From nobody Mon Dec 15 21:29:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1755177844; cv=none; d=zohomail.com; s=zohoarc; b=BJqbuOnLa0gf82VjMs529A+BnZNNNPKA8n8m3y/2xraS1JXZXXZM+jV6X13kQsa0FaoJs5wt6huxUFC+ZIH3j/qY/T8Du08aQY6uTw3VvZDVhk8g+4iwsTfWa93olMqkBeQq6dZHH6IJ7C+oUOKKHqsdqseyI4dMLTsqKVjNj/I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1755177844; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2gffaQ9erEJl6Cpuxyf45+FvP+94m/M5e8TzVBlqSnU=; b=ODEMdzCKwMqaBlAvj054RZMw0Q0I3RbpWC1oU9b9m1brsug3LQEXCmdF+5kjSADWtQN+wH/nuHswn4ZsFTB4rhmoE7A2Tzy1MkBKZDjEAjho4eHc9TE+bH5l4s+ijxhALhf6fXjLgZS+8n84ipwz5/Qb1i+aYuSIYM/vLn5gKR8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1755177844879202.07721688205743; Thu, 14 Aug 2025 06:24:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1umXZL-0003sO-M8; Thu, 14 Aug 2025 09:00:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1umXYm-0002fE-78 for qemu-devel@nongnu.org; Thu, 14 Aug 2025 09:00:00 -0400 Received: from mail-pj1-x102e.google.com ([2607:f8b0:4864:20::102e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1umXYc-0004Qa-GL for qemu-devel@nongnu.org; Thu, 14 Aug 2025 08:59:57 -0400 Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-323266baa22so794380a91.0 for ; Thu, 14 Aug 2025 05:59:47 -0700 (PDT) Received: from localhost.localdomain ([206.83.105.236]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3233100c994sm1766256a91.21.2025.08.14.05.59.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Aug 2025 05:59:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1755176386; x=1755781186; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2gffaQ9erEJl6Cpuxyf45+FvP+94m/M5e8TzVBlqSnU=; b=YFNKi+qvn2Kq6AtdbCnMGYEsN6iGuk024rEdo3+tLl6e5krrBsZdeUBwiIm4nHyG3w cbf0mUl7U66fBJBppXvafiEtpafmdLllwqYcF1bfJfUNV7n0GOzolb2j8XSsv8Scj9Gd yBVhucYvHckkJ0KkC8uxXi8XtTuOUaoEorcYW8ssmCluUOrir29a7mVlXPHbXuGV7PB4 7au2RnkgQ9lH0WM1EvAxLyzFAevbDw/hVJBs8j12FIntZw7lVzcd+Lq1CGjJtL2vq7OP GntwMUX7+CldIEaMYLZjK16uao5r+fKqCs0n7WmwZJDvkBo8VGZ/8bz0pvASPhHSlz4j uAEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755176386; x=1755781186; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2gffaQ9erEJl6Cpuxyf45+FvP+94m/M5e8TzVBlqSnU=; b=SuXSdXevzy3kIth7Pp1tvEyX4zGGEqJ3jiJVAwwuKd1z9LPOf1GueHk71W3j/cfWxD b73DuivLB1vLD+a71oC3cnlK5oNwhJZnMmO+GX+Bj7YsFFo8VrKu/X/f766SMNXjjuL2 /2RbuASCEPSbiLy99BXRVpZPrSo7/SX+flFdin5fQYyiJ6hHcBr/GacrU5oY6vE+6Rng yfjOrDlHZSNnOgJbxokc0Bj+OrumnaIxTjqX1cuB37i+w/r+gAm2KK3yGh1TJBo3STgm dTNZonNRivnn1C2IdigKW0B0mZOWkb+mBt7mZXnA7KrJPI/BSa4hji1vCr2LDfyz0eoO 1CFQ== X-Gm-Message-State: AOJu0Yz88qaltobWWKHxxgFZMG3uwZDpWWOWq5exdFfq6dYDjgoTQ+Fv 1S/MUJ0787wR4iwFKmlhOhBhj/CfR5vSa9hUwhJEUt4eHOq8uXm7b3TxFN6SJovJzk2PqJoRpxV /URIYiJ8= X-Gm-Gg: ASbGnctUaiBrxdPzS1Xu+eZAE8CSO/8dydebLglr0//GhQ6v6DCljdUpGOekISPV2yZ Ajo8PlcMR86YYAum0tLy5lW4fLhAbmR0EBDXrbcdY5yCkpRylokawL8ebjXaxJLumRdSm1HvWYg pu6gH61wzRIOfT/l4UQjCzEEdOoRc5b2qZRDAlKHVfhDXt6/9F6dXU4zmrpsjJLvgsghgS3heKO Pyknj9gzsQiBkRyo19gA2vCpolhtoZ20TMSz0YLMI7MX/12Ii+gmyRr+LPPSwja4wq23L/5wMZo 8ihmKPhfb7+JpJGmipPspERZkaBNl4+kAaEc/qaR3ZtuR8eosVh7mR68cl/YILQ8G7wnUiwiKnZ OksotS2Ruxe9aP/WYlGQ7ndAr+YkFL2YH0CF7omlnav5wfpY= X-Google-Smtp-Source: AGHT+IF/KKUfMGG/4yqONAnKLVz38uI4fT8fC++4eNAGnNGjJLZHcJoI89v6gELyb0TIzsw8qT8vXg== X-Received: by 2002:a17:90b:3f85:b0:31e:9cdb:32df with SMTP id 98e67ed59e1d1-32327ab3dfdmr5239796a91.10.1755176385533; Thu, 14 Aug 2025 05:59:45 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Cc: qemu-arm@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pierrick Bouvier Subject: [PATCH v3 32/85] target/arm: Split out mmuidx.h from cpu.h Date: Thu, 14 Aug 2025 22:56:59 +1000 