From patchwork Mon Nov 23 08:02:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 276EAC2D0E4 for ; Mon, 23 Nov 2020 08:07:03 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9C48B204EF for ; Mon, 23 Nov 2020 08:07:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9C48B204EF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:52634 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6sH-0001Xk-KT for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:07:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35640) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o4-0005jM-2q; Mon, 23 Nov 2020 03:02:40 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54618 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o2-0004dh-J0; Mon, 23 Nov 2020 03:02:39 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 37D6A5FC79; Mon, 23 Nov 2020 09:02:37 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 01/17] target/arm: remove redundant tests Date: Mon, 23 Nov 2020 10:02:21 +0200 Message-Id: <20201123080237.18465-1-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont In this context, the HCR value is the effective value, and thus is zero in secure mode. The tests for HCR.{F,I}MO are sufficient. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.c | 8 ++++---- target/arm/helper.c | 10 ++++------ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 07492e9f9a..48b34080ce 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -447,14 +447,14 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, break; case EXCP_VFIQ: - if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) { - /* VFIQs are only taken when hypervized and non-secure. */ + if (!(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) { + /* VFIQs are only taken when hypervized. */ return false; } return !(env->daif & PSTATE_F); case EXCP_VIRQ: - if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) { - /* VIRQs are only taken when hypervized and non-secure. */ + if (!(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) { + /* VIRQs are only taken when hypervized. */ return false; } return !(env->daif & PSTATE_I); diff --git a/target/arm/helper.c b/target/arm/helper.c index 11b0803df7..346dc91a91 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -2083,13 +2083,11 @@ static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri, static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri) { CPUState *cs = env_cpu(env); - uint64_t hcr_el2 = arm_hcr_el2_eff(env); + bool el1 = arm_current_el(env) == 1; + uint64_t hcr_el2 = el1 ? arm_hcr_el2_eff(env) : 0; uint64_t ret = 0; - bool allow_virt = (arm_current_el(env) == 1 && - (!arm_is_secure_below_el3(env) || - (env->cp15.scr_el3 & SCR_EEL2))); - if (allow_virt && (hcr_el2 & HCR_IMO)) { + if (hcr_el2 & HCR_IMO) { if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) { ret |= CPSR_I; } @@ -2099,7 +2097,7 @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri) } } - if (allow_virt && (hcr_el2 & HCR_FMO)) { + if (hcr_el2 & HCR_FMO) { if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) { ret |= CPSR_F; } From patchwork Mon Nov 23 08:02:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1C04C2D0E4 for ; Mon, 23 Nov 2020 08:07:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 54D43204EF for ; Mon, 23 Nov 2020 08:07:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 54D43204EF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:55330 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6su-0002au-AX for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:07:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35684) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o5-0005kg-BJ; Mon, 23 Nov 2020 03:02:41 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54620 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o2-0004dk-OG; Mon, 23 Nov 2020 03:02:41 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 873225FD4A; Mon, 23 Nov 2020 09:02:37 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 02/17] target/arm: add arm_is_el2_enabled() helper Date: Mon, 23 Nov 2020 10:02:22 +0200 Message-Id: <20201123080237.18465-2-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This checks if EL2 is enabled (meaning EL2 registers take effects) in the current security context. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index e5514c8286..30b5af5cde 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2040,6 +2040,18 @@ static inline bool arm_is_secure(CPUARMState *env) return arm_is_secure_below_el3(env); } +/* + * Return true if the current security state has AArch64 EL2 or AArch32 Hyp. + * This corresponds to the pseudocode EL2Enabled() + */ +static inline bool arm_is_el2_enabled(CPUARMState *env) +{ + if (arm_feature(env, ARM_FEATURE_EL2)) { + return !arm_is_secure_below_el3(env); + } + return false; +} + #else static inline bool arm_is_secure_below_el3(CPUARMState *env) { @@ -2050,6 +2062,11 @@ static inline bool arm_is_secure(CPUARMState *env) { return false; } + +static inline bool arm_is_el2_enabled(CPUARMState *env) +{ + return false; +} #endif /** From patchwork Mon Nov 23 08:02:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49E0EC2D0E4 for ; Mon, 23 Nov 2020 08:09:42 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AB861206D4 for ; Mon, 23 Nov 2020 08:09:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AB861206D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34092 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6up-0005Pg-SQ for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:09:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35700) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o5-0005ku-P3; Mon, 23 Nov 2020 03:02:41 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54622 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o3-0004dr-0M; Mon, 23 Nov 2020 03:02:41 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id CBCB06022F; Mon, 23 Nov 2020 09:02:37 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 03/17] target/arm: use arm_is_el2_enabled() where applicable Date: Mon, 23 Nov 2020 10:02:23 +0200 Message-Id: <20201123080237.18465-3-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Do not assume that EL2 is available in non-secure context. That equivalence is broken by ARMv8.4-SEL2. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.h | 4 ++-- target/arm/helper-a64.c | 8 +------- target/arm/helper.c | 33 +++++++++++++-------------------- 3 files changed, 16 insertions(+), 29 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 30b5af5cde..9617e39004 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2102,7 +2102,7 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int el) return aa64; } - if (arm_feature(env, ARM_FEATURE_EL2) && !arm_is_secure_below_el3(env)) { + if (arm_is_el2_enabled(env)) { aa64 = aa64 && (env->cp15.hcr_el2 & HCR_RW); } @@ -3046,7 +3046,7 @@ static inline int arm_debug_target_el(CPUARMState *env) bool secure = arm_is_secure(env); bool route_to_el2 = false; - if (arm_feature(env, ARM_FEATURE_EL2) && !secure) { + if (arm_is_el2_enabled(env)) { route_to_el2 = env->cp15.hcr_el2 & HCR_TGE || env->cp15.mdcr_el2 & MDCR_TDE; } diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c index 30b2ad119f..c426c23d2c 100644 --- a/target/arm/helper-a64.c +++ b/target/arm/helper-a64.c @@ -972,8 +972,7 @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc) if (new_el == -1) { goto illegal_return; } - if (new_el > cur_el - || (new_el == 2 && !arm_feature(env, ARM_FEATURE_EL2))) { + if (new_el > cur_el || (new_el == 2 && !arm_is_el2_enabled(env))) { /* Disallow return to an EL which is unimplemented or higher * than the current one. */ @@ -985,11 +984,6 @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc) goto illegal_return; } - if (new_el == 2 && arm_is_secure_below_el3(env)) { - /* Return to the non-existent secure-EL2 */ - goto illegal_return; - } - if (new_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) { goto illegal_return; } diff --git a/target/arm/helper.c b/target/arm/helper.c index 346dc91a91..5a2c7103b1 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1048,8 +1048,8 @@ static CPAccessResult cpacr_access(CPUARMState *env, const ARMCPRegInfo *ri, { if (arm_feature(env, ARM_FEATURE_V8)) { /* Check if CPACR accesses are to be trapped to EL2 */ - if (arm_current_el(env) == 1 && - (env->cp15.cptr_el[2] & CPTR_TCPAC) && !arm_is_secure(env)) { + if (arm_current_el(env) == 1 && arm_is_el2_enabled(env) && + (env->cp15.cptr_el[2] & CPTR_TCPAC)) { return CP_ACCESS_TRAP_EL2; /* Check if CPACR accesses are to be trapped to EL3 */ } else if (arm_current_el(env) < 3 && @@ -2519,7 +2519,7 @@ static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx, bool isread) { unsigned int cur_el = arm_current_el(env); - bool secure = arm_is_secure(env); + bool has_el2 = arm_is_el2_enabled(env); uint64_t hcr = arm_hcr_el2_eff(env); switch (cur_el) { @@ -2543,8 +2543,7 @@ static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx, } } else { /* If HCR_EL2. == 0: check CNTHCTL_EL2.EL1PCEN. */ - if (arm_feature(env, ARM_FEATURE_EL2) && - timeridx == GTIMER_PHYS && !secure && + if (has_el2 && timeridx == GTIMER_PHYS && !extract32(env->cp15.cnthctl_el2, 1, 1)) { return CP_ACCESS_TRAP_EL2; } @@ -2553,8 +2552,7 @@ static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx, case 1: /* Check CNTHCTL_EL2.EL1PCTEN, which changes location based on E2H. */ - if (arm_feature(env, ARM_FEATURE_EL2) && - timeridx == GTIMER_PHYS && !secure && + if (has_el2 && timeridx == GTIMER_PHYS && (hcr & HCR_E2H ? !extract32(env->cp15.cnthctl_el2, 10, 1) : !extract32(env->cp15.cnthctl_el2, 0, 1))) { @@ -2569,7 +2567,7 @@ static CPAccessResult gt_timer_access(CPUARMState *env, int timeridx, bool isread) { unsigned int cur_el = arm_current_el(env); - bool secure = arm_is_secure(env); + bool has_el2 = arm_is_el2_enabled(env); uint64_t hcr = arm_hcr_el2_eff(env); switch (cur_el) { @@ -2590,8 +2588,7 @@ static CPAccessResult gt_timer_access(CPUARMState *env, int timeridx, /* fall through */ case 1: - if (arm_feature(env, ARM_FEATURE_EL2) && - timeridx == GTIMER_PHYS && !secure) { + if (has_el2 && timeridx == GTIMER_PHYS) { if (hcr & HCR_E2H) { /* If HCR_EL2. == '10': check CNTHCTL_EL2.EL1PTEN. */ if (!extract32(env->cp15.cnthctl_el2, 11, 1)) { @@ -4247,11 +4244,9 @@ static const ARMCPRegInfo strongarm_cp_reginfo[] = { static uint64_t midr_read(CPUARMState *env, const ARMCPRegInfo *ri) { - ARMCPU *cpu = env_archcpu(env); unsigned int cur_el = arm_current_el(env); - bool secure = arm_is_secure(env); - if (arm_feature(&cpu->env, ARM_FEATURE_EL2) && !secure && cur_el == 1) { + if (arm_is_el2_enabled(env) && cur_el == 1) { return env->cp15.vpidr_el2; } return raw_read(env, ri); @@ -4278,9 +4273,8 @@ static uint64_t mpidr_read_val(CPUARMState *env) static uint64_t mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri) { unsigned int cur_el = arm_current_el(env); - bool secure = arm_is_secure(env); - if (arm_feature(env, ARM_FEATURE_EL2) && !secure && cur_el == 1) { + if (arm_is_el2_enabled(env) && cur_el == 1) { return env->cp15.vmpidr_el2; } return mpidr_read_val(env); @@ -5347,7 +5341,7 @@ uint64_t arm_hcr_el2_eff(CPUARMState *env) { uint64_t ret = env->cp15.hcr_el2; - if (arm_is_secure_below_el3(env)) { + if (!arm_is_el2_enabled(env)) { /* * "This register has no effect if EL2 is not enabled in the * current Security state". This is ARMv8.4-SecEL2 speak for @@ -6144,7 +6138,7 @@ int sve_exception_el(CPUARMState *env, int el) /* CPTR_EL2. Since TZ and TFP are positive, * they will be zero when EL2 is not present. */ - if (el <= 2 && !arm_is_secure_below_el3(env)) { + if (el <= 2 && arm_is_el2_enabled(env)) { if (env->cp15.cptr_el[2] & CPTR_TZ) { return 2; } @@ -8723,8 +8717,7 @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type) } return 0; case ARM_CPU_MODE_HYP: - return !arm_feature(env, ARM_FEATURE_EL2) - || arm_current_el(env) < 2 || arm_is_secure_below_el3(env); + return !arm_is_el2_enabled(env) || arm_current_el(env) < 2; case ARM_CPU_MODE_MON: return arm_current_el(env) < 3; default: @@ -12634,7 +12627,7 @@ int fp_exception_el(CPUARMState *env, int cur_el) /* CPTR_EL2 : present in v7VE or v8 */ if (cur_el <= 2 && extract32(env->cp15.cptr_el[2], 10, 1) - && !arm_is_secure_below_el3(env)) { + && arm_is_el2_enabled(env)) { /* Trap FP ops at EL2, NS-EL1 or NS-EL0 to EL2 */ return 2; } From patchwork Mon Nov 23 08:02:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9ACA2C56202 for ; Mon, 23 Nov 2020 08:09:56 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 20719206D4 for ; Mon, 23 Nov 2020 08:09:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 20719206D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34524 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6v4-0005aD-Tl for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:09:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o5-0005ko-Eg; Mon, 23 Nov 2020 03:02:41 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54624 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o3-0004eO-7a; Mon, 23 Nov 2020 03:02:41 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 1CC1560351; Mon, 23 Nov 2020 09:02:38 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 04/17] target/arm: use arm_hcr_el2_eff() where applicable Date: Mon, 23 Nov 2020 10:02:24 +0200 Message-Id: <20201123080237.18465-4-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This will simplify accessing HCR conditionally in secure state. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/helper.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 5a2c7103b1..b972c9064d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4432,16 +4432,16 @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env, static int vae1_tlbmask(CPUARMState *env) { - /* Since we exclude secure first, we may read HCR_EL2 directly. */ - if (arm_is_secure_below_el3(env)) { - return ARMMMUIdxBit_SE10_1 | - ARMMMUIdxBit_SE10_1_PAN | - ARMMMUIdxBit_SE10_0; - } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE)) - == (HCR_E2H | HCR_TGE)) { + uint64_t hcr = arm_hcr_el2_eff(env); + + if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) { return ARMMMUIdxBit_E20_2 | ARMMMUIdxBit_E20_2_PAN | ARMMMUIdxBit_E20_0; + } else if (arm_is_secure_below_el3(env)) { + return ARMMMUIdxBit_SE10_1 | + ARMMMUIdxBit_SE10_1_PAN | + ARMMMUIdxBit_SE10_0; } else { return ARMMMUIdxBit_E10_1 | ARMMMUIdxBit_E10_1_PAN | @@ -9968,6 +9968,8 @@ static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx) static inline bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx) { + uint64_t hcr_el2; + if (arm_feature(env, ARM_FEATURE_M)) { switch (env->v7m.mpu_ctrl[regime_is_secure(env, mmu_idx)] & (R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) { @@ -9986,19 +9988,21 @@ static inline bool regime_translation_disabled(CPUARMState *env, } } + hcr_el2 = arm_hcr_el2_eff(env); + if (mmu_idx == ARMMMUIdx_Stage2) { /* HCR.DC means HCR.VM behaves as 1 */ - return (env->cp15.hcr_el2 & (HCR_DC | HCR_VM)) == 0; + return (hcr_el2 & (HCR_DC | HCR_VM)) == 0; } - if (env->cp15.hcr_el2 & HCR_TGE) { + if (hcr_el2 & HCR_TGE) { /* TGE means that NS EL0/1 act as if SCTLR_EL1.M is zero */ if (!regime_is_secure(env, mmu_idx) && regime_el(env, mmu_idx) == 1) { return true; } } - if ((env->cp15.hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) { + if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) { /* HCR.DC means SCTLR_EL1.M behaves as 0 */ return true; } @@ -10349,7 +10353,8 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s1ptw = true; return ~0; } - if ((env->cp15.hcr_el2 & HCR_PTW) && (cacheattrs.attrs & 0xf0) == 0) { + if ((arm_hcr_el2_eff(env) & HCR_PTW) && + (cacheattrs.attrs & 0xf0) == 0) { /* * PTW set and S1 walk touched S2 Device memory: * generate Permission fault. @@ -10782,7 +10787,7 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs) uint8_t hihint = 0, lohint = 0; if (hiattr != 0) { /* normal memory */ - if ((env->cp15.hcr_el2 & HCR_CD) != 0) { /* cache disabled */ + if (arm_hcr_el2_eff(env) & HCR_CD) { /* cache disabled */ hiattr = loattr = 1; /* non-cacheable */ } else { if (hiattr != 1) { /* Write-through or write-back */ @@ -12099,7 +12104,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, } /* Combine the S1 and S2 cache attributes. */ - if (env->cp15.hcr_el2 & HCR_DC) { + if (arm_hcr_el2_eff(env) & HCR_DC) { /* * HCR.DC forces the first stage attributes to * Normal Non-Shareable, From patchwork Mon Nov 23 08:02:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BE1AC63777 for ; Mon, 23 Nov 2020 08:04:53 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8ACBE204EF for ; Mon, 23 Nov 2020 08:04:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8ACBE204EF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:46870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6qA-0007XV-MD for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:04:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35692) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o5-0005kp-GD; Mon, 23 Nov 2020 03:02:41 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54626 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o3-0004el-Ez; Mon, 23 Nov 2020 03:02:41 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 59DDB6035E; Mon, 23 Nov 2020 09:02:38 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 05/17] target/arm: factor MDCR_EL2 common handling Date: Mon, 23 Nov 2020 10:02:25 +0200 Message-Id: <20201123080237.18465-5-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This adds a common helper to compute the effective value of MDCR_EL2. That is the actual value if EL2 is enabled in the current security context, or 0 elsewise. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/helper.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index b972c9064d..e55059585b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -538,6 +538,11 @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env, return CP_ACCESS_TRAP_UNCATEGORIZED; } +static uint64_t arm_mdcr_el2_eff(CPUARMState *env) +{ + return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0; +} + /* Check for traps to "powerdown debug" registers, which are controlled * by MDCR.TDOSA */ @@ -545,11 +550,11 @@ static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { int el = arm_current_el(env); - bool mdcr_el2_tdosa = (env->cp15.mdcr_el2 & MDCR_TDOSA) || - (env->cp15.mdcr_el2 & MDCR_TDE) || + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); + bool mdcr_el2_tdosa = (mdcr_el2 & MDCR_TDOSA) || (mdcr_el2 & MDCR_TDE) || (arm_hcr_el2_eff(env) & HCR_TGE); - if (el < 2 && mdcr_el2_tdosa && !arm_is_secure_below_el3(env)) { + if (el < 2 && mdcr_el2_tdosa) { return CP_ACCESS_TRAP_EL2; } if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) { @@ -565,11 +570,11 @@ static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { int el = arm_current_el(env); - bool mdcr_el2_tdra = (env->cp15.mdcr_el2 & MDCR_TDRA) || - (env->cp15.mdcr_el2 & MDCR_TDE) || + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); + bool mdcr_el2_tdra = (mdcr_el2 & MDCR_TDRA) || (mdcr_el2 & MDCR_TDE) || (arm_hcr_el2_eff(env) & HCR_TGE); - if (el < 2 && mdcr_el2_tdra && !arm_is_secure_below_el3(env)) { + if (el < 2 && mdcr_el2_tdra) { return CP_ACCESS_TRAP_EL2; } if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) { @@ -585,11 +590,11 @@ static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { int el = arm_current_el(env); - bool mdcr_el2_tda = (env->cp15.mdcr_el2 & MDCR_TDA) || - (env->cp15.mdcr_el2 & MDCR_TDE) || + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); + bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) || (arm_hcr_el2_eff(env) & HCR_TGE); - if (el < 2 && mdcr_el2_tda && !arm_is_secure_below_el3(env)) { + if (el < 2 && mdcr_el2_tda) { return CP_ACCESS_TRAP_EL2; } if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) { @@ -605,9 +610,9 @@ static CPAccessResult access_tpm(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { int el = arm_current_el(env); + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); - if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM) - && !arm_is_secure_below_el3(env)) { + if (el < 2 && (mdcr_el2 & MDCR_TPM)) { return CP_ACCESS_TRAP_EL2; } if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { @@ -1347,12 +1352,12 @@ static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri, * trapping to EL2 or EL3 for other accesses. */ int el = arm_current_el(env); + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); if (el == 0 && !