From patchwork Mon Jun 17 17:53:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117234 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="L0Tta1dd"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJmx2CNCz9sDX for ; Tue, 18 Jun 2019 03:56:33 +1000 (AEST) Received: from localhost ([::1]:50666 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvrr-0003ND-7Q for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:56:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50691) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fL-Sv for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000c6-Ab for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:52596) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvos-0000aU-2Q for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wm1-x342.google.com with SMTP id s3so334765wms.2 for ; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=LNjb5yrrFswq3SqrrRYoa3Pq5hhZDJpEtuJq5Ac2UUo=; b=L0Tta1ddmSY+YQEB2MqxK8JDGmEjkUT+lARjCwnec/e7kSpPb8JhVY9XrFna+9ianz 9h5BRAhjTZTp6FJasiQZrZODumkKIAAivhk8JgKzUEU33Pq3SuDjYPj3MpsI70n2RZV7 tuUr4B5dJ/O2KqvAfWBD2K/P29Mn+mrLXz9sHWQfOzaRPkpVZD1I1miyaWRFaJC3o2Fq kebY3F/ZSZ3utPOEKiBMOaJlO4yTNB+Zwbeyd8/AsX3CPAZhqruXnZsY+0Np5Bf9WvlJ ABj9524FDxLe1tujOqKKnoBo2vL+GO1lqb03m05FbMTNq42OYyiBAeRzbN9LiDp+okn9 KfJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LNjb5yrrFswq3SqrrRYoa3Pq5hhZDJpEtuJq5Ac2UUo=; b=soOyx+JROkiLO6RdXa9D8tSCIuv09EdalesoqQ4huVjDz79NynBtSb1zwiK7C0cI2n mC4j7QR/upNdE29/26SDcaptCGxtoD/+pHtb9sn0r1lrKGNIDKt69NKbLnrQ/hT2n+z7 1uYJF+cS/BGD/7pfyknseB+kcbKVFEUuGlkTAT6rcq1tIpzfuAZ8a/+M4R0B7f/S6C6J ZJl8yeFmt5QarkRoVGZPYK3/cqccTBakl/1ZA3n41WtDj+3fIbhzD00G3KQ2UKheiTTV q0he+nraqxZW+tNDCnNV5Oo4faJ7XUIdy5zjmZ3te7b6H70ZP091RrvLMH9BD3a4Cwqx xdqg== X-Gm-Message-State: APjAAAVfcXSJkp3VE0PDUVek9TqsVlWc1cFvO0e4LbEMZY+DsXj6ZWsD Wqyc7PaEtnIDAJ6L68SVcqCgNw== X-Google-Smtp-Source: APXvYqxVh+nNJymVMzwFh/XQlm1nY2yzrn3jjAjlxqEbxrh7DYegQhlLCvcKBojw3sma7qtgI0yIEA== X-Received: by 2002:a05:600c:2189:: with SMTP id e9mr18733039wme.56.1560794001023; Mon, 17 Jun 2019 10:53:21 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:20 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:12 +0100 Message-Id: <20190617175317.27557-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::342 Subject: [Qemu-devel] [PATCH 1/6] target/arm: NS BusFault on vector table fetch escalates to NS HardFault X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" In the M-profile architecture, when we do a vector table fetch and it fails, we need to report a HardFault. Whether this is a Secure HF or a NonSecure HF depends on several things. If AIRCR.BFHFNMINS is 0 then HF is always Secure, because there is no NonSecure HardFault. Otherwise, the answer depends on whether the 'underlying exception' (MemManage, BusFault, SecureFault) targets Secure or NonSecure. (In the pseudocode, this is handled in the Vector() function: the final exc.isSecure is calculated by looking at the exc.isSecure from the exception returned from the memory access, not the isSecure input argument.) We weren't doing this correctly, because we were looking at the target security domain of the exception we were trying to load the vector table entry for. This produces errors of two kinds: * a load from the NS vector table which hits the "NS access to S memory" SecureFault should end up as a Secure HardFault, but we were raising an NS HardFault * a load from the S vector table which causes a BusFault should raise an NS HardFault if BFHFNMINS == 1 (because in that case all BusFaults are NonSecure), but we were raising a Secure HardFault Correct the logic. We also fix a comment error where we claimed that we might be escalating MemManage to HardFault, and forgot about SecureFault. (Vector loads can never hit MPU access faults, because they're always aligned and always use the default address map.) Signed-off-by: Peter Maydell --- target/arm/helper.