* [PATCH 01/20] target/arm: Convert get_phys_addr_v5 to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:20 ` [PATCH 02/20] target/arm: Convert get_phys_addr_v6 " Richard Henderson
` (18 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Begin conversion of get_phys_addr and all subroutines
from MMUAccessType to a mask of required permissions.
Notably, access_perm may be 0 in order to disable the
permissions check.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 561bf2678e..760387b4da 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -979,7 +979,7 @@ static int simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx, int ap)
}
static bool get_phys_addr_v5(CPUARMState *env, S1Translate *ptw,
- uint32_t address, MMUAccessType access_type,
+ uint32_t address, unsigned access_perm,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
int level = 1;
@@ -1089,7 +1089,7 @@ static bool get_phys_addr_v5(CPUARMState *env, S1Translate *ptw,
}
result->f.prot = ap_to_rw_prot(env, ptw->in_mmu_idx, ap, domain_prot);
result->f.prot |= result->f.prot ? PAGE_EXEC : 0;
- if (!(result->f.prot & (1 << access_type))) {
+ if (access_perm & ~result->f.prot) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
@@ -3515,7 +3515,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
} else {
- return get_phys_addr_v5(env, ptw, address, access_type, result, fi);
+ return get_phys_addr_v5(env, ptw, address, 1 << access_type, result, fi);
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 02/20] target/arm: Convert get_phys_addr_v6 to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
2025-07-07 20:20 ` [PATCH 01/20] target/arm: Convert get_phys_addr_v5 to access_perm Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:20 ` [PATCH 03/20] target/arm: Convert get_phys_addr_lpae " Richard Henderson
` (17 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 760387b4da..39ecc093a5 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1103,7 +1103,7 @@ do_fault:
}
static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
- uint32_t address, MMUAccessType access_type,
+ uint32_t address, unsigned access_perm,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
@@ -1243,7 +1243,7 @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
result->f.prot = get_S1prot(env, mmu_idx, false, user_rw, prot_rw,
xn, pxn, result->f.attrs.space, out_space);
- if (!(result->f.prot & (1 << access_type))) {
+ if (access_perm & ~result->f.prot) {
/* Access permission fault. */
fi->type = ARMFault_Permission;
goto do_fault;
@@ -3513,7 +3513,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
memop, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7) ||
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
- return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
+ return get_phys_addr_v6(env, ptw, address, 1 << access_type, result, fi);
} else {
return get_phys_addr_v5(env, ptw, address, 1 << access_type, result, fi);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 03/20] target/arm: Convert get_phys_addr_lpae to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
2025-07-07 20:20 ` [PATCH 01/20] target/arm: Convert get_phys_addr_v5 to access_perm Richard Henderson
2025-07-07 20:20 ` [PATCH 02/20] target/arm: Convert get_phys_addr_v6 " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-10 11:59 ` Peter Maydell
2025-07-07 20:20 ` [PATCH 04/20] target/arm: Convert get_phys_addr_pmsav5 " Richard Henderson
` (16 subsequent siblings)
19 siblings, 1 reply; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 39ecc093a5..7503d1de6f 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1643,14 +1643,14 @@ static bool nv_nv1_enabled(CPUARMState *env, S1Translate *ptw)
* @env: CPUARMState
* @ptw: Current and next stage parameters for the walk.
* @address: virtual address to get physical address for
- * @access_type: MMU_DATA_LOAD, MMU_DATA_STORE or MMU_INST_FETCH
+ * @access_perm: PAGE_{READ, WRITE, EXEC}, or 0
* @memop: memory operation feeding this access, or 0 for none
* @result: set on translation success,
* @fi: set to fault info if the translation fails
*/
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
uint64_t address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = env_archcpu(env);
@@ -1678,7 +1678,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
int ps;
param = aa64_va_parameters(env, address, mmu_idx,
- access_type != MMU_INST_FETCH,
+ !(access_perm & PAGE_EXEC),
!arm_el_is_aa64(env, 1));
level = 0;
@@ -1945,7 +1945,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
*/
if (param.hd
&& extract64(descriptor, 51, 1) /* DBM */
- && access_type == MMU_DATA_STORE) {
+ && (access_perm & PAGE_WRITE)) {
if (regime_is_stage2(mmu_idx)) {
new_descriptor |= 1ull << 7; /* set S2AP[1] */
} else {
@@ -2123,7 +2123,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
result->f.tlb_fill_flags = 0;
}
- if (!(result->f.prot & (1 << access_type))) {
+ if (access_perm & ~result->f.prot) {
fi->type = ARMFault_Permission;
goto do_fault;
}
@@ -3509,7 +3509,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, ptw, address, access_type,
+ return get_phys_addr_lpae(env, ptw, address, 1 << access_type,
memop, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7) ||
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* Re: [PATCH 03/20] target/arm: Convert get_phys_addr_lpae to access_perm
2025-07-07 20:20 ` [PATCH 03/20] target/arm: Convert get_phys_addr_lpae " Richard Henderson
@ 2025-07-10 11:59 ` Peter Maydell
2025-07-10 15:06 ` Richard Henderson
0 siblings, 1 reply; 25+ messages in thread
From: Peter Maydell @ 2025-07-10 11:59 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 7 Jul 2025 at 22:01, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index 39ecc093a5..7503d1de6f 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -1643,14 +1643,14 @@ static bool nv_nv1_enabled(CPUARMState *env, S1Translate *ptw)
> * @env: CPUARMState
> * @ptw: Current and next stage parameters for the walk.
> * @address: virtual address to get physical address for
> - * @access_type: MMU_DATA_LOAD, MMU_DATA_STORE or MMU_INST_FETCH
> + * @access_perm: PAGE_{READ, WRITE, EXEC}, or 0
> * @memop: memory operation feeding this access, or 0 for none
> * @result: set on translation success,
> * @fi: set to fault info if the translation fails
> */
> static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
> uint64_t address,
> - MMUAccessType access_type, MemOp memop,
> + unsigned access_perm, MemOp memop,
> GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
> {
> ARMCPU *cpu = env_archcpu(env);
> @@ -1678,7 +1678,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
> int ps;
>
> param = aa64_va_parameters(env, address, mmu_idx,
> - access_type != MMU_INST_FETCH,
> + !(access_perm & PAGE_EXEC),
> !arm_el_is_aa64(env, 1));
> level = 0;
This will treat a "don't check access permissions" call as
a data-access (relevant for TBI), and means there's no way
to say "do an address lookup for INST_FETCH but don't do the
access-permission check". Is that what we want?
