Series comparison

-[Qemu-devel] [PULL 0/2] target-arm queue
+[PULL 0/2] target-arm queue
-Couple of minor patches to sneak in before rc0. The PSCI return
+This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
-values fix is the most important one.
+we were using uninitialized data for the guarded bit when
 combining stage 1 and stage 2 attrs.
+thanks
 -- PMM
-The following changes since commit 94b5d57d2f5a3c849cecd65e424bb6f50b998df9:
+The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
-  Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.9-20170314' into staging (2017-03-14 10:13:19 +0000)
+  Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
-are available in the git repository at:
+are available in the Git repository at:
-  git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170314
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
-for you to fetch changes up to d5affb0d8677e1a8a8fe03fa25005b669e7cdc02:
+for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
-  target/arm/arm-powerctl: Fix psci info return values (2017-03-14 11:28:54 +0000)
+  target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
 ----------------------------------------------------------------
-target-arm queue:
+target-arm: Fix bug where we weren't initializing
- * arm-powerctl: Fix psci info return values
+            guarded bit state when combining S1/S2 attrs
  * implement armv8 PMUSERENR (user-mode enable bits)
 ----------------------------------------------------------------
-Andrew Baumann (1):
+Richard Henderson (2):
-      target/arm: implement armv8 PMUSERENR (user-mode enable bits)
+      target/arm: PTE bit GP only applies to stage1
       target/arm: Copy guarded bit in combine_cacheattrs
-Andrew Jones (1):
+ target/arm/ptw.c | 11 ++++++-----
-      target/arm/arm-powerctl: Fix psci info return values
+file changed, 6 insertions(+), 5 deletions(-)
  target/arm/cpu.h    |  4 +--
  target/arm/helper.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++------
 files changed, 73 insertions(+), 10 deletions(-)

-[Qemu-devel] [PULL 2/2] target/arm/arm-powerctl: Fix psci info return values
+[PULL 1/2] target/arm: PTE bit GP only applies to stage1
-From: Andrew Jones <drjones@redhat.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-The power state spec section 5.1.5 AFFINITY_INFO defines the
+Only perform the extract of GP during the stage1 walk.
 affinity info return values as
-ON
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
-OFF
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ON_PENDING
 I grepped QEMU for power_state to ensure that no assumptions
 of OFF=0 were being made.
 Signed-off-by: Andrew Jones <drjones@redhat.com>
 Message-id: 20170303123232.4967-1-drjones@redhat.com
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h | 4 ++--
+ target/arm/ptw.c | 10 +++++-----
-file changed, 2 insertions(+), 2 deletions(-)
+file changed, 5 insertions(+), 5 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/ptw.c
-+++ b/target/arm/cpu.h
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ typedef void ARMELChangeHook(ARMCPU *cpu, void *opaque);
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
- /* These values map onto the return values for
+         result->f.attrs.secure = false;
-  * QEMU_PSCI_0_2_FN_AFFINITY_INFO */
+     }
- typedef enum ARMPSCIState {
--    PSCI_OFF = 0,
+-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
--    PSCI_ON = 1,
+-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-+    PSCI_ON = 0,
+-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-+    PSCI_OFF = 1,
+-    }
-     PSCI_ON_PENDING = 2
+-
- } ARMPSCIState;
+     if (regime_is_stage2(mmu_idx)) {
+         result->cacheattrs.is_s2_format = true;
          result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
          assert(attrindx <= 7);
          result->cacheattrs.is_s2_format = false;
          result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
 +
 +        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
 +        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
 +            result->f.guarded = extract64(attrs, 50, 1); /* GP */
 +        }
      }
      /*
 --
-.7.4
+.34.1

