* [PULL 00/35] target-arm queue
@ 2020-08-28 9:23 Peter Maydell
2020-08-28 17:37 ` Peter Maydell
0 siblings, 1 reply; 44+ messages in thread
From: Peter Maydell @ 2020-08-28 9:23 UTC (permalink / raw)
To: qemu-devel
Nothing earth-shaking in here, just a lot of refactoring and cleanup
and a few bugfixes. I suspect I'll have another pullreq to come in
the early part of next week...
The following changes since commit 19591e9e0938ea5066984553c256a043bd5d822f:
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2020-08-27 16:59:02 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200828
for you to fetch changes up to ed78849d9711805bda37ee026018d6ee7a606d0e:
target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd (2020-08-28 10:02:50 +0100)
----------------------------------------------------------------
target-arm queue:
* target/arm: Cleanup and refactoring preparatory to SVE2
* armsse: Define ARMSSEClass correctly
* hw/misc/unimp: Improve information provided in log messages
* hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize
* hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize
* hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers
* hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers
* target/arm: Fill in the WnR syndrome bit in mte_check_fail
* target/arm: Clarify HCR_EL2 ARMCPRegInfo type
* hw/arm/musicpal: Use AddressSpace for DMA transfers
* hw/clock: Minor cleanups
* hw/arm/sbsa-ref: fix typo breaking PCIe IRQs
----------------------------------------------------------------
Eduardo Habkost (1):
armsse: Define ARMSSEClass correctly
Graeme Gregory (1):
hw/arm/sbsa-ref: fix typo breaking PCIe IRQs
Philippe Mathieu-Daudé (14):
hw/clock: Remove unused clock_init*() functions
hw/clock: Let clock_set() return boolean value
hw/clock: Only propagate clock changes if the clock is changed
hw/arm/musicpal: Use AddressSpace for DMA transfers
target/arm: Clarify HCR_EL2 ARMCPRegInfo type
hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers
hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers
hw/arm/xilinx_zynq: Uninline cadence_uart_create()
hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize
hw/qdev-clock: Uninline qdev_connect_clock_in()
hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize
hw/misc/unimp: Display value after offset
hw/misc/unimp: Display the value with width of the access size
hw/misc/unimp: Display the offset with width of the region size
Richard Henderson (19):
target/arm: Pass the entire mte descriptor to mte_check_fail
target/arm: Fill in the WnR syndrome bit in mte_check_fail
qemu/int128: Add int128_lshift
target/arm: Split out gen_gvec_fn_zz
target/arm: Split out gen_gvec_fn_zzz, do_zzz_fn
target/arm: Rearrange {sve,fp}_check_access assert
target/arm: Merge do_vector2_p into do_mov_p
target/arm: Clean up 4-operand predicate expansion
target/arm: Use tcg_gen_gvec_bitsel for trans_SEL_pppp
target/arm: Split out gen_gvec_ool_zzzp
target/arm: Merge helper_sve_clr_* and helper_sve_movz_*
target/arm: Split out gen_gvec_ool_zzp
target/arm: Split out gen_gvec_ool_zzz
target/arm: Split out gen_gvec_ool_zz
target/arm: Tidy SVE tszimm shift formats
target/arm: Generalize inl_qrdmlah_* helper functions
target/arm: Convert integer multiply (indexed) to gvec for aa64 advsimd
target/arm: Convert integer multiply-add (indexed) to gvec for aa64 advsimd
target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd
include/hw/arm/armsse.h | 2 +-
include/hw/char/cadence_uart.h | 17 --
include/hw/clock.h | 30 +--
include/hw/misc/unimp.h | 1 +
include/hw/net/allwinner-sun8i-emac.h | 6 +
include/hw/qdev-clock.h | 8 +-
include/hw/sd/allwinner-sdhost.h | 6 +
include/qemu/int128.h | 16 ++
target/arm/helper-sve.h | 5 -
target/arm/helper.h | 28 +++
target/arm/translate.h | 1 +
target/arm/sve.decode | 35 ++-
hw/arm/allwinner-a10.c | 2 +
hw/arm/allwinner-h3.c | 4 +
hw/arm/armsse.c | 1 +
hw/arm/musicpal.c | 45 ++--
hw/arm/sbsa-ref.c | 2 +-
hw/arm/xilinx_zynq.c | 24 +-
hw/core/clock.c | 7 +-
hw/core/qdev-clock.c | 6 +
hw/misc/unimp.c | 14 +-
hw/net/allwinner-sun8i-emac.c | 46 ++--
hw/sd/allwinner-sdhost.c | 37 +++-
target/arm/helper.c | 1 -
target/arm/mte_helper.c | 19 +-
target/arm/sve_helper.c | 70 ++----
target/arm/translate-a64.c | 110 ++++++++--
target/arm/translate-sve.c | 399 ++++++++++++++--------------------
target/arm/vec_helper.c | 182 +++++++++++-----
29 files changed, 629 insertions(+), 495 deletions(-)
^ permalink raw reply [flat|nested] 44+ messages in thread
* Re: [PULL 00/35] target-arm queue
2020-08-28 9:23 Peter Maydell
@ 2020-08-28 17:37 ` Peter Maydell
0 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2020-08-28 17:37 UTC (permalink / raw)
To: QEMU Developers
On Fri, 28 Aug 2020 at 10:24, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Nothing earth-shaking in here, just a lot of refactoring and cleanup
> and a few bugfixes. I suspect I'll have another pullreq to come in
> the early part of next week...
>
> The following changes since commit 19591e9e0938ea5066984553c256a043bd5d822f:
>
> Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2020-08-27 16:59:02 +0100)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200828
>
> for you to fetch changes up to ed78849d9711805bda37ee026018d6ee7a606d0e:
>
> target/arm: Convert sq{, r}dmulh to gvec for aa64 advsimd (2020-08-28 10:02:50 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * target/arm: Cleanup and refactoring preparatory to SVE2
> * armsse: Define ARMSSEClass correctly
> * hw/misc/unimp: Improve information provided in log messages
> * hw/qdev-clock: Avoid calling qdev_connect_clock_in after DeviceRealize
> * hw/arm/xilinx_zynq: Call qdev_connect_clock_in() before DeviceRealize
> * hw/net/allwinner-sun8i-emac: Use AddressSpace for DMA transfers
> * hw/sd/allwinner-sdhost: Use AddressSpace for DMA transfers
> * target/arm: Fill in the WnR syndrome bit in mte_check_fail
> * target/arm: Clarify HCR_EL2 ARMCPRegInfo type
> * hw/arm/musicpal: Use AddressSpace for DMA transfers
> * hw/clock: Minor cleanups
> * hw/arm/sbsa-ref: fix typo breaking PCIe IRQs
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 44+ messages in thread
* [PULL 00/35] target-arm queue
@ 2023-05-02 12:14 Peter Maydell
2023-05-02 14:09 ` Richard Henderson
0 siblings, 1 reply; 44+ messages in thread
From: Peter Maydell @ 2023-05-02 12:14 UTC (permalink / raw)
To: qemu-devel
Hi; here's an arm pullreq. The big bits here are Fabiano's
CONFIG_TCG=n patches and my set that deprecate -singlestep;
other than that there's a collection of smaller bugfixes.
thanks
-- PMM
The following changes since commit 7c18f2d663521f1b31b821a13358ce38075eaf7d:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2023-04-29 23:07:17 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230502-1
for you to fetch changes up to 0ab99e4252f21550f2c16f859cbcdd3cced9f8bf:
hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields (2023-05-02 13:10:42 +0100)
----------------------------------------------------------------
* Support building Arm targets with CONFIG_TCG=no (ie KVM only)
* hw/net: npcm7xx_emc: set MAC in register space
* hw/arm/bcm2835_property: Implement "get command line" message
* Deprecate the '-singlestep' command line option in favour of
'-one-insn-per-tb' and '-accel one-insn-per-tb=on'
* Deprecate 'singlestep' member of QMP StatusInfo struct
* docs/about/deprecated.rst: Add "since 7.1" tag to dtb-kaslr-seed deprecation
* hw/net/msf2-emac: Don't modify descriptor in-place in emac_store_desc()
* raspi, aspeed: Write bootloader code correctly on big-endian hosts
* hw/intc/allwinner-a10-pic: Fix bug on big-endian hosts
* Fix bug in A32 ERET on big-endian hosts that caused guest crash
* hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields
* hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields
----------------------------------------------------------------
Claudio Fontana (1):
target/arm: move cpu_tcg to tcg/cpu32.c
Cédric Le Goater (2):
hw/arm/boot: Make write_bootloader() public as arm_write_bootloader()
hw/arm/aspeed: Use arm_write_bootloader() to write the bootloader
Daniel Bertalan (1):
hw/arm/bcm2835_property: Implement "get command line" message
Fabiano Rosas (11):
target/arm: Move cortex sysregs into a separate file
target/arm: Remove dead code from cpu_max_set_sve_max_vq
target/arm: Extract TCG -cpu max code into a function
target/arm: Do not expose all -cpu max features to qtests
target/arm: Move 64-bit TCG CPUs into tcg/
tests/qtest: Adjust and document query-cpu-model-expansion test for arm
tests/qtest: Fix tests when no KVM or TCG are present
tests/avocado: Pass parameters to migration test
arm/Kconfig: Always select SEMIHOSTING when TCG is present
arm/Kconfig: Do not build TCG-only boards on a KVM-only build
tests/qtest: Restrict tpm-tis-i2c-test to CONFIG_TCG
Patrick Venture (1):
hw/net: npcm7xx_emc: set MAC in register space
Peter Maydell (18):
make one-insn-per-tb an accel option
softmmu: Don't use 'singlestep' global in QMP and HMP commands
accel/tcg: Use one_insn_per_tb global instead of old singlestep global
linux-user: Add '-one-insn-per-tb' option equivalent to '-singlestep'
bsd-user: Add '-one-insn-per-tb' option equivalent to '-singlestep'
Document that -singlestep command line option is deprecated
accel/tcg: Report one-insn-per-tb in 'info jit', not 'info status'
hmp: Add 'one-insn-per-tb' command equivalent to 'singlestep'
qapi/run-state.json: Fix missing newline at end of file
qmp: Deprecate 'singlestep' member of StatusInfo
docs/about/deprecated.rst: Add "since 7.1" tag to dtb-kaslr-seed deprecation
hw/net/msf2-emac: Don't modify descriptor in-place in emac_store_desc()
hw/arm/raspi: Use arm_write_bootloader() to write boot code
hw/intc/allwinner-a10-pic: Don't use set_bit()/clear_bit()
target/arm: Define and use new load_cpu_field_low32()
target/arm: Add compile time asserts to load/store_cpu_field macros
hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields
hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields
Philippe Mathieu-Daudé (1):
gitlab-ci: Check building KVM-only aarch64 target
docs/about/deprecated.rst | 43 +-
docs/user/main.rst | 14 +-
configs/devices/aarch64-softmmu/default.mak | 4 -
configs/devices/arm-softmmu/default.mak | 39 --
qapi/run-state.json | 16 +-
accel/tcg/internal.h | 2 +
include/exec/cpu-common.h | 2 -
include/hw/arm/boot.h | 49 ++
include/hw/misc/bcm2835_property.h | 1 +
include/monitor/hmp.h | 2 +-
target/arm/cpregs.h | 6 +
target/arm/internals.h | 10 +-
target/arm/translate-a32.h | 24 +-
accel/tcg/cpu-exec.c | 2 +-
accel/tcg/monitor.c | 14 +
accel/tcg/tcg-all.c | 23 +
bsd-user/main.c | 14 +-
hw/arm/aspeed.c | 38 +-
hw/arm/bcm2835_peripherals.c | 2 +
hw/arm/bcm2836.c | 2 +
hw/arm/boot.c | 35 +-
hw/arm/raspi.c | 66 +-
hw/arm/virt.c | 6 +-
hw/intc/allwinner-a10-pic.c | 7 +-
hw/misc/bcm2835_property.c | 13 +-
hw/net/allwinner-sun8i-emac.c | 22 +-
hw/net/msf2-emac.c | 16 +-
hw/net/npcm7xx_emc.c | 32 +-
hw/sd/allwinner-sdhost.c | 31 +-
linux-user/main.c | 18 +-
softmmu/globals.c | 1 -
softmmu/runstate-hmp-cmds.c | 25 +-
softmmu/runstate.c | 10 +-
softmmu/vl.c | 17 +-
target/arm/cortex-regs.c | 69 ++
target/arm/cpu64.c | 702 +-------------------
target/arm/{cpu_tcg.c => tcg/cpu32.c} | 72 +-
target/arm/tcg/cpu64.c | 723 +++++++++++++++++++++
target/arm/tcg/translate.c | 4 +-
tests/qtest/arm-cpu-features.c | 20 +-
tests/qtest/bios-tables-test.c | 11 +-
tests/qtest/boot-serial-test.c | 5 +
tests/qtest/migration-test.c | 9 +-
tests/qtest/pxe-test.c | 8 +-
tests/qtest/test-hmp.c | 1 +
tests/qtest/vmgenid-test.c | 9 +-
.gitlab-ci.d/crossbuilds.yml | 11 +
.../custom-runners/ubuntu-22.04-aarch64.yml | 4 -
hmp-commands.hx | 25 +-
hw/arm/Kconfig | 43 +-
qemu-options.hx | 12 +-
target/arm/Kconfig | 7 +
target/arm/meson.build | 2 +-
target/arm/tcg/meson.build | 2 +
tcg/tci/README | 2 +-
tests/avocado/migration.py | 83 ++-
tests/qtest/meson.build | 3 +-
57 files changed, 1449 insertions(+), 984 deletions(-)
create mode 100644 target/arm/cortex-regs.c
rename target/arm/{cpu_tcg.c => tcg/cpu32.c} (93%)
create mode 100644 target/arm/tcg/cpu64.c
^ permalink raw reply [flat|nested] 44+ messages in thread
* Re: [PULL 00/35] target-arm queue
2023-05-02 12:14 Peter Maydell
@ 2023-05-02 14:09 ` Richard Henderson
2023-05-02 14:47 ` Peter Maydell
0 siblings, 1 reply; 44+ messages in thread
From: Richard Henderson @ 2023-05-02 14:09 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 5/2/23 13:14, Peter Maydell wrote:
> Hi; here's an arm pullreq. The big bits here are Fabiano's
> CONFIG_TCG=n patches and my set that deprecate -singlestep;
> other than that there's a collection of smaller bugfixes.