We should at least comment this.
thanks
-- PMM
^ permalink raw reply [flat|nested] 25+ messages in thread* Re: [PATCH 03/20] target/arm: Convert get_phys_addr_lpae to access_perm
2025-07-10 11:59 ` Peter Maydell
@ 2025-07-10 15:06 ` Richard Henderson
0 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-10 15:06 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 7/10/25 05:59, Peter Maydell wrote:
> On Mon, 7 Jul 2025 at 22:01, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/arm/ptw.c | 12 ++++++------
>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
>> index 39ecc093a5..7503d1de6f 100644
>> --- a/target/arm/ptw.c
>> +++ b/target/arm/ptw.c
>> @@ -1643,14 +1643,14 @@ static bool nv_nv1_enabled(CPUARMState *env, S1Translate *ptw)
>> * @env: CPUARMState
>> * @ptw: Current and next stage parameters for the walk.
>> * @address: virtual address to get physical address for
>> - * @access_type: MMU_DATA_LOAD, MMU_DATA_STORE or MMU_INST_FETCH
>> + * @access_perm: PAGE_{READ, WRITE, EXEC}, or 0
>> * @memop: memory operation feeding this access, or 0 for none
>> * @result: set on translation success,
>> * @fi: set to fault info if the translation fails
>> */
>> static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
>> uint64_t address,
>> - MMUAccessType access_type, MemOp memop,
>> + unsigned access_perm, MemOp memop,
>> GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
>> {
>> ARMCPU *cpu = env_archcpu(env);
>> @@ -1678,7 +1678,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
>> int ps;
>>
>> param = aa64_va_parameters(env, address, mmu_idx,
>> - access_type != MMU_INST_FETCH,
>> + !(access_perm & PAGE_EXEC),
>> !arm_el_is_aa64(env, 1));
>> level = 0;
>
> This will treat a "don't check access permissions" call as
> a data-access (relevant for TBI), and means there's no way
> to say "do an address lookup for INST_FETCH but don't do the
> access-permission check". Is that what we want?
> We should at least comment this.
It does happen to be what we want for ats1a.
I can add a comment.
r~
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 04/20] target/arm: Convert get_phys_addr_pmsav5 to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (2 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 03/20] target/arm: Convert get_phys_addr_lpae " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:20 ` [PATCH 05/20] target/arm: Convert get_phys_addr_pmsav7 " Richard Henderson
` (15 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7503d1de6f..adceeabfe4 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2182,7 +2182,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
static bool get_phys_addr_pmsav5(CPUARMState *env,
S1Translate *ptw,
uint32_t address,
- MMUAccessType access_type,
+ unsigned access_perm,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -2218,7 +2218,7 @@ static bool get_phys_addr_pmsav5(CPUARMState *env,
return true;
}
- if (access_type == MMU_INST_FETCH) {
+ if (access_perm & PAGE_EXEC) {
mask = env->cp15.pmsav5_insn_ap;
} else {
mask = env->cp15.pmsav5_data_ap;
@@ -3485,7 +3485,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
result, fi);
} else {
/* Pre-v7 MPU */
- ret = get_phys_addr_pmsav5(env, ptw, address, access_type,
+ ret = get_phys_addr_pmsav5(env, ptw, address, 1 << access_type,
result, fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 05/20] target/arm: Convert get_phys_addr_pmsav7 to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (3 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 04/20] target/arm: Convert get_phys_addr_pmsav5 " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:20 ` [PATCH 06/20] target/arm: Convert pmsav8_mpu_lookup " Richard Henderson
` (14 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index adceeabfe4..b71c963f67 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2350,7 +2350,7 @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
static bool get_phys_addr_pmsav7(CPUARMState *env,
S1Translate *ptw,
uint32_t address,
- MMUAccessType access_type,
+ unsigned access_perm,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -2537,7 +2537,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env,
fi->type = ARMFault_Permission;
fi->level = 1;
- return !(result->f.prot & (1 << access_type));
+ return access_perm & ~result->f.prot;
}
static uint32_t *regime_rbar(CPUARMState *env, ARMMMUIdx mmu_idx,
@@ -3481,7 +3481,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
- ret = get_phys_addr_pmsav7(env, ptw, address, access_type,
+ ret = get_phys_addr_pmsav7(env, ptw, address, 1 << access_type,
result, fi);
} else {
/* Pre-v7 MPU */
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 06/20] target/arm: Convert pmsav8_mpu_lookup to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (4 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 05/20] target/arm: Convert get_phys_addr_pmsav7 " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:20 ` [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt " Richard Henderson
` (13 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 +-
target/arm/ptw.c | 6 +++---
target/arm/tcg/m_helper.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index c4765e4489..629aa7bc23 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1606,7 +1606,7 @@ bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
__attribute__((nonnull));
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
bool is_secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi, uint32_t *mregion);
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index b71c963f67..a11df31b18 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2561,7 +2561,7 @@ static uint32_t *regime_rlar(CPUARMState *env, ARMMMUIdx mmu_idx,
}
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
bool secure, GetPhysAddrResult *result,
ARMMMUFaultInfo *fi, uint32_t *mregion)
{
@@ -2750,7 +2750,7 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
if (arm_feature(env, ARM_FEATURE_M)) {
fi->level = 1;
}
- return !(result->f.prot & (1 << access_type));
+ return access_perm & ~result->f.prot;
}
static bool v8m_is_sau_exempt(CPUARMState *env,
@@ -2952,7 +2952,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env,
}
}
- ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure,
+ ret = pmsav8_mpu_lookup(env, address, 1 << access_type, mmu_idx, secure,
result, fi, NULL);
if (sattrs.subpage) {
result->f.lg_page_size = 0;
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 6614719832..220a3b472f 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -2820,7 +2820,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
ARMMMUFaultInfo fi = {};
/* We can ignore the return value as prot is always set */
- pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, targetsec,
+ pmsav8_mpu_lookup(env, addr, PAGE_READ, mmu_idx, targetsec,
&res, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (5 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 06/20] target/arm: Convert pmsav8_mpu_lookup " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-10 12:01 ` Peter Maydell
2025-07-07 20:20 ` [PATCH 08/20] target/arm: Convert v8m_security_lookup " Richard Henderson
` (12 subsequent siblings)
19 siblings, 1 reply; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index a11df31b18..78a9c21fab 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2754,14 +2754,14 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
}
static bool v8m_is_sau_exempt(CPUARMState *env,
- uint32_t address, MMUAccessType access_type)
+ uint32_t address, unsigned access_perm)
{
/*
* The architecture specifies that certain address ranges are
* exempt from v8M SAU/IDAU checks.
