Message ID | 1422557717-19120-10-git-send-email-peter.maydell@linaro.org |
---|---|
State | New |
Headers | show |
On Thu, Jan 29, 2015 at 06:55:15PM +0000, Peter Maydell wrote: > Now we have the mmu_idx in get_phys_addr(), use it correctly to > determine the behaviour of virtual to physical address translations, > rather than using just an is_user flag and the current CPU state. > > Some TODO comments have been added to indicate where changes will > need to be made to add EL2 and 64-bit EL3 support. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > target-arm/helper.c | 214 +++++++++++++++++++++++++++++++++++++++------------- > 1 file changed, 163 insertions(+), 51 deletions(-) > > diff --git a/target-arm/helper.c b/target-arm/helper.c > index 589a074..042ee7a 100644 > --- a/target-arm/helper.c > +++ b/target-arm/helper.c > @@ -4556,13 +4556,91 @@ void arm_cpu_do_interrupt(CPUState *cs) > cs->interrupt_request |= CPU_INTERRUPT_EXITTB; > } > > + > +/* Return the exception level which controls this address translation regime */ > +static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + switch (mmu_idx) { > + case ARMMMUIdx_S2NS: > + case ARMMMUIdx_S1E2: > + return 2; > + case ARMMMUIdx_S1E3: > + return 3; > + case ARMMMUIdx_S1SE0: > + return arm_el_is_aa64(env, 3) ? 1 : 3; > + case ARMMMUIdx_S1SE1: > + case ARMMMUIdx_S1NSE0: > + case ARMMMUIdx_S1NSE1: > + return 1; > + default: > + g_assert_not_reached(); > + } > +} > + > +/* Return the SCTLR value which controls this address translation regime */ > +static inline uint32_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + return env->cp15.sctlr_el[regime_el(env, mmu_idx)]; > +} > + > +/* Return true if the specified stage of address translation is disabled */ > +static inline bool regime_translation_disabled(CPUARMState *env, > + ARMMMUIdx mmu_idx) > +{ > + if (mmu_idx == ARMMMUIdx_S2NS) { > + return (env->cp15.hcr_el2 & HCR_VM) == 0; > + } > + return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0; > +} > + > +/* Return the TCR controlling this translation regime */ > +static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + if (mmu_idx == ARMMMUIdx_S2NS) { > + /* TODO: return VTCR_EL2 */ > + g_assert_not_reached(); > + } > + return &env->cp15.tcr_el[regime_el(env, mmu_idx)]; > +} > + > +/* Return true if the translation regime is using LPAE format page tables */ > +static inline bool regime_using_lpae_format(CPUARMState *env, > + ARMMMUIdx mmu_idx) > +{ > + int el = regime_el(env, mmu_idx); > + if (el == 2 || arm_el_is_aa64(env, el)) { > + return true; > + } > + if (arm_feature(env, ARM_FEATURE_LPAE) > + && (regime_tcr(env, mmu_idx)->raw_tcr & TTBCR_EAE)) { > + return true; > + } > + return false; > +} > + > +static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + switch (mmu_idx) { > + case ARMMMUIdx_S1SE0: > + case ARMMMUIdx_S1NSE0: > + return true; > + default: > + return false; > + case ARMMMUIdx_S12NSE0: > + case ARMMMUIdx_S12NSE1: > + g_assert_not_reached(); > + } > +} > + > /* Check section/page access permissions. > Returns the page protection flags, or zero if the access is not > permitted. */ > -static inline int check_ap(CPUARMState *env, int ap, int domain_prot, > - int access_type, int is_user) > +static inline int check_ap(CPUARMState *env, ARMMMUIdx mmu_idx, > + int ap, int domain_prot, > + int access_type) > { > int prot_ro; > + bool is_user = regime_is_user(env, mmu_idx); > > if (domain_prot == 3) { > return PAGE_READ | PAGE_WRITE; > @@ -4580,7 +4658,7 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot, > } > if (access_type == 1) > return 0; > - switch (A32_BANKED_CURRENT_REG_GET(env, sctlr) & (SCTLR_S | SCTLR_R)) { > + switch (regime_sctlr(env, mmu_idx) & (SCTLR_S | SCTLR_R)) { > case SCTLR_S: > return is_user ? 0 : PAGE_READ; > case SCTLR_R: > @@ -4612,35 +4690,32 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot, > } > } > > -static bool get_level1_table_address(CPUARMState *env, uint32_t *table, > - uint32_t address) > +static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx, > + uint32_t *table, uint32_t address) > { > - /* Get the TCR bank based on our security state */ > - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; > + /* Note that we can only get here for an AArch32 PL0/PL1 lookup */ > + int el = regime_el(env, mmu_idx); > + TCR *tcr = regime_tcr(env, mmu_idx); > > - /* We only get here if EL1 is running in AArch32. If EL3 is running in > - * AArch32 there is a secure and non-secure instance of the translation > - * table registers. > - */ > if (address & tcr->mask) { > if (tcr->raw_tcr & TTBCR_PD1) { > /* Translation table walk disabled for TTBR1 */ > return false; > } > - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr1) & 0xffffc000; > + *table = env->cp15.ttbr1_el[el] & 0xffffc000; > } else { > if (tcr->raw_tcr & TTBCR_PD0) { > /* Translation table walk disabled for TTBR0 */ > return false; > } > - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr0) & tcr->base_mask; > + *table = env->cp15.ttbr0_el[el] & tcr->base_mask; > } > *table |= (address >> 18) & 0x3ffc; > return true; > } > > static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, > - int is_user, hwaddr *phys_ptr, > + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, > int *prot, target_ulong *page_size) > { > CPUState *cs = CPU(arm_env_get_cpu(env)); > @@ -4652,10 +4727,11 