The following changes since commit 65cc5ccf06a74c98de73ec683d9a543baa302a12:

Merge tag 'pull-riscv-to-apply-20230120' of https://github.com/alistair23/qemu into staging (2023-01-20 16:17:56 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230123

for you to fetch changes up to 3b07a936d3bfe97b07ddffcfbb532985a88033dd:

target/arm: Look up ARMCPRegInfo at runtime (2023-01-23 13:32:38 +0000)

* Widen cnthctl_el2 to uint64_t

* Unify checking for M Main Extension in MRS/MSR

* bitbang_i2c, versatile_i2c: code cleanups

* SME: refactor SME SM/ZA handling

* Fix physical address resolution for MTE

* Fix in_debug path in S1_ptw_translate

* Don't set EXC_RETURN.ES if Security Extension not present

* Implement DBGCLAIM registers

* Provide stubs for more external debug registers

* Look up ARMCPRegInfo at runtime, not translate time

David Reiss (1):

target/arm: Unify checking for M Main Extension in MRS/MSR

Evgeny Iakovlev (2):

target/arm: implement DBGCLAIM registers

target/arm: provide stubs for more external debug registers

Peter Maydell (1):

target/arm: Don't set EXC_RETURN.ES if Security Extension not present

Philippe Mathieu-Daudé (10):

hw/i2c/bitbang_i2c: Define TYPE_GPIO_I2C in public header

hw/i2c/bitbang_i2c: Remove unused dummy MemoryRegion

hw/i2c/bitbang_i2c: Change state calling bitbang_i2c_set_state() helper

hw/i2c/bitbang_i2c: Trace state changes

hw/i2c/bitbang_i2c: Convert DPRINTF() to trace events

hw/i2c/versatile_i2c: Drop useless casts from void * to pointer

hw/i2c/versatile_i2c: Replace VersatileI2CState -> ArmSbconI2CState

hw/i2c/versatile_i2c: Replace TYPE_VERSATILE_I2C -> TYPE_ARM_SBCON_I2C

hw/i2c/versatile_i2c: Use ARM_SBCON_I2C() macro

hw/i2c/versatile_i2c: Rename versatile_i2c -> arm_sbcon_i2c

Richard Henderson (12):

target/arm: Widen cnthctl_el2 to uint64_t

target/arm/sme: Reorg SME access handling in handle_msr_i()

target/arm/sme: Rebuild hflags in set_pstate() helpers

target/arm/sme: Introduce aarch64_set_svcr()

target/arm/sme: Reset SVE state in aarch64_set_svcr()

target/arm/sme: Reset ZA state in aarch64_set_svcr()

target/arm/sme: Rebuild hflags in aarch64_set_svcr()

target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()

target/arm: Fix physical address resolution for MTE

target/arm: Fix in_debug path in S1_ptw_translate

target/arm: Reorg do_coproc_insn

target/arm: Look up ARMCPRegInfo at runtime

MAINTAINERS | 1 +

include/hw/i2c/arm_sbcon_i2c.h | 6 +-

include/hw/i2c/bitbang_i2c.h | 2 +

target/arm/cpu.h | 5 +-

target/arm/helper-sme.h | 3 +-

target/arm/helper.h | 11 +-

target/arm/translate.h | 7 +

hw/arm/musicpal.c | 3 +-

hw/arm/realview.c | 2 +-

hw/arm/versatilepb.c | 2 +-

hw/arm/vexpress.c | 2 +-

hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} | 39 ++-

hw/i2c/bitbang_i2c.c | 80 ++++--

linux-user/aarch64/cpu_loop.c | 11 +-

linux-user/aarch64/signal.c | 13 +-

target/arm/debug_helper.c | 54 ++++

target/arm/helper.c | 41 ++-

target/arm/m_helper.c | 24 +-

target/arm/mte_helper.c | 2 +-

target/arm/op_helper.c | 27 +-

target/arm/ptw.c | 4 +-

target/arm/sme_helper.c | 37 +--

target/arm/translate-a64.c | 68 +++--

target/arm/translate.c | 430 +++++++++++++++-------------

hw/arm/Kconfig | 4 +-

hw/i2c/Kconfig | 2 +-

hw/i2c/meson.build | 2 +-

hw/i2c/trace-events | 7 +

28 files changed, 506 insertions(+), 383 deletions(-)

rename hw/i2c/{versatile_i2c.c => arm_sbcon_i2c.c} (70%)

From: Richard Henderson <richard.henderson@linaro.org>

Do not encode the pointer as a constant in the opcode stream.