-[Qemu-devel] [PULL 1/2] target/arm: implement armv8 PMUSERENR (user-mode enable bits)
+[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
-From: Andrew Baumann <Andrew.Baumann@microsoft.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-In armv8, this register implements more than a single bit, with
+The guarded bit comes from the stage1 walk.
 fine-grained enables for read access to event counters, cycles
 counters, and write access to the software increment. This change
 implements those checks using custom access functions for the relevant
 registers.
-Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
+Fixes: Coverity CID 1507929
-Message-id: 20170228215801.10472-2-Andrew.Baumann@microsoft.com
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-[PMM: move a couple of access functions to be only compiled
+Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
  ifndef CONFIG_USER_ONLY to avoid compiler warnings]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++------
+ target/arm/ptw.c | 1 +
-file changed, 71 insertions(+), 8 deletions(-)
+file changed, 1 insertion(+)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/helper.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
+@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
-      */
-     int el = arm_current_el(env);
+     assert(!s1.is_s2_format);
+     ret.is_s2_format = false;
--    if (el == 0 && !env->cp15.c9_pmuserenr) {
++    ret.guarded = s1.guarded;
-+    if (el == 0 && !(env->cp15.c9_pmuserenr & 1)) {
-         return CP_ACCESS_TRAP;
+     if (s1.attrs == 0xf0) {
-     }
+         tagged = true;
      if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM)
@@ -XXX,XX +XXX,XX @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
      return CP_ACCESS_OK;
  }
 +static CPAccessResult pmreg_access_xevcntr(CPUARMState *env,
 +                                           const ARMCPRegInfo *ri,
 +                                           bool isread)
 +{
 +    /* ER: event counter read trap control */
 +    if (arm_feature(env, ARM_FEATURE_V8)
 +        && arm_current_el(env) == 0
 +        && (env->cp15.c9_pmuserenr & (1 << 3)) != 0
 +        && isread) {
 +        return CP_ACCESS_OK;
 +    }
 +
 +    return pmreg_access(env, ri, isread);
 +}
 +
 +static CPAccessResult pmreg_access_swinc(CPUARMState *env,
 +                                         const ARMCPRegInfo *ri,
 +                                         bool isread)
 +{
 +    /* SW: software increment write trap control */
 +    if (arm_feature(env, ARM_FEATURE_V8)
 +        && arm_current_el(env) == 0
 +        && (env->cp15.c9_pmuserenr & (1 << 1)) != 0
 +        && !isread) {
 +        return CP_ACCESS_OK;
 +    }
 +
 +    return pmreg_access(env, ri, isread);
 +}
 +
  #ifndef CONFIG_USER_ONLY
 +static CPAccessResult pmreg_access_selr(CPUARMState *env,
 +                                        const ARMCPRegInfo *ri,
 +                                        bool isread)
 +{
 +    /* ER: event counter read trap control */
 +    if (arm_feature(env, ARM_FEATURE_V8)
 +        && arm_current_el(env) == 0
 +        && (env->cp15.c9_pmuserenr & (1 << 3)) != 0) {
 +        return CP_ACCESS_OK;
 +    }
 +
 +    return pmreg_access(env, ri, isread);
 +}
 +
 +static CPAccessResult pmreg_access_ccntr(CPUARMState *env,
 +                                         const ARMCPRegInfo *ri,
 +                                         bool isread)
 +{
 +    /* CR: cycle counter read trap control */
 +    if (arm_feature(env, ARM_FEATURE_V8)
 +        && arm_current_el(env) == 0
 +        && (env->cp15.c9_pmuserenr & (1 << 2)) != 0
 +        && isread) {
 +        return CP_ACCESS_OK;
 +    }
 +
 +    return pmreg_access(env, ri, isread);
 +}
 +
  static inline bool arm_ccnt_enabled(CPUARMState *env)
  {
      /* This does not support checking PMCCFILTR_EL0 register */
@@ -XXX,XX +XXX,XX @@ static uint64_t pmxevtyper_read(CPUARMState *env, const ARMCPRegInfo *ri)
  static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                              uint64_t value)
  {
 -    env->cp15.c9_pmuserenr = value & 1;
 +    if (arm_feature(env, ARM_FEATURE_V8)) {
 +        env->cp15.c9_pmuserenr = value & 0xf;
 +    } else {
 +        env->cp15.c9_pmuserenr = value & 1;
 +    }
  }
  static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
        .raw_writefn = raw_write },
      /* Unimplemented so WI. */
      { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
 -      .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP },
 +      .access = PL0_W, .accessfn = pmreg_access_swinc, .type = ARM_CP_NOP },
  #ifndef CONFIG_USER_ONLY
      { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
        .access = PL0_RW, .type = ARM_CP_ALIAS,
        .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr),
 -      .accessfn = pmreg_access, .writefn = pmselr_write,
 +      .accessfn = pmreg_access_selr, .writefn = pmselr_write,
        .raw_writefn = raw_write},
      { .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64,
        .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5,
 -      .access = PL0_RW, .accessfn = pmreg_access,
 +      .access = PL0_RW, .accessfn = pmreg_access_selr,
        .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
        .writefn = pmselr_write, .raw_writefn = raw_write, },
      { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
        .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
        .readfn = pmccntr_read, .writefn = pmccntr_write32,
 -      .accessfn = pmreg_access },
 +      .accessfn = pmreg_access_ccntr },
      { .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
        .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 0,
 -      .access = PL0_RW, .accessfn = pmreg_access,
 +      .access = PL0_RW, .accessfn = pmreg_access_ccntr,
        .type = ARM_CP_IO,
        .readfn = pmccntr_read, .writefn = pmccntr_write, },
  #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
      /* Unimplemented, RAZ/WI. */
      { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
        .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
 -      .accessfn = pmreg_access },
 +      .accessfn = pmreg_access_xevcntr },
      { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
        .access = PL0_R | PL1_RW, .accessfn = access_tpm,
        .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
 --
-.7.4
+.34.1