(env->cp15.c9_pmuserenr & 1)) { return CP_ACCESS_TRAP; } - if (el < 2 && (env->cp15.mdcr_el2 & MDCR_TPM) - && !arm_is_secure_below_el3(env)) { + if (el < 2 && (mdcr_el2 & MDCR_TPM)) { return CP_ACCESS_TRAP_EL2; } if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { @@ -1431,7 +1436,8 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) bool enabled, prohibited, filtered; bool secure = arm_is_secure(env); int el = arm_current_el(env); - uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN; + uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); + uint8_t hpmn = mdcr_el2 & MDCR_HPMN; if (!arm_feature(env, ARM_FEATURE_PMU)) { return false; @@ -1441,13 +1447,13 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) (counter < hpmn || counter == 31)) { e = env->cp15.c9_pmcr & PMCRE; } else { - e = env->cp15.mdcr_el2 & MDCR_HPME; + e = mdcr_el2 & MDCR_HPME; } enabled = e && (env->cp15.c9_pmcnten & (1 << counter)); if (!secure) { if (el == 2 && (counter < hpmn || counter == 31)) { - prohibited = env->cp15.mdcr_el2 & MDCR_HPMD; + prohibited = mdcr_el2 & MDCR_HPMD; } else { prohibited = false; } From patchwork Mon Nov 23 08:02:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C29FC56202 for ; Mon, 23 Nov 2020 08:12:15 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 659762076E for ; Mon, 23 Nov 2020 08:12:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 659762076E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:42530 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6xI-0000UJ-QJ for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:12:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35716) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o6-0005mT-K9; Mon, 23 Nov 2020 03:02:42 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54628 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o4-0004f5-Rw; Mon, 23 Nov 2020 03:02:42 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 95A7B603F7; Mon, 23 Nov 2020 09:02:38 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 06/17] target/arm: declare new AA64PFR0 bit-fields Date: Mon, 23 Nov 2020 10:02:26 +0200 Message-Id: <20201123080237.18465-6-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 9617e39004..1166bd8731 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1849,6 +1849,12 @@ FIELD(ID_AA64PFR0, ADVSIMD, 20, 4) FIELD(ID_AA64PFR0, GIC, 24, 4) FIELD(ID_AA64PFR0, RAS, 28, 4) FIELD(ID_AA64PFR0, SVE, 32, 4) +FIELD(ID_AA64PFR0, SEL2, 36, 4) +FIELD(ID_AA64PFR0, MPAM, 40, 4) +FIELD(ID_AA64PFR0, AMU, 44, 4) +FIELD(ID_AA64PFR0, DIT, 48, 4) +FIELD(ID_AA64PFR0, CSV2, 56, 4) +FIELD(ID_AA64PFR0, CSV3, 60, 4) FIELD(ID_AA64PFR1, BT, 0, 4) FIELD(ID_AA64PFR1, SBSS, 4, 4) @@ -3882,6 +3888,11 @@ static inline bool isar_feature_aa64_sve(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0; } +static inline bool isar_feature_aa64_sel2(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SEL2) != 0; +} + static inline bool isar_feature_aa64_vh(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, VH) != 0; From patchwork Mon Nov 23 08:02:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD4CBC2D0E4 for ; Mon, 23 Nov 2020 08:13:46 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 398F62078E for ; Mon, 23 Nov 2020 08:13:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 398F62078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:48846 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6yn-000328-9j for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:13:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35718) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o6-0005me-Oc; Mon, 23 Nov 2020 03:02:42 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54630 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o4-0004f6-Sr; Mon, 23 Nov 2020 03:02:42 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id D1FA860412; Mon, 23 Nov 2020 09:02:38 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 07/17] target/arm: add 64-bit S-EL2 to EL exception table Date: Mon, 23 Nov 2020 10:02:27 +0200 Message-Id: <20201123080237.18465-7-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont With the ARMv8.4-SEL2 extension, EL2 is a legal exception level in secure mode, though it can only be AArch64. This patch adds the target EL for exceptions from 64-bit S-EL2. It also fixes the target EL to EL2 when HCR.{A,F,I}MO are set in secure mode. Those values were never used in practice as the effective value of HCR was always 0 in secure mode. Signed-off-by: Rémi Denis-Courmont --- target/arm/helper.c | 10 +++++----- target/arm/op_helper.c | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index e55059585b..a69fde826b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9005,13 +9005,13 @@ static const int8_t target_el_table[2][2][2][2][2][4] = { {{/* 0 1 1 0 */{ 3, 3, 3, -1 },{ 3, -1, -1, 3 },}, {/* 0 1 1 1 */{ 3, 3, 3, -1 },{ 3, -1, -1, 3 },},},},}, {{{{/* 1 0 0 0 */{ 1, 1, 2, -1 },{ 1, 1, -1, 1 },}, - {/* 1 0 0 1 */{ 2, 2, 2, -1 },{ 1, 1, -1, 1 },},}, - {{/* 1 0 1 0 */{ 1, 1, 1, -1 },{ 1, 1, -1, 1 },}, - {/* 1 0 1 1 */{ 2, 2, 2, -1 },{ 1, 1, -1, 1 },},},}, + {/* 1 0 0 1 */{ 2, 2, 2, -1 },{ 2, 2, -1, 1 },},}, + {{/* 1 0 1 0 */{ 1, 1, 1, -1 },{ 1, 1, 1, 1 },}, + {/* 1 0 1 1 */{ 2, 2, 2, -1 },{ 2, 2, 2, 1 },},},}, {{{/* 1 1 0 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },}, {/* 1 1 0 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},}, - {{/* 1 1 1 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },}, - {/* 1 1 1 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},},},}, + {{/* 1 1 1 0 */{ 3, 3, 3, -1 },{ 3, 3, 3, 3 },}, + {/* 1 1 1 1 */{ 3, 3, 3, -1 },{ 3, 3, 3, 3 },},},},}, }; /* diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index ff91fe6121..5e0f123043 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -652,10 +652,10 @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void *rip, uint32_t syndrome, target_el = exception_target_el(env); break; case CP_ACCESS_TRAP_EL2: - /* Requesting a trap to EL2 when we're in EL3 or S-EL0/1 is + /* Requesting a trap to EL2 when we're in EL3 is * a bug in the access function. */ - assert(!arm_is_secure(env) && arm_current_el(env) != 3); + assert(arm_current_el(env) != 3); target_el = 2; break; case CP_ACCESS_TRAP_EL3: From patchwork Mon Nov 23 08:02:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E5C2C2D0E4 for ; Mon, 23 Nov 2020 08:19:15 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A1C3D206FA for ; Mon, 23 Nov 2020 08:19:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A1C3D206FA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34566 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh745-0000Se-Jq for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:19:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35746) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o7-0005oN-Vx; Mon, 23 Nov 2020 03:02:44 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54632 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o6-0004fU-4y; Mon, 23 Nov 2020 03:02:43 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 1901260413; Mon, 23 Nov 2020 09:02:39 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 08/17] target/arm: return the stage 2 index for stage 1 Date: Mon, 23 Nov 2020 10:02:28 +0200 Message-Id: <20201123080237.18465-8-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This makes arm_mmu_idx_is_stage1_of_2() optionally return the stage 2 MMU index. With Secure EL2, there are more than one stage 2 regimes, so we can no longer hard-code a constant index for it. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/helper.c | 13 +++++++------ target/arm/internals.h | 16 +++++++++++----- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index a69fde826b..f52d77f5a5 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3424,7 +3424,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, bool take_exc = false; if (fi.s1ptw && current_el == 1 && !arm_is_secure(env) - && arm_mmu_idx_is_stage1_of_2(mmu_idx)) { + && arm_mmu_idx_is_stage1_of_2(mmu_idx, NULL)) { /* * Synchronous stage 2 fault on an access made as part of the * translation table walk for AT S1E0* or AT S1E1* insn @@ -10008,7 +10008,7 @@ static inline bool regime_translation_disabled(CPUARMState *env, } } - if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx)) { + if ((hcr_el2 & HCR_DC) && arm_mmu_idx_is_stage1_of_2(mmu_idx, NULL)) { /* HCR.DC means SCTLR_EL1.M behaves as 0 */ return true; } @@ -10340,16 +10340,17 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, hwaddr addr, MemTxAttrs txattrs, ARMMMUFaultInfo *fi) { - if (arm_mmu_idx_is_stage1_of_2(mmu_idx) && - !regime_translation_disabled(env, ARMMMUIdx_Stage2)) { + ARMMMUIdx s2_mmu_idx; + + if (arm_mmu_idx_is_stage1_of_2(mmu_idx, &s2_mmu_idx) && + !regime_translation_disabled(env, s2_mmu_idx)) { target_ulong s2size; hwaddr s2pa; int s2prot; int ret; ARMCacheAttrs cacheattrs = {}; - ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, ARMMMUIdx_Stage2, - false, + ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false, &s2pa, &txattrs, &s2prot, &s2size, fi, &cacheattrs); if (ret) { diff --git a/target/arm/internals.h b/target/arm/internals.h index 5460678756..4e4798574b 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1146,17 +1146,23 @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env); /** * arm_mmu_idx_is_stage1_of_2: - * @mmu_idx: The ARMMMUIdx to test + * @s1_mmu_idx: The ARMMMUIdx to test + * @s2_mmu_idx: Storage space for the stage 2 ARMMMUIdx * - * Return true if @mmu_idx is a NOTLB mmu_idx that is the - * first stage of a two stage regime. + * Return true if @mmu_idx is a NOTLB mmu_idx that is the first stage + * of a two stage regime. The corresponding second stage will be + * stored in @s2_mmu_idx. */ -static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx mmu_idx) +static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx s1_mmu_idx, + ARMMMUIdx *s2_mmu_idx) { - switch (mmu_idx) { + switch (s1_mmu_idx) { case ARMMMUIdx_Stage1_E0: case ARMMMUIdx_Stage1_E1: case ARMMMUIdx_Stage1_E1_PAN: + if (s2_mmu_idx != NULL) { + *s2_mmu_idx = ARMMMUIdx_Stage2; + } return true; default: return false; From patchwork Mon Nov 23 08:02:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F823C2D0E4 for ; Mon, 23 Nov 2020 08:05:40 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 73AD6204EF for ; Mon, 23 Nov 2020 08:05:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 73AD6204EF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49106 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6qu-0008SA-Ku for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:05:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35748) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o8-0005qL-Hk; Mon, 23 Nov 2020 03:02:44 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54634 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o6-0004fW-6I; Mon, 23 Nov 2020 03:02:44 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 55214604EA; Mon, 23 Nov 2020 09:02:39 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 09/17] target/arm: add MMU stage 1 for Secure EL2 Date: Mon, 23 Nov 2020 10:02:29 +0200 Message-Id: <20201123080237.18465-9-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This adds the MMU indices for EL2 stage 1 in secure mode. To keep code contained, which is largelly identical between secure and non-secure modes, the MMU indices are reassigned. The new assignments provide a systematic pattern with a non-secure bit. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu-param.h | 2 +- target/arm/cpu.h | 37 +++++++---- target/arm/helper.c | 127 ++++++++++++++++++++++++------------- target/arm/internals.h | 12 ++++ target/arm/translate-a64.c | 4 ++ 5 files changed, 124 insertions(+), 58 deletions(-) diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h index 6321385b46..00e7d9e937 100644 --- a/target/arm/cpu-param.h +++ b/target/arm/cpu-param.h @@ -29,6 +29,6 @@ # define TARGET_PAGE_BITS_MIN 10 #endif -#define NB_MMU_MODES 11 +#define NB_MMU_MODES 15 #endif diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 1166bd8731..c436dd5161 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2947,6 +2947,9 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync); #define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */ #define ARM_MMU_IDX_M 0x40 /* M profile */ +/* Meanings of the bits for A profile mmu idx values */ +#define ARM_MMU_IDX_A_NS 0x8 + /* Meanings of the bits for M profile mmu idx values */ #define ARM_MMU_IDX_M_PRIV 0x1 #define ARM_MMU_IDX_M_NEGPRI 0x2 @@ -2960,20 +2963,22 @@ typedef enum ARMMMUIdx { /* * A-profile. */ - ARMMMUIdx_E10_0 = 0 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_0 = 1 | ARM_MMU_IDX_A, - - ARMMMUIdx_E10_1 = 2 | ARM_MMU_IDX_A, - ARMMMUIdx_E10_1_PAN = 3 | ARM_MMU_IDX_A, - - ARMMMUIdx_E2 = 4 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2 = 5 | ARM_MMU_IDX_A, - ARMMMUIdx_E20_2_PAN = 6 | ARM_MMU_IDX_A, - - ARMMMUIdx_SE10_0 = 7 | ARM_MMU_IDX_A, - ARMMMUIdx_SE10_1 = 8 | ARM_MMU_IDX_A, - ARMMMUIdx_SE10_1_PAN = 9 | ARM_MMU_IDX_A, - ARMMMUIdx_SE3 = 10 | ARM_MMU_IDX_A, + ARMMMUIdx_SE10_0 = 0 | ARM_MMU_IDX_A, + ARMMMUIdx_SE20_0 = 1 | ARM_MMU_IDX_A, + ARMMMUIdx_SE10_1 = 2 | ARM_MMU_IDX_A, + ARMMMUIdx_SE20_2 = 3 | ARM_MMU_IDX_A, + ARMMMUIdx_SE10_1_PAN = 4 | ARM_MMU_IDX_A, + ARMMMUIdx_SE20_2_PAN = 5 | ARM_MMU_IDX_A, + ARMMMUIdx_SE2 = 6 | ARM_MMU_IDX_A, + ARMMMUIdx_SE3 = 7 | ARM_MMU_IDX_A, + + ARMMMUIdx_E10_0 = ARMMMUIdx_SE10_0 | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E20_0 = ARMMMUIdx_SE20_0 | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E10_1 = ARMMMUIdx_SE10_1 | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E20_2 = ARMMMUIdx_SE20_2 | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E10_1_PAN = ARMMMUIdx_SE10_1_PAN | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E20_2_PAN = ARMMMUIdx_SE20_2_PAN | ARM_MMU_IDX_A_NS, + ARMMMUIdx_E2 = ARMMMUIdx_SE2 | ARM_MMU_IDX_A_NS, /* * These are not allocated TLBs and are used only for AT system @@ -3020,8 +3025,12 @@ typedef enum ARMMMUIdxBit { TO_CORE_BIT(E20_2), TO_CORE_BIT(E20_2_PAN), TO_CORE_BIT(SE10_0), + TO_CORE_BIT(SE20_0), TO_CORE_BIT(SE10_1), + TO_CORE_BIT(SE20_2), TO_CORE_BIT(SE10_1_PAN), + TO_CORE_BIT(SE20_2_PAN), + TO_CORE_BIT(SE2), TO_CORE_BIT(SE3), TO_CORE_BIT(MUser), diff --git a/target/arm/helper.c b/target/arm/helper.c index f52d77f5a5..318c7e5441 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -2861,6 +2861,9 @@ static int gt_phys_redir_timeridx(CPUARMState *env) case ARMMMUIdx_E20_0: case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: + case ARMMMUIdx_SE20_0: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: return GTIMER_HYP; default: return GTIMER_PHYS; @@ -2873,6 +2876,9 @@ static int gt_virt_redir_timeridx(CPUARMState *env) case ARMMMUIdx_E20_0: case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: + case ARMMMUIdx_SE20_0: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: return GTIMER_HYPVIRT; default: return GTIMER_VIRT; @@ -3576,7 +3582,7 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) mmu_idx = ARMMMUIdx_SE3; break; case 2: - g_assert(!secure); /* TODO: ARMv8.4-SecEL2 */ + g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */ /* fall through */ case 1: if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) { @@ -3672,7 +3678,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, } break; case 4: /* AT S1E2R, AT S1E2W */ - mmu_idx = ARMMMUIdx_E2; + mmu_idx = secure ? ARMMMUIdx_SE2 : ARMMMUIdx_E2; break; case 6: /* AT S1E3R, AT S1E3W */ mmu_idx = ARMMMUIdx_SE3; @@ -3987,10 +3993,15 @@ static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri, */ if (extract64(raw_read(env, ri) ^ value, 48, 16) && (arm_hcr_el2_eff(env) & HCR_E2H)) { - tlb_flush_by_mmuidx(env_cpu(env), - ARMMMUIdxBit_E20_2 | - ARMMMUIdxBit_E20_2_PAN | - ARMMMUIdxBit_E20_0); + uint16_t mask = ARMMMUIdxBit_E20_2 | + ARMMMUIdxBit_E20_2_PAN | + ARMMMUIdxBit_E20_0; + + if (arm_is_secure_below_el3(env)) { + mask >>= ARM_MMU_IDX_A_NS; + } + + tlb_flush_by_mmuidx(env_cpu(env), mask); } raw_write(env, ri, value); } @@ -4441,9 +4452,15 @@ static int vae1_tlbmask(CPUARMState *env) uint64_t hcr = arm_hcr_el2_eff(env); if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) { - return ARMMMUIdxBit_E20_2 | - ARMMMUIdxBit_E20_2_PAN | - ARMMMUIdxBit_E20_0; + uint16_t mask = ARMMMUIdxBit_E20_2 | + ARMMMUIdxBit_E20_2_PAN | + ARMMMUIdxBit_E20_0; + + if (arm_is_secure_below_el3(env)) { + mask >>= ARM_MMU_IDX_A_NS; + } + + return mask; } else if (arm_is_secure_below_el3(env)) { return ARMMMUIdxBit_SE10_1 | ARMMMUIdxBit_SE10_1_PAN | @@ -4468,17 +4485,20 @@ static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx, static int vae1_tlbbits(CPUARMState *env, uint64_t addr) { + uint64_t hcr = arm_hcr_el2_eff(env); ARMMMUIdx mmu_idx; /* Only the regime of the mmu_idx below is significant. */ - if (arm_is_secure_below_el3(env)) { - mmu_idx = ARMMMUIdx_SE10_0; - } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE)) - == (HCR_E2H | HCR_TGE)) { + if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) { mmu_idx = ARMMMUIdx_E20_0; } else { mmu_idx = ARMMMUIdx_E10_0; } + + if (arm_is_secure_below_el3(env)) { + mmu_idx &= ~ARM_MMU_IDX_A_NS; + } + return tlbbits_for_regime(env, mmu_idx, addr); } @@ -4524,11 +4544,17 @@ static int alle1_tlbmask(CPUARMState *env) static int e2_tlbmask(CPUARMState *env) { - /* TODO: ARMv8.4-SecEL2 */ - return ARMMMUIdxBit_E20_0 | - ARMMMUIdxBit_E20_2 | - ARMMMUIdxBit_E20_2_PAN | - ARMMMUIdxBit_E2; + if (arm_is_secure_below_el3(env)) { + return ARMMMUIdxBit_SE20_0 | + ARMMMUIdxBit_SE20_2 | + ARMMMUIdxBit_SE20_2_PAN | + ARMMMUIdxBit_SE2; + } else { + return ARMMMUIdxBit_E20_0 | + ARMMMUIdxBit_E20_2 | + ARMMMUIdxBit_E20_2_PAN | + ARMMMUIdxBit_E2; + } } static void tlbi_aa64_alle1_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -4648,10 +4674,12 @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri, { CPUState *cs = env_cpu(env); uint64_t pageaddr = sextract64(value << 12, 0, 56); - int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr); + bool secure = arm_is_secure_below_el3(env); + int mask = secure ? ARMMMUIdxBit_SE2 : ARMMMUIdxBit_E2; + int bits = tlbbits_for_regime(env, secure ? ARMMMUIdx_E2 : ARMMMUIdx_SE2, + pageaddr); - tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, - ARMMMUIdxBit_E2, bits); + tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits); } static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -9957,7 +9985,8 @@ uint64_t arm_sctlr(CPUARMState *env, int el) /* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */ if (el == 0) { ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0); - el = (mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1); + el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0) + ? 