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index df4276f5f6c..375249d3c72 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8225,7 +8225,11 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure, if (sattrs.ns) { attrs.secure = false; } else if (!targets_secure) { - /* NS access to S memory */ + /* + * NS access to S memory: the underlying exception which we escalate + * to HardFault is SecureFault, which always targets Secure. + */ + exc_secure = true; goto load_fail; } } @@ -8233,21 +8237,31 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure, vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr, attrs, &result); if (result != MEMTX_OK) { + /* + * Underlying exception is BusFault: its target security state + * depends on BFHFNMINS. + */ + exc_secure = !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK); goto load_fail; } *pvec = vector_entry; return true; load_fail: - /* All vector table fetch fails are reported as HardFault, with + /* + * All vector table fetch fails are reported as HardFault, with * HFSR.VECTTBL and .FORCED set. (FORCED is set because - * technically the underlying exception is a MemManage or BusFault + * technically the underlying exception is a SecureFault or BusFault * that is escalated to HardFault.) This is a terminal exception, * so we will either take the HardFault immediately or else enter * lockup (the latter case is handled in armv7m_nvic_set_pending_derived()). + * The HardFault is Secure if BFHFNMINS is 0 (meaning that all HFs are + * secure); otherwise it targets the same security state as the + * underlying exception. */ - exc_secure = targets_secure || - !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK); + if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + exc_secure = false; + } env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK; armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure); return false; From patchwork Mon Jun 17 17:53:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117231 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qBnMrqiD"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJkl6B8vz9sND for ; Tue, 18 Jun 2019 03:54:39 +1000 (AEST) Received: from localhost ([::1]:50640 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvq1-00086w-Tn for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:54:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50692) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fM-T0 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000bl-3T for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]:40716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvoq-0000Zy-E3 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wr1-x444.google.com with SMTP id p11so10953438wre.7 for ; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ZqxuBGrvpyV7bVVdQeK9vpv5xyuxJzmNpj8ibO3gKBw=; b=qBnMrqiDAX2devzhltrL3k5LNwxLL0pYFEAXPUwAhF+DEGVY0ImlTww8y8aHtNGju6 ffUdO85sB3X1bAvFocgGqqG7aHmxzLOmAU0hHzIAdhEJZ4hHseTTUW3Cd+1JfcK6AZuW FzniwmN9yUl2wE30w4XYIC9C44X0m8DeS4qawfB4u5ffFYXUTvfinP8QZLVoWbXNnX0V qJ/810BkgXp8Ttscsx5OkDZHVvKTN0JTRKJJ1DFtHP9fMRqfzx3vNGudVMnwcfqKGv9A