[qemu.git] / target / arm / tlb_helper.c

/*
 * ARM TLB (Translation lookaside buffer) helpers.
 *
 * This code is licensed under the GNU GPL v2 or later.
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */
#include "qemu/osdep.h"
#include "cpu.h"
#include "internals.h"
#include "exec/exec-all.h"

#if !defined(CONFIG_USER_ONLY)

static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
                                            unsigned int target_el,
                                            bool same_el, bool ea,
                                            bool s1ptw, bool is_write,
                                            int fsc)
{
    uint32_t syn;

    /*
     * ISV is only set for data aborts routed to EL2 and
     * never for stage-1 page table walks faulting on stage 2.
     *
     * Furthermore, ISV is only set for certain kinds of load/stores.
     * If the template syndrome does not have ISV set, we should leave
     * it cleared.
     *
     * See ARMv8 specs, D7-1974:
     * ISS encoding for an exception from a Data Abort, the
     * ISV field.
     */
    if (!(template_syn & ARM_EL_ISV) || target_el != 2 || s1ptw) {
        syn = syn_data_abort_no_iss(same_el,
                                    ea, 0, s1ptw, is_write, fsc);
    } else {
        /*
         * Fields: IL, ISV, SAS, SSE, SRT, SF and AR come from the template
         * syndrome created at translation time.
         * Now we create the runtime syndrome with the remaining fields.
         */
        syn = syn_data_abort_with_iss(same_el,
                                      0, 0, 0, 0, 0,
                                      ea, 0, s1ptw, is_write, fsc,
                                      true);
        /* Merge the runtime syndrome with the template syndrome.  */
        syn |= template_syn;
    }
    return syn;
}

static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr,
                                            MMUAccessType access_type,
                                            int mmu_idx, ARMMMUFaultInfo *fi)
{
    CPUARMState *env = &cpu->env;
    int target_el;
    bool same_el;
    uint32_t syn, exc, fsr, fsc;
    ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx);

    target_el = exception_target_el(env);
    if (fi->stage2) {
        target_el = 2;
        env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4;
    }
    same_el = (arm_current_el(env) == target_el);

    if (target_el == 2 || arm_el_is_aa64(env, target_el) ||
        arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) {
        /*
         * LPAE format fault status register : bottom 6 bits are
         * status code in the same form as needed for syndrome
         */
        fsr = arm_fi_to_lfsc(fi);
        fsc = extract32(fsr, 0, 6);
    } else {
        fsr = arm_fi_to_sfsc(fi);
        /*
         * Short format FSR : this fault will never actually be reported
         * to an EL that uses a syndrome register. Use a (currently)
         * reserved FSR code in case the constructed syndrome does leak
         * into the guest somehow.
         */
        fsc = 0x3f;
    }

    if (access_type == MMU_INST_FETCH) {
        syn = syn_insn_abort(same_el, fi->ea, fi->s1ptw, fsc);
        exc = EXCP_PREFETCH_ABORT;
    } else {
        syn = merge_syn_data_abort(env->exception.syndrome, target_el,
                                   same_el, fi->ea, fi->s1ptw,
                                   access_type == MMU_DATA_STORE,
                                   fsc);
        if (access_type == MMU_DATA_STORE
            && arm_feature(env, ARM_FEATURE_V6)) {
            fsr |= (1 << 11);
        }
        exc = EXCP_DATA_ABORT;
    }

    env->exception.vaddress = addr;
    env->exception.fsr = fsr;
    raise_exception(env, exc, syn, target_el);
}

/* Raise a data fault alignment exception for the specified virtual address */
void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
                                 MMUAccessType access_type,
                                 int mmu_idx, uintptr_t retaddr)
{
    ARMCPU *cpu = ARM_CPU(cs);
    ARMMMUFaultInfo fi = {};

    /* now we have a real cpu fault */
    cpu_restore_state(cs, retaddr, true);

    fi.type = ARMFault_Alignment;
    arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
}

/*
 * arm_cpu_do_transaction_failed: handle a memory system error response
 * (eg "no device/memory present at address") by raising an external abort
 * exception
 */
void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                                   vaddr addr, unsigned size,
                                   MMUAccessType access_type,
                                   int mmu_idx, MemTxAttrs attrs,
                                   MemTxResult response, uintptr_t retaddr)
{
    ARMCPU *cpu = ARM_CPU(cs);
    ARMMMUFaultInfo fi = {};

    /* now we have a real cpu fault */
    cpu_restore_state(cs, retaddr, true);

    fi.ea = arm_extabort_type(response);
    fi.type = ARMFault_SyncExternal;
    arm_deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
}