*/
return
- (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) ||
+ ((access_perm & PAGE_EXEC) && m_is_system_region(env, address)) ||
(address >= 0xe0000000 && address <= 0xe0002fff) ||
(address >= 0xe000e000 && address <= 0xe000efff) ||
(address >= 0xe002e000 && address <= 0xe002efff) ||
@@ -2798,7 +2798,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
return;
}
- if (idau_exempt || v8m_is_sau_exempt(env, address, access_type)) {
+ if (idau_exempt || v8m_is_sau_exempt(env, address, 1 << access_type)) {
sattrs->ns = !is_secure;
return;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* Re: [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt to access_perm
2025-07-07 20:20 ` [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt " Richard Henderson
@ 2025-07-10 12:01 ` Peter Maydell
2025-07-10 16:19 ` Richard Henderson
0 siblings, 1 reply; 25+ messages in thread
From: Peter Maydell @ 2025-07-10 12:01 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, qemu-arm
On Mon, 7 Jul 2025 at 21:58, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/ptw.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> index a11df31b18..78a9c21fab 100644
> --- a/target/arm/ptw.c
> +++ b/target/arm/ptw.c
> @@ -2754,14 +2754,14 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
> }
>
> static bool v8m_is_sau_exempt(CPUARMState *env,
> - uint32_t address, MMUAccessType access_type)
> + uint32_t address, unsigned access_perm)
> {
> /*
> * The architecture specifies that certain address ranges are
> * exempt from v8M SAU/IDAU checks.
> */
> return
> - (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) ||
> + ((access_perm & PAGE_EXEC) && m_is_system_region(env, address)) ||
> (address >= 0xe0000000 && address <= 0xe0002fff) ||
> (address >= 0xe000e000 && address <= 0xe000efff) ||
This also is conflating "don't check access permissions" with
"access is data, not insn".
-- PMM
^ permalink raw reply [flat|nested] 25+ messages in thread* Re: [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt to access_perm
2025-07-10 12:01 ` Peter Maydell
@ 2025-07-10 16:19 ` Richard Henderson
0 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-10 16:19 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel, qemu-arm
On 7/10/25 06:01, Peter Maydell wrote:
> On Mon, 7 Jul 2025 at 21:58, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/arm/ptw.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
>> index a11df31b18..78a9c21fab 100644
>> --- a/target/arm/ptw.c
>> +++ b/target/arm/ptw.c
>> @@ -2754,14 +2754,14 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
>> }
>>
>> static bool v8m_is_sau_exempt(CPUARMState *env,
>> - uint32_t address, MMUAccessType access_type)
>> + uint32_t address, unsigned access_perm)
>> {
>> /*
>> * The architecture specifies that certain address ranges are
>> * exempt from v8M SAU/IDAU checks.
>> */
>> return
>> - (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) ||
>> + ((access_perm & PAGE_EXEC) && m_is_system_region(env, address)) ||
>> (address >= 0xe0000000 && address <= 0xe0002fff) ||
>> (address >= 0xe000e000 && address <= 0xe000efff) ||
>
> This also is conflating "don't check access permissions" with
> "access is data, not insn".
Yes. We don't (yet) have a need for "don't check access permissions" for m-profile.
Talking a-profile for a moment, in order to match the pseudocode we would have the
AccessType_* enumerators. The two relevant enumerators are AccessType_IFETCH and
AccessType_AT, which means that all of the probing that we want to do is !IFETCH.
r~
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 08/20] target/arm: Convert v8m_security_lookup to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (6 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 07/20] target/arm: Convert v8m_is_sau_exempt " Richard Henderson
@ 2025-07-07 20:20 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 09/20] target/arm: Convert get_phys_addr_pmsav8 " Richard Henderson
` (11 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:20 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 +-
target/arm/ptw.c | 8 ++++----
target/arm/tcg/m_helper.c | 7 +++----
3 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 629aa7bc23..1781943fac 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1535,7 +1535,7 @@ typedef struct V8M_SAttributes {
} V8M_SAttributes;
void v8m_security_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
bool secure, V8M_SAttributes *sattrs);
/* Cacheability and shareability attributes for a memory access */
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 78a9c21fab..709dfa2684 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2770,7 +2770,7 @@ static bool v8m_is_sau_exempt(CPUARMState *env,
}
void v8m_security_lookup(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
bool is_secure, V8M_SAttributes *sattrs)
{
/*
@@ -2793,12 +2793,12 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
&idau_nsc);
}
- if (access_type == MMU_INST_FETCH && extract32(address, 28, 4) == 0xf) {
+ if ((access_perm & PAGE_EXEC) && extract32(address, 28, 4) == 0xf) {
/* 0xf0000000..0xffffffff is always S for insn fetches */
return;
}
- if (idau_exempt || v8m_is_sau_exempt(env, address, 1 << access_type)) {
+ if (idau_exempt || v8m_is_sau_exempt(env, address, access_perm)) {
sattrs->ns = !is_secure;
return;
}
@@ -2891,7 +2891,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env,
bool ret;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- v8m_security_lookup(env, address, access_type, mmu_idx,
+ v8m_security_lookup(env, address, 1 << access_type, mmu_idx,
secure, &sattrs);
if (access_type == MMU_INST_FETCH) {
/*
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 220a3b472f..e52ab261be 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -684,7 +684,7 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
V8M_SAttributes sattrs = {};
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ v8m_security_lookup(env, addr, PAGE_READ, mmu_idx,
targets_secure, &sattrs);
if (sattrs.ns) {
attrs.secure = false;
@@ -1996,7 +1996,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
ARMMMUFaultInfo fi = {};
MemTxResult txres;
- v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, secure, &sattrs);
+ v8m_security_lookup(env, addr, PAGE_EXEC, mmu_idx, secure, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
/*
* This must be the second half of the insn, and it straddles a
@@ -2838,8 +2838,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
}
if (env->v7m.secure) {
- v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- targetsec, &sattrs);
+ v8m_security_lookup(env, addr, PAGE_READ, mmu_idx, targetsec, &sattrs);
nsr = sattrs.ns && r;
nsrw = sattrs.ns && rw;
} else {
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 09/20] target/arm: Convert get_phys_addr_pmsav8 to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (7 preceding siblings ...)