Message-ID: <20250814125752.164107-33-richard.henderson@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250814125752.164107-1-richard.henderson@linaro.org> References: <20250814125752.164107-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::102e; envelope-from=richard.henderson@linaro.org; helo=mail-pj1-x102e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1755177846012116600 Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Pierrick Bouvier Signed-off-by: Richard Henderson --- target/arm/cpu.h | 207 +----------------------------------------- target/arm/mmuidx.h | 216 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 217 insertions(+), 206 deletions(-) create mode 100644 target/arm/mmuidx.h diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 4940bd6a45..da42bd4466 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -33,6 +33,7 @@ #include "target/arm/multiprocessing.h" #include "target/arm/gtimer.h" #include "target/arm/cpu-sysregs.h" +#include "target/arm/mmuidx.h" =20 #define EXCP_UDEF 1 /* undefined instruction */ #define EXCP_SWI 2 /* software interrupt */ @@ -2736,212 +2737,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_s= ync); =20 #define TYPE_ARM_HOST_CPU "host-" TYPE_ARM_CPU =20 -/* ARM has the following "translation regimes" (as the ARM ARM calls them): - * - * If EL3 is 64-bit: - * + NonSecure EL1 & 0 stage 1 - * + NonSecure EL1 & 0 stage 2 - * + NonSecure EL2 - * + NonSecure EL2 & 0 (ARMv8.1-VHE) - * + Secure EL1 & 0 stage 1 - * + Secure EL1 & 0 stage 2 (FEAT_SEL2) - * + Secure EL2 (FEAT_SEL2) - * + Secure EL2 & 0 (FEAT_SEL2) - * + Realm EL1 & 0 stage 1 (FEAT_RME) - * + Realm EL1 & 0 stage 2 (FEAT_RME) - * + Realm EL2 (FEAT_RME) - * + EL3 - * If EL3 is 32-bit: - * + NonSecure PL1 & 0 stage 1 - * + NonSecure PL1 & 0 stage 2 - * + NonSecure PL2 - * + Secure PL1 & 0 - * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.) - * - * For QEMU, an mmu_idx is not quite the same as a translation regime beca= use: - * 1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_i= dxes, - * because they may differ in access permissions even if the VA->PA ma= p is - * the same - * 2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage= 1+2 - * translation, which means that we have one mmu_idx that deals with t= wo - * concatenated translation regimes [this sort of combined s1+2 TLB is - * architecturally permitted] - * 3. we don't need to allocate an mmu_idx to translations that we won't = be - * handling via the TLB. The only way to do a stage 1 translation with= out - * the immediate stage 2 translation is via the ATS or AT system insns, - * which can be slow-pathed and always do a page table walk. - * The only use of stage 2 translations is either as part of an s1+2 - * lookup or when loading the descriptors during a stage 1 page table = walk, - * and in both those cases we don't use the TLB. - * 4. we can also safely fold together the "32 bit EL3" and "64 bit EL3" - * translation regimes, because they map reasonably well to each other - * and they can't both be active at the same time. - * 5. we want to be able to use the TLB for accesses done as part of a - * stage1 page table walk, rather than having to walk the stage2 page - * table over and over. - * 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access - * Never (PAN) bit within PSTATE. - * 7. we fold together most secure and non-secure regimes for A-profile, - * because there are no banked system registers for aarch64, so the - * process of switching between secure and non-secure is - * already heavyweight. - * 8. we cannot fold together Stage 2 Secure and Stage 2 NonSecure, - * because