
-    return ttbr064_raw_write(env, ri, value);
-}
-
-static void ttbr064_reset(CPUARMState *env, const ARMCPRegInfo *ri)
-{
-    env->cp15.c2_base0_hi = 0;
-    env->cp15.c2_base0 = 0;
-}
-
-static int ttbr164_read(CPUARMState *env, const ARMCPRegInfo *ri,
-                        uint64_t *value)
-{
-    *value = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
-    return 0;
-}
-
-static int ttbr164_write(CPUARMState *env, const ARMCPRegInfo *ri,
-                         uint64_t value)
-{
-    env->cp15.c2_base1_hi = value >> 32;
-    env->cp15.c2_base1 = value;
-    return 0;
-}
-
-static void ttbr164_reset(CPUARMState *env, const ARMCPRegInfo *ri)
-{
-    env->cp15.c2_base1_hi = 0;
-    env->cp15.c2_base1 = 0;
-}
-
 static const ARMCPRegInfo lpae_cp_reginfo[] = {
     /* NOP AMAIR0/1: the override is because these clash with the rather
      * broadly specified TLB_LOCKDOWN entry in the generic cp_reginfo.
@@ -1596,12 +1560,13 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
       .access = PL1_RW, .type = ARM_CP_64BIT,
       .readfn = par64_read, .writefn = par64_write, .resetfn = par64_reset },
     { .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
-      .access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr064_read,
-      .writefn = ttbr064_write, .raw_writefn = ttbr064_raw_write,
-      .resetfn = ttbr064_reset },
+      .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
+      .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
+      .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
     { .name = "TTBR1", .cp = 15, .crm = 2, .opc1 = 1,
-      .access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr164_read,
-      .writefn = ttbr164_write, .resetfn = ttbr164_reset },
+      .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
+      .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
+      .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
     REGINFO_SENTINEL
 };
 
@@ -3024,9 +2989,9 @@ static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
     uint32_t table;
 
     if (address & env->cp15.c2_mask)
-        table = env->cp15.c2_base1 & 0xffffc000;
+        table = env->cp15.ttbr1_el1 & 0xffffc000;
     else
-        table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
+        table = env->cp15.ttbr0_el1 & env->cp15.c2_base_mask;
 
     table |= (address >> 18) & 0x3ffc;
     return table;
@@ -3299,11 +3264,11 @@ static int get_phys_addr_lpae(CPUARMState *env, uint32_t address,
      * we will always flush the TLB any time the ASID is changed).
      */
     if (ttbr_select == 0) {
-        ttbr = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
+        ttbr = env->cp15.ttbr0_el1;
         epd = extract32(env->cp15.c2_control, 7, 1);
         tsz = t0sz;
     } else {
-        ttbr = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
+        ttbr = env->cp15.ttbr1_el1;
         epd = extract32(env->cp15.c2_control, 23, 1);
         tsz = t1sz;
     }
-- 
1.8.5

[Qemu-devel] [PATCH 20/24] target-arm: Implement AArch64 MPIDR

[Peter Maydell]

Implement the AArch64 MPIDR system register.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 1f1dec1..ef74d10 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1499,7 +1499,8 @@ static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     CPUState *cs = CPU(arm_env_get_cpu(env));
     uint32_t mpidr = cs->cpu_index;
-    /* We don't support setting cluster ID ([8..11])
+    /* We don't support setting cluster ID ([8..11]) (known as Aff1
+     * in later ARM ARM versions), or any of the higher affinity level fields,
      * so these bits always RAZ.
      */
     if (arm_feature(env, ARM_FEATURE_V7MP)) {
@@ -1515,7 +1516,8 @@ static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
 }
 
 static const ARMCPRegInfo mpidr_cp_reginfo[] = {
-    { .name = "MPIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+    { .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
       .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_MIGRATE },
     REGINFO_SENTINEL
 };
-- 
1.8.5

[Qemu-devel] [PATCH 21/24] target-arm: Implement AArch64 generic timers

[Peter Maydell]

Implement the AArch64 view of the generic timer system registers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |   6 +--
 target-arm/helper.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 111 insertions(+), 10 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 7138882..2aeb0c2 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -104,7 +104,7 @@ struct arm_boot_info;
 /* CPU state for each instance of a generic timer (in cp15 c14) */
 typedef struct ARMGenericTimer {
     uint64_t cval; /* Timer CompareValue register */
-    uint32_t ctl; /* Timer Control register */
+    uint64_t ctl; /* Timer Control register */
 } ARMGenericTimer;
 
 #define GTIMER_PHYS 0
@@ -204,8 +204,8 @@ typedef struct CPUARMState {
         uint64_t tpidr_el0; /* User RW Thread register.  */
         uint64_t tpidrro_el0; /* User RO Thread register.  */
         uint64_t tpidr_el1; /* Privileged Thread register.  */
-        uint32_t c14_cntfrq; /* Counter Frequency register */
-        uint32_t c14_cntkctl; /* Timer Control register */
+        uint64_t c14_cntfrq; /* Counter Frequency register */
+        uint64_t c14_cntkctl; /* Timer Control register */
         ARMGenericTimer c14_timer[NUM_GTIMERS];
         uint32_t c15_cpar; /* XScale Coprocessor Access Register */
         uint32_t c15_ticonfig; /* TI925T configuration byte.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ef74d10..d7f2a82 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -845,7 +845,7 @@ static int gt_cntfrq_read(CPUARMState *env, const ARMCPRegInfo *ri,
 static void gt_cnt_reset(CPUARMState *env, const ARMCPRegInfo *ri)
 {
     ARMCPU *cpu = arm_env_get_cpu(env);
-    int timeridx = ri->opc1 & 1;
+    int timeridx = ri->opc2 - 1;
 
