[PULL 00/42] target-arm queue
[PULL 0/7] target-arm queue
1
Changes from v1: dropped SVE patchset.
1
Hi; this pull request has a collection of bug fixes for rc0.
2
The big one is the trusted firmware boot regression fix.
2
3
3
The following changes since commit 58560ad254fbda71d4daa6622d71683190070ee2:
4
thanks
5
-- PMM
4
6
5
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.2-20191024' into staging (2019-10-24 16:22:58 +0100)
7
The following changes since commit ece5f8374d0416a339f0c0a9399faa2c42d4ad6f:
8
9
Merge tag 'linux-user-for-7.2-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2022-11-03 10:55:05 -0400)
6
10
7
are available in the Git repository at:
11
are available in the Git repository at:
8
12
9
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191025
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221104
10
14
11
for you to fetch changes up to f9469c1a01c333c08980e083e0ad3417256c8b9c:
15
for you to fetch changes up to cead7fa4c06087c86c67c5ce815cc1ff0bfeac3a:
12
16
13
hw/arm/highbank: Use AddressSpace when using write_secondary_boot() (2019-10-25 13:09:27 +0100)
17
target/arm: Two fixes for secure ptw (2022-11-04 10:58:58 +0000)
14
18
15
----------------------------------------------------------------
19
----------------------------------------------------------------
16
target-arm queue:
20
target-arm queue:
17
* raspi boards: some cleanup
21
* Fix regression booting Trusted Firmware
18
* raspi: implement the bcm2835 system timer device
22
* Honor HCR_E2H and HCR_TGE in ats_write64()
19
* raspi: implement a dummy thermal sensor
23
* Copy the entire vector in DO_ZIP
20
* misc devices: switch to ptimer transaction API
24
* Fix Privileged Access Never (PAN) for aarch32
21
* cache TB flag state to improve performance of cpu_get_tb_cpu_state
25
* Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
22
* aspeed: Add an AST2600 eval board
26
* Set SCR_EL3.HXEn when direct booting kernel
27
* Set SME and SVE EL3 vector lengths when direct booting kernel
23
28
24
----------------------------------------------------------------
29
----------------------------------------------------------------
25
Cédric Le Goater (2):
30
Ake Koomsin (1):
26
hw/gpio: Fix property accessors of the AST2600 GPIO 1.8V model
31
target/arm: Honor HCR_E2H and HCR_TGE in ats_write64()
27
aspeed: Add an AST2600 eval board
28
32
29
Peter Maydell (8):
33
Peter Maydell (3):
30
hw/net/fsl_etsec/etsec.c: Switch to transaction-based ptimer API
34
hw/arm/boot: Set SME and SVE EL3 vector lengths when booting kernel
31
hw/timer/xilinx_timer.c: Switch to transaction-based ptimer API
35
hw/arm/boot: Set SCR_EL3.HXEn when booting kernel
32
hw/dma/xilinx_axidma.c: Switch to transaction-based ptimer API
36
target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
33
hw/timer/slavio_timer: Remove useless check for NULL t->timer
34
hw/timer/slavio_timer.c: Switch to transaction-based ptimer API
35
hw/timer/grlib_gptimer.c: Switch to transaction-based ptimer API
36
hw/m68k/mcf5206.c: Switch to transaction-based ptimer API
37
hw/watchdog/milkymist-sysctl.c: Switch to transaction-based ptimer API
38
37
39
Philippe Mathieu-Daudé (8):
