From nobody Fri Nov 14 20:45:24 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1760102564; cv=none; d=zohomail.com; s=zohoarc; b=EP++JYg/G+tfPPzm5VCR1L1X1kbt2t39ZvEkvb2Hksy4KRP421GxBFf4yVCKLN6/+oictmKfqj91XXGQh8P2O9i+ypjfvYviL1rG+OKvJ+wVmsF4aVLQ7yHiZvI0RXyAwvmXlK0jEQFiJHp6o8zERggg6mEvnUY9QJmOlroUQrc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1760102564; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=D8IqJau8J44WxSvng81ucdCDlJLKa5JbZmwCbYy5YK4=; b=FTVQt3uWTvALdWWB7WS1hfKx8yOC0c7beqHMpPobF75KdnD1A4dFowIkSN0IwJpujlsc6OwLB9S/3hzKHvFY8+LpA532rui7ze8Wr982u5Fh5ctAbMzf1E0mwqMtjnZIMcrG0WliDvHsm5Jgk1TOFT2WhbFl0hvqVSX1GPOZcvQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760102564706767.669236033918; Fri, 10 Oct 2025 06:22:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7CpY-0006O6-3G; Fri, 10 Oct 2025 09:06:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v7CpF-0006HC-Tu for qemu-devel@nongnu.org; Fri, 10 Oct 2025 09:06:26 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1v7Con-0003qw-68 for qemu-devel@nongnu.org; Fri, 10 Oct 2025 09:06:20 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-3ece0e4c5faso2101446f8f.1 for ; Fri, 10 Oct 2025 06:05:53 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-426ce583316sm4221657f8f.20.2025.10.10.06.05.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Oct 2025 06:05:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1760101549; x=1760706349; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=D8IqJau8J44WxSvng81ucdCDlJLKa5JbZmwCbYy5YK4=; b=ytzSWS24Xsy2X03hYPpaYVW03v+O/3k2YEJP1lacxnnV4WWG+0VoN9tv0zvfh0VREv Gj1fmhne2exutWHrn0RgGYj4jYRnszqF3dV/xG1vu+7b7YOdx1rkORV8J4fBWqVzKsyy GiemUhEN1pQXrKfhIatWVxHNbBcERl2DVoA5OI8oNvrGyiOwMO3NPqZ9Z6qIzizFuV6v SjbftBJrUO8xA0tU849beygAZrGf+cVG01kXzInqHU8osbNuNEp12k+Hmsjn+NatZ1vj Vg7l/QLONSrkrRwAUjQCJmAq+lAEoJtLmGHiRG3IqSiy/XAobHbksZGXKRYUImej7wn2 8Kyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760101549; x=1760706349; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D8IqJau8J44WxSvng81ucdCDlJLKa5JbZmwCbYy5YK4=; b=nVuLt1fFwoA9sgKNOiX90Vn9ivU7xLq2POhBchdRvIc9swnUNphfCPP3yr0GpGRzPf 150XfnGOohXZGGiukGnyXClsE5+8xVhRED8UgcZOn0AYr5zy0m/v21EFVnqolsp1VwZa idO+DGNNCjvVlMW2YsIroSSLRXpOKcamacvjC+JHg7O9qBJbB1GEz4E98lfv+jQyL07u UdbDb6GChcNA65vz1pytSp0Sm4Ek3/8ewGPE2lIGzsyhs9RbmYZXyumV0jPsrdEbXN23 w1bYf3dOV3sAu3Ht7w52+ysg9ROTDI932P266uWlFL4Jb2ULaWlisAk95wyEvxoVG5Er BijA== X-Gm-Message-State: AOJu0Yw8LxvP+kqOSvyhT05hIeZPgFT+rLTBCOr8q5b2IFh86boW+zfa qOVLv21GY8Aeu2SHrUrQoY1MbETSLLK8HiX3iyFpUlMVl3x/ihMY3zUjS6AhOFanRDO4Mv2geqQ xpd/o X-Gm-Gg: ASbGnctkhgbHQXvXAiJGikO9C73RptusDZJGrsKnZYcfjkxYkTUw3n59F+Btb4B49Zb 76DwpPLGZEswVjDXsleHFN6vFc0drAwj/lK7Fx4wQhk1aIt0EdFQUuiSFPVvUaNN6LUeUW9AB/r LMbB+H92By3FVwD8XfOy/7sbElVYlAw+7LNkp5X+72bza4Gln+2jCoXg2sAwCNNgaIDGHpH6p7a UtA3TdrN0RHzghGL2o33coZwi16hRgl7uOAyRU7gVhsdDRcSq3W2xJigHEXtfzUMm3rKdGq3wJx FOrJWIBCsRs0wL65A45YYQYdzXwW65UIFVHnR/N9e98jAwNgL4f3Q+lZlmQNrpQPqmre5YklX6I twC/58dkrTupvPyhwBNloQMXU01m+bBRzi/xH299+7qR1LRp9WMAf4cZiccroaw== X-Google-Smtp-Source: AGHT+IF0xh/Ofe1+2Rcdps1B7t6PQ+/rkBGkUsYOjvykGV6Bp8TL1IQ6a5ohuBkSNXSJk+Ppt8J58A== X-Received: by 2002:a05:6000:3106:b0:3ee:12a8:6f1c with SMTP id ffacd0b85a97d-4266e8de388mr7943631f8f.46.1760101549106; Fri, 10 Oct 2025 06:05:49 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 16/76] target/arm: Split out mmuidx.h from cpu.h Date: Fri, 10 Oct 2025 14:04:27 +0100 Message-ID: <20251010130527.3921602-17-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251010130527.3921602-1-peter.maydell@linaro.org> References: <20251010130527.3921602-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1760102570731158500 From: Richard Henderson Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Pierrick Bouvier Signed-off-by: Richard Henderson Message-id: 20251008215613.300150-17-richard.henderson@linaro.org Signed-off-by: Peter Maydell --- target/arm/cpu.h | 207 +----------------------------------------- target/arm/mmuidx.h | 216 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 217 insertions(+), 206 deletions(-) create mode 100644 target/arm/mmuidx.h diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 04b57f1dc5a..6773676973c 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -33,6 +33,7 @@ #include "target/arm/multiprocessing.h" #include "target/arm/gtimer.h" #include "target/arm/cpu-sysregs.h" +#include "target/arm/mmuidx.h" =20 #define EXCP_UDEF 1 /* undefined instruction */ #define EXCP_SWI 2 /* software interrupt */ @@ -2301,212 +2302,6 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_s= ync); =20 #define TYPE_ARM_HOST_CPU "host-" TYPE_ARM_CPU =20 -/* ARM has the following "translation regimes" (as the ARM ARM calls them): - * - * If EL3 is 64-bit: - * + NonSecure EL1 & 0 stage 1 - * + NonSecure EL1 & 0 stage 2 - * + NonSecure EL2 - * + NonSecure EL2 & 0 (ARMv8.1-VHE) - * + Secure EL1 & 0 stage 1 - * + Secure EL1 & 0 stage 2 (FEAT_SEL2) - * + Secure EL2 (FEAT_SEL2) - * + Secure EL2 & 0 (FEAT_SEL2) - * + Realm EL1 & 0 stage 1 (FEAT_RME) - * + Realm EL1 & 0 stage 2 (FEAT_RME) - * + Realm EL2 (FEAT_RME) - * + EL3 - * If EL3 is 32-bit: - * + NonSecure PL1 & 0 stage 1 - * + NonSecure PL1 & 0 stage 2 - * + NonSecure PL2 - * + Secure PL1 & 0 - * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.) - * - * For QEMU, an mmu_idx is not quite the same as a translation regime beca= use: - * 1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_i= dxes, - * because they may differ in access permissions even if the VA->PA ma= p is - * the same - * 2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage= 1+2 - * translation, which means that we have one mmu_idx that deals with t= wo - * concatenated translation regimes [this sort of combined s1+2 TLB is - * architecturally permitted] - * 3. we don't need to allocate an mmu_idx to translations that we won't = be - * handling via the TLB. The only way to do a stage 1 translation with= out - * the immediate stage 2 translation is via the ATS or AT system insns, - * which can be slow-pathed and always do a page table walk. - * The only use of stage 2 translations is either as part of an s1+2 - * lookup or when loading the descriptors during a stage 1 page table = walk, - * and in both those cases we don't use the TLB. - * 4. we can also safely fold together the "32 bit EL3" and "64 bit EL3" - * translation regimes, because they map reasonably well to each other - * and they can't both be active at the same time. - * 5. we want to be able to use the TLB for accesses done as part of a - * stage1 page table walk, rather than having to walk the stage2 page - * table over and over. - * 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access - * Never (PAN) bit within PSTATE. - * 7. we fold together most secure and non-secure regimes for A-profile, - * because there are no banked system registers for aarch64, so the - * process of switching between secure and non-secure is - * already heavyweight. - * 8. we cannot fold together Stage 2 Secure and Stage 2 NonSecure, - * because both are in use simultaneously for Secure EL2. - * - * This gives us the following list of cases: - * - * EL0 EL1&0 stage 1+2 (aka NS PL0 PL1&0 stage 1+2) - * EL1 