2025-07-07 20:20 ` [PATCH 08/20] target/arm: Convert v8m_security_lookup " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 10/20] target/arm: Convert get_phys_addr_disabled " Richard Henderson
` (10 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 709dfa2684..f1edbbee5b 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2881,7 +2881,7 @@ void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env,
S1Translate *ptw,
uint32_t address,
- MMUAccessType access_type,
+ unsigned access_perm,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -2891,9 +2891,9 @@ static bool get_phys_addr_pmsav8(CPUARMState *env,
bool ret;
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- v8m_security_lookup(env, address, 1 << access_type, mmu_idx,
+ v8m_security_lookup(env, address, access_perm, mmu_idx,
secure, &sattrs);
- if (access_type == MMU_INST_FETCH) {
+ if (access_perm & PAGE_EXEC) {
/*
* Instruction fetches always use the MMU bank and the
* transaction attribute determined by the fetch address,
@@ -2952,7 +2952,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env,
}
}
- ret = pmsav8_mpu_lookup(env, address, 1 << access_type, mmu_idx, secure,
+ ret = pmsav8_mpu_lookup(env, address, access_perm, mmu_idx, secure,
result, fi, NULL);
if (sattrs.subpage) {
result->f.lg_page_size = 0;
@@ -3477,7 +3477,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
- ret = get_phys_addr_pmsav8(env, ptw, address, access_type,
+ ret = get_phys_addr_pmsav8(env, ptw, address, 1 << access_type,
result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 10/20] target/arm: Convert get_phys_addr_disabled to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (8 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 09/20] target/arm: Convert get_phys_addr_pmsav8 " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 11/20] target/arm: Convert get_phys_addr_nogpc " Richard Henderson
` (9 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f1edbbee5b..5b8040a174 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3193,7 +3193,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
static bool get_phys_addr_disabled(CPUARMState *env,
S1Translate *ptw,
vaddr address,
- MMUAccessType access_type,
+ unsigned access_perm,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -3219,7 +3219,7 @@ static bool get_phys_addr_disabled(CPUARMState *env,
int addrtop, tbi;
tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
- if (access_type == MMU_INST_FETCH) {
+ if (access_perm & PAGE_EXEC) {
tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);
}
tbi = (tbi >> extract64(address, 55, 1)) & 1;
@@ -3253,7 +3253,7 @@ static bool get_phys_addr_disabled(CPUARMState *env,
}
}
if (memattr == 0) {
- if (access_type == MMU_INST_FETCH) {
+ if (access_perm & PAGE_EXEC) {
if (regime_sctlr(env, mmu_idx) & SCTLR_I) {
memattr = 0xee; /* Normal, WT, RA, NT */
} else {
@@ -3404,7 +3404,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
case ARMMMUIdx_Phys_Root:
case ARMMMUIdx_Phys_Realm:
/* Checking Phys early avoids special casing later vs regime_el. */
- return get_phys_addr_disabled(env, ptw, address, access_type,
+ return get_phys_addr_disabled(env, ptw, address, 1 << access_type,
result, fi);
case ARMMMUIdx_Stage1_E0:
@@ -3504,7 +3504,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) {
- return get_phys_addr_disabled(env, ptw, address, access_type,
+ return get_phys_addr_disabled(env, ptw, address, 1 << access_type,
result, fi);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 11/20] target/arm: Convert get_phys_addr_nogpc to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (9 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 10/20] target/arm: Convert get_phys_addr_disabled " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 12/20] target/arm: Convert get_phys_addr_gpc " Richard Henderson
` (8 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Because of the recursion with get_phys_addr_twostage,
we must convert the two functions at the same time.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 39 ++++++++++++++++++++-------------------
1 file changed, 20 insertions(+), 19 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 5b8040a174..fef9e9a7cb 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -74,7 +74,7 @@ typedef struct S1Translate {
static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi);
@@ -3276,7 +3276,7 @@ static bool get_phys_addr_disabled(CPUARMState *env,
static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -3288,7 +3288,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
ARMSecuritySpace ipa_space;
uint64_t hcr;
- ret = get_phys_addr_nogpc(env, ptw, address, access_type,
+ ret = get_phys_addr_nogpc(env, ptw, address, access_perm,
memop, result, fi);
/* If S1 fails, return early. */
@@ -3315,7 +3315,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
cacheattrs1 = result->cacheattrs;
memset(result, 0, sizeof(*result));
- ret = get_phys_addr_nogpc(env, ptw, ipa, access_type,
+ ret = get_phys_addr_nogpc(env, ptw, ipa, access_perm,
memop, result, fi);
fi->s2addr = ipa;
@@ -3383,7 +3383,7 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
@@ -3404,7 +3404,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
case ARMMMUIdx_Phys_Root:
case ARMMMUIdx_Phys_Realm:
/* Checking Phys early avoids special casing later vs regime_el. */
- return get_phys_addr_disabled(env, ptw, address, 1 << access_type,
+ return get_phys_addr_disabled(env, ptw, address, access_perm,
result, fi);
case ARMMMUIdx_Stage1_E0:
@@ -3445,7 +3445,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
ptw->in_mmu_idx = mmu_idx = s1_mmu_idx;
if (arm_feature(env, ARM_FEATURE_EL2) &&
!regime_translation_disabled(env, ARMMMUIdx_Stage2, ptw->in_space)) {
- return get_phys_addr_twostage(env, ptw, address, access_type,
+ return get_phys_addr_twostage(env, ptw, address, access_perm,
memop, result, fi);
}
/* fall through */
@@ -3477,21 +3477,22 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
- ret = get_phys_addr_pmsav8(env, ptw, address, 1 << access_type,
+ ret = get_phys_addr_pmsav8(env, ptw, address, access_perm,
result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
- ret = get_phys_addr_pmsav7(env, ptw, address, 1 << access_type,
+ ret = get_phys_addr_pmsav7(env, ptw, address, access_perm,
result, fi);
} else {
/* Pre-v7 MPU */
- ret = get_phys_addr_pmsav5(env, ptw, address, 1 << access_type,
+ ret = get_phys_addr_pmsav5(env, ptw, address, access_perm,
result, fi);
}
- qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
+ qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %c%c%c at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
- access_type == MMU_DATA_LOAD ? "reading" :
- (access_type == MMU_DATA_STORE ? "writing" : "execute"),
+ access_perm & PAGE_READ ? 'r' : '-',
+ access_perm & PAGE_WRITE ? 'w' : '-',
+ access_perm & PAGE_EXEC ? 'x' : '-',
(uint32_t)address, mmu_idx,
