3 #include "exec/gdbstub.h"
5 #include "qemu/host-utils.h"
6 #include "sysemu/arch_init.h"
7 #include "sysemu/sysemu.h"
8 #include "qemu/bitops.h"
9 #include "qemu/crc32c.h"
10 #include <zlib.h> /* For crc32 */
12 #ifndef CONFIG_USER_ONLY
13 #include "exec/softmmu_exec.h"
15 static inline int get_phys_addr(CPUARMState *env, target_ulong address,
16 int access_type, int is_user,
17 hwaddr *phys_ptr, int *prot,
18 target_ulong *page_size);
20 /* Definitions for the PMCCNTR and PMCR registers */
26 static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
30 /* VFP data registers are always little-endian. */
31 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
33 stfq_le_p(buf, env->vfp.regs[reg]);
36 if (arm_feature(env, ARM_FEATURE_NEON)) {
37 /* Aliases for Q regs. */
40 stfq_le_p(buf, env->vfp.regs[(reg - 32) * 2]);
41 stfq_le_p(buf + 8, env->vfp.regs[(reg - 32) * 2 + 1]);
45 switch (reg - nregs) {
46 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
47 case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
48 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
53 static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
57 nregs = arm_feature(env, ARM_FEATURE_VFP3) ? 32 : 16;
59 env->vfp.regs[reg] = ldfq_le_p(buf);
62 if (arm_feature(env, ARM_FEATURE_NEON)) {
65 env->vfp.regs[(reg - 32) * 2] = ldfq_le_p(buf);
66 env->vfp.regs[(reg - 32) * 2 + 1] = ldfq_le_p(buf + 8);
70 switch (reg - nregs) {
71 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
72 case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
73 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
78 static int aarch64_fpu_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
82 /* 128 bit FP register */
83 stfq_le_p(buf, env->vfp.regs[reg * 2]);
84 stfq_le_p(buf + 8, env->vfp.regs[reg * 2 + 1]);
88 stl_p(buf, vfp_get_fpsr(env));
92 stl_p(buf, vfp_get_fpcr(env));
99 static int aarch64_fpu_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
103 /* 128 bit FP register */
104 env->vfp.regs[reg * 2] = ldfq_le_p(buf);
105 env->vfp.regs[reg * 2 + 1] = ldfq_le_p(buf + 8);
109 vfp_set_fpsr(env, ldl_p(buf));
113 vfp_set_fpcr(env, ldl_p(buf));
120 static uint64_t raw_read(CPUARMState *env, const ARMCPRegInfo *ri)
122 if (cpreg_field_is_64bit(ri)) {
123 return CPREG_FIELD64(env, ri);
125 return CPREG_FIELD32(env, ri);
129 static void raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
132 if (cpreg_field_is_64bit(ri)) {
133 CPREG_FIELD64(env, ri) = value;
135 CPREG_FIELD32(env, ri) = value;
139 static uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri)
141 /* Raw read of a coprocessor register (as needed for migration, etc). */
142 if (ri->type & ARM_CP_CONST) {
143 return ri->resetvalue;
144 } else if (ri->raw_readfn) {
145 return ri->raw_readfn(env, ri);
146 } else if (ri->readfn) {
147 return ri->readfn(env, ri);
149 return raw_read(env, ri);
153 static void write_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri,
156 /* Raw write of a coprocessor register (as needed for migration, etc).
157 * Note that constant registers are treated as write-ignored; the
158 * caller should check for success by whether a readback gives the
161 if (ri->type & ARM_CP_CONST) {
163 } else if (ri->raw_writefn) {
164 ri->raw_writefn(env, ri, v);
165 } else if (ri->writefn) {
166 ri->writefn(env, ri, v);
168 raw_write(env, ri, v);
172 bool write_cpustate_to_list(ARMCPU *cpu)
174 /* Write the coprocessor state from cpu->env to the (index,value) list. */
178 for (i = 0; i < cpu->cpreg_array_len; i++) {
179 uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
180 const ARMCPRegInfo *ri;
182 ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
187 if (ri->type & ARM_CP_NO_MIGRATE) {
190 cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri);
195 bool write_list_to_cpustate(ARMCPU *cpu)
200 for (i = 0; i < cpu->cpreg_array_len; i++) {
201 uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
202 uint64_t v = cpu->cpreg_values[i];
203 const ARMCPRegInfo *ri;
205 ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
210 if (ri->type & ARM_CP_NO_MIGRATE) {
213 /* Write value and confirm it reads back as written
214 * (to catch read-only registers and partially read-only
215 * registers where the incoming migration value doesn't match)
217 write_raw_cp_reg(&cpu->env, ri, v);
218 if (read_raw_cp_reg(&cpu->env, ri) != v) {
225 static void add_cpreg_to_list(gpointer key, gpointer opaque)
227 ARMCPU *cpu = opaque;
229 const ARMCPRegInfo *ri;
231 regidx = *(uint32_t *)key;
232 ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
234 if (!(ri->type & ARM_CP_NO_MIGRATE)) {
235 cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
236 /* The value array need not be initialized at this point */
237 cpu->cpreg_array_len++;
241 static void count_cpreg(gpointer key, gpointer opaque)
243 ARMCPU *cpu = opaque;
245 const ARMCPRegInfo *ri;
247 regidx = *(uint32_t *)key;
248 ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
250 if (!(ri->type & ARM_CP_NO_MIGRATE)) {
251 cpu->cpreg_array_len++;
255 static gint cpreg_key_compare(gconstpointer a, gconstpointer b)
257 uint64_t aidx = cpreg_to_kvm_id(*(uint32_t *)a);
258 uint64_t bidx = cpreg_to_kvm_id(*(uint32_t *)b);
269 static void cpreg_make_keylist(gpointer key, gpointer value, gpointer udata)
271 GList **plist = udata;
273 *plist = g_list_prepend(*plist, key);
276 void init_cpreg_list(ARMCPU *cpu)
278 /* Initialise the cpreg_tuples[] array based on the cp_regs hash.