This pointer is specific to the cpu that first generated the

translation, which runs into problems with both hot-pluggable

cpus and user-only threads, as cpus are removed. It's also a

potential correctness issue in the theoretical case of a

slightly-heterogenous system, because if CPU 0 generates a

TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's

hash table, which might have a wrong set of registers in it.

(All our current systems are either completely homogenous,

M-profile, or have CPUs sufficiently different that they

wouldn't be sharing TBs anyway because the differences would

show up in the TB flags, so the correctness issue is only

theoretical, not practical.)

Perform the lookup in either helper_access_check_cp_reg,

or a new helper_lookup_cp_reg.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org

[PMM: added note in commit message about correctness issue]

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/helper.h | 11 +++++----

target/arm/translate.h | 7 ++++++

target/arm/op_helper.c | 27 ++++++++++++++------

target/arm/translate-a64.c | 49 ++++++++++++++++++++++---------------

target/arm/translate.c | 50 +++++++++++++++++++++++++-------------

5 files changed, 95 insertions(+), 49 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h

--- a/target/arm/helper.h

+++ b/target/arm/helper.h

@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(v8m_stackcheck, void, env, i32)

DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, i32)

-DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)

-DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)

-DEF_HELPER_2(get_cp_reg, i32, env, ptr)

-DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64)

-DEF_HELPER_2(get_cp_reg64, i64, env, ptr)

+DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)

+DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)

+DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)

+DEF_HELPER_2(get_cp_reg, i32, env, cptr)

+DEF_HELPER_3(set_cp_reg64, void, env, cptr, i64)

+DEF_HELPER_2(get_cp_reg64, i64, env, cptr)

DEF_HELPER_2(get_r13_banked, i32, env, i32)

DEF_HELPER_3(set_r13_banked, void, env, i32, i32)

diff --git a/target/arm/translate.h b/target/arm/translate.h

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate.h

+++ b/target/arm/translate.h

@@ -XXX,XX +XXX,XX @@ static inline void set_disas_label(DisasContext *s, DisasLabel l)

s->pc_save = l.pc_save;

}

+static inline TCGv_ptr gen_lookup_cp_reg(uint32_t key)

+{

+ TCGv_ptr ret = tcg_temp_new_ptr();

+ gen_helper_lookup_cp_reg(ret, cpu_env, tcg_constant_i32(key));

+ return ret;

+}

+

/*

* Helpers for implementing sets of trans_* functions.

* Defer the implementation of NAME to FUNC, with optional extra arguments.

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/op_helper.c

+++ b/target/arm/op_helper.c

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)

}

}

-void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,

- uint32_t isread)

+const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,

+ uint32_t syndrome, uint32_t isread)

{

ARMCPU *cpu = env_archcpu(env);

- const ARMCPRegInfo *ri = rip;

+ const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);

CPAccessResult res = CP_ACCESS_OK;

int target_el;

+ assert(ri != NULL);

+

if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14

&& extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {

res = CP_ACCESS_TRAP;

@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,

res = ri->accessfn(env, ri, isread);

}

if (likely(res == CP_ACCESS_OK)) {

- return;

+ return ri;

}

fail:

@@ -XXX,XX +XXX,XX @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome,

raise_exception(env, EXCP_UDEF, syndrome, target_el);

}

-void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)

+const void *HELPER(lookup_cp_reg)(CPUARMState *env, uint32_t key)

+{

+ ARMCPU *cpu = env_archcpu(env);

+ const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);

+

+ assert(ri != NULL);

+ return ri;

+}

+

+void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)

{

const ARMCPRegInfo *ri = rip;

@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg)(CPUARMState *env, void *rip, uint32_t value)

}

}

-uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)

+uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)

{

const ARMCPRegInfo *ri = rip;

uint32_t res;

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(get_cp_reg)(CPUARMState *env, void *rip)

return res;

}

-void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)

+void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)

{

const ARMCPRegInfo *ri = rip;

@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg64)(CPUARMState *env, void *rip, uint64_t value)