     timer_del(cpu->gt_timer[timeridx]);
 }
@@ -863,6 +863,19 @@ static int gt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int gt_cnt_read64(CPUARMState *env, const ARMCPRegInfo *ri,
+                       uint64_t *value)
+{
+    int timeridx = ri->opc2 - 1;
+
+    if (arm_current_pl(env) == 0 &&
+        !extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
+        return EXCP_UDEF;
+    }
+    *value = gt_get_countervalue(env);
+    return 0;
+}
+
 static int gt_cval_read(CPUARMState *env, const ARMCPRegInfo *ri,
                         uint64_t *value)
 {
@@ -876,6 +889,19 @@ static int gt_cval_read(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static int gt_cval_read64(CPUARMState *env, const ARMCPRegInfo *ri,
+                          uint64_t *value)
+{
+    int timeridx = ri->crm & 1;
+
+    if (arm_current_pl(env) == 0 &&
+        !extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
+        return EXCP_UDEF;
+    }
+    *value = env->cp15.c14_timer[timeridx].cval;
+    return 0;
+}
+
 static int gt_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
                          uint64_t value)
 {
@@ -885,6 +911,17 @@ static int gt_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
     gt_recalc_timer(arm_env_get_cpu(env), timeridx);
     return 0;
 }
+
+static int gt_cval_write64(CPUARMState *env, const ARMCPRegInfo *ri,
+                           uint64_t value)
+{
+    int timeridx = ri->crm & 1;
+
+    env->cp15.c14_timer[timeridx].cval = value;
+    gt_recalc_timer(arm_env_get_cpu(env), timeridx);
+    return 0;
+}
+
 static int gt_tval_read(CPUARMState *env, const ARMCPRegInfo *ri,
                         uint64_t *value)
 {
@@ -964,19 +1001,36 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
      * Our reset value matches the fixed frequency we implement the timer at.
      */
     { .name = "CNTFRQ", .cp = 15, .crn = 14, .crm = 0, .opc1 = 0, .opc2 = 0,
+      .access = PL1_RW | PL0_R, .type = ARM_CP_NO_MIGRATE,
+      .fieldoffset = offsetoflow32(CPUARMState, cp15.c14_cntfrq),
+      .resetfn = arm_cp_reset_ignore,
+      .readfn = gt_cntfrq_read, .raw_readfn = raw_read,
+    },
+    { .name = "CNTFRQ_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 0,
       .access = PL1_RW | PL0_R,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_cntfrq),
       .resetvalue = (1000 * 1000 * 1000) / GTIMER_SCALE,
       .readfn = gt_cntfrq_read, .raw_readfn = raw_read,
     },
     /* overall control: mostly access permissions */
-    { .name = "CNTKCTL", .cp = 15, .crn = 14, .crm = 1, .opc1 = 0, .opc2 = 0,
+    { .name = "CNTKCTL", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .opc1 = 0, .crn = 14, .crm = 1, .opc2 = 0,
       .access = PL1_RW,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_cntkctl),
       .resetvalue = 0,
     },
     /* per-timer control */
     { .name = "CNTP_CTL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,
+      .type = ARM_CP_IO | ARM_CP_NO_MIGRATE, .access = PL1_RW | PL0_R,
+      .fieldoffset = offsetoflow32(CPUARMState,
+                                   cp15.c14_timer[GTIMER_PHYS].ctl),
+      .resetfn = arm_cp_reset_ignore,
+      .readfn = gt_ctl_read, .writefn = gt_ctl_write,
+      .raw_readfn = raw_read, .raw_writefn = raw_write,
+    },
+    { .name = "CNTP_CTL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 1,
       .type = ARM_CP_IO, .access = PL1_RW | PL0_R,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].ctl),
       .resetvalue = 0,
@@ -984,6 +1038,15 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .raw_readfn = raw_read, .raw_writefn = raw_write,
     },
     { .name = "CNTV_CTL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 1,
+      .type = ARM_CP_IO | ARM_CP_NO_MIGRATE, .access = PL1_RW | PL0_R,
+      .fieldoffset = offsetoflow32(CPUARMState,
+                                   cp15.c14_timer[GTIMER_VIRT].ctl),
+      .resetfn = arm_cp_reset_ignore,
+      .readfn = gt_ctl_read, .writefn = gt_ctl_write,
+      .raw_readfn = raw_read, .raw_writefn = raw_write,
+    },
+    { .name = "CNTV_CTL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 1,
       .type = ARM_CP_IO, .access = PL1_RW | PL0_R,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].ctl),
       .resetvalue = 0,
@@ -995,36 +1058,74 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
       .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
       .readfn = gt_tval_read, .writefn = gt_tval_write,
     },
+    { .name = "CNTP_TVAL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 0,
+      .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
+      .readfn = gt_tval_read, .writefn = gt_tval_write,
+    },
     { .name = "CNTV_TVAL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 0,
       .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
       .readfn = gt_tval_read, .writefn = gt_tval_write,
     },
+    { .name = "CNTV_TVAL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 0,
+      .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
+      .readfn = gt_tval_read, .writefn = gt_tval_write,
+    },
     /* The counter itself */
     { .name = "CNTPCT", .cp = 15, .crm = 14, .opc1 = 0,
       .access = PL0_R, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE | ARM_CP_IO,
-      .readfn = gt_cnt_read, .resetfn = gt_cnt_reset,
+      .readfn = gt_cnt_read,
+    },
+    { .name = "CNTPCT_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 1,
+      .access = PL0_R, .type = ARM_CP_NO_MIGRATE | ARM_CP_IO,
+      .readfn = gt_cnt_read64, .resetfn = gt_cnt_reset,
     },
     { .name = "CNTVCT", .cp = 15, .crm = 14, .opc1 = 1,
       .access = PL0_R, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE | ARM_CP_IO,
-      .readfn = gt_cnt_read, .resetfn = gt_cnt_reset,
+      .readfn = gt_cnt_read,
+    },
+    { .name = "CNTVCT_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 2,
+      .access = PL0_R, .type = ARM_CP_NO_MIGRATE | ARM_CP_IO,
+      .readfn = gt_cnt_read64, .resetfn = gt_cnt_reset,
     },
     /* Comparison value, indicating when the timer goes off */
     { .name = "CNTP_CVAL", .cp = 15, .crm = 14, .opc1 = 2,
       .access = PL1_RW | PL0_R,
-      .type = ARM_CP_64BIT | ARM_CP_IO,
+      .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_MIGRATE,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
-      .resetvalue = 0,
+      .resetfn = arm_cp_reset_ignore,
       .readfn = gt_cval_read, .writefn = gt_cval_write,
       .raw_readfn = raw_read, .raw_writefn = raw_write,
     },
+    { .name = "CNTP_CVAL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 2,
+      .access = PL1_RW | PL0_R,
+      .type = ARM_CP_IO,
+      .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
+      .resetvalue = 0,
+      .readfn = gt_cval_read64, .writefn = gt_cval_write64,
+      .raw_readfn = raw_read, .raw_writefn = raw_write,
+    },
     { .name = "CNTV_CVAL", .cp = 15, .crm = 14, .opc1 = 3,
       .access = PL1_RW | PL0_R,
-      .type = ARM_CP_64BIT | ARM_CP_IO,
+      .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_MIGRATE,
       .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
       .resetvalue = 0,
       .readfn = gt_cval_read, .writefn = gt_cval_write,
       .raw_readfn = raw_read, .raw_writefn = raw_write,
     },
+    { .name = "CNTV_CVAL_EL0", .state = ARM_CP_STATE_AA64,
+      .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 2,
+      .access = PL1_RW | PL0_R,
+      .type = ARM_CP_IO,
+      .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
+      .resetvalue = 0,
+      .readfn = gt_cval_read64, .writefn = gt_cval_write64,
+      .raw_readfn = raw_read, .raw_writefn = raw_write,
+    },
     REGINFO_SENTINEL
 };
 
-- 
1.8.5

[Qemu-devel] [PATCH 22/24] target-arm: Implement AArch64 ID and feature registers

[Peter Maydell]

Implement the AArch64-specific ID and feature registers. Although
many of these are currently not used by the architecture (and so
always zero for all implementations), we define the full set of
fields in the ARMCPU struct for symmetry.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu-qom.h | 10 ++++++++++
 target-arm/helper.c  | 45 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index afbd422..00234e1 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -132,6 +132,16 @@ typedef struct ARMCPU {
     uint32_t id_isar3;
     uint32_t id_isar4;
     uint32_t id_isar5;
+    uint64_t id_aa64pfr0;
+    uint64_t id_aa64pfr1;
+    uint64_t id_aa64dfr0;
+    uint64_t id_aa64dfr1;
+    uint64_t id_aa64afr0;
+    uint64_t id_aa64afr1;
+    uint64_t id_aa64isar0;
+    uint64_t id_aa64isar1;
+    uint64_t id_aa64mmfr0;
+    uint64_t id_aa64mmfr1;
     uint32_t clidr;
     /* The elements of this array are the CCSIDR values for each cache,
      * in the order L1DCache, L1ICache, L2DCache, L2ICache, etc.
diff --git a/target-arm/helper.c b/target-arm/helper.c
index d7f2a82..3ebd0b8 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1999,6 +1999,51 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         define_arm_cp_regs(cpu, not_v7_cp_reginfo);
     }
     if (arm_feature(env, ARM_FEATURE_V8)) {
+        /* AArch64 ID registers, which all have impdef reset values */
+        ARMCPRegInfo v8_idregs[] = {
+            { .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64pfr0 },
+            { .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64pfr1},
+            { .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64dfr0 },
+            { .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64dfr1 },
+            { .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64afr0 },
+            { .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64afr1 },
+            { .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64isar0 },
+            { .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64isar1 },
+            { .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64mmfr0 },
+            { .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
+              .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
+              .access = PL1_R, .type = ARM_CP_CONST,
+              .resetvalue = cpu->id_aa64mmfr1 },
+            REGINFO_SENTINEL
+        };
+        define_arm_cp_regs(cpu, v8_idregs);
         define_arm_cp_regs(cpu, v8_cp_reginfo);
     }
     if (arm_feature(env, ARM_FEATURE_MPU)) {
-- 
1.8.5

[Qemu-devel] [PATCH 23/24] target-arm: Implement AArch64 dummy breakpoint and watchpoint registers

[Peter Maydell]

In AArch64 the breakpoint and watchpoint registers are mandatory, so the
kernel always accesses them on bootup. Implement dummy versions, which
read as written but have no actual effect.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    |  4 ++++
 target-arm/helper.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 2aeb0c2..9c97d7c 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -216,6 +216,10 @@ typedef struct CPUARMState {
         uint32_t c15_diagnostic; /* diagnostic register */
         uint32_t c15_power_diagnostic;
         uint32_t c15_power_control; /* power control */
+        uint64_t dbgbvr[16]; /* breakpoint value registers */
+        uint64_t dbgbcr[16]; /* breakpoint control registers */
+        uint64_t dbgwvr[16]; /* watchpoint value registers */
+        uint64_t dbgwcr[16]; /* watchpoint control registers */
     } cp15;
 