both are in use simultaneously for Secure EL2. - * - * This gives us the following list of cases: - * - * EL0 EL1&0 stage 1+2 (aka NS PL0 PL1&0 stage 1+2) - * EL1 EL1&0 stage 1+2 (aka NS PL1 PL1&0 stage 1+2) - * EL1 EL1&0 stage 1+2 +PAN (aka NS PL1 P1&0 stage 1+2 +PAN) - * EL0 EL2&0 - * EL2 EL2&0 - * EL2 EL2&0 +PAN - * EL2 (aka NS PL2) - * EL3 (aka AArch32 S PL1 PL1&0) - * AArch32 S PL0 PL1&0 (we call this EL30_0) - * AArch32 S PL1 PL1&0 +PAN (we call this EL30_3_PAN) - * Stage2 Secure - * Stage2 NonSecure - * plus one TLB per Physical address space: S, NS, Realm, Root - * - * for a total of 16 different mmu_idx. - * - * R profile CPUs have an MPU, but can use the same set of MMU indexes - * as A profile. They only need to distinguish EL0 and EL1 (and - * EL2 for cores like the Cortex-R52). - * - * M profile CPUs are rather different as they do not have a true MMU. - * They have the following different MMU indexes: - * User - * Privileged - * User, execution priority negative (ie the MPU HFNMIENA bit may apply) - * Privileged, execution priority negative (ditto) - * If the CPU supports the v8M Security Extension then there are also: - * Secure User - * Secure Privileged - * Secure User, execution priority negative - * Secure Privileged, execution priority negative - * - * The ARMMMUIdx and the mmu index value used by the core QEMU TLB code - * are not quite the same -- different CPU types (most notably M profile - * vs A/R profile) would like to use MMU indexes with different semantics, - * but since we don't ever need to use all of those in a single CPU we - * can avoid having to set NB_MMU_MODES to "total number of A profile MMU - * modes + total number of M profile MMU modes". The lower bits of - * ARMMMUIdx are the core TLB mmu index, and the higher bits are always - * the same for any particular CPU. - * Variables of type ARMMUIdx are always full values, and the core - * index values are in variables of type 'int'. - * - * Our enumeration includes at the end some entries which are not "true" - * mmu_idx values in that they don't have corresponding TLBs and are only - * valid for doing slow path page table walks. - * - * The constant names here are patterned after the general style of the na= mes - * of the AT/ATS operations. - * The values used are carefully arranged to make mmu_idx =3D> EL lookup e= asy. - * For M profile we arrange them to have a bit for priv, a bit for negpri - * and a bit for secure. - */ -#define ARM_MMU_IDX_A 0x10 /* A profile */ -#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */ -#define ARM_MMU_IDX_M 0x40 /* M profile */ - -/* Meanings of the bits for M profile mmu idx values */ -#define ARM_MMU_IDX_M_PRIV 0x1 -#define ARM_MMU_IDX_M_NEGPRI 0x2 -#define ARM_MMU_IDX_M_S 0x4 /* Secure */ - -#define ARM_MMU_IDX_TYPE_MASK \ - (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB) -#define ARM_MMU_IDX_COREIDX_MASK 0xf - -typedef enum ARMMMUIdx { - /* - * A-profile. - */ - ARMMMUIdx_E10_0 =3D 0 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_0 =3D 1 | ARM_MMU_IDX_A, - ARMMMUIdx_E10_1 =3D 2 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2 =3D 3 | ARM_MMU_IDX_A, - ARMMMUIdx_E10_1_PAN =3D 4 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2_PAN =3D 5 | ARM_MMU_IDX_A, - ARMMMUIdx_E2 =3D 6 | ARM_MMU_IDX_A, - ARMMMUIdx_E3 =3D 7 | ARM_MMU_IDX_A, - ARMMMUIdx_E30_0 =3D 8 | ARM_MMU_IDX_A, - ARMMMUIdx_E30_3_PAN =3D 9 | ARM_MMU_IDX_A, - - /* - * Used for second stage of an S12 page table walk, or for descriptor - * loads during first stage of an S1 page table walk. Note that both - * are in use simultaneously for SecureEL2: the security