38
Richard Henderson (2):
40
hw/misc/bcm2835_thermal: Add a dummy BCM2835 thermal sensor
39
target/arm: Copy the entire vector in DO_ZIP
41
hw/arm/bcm2835_peripherals: Use the thermal sensor block
40
target/arm: Two fixes for secure ptw
42
hw/timer/bcm2835: Add the BCM2835 SYS_timer
43
hw/arm/bcm2835_peripherals: Use the SYS_timer
44
hw/arm/bcm2836: Make the SoC code modular
45
hw/arm/bcm2836: Rename cpus[] as cpu[].core
46
hw/arm/raspi: Use AddressSpace when using arm_boot::write_secondary_boot
47
hw/arm/highbank: Use AddressSpace when using write_secondary_boot()
48
41
49
Richard Henderson (24):
42
Timofey Kutergin (1):
50
target/arm: Split out rebuild_hflags_common
43
target/arm: Fix Privileged Access Never (PAN) for aarch32
51
target/arm: Split out rebuild_hflags_a64
52
target/arm: Split out rebuild_hflags_common_32
53
target/arm: Split arm_cpu_data_is_big_endian
54
target/arm: Split out rebuild_hflags_m32
55
target/arm: Reduce tests vs M-profile in cpu_get_tb_cpu_state
56
target/arm: Split out rebuild_hflags_a32
57
target/arm: Split out rebuild_hflags_aprofile
58
target/arm: Hoist XSCALE_CPAR, VECLEN, VECSTRIDE in cpu_get_tb_cpu_state
59
target/arm: Simplify set of PSTATE_SS in cpu_get_tb_cpu_state
60
target/arm: Hoist computation of TBFLAG_A32.VFPEN
61
target/arm: Add arm_rebuild_hflags
62
target/arm: Split out arm_mmu_idx_el
63
target/arm: Hoist store to cs_base in cpu_get_tb_cpu_state
64
target/arm: Add HELPER(rebuild_hflags_{a32, a64, m32})
65
target/arm: Rebuild hflags at EL changes
66
target/arm: Rebuild hflags at MSR writes
67
target/arm: Rebuild hflags at CPSR writes
68
target/arm: Rebuild hflags at Xscale SCTLR writes
69
target/arm: Rebuild hflags for M-profile
70
target/arm: Rebuild hflags for M-profile NVIC
71
linux-user/aarch64: Rebuild hflags for TARGET_WORDS_BIGENDIAN
72
linux-user/arm: Rebuild hflags for TARGET_WORDS_BIGENDIAN
73
target/arm: Rely on hflags correct in cpu_get_tb_cpu_state
74
44
75
hw/misc/Makefile.objs | 1 +
45
hw/arm/boot.c | 5 ++++
76
hw/timer/Makefile.objs | 1 +
46
target/arm/helper.c | 64 +++++++++++++++++++++++++++++--------------------
77
hw/net/fsl_etsec/etsec.h | 1 -
47
target/arm/ptw.c | 50 ++++++++++++++++++++++++++++----------
78
include/hw/arm/aspeed.h | 1 +
48
target/arm/sve_helper.c | 4 ++--
79
include/hw/arm/bcm2835_peripherals.h | 5 +-
49
4 files changed, 83 insertions(+), 40 deletions(-)
80
include/hw/arm/bcm2836.h | 4 +-
81
include/hw/arm/raspi_platform.h | 1 +
82
include/hw/misc/bcm2835_thermal.h | 27 +++
83
include/hw/timer/bcm2835_systmr.h | 33 +++
84
target/arm/cpu.h | 84 +++++---
85
target/arm/helper.h | 4 +
86
target/arm/internals.h | 9 +
87
hw/arm/aspeed.c | 23 ++
88
hw/arm/bcm2835_peripherals.c | 30 ++-
89
hw/arm/bcm2836.c | 44 ++--
90
hw/arm/highbank.c | 3 +-
91
hw/arm/raspi.c | 14 +-
92
hw/dma/xilinx_axidma.c | 9 +-
93
hw/gpio/aspeed_gpio.c | 8 +-
94
hw/intc/armv7m_nvic.c | 22 +-
95
hw/m68k/mcf5206.c | 15 +-
96
hw/misc/bcm2835_thermal.c | 135 ++++++++++++
97
hw/net/fsl_etsec/etsec.c | 9 +-
98
hw/timer/bcm2835_systmr.c | 163 +++++++++++++++
99
hw/timer/grlib_gptimer.c | 28 ++-
100
hw/timer/milkymist-sysctl.c | 25 ++-
101