     /* System registers (AArch64) */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 3ebd0b8..2971e6f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1904,6 +1904,37 @@ static int ctr_el0_read(CPUARMState *env, const ARMCPRegInfo *ri,
     return 0;
 }
 
+static void define_aarch64_debug_regs(ARMCPU *cpu)
+{
+    /* Define breakpoint and watchpoint registers. These do nothing
+     * but read as written, for now.
+     */
+    int i;
+
+    for (i = 0; i < 16; i++) {
+        ARMCPRegInfo dbgregs[] = {
+            { .name = "DBGBVR", .state = ARM_CP_STATE_AA64,
+              .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
+              .access = PL1_RW,
+              .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]) },
+            { .name = "DBGBCR", .state = ARM_CP_STATE_AA64,
+              .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
+              .access = PL1_RW,
+              .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]) },
+            { .name = "DBGWVR", .state = ARM_CP_STATE_AA64,
+              .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
+              .access = PL1_RW,
+              .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]) },
+            { .name = "DBGWCR", .state = ARM_CP_STATE_AA64,
+              .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
+              .access = PL1_RW,
+              .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]) },
+               REGINFO_SENTINEL
+        };
+        define_arm_cp_regs(cpu, dbgregs);
+    }
+}
+
 void register_cp_regs_for_features(ARMCPU *cpu)
 {
     /* Register all the coprocessor registers based on feature bits */
@@ -2045,6 +2076,7 @@ void register_cp_regs_for_features(ARMCPU *cpu)
         };
         define_arm_cp_regs(cpu, v8_idregs);
         define_arm_cp_regs(cpu, v8_cp_reginfo);
+        define_aarch64_debug_regs(cpu);
     }
     if (arm_feature(env, ARM_FEATURE_MPU)) {
         /* These are the MPU registers prior to PMSAv6. Any new
-- 
1.8.5

[Qemu-devel] [PATCH 24/24] target-arm: Implement AArch64 OSLAR_EL1 sysreg as WI

[Peter Maydell]

Define a dummy version of the AArch64 OSLAR_EL1 system register
which just ignores writes. Linux will always write to this (it
is the OS lock used for debugging), but we don't support debug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 2971e6f..6a2d790 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1878,6 +1878,10 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "MDSCR_EL1", .state = ARM_CP_STATE_AA64,
       .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
       .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+    /* We define a dummy WI OSLAR_EL1, because Linux writes to it. */
+    { .name = "OSLAR_EL1", .state = ARM_CP_STATE_AA64,
+      .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
+      .access = PL1_W, .type = ARM_CP_NOP },
     REGINFO_SENTINEL
 };
 
-- 
1.8.5

Re: [Qemu-devel] [PATCH 06/24] target-arm: A64: Implement store-exclusive for system mode

[Hu Tao]

On Tue, Jan 21, 2014 at 08:12:12PM +0000, Peter Maydell wrote:
> System mode store-exclusive use a different code path to usermode ones;
> implement this missing code, in a similar way to the 32 bit version.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target-arm/translate-a64.c | 68 ++++++++++++++++++++++++++++++++++++++++++----
>  1 file changed, 62 insertions(+), 6 deletions(-)
> 
> diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
> index e0f6765..5aa1f17 100644
> --- a/target-arm/translate-a64.c
> +++ b/target-arm/translate-a64.c
> @@ -1422,12 +1422,68 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
>  }
>  #else
>  static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
> -                                TCGv_i64 addr, int size, int is_pair)
> -{
> -    qemu_log_mask(LOG_UNIMP,
> -                  "%s:%d: system mode store_exclusive unsupported "
> -                  "at pc=%016" PRIx64 "\n",
> -                  __FILE__, __LINE__, s->pc - 4);
> +                                TCGv_i64 inaddr, int size, int is_pair)
> +{
> +    /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]
> +     *     && (!is_pair || env->exclusive_high == [addr + datasize])) {
> +     *     [addr] = {Rt};
> +     *     if (is_pair) {
> +     *         [addr + datasize] = {Rt2};
> +     *     }
> +     *     {Rd} = 0;
> +     * } else {
> +     *     {Rd} = 1;
> +     * }
> +     * env->exclusive_addr = -1;
> +     */
> +    int fail_label = gen_new_label();
> +    int done_label = gen_new_label();
> +    TCGv_i64 addr = tcg_temp_local_new_i64();
> +    TCGv_i64 tmp;
> +
> +    /* Copy input into a local temp so it is not trashed when the
> +     * basic block ends at the branch insn.
> +     */
> +    tcg_gen_mov_i64(addr, inaddr);
> +    tcg_gen_brcond_i64(TCG_COND_NE, addr, cpu_exclusive_addr, fail_label);
> +
> +    tmp = tcg_temp_new_i64();
> +    tcg_gen_qemu_ld_i64(tmp, addr, get_mem_index(s), MO_TE + size);
> +    tcg_gen_brcond_i64(TCG_COND_NE, tmp, cpu_exclusive_val, fail_label);
> +    tcg_temp_free_i64(tmp);
> +
> +    if (is_pair) {
> +        TCGv_i64 addrhi = tcg_temp_new_i64();
> +        TCGv_i64 tmphi = tcg_temp_new_i64();
> +
> +        tcg_gen_addi_i64(addrhi, addr, 1 << size);
> +        tcg_gen_qemu_ld_i64(tmphi, addrhi, get_mem_index(s), MO_TE + size);
> +        tcg_gen_brcond_i64(TCG_COND_NE, tmp, cpu_exclusive_high, fail_label);

s/tmp/tmphi/

> +
> +        tcg_temp_free_i64(tmphi);
> +        tcg_temp_free_i64(addrhi);

Can addrhi be saved and free after doing store?

> +    }
> +
> +    /* We seem to still have the exclusive monitor, so do the store */
> +    tcg_gen_qemu_st_i64(cpu_reg(s, rt), addr, get_mem_index(s), MO_TE + size);
> +    if (is_pair) {
> +        TCGv_i64 addrhi = tcg_temp_new_i64();
> +
> +        tcg_gen_addi_i64(addrhi, addr, 1 << size);
> +        tcg_gen_qemu_st_i64(cpu_reg(s, rt2), addrhi,
> +                            get_mem_index(s), MO_TE + size);
> +        tcg_temp_free_i64(addrhi);
> +    }
> +
> +    tcg_temp_free_i64(addr);
> +
> +    tcg_gen_movi_i64(cpu_reg(s, rd), 0);
> +    tcg_gen_br(done_label);
> +    gen_set_label(fail_label);
> +    tcg_gen_movi_i64(cpu_reg(s, rd), 1);
> +    gen_set_label(done_label);
> +    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
> +
>  }
>  #endif
>  
> -- 
> 1.8.5
> 
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/cucslists/listinfo/kvmarm

Re: [Qemu-devel] [PATCH 08/24] target-arm: A64: Implement MSR (immediate) instructions

[Hu Tao]

On Tue, Jan 21, 2014 at 08:12:14PM +0000, Peter Maydell wrote:
> Implement the MSR (immediate) instructions, which can update the
> PSTATE SP and DAIF fields.
> ---
>  target-arm/cpu.h           |  1 +
>  target-arm/helper.h        |  2 ++
>  target-arm/op_helper.c     | 25 +++++++++++++++++++++++++
>  target-arm/translate-a64.c | 24 +++++++++++++++++++++++-
>  4 files changed, 51 insertions(+), 1 deletion(-)
> 
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index 1966a19..1dce28b 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -431,6 +431,7 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env, target_ulong address, int rw,
>  #define PSTATE_Z (1U << 30)
>  #define PSTATE_N (1U << 31)
>  #define PSTATE_NZCV (PSTATE_N | PSTATE_Z | PSTATE_C | PSTATE_V)
> +#define PSTATE_DAIF (PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F)
>  #define CACHED_PSTATE_BITS (PSTATE_NZCV)
>  /* Mode values for AArch64 */
>  #define PSTATE_MODE_EL3h 13
> diff --git a/target-arm/helper.h b/target-arm/helper.h
> index 70872df..638c91a 100644
> --- a/target-arm/helper.h
> +++ b/target-arm/helper.h
> @@ -62,6 +62,8 @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr)
>  DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)
>  DEF_HELPER_2(get_cp_reg64, i64, env, ptr)
>  
> +DEF_HELPER_3(msr_i_pstate, void, env, i32, i32)
> +
>  DEF_HELPER_2(get_r13_banked, i32, env, i32)
>  DEF_HELPER_3(set_r13_banked, void, env, i32, i32)
>  
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index a918e5b..c812a9f 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -313,6 +313,31 @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)
>      return value;
>  }
>  
> +void HELPER(msr_i_pstate)(CPUARMState *env, uint32_t op, uint32_t imm)
> +{
> +    /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set.
> +     * Note that SPSel is never OK from EL0; we rely on handle_msr_i()
> +     * to catch that case at translate time.
> +     */
> +    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
> +        raise_exception(env, EXCP_UDEF);

Not sure EXCP_UDEF is correct here. In this case we are trapped from EL0
to EL1, and setting EC to 0x00 if ESR_EL1 is implemented.