state for - * the S2 ptw is selected by the NS bit from the S1 ptw. - */ - ARMMMUIdx_Stage2_S =3D 10 | ARM_MMU_IDX_A, - ARMMMUIdx_Stage2 =3D 11 | ARM_MMU_IDX_A, - - /* TLBs with 1-1 mapping to the physical address spaces. */ - ARMMMUIdx_Phys_S =3D 12 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_NS =3D 13 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_Root =3D 14 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_Realm =3D 15 | ARM_MMU_IDX_A, - - /* - * These are not allocated TLBs and are used only for AT system - * instructions or for the first stage of an S12 page table walk. - */ - ARMMMUIdx_Stage1_E0 =3D 0 | ARM_MMU_IDX_NOTLB, - ARMMMUIdx_Stage1_E1 =3D 1 | ARM_MMU_IDX_NOTLB, - ARMMMUIdx_Stage1_E1_PAN =3D 2 | ARM_MMU_IDX_NOTLB, - - /* - * M-profile. - */ - ARMMMUIdx_MUser =3D ARM_MMU_IDX_M, - ARMMMUIdx_MPriv =3D ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV, - ARMMMUIdx_MUserNegPri =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI, - ARMMMUIdx_MPrivNegPri =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI, - ARMMMUIdx_MSUser =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSPriv =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSUserNegPri =3D ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSPrivNegPri =3D ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S, -} ARMMMUIdx; - -/* - * Bit macros for the core-mmu-index values for each index, - * for use when calling tlb_flush_by_mmuidx() and friends. - */ -#define TO_CORE_BIT(NAME) \ - ARMMMUIdxBit_##NAME =3D 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_M= ASK) - -typedef enum ARMMMUIdxBit { - TO_CORE_BIT(E10_0), - TO_CORE_BIT(E20_0), - TO_CORE_BIT(E10_1), - TO_CORE_BIT(E10_1_PAN), - TO_CORE_BIT(E2), - TO_CORE_BIT(E20_2), - TO_CORE_BIT(E20_2_PAN), - TO_CORE_BIT(E3), - TO_CORE_BIT(E30_0), - TO_CORE_BIT(E30_3_PAN), - TO_CORE_BIT(Stage2), - TO_CORE_BIT(Stage2_S), - - TO_CORE_BIT(MUser), - TO_CORE_BIT(MPriv), - TO_CORE_BIT(MUserNegPri), - TO_CORE_BIT(MPrivNegPri), - TO_CORE_BIT(MSUser), - TO_CORE_BIT(MSPriv), - TO_CORE_BIT(MSUserNegPri), - TO_CORE_BIT(MSPrivNegPri), -} ARMMMUIdxBit; - -#undef TO_CORE_BIT - -#define MMU_USER_IDX 0 - /* Indexes used when registering address spaces with cpu_address_space_ini= t */ typedef enum ARMASIdx { ARMASIdx_NS =3D 0, diff --git a/target/arm/mmuidx.h b/target/arm/mmuidx.h new file mode 100644 index 0000000000..5b9b4bc84f --- /dev/null +++ b/target/arm/mmuidx.h @@ -0,0 +1,216 @@ +/* + * QEMU Arm software mmu index definitions + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef TARGET_ARM_MMUIDX_H +#define TARGET_ARM_MMUIDX_H + +/* + * Arm has the following "translation regimes" (as the Arm ARM calls them): + * + * If EL3 is 64-bit: + * + NonSecure EL1 & 0 stage 1 + * + NonSecure EL1 & 0 stage 2 + * + NonSecure EL2 + * + NonSecure EL2 & 0 (ARMv8.1-VHE) + * + Secure EL1 & 0 stage 1 + * + Secure EL1 & 0 stage 2 (FEAT_SEL2) + * + Secure EL2 (FEAT_SEL2) + * + Secure EL2 & 0 (FEAT_SEL2) + * + Realm EL1 & 0 stage 1 (FEAT_RME) + * + Realm EL1 & 0 stage 2 (FEAT_RME) + * + Realm EL2 (FEAT_RME) + * + EL3 + * If EL3 is 32-bit: + * + NonSecure PL1 & 0 stage 1 + * + NonSecure PL1 & 0 stage 2 + * + NonSecure PL2 + * + Secure PL1 & 0 + * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.) + * + * For QEMU, an mmu_idx is not quite the same as a translation regime beca= use: + * 1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_i= dxes, + * because they may differ in access permissions even if the VA->PA ma= p is + * the same + * 2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage= 1+2 + * translation, which means that we have one