From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, Pierrick Bouvier <pierrick.bouvier@linaro.org>
Subject: [PATCH v7 41/73] target/arm: Implement EXLOCKException for ELR_ELx and SPSR_ELx
Date: Wed, 8 Oct 2025 14:55:41 -0700 [thread overview]
Message-ID: <20251008215613.300150-42-richard.henderson@linaro.org> (raw)
In-Reply-To: <20251008215613.300150-1-richard.henderson@linaro.org>
If PSTATE.EXLOCK is set, and the GCS EXLOCK enable bit is set,
and nested virt is in the appropriate state, then we need to
raise an EXLOCK exception.
Since PSTATE.EXLOCK cannot be set without GCS being present
and enabled, no explicit check for GCS is required.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpregs.h | 8 +++++
target/arm/cpu.h | 1 +
target/arm/helper.c | 67 ++++++++++++++++++++++++++++++++++----
target/arm/tcg/op_helper.c | 7 ++++
4 files changed, 77 insertions(+), 6 deletions(-)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index bd2121a336..a79f00351c 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -351,6 +351,14 @@ typedef enum CPAccessResult {
* specified target EL.
*/
CP_ACCESS_UNDEFINED = (2 << 2),
+
+ /*
+ * Access fails with EXLOCK, a GCS exception syndrome.
+ * These traps are always to the current execution EL,
+ * which is the same as the usual target EL because
+ * they cannot occur from EL0.
+ */
+ CP_ACCESS_EXLOCK = (3 << 2),
} CPAccessResult;
/* Indexes into fgt_read[] */
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 54f3d7b1cc..91a851dac1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1502,6 +1502,7 @@ void pmu_init(ARMCPU *cpu);
#define PSTATE_C (1U << 29)
#define PSTATE_Z (1U << 30)
#define PSTATE_N (1U << 31)
+#define PSTATE_EXLOCK (1ULL << 34)
#define PSTATE_NZCV (PSTATE_N | PSTATE_Z | PSTATE_C | PSTATE_V)
#define PSTATE_DAIF (PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F)
#define CACHED_PSTATE_BITS (PSTATE_NZCV | PSTATE_DAIF | PSTATE_BTYPE)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5d40266d96..1aa0a157b7 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3437,6 +3437,61 @@ static CPAccessResult access_nv1(CPUARMState *env, const ARMCPRegInfo *ri,
return CP_ACCESS_OK;
}
+static CPAccessResult access_nv1_or_exlock_el1(CPUARMState *env,
+ const ARMCPRegInfo *ri,
+ bool isread)
+{
+ if (arm_current_el(env) == 1) {
+ uint64_t nvx = arm_hcr_el2_nvx_eff(env);
+
+ if (!isread &&
+ (env->pstate & PSTATE_EXLOCK) &&
+ (env->cp15.gcscr_el[1] & GCSCR_EXLOCKEN) &&
+ !(nvx & HCR_NV1)) {
+ return CP_ACCESS_EXLOCK;
+ }
+ return access_nv1_with_nvx(nvx);
+ }
+
+ /*
+ * At EL2, since VHE redirection is done at translation time,
+ * el_is_in_host is always false here, so EXLOCK does not apply.
+ */
+ return CP_ACCESS_OK;
+}
+
+static CPAccessResult access_exlock_el2(CPUARMState *env,
+ const ARMCPRegInfo *ri, bool isread)
+{
+ int el = arm_current_el(env);
+
+ if (el == 3) {
+ return CP_ACCESS_OK;
+ }
+
+ /*
+ * Access to the EL2 register from EL1 means NV is set, and
+ * EXLOCK has priority over an NV1 trap to EL2.