2 : 1; } return env->cp15.sctlr_el[el]; } @@ -10086,6 +10115,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx) switch (mmu_idx) { case ARMMMUIdx_SE10_0: case ARMMMUIdx_E20_0: + case ARMMMUIdx_SE20_0: case ARMMMUIdx_Stage1_E0: case ARMMMUIdx_MUser: case ARMMMUIdx_MSUser: @@ -12664,6 +12694,7 @@ int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx) case ARMMMUIdx_E10_0: case ARMMMUIdx_E20_0: case ARMMMUIdx_SE10_0: + case ARMMMUIdx_SE20_0: return 0; case ARMMMUIdx_E10_1: case ARMMMUIdx_E10_1_PAN: @@ -12673,6 +12704,9 @@ int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx) case ARMMMUIdx_E2: case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: + case ARMMMUIdx_SE2: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: return 2; case ARMMMUIdx_SE3: return 3; @@ -12690,6 +12724,9 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate) ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el) { + ARMMMUIdx idx; + uint64_t hcr; + if (arm_feature(env, ARM_FEATURE_M)) { return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure); } @@ -12697,40 +12734,43 @@ ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el) /* See ARM pseudo-function ELIsInHost. */ switch (el) { case 0: - if (arm_is_secure_below_el3(env)) { - return ARMMMUIdx_SE10_0; - } - if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE) - && arm_el_is_aa64(env, 2)) { - return ARMMMUIdx_E20_0; + hcr = arm_hcr_el2_eff(env); + if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) { + idx = ARMMMUIdx_E20_0; + } else { + idx = ARMMMUIdx_E10_0; } - return ARMMMUIdx_E10_0; + break; case 1: - if (arm_is_secure_below_el3(env)) { - if (env->pstate & PSTATE_PAN) { - return ARMMMUIdx_SE10_1_PAN; - } - return ARMMMUIdx_SE10_1; - } if (env->pstate & PSTATE_PAN) { - return ARMMMUIdx_E10_1_PAN; + idx = ARMMMUIdx_E10_1_PAN; + } else { + idx = ARMMMUIdx_E10_1; } - return ARMMMUIdx_E10_1; + break; case 2: - /* TODO: ARMv8.4-SecEL2 */ /* Note that TGE does not apply at EL2. */ - if ((env->cp15.hcr_el2 & HCR_E2H) && arm_el_is_aa64(env, 2)) { + if (arm_hcr_el2_eff(env) & HCR_E2H) { if (env->pstate & PSTATE_PAN) { - return ARMMMUIdx_E20_2_PAN; + idx = ARMMMUIdx_E20_2_PAN; + } else { + idx = ARMMMUIdx_E20_2; } - return ARMMMUIdx_E20_2; + } else { + idx = ARMMMUIdx_E2; } - return ARMMMUIdx_E2; + break; case 3: return ARMMMUIdx_SE3; default: g_assert_not_reached(); } + + if (arm_is_secure_below_el3(env)) { + idx &= ~ARM_MMU_IDX_A_NS; + } + + return idx; } ARMMMUIdx arm_mmu_idx(CPUARMState *env) @@ -12895,7 +12935,8 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, break; case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: - /* TODO: ARMv8.4-SecEL2 */ + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: /* * Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is * gated by HCR_EL2. == '11', and so is LDTR. diff --git a/target/arm/internals.h b/target/arm/internals.h index 4e4798574b..ec6d6dd733 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -860,6 +860,9 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx) case ARMMMUIdx_SE10_0: case ARMMMUIdx_SE10_1: case ARMMMUIdx_SE10_1_PAN: + case ARMMMUIdx_SE20_0: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: return true; default: return false; @@ -890,6 +893,10 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_SE10_0: case ARMMMUIdx_SE10_1: case ARMMMUIdx_SE10_1_PAN: + case ARMMMUIdx_SE20_0: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: + case ARMMMUIdx_SE2: case ARMMMUIdx_MSPrivNegPri: case ARMMMUIdx_MSUserNegPri: case ARMMMUIdx_MSPriv: @@ -907,6 +914,7 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_E10_1_PAN: case ARMMMUIdx_E20_2_PAN: case ARMMMUIdx_SE10_1_PAN: + case ARMMMUIdx_SE20_2_PAN: return true; default: return false; @@ -917,10 +925,14 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx) static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) { switch (mmu_idx) { + case ARMMMUIdx_SE20_0: + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: case ARMMMUIdx_E20_0: case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: case ARMMMUIdx_Stage2: + case ARMMMUIdx_SE2: case ARMMMUIdx_E2: return 2; case ARMMMUIdx_SE3: diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 2e3fdfdf6b..1ff109ca40 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -118,6 +118,10 @@ static int get_a64_user_mem_index(DisasContext *s) case ARMMMUIdx_SE10_1_PAN: useridx = ARMMMUIdx_SE10_0; break; + case ARMMMUIdx_SE20_2: + case ARMMMUIdx_SE20_2_PAN: + useridx = ARMMMUIdx_SE20_0; + break; default: g_assert_not_reached(); } From patchwork Mon Nov 23 08:02:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25ED5C56202 for ; Mon, 23 Nov 2020 08:16:43 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 86E732078E for ; Mon, 23 Nov 2020 08:16:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 86E732078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:55682 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh71d-0005wG-Cu for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:16:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35744) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6o7-0005oK-Tr; Mon, 23 Nov 2020 03:02:43 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54636 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6o6-0004fc-8q; Mon, 23 Nov 2020 03:02:43 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 9A157604F4; Mon, 23 Nov 2020 09:02:39 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 10/17] target/arm: add ARMv8.4-SEL2 system registers Date: Mon, 23 Nov 2020 10:02:30 +0200 Message-Id: <20201123080237.18465-10-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.h | 2 ++ target/arm/helper.c | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index c436dd5161..c8288afb54 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -323,9 +323,11 @@ typedef struct CPUARMState { uint64_t ttbr1_el[4]; }; uint64_t vttbr_el2; /* Virtualization Translation Table Base. */ + uint64_t vsttbr_el2; /* Secure Virtualization Translation Table. */ /* MMU translation table base control. */ TCR tcr_el[4]; TCR vtcr_el2; /* Virtualization Translation Control. */ + TCR vstcr_el2; /* Secure Virtualization Translation Control. */ uint32_t c2_data; /* MPU data cacheable bits. */ uint32_t c2_insn; /* MPU instruction cacheable bits. */ union { /* MMU domain access control register diff --git a/target/arm/helper.c b/target/arm/helper.c index 318c7e5441..9683f5aadc 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5721,6 +5721,27 @@ static const ARMCPRegInfo el2_v8_cp_reginfo[] = { REGINFO_SENTINEL }; +static CPAccessResult sel2_access(CPUARMState *env, const ARMCPRegInfo *ri, + bool isread) +{ + if (arm_current_el(env) == 3 || arm_is_secure_below_el3(env)) { + return CP_ACCESS_OK; + } + return CP_ACCESS_TRAP_UNCATEGORIZED; +} + +static const ARMCPRegInfo el2_sec_cp_reginfo[] = { + { .name = "VSTTBR_EL2", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 6, .opc2 = 0, + .access = PL2_RW, .accessfn = sel2_access, + .fieldoffset = offsetof(CPUARMState, cp15.vsttbr_el2) }, + { .name = "VSTCR_EL2", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 6, .opc2 = 2, + .access = PL2_RW, .accessfn = sel2_access, + .fieldoffset = offsetof(CPUARMState, cp15.vstcr_el2) }, + REGINFO_SENTINEL +}; + static CPAccessResult nsacr_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { @@ -7733,6 +7754,9 @@ void register_cp_regs_for_features(ARMCPU *cpu) if (arm_feature(env, ARM_FEATURE_V8)) { define_arm_cp_regs(cpu, el2_v8_cp_reginfo); } + if (cpu_isar_feature(aa64_sel2, cpu)) { + define_arm_cp_regs(cpu, el2_sec_cp_reginfo); + } /* RVBAR_EL2 is only implemented if EL2 is the highest EL */ if (!arm_feature(env, ARM_FEATURE_EL3)) { ARMCPRegInfo rvbar = { From patchwork Mon Nov 23 08:02:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9E3BC56202 for ; Mon, 23 Nov 2020 08:13:00 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C925920781 for ; Mon, 23 Nov 2020 08:12:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C925920781 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:44644 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6y2-0001Ll-RF for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:12:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35798) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oR-0006J4-VK; Mon, 23 Nov 2020 03:03:03 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54638 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oQ-0004fe-H8; Mon, 23 Nov 2020 03:03:03 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id D527A604F8; Mon, 23 Nov 2020 09:02:39 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 11/17] target/arm: do S1_ptw_translate() before address space lookup Date: Mon, 23 Nov 2020 10:02:31 +0200 Message-Id: <20201123080237.18465-11-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont In the secure stage 2 translation regime, the VSTCR.SW and VTCR.NSW bits can invert the secure flag for pagetable walks. This patchset allows S1_ptw_translate() to change the non-secure bit. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/helper.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 9683f5aadc..e4681b1397 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -10391,7 +10391,7 @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx, /* Translate a S1 pagetable walk through S2 if needed. */ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, - hwaddr addr, MemTxAttrs txattrs, + hwaddr addr, bool *is_secure, ARMMMUFaultInfo *fi) { ARMMMUIdx s2_mmu_idx; @@ -10403,6 +10403,9 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, int s2prot; int ret; ARMCacheAttrs cacheattrs = {}; + MemTxAttrs txattrs = {}; + + assert(!*is_secure); /* TODO: S-EL2 */ ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false, &s2pa, &txattrs, &s2prot, &s2size, fi, @@ -10442,9 +10445,9 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure, AddressSpace *as; uint32_t data; + addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi); attrs.secure = is_secure; as = arm_addressspace(cs, attrs); - addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi); if (fi->s1ptw) { return 0; } @@ -10471,9 +10474,9 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure, AddressSpace *as; uint64_t data; + addr = S1_ptw_translate(env, mmu_idx, addr, &is_secure, fi); attrs.secure = is_secure; as = arm_addressspace(cs, attrs); - addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi); if (fi->s1ptw) { return 0; } From patchwork Mon Nov 23 08:02:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BB33C2D0E4 for ; Mon, 23 Nov 2020 08:19:54 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 941992078E for ; Mon, 23 Nov 2020 08:19:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 941992078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:37032 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh74i-0001R5-J3 for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:19:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35862) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oU-0006LP-3x; Mon, 23 Nov 2020 03:03:06 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54640 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oQ-0004fd-Je; Mon, 23 Nov 2020 03:03:05 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 261265FC79; Mon, 23 Nov 2020 09:02:40 