hw/timer/slavio_timer.c | 32 ++-
102
hw/timer/xilinx_timer.c | 13 +-
103
linux-user/aarch64/cpu_loop.c | 1 +
104
linux-user/arm/cpu_loop.c | 1 +
105
linux-user/syscall.c | 1 +
106
target/arm/cpu.c | 1 +
107
target/arm/helper-a64.c | 3 +
108
target/arm/helper.c | 393 +++++++++++++++++++++++------------
109
target/arm/m_helper.c | 6 +
110
target/arm/machine.c | 1 +
111
target/arm/op_helper.c | 4 +
112
target/arm/translate-a64.c | 13 +-
113
target/arm/translate.c | 33 ++-
114
hw/timer/trace-events | 5 +
115
40 files changed, 945 insertions(+), 261 deletions(-)
116
create mode 100644 include/hw/misc/bcm2835_thermal.h
117
create mode 100644 include/hw/timer/bcm2835_systmr.h
118
create mode 100644 hw/misc/bcm2835_thermal.c
119
create mode 100644 hw/timer/bcm2835_systmr.c
120
diff view generated by jsdifflib
New patch
[PULL 1/7] hw/arm/boot: Set SME and SVE EL3 vector lengths when booting kernel
1
When we direct boot a kernel on a CPU which emulates EL3, we need
2
to set up the EL3 system registers as the Linux kernel documentation
3
specifies:
4
https://www.kernel.org/doc/Documentation/arm64/booting.rst
1
5
6
For SVE and SME this includes:
7
- ZCR_EL3.LEN must be initialised to the same value for all CPUs the
8
kernel is executed on.
9
- SMCR_EL3.LEN must be initialised to the same value for all CPUs the
10
kernel will execute on.
11
12
Although we are technically compliant with this, the "same value" we
13
currently use by default is the reset value of 0. This will end up
14
forcing the guest kernel's SVE and SME vector length to be only the
15
smallest supported length.
16
17
Initialize the vector length fields to their maximum possible value,
18
which is 0xf. If the implementation doesn't actually support that
19
vector length then the effective vector length will be constrained
20
down to the maximum supported value at point of use.
21
22
This allows the guest to use all the vector lengths the emulated CPU
23
supports (by programming the _EL2 and _EL1 versions of these
24
registers.)
25
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
28
Message-id: 20221027140207.413084-2-peter.maydell@linaro.org
29
---
30
hw/arm/boot.c | 2 ++
31
1 file changed, 2 insertions(+)
32
33
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/hw/arm/boot.c
36
+++ b/hw/arm/boot.c
37
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
38
}
39
if (cpu_isar_feature(aa64_sve, cpu)) {
40
env->cp15.cptr_el[3] |= R_CPTR_EL3_EZ_MASK;
41
+ env->vfp.zcr_el[3] = 0xf;
42
}
43
if (cpu_isar_feature(aa64_sme, cpu)) {
44
env->cp15.cptr_el[3] |= R_CPTR_EL3_ESM_MASK;
45
env->cp15.scr_el3 |= SCR_ENTP2;
46
+ env->vfp.smcr_el[3] = 0xf;
47
}
48
/* AArch64 kernels never boot in secure mode */
49
assert(!info->secure_boot);
50
--
51
2.25.1
diff view generated by jsdifflib
New patch
[PULL 2/7] hw/arm/boot: Set SCR_EL3.HXEn when booting kernel
1
When we direct boot a kernel on a CPU which emulates EL3, we need to
2
set up the EL3 system registers as the Linux kernel documentation
3
specifies:
4
https://www.kernel.org/doc/Documentation/arm64/booting.rst
1
5
6
For CPUs with FEAT_HCX support this includes:
7
- SCR_EL3.HXEn (bit 38) must be initialised to 0b1.