+ */
+ if (!isread &&
+ (env->pstate & PSTATE_EXLOCK) &&
+ (env->cp15.gcscr_el[el] & GCSCR_EXLOCKEN)) {
+ return CP_ACCESS_EXLOCK;
+ }
+ return CP_ACCESS_OK;
+}
+
+static CPAccessResult access_exlock_el3(CPUARMState *env,
+ const ARMCPRegInfo *ri, bool isread)
+{
+ if (!isread &&
+ (env->pstate & PSTATE_EXLOCK) &&
+ (env->cp15.gcscr_el[3] & GCSCR_EXLOCKEN)) {
+ return CP_ACCESS_EXLOCK;
+ }
+ return CP_ACCESS_OK;
+}
+
#ifdef CONFIG_USER_ONLY
/*
* `IC IVAU` is handled to improve compatibility with JITs that dual-map their
@@ -3608,7 +3663,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "ELR_EL1", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 1,
- .access = PL1_RW, .accessfn = access_nv1,
+ .access = PL1_RW, .accessfn = access_nv1_or_exlock_el1,
.nv2_redirect_offset = 0x230 | NV2_REDIR_NV1,
.vhe_redir_to_el2 = ENCODE_AA64_CP_REG(3, 4, 4, 0, 1),
.vhe_redir_to_el01 = ENCODE_AA64_CP_REG(3, 5, 4, 0, 1),
@@ -3616,7 +3671,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = "SPSR_EL1", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 0,
- .access = PL1_RW, .accessfn = access_nv1,
+ .access = PL1_RW, .accessfn = access_nv1_or_exlock_el1,
.nv2_redirect_offset = 0x160 | NV2_REDIR_NV1,
.vhe_redir_to_el2 = ENCODE_AA64_CP_REG(3, 4, 4, 0, 0),
.vhe_redir_to_el01 = ENCODE_AA64_CP_REG(3, 5, 4, 0, 0),
@@ -4100,7 +4155,7 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
{ .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS | ARM_CP_NV2_REDIRECT,
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
- .access = PL2_RW,
+ .access = PL2_RW, .accessfn = access_exlock_el2,
.fieldoffset = offsetof(CPUARMState, elr_el[2]) },
{ .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
.type = ARM_CP_NV2_REDIRECT,
@@ -4118,7 +4173,7 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
{ .name = "SPSR_EL2", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS | ARM_CP_NV2_REDIRECT,
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 0,
- .access = PL2_RW,
+ .access = PL2_RW, .accessfn = access_exlock_el2,
.fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_HYP]) },
{ .name = "VBAR_EL2", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
@@ -4400,7 +4455,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
{ .name = "ELR_EL3", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 6, .crn = 4, .crm = 0, .opc2 = 1,
- .access = PL3_RW,
+ .access = PL3_RW, .accessfn = access_exlock_el3,
.fieldoffset = offsetof(CPUARMState, elr_el[3]) },
{ .name = "ESR_EL3", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 6, .crn = 5, .crm = 2, .opc2 = 0,
@@ -4411,7 +4466,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
{ .name = "SPSR_EL3", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 6, .crn = 4, .crm = 0, .opc2 = 0,
- .access = PL3_RW,
+ .access = PL3_RW, .accessfn = access_exlock_el3,
.fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_MON]) },
{ .name = "VBAR_EL3", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 6, .crn = 12, .crm = 0, .opc2 = 0,
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index dd3700dc6f..4fbd219555 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -881,6 +881,13 @@ const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
}
syndrome = syn_uncategorized();
break;
+ case CP_ACCESS_EXLOCK:
+ /*
+ * CP_ACCESS_EXLOCK is always directed to the current EL,
+ * which is going to be the same as the usual target EL.
+ */
+ syndrome = syn_gcs_exlock();
+ break;
default:
g_assert_not_reached();
}
--
2.43.0
next prev parent reply other threads:[~2025-10-08 22:02 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 21:55 [PATCH v7 00/73] target/arm: Implement FEAT_GCS Richard Henderson
2025-10-08 21:55 ` [PATCH v7 01/73] tests/functional: update tests using TF-A/TF-RMM to support FEAT_GCS Richard Henderson