Re: [Qemu-devel] [PATCH 06/24] target-arm: A64: Implement store-exclusive for system mode

[Peter Maydell]

On 22 January 2014 02:19, Hu Tao <hutao@cn.fujitsu.com> wrote:
> On Tue, Jan 21, 2014 at 08:12:12PM +0000, Peter Maydell wrote:
>> +    if (is_pair) {
>> +        TCGv_i64 addrhi = tcg_temp_new_i64();
>> +        TCGv_i64 tmphi = tcg_temp_new_i64();
>> +
>> +        tcg_gen_addi_i64(addrhi, addr, 1 << size);
>> +        tcg_gen_qemu_ld_i64(tmphi, addrhi, get_mem_index(s), MO_TE + size);
>> +        tcg_gen_brcond_i64(TCG_COND_NE, tmp, cpu_exclusive_high, fail_label);
>
> s/tmp/tmphi/

Thanks, nice catch.

>> +
>> +        tcg_temp_free_i64(tmphi);
>> +        tcg_temp_free_i64(addrhi);
>
> Can addrhi be saved and free after doing store?

It would have to be made a local-temp to avoid the branch
trashing it. I preferred to make it a local and recalculate for
the store on the basis that the TCG backend really ought to
be capable of turning "add tmp, addr, 4; load from tmp" into
a single "load from addr+4" instruction, and having the
constant go into a local-temp would probably defeat that.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 08/24] target-arm: A64: Implement MSR (immediate) instructions

[Peter Maydell]

On 22 January 2014 03:10, Hu Tao <hutao@cn.fujitsu.com> wrote:
> On Tue, Jan 21, 2014 at 08:12:14PM +0000, Peter Maydell wrote:
>> +    /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set.
>> +     * Note that SPSel is never OK from EL0; we rely on handle_msr_i()
>> +     * to catch that case at translate time.
>> +     */
>> +    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
>> +        raise_exception(env, EXCP_UDEF);
>
> Not sure EXCP_UDEF is correct here. In this case we are trapped from EL0
> to EL1, and setting EC to 0x00 if ESR_EL1 is implemented.

It's our closest current available exception and is what we've been
using consistently for other bad-sysreg access exceptions.
You are correct that for the full AArch64 system model we need
to fix exception handling and provide a syndrome register value
for every place we take an exception. That will come in a later
patchset.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 01/24] target-arm/kvm-consts.h: Define QEMU constants for known KVM CPUs

[Peter Maydell]

On 21 January 2014 20:12, Peter Maydell <peter.maydell@linaro.org> wrote:
> -#ifndef TARGET_AARCH64
> +#ifdef TARGET_AARCH64
> +MISMATCH_CHECK(QEMU_KVM_ARM_TARGET_AEM_V8, KVM_ARM_TARGET_ARM_V8)

It's been pointed out that there's a typo here which means
this won't build on AArch64 hosts: it should read
'KVM_ARM_TARGET_AEM_V8'...

thanks
-- PMM

Re: [Qemu-devel] [PATCH 03/24] target-arm: Restrict check_ap() use of S and R bits to v6 and earlier

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> The SCTLR bits S and R (8 and 9) only exist in ARMv6 and earlier.
> In ARMv7 these bits RAZ, and in ARMv8 they are reassigned. Guard
> the use of them in check_ap() so that we don't get incorrect results
> for ARMv8 CPUs.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> ---
>  target-arm/helper.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 792953e..205e36a 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -2765,6 +2765,9 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
>
>    switch (ap) {
>    case 0:
> +      if (arm_feature(env, ARM_FEATURE_V7)) {
> +          return 0;
> +      }
>        if (access_type == 1)
>            return 0;
>        switch (env->cp15.c1_sys & (SCTLR_S | SCTLR_R)) {
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 04/24] target-arm: Log bad system register accesses with LOG_UNIMP

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Log guest attempts to access unimplemented system registers via
> the LOG_UNIMP reporting mechanism (for both the 32 bit and 64 bit
> instruction sets). This is particularly useful for debugging
> problems where the guest is trying to use a system register that
> QEMU doesn't implement.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> ---
>  target-arm/translate-a64.c |  7 ++++++-
>  target-arm/translate.c     | 13 +++++++++++++
>  2 files changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
> index a808a88..e0f6765 100644
> --- a/target-arm/translate-a64.c
> +++ b/target-arm/translate-a64.c
> @@ -1121,7 +1121,12 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
>                                                 crn, crm, op0, op1, op2));
>
>      if (!ri) {
> -        /* Unknown register */
> +        /* Unknown register; this might be a guest error or a QEMU
> +         * unimplemented feature.
> +         */
> +        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch64 "
> +                      "system register op0:%d op1:%d crn:%d crm:%d op2:%d\n",
> +                      isread ? "read" : "write", op0, op1, crn, crm, op2);
>          unallocated_encoding(s);
>          return;
>      }
> diff --git a/target-arm/translate.c b/target-arm/translate.c
> index 8d240e1..59a206d 100644
> --- a/target-arm/translate.c
> +++ b/target-arm/translate.c
> @@ -6672,6 +6672,19 @@ static int disas_coproc_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
>          return 0;
>      }
>
> +    /* Unknown register; this might be a guest error or a QEMU
> +     * unimplemented feature.
> +     */
> +    if (is64) {
> +        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
> +                      "64 bit system register cp:%d opc1: %d crm:%d\n",
> +                      isread ? "read" : "write", cpnum, opc1, crm);
> +    } else {
> +        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
> +                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d\n",
> +                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2);
> +    }
> +
>      return 1;
>  }
>
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
> to handle LPAE, but implemented as two separate uint32_t fields.
> Combine them into a single uint64_t which can be used for all purposes.
> Since this requires touching every use, take the opportunity to rename
> the field to the architectural name.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/arm/pxa2xx.c     |  2 +-
>  target-arm/cpu.h    |  6 ++--
>  target-arm/helper.c | 95 +++++++++++++++++------------------------------------
>  3 files changed, 33 insertions(+), 70 deletions(-)
>
> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
> index 02b7016..b6465d6 100644
> --- a/hw/arm/pxa2xx.c
> +++ b/hw/arm/pxa2xx.c
> @@ -279,7 +279,7 @@ static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
>              ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
>          s->cpu->env.cp15.c1_sys = 0;
>          s->cpu->env.cp15.c1_coproc = 0;
> -        s->cpu->env.cp15.c2_base0 = 0;
> +        s->cpu->env.cp15.ttbr0_el1 = 0;
>          s->cpu->env.cp15.c3 = 0;
>          s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
>          s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index 6f4d174..7138882 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -173,10 +173,8 @@ typedef struct CPUARMState {
>          uint32_t c1_coproc; /* Coprocessor access register.  */
>          uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
>          uint32_t c1_scr; /* secure config register.  */
> -        uint32_t c2_base0; /* MMU translation table base 0.  */
> -        uint32_t c2_base0_hi; /* MMU translation table base 0, high 32 bits */
> -        uint32_t c2_base1; /* MMU translation table base 0.  */
> -        uint32_t c2_base1_hi; /* MMU translation table base 1, high 32 bits */
> +        uint64_t ttbr0_el1; /* MMU translation table base 0. */
> +        uint32_t ttbr1_el1; /* MMU translation table base 1. */
>          uint64_t c2_control; /* MMU translation table base control.  */
>          uint32_t c2_mask; /* MMU translation table base selection mask.  */
>          uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index e2ae159..1f1dec1 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -1288,6 +1288,18 @@ static int vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      return 0;
>  }
>
> +static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
> +                             uint64_t value)
> +{
> +    /* 64 bit accesses to the TTBRs can change the ASID and so we
> +     * must flush the TLB.
> +     */
> +    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
> +        tlb_flush(env, 1);
> +    }

With the level of complexity this if has reached, is it better to just
check for this ASID change rather than make this overly conservative
flush?