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, > int domain = 0; > int domain_prot; > hwaddr phys_addr; > + uint32_t dacr; > > /* Pagetable walk. */ > /* Lookup l1 descriptor. */ > - if (!get_level1_table_address(env, &table, address)) { > + if (!get_level1_table_address(env, mmu_idx, &table, address)) { > /* Section translation fault if page walk is disabled by PD0 or PD1 */ > code = 5; > goto do_fault; > @@ -4663,7 +4739,12 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, > desc = ldl_phys(cs->as, table); > type = (desc & 3); > domain = (desc >> 5) & 0x0f; > - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) & 3; > + if (regime_el(env, mmu_idx) == 1) { > + dacr = env->cp15.dacr_ns; > + } else { > + dacr = env->cp15.dacr_s; > + } > + domain_prot = (dacr >> (domain * 2)) & 3; > if (type == 0) { > /* Section translation fault. */ > code = 5; > @@ -4727,7 +4808,7 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, > } > code = 15; > } > - *prot = check_ap(env, ap, domain_prot, access_type, is_user); > + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); > if (!*prot) { > /* Access permission fault. */ > goto do_fault; > @@ -4740,7 +4821,7 @@ do_fault: > } > > static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, > - int is_user, hwaddr *phys_ptr, > + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, > int *prot, target_ulong *page_size) > { > CPUState *cs = CPU(arm_env_get_cpu(env)); > @@ -4754,10 +4835,11 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, > int domain = 0; > int domain_prot; > hwaddr phys_addr; > + uint32_t dacr; > > /* Pagetable walk. */ > /* Lookup l1 descriptor. */ > - if (!get_level1_table_address(env, &table, address)) { > + if (!get_level1_table_address(env, mmu_idx, &table, address)) { > /* Section translation fault if page walk is disabled by PD0 or PD1 */ > code = 5; > goto do_fault; > @@ -4775,7 +4857,12 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, > /* Page or Section. */ > domain = (desc >> 5) & 0x0f; > } > - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) & 3; > + if (regime_el(env, mmu_idx) == 1) { > + dacr = env->cp15.dacr_ns; > + } else { > + dacr = env->cp15.dacr_s; > + } > + domain_prot = (dacr >> (domain * 2)) & 3; > if (domain_prot == 0 || domain_prot == 2) { > if (type != 1) { > code = 9; /* Section domain fault. */ > @@ -4829,20 +4916,20 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, > if (domain_prot == 3) { > *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > } else { > - if (pxn && !is_user) { > + if (pxn && !regime_is_user(env, mmu_idx)) { > xn = 1; > } > if (xn && access_type == 2) > goto do_fault; > > /* The simplified model uses AP[0] as an access control bit. */ > - if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) & SCTLR_AFE) > + if ((regime_sctlr(env, mmu_idx) & SCTLR_AFE) > && (ap & 1) == 0) { > /* Access flag fault. */ > code = (code == 15) ? 6 : 3; > goto do_fault; > } > - *prot = check_ap(env, ap, domain_prot, access_type, is_user); > + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); > if (!*prot) { > /* Access permission fault. */ > goto do_fault; > @@ -4867,7 +4954,7 @@ typedef enum { > } MMUFaultType; > > static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > - int access_type, int is_user, > + int access_type, ARMMMUIdx mmu_idx, > hwaddr *phys_ptr, int *prot, > target_ulong *page_size_ptr) > { > @@ -4887,9 +4974,17 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > int32_t granule_sz = 9; > int32_t va_size = 32; > int32_t tbi = 0; > - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; > - > - if (arm_el_is_aa64(env, 1)) { > + bool is_user; > + TCR *tcr = regime_tcr(env, mmu_idx); > + > + /* TODO: > + * This code assumes we're either a 64-bit EL1 or a 32-bit PL1; > + * it doesn't handle the different format TCR for TCR_EL2, TCR_EL3, > + * and VTCR_EL2, or the fact that those regimes don't have a split > + * TTBR0/TTBR1. Attribute and permission bit handling should also > + * be checked when adding support for those page table walks. > + */ > + if (arm_el_is_aa64(env, regime_el(env, mmu_idx))) { > va_size = 64; > if (extract64(address, 55, 1)) > tbi = extract64(tcr->raw_tcr, 38, 1); > @@ -4904,12 +4999,12 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32: > */ > uint32_t t0sz = extract32(tcr->raw_tcr, 0, 6); > - if (arm_el_is_aa64(env, 1)) { > + if (va_size == 64) { > t0sz = MIN(t0sz, 39); > t0sz = MAX(t0sz, 16); > } > uint32_t t1sz = extract32(tcr->raw_tcr, 16, 6); > - if (arm_el_is_aa64(env, 1)) { > + if (va_size == 64) { > t1sz = MIN(t1sz, 39); > t1sz = MAX(t1sz, 16); > } > @@ -4964,6 +5059,10 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > } > } > > + /* Here we should have set up all the parameters for the translation: > + * va_size, ttbr, epd, tsz, granule_sz, tbi > + */ > + > if (epd) { > /* Translation table walk disabled => Translation fault on TLB miss */ > goto do_fault; > @@ -5049,6 +5148,7 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > goto do_fault; > } > fault_type = permission_fault; > + is_user = regime_is_user(env, mmu_idx); > if (is_user && !