>
> thanks
> -- PMM
>
> The following changes since commit 7c18f2d663521f1b31b821a13358ce38075eaf7d:
>
> Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2023-04-29 23:07:17 +0100)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230502-1
>
> for you to fetch changes up to 0ab99e4252f21550f2c16f859cbcdd3cced9f8bf:
>
> hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields (2023-05-02 13:10:42 +0100)
>
> ----------------------------------------------------------------
> * Support building Arm targets with CONFIG_TCG=no (ie KVM only)
> * hw/net: npcm7xx_emc: set MAC in register space
> * hw/arm/bcm2835_property: Implement "get command line" message
> * Deprecate the '-singlestep' command line option in favour of
> '-one-insn-per-tb' and '-accel one-insn-per-tb=on'
> * Deprecate 'singlestep' member of QMP StatusInfo struct
> * docs/about/deprecated.rst: Add "since 7.1" tag to dtb-kaslr-seed deprecation
> * hw/net/msf2-emac: Don't modify descriptor in-place in emac_store_desc()
> * raspi, aspeed: Write bootloader code correctly on big-endian hosts
> * hw/intc/allwinner-a10-pic: Fix bug on big-endian hosts
> * Fix bug in A32 ERET on big-endian hosts that caused guest crash
> * hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields
> * hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields
The new notcg test is failing:
https://gitlab.com/qemu-project/qemu/-/jobs/4212154869#L3556
r~
^ permalink raw reply [flat|nested] 44+ messages in thread
* Re: [PULL 00/35] target-arm queue
2023-05-02 14:09 ` Richard Henderson
@ 2023-05-02 14:47 ` Peter Maydell
0 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-05-02 14:47 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, Phil Mathieu-Daudé
On Tue, 2 May 2023 at 15:09, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 5/2/23 13:14, Peter Maydell wrote:
> > Hi; here's an arm pullreq. The big bits here are Fabiano's
> > CONFIG_TCG=n patches and my set that deprecate -singlestep;
> > other than that there's a collection of smaller bugfixes.
> >
> > thanks
> > -- PMM
> >
> > The following changes since commit 7c18f2d663521f1b31b821a13358ce38075eaf7d:
> >
> > Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2023-04-29 23:07:17 +0100)
> >
> > are available in the Git repository at:
> >
> > https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230502-1
> >
> > for you to fetch changes up to 0ab99e4252f21550f2c16f859cbcdd3cced9f8bf:
> >
> > hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields (2023-05-02 13:10:42 +0100)
> >
> > ----------------------------------------------------------------
> > * Support building Arm targets with CONFIG_TCG=no (ie KVM only)
> > * hw/net: npcm7xx_emc: set MAC in register space
> > * hw/arm/bcm2835_property: Implement "get command line" message
> > * Deprecate the '-singlestep' command line option in favour of
> > '-one-insn-per-tb' and '-accel one-insn-per-tb=on'
> > * Deprecate 'singlestep' member of QMP StatusInfo struct
> > * docs/about/deprecated.rst: Add "since 7.1" tag to dtb-kaslr-seed deprecation
> > * hw/net/msf2-emac: Don't modify descriptor in-place in emac_store_desc()
> > * raspi, aspeed: Write bootloader code correctly on big-endian hosts
> > * hw/intc/allwinner-a10-pic: Fix bug on big-endian hosts
> > * Fix bug in A32 ERET on big-endian hosts that caused guest crash
> > * hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields
> > * hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields
>
> The new notcg test is failing:
>
> https://gitlab.com/qemu-project/qemu/-/jobs/4212154869#L3556
Output: Could not access KVM kernel module: Permission denied
qemu-system-aarch64: failed to initialize kvm: Permission denied
Looks like the aarch64 runner doesn't have access to /dev/kvm.
Philippe, that patch was one of yours -- do you want to have
a look at it?
("gitlab-ci: Check building KVM-only aarch64 target")
In the meantime I'll respin the pullreq and drop that patch.
thanks
-- PMM
^ permalink raw reply [flat|nested] 44+ messages in thread
* [PULL 00/35] target-arm queue
@ 2023-08-24 9:28 Peter Maydell
2023-08-24 9:28 ` [PULL 01/35] hw/gpio/nrf51: implement DETECT signal Peter Maydell
` (35 more replies)
0 siblings, 36 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
Hi; here's the first arm pullreq for the 8.2 cycle. These are
pretty much all bug fixes (mostly for the experimental FEAT_RME),
rather than any major features.
-- PMM
The following changes since commit b0dd9a7d6dd15a6898e9c585b521e6bec79b25aa:
Open 8.2 development tree (2023-08-22 07:14:07 -0700)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230824
for you to fetch changes up to cd1e4db73646006039f25879af3bff55b2295ff3:
target/arm: Fix 64-bit SSRA (2023-08-22 17:31:14 +0100)
----------------------------------------------------------------
target-arm queue:
* hw/gpio/nrf51: implement DETECT signal
* accel/kvm: Specify default IPA size for arm64
* ptw: refactor, fix some FEAT_RME bugs
* target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types
* target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK
* Fix SME ST1Q
* Fix 64-bit SSRA
----------------------------------------------------------------
Akihiko Odaki (6):
kvm: Introduce kvm_arch_get_default_type hook
accel/kvm: Specify default IPA size for arm64
mips: Report an error when KVM_VM_MIPS_VZ is unavailable
accel/kvm: Use negative KVM type for error propagation
accel/kvm: Free as when an error occurred
accel/kvm: Make kvm_dirty_ring_reaper_init() void
Chris Laplante (6):
hw/gpio/nrf51: implement DETECT signal
qtest: factor out qtest_install_gpio_out_intercept
qtest: implement named interception of out-GPIO
qtest: bail from irq_intercept_in if name is specified
qtest: irq_intercept_[out/in]: return FAIL if no intercepts are installed
qtest: microbit-test: add tests for nRF51 DETECT
Jean-Philippe Brucker (6):
target/arm/ptw: Load stage-2 tables from realm physical space
target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2*
target/arm: Skip granule protection checks for AT instructions
target/arm: Pass security space rather than flag for AT instructions
target/arm/helper: Check SCR_EL3.{NSE, NS} encoding for AT instructions
target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK
Peter Maydell (15):
target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault
target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults
target/arm/ptw: Set s1ns bit in fault info more consistently
target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled()
target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled()
target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate()
target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate()
target/arm/ptw: Only fold in NSTable bit effects in Secure state
target/arm/ptw: Remove last uses of ptw->in_secure
target/arm/ptw: Remove S1Translate::in_secure
target/arm/ptw: Drop S1Translate::out_secure
target/arm/ptw: Set attributes correctly for MMU disabled data accesses
target/arm/ptw: Check for block descriptors at invalid levels
target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw
target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types
Richard Henderson (2):
target/arm: Fix SME ST1Q
target/arm: Fix 64-bit SSRA
include/hw/gpio/nrf51_gpio.h | 1 +
include/sysemu/kvm.h | 2 +
target/arm/cpu.h | 19 ++--
target/arm/internals.h | 25 ++---
target/mips/kvm_mips.h | 9 --
tests/qtest/libqtest.h | 11 +++
accel/kvm/kvm-all.c | 19 ++--
hw/arm/virt.c | 2 +-
hw/gpio/nrf51_gpio.c | 14 ++-
hw/mips/loongson3_virt.c | 2 -
hw/ppc/spapr.c | 2 +-
softmmu/qtest.c | 52 +++++++---
target/arm/cpu.c | 6 ++
target/arm/helper.c | 207 ++++++++++++++++++++++++++++----------
target/arm/kvm.c | 7 ++
target/arm/ptw.c | 231 ++++++++++++++++++++++++++-----------------
target/arm/tcg/sme_helper.c | 2 +-
target/arm/tcg/translate.c | 2 +-
target/i386/kvm/kvm.c | 5 +
target/mips/kvm.c | 3 +-
target/ppc/kvm.c | 5 +
target/riscv/kvm.c | 5 +
target/s390x/kvm/kvm.c | 5 +
tests/qtest/libqtest.c | 6 ++
tests/qtest/microbit-test.c | 44 +++++++++
target/arm/trace-events | 7 +-
26 files changed, 494 insertions(+), 199 deletions(-)
^ permalink raw reply [flat|nested] 44+ messages in thread
* [PULL 01/35] hw/gpio/nrf51: implement DETECT signal
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 02/35] qtest: factor out qtest_install_gpio_out_intercept Peter Maydell
` (34 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
Implement nRF51 DETECT signal in the GPIO peripheral.
The reference manual makes mention of a per-pin DETECT signal, but these
are not exposed to the user. See https://devzone.nordicsemi.com/f/nordic-q-a/39858/gpio-per-pin-detect-signal-available
for more information. Currently, I don't see a reason to model these.
Signed-off-by: Chris Laplante <chris@laplante.io>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230728160324.1159090-2-chris@laplante.io
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/gpio/nrf51_gpio.h | 1 +
hw/gpio/nrf51_gpio.c | 14 +++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/include/hw/gpio/nrf51_gpio.h b/include/hw/gpio/nrf51_gpio.h
index 8f9c2f86da3..fcfa2bac173 100644
--- a/include/hw/gpio/nrf51_gpio.h
+++ b/include/hw/gpio/nrf51_gpio.h
@@ -64,6 +64,7 @@ struct NRF51GPIOState {
uint32_t old_out_connected;
qemu_irq output[NRF51_GPIO_PINS];
+ qemu_irq detect;
};
diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
index b47fddf4ed6..08396c69a4b 100644
--- a/hw/gpio/nrf51_gpio.c
+++ b/hw/gpio/nrf51_gpio.c
@@ -78,6 +78,7 @@ static void update_state(NRF51GPIOState *s)
int pull;
size_t i;
bool connected_out, dir, connected_in, out, in, input;
+ bool assert_detect = false;
for (i = 0; i < NRF51_GPIO_PINS; i++) {
pull = pull_value(s->cnf[i]);
@@ -99,7 +100,15 @@ static void update_state(NRF51GPIOState *s)
qemu_log_mask(LOG_GUEST_ERROR,
"GPIO pin %zu short circuited\n", i);
}
- if (!connected_in) {
+ if (connected_in) {
+ uint32_t detect_config = extract32(s->cnf[i], 16, 2);
+ if ((detect_config == 2) && (in == 1)) {
+ assert_detect = true;
+ }
+ if ((detect_config == 3) && (in == 0)) {
+ assert_detect = true;
+ }
+ } else {
/*
* Floating input: the output stimulates IN if connected,
* otherwise pull-up/pull-down resistors put a value on both
@@ -116,6 +125,8 @@ static void update_state(NRF51GPIOState *s)
}
update_output_irq(s, i, connected_out, out);
}
+
+ qemu_set_irq(s->detect, assert_detect);
}
/*
@@ -291,6 +302,7 @@ static void nrf51_gpio_init(Object *obj)
qdev_init_gpio_in(DEVICE(s), nrf51_gpio_set, NRF51_GPIO_PINS);
qdev_init_gpio_out(DEVICE(s), s->output, NRF51_GPIO_PINS);
+ qdev_init_gpio_out_named(DEVICE(s), &s->detect, "detect", 1);
}
static void nrf51_gpio_class_init(ObjectClass *klass, void *data)
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 02/35] qtest: factor out qtest_install_gpio_out_intercept
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
2023-08-24 9:28 ` [PULL 01/35] hw/gpio/nrf51: implement DETECT signal Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 03/35] qtest: implement named interception of out-GPIO Peter Maydell
` (33 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
Signed-off-by: Chris Laplante <chris@laplante.io>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230728160324.1159090-3-chris@laplante.io
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
softmmu/qtest.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index f8d764b7190..1b864891629 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -365,6 +365,15 @@ void qtest_set_command_cb(bool (*pc_cb)(CharBackend *chr, gchar **words))
process_command_cb = pc_cb;
}
+static void qtest_install_gpio_out_intercept(DeviceState *dev, const char *name, int n)
+{
+ qemu_irq *disconnected = g_new0(qemu_irq, 1);
+ qemu_irq icpt = qemu_allocate_irq(qtest_irq_handler,
+ disconnected, n);
+
+ *disconnected = qdev_intercept_gpio_out(dev, icpt, name, n);
+}
+
static void qtest_process_command(CharBackend *chr, gchar **words)
{
const gchar *command;
@@ -415,12 +424,7 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
if (words[0][14] == 'o') {
int i;
for (i = 0; i < ngl->num_out; ++i) {
- qemu_irq *disconnected = g_new0(qemu_irq, 1);
- qemu_irq icpt = qemu_allocate_irq(qtest_irq_handler,
- disconnected, i);
-
- *disconnected = qdev_intercept_gpio_out(dev, icpt,
- ngl->name, i);
+ qtest_install_gpio_out_intercept(dev, ngl->name, i);
}
} else {
qemu_irq_intercept_in(ngl->in, qtest_irq_handler,
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 03/35] qtest: implement named interception of out-GPIO
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
2023-08-24 9:28 ` [PULL 01/35] hw/gpio/nrf51: implement DETECT signal Peter Maydell
2023-08-24 9:28 ` [PULL 02/35] qtest: factor out qtest_install_gpio_out_intercept Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 04/35] qtest: bail from irq_intercept_in if name is specified Peter Maydell
` (32 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
Adds qtest_irq_intercept_out_named method, which utilizes a new optional
name parameter to the irq_intercept_out qtest command.
Signed-off-by: Chris Laplante <chris@laplante.io>
Message-id: 20230728160324.1159090-4-chris@laplante.io
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
tests/qtest/libqtest.h | 11 +++++++++++
softmmu/qtest.c | 18 ++++++++++--------
tests/qtest/libqtest.c | 6 ++++++
3 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/tests/qtest/libqtest.h b/tests/qtest/libqtest.h
index 3a71bc45fcf..e53e350e3a6 100644
--- a/tests/qtest/libqtest.h
+++ b/tests/qtest/libqtest.h
@@ -371,6 +371,17 @@ void qtest_irq_intercept_in(QTestState *s, const char *string);
*/
void qtest_irq_intercept_out(QTestState *s, const char *string);
+/**
+ * qtest_irq_intercept_out_named:
+ * @s: #QTestState instance to operate on.
+ * @qom_path: QOM path of a device.
+ * @name: Name of the GPIO out pin
+ *
+ * Associate a qtest irq with the named GPIO-out pin of the device
+ * whose path is specified by @string and whose name is @name.
+ */
+void qtest_irq_intercept_out_named(QTestState *s, const char *qom_path, const char *name);
+
/**
* qtest_set_irq_in:
* @s: QTestState instance to operate on.
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 1b864891629..0f1d478bda5 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -397,8 +397,10 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
|| strcmp(words[0], "irq_intercept_in") == 0) {
DeviceState *dev;
NamedGPIOList *ngl;
+ bool is_outbound;
g_assert(words[1]);
+ is_outbound = words[0][14] == 'o';
dev = DEVICE(object_resolve_path(words[1], NULL));
if (!dev) {
qtest_send_prefix(chr);
@@ -417,14 +419,14 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
}
QLIST_FOREACH(ngl, &dev->gpios, node) {
- /* We don't support intercept of named GPIOs yet */
- if (ngl->name) {
- continue;
- }
- if (words[0][14] == 'o') {
- int i;
- for (i = 0; i < ngl->num_out; ++i) {
- qtest_install_gpio_out_intercept(dev, ngl->name, i);
+ /* We don't support inbound interception of named GPIOs yet */
+ if (is_outbound) {
+ /* NULL is valid and matchable, for "unnamed GPIO" */
+ if (g_strcmp0(ngl->name, words[2]) == 0) {
+ int i;
+ for (i = 0; i < ngl->num_out; ++i) {
+ qtest_install_gpio_out_intercept(dev, ngl->name, i);
+ }
}
} else {
qemu_irq_intercept_in(ngl->in, qtest_irq_handler,
diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index c22dfc30d3d..471529e6cc3 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -993,6 +993,12 @@ void qtest_irq_intercept_out(QTestState *s, const char *qom_path)
qtest_rsp(s);
}
+void qtest_irq_intercept_out_named(QTestState *s, const char *qom_path, const char *name)
+{
+ qtest_sendf(s, "irq_intercept_out %s %s\n", qom_path, name);
+ qtest_rsp(s);
+}
+
void qtest_irq_intercept_in(QTestState *s, const char *qom_path)
{
qtest_sendf(s, "irq_intercept_in %s\n", qom_path);
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 04/35] qtest: bail from irq_intercept_in if name is specified
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2023-08-24 9:28 ` [PULL 03/35] qtest: implement named interception of out-GPIO Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 05/35] qtest: irq_intercept_[out/in]: return FAIL if no intercepts are installed Peter Maydell
` (31 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
Named interception of in-GPIOs is not supported yet.