Regards,
Peter

> +    return raw_write(env, ri, value);
> +}
> +
>  static const ARMCPRegInfo vmsa_cp_reginfo[] = {
>      { .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
>        .access = PL1_RW,
> @@ -1295,12 +1307,14 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
>      { .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
>        .access = PL1_RW,
>        .fieldoffset = offsetof(CPUARMState, cp15.c5_insn), .resetvalue = 0, },
> -    { .name = "TTBR0", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
> -      .access = PL1_RW,
> -      .fieldoffset = offsetof(CPUARMState, cp15.c2_base0), .resetvalue = 0, },
> -    { .name = "TTBR1", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
> -      .access = PL1_RW,
> -      .fieldoffset = offsetof(CPUARMState, cp15.c2_base1), .resetvalue = 0, },
> +    { .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
> +      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
> +      .writefn = vmsa_ttbr_write, .resetvalue = 0 },
> +    { .name = "TTBR1_EL1", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
> +      .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
> +      .writefn = vmsa_ttbr_write, .resetvalue = 0 },
>      { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
>        .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
>        .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
> @@ -1525,56 +1539,6 @@ static void par64_reset(CPUARMState *env, const ARMCPRegInfo *ri)
>      env->cp15.c7_par = 0;
>  }
>
> -static int ttbr064_read(CPUARMState *env, const ARMCPRegInfo *ri,
> -                        uint64_t *value)
> -{
> -    *value = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
> -    return 0;
> -}
> -
> -static int ttbr064_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
> -                             uint64_t value)
> -{
> -    env->cp15.c2_base0_hi = value >> 32;
> -    env->cp15.c2_base0 = value;
> -    return 0;
> -}
> -
> -static int ttbr064_write(CPUARMState *env, const ARMCPRegInfo *ri,
> -                         uint64_t value)
> -{
> -    /* Writes to the 64 bit format TTBRs may change the ASID */
> -    tlb_flush(env, 1);
> -    return ttbr064_raw_write(env, ri, value);
> -}
> -
> -static void ttbr064_reset(CPUARMState *env, const ARMCPRegInfo *ri)
> -{
> -    env->cp15.c2_base0_hi = 0;
> -    env->cp15.c2_base0 = 0;
> -}
> -
> -static int ttbr164_read(CPUARMState *env, const ARMCPRegInfo *ri,
> -                        uint64_t *value)
> -{
> -    *value = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
> -    return 0;
> -}
> -
> -static int ttbr164_write(CPUARMState *env, const ARMCPRegInfo *ri,
> -                         uint64_t value)
> -{
> -    env->cp15.c2_base1_hi = value >> 32;
> -    env->cp15.c2_base1 = value;
> -    return 0;
> -}
> -
> -static void ttbr164_reset(CPUARMState *env, const ARMCPRegInfo *ri)
> -{
> -    env->cp15.c2_base1_hi = 0;
> -    env->cp15.c2_base1 = 0;
> -}
> -
>  static const ARMCPRegInfo lpae_cp_reginfo[] = {
>      /* NOP AMAIR0/1: the override is because these clash with the rather
>       * broadly specified TLB_LOCKDOWN entry in the generic cp_reginfo.
> @@ -1596,12 +1560,13 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
>        .access = PL1_RW, .type = ARM_CP_64BIT,
>        .readfn = par64_read, .writefn = par64_write, .resetfn = par64_reset },
>      { .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
> -      .access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr064_read,
> -      .writefn = ttbr064_write, .raw_writefn = ttbr064_raw_write,
> -      .resetfn = ttbr064_reset },
> +      .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
> +      .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
> +      .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
>      { .name = "TTBR1", .cp = 15, .crm = 2, .opc1 = 1,
> -      .access = PL1_RW, .type = ARM_CP_64BIT, .readfn = ttbr164_read,
> -      .writefn = ttbr164_write, .resetfn = ttbr164_reset },
> +      .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
> +      .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
> +      .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
>      REGINFO_SENTINEL
>  };
>
> @@ -3024,9 +2989,9 @@ static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
>      uint32_t table;
>
>      if (address & env->cp15.c2_mask)
> -        table = env->cp15.c2_base1 & 0xffffc000;
> +        table = env->cp15.ttbr1_el1 & 0xffffc000;
>      else
> -        table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
> +        table = env->cp15.ttbr0_el1 & env->cp15.c2_base_mask;
>
>      table |= (address >> 18) & 0x3ffc;
>      return table;
> @@ -3299,11 +3264,11 @@ static int get_phys_addr_lpae(CPUARMState *env, uint32_t address,
>       * we will always flush the TLB any time the ASID is changed).
>       */
>      if (ttbr_select == 0) {
> -        ttbr = ((uint64_t)env->cp15.c2_base0_hi << 32) | env->cp15.c2_base0;
> +        ttbr = env->cp15.ttbr0_el1;
>          epd = extract32(env->cp15.c2_control, 7, 1);
>          tsz = t0sz;
>      } else {
> -        ttbr = ((uint64_t)env->cp15.c2_base1_hi << 32) | env->cp15.c2_base1;
> +        ttbr = env->cp15.ttbr1_el1;
>          epd = extract32(env->cp15.c2_control, 23, 1);
>          tsz = t1sz;
>      }
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Maydell]

On 24 January 2014 23:44, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
>> to handle LPAE, but implemented as two separate uint32_t fields.
>> Combine them into a single uint64_t which can be used for all purposes.
>> Since this requires touching every use, take the opportunity to rename
>> the field to the architectural name.
>>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---
>>  hw/arm/pxa2xx.c     |  2 +-
>>  target-arm/cpu.h    |  6 ++--
>>  target-arm/helper.c | 95 +++++++++++++++++------------------------------------
>>  3 files changed, 33 insertions(+), 70 deletions(-)
>>
>> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
>> index 02b7016..b6465d6 100644
>> --- a/hw/arm/pxa2xx.c
>> +++ b/hw/arm/pxa2xx.c
>> @@ -279,7 +279,7 @@ static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>              ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
>>          s->cpu->env.cp15.c1_sys = 0;
>>          s->cpu->env.cp15.c1_coproc = 0;
>> -        s->cpu->env.cp15.c2_base0 = 0;
>> +        s->cpu->env.cp15.ttbr0_el1 = 0;
>>          s->cpu->env.cp15.c3 = 0;
>>          s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
>>          s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
>> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
>> index 6f4d174..7138882 100644
>> --- a/target-arm/cpu.h
>> +++ b/target-arm/cpu.h
>> @@ -173,10 +173,8 @@ typedef struct CPUARMState {
>>          uint32_t c1_coproc; /* Coprocessor access register.  */
>>          uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
>>          uint32_t c1_scr; /* secure config register.  */
>> -        uint32_t c2_base0; /* MMU translation table base 0.  */
>> -        uint32_t c2_base0_hi; /* MMU translation table base 0, high 32 bits */
>> -        uint32_t c2_base1; /* MMU translation table base 0.  */
>> -        uint32_t c2_base1_hi; /* MMU translation table base 1, high 32 bits */
>> +        uint64_t ttbr0_el1; /* MMU translation table base 0. */
>> +        uint32_t ttbr1_el1; /* MMU translation table base 1. */
>>          uint64_t c2_control; /* MMU translation table base control.  */
>>          uint32_t c2_mask; /* MMU translation table base selection mask.  */
>>          uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
>> diff --git a/target-arm/helper.c b/target-arm/helper.c
>> index e2ae159..1f1dec1 100644
>> --- a/target-arm/helper.c
>> +++ b/target-arm/helper.c
>> @@ -1288,6 +1288,18 @@ static int vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>      return 0;
>>  }
>>
>> +static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>> +                             uint64_t value)
>> +{
>> +    /* 64 bit accesses to the TTBRs can change the ASID and so we
>> +     * must flush the TLB.
>> +     */
>> +    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
>> +        tlb_flush(env, 1);
>> +    }
>
> With the level of complexity this if has reached, is it better to just
> check for this ASID change rather than make this overly conservative
> flush?