svjn5Hqmk+LrJYmciUNKs/TQ02TBaHmj2TcCOoP95IgPGoXjH2gaaVsoEhdkXB6xXfyO ++Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZqxuBGrvpyV7bVVdQeK9vpv5xyuxJzmNpj8ibO3gKBw=; b=omuTGOJ1P9/0mldiY6oQ9PBVjy7DDycqpsQwD+yvxt6CuXXGq493g0enxeqlkxcdqb U5tAJdUTqybhMxnxXm7reEBg7TompaLBaCIfDobPpG/E9X3l+aKYLP9GD7bT9hlH0EXU 0+M7Vpgkbo25Apzcc2cNJjsr0pG32A+L1556riNGM0UWWlKKlUjYDXVSe+s/CNFDrAyJ ZIydeBPgrUpen1qLcj9QjLOP1Oa0K8fSk9Yn94UPwh3iz8okjuFutHoVywd3RkqUgv+a oVNwNEAPLjmCHnzwenWJs2AZq2LTOuKQRj1qZEZQhIREMN2SsfuV+MZ4Si+pA+HE3tBh 2K7Q== X-Gm-Message-State: APjAAAVcn+0OsJNbjf0fXifTRpMkqK4gEtgh8qdFn5ISxAWQtxUjci/K TXGejZVTRk56VmDVmIX0hGUttQ== X-Google-Smtp-Source: APXvYqxxS4QCSTWgZqAdD7qocatdg0ImvIfuRpBAHWAZaidoPNL4OV75AT2y5QLsDhedXiP9T6olXA== X-Received: by 2002:adf:afe8:: with SMTP id y40mr22388286wrd.328.1560794002222; Mon, 17 Jun 2019 10:53:22 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:21 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:13 +0100 Message-Id: <20190617175317.27557-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::444 Subject: [Qemu-devel] [PATCH 2/6] arm v8M: Forcibly clear negative-priority exceptions on deactivate X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" To prevent execution priority remaining negative if the guest returns from an NMI or HardFault with a corrupted IPSR, the v8M interrupt deactivation process forces the HardFault and NMI to inactive based on the current raw execution priority, even if the interrupt the guest is trying to deactivate is something else. In the pseudocode this is done in the Deactivate() function. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- hw/intc/armv7m_nvic.c | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index b8ede30b3cb..330eb728dd5 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -812,15 +812,45 @@ void armv7m_nvic_get_pending_irq_info(void *opaque, int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) { NVICState *s = (NVICState *)opaque; - VecInfo *vec; + VecInfo *vec = NULL; int ret; assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); - if (secure && exc_is_banked(irq)) { - vec = &s->sec_vectors[irq]; - } else { - vec = &s->vectors[irq]; + /* + * For negative priorities, v8M will forcibly deactivate the appropriate + * NMI or HardFault regardless of what interrupt we're being asked to + * deactivate (compare the DeActivate() pseudocode). This is a guard + * against software returning from NMI or HardFault with a corrupted + * IPSR and leaving the CPU in a negative-priority state. + * v7M does not do this, but simply deactivates the requested interrupt. + */ + if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) { + switch (armv7m_nvic_raw_execution_priority(s)) { + case -1: + if (s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { + vec = &s->vectors[ARMV7M_EXCP_HARD]; + } else { + vec = &s->sec_vectors[ARMV7M_EXCP_HARD]; + } + break; + case -2: + vec = &s->vectors[ARMV7M_EXCP_NMI]; + break; + case -3: + vec = &s->sec_vectors[ARMV7M_EXCP_HARD]; + break; + default: + break; + } + } + + if (!vec) { + if (secure && exc_is_banked(irq)) { + vec = &s->sec_vectors[irq]; + } else { + vec = &s->vectors[irq]; + } } trace_nvic_complete_irq(irq, secure); From patchwork Mon Jun 17 17:53:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117229 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="nRp4TDwe"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJkJ6fs7z9sND for ; Tue, 18 Jun 2019 03:54:16 +1000 (AEST) Received: from localhost ([::1]:50634 