EL1&0 stage 1+2 (aka NS PL1 PL1&0 stage 1+2) - * EL1 EL1&0 stage 1+2 +PAN (aka NS PL1 P1&0 stage 1+2 +PAN) - * EL0 EL2&0 - * EL2 EL2&0 - * EL2 EL2&0 +PAN - * EL2 (aka NS PL2) - * EL3 (aka AArch32 S PL1 PL1&0) - * AArch32 S PL0 PL1&0 (we call this EL30_0) - * AArch32 S PL1 PL1&0 +PAN (we call this EL30_3_PAN) - * Stage2 Secure - * Stage2 NonSecure - * plus one TLB per Physical address space: S, NS, Realm, Root - * - * for a total of 16 different mmu_idx. - * - * R profile CPUs have an MPU, but can use the same set of MMU indexes - * as A profile. They only need to distinguish EL0 and EL1 (and - * EL2 for cores like the Cortex-R52). - * - * M profile CPUs are rather different as they do not have a true MMU. - * They have the following different MMU indexes: - * User - * Privileged - * User, execution priority negative (ie the MPU HFNMIENA bit may apply) - * Privileged, execution priority negative (ditto) - * If the CPU supports the v8M Security Extension then there are also: - * Secure User - * Secure Privileged - * Secure User, execution priority negative - * Secure Privileged, execution priority negative - * - * The ARMMMUIdx and the mmu index value used by the core QEMU TLB code - * are not quite the same -- different CPU types (most notably M profile - * vs A/R profile) would like to use MMU indexes with different semantics, - * but since we don't ever need to use all of those in a single CPU we - * can avoid having to set NB_MMU_MODES to "total number of A profile MMU - * modes + total number of M profile MMU modes". The lower bits of - * ARMMMUIdx are the core TLB mmu index, and the higher bits are always - * the same for any particular CPU. - * Variables of type ARMMUIdx are always full values, and the core - * index values are in variables of type 'int'. - * - * Our enumeration includes at the end some entries which are not "true" - * mmu_idx values in that they don't have corresponding TLBs and are only - * valid for doing slow path page table walks. - * - * The constant names here are patterned after the general style of the na= mes - * of the AT/ATS operations. - * The values used are carefully arranged to make mmu_idx =3D> EL lookup e= asy. - * For M profile we arrange them to have a bit for priv, a bit for negpri - * and a bit for secure. - */ -#define ARM_MMU_IDX_A 0x10 /* A profile */ -#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */ -#define ARM_MMU_IDX_M 0x40 /* M profile */ - -/* Meanings of the bits for M profile mmu idx values */ -#define ARM_MMU_IDX_M_PRIV 0x1 -#define ARM_MMU_IDX_M_NEGPRI 0x2 -#define ARM_MMU_IDX_M_S 0x4 /* Secure */ - -#define ARM_MMU_IDX_TYPE_MASK \ - (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB) -#define ARM_MMU_IDX_COREIDX_MASK 0xf - -typedef enum ARMMMUIdx { - /* - * A-profile. - */ - ARMMMUIdx_E10_0 =3D 0 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_0 =3D 1 | ARM_MMU_IDX_A, - ARMMMUIdx_E10_1 =3D 2 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2 =3D 3 | ARM_MMU_IDX_A, - ARMMMUIdx_E10_1_PAN =3D 4 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2_PAN =3D 5 | ARM_MMU_IDX_A, - ARMMMUIdx_E2 =3D 6 | ARM_MMU_IDX_A, - ARMMMUIdx_E3 =3D 7 | ARM_MMU_IDX_A, - ARMMMUIdx_E30_0 =3D 8 | ARM_MMU_IDX_A, - ARMMMUIdx_E30_3_PAN =3D 9 | ARM_MMU_IDX_A, - - /* - * Used for second stage of an S12 page table walk, or for descriptor - * loads during first stage of an S1 page table walk. Note that both - * are in use simultaneously for SecureEL2: the security state for - * the S2 ptw is selected by the NS bit from the S1 ptw. - */ - ARMMMUIdx_Stage2_S =3D 10 | ARM_MMU_IDX_A, - ARMMMUIdx_Stage2 =3D 11 | ARM_MMU_IDX_A, - - /* TLBs with 1-1 mapping to the physical address spaces. */ - ARMMMUIdx_Phys_S =3D 12 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_NS =3D 13 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_Root =3D 14 | ARM_MMU_IDX_A, - ARMMMUIdx_Phys_Realm =3D 15 | ARM_MMU_IDX_A, - - /* - * These are not allocated TLBs and are used only for AT system - * instructions or for the first stage of an S12 page table walk. - */ - ARMMMUIdx_Stage1_E0 =3D 0 | ARM_MMU_IDX_NOTLB, - ARMMMUIdx_Stage1_E1 =3D 1 | ARM_MMU_IDX_NOTLB, - ARMMMUIdx_Stage1_E1_PAN =3D 2 | ARM_MMU_IDX_NOTLB, - - /* - * M-profile. - */ - ARMMMUIdx_MUser =3D ARM_MMU_IDX_M, - ARMMMUIdx_MPriv =3D ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV, - ARMMMUIdx_MUserNegPri =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI, - ARMMMUIdx_MPrivNegPri =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI, - ARMMMUIdx_MSUser =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSPriv =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSUserNegPri =3D ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S, - ARMMMUIdx_MSPrivNegPri =3D ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S, -} ARMMMUIdx; - -/* - * Bit macros for the core-mmu-index values for each index, - * for use when calling tlb_flush_by_mmuidx() and friends. - */ -#define TO_CORE_BIT(NAME) \ - ARMMMUIdxBit_##NAME =3D 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_M= ASK) - -typedef enum ARMMMUIdxBit { - TO_CORE_BIT(E10_0), - TO_CORE_BIT(E20_0), - TO_CORE_BIT(E10_1), - TO_CORE_BIT(E10_1_PAN), - TO_CORE_BIT(E2), - TO_CORE_BIT(E20_2), - TO_CORE_BIT(E20_2_PAN), - TO_CORE_BIT(E3), - TO_CORE_BIT(E30_0), - TO_CORE_BIT(E30_3_PAN), - TO_CORE_BIT(Stage2), - TO_CORE_BIT(Stage2_S), - - TO_CORE_BIT(MUser), - TO_CORE_BIT(MPriv), - TO_CORE_BIT(MUserNegPri), - TO_CORE_BIT(MPrivNegPri), - TO_CORE_BIT(MSUser), - TO_CORE_BIT(MSPriv), - TO_CORE_BIT(MSUserNegPri), - TO_CORE_BIT(MSPrivNegPri), -} ARMMMUIdxBit; - -#undef TO_CORE_BIT - -#define MMU_USER_IDX 0 - /* Indexes used when registering address spaces with cpu_address_space_ini= t */ typedef enum ARMASIdx { ARMASIdx_NS =3D 0, diff --git a/target/arm/mmuidx.h b/target/arm/mmuidx.h new file mode 100644 index 00000000000..5b9b4bc84fd --- /dev/null +++ b/target/arm/mmuidx.h @@ -0,0 +1,216 @@ +/* + * QEMU Arm software mmu index definitions + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef TARGET_ARM_MMUIDX_H +#define TARGET_ARM_MMUIDX_H + +/* + * Arm has the following "translation regimes" (as the Arm ARM calls them): + * + * If EL3 is 64-bit: + * + NonSecure EL1 & 0 stage 1 + * + NonSecure EL1 & 0 stage 2 + * + NonSecure EL2 + * + NonSecure EL2 & 0 (ARMv8.1-VHE) + * + Secure EL1 & 0 stage 1 + * + Secure EL1 & 0 stage 2 (FEAT_SEL2) + * + Secure EL2 (FEAT_SEL2) + * + Secure EL2 & 0 (FEAT_SEL2) + * + Realm EL1 & 0 stage 1 (FEAT_RME) + * + Realm EL1 & 0 stage 2 (FEAT_RME) + * + Realm EL2 (FEAT_RME) + * + EL3 + * If EL3 is 32-bit: + * + NonSecure PL1 & 0 stage 1 + * + NonSecure PL1 & 0 stage 2 + * + NonSecure PL2 + * + Secure PL1 & 0 + * (reminder: for 32 bit EL3, Secure PL1 is *EL3*, not EL1.) + * + * For QEMU, an mmu_idx is not quite the same as a translation regime beca= use: + * 1. we need to split the "EL1 & 0" and "EL2 & 0" regimes into two mmu_i= dxes, + * because they may differ in access permissions even if the VA->PA ma= p is + * the same + * 2. we want to cache in our TLB the full VA->IPA->PA lookup for a stage= 1+2 + * translation, which means that we have one mmu_idx that deals with t= wo + * concatenated translation