ret ? "Miss" : "Hit",
result->f.prot & PAGE_READ ? 'r' : '-',
@@ -3504,18 +3505,18 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
/* Definitely a real MMU, not an MPU */
if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) {
- return get_phys_addr_disabled(env, ptw, address, 1 << access_type,
+ return get_phys_addr_disabled(env, ptw, address, access_perm,
result, fi);
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, ptw, address, 1 << access_type,
+ return get_phys_addr_lpae(env, ptw, address, access_perm,
memop, result, fi);
} else if (arm_feature(env, ARM_FEATURE_V7) ||
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
- return get_phys_addr_v6(env, ptw, address, 1 << access_type, result, fi);
+ return get_phys_addr_v6(env, ptw, address, access_perm, result, fi);
} else {
- return get_phys_addr_v5(env, ptw, address, 1 << access_type, result, fi);
+ return get_phys_addr_v5(env, ptw, address, access_perm, result, fi);
}
}
@@ -3525,7 +3526,7 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- if (get_phys_addr_nogpc(env, ptw, address, access_type,
+ if (get_phys_addr_nogpc(env, ptw, address, 1 << access_type,
memop, result, fi)) {
return true;
}
@@ -3547,7 +3548,7 @@ bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
.in_mmu_idx = mmu_idx,
.in_space = space,
};
- return get_phys_addr_nogpc(env, &ptw, address, access_type,
+ return get_phys_addr_nogpc(env, &ptw, address, 1 << access_type,
memop, result, fi);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 12/20] target/arm: Convert get_phys_addr_gpc to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (10 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 11/20] target/arm: Convert get_phys_addr_nogpc " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 13/20] target/arm: Convert get_phys_addr_with_space_nogpc " Richard Henderson
` (7 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fef9e9a7cb..adc681da41 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -80,7 +80,7 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi);
@@ -584,7 +584,7 @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
};
GetPhysAddrResult s2 = { };
- if (get_phys_addr_gpc(env, &s2ptw, addr, MMU_DATA_LOAD, 0, &s2, fi)) {
+ if (get_phys_addr_gpc(env, &s2ptw, addr, PAGE_READ, 0, &s2, fi)) {
goto fail;
}
@@ -3522,11 +3522,11 @@ static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
{
- if (get_phys_addr_nogpc(env, ptw, address, 1 << access_type,
+ if (get_phys_addr_nogpc(env, ptw, address, access_perm,
memop, result, fi)) {
return true;
}
@@ -3627,7 +3627,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
.in_space = arm_mmu_idx_to_security_space(env, mmu_idx),
};
- return get_phys_addr_gpc(env, &ptw, address, access_type,
+ return get_phys_addr_gpc(env, &ptw, address, 1 << access_type,
memop, result, fi);
}
@@ -3641,7 +3641,7 @@ static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
};
GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- bool ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
+ bool ret = get_phys_addr_gpc(env, &ptw, addr, PAGE_READ, 0, &res, &fi);
*attrs = res.f.attrs;
if (ret) {
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 13/20] target/arm: Convert get_phys_addr_with_space_nogpc to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (11 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 12/20] target/arm: Convert get_phys_addr_gpc " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 14/20] target/arm: Convert get_phys_addr " Richard Henderson
` (6 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/ptw.c | 4 ++--
target/arm/tcg/cpregs-at.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 1781943fac..20b49201cb 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1588,7 +1588,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
* address
* @env: CPUARMState
* @address: virtual address to get physical address for
- * @access_type: 0 for read, 1 for write, 2 for execute
+ * @access_perm: PAGE_{READ,WRITE,EXEC}, or 0
* @memop: memory operation feeding this access, or 0 for none
* @mmu_idx: MMU index indicating required translation regime
* @space: security space for the access
@@ -1599,7 +1599,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
* a Granule Protection Check on the resulting address.
*/
bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
ARMMMUIdx mmu_idx, ARMSecuritySpace space,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index adc681da41..19e67fba67 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3539,7 +3539,7 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
}
bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
- MMUAccessType access_type, MemOp memop,
+ unsigned access_perm, MemOp memop,
ARMMMUIdx mmu_idx, ARMSecuritySpace space,
GetPhysAddrResult *result,
ARMMMUFaultInfo *fi)
@@ -3548,7 +3548,7 @@ bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
.in_mmu_idx = mmu_idx,
.in_space = space,
};
- return get_phys_addr_nogpc(env, &ptw, address, 1 << access_type,
+ return get_phys_addr_nogpc(env, &ptw, address, access_perm,
memop, result, fi);
}
diff --git a/target/arm/tcg/cpregs-at.c b/target/arm/tcg/cpregs-at.c
index 398a61d398..c34fc6ec6f 100644
--- a/target/arm/tcg/cpregs-at.c
+++ b/target/arm/tcg/cpregs-at.c
@@ -38,7 +38,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
* address of a successful translation. This is a translation not a
* memory reference, so "memop = none = 0".
*/
- ret = get_phys_addr_with_space_nogpc(env, value, access_type, 0,
+ ret = get_phys_addr_with_space_nogpc(env, value, 1 << access_type, 0,
mmu_idx, ss, &res, &fi);
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 14/20] target/arm: Convert get_phys_addr to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (12 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 13/20] target/arm: Convert get_phys_addr_with_space_nogpc " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 15/20] target/arm: Skip permission check from arm_cpu_get_phys_page_attrs_debug Richard Henderson
` (5 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Complete the conversion of all routines in ptw.c from
MMUAccessType access_type to an access_perm bitmask.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/ptw.c | 4 ++--
target/arm/tcg/m_helper.c | 8 ++++----
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 20b49201cb..0844048ee8 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1559,7 +1559,7 @@ typedef struct GetPhysAddrResult {
* get_phys_addr: get the physical address for a virtual address
* @env: CPUARMState
* @address: virtual address to get physical address for
- * @access_type: 0 for read, 1 for write, 2 for execute
+ * @access_perm: PAGE_{READ,WRITE,EXEC}, or 0
* @memop: memory operation feeding this access, or 0 for none
* @mmu_idx: MMU index indicating required translation regime
* @result: set on translation success.