279 * Note that we require cpreg_tuples[] to be sorted by key ID.
284 g_hash_table_foreach(cpu->cp_regs, cpreg_make_keylist, &keys);
286 keys = g_list_sort(keys, cpreg_key_compare);
288 cpu->cpreg_array_len = 0;
290 g_list_foreach(keys, count_cpreg, cpu);
292 arraylen = cpu->cpreg_array_len;
293 cpu->cpreg_indexes = g_new(uint64_t, arraylen);
294 cpu->cpreg_values = g_new(uint64_t, arraylen);
295 cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
296 cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
297 cpu->cpreg_vmstate_array_len = cpu->cpreg_array_len;
298 cpu->cpreg_array_len = 0;
300 g_list_foreach(keys, add_cpreg_to_list, cpu);
302 assert(cpu->cpreg_array_len == arraylen);
307 /* Return true if extended addresses are enabled.
308 * This is always the case if our translation regime is 64 bit,
309 * but depends on TTBCR.EAE for 32 bit.
311 static inline bool extended_addresses_enabled(CPUARMState *env)
313 return arm_el_is_aa64(env, 1)
314 || ((arm_feature(env, ARM_FEATURE_LPAE)
315 && (env->cp15.c2_control & (1U << 31))));
318 static void dacr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
320 ARMCPU *cpu = arm_env_get_cpu(env);
322 env->cp15.c3 = value;
323 tlb_flush(CPU(cpu), 1); /* Flush TLB as domain not tracked in TLB */
326 static void fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
328 ARMCPU *cpu = arm_env_get_cpu(env);
330 if (env->cp15.c13_fcse != value) {
331 /* Unlike real hardware the qemu TLB uses virtual addresses,
332 * not modified virtual addresses, so this causes a TLB flush.
334 tlb_flush(CPU(cpu), 1);
335 env->cp15.c13_fcse = value;
339 static void contextidr_write(CPUARMState *env, const ARMCPRegInfo *ri,
342 ARMCPU *cpu = arm_env_get_cpu(env);
344 if (env->cp15.contextidr_el1 != value && !arm_feature(env, ARM_FEATURE_MPU)
345 && !extended_addresses_enabled(env)) {
346 /* For VMSA (when not using the LPAE long descriptor page table
347 * format) this register includes the ASID, so do a TLB flush.
348 * For PMSA it is purely a process ID and no action is needed.
350 tlb_flush(CPU(cpu), 1);
352 env->cp15.contextidr_el1 = value;
355 static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
358 /* Invalidate all (TLBIALL) */
359 ARMCPU *cpu = arm_env_get_cpu(env);
361 tlb_flush(CPU(cpu), 1);
364 static void tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
367 /* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
368 ARMCPU *cpu = arm_env_get_cpu(env);
370 tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
373 static void tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
376 /* Invalidate by ASID (TLBIASID) */
377 ARMCPU *cpu = arm_env_get_cpu(env);
379 tlb_flush(CPU(cpu), value == 0);
382 static void tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
385 /* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
386 ARMCPU *cpu = arm_env_get_cpu(env);
388 tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
391 static const ARMCPRegInfo cp_reginfo[] = {
392 /* DBGDIDR: just RAZ. In particular this means the "debug architecture
393 * version" bits will read as a reserved value, which should cause
394 * Linux to not try to use the debug hardware.
396 { .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
397 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
398 { .name = "FCSEIDR", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 0,
399 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
400 .resetvalue = 0, .writefn = fcse_write, .raw_writefn = raw_write, },
401 { .name = "CONTEXTIDR", .state = ARM_CP_STATE_BOTH,
402 .opc0 = 3, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 1,
404 .fieldoffset = offsetof(CPUARMState, cp15.contextidr_el1),
405 .resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, },
409 static const ARMCPRegInfo not_v8_cp_reginfo[] = {
410 /* NB: Some of these registers exist in v8 but with more precise
411 * definitions that don't use CP_ANY wildcards (mostly in v8_cp_reginfo[]).
413 /* MMU Domain access control / MPU write buffer control */
414 { .name = "DACR", .cp = 15,
415 .crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
416 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
417 .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
418 /* ??? This covers not just the impdef TLB lockdown registers but also
419 * some v7VMSA registers relating to TEX remap, so it is overly broad.
421 { .name = "TLB_LOCKDOWN", .cp = 15, .crn = 10, .crm = CP_ANY,
422 .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_NOP },
423 /* MMU TLB control. Note that the wildcarding means we cover not just
424 * the unified TLB ops but also the dside/iside/inner-shareable variants.
426 { .name = "TLBIALL", .cp = 15, .crn = 8, .crm = CP_ANY,
427 .opc1 = CP_ANY, .opc2 = 0, .access = PL1_W, .writefn = tlbiall_write,
428 .type = ARM_CP_NO_MIGRATE },
429 { .name = "TLBIMVA", .cp = 15, .crn = 8, .crm = CP_ANY,
430 .opc1 = CP_ANY, .opc2 = 1, .access = PL1_W, .writefn = tlbimva_write,
431 .type = ARM_CP_NO_MIGRATE },
432 { .name = "TLBIASID", .cp = 15, .crn = 8, .crm = CP_ANY,
433 .opc1 = CP_ANY, .opc2 = 2, .access = PL1_W, .writefn = tlbiasid_write,
434 .type = ARM_CP_NO_MIGRATE },
435 { .name = "TLBIMVAA", .cp = 15, .crn = 8, .crm = CP_ANY,
436 .opc1 = CP_ANY, .opc2 = 3, .access = PL1_W, .writefn = tlbimvaa_write,
437 .type = ARM_CP_NO_MIGRATE },
438 /* Cache maintenance ops; some of this space may be overridden later. */
439 { .name = "CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
440 .opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
441 .type = ARM_CP_NOP | ARM_CP_OVERRIDE },
445 static const ARMCPRegInfo not_v6_cp_reginfo[] = {
446 /* Not all pre-v6 cores implemented this WFI, so this is slightly
449 { .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
450 .access = PL1_W, .type = ARM_CP_WFI },
454 static const ARMCPRegInfo not_v7_cp_reginfo[] = {
455 /* Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
456 * is UNPREDICTABLE; we choose to NOP as most implementations do).