(attrs & (1 << 4))) { > /* Unprivileged access not enabled */ > goto do_fault; > @@ -5083,12 +5183,13 @@ do_fault: > } > > static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, > - int access_type, int is_user, > + int access_type, ARMMMUIdx mmu_idx, > hwaddr *phys_ptr, int *prot) > { > int n; > uint32_t mask; > uint32_t base; > + bool is_user = regime_is_user(env, mmu_idx); > > *phys_ptr = address; > for (n = 7; n >= 0; n--) { > @@ -5171,39 +5272,50 @@ static inline int get_phys_addr(CPUARMState *env, target_ulong address, > hwaddr *phys_ptr, int *prot, > target_ulong *page_size) > { > - /* This is not entirely correct as get_phys_addr() can also be called > - * from ats_write() for an address translation of a specific regime. > - */ > - uint32_t sctlr = A32_BANKED_CURRENT_REG_GET(env, sctlr); > - > - /* This will go away when we handle mmu_idx properly here */ > - int is_user = (mmu_idx == ARMMMUIdx_S12NSE0 || > - mmu_idx == ARMMMUIdx_S1SE0 || > - mmu_idx == ARMMMUIdx_S1NSE0); > + if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) { > + /* TODO: when we support EL2 we should here call ourselves recursively > + * to do the stage 1 and then stage 2 translations. The ldl_phys > + * calls for stage 1 will also need changing. > + * For non-EL2 CPUs a stage1+stage2 translation is just stage 1. > + */ > + assert(!arm_feature(env, ARM_FEATURE_EL2)); > + mmu_idx += ARMMMUIdx_S1NSE0; I'm not sure I understand this. Did you mean the following? mmu_idx = ARMMMUIdx_S1NSE0; Maybe you can relax the assert to check for FEATURE_EL2 and hcr_el2 & HCR_VM ? And not change the mmu_idx. Cheers, Edgar > + } > > - /* Fast Context Switch Extension. */ > - if (address < 0x02000000) { > - address += A32_BANKED_CURRENT_REG_GET(env, fcseidr); > + /* Fast Context Switch Extension. This doesn't exist at all in v8. > + * In v7 and earlier it affects all stage 1 translations. > + */ > + if (address < 0x02000000 && mmu_idx != ARMMMUIdx_S2NS > + && !arm_feature(env, ARM_FEATURE_V8)) { > + if (regime_el(env, mmu_idx) == 3) { > + address += env->cp15.fcseidr_s; > + } else { > + address += env->cp15.fcseidr_ns; > + } > } > > - if ((sctlr & SCTLR_M) == 0) { > + if (regime_translation_disabled(env, mmu_idx)) { > /* MMU/MPU disabled. */ > *phys_ptr = address; > *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > *page_size = TARGET_PAGE_SIZE; > return 0; > - } else if (arm_feature(env, ARM_FEATURE_MPU)) { > + } > + > + if (arm_feature(env, ARM_FEATURE_MPU)) { > *page_size = TARGET_PAGE_SIZE; > - return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr, > - prot); > - } else if (extended_addresses_enabled(env)) { > - return get_phys_addr_lpae(env, address, access_type, is_user, phys_ptr, > + return get_phys_addr_mpu(env, address, access_type, mmu_idx, phys_ptr, > + prot); > + } > + > + if (regime_using_lpae_format(env, mmu_idx)) { > + return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr, > prot, page_size); > - } else if (sctlr & SCTLR_XP) { > - return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr, > + } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) { > + return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr, > prot, page_size); > } else { > - return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr, > + return get_phys_addr_v5(env, address, access_type, mmu_idx, phys_ptr, > prot, page_size); > } > } > -- > 1.9.1 >
On 30 January 2015 at 02:03, Edgar E. Iglesias <edgar.iglesias@gmail.com> wrote: > On Thu, Jan 29, 2015 at 06:55:15PM +0000, Peter Maydell wrote: >> Now we have the mmu_idx in get_phys_addr(), use it correctly to >> determine the behaviour of virtual to physical address translations, >> rather than using just an is_user flag and the current CPU state. >> >> Some TODO comments have been added to indicate where changes will >> need to be made to add EL2 and 64-bit EL3 support. >> - /* This will go away when we handle mmu_idx properly here */ >> - int is_user = (mmu_idx == ARMMMUIdx_S12NSE0 || >> - mmu_idx == ARMMMUIdx_S1SE0 || >> - mmu_idx == ARMMMUIdx_S1NSE0); >> + if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) { >> + /* TODO: when we support EL2 we should here call ourselves recursively >> + * to do the stage 1 and then stage 2 translations. The ldl_phys >> + * calls for stage 1 will also need changing. >> + * For non-EL2 CPUs a stage1+stage2 translation is just stage 1. >> + */ >> + assert(!arm_feature(env, ARM_FEATURE_EL2)); >> + mmu_idx += ARMMMUIdx_S1NSE0; > > I'm not sure I understand this. Did you mean the following? > mmu_idx = ARMMMUIdx_S1NSE0; No. This code is handling "we asked for a stage1+2 EL0 or EL1 lookup but we don't have EL2". In this case these degrade to the equivalent stage-1-only lookups: S12NSE0 -> S1NSE0 S12NSE1 -> S1NSE1 We're relying on S12NSE0 being zero and the E0/E1 indexes being consecutive on both sides. > Maybe you can relax the assert to check for FEATURE_EL2 and hcr_el2 & HCR_VM ? > And not change the mmu_idx. The assert is here to say "if you want to implement EL2 there is work to do here". For EL2, this is going to look something like: if (arm_feature(env, ARM_FEATURE_EL2 && (hcr_el2 & HCR_VM)) { /* stage 2 exists and is enabled */ hwaddr ipa; get_phys_addr(env, addr, &ipa, ..., stage 1 mmuidx, ...); handle stage 1 faults; get_phys_addr(env, ipa, &physaddr, ...., stage 2 mmuidx, ...); handle stage 2 faults; combine protection etc info from stage 1 and stage 2; return final physaddr for combined lookup; } That's quite a bit of extra code, so it's deferred til we actually implement EL2, and in the meantime we assert as a marker for "if you hit this you need to implement all that". -- PMM