}

}

-uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip)

+uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)

{

const ARMCPRegInfo *ri = rip;

uint64_t res;

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

unsigned int op0, unsigned int op1, unsigned int op2,

unsigned int crn, unsigned int crm, unsigned int rt)

{

- const ARMCPRegInfo *ri;

+ uint32_t key = ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,

+ crn, crm, op0, op1, op2);

+ const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);

+ TCGv_ptr tcg_ri = NULL;

TCGv_i64 tcg_rt;

- ri = get_arm_cp_reginfo(s->cp_regs,

- ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP,

- crn, crm, op0, op1, op2));

-

if (!ri) {

/* Unknown register; this might be a guest error or a QEMU

* unimplemented feature.

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);

gen_a64_update_pc(s, 0);

- gen_helper_access_check_cp_reg(cpu_env,

- tcg_constant_ptr(ri),

+ tcg_ri = tcg_temp_new_ptr();

+ gen_helper_access_check_cp_reg(tcg_ri, cpu_env,

+ tcg_constant_i32(key),

tcg_constant_i32(syndrome),

tcg_constant_i32(isread));

} else if (ri->type & ARM_CP_RAISES_EXC) {

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

case 0:

break;

case ARM_CP_NOP:

- return;

+ goto exit;

case ARM_CP_NZCV:

tcg_rt = cpu_reg(s, rt);

if (isread) {

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

} else {

gen_set_nzcv(tcg_rt);

}

- return;

+ goto exit;

case ARM_CP_CURRENTEL:

/* Reads as current EL value from pstate, which is

* guaranteed to be constant by the tb flags.

*/

tcg_rt = cpu_reg(s, rt);

tcg_gen_movi_i64(tcg_rt, s->current_el << 2);

- return;

+ goto exit;

case ARM_CP_DC_ZVA:

/* Writes clear the aligned block of memory which rt points into. */

if (s->mte_active[0]) {

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

tcg_rt = clean_data_tbi(s, cpu_reg(s, rt));

}

gen_helper_dc_zva(cpu_env, tcg_rt);

- return;

+ goto exit;

case ARM_CP_DC_GVA:

{

TCGv_i64 clean_addr, tag;

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

tcg_temp_free_i64(tag);

}

}

- return;

+ goto exit;

case ARM_CP_DC_GZVA:

{

TCGv_i64 clean_addr, tag;

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

tcg_temp_free_i64(tag);

}

}

- return;

+ goto exit;

default:

g_assert_not_reached();

}

if ((ri->type & ARM_CP_FPU) && !fp_access_check_only(s)) {

- return;

+ goto exit;

} else if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {

- return;

+ goto exit;

} else if ((ri->type & ARM_CP_SME) && !sme_access_check(s)) {

- return;

+ goto exit;

}

if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

if (ri->type & ARM_CP_CONST) {

tcg_gen_movi_i64(tcg_rt, ri->resetvalue);

} else if (ri->readfn) {

- gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_constant_ptr(ri));

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

+ gen_helper_get_cp_reg64(tcg_rt, cpu_env, tcg_ri);

} else {

tcg_gen_ld_i64(tcg_rt, cpu_env, ri->fieldoffset);

}

} else {

if (ri->type & ARM_CP_CONST) {

/* If not forbidden by access permissions, treat as WI */

- return;

+ goto exit;

} else if (ri->writefn) {

- gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tcg_rt);

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

+ gen_helper_set_cp_reg64(cpu_env, tcg_ri, tcg_rt);

} else {

tcg_gen_st_i64(tcg_rt, cpu_env, ri->fieldoffset);

}

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

*/

s->base.is_jmp = DISAS_UPDATE_EXIT;

}

+

+ exit:

+ if (tcg_ri) {

+ tcg_temp_free_ptr(tcg_ri);

+ }

}

/* System

diff --git a/target/arm/translate.c b/target/arm/translate.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

int opc1, int crn, int crm, int opc2,

bool isread, int rt, int rt2)

{

- const ARMCPRegInfo *ri;

+ uint32_t key = ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2);

+ const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key);

+ TCGv_ptr tcg_ri = NULL;

bool need_exit_tb;

- ri = get_arm_cp_reginfo(s->cp_regs,

- ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));