458 { .name = "WFI_v6", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
459 .access = PL1_W, .type = ARM_CP_WFI },
460 /* L1 cache lockdown. Not architectural in v6 and earlier but in practice
461 * implemented in 926, 946, 1026, 1136, 1176 and 11MPCore. StrongARM and
462 * OMAPCP will override this space.
464 { .name = "DLOCKDOWN", .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 0,
465 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_data),
467 { .name = "ILOCKDOWN", .cp = 15, .crn = 9, .crm = 0, .opc1 = 0, .opc2 = 1,
468 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_insn),
470 /* v6 doesn't have the cache ID registers but Linux reads them anyway */
471 { .name = "DUMMY", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = CP_ANY,
472 .access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
477 static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
480 if (env->cp15.c1_coproc != value) {
481 env->cp15.c1_coproc = value;
482 /* ??? Is this safe when called from within a TB? */
487 static const ARMCPRegInfo v6_cp_reginfo[] = {
488 /* prefetch by MVA in v6, NOP in v7 */
489 { .name = "MVA_prefetch",
490 .cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
491 .access = PL1_W, .type = ARM_CP_NOP },
492 { .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
493 .access = PL0_W, .type = ARM_CP_NOP },
494 { .name = "DSB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
495 .access = PL0_W, .type = ARM_CP_NOP },
496 { .name = "DMB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
497 .access = PL0_W, .type = ARM_CP_NOP },
498 { .name = "IFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 2,
500 .fieldoffset = offsetofhigh32(CPUARMState, cp15.far_el1),
502 /* Watchpoint Fault Address Register : should actually only be present
503 * for 1136, 1176, 11MPCore.
505 { .name = "WFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
506 .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0, },
507 { .name = "CPACR", .state = ARM_CP_STATE_BOTH, .opc0 = 3,
508 .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 2,
509 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_coproc),
510 .resetvalue = 0, .writefn = cpacr_write },
514 static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri)
516 /* Performance monitor registers user accessibility is controlled
519 if (arm_current_pl(env) == 0 && !env->cp15.c9_pmuserenr) {
520 return CP_ACCESS_TRAP;
525 #ifndef CONFIG_USER_ONLY
526 static void pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
529 /* Don't computer the number of ticks in user mode */
532 temp_ticks = qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) *
533 get_ticks_per_sec() / 1000000;
535 if (env->cp15.c9_pmcr & PMCRE) {
536 /* If the counter is enabled */
537 if (env->cp15.c9_pmcr & PMCRD) {
538 /* Increment once every 64 processor clock cycles */
539 env->cp15.c15_ccnt = (temp_ticks/64) - env->cp15.c15_ccnt;
541 env->cp15.c15_ccnt = temp_ticks - env->cp15.c15_ccnt;
546 /* The counter has been reset */
547 env->cp15.c15_ccnt = 0;
550 /* only the DP, X, D and E bits are writable */
551 env->cp15.c9_pmcr &= ~0x39;
552 env->cp15.c9_pmcr |= (value & 0x39);
554 if (env->cp15.c9_pmcr & PMCRE) {
555 if (env->cp15.c9_pmcr & PMCRD) {
556 /* Increment once every 64 processor clock cycles */
559 env->cp15.c15_ccnt = temp_ticks - env->cp15.c15_ccnt;
563 static uint64_t pmccntr_read(CPUARMState *env, const ARMCPRegInfo *ri)
565 uint32_t total_ticks;
567 if (!(env->cp15.c9_pmcr & PMCRE)) {
568 /* Counter is disabled, do not change value */
569 return env->cp15.c15_ccnt;
572 total_ticks = qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) *
573 get_ticks_per_sec() / 1000000;
575 if (env->cp15.c9_pmcr & PMCRD) {
576 /* Increment once every 64 processor clock cycles */
579 return total_ticks - env->cp15.c15_ccnt;
582 static void pmccntr_write(CPUARMState *env, const ARMCPRegInfo *ri,
585 uint32_t total_ticks;
587 if (!(env->cp15.c9_pmcr & PMCRE)) {
588 /* Counter is disabled, set the absolute value */
589 env->cp15.c15_ccnt = value;
593 total_ticks = qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) *
594 get_ticks_per_sec() / 1000000;
596 if (env->cp15.c9_pmcr & PMCRD) {
597 /* Increment once every 64 processor clock cycles */
600 env->cp15.c15_ccnt = total_ticks - value;
604 static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
608 env->cp15.c9_pmcnten |= value;
611 static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
615 env->cp15.c9_pmcnten &= ~value;
618 static void pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
621 env->cp15.c9_pmovsr &= ~value;
624 static void pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri,
627 env->cp15.c9_pmxevtyper = value & 0xff;
630 static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
633 env->cp15.c9_pmuserenr = value & 1;
636 static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
639 /* We have no event counters so only the C bit can be changed */
641 env->cp15.c9_pminten |= value;
644 static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
648 env->cp15.c9_pminten &= ~value;
651 static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
654 /* Note that even though the AArch64 view of this register has bits
655 * [10:0] all RES0 we can only mask the bottom 5, to comply with the
656 * architectural requirements for bits which are RES0 only in some
657 * contexts. (ARMv8 would permit us to do no masking at all, but ARMv7
658 * requires the bottom five bits to be RAZ/WI because they're UNK/SBZP.)