On Thu, Jan 29, 2015 at 12:55 PM, Peter Maydell <peter.maydell@linaro.org> wrote: > Now we have the mmu_idx in get_phys_addr(), use it correctly to > determine the behaviour of virtual to physical address translations, > rather than using just an is_user flag and the current CPU state. > > Some TODO comments have been added to indicate where changes will > need to be made to add EL2 and 64-bit EL3 support. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > target-arm/helper.c | 214 > +++++++++++++++++++++++++++++++++++++++------------- > 1 file changed, 163 insertions(+), 51 deletions(-) > > diff --git a/target-arm/helper.c b/target-arm/helper.c > index 589a074..042ee7a 100644 > --- a/target-arm/helper.c > +++ b/target-arm/helper.c > @@ -4556,13 +4556,91 @@ void arm_cpu_do_interrupt(CPUState *cs) > cs->interrupt_request |= CPU_INTERRUPT_EXITTB; > } > > + > +/* Return the exception level which controls this address translation > regime */ > +static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + switch (mmu_idx) { > + case ARMMMUIdx_S2NS: > + case ARMMMUIdx_S1E2: > + return 2; > + case ARMMMUIdx_S1E3: > + return 3; > + case ARMMMUIdx_S1SE0: > + return arm_el_is_aa64(env, 3) ? 1 : 3; > + case ARMMMUIdx_S1SE1: > + case ARMMMUIdx_S1NSE0: > + case ARMMMUIdx_S1NSE1: > + return 1; > + default: > + g_assert_not_reached(); > + } > +} > + > +/* Return the SCTLR value which controls this address translation regime > */ > +static inline uint32_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + return env->cp15.sctlr_el[regime_el(env, mmu_idx)]; > +} > + > +/* Return true if the specified stage of address translation is disabled > */ > +static inline bool regime_translation_disabled(CPUARMState *env, > + ARMMMUIdx mmu_idx) > +{ > + if (mmu_idx == ARMMMUIdx_S2NS) { > + return (env->cp15.hcr_el2 & HCR_VM) == 0; > + } > + return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0; > +} > + > +/* Return the TCR controlling this translation regime */ > +static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + if (mmu_idx == ARMMMUIdx_S2NS) { > + /* TODO: return VTCR_EL2 */ > + g_assert_not_reached(); > + } > + return &env->cp15.tcr_el[regime_el(env, mmu_idx)]; > +} > + > +/* Return true if the translation regime is using LPAE format page tables > */ > +static inline bool regime_using_lpae_format(CPUARMState *env, > + ARMMMUIdx mmu_idx) > +{ > + int el = regime_el(env, mmu_idx); > + if (el == 2 || arm_el_is_aa64(env, el)) { > + return true; > + } > + if (arm_feature(env, ARM_FEATURE_LPAE) > + && (regime_tcr(env, mmu_idx)->raw_tcr & TTBCR_EAE)) { > + return true; > + } > + return false; > +} > + > +static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx) > +{ > + switch (mmu_idx) { > + case ARMMMUIdx_S1SE0: > + case ARMMMUIdx_S1NSE0: > + return true; > + default: > + return false; > + case ARMMMUIdx_S12NSE0: > + case ARMMMUIdx_S12NSE1: > + g_assert_not_reached(); > + } > +} > + > /* Check section/page access permissions. > Returns the page protection flags, or zero if the access is not > permitted. */ > -static inline int check_ap(CPUARMState *env, int ap, int domain_prot, > - int access_type, int is_user) > +static inline int check_ap(CPUARMState *env, ARMMMUIdx mmu_idx, > + int ap, int domain_prot, > + int access_type) > { > int prot_ro; > + bool is_user = regime_is_user(env, mmu_idx); > > if (domain_prot == 3) { > return PAGE_READ | PAGE_WRITE; > @@ -4580,7 +4658,7 @@ static inline int check_ap(CPUARMState *env, int ap, > int domain_prot, > } > if (access_type == 1) > return 0; > - switch (A32_BANKED_CURRENT_REG_GET(env, sctlr) & (SCTLR_S | > SCTLR_R)) { > + switch (regime_sctlr(env, mmu_idx) & (SCTLR_S | SCTLR_R)) { > case SCTLR_S: > return is_user ? 0 : PAGE_READ; > case SCTLR_R: > @@ -4612,35 +4690,32 @@ static inline int check_ap(CPUARMState *env, int > ap, int domain_prot, > } > } > > -static bool get_level1_table_address(CPUARMState *env, uint32_t *table, > - uint32_t address) > +static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx, > + uint32_t *table, uint32_t address) > { > - /* Get the TCR bank based on our security state */ > - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; > + /* Note that we can only get here for an AArch32 PL0/PL1 lookup */ > + int el = regime_el(env, mmu_idx); > + TCR *tcr = regime_tcr(env, mmu_idx); > > - /* We only get here if EL1 is running in AArch32. If EL3 is running in > - * AArch32 there is a secure and non-secure instance of the > translation > - * table registers. > - */ > if (address & tcr->mask) { > if (tcr->raw_tcr & TTBCR_PD1) { > /* Translation table walk disabled for TTBR1 */ > return false; > } > - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr1) & 0xffffc000; > + *table = env->cp15.ttbr1_el[el] & 0xffffc000; > } else { > if (tcr->raw_tcr & TTBCR_PD0) { > /* Translation table walk disabled for TTBR0 */ > return false; > } > - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr0) & tcr->base_mask; > + *table = env->cp15.ttbr0_el[el] & tcr->base_mask; > } > *table |= (address >> 18) & 0x3ffc; > return true; > } > > static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int > access_type, > - int is_user, hwaddr *phys_ptr, > + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, > int *prot, target_ulong *page_size) > { > CPUState *cs = CPU(arm_env_get_cpu(env)); > @@ -4652,10 +4727,11 @@ static