-

if (!ri) {

/*

* Unknown register; this might be a guest error or a QEMU

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

gen_set_condexec(s);

gen_update_pc(s, 0);

- gen_helper_access_check_cp_reg(cpu_env,

- tcg_constant_ptr(ri),

+ tcg_ri = tcg_temp_new_ptr();

+ gen_helper_access_check_cp_reg(tcg_ri, cpu_env,

+ tcg_constant_i32(key),

tcg_constant_i32(syndrome),

tcg_constant_i32(isread));

} else if (ri->type & ARM_CP_RAISES_EXC) {

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

case 0:

break;

case ARM_CP_NOP:

- return;

+ goto exit;

case ARM_CP_WFI:

if (isread) {

unallocated_encoding(s);

- return;

+ } else {

+ gen_update_pc(s, curr_insn_len(s));

+ s->base.is_jmp = DISAS_WFI;

}

- gen_update_pc(s, curr_insn_len(s));

- s->base.is_jmp = DISAS_WFI;

- return;

+ goto exit;

default:

g_assert_not_reached();

}

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

if (ri->type & ARM_CP_CONST) {

tmp64 = tcg_constant_i64(ri->resetvalue);

} else if (ri->readfn) {

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

tmp64 = tcg_temp_new_i64();

- gen_helper_get_cp_reg64(tmp64, cpu_env,

- tcg_constant_ptr(ri));

+ gen_helper_get_cp_reg64(tmp64, cpu_env, tcg_ri);

} else {

tmp64 = tcg_temp_new_i64();

tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

if (ri->type & ARM_CP_CONST) {

tmp = tcg_constant_i32(ri->resetvalue);

} else if (ri->readfn) {

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

tmp = tcg_temp_new_i32();

- gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));

+ gen_helper_get_cp_reg(tmp, cpu_env, tcg_ri);

} else {

tmp = load_cpu_offset(ri->fieldoffset);

}

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

/* Write */

if (ri->type & ARM_CP_CONST) {

/* If not forbidden by access permissions, treat as WI */

- return;

+ goto exit;

}

if (is64) {

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

tcg_temp_free_i32(tmplo);

tcg_temp_free_i32(tmphi);

if (ri->writefn) {

- gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

+ gen_helper_set_cp_reg64(cpu_env, tcg_ri, tmp64);

} else {

tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);

}

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

} else {

TCGv_i32 tmp = load_reg(s, rt);

if (ri->writefn) {

- gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);

+ if (!tcg_ri) {

+ tcg_ri = gen_lookup_cp_reg(key);

+ }

+ gen_helper_set_cp_reg(cpu_env, tcg_ri, tmp);

tcg_temp_free_i32(tmp);

} else {

store_cpu_offset(tmp, ri->fieldoffset, 4);

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

if (need_exit_tb) {

gen_lookup_tb(s);

}

+

+ exit:

+ if (tcg_ri) {

+ tcg_temp_free_ptr(tcg_ri);

+ }

}

/* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */

From: Richard Henderson <richard.henderson@linaro.org>

Move the ri == NULL case to the top of the function and return.

This allows the else to be removed and the code unindented.

target/arm/translate.c | 406 ++++++++++++++++++++---------------------

1 file changed, 203 insertions(+), 203 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,

bool isread, int rt, int rt2)

{

const ARMCPRegInfo *ri;

+ bool need_exit_tb;

ri = get_arm_cp_reginfo(s->cp_regs,

ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));

- if (ri) {

- bool need_exit_tb;

- /* Check access permissions */

- if (!cp_access_ok(s->current_el, ri, isread)) {

- unallocated_encoding(s);

- return;

- }

-

- if (s->hstr_active || ri->accessfn ||

- (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {

- /* Emit code to perform further access permissions checks at

- * runtime; this may result in an exception.

- * Note that on XScale all cp0..c13 registers do an access check

- * call in order to handle c15_cpar.

- */

- uint32_t syndrome;

-

- /* Note that since we are an implementation which takes an

- * exception on a trapped conditional instruction only if the

- * instruction passes its condition code check, we can take

- * advantage of the clause in the ARM ARM that allows us to set

- * the COND field in the instruction to 0xE in all cases.

- * We could fish the actual condition out of the insn (ARM)

- * or the condexec bits (Thumb) but it isn't necessary.