660 env->cp15.c12_vbar = value & ~0x1FULL;
663 static uint64_t ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
665 ARMCPU *cpu = arm_env_get_cpu(env);
666 return cpu->ccsidr[env->cp15.c0_cssel];
669 static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
672 env->cp15.c0_cssel = value & 0xf;
675 static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
677 CPUState *cs = ENV_GET_CPU(env);
680 if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
683 if (cs->interrupt_request & CPU_INTERRUPT_FIQ) {
686 /* External aborts are not possible in QEMU so A bit is always clear */
690 static const ARMCPRegInfo v7_cp_reginfo[] = {
691 /* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
694 { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
695 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
696 { .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
697 .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
698 /* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
699 { .name = "NOP", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
700 .access = PL1_W, .type = ARM_CP_NOP },
701 /* Performance monitors are implementation defined in v7,
702 * but with an ARM recommended set of registers, which we
703 * follow (although we don't actually implement any counters)
705 * Performance registers fall into three categories:
706 * (a) always UNDEF in PL0, RW in PL1 (PMINTENSET, PMINTENCLR)
707 * (b) RO in PL0 (ie UNDEF on write), RW in PL1 (PMUSERENR)
708 * (c) UNDEF in PL0 if PMUSERENR.EN==0, otherwise accessible (all others)
709 * For the cases controlled by PMUSERENR we must set .access to PL0_RW
710 * or PL0_RO as appropriate and then check PMUSERENR in the helper fn.
712 { .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1,
713 .access = PL0_RW, .resetvalue = 0,
714 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
715 .writefn = pmcntenset_write,
716 .accessfn = pmreg_access,
717 .raw_writefn = raw_write },
718 { .name = "PMCNTENCLR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 2,
719 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
720 .accessfn = pmreg_access,
721 .writefn = pmcntenclr_write,
722 .type = ARM_CP_NO_MIGRATE },
723 { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
724 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
725 .accessfn = pmreg_access,
726 .writefn = pmovsr_write,
727 .raw_writefn = raw_write },
728 /* Unimplemented so WI. */
729 { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
730 .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP },
731 /* Since we don't implement any events, writing to PMSELR is UNPREDICTABLE.
732 * We choose to RAZ/WI.
734 { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
735 .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
736 .accessfn = pmreg_access },
737 #ifndef CONFIG_USER_ONLY
738 { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
739 .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
740 .readfn = pmccntr_read, .writefn = pmccntr_write,
741 .accessfn = pmreg_access },
743 { .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1,
745 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper),
746 .accessfn = pmreg_access, .writefn = pmxevtyper_write,
747 .raw_writefn = raw_write },
748 /* Unimplemented, RAZ/WI. */
749 { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
750 .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
751 .accessfn = pmreg_access },
752 { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
753 .access = PL0_R | PL1_RW,
754 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
756 .writefn = pmuserenr_write, .raw_writefn = raw_write },
757 { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1,
759 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
761 .writefn = pmintenset_write, .raw_writefn = raw_write },
762 { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2,
763 .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
764 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
765 .resetvalue = 0, .writefn = pmintenclr_write, },
766 { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
767 .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
768 .access = PL1_RW, .writefn = vbar_write,
769 .fieldoffset = offsetof(CPUARMState, cp15.c12_vbar),
771 { .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
772 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_scr),
774 { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
775 .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
776 .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
777 { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
778 .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
779 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
780 .writefn = csselr_write, .resetvalue = 0 },
781 /* Auxiliary ID register: this actually has an IMPDEF value but for now
782 * just RAZ for all cores:
784 { .name = "AIDR", .state = ARM_CP_STATE_BOTH,
785 .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 7,
786 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
787 /* Auxiliary fault status registers: these also are IMPDEF, and we
788 * choose to RAZ/WI for all cores.
790 { .name = "AFSR0_EL1", .state = ARM_CP_STATE_BOTH,
791 .opc0 = 3, .opc1 = 0, .crn = 5, .crm = 1, .opc2 = 0,
792 .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
793 { .name = "AFSR1_EL1", .state = ARM_CP_STATE_BOTH,
794 .opc0 = 3, .opc1 = 0, .crn = 5, .crm = 1, .opc2 = 1,
795 .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
796 /* MAIR can just read-as-written because we don't implement caches
797 * and so don't need to care about memory attributes.
799 { .name = "MAIR_EL1", .state = ARM_CP_STATE_AA64,
800 .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0,
801 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el1),
803 /* For non-long-descriptor page tables these are PRRR and NMRR;
804 * regardless they still act as reads-as-written for QEMU.