mmu_idx that deals with t= wo + * concatenated translation regimes [this sort of combined s1+2 TLB is + * architecturally permitted] + * 3. we don't need to allocate an mmu_idx to translations that we won't = be + * handling via the TLB. The only way to do a stage 1 translation with= out + * the immediate stage 2 translation is via the ATS or AT system insns, + * which can be slow-pathed and always do a page table walk. + * The only use of stage 2 translations is either as part of an s1+2 + * lookup or when loading the descriptors during a stage 1 page table = walk, + * and in both those cases we don't use the TLB. + * 4. we can also safely fold together the "32 bit EL3" and "64 bit EL3" + * translation regimes, because they map reasonably well to each other + * and they can't both be active at the same time. + * 5. we want to be able to use the TLB for accesses done as part of a + * stage1 page table walk, rather than having to walk the stage2 page + * table over and over. + * 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access + * Never (PAN) bit within PSTATE. + * 7. we fold together most secure and non-secure regimes for A-profile, + * because there are no banked system registers for aarch64, so the + * process of switching between secure and non-secure is + * already heavyweight. + * 8. we cannot fold together Stage 2 Secure and Stage 2 NonSecure, + * because both are in use simultaneously for Secure EL2. + * + * This gives us the following list of cases: + * + * EL0 EL1&0 stage 1+2 (aka NS PL0 PL1&0 stage 1+2) + * EL1 EL1&0 stage 1+2 (aka NS PL1 PL1&0 stage 1+2) + * EL1 EL1&0 stage 1+2 +PAN (aka NS PL1 P1&0 stage 1+2 +PAN) + * EL0 EL2&0 + * EL2 EL2&0 + * EL2 EL2&0 +PAN + * EL2 (aka NS PL2) + * EL3 (aka AArch32 S PL1 PL1&0) + * AArch32 S PL0 PL1&0 (we call this EL30_0) + * AArch32 S PL1 PL1&0 +PAN (we call this EL30_3_PAN) + * Stage2 Secure + * Stage2 NonSecure + * plus one TLB per Physical address space: S, NS, Realm, Root + * + * for a total of 16 different mmu_idx. + * + * R profile CPUs have an MPU, but can use the same set of MMU indexes + * as A profile. They only need to distinguish EL0 and EL1 (and + * EL2 for cores like the Cortex-R52). + * + * M profile CPUs are rather different as they do not have a true MMU. + * They have the following different MMU indexes: + * User + * Privileged + * User, execution priority negative (ie the MPU HFNMIENA bit may apply) + * Privileged, execution priority negative (ditto) + * If the CPU supports the v8M Security Extension then there are also: + * Secure User + * Secure Privileged + * Secure User, execution priority negative + * Secure Privileged, execution priority negative + * + * The ARMMMUIdx and the mmu index value used by the core QEMU TLB code + * are not quite the same -- different CPU types (most notably M profile + * vs A/R profile) would like to use MMU indexes with different semantics, + * but since we don't ever need to use all of those in a single CPU we + * can avoid having to set NB_MMU_MODES to "total number of A profile MMU + * modes + total number of M profile MMU modes". The lower bits of + * ARMMMUIdx are the core TLB mmu index, and the higher bits are always + * the same for any particular CPU. + * Variables of type ARMMUIdx are always full values, and the core + * index values are in variables of type 'int'. + * + * Our enumeration includes at the end some entries which are not "true" + * mmu_idx values in that they don't have corresponding TLBs and are only + * valid for doing slow path page table walks. + * + * The constant names here are patterned after the general style of the na= mes + * of the