#endif /* !defined(CONFIG_USER_ONLY) */

bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                      MMUAccessType access_type, int mmu_idx,
                      bool probe, uintptr_t retaddr)
{
    ARMCPU *cpu = ARM_CPU(cs);

#ifdef CONFIG_USER_ONLY
    cpu->env.exception.vaddress = address;
    if (access_type == MMU_INST_FETCH) {
        cs->exception_index = EXCP_PREFETCH_ABORT;
    } else {
        cs->exception_index = EXCP_DATA_ABORT;
    }
    cpu_loop_exit_restore(cs, retaddr);
#else
    hwaddr phys_addr;
    target_ulong page_size;
    int prot, ret;
    MemTxAttrs attrs = {};
    ARMMMUFaultInfo fi = {};

    /*
     * Walk the page table and (if the mapping exists) add the page
     * to the TLB.  On success, return true.  Otherwise, if probing,
     * return false.  Otherwise populate fsr with ARM DFSR/IFSR fault
     * register format, and signal the fault.
     */
    ret = get_phys_addr(&cpu->env, address, access_type,
                        core_to_arm_mmu_idx(&cpu->env, mmu_idx),
                        &phys_addr, &attrs, &prot, &page_size, &fi, NULL);
    if (likely(!ret)) {
        /*
         * Map a single [sub]page. Regions smaller than our declared
         * target page size are handled specially, so for those we
         * pass in the exact addresses.
         */
        if (page_size >= TARGET_PAGE_SIZE) {
            phys_addr &= TARGET_PAGE_MASK;
            address &= TARGET_PAGE_MASK;
        }
        tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
                                prot, mmu_idx, page_size);
        return true;
    } else if (probe) {
        return false;
    } else {
        /* now we have a real cpu fault */
        cpu_restore_state(cs, retaddr, true);
        arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi);
    }
#endif
}
Commit	Line	Data
e21b551c PMD	1	/*
	2	* ARM TLB (Translation lookaside buffer) helpers.
	3	*
	4	* This code is licensed under the GNU GPL v2 or later.
	5	*
	6	* SPDX-License-Identifier: GPL-2.0-or-later
	7	*/
	8	#include "qemu/osdep.h"
	9	#include "cpu.h"
	10	#include "internals.h"
	11	#include "exec/exec-all.h"
	12
	13	#if !defined(CONFIG_USER_ONLY)
	14
	15	static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
	16	unsigned int target_el,
	17	bool same_el, bool ea,
	18	bool s1ptw, bool is_write,
	19	int fsc)
	20	{
	21	uint32_t syn;
	22
	23	/*
	24	* ISV is only set for data aborts routed to EL2 and
	25	* never for stage-1 page table walks faulting on stage 2.
	26	*
	27	* Furthermore, ISV is only set for certain kinds of load/stores.
	28	* If the template syndrome does not have ISV set, we should leave
	29	* it cleared.
	30	*
	31	* See ARMv8 specs, D7-1974:
	32	* ISS encoding for an exception from a Data Abort, the
	33	* ISV field.
	34	*/
	35	if (!(template_syn & ARM_EL_ISV) \|\| target_el != 2 \|\| s1ptw) {
	36	syn = syn_data_abort_no_iss(same_el,
	37	ea, 0, s1ptw, is_write, fsc);
	38	} else {
	39	/*
	40	* Fields: IL, ISV, SAS, SSE, SRT, SF and AR come from the template
	41	* syndrome created at translation time.
	42	* Now we create the runtime syndrome with the remaining fields.
	43	*/
	44	syn = syn_data_abort_with_iss(same_el,
	45	0, 0, 0, 0, 0,
	46	ea, 0, s1ptw, is_write, fsc,
30d54483	47	true);
e21b551c PMD	48	/* Merge the runtime syndrome with the template syndrome. */
	49	syn \|= template_syn;
	50	}
	51	return syn;
	52	}
	53
	54	static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr,
	55	MMUAccessType access_type,
	56	int mmu_idx, ARMMMUFaultInfo *fi)
	57	{
	58	CPUARMState *env = &cpu->env;
	59	int target_el;
	60	bool same_el;
	61	uint32_t syn, exc, fsr, fsc;
	62	ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx);
	63
	64	target_el = exception_target_el(env);
	65	if (fi->stage2) {
	66	target_el = 2;
	67	env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4;
	68	}
	69	same_el = (arm_current_el(env) == target_el);
	70
	71	if (target_el == 2 \|\| arm_el_is_aa64(env, target_el) \|\|