Signed-off-by: Chris Laplante <chris@laplante.io>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230728160324.1159090-5-chris@laplante.io
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
softmmu/qtest.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 0f1d478bda5..66757ba2618 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -397,9 +397,11 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
|| strcmp(words[0], "irq_intercept_in") == 0) {
DeviceState *dev;
NamedGPIOList *ngl;
+ bool is_named;
bool is_outbound;
g_assert(words[1]);
+ is_named = words[2] != NULL;
is_outbound = words[0][14] == 'o';
dev = DEVICE(object_resolve_path(words[1], NULL));
if (!dev) {
@@ -408,6 +410,12 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
return;
}
+ if (is_named && !is_outbound) {
+ qtest_send_prefix(chr);
+ qtest_send(chr, "FAIL Interception of named in-GPIOs not yet supported\n");
+ return;
+ }
+
if (irq_intercept_dev) {
qtest_send_prefix(chr);
if (irq_intercept_dev != dev) {
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 05/35] qtest: irq_intercept_[out/in]: return FAIL if no intercepts are installed
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2023-08-24 9:28 ` [PULL 04/35] qtest: bail from irq_intercept_in if name is specified Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 06/35] qtest: microbit-test: add tests for nRF51 DETECT Peter Maydell
` (30 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
This is much better than just silently failing with OK.
Signed-off-by: Chris Laplante <chris@laplante.io>
Message-id: 20230728160324.1159090-6-chris@laplante.io
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
softmmu/qtest.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 66757ba2618..35b643a274c 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -399,6 +399,7 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
NamedGPIOList *ngl;
bool is_named;
bool is_outbound;
+ bool interception_succeeded = false;
g_assert(words[1]);
is_named = words[2] != NULL;
@@ -435,15 +436,22 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
for (i = 0; i < ngl->num_out; ++i) {
qtest_install_gpio_out_intercept(dev, ngl->name, i);
}
+ interception_succeeded = true;
}
} else {
qemu_irq_intercept_in(ngl->in, qtest_irq_handler,
ngl->num_in);
+ interception_succeeded = true;
}
}
- irq_intercept_dev = dev;
+
qtest_send_prefix(chr);
- qtest_send(chr, "OK\n");
+ if (interception_succeeded) {
+ irq_intercept_dev = dev;
+ qtest_send(chr, "OK\n");
+ } else {
+ qtest_send(chr, "FAIL No intercepts installed\n");
+ }
} else if (strcmp(words[0], "set_irq_in") == 0) {
DeviceState *dev;
qemu_irq irq;
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 06/35] qtest: microbit-test: add tests for nRF51 DETECT
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2023-08-24 9:28 ` [PULL 05/35] qtest: irq_intercept_[out/in]: return FAIL if no intercepts are installed Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 07/35] kvm: Introduce kvm_arch_get_default_type hook Peter Maydell
` (29 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Chris Laplante <chris@laplante.io>
Exercise the DETECT mechanism of the GPIO peripheral.
Signed-off-by: Chris Laplante <chris@laplante.io>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230728160324.1159090-7-chris@laplante.io
[PMM: fixed coding style nits]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
tests/qtest/microbit-test.c | 44 +++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/tests/qtest/microbit-test.c b/tests/qtest/microbit-test.c
index 6022a92b6a9..2abcad8e31c 100644
--- a/tests/qtest/microbit-test.c
+++ b/tests/qtest/microbit-test.c
@@ -393,6 +393,49 @@ static void test_nrf51_gpio(void)
qtest_quit(qts);
}
+static void test_nrf51_gpio_detect(void)
+{
+ QTestState *qts = qtest_init("-M microbit");
+ int i;
+
+ /* Connect input buffer on pins 1-7, configure SENSE for high level */
+ for (i = 1; i <= 7; i++) {
+ qtest_writel(qts, NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_START + i * 4,
+ deposit32(0, 16, 2, 2));
+ }
+
+ qtest_irq_intercept_out_named(qts, "/machine/nrf51/gpio", "detect");
+
+ for (i = 1; i <= 7; i++) {
+ /* Set pin high */
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", i, 1);
+ uint32_t actual = qtest_readl(qts, NRF51_GPIO_BASE + NRF51_GPIO_REG_IN);
+ g_assert_cmpuint(actual, ==, 1 << i);
+
+ /* Check that DETECT is high */
+ g_assert_true(qtest_get_irq(qts, 0));
+
+ /* Set pin low, check that DETECT goes low. */
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", i, 0);
+ actual = qtest_readl(qts, NRF51_GPIO_BASE + NRF51_GPIO_REG_IN);
+ g_assert_cmpuint(actual, ==, 0x0);
+ g_assert_false(qtest_get_irq(qts, 0));
+ }
+
+ /* Set pin 0 high, check that DETECT doesn't fire */
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", 0, 1);
+ g_assert_false(qtest_get_irq(qts, 0));
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", 0, 0);
+
+ /* Set pins 1, 2, and 3 high, then set 3 low. Check DETECT is still high */
+ for (i = 1; i <= 3; i++) {
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", i, 1);
+ }
+ g_assert_true(qtest_get_irq(qts, 0));
+ qtest_set_irq_in(qts, "/machine/nrf51", "unnamed-gpio-in", 3, 0);
+ g_assert_true(qtest_get_irq(qts, 0));
+}
+
static void timer_task(QTestState *qts, hwaddr task)
{
qtest_writel(qts, NRF51_TIMER_BASE + task, NRF51_TRIGGER_TASK);
@@ -499,6 +542,7 @@ int main(int argc, char **argv)
qtest_add_func("/microbit/nrf51/uart", test_nrf51_uart);
qtest_add_func("/microbit/nrf51/gpio", test_nrf51_gpio);
+ qtest_add_func("/microbit/nrf51/gpio_detect", test_nrf51_gpio_detect);
qtest_add_func("/microbit/nrf51/nvmc", test_nrf51_nvmc);
qtest_add_func("/microbit/nrf51/timer", test_nrf51_timer);
qtest_add_func("/microbit/microbit/i2c", test_microbit_i2c);
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 07/35] kvm: Introduce kvm_arch_get_default_type hook
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2023-08-24 9:28 ` [PULL 06/35] qtest: microbit-test: add tests for nRF51 DETECT Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 08/35] accel/kvm: Specify default IPA size for arm64 Peter Maydell
` (28 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
kvm_arch_get_default_type() returns the default KVM type. This hook is
particularly useful to derive a KVM type that is valid for "none"
machine model, which is used by libvirt to probe the availability of
KVM.
For MIPS, the existing mips_kvm_type() is reused. This function ensures
the availability of VZ which is mandatory to use KVM on the current
QEMU.
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-2-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added doc comment for new function]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
include/sysemu/kvm.h | 2 ++
target/mips/kvm_mips.h | 9 ---------
accel/kvm/kvm-all.c | 4 +++-
hw/mips/loongson3_virt.c | 2 --
target/arm/kvm.c | 5 +++++
target/i386/kvm/kvm.c | 5 +++++
target/mips/kvm.c | 2 +-
target/ppc/kvm.c | 5 +++++
target/riscv/kvm.c | 5 +++++
target/s390x/kvm/kvm.c | 5 +++++
10 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 115f0cca79d..ccaf55caf73 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -369,6 +369,8 @@ int kvm_arch_get_registers(CPUState *cpu);
int kvm_arch_put_registers(CPUState *cpu, int level);
+int kvm_arch_get_default_type(MachineState *ms);
+
int kvm_arch_init(MachineState *ms, KVMState *s);
int kvm_arch_init_vcpu(CPUState *cpu);
diff --git a/target/mips/kvm_mips.h b/target/mips/kvm_mips.h
index 171d53dbe13..c711269d0af 100644
--- a/target/mips/kvm_mips.h
+++ b/target/mips/kvm_mips.h
@@ -25,13 +25,4 @@ void kvm_mips_reset_vcpu(MIPSCPU *cpu);
int kvm_mips_set_interrupt(MIPSCPU *cpu, int irq, int level);
int kvm_mips_set_ipi_interrupt(MIPSCPU *cpu, int irq, int level);
-#ifdef CONFIG_KVM
-int mips_kvm_type(MachineState *machine, const char *vm_type);
-#else
-static inline int mips_kvm_type(MachineState *machine, const char *vm_type)
-{
- return 0;
-}
-#endif
-
#endif /* KVM_MIPS_H */
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 7b3da8dc3ab..b4723016379 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2458,7 +2458,7 @@ static int kvm_init(MachineState *ms)
KVMState *s;
const KVMCapabilityInfo *missing_cap;
int ret;
- int type = 0;
+ int type;
uint64_t dirty_log_manual_caps;
qemu_mutex_init(&kml_slots_lock);
@@ -2523,6 +2523,8 @@ static int kvm_init(MachineState *ms)
type = mc->kvm_type(ms, kvm_type);
} else if (mc->kvm_type) {
type = mc->kvm_type(ms, NULL);
+ } else {
+ type = kvm_arch_get_default_type(ms);
}
do {
diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c
index 3ad0a223df7..b74b358874f 100644
--- a/hw/mips/loongson3_virt.c
+++ b/hw/mips/loongson3_virt.c
@@ -29,7 +29,6 @@
#include "qemu/datadir.h"
#include "qapi/error.h"
#include "elf.h"
-#include "kvm_mips.h"
#include "hw/char/serial.h"
#include "hw/intc/loongson_liointc.h"
#include "hw/mips/mips.h"
@@ -612,7 +611,6 @@ static void loongson3v_machine_class_init(ObjectClass *oc, void *data)
mc->max_cpus = LOONGSON_MAX_VCPUS;
mc->default_ram_id = "loongson3.highram";
mc->default_ram_size = 1600 * MiB;
- mc->kvm_type = mips_kvm_type;
mc->minimum_page_bits = 14;
mc->default_nic = "virtio-net-pci";
}
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index b4c7654f498..40f577bfd55 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -247,6 +247,11 @@ int kvm_arm_get_max_vm_ipa_size(MachineState *ms, bool *fixed_ipa)
return ret > 0 ? ret : 40;
}
+int kvm_arch_get_default_type(MachineState *ms)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
int ret = 0;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index ebfaf3d24c7..b45ce20fd8d 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -2556,6 +2556,11 @@ static void register_smram_listener(Notifier *n, void *unused)
&smram_address_space, 1, "kvm-smram");
}
+int kvm_arch_get_default_type(MachineState *ms)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
uint64_t identity_base = 0xfffbc000;
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index c14e8f550fc..e98aad01bd5 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -1266,7 +1266,7 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
abort();
}
-int mips_kvm_type(MachineState *machine, const char *vm_type)
+int kvm_arch_get_default_type(MachineState *machine)
{
#if defined(KVM_CAP_MIPS_VZ)
int r;
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index a8a935e2672..dc1182cd37e 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -108,6 +108,11 @@ static int kvm_ppc_register_host_cpu_type(void);
static void kvmppc_get_cpu_characteristics(KVMState *s);
static int kvmppc_get_dec_bits(void);
+int kvm_arch_get_default_type(MachineState *ms)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
cap_interrupt_unset = kvm_check_extension(s, KVM_CAP_PPC_UNSET_IRQ);
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index b1fd2233c03..dbcf26f27d3 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -914,6 +914,11 @@ int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
return 0;
}
+int kvm_arch_get_default_type(MachineState *ms)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
return 0;
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index a9e5880349d..9117fab6e8e 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -340,6 +340,11 @@ static void ccw_machine_class_foreach(ObjectClass *oc, void *opaque)
mc->default_cpu_type = S390_CPU_TYPE_NAME("host");
}
+int kvm_arch_get_default_type(MachineState *ms)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
object_class_foreach(ccw_machine_class_foreach, TYPE_S390_CCW_MACHINE,
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 08/35] accel/kvm: Specify default IPA size for arm64
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2023-08-24 9:28 ` [PULL 07/35] kvm: Introduce kvm_arch_get_default_type hook Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 09/35] mips: Report an error when KVM_VM_MIPS_VZ is unavailable Peter Maydell
` (27 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
Before this change, the default KVM type, which is used for non-virt
machine models, was 0.
The kernel documentation says:
> On arm64, the physical address size for a VM (IPA Size limit) is
> limited to 40bits by default. The limit can be configured if the host
> supports the extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use
> KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine type
> identifier, where IPA_Bits is the maximum width of any physical
> address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
> machine type identifier.
>
> e.g, to configure a guest to use 48bit physical address size::
>
> vm_fd = ioctl(dev_fd, KVM_CREATE_VM, KVM_VM_TYPE_ARM_IPA_SIZE(48));
>
> The requested size (IPA_Bits) must be:
>
> == =========================================================
> 0 Implies default size, 40bits (for backward compatibility)
> N Implies N bits, where N is a positive integer such that,
> 32 <= N <= Host_IPA_Limit
> == =========================================================
> Host_IPA_Limit is the maximum possible value for IPA_Bits on the host
> and is dependent on the CPU capability and the kernel configuration.
> The limit can be retrieved using KVM_CAP_ARM_VM_IPA_SIZE of the
> KVM_CHECK_EXTENSION ioctl() at run-time.
>
> Creation of the VM will fail if the requested IPA size (whether it is
> implicit or explicit) is unsupported on the host.
https://docs.kernel.org/virt/kvm/api.html#kvm-create-vm
So if Host_IPA_Limit < 40, specifying 0 as the type will fail. This
actually confused libvirt, which uses "none" machine model to probe the
KVM availability, on M2 MacBook Air.
Fix this by using Host_IPA_Limit as the default type when
KVM_CAP_ARM_VM_IPA_SIZE is available.