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvpe-0007ht-UR for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:54:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50690) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fK-Sw for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000bz-AG for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341]:56117) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvos-0000ag-1I for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wm1-x341.google.com with SMTP id a15so316309wmj.5 for ; Mon, 17 Jun 2019 10:53:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=tkA5eV6B+7bWXMQLTUuNg6Ny6QzZoudF4r4qdXt2dKw=; b=nRp4TDwedZ2bj3uvzCgOxbHGnnIMrSlYGOSYYiyHPYh1po1TWvybV6Pwlhl7Fq2Vby 37y1NjDzBOxUP72RK+H8m6+/ciJ3epPK9nK1chEsySdwlhzBZgO6JqJUqhKSBsdnu90f lNXgKc0U/B/pBM8ZBS1VrHhce79nNl92Oi6InE1A9HvZDHhECJMYF9trq6ZPpSUL8Yn5 KfH0mLxTTPLq22qX2DyQIRaA75ecrOOaKbYcQpfrMcsMBSbP/ReX40n+M0P4YINsNQ3y WsVmdC/B/c3RacMMyl+i1hjcES2ifsNFXqa1zjTbt4wG6jKCLO21neU0DvVSAuzO2XHo gOgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tkA5eV6B+7bWXMQLTUuNg6Ny6QzZoudF4r4qdXt2dKw=; b=NJrC+Zpr6iDKOQ2WpGdm1J0pN8VT9vTELYBZnrgh1cUc8SQ9wi5r/LC7kFy5CY4RH0 WMVDLTB7mmd3+ak+Nx9TGGRHbIn3gr+N/v9JVb4UYPIHEPpVuEw80qEBAkG3AvP9nZ7I IX7Ivr2BvKGFth2LAqof4JdVsBvm1Gw54mE2bJoQCWtO/DnDXzg2dMj1I6P88rAiW0yb 5TiBksHXR/C9voOx+OC6F/o8Lz3hLY5hj6p0veLperoy3jSFRlnAMuXl9Ox1pZTGMfrG L03pyDaOTPDcLb9BjuPtMocwW1viVp4rXFwsOLLbV/ArBgCKmgBNc2Rj8Bzq7KxJVTb9 Impg== X-Gm-Message-State: APjAAAX0m8/0+xo5uJDVkUbX8DjgfSCQNT7Pg0qyUINqMLuIfk/PSZ/U sdPJNp45Ym8djQgrHOJqutFSpX5SF7bq3g== X-Google-Smtp-Source: APXvYqx9OEZbQtxsL8JhzH1yuefk1SoZsB4UJixrCj4o8Fj+emBi9j7Ma5CGZzcuII0l30m3uiEeXQ== X-Received: by 2002:a05:600c:c6:: with SMTP id u6mr20220508wmm.153.1560794003623; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:22 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:14 +0100 Message-Id: <20190617175317.27557-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::341 Subject: [Qemu-devel] [PATCH 3/6] target/arm: v8M: Check state of exception being returned from X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" In v8M, an attempt to return from an exception which is not active is an illegal exception return. For this purpose, exceptions which can configurably target either Secure or NonSecure are not considered to be active if they are configured for the opposite security state for the one we're trying to return from (eg attempt to return from an NS NMI but NMI targets Secure). In the pseudocode this is handled by IsActiveForState(). Detect this case rather than counting an active exception possibly of the wrong security state as being sufficient. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- hw/intc/armv7m_nvic.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 330eb728dd5..9f8f0d3ff55 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -860,7 +860,19 @@ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) return -1; } - ret = nvic_rettobase(s); + /* + * If this is a configurable exception and it is currently + * targeting the opposite security state from the one we're trying + * to complete it for, this counts as an illegal exception return. + * We still need to deactivate whatever vector the logic above has + * selected, though, as it might not be the same as the one for the + * requested exception number. + */ + if (!exc_is_banked(irq) && exc_targets_secure(s, irq) != secure) { + ret = -1; + } else { + ret = nvic_rettobase(s); + } vec->active = 0; if (vec->level) { From patchwork Mon Jun 