@@ -1579,7 +1579,7 @@ typedef struct GetPhysAddrResult {
* value.
*/
bool get_phys_addr(CPUARMState *env, vaddr address,
- MMUAccessType access_type, MemOp memop, ARMMMUIdx mmu_idx,
+ unsigned access_perm, MemOp memop, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
__attribute__((nonnull));
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 19e67fba67..fe005622da 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3619,7 +3619,7 @@ arm_mmu_idx_to_security_space(CPUARMState *env, ARMMMUIdx mmu_idx)
}
bool get_phys_addr(CPUARMState *env, vaddr address,
- MMUAccessType access_type, MemOp memop, ARMMMUIdx mmu_idx,
+ unsigned access_perm, MemOp memop, ARMMMUIdx mmu_idx,
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
{
S1Translate ptw = {
@@ -3627,7 +3627,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
.in_space = arm_mmu_idx_to_security_space(env, mmu_idx),
};
- return get_phys_addr_gpc(env, &ptw, address, 1 << access_type,
+ return get_phys_addr_gpc(env, &ptw, address, access_perm,
memop, result, fi);
}
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index e52ab261be..454ee187a7 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -221,7 +221,7 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
int exc;
bool exc_secure;
- if (get_phys_addr(env, addr, MMU_DATA_STORE, 0, mmu_idx, &res, &fi)) {
+ if (get_phys_addr(env, addr, PAGE_WRITE, 0, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
if (mode == STACK_LAZYFP) {
@@ -310,7 +310,7 @@ static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
bool exc_secure;
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, 0, mmu_idx, &res, &fi)) {
+ if (get_phys_addr(env, addr, PAGE_READ, 0, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
@@ -2008,7 +2008,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, bool secure,
"...really SecureFault with SFSR.INVEP\n");
return false;
}
- if (get_phys_addr(env, addr, MMU_INST_FETCH, 0, mmu_idx, &res, &fi)) {
+ if (get_phys_addr(env, addr, PAGE_EXEC, 0, mmu_idx, &res, &fi)) {
/* the MPU lookup failed */
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
@@ -2044,7 +2044,7 @@ static bool v7m_read_sg_stack_word(ARMCPU *cpu, ARMMMUIdx mmu_idx,
ARMMMUFaultInfo fi = {};
uint32_t value;
- if (get_phys_addr(env, addr, MMU_DATA_LOAD, 0, mmu_idx, &res, &fi)) {
+ if (get_phys_addr(env, addr, PAGE_READ, 0, mmu_idx, &res, &fi)) {
/* MPU/SAU lookup failed */
if (fi.type == ARMFault_QEMU_SFault) {
qemu_log_mask(CPU_LOG_INT,
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 15/20] target/arm: Skip permission check from arm_cpu_get_phys_page_attrs_debug
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (13 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 14/20] target/arm: Convert get_phys_addr " Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 16/20] target/arm: Introduce get_phys_addr_for_at Richard Henderson
` (4 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Do not require read permission when translating addresses
for debugging purposes.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index fe005622da..c1fe53965c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3641,7 +3641,7 @@ static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
};
GetPhysAddrResult res = {};
ARMMMUFaultInfo fi = {};
- bool ret = get_phys_addr_gpc(env, &ptw, addr, PAGE_READ, 0, &res, &fi);
+ bool ret = get_phys_addr_gpc(env, &ptw, addr, 0, 0, &res, &fi);
*attrs = res.f.attrs;
if (ret) {
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 16/20] target/arm: Introduce get_phys_addr_for_at
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (14 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 15/20] target/arm: Skip permission check from arm_cpu_get_phys_page_attrs_debug Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 17/20] target/arm: Skip AF and DB updates for AccessType_AT Richard Henderson
` (3 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Rename get_phys_addr_with_space_nogpc for its only
caller, do_ats_write. Drop the MemOp memop argument
as it doesn't make sense in the new context.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 17 +++++++----------
target/arm/ptw.c | 17 ++++++++++-------
target/arm/tcg/cpregs-at.c | 9 ++-------
3 files changed, 19 insertions(+), 24 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 0844048ee8..6aea942d06 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1584,25 +1584,22 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
__attribute__((nonnull));
/**
- * get_phys_addr_with_space_nogpc: get the physical address for a virtual
- * address
+ * get_phys_addr_for_at:
* @env: CPUARMState
* @address: virtual address to get physical address for
* @access_perm: PAGE_{READ,WRITE,EXEC}, or 0
- * @memop: memory operation feeding this access, or 0 for none
* @mmu_idx: MMU index indicating required translation regime
* @space: security space for the access
* @result: set on translation success.
* @fi: set to fault info if the translation fails
*
- * Similar to get_phys_addr, but use the given security space and don't perform
- * a Granule Protection Check on the resulting address.
+ * Similar to get_phys_addr, but for use by AccessType_AT, i.e.
+ * system instructions for address translation.
*/
-bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
- unsigned access_perm, MemOp memop,
- ARMMMUIdx mmu_idx, ARMSecuritySpace space,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_for_at(CPUARMState *env, vaddr address,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
+ ARMSecuritySpace space, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
__attribute__((nonnull));
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index c1fe53965c..19a53ec707 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3538,18 +3538,21 @@ static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
return false;
}
-bool get_phys_addr_with_space_nogpc(CPUARMState *env, vaddr address,
- unsigned access_perm, MemOp memop,
- ARMMMUIdx mmu_idx, ARMSecuritySpace space,
- GetPhysAddrResult *result,
- ARMMMUFaultInfo *fi)
+bool get_phys_addr_for_at(CPUARMState *env, vaddr address,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
+ ARMSecuritySpace space, GetPhysAddrResult *result,
+ ARMMMUFaultInfo *fi)
{
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_space = space,
};
- return get_phys_addr_nogpc(env, &ptw, address, access_perm,
- memop, result, fi);
+ /*
+ * I_MXTJT: Granule protection checks are not performed on the final
+ * address of a successful translation. This is a translation not a
+ * memory reference, so "memop = none = 0".