8
9
but we forgot to do this when implementing FEAT_HCX, which would mean
10
that a guest trying to access the HCRX_EL2 register would crash.
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20221027140207.413084-3-peter.maydell@linaro.org
15
---
16
hw/arm/boot.c | 3 +++
17
1 file changed, 3 insertions(+)
18
19
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/arm/boot.c
22
+++ b/hw/arm/boot.c
23
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
24
env->cp15.scr_el3 |= SCR_ENTP2;
25
env->vfp.smcr_el[3] = 0xf;
26
}
27
+ if (cpu_isar_feature(aa64_hcx, cpu)) {
28
+ env->cp15.scr_el3 |= SCR_HXEN;
29
+ }
30
/* AArch64 kernels never boot in secure mode */
31
assert(!info->secure_boot);
32
/* This hook is only supported for AArch32 currently:
33
--
34
2.25.1
diff view generated by jsdifflib
New patch
[PULL 3/7] target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
1
The HCR_EL2.TTLB bit is supposed to trap all EL1 execution of TLB
2
maintenance instructions. However we have added new TLB insns for
3
FEAT_TLBIOS and FEAT_TLBIRANGE, and forgot to set their accessfn to
4
access_ttlb. Add the missing accessfns.
1
5
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
---
9
target/arm/helper.c | 36 ++++++++++++++++++------------------
10
1 file changed, 18 insertions(+), 18 deletions(-)
11
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = {
17
static const ARMCPRegInfo tlbirange_reginfo[] = {
18
{ .name = "TLBI_RVAE1IS", .state = ARM_CP_STATE_AA64,
19
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 1,
20
- .access = PL1_W, .type = ARM_CP_NO_RAW,
21
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
22
.writefn = tlbi_aa64_rvae1is_write },
23
{ .name = "TLBI_RVAAE1IS", .state = ARM_CP_STATE_AA64,
24
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 3,
25
- .access = PL1_W, .type = ARM_CP_NO_RAW,
26
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
27
.writefn = tlbi_aa64_rvae1is_write },
28
{ .name = "TLBI_RVALE1IS", .state = ARM_CP_STATE_AA64,
29
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 5,
30
- .access = PL1_W, .type = ARM_CP_NO_RAW,
31
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
32
.writefn = tlbi_aa64_rvae1is_write },
33
{ .name = "TLBI_RVAALE1IS", .state = ARM_CP_STATE_AA64,
34
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 2, .opc2 = 7,
35
- .access = PL1_W, .type = ARM_CP_NO_RAW,
36
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
37
.writefn = tlbi_aa64_rvae1is_write },
38
{ .name = "TLBI_RVAE1OS", .state = ARM_CP_STATE_AA64,
39
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
40
- .access = PL1_W, .type = ARM_CP_NO_RAW,
41
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
42
.writefn = tlbi_aa64_rvae1is_write },
43
{ .name = "TLBI_RVAAE1OS", .state = ARM_CP_STATE_AA64,
44
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 3,
45
- .access = PL1_W, .type = ARM_CP_NO_RAW,
46
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
47
.writefn = tlbi_aa64_rvae1is_write },
48
{ .name = "TLBI_RVALE1OS", .state = ARM_CP_STATE_AA64,
49
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 5,
50
- .access = PL1_W, .type = ARM_CP_NO_RAW,
51
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
52
.writefn = tlbi_aa64_rvae1is_write },
53
{ .name = "TLBI_RVAALE1OS", .state = ARM_CP_STATE_AA64,
54
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 7,
55
- .access = PL1_W, .type = ARM_CP_NO_RAW,
56
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
57
.writefn = tlbi_aa64_rvae1is_write },
58
{ .name = "TLBI_RVAE1", .state = ARM_CP_STATE_AA64,