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 12/17] target/arm: secure stage 2 translation regime Date: Mon, 23 Nov 2020 10:02:32 +0200 Message-Id: <20201123080237.18465-12-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont --- target/arm/cpu.h | 11 ++++- target/arm/helper.c | 96 ++++++++++++++++++++++++++++++++---------- target/arm/internals.h | 26 ++++++++++++ 3 files changed, 109 insertions(+), 24 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index c8288afb54..a5dd0c5ba4 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -168,6 +168,11 @@ typedef struct { uint32_t base_mask; } TCR; +#define VTCR_NSW (1u << 29) +#define VTCR_NSA (1u << 30) +#define VSTCR_SW VTCR_NSW +#define VSTCR_SA VTCR_NSA + /* Define a maximum sized vector register. * For 32-bit, this is a 128-bit NEON/AdvSIMD register. * For 64-bit, this is a 2048-bit SVE register. @@ -2989,6 +2994,9 @@ typedef enum ARMMMUIdx { ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB, ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB, ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_SE0 = 3 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_SE1 = 4 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage1_SE1_PAN = 5 | ARM_MMU_IDX_NOTLB, /* * Not allocated a TLB: used only for second stage of an S12 page * table walk, or for descriptor loads during first stage of an S1 @@ -2996,7 +3004,8 @@ typedef enum ARMMMUIdx { * then various TLB flush insns which currently are no-ops or flush * only stage 1 MMU indexes will need to change to flush stage 2. */ - ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage2 = 6 | ARM_MMU_IDX_NOTLB, + ARMMMUIdx_Stage2_S = 7 | ARM_MMU_IDX_NOTLB, /* * M-profile. diff --git a/target/arm/helper.c b/target/arm/helper.c index e4681b1397..9c338a4a97 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3429,7 +3429,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, uint32_t syn, fsr, fsc; bool take_exc = false; - if (fi.s1ptw && current_el == 1 && !arm_is_secure(env) + if (fi.s1ptw && current_el == 1 && arm_mmu_idx_is_stage1_of_2(mmu_idx, NULL)) { /* * Synchronous stage 2 fault on an access made as part of the @@ -3586,10 +3586,10 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) /* fall through */ case 1: if (ri->crm == 9 && (env->uncached_cpsr & CPSR_PAN)) { - mmu_idx = (secure ? ARMMMUIdx_SE10_1_PAN + mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN : ARMMMUIdx_Stage1_E1_PAN); } else { - mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_Stage1_E1; + mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1; } break; default: @@ -3603,10 +3603,11 @@ static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) mmu_idx = ARMMMUIdx_SE10_0; break; case 2: + g_assert(!secure); /* ARMv8.4-SecEL2 is 64-bit only */ mmu_idx = ARMMMUIdx_Stage1_E0; break; case 1: - mmu_idx = secure ? ARMMMUIdx_SE10_0 : ARMMMUIdx_Stage1_E0; + mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0; break; default: g_assert_not_reached(); @@ -3671,10 +3672,10 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, switch (ri->opc1) { case 0: /* AT S1E1R, AT S1E1W, AT S1E1RP, AT S1E1WP */ if (ri->crm == 9 && (env->pstate & PSTATE_PAN)) { - mmu_idx = (secure ? ARMMMUIdx_SE10_1_PAN + mmu_idx = (secure ? ARMMMUIdx_Stage1_SE1_PAN : ARMMMUIdx_Stage1_E1_PAN); } else { - mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_Stage1_E1; + mmu_idx = secure ? ARMMMUIdx_Stage1_SE1 : ARMMMUIdx_Stage1_E1; } break; case 4: /* AT S1E2R, AT S1E2W */ @@ -3688,7 +3689,7 @@ static void ats_write64(CPUARMState *env, const ARMCPRegInfo *ri, } break; case 2: /* AT S1E0R, AT S1E0W */ - mmu_idx = secure ? ARMMMUIdx_SE10_0 : ARMMMUIdx_Stage1_E0; + mmu_idx = secure ? ARMMMUIdx_Stage1_SE0 : ARMMMUIdx_Stage1_E0; break; case 4: /* AT S12E1R, AT S12E1W */ mmu_idx = secure ? ARMMMUIdx_SE10_1 : ARMMMUIdx_E10_1; @@ -10049,7 +10050,7 @@ static inline bool regime_translation_disabled(CPUARMState *env, hcr_el2 = arm_hcr_el2_eff(env); - if (mmu_idx == ARMMMUIdx_Stage2) { + if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { /* HCR.DC means HCR.VM behaves as 1 */ return (hcr_el2 & (HCR_DC | HCR_VM)) == 0; } @@ -10082,6 +10083,9 @@ static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, if (mmu_idx == ARMMMUIdx_Stage2) { return env->cp15.vttbr_el2; } + if (mmu_idx == ARMMMUIdx_Stage2_S) { + return env->cp15.vsttbr_el2; + } if (ttbrn == 0) { return env->cp15.ttbr0_el[regime_el(env, mmu_idx)]; } else { @@ -10097,6 +10101,12 @@ static inline uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx) { switch (mmu_idx) { + case ARMMMUIdx_SE10_0: + return ARMMMUIdx_Stage1_SE0; + case ARMMMUIdx_SE10_1: + return ARMMMUIdx_Stage1_SE1; + case ARMMMUIdx_SE10_1_PAN: + return ARMMMUIdx_Stage1_SE1_PAN; case ARMMMUIdx_E10_0: return ARMMMUIdx_Stage1_E0; case ARMMMUIdx_E10_1: @@ -10141,6 +10151,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_E20_0: case ARMMMUIdx_SE20_0: case ARMMMUIdx_Stage1_E0: + case ARMMMUIdx_Stage1_SE0: case ARMMMUIdx_MUser: case ARMMMUIdx_MSUser: case ARMMMUIdx_MUserNegPri: @@ -10306,6 +10317,7 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64, int wxn = 0; assert(mmu_idx != ARMMMUIdx_Stage2); + assert(mmu_idx != ARMMMUIdx_Stage2_S); user_rw = simple_ap_to_rw_prot_is_user(ap, true); if (is_user) { @@ -10405,7 +10417,21 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, ARMCacheAttrs cacheattrs = {}; MemTxAttrs txattrs = {}; - assert(!*is_secure); /* TODO: S-EL2 */ + if (s2_mmu_idx == ARMMMUIdx_Stage2_S) { + /* Check if page table walk is to secure or non-secure PA space. */ + if (*is_secure) { + *is_secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW); + } else { + *is_secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW); + } + if (*is_secure) { + txattrs.secure = true; + } else { + s2_mmu_idx = ARMMMUIdx_Stage2; + } + } else { + assert(!*is_secure); + } ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, s2_mmu_idx, false, &s2pa, &txattrs, &s2prot, &s2size, fi, @@ -10871,7 +10897,7 @@ static int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { return extract64(tcr, 37, 2); - } else if (mmu_idx == ARMMMUIdx_Stage2) { + } else if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { return 0; /* VTCR_EL2 */ } else { /* Replicate the single TBI bit so we always have 2 bits. */ @@ -10883,7 +10909,7 @@ static int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { return extract64(tcr, 51, 2); - } else if (mmu_idx == ARMMMUIdx_Stage2) { + } else if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { return 0; /* VTCR_EL2 */ } else { /* Replicate the single TBID bit so we always have 2 bits. */ @@ -10913,7 +10939,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, tsz = extract32(tcr, 0, 6); using64k = extract32(tcr, 14, 1); using16k = extract32(tcr, 15, 1); - if (mmu_idx == ARMMMUIdx_Stage2) { + if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { /* VTCR_EL2 */ hpd = false; } else { @@ -10971,6 +10997,8 @@ static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va, int select, tsz; bool epd, hpd; + assert(mmu_idx != ARMMMUIdx_Stage2_S); + if (mmu_idx == ARMMMUIdx_Stage2) { /* VTCR */ bool sext = extract32(tcr, 4, 1); @@ -11136,7 +11164,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, goto do_fault; } - if (mmu_idx != ARMMMUIdx_Stage2) { + if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) { /* The starting level depends on the virtual address size (which can * be up to 48 bits) and the translation granule size. It indicates * the number of strides (stride bits at a time) needed to @@ -11240,7 +11268,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, attrs = extract64(descriptor, 2, 10) | (extract64(descriptor, 52, 12) << 10); - if (mmu_idx == ARMMMUIdx_Stage2) { + if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { /* Stage 2 table descriptors do not include any attribute fields */ break; } @@ -11270,8 +11298,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, ap = extract32(attrs, 4, 2); - if (mmu_idx == ARMMMUIdx_Stage2) { - ns = true; + if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { + if (mmu_idx == ARMMMUIdx_Stage2) { + ns = true; + } xn = extract32(attrs, 11, 2); *prot = get_S2prot(env, ap, xn, s1_is_el0); } else { @@ -11298,7 +11328,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, arm_tlb_bti_gp(txattrs) = true; } - if (mmu_idx == ARMMMUIdx_Stage2) { + if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) { cacheattrs->attrs = convert_stage2_attrs(env, extract32(attrs, 0, 4)); } else { /* Index into MAIR registers for cache attributes */ @@ -11317,7 +11347,8 @@ do_fault: fi->type = fault_type; fi->level = level; /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */ - fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2); + fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 || + mmu_idx == ARMMMUIdx_Stage2_S); return true; } @@ -12133,7 +12164,10 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, { if (mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_E10_1 || - mmu_idx == ARMMMUIdx_E10_1_PAN) { + mmu_idx == ARMMMUIdx_E10_1_PAN || + mmu_idx == ARMMMUIdx_SE10_0 || + mmu_idx == ARMMMUIdx_SE10_1 || + mmu_idx == ARMMMUIdx_SE10_1_PAN) { /* Call ourselves recursively to do the stage 1 and then stage 2 * translations. */ @@ -12141,21 +12175,25 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, hwaddr ipa; int s2_prot; int ret; + ARMMMUIdx s2_mmu_idx; + bool is_el0; ARMCacheAttrs cacheattrs2 = {}; ret = get_phys_addr(env, address, access_type, stage_1_mmu_idx(mmu_idx), &ipa, attrs, prot, page_size, fi, cacheattrs); + s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2; + is_el0 = mmu_idx == ARMMMUIdx_SE10_0 || mmu_idx == ARMMMUIdx_E10_0; + /* If S1 fails or S2 is disabled, return early. */ - if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2)) { + if (ret || regime_translation_disabled(env, s2_mmu_idx)) { *phys_ptr = ipa; return ret; } /* S1 is done. Now do S2 translation. */ - ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_Stage2, - mmu_idx == ARMMMUIdx_E10_0, + ret = get_phys_addr_lpae(env, ipa, access_type, s2_mmu_idx, is_el0, phys_ptr, attrs, &s2_prot, page_size, fi, &cacheattrs2); fi->s2addr = ipa; @@ -12167,6 +12205,18 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, return ret; } + /* Check if IPA translates to secure or non-secure PA space. */ + if (arm_is_secure_below_el3(env)) { + if (attrs->secure) { + attrs->secure = + !