+ */
+ return get_phys_addr_nogpc(env, &ptw, address, access_perm, 0, result, fi);
}
static ARMSecuritySpace
diff --git a/target/arm/tcg/cpregs-at.c b/target/arm/tcg/cpregs-at.c
index c34fc6ec6f..e79866e651 100644
--- a/target/arm/tcg/cpregs-at.c
+++ b/target/arm/tcg/cpregs-at.c
@@ -33,13 +33,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
- /*
- * I_MXTJT: Granule protection checks are not performed on the final
- * address of a successful translation. This is a translation not a
- * memory reference, so "memop = none = 0".
- */
- ret = get_phys_addr_with_space_nogpc(env, value, 1 << access_type, 0,
- mmu_idx, ss, &res, &fi);
+ ret = get_phys_addr_for_at(env, value, 1 << access_type,
+ mmu_idx, ss, &res, &fi);
/*
* ATS operations only do S1 or S1+S2 translations, so we never
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 17/20] target/arm: Skip AF and DB updates for AccessType_AT
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (15 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 16/20] target/arm: Introduce get_phys_addr_for_at Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 18/20] target/arm: Convert do_ats_write to access_perm Richard Henderson
` (2 subsequent siblings)
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We are required to skip DB update for AT instructions, and
we are allowed to skip AF updates. Choose to skip both.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/ptw.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 19a53ec707..ecb20f65e5 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -58,6 +58,10 @@ typedef struct S1Translate {
* and will not change the state of the softmmu TLBs.
*/
bool in_debug;
+ /*
+ * in_at: is this AccessType_AT?
+ */
+ bool in_at;
/*
* If this is stage 2 of a stage 1+2 page table walk, then this must
* be true if stage 1 is an EL0 access; otherwise this is ignored.
@@ -1922,7 +1926,14 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
descaddr &= ~(hwaddr)(page_size - 1);
descaddr |= (address & (page_size - 1));
- if (likely(!ptw->in_debug)) {
+ /*
+ * For debug, never change cpu state, so do not update AF or DB.
+ *
+ * For AccessType_AT, DB is not updated (AArch64.SetDirtyFlag),
+ * and it is IMPLEMENTATION DEFINED whether AF is updated
+ * (AArch64.SetAccessFlag; qemu chooses to not update).
+ */
+ if (likely(!ptw->in_debug && !ptw->in_at)) {
/*
* Access flag.
* If HA is enabled, prepare to update the descriptor below.
@@ -3546,6 +3557,7 @@ bool get_phys_addr_for_at(CPUARMState *env, vaddr address,
S1Translate ptw = {
.in_mmu_idx = mmu_idx,
.in_space = space,
+ .in_at = true,
};
/*
* I_MXTJT: Granule protection checks are not performed on the final
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 18/20] target/arm: Convert do_ats_write to access_perm
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (16 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 17/20] target/arm: Skip AF and DB updates for AccessType_AT Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 19/20] target/arm: Fill in HFGITR_EL2 bits for Arm v9.5 Richard Henderson
2025-07-07 20:21 ` [PATCH 20/20] target/arm: Implement FEAT_ATS1A Richard Henderson
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/tcg/cpregs-at.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/arm/tcg/cpregs-at.c b/target/arm/tcg/cpregs-at.c
index e79866e651..39141c83aa 100644
--- a/target/arm/tcg/cpregs-at.c
+++ b/target/arm/tcg/cpregs-at.c
@@ -24,7 +24,7 @@ static int par_el1_shareability(GetPhysAddrResult *res)
}
static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ unsigned access_perm, ARMMMUIdx mmu_idx,
ARMSecuritySpace ss)
{
bool ret;
@@ -33,7 +33,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMMMUFaultInfo fi = {};
GetPhysAddrResult res = {};
- ret = get_phys_addr_for_at(env, value, 1 << access_type,
+ ret = get_phys_addr_for_at(env, value, access_perm,
mmu_idx, ss, &res, &fi);
/*
@@ -193,7 +193,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
- MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
+ unsigned access_perm = ri->opc2 & 1 ? PAGE_WRITE : PAGE_READ;
uint64_t par64;
ARMMMUIdx mmu_idx;
int el = arm_current_el(env);
@@ -255,7 +255,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
g_assert_not_reached();
}
- par64 = do_ats_write(env, value, access_type, mmu_idx, ss);
+ par64 = do_ats_write(env, value, access_perm, mmu_idx, ss);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
}
@@ -263,11 +263,11 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
- MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
+ unsigned access_perm = ri->opc2 & 1 ? PAGE_WRITE : PAGE_READ;
uint64_t par64;
/* There is no SecureEL2 for AArch32. */
- par64 = do_ats_write(env, value, access_type, ARMMMUIdx_E2,
+ par64 = do_ats_write(env, value, access_perm, ARMMMUIdx_E2,
ARMSS_NonSecure);
A32_BANKED_CURRENT_REG_SET(env, par, par64);
@@ -311,7 +311,7 @@ static CPAccessResult at_s1e01_access(CPUARMState *env, const ARMCPRegInfo *ri,
static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
- MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
+ unsigned access_perm = ri->opc2 & 1 ? PAGE_WRITE : PAGE_READ;
ARMMMUIdx mmu_idx;
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
@@ -354,7 +354,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
}
ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env);
- env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss);
+ env->cp15.par_el[1] = do_ats_write(env, value, access_perm, mmu_idx, ss);
}
static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 19/20] target/arm: Fill in HFGITR_EL2 bits for Arm v9.5
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (17 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 18/20] target/arm: Convert do_ats_write to access_perm Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
2025-07-07 20:21 ` [PATCH 20/20] target/arm: Implement FEAT_ATS1A Richard Henderson
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpregs.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index c9506aa6d5..88b3d63424 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -512,6 +512,11 @@ FIELD(HFGITR_EL2, SVC_EL1, 53, 1)
FIELD(HFGITR_EL2, DCCVAC, 54, 1)
FIELD(HFGITR_EL2, NBRBINJ, 55, 1)
FIELD(HFGITR_EL2, NBRBIALL, 56, 1)
+FIELD(HFGITR_EL2, NGCSPUSHM_EL1, 57, 1)
+FIELD(HFGITR_EL2, NGCSSTR_EL1, 58, 1)
+FIELD(HFGITR_EL2, NGCSEPP, 59, 1)
+FIELD(HFGITR_EL2, COSPRCTX, 60, 1)
+FIELD(HFGITR_EL2, ATS1E1A, 62, 1)
FIELD(HDFGRTR_EL2, DBGBCRN_EL1, 0, 1)
FIELD(HDFGRTR_EL2, DBGBVRN_EL1, 1, 1)
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread* [PATCH 20/20] target/arm: Implement FEAT_ATS1A
2025-07-07 20:20 [PATCH 00/20] target/arm: Implement FEAT_ATS1A Richard Henderson
` (18 preceding siblings ...)