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-3-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/kvm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 40f577bfd55..23aeb099490 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -249,7 +249,9 @@ int kvm_arm_get_max_vm_ipa_size(MachineState *ms, bool *fixed_ipa)
int kvm_arch_get_default_type(MachineState *ms)
{
- return 0;
+ bool fixed_ipa;
+ int size = kvm_arm_get_max_vm_ipa_size(ms, &fixed_ipa);
+ return fixed_ipa ? 0 : size;
}
int kvm_arch_init(MachineState *ms, KVMState *s)
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 09/35] mips: Report an error when KVM_VM_MIPS_VZ is unavailable
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2023-08-24 9:28 ` [PULL 08/35] accel/kvm: Specify default IPA size for arm64 Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 10/35] accel/kvm: Use negative KVM type for error propagation Peter Maydell
` (26 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
On MIPS, QEMU requires KVM_VM_MIPS_VZ type for KVM. Report an error in
such a case as other architectures do when an error occurred during KVM
type decision.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-4-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
target/mips/kvm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index e98aad01bd5..e22e24ed974 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -1278,6 +1278,7 @@ int kvm_arch_get_default_type(MachineState *machine)
}
#endif
+ error_report("KVM_VM_MIPS_VZ type is not available");
return -1;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 10/35] accel/kvm: Use negative KVM type for error propagation
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2023-08-24 9:28 ` [PULL 09/35] mips: Report an error when KVM_VM_MIPS_VZ is unavailable Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 11/35] accel/kvm: Free as when an error occurred Peter Maydell
` (25 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
On MIPS, kvm_arch_get_default_type() returns a negative value when an
error occurred so handle the case. Also, let other machines return
negative values when errors occur and declare returning a negative
value as the correct way to propagate an error that happened when
determining KVM type.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-5-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
accel/kvm/kvm-all.c | 5 +++++
hw/arm/virt.c | 2 +-
hw/ppc/spapr.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index b4723016379..3bac5aa678b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2527,6 +2527,11 @@ static int kvm_init(MachineState *ms)
type = kvm_arch_get_default_type(ms);
}
+ if (type < 0) {
+ ret = -EINVAL;
+ goto err;
+ }
+
do {
ret = kvm_ioctl(s, KVM_CREATE_VM, type);
} while (ret == -EINTR);
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 7d9dbc26633..83c05f1b9f6 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2913,7 +2913,7 @@ static int virt_kvm_type(MachineState *ms, const char *type_str)
"require an IPA range (%d bits) larger than "
"the one supported by the host (%d bits)",
requested_pa_size, max_vm_pa_size);
- exit(1);
+ return -1;
}
/*
* We return the requested PA log size, unless KVM only supports
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 1c8b8d57a70..e851f609198 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -3105,7 +3105,7 @@ static int spapr_kvm_type(MachineState *machine, const char *vm_type)
}
error_report("Unknown kvm-type specified '%s'", vm_type);
- exit(1);
+ return -1;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 11/35] accel/kvm: Free as when an error occurred
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (9 preceding siblings ...)
2023-08-24 9:28 ` [PULL 10/35] accel/kvm: Use negative KVM type for error propagation Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 12/35] accel/kvm: Make kvm_dirty_ring_reaper_init() void Peter Maydell
` (24 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
An error may occur after s->as is allocated, for example if the
KVM_CREATE_VM ioctl call fails.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-6-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
accel/kvm/kvm-all.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 3bac5aa678b..ed30f4135b5 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2765,6 +2765,7 @@ err:
if (s->fd != -1) {
close(s->fd);
}
+ g_free(s->as);
g_free(s->memory_listener.slots);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 12/35] accel/kvm: Make kvm_dirty_ring_reaper_init() void
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (10 preceding siblings ...)
2023-08-24 9:28 ` [PULL 11/35] accel/kvm: Free as when an error occurred Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 13/35] target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault Peter Maydell
` (23 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Akihiko Odaki <akihiko.odaki@daynix.com>
The returned value was always zero and had no meaning.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-7-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
accel/kvm/kvm-all.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index ed30f4135b5..d07f1ecbd38 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1454,15 +1454,13 @@ static void *kvm_dirty_ring_reaper_thread(void *data)
return NULL;
}
-static int kvm_dirty_ring_reaper_init(KVMState *s)
+static void kvm_dirty_ring_reaper_init(KVMState *s)
{
struct KVMDirtyRingReaper *r = &s->reaper;
qemu_thread_create(&r->reaper_thr, "kvm-reaper",
kvm_dirty_ring_reaper_thread,
s, QEMU_THREAD_JOINABLE);
-
- return 0;
}
static int kvm_dirty_ring_init(KVMState *s)
@@ -2744,10 +2742,7 @@ static int kvm_init(MachineState *ms)
}
if (s->kvm_dirty_ring_size) {
- ret = kvm_dirty_ring_reaper_init(s);
- if (ret) {
- goto err;
- }
+ kvm_dirty_ring_reaper_init(s);
}
if (kvm_check_extension(kvm_state, KVM_CAP_BINARY_STATS_FD)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 13/35] target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (11 preceding siblings ...)
2023-08-24 9:28 ` [PULL 12/35] accel/kvm: Make kvm_dirty_ring_reaper_init() void Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 14/35] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults Peter Maydell
` (22 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
For an Unsupported Atomic Update fault where the stage 1 translation
table descriptor update can't be done because it's to an unsupported
memory type, this is a stage 1 abort (per the Arm ARM R_VSXXT). This
means we should not set fi->s1ptw, because this will cause the code
in the get_phys_addr_lpae() error-exit path to mark it as stage 2.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-2-peter.maydell@linaro.org
---
target/arm/ptw.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8f94100c61f..bafeb876ad7 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -701,7 +701,6 @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
if (unlikely(!host)) {
fi->type = ARMFault_UnsuppAtomicUpdate;
- fi->s1ptw = true;
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 14/35] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (12 preceding siblings ...)
2023-08-24 9:28 ` [PULL 13/35] target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 15/35] target/arm/ptw: Set s1ns bit in fault info more consistently Peter Maydell
` (21 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
In S1_ptw_translate() we set up the ARMMMUFaultInfo if the attempt to
translate the page descriptor address into a physical address fails.
This used to only be possible if we are doing a stage 2 ptw for that
descriptor address, and so the code always sets fi->stage2 and
fi->s1ptw to true. However, with FEAT_RME it is also possible for
the lookup of the page descriptor address to fail because of a
Granule Protection Check fault. These should not be reported as
stage 2, otherwise arm_deliver_fault() will incorrectly set
HPFAR_EL2. Similarly the s1ptw bit should only be set for stage 2
faults on stage 1 translation table walks, i.e. not for GPC faults.
Add a comment to the the other place where we might detect a
stage2-fault-on-stage-1-ptw, in arm_casq_ptw(), noting why we know in
that case that it must really be a stage 2 fault and not a GPC fault.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-3-peter.maydell@linaro.org
---
target/arm/ptw.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index bafeb876ad7..eb57ebd897b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -600,8 +600,8 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
fi->type = ARMFault_GPCFOnWalk;
}
fi->s2addr = addr;
- fi->stage2 = true;
- fi->s1ptw = true;
+ fi->stage2 = regime_is_stage2(s2_mmu_idx);
+ fi->s1ptw = fi->stage2;
fi->s1ns = !is_secure;
return false;
}
@@ -719,6 +719,12 @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
env->tlb_fi = NULL;
if (unlikely(flags & TLB_INVALID_MASK)) {
+ /*
+ * We know this must be a stage 2 fault because the granule
+ * protection table does not separately track read and write
+ * permission, so all GPC faults are caught in S1_ptw_translate():
+ * we only get here for "readable but not writeable".
+ */
assert(fi->type != ARMFault_None);
fi->s2addr = ptw->out_virt;
fi->stage2 = true;
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 15/35] target/arm/ptw: Set s1ns bit in fault info more consistently
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (13 preceding siblings ...)
2023-08-24 9:28 ` [PULL 14/35] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 16/35] target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled() Peter Maydell
` (20 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
The s1ns bit in ARMMMUFaultInfo is documented as "true if
we faulted on a non-secure IPA while in secure state". Both the
places which look at this bit only do so after having confirmed
that this is a stage 2 fault and we're dealing with Secure EL2,
which leaves the ptw.c code free to set the bit to any random
value in the other cases.
Instead of taking advantage of that freedom, consistently
make the bit be set to false for the "not a stage 2 fault
for Secure EL2" cases. This removes some cases where we
were using an 'is_secure' boolean and leaving the reader
guessing about whether that was the right thing for Realm
and Root cases.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-4-peter.maydell@linaro.org
---
target/arm/ptw.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index eb57ebd897b..67078ae3509 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -514,6 +514,17 @@ static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space,
}
}
+static bool fault_s1ns(ARMSecuritySpace space, ARMMMUIdx s2_mmu_idx)
+{
+ /*
+ * For stage 2 faults in Secure EL22, S1NS indicates
+ * whether the faulting IPA is in the Secure or NonSecure
+ * IPA space. For all other kinds of fault, it is false.
+ */
+ return space == ARMSS_Secure && regime_is_stage2(s2_mmu_idx)
+ && s2_mmu_idx == ARMMMUIdx_Stage2_S;
+}
+
/* Translate a S1 pagetable walk through S2 if needed. */
static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
hwaddr addr, ARMMMUFaultInfo *fi)
@@ -586,7 +597,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !is_secure;
+ fi->s1ns = fault_s1ns(ptw->in_space, s2_mmu_idx);
return false;
}
}
@@ -602,7 +613,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
fi->s2addr = addr;
fi->stage2 = regime_is_stage2(s2_mmu_idx);
fi->s1ptw = fi->stage2;
- fi->s1ns = !is_secure;
+ fi->s1ns = fault_s1ns(ptw->in_space, s2_mmu_idx);
return false;
}
@@ -729,7 +740,7 @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
fi->s2addr = ptw->out_virt;
fi->stage2 = true;
fi->s1ptw = true;
- fi->s1ns = !ptw->in_secure;
+ fi->s1ns = fault_s1ns(ptw->in_space, ptw->in_ptw_idx);
return 0;
}
@@ -2030,7 +2041,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
fi->level = level;
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
fi->stage2 = fi->s1ptw || regime_is_stage2(mmu_idx);
- fi->s1ns = mmu_idx == ARMMMUIdx_Stage2;
+ fi->s1ns = fault_s1ns(ptw->in_space, mmu_idx);
return true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 16/35] target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled()
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (14 preceding siblings ...)
2023-08-24 9:28 ` [PULL 15/35] target/arm/ptw: Set s1ns bit in fault info more consistently Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 17/35] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled() Peter Maydell
` (19 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
In commit 6d2654ffacea813916176 we created the S1Translate struct and
used it to plumb through various arguments that we were previously
passing one-at-a-time to get_phys_addr_v5(), get_phys_addr_v6(), and
get_phys_addr_lpae(). Extend that pattern to get_phys_addr_pmsav5(),
get_phys_addr_pmsav7(), get_phys_addr_pmsav8() and
get_phys_addr_disabled(), so that all the get_phys_addr_* functions
we call from get_phys_addr_nogpc() take the S1Translate struct rather
than the mmu_idx and is_secure bool.
(This refactoring is a prelude to having the called functions look
at ptw->is_space rather than using an is_secure boolean.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-5-peter.maydell@linaro.org
---
target/arm/ptw.c | 57 ++++++++++++++++++++++++++++++------------------
1 file changed, 36 insertions(+), 21 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 67078ae3509..a873fbe0239 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2045,15 +2045,19 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
return true;
}
-static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
+static bool get_phys_addr_pmsav5(CPUARMState *env,
+ S1Translate *ptw,
+ uint32_t address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
int n;
uint32_t mask;
uint32_t base;
+ ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
bool is_user = regime_is_user(env, mmu_idx);
+ bool is_secure = arm_space_is_secure(ptw->in_space);
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
/* MPU disabled. */
@@ -2210,14 +2214,18 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
return regime_sctlr(env, mmu_idx) & SCTLR_BR;
}
-static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool secure, GetPhysAddrResult *result,
+static bool get_phys_addr_pmsav7(CPUARMState *env,
+ S1Translate *ptw,
+ uint32_t address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
int n;
+ ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
bool is_user = regime_is_user(env, mmu_idx);
+ bool secure = arm_space_is_secure(ptw->in_space);
result->f.phys_addr = address;
result->f.lg_page_size = TARGET_PAGE_BITS;
@@ -2736,12 +2744,16 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
}
}
-static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool secure, GetPhysAddrResult *result,
+static bool get_phys_addr_pmsav8(CPUARMState *env,
+ S1Translate *ptw,
+ uint32_t address,
+ MMUAccessType access_type,
+ GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
V8M_SAttributes sattrs = {};
+ ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
+ bool secure = arm_space_is_secure(ptw->in_space);
bool ret;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
@@ -3045,12 +3057,15 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
* MMU disabled. S1 addresses within aa64 translation regimes are
* still checked for bounds -- see AArch64.S1DisabledOutput().
*/
-static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
+static bool get_phys_addr_disabled(CPUARMState *env,
+ S1Translate *ptw,
+ target_ulong address,
MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
+ ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
+ bool is_secure = arm_space_is_secure(ptw->in_space);
uint8_t memattr = 0x00; /* Device nGnRnE */
uint8_t shareability = 0; /* non-shareable */
int r_el;
@@ -3252,8 +3267,8 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
case ARMMMUIdx_Phys_Root:
case ARMMMUIdx_Phys_Realm:
/* Checking Phys early avoids special casing later vs regime_el. */
- return get_phys_addr_disabled(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ return get_phys_addr_disabled(env, ptw, address, access_type,
+ result, fi);
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
@@ -3321,16 +3336,16 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
- ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ret = get_phys_addr_pmsav8(env, ptw, address, access_type,
+ result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
- ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ret = get_phys_addr_pmsav7(env, ptw, address, access_type,
+ result, fi);
} else {
/* Pre-v7 MPU */
- ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ ret = get_phys_addr_pmsav5(env, ptw, address, access_type,
+ result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
@@ -3348,8 +3363,8 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, is_secure)) {
- return get_phys_addr_disabled(env, address, access_type, mmu_idx,
- is_secure, result, fi);
+ return get_phys_addr_disabled(env, ptw, address, access_type,
+ result, fi);
}
if (regime_using_lpae_format(env, mmu_idx)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 17/35] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled()
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (15 preceding siblings ...)
2023-08-24 9:28 ` [PULL 16/35] target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled() Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 18/35] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate() Peter Maydell
` (18 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
Plumb the ARMSecurityState through to regime_translation_disabled()
rather than just a bool is_secure.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-6-peter.maydell@linaro.org
---
target/arm/ptw.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a873fbe0239..63dd8e3cbe1 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -206,9 +206,10 @@ static uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, int ttbrn)
/* Return true if the specified stage of address translation is disabled */
static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
- bool is_secure)
+ ARMSecuritySpace space)
{
uint64_t hcr_el2;
+ bool is_secure = arm_space_is_secure(space);
if (arm_feature(env, ARM_FEATURE_M)) {
switch (env->v7m.mpu_ctrl[is_secure] &
@@ -2057,9 +2058,8 @@ static bool get_phys_addr_pmsav5(CPUARMState *env,
uint32_t base;
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
bool is_user = regime_is_user(env, mmu_idx);
- bool is_secure = arm_space_is_secure(ptw->in_space);
- if (regime_translation_disabled(env, mmu_idx, is_secure)) {
+ if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) {
/* MPU disabled. */
result->f.phys_addr = address;
result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -2231,7 +2231,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env,
result->f.lg_page_size = TARGET_PAGE_BITS;
result->f.prot = 0;
- if (regime_translation_disabled(env, mmu_idx, secure) ||
+ if (regime_translation_disabled(env, mmu_idx, ptw->in_space) ||
m_is_ppb_region(env, address)) {
/*
* MPU disabled or M profile PPB access: use default memory map.
@@ -2475,7 +2475,8 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
* are done in arm_v7m_load_vector(), which always does a direct
* read using address_space_ldl(), rather than going via this function.