17 17:53:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117233 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="xUCOyFhe"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJmv3Hd4z9sDX for ; Tue, 18 Jun 2019 03:56:31 +1000 (AEST) Received: from localhost ([::1]:50662 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvrp-0003Gp-Ga for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:56:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50787) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp1-0007iS-Om for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvp0-0000gH-1R for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:36703) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvox-0000ee-Sj for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: by mail-wm1-x342.google.com with SMTP id u8so328870wmm.1 for ; Mon, 17 Jun 2019 10:53:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zKgJAfwPo8FOYTHjapPuTGTNS3c99ejdEGatbxYgWDQ=; b=xUCOyFhemrpJA+/iI2WRVZ2yl1on1d11KGVAusGcu+jFM1tubF2R0lZnSu9OYt39ML ywYiqPlVQDh5aG6EeZPUVakYpUpsck5ZePwRTDzuG1mHZMTF01owgQ8/OucjwlUOPVWv 4wbddUAlu4RkwoLOuZMjSNAj6NE030fyMgomAT727nXYbdcphl6GLxeh+0vtCDkFRyzG JHJ+qhbdCYVjbISs6diRyfDOWAy1popaLjovZTclhZe8HERkTx757tNdnfrRUA4f3rjs qAO6+ViHOr7An63iXBEFIk/WSIIaR6VTNB22LoV8e741wCIYv/KpMnABVfhGkmgI3pUN saTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zKgJAfwPo8FOYTHjapPuTGTNS3c99ejdEGatbxYgWDQ=; b=O4rxnNiMkLGoYjSRma3npMz527qfN3yey6bFN6plxEyP63s1YZB5kCXcSVh3lyyqW+ Dm2QRNxhdeiUncC0ngBwDte4rgqlyXW3AJx90VWwh9Jw6JCZlTBK8lhGdOjqjG7P/ZrL 7aiRkCWzUhHzgE8oxcz5wA49q+O4Wfcp2NqZfCCU3NfhPxSIm0jVP8G/gucbIkYm6zWV j5vgL94ZYCqRTErxaPfRCpqc0VXN90iQVri/1WUCqW5jOaRDrqj8P9CcjY5MdOw4csaT voHHLE+xxwdMqUr/zEEWjMqm5l6/GWlWLgfPYoogZmOU+IUlIHFnR+oNE9C/q7b2L7Fh lpPQ== X-Gm-Message-State: APjAAAVhAw4scL/nxigxt59Ehxg7dV9uY9dmQUYvPoiCMJoKrc8LGI70 cSr7uRhW4Fv1dX88Sd0DbpWTEg== X-Google-Smtp-Source: APXvYqzKz4CgcE0hxMFqOLCKeyn2LbkbtbZgqnmDrQReJgP1+kGxBVCGmIFQHxdvW7sDrshwdLIFUw== X-Received: by 2002:a1c:e0c4:: with SMTP id x187mr19004489wmg.177.1560794006206; Mon, 17 Jun 2019 10:53:26 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:24 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:15 +0100 Message-Id: <20190617175317.27557-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::342 Subject: [Qemu-devel] [PATCH 4/6] target/arm: Use _ra versions of cpu_stl_data() in v7M helpers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" In the various helper functions for v7M/v8M instructions, use the _ra versions of cpu_stl_data() and friends. Otherwise we may get wrong behaviour or an assert() due to not being able to locate the TB if there is an exception on the memory access or if it performs an IO operation when in icount mode. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- target/arm/helper.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 375249d3c72..866fe54780e 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8141,8 +8141,8 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest) } /* Note that these stores can throw exceptions on MPU faults */ - cpu_stl_data(env, sp, nextinst); - cpu_stl_data(env, sp + 4, saved_psr); + cpu_stl_data_ra(env, sp, nextinst, GETPC()); + cpu_stl_data_ra(env, sp + 4, saved_psr, GETPC()); env->regs[13] = sp; env->regs[14] = 0xfeffffff; @@ -8557,6 +8557,7 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) /* fptr is the value of Rn, the frame pointer we store the FP regs to */ bool s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK; bool lspact = env->v7m.fpccr[s] & R_V7M_FPCCR_LSPACT_MASK; + uintptr_t ra = GETPC(); assert(env->v7m.secure); @@ -8582,7 +8583,7 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) * Note that we do not use v7m_stack_write() here, because the * accesses should not set the FSR bits for stacking errors if they * fail. (In pseudocode terms, they are AccType_NORMAL, not AccType_STACK - * or AccType_LAZYFP). Faults in cpu_stl_data() will throw exceptions + * or AccType_LAZYFP). Faults in cpu_stl_data_ra() will throw exceptions * and longjmp out. */ if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) { @@ -8598,10 +8599,10 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) if (i >= 16) { faddr += 8; /* skip the slot for the FPSCR */ } - cpu_stl_data(env, faddr, slo); - cpu_stl_data(env, faddr + 4, shi); + cpu_stl_data_ra(env, faddr, slo, ra); + cpu_stl_data_ra(env, faddr + 4, shi, ra); } - cpu_stl_data(env, fptr + 0x40, vfp_get_fpscr(env)); + cpu_stl_data_ra(env, fptr + 0x40, vfp_get_fpscr(env), ra); /* * If TS is 0 then s0 to s15 and FPSCR are UNKNOWN; we choose to @@ -8622,6 +8623,8 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) { + uintptr_t ra = GETPC(); + /* fptr is the value of Rn, the frame pointer we load the FP regs from */ assert(env->v7m.secure); @@ -8655,13 +8658,13 @@ void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) faddr += 8; /* skip the slot for the FPSCR */ } - slo = cpu_ldl_data(env, faddr); - shi = cpu_ldl_data(env, faddr + 4); + slo = cpu_ldl_data_ra(env, faddr, ra); + shi = cpu_ldl_data_ra(env, faddr + 4, ra); dn = (uint64_t) shi << 32 | slo; *aa32_vfp_dreg(env, i / 2) = dn; } - fpscr = cpu_ldl_data(env, fptr + 0x40); + fpscr = cpu_ldl_data_ra(env, fptr + 0x40, ra); vfp_set_fpscr(env, fpscr); } From patchwork Mon Jun 17 17:53:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117232 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qQnFthMS"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJmc2Wjpz9sND for ; Tue, 18 Jun 2019 03:56:15 +1000 (AEST) Received: from localhost ([::1]:50656 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvrW-0002yx-7w for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:56:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50760) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp0-0007hq-Dm for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvox-0000f5-RE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:38937) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvov-0000do-W1 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:31 -0400 Received: by mail-wr1-x442.google.com with SMTP id x4so10944984wrt.6 for ; Mon, 17 Jun 2019 10:53:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=v8vwTZLuhwp+bmBixmmWp52i36uK/epxo9J3L5qAyYw=; b=qQnFthMSJo8bfP4HEGAgZBvsS1BmZaBI2he8FBMFZln/yYefl8iffG5CDe/FQCaaoz /VbmNkeZ7Q5CljJMhl+5A4Wl7KgcnpOPA6fmvxdbbHorj4vdDcrkVlPuQWCOMJfKRfQI 9CJMqwtN9y2sjTAyAf9/GH6LlNfn9pCifvGvQ15JSq2cOJj9ffzsI5T8EDAxvH905JS4 tQcsojAIxQqGO+8Elf74KN/udytwcM2zTY+cGuqCH2hg8M3VWQbGL4SRRjYI4dciXZPj wj3NAPb+aQGLs78EdDOgXQw41rS6CAwVXBo1yx1fAnI5Zb+XOeJlXXzeAV081w48sKSC tZAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v8vwTZLuhwp+bmBixmmWp52i36uK/epxo9J3L5qAyYw=; b=S+Abpxi7WLAh6fcvLfMRZRvGigo1mCyVG6XN2cCjRDfRM98kBKCxZkh5MPfpuSbxBD 1myq+COcCeD+qB933cZ32btikrvTpovI+yCvL717bBwSq7OgQgHH+/yTnJzhkly1i/Op 9RMlMuKX7p9F4YMyLUwPNIZ2njBYedP6AWc0Ehx3T9Ki9HmFoFv8eQ6WPrC5lCdzNKYi Fe4yeETM8heSKNfOrkwUX1dmSOkbMMtf6MZruKP+s3EOhIvt1hSSkQo2INzSi66zvtKZ i+pc7de6KrohoRwyk+6Gvp8rsCn0kKFIMpxP9PARcHHrMzllxRd9qQoSRKrpKfJkQ08I 