int get_phys_addr_v5(CPUARMState *env, > uint32_t address, int access_type, > int domain = 0; > int domain_prot; > hwaddr phys_addr; > + uint32_t dacr; > > /* Pagetable walk. */ > /* Lookup l1 descriptor. */ > - if (!get_level1_table_address(env, &table, address)) { > + if (!get_level1_table_address(env, mmu_idx, &table, address)) { > /* Section translation fault if page walk is disabled by PD0 or > PD1 */ > code = 5; > goto do_fault; > @@ -4663,7 +4739,12 @@ static int get_phys_addr_v5(CPUARMState *env, > uint32_t address, int access_type, > desc = ldl_phys(cs->as, table); > type = (desc & 3); > domain = (desc >> 5) & 0x0f; > - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) > & 3; > + if (regime_el(env, mmu_idx) == 1) { > + dacr = env->cp15.dacr_ns; > + } else { > + dacr = env->cp15.dacr_s; > + } > + domain_prot = (dacr >> (domain * 2)) & 3; > if (type == 0) { > /* Section translation fault. */ > code = 5; > @@ -4727,7 +4808,7 @@ static int get_phys_addr_v5(CPUARMState *env, > uint32_t address, int access_type, > } > code = 15; > } > - *prot = check_ap(env, ap, domain_prot, access_type, is_user); > + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); > if (!*prot) { > /* Access permission fault. */ > goto do_fault; > @@ -4740,7 +4821,7 @@ do_fault: > } > > static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int > access_type, > - int is_user, hwaddr *phys_ptr, > + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, > int *prot, target_ulong *page_size) > { > CPUState *cs = CPU(arm_env_get_cpu(env)); > @@ -4754,10 +4835,11 @@ static int get_phys_addr_v6(CPUARMState *env, > uint32_t address, int access_type, > int domain = 0; > int domain_prot; > hwaddr phys_addr; > + uint32_t dacr; > > /* Pagetable walk. */ > /* Lookup l1 descriptor. */ > - if (!get_level1_table_address(env, &table, address)) { > + if (!get_level1_table_address(env, mmu_idx, &table, address)) { > /* Section translation fault if page walk is disabled by PD0 or > PD1 */ > code = 5; > goto do_fault; > @@ -4775,7 +4857,12 @@ static int get_phys_addr_v6(CPUARMState *env, > uint32_t address, int access_type, > /* Page or Section. */ > domain = (desc >> 5) & 0x0f; > } > - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) > & 3; > + if (regime_el(env, mmu_idx) == 1) { > + dacr = env->cp15.dacr_ns; > + } else { > + dacr = env->cp15.dacr_s; > + } > + domain_prot = (dacr >> (domain * 2)) & 3; > if (domain_prot == 0 || domain_prot == 2) { > if (type != 1) { > code = 9; /* Section domain fault. */ > @@ -4829,20 +4916,20 @@ static int get_phys_addr_v6(CPUARMState *env, > uint32_t address, int access_type, > if (domain_prot == 3) { > *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > } else { > - if (pxn && !is_user) { > + if (pxn && !regime_is_user(env, mmu_idx)) { > xn = 1; > } > if (xn && access_type == 2) > goto do_fault; > > /* The simplified model uses AP[0] as an access control bit. */ > - if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) & SCTLR_AFE) > + if ((regime_sctlr(env, mmu_idx) & SCTLR_AFE) > && (ap & 1) == 0) { > /* Access flag fault. */ > code = (code == 15) ? 6 : 3; > goto do_fault; > } > - *prot = check_ap(env, ap, domain_prot, access_type, is_user); > + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); > if (!*prot) { > /* Access permission fault. */ > goto do_fault; > @@ -4867,7 +4954,7 @@ typedef enum { > } MMUFaultType; > > static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, > - int access_type, int is_user, > + int access_type, ARMMMUIdx mmu_idx, > hwaddr *phys_ptr, int *prot, > target_ulong *page_size_ptr) > { > @@ -4887,9 +4974,17 @@ static int get_phys_addr_lpae(CPUARMState *env, > target_ulong address, > int32_t granule_sz = 9; > int32_t va_size = 32; > int32_t tbi = 0; > - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; > - > - if (arm_el_is_aa64(env, 1)) { > + bool is_user; > + TCR *tcr = regime_tcr(env, mmu_idx); > + > + /* TODO: > + * This code assumes we're either a 64-bit EL1 or a 32-bit PL1; > + * it doesn't handle the different format TCR for TCR_EL2, TCR_EL3, > + * and VTCR_EL2, or the fact that those regimes don't have a split > + * TTBR0/TTBR1. Attribute and permission bit handling should also > + * be checked when adding support for those page table walks. > + */ > + if (arm_el_is_aa64(env, regime_el(env, mmu_idx))) { > va_size = 64; > if (extract64(address, 55, 1)) > tbi = extract64(tcr->raw_tcr, 38, 1); > @@ -4904,12 +4999,12 @@ static int get_phys_addr_lpae(CPUARMState *env, > target_ulong address, > * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32: > */ > uint32_t t0sz = extract32(tcr->raw_tcr, 0, 6); > - if (arm_el_is_aa64(env, 1)) { > + if (va_size == 64) { > t0sz = MIN(t0sz, 39); > t0sz = MAX(t0sz, 16); > } > uint32_t t1sz = extract32(tcr->raw_tcr, 16, 6); > - if (arm_el_is_aa64(env, 1)) { > + if (va_size == 64) { > t1sz = MIN(t1sz, 39); > t1sz = MAX(t1sz, 16); > } > @@ -4964,6 +5059,10 @@ static int get_phys_addr_lpae(CPUARMState *env, > target_ulong address, > } > } > > + /* Here we should have set up all the parameters for the translation: > + * va_size, ttbr, epd, tsz, granule_sz, tbi > + */ > + > if (epd) { > /* Translation table walk disabled => Translation fault on TLB > miss */ > goto do_fault; > @@ -5049,6 +5148,7 @@ static int get_phys_addr_lpae(CPUARMState *env, > target_ulong address, > goto do_fault; > } > fault_type = permission_fault; > + is_user = regime_is_user(env, mmu_idx); > if (is_user && !