Adding an "is the ASID the same" would make the check more complicated
again. Maybe we should do it but I'd rather keep that separate from the
"handle 64 bit formats" patches.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 18/24] target-arm: Implement AArch64 VBAR_EL1

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Implement the A64 view of the VBAR system register.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> ---
>  target-arm/cpu.h    | 2 +-
>  target-arm/helper.c | 9 ++++++++-
>  2 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index a7d6274..6f4d174 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -200,7 +200,7 @@ typedef struct CPUARMState {
>          uint32_t c9_pmuserenr; /* perf monitor user enable */
>          uint32_t c9_pminten; /* perf monitor interrupt enables */
>          uint64_t mair_el1;
> -        uint32_t c12_vbar; /* vector base address register */
> +        uint64_t c12_vbar; /* vector base address register */
>          uint32_t c13_fcse; /* FCSE PID.  */
>          uint32_t c13_context; /* Context ID.  */
>          uint64_t tpidr_el0; /* User RW Thread register.  */
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 5912b13..e2ae159 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -580,6 +580,12 @@ static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>  static int vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                        uint64_t value)
>  {
> +    /* Note that even though the AArch64 view of this register has bits
> +     * [10:0] all RES0 we can only mask the bottom 5, to comply with the
> +     * architectural requirements for bits which are RES0 only in some
> +     * contexts. (ARMv8 would permit us to do no masking at all, but ARMv7
> +     * requires the bottom five bits to be RAZ/WI because they're UNK/SBZP.)
> +     */
>      env->cp15.c12_vbar = value & ~0x1Ful;
>      return 0;
>  }
> @@ -669,7 +675,8 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
>        .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
>        .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
>        .resetvalue = 0, .writefn = pmintenclr_write, },
> -    { .name = "VBAR", .cp = 15, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
> +    { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
>        .access = PL1_RW, .writefn = vbar_write,
>        .fieldoffset = offsetof(CPUARMState, cp15.c12_vbar),
>        .resetvalue = 0 },
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 20/24] target-arm: Implement AArch64 MPIDR

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Implement the AArch64 MPIDR system register.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> ---
>  target-arm/helper.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 1f1dec1..ef74d10 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -1499,7 +1499,8 @@ static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
>  {
>      CPUState *cs = CPU(arm_env_get_cpu(env));
>      uint32_t mpidr = cs->cpu_index;
> -    /* We don't support setting cluster ID ([8..11])
> +    /* We don't support setting cluster ID ([8..11]) (known as Aff1
> +     * in later ARM ARM versions), or any of the higher affinity level fields,
>       * so these bits always RAZ.
>       */
>      if (arm_feature(env, ARM_FEATURE_V7MP)) {
> @@ -1515,7 +1516,8 @@ static int mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri,
>  }
>
>  static const ARMCPRegInfo mpidr_cp_reginfo[] = {
> -    { .name = "MPIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
> +    { .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
>        .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_MIGRATE },
>      REGINFO_SENTINEL
>  };
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 05/24] target-arm: Add exception level to the AArch64 TB flags

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> We already implicitly rely on the exception level being
> part of the TB flags for coprocessor access,

Maybe that's the issue? Why not just treat the exception level as
state like any other and generate the TCG to just check it at
execution time?

Regards,
Peter

 so actually
> include it. (This makes no difference for linux-user mode,
> which is always in EL0, but will be needed for correct
> operation in system emulation.)
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target-arm/cpu.h | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index 735f385..1aa4495 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -1051,7 +1051,9 @@ static inline int cpu_mmu_index (CPUARMState *env)
>  #define ARM_TBFLAG_BSWAP_CODE_SHIFT 16
>  #define ARM_TBFLAG_BSWAP_CODE_MASK  (1 << ARM_TBFLAG_BSWAP_CODE_SHIFT)
>
> -/* Bit usage when in AArch64 state: currently no bits defined */
> +/* Bit usage when in AArch64 state */
> +#define ARM_TBFLAG_AA64_EL_SHIFT    0
> +#define ARM_TBFLAG_AA64_EL_MASK     (0x3 << ARM_TBFLAG_AA64_EL_SHIFT)
>
>  /* some convenience accessor macros */
>  #define ARM_TBFLAG_AARCH64_STATE(F) \
> @@ -1070,13 +1072,16 @@ static inline int cpu_mmu_index (CPUARMState *env)
>      (((F) & ARM_TBFLAG_CONDEXEC_MASK) >> ARM_TBFLAG_CONDEXEC_SHIFT)
>  #define ARM_TBFLAG_BSWAP_CODE(F) \
>      (((F) & ARM_TBFLAG_BSWAP_CODE_MASK) >> ARM_TBFLAG_BSWAP_CODE_SHIFT)
> +#define ARM_TBFLAG_AA64_EL(F) \
> +    (((F) & ARM_TBFLAG_AA64_EL_MASK) >> ARM_TBFLAG_AA64_EL_SHIFT)
>
>  static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
>                                          target_ulong *cs_base, int *flags)
>  {
>      if (is_a64(env)) {
>          *pc = env->pc;
> -        *flags = ARM_TBFLAG_AARCH64_STATE_MASK;
> +        *flags = ARM_TBFLAG_AARCH64_STATE_MASK
> +            | arm_current_pl(env) << ARM_TBFLAG_AA64_EL_SHIFT;
>      } else {
>          int privmode;
>          *pc = env->regs[15];
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Make the cache ID system registers (CLIDR, CCSELR, CCSIDR, CTR)
> visible to AArch64. These are mostly simple 64-bit extensions of the
> existing 32 bit system registers and so can share reginfo definitions.
> CTR needs to have a split definition, but we can clean up the
> temporary user-mode implementation in favour of using the CPU-specified
> reset value, and implement the system-mode-required semantics of
> restricting its EL0 accessibility if SCTLR.UCT is not set.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  target-arm/cpu.c    |  2 ++
>  target-arm/cpu.h    |  2 +-
>  target-arm/cpu64.c  |  1 +
>  target-arm/helper.c | 33 +++++++++++++++++++++++----------
>  4 files changed, 27 insertions(+), 11 deletions(-)
>
> diff --git a/target-arm/cpu.c b/target-arm/cpu.c
> index c1e55c8..1e08802 100644
> --- a/target-arm/cpu.c
> +++ b/target-arm/cpu.c
> @@ -91,6 +91,8 @@ static void arm_cpu_reset(CPUState *s)
>          env->aarch64 = 1;
>  #if defined(CONFIG_USER_ONLY)
>          env->pstate = PSTATE_MODE_EL0t;
> +        /* Userspace expects access to CTL_EL0 */
> +        env->cp15.c1_sys |= SCTLR_UCT;
>  #else
>          env->pstate = PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F
>              | PSTATE_MODE_EL1h;
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index 1aa4495..1966a19 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -166,7 +166,7 @@ typedef struct CPUARMState {
>      /* System control coprocessor (cp15) */
>      struct {
>          uint32_t c0_cpuid;
> -        uint32_t c0_cssel; /* Cache size selection.  */
> +        uint64_t c0_cssel; /* Cache size selection.  */
>          uint32_t c1_sys; /* System control register.  */
>          uint32_t c1_coproc; /* Coprocessor access register.  */
>          uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> index a639c2e..8426bf1 100644
> --- a/target-arm/cpu64.c
> +++ b/target-arm/cpu64.c
> @@ -45,6 +45,7 @@ static void aarch64_any_initfn(Object *obj)
>      set_feature(&cpu->env, ARM_FEATURE_ARM_DIV);
>      set_feature(&cpu->env, ARM_FEATURE_V7MP);
>      set_feature(&cpu->env, ARM_FEATURE_AARCH64);
> +    cpu->ctr = 0x80030003; /* 32 byte I and D cacheline size, VIPT icache */
>  }
>  #endif
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 205e36a..204d7c3 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -676,9 +676,11 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
>      { .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
>        .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
>        .resetvalue = 0, },
> -    { .name = "CCSIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
> +    { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
>        .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
> -    { .name = "CSSELR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
> +    { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
> +      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
>        .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
>        .writefn = csselr_write, .resetvalue = 0 },
>      /* Auxiliary ID register: this actually has an IMPDEF value but for now
> @@ -1601,13 +1603,6 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
>      { .name = "FPSR", .state = ARM_CP_STATE_AA64,
>        .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
>        .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
> -    /* This claims a 32 byte cacheline size for icache and dcache, VIPT icache.
> -     * It will eventually need to have a CPU-specified reset value.
> -     */
> -    { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
> -      .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
> -      .access = PL0_R, .type = ARM_CP_CONST,
> -      .resetvalue = 0x80030003 },
>      /* Prohibit use of DC ZVA. OPTME: implement DC ZVA and allow its use.
>       * For system mode the DZP bit here will need to be computed, not constant.
>       */
> @@ -1627,6 +1622,20 @@ static int sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
>      return 0;
>  }
>
> +static int ctr_el0_read(CPUARMState *env, const ARMCPRegInfo *ri,
> +                        uint64_t *value)
> +{
> +    /* This register is constant, but only accessible in AArch64 EL0 if
> +     * SCTLR.UCT is set.
> +     */
> +    ARMCPU *cpu = arm_env_get_cpu(env);
> +    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCT)) {
> +        return EXCP_UDEF;
> +    }

There seem to be multiple instances in this series where you fallback
to open coded R/W accessor functions for the sake of access checks. Is
it better to define a bool check_access() fn hook in ARMCPRegInfo and
leave the actual write/read behaviour to the data driven mechanisms?
This may also minimise the need for raw_write hook usages as it serves
to isolate the actual state change into its own self contained
definition (whether open coded or not).

