From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 24/43] target/arm: Implement TT instruction
Date: Wed, 13 Dec 2017 18:12:22 +0000 [thread overview]
Message-ID: <1513188761-20784-25-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1513188761-20784-1-git-send-email-peter.maydell@linaro.org>
Implement the TT instruction which queries the security
state and access permissions of a memory location.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-8-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.h | 2 +
target/arm/helper.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/translate.c | 29 ++++++++++++-
3 files changed, 138 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 439d228..066729e 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -66,6 +66,8 @@ DEF_HELPER_2(v7m_mrs, i32, env, i32)
DEF_HELPER_2(v7m_bxns, void, env, i32)
DEF_HELPER_2(v7m_blxns, void, env, i32)
+DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
+
DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
DEF_HELPER_2(get_cp_reg, i32, env, ptr)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9e7eaa1..6140e84 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5947,6 +5947,28 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
g_assert_not_reached();
}
+uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
+{
+ /* The TT instructions can be used by unprivileged code, but in
+ * user-only emulation we don't have the MPU.
+ * Luckily since we know we are NonSecure unprivileged (and that in
+ * turn means that the A flag wasn't specified), all the bits in the
+ * register must be zero:
+ * IREGION: 0 because IRVALID is 0
+ * IRVALID: 0 because NS
+ * S: 0 because NS
+ * NSRW: 0 because NS
+ * NSR: 0 because NS
+ * RW: 0 because unpriv and A flag not set
+ * R: 0 because unpriv and A flag not set
+ * SRVALID: 0 because NS
+ * MRVALID: 0 because unpriv and A flag not set
+ * SREGION: 0 becaus SRVALID is 0
+ * MREGION: 0 because MRVALID is 0
+ */
+ return 0;
+}
+
void switch_mode(CPUARMState *env, int mode)
{
ARMCPU *cpu = arm_env_get_cpu(env);
@@ -10140,6 +10162,92 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
}
}
+uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
+{
+ /* Implement the TT instruction. op is bits [7:6] of the insn. */
+ bool forceunpriv = op & 1;
+ bool alt = op & 2;
+ V8M_SAttributes sattrs = {};
+ uint32_t tt_resp;
+ bool r, rw, nsr, nsrw, mrvalid;
+ int prot;
+ MemTxAttrs attrs = {};
+ hwaddr phys_addr;
+ uint32_t fsr;
+ ARMMMUIdx mmu_idx;
+ uint32_t mregion;
+ bool targetpriv;
+ bool targetsec = env->v7m.secure;
+
+ /* Work out what the security state and privilege level we're
+ * interested in is...
+ */
+ if (alt) {
+ targetsec = !targetsec;
+ }
+
+ if (forceunpriv) {
+ targetpriv = false;
+ } else {
+ targetpriv = arm_v7m_is_handler_mode(env) ||
+ !(env->v7m.control[targetsec] & R_V7M_CONTROL_NPRIV_MASK);
+ }
+
+ /* ...and then figure out which MMU index this is */
+ mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, targetsec, targetpriv);
+
+ /* We know that the MPU and SAU don't care about the access type
+ * for our purposes beyond that we don't want to claim to be
+ * an insn fetch, so we arbitrarily call this a read.
+ */
+
+ /* MPU region info only available for privileged or if
+ * inspecting the other MPU state.
+ */
+ if (arm_current_el(env) != 0 || alt) {
+ /* We can ignore the return value as prot is always set */
+ pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ &phys_addr, &attrs, &prot, &fsr, &mregion);
+ if (mregion == -1) {
+ mrvalid = false;
+ mregion = 0;
+ } else {
+ mrvalid = true;
+ }
+ r = prot & PAGE_READ;
+ rw = prot & PAGE_WRITE;
+ } else {
+ r = false;
+ rw = false;
+ mrvalid = false;
+ mregion = 0;
+ }
+
+ if (env->v7m.secure) {
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ nsr = sattrs.ns && r;
+ nsrw = sattrs.ns && rw;
+ } else {
+ sattrs.ns = true;
+ nsr = false;
+ nsrw = false;
+ }
+
+ tt_resp = (sattrs.iregion << 24) |
+ (sattrs.irvalid << 23) |
+ ((!sattrs.ns) << 22) |
+ (nsrw << 21) |
+ (nsr << 20) |
+ (rw << 19) |
+ (r << 18) |
+ (sattrs.srvalid << 17) |
+ (mrvalid << 16) |
+ (sattrs.sregion << 8) |
+ mregion;
+
+ return tt_resp;
+}
+
#endif
void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 50339e7..e15192d 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9810,7 +9810,7 @@ static int disas_thumb2_insn(DisasContext *s, uint32_t insn)
if (insn & (1 << 22)) {
/* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
* - load/store doubleword, load/store exclusive, ldacq/strel,
- * table branch.