2025-10-08 21:55 ` [PATCH v7 02/73] target/arm: Add isar feature test for FEAT_S1PIE, FEAT_S2PIE Richard Henderson
2025-10-08 21:55 ` [PATCH v7 03/73] target/arm: Enable TCR2_ELx.PIE Richard Henderson
2025-10-08 21:55 ` [PATCH v7 04/73] target/arm: Implement PIR_ELx, PIRE0_ELx, S2PIR_EL2 registers Richard Henderson
2025-10-08 21:55 ` [PATCH v7 05/73] target/arm: Force HPD for stage2 translations Richard Henderson
2025-10-08 21:55 ` [PATCH v7 06/73] target/arm: Cache NV1 early in get_phys_addr_lpae Richard Henderson
2025-10-08 21:55 ` [PATCH v7 07/73] target/arm: Populate PIE in aa64_va_parameters Richard Henderson
2025-10-08 21:55 ` [PATCH v7 08/73] target/arm: Implement get_S1prot_indirect Richard Henderson
2025-10-08 21:55 ` [PATCH v7 09/73] target/arm: Implement get_S2prot_indirect Richard Henderson
2025-10-08 21:55 ` [PATCH v7 10/73] target/arm: Expand CPUARMState.exception.syndrome to 64 bits Richard Henderson
2025-10-09 14:14 ` Philippe Mathieu-Daudé
2025-10-09 17:43 ` Richard Henderson
2025-10-08 21:55 ` [PATCH v7 11/73] target/arm: Expand syndrome parameter to raise_exception* Richard Henderson
2025-10-08 21:55 ` [PATCH v7 12/73] target/arm: Implement dirtybit check for PIE Richard Henderson
2025-10-08 21:55 ` [PATCH v7 13/73] target/arm: Enable FEAT_S1PIE and FEAT_S2PIE on -cpu max Richard Henderson
2025-10-08 21:55 ` [PATCH v7 14/73] include/exec/memopidx: Adjust for 32 mmu indexes Richard Henderson
2025-10-09 14:03 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 15/73] include/hw/core/cpu: Widen MMUIdxMap Richard Henderson
2025-10-08 21:55 ` [PATCH v7 16/73] target/arm: Split out mmuidx.h from cpu.h Richard Henderson
2025-10-08 21:55 ` [PATCH v7 17/73] target/arm: Convert arm_mmu_idx_to_el from switch to table Richard Henderson
2025-10-08 21:55 ` [PATCH v7 18/73] target/arm: Remove unused env argument from regime_el Richard Henderson
2025-10-08 21:55 ` [PATCH v7 19/73] target/arm: Convert regime_el from switch to table Richard Henderson
2025-10-08 21:55 ` [PATCH v7 20/73] target/arm: Convert regime_has_2_ranges " Richard Henderson
2025-10-08 21:55 ` [PATCH v7 21/73] target/arm: Remove unused env argument from regime_is_pan Richard Henderson
2025-10-08 21:55 ` [PATCH v7 22/73] target/arm: Convert regime_is_pan from switch to table Richard Henderson
2025-10-08 21:55 ` [PATCH v7 23/73] target/arm: Remove unused env argument from regime_is_user Richard Henderson
2025-10-08 21:55 ` [PATCH v7 24/73] target/arm: Convert regime_is_user from switch to table Richard Henderson
2025-10-08 21:55 ` [PATCH v7 25/73] target/arm: Convert arm_mmu_idx_is_stage1_of_2 " Richard Henderson
2025-10-08 21:55 ` [PATCH v7 26/73] target/arm: Convert regime_is_stage2 " Richard Henderson
2025-10-08 21:55 ` [PATCH v7 27/73] target/arm: Introduce mmu indexes for GCS Richard Henderson
2025-10-08 21:55 ` [PATCH v7 28/73] target/arm: Introduce regime_to_gcs Richard Henderson
2025-10-08 21:55 ` [PATCH v7 29/73] target/arm: Support page protections for GCS mmu indexes Richard Henderson
2025-10-08 21:55 ` [PATCH v7 30/73] target/arm: Implement gcs bit for data abort Richard Henderson
2025-10-08 21:55 ` [PATCH v7 31/73] target/arm: Add GCS cpregs Richard Henderson
2025-10-08 21:55 ` [PATCH v7 32/73] target/arm: Add GCS enable and trap levels to DisasContext Richard Henderson
2025-10-08 21:55 ` [PATCH v7 33/73] target/arm: Implement FEAT_CHK Richard Henderson
2025-10-08 21:55 ` [PATCH v7 34/73] target/arm: Make helper_exception_return system-only Richard Henderson
2025-10-09 14:38 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 35/73] target/arm: Export cpsr_{read_for, write_from}_spsr_elx Richard Henderson
2025-10-09 14:37 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 36/73] target/arm: Expand pstate to 64 bits Richard Henderson
2025-10-08 21:55 ` [PATCH v7 37/73] target/arm: Add syndrome data for EC_GCS Richard Henderson