805 * The override is necessary because of the overly-broad TLB_LOCKDOWN
808 { .name = "MAIR0", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
809 .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0, .access = PL1_RW,
810 .fieldoffset = offsetoflow32(CPUARMState, cp15.mair_el1),
811 .resetfn = arm_cp_reset_ignore },
812 { .name = "MAIR1", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
813 .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 1, .access = PL1_RW,
814 .fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el1),
815 .resetfn = arm_cp_reset_ignore },
816 { .name = "ISR_EL1", .state = ARM_CP_STATE_BOTH,
817 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 1, .opc2 = 0,
818 .type = ARM_CP_NO_MIGRATE, .access = PL1_R, .readfn = isr_read },
822 static void teecr_write(CPUARMState *env, const ARMCPRegInfo *ri,
829 static CPAccessResult teehbr_access(CPUARMState *env, const ARMCPRegInfo *ri)
831 if (arm_current_pl(env) == 0 && (env->teecr & 1)) {
832 return CP_ACCESS_TRAP;
837 static const ARMCPRegInfo t2ee_cp_reginfo[] = {
838 { .name = "TEECR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 6, .opc2 = 0,
839 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, teecr),
841 .writefn = teecr_write },
842 { .name = "TEEHBR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 6, .opc2 = 0,
843 .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, teehbr),
844 .accessfn = teehbr_access, .resetvalue = 0 },
848 static const ARMCPRegInfo v6k_cp_reginfo[] = {
849 { .name = "TPIDR_EL0", .state = ARM_CP_STATE_AA64,
850 .opc0 = 3, .opc1 = 3, .opc2 = 2, .crn = 13, .crm = 0,
852 .fieldoffset = offsetof(CPUARMState, cp15.tpidr_el0), .resetvalue = 0 },
853 { .name = "TPIDRURW", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 2,
855 .fieldoffset = offsetoflow32(CPUARMState, cp15.tpidr_el0),
856 .resetfn = arm_cp_reset_ignore },
857 { .name = "TPIDRRO_EL0", .state = ARM_CP_STATE_AA64,
858 .opc0 = 3, .opc1 = 3, .opc2 = 3, .crn = 13, .crm = 0,
859 .access = PL0_R|PL1_W,
860 .fieldoffset = offsetof(CPUARMState, cp15.tpidrro_el0), .resetvalue = 0 },
861 { .name = "TPIDRURO", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
862 .access = PL0_R|PL1_W,
863 .fieldoffset = offsetoflow32(CPUARMState, cp15.tpidrro_el0),
864 .resetfn = arm_cp_reset_ignore },
865 { .name = "TPIDR_EL1", .state = ARM_CP_STATE_BOTH,
866 .opc0 = 3, .opc1 = 0, .opc2 = 4, .crn = 13, .crm = 0,
868 .fieldoffset = offsetof(CPUARMState, cp15.tpidr_el1), .resetvalue = 0 },
872 #ifndef CONFIG_USER_ONLY
874 static CPAccessResult gt_cntfrq_access(CPUARMState *env, const ARMCPRegInfo *ri)
876 /* CNTFRQ: not visible from PL0 if both PL0PCTEN and PL0VCTEN are zero */
877 if (arm_current_pl(env) == 0 && !extract32(env->cp15.c14_cntkctl, 0, 2)) {
878 return CP_ACCESS_TRAP;
883 static CPAccessResult gt_counter_access(CPUARMState *env, int timeridx)
885 /* CNT[PV]CT: not visible from PL0 if ELO[PV]CTEN is zero */
886 if (arm_current_pl(env) == 0 &&
887 !extract32(env->cp15.c14_cntkctl, timeridx, 1)) {
888 return CP_ACCESS_TRAP;
893 static CPAccessResult gt_timer_access(CPUARMState *env, int timeridx)
895 /* CNT[PV]_CVAL, CNT[PV]_CTL, CNT[PV]_TVAL: not visible from PL0 if
896 * EL0[PV]TEN is zero.
898 if (arm_current_pl(env) == 0 &&
899 !extract32(env->cp15.c14_cntkctl, 9 - timeridx, 1)) {
900 return CP_ACCESS_TRAP;
905 static CPAccessResult gt_pct_access(CPUARMState *env,
906 const ARMCPRegInfo *ri)
908 return gt_counter_access(env, GTIMER_PHYS);
911 static CPAccessResult gt_vct_access(CPUARMState *env,
912 const ARMCPRegInfo *ri)
914 return gt_counter_access(env, GTIMER_VIRT);
917 static CPAccessResult gt_ptimer_access(CPUARMState *env, const ARMCPRegInfo *ri)
919 return gt_timer_access(env, GTIMER_PHYS);
922 static CPAccessResult gt_vtimer_access(CPUARMState *env, const ARMCPRegInfo *ri)
924 return gt_timer_access(env, GTIMER_VIRT);
927 static uint64_t gt_get_countervalue(CPUARMState *env)
929 return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / GTIMER_SCALE;
932 static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
934 ARMGenericTimer *gt = &cpu->env.cp15.c14_timer[timeridx];
937 /* Timer enabled: calculate and set current ISTATUS, irq, and
938 * reset timer to when ISTATUS next has to change
940 uint64_t count = gt_get_countervalue(&cpu->env);
941 /* Note that this must be unsigned 64 bit arithmetic: */
942 int istatus = count >= gt->cval;
945 gt->ctl = deposit32(gt->ctl, 2, 1, istatus);
946 qemu_set_irq(cpu->gt_timer_outputs[timeridx],
947 (istatus && !(gt->ctl & 2)));
949 /* Next transition is when count rolls back over to zero */
950 nexttick = UINT64_MAX;
952 /* Next transition is when we hit cval */
955 /* Note that the desired next expiry time might be beyond the
956 * signed-64-bit range of a QEMUTimer -- in this case we just
957 * set the timer for as far in the future as possible. When the
958 * timer expires we will reset the timer for any remaining period.
960 if (nexttick > INT64_MAX / GTIMER_SCALE) {
961 nexttick = INT64_MAX / GTIMER_SCALE;
963 timer_mod(cpu->gt_timer[timeridx], nexttick);
965 /* Timer disabled: ISTATUS and timer output always clear */
967 qemu_set_irq(cpu->gt_timer_outputs[timeridx], 0);
968 timer_del(cpu->gt_timer[timeridx]);
972 static void gt_cnt_reset(CPUARMState *env, const ARMCPRegInfo *ri)
974 ARMCPU *cpu = arm_env_get_cpu(env);
975 int timeridx = ri->opc1 & 1;
977 timer_del(cpu->gt_timer[timeridx]);
980 static uint64_t gt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri)
982 return gt_get_countervalue(env);
985 static void gt_cval_write(CPUARMState *env, const ARMCPRegInfo *ri,
988 int timeridx = ri->opc1 & 1;
990 env->cp15.c14_timer[timeridx].cval = value;
991 gt_recalc_timer(arm_env_get_cpu(env), timeridx);
994 static uint64_t gt_tval_read(CPUARMState *env, const ARMCPRegInfo *ri)
996 int timeridx = ri->crm & 1;
998 return (uint32_t)(env->cp15.c14_timer[timeridx].cval -
999 gt_get_countervalue(env));
1002 static void gt_tval_write(CPUARMState *env, const ARMCPRegInfo *ri,
1005 int timeridx = ri->crm & 1;
1007 env->cp15.c14_timer[timeridx].cval = gt_get_countervalue(env) +
1008 + sextract64(value, 0, 32);
1009 gt_recalc_timer(arm_env_get_cpu(env), timeridx);
1012 static void gt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
1015 ARMCPU *cpu = arm_env_get_cpu(env);
1016 int timeridx = ri->crm & 1;
1017 uint32_t oldval = env->cp15.c14_timer[timeridx].ctl;
1019 env->cp15.c14_timer[timeridx].ctl = value & 3;
1020 if ((oldval ^ value) & 1) {
1021 /* Enable toggled */
1022 gt_recalc_timer(cpu, timeridx);
1023 } else if ((oldval & value) & 2) {
1024 /* IMASK toggled: don't need to recalculate,
1025 * just set the interrupt line based on ISTATUS
1027 qemu_set_irq(cpu->gt_timer_outputs[timeridx],
1028 (oldval & 4) && (value & 2));
1032 void arm_gt_ptimer_cb(void *opaque)
1034 ARMCPU *cpu = opaque;
1036 gt_recalc_timer(cpu, GTIMER_PHYS);
1039 void arm_gt_vtimer_cb(void *opaque)
1041 ARMCPU *cpu = opaque;
1043 gt_recalc_timer(cpu, GTIMER_VIRT);
1046 static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
1047 /* Note that CNTFRQ is purely reads-as-written for the benefit
1048 * of software; writing it doesn't actually change the timer frequency.