(attrs & (1 << 4))) { > /* Unprivileged access not enabled */ > goto do_fault; > @@ -5083,12 +5183,13 @@ do_fault: > } > > static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, > - int access_type, int is_user, > + int access_type, ARMMMUIdx mmu_idx, > hwaddr *phys_ptr, int *prot) > { > int n; > uint32_t mask; > uint32_t base; > + bool is_user = regime_is_user(env, mmu_idx); > > *phys_ptr = address; > for (n = 7; n >= 0; n--) { > @@ -5171,39 +5272,50 @@ static inline int get_phys_addr(CPUARMState *env, > target_ulong address, > hwaddr *phys_ptr, int *prot, > target_ulong *page_size) > { > - /* This is not entirely correct as get_phys_addr() can also be called > - * from ats_write() for an address translation of a specific regime. > - */ > - uint32_t sctlr = A32_BANKED_CURRENT_REG_GET(env, sctlr); > - > - /* This will go away when we handle mmu_idx properly here */ > - int is_user = (mmu_idx == ARMMMUIdx_S12NSE0 || > - mmu_idx == ARMMMUIdx_S1SE0 || > - mmu_idx == ARMMMUIdx_S1NSE0); > + if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) { > + /* TODO: when we support EL2 we should here call ourselves > recursively > + * to do the stage 1 and then stage 2 translations. The ldl_phys > + * calls for stage 1 will also need changing. > + * For non-EL2 CPUs a stage1+stage2 translation is just stage 1. > + */ > + assert(!arm_feature(env, ARM_FEATURE_EL2)); > + mmu_idx += ARMMMUIdx_S1NSE0; > + } > > - /* Fast Context Switch Extension. */ > - if (address < 0x02000000) { > - address += A32_BANKED_CURRENT_REG_GET(env, fcseidr); > + /* Fast Context Switch Extension. This doesn't exist at all in v8. > + * In v7 and earlier it affects all stage 1 translations. > + */ > + if (address < 0x02000000 && mmu_idx != ARMMMUIdx_S2NS > + && !arm_feature(env, ARM_FEATURE_V8)) { > + if (regime_el(env, mmu_idx) == 3) { > + address += env->cp15.fcseidr_s; > + } else { > + address += env->cp15.fcseidr_ns; > + } > } > > - if ((sctlr & SCTLR_M) == 0) { > + if (regime_translation_disabled(env, mmu_idx)) { > /* MMU/MPU disabled. */ > *phys_ptr = address; > *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > *page_size = TARGET_PAGE_SIZE; > return 0; > - } else if (arm_feature(env, ARM_FEATURE_MPU)) { > + } > + > + if (arm_feature(env, ARM_FEATURE_MPU)) { > *page_size = TARGET_PAGE_SIZE; > - return get_phys_addr_mpu(env, address, access_type, is_user, > phys_ptr, > - prot); > - } else if (extended_addresses_enabled(env)) { > - return get_phys_addr_lpae(env, address, access_type, is_user, > phys_ptr, > + return get_phys_addr_mpu(env, address, access_type, mmu_idx, > phys_ptr, > + prot); > + } > + > + if (regime_using_lpae_format(env, mmu_idx)) { > + return get_phys_addr_lpae(env, address, access_type, mmu_idx, > phys_ptr, > prot, page_size); > - } else if (sctlr & SCTLR_XP) { > - return get_phys_addr_v6(env, address, access_type, is_user, > phys_ptr, > + } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) { > + return get_phys_addr_v6(env, address, access_type, mmu_idx, > phys_ptr, > prot, page_size); > } else { > - return get_phys_addr_v5(env, address, access_type, is_user, > phys_ptr, > + return get_phys_addr_v5(env, address, access_type, mmu_idx, > phys_ptr, > prot, page_size); > } > } > -- > 1.9.1 > > Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
diff --git a/target-arm/helper.c b/target-arm/helper.c index 589a074..042ee7a 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -4556,13 +4556,91 @@ void arm_cpu_do_interrupt(CPUState *cs) cs->interrupt_request |= CPU_INTERRUPT_EXITTB; } + +/* Return the exception level which controls this address translation regime */ +static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) +{ + switch (mmu_idx) { + case ARMMMUIdx_S2NS: + case ARMMMUIdx_S1E2: + return 2; + case ARMMMUIdx_S1E3: + return 3; + case ARMMMUIdx_S1SE0: + return arm_el_is_aa64(env, 3) ? 1 : 3; + case ARMMMUIdx_S1SE1: + case ARMMMUIdx_S1NSE0: + case ARMMMUIdx_S1NSE1: + return 1; + default: + g_assert_not_reached(); + } +} + +/* Return the SCTLR value which controls this address translation regime */ +static inline uint32_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx) +{ + return env->cp15.sctlr_el[regime_el(env, mmu_idx)]; +} + +/* Return true if the specified stage of address translation is disabled */ +static inline bool regime_translation_disabled(CPUARMState *env, + ARMMMUIdx mmu_idx) +{ + if (mmu_idx == ARMMMUIdx_S2NS) { + return (env->cp15.hcr_el2 & HCR_VM) == 0; + } + return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0; +} + +/* Return the TCR controlling this translation regime */ +static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx) +{ + if (mmu_idx == ARMMMUIdx_S2NS) { + /* TODO: return VTCR_EL2 */ + g_assert_not_reached(); + } + return &env->cp15.tcr_el[regime_el(env, mmu_idx)]; +} + +/* Return true if the translation regime is using LPAE format page tables */ +static inline bool regime_using_lpae_format(CPUARMState *env, + ARMMMUIdx mmu_idx) +{ + int el = regime_el(env, mmu_idx); + if (el == 2 || arm_el_is_aa64(env, el)) { + return true; + } + if (arm_feature(env, ARM_FEATURE_LPAE) + && (regime_tcr(env, mmu_idx)->raw_tcr & TTBCR_EAE)) { + return true; + } + return false; +} + +static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx) +{ + switch (mmu_idx) { + case ARMMMUIdx_S1SE0: + case ARMMMUIdx_S1NSE0: + return true; + default: + return false; + case ARMMMUIdx_S12NSE0: + case ARMMMUIdx_S12NSE1: + g_assert_not_reached(); + } +} + /* Check section/page access permissions. Returns the page protection flags, or zero if the access is not permitted. */ -static inline int check_ap(CPUARMState *env, int ap, int domain_prot, - int access_type, int is_user) +static inline int check_ap(CPUARMState *env, ARMMMUIdx mmu_idx, + int ap, int domain_prot, + int access_type) { int prot_ro; + bool is_user = regime_is_user(env, mmu_idx); if (domain_prot == 3) { return PAGE_READ | PAGE_WRITE; @@ -4580,7 +4658,7 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot, } if (access_type == 1) return 0; - switch (A32_BANKED_CURRENT_REG_GET(env, sctlr) & (SCTLR_S | SCTLR_R)) { + switch (regime_sctlr(env, mmu_idx) & (SCTLR_S | SCTLR_R)) { case SCTLR_S: return is_user ? 0 : PAGE_READ; case SCTLR_R: @@ -4612,35 +4690,32 @@ static inline int check_ap(CPUARMState *env, int ap, int domain_prot, } } -static bool get_level1_table_address(CPUARMState *env, uint32_t *table, - uint32_t address) +static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx, + uint32_t *table, uint32_t address) { - /* Get the TCR bank based on our security state */ - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; + /* Note that we can only get here for an AArch32 PL0/PL1 lookup */ + int el = regime_el(env, mmu_idx); + TCR *tcr = regime_tcr(env, mmu_idx); - /* We only get here if EL1 is running in AArch32. If EL3 is running in - * AArch32 there is a secure and non-secure instance of the translation - * table registers. - */ if (address & tcr->mask) { if (tcr->raw_tcr & TTBCR_PD1) { /* Translation table walk disabled for TTBR1 */ return false; } - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr1) & 0xffffc000; + *table = env->cp15.ttbr1_el[el] & 0xffffc000; } else { if (tcr->raw_tcr & TTBCR_PD0) { /* Translation table walk disabled for TTBR0 */ return false; } - *table = A32_BANKED_CURRENT_REG_GET(env, ttbr0) & tcr->base_mask; + *table = env->cp15.ttbr0_el[el] & tcr->base_mask; } *table |= (address >> 18) & 0x3ffc; return true; } static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, - int is_user, hwaddr *phys_ptr, + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, int *prot, target_ulong *page_size) { CPUState *cs = CPU(arm_env_get_cpu(env)); @@ -4652,10 +4727,11 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, int domain = 0; int domain_prot; hwaddr phys_addr; + uint32_t dacr; /* Pagetable walk. */ /* Lookup l1 descriptor. */ - if (!get_level1_table_address(env, &table, address)) { + if (!get_level1_table_address(env, mmu_idx, &table, address)) { /* Section translation fault if page walk is disabled by PD0 or PD1 */ code = 5; goto do_fault; @@ -4663,7 +4739,12 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, desc = ldl_phys(cs->as, table); type = (desc & 3); domain = (desc >> 5) & 0x0f; - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) & 3; + if (regime_el(env, mmu_idx) == 1) { + dacr = env->cp15.dacr_ns; + } else { + dacr = env->cp15.dacr_s; + } + domain_prot = (dacr >> (domain * 2)) & 3; if (type == 0) { /* Section translation fault. */ code = 5; @@ -4727,7 +4808,7 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type, } code = 15; } - *prot = check_ap(env, ap, domain_prot, access_type, is_user); + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); if (!*prot) { /* Access permission fault. */ goto do_fault; @@ -4740,7 +4821,7 @@ do_fault: } static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, - int is_user, hwaddr *phys_ptr, + ARMMMUIdx mmu_idx, hwaddr *phys_ptr, int *prot, target_ulong *page_size) { CPUState *cs = CPU(arm_env_get_cpu(env)); @@ -4754,10 +4835,11 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, int domain = 0; int domain_prot; hwaddr phys_addr; + uint32_t dacr; /* Pagetable walk. */ /* Lookup l1 descriptor. */ - if (!get_level1_table_address(env, &table, address)) { + if (!get_level1_table_address(env, mmu_idx, &table, address)) { /* Section translation fault if page walk is disabled by PD0 or PD1 */ code = 5; goto do_fault; @@ -4775,7 +4857,12 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, /* Page or Section. */ domain = (desc >> 5) & 0x0f; } - domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) >> (domain * 2)) & 3; + if (regime_el(env, mmu_idx) == 1) { + dacr = env->cp15.dacr_ns; + } else { + dacr = env->cp15.dacr_s; + } + domain_prot = (dacr >> (domain * 2)) & 3; if (domain_prot == 0 || domain_prot == 2) { if (type != 1) { code = 9; /* Section domain fault. */ @@ -4829,20 +4916,20 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type, if (domain_prot == 3) { *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; } else { - if (pxn && !is_user) { + if (pxn && !regime_is_user(env, mmu_idx)) { xn = 1; } if (xn && access_type == 2) goto do_fault; /* The simplified model uses AP[0] as an access control bit. */ - if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) & SCTLR_AFE) + if ((regime_sctlr(env, mmu_idx) & SCTLR_AFE) && (ap & 1) == 0) { /* Access flag fault. */ code = (code == 15) ? 6 : 3; goto do_fault; } - *prot = check_ap(env, ap, domain_prot, access_type, is_user); + *prot = check_ap(env, mmu_idx, ap, domain_prot, access_type); if (!