2025-07-07 20:21 ` [PATCH 19/20] target/arm: Fill in HFGITR_EL2 bits for Arm v9.5 Richard Henderson
@ 2025-07-07 20:21 ` Richard Henderson
19 siblings, 0 replies; 25+ messages in thread
From: Richard Henderson @ 2025-07-07 20:21 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Implement FEAT_ATS1A and enable for -cpu max.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpregs.h | 1 +
target/arm/cpu-features.h | 5 ++++
target/arm/tcg/cpregs-at.c | 44 +++++++++++++++++++++++++++++++++++
target/arm/tcg/cpu64.c | 1 +
docs/system/arm/emulation.rst | 1 +
5 files changed, 52 insertions(+)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index 88b3d63424..58c6326fce 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -835,6 +835,7 @@ typedef enum FGTBit {
DO_BIT(HFGITR, DVPRCTX),
DO_BIT(HFGITR, CPPRCTX),
DO_BIT(HFGITR, DCCVAC),
+ DO_BIT(HFGITR, ATS1E1A),
} FGTBit;
#undef DO_BIT
diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h
index 5d8adfb73b..91e6c5b7d2 100644
--- a/target/arm/cpu-features.h
+++ b/target/arm/cpu-features.h
@@ -604,6 +604,11 @@ static inline bool isar_feature_aa64_rpres(const ARMISARegisters *id)
return FIELD_EX64_IDREG(id, ID_AA64ISAR2, RPRES);
}
+static inline bool isar_feature_aa64_ats1a(const ARMISARegisters *id)
+{
+ return FIELD_EX64_IDREG(id, ID_AA64ISAR2, ATS1A);
+}
+
static inline bool isar_feature_aa64_fp_simd(const ARMISARegisters *id)
{
/* We always set the AdvSIMD and FP fields identically. */
diff --git a/target/arm/tcg/cpregs-at.c b/target/arm/tcg/cpregs-at.c
index 39141c83aa..b764dd54c3 100644
--- a/target/arm/tcg/cpregs-at.c
+++ b/target/arm/tcg/cpregs-at.c
@@ -490,6 +490,47 @@ static const ARMCPRegInfo ats1cp_reginfo[] = {
.writefn = ats_write },
};
+static void ats_s1e1a(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
+ bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
+ ARMMMUIdx mmu_idx = regime_e20 ? ARMMMUIdx_E20_2 : ARMMMUIdx_Stage1_E1;
+ ARMSecuritySpace ss = arm_security_space_below_el3(env);
+
+ env->cp15.par_el[1] = do_ats_write(env, value, 0, mmu_idx, ss);
+}
+
+static void ats_s1e2a(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
+ ARMMMUIdx mmu_idx = hcr_el2 & HCR_E2H ? ARMMMUIdx_E20_2 : ARMMMUIdx_E2;
+ ARMSecuritySpace ss = arm_security_space_below_el3(env);
+
+ env->cp15.par_el[1] = do_ats_write(env, value, 0, mmu_idx, ss);
+}
+
+static void ats_s1e3a(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
+{
+ env->cp15.par_el[1] = do_ats_write(env, value, 0, ARMMMUIdx_E3,
+ arm_security_space(env));
+}
+
+static const ARMCPRegInfo ats1a_reginfo[] = {
+ { .name = "AT_S1E1A", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 2,
+ .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .fgt = FGT_ATS1E1A,
+ .accessfn = at_s1e01_access, .writefn = ats_s1e1a },
+ { .name = "AT_S1E2A", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 4, .crn = 7, .crm = 9, .opc2 = 2,
+ .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .accessfn = at_s1e2_access, .writefn = ats_s1e2a },
+ { .name = "AT_S1E3A", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 9, .opc2 = 2,
+ .access = PL3_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
+ .writefn = ats_s1e3a },
+};
+
void define_at_insn_regs(ARMCPU *cpu)
{
CPUARMState *env = &cpu->env;
@@ -511,4 +552,7 @@ void define_at_insn_regs(ARMCPU *cpu)
if (cpu_isar_feature(aa32_ats1e1, cpu)) {
define_arm_cp_regs(cpu, ats1cp_reginfo);
}
+ if (cpu_isar_feature(aa64_ats1a, cpu)) {
+ define_arm_cp_regs(cpu, ats1a_reginfo);
+ }
}
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 937f29e253..5916a32043 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -1178,6 +1178,7 @@ void aarch64_max_tcg_initfn(Object *obj)
t = FIELD_DP64(t, ID_AA64ISAR2, MOPS, 1); /* FEAT_MOPS */
t = FIELD_DP64(t, ID_AA64ISAR2, BC, 1); /* FEAT_HBC */
t = FIELD_DP64(t, ID_AA64ISAR2, WFXT, 2); /* FEAT_WFxT */
+ t = FIELD_DP64(t, ID_AA64ISAR2, ATS1A, 1); /* FEAT_ATS1A */
SET_IDREG(isar, ID_AA64ISAR2, t);
t = GET_IDREG(isar, ID_AA64PFR0);
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 78c2fd2113..1c3da23623 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -23,6 +23,7 @@ the following architecture extensions:
- FEAT_AFP (Alternate floating-point behavior)
- FEAT_Armv9_Crypto (Armv9 Cryptographic Extension)
- FEAT_ASID16 (16 bit ASID)
+- FEAT_ATS1A (Address Translation operations that ignore stage 1 permissions)
- FEAT_BBM at level 2 (Translation table break-before-make levels)
- FEAT_BF16 (AArch64 BFloat16 instructions)
- FEAT_BTI (Branch Target Identification)
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread