* [Qemu-devel] [PATCH v2 1/8] target-arm: Add HPFAR_EL2
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 2/8] target-arm: Add computation of starting level for S2 PTW Edgar E. Iglesias
` (7 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/cpu.h | 1 +
target-arm/helper.c | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index cc1578c..895f2c2 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -278,6 +278,7 @@ typedef struct CPUARMState {
};
uint64_t far_el[4];
};
+ uint64_t hpfar_el2;
union { /* Translation result. */
struct {
uint64_t _unused_par_0;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 8367997..5a5e5f0 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3223,6 +3223,10 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
{ .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 1,
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "HPFAR_EL2", .state = ARM_CP_STATE_BOTH,
+ .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
+ .access = PL2_RW, .accessfn = access_el3_aa32ns_aa64any,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -3444,6 +3448,14 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
.resetvalue = 0,
.writefn = gt_hyp_ctl_write, .raw_writefn = raw_write },
#endif
+ { .name = "HPFAR", .state = ARM_CP_STATE_AA32,
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
+ .access = PL2_RW, .accessfn = access_el3_aa32ns,
+ .fieldoffset = offsetof(CPUARMState, cp15.hpfar_el2) },
+ { .name = "HPFAR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
+ .access = PL2_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.hpfar_el2) },
REGINFO_SENTINEL
};
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 2/8] target-arm: Add computation of starting level for S2 PTW
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 1/8] target-arm: Add HPFAR_EL2 Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 3/8] target-arm: Add support for S2 page-table protection bits Edgar E. Iglesias
` (6 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
The starting level for S2 pagetable walks is computed
differently from the S1 starting level. Implement the S2
variant.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 35 +++++++++++++++++++++++------------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5a5e5f0..16a0701 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -6549,18 +6549,29 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
goto do_fault;
}
- /* The starting level depends on the virtual address size (which can be
- * up to 48 bits) and the translation granule size. It indicates the number
- * of strides (granule_sz bits at a time) needed to consume the bits
- * of the input address. In the pseudocode this is:
- * level = 4 - RoundUp((inputsize - grainsize) / stride)
- * where their 'inputsize' is our 'va_size - tsz', 'grainsize' is
- * our 'granule_sz + 3' and 'stride' is our 'granule_sz'.
- * Applying the usual "rounded up m/n is (m+n-1)/n" and simplifying:
- * = 4 - (va_size - tsz - granule_sz - 3 + granule_sz - 1) / granule_sz
- * = 4 - (va_size - tsz - 4) / granule_sz;
- */
- level = 4 - (va_size - tsz - 4) / granule_sz;
+ if (mmu_idx != ARMMMUIdx_S2NS) {
+ /* The starting level depends on the virtual address size (which can
+ * be up to 48 bits) and the translation granule size. It indicates
+ * the number of strides (granule_sz bits at a time) needed to
+ * consume the bits of the input address. In the pseudocode this is:
+ * level = 4 - RoundUp((inputsize - grainsize) / stride)
+ * where their 'inputsize' is our 'va_size - tsz', 'grainsize' is
+ * our 'granule_sz + 3' and 'stride' is our 'granule_sz'.