*/
- if (regime_translation_disabled(env, mmu_idx, secure)) { /* MPU disabled */
+ if (regime_translation_disabled(env, mmu_idx, arm_secure_to_space(secure))) {
+ /* MPU disabled */
hit = true;
} else if (m_is_ppb_region(env, address)) {
hit = true;
@@ -3303,7 +3304,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
*/
ptw->in_mmu_idx = mmu_idx = s1_mmu_idx;
if (arm_feature(env, ARM_FEATURE_EL2) &&
- !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) {
+ !regime_translation_disabled(env, ARMMMUIdx_Stage2, ptw->in_space)) {
return get_phys_addr_twostage(env, ptw, address, access_type,
result, fi);
}
@@ -3362,7 +3363,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
/* Definitely a real MMU, not an MPU */
- if (regime_translation_disabled(env, mmu_idx, is_secure)) {
+ if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) {
return get_phys_addr_disabled(env, ptw, address, access_type,
result, fi);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 18/35] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate()
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (16 preceding siblings ...)
2023-08-24 9:28 ` [PULL 17/35] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled() Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 19/35] target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate() Peter Maydell
` (17 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
arm_hcr_el2_eff_secstate() takes a bool secure, which it uses to
determine whether EL2 is enabled in the current security state.
With the advent of FEAT_RME this is no longer sufficient, because
EL2 can be enabled for Secure state but not for Root, and both
of those will pass 'secure == true' in the callsites in ptw.c.
As it happens in all of our callsites in ptw.c we either avoid making
the call or else avoid using the returned value if we're doing a
translation for Root, so this is not a behaviour change even if the
experimental FEAT_RME is enabled. But it is less confusing in the
ptw.c code if we avoid the use of a bool secure that duplicates some
of the information in the ArmSecuritySpace argument.
Make arm_hcr_el2_eff_secstate() take an ARMSecuritySpace argument
instead. Because we always want to know the HCR_EL2 for the
security state defined by the current effective value of
SCR_EL3.{NSE,NS}, it makes no sense to pass ARMSS_Root here,
and we assert that callers don't do that.
To avoid the assert(), we thus push the call to
arm_hcr_el2_eff_secstate() down into the cases in
regime_translation_disabled() that need it, rather than calling the
function and ignoring the result for the Root space translations.
All other calls to this function in ptw.c are already in places
where we have confirmed that the mmu_idx is a stage 2 translation
or that the regime EL is not 3.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-7-peter.maydell@linaro.org
---
target/arm/cpu.h | 2 +-
target/arm/helper.c | 8 +++++---
target/arm/ptw.c | 15 +++++++--------
3 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 88e5accda69..bcd65a63ca0 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2555,7 +2555,7 @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
* "for all purposes other than a direct read or write access of HCR_EL2."
* Not included here is HCR_RW.
*/
-uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure);
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, ARMSecuritySpace space);
uint64_t arm_hcr_el2_eff(CPUARMState *env);
uint64_t arm_hcrx_el2_eff(CPUARMState *env);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 50f61e42ca8..9862bc73b52 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5772,11 +5772,13 @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri,
* Bits that are not included here:
* RW (read from SCR_EL3.RW as needed)
*/
-uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, bool secure)
+uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, ARMSecuritySpace space)
{
uint64_t ret = env->cp15.hcr_el2;
- if (!arm_is_el2_enabled_secstate(env, secure)) {
+ assert(space != ARMSS_Root);
+
+ if (!arm_is_el2_enabled_secstate(env, arm_space_is_secure(space))) {
/*
* "This register has no effect if EL2 is not enabled in the
* current Security state". This is ARMv8.4-SecEL2 speak for
@@ -5840,7 +5842,7 @@ uint64_t arm_hcr_el2_eff(CPUARMState *env)
if (arm_feature(env, ARM_FEATURE_M)) {
return 0;
}
- return arm_hcr_el2_eff_secstate(env, arm_is_secure_below_el3(env));
+ return arm_hcr_el2_eff_secstate(env, arm_security_space_below_el3(env));
}
/*
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 63dd8e3cbe1..4c60de753dd 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -209,9 +209,9 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
ARMSecuritySpace space)
{
uint64_t hcr_el2;
- bool is_secure = arm_space_is_secure(space);
if (arm_feature(env, ARM_FEATURE_M)) {
+ bool is_secure = arm_space_is_secure(space);
switch (env->v7m.mpu_ctrl[is_secure] &
(R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) {
case R_V7M_MPU_CTRL_ENABLE_MASK:
@@ -230,18 +230,19 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
}
}
- hcr_el2 = arm_hcr_el2_eff_secstate(env, is_secure);
switch (mmu_idx) {
case ARMMMUIdx_Stage2:
case ARMMMUIdx_Stage2_S:
/* HCR.DC means HCR.VM behaves as 1 */
+ hcr_el2 = arm_hcr_el2_eff_secstate(env, space);
return (hcr_el2 & (HCR_DC | HCR_VM)) == 0;
case ARMMMUIdx_E10_0:
case ARMMMUIdx_E10_1:
case ARMMMUIdx_E10_1_PAN:
/* TGE means that EL0/1 act as if SCTLR_EL1.M is zero */
+ hcr_el2 = arm_hcr_el2_eff_secstate(env, space);
if (hcr_el2 & HCR_TGE) {
return true;
}
@@ -251,6 +252,7 @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
/* HCR.DC means SCTLR_EL1.M behaves as 0 */
+ hcr_el2 = arm_hcr_el2_eff_secstate(env, space);
if (hcr_el2 & HCR_DC) {
return true;
}
@@ -530,7 +532,6 @@ static bool fault_s1ns(ARMSecuritySpace space, ARMMMUIdx s2_mmu_idx)
static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
hwaddr addr, ARMMMUFaultInfo *fi)
{
- bool is_secure = ptw->in_secure;
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
uint8_t pte_attrs;
@@ -587,7 +588,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
}
if (regime_is_stage2(s2_mmu_idx)) {
- uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, ptw->in_space);
if ((hcr & HCR_PTW) && S2_attrs_are_device(hcr, pte_attrs)) {
/*
@@ -3066,7 +3067,6 @@ static bool get_phys_addr_disabled(CPUARMState *env,
ARMMMUFaultInfo *fi)
{
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
- bool is_secure = arm_space_is_secure(ptw->in_space);
uint8_t memattr = 0x00; /* Device nGnRnE */
uint8_t shareability = 0; /* non-shareable */
int r_el;
@@ -3112,7 +3112,7 @@ static bool get_phys_addr_disabled(CPUARMState *env,
/* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */
if (r_el == 1) {
- uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ uint64_t hcr = arm_hcr_el2_eff_secstate(env, ptw->in_space);
if (hcr & HCR_DC) {
if (hcr & HCR_DCT) {
memattr = 0xf0; /* Tagged, Normal, WB, RWA */
@@ -3149,7 +3149,6 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
{
hwaddr ipa;
int s1_prot, s1_lgpgsz;
- bool is_secure = ptw->in_secure;
ARMSecuritySpace in_space = ptw->in_space;
bool ret, ipa_secure;
ARMCacheAttrs cacheattrs1;
@@ -3212,7 +3211,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
}
/* Combine the S1 and S2 cache attributes. */
- hcr = arm_hcr_el2_eff_secstate(env, is_secure);
+ hcr = arm_hcr_el2_eff_secstate(env, in_space);
if (hcr & HCR_DC) {
/*
* HCR.DC forces the first stage attributes to
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 19/35] target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate()
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (17 preceding siblings ...)
2023-08-24 9:28 ` [PULL 18/35] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate() Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 20/35] target/arm/ptw: Only fold in NSTable bit effects in Secure state Peter Maydell
` (16 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
Pass an ARMSecuritySpace instead of a bool secure to
arm_is_el2_enabled_secstate(). This doesn't change behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-8-peter.maydell@linaro.org
---
target/arm/cpu.h | 13 ++++++++-----
target/arm/helper.c | 2 +-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index bcd65a63ca0..02bc8f0e8e0 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2504,17 +2504,19 @@ static inline bool arm_is_secure(CPUARMState *env)
/*
* Return true if the current security state has AArch64 EL2 or AArch32 Hyp.
- * This corresponds to the pseudocode EL2Enabled()
+ * This corresponds to the pseudocode EL2Enabled().
*/
-static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env,
+ ARMSecuritySpace space)
{
+ assert(space != ARMSS_Root);
return arm_feature(env, ARM_FEATURE_EL2)
- && (!secure || (env->cp15.scr_el3 & SCR_EEL2));
+ && (space != ARMSS_Secure || (env->cp15.scr_el3 & SCR_EEL2));
}
static inline bool arm_is_el2_enabled(CPUARMState *env)
{
- return arm_is_el2_enabled_secstate(env, arm_is_secure_below_el3(env));
+ return arm_is_el2_enabled_secstate(env, arm_security_space_below_el3(env));
}
#else
@@ -2538,7 +2540,8 @@ static inline bool arm_is_secure(CPUARMState *env)
return false;
}
-static inline bool arm_is_el2_enabled_secstate(CPUARMState *env, bool secure)
+static inline bool arm_is_el2_enabled_secstate(CPUARMState *env,
+ ARMSecuritySpace space)
{
return false;
}
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9862bc73b52..8290ca0aaad 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5778,7 +5778,7 @@ uint64_t arm_hcr_el2_eff_secstate(CPUARMState *env, ARMSecuritySpace space)
assert(space != ARMSS_Root);
- if (!arm_is_el2_enabled_secstate(env, arm_space_is_secure(space))) {
+ if (!arm_is_el2_enabled_secstate(env, space)) {
/*
* "This register has no effect if EL2 is not enabled in the
* current Security state". This is ARMv8.4-SecEL2 speak for
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 20/35] target/arm/ptw: Only fold in NSTable bit effects in Secure state
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (18 preceding siblings ...)
2023-08-24 9:28 ` [PULL 19/35] target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate() Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 21/35] target/arm/ptw: Remove last uses of ptw->in_secure Peter Maydell
` (15 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
When we do a translation in Secure state, the NSTable bits in table
descriptors may downgrade us to NonSecure; we update ptw->in_secure
and ptw->in_space accordingly. We guard that check correctly with a
conditional that means it's only applied for Secure stage 1
translations. However, later on in get_phys_addr_lpae() we fold the
effects of the NSTable bits into the final descriptor attributes
bits, and there we do it unconditionally regardless of the CPU state.
That means that in Realm state (where in_secure is false) we will set
bit 5 in attrs, and later use it to decide to output to non-secure
space.
We don't in fact need to do this folding in at all any more (since
commit 2f1ff4e7b9f30c): if an NSTable bit was set then we have
already set ptw->in_space to ARMSS_NonSecure, and in that situation
we don't look at attrs bit 5. The only thing we still need to deal
with is the real NS bit in the final descriptor word, so we can just
drop the code that ORed in the NSTable bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-9-peter.maydell@linaro.org
---
target/arm/ptw.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 4c60de753dd..6e736bacd77 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1886,11 +1886,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
* Extract attributes from the (modified) descriptor, and apply
* table descriptors. Stage 2 table descriptors do not include
* any attribute fields. HPD disables all the table attributes
- * except NSTable.
+ * except NSTable (which we have already handled).
*/
attrs = new_descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
if (!regime_is_stage2(mmu_idx)) {
- attrs |= !ptw->in_secure << 5; /* NS */
if (!param.hpd) {
attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 21/35] target/arm/ptw: Remove last uses of ptw->in_secure
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (19 preceding siblings ...)
2023-08-24 9:28 ` [PULL 20/35] target/arm/ptw: Only fold in NSTable bit effects in Secure state Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 22/35] target/arm/ptw: Remove S1Translate::in_secure Peter Maydell
` (14 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
Replace the last uses of ptw->in_secure with appropriate
checks on ptw->in_space.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-10-peter.maydell@linaro.org
---
target/arm/ptw.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 6e736bacd77..1ca25438c3c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3249,7 +3249,6 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
ARMMMUFaultInfo *fi)
{
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
- bool is_secure = ptw->in_secure;
ARMMMUIdx s1_mmu_idx;
/*
@@ -3257,8 +3256,8 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
* cannot upgrade a NonSecure translation regime's attributes
* to Secure or Realm.
*/
- result->f.attrs.secure = is_secure;
result->f.attrs.space = ptw->in_space;
+ result->f.attrs.secure = arm_space_is_secure(ptw->in_space);
switch (mmu_idx) {
case ARMMMUIdx_Phys_S:
@@ -3272,8 +3271,12 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
case ARMMMUIdx_Stage1_E0:
case ARMMMUIdx_Stage1_E1:
case ARMMMUIdx_Stage1_E1_PAN:
- /* First stage lookup uses second stage for ptw. */
- ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
+ /*
+ * First stage lookup uses second stage for ptw; only
+ * Secure has both S and NS IPA and starts with Stage2_S.
+ */
+ ptw->in_ptw_idx = (ptw->in_space == ARMSS_Secure) ?
+ ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
break;
case ARMMMUIdx_Stage2:
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 22/35] target/arm/ptw: Remove S1Translate::in_secure
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (20 preceding siblings ...)
2023-08-24 9:28 ` [PULL 21/35] target/arm/ptw: Remove last uses of ptw->in_secure Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 23/35] target/arm/ptw: Drop S1Translate::out_secure Peter Maydell
` (13 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
We no longer look at the in_secure field of the S1Translate struct
anyway, so we can remove it and all the code which sets it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-11-peter.maydell@linaro.org
---
target/arm/ptw.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 1ca25438c3c..78bc679deef 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -51,13 +51,6 @@ typedef struct S1Translate {
* value being Stage2 vs Stage2_S distinguishes those.
*/
ARMSecuritySpace in_space;
- /*
- * in_secure: whether the translation regime is a Secure one.
- * This is always equal to arm_space_is_secure(in_space).
- * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
- * this field is updated accordingly.
- */
- bool in_secure;
/*
* in_debug: is this a QEMU debug access (gdbstub, etc)? Debug
* accesses will not update the guest page table access flags
@@ -547,7 +540,6 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
S1Translate s2ptw = {
.in_mmu_idx = s2_mmu_idx,
.in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
- .in_secure = arm_space_is_secure(s2_space),
.in_space = s2_space,
.in_debug = true,
};
@@ -1784,7 +1776,6 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_S + 1 != ARMMMUIdx_Phys_NS);
QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2_S + 1 != ARMMMUIdx_Stage2);
ptw->in_ptw_idx += 1;
- ptw->in_secure = false;
ptw->in_space = ARMSS_NonSecure;
}
@@ -3167,7 +3158,6 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ptw->in_s1_is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
- ptw->in_secure = ipa_secure;
ptw->in_space = ipa_space;
ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
@@ -3403,7 +3393,6 @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
{
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
- .in_secure = is_secure,
.in_space = arm_secure_to_space(is_secure),
};
return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
@@ -3475,7 +3464,6 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
}
ptw.in_space = ss;
- ptw.in_secure = arm_space_is_secure(ss);
return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
}
@@ -3489,7 +3477,6 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_space = ss,
- .in_secure = arm_space_is_secure(ss),
.in_debug = true,
};
GetPhysAddrResult res = {};
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 23/35] target/arm/ptw: Drop S1Translate::out_secure
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (21 preceding siblings ...)