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)); + } else { + attrs->secure = + !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW)) + || (env->cp15.vstcr_el2.raw_tcr & VSTCR_SA)); + } + } + /* Combine the S1 and S2 cache attributes. */ if (arm_hcr_el2_eff(env) & HCR_DC) { /* @@ -12250,7 +12300,7 @@ bool get_phys_addr(CPUARMState *env, target_ulong address, * MMU disabled. S1 addresses within aa64 translation regimes are * still checked for bounds -- see AArch64.TranslateAddressS1Off. */ - if (mmu_idx != ARMMMUIdx_Stage2) { + if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) { int r_el = regime_el(env, mmu_idx); if (arm_el_is_aa64(env, r_el)) { int pamax = arm_pamax(env_archcpu(env)); diff --git a/target/arm/internals.h b/target/arm/internals.h index ec6d6dd733..5205e3ad8d 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -851,6 +851,9 @@ static inline bool regime_has_2_ranges(ARMMMUIdx mmu_idx) case ARMMMUIdx_Stage1_E0: case ARMMMUIdx_Stage1_E1: case ARMMMUIdx_Stage1_E1_PAN: + case ARMMMUIdx_Stage1_SE0: + case ARMMMUIdx_Stage1_SE1: + case ARMMMUIdx_Stage1_SE1_PAN: case ARMMMUIdx_E10_0: case ARMMMUIdx_E10_1: case ARMMMUIdx_E10_1_PAN: @@ -896,7 +899,11 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_SE20_0: case ARMMMUIdx_SE20_2: case ARMMMUIdx_SE20_2_PAN: + case ARMMMUIdx_Stage1_SE0: + case ARMMMUIdx_Stage1_SE1: + case ARMMMUIdx_Stage1_SE1_PAN: case ARMMMUIdx_SE2: + case ARMMMUIdx_Stage2_S: case ARMMMUIdx_MSPrivNegPri: case ARMMMUIdx_MSUserNegPri: case ARMMMUIdx_MSPriv: @@ -911,6 +918,7 @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx) { switch (mmu_idx) { case ARMMMUIdx_Stage1_E1_PAN: + case ARMMMUIdx_Stage1_SE1_PAN: case ARMMMUIdx_E10_1_PAN: case ARMMMUIdx_E20_2_PAN: case ARMMMUIdx_SE10_1_PAN: @@ -932,6 +940,7 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_E20_2: case ARMMMUIdx_E20_2_PAN: case ARMMMUIdx_Stage2: + case ARMMMUIdx_Stage2_S: case ARMMMUIdx_SE2: case ARMMMUIdx_E2: return 2; @@ -944,6 +953,9 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) case ARMMMUIdx_Stage1_E0: case ARMMMUIdx_Stage1_E1: case ARMMMUIdx_Stage1_E1_PAN: + case ARMMMUIdx_Stage1_SE0: + case ARMMMUIdx_Stage1_SE1: + case ARMMMUIdx_Stage1_SE1_PAN: case ARMMMUIdx_E10_0: case ARMMMUIdx_E10_1: case ARMMMUIdx_E10_1_PAN: @@ -967,6 +979,13 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx) if (mmu_idx == ARMMMUIdx_Stage2) { return &env->cp15.vtcr_el2; } + if (mmu_idx == ARMMMUIdx_Stage2_S) { + /* + * Note: Secure stage 2 nominally shares fields from VTCR_EL2, but + * those are not currently used by QEMU, so just return VSTCR_EL2. + */ + return &env->cp15.vstcr_el2; + } return &env->cp15.tcr_el[regime_el(env, mmu_idx)]; } @@ -1176,6 +1195,13 @@ static inline bool arm_mmu_idx_is_stage1_of_2(ARMMMUIdx s1_mmu_idx, *s2_mmu_idx = ARMMMUIdx_Stage2; } return true; + case ARMMMUIdx_Stage1_SE0: + case ARMMMUIdx_Stage1_SE1: + case ARMMMUIdx_Stage1_SE1_PAN: + if (s2_mmu_idx != NULL) { + *s2_mmu_idx = ARMMMUIdx_Stage2_S; + } + return true; default: return false; } From patchwork Mon Nov 23 08:02:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CAEEC2D0E4 for ; Mon, 23 Nov 2020 08:06:16 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CCBE1206D4 for ; Mon, 23 Nov 2020 08:06:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CCBE1206D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:50258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6rW-0000Zl-OA for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:06:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35830) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oT-0006KF-0H; Mon, 23 Nov 2020 03:03:05 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54642 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oQ-0004fg-KM; Mon, 23 Nov 2020 03:03:04 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 6560D60533; Mon, 23 Nov 2020 09:02:40 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 13/17] target/arm: handle VMID change in secure state Date: Mon, 23 Nov 2020 10:02:33 +0200 Message-Id: <20201123080237.18465-13-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont The VTTBR write callback so far assumes that the underlying VM lies in non-secure state. This handles the secure state scenario. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/helper.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 9c338a4a97..d46339f344 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4018,10 +4018,15 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri, * the combined stage 1&2 tlbs (EL10_1 and EL10_0). */ if (raw_read(env, ri) != value) { - tlb_flush_by_mmuidx(cs, - ARMMMUIdxBit_E10_1 | - ARMMMUIdxBit_E10_1_PAN | - ARMMMUIdxBit_E10_0); + uint16_t mask = ARMMMUIdxBit_E10_1 | + ARMMMUIdxBit_E10_1_PAN | + ARMMMUIdxBit_E10_0; + + if (arm_is_secure_below_el3(env)) { + mask >>= ARM_MMU_IDX_A_NS; + } + + tlb_flush_by_mmuidx(cs, mask); raw_write(env, ri, value); } } From patchwork Mon Nov 23 08:02:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C136C2D0E4 for ; Mon, 23 Nov 2020 08:15:01 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B811B2078E for ; Mon, 23 Nov 2020 08:15:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B811B2078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:51274 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6zz-00042t-Jf for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:14:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35850) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oT-0006KI-DA; Mon, 23 Nov 2020 03:03:05 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54644 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oQ-0004gM-Ok; Mon, 23 Nov 2020 03:03:05 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 9FE196053E; Mon, 23 Nov 2020 09:02:40 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 14/17] target/arm: set HPFAR_EL2.NS on secure stage 2 faults Date: Mon, 23 Nov 2020 10:02:34 +0200 Message-Id: <20201123080237.18465-14-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont --- target/arm/cpu.h | 2 ++ target/arm/helper.c | 6 ++++++ target/arm/internals.h | 2 ++ target/arm/tlb_helper.c | 3 +++ 4 files changed, 13 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index a5dd0c5ba4..955f5c34d0 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1482,6 +1482,8 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HCR_TWEDEN (1ULL << 59) #define HCR_TWEDEL MAKE_64BIT_MASK(60, 4) +#define HPFAR_NS (1ULL << 63) + #define SCR_NS (1U << 0) #define SCR_IRQ (1U << 1) #define SCR_FIQ (1U << 2) diff --git a/target/arm/helper.c b/target/arm/helper.c index d46339f344..86bf0548d9 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3444,6 +3444,9 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, target_el = 3; } else { env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi.s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } target_el = 2; } take_exc = true; @@ -10446,6 +10449,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } if ((arm_hcr_el2_eff(env) & HCR_PTW) && @@ -10458,6 +10462,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, fi->s2addr = addr; fi->stage2 = true; fi->s1ptw = true; + fi->s1ns = !*is_secure; return ~0; } addr = s2pa; @@ -11354,6 +11359,7 @@ do_fault: /* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */ fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S); + fi->s1ns = mmu_idx == ARMMMUIdx_Stage2; return true; } diff --git a/target/arm/internals.h b/target/arm/internals.h index 5205e3ad8d..c1fc679c18 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -593,6 +593,7 @@ typedef enum ARMFaultType { * @s2addr: Address that caused a fault at stage 2 * @stage2: True if we faulted at stage 2 * @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk + * @s1ns: True if we faulted on a non-secure IPA while in secure state * @ea: True if we should set the EA (external abort type) bit in syndrome */ typedef struct ARMMMUFaultInfo ARMMMUFaultInfo; @@ -603,6 +604,7 @@ struct ARMMMUFaultInfo { int domain; bool stage2; bool s1ptw; + bool s1ns; bool ea; }; diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index b35dc8a011..df85079d9f 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -63,6 +63,9 @@ static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, if (fi->stage2) { target_el = 2; env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi->s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } } same_el = (arm_current_el(env) == target_el); From patchwork Mon Nov 23 08:02:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E660C2D0E4 for ; Mon, 23 Nov 2020 08:17:32 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C9CB32078E for ; Mon, 23 Nov 2020 08:17:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C9CB32078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:57494 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh72Q-0006gM-Qt for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:17:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35858) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oT-0006KY-Hd; Mon, 23 Nov 2020 03:03:05 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54646 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oQ-0004gN-OE; Mon, 23 Nov 2020 03:03:05 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id DBA9E60563; Mon, 23 Nov 2020 09:02:40 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 15/17] target/arm: add ARMv8.4-SEL2 extension Date: Mon, 23 Nov 2020 10:02:35 +0200 Message-Id: <20201123080237.18465-15-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont This adds handling for the SCR_EL3.EEL2 bit. A translation block flag is added in A32 mode to route exceptions correctly from AArch32 S-EL1 to (AArch64) S-EL2. Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu.c | 2 +- target/arm/cpu.h | 11 ++++++++--- target/arm/helper.c | 22 +++++++++++++++++++--- target/arm/translate.c | 6 ++++-- target/arm/translate.h | 1 + 5 files changed, 33 insertions(+), 9 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 48b34080ce..5bfffd5fe8 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -476,7 +476,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, * masked from Secure state. The HCR and SCR settings * don't affect the masking logic, only the interrupt routing. */ - if (target_el == 3 || !secure) { + if (target_el == 3 || !secure || (env->cp15.scr_el3 & SCR_EEL2)) { unmasked = true; } } else { diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 955f5c34d0..464e600a44 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2062,7 +2062,10 @@ static inline bool arm_is_secure(CPUARMState *env) static inline bool arm_is_el2_enabled(CPUARMState *env) { if (arm_feature(env, ARM_FEATURE_EL2)) { - return !arm_is_secure_below_el3(env); + if (arm_is_secure_below_el3(env)) { + return (env->cp15.scr_el3 & SCR_EEL2) != 0; + } + return true; } return false; } @@ -2109,7 +2112,8 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int el) return aa64; } - if (arm_feature(env, ARM_FEATURE_EL3)) { + if (arm_feature(env, ARM_FEATURE_EL3) && + ((env->cp15.scr_el3 & SCR_NS) || !(env->cp15.scr_el3 & SCR_EEL2))) { aa64 = aa64 && (env->cp15.scr_el3 & SCR_RW); } @@ -3265,7 +3269,7 @@ typedef ARMCPU ArchCPU; * We put flags which are shared between 32 and 64 bit mode at the top * of the word, and flags which apply to only one mode at the bottom. * - * 31 20 18 14 9 0 + * 31 20 19 14 9 0 * +--------------+-----+-----+----------+--------------+ * | | | TBFLAG_A32 | | * | | +-----+----------+ TBFLAG_AM32 | @@ -3314,6 +3318,7 @@ FIELD(TBFLAG_A32, HSTR_ACTIVE, 16, 1) * the same thing as the current security state of the processor! */ FIELD(TBFLAG_A32, NS, 17, 1) +FIELD(TBFLAG_A32, EEL2, 18, 1) /* * Bit usage when in AArch32 state, for M-profile only. diff --git a/target/arm/helper.c b/target/arm/helper.c index 86bf0548d9..af43783339 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -532,6 +532,9 @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env, return CP_ACCESS_OK; } if (arm_is_secure_below_el3(env)) { + if (env->cp15.scr_el3 & SCR_EEL2) { + return CP_ACCESS_TRAP_EL2; + } return CP_ACCESS_TRAP_EL3; } /* This will be EL1 NS and EL2 NS, which just UNDEF */ @@ -2029,6 +2032,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) if (cpu_isar_feature(aa64_pauth, cpu)) { valid_mask |= SCR_API | SCR_APK; } + if (cpu_isar_feature(aa64_sel2, cpu)) { + valid_mask |= SCR_EEL2; + } if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |= SCR_ATA; } @@ -3387,13 +3393,16 @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { if (ri->opc2 & 4) { - /* The ATS12NSO* operations must trap to EL3 if executed in + /* The ATS12NSO* operations must trap to EL3 or EL2 if executed in * Secure EL1 (which can only happen if EL3 is AArch64). * They are simply UNDEF if executed from NS EL1. * They function normally from EL2 or EL3. */ if (arm_current_el(env) == 1) { if (arm_is_secure_below_el3(env)) { + if (env->cp15.scr_el3 & SCR_EEL2) { + return CP_ACCESS_TRAP_UNCATEGORIZED_EL2; + } return CP_ACCESS_TRAP_UNCATEGORIZED_EL3; } return CP_ACCESS_TRAP_UNCATEGORIZED; @@ -3656,7 +3665,8 @@ static void ats1h_write(CPUARMState *env, const ARMCPRegInfo *ri, static CPAccessResult at_s1e2_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { - if (arm_current_el(env) == 3 && !(env->cp15.scr_el3 & SCR_NS)) { + if (arm_current_el(env) == 3 && + !(env->cp15.scr_el3 & (SCR_NS | SCR_EEL2))) { return CP_ACCESS_TRAP; } return CP_ACCESS_OK; @@ -5755,12 +5765,15 @@ static CPAccessResult nsacr_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { /* The NSACR is RW at EL3, and RO for NS EL1 and NS EL2. - * At Secure EL1 it traps to EL3. + * At Secure EL1 it traps to EL3 or EL2. */ if (arm_current_el(env) == 3) { return CP_ACCESS_OK; } if (arm_is_secure_below_el3(env)) { + if (env->cp15.scr_el3 & SCR_EEL2) { + return CP_ACCESS_TRAP_EL2; + } return CP_ACCESS_TRAP_EL3; } /* Accesses from EL1 NS and EL2 NS are UNDEF for write but allow reads. */ @@ -12898,6 +12911,9 @@ static uint32_t rebuild_hflags_common_32(CPUARMState *env, int fp_el, flags = FIELD_DP32(flags, TBFLAG_ANY, BE_DATA, 1); } flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env)); + if (arm_is_secure_below_el3(env) && (env->cp15.scr_el3 & SCR_EEL2)) { + flags = FIELD_DP32(flags, TBFLAG_A32, EEL2, 1); + } return rebuild_hflags_common(env, fp_el, mmu_idx, flags); } diff --git a/target/arm/translate.c b/target/arm/translate.c index 6d04ca3a8a..4e93cfeeba 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -2780,9 +2780,10 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn, } if (s->current_el == 1) { /* If we're in Secure EL1 (which implies that EL3 is AArch64) - * then accesses to Mon registers trap to EL3 + * then accesses to Mon registers trap to Secure EL2 if it exists + * otherwise EL3. */ - exc_target = 3; + exc_target = s->sel2 ? 2 : 3; goto undef; } break; @@ -8800,6 +8801,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B); dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE); dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS); + dc->sel2 = FIELD_EX32(tb_flags, TBFLAG_A32, EEL2); dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN); if (arm_feature(env, ARM_FEATURE_XSCALE)) { dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR); diff --git a/target/arm/translate.h b/target/arm/translate.h index 423b0e08df..bf3624791b 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -32,6 +32,7 @@ typedef struct DisasContext { uint8_t tbid; /* TBI1|TBI0 for data */ uint8_t tcma; /* TCMA1|TCMA0 for MTE */ bool ns; /* Use non-secure CPREG bank on access */ + bool sel2; /* Secure EL2 enabled (only used in AArch32) */ int fp_excp_el; /* FP exception EL or 0 if enabled */ int sve_excp_el; /* SVE exception EL or 0 if enabled */ int sve_len; /* SVE vector length in bytes */ From patchwork Mon Nov 23 08:02:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20BEDC56202 for ; Mon, 23 Nov 2020 08:22:31 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7A500206FA for ; Mon, 23 Nov 2020 08:22:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7A500206FA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:44510 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh77F-0004cq-Eh for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:22:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35860) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oT-0006LL-VY; Mon, 23 Nov 2020 03:03:06 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54628 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oR-0004f5-AI; Mon, 23 Nov 2020 03:03:05 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 2678F5FD4A; Mon, 23 Nov 2020 09:02:41 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 16/17] target/arm: enable Secure EL2 in max CPU Date: Mon, 23 Nov 2020 10:02:36 +0200 Message-Id: <20201123080237.18465-16-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont Reviewed-by: Richard Henderson --- target/arm/cpu64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 649213082f..8c3749268e 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -641,6 +641,7 @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1); t = FIELD_DP64(t, ID_AA64PFR0, FP, 1); t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1); + t = FIELD_DP64(t, ID_AA64PFR0, SEL2, 1); cpu->isar.id_aa64pfr0 = t; t = cpu->isar.id_aa64pfr1; From patchwork Mon Nov 23 08:02:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= X-Patchwork-Id: 11924559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9364CC56202 for ; Mon, 23 Nov 2020 08:24:32 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BC01D20719 for ; Mon, 23 Nov 2020 08:24:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BC01D20719 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:50444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh79C-00073u-AE for qemu-devel@archiver.kernel.org; Mon, 23 Nov 2020 03:24:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35864) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh6oU-0006LT-5S; Mon, 23 Nov 2020 03:03:06 -0500 Received: from poy.remlab.net ([2001:41d0:2:5a1a::]:54648 helo=ns207790.ip-94-23-215.eu) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh6oR-0004h4-Eo; Mon, 23 Nov 2020 03:03:05 -0500 Received: from basile.remlab.net (ip6-localhost [IPv6:::1]) by ns207790.ip-94-23-215.eu (Postfix) with ESMTP id 61A1760351; Mon, 23 Nov 2020 09:02:41 +0100 (CET) From: remi.denis.courmont@huawei.com To: qemu-arm@nongnu.org Subject: [PATCH 17/17] target/arm: refactor vae1_tlbmask() Date: Mon, 23 Nov 2020 10:02:37 +0200 Message-Id: <20201123080237.18465-17-remi.denis.courmont@huawei.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <3333301.iIbC2pHGDl@basile.remlab.net> References: <3333301.iIbC2pHGDl@basile.remlab.net> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:41d0:2:5a1a::; envelope-from=remi@remlab.net; helo=ns207790.ip-94-23-215.eu X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Rémi Denis-Courmont Signed-off-by: Rémi Denis-Courmont --- target/arm/helper.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index af43783339..595080d137 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4469,26 +4469,23 @@ static CPAccessResult aa64_cacheop_pou_access(CPUARMState *env, static int vae1_tlbmask(CPUARMState *env) { uint64_t hcr = arm_hcr_el2_eff(env); + uint16_t mask; if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) { - uint16_t mask = ARMMMUIdxBit_E20_2 | - ARMMMUIdxBit_E20_2_PAN | - ARMMMUIdxBit_E20_0; - - if (arm_is_secure_below_el3(env)) { - mask >>= ARM_MMU_IDX_A_NS; - } - - return mask; - } else if (arm_is_secure_below_el3(env)) { - return ARMMMUIdxBit_SE10_1 | - ARMMMUIdxBit_SE10_1_PAN | - ARMMMUIdxBit_SE10_0; + mask = ARMMMUIdxBit_E20_2 | + ARMMMUIdxBit_E20_2_PAN | + ARMMMUIdxBit_E20_0; } else { - return ARMMMUIdxBit_E10_1 | + mask = ARMMMUIdxBit_E10_1 | ARMMMUIdxBit_E10_1_PAN | ARMMMUIdxBit_E10_0; } + + if (arm_is_secure_below_el3(env)) { + mask >>= ARM_MMU_IDX_A_NS; + } + + return mask; } /* Return 56 if TBI is enabled, 64 otherwise. */