- */

- switch (cpnum) {

- case 14:

- if (is64) {

- syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,

- isread, false);

- } else {

- syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,

- rt, isread, false);

- break;

- case 15:

- if (is64) {

- syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,

- isread, false);

- } else {

- syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,

- rt, isread, false);

- }

- break;

- default:

- /* ARMv8 defines that only coprocessors 14 and 15 exist,

- * so this can only happen if this is an ARMv7 or earlier CPU,

- * in which case the syndrome information won't actually be

- * guest visible.

- */

- assert(!arm_dc_feature(s, ARM_FEATURE_V8));

- syndrome = syn_uncategorized();

- break;

- }

-

- gen_set_condexec(s);

- gen_update_pc(s, 0);

- gen_helper_access_check_cp_reg(cpu_env,

- tcg_constant_ptr(ri),

- tcg_constant_i32(syndrome),

- tcg_constant_i32(isread));

- } else if (ri->type & ARM_CP_RAISES_EXC) {

- /*

- * The readfn or writefn might raise an exception;

- * synchronize the CPU state in case it does.

- */

- gen_set_condexec(s);

- gen_update_pc(s, 0);

- }

-

- /* Handle special cases first */

- switch (ri->type & ARM_CP_SPECIAL_MASK) {

- case 0:

- break;

- case ARM_CP_NOP:

- return;

- case ARM_CP_WFI:

- if (isread) {

- unallocated_encoding(s);

- return;

- }

- gen_update_pc(s, curr_insn_len(s));

- s->base.is_jmp = DISAS_WFI;

- return;

- default:

- g_assert_not_reached();

- }

-

- if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {

- gen_io_start();

- }

-

- if (isread) {

- /* Read */

- if (is64) {

- TCGv_i64 tmp64;

- TCGv_i32 tmp;

- if (ri->type & ARM_CP_CONST) {

- tmp64 = tcg_constant_i64(ri->resetvalue);

- } else if (ri->readfn) {

- tmp64 = tcg_temp_new_i64();

- gen_helper_get_cp_reg64(tmp64, cpu_env,

- tcg_constant_ptr(ri));

- } else {

- tmp64 = tcg_temp_new_i64();

- tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);

- }

- tmp = tcg_temp_new_i32();

- tcg_gen_extrl_i64_i32(tmp, tmp64);

- store_reg(s, rt, tmp);

- tmp = tcg_temp_new_i32();

- tcg_gen_extrh_i64_i32(tmp, tmp64);

- tcg_temp_free_i64(tmp64);

- store_reg(s, rt2, tmp);

- } else {

- TCGv_i32 tmp;

- if (ri->type & ARM_CP_CONST) {

- tmp = tcg_constant_i32(ri->resetvalue);

- } else if (ri->readfn) {

- tmp = tcg_temp_new_i32();

- gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));

- } else {

- tmp = load_cpu_offset(ri->fieldoffset);

- }

- if (rt == 15) {

- /* Destination register of r15 for 32 bit loads sets

- * the condition codes from the high 4 bits of the value

- */

- gen_set_nzcv(tmp);

- tcg_temp_free_i32(tmp);

- } else {

- store_reg(s, rt, tmp);

- }

- }

+ if (!ri) {

+ /*

+ * Unknown register; this might be a guest error or a QEMU

+ * unimplemented feature.

+ */

+ if (is64) {

+ qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "

+ "64 bit system register cp:%d opc1: %d crm:%d "

+ "(%s)\n",

+ isread ? "read" : "write", cpnum, opc1, crm,

+ s->ns ? "non-secure" : "secure");

} else {

- /* Write */

- if (ri->type & ARM_CP_CONST) {

- /* If not forbidden by access permissions, treat as WI */

- return;

- }

-

- if (is64) {

- TCGv_i32 tmplo, tmphi;

- TCGv_i64 tmp64 = tcg_temp_new_i64();

- tmplo = load_reg(s, rt);

- tmphi = load_reg(s, rt2);

- tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);

- tcg_temp_free_i32(tmplo);

- tcg_temp_free_i32(tmphi);

- if (ri->writefn) {

- gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri),

- tmp64);

- } else {

- tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);

- }

- tcg_temp_free_i64(tmp64);