2vPw== X-Gm-Message-State: APjAAAWii1pYQ0Pzonh1SnSvyw5McB7QqImCSbFvkUcaboooJxNGxmnH CrrelBoaCOfMvQKciI8h/WadIw== X-Google-Smtp-Source: APXvYqwqM6w1EFZ19R3JVc93kj/DKxukQ0NwhiM6EyRBOTehEAg9+aMsVIP9qi+b2TvlEKsDG8/HAQ== X-Received: by 2002:a5d:5302:: with SMTP id e2mr62712766wrv.347.1560794008245; Mon, 17 Jun 2019 10:53:28 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:27 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:16 +0100 Message-Id: <20190617175317.27557-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PATCH 5/6] hw/timer/armv7m_systick: Forbid non-privileged accesses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Like most of the v7M memory mapped system registers, the systick registers are accessible to privileged code only and user accesses must generate a BusFault. We implement that for registers in the NVIC proper already, but missed it for systick since we implement it as a separate device. Correct the omission. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé --- hw/timer/armv7m_systick.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/hw/timer/armv7m_systick.c b/hw/timer/armv7m_systick.c index a17317ce2fe..94640743b5d 100644 --- a/hw/timer/armv7m_systick.c +++ b/hw/timer/armv7m_systick.c @@ -75,11 +75,17 @@ static void systick_timer_tick(void *opaque) } } -static uint64_t systick_read(void *opaque, hwaddr addr, unsigned size) +static MemTxResult systick_read(void *opaque, hwaddr addr, uint64_t *data, + unsigned size, MemTxAttrs attrs) { SysTickState *s = opaque; uint32_t val; + if (attrs.user) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + switch (addr) { case 0x0: /* SysTick Control and Status. */ val = s->control; @@ -121,14 +127,21 @@ static uint64_t systick_read(void *opaque, hwaddr addr, unsigned size) } trace_systick_read(addr, val, size); - return val; + *data = val; + return MEMTX_OK; } -static void systick_write(void *opaque, hwaddr addr, - uint64_t value, unsigned size) +static MemTxResult systick_write(void *opaque, hwaddr addr, + uint64_t value, unsigned size, + MemTxAttrs attrs) { SysTickState *s = opaque; + if (attrs.user) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + trace_systick_write(addr, value, size); switch (addr) { @@ -172,11 +185,12 @@ static void systick_write(void *opaque, hwaddr addr, qemu_log_mask(LOG_GUEST_ERROR, "SysTick: Bad write offset 0x%" HWADDR_PRIx "\n", addr); } + return MEMTX_OK; } static const MemoryRegionOps systick_ops = { - .read = systick_read, - .write = systick_write, + .read_with_attrs = systick_read, + .write_with_attrs = systick_write, .endianness = DEVICE_NATIVE_ENDIAN, .valid.min_access_size = 4, .valid.max_access_size = 4, From patchwork Mon Jun 17 17:53:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 1117230 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="U6Zfhjte"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45SJkl279gz9sDX for ; Tue, 18 Jun 2019 03:54:39 +1000 (AEST) Received: from localhost ([::1]:50638 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvq1-00086A-BP for incoming@patchwork.ozlabs.org; Mon, 17 Jun 2019 13:54:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50785) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp1-0007iQ-OE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvp0-0000gL-1e for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:43845) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvox-0000eN-SE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: by mail-wr1-x442.google.com