regimes [this sort of combined s1+2 TLB is + * architecturally permitted] + * 3. we don't need to allocate an mmu_idx to translations that we won't = be + * handling via the TLB. The only way to do a stage 1 translation with= out + * the immediate stage 2 translation is via the ATS or AT system insns, + * which can be slow-pathed and always do a page table walk. + * The only use of stage 2 translations is either as part of an s1+2 + * lookup or when loading the descriptors during a stage 1 page table = walk, + * and in both those cases we don't use the TLB. + * 4. we can also safely fold together the "32 bit EL3" and "64 bit EL3" + * translation regimes, because they map reasonably well to each other + * and they can't both be active at the same time. + * 5. we want to be able to use the TLB for accesses done as part of a + * stage1 page table walk, rather than having to walk the stage2 page + * table over and over. + * 6. we need separate EL1/EL2 mmu_idx for handling the Privileged Access + * Never (PAN) bit within PSTATE. + * 7. we fold together most secure and non-secure regimes for A-profile, + * because there are no banked system registers for aarch64, so the + * process of switching between secure and non-secure is + * already heavyweight. + * 8. we cannot fold together Stage 2 Secure and Stage 2 NonSecure, + * because both are in use simultaneously for Secure EL2. + * + * This gives us the following list of cases: + * + * EL0 EL1&0 stage 1+2 (aka NS PL0 PL1&0 stage 1+2) + * EL1 EL1&0 stage 1+2 (aka NS PL1 PL1&0 stage 1+2) + * EL1 EL1&0 stage 1+2 +PAN (aka NS PL1 P1&0 stage 1+2 +PAN) + * EL0 EL2&0 + * EL2 EL2&0 + * EL2 EL2&0 +PAN + * EL2 (aka NS PL2) + * EL3 (aka AArch32 S PL1 PL1&0) + * AArch32 S PL0 PL1&0 (we call this EL30_0) + * AArch32 S PL1 PL1&0 +PAN (we call this EL30_3_PAN) + * Stage2 Secure + * Stage2 NonSecure + * plus one TLB per Physical address space: S, NS, Realm, Root + * + * for a total of 16 different mmu_idx. + * + * R profile CPUs have an MPU, but can use the same set of MMU indexes + * as A profile. They only need to distinguish EL0 and EL1 (and + * EL2 for cores like the Cortex-R52). + * + * M profile CPUs are rather different as they do not have a true MMU. + * They have the following different MMU indexes: + * User + * Privileged + * User, execution priority negative (ie the MPU HFNMIENA bit may apply) + * Privileged, execution priority negative (ditto) + * If the CPU supports the v8M Security Extension then there are also: + * Secure User + * Secure Privileged + * Secure User, execution priority negative + * Secure Privileged, execution priority negative + * + * The ARMMMUIdx and the mmu index value used by the core QEMU TLB code + * are not quite the same -- different CPU types (most notably M profile + * vs A/R profile) would like to use MMU indexes with different semantics, + * but since we don't ever need to use all of those in a single CPU we + * can avoid having to set NB_MMU_MODES to "total number of A profile MMU + * modes + total number of M profile MMU modes". The lower bits of + * ARMMMUIdx are the core TLB mmu index, and the higher bits are always + * the same for any particular CPU. + * Variables of type ARMMUIdx are always full values, and the core + * index values are in variables of type 'int'. + * + * Our enumeration includes at the end some entries which are not "true" + * mmu_idx values in that they don't have corresponding TLBs and are only + * valid for doing slow path page table walks. + * + * The constant names here are patterned after the general style of the na= mes + * of the