2023-08-24 9:28 ` [PULL 22/35] target/arm/ptw: Remove S1Translate::in_secure Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 24/35] target/arm/ptw: Set attributes correctly for MMU disabled data accesses Peter Maydell
` (12 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
We only use S1Translate::out_secure in two places, where we are
setting up MemTxAttrs for a page table load. We can use
arm_space_is_secure(ptw->out_space) instead, which guarantees
that we're setting the MemTxAttrs secure and space fields
consistently, and allows us to drop the out_secure field in
S1Translate entirely.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-12-peter.maydell@linaro.org
---
target/arm/ptw.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 78bc679deef..312ccabe92e 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -63,7 +63,6 @@ typedef struct S1Translate {
* Stage 2 is indicated by in_mmu_idx set to ARMMMUIdx_Stage2{,_S}.
*/
bool in_s1_is_el0;
- bool out_secure;
bool out_rw;
bool out_be;
ARMSecuritySpace out_space;
@@ -553,7 +552,6 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
pte_attrs = s2.cacheattrs.attrs;
ptw->out_host = NULL;
ptw->out_rw = false;
- ptw->out_secure = s2.f.attrs.secure;
ptw->out_space = s2.f.attrs.space;
} else {
#ifdef CONFIG_TCG
@@ -572,7 +570,6 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK);
ptw->out_rw = full->prot & PAGE_WRITE;
pte_attrs = full->pte_attrs;
- ptw->out_secure = full->attrs.secure;
ptw->out_space = full->attrs.space;
#else
g_assert_not_reached();
@@ -630,8 +627,8 @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
} else {
/* Page tables are in MMIO. */
MemTxAttrs attrs = {
- .secure = ptw->out_secure,
.space = ptw->out_space,
+ .secure = arm_space_is_secure(ptw->out_space),
};
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
@@ -676,8 +673,8 @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
} else {
/* Page tables are in MMIO. */
MemTxAttrs attrs = {
- .secure = ptw->out_secure,
.space = ptw->out_space,
+ .secure = arm_space_is_secure(ptw->out_space),
};
AddressSpace *as = arm_addressspace(cs, attrs);
MemTxResult result = MEMTX_OK;
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 24/35] target/arm/ptw: Set attributes correctly for MMU disabled data accesses
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (22 preceding siblings ...)
2023-08-24 9:28 ` [PULL 23/35] target/arm/ptw: Drop S1Translate::out_secure Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 25/35] target/arm/ptw: Check for block descriptors at invalid levels Peter Maydell
` (11 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
When the MMU is disabled, data accesses should be Device nGnRnE,
Outer Shareable, Untagged. We handle the other cases from
AArch64.S1DisabledOutput() correctly but missed this one.
Device nGnRnE is memattr == 0, so the only part we were missing
was that shareability should be set to 2 for both insn fetches
and data accesses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-13-peter.maydell@linaro.org
---
target/arm/ptw.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 312ccabe92e..7f217a31895 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3108,11 +3108,13 @@ static bool get_phys_addr_disabled(CPUARMState *env,
}
}
}
- if (memattr == 0 && access_type == MMU_INST_FETCH) {
- if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
- memattr = 0xee; /* Normal, WT, RA, NT */
- } else {
- memattr = 0x44; /* Normal, NC, No */
+ if (memattr == 0) {
+ if (access_type == MMU_INST_FETCH) {
+ if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
+ memattr = 0xee; /* Normal, WT, RA, NT */
+ } else {
+ memattr = 0x44; /* Normal, NC, No */
+ }
}
shareability = 2; /* outer shareable */
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 25/35] target/arm/ptw: Check for block descriptors at invalid levels
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (23 preceding siblings ...)
2023-08-24 9:28 ` [PULL 24/35] target/arm/ptw: Set attributes correctly for MMU disabled data accesses Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 26/35] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw Peter Maydell
` (10 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
The architecture doesn't permit block descriptors at any arbitrary
level of the page table walk; it depends on the granule size which
levels are permitted. We implemented only a partial version of this
check which assumes that block descriptors are valid at all levels
except level 3, which meant that we wouldn't deliver the Translation
fault for all cases of this sort of guest page table error.
Implement the logic corresponding to the pseudocode
AArch64.DecodeDescriptorType() and AArch64.BlockDescSupported().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-14-peter.maydell@linaro.org
---
target/arm/ptw.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7f217a31895..fbb0f8a0bf2 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1551,6 +1551,25 @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
return INT_MIN;
}
+static bool lpae_block_desc_valid(ARMCPU *cpu, bool ds,
+ ARMGranuleSize gran, int level)
+{
+ /*
+ * See pseudocode AArch46.BlockDescSupported(): block descriptors
+ * are not valid at all levels, depending on the page size.
+ */
+ switch (gran) {
+ case Gran4K:
+ return (level == 0 && ds) || level == 1 || level == 2;
+ case Gran16K:
+ return (level == 1 && ds) || level == 2;
+ case Gran64K:
+ return (level == 1 && arm_pamax(cpu) == 52) || level == 2;
+ default:
+ g_assert_not_reached();
+ }
+}
+
/**
* get_phys_addr_lpae: perform one stage of page table walk, LPAE format
*
@@ -1786,8 +1805,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
new_descriptor = descriptor;
restart_atomic_update:
- if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
- /* Invalid, or the Reserved level 3 encoding */
+ if (!(descriptor & 1) ||
+ (!(descriptor & 2) &&
+ !lpae_block_desc_valid(cpu, param.ds, param.gran, level))) {
+ /* Invalid, or a block descriptor at an invalid level */
goto do_translation_fault;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 26/35] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (24 preceding siblings ...)
2023-08-24 9:28 ` [PULL 25/35] target/arm/ptw: Check for block descriptors at invalid levels Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 27/35] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types Peter Maydell
` (9 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
When we report faults due to stage 2 faults during a stage 1
page table walk, the 'level' parameter should be the level
of the walk in stage 2 that faulted, not the level of the
walk in stage 1. Correct the reporting of these faults.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-15-peter.maydell@linaro.org
---
target/arm/ptw.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fbb0f8a0bf2..07832eb8f76 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2048,9 +2048,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
do_translation_fault:
fi->type = ARMFault_Translation;
do_fault:
- fi->level = level;
- /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
- fi->stage2 = fi->s1ptw || regime_is_stage2(mmu_idx);
+ if (fi->s1ptw) {
+ /* Retain the existing stage 2 fi->level */
+ assert(fi->stage2);
+ } else {
+ fi->level = level;
+ fi->stage2 = regime_is_stage2(mmu_idx);
+ }
fi->s1ns = fault_s1ns(ptw->in_space, mmu_idx);
return true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 27/35] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (25 preceding siblings ...)
2023-08-24 9:28 ` [PULL 26/35] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 28/35] target/arm/ptw: Load stage-2 tables from realm physical space Peter Maydell
` (8 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
The PAR_EL1.SH field documents that for the cases of:
* Device memory
* Normal memory with both Inner and Outer Non-Cacheable
the field should be 0b10 rather than whatever was in the
translation table descriptor field. (In the pseudocode this
is handled by PAREncodeShareability().) Perform this
adjustment when assembling a PAR value.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-16-peter.maydell@linaro.org
---
target/arm/helper.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8290ca0aaad..da5db6d3ff6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3342,6 +3342,19 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
}
#ifdef CONFIG_TCG
+static int par_el1_shareability(GetPhysAddrResult *res)
+{
+ /*
+ * The PAR_EL1.SH field must be 0b10 for Device or Normal-NC
+ * memory -- see pseudocode PAREncodeShareability().
+ */
+ if (((res->cacheattrs.attrs & 0xf0) == 0) ||
+ res->cacheattrs.attrs == 0x44 || res->cacheattrs.attrs == 0x40) {
+ return 2;
+ }
+ return res->cacheattrs.shareability;
+}
+
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
bool is_secure)
@@ -3470,7 +3483,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
par64 |= (1 << 9); /* NS */
}
par64 |= (uint64_t)res.cacheattrs.attrs << 56; /* ATTR */
- par64 |= res.cacheattrs.shareability << 7; /* SH */
+ par64 |= par_el1_shareability(&res) << 7; /* SH */
} else {
uint32_t fsr = arm_fi_to_lfsc(&fi);
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 28/35] target/arm/ptw: Load stage-2 tables from realm physical space
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (26 preceding siblings ...)
2023-08-24 9:28 ` [PULL 27/35] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 29/35] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2* Peter Maydell
` (7 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-2-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 07832eb8f76..7a69968dd76 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -157,22 +157,32 @@ static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx)
/*
* We're OK to check the current state of the CPU here because
- * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes
+ * (1) we always invalidate all TLBs when the SCR_EL3.NS or SCR_EL3.NSE bit
+ * changes.
* (2) there's no way to do a lookup that cares about Stage 2 for a
* different security state to the current one for AArch64, and AArch32
* never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do
* an NS stage 1+2 lookup while the NS bit is 0.)
*/
- if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) {
+ if (!arm_el_is_aa64(env, 3)) {
return ARMMMUIdx_Phys_NS;
}
- if (stage2idx == ARMMMUIdx_Stage2_S) {
- s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
- } else {
- s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
- }
- return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ switch (arm_security_space_below_el3(env)) {
+ case ARMSS_NonSecure:
+ return ARMMMUIdx_Phys_NS;
+ case ARMSS_Realm:
+ return ARMMMUIdx_Phys_Realm;
+ case ARMSS_Secure:
+ if (stage2idx == ARMMMUIdx_Stage2_S) {
+ s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
+ } else {
+ s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
+ }
+ return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
+ default:
+ g_assert_not_reached();
+ }
}
static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 29/35] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2*
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (27 preceding siblings ...)
2023-08-24 9:28 ` [PULL 28/35] target/arm/ptw: Load stage-2 tables from realm physical space Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 30/35] target/arm: Skip granule protection checks for AT instructions Peter Maydell
` (6 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
When HCR_EL2.E2H is enabled, TLB entries are formed using the EL2&0
translation regime, instead of the EL2 translation regime. The TLB VAE2*
instructions invalidate the regime that corresponds to the current value
of HCR_EL2.E2H.
At the moment we only invalidate the EL2 translation regime. This causes
problems with RMM, which issues TLBI VAE2IS instructions with
HCR_EL2.E2H enabled. Update vae2_tlbmask() to take HCR_EL2.E2H into
account.
Add vae2_tlbbits() as well, since the top-byte-ignore configuration is
different between the EL2&0 and EL2 regime.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-3-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 50 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 10 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index da5db6d3ff6..808f35218a2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4663,6 +4663,21 @@ static int vae1_tlbmask(CPUARMState *env)
return mask;
}
+static int vae2_tlbmask(CPUARMState *env)
+{
+ uint64_t hcr = arm_hcr_el2_eff(env);
+ uint16_t mask;
+
+ if (hcr & HCR_E2H) {
+ mask = ARMMMUIdxBit_E20_2 |
+ ARMMMUIdxBit_E20_2_PAN |
+ ARMMMUIdxBit_E20_0;
+ } else {
+ mask = ARMMMUIdxBit_E2;
+ }
+ return mask;
+}
+
/* Return 56 if TBI is enabled, 64 otherwise. */
static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx,
uint64_t addr)
@@ -4689,6 +4704,25 @@ static int vae1_tlbbits(CPUARMState *env, uint64_t addr)
return tlbbits_for_regime(env, mmu_idx, addr);
}
+static int vae2_tlbbits(CPUARMState *env, uint64_t addr)
+{
+ uint64_t hcr = arm_hcr_el2_eff(env);
+ ARMMMUIdx mmu_idx;
+
+ /*
+ * Only the regime of the mmu_idx below is significant.
+ * Regime EL2&0 has two ranges with separate TBI configuration, while EL2
+ * only has one.
+ */
+ if (hcr & HCR_E2H) {
+ mmu_idx = ARMMMUIdx_E20_2;
+ } else {
+ mmu_idx = ARMMMUIdx_E2;
+ }
+
+ return tlbbits_for_regime(env, mmu_idx, addr);
+}
+
static void tlbi_aa64_vmalle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
@@ -4781,10 +4815,11 @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
* flush-last-level-only.
*/
CPUState *cs = env_cpu(env);
- int mask = e2_tlbmask(env);
+ int mask = vae2_tlbmask(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
+ int bits = vae2_tlbbits(env, pageaddr);
- tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
+ tlb_flush_page_bits_by_mmuidx(cs, pageaddr, mask, bits);
}
static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4838,11 +4873,11 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
CPUState *cs = env_cpu(env);
+ int mask = vae2_tlbmask(env);
uint64_t pageaddr = sextract64(value << 12, 0, 56);
- int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr);
+ int bits = vae2_tlbbits(env, pageaddr);
- tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
- ARMMMUIdxBit_E2, bits);
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
}
static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -5014,11 +5049,6 @@ static void tlbi_aa64_rvae1is_write(CPUARMState *env,
do_rvae_write(env, value, vae1_tlbmask(env), true);
}
-static int vae2_tlbmask(CPUARMState *env)
-{
- return ARMMMUIdxBit_E2;
-}
-
static void tlbi_aa64_rvae2_write(CPUARMState *env,
const ARMCPRegInfo *ri,
uint64_t value)
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 30/35] target/arm: Skip granule protection checks for AT instructions
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (28 preceding siblings ...)
2023-08-24 9:28 ` [PULL 29/35] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2* Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 31/35] target/arm: Pass security space rather than flag " Peter Maydell
` (5 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
GPC checks are not performed on the output address for AT instructions,
as stated by ARM DDI 0487J in D8.12.2:
When populating PAR_EL1 with the result of an address translation
instruction, granule protection checks are not performed on the final
output address of a successful translation.
Rename get_phys_addr_with_secure(), since it's only used to handle AT
instructions.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-4-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/internals.h | 25 ++++++++++++++-----------
target/arm/helper.c | 8 ++++++--
target/arm/ptw.c | 11 ++++++-----
3 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 0f01bc32a8a..fc90c364f77 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1190,12 +1190,11 @@ typedef struct GetPhysAddrResult {
} GetPhysAddrResult;
/**
- * get_phys_addr_with_secure: get the physical address for a virtual address
+ * get_phys_addr: get the physical address for a virtual address
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
- * @is_secure: security state for the access
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*
@@ -1212,26 +1211,30 @@ typedef struct GetPhysAddrResult {
* * for PSMAv5 based systems we don't bother to return a full FSR format
* value.
*/
-bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
- MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+bool get_phys_addr(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
/**
- * get_phys_addr: get the physical address for a virtual address
+ * get_phys_addr_with_secure_nogpc: get the physical address for a virtual
+ * address
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
+ * @is_secure: security state for the access
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*
- * Similarly, but use the security regime of @mmu_idx.
+ * Similar to get_phys_addr, but use the given security regime and don't perform
+ * a Granule Protection Check on the resulting address.
*/
-bool get_phys_addr(CPUARMState *env, target_ulong address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 808f35218a2..e8a232a1f89 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3365,8 +3365,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
- ret = get_phys_addr_with_secure(env, value, access_type, mmu_idx,
- is_secure, &res, &fi);
+ /*
+ * I_MXTJT: Granule protection checks are not performed on the final address
+ * of a successful translation.
+ */
+ ret = get_phys_addr_with_secure_nogpc(env, value, access_type, mmu_idx,
+ is_secure, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7a69968dd76..ca4de6e3999 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3420,16 +3420,17 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
return false;
}
-bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure, GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, bool is_secure,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_space = arm_secure_to_space(is_secure),
};
- return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
+ return get_phys_addr_nogpc(env, &ptw, address, access_type, result, fi);
}
bool get_phys_addr(CPUARMState *env, target_ulong address,
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 31/35] target/arm: Pass security space rather than flag for AT instructions
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (29 preceding siblings ...)