- } else {

- TCGv_i32 tmp = load_reg(s, rt);

- if (ri->writefn) {

- gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);

- tcg_temp_free_i32(tmp);

- } else {

- store_cpu_offset(tmp, ri->fieldoffset, 4);

- }

- }

+ qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "

+ "system register cp:%d opc1:%d crn:%d crm:%d "

+ "opc2:%d (%s)\n",

+ isread ? "read" : "write", cpnum, opc1, crn,

+ crm, opc2, s->ns ? "non-secure" : "secure");

-

- /* I/O operations must end the TB here (whether read or write) */

- need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&

- (ri->type & ARM_CP_IO));

-

- if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {

- /*

- * A write to any coprocessor register that ends a TB

- * must rebuild the hflags for the next TB.

- */

- gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);

- /*

- * We default to ending the TB on a coprocessor register write,

- * but allow this to be suppressed by the register definition

- * (usually only necessary to work around guest bugs).

- */

- need_exit_tb = true;

- }

- if (need_exit_tb) {

- gen_lookup_tb(s);

- }

-

+ unallocated_encoding(s);

return;

}

- /* Unknown register; this might be a guest error or a QEMU

- * unimplemented feature.

- */

- if (is64) {

- qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "

- "64 bit system register cp:%d opc1: %d crm:%d "

- "(%s)\n",

- isread ? "read" : "write", cpnum, opc1, crm,

- s->ns ? "non-secure" : "secure");

- } else {

- qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "

- "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "

- "(%s)\n",

- isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,

- s->ns ? "non-secure" : "secure");

+ /* Check access permissions */

+ if (!cp_access_ok(s->current_el, ri, isread)) {

+ unallocated_encoding(s);

+ return;

}

- unallocated_encoding(s);

- return;

+ if (s->hstr_active || ri->accessfn ||

+ (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {

+ /*

+ * Emit code to perform further access permissions checks at

+ * runtime; this may result in an exception.

+ * Note that on XScale all cp0..c13 registers do an access check

+ * call in order to handle c15_cpar.

+ */

+ uint32_t syndrome;

+

+ /*

+ * Note that since we are an implementation which takes an

+ * exception on a trapped conditional instruction only if the

+ * instruction passes its condition code check, we can take

+ * advantage of the clause in the ARM ARM that allows us to set

+ * the COND field in the instruction to 0xE in all cases.

+ * We could fish the actual condition out of the insn (ARM)

+ * or the condexec bits (Thumb) but it isn't necessary.

+ */

+ switch (cpnum) {

+ case 14:

+ if (is64) {

+ syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,

+ isread, false);

+ } else {

+ syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,

+ rt, isread, false);

+ }

+ break;

+ case 15:

+ if (is64) {

+ syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,

+ isread, false);

+ } else {

+ syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,

+ rt, isread, false);

+ }

+ break;

+ default:

+ /*

+ * ARMv8 defines that only coprocessors 14 and 15 exist,

+ * so this can only happen if this is an ARMv7 or earlier CPU,

+ * in which case the syndrome information won't actually be

+ * guest visible.

+ */

+ assert(!arm_dc_feature(s, ARM_FEATURE_V8));

+ syndrome = syn_uncategorized();

+ break;

+ }

+

+ gen_set_condexec(s);

+ gen_update_pc(s, 0);

+ gen_helper_access_check_cp_reg(cpu_env,

+ tcg_constant_ptr(ri),

+ tcg_constant_i32(syndrome),

+ tcg_constant_i32(isread));

+ } else if (ri->type & ARM_CP_RAISES_EXC) {

+ /*

+ * The readfn or writefn might raise an exception;

+ * synchronize the CPU state in case it does.