1049 * Our reset value matches the fixed frequency we implement the timer at.
1051 { .name = "CNTFRQ", .cp = 15, .crn = 14, .crm = 0, .opc1 = 0, .opc2 = 0,
1052 .type = ARM_CP_NO_MIGRATE,
1053 .access = PL1_RW | PL0_R, .accessfn = gt_cntfrq_access,
1054 .fieldoffset = offsetoflow32(CPUARMState, cp15.c14_cntfrq),
1055 .resetfn = arm_cp_reset_ignore,
1057 { .name = "CNTFRQ_EL0", .state = ARM_CP_STATE_AA64,
1058 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 0,
1059 .access = PL1_RW | PL0_R, .accessfn = gt_cntfrq_access,
1060 .fieldoffset = offsetof(CPUARMState, cp15.c14_cntfrq),
1061 .resetvalue = (1000 * 1000 * 1000) / GTIMER_SCALE,
1063 /* overall control: mostly access permissions */
1064 { .name = "CNTKCTL", .state = ARM_CP_STATE_BOTH,
1065 .opc0 = 3, .opc1 = 0, .crn = 14, .crm = 1, .opc2 = 0,
1067 .fieldoffset = offsetof(CPUARMState, cp15.c14_cntkctl),
1070 /* per-timer control */
1071 { .name = "CNTP_CTL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,
1072 .type = ARM_CP_IO | ARM_CP_NO_MIGRATE, .access = PL1_RW | PL0_R,
1073 .accessfn = gt_ptimer_access,
1074 .fieldoffset = offsetoflow32(CPUARMState,
1075 cp15.c14_timer[GTIMER_PHYS].ctl),
1076 .resetfn = arm_cp_reset_ignore,
1077 .writefn = gt_ctl_write, .raw_writefn = raw_write,
1079 { .name = "CNTP_CTL_EL0", .state = ARM_CP_STATE_AA64,
1080 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 1,
1081 .type = ARM_CP_IO, .access = PL1_RW | PL0_R,
1082 .accessfn = gt_ptimer_access,
1083 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].ctl),
1085 .writefn = gt_ctl_write, .raw_writefn = raw_write,
1087 { .name = "CNTV_CTL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 1,
1088 .type = ARM_CP_IO | ARM_CP_NO_MIGRATE, .access = PL1_RW | PL0_R,
1089 .accessfn = gt_vtimer_access,
1090 .fieldoffset = offsetoflow32(CPUARMState,
1091 cp15.c14_timer[GTIMER_VIRT].ctl),
1092 .resetfn = arm_cp_reset_ignore,
1093 .writefn = gt_ctl_write, .raw_writefn = raw_write,
1095 { .name = "CNTV_CTL_EL0", .state = ARM_CP_STATE_AA64,
1096 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 1,
1097 .type = ARM_CP_IO, .access = PL1_RW | PL0_R,
1098 .accessfn = gt_vtimer_access,
1099 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].ctl),
1101 .writefn = gt_ctl_write, .raw_writefn = raw_write,
1103 /* TimerValue views: a 32 bit downcounting view of the underlying state */
1104 { .name = "CNTP_TVAL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,
1105 .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
1106 .accessfn = gt_ptimer_access,
1107 .readfn = gt_tval_read, .writefn = gt_tval_write,
1109 { .name = "CNTP_TVAL_EL0", .state = ARM_CP_STATE_AA64,
1110 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 0,
1111 .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
1112 .readfn = gt_tval_read, .writefn = gt_tval_write,
1114 { .name = "CNTV_TVAL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 0,
1115 .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
1116 .accessfn = gt_vtimer_access,
1117 .readfn = gt_tval_read, .writefn = gt_tval_write,
1119 { .name = "CNTV_TVAL_EL0", .state = ARM_CP_STATE_AA64,
1120 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 0,
1121 .type = ARM_CP_NO_MIGRATE | ARM_CP_IO, .access = PL1_RW | PL0_R,
1122 .readfn = gt_tval_read, .writefn = gt_tval_write,
1124 /* The counter itself */
1125 { .name = "CNTPCT", .cp = 15, .crm = 14, .opc1 = 0,
1126 .access = PL0_R, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE | ARM_CP_IO,
1127 .accessfn = gt_pct_access,
1128 .readfn = gt_cnt_read, .resetfn = arm_cp_reset_ignore,
1130 { .name = "CNTPCT_EL0", .state = ARM_CP_STATE_AA64,
1131 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 1,
1132 .access = PL0_R, .type = ARM_CP_NO_MIGRATE | ARM_CP_IO,
1133 .accessfn = gt_pct_access,
1134 .readfn = gt_cnt_read, .resetfn = gt_cnt_reset,
1136 { .name = "CNTVCT", .cp = 15, .crm = 14, .opc1 = 1,