> +    *value = cpu->ctr;
> +    return 0;
> +}
> +
>  void register_cp_regs_for_features(ARMCPU *cpu)
>  {
>      /* Register all the coprocessor registers based on feature bits */
> @@ -1711,7 +1720,8 @@ void register_cp_regs_for_features(ARMCPU *cpu)
>              .raw_readfn = raw_read, .raw_writefn = raw_write,
>          };
>          ARMCPRegInfo clidr = {
> -            .name = "CLIDR", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
> +            .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
> +            .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
>              .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->clidr
>          };
>          define_one_arm_cp_reg(cpu, &pmcr);
> @@ -1790,6 +1800,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
>              { .name = "CTR",
>                .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
>                .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
> +            { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
> +              .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
> +              .access = PL0_R, .readfn = ctr_el0_read },

Then you can make this consisent with AA32 which simply hooks up the
.resetvalue to the desired magic number.

Regards,
Peter

>              { .name = "TCMTR",
>                .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
>                .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 10/24] target-arm: Implement AArch64 MIDR_EL1

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Implement the AArch64 view of the MIDR system register
> (for AArch64 it is a simple constant, unlike the complicated
> mess that TI925 imposes on the 32-bit view).
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> ---
>  target-arm/helper.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 9a15b48..51b71a4 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -1800,6 +1800,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
>                .writefn = arm_cp_write_ignore, .raw_writefn = raw_write,
>                .fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid),
>                .type = ARM_CP_OVERRIDE },
> +            { .name = "MIDR_EL1", .state = ARM_CP_STATE_AA64,
> +              .opc0 = 3, .opc1 = 0, .opc2 = 0, .crn = 0, .crm = 0,
> +              .access = PL1_R, .resetvalue = cpu->midr, .type = ARM_CP_CONST },
>              { .name = "CTR",
>                .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
>                .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 11/24] target-arm: Implement AArch64 DAIF system register

[Peter Crosthwaite]

On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Implement the DAIF system register which is a view of the
> DAIF bits in PSTATE.
>
> TODO: include support for the MSR_i encodings?
>

Isn't this already separately handled by the MSR_i implementation?

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Otherwise:

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

Regards,
Peter

> ---
>  target-arm/helper.c | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 51b71a4..f23b500 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -1590,6 +1590,27 @@ static int aa64_fpsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>      return 0;
>  }
>
> +static int aa64_daif_read(CPUARMState *env, const ARMCPRegInfo *ri,
> +                          uint64_t *value)
> +{
> +    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
> +        return EXCP_UDEF;
> +    }
> +    *value = pstate_read(env) & PSTATE_DAIF;
> +    return 0;
> +}
> +
> +static int aa64_daif_write(CPUARMState *env, const ARMCPRegInfo *ri,
> +                           uint64_t value)
> +{
> +    if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
> +        return EXCP_UDEF;
> +    }
> +    env->pstate &= ~PSTATE_DAIF;
> +    env->pstate |= (value & PSTATE_DAIF);
> +    return 0;
> +}
> +
>  static const ARMCPRegInfo v8_cp_reginfo[] = {
>      /* Minimal set of EL0-visible registers. This will need to be expanded
>       * significantly for system emulation of AArch64 CPUs.
> @@ -1597,6 +1618,10 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
>      { .name = "NZCV", .state = ARM_CP_STATE_AA64,
>        .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 2,
>        .access = PL0_RW, .type = ARM_CP_NZCV },
> +    { .name = "DAIF", .state = ARM_CP_STATE_AA64,
> +      .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 2,
> +      .access = PL0_RW, .type = ARM_CP_NO_MIGRATE,
> +      .readfn = aa64_daif_read, .writefn = aa64_daif_write },
>      { .name = "FPCR", .state = ARM_CP_STATE_AA64,
>        .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
>        .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
> --
> 1.8.5
>
>

Re: [Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Crosthwaite]

On Sat, Jan 25, 2014 at 10:09 AM, Peter Maydell
<peter.maydell@linaro.org> wrote:
> On 24 January 2014 23:44, Peter Crosthwaite
> <peter.crosthwaite@xilinx.com> wrote:
>> On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> Implement the AArch64 TTBR* registers. For v7 these were already 64 bits
>>> to handle LPAE, but implemented as two separate uint32_t fields.
>>> Combine them into a single uint64_t which can be used for all purposes.
>>> Since this requires touching every use, take the opportunity to rename
>>> the field to the architectural name.
>>>
>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>> ---
>>>  hw/arm/pxa2xx.c     |  2 +-
>>>  target-arm/cpu.h    |  6 ++--
>>>  target-arm/helper.c | 95 +++++++++++++++++------------------------------------
>>>  3 files changed, 33 insertions(+), 70 deletions(-)
>>>
>>> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
>>> index 02b7016..b6465d6 100644
>>> --- a/hw/arm/pxa2xx.c
>>> +++ b/hw/arm/pxa2xx.c
>>> @@ -279,7 +279,7 @@ static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>>              ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
>>>          s->cpu->env.cp15.c1_sys = 0;
>>>          s->cpu->env.cp15.c1_coproc = 0;
>>> -        s->cpu->env.cp15.c2_base0 = 0;
>>> +        s->cpu->env.cp15.ttbr0_el1 = 0;
>>>          s->cpu->env.cp15.c3 = 0;
>>>          s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
>>>          s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
>>> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
>>> index 6f4d174..7138882 100644
>>> --- a/target-arm/cpu.h
>>> +++ b/target-arm/cpu.h
>>> @@ -173,10 +173,8 @@ typedef struct CPUARMState {
>>>          uint32_t c1_coproc; /* Coprocessor access register.  */
>>>          uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
>>>          uint32_t c1_scr; /* secure config register.  */
>>> -        uint32_t c2_base0; /* MMU translation table base 0.  */
>>> -        uint32_t c2_base0_hi; /* MMU translation table base 0, high 32 bits */
>>> -        uint32_t c2_base1; /* MMU translation table base 0.  */
>>> -        uint32_t c2_base1_hi; /* MMU translation table base 1, high 32 bits */
>>> +        uint64_t ttbr0_el1; /* MMU translation table base 0. */
>>> +        uint32_t ttbr1_el1; /* MMU translation table base 1. */
>>>          uint64_t c2_control; /* MMU translation table base control.  */
>>>          uint32_t c2_mask; /* MMU translation table base selection mask.  */
>>>          uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
>>> diff --git a/target-arm/helper.c b/target-arm/helper.c
>>> index e2ae159..1f1dec1 100644
>>> --- a/target-arm/helper.c
>>> +++ b/target-arm/helper.c
>>> @@ -1288,6 +1288,18 @@ static int vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>>      return 0;
>>>  }
>>>
>>> +static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>> +                             uint64_t value)
>>> +{
>>> +    /* 64 bit accesses to the TTBRs can change the ASID and so we
>>> +     * must flush the TLB.
>>> +     */
>>> +    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
>>> +        tlb_flush(env, 1);
>>> +    }
>>
>> With the level of complexity this if has reached, is it better to just
>> check for this ASID change rather than make this overly conservative
>> flush?
>
> Adding an "is the ASID the same" would make the check more complicated
> again. Maybe we should do it but I'd rather keep that separate from the
> "handle 64 bit formats" patches.
>

Seems similar compexity to me. But I guess this preserves existing behaviour so:

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH 05/24] target-arm: Add exception level to the AArch64 TB flags

[Peter Maydell]

On 28 January 2014 01:28, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> We already implicitly rely on the exception level being
>> part of the TB flags for coprocessor access,
>
> Maybe that's the issue? Why not just treat the exception level as
> state like any other and generate the TCG to just check it at
> execution time?