+ * Applying the usual "rounded up m/n is (m+n-1)/n" and simplifying:
+ * = 4 - (va_size - tsz - granule_sz - 3 + granule_sz - 1) / granule_sz
+ * = 4 - (va_size - tsz - 4) / granule_sz;
+ */
+ level = 4 - (va_size - tsz - 4) / granule_sz;
+ } else {
+ unsigned int startlevel = extract32(tcr->raw_tcr, 6, 2);
+ if (granule_sz == 9) {
+ /* 4K pages */
+ level = 2 - startlevel;
+ } else {
+ /* 16K or 64K pages */
+ level = 3 - startlevel;
+ }
+ }
/* Clear the vaddr bits which aren't part of the within-region address,
* so that we don't have to special case things when calculating the
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 3/8] target-arm: Add support for S2 page-table protection bits
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 1/8] target-arm: Add HPFAR_EL2 Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 2/8] target-arm: Add computation of starting level for S2 PTW Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 4/8] target-arm: Avoid inline for get_phys_addr Edgar E. Iglesias
` (5 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 41 +++++++++++++++++++++++++++++++++++++----
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 16a0701..2701788 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -6015,6 +6015,28 @@ simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
return simple_ap_to_rw_prot_is_user(ap, regime_is_user(env, mmu_idx));
}
+/* Translate S2 section/page access permissions to protection flags
+ *
+ * @env: CPUARMState
+ * @s2ap: The 2-bit stage2 access permissions (S2AP)
+ * @xn: XN (execute-never) bit
+ */
+static int get_S2prot(CPUARMState *env, int s2ap, int xn)
+{
+ int prot = 0;
+
+ if (s2ap & 1) {
+ prot |= PAGE_READ;
+ }
+ if (s2ap & 2) {
+ prot |= PAGE_WRITE;
+ }
+ if (!xn) {
+ prot |= PAGE_EXEC;
+ }
+ return prot;
+}
+
/* Translate section/page access permissions to protection flags
*
* @env: CPUARMState
@@ -6624,9 +6646,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
*/
page_size = (1ULL << ((granule_sz * (4 - level)) + 3));
descaddr |= (address & (page_size - 1));
- /* Extract attributes from the descriptor and merge with table attrs */
+ /* Extract attributes from the descriptor */
attrs = extract64(descriptor, 2, 10)
| (extract64(descriptor, 52, 12) << 10);
+
+ if (mmu_idx == ARMMMUIdx_S2NS) {
+ /* Stage 2 table descriptors do not include any attribute fields */
+ break;
+ }
+ /* Merge in attributes from table descriptors */
attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
/* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
@@ -6648,11 +6676,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
}
ap = extract32(attrs, 4, 2);
- ns = extract32(attrs, 3, 1);
xn = extract32(attrs, 12, 1);
- pxn = extract32(attrs, 11, 1);
- *prot = get_S1prot(env, mmu_idx, va_size == 64, ap, ns, xn, pxn);
+ if (mmu_idx == ARMMMUIdx_S2NS) {
+ ns = true;
+ *prot = get_S2prot(env, ap, xn);
+ } else {
+ ns = extract32(attrs, 3, 1);
+ pxn = extract32(attrs, 11, 1);
+ *prot = get_S1prot(env, mmu_idx, va_size == 64, ap, ns, xn, pxn);
+ }
fault_type = permission_fault;
if (!(*prot & (1 << access_type))) {
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 4/8] target-arm: Avoid inline for get_phys_addr
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (2 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 3/8] target-arm: Add support for S2 page-table protection bits Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 5/8] target-arm: Add ARMMMUFaultInfo Edgar E. Iglesias
` (4 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Avoid inline for get_phys_addr() to prepare for future recursive use.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 2701788..51b0e61 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -15,10 +15,10 @@
#define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
#ifndef CONFIG_USER_ONLY
-static inline bool get_phys_addr(CPUARMState *env, target_ulong address,
- int access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr);
+static bool get_phys_addr(CPUARMState *env, target_ulong address,
+ int access_type, ARMMMUIdx mmu_idx,
+ hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
+ target_ulong *page_size, uint32_t *fsr);
/* Definitions for the PMCCNTR and PMCR registers */
#define PMCRD 0x8
@@ -6968,10 +6968,10 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
* @page_size: set to the size of the page containing phys_ptr
* @fsr: set to the DFSR/IFSR value on failure
*/
-static inline bool get_phys_addr(CPUARMState *env, target_ulong address,
- int access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr)
+static bool get_phys_addr(CPUARMState *env, target_ulong address,
+ int access_type, ARMMMUIdx mmu_idx,
+ hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
+ target_ulong *page_size, uint32_t *fsr)
{
if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
/* TODO: when we support EL2 we should here call ourselves recursively
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 5/8] target-arm: Add ARMMMUFaultInfo
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (3 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 4/8] target-arm: Avoid inline for get_phys_addr Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-03 2:10 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 6/8] target-arm: Add S2 translation support for S1 PTW Edgar E. Iglesias
` (3 subsequent siblings)
8 siblings, 1 reply; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Introduce ARMMMUFaultInfo to propagate MMU Fault information
across the MMU translation code path. This is in preparation for
adding State-2 translation.
No functional changes.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 22 ++++++++++++++--------
target-arm/internals.h | 11 ++++++++++-
target-arm/op_helper.c | 3 ++-
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 51b0e61..7f66e3c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -18,7 +18,8 @@
static bool get_phys_addr(CPUARMState *env, target_ulong address,
int access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr);
+ target_ulong *page_size, uint32_t *fsr,
+ ARMMMUFaultInfo *fi);
/* Definitions for the PMCCNTR and PMCR registers */
#define PMCRD 0x8
@@ -1774,9 +1775,10 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
bool ret;
uint64_t par64;
MemTxAttrs attrs = {};
+ ARMMMUFaultInfo fi = {};
ret = get_phys_addr(env, value, access_type, mmu_idx,
- &phys_addr, &attrs, &prot, &page_size, &fsr);
+ &phys_addr, &attrs, &prot, &page_size, &fsr, &fi);
if (extended_addresses_enabled(env)) {
/* fsr is a DFSR/IFSR value for the long descriptor
* translation table format, but with WnR always clear.
@@ -6431,7 +6433,8 @@ typedef enum {
static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
int access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr, uint32_t *fsr)
+ target_ulong *page_size_ptr, uint32_t *fsr,
+ ARMMMUFaultInfo *fi)
{
CPUState *cs = CPU(arm_env_get_cpu(env));
/* Read an LPAE long-descriptor translation table. */
@@ -6971,7 +6974,8 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
static bool get_phys_addr(CPUARMState *env, target_ulong address,
int access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr)
+ target_ulong *page_size, uint32_t *fsr,
+ ARMMMUFaultInfo *fi)
{
if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
/* TODO: when we support EL2 we should here call ourselves recursively
@@ -7030,7 +7034,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
if (regime_using_lpae_format(env, mmu_idx)) {
return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr,
- attrs, prot, page_size, fsr);
+ attrs, prot, page_size, fsr, fi);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr,
attrs, prot, page_size, fsr);
@@ -7045,7 +7049,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
* fsr with ARM DFSR/IFSR fault register format value on failure.
*/
bool arm_tlb_fill(CPUState *cs, vaddr address,
- int access_type, int mmu_idx, uint32_t *fsr)
+ int access_type, int mmu_idx, uint32_t *fsr,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
@@ -7056,7 +7061,7 @@ bool arm_tlb_fill(CPUState *cs, vaddr address,
MemTxAttrs attrs = {};
ret = get_phys_addr(env, address, access_type, mmu_idx, &phys_addr,
- &attrs, &prot, &page_size, fsr);
+ &attrs, &prot, &page_size, fsr, fi);
if (!ret) {
/* Map a single [sub]page. */
phys_addr &= TARGET_PAGE_MASK;
@@ -7079,9 +7084,10 @@ hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
bool ret;
uint32_t fsr;
MemTxAttrs attrs = {};
+ ARMMMUFaultInfo fi = {};
ret = get_phys_addr(env, addr, 0, cpu_mmu_index(env, false), &phys_addr,
- &attrs, &prot, &page_size, &fsr);
+ &attrs, &prot, &page_size, &fsr, &fi);
if (ret) {
return -1;
diff --git a/target-arm/internals.h b/target-arm/internals.h
index 36a56aa..6157a41 100644
--- a/target-arm/internals.h
+++ b/target-arm/internals.h
@@ -389,8 +389,17 @@ bool arm_is_psci_call(ARMCPU *cpu, int excp_type);
void arm_handle_psci_call(ARMCPU *cpu);
#endif
+typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
+
+struct ARMMMUFaultInfo {
+ target_ulong s2addr; /* Address that caused a fault at stage 2. */
+ bool stage2; /* True if we faulted at stage 2. */
+ bool s1ptw; /* True if we faulted at stage 2 while doing a
+ * stage 1 page table walk. */
+};
+
/* Do a page table walk and add page to TLB if possible */
bool arm_tlb_fill(CPUState *cpu, vaddr address, int rw, int mmu_idx,
- uint32_t *fsr);
+ uint32_t *fsr, ARMMMUFaultInfo *fi);
#endif
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 1425a1d..7ff3c61 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -83,8 +83,9 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
{
bool ret;
uint32_t fsr = 0;
+ struct ARMMMUFaultInfo fi = {0};
- ret = arm_tlb_fill(cs, addr, is_write, mmu_idx, &fsr);
+ ret = arm_tlb_fill(cs, addr, is_write, mmu_idx, &fsr, &fi);
if (unlikely(ret)) {
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [Qemu-devel] [PATCH v2 5/8] target-arm: Add ARMMMUFaultInfo
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 5/8] target-arm: Add ARMMMUFaultInfo Edgar E. Iglesias
@ 2015-10-03 2:10 ` Edgar E. Iglesias
0 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-03 2:10 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
On Thu, Oct 01, 2015 at 05:49:25PM -0700, Edgar E. Iglesias wrote:
> From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
>
> Introduce ARMMMUFaultInfo to propagate MMU Fault information
> across the MMU translation code path. This is in preparation for
> adding State-2 translation.
>
> No functional changes.
>
> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
> ---
> target-arm/helper.c | 22 ++++++++++++++--------
> target-arm/internals.h | 11 ++++++++++-
> target-arm/op_helper.c | 3 ++-
> 3 files changed, 26 insertions(+), 10 deletions(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 51b0e61..7f66e3c 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -18,7 +18,8 @@
> static bool get_phys_addr(CPUARMState *env, target_ulong address,
> int access_type, ARMMMUIdx mmu_idx,
> hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
> - target_ulong *page_size, uint32_t *fsr);
> + target_ulong *page_size, uint32_t *fsr,
> + ARMMMUFaultInfo *fi);
>
> /* Definitions for the PMCCNTR and PMCR registers */
> #define PMCRD 0x8
> @@ -1774,9 +1775,10 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
> bool ret;
> uint64_t par64;
> MemTxAttrs attrs = {};
> + ARMMMUFaultInfo fi = {};
>
> ret = get_phys_addr(env, value, access_type, mmu_idx,
> - &phys_addr, &attrs, &prot, &page_size, &fsr);
> + &phys_addr, &attrs, &prot, &page_size, &fsr, &fi);
> if (extended_addresses_enabled(env)) {
> /* fsr is a DFSR/IFSR value for the long descriptor
> * translation table format, but with WnR always clear.
> @@ -6431,7 +6433,8 @@ typedef enum {
> static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
> int access_type, ARMMMUIdx mmu_idx,
> hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
> - target_ulong *page_size_ptr, uint32_t *fsr)
> + target_ulong *page_size_ptr, uint32_t *fsr,
> + ARMMMUFaultInfo *fi)
> {
> CPUState *cs = CPU(arm_env_get_cpu(env));
> /* Read an LPAE long-descriptor translation table. */
> @@ -6971,7 +6974,8 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
> static bool get_phys_addr(CPUARMState *env, target_ulong address,
> int access_type, ARMMMUIdx mmu_idx,
> hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
> - target_ulong *page_size, uint32_t *fsr)
> + target_ulong *page_size, uint32_t *fsr,
> + ARMMMUFaultInfo *fi)
> {
> if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
> /* TODO: when we support EL2 we should here call ourselves recursively
> @@ -7030,7 +7034,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
>
> if (regime_using_lpae_format(env, mmu_idx)) {
> return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr,
> - attrs, prot, page_size, fsr);
> + attrs, prot, page_size, fsr, fi);
> } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
> return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr,
> attrs, prot, page_size, fsr);
> @@ -7045,7 +7049,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
> * fsr with ARM DFSR/IFSR fault register format value on failure.
> */
> bool arm_tlb_fill(CPUState *cs, vaddr address,
> - int access_type, int mmu_idx, uint32_t *fsr)
> + int access_type, int mmu_idx, uint32_t *fsr,
> + ARMMMUFaultInfo *fi)
> {
> ARMCPU *cpu = ARM_CPU(cs);
> CPUARMState *env = &cpu->env;
> @@ -7056,7 +7061,7 @@ bool arm_tlb_fill(CPUState *cs, vaddr address,
> MemTxAttrs attrs = {};
>
> ret = get_phys_addr(env, address, access_type, mmu_idx, &phys_addr,
> - &attrs, &prot, &page_size, fsr);
> + &attrs, &prot, &page_size, fsr, fi);
> if (!ret) {
> /* Map a single [sub]page. */
> phys_addr &= TARGET_PAGE_MASK;
> @@ -7079,9 +7084,10 @@ hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
> bool ret;
> uint32_t fsr;
> MemTxAttrs attrs = {};
> + ARMMMUFaultInfo fi = {};
>
> ret = get_phys_addr(env, addr, 0, cpu_mmu_index(env, false), &phys_addr,
> - &attrs, &prot, &page_size, &fsr);
> + &attrs, &prot, &page_size, &fsr, &fi);
>
> if (ret) {
> return -1;
> diff --git a/target-arm/internals.h b/target-arm/internals.h
> index 36a56aa..6157a41 100644
> --- a/target-arm/internals.h
> +++ b/target-arm/internals.h
> @@ -389,8 +389,17 @@ bool arm_is_psci_call(ARMCPU *cpu, int excp_type);
> void arm_handle_psci_call(ARMCPU *cpu);
> #endif
>
> +typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
> +
> +struct ARMMMUFaultInfo {
> + target_ulong s2addr; /* Address that caused a fault at stage 2. */
> + bool stage2; /* True if we faulted at stage 2. */
> + bool s1ptw; /* True if we faulted at stage 2 while doing a
> + * stage 1 page table walk. */
> +};
Hi,
I've changed the struct docs to the following for v3:
/**
* ARMMMUFaultInfo: Information describing an ARM MMU Fault
* @s2addr: Address that caused a fault at stage 2
* @stage2: True if we faulted at stage 2
* @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk
*/
typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
struct ARMMMUFaultInfo {
target_ulong s2addr;
bool stage2;
bool s1ptw;
};
Best regards,
Edgar
> +
> /* Do a page table walk and add page to TLB if possible */
> bool arm_tlb_fill(CPUState *cpu, vaddr address, int rw, int mmu_idx,
> - uint32_t *fsr);
> + uint32_t *fsr, ARMMMUFaultInfo *fi);
>
> #endif
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index 1425a1d..7ff3c61 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -83,8 +83,9 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
> {
> bool ret;
> uint32_t fsr = 0;
> + struct ARMMMUFaultInfo fi = {0};
>
> - ret = arm_tlb_fill(cs, addr, is_write, mmu_idx, &fsr);
> + ret = arm_tlb_fill(cs, addr, is_write, mmu_idx, &fsr, &fi);
> if (unlikely(ret)) {
> ARMCPU *cpu = ARM_CPU(cs);
> CPUARMState *env = &cpu->env;
> --
> 1.9.1
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Qemu-devel] [PATCH v2 6/8] target-arm: Add S2 translation support for S1 PTW
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (4 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 5/8] target-arm: Add ARMMMUFaultInfo Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 7/8] target-arm: Route S2 MMU faults to EL2 Edgar E. Iglesias
` (2 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Add support for applying S2 translation to S1 page-table walks.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
target-arm/op_helper.c | 4 ++--
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 7f66e3c..2d1532a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -21,6 +21,12 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
target_ulong *page_size, uint32_t *fsr,
ARMMMUFaultInfo *fi);
+static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
+ int access_type, ARMMMUIdx mmu_idx,
+ hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
+ target_ulong *page_size_ptr, uint32_t *fsr,
+ ARMMMUFaultInfo *fi);
+
/* Definitions for the PMCCNTR and PMCR registers */
#define PMCRD 0x8
#define PMCRC 0x4
@@ -6143,6 +6149,32 @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
return true;
}
+/* Translate a S1 pagetable walk through S2 if needed. */
+static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
+ hwaddr addr, MemTxAttrs txattrs,
+ uint32_t *fsr,
+ ARMMMUFaultInfo *fi)
+{
+ if ((mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1) &&
+ !regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
+ target_ulong s2size;
+ hwaddr s2pa;
+ int s2prot;
+ int ret;
+
+ ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
+ &txattrs, &s2prot, &s2size, fsr, fi);
+ if (ret) {
+ fi->s2addr = addr;
+ fi->stage2 = true;
+ fi->s1ptw = true;
+ return ~0;
+ }
+ addr = s2pa;
+ }
+ return addr;
+}
+
/* All loads done in the course of a page table walk go through here.
