diff options
| author | Peter Maydell | 2017-09-04 18:21:24 +0200 |
|---|---|---|
| committer | Peter Maydell | 2017-09-04 18:21:24 +0200 |
| commit | 2b483739791b33c46e6084b51edcf62107058ae1 (patch) | |
| tree | fab8d4164ff9c0a73fdaad41ee06815d6163e504 /target/arm/op_helper.c | |
| parent | Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-09-01-v3' in... (diff) | |
| parent | arm_gicv3_kvm: Fix compile warning (diff) | |
| download | qemu-2b483739791b33c46e6084b51edcf62107058ae1.tar.gz qemu-2b483739791b33c46e6084b51edcf62107058ae1.tar.xz qemu-2b483739791b33c46e6084b51edcf62107058ae1.zip | |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170904-2' into staging
target-arm:
* collection of M profile cleanups and minor bugfixes
* loader: handle ELF files with overlapping zero-init data
* virt: allow PMU instantiation with userspace irqchip
* wdt_aspeed: Add support for the reset width register
* cpu: Define new cpu_transaction_failed() hook
* Mark some SoC devices as not user-creatable
* arm: Fix aa64 ldp register writeback
* arm_gicv3_kvm: Fix compile warning
# gpg: Signature made Mon 04 Sep 2017 17:20:40 BST
# gpg: using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20170904-2: (33 commits)
arm_gicv3_kvm: Fix compile warning
target/arm: Fix aa64 ldp register writeback
hw/arm/digic: Mark device with user_creatable = false
hw/arm/aspeed_soc: Mark devices as user_creatable = false
target/arm: Allow deliver_fault() caller to specify EA bit
target/arm: Factor out fault delivery code
cputlb: Support generating CPU exceptions on memory transaction failures
cpu: Define new cpu_transaction_failed() hook
memory.h: Move MemTxResult type to memattrs.h
aspeed_soc: Propagate silicon-rev to watchdog
watchdog: wdt_aspeed: Add support for the reset width register
target/arm/kvm: pmu: improve error handling
hw/arm/virt: allow pmu instantiation with userspace irqchip
target/arm/kvm: pmu: split init and set-irq stages
hw/arm/virt: add pmu interrupt state
hw/arm: use defined type name instead of hard-coded string
loader: Ignore zero-sized ELF segments
loader: Handle ELF files with overlapping zero-initialized data
nvic: Implement "user accesses BusFault" SCS region behaviour
armv7m_nvic.h: Move from include/hw/arm to include/hw/intc
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/arm/op_helper.c')
| -rw-r--r-- | target/arm/op_helper.c | 121 |
1 files changed, 65 insertions, 56 deletions
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 2a85666579..8f6db8043f 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -80,7 +80,7 @@ uint32_t HELPER(neon_tbl)(CPUARMState *env, uint32_t ireg, uint32_t def, static inline uint32_t merge_syn_data_abort(uint32_t template_syn, unsigned int target_el, - bool same_el, + bool same_el, bool ea, bool s1ptw, bool is_write, int fsc) { @@ -99,7 +99,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, */ if (!(template_syn & ARM_EL_ISV) || target_el != 2 || s1ptw) { syn = syn_data_abort_no_iss(same_el, - 0, 0, s1ptw, is_write, fsc); + ea, 0, s1ptw, is_write, fsc); } else { /* Fields: IL, ISV, SAS, SSE, SRT, SF and AR come from the template * syndrome created at translation time. @@ -107,7 +107,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, */ syn = syn_data_abort_with_iss(same_el, 0, 0, 0, 0, 0, - 0, 0, s1ptw, is_write, fsc, + ea, 0, s1ptw, is_write, fsc, false); /* Merge the runtime syndrome with the template syndrome. */ syn |= template_syn; @@ -115,6 +115,51 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, return syn; } +static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type, + uint32_t fsr, uint32_t fsc, ARMMMUFaultInfo *fi) +{ + CPUARMState *env = &cpu->env; + int target_el; + bool same_el; + uint32_t syn, exc; + + target_el = exception_target_el(env); + if (fi->stage2) { + target_el = 2; + env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; + } + same_el = (arm_current_el(env) == target_el); + + if (fsc == 0x3f) { + /* Caller doesn't have a long-format fault status code. This + * should only happen if this fault will never actually be reported + * to an EL that uses a syndrome register. Check that here. + * 0x3f is a (currently) reserved FSC code, in case the constructed + * syndrome does leak into the guest somehow. + */ + assert(target_el != 2 && !arm_el_is_aa64(env, target_el)); + } + + if (access_type == MMU_INST_FETCH) { + syn = syn_insn_abort(same_el, fi->ea, fi->s1ptw, fsc); + exc = EXCP_PREFETCH_ABORT; + } else { + syn = merge_syn_data_abort(env->exception.syndrome, target_el, + same_el, fi->ea, fi->s1ptw, + access_type == MMU_DATA_STORE, + fsc); + if (access_type == MMU_DATA_STORE + && arm_feature(env, ARM_FEATURE_V6)) { + fsr |= (1 << 11); + } + exc = EXCP_DATA_ABORT; + } + + env->exception.vaddress = addr; + env->exception.fsr = fsr; + raise_exception(env, exc, syn, target_el); +} + /* try to fill the TLB and return an exception if error. If retaddr is * NULL, it means that the function was called in C code (i.e. not * from generated code or from helper.c) @@ -129,23 +174,13 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type, ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, &fsr, &fi); if (unlikely(ret)) { ARMCPU *cpu = ARM_CPU(cs); - CPUARMState *env = &cpu->env; - uint32_t syn, exc, fsc; - unsigned int target_el; - bool same_el; + uint32_t fsc; if (retaddr) { /* now we have a real cpu fault */ cpu_restore_state(cs, retaddr); } - target_el = exception_target_el(env); - if (fi.stage2) { - target_el = 2; - env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4; - } - same_el = arm_current_el(env) == target_el; - if (fsr & (1 << 9)) { /* LPAE format fault status register : bottom 6 bits are * status code in the same form as needed for syndrome @@ -153,34 +188,15 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type, fsc = extract32(fsr, 0, 6); } else { /* Short format FSR : this fault will never actually be reported - * to an EL that uses a syndrome register. Check that here, - * and use a (currently) reserved FSR code in case the constructed - * syndrome does leak into the guest somehow. + * to an EL that uses a syndrome register. Use a (currently) + * reserved FSR code in case the constructed syndrome does leak + * into the guest somehow. deliver_fault will assert that + * we don't target an EL using the syndrome. */ - assert(target_el != 2 && !arm_el_is_aa64(env, target_el)); fsc = 0x3f; } - /* For insn and data aborts we assume there is no instruction syndrome - * information; this is always true for exceptions reported to EL1. - */ - if (access_type == MMU_INST_FETCH) { - syn = syn_insn_abort(same_el, 0, fi.s1ptw, fsc); - exc = EXCP_PREFETCH_ABORT; - } else { - syn = merge_syn_data_abort(env->exception.syndrome, target_el, - same_el, fi.s1ptw, - access_type == MMU_DATA_STORE, fsc); - if (access_type == MMU_DATA_STORE - && arm_feature(env, ARM_FEATURE_V6)) { - fsr |= (1 << 11); - } - exc = EXCP_DATA_ABORT; - } - - env->exception.vaddress = addr; - env->exception.fsr = fsr; - raise_exception(env, exc, syn, target_el); + deliver_fault(cpu, addr, access_type, fsr, fsc, &fi); } } @@ -191,9 +207,8 @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, { ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; - int target_el; - bool same_el; - uint32_t syn; + uint32_t fsr, fsc; + ARMMMUFaultInfo fi = {}; ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx); if (retaddr) { @@ -201,28 +216,17 @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, cpu_restore_state(cs, retaddr); } - target_el = exception_target_el(env); - same_el = (arm_current_el(env) == target_el); - - env->exception.vaddress = vaddr; - /* the DFSR for an alignment fault depends on whether we're using * the LPAE long descriptor format, or the short descriptor format */ if (arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) { - env->exception.fsr = (1 << 9) | 0x21; + fsr = (1 << 9) | 0x21; } else { - env->exception.fsr = 0x1; + fsr = 0x1; } + fsc = 0x21; - if (access_type == MMU_DATA_STORE && arm_feature(env, ARM_FEATURE_V6)) { - env->exception.fsr |= (1 << 11); - } - - syn = merge_syn_data_abort(env->exception.syndrome, target_el, - same_el, 0, access_type == MMU_DATA_STORE, - 0x21); - raise_exception(env, EXCP_DATA_ABORT, syn, target_el); + deliver_fault(cpu, vaddr, access_type, fsr, fsc, &fi); } #endif /* !defined(CONFIG_USER_ONLY) */ @@ -370,6 +374,11 @@ static inline int check_wfx_trap(CPUARMState *env, bool is_wfe) int cur_el = arm_current_el(env); uint64_t mask; + if (arm_feature(env, ARM_FEATURE_M)) { + /* M profile cores can never trap WFI/WFE. */ + return 0; + } + /* If we are currently in EL0 then we need to check if SCTLR is set up for * WFx instructions being trapped to EL1. These trap bits don't exist in v7. */ |