2025-10-08 21:55 ` [PATCH v7 38/73] target/arm: Add arm_hcr_el2_nvx_eff Richard Henderson
2025-10-09 14:34 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 39/73] target/arm: Use arm_hcr_el2_nvx_eff in access_nv1 Richard Henderson
2025-10-09 14:34 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 40/73] target/arm: Split out access_nv1_with_nvx Richard Henderson
2025-10-09 14:04 ` Philippe Mathieu-Daudé
2025-10-08 21:55 ` Richard Henderson [this message]
2025-10-08 21:55 ` [PATCH v7 42/73] target/arm: Split {full,core}_a64_user_mem_index Richard Henderson
2025-10-09 14:05 ` [PATCH v7 42/73] target/arm: Split {full, core}_a64_user_mem_index Philippe Mathieu-Daudé
2025-10-08 21:55 ` [PATCH v7 43/73] target/arm: Introduce delay_exception{_el} Richard Henderson
2025-10-08 21:55 ` [PATCH v7 44/73] target/arm: Emit HSTR trap exception out of line Richard Henderson
2025-10-08 21:55 ` [PATCH v7 45/73] target/arm: Emit v7m LTPSIZE " Richard Henderson
2025-10-08 21:55 ` [PATCH v7 46/73] target/arm: Implement GCSSTR, GCSSTTR Richard Henderson
2025-10-08 21:55 ` [PATCH v7 47/73] target/arm: Implement GCSB Richard Henderson
2025-10-08 21:55 ` [PATCH v7 48/73] target/arm: Implement GCSPUSHM Richard Henderson
2025-10-08 21:55 ` [PATCH v7 49/73] target/arm: Implement GCSPOPM Richard Henderson
2025-10-08 21:55 ` [PATCH v7 50/73] target/arm: Implement GCSPUSHX Richard Henderson
2025-10-08 21:55 ` [PATCH v7 51/73] target/arm: Implement GCSPOPX Richard Henderson
2025-10-08 21:55 ` [PATCH v7 52/73] target/arm: Implement GCSPOPCX Richard Henderson
2025-10-08 21:55 ` [PATCH v7 53/73] target/arm: Implement GCSSS1 Richard Henderson
2025-10-08 21:55 ` [PATCH v7 54/73] target/arm: Implement GCSSS2 Richard Henderson
2025-10-08 21:55 ` [PATCH v7 55/73] target/arm: Add gcs record for BL Richard Henderson
2025-10-08 21:55 ` [PATCH v7 56/73] target/arm: Add gcs record for BLR Richard Henderson
2025-10-08 21:55 ` [PATCH v7 57/73] target/arm: Add gcs record for BLR with PAuth Richard Henderson
2025-10-08 21:55 ` [PATCH v7 58/73] target/arm: Load gcs record for RET Richard Henderson
2025-10-08 21:55 ` [PATCH v7 59/73] target/arm: Load gcs record for RET with PAuth Richard Henderson
2025-10-08 21:56 ` [PATCH v7 60/73] target/arm: Copy EXLOCKEn to EXLOCK on exception to the same EL Richard Henderson
2025-10-08 21:56 ` [PATCH v7 61/73] target/arm: Implement EXLOCK check during exception return Richard Henderson
2025-10-08 21:56 ` [PATCH v7 62/73] target/arm: Enable FEAT_GCS with -cpu max Richard Henderson
2025-10-09 14:33 ` Philippe Mathieu-Daudé
2025-10-08 21:56 ` [PATCH v7 63/73] linux-user/aarch64: Implement prctls for GCS Richard Henderson
2025-10-08 21:56 ` [PATCH v7 64/73] linux-user/aarch64: Allocate new gcs stack on clone Richard Henderson
2025-10-08 21:56 ` [PATCH v7 65/73] linux-user/aarch64: Release gcs stack on thread exit Richard Henderson
2025-10-08 21:56 ` [PATCH v7 66/73] linux-user/aarch64: Implement map_shadow_stack syscall Richard Henderson
2025-10-08 21:56 ` [PATCH v7 67/73] target/arm: Enable GCSPR_EL0 for read in user-mode Richard Henderson
2025-10-08 21:56 ` [PATCH v7 68/73] linux-user/aarch64: Inject SIGSEGV for GCS faults Richard Henderson
2025-10-08 21:56 ` [PATCH v7 69/73] linux-user/aarch64: Generate GCS signal records Richard Henderson
2025-10-08 21:56 ` [PATCH v7 70/73] linux-user/aarch64: Enable GCS in HWCAP Richard Henderson
2025-10-08 21:56 ` [PATCH v7 71/73] tests/tcg/aarch64: Add gcsstr Richard Henderson
2025-10-08 21:56 ` [PATCH v7 72/73] tests/tcg/aarch64: Add gcspushm Richard Henderson
2025-10-08 21:56 ` [PATCH v7 73/73] tests/tcg/aarch64: Add gcsss Richard Henderson
2025-10-10 11:40 ` [PATCH v7 00/73] target/arm: Implement FEAT_GCS Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008215613.300150-42-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).