+ * table branch, TT.
*/
if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
arm_dc_feature(s, ARM_FEATURE_V8)) {
@@ -9887,8 +9887,35 @@ static int disas_thumb2_insn(DisasContext *s, uint32_t insn)
} else if ((insn & (1 << 23)) == 0) {
/* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
* - load/store exclusive word
+ * - TT (v8M only)
*/
if (rs == 15) {
+ if (!(insn & (1 << 20)) &&
+ arm_dc_feature(s, ARM_FEATURE_M) &&
+ arm_dc_feature(s, ARM_FEATURE_V8)) {
+ /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
+ * - TT (v8M only)
+ */
+ bool alt = insn & (1 << 7);
+ TCGv_i32 addr, op, ttresp;
+
+ if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
+ /* we UNDEF for these UNPREDICTABLE cases */
+ goto illegal_op;
+ }
+
+ if (alt && !s->v8m_secure) {
+ goto illegal_op;
+ }
+
+ addr = load_reg(s, rn);
+ op = tcg_const_i32(extract32(insn, 6, 2));
+ ttresp = tcg_temp_new_i32();
+ gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
+ tcg_temp_free_i32(addr);
+ tcg_temp_free_i32(op);
+ store_reg(s, rd, ttresp);
+ }
goto illegal_op;
}
addr = tcg_temp_local_new_i32();
--
2.7.4
next prev parent reply other threads:[~2017-12-13 18:13 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
2017-12-13 18:11 ` [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 02/43] m25p80: Add support for SST READ ID 0x90/0xAB commands Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 03/43] m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60) Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 04/43] m25p80: Add support for n25q512a11 and n25q512a13 Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 05/43] xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 06/43] xilinx_spips: Update striping to be big-endian bit order Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 07/43] xilinx_spips: Add support for RX discard and RX drain Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 08/43] xilinx_spips: Make tx/rx_data_bytes more generic and reusable Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 09/43] xilinx_spips: Add support for zero pumping Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 10/43] xilinx_spips: Add support for 4 byte addresses in the LQSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 11/43] xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 12/43] xilinx_spips: Add support for the ZynqMP Generic QSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 13/43] xlnx-zcu102: Add support for the ZynqMP QSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 14/43] hw/intc/arm_gicv3_its: Don't call post_load on reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 15/43] hw/intc/arm_gicv3_its: Implement a minimalist reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 16/43] linux-headers: update to 4.15-rc1 Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 17/43] hw/intc/arm_gicv3_its: Implement full reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 18/43] target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 20/43] target/arm: Add missing M profile case to regime_is_user() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 21/43] target/arm: Split M profile MNegPri mmu index into user and priv Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 22/43] target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 23/43] target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8() Peter Maydell
2017-12-13 18:12 ` Peter Maydell [this message]
2017-12-13 18:12 ` [Qemu-devel] [PULL 25/43] target/arm: Provide fault type enum and FSR conversion functions Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 26/43] target/arm: Remove fsr argument from arm_ld*_ptw() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 27/43] target/arm: Convert get_phys_addr_v5() to not return FSC values Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 28/43] target/arm: Convert get_phys_addr_v6() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 29/43] target/arm: Convert get_phys_addr_lpae() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 30/43] target/arm: Convert get_phys_addr_pmsav5() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 31/43] target/arm: Convert get_phys_addr_pmsav7() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 38/43] nvic: Make systick banked Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers Peter Maydell
2017-12-14 15:32 ` [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1513188761-20784-25-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).