*prot) { /* Access permission fault. */ goto do_fault; @@ -4867,7 +4954,7 @@ typedef enum { } MMUFaultType; static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, - int access_type, int is_user, + int access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, int *prot, target_ulong *page_size_ptr) { @@ -4887,9 +4974,17 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, int32_t granule_sz = 9; int32_t va_size = 32; int32_t tbi = 0; - TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1]; - - if (arm_el_is_aa64(env, 1)) { + bool is_user; + TCR *tcr = regime_tcr(env, mmu_idx); + + /* TODO: + * This code assumes we're either a 64-bit EL1 or a 32-bit PL1; + * it doesn't handle the different format TCR for TCR_EL2, TCR_EL3, + * and VTCR_EL2, or the fact that those regimes don't have a split + * TTBR0/TTBR1. Attribute and permission bit handling should also + * be checked when adding support for those page table walks. + */ + if (arm_el_is_aa64(env, regime_el(env, mmu_idx))) { va_size = 64; if (extract64(address, 55, 1)) tbi = extract64(tcr->raw_tcr, 38, 1); @@ -4904,12 +4999,12 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32: */ uint32_t t0sz = extract32(tcr->raw_tcr, 0, 6); - if (arm_el_is_aa64(env, 1)) { + if (va_size == 64) { t0sz = MIN(t0sz, 39); t0sz = MAX(t0sz, 16); } uint32_t t1sz = extract32(tcr->raw_tcr, 16, 6); - if (arm_el_is_aa64(env, 1)) { + if (va_size == 64) { t1sz = MIN(t1sz, 39); t1sz = MAX(t1sz, 16); } @@ -4964,6 +5059,10 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, } } + /* Here we should have set up all the parameters for the translation: + * va_size, ttbr, epd, tsz, granule_sz, tbi + */ + if (epd) { /* Translation table walk disabled => Translation fault on TLB miss */ goto do_fault; @@ -5049,6 +5148,7 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, goto do_fault; } fault_type = permission_fault; + is_user = regime_is_user(env, mmu_idx); if (is_user && !(attrs & (1 << 4))) { /* Unprivileged access not enabled */ goto do_fault; @@ -5083,12 +5183,13 @@ do_fault: } static int get_phys_addr_mpu(CPUARMState *env, uint32_t address, - int access_type, int is_user, + int access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, int *prot) { int n; uint32_t mask; uint32_t base; + bool is_user = regime_is_user(env, mmu_idx); *phys_ptr = address; for (n = 7; n >= 0; n--) { @@ -5171,39 +5272,50 @@ static inline int get_phys_addr(CPUARMState *env, target_ulong address, hwaddr *phys_ptr, int *prot, target_ulong *page_size) { - /* This is not entirely correct as get_phys_addr() can also be called - * from ats_write() for an address translation of a specific regime. - */ - uint32_t sctlr = A32_BANKED_CURRENT_REG_GET(env, sctlr); - - /* This will go away when we handle mmu_idx properly here */ - int is_user = (mmu_idx == ARMMMUIdx_S12NSE0 || - mmu_idx == ARMMMUIdx_S1SE0 || - mmu_idx == ARMMMUIdx_S1NSE0); + if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) { + /* TODO: when we support EL2 we should here call ourselves recursively + * to do the stage 1 and then stage 2 translations. The ldl_phys + * calls for stage 1 will also need changing. + * For non-EL2 CPUs a stage1+stage2 translation is just stage 1. + */ + assert(!arm_feature(env, ARM_FEATURE_EL2)); + mmu_idx += ARMMMUIdx_S1NSE0; + } - /* Fast Context Switch Extension. */ - if (address < 0x02000000) { - address += A32_BANKED_CURRENT_REG_GET(env, fcseidr); + /* Fast Context Switch Extension. This doesn't exist at all in v8. + * In v7 and earlier it affects all stage 1 translations. + */ + if (address < 0x02000000 && mmu_idx != ARMMMUIdx_S2NS + && !arm_feature(env, ARM_FEATURE_V8)) { + if (regime_el(env, mmu_idx) == 3) { + address += env->cp15.fcseidr_s; + } else { + address += env->cp15.fcseidr_ns; + } } - if ((sctlr & SCTLR_M) == 0) { + if (regime_translation_disabled(env, mmu_idx)) { /* MMU/MPU disabled. */ *phys_ptr = address; *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; *page_size = TARGET_PAGE_SIZE; return 0; - } else if (arm_feature(env, ARM_FEATURE_MPU)) { + } + + if (arm_feature(env, ARM_FEATURE_MPU)) { *page_size = TARGET_PAGE_SIZE; - return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr, - prot); - } else if (extended_addresses_enabled(env)) { - return get_phys_addr_lpae(env, address, access_type, is_user, phys_ptr, + return get_phys_addr_mpu(env, address, access_type, mmu_idx, phys_ptr, + prot); + } + + if (regime_using_lpae_format(env, mmu_idx)) { + return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr, prot, page_size); - } else if (sctlr & SCTLR_XP) { - return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr, + } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) { + return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr, prot, page_size); } else { - return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr, + return get_phys_addr_v5(env, address, access_type, mmu_idx, phys_ptr, prot, page_size); } }
Now we have the mmu_idx in get_phys_addr(), use it correctly to determine the behaviour of virtual to physical address translations, rather than using just an is_user flag and the current CPU state. Some TODO comments have been added to indicate where changes will need to be made to add EL2 and 64-bit EL3 support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target-arm/helper.c | 214 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 163 insertions(+), 51 deletions(-)