Couple of minor patches to sneak in before rc0. The PSCI return
values fix is the most important one.

-- PMM

The following changes since commit 94b5d57d2f5a3c849cecd65e424bb6f50b998df9:

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.9-20170314' into staging (2017-03-14 10:13:19 +0000)

are available in the git repository at:

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170314

for you to fetch changes up to d5affb0d8677e1a8a8fe03fa25005b669e7cdc02:

target/arm/arm-powerctl: Fix psci info return values (2017-03-14 11:28:54 +0000)

----------------------------------------------------------------
target-arm queue:
 * arm-powerctl: Fix psci info return values
 * implement armv8 PMUSERENR (user-mode enable bits)

----------------------------------------------------------------
Andrew Baumann (1):
      target/arm: implement armv8 PMUSERENR (user-mode enable bits)

Andrew Jones (1):
      target/arm/arm-powerctl: Fix psci info return values

target/arm/cpu.h    |  4 +--
 target/arm/helper.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 73 insertions(+), 10 deletions(-)

From: Andrew Baumann <Andrew.Baumann@microsoft.com>

In armv8, this register implements more than a single bit, with
fine-grained enables for read access to event counters, cycles
counters, and write access to the software increment. This change
implements those checks using custom access functions for the relevant
registers.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 20170228215801.10472-2-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: move a couple of access functions to be only compiled
 ifndef CONFIG_USER_ONLY to avoid compiler warnings]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 71 insertions(+), 8 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
      */
     int el = arm_current_el(env);
 
-    if (el == 0 && !env->cp15.c9_pmuserenr) {
+    if (el == 0 && !(env->cp15.c9_pmuserenr & 1)) {
         return CP_ACCESS_TRAP;
     }
     if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM)
@@ -XXX,XX +XXX,XX @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
     return CP_ACCESS_OK;
 }
 
+static CPAccessResult pmreg_access_xevcntr(CPUARMState *env,
+                                           const ARMCPRegInfo *ri,
+                                           bool isread)
+{
+    /* ER: event counter read trap control */
+    if (arm_feature(env, ARM_FEATURE_V8)
+        && arm_current_el(env) == 0
+        && (env->cp15.c9_pmuserenr & (1 << 3)) != 0
+        && isread) {
+        return CP_ACCESS_OK;
+    }
+
+    return pmreg_access(env, ri, isread);
+}
+
+static CPAccessResult pmreg_access_swinc(CPUARMState *env,
+                                         const ARMCPRegInfo *ri,
+                                         bool isread)
+{
+    /* SW: software increment write trap control */
+    if (arm_feature(env, ARM_FEATURE_V8)
+        && arm_current_el(env) == 0
+        && (env->cp15.c9_pmuserenr & (1 << 1)) != 0
+        && !isread) {
+        return CP_ACCESS_OK;
+    }
+
+    return pmreg_access(env, ri, isread);
+}
+
 #ifndef CONFIG_USER_ONLY
 