59
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 1,
60
- .access = PL1_W, .type = ARM_CP_NO_RAW,
61
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
62
.writefn = tlbi_aa64_rvae1_write },
63
{ .name = "TLBI_RVAAE1", .state = ARM_CP_STATE_AA64,
64
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 3,
65
- .access = PL1_W, .type = ARM_CP_NO_RAW,
66
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
67
.writefn = tlbi_aa64_rvae1_write },
68
{ .name = "TLBI_RVALE1", .state = ARM_CP_STATE_AA64,
69
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 5,
70
- .access = PL1_W, .type = ARM_CP_NO_RAW,
71
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
72
.writefn = tlbi_aa64_rvae1_write },
73
{ .name = "TLBI_RVAALE1", .state = ARM_CP_STATE_AA64,
74
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 7,
75
- .access = PL1_W, .type = ARM_CP_NO_RAW,
76
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
77
.writefn = tlbi_aa64_rvae1_write },
78
{ .name = "TLBI_RIPAS2E1IS", .state = ARM_CP_STATE_AA64,
79
.opc0 = 1, .opc1 = 4, .crn = 8, .crm = 0, .opc2 = 2,
80
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo tlbirange_reginfo[] = {
81
static const ARMCPRegInfo tlbios_reginfo[] = {
82
{ .name = "TLBI_VMALLE1OS", .state = ARM_CP_STATE_AA64,
83
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 0,
84
- .access = PL1_W, .type = ARM_CP_NO_RAW,
85
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
86
.writefn = tlbi_aa64_vmalle1is_write },
87
{ .name = "TLBI_VAE1OS", .state = ARM_CP_STATE_AA64,
88
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 1,
89
- .access = PL1_W, .type = ARM_CP_NO_RAW,
90
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
91
.writefn = tlbi_aa64_vae1is_write },
92
{ .name = "TLBI_ASIDE1OS", .state = ARM_CP_STATE_AA64,
93
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 2,
94
- .access = PL1_W, .type = ARM_CP_NO_RAW,
95
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
96
.writefn = tlbi_aa64_vmalle1is_write },
97
{ .name = "TLBI_VAAE1OS", .state = ARM_CP_STATE_AA64,
98
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 3,
99
- .access = PL1_W, .type = ARM_CP_NO_RAW,
100
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
101
.writefn = tlbi_aa64_vae1is_write },
102
{ .name = "TLBI_VALE1OS", .state = ARM_CP_STATE_AA64,
103
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 5,
104
- .access = PL1_W, .type = ARM_CP_NO_RAW,
105
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
106
.writefn = tlbi_aa64_vae1is_write },
107
{ .name = "TLBI_VAALE1OS", .state = ARM_CP_STATE_AA64,
108
.opc0 = 1, .opc1 = 0, .crn = 8, .crm = 1, .opc2 = 7,
109
- .access = PL1_W, .type = ARM_CP_NO_RAW,
110
+ .access = PL1_W, .accessfn = access_ttlb, .type = ARM_CP_NO_RAW,
111
.writefn = tlbi_aa64_vae1is_write },
112
{ .name = "TLBI_ALLE2OS", .state = ARM_CP_STATE_AA64,
113
.opc0 = 1, .opc1 = 4, .crn = 8, .crm = 1, .opc2 = 0,
114
--
115
2.25.1
diff view generated by jsdifflib
New patch
[PULL 4/7] target/arm: Fix Privileged Access Never (PAN) for aarch32
1
From: Timofey Kutergin <tkutergin@gmail.com>
1
2
3
When we implemented the PAN support we theoretically wanted
4
to support it for both AArch32 and AArch64, but in practice
5
several bugs made it essentially unusable with an AArch32
6
guest. Fix all those problems:
7
8
- Use CPSR.PAN to check for PAN state in aarch32 mode
9
- throw permission fault during address translation when PAN is
10
enabled and kernel tries to access user acessible page
11
- ignore SCTLR_XP bit for armv7 and armv8 (conflicts with SCTLR_SPAN).