1137 .access = PL0_R, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE | ARM_CP_IO,
1138 .accessfn = gt_vct_access,
1139 .readfn = gt_cnt_read, .resetfn = arm_cp_reset_ignore,
1141 { .name = "CNTVCT_EL0", .state = ARM_CP_STATE_AA64,
1142 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 2,
1143 .access = PL0_R, .type = ARM_CP_NO_MIGRATE | ARM_CP_IO,
1144 .accessfn = gt_vct_access,
1145 .readfn = gt_cnt_read, .resetfn = gt_cnt_reset,
1147 /* Comparison value, indicating when the timer goes off */
1148 { .name = "CNTP_CVAL", .cp = 15, .crm = 14, .opc1 = 2,
1149 .access = PL1_RW | PL0_R,
1150 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_MIGRATE,
1151 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
1152 .accessfn = gt_ptimer_access, .resetfn = arm_cp_reset_ignore,
1153 .writefn = gt_cval_write, .raw_writefn = raw_write,
1155 { .name = "CNTP_CVAL_EL0", .state = ARM_CP_STATE_AA64,
1156 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 2,
1157 .access = PL1_RW | PL0_R,
1159 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),
1160 .resetvalue = 0, .accessfn = gt_vtimer_access,
1161 .writefn = gt_cval_write, .raw_writefn = raw_write,
1163 { .name = "CNTV_CVAL", .cp = 15, .crm = 14, .opc1 = 3,
1164 .access = PL1_RW | PL0_R,
1165 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_MIGRATE,
1166 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
1167 .accessfn = gt_vtimer_access, .resetfn = arm_cp_reset_ignore,
1168 .writefn = gt_cval_write, .raw_writefn = raw_write,
1170 { .name = "CNTV_CVAL_EL0", .state = ARM_CP_STATE_AA64,
1171 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 2,
1172 .access = PL1_RW | PL0_R,
1174 .fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),
1175 .resetvalue = 0, .accessfn = gt_vtimer_access,
1176 .writefn = gt_cval_write, .raw_writefn = raw_write,
1182 /* In user-mode none of the generic timer registers are accessible,
1183 * and their implementation depends on QEMU_CLOCK_VIRTUAL and qdev gpio outputs,
1184 * so instead just don't register any of them.
1186 static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
1192 static void par_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
1194 if (arm_feature(env, ARM_FEATURE_LPAE)) {
1195 env->cp15.par_el1 = value;
1196 } else if (arm_feature(env, ARM_FEATURE_V7)) {
1197 env->cp15.par_el1 = value & 0xfffff6ff;
1199 env->cp15.par_el1 = value & 0xfffff1ff;
1203 #ifndef CONFIG_USER_ONLY
1204 /* get_phys_addr() isn't present for user-mode-only targets */
1206 static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri)
1209 /* Other states are only available with TrustZone; in
1210 * a non-TZ implementation these registers don't exist
1211 * at all, which is an Uncategorized trap. This underdecoding
1212 * is safe because the reginfo is NO_MIGRATE.
1214 return CP_ACCESS_TRAP_UNCATEGORIZED;
1216 return CP_ACCESS_OK;
1219 static void ats_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
1222 target_ulong page_size;
1224 int ret, is_user = ri->opc2 & 2;
1225 int access_type = ri->opc2 & 1;
1227 ret = get_phys_addr(env, value, access_type, is_user,
1228 &phys_addr, &prot, &page_size);
1229 if (extended_addresses_enabled(env)) {
1230 /* ret is a DFSR/IFSR value for the long descriptor
1231 * translation table format, but with WnR always clear.
1232 * Convert it to a 64-bit PAR.
1234 uint64_t par64 = (1 << 11); /* LPAE bit always set */
1236 par64 |= phys_addr & ~0xfffULL;
1237 /* We don't set the ATTR or SH fields in the PAR. */
1240 par64 |= (ret & 0x3f) << 1; /* FS */
1241 /* Note that S2WLK and FSTAGE are always zero, because we don't
1242 * implement virtualization and therefore there can't be a stage 2
1246 env->cp15.par_el1 = par64;
1248 /* ret is a DFSR/IFSR value for the short descriptor
1249 * translation table format (with WnR always clear).
1250 * Convert it to a 32-bit PAR.