+ */

+ gen_set_condexec(s);

+ gen_update_pc(s, 0);

+ }

+

+ /* Handle special cases first */

+ switch (ri->type & ARM_CP_SPECIAL_MASK) {

+ case 0:

+ break;

+ case ARM_CP_NOP:

+ return;

+ case ARM_CP_WFI:

+ if (isread) {

+ unallocated_encoding(s);

+ return;

+ }

+ gen_update_pc(s, curr_insn_len(s));

+ s->base.is_jmp = DISAS_WFI;

+ return;

+ default:

+ g_assert_not_reached();

+ }

+

+ if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {

+ gen_io_start();

+ }

+

+ if (isread) {

+ /* Read */

+ if (is64) {

+ TCGv_i64 tmp64;

+ TCGv_i32 tmp;

+ if (ri->type & ARM_CP_CONST) {

+ tmp64 = tcg_constant_i64(ri->resetvalue);

+ } else if (ri->readfn) {

+ tmp64 = tcg_temp_new_i64();

+ gen_helper_get_cp_reg64(tmp64, cpu_env,

+ tcg_constant_ptr(ri));

+ } else {

+ tmp64 = tcg_temp_new_i64();

+ tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);

+ }

+ tmp = tcg_temp_new_i32();

+ tcg_gen_extrl_i64_i32(tmp, tmp64);

+ store_reg(s, rt, tmp);

+ tmp = tcg_temp_new_i32();

+ tcg_gen_extrh_i64_i32(tmp, tmp64);

+ tcg_temp_free_i64(tmp64);

+ store_reg(s, rt2, tmp);

+ } else {

+ TCGv_i32 tmp;

+ if (ri->type & ARM_CP_CONST) {

+ tmp = tcg_constant_i32(ri->resetvalue);

+ } else if (ri->readfn) {

+ tmp = tcg_temp_new_i32();

+ gen_helper_get_cp_reg(tmp, cpu_env, tcg_constant_ptr(ri));

+ } else {

+ tmp = load_cpu_offset(ri->fieldoffset);

+ }

+ if (rt == 15) {

+ /* Destination register of r15 for 32 bit loads sets

+ * the condition codes from the high 4 bits of the value

+ */

+ gen_set_nzcv(tmp);

+ tcg_temp_free_i32(tmp);

+ } else {

+ store_reg(s, rt, tmp);

+ }

+ }

+ } else {

+ /* Write */

+ if (ri->type & ARM_CP_CONST) {

+ /* If not forbidden by access permissions, treat as WI */

+ return;

+ }

+

+ if (is64) {

+ TCGv_i32 tmplo, tmphi;

+ TCGv_i64 tmp64 = tcg_temp_new_i64();

+ tmplo = load_reg(s, rt);

+ tmphi = load_reg(s, rt2);

+ tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);

+ tcg_temp_free_i32(tmplo);

+ tcg_temp_free_i32(tmphi);

+ if (ri->writefn) {

+ gen_helper_set_cp_reg64(cpu_env, tcg_constant_ptr(ri), tmp64);

+ } else {

+ tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);

+ }

+ tcg_temp_free_i64(tmp64);

+ } else {

+ TCGv_i32 tmp = load_reg(s, rt);

+ if (ri->writefn) {

+ gen_helper_set_cp_reg(cpu_env, tcg_constant_ptr(ri), tmp);

+ tcg_temp_free_i32(tmp);

+ } else {

+ store_cpu_offset(tmp, ri->fieldoffset, 4);

+ }

+ }

+ }

+

+ /* I/O operations must end the TB here (whether read or write) */

+ need_exit_tb = ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) &&

+ (ri->type & ARM_CP_IO));

+

+ if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {

+ /*

+ * A write to any coprocessor register that ends a TB

+ * must rebuild the hflags for the next TB.

+ */

+ gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL);

+ /*

+ * We default to ending the TB on a coprocessor register write,

+ * but allow this to be suppressed by the register definition

+ * (usually only necessary to work around guest bugs).

+ */

+ need_exit_tb = true;

+ }

+ if (need_exit_tb) {

+ gen_lookup_tb(s);

+ }

}

/* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */

In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if

either the exception targets Secure or if the CPU doesn't implement

the Security Extension. This is incorrect: the v8M Arm ARM specifies

that the ES bit should be RES0 if the Security Extension is not

implemented, and the pseudocode agrees.

target/arm/m_helper.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c

--- a/target/arm/m_helper.c

+++ b/target/arm/m_helper.c

@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,

}

lr &= ~R_V7M_EXCRET_ES_MASK;

- if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {

+ if (targets_secure) {

lr |= R_V7M_EXCRET_ES_MASK;

}

lr &= ~R_V7M_EXCRET_SPSEL_MASK;

From: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>

The architecture does not define any functionality for the CLAIM tag bits.

So we will just keep the raw bits, as per spec.

Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>