12
13
Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
Message-id: 20221027112619.2205229-1-tkutergin@gmail.com
16
[PMM: tweak commit message]
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
target/arm/helper.c | 13 +++++++++++--
20
target/arm/ptw.c | 35 ++++++++++++++++++++++++++++++-----
21
2 files changed, 41 insertions(+), 7 deletions(-)
22
23
diff --git a/target/arm/helper.c b/target/arm/helper.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/helper.c
26
+++ b/target/arm/helper.c
27
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
28
}
29
#endif
30
31
+static bool arm_pan_enabled(CPUARMState *env)
32
+{
33
+ if (is_a64(env)) {
34
+ return env->pstate & PSTATE_PAN;
35
+ } else {
36
+ return env->uncached_cpsr & CPSR_PAN;
37
+ }
38
+}
39
+
40
ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
41
{
42
ARMMMUIdx idx;
43
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
44
}
45
break;
46
case 1:
47
- if (env->pstate & PSTATE_PAN) {
48
+ if (arm_pan_enabled(env)) {
49
idx = ARMMMUIdx_E10_1_PAN;
50
} else {
51
idx = ARMMMUIdx_E10_1;
52
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
53
case 2:
54
/* Note that TGE does not apply at EL2. */
55
if (arm_hcr_el2_eff(env) & HCR_E2H) {
56
- if (env->pstate & PSTATE_PAN) {
57
+ if (arm_pan_enabled(env)) {
58
idx = ARMMMUIdx_E20_2_PAN;
59
} else {
60
idx = ARMMMUIdx_E20_2;
61
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
62
index XXXXXXX..XXXXXXX 100644
63
--- a/target/arm/ptw.c
64
+++ b/target/arm/ptw.c
65
@@ -XXX,XX +XXX,XX @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
66
* @mmu_idx: MMU index indicating required translation regime
67
* @ap: The 3-bit access permissions (AP[2:0])
68
* @domain_prot: The 2-bit domain access permissions
69
+ * @is_user: TRUE if accessing from PL0
70
*/
71
-static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
72
- int ap, int domain_prot)
73
+static int ap_to_rw_prot_is_user(CPUARMState *env, ARMMMUIdx mmu_idx,
74
+ int ap, int domain_prot, bool is_user)
75
{
76
- bool is_user = regime_is_user(env, mmu_idx);
77
-
78
if (domain_prot == 3) {
79
return PAGE_READ | PAGE_WRITE;
80
}
81
@@ -XXX,XX +XXX,XX @@ static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
82
}
83
}
84
85
+/*
86
+ * Translate section/page access permissions to page R/W protection flags
87
+ * @env: CPUARMState
88
+ * @mmu_idx: MMU index indicating required translation regime
89
+ * @ap: The 3-bit access permissions (AP[2:0])
90
+ * @domain_prot: The 2-bit domain access permissions
91
+ */
92
+static int ap_to_rw_prot(CPUARMState *env, ARMMMUIdx mmu_idx,
93
+ int ap, int domain_prot)
94
+{
95
+ return ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot,
96
+ regime_is_user(env, mmu_idx));
97
+}
98
+
99
/*
100
* Translate section/page access permissions to page R/W protection flags.