AT/ATS operations. + * The values used are carefully arranged to make mmu_idx =3D> EL lookup e= asy. + * For M profile we arrange them to have a bit for priv, a bit for negpri + * and a bit for secure. + */ +#define ARM_MMU_IDX_A 0x10 /* A profile */ +#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */ +#define ARM_MMU_IDX_M 0x40 /* M profile */ + +/* Meanings of the bits for M profile mmu idx values */ +#define ARM_MMU_IDX_M_PRIV 0x1 +#define ARM_MMU_IDX_M_NEGPRI 0x2 +#define ARM_MMU_IDX_M_S 0x4 /* Secure */ + +#define ARM_MMU_IDX_TYPE_MASK \ + (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB) +#define ARM_MMU_IDX_COREIDX_MASK 0xf + +typedef enum ARMMMUIdx { + /* + * A-profile. + */ + ARMMMUIdx_E10_0 =3D 0 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_0 =3D 1 | ARM_MMU_IDX_A, + ARMMMUIdx_E10_1 =3D 2 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_2 =3D 3 | ARM_MMU_IDX_A, + ARMMMUIdx_E10_1_PAN =3D 4 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_2_PAN =3D 5 | ARM_MMU_IDX_A, + ARMMMUIdx_E2 =3D 6 | ARM_MMU_IDX_A, + ARMMMUIdx_E3 =3D 7 | ARM_MMU_IDX_A, + ARMMMUIdx_E30_0 =3D 8 | ARM_MMU_IDX_A, + ARMMMUIdx_E30_3_PAN =3D 9 | ARM_MMU_IDX_A, + + /* + * Used for second stage of an S12 page table walk, or for descriptor + * loads during first stage of an S1 page table walk. Note that both + * are in use simultaneously for SecureEL2: the security state for + * the S2 ptw is selected by the NS bit from the S1 ptw. + */ + ARMMMUIdx_Stage2_S =3D 10 | ARM_MMU_IDX_A, + ARMMMUIdx_Stage2 =3D 11 | ARM_MMU_IDX_A, + + /* TLBs with 1-1 mapping to the physical address spaces. */ + ARMMMUIdx_Phys_S =3D 12 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_NS =3D 13 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_Root =3D 14 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_Realm =3D 15 | ARM_MMU_IDX_A, + + /* + * These are not allocated TLBs and are used only for AT system + * instructions or for the first stage of an S12 page table walk. + */ + ARMMMUIdx_Stage1_E0 =3D 0 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_E1 =3D 1 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_E1_PAN =3D 2 | ARM_MMU_IDX_NOTLB, + + /* + * M-profile. + */ + ARMMMUIdx_MUser =3D ARM_MMU_IDX_M, + ARMMMUIdx_MPriv =3D ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV, + ARMMMUIdx_MUserNegPri =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI, + ARMMMUIdx_MPrivNegPri =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI, + ARMMMUIdx_MSUser =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSPriv =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSUserNegPri =3D ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSPrivNegPri =3D ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S, +} ARMMMUIdx; + +/* + * Bit macros for the core-mmu-index values for each index, + * for use when calling tlb_flush_by_mmuidx() and friends. + */ +#define TO_CORE_BIT(NAME) \ + ARMMMUIdxBit_##NAME =3D 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_M= ASK) + +typedef enum ARMMMUIdxBit { + TO_CORE_BIT(E10_0), + TO_CORE_BIT(E20_0), + TO_CORE_BIT(E10_1), + TO_CORE_BIT(E10_1_PAN), + TO_CORE_BIT(E2), + TO_CORE_BIT(E20_2), + TO_CORE_BIT(E20_2_PAN), + TO_CORE_BIT(E3), + TO_CORE_BIT(E30_0), + TO_CORE_BIT(E30_3_PAN), + TO_CORE_BIT(Stage2), + TO_CORE_BIT(Stage2_S), + + TO_CORE_BIT(MUser), + TO_CORE_BIT(MPriv), + TO_CORE_BIT(MUserNegPri), + TO_CORE_BIT(MPrivNegPri), + TO_CORE_BIT(MSUser), + TO_CORE_BIT(MSPriv), + TO_CORE_BIT(MSUserNegPri), + TO_CORE_BIT(MSPrivNegPri), +} ARMMMUIdxBit; + +#undef TO_CORE_BIT + +#define MMU_USER_IDX 0 + +#endif /* TARGET_ARM_MMUIDX_H */ --=20 2.43.0