+static CPAccessResult pmreg_access_selr(CPUARMState *env,
+                                        const ARMCPRegInfo *ri,
+                                        bool isread)
+{
+    /* ER: event counter read trap control */
+    if (arm_feature(env, ARM_FEATURE_V8)
+        && arm_current_el(env) == 0
+        && (env->cp15.c9_pmuserenr & (1 << 3)) != 0) {
+        return CP_ACCESS_OK;
+    }
+
+    return pmreg_access(env, ri, isread);
+}
+
+static CPAccessResult pmreg_access_ccntr(CPUARMState *env,
+                                         const ARMCPRegInfo *ri,
+                                         bool isread)
+{
+    /* CR: cycle counter read trap control */
+    if (arm_feature(env, ARM_FEATURE_V8)
+        && arm_current_el(env) == 0
+        && (env->cp15.c9_pmuserenr & (1 << 2)) != 0
+        && isread) {
+        return CP_ACCESS_OK;
+    }
+
+    return pmreg_access(env, ri, isread);
+}
+
 static inline bool arm_ccnt_enabled(CPUARMState *env)
 {
     /* This does not support checking PMCCFILTR_EL0 register */
@@ -XXX,XX +XXX,XX @@ static uint64_t pmxevtyper_read(CPUARMState *env, const ARMCPRegInfo *ri)
 static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
                             uint64_t value)
 {
-    env->cp15.c9_pmuserenr = value & 1;
+    if (arm_feature(env, ARM_FEATURE_V8)) {
+        env->cp15.c9_pmuserenr = value & 0xf;
+    } else {
+        env->cp15.c9_pmuserenr = value & 1;
+    }
 }
 
 static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
       .raw_writefn = raw_write },
     /* Unimplemented so WI. */
     { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
-      .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP },
+      .access = PL0_W, .accessfn = pmreg_access_swinc, .type = ARM_CP_NOP },
 #ifndef CONFIG_USER_ONLY
     { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
       .access = PL0_RW, .type = ARM_CP_ALIAS,
       .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr),
-      .accessfn = pmreg_access, .writefn = pmselr_write,
+      .accessfn = pmreg_access_selr, .writefn = pmselr_write,
       .raw_writefn = raw_write},
     { .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5,
-      .access = PL0_RW, .accessfn = pmreg_access,
+      .access = PL0_RW, .accessfn = pmreg_access_selr,
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
       .writefn = pmselr_write, .raw_writefn = raw_write, },
     { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
       .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
       .readfn = pmccntr_read, .writefn = pmccntr_write32,
-      .accessfn = pmreg_access },
+      .accessfn = pmreg_access_ccntr },
     { .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
       .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 0,
-      .access = PL0_RW, .accessfn = pmreg_access,
+      .access = PL0_RW, .accessfn = pmreg_access_ccntr,
       .type = ARM_CP_IO,
       .readfn = pmccntr_read, .writefn = pmccntr_write, },
 #endif
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
     /* Unimplemented, RAZ/WI. */
     { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
       .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
-      .accessfn = pmreg_access },
+      .accessfn = pmreg_access_xevcntr },
     { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
       .access = PL0_R | PL1_RW, .accessfn = access_tpm,
       .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
-- 
2.7.4

This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
we were using uninitialized data for the guarded bit when
combining stage 1 and stage 2 attrs.

thanks
-- PMM

The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:

Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410

for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:

target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)

----------------------------------------------------------------
target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

----------------------------------------------------------------
Richard Henderson (2):
      target/arm: PTE bit GP only applies to stage1
      target/arm: Copy guarded bit in combine_cacheattrs

target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1