101
* @ap: The 2-bit simple AP (AP[2:1])
102
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
103
hwaddr phys_addr;
104
uint32_t dacr;
105
bool ns;
106
+ int user_prot;
107
108
/* Pagetable walk. */
109
/* Lookup l1 descriptor. */
110
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
111
goto do_fault;
112
}
113
result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
114
+ user_prot = simple_ap_to_rw_prot_is_user(ap >> 1, 1);
115
} else {
116
result->f.prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
117
+ user_prot = ap_to_rw_prot_is_user(env, mmu_idx, ap, domain_prot, 1);
118
}
119
if (result->f.prot && !xn) {
120
result->f.prot |= PAGE_EXEC;
121
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
122
fi->type = ARMFault_Permission;
123
goto do_fault;
124
}
125
+ if (regime_is_pan(env, mmu_idx) &&
126
+ !regime_is_user(env, mmu_idx) &&
127
+ user_prot &&
128
+ access_type != MMU_INST_FETCH) {
129
+ /* Privileged Access Never fault */
130
+ fi->type = ARMFault_Permission;
131
+ goto do_fault;
132
+ }
133
}
134
if (ns) {
135
/* The NS bit will (as required by the architecture) have no effect if
136
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
137
if (regime_using_lpae_format(env, mmu_idx)) {
138
return get_phys_addr_lpae(env, ptw, address, access_type, false,
139
result, fi);
140
- } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
141
+ } else if (arm_feature(env, ARM_FEATURE_V7) ||
142
+ regime_sctlr(env, mmu_idx) & SCTLR_XP) {
143
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
144
} else {
145
return get_phys_addr_v5(env, ptw, address, access_type, result, fi);
146
--
147
2.25.1
diff view generated by jsdifflib
New patch
[PULL 5/7] target/arm: Copy the entire vector in DO_ZIP
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
With odd_ofs set, we weren't copying enough data.
4
5
Fixes: 09eb6d7025d1 ("target/arm: Move sve zip high_ofs into simd_data")
6
Reported-by: Idan Horowitz <idan.horowitz@gmail.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Message-id: 20221031054144.3574-1-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/sve_helper.c | 4 ++--
13
1 file changed, 2 insertions(+), 2 deletions(-)
14
15
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/sve_helper.c
18
+++ b/target/arm/sve_helper.c
19
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(void *vd, void *vn, void *vm, uint32_t desc) \
20
/* We produce output faster than we consume input. \
21
Therefore we must be mindful of possible overlap. */ \
22
if (unlikely((vn - vd) < (uintptr_t)oprsz)) { \
23
- vn = memcpy(&tmp_n, vn, oprsz_2); \
24
+ vn = memcpy(&tmp_n, vn, oprsz); \
25
} \
26
if (unlikely((vm - vd) < (uintptr_t)oprsz)) { \
27
- vm = memcpy(&tmp_m, vm, oprsz_2); \
28
+ vm = memcpy(&tmp_m, vm, oprsz); \
29
} \
30
for (i = 0; i < oprsz_2; i += sizeof(TYPE)) { \
31
*(TYPE *)(vd + H(2 * i + 0)) = *(TYPE *)(vn + odd_ofs + H(i)); \
32
--
33
2.25.1
34
35
diff view generated by jsdifflib
New patch
[PULL 6/7] target/arm: Honor HCR_E2H and HCR_TGE in ats_write64()
1
From: Ake Koomsin <ake@igel.co.jp>
1
2
3
We need to check HCR_E2H and HCR_TGE to select the right MMU index for
4
the correct translation regime.
5
6
To check for EL2&0 translation regime:
7
- For S1E0*, S1E1* and S12E* ops, check both HCR_E2H and HCR_TGE
8
- For S1E2* ops, check only HCR_E2H
9
10
Signed-off-by: Ake Koomsin <ake@igel.co.jp>
11
Message-id: 20221101064250.12444-1-ake@igel.co.jp
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
target/arm/helper.c | 15 +++++++++------
16
1 file changed, 9 insertions(+), 6 deletions(-)
17
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
21
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
23
MMUAccessType access_type = ri->opc2 & 1 ? MMU_DATA_STORE : MMU_DATA_LOAD;
24
ARMMMUIdx mmu_idx;
25
int secure = arm_is_secure_below_el3(env);
26
+ uint64_t hcr_el2 = arm_hcr_el2_eff(env);
27
+ bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
28
29
switch (ri->opc2 & 6) {
30
case 0:
31
switch (ri->opc1) {
32
case 0: /* AT S1E1R, AT S1E1W, AT S1E1RP, AT S1E1WP */
33
if (ri->crm == 9 && (env->pstate & PSTATE_PAN)) {
34
- mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
35
+ mmu_idx = regime_e20 ?