with SMTP id p13so10916016wru.10 for ; Mon, 17 Jun 2019 10:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=575i0kl12NVak4MXLXn7jsLioeAHAQ7GMt0OozyFMPE=; b=U6Zfhjte7H1zjJkqBenhLCw1tAgmTlKq/0q9BWk2JkWrXIUcYqp+vqPBu0w7GL9Q4O bEUqqAJN/f9/R+M3pjyh02+p0iUAkCilSBVAzSdKULqfFexI70Wplkuqpmty6iLFON3Y exJ0/+7QXwOqxptLkkPrTg9ZvAIUobfhkqWcH5PVpcHxEkXDMmlNqhcuWHP8CaGc7GPL b4b35DL4edaG3fv3hd3otwIAXnfTGQZ1n9gtk0nFoi8CVmQCbdjSjqoheZDym/ujS8hV knl7w4+LRmHbRo72HdVzpfgtsAD4jGeB5LUo46tKYfPdifLzOYR7/gBVu6ZoT8cUksFJ jTig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=575i0kl12NVak4MXLXn7jsLioeAHAQ7GMt0OozyFMPE=; b=MKbPW7c7LA217bFetVBhVxizsajVlEnZ0U0U5Na9wVAUoDWmmEPNkPc+AZh4YZPK1c VugBTLg8dmUN8Rvls4EOpx6l0rieH+S9+crFmR4UvClrMFFOhSYPloUzzUDzaxUWf7VG svfssgTvHuTtD9QVvc97mWF+D73UGOHa7OADv8WjloGCcx9BvhXs0F1ImyWhQfHarn4k u/w81TuNqcCY6+CohK9V0+jqGBFuvkefyWkKOitOjjaMzvqFyNT81QjT7N6rDoeG9VV0 FtTUDTtlxWZvs3ajE+WVnJmECjsA+zgxxfPOc0a783YdVRWjLFNMBA4m2p/rsOggWXU/ Cc/w== X-Gm-Message-State: APjAAAX88vS1LD/OACiKKOEwXB0ShhbhLu7VbzO5OQgPBQfl+RhMYlih hH0d9e/BV2ECIE5wK78ED3I0Pg== X-Google-Smtp-Source: APXvYqwCnzfbNl71vf1VjTNwpY2n3SFlq62hnzgtm++QyT5fIiqpC5CAXkNZiLm8eutY0+fQYKwY5w== X-Received: by 2002:a5d:51d1:: with SMTP id n17mr21127446wrv.52.1560794009196; Mon, 17 Jun 2019 10:53:29 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:28 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:17 +0100 Message-Id: <20190617175317.27557-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PATCH 6/6] target/arm: Execute Thumb instructions when their condbits are 0xf X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Thumb instructions in an IT block are set up to be conditionally executed depending on a set of condition bits encoded into the IT bits of the CPSR/XPSR. The architecture specifies that if the condition bits are 0b1111 this means "always execute" (like 0b1110), not "never execute"; we were treating it as "never execute". (See the ConditionHolds() pseudocode in both the A-profile and M-profile Arm ARM.) This is a bit of an obscure corner case, because the only legal way to get to an 0b1111 set of condbits is to do an exception return which sets the XPSR/CPSR up that way. An IT instruction which encodes a condition sequence that would include an 0b1111 is UNPREDICTABLE, and for v8A the CONSTRAINED UNPREDICTABLE choices for such an IT insn are to NOP, UNDEF, or treat 0b1111 like 0b1110. Add a comment noting that we take the latter option. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- target/arm/translate.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index 4750b9fa1bb..45ea0a11c7c 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -11595,7 +11595,14 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) gen_nop_hint(s, (insn >> 4) & 0xf); break; } - /* If Then. */ + /* + * IT (If-Then) + * + * Combinations of firstcond and mask which set up an 0b1111 + * condition are UNPREDICTABLE; we take the CONSTRAINED + * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110, + * i.e. both meaning "execute always". + */ s->condexec_cond = (insn >> 4) & 0xe; s->condexec_mask = insn & 0x1f; /* No actual code generated for this insn, just setup state. */ @@ -12129,7 +12136,11 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) { uint32_t cond = dc->condexec_cond; - if (cond != 0x0e) { /* Skip conditional when condition is AL. */ + /* + * Conditionally skip the insn. Note that both 0xe and 0xf mean + * "always"; 0xf is not "never". + */ + if (cond < 0x0e) { arm_skip_unless(dc, cond); } }