2023-08-24 9:28 ` [PULL 30/35] target/arm: Skip granule protection checks for AT instructions Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 32/35] target/arm/helper: Check SCR_EL3.{NSE, NS} encoding " Peter Maydell
` (4 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
At the moment we only handle Secure and Nonsecure security spaces for
the AT instructions. Add support for Realm and Root.
For AArch64, arm_security_space() gives the desired space. ARM DDI0487J
says (R_NYXTL):
If EL3 is implemented, then when an address translation instruction
that applies to an Exception level lower than EL3 is executed, the
Effective value of SCR_EL3.{NSE, NS} determines the target Security
state that the instruction applies to.
For AArch32, some instructions can access NonSecure space from Secure,
so we still need to pass the state explicitly to do_ats_write().
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-5-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/internals.h | 18 +++++++++---------
target/arm/helper.c | 27 ++++++++++++---------------
target/arm/ptw.c | 12 ++++++------
3 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index fc90c364f77..cf13bb94f59 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1217,24 +1217,24 @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
__attribute__((nonnull));
/**
- * get_phys_addr_with_secure_nogpc: get the physical address for a virtual
- * address
+ * get_phys_addr_with_space_nogpc: get the physical address for a virtual
+ * address
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_type: 0 for read, 1 for write, 2 for execute
* @mmu_idx: MMU index indicating required translation regime
- * @is_secure: security state for the access
+ * @space: security space for the access
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*
- * Similar to get_phys_addr, but use the given security regime and don't perform
+ * Similar to get_phys_addr, but use the given security space and don't perform
* a Granule Protection Check on the resulting address.
*/
-bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
- MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, ARMSecuritySpace space,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e8a232a1f89..de639d40871 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3357,7 +3357,7 @@ static int par_el1_shareability(GetPhysAddrResult *res)
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- bool is_secure)
+ ARMSecuritySpace ss)
{
bool ret;
uint64_t par64;
@@ -3369,8 +3369,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
* I_MXTJT: Granule protection checks are not performed on the final address
* of a successful translation.
*/
- ret = get_phys_addr_with_secure_nogpc(env, value, access_type, mmu_idx,
- is_secure, &res, &fi);
+ ret = get_phys_addr_with_space_nogpc(env, value, access_type, mmu_idx, ss,
+ &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
@@ -3535,7 +3535,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
uint64_t par64;
ARMMMUIdx mmu_idx;
int el = arm_current_el(env);
- bool secure = arm_is_secure_below_el3(env);
+ ARMSecuritySpace ss = arm_security_space(env);
switch (ri->opc2 & 6) {
case 0:
@@ -3543,10 +3543,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_E3;
- secure = true;
break;
case 2:
- g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
+ g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */
/* fall through */
case 1:
if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) {
@@ -3564,10 +3563,9 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
switch (el) {
case 3:
mmu_idx = ARMMMUIdx_E10_0;
- secure = true;
break;
case 2:
- g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */
+ g_assert(ss != ARMSS_Secure); /* ARMv8.4-SecEL2 is 64-bit only */
mmu_idx = ARMMMUIdx_Stage1_E0;
break;
case 1:
@@ -3580,18 +3578,18 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
case 4:
/* stage 1+2 NonSecure PL1: ATS12NSOPR, ATS12NSOPW */
mmu_idx = ARMMMUIdx_E10_1;
- secure = false;
+ ss = ARMSS_NonSecure;
break;
case 6:
/* stage 1+2 NonSecure PL0: ATS12NSOUR, ATS12NSOUW */
mmu_idx = ARMMMUIdx_E10_0;
- secure = false;
+ ss = ARMSS_NonSecure;
break;
default:
g_assert_not_reached();
}
- par64 = do_ats_write(env, value, access_type, mmu_idx, secure);
+ par64 = do_ats_write(env, value, access_type, mmu_idx, ss);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3608,7 +3606,8 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t par64;
/* There is no SecureEL2 for AArch32. */
- par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2, false);
+ par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2,
+ ARMSS_NonSecure);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
#else
@@ -3633,7 +3632,6 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
#ifdef CONFIG_TCG
MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
ARMMMUIdx mmu_idx;
- int secure = arm_is_secure_below_el3(env);
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
@@ -3653,7 +3651,6 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_E3;
- secure = true;
break;
default:
g_assert_not_reached();
@@ -3673,7 +3670,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
}
env->cp15.par_el[1] = do_ats_write(env, value, access_type,
- mmu_idx, secure);
+ mmu_idx, arm_security_space(env));
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index ca4de6e3999..bfbab26b9b4 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3420,15 +3420,15 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
return false;
}
-bool get_phys_addr_with_secure_nogpc(CPUARMState *env, target_ulong address,
- MMUAccessType access_type,
- ARMMMUIdx mmu_idx, bool is_secure,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_with_space_nogpc(CPUARMState *env, target_ulong address,
+ MMUAccessType access_type,
+ ARMMMUIdx mmu_idx, ARMSecuritySpace space,
+ GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
- .in_space = arm_secure_to_space(is_secure),
+ .in_space = space,
};
return get_phys_addr_nogpc(env, &ptw, address, access_type, result, fi);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 32/35] target/arm/helper: Check SCR_EL3.{NSE, NS} encoding for AT instructions
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (30 preceding siblings ...)
2023-08-24 9:28 ` [PULL 31/35] target/arm: Pass security space rather than flag " Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 33/35] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK Peter Maydell
` (3 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
The AT instruction is UNDEFINED if the {NSE,NS} configuration is
invalid. Add a function to check this on all AT instructions that apply
to an EL lower than 3.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20230809123706.1842548-6-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index de639d40871..b4618ee2b95 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3616,6 +3616,22 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
#endif /* CONFIG_TCG */
}
+static CPAccessResult at_e012_access(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ /*
+ * R_NYXTL: instruction is UNDEFINED if it applies to an Exception level
+ * lower than EL3 and the combination SCR_EL3.{NSE,NS} is reserved. This can
+ * only happen when executing at EL3 because that combination also causes an
+ * illegal exception return. We don't need to check FEAT_RME either, because
+ * scr_write() ensures that the NSE bit is not set otherwise.
+ */
+ if ((env->cp15.scr_el3 & (SCR_NSE | SCR_NS)) == SCR_NSE) {
+ return CP_ACCESS_TRAP;
+ }
+ return CP_ACCESS_OK;
+}
+
static CPAccessResult at_s1e2_access(CPUARMState *env, const ARMCPRegInfo *ri,
bool isread)
{
@@ -3623,7 +3639,7 @@ static CPAccessResult at_s1e2_access(CPUARMState *env, const ARMCPRegInfo *ri,
!(env->cp15.scr_el3 & (SCR_NS | SCR_EEL2))) {
return CP_ACCESS_TRAP;
}
- return CP_ACCESS_OK;
+ return at_e012_access(env, ri, isread);
}
static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -5505,38 +5521,38 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E1R,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E1W,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E0R,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E0W,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4,
.access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S12E1W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 5,
.access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S12E0R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 6,
.access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S12E0W", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 7,
.access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
/* AT S1E2* are elsewhere as they UNDEF from EL3 if EL2 is not present */
{ .name = "AT_S1E3R", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 0,
@@ -8079,12 +8095,12 @@ static const ARMCPRegInfo ats1e1_reginfo[] = {
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 0,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E1RP,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
{ .name = "AT_S1E1WP", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
.fgt = FGT_ATS1E1WP,
- .writefn = ats_write64 },
+ .accessfn = at_e012_access, .writefn = ats_write64 },
};
static const ARMCPRegInfo ats1cp_reginfo[] = {
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 33/35] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (31 preceding siblings ...)
2023-08-24 9:28 ` [PULL 32/35] target/arm/helper: Check SCR_EL3.{NSE, NS} encoding " Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 34/35] target/arm: Fix SME ST1Q Peter Maydell
` (2 subsequent siblings)
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
When FEAT_RME is implemented, these bits override the value of
CNT[VP]_CTL_EL0.IMASK in Realm and Root state. Move the IRQ state update
into a new gt_update_irq() function and test those bits every time we
recompute the IRQ state.
Since we're removing the IRQ state from some trace events, add a new
trace event for gt_update_irq().
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20230809123706.1842548-7-jean-philippe@linaro.org
[PMM: only register change hook if not USER_ONLY and if TCG]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 4 +++
target/arm/cpu.c | 6 ++++
target/arm/helper.c | 65 ++++++++++++++++++++++++++++++++++-------
target/arm/trace-events | 7 +++--
4 files changed, 68 insertions(+), 14 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 02bc8f0e8e0..cdf8600b96a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1115,6 +1115,7 @@ struct ArchCPU {
};
unsigned int gt_cntfrq_period_ns(ARMCPU *cpu);
+void gt_rme_post_el_change(ARMCPU *cpu, void *opaque);
void arm_cpu_post_init(Object *obj);
@@ -1743,6 +1744,9 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
#define HSTR_TTEE (1 << 16)
#define HSTR_TJDBX (1 << 17)
+#define CNTHCTL_CNTVMASK (1 << 18)
+#define CNTHCTL_CNTPMASK (1 << 19)
+
/* Return the current FPSCR value. */
uint32_t vfp_get_fpscr(CPUARMState *env);
void vfp_set_fpscr(CPUARMState *env, uint32_t val);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 93c28d50e58..d906d2b1caa 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2169,6 +2169,12 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
set_feature(env, ARM_FEATURE_VBAR);
}
+#ifndef CONFIG_USER_ONLY
+ if (tcg_enabled() && cpu_isar_feature(aa64_rme, cpu)) {
+ arm_register_el_change_hook(cpu, >_rme_post_el_change, 0);
+ }
+#endif
+
register_cp_regs_for_features(cpu);
arm_cpu_register_gdb_regs_for_features(cpu);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b4618ee2b95..85291d5b8e2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2608,6 +2608,39 @@ static uint64_t gt_get_countervalue(CPUARMState *env)
return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / gt_cntfrq_period_ns(cpu);
}
+static void gt_update_irq(ARMCPU *cpu, int timeridx)
+{
+ CPUARMState *env = &cpu->env;
+ uint64_t cnthctl = env->cp15.cnthctl_el2;
+ ARMSecuritySpace ss = arm_security_space(env);
+ /* ISTATUS && !IMASK */
+ int irqstate = (env->cp15.c14_timer[timeridx].ctl & 6) == 4;
+
+ /*
+ * If bit CNTHCTL_EL2.CNT[VP]MASK is set, it overrides IMASK.
+ * It is RES0 in Secure and NonSecure state.
+ */
+ if ((ss == ARMSS_Root || ss == ARMSS_Realm) &&
+ ((timeridx == GTIMER_VIRT && (cnthctl & CNTHCTL_CNTVMASK)) ||
+ (timeridx == GTIMER_PHYS && (cnthctl & CNTHCTL_CNTPMASK)))) {
+ irqstate = 0;
+ }
+
+ qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate);
+ trace_arm_gt_update_irq(timeridx, irqstate);
+}
+
+void gt_rme_post_el_change(ARMCPU *cpu, void *ignored)
+{
+ /*
+ * Changing security state between Root and Secure/NonSecure, which may
+ * happen when switching EL, can change the effective value of CNTHCTL_EL2
+ * mask bits. Update the IRQ state accordingly.
+ */
+ gt_update_irq(cpu, GTIMER_VIRT);
+ gt_update_irq(cpu, GTIMER_PHYS);
+}
+
static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
{
ARMGenericTimer *gt = &cpu->env.cp15.c14_timer[timeridx];
@@ -2623,13 +2656,9 @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
/* Note that this must be unsigned 64 bit arithmetic: */
int istatus = count - offset >= gt->cval;
uint64_t nexttick;
- int irqstate;
gt->ctl = deposit32(gt->ctl, 2, 1, istatus);
- irqstate = (istatus && !(gt->ctl & 2));
- qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate);
-
if (istatus) {
/* Next transition is when count rolls back over to zero */
nexttick = UINT64_MAX;
@@ -2648,14 +2677,14 @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
} else {
timer_mod(cpu->gt_timer[timeridx], nexttick);
}
- trace_arm_gt_recalc(timeridx, irqstate, nexttick);
+ trace_arm_gt_recalc(timeridx, nexttick);
} else {
/* Timer disabled: ISTATUS and timer output always clear */
gt->ctl &= ~4;
- qemu_set_irq(cpu->gt_timer_outputs[timeridx], 0);
timer_del(cpu->gt_timer[timeridx]);
trace_arm_gt_recalc_disabled(timeridx);
}
+ gt_update_irq(cpu, timeridx);
}
static void gt_timer_reset(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -2759,10 +2788,8 @@ static void gt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
* IMASK toggled: don't need to recalculate,
* just set the interrupt line based on ISTATUS
*/
- int irqstate = (oldval & 4) && !(value & 2);
-
- trace_arm_gt_imask_toggle(timeridx, irqstate);
- qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate);
+ trace_arm_gt_imask_toggle(timeridx);
+ gt_update_irq(cpu, timeridx);
}
}
@@ -2888,6 +2915,21 @@ static void gt_virt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
gt_ctl_write(env, ri, GTIMER_VIRT, value);
}
+static void gt_cnthctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ uint32_t oldval = env->cp15.cnthctl_el2;
+
+ raw_write(env, ri, value);
+
+ if ((oldval ^ value) & CNTHCTL_CNTVMASK) {
+ gt_update_irq(cpu, GTIMER_VIRT);
+ } else if ((oldval ^ value) & CNTHCTL_CNTPMASK) {
+ gt_update_irq(cpu, GTIMER_PHYS);
+ }
+}
+
static void gt_cntvoff_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
@@ -6203,7 +6245,8 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
* reset values as IMPDEF. We choose to reset to 3 to comply with
* both ARMv7 and ARMv8.
*/
- .access = PL2_RW, .resetvalue = 3,
+ .access = PL2_RW, .type = ARM_CP_IO, .resetvalue = 3,
+ .writefn = gt_cnthctl_write, .raw_writefn = raw_write,
.fieldoffset = offsetof(CPUARMState, cp15.cnthctl_el2) },
{ .name = "CNTVOFF_EL2", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 0, .opc2 = 3,
diff --git a/target/arm/trace-events b/target/arm/trace-events
index 2a0ba7bffc1..48cc0512dbe 100644
--- a/target/arm/trace-events
+++ b/target/arm/trace-events
@@ -1,13 +1,14 @@
# See docs/devel/tracing.rst for syntax documentation.
# helper.c
-arm_gt_recalc(int timer, int irqstate, uint64_t nexttick) "gt recalc: timer %d irqstate %d next tick 0x%" PRIx64
-arm_gt_recalc_disabled(int timer) "gt recalc: timer %d irqstate 0 timer disabled"
+arm_gt_recalc(int timer, uint64_t nexttick) "gt recalc: timer %d next tick 0x%" PRIx64
+arm_gt_recalc_disabled(int timer) "gt recalc: timer %d timer disabled"
arm_gt_cval_write(int timer, uint64_t value) "gt_cval_write: timer %d value 0x%" PRIx64
arm_gt_tval_write(int timer, uint64_t value) "gt_tval_write: timer %d value 0x%" PRIx64
arm_gt_ctl_write(int timer, uint64_t value) "gt_ctl_write: timer %d value 0x%" PRIx64
-arm_gt_imask_toggle(int timer, int irqstate) "gt_ctl_write: timer %d IMASK toggle, new irqstate %d"
+arm_gt_imask_toggle(int timer) "gt_ctl_write: timer %d IMASK toggle"
arm_gt_cntvoff_write(uint64_t value) "gt_cntvoff_write: value 0x%" PRIx64
+arm_gt_update_irq(int timer, int irqstate) "gt_update_irq: timer %d irqstate %d"
# kvm.c
kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 34/35] target/arm: Fix SME ST1Q
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (32 preceding siblings ...)