36
+ ARMMMUIdx_E20_2_PAN : ARMMMUIdx_Stage1_E1_PAN;
37
} else {
38
- mmu_idx = ARMMMUIdx_Stage1_E1;
39
+ mmu_idx = regime_e20 ? ARMMMUIdx_E20_2 : ARMMMUIdx_Stage1_E1;
40
}
41
break;
42
case 4: /* AT S1E2R, AT S1E2W */
43
- mmu_idx = ARMMMUIdx_E2;
44
+ mmu_idx = hcr_el2 & HCR_E2H ? ARMMMUIdx_E20_2 : ARMMMUIdx_E2;
45
break;
46
case 6: /* AT S1E3R, AT S1E3W */
47
mmu_idx = ARMMMUIdx_E3;
48
@@ -XXX,XX +XXX,XX @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri,
49
}
50
break;
51
case 2: /* AT S1E0R, AT S1E0W */
52
- mmu_idx = ARMMMUIdx_Stage1_E0;
53
+ mmu_idx = regime_e20 ? ARMMMUIdx_E20_0 : ARMMMUIdx_Stage1_E0;
54
break;
55
case 4: /* AT S12E1R, AT S12E1W */
56
- mmu_idx = ARMMMUIdx_E10_1;
57
+ mmu_idx = regime_e20 ? ARMMMUIdx_E20_2 : ARMMMUIdx_E10_1;
58
break;
59
case 6: /* AT S12E0R, AT S12E0W */
60
- mmu_idx = ARMMMUIdx_E10_0;
61
+ mmu_idx = regime_e20 ? ARMMMUIdx_E20_0 : ARMMMUIdx_E10_0;
62
break;
63
default:
64
g_assert_not_reached();
65
--
66
2.25.1
diff view generated by jsdifflib
New patch
[PULL 7/7] target/arm: Two fixes for secure ptw
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Reversed the sense of non-secure in get_phys_addr_lpae,
4
and failed to initialize attrs.secure for ARMMMUIdx_Phys_S.
5
6
Fixes: 48da29e4 ("target/arm: Add ptw_idx to S1Translate")
7
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1293
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/ptw.c | 15 ++++++++-------
14
1 file changed, 8 insertions(+), 7 deletions(-)
15
16
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/ptw.c
19
+++ b/target/arm/ptw.c
20
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
21
descaddr |= (address >> (stride * (4 - level))) & indexmask;
22
descaddr &= ~7ULL;
23
nstable = extract32(tableattrs, 4, 1);
24
- if (!nstable) {
25
+ if (nstable) {
26
/*
27
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
28
* Assert that the non-secure idx are even, and relative order.
29
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
30
bool is_secure = ptw->in_secure;
31
ARMMMUIdx s1_mmu_idx;
32
33
+ /*
34
+ * The page table entries may downgrade secure to non-secure, but
35
+ * cannot upgrade an non-secure translation regime's attributes
36
+ * to secure.
37
+ */
38
+ result->f.attrs.secure = is_secure;
39
+
40
switch (mmu_idx) {
41
case ARMMMUIdx_Phys_S:
42
case ARMMMUIdx_Phys_NS:
43
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
44
break;
45
}
46
47
- /*
48
- * The page table entries may downgrade secure to non-secure, but
49
- * cannot upgrade an non-secure translation regime's attributes
50
- * to secure.
51
- */
52
- result->f.attrs.secure = is_secure;
53
result->f.attrs.user = regime_is_user(env, mmu_idx);
54
55
/*
56
--
57
2.25.1
58
59
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.