That would be ferociously expensive, because "am I privileged
or not?" is baked into every single guest load or store.
Including privilege level in the tb flags is standard for
every target CPU we have.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Maydell]

On 28 January 2014 01:46, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> There seem to be multiple instances in this series where you fallback
> to open coded R/W accessor functions for the sake of access checks. Is
> it better to define a bool check_access() fn hook in ARMCPRegInfo and
> leave the actual write/read behaviour to the data driven mechanisms?
> This may also minimise the need for raw_write hook usages as it serves
> to isolate the actual state change into its own self contained
> definition (whether open coded or not).

Yes, I think it's probably going to be better to do that. We may need
to make it more than just bool, though since for AArch64 the
kind of exception can be different I think -- the specific syndrome
information can vary.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 11/24] target-arm: Implement AArch64 DAIF system register

[Peter Maydell]

On 28 January 2014 01:54, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> Implement the DAIF system register which is a view of the
>> DAIF bits in PSTATE.
>>
>> TODO: include support for the MSR_i encodings?
>>
>
> Isn't this already separately handled by the MSR_i implementation?

Yes, just a stray TODO I forgot to delete from the commit message.

>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>
> Otherwise:
>
> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

thanks
-- PMM

Re: [Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Maydell]

On 28 January 2014 02:07, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> On Sat, Jan 25, 2014 at 10:09 AM, Peter Maydell
> <peter.maydell@linaro.org> wrote:
>> On 24 January 2014 23:44, Peter Crosthwaite
>> <peter.crosthwaite@xilinx.com> wrote:
>>> On Wed, Jan 22, 2014 at 6:12 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>>>> +static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>>>> +                             uint64_t value)
>>>> +{
>>>> +    /* 64 bit accesses to the TTBRs can change the ASID and so we
>>>> +     * must flush the TLB.
>>>> +     */
>>>> +    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
>>>> +        tlb_flush(env, 1);
>>>> +    }
>>>
>>> With the level of complexity this if has reached, is it better to just
>>> check for this ASID change rather than make this overly conservative
>>> flush?
>>
>> Adding an "is the ASID the same" would make the check more complicated
>> again. Maybe we should do it but I'd rather keep that separate from the
>> "handle 64 bit formats" patches.
>>
>
> Seems similar compexity to me.

Well, you'd need all the checks we have here, plus another condition
for the ASID match:

  if (((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT))
       && (value & some_mask != old_value & some_mask)) {
        tlb_flush(env, 1);
   }

thanks
-- PMM

Re: [Qemu-devel] [PATCH 19/24] target-arm: Implement AArch64 TTBR*

[Peter Maydell]

On 24 January 2014 23:44, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
>> +static int vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
>> +                             uint64_t value)
>> +{
>> +    /* 64 bit accesses to the TTBRs can change the ASID and so we
>> +     * must flush the TLB.
>> +     */
>> +    if ((ri->state == ARM_CP_STATE_AA64) || (ri->type & ARM_CP_64BIT)) {
>> +        tlb_flush(env, 1);
>> +    }
>
> With the level of complexity this if has reached, is it better to just
> check for this ASID change rather than make this overly conservative
> flush?

I just did a test boot on an A15 guest (which uses the long TTBR
format) and in a Linux boot to the login prompt it did 9097
TTBR writes; just six of those involved no change to the ASID.
So it doesn't seem really worth making the check to me.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Crosthwaite]

On Tue, Jan 28, 2014 at 6:45 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 28 January 2014 01:46, Peter Crosthwaite
> <peter.crosthwaite@xilinx.com> wrote:
>> There seem to be multiple instances in this series where you fallback
>> to open coded R/W accessor functions for the sake of access checks. Is
>> it better to define a bool check_access() fn hook in ARMCPRegInfo and
>> leave the actual write/read behaviour to the data driven mechanisms?
>> This may also minimise the need for raw_write hook usages as it serves
>> to isolate the actual state change into its own self contained
>> definition (whether open coded or not).
>
> Yes, I think it's probably going to be better to do that. We may need
> to make it more than just bool, though since for AArch64 the
> kind of exception can be different I think -- the specific syndrome
> information can vary.
>

I guess then it's simplest to just return in same format as read/write
accessors.

Regards,
Peter

> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Maydell]

On 28 January 2014 14:05, Peter Crosthwaite
<peter.crosthwaite@xilinx.com> wrote:
> On Tue, Jan 28, 2014 at 6:45 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 28 January 2014 01:46, Peter Crosthwaite
>> <peter.crosthwaite@xilinx.com> wrote:
>>> There seem to be multiple instances in this series where you fallback
>>> to open coded R/W accessor functions for the sake of access checks. Is
>>> it better to define a bool check_access() fn hook in ARMCPRegInfo and
>>> leave the actual write/read behaviour to the data driven mechanisms?
>>> This may also minimise the need for raw_write hook usages as it serves
>>> to isolate the actual state change into its own self contained
>>> definition (whether open coded or not).
>>
>> Yes, I think it's probably going to be better to do that. We may need
>> to make it more than just bool, though since for AArch64 the
>> kind of exception can be different I think -- the specific syndrome
>> information can vary.
>>
>
> I guess then it's simplest to just return in same format as read/write
> accessors.

Well, AArch64 means we also can't just return EXCP_UDEF or 0,
but ideally return at least some syndrome information.
I haven't quite figured out the nicest way to do this yet.
My current work in progress has:
 * retain all the AArch32 EXCP_* classes as values for
   env->exception_index
 * whenever we generate an exception, also set up syndrome
   register information in the cpu state struct; the
   syndrome register high 6 bits happen to contain a category
   code, but we don't map this to an env->exception_index

So for AArch64, access functions need to be able to return one
of three things:
 (1) no exception, ie access OK
 (2) exception which in UNDEF if taken to AArch32, or
     a synchronous exception with ESR_ELx.EC = 0 ("uncategorized")
     if taken to AArch64
 (3) exception which is UNDEF if taken to AArch32, or a
     synchronous exception with ESR_ELx.EC == 0x3/4/5/6/C/18
     if taken to AArch64 (exact category depends on the
     insn used to access the register, and ESR_ELx
     includes all the opc1/2/crn/crm fields from the insn)
     -- this generally is used for "access failed because of
     a configurable trap or enable bit"

so we need to at least return a three-way "ok/disabled/undef"
code. I think actually most if not all of our current access
checks done in read/write fns should be type (2), but I don't
want to leave us stuck if we find one that needs to be type
(1) now or in the future. Failures due to the ri->access
permissions are always type (1).

We could return a complete EXCP_* value plus syndrome,
but that seems like overkill especially since the calling
code has most of the info needed for putting the syndrome
together properly. So I think:

typedef enum CPAccessResult {
    /* Access is permitted */
    CP_ACCESS_OK = 0,
    /* Access fails due to a configurable trap or enable which would
     * result in an exception syndrome other than 'uncategorized'
     */
    CP_ACCESS_TRAP = 1,
    /* Access fails and should result in an exception syndrome of
     * 'uncategorized'
     */
    CP_ACCESS_TRAP = 2,
} CPAccessResult;

typedef CPAccessResult CPAccessFn(CPUARMState *env,
                                  const ARMCPRegInfo *opaque);

and an entry in ARMCPRegInfo:
    /* Function for checking access permissions for the register
     * which should be done in addition to those specified by
     * the access field. If NULL, no extra checks required.
     */
    CPAccessFn accessfn;

and CPReadFn and CPWriteFn both go from 'int' return to
'void' return.

(Anybody got a better name than CPAccessResult for the enum type?)

thanks
-- PMM

Re: [Qemu-devel] [PATCH 07/24] target-arm: A64: Make cache ID registers visible to AArch64

[Peter Maydell]

On 28 January 2014 18:12, Peter Maydell <peter.maydell@linaro.org> wrote:
> typedef enum CPAccessResult {
>     /* Access is permitted */
>     CP_ACCESS_OK = 0,
>     /* Access fails due to a configurable trap or enable which would
>      * result in an exception syndrome other than 'uncategorized'
>      */
>     CP_ACCESS_TRAP = 1,
>     /* Access fails and should result in an exception syndrome of
>      * 'uncategorized'
>      */
>     CP_ACCESS_TRAP = 2,
> } CPAccessResult;

The =2 case should be some other name, of course. I'd rather
not use the obvious "CP_ACCESS_UNCATEGORIZED" because that
implies "use this if you don't know", when actually the set of
things which cause Uncategorized exceptions is a specific list,
and it's the 'due to a configurable trap' case which is defined
as "all those which aren't defined to cause an Uncategorized
exception". On the other hand I can't come up with a better
name right now...

thanks
-- PMM