* TODO: rather than ignoring errors from physical memory reads (which
* are external aborts in ARM terminology) we should propagate this
@@ -6158,11 +6190,19 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure)
return address_space_ldl(cs->as, addr, attrs, NULL);
}
-static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure)
+static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
+ ARMMMUIdx mmu_idx, uint32_t *fsr,
+ ARMMMUFaultInfo *fi)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
MemTxAttrs attrs = {};
attrs.secure = is_secure;
+ addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi);
+ if (fi->s1ptw) {
+ return 0;
+ }
return address_space_ldq(cs->as, addr, attrs, NULL);
}
@@ -6625,7 +6665,11 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
descaddr |= (address >> (granule_sz * (4 - level))) & descmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(cs, descaddr, !nstable);
+ descriptor = arm_ldq_ptw(cs, descaddr, !nstable, mmu_idx, fsr, fi);
+ if (fi->s1ptw) {
+ goto do_fault;
+ }
+
if (!(descriptor & 1) ||
(!(descriptor & 2) && (level == 3))) {
/* Invalid, or the Reserved level 3 encoding */
@@ -6709,6 +6753,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
do_fault:
/* Long-descriptor format IFSR/DFSR value */
*fsr = (1 << 9) | (fault_type << 2) | level;
+ /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
+ fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_S2NS);
return true;
}
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 7ff3c61..d4715f4 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -104,10 +104,10 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
* information; this is always true for exceptions reported to EL1.
*/
if (is_write == 2) {
- syn = syn_insn_abort(same_el, 0, 0, syn);
+ syn = syn_insn_abort(same_el, 0, fi.s1ptw, syn);
exc = EXCP_PREFETCH_ABORT;
} else {
- syn = syn_data_abort(same_el, 0, 0, 0, is_write == 1, syn);
+ syn = syn_data_abort(same_el, 0, 0, fi.s1ptw, is_write == 1, syn);
if (is_write == 1 && arm_feature(env, ARM_FEATURE_V6)) {
fsr |= (1 << 11);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 7/8] target-arm: Route S2 MMU faults to EL2
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (5 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 6/8] target-arm: Add S2 translation support for S1 PTW Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 8/8] target-arm: Add support for S1 + S2 MMU translations Edgar E. Iglesias
2015-10-03 21:11 ` [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/op_helper.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index d4715f4..2ccd1c9 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -90,13 +90,19 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
uint32_t syn, exc;
- bool same_el = (arm_current_el(env) != 0);
+ unsigned int target_el;
+ bool same_el;
if (retaddr) {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
}
+ target_el = exception_target_el(env);
+ if (fi.stage2) {
+ target_el = 2;
+ }
+ same_el = arm_current_el(env) == target_el;
/* AArch64 syndrome does not have an LPAE bit */
syn = fsr & ~(1 << 9);
@@ -116,7 +122,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
env->exception.vaddress = addr;
env->exception.fsr = fsr;
- raise_exception(env, exc, syn, exception_target_el(env));
+ raise_exception(env, exc, syn, target_el);
}
}
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [Qemu-devel] [PATCH v2 8/8] target-arm: Add support for S1 + S2 MMU translations
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (6 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 7/8] target-arm: Route S2 MMU faults to EL2 Edgar E. Iglesias
@ 2015-10-02 0:49 ` Edgar E. Iglesias
2015-10-03 21:11 ` [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-02 0:49 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
target-arm/helper.c | 44 +++++++++++++++++++++++++++++++++++++-------
1 file changed, 37 insertions(+), 7 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 2d1532a..113d6f3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -7024,14 +7024,44 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
ARMMMUFaultInfo *fi)
{
if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
- /* TODO: when we support EL2 we should here call ourselves recursively
- * to do the stage 1 and then stage 2 translations. The arm_ld*_ptw
- * functions will also need changing to perform ARMMMUIdx_S2NS loads
- * rather than direct physical memory loads when appropriate.
- * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
+ /* Call ourselves recursively to do the stage 1 and then stage 2
+ * translations.
*/
- assert(!arm_feature(env, ARM_FEATURE_EL2));
- mmu_idx += ARMMMUIdx_S1NSE0;
+ if (arm_feature(env, ARM_FEATURE_EL2)) {
+ hwaddr ipa;
+ int s2_prot;
+ int ret;
+
+ ret = get_phys_addr(env, address, access_type,
+ mmu_idx + ARMMMUIdx_S1NSE0, &ipa, attrs,
+ prot, page_size, fsr, fi);
+
+ /* If S1 fails or S2 is disabled, return early. */
+ if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
+ if (ret && fi->stage2) {
+ /* This is a S2 error while doing S1 PTW. */
+ env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4;
+ }
+ *phys_ptr = ipa;
+ return ret;
+ }
+
+ /* S1 is done. Now do S2 translation. */
+ ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS,
+ phys_ptr, attrs, &s2_prot,
+ page_size, fsr, fi);
+ if (ret) {
+ env->cp15.hpfar_el2 = extract64(ipa, 12, 47) << 4;
+ }
+ /* Combine the S1 and S2 perms. */
+ *prot &= s2_prot;
+ return ret;
+ } else {
+ /*
+ * For non-EL2 CPUs a stage1+stage2 translation is just stage 1.
+ */
+ mmu_idx += ARMMMUIdx_S1NSE0;
+ }
}
/* The page table entries may downgrade secure to non-secure, but
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5
2015-10-02 0:49 [Qemu-devel] [PATCH v2 0/8] arm: Steps towards EL2 support round 5 Edgar E. Iglesias
` (7 preceding siblings ...)
2015-10-02 0:49 ` [Qemu-devel] [PATCH v2 8/8] target-arm: Add support for S1 + S2 MMU translations Edgar E. Iglesias
@ 2015-10-03 21:11 ` Edgar E. Iglesias
8 siblings, 0 replies; 11+ messages in thread
From: Edgar E. Iglesias @ 2015-10-03 21:11 UTC (permalink / raw)
To: qemu-devel, peter.maydell; +Cc: edgar.iglesias, serge.fdrv, alex.bennee, agraf
On Thu, Oct 01, 2015 at 05:49:20PM -0700, Edgar E. Iglesias wrote:
> From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
>
> Hi,
>
> Another round of patches towards EL2 support. This one adds partial
> support for 2-stage MMU for AArch64. I've marked it RFC because I
> expect a few iterations. Once we can settle on the approach I'll
> add the AArch32 support (changes for arm_ldl_ptw etc). I've probably
> missed alot of details aswell.
>
> Some of the details of error reporting are intentionally missing, I
> was thinking to add those incrementally as they get quite involved
> (e.g the register target and memory access size).
>
> Some of the patches at the start of the series might be good already,
> please pick them up if you agree Peter!
>
> Comments welcome!
Please ignore this v2, I'll be sending a v3 shortly...
Cheers,
Edgar
>
> Best regards,
> Edgar
>
> v1 -> v2:
> * Fix HPFAR_EL2 access checks
> * Prettify computation of starting level for S2 PTW
> * Improve description of ap argument to get_S2prot
> * Fix EXEC protection in get_S2prot
> * Improve comments on S2 PTW attribute extraction
>
> Edgar E. Iglesias (8):
> target-arm: Add HPFAR_EL2
> target-arm: Add computation of starting level for S2 PTW
> target-arm: Add support for S2 page-table protection bits
> target-arm: Avoid inline for get_phys_addr
> target-arm: Add ARMMMUFaultInfo
> target-arm: Add S2 translation support for S1 PTW
> target-arm: Route S2 MMU faults to EL2
> target-arm: Add support for S1 + S2 MMU translations
>
> target-arm/cpu.h | 1 +
> target-arm/helper.c | 216 ++++++++++++++++++++++++++++++++++++++++---------
> target-arm/internals.h | 11 ++-
> target-arm/op_helper.c | 17 ++--
> 4 files changed, 200 insertions(+), 45 deletions(-)
>
> --
> 1.9.1
>
^ permalink raw reply [flat|nested] 11+ messages in thread