	72	arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) {
	73	/*
	74	* LPAE format fault status register : bottom 6 bits are
	75	* status code in the same form as needed for syndrome
	76	*/
	77	fsr = arm_fi_to_lfsc(fi);
	78	fsc = extract32(fsr, 0, 6);
	79	} else {
	80	fsr = arm_fi_to_sfsc(fi);
	81	/*
	82	* Short format FSR : this fault will never actually be reported
	83	* to an EL that uses a syndrome register. Use a (currently)
	84	* reserved FSR code in case the constructed syndrome does leak
	85	* into the guest somehow.
	86	*/
	87	fsc = 0x3f;
	88	}
	89
	90	if (access_type == MMU_INST_FETCH) {
	91	syn = syn_insn_abort(same_el, fi->ea, fi->s1ptw, fsc);
	92	exc = EXCP_PREFETCH_ABORT;
	93	} else {
	94	syn = merge_syn_data_abort(env->exception.syndrome, target_el,
	95	same_el, fi->ea, fi->s1ptw,
	96	access_type == MMU_DATA_STORE,
	97	fsc);
	98	if (access_type == MMU_DATA_STORE
	99	&& arm_feature(env, ARM_FEATURE_V6)) {
	100	fsr \|= (1 << 11);
	101	}
	102	exc = EXCP_DATA_ABORT;
	103	}
	104
	105	env->exception.vaddress = addr;
	106	env->exception.fsr = fsr;
	107	raise_exception(env, exc, syn, target_el);
	108	}
	109
	110	/* Raise a data fault alignment exception for the specified virtual address */
	111	void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
112	MMUAccessType access_type,
113	int mmu_idx, uintptr_t retaddr)
114	{
115	ARMCPU *cpu = ARM_CPU(cs);
116	ARMMMUFaultInfo fi = {};
117
118	/* now we have a real cpu fault */
119	cpu_restore_state(cs, retaddr, true);
120
121	fi.type = ARMFault_Alignment;
122	arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
123	}
124
125	/*
126	* arm_cpu_do_transaction_failed: handle a memory system error response
127	* (eg "no device/memory present at address") by raising an external abort
128	* exception
129	*/
130	void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
131	vaddr addr, unsigned size,
132	MMUAccessType access_type,
133	int mmu_idx, MemTxAttrs attrs,
134	MemTxResult response, uintptr_t retaddr)
135	{
136	ARMCPU *cpu = ARM_CPU(cs);
137	ARMMMUFaultInfo fi = {};
138
139	/* now we have a real cpu fault */
140	cpu_restore_state(cs, retaddr, true);
141
142	fi.ea = arm_extabort_type(response);
143	fi.type = ARMFault_SyncExternal;
144	arm_deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
145	}
146
147	#endif /* !defined(CONFIG_USER_ONLY) */
148
149	bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
150	MMUAccessType access_type, int mmu_idx,
151	bool probe, uintptr_t retaddr)
152	{
153	ARMCPU *cpu = ARM_CPU(cs);
154
155	#ifdef CONFIG_USER_ONLY
156	cpu->env.exception.vaddress = address;
157	if (access_type == MMU_INST_FETCH) {
158	cs->exception_index = EXCP_PREFETCH_ABORT;
159	} else {
160	cs->exception_index = EXCP_DATA_ABORT;
161	}
162	cpu_loop_exit_restore(cs, retaddr);
163	#else
164	hwaddr phys_addr;
165	target_ulong page_size;
166	int prot, ret;
167	MemTxAttrs attrs = {};
168	ARMMMUFaultInfo fi = {};
169
170	/*
171	* Walk the page table and (if the mapping exists) add the page
172	* to the TLB. On success, return true. Otherwise, if probing,
173	* return false. Otherwise populate fsr with ARM DFSR/IFSR fault
174	* register format, and signal the fault.
175	*/
176	ret = get_phys_addr(&cpu->env, address, access_type,
177	core_to_arm_mmu_idx(&cpu->env, mmu_idx),
178	&phys_addr, &attrs, &prot, &page_size, &fi, NULL);
179	if (likely(!ret)) {
180	/*
181	* Map a single [sub]page. Regions smaller than our declared
182	* target page size are handled specially, so for those we
183	* pass in the exact addresses.
184	*/
185	if (page_size >= TARGET_PAGE_SIZE) {
186	phys_addr &= TARGET_PAGE_MASK;
187	address &= TARGET_PAGE_MASK;
188	}
189	tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
190	prot, mmu_idx, page_size);
191	return true;
192	} else if (probe) {
193	return false;
194	} else {
195	/* now we have a real cpu fault */
196	cpu_restore_state(cs, retaddr, true);
197	arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi);
198	}
199	#endif
200	}