AT/ATS operations. + * The values used are carefully arranged to make mmu_idx =3D> EL lookup e= asy. + * For M profile we arrange them to have a bit for priv, a bit for negpri + * and a bit for secure. + */ +#define ARM_MMU_IDX_A 0x10 /* A profile */ +#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */ +#define ARM_MMU_IDX_M 0x40 /* M profile */ + +/* Meanings of the bits for M profile mmu idx values */ +#define ARM_MMU_IDX_M_PRIV 0x1 +#define ARM_MMU_IDX_M_NEGPRI 0x2 +#define ARM_MMU_IDX_M_S 0x4 /* Secure */ + +#define ARM_MMU_IDX_TYPE_MASK \ + (ARM_MMU_IDX_A | ARM_MMU_IDX_M | ARM_MMU_IDX_NOTLB) +#define ARM_MMU_IDX_COREIDX_MASK 0xf + +typedef enum ARMMMUIdx { + /* + * A-profile. + */ + ARMMMUIdx_E10_0 =3D 0 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_0 =3D 1 | ARM_MMU_IDX_A, + ARMMMUIdx_E10_1 =3D 2 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_2 =3D 3 | ARM_MMU_IDX_A, + ARMMMUIdx_E10_1_PAN =3D 4 | ARM_MMU_IDX_A, + ARMMMUIdx_E20_2_PAN =3D 5 | ARM_MMU_IDX_A, + ARMMMUIdx_E2 =3D 6 | ARM_MMU_IDX_A, + ARMMMUIdx_E3 =3D 7 | ARM_MMU_IDX_A, + ARMMMUIdx_E30_0 =3D 8 | ARM_MMU_IDX_A, + ARMMMUIdx_E30_3_PAN =3D 9 | ARM_MMU_IDX_A, + + /* + * Used for second stage of an S12 page table walk, or for descriptor + * loads during first stage of an S1 page table walk. Note that both + * are in use simultaneously for SecureEL2: the security state for + * the S2 ptw is selected by the NS bit from the S1 ptw. + */ + ARMMMUIdx_Stage2_S =3D 10 | ARM_MMU_IDX_A, + ARMMMUIdx_Stage2 =3D 11 | ARM_MMU_IDX_A, + + /* TLBs with 1-1 mapping to the physical address spaces. */ + ARMMMUIdx_Phys_S =3D 12 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_NS =3D 13 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_Root =3D 14 | ARM_MMU_IDX_A, + ARMMMUIdx_Phys_Realm =3D 15 | ARM_MMU_IDX_A, + + /* + * These are not allocated TLBs and are used only for AT system + * instructions or for the first stage of an S12 page table walk. + */ + ARMMMUIdx_Stage1_E0 =3D 0 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_E1 =3D 1 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_E1_PAN =3D 2 | ARM_MMU_IDX_NOTLB, + + /* + * M-profile. + */ + ARMMMUIdx_MUser =3D ARM_MMU_IDX_M, + ARMMMUIdx_MPriv =3D ARM_MMU_IDX_M | ARM_MMU_IDX_M_PRIV, + ARMMMUIdx_MUserNegPri =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_NEGPRI, + ARMMMUIdx_MPrivNegPri =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_NEGPRI, + ARMMMUIdx_MSUser =3D ARMMMUIdx_MUser | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSPriv =3D ARMMMUIdx_MPriv | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSUserNegPri =3D ARMMMUIdx_MUserNegPri | ARM_MMU_IDX_M_S, + ARMMMUIdx_MSPrivNegPri =3D ARMMMUIdx_MPrivNegPri | ARM_MMU_IDX_M_S, +} ARMMMUIdx; + +/* + * Bit macros for the core-mmu-index values for each index, + * for use when calling tlb_flush_by_mmuidx() and friends. + */ +#define TO_CORE_BIT(NAME) \ + ARMMMUIdxBit_##NAME =3D 1 << (ARMMMUIdx_##NAME & ARM_MMU_IDX_COREIDX_M= ASK) + +typedef enum ARMMMUIdxBit { + TO_CORE_BIT(E10_0), + TO_CORE_BIT(E20_0), + TO_CORE_BIT(E10_1), + TO_CORE_BIT(E10_1_PAN), + TO_CORE_BIT(E2), + TO_CORE_BIT(E20_2), + TO_CORE_BIT(E20_2_PAN), + TO_CORE_BIT(E3), + TO_CORE_BIT(E30_0), + TO_CORE_BIT(E30_3_PAN), + TO_CORE_BIT(Stage2), + TO_CORE_BIT(Stage2_S), + + TO_CORE_BIT(MUser), + TO_CORE_BIT(MPriv), + TO_CORE_BIT(MUserNegPri), + TO_CORE_BIT(MPrivNegPri), + TO_CORE_BIT(MSUser), + TO_CORE_BIT(MSPriv), + TO_CORE_BIT(MSUserNegPri), + TO_CORE_BIT(MSPrivNegPri), +} ARMMMUIdxBit; + +#undef TO_CORE_BIT + +#define MMU_USER_IDX 0 + +#endif /* TARGET_ARM_MMUIDX_H */ --=20 2.43.0