2023-08-24 9:28 ` [PULL 33/35] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 9:28 ` [PULL 35/35] target/arm: Fix 64-bit SSRA Peter Maydell
2023-08-24 15:27 ` [PULL 00/35] target-arm queue Stefan Hajnoczi
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
A typo, noted in the bug report, resulting in an
incorrect write offset.
Cc: qemu-stable@nongnu.org
Fixes: 7390e0e9ab8 ("target/arm: Implement SME LD1, ST1")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1833
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230818214255.146905-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/tcg/sme_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
index 1e67fcac308..296826ffe6a 100644
--- a/target/arm/tcg/sme_helper.c
+++ b/target/arm/tcg/sme_helper.c
@@ -379,7 +379,7 @@ static inline void HNAME##_host(void *za, intptr_t off, void *host) \
{ \
uint64_t *ptr = za + off; \
HOST(host, ptr[BE]); \
- HOST(host + 1, ptr[!BE]); \
+ HOST(host + 8, ptr[!BE]); \
} \
static inline void VNAME##_v_host(void *za, intptr_t off, void *host) \
{ \
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* [PULL 35/35] target/arm: Fix 64-bit SSRA
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (33 preceding siblings ...)
2023-08-24 9:28 ` [PULL 34/35] target/arm: Fix SME ST1Q Peter Maydell
@ 2023-08-24 9:28 ` Peter Maydell
2023-08-24 15:27 ` [PULL 00/35] target-arm queue Stefan Hajnoczi
35 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2023-08-24 9:28 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Typo applied byte-wise shift instead of double-word shift.
Cc: qemu-stable@nongnu.org
Fixes: 631e565450c ("target/arm: Create gen_gvec_[us]sra")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1737
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230821022025.397682-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/tcg/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index b71ac2d0d53..39541ecdf0a 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -3053,7 +3053,7 @@ void gen_gvec_ssra(unsigned vece, uint32_t rd_ofs, uint32_t rm_ofs,
.vece = MO_32 },
{ .fni8 = gen_ssra64_i64,
.fniv = gen_ssra_vec,
- .fno = gen_helper_gvec_ssra_b,
+ .fno = gen_helper_gvec_ssra_d,
.prefer_i64 = TCG_TARGET_REG_BITS == 64,
.opt_opc = vecop_list,
.load_dest = true,
--
2.34.1
^ permalink raw reply related [flat|nested] 44+ messages in thread
* Re: [PULL 00/35] target-arm queue
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
` (34 preceding siblings ...)
2023-08-24 9:28 ` [PULL 35/35] target/arm: Fix 64-bit SSRA Peter Maydell
@ 2023-08-24 15:27 ` Stefan Hajnoczi
35 siblings, 0 replies; 44+ messages in thread
From: Stefan Hajnoczi @ 2023-08-24 15:27 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 115 bytes --]
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any user-visible changes.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 44+ messages in thread
* [PULL 00/35] target-arm queue
@ 2024-02-15 17:35 Peter Maydell
2024-02-16 10:58 ` Peter Maydell
0 siblings, 1 reply; 44+ messages in thread
From: Peter Maydell @ 2024-02-15 17:35 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 5767815218efd3cbfd409505ed824d5f356044ae:
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-02-14 15:45:52 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240215
for you to fetch changes up to f780e63fe731b058fe52d43653600d8729a1b5f2:
docs: Add documentation for the mps3-an536 board (2024-02-15 14:32:39 +0000)
----------------------------------------------------------------
target-arm queue:
* hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
* linux-user/aarch64: Choose SYNC as the preferred MTE mode
* Fix some errors in SVE/SME handling of MTE tags
* hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
* hw/block/tc58128: Don't emit deprecation warning under qtest
* tests/qtest: Fix handling of npcm7xx and GMAC tests
* hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
* tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
* Don't assert on vmload/vmsave of M-profile CPUs
* hw/arm/smmuv3: add support for stage 1 access fault
* hw/arm/stellaris: QOM cleanups
* Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
* Improve Cortex_R52 IMPDEF sysreg modelling
* Allow access to SPSR_hyp from hyp mode
* New board model mps3-an536 (Cortex-R52)
----------------------------------------------------------------
Luc Michel (1):
hw/arm/smmuv3: add support for stage 1 access fault
Nabih Estefan (1):
tests/qtest: Fix GMAC test to run on a machine in upstream QEMU
Peter Maydell (22):
hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
hw/block/tc58128: Don't emit deprecation warning under qtest
tests/qtest/meson.build: Don't include qtests_npcm7xx in qtests_aarch64
tests/qtest/bios-tables-test: Allow changes to virt GTDT
hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
tests/qtest/bios-tables-tests: Update virt golden reference
hw/arm/npcm7xx: Call qemu_configure_nic_device() for GMAC modules
tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
target/arm: Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
target/arm: The Cortex-R52 has a read-only CBAR
target/arm: Add Cortex-R52 IMPDEF sysregs
target/arm: Allow access to SPSR_hyp from hyp mode
hw/misc/mps2-scc: Fix condition for CFG3 register
hw/misc/mps2-scc: Factor out which-board conditionals
hw/misc/mps2-scc: Make changes needed for AN536 FPGA image
hw/arm/mps3r: Initial skeleton for mps3-an536 board
hw/arm/mps3r: Add CPUs, GIC, and per-CPU RAM
hw/arm/mps3r: Add UARTs
hw/arm/mps3r: Add GPIO, watchdog, dual-timer, I2C devices
hw/arm/mps3r: Add remaining devices
docs: Add documentation for the mps3-an536 board
Philippe Mathieu-Daudé (5):
hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
hw/arm/stellaris: Convert ADC controller to Resettable interface
hw/arm/stellaris: Convert I2C controller to Resettable interface
hw/arm/stellaris: Add missing QOM 'machine' parent
hw/arm/stellaris: Add missing QOM 'SoC' parent
Richard Henderson (6):
linux-user/aarch64: Choose SYNC as the preferred MTE mode
target/arm: Fix nregs computation in do_{ld,st}_zpa
target/arm: Adjust and validate mtedesc sizem1
target/arm: Split out make_svemte_desc
target/arm: Handle mte in do_ldrq, do_ldro
target/arm: Fix SVE/SME gross MTE suppression checks
MAINTAINERS | 3 +-
docs/system/arm/mps2.rst | 37 +-
configs/devices/arm-softmmu/default.mak | 1 +
hw/arm/smmuv3-internal.h | 1 +
include/hw/arm/smmu-common.h | 1 +
include/hw/arm/virt.h | 2 +
include/hw/misc/mps2-scc.h | 1 +
linux-user/aarch64/target_prctl.h | 29 +-
target/arm/internals.h | 2 +-
target/arm/tcg/translate-a64.h | 2 +
hw/arm/mps3r.c | 640 ++++++++++++++++++++++++++++++++
hw/arm/npcm7xx.c | 1 +
hw/arm/smmu-common.c | 11 +
hw/arm/smmuv3.c | 1 +
hw/arm/stellaris.c | 47 ++-
hw/arm/virt-acpi-build.c | 20 +-
hw/arm/virt.c | 60 ++-
hw/arm/xilinx_zynq.c | 2 +
hw/block/tc58128.c | 4 +-
hw/misc/mps2-scc.c | 138 ++++++-
hw/pci-host/raven.c | 1 +
target/arm/helper.c | 14 +-
target/arm/tcg/cpu32.c | 109 ++++++
target/arm/tcg/op_helper.c | 43 ++-
target/arm/tcg/sme_helper.c | 8 +-
target/arm/tcg/sve_helper.c | 12 +-
target/arm/tcg/translate-sme.c | 15 +-
target/arm/tcg/translate-sve.c | 83 +++--
target/arm/tcg/translate.c | 19 +-
tests/qtest/npcm7xx_emc-test.c | 5 +-
tests/qtest/npcm_gmac-test.c | 84 +----
hw/arm/Kconfig | 5 +
hw/arm/meson.build | 1 +
tests/data/acpi/virt/FACP | Bin 276 -> 276 bytes
tests/data/acpi/virt/GTDT | Bin 96 -> 104 bytes
tests/qtest/meson.build | 4 +-
36 files changed, 1184 insertions(+), 222 deletions(-)
create mode 100644 hw/arm/mps3r.c
^ permalink raw reply [flat|nested] 44+ messages in thread
* Re: [PULL 00/35] target-arm queue
2024-02-15 17:35 Peter Maydell
@ 2024-02-16 10:58 ` Peter Maydell
0 siblings, 0 replies; 44+ messages in thread
From: Peter Maydell @ 2024-02-16 10:58 UTC (permalink / raw)
To: qemu-devel
On Thu, 15 Feb 2024 at 17:35, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The following changes since commit 5767815218efd3cbfd409505ed824d5f356044ae:
>
> Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-02-14 15:45:52 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240215
>
> for you to fetch changes up to f780e63fe731b058fe52d43653600d8729a1b5f2:
>
> docs: Add documentation for the mps3-an536 board (2024-02-15 14:32:39 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
> * linux-user/aarch64: Choose SYNC as the preferred MTE mode
> * Fix some errors in SVE/SME handling of MTE tags
> * hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
> * hw/block/tc58128: Don't emit deprecation warning under qtest
> * tests/qtest: Fix handling of npcm7xx and GMAC tests
> * hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
> * tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
> * Don't assert on vmload/vmsave of M-profile CPUs
> * hw/arm/smmuv3: add support for stage 1 access fault
> * hw/arm/stellaris: QOM cleanups
> * Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
> * Improve Cortex_R52 IMPDEF sysreg modelling
> * Allow access to SPSR_hyp from hyp mode
> * New board model mps3-an536 (Cortex-R52)
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/9.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 44+ messages in thread
end of thread, other threads:[~2024-02-16 10:59 UTC | newest]
Thread overview: 44+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-24 9:28 [PULL 00/35] target-arm queue Peter Maydell
2023-08-24 9:28 ` [PULL 01/35] hw/gpio/nrf51: implement DETECT signal Peter Maydell
2023-08-24 9:28 ` [PULL 02/35] qtest: factor out qtest_install_gpio_out_intercept Peter Maydell
2023-08-24 9:28 ` [PULL 03/35] qtest: implement named interception of out-GPIO Peter Maydell
2023-08-24 9:28 ` [PULL 04/35] qtest: bail from irq_intercept_in if name is specified Peter Maydell
2023-08-24 9:28 ` [PULL 05/35] qtest: irq_intercept_[out/in]: return FAIL if no intercepts are installed Peter Maydell
2023-08-24 9:28 ` [PULL 06/35] qtest: microbit-test: add tests for nRF51 DETECT Peter Maydell
2023-08-24 9:28 ` [PULL 07/35] kvm: Introduce kvm_arch_get_default_type hook Peter Maydell
2023-08-24 9:28 ` [PULL 08/35] accel/kvm: Specify default IPA size for arm64 Peter Maydell
2023-08-24 9:28 ` [PULL 09/35] mips: Report an error when KVM_VM_MIPS_VZ is unavailable Peter Maydell
2023-08-24 9:28 ` [PULL 10/35] accel/kvm: Use negative KVM type for error propagation Peter Maydell
2023-08-24 9:28 ` [PULL 11/35] accel/kvm: Free as when an error occurred Peter Maydell
2023-08-24 9:28 ` [PULL 12/35] accel/kvm: Make kvm_dirty_ring_reaper_init() void Peter Maydell
2023-08-24 9:28 ` [PULL 13/35] target/arm/ptw: Don't set fi->s1ptw for UnsuppAtomicUpdate fault Peter Maydell
2023-08-24 9:28 ` [PULL 14/35] target/arm/ptw: Don't report GPC faults on stage 1 ptw as stage2 faults Peter Maydell
2023-08-24 9:28 ` [PULL 15/35] target/arm/ptw: Set s1ns bit in fault info more consistently Peter Maydell
2023-08-24 9:28 ` [PULL 16/35] target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled() Peter Maydell
2023-08-24 9:28 ` [PULL 17/35] target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled() Peter Maydell
2023-08-24 9:28 ` [PULL 18/35] target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate() Peter Maydell
2023-08-24 9:28 ` [PULL 19/35] target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate() Peter Maydell
2023-08-24 9:28 ` [PULL 20/35] target/arm/ptw: Only fold in NSTable bit effects in Secure state Peter Maydell
2023-08-24 9:28 ` [PULL 21/35] target/arm/ptw: Remove last uses of ptw->in_secure Peter Maydell
2023-08-24 9:28 ` [PULL 22/35] target/arm/ptw: Remove S1Translate::in_secure Peter Maydell
2023-08-24 9:28 ` [PULL 23/35] target/arm/ptw: Drop S1Translate::out_secure Peter Maydell
2023-08-24 9:28 ` [PULL 24/35] target/arm/ptw: Set attributes correctly for MMU disabled data accesses Peter Maydell
2023-08-24 9:28 ` [PULL 25/35] target/arm/ptw: Check for block descriptors at invalid levels Peter Maydell
2023-08-24 9:28 ` [PULL 26/35] target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw Peter Maydell
2023-08-24 9:28 ` [PULL 27/35] target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types Peter Maydell
2023-08-24 9:28 ` [PULL 28/35] target/arm/ptw: Load stage-2 tables from realm physical space Peter Maydell
2023-08-24 9:28 ` [PULL 29/35] target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2* Peter Maydell
2023-08-24 9:28 ` [PULL 30/35] target/arm: Skip granule protection checks for AT instructions Peter Maydell
2023-08-24 9:28 ` [PULL 31/35] target/arm: Pass security space rather than flag " Peter Maydell
2023-08-24 9:28 ` [PULL 32/35] target/arm/helper: Check SCR_EL3.{NSE, NS} encoding " Peter Maydell
2023-08-24 9:28 ` [PULL 33/35] target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK Peter Maydell
2023-08-24 9:28 ` [PULL 34/35] target/arm: Fix SME ST1Q Peter Maydell
2023-08-24 9:28 ` [PULL 35/35] target/arm: Fix 64-bit SSRA Peter Maydell
2023-08-24 15:27 ` [PULL 00/35] target-arm queue Stefan Hajnoczi
-- strict thread matches above, loose matches on Subject: below --
2024-02-15 17:35 Peter Maydell
2024-02-16 10:58 ` Peter Maydell
2023-05-02 12:14 Peter Maydell
2023-05-02 14:09 ` Richard Henderson
2023-05-02 14:47 ` Peter Maydell
2020-08-28 9:23 Peter Maydell
2020-08-28 17:37 ` Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).