1253 /* We do not set any attribute bits in the PAR */
1254 if (page_size == (1 << 24)
1255 && arm_feature(env, ARM_FEATURE_V7)) {
1256 env->cp15.par_el1 = (phys_addr & 0xff000000) | 1 << 1;
1258 env->cp15.par_el1 = phys_addr & 0xfffff000;
1261 env->cp15.par_el1 = ((ret & (1 << 10)) >> 5) |
1262 ((ret & (1 << 12)) >> 6) |
1263 ((ret & 0xf) << 1) | 1;
1269 static const ARMCPRegInfo vapa_cp_reginfo[] = {
1270 { .name = "PAR", .cp = 15, .crn = 7, .crm = 4, .opc1 = 0, .opc2 = 0,
1271 .access = PL1_RW, .resetvalue = 0,
1272 .fieldoffset = offsetoflow32(CPUARMState, cp15.par_el1),
1273 .writefn = par_write },
1274 #ifndef CONFIG_USER_ONLY
1275 { .name = "ATS", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
1276 .access = PL1_W, .accessfn = ats_access,
1277 .writefn = ats_write, .type = ARM_CP_NO_MIGRATE },
1282 /* Return basic MPU access permission bits. */
1283 static uint32_t simple_mpu_ap_bits(uint32_t val)
1290 for (i = 0; i < 16; i += 2) {
1291 ret |= (val >> i) & mask;
1297 /* Pad basic MPU access permission bits to extended format. */
1298 static uint32_t extended_mpu_ap_bits(uint32_t val)
1305 for (i = 0; i < 16; i += 2) {
1306 ret |= (val & mask) << i;
1312 static void pmsav5_data_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
1315 env->cp15.pmsav5_data_ap = extended_mpu_ap_bits(value);
1318 static uint64_t pmsav5_data_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
1320 return simple_mpu_ap_bits(env->cp15.pmsav5_data_ap);
1323 static void pmsav5_insn_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
1326 env->cp15.pmsav5_insn_ap = extended_mpu_ap_bits(value);
1329 static uint64_t pmsav5_insn_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
1331 return simple_mpu_ap_bits(env->cp15.pmsav5_insn_ap);
1334 static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
1335 { .name = "DATA_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
1336 .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
1337 .fieldoffset = offsetof(CPUARMState, cp15.pmsav5_data_ap),
1339 .readfn = pmsav5_data_ap_read, .writefn = pmsav5_data_ap_write, },
1340 { .name = "INSN_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
1341 .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
1342 .fieldoffset = offsetof(CPUARMState, cp15.pmsav5_insn_ap),
1344 .readfn = pmsav5_insn_ap_read, .writefn = pmsav5_insn_ap_write, },
1345 { .name = "DATA_EXT_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 2,
1347 .fieldoffset = offsetof(CPUARMState, cp15.pmsav5_data_ap),
1349 { .name = "INSN_EXT_AP", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 3,
1351 .fieldoffset = offsetof(CPUARMState, cp15.pmsav5_insn_ap),
1353 { .name = "DCACHE_CFG", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
1355 .fieldoffset = offsetof(CPUARMState, cp15.c2_data), .resetvalue = 0, },
1356 { .name = "ICACHE_CFG", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
1358 .fieldoffset = offsetof(CPUARMState, cp15.c2_insn), .resetvalue = 0, },
1359 /* Protection region base and size registers */
1360 { .name = "946_PRBS0", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0,
1361 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1362 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[0]) },
1363 { .name = "946_PRBS1", .cp = 15, .crn = 6, .crm = 1, .opc1 = 0,
1364 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1365 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[1]) },
1366 { .name = "946_PRBS2", .cp = 15, .crn = 6, .crm = 2, .opc1 = 0,
1367 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1368 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[2]) },
1369 { .name = "946_PRBS3", .cp = 15, .crn = 6, .crm = 3, .opc1 = 0,
1370 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1371 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[3]) },
1372 { .name = "946_PRBS4", .cp = 15, .crn = 6, .crm = 4, .opc1 = 0,
1373 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1374 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[4]) },
1375 { .name = "946_PRBS5", .cp = 15, .crn = 6, .crm = 5, .opc1 = 0,
1376 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1377 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[5]) },
1378 { .name = "946_PRBS6", .cp = 15, .crn = 6, .crm = 6, .opc1 = 0,
1379 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1380 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[6]) },
1381 { .name = "946_PRBS7", .cp = 15, .crn = 6, .crm = 7, .opc1 = 0,
1382 .opc2 = CP_ANY, .access = PL1_RW, .resetvalue = 0,
1383 .fieldoffset = offsetof(CPUARMState, cp15.c6_region[7]) },
1387 static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
1390 int maskshift = extract32(value, 0, 3);
1392 if (arm_feature(env, ARM_FEATURE_LPAE) && (value & (1 << 31))) {
1393 value &= ~((7 << 19) | (3 << 14) | (0xf << 3));
1397 /* Note that we always calculate c2_mask and c2_base_mask, but
1398 * they are only used for short-descriptor tables (ie if EAE is 0);
1399 * for long-descriptor tables the TTBCR fields are used differently
1400 * and the c2_mask and c2_base_mask values are meaningless.
1402 env->cp15.c2_control = value;
1403 env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> maskshift);
1404 env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> maskshift);
1407 static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1410 ARMCPU *cpu = arm_env_get_cpu(env);
1412 if (arm_feature(env, ARM_FEATURE_LPAE)) {
1413 /* With LPAE the TTBCR could result in a change of ASID
1414 * via the TTBCR.A1 bit, so do a TLB flush.
1416 tlb_flush(CPU(cpu), 1);
1418 vmsa_ttbcr_raw_write(env, ri, value);
1421 static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
1423 env->cp15.c2_base_mask = 0xffffc000u;
1424 env->cp15.c2_control = 0;
1425 env->cp15.c2_mask = 0;
1428 static void vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
1431 ARMCPU *cpu = arm_env_get_cpu(env);
1433 /* For AArch64 the A1 bit could result in a change of ASID, so TLB flush. */
1434 tlb_flush(CPU(cpu), 1);
1435 env->cp15.c2_control = value;
1438 static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1441 /* 64 bit accesses to the TTBRs can change the ASID and so we
1442 * must flush the TLB.
1444 if (cpreg_field_is_64bit(ri)) {
1445 ARMCPU *cpu = arm_env_get_cpu(env);
1447 tlb_flush(CPU(cpu), 1);
1449 raw_write(env, ri, value);
1452 static const ARMCPRegInfo vmsa_cp_reginfo[] = {
1453 { .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
1454 .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
1455 .fieldoffset = offsetoflow32(CPUARMState, cp15.esr_el1),
1456 .resetfn = arm_cp_reset_ignore, },
1457 { .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
1459 .fieldoffset = offsetof(CPUARMState, cp15.ifsr_el2), .resetvalue = 0, },
1460 { .name = "ESR_EL1", .state = ARM_CP_STATE_AA64,
1461 .opc0 = 3, .crn = 5, .crm = 2, .opc1 = 0, .opc2 = 0,
1463 .fieldoffset = offsetof(CPUARMState, cp15.esr_el1), .resetvalue = 0, },
1464 { .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
1465 .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
1466 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
1467 .writefn = vmsa_ttbr_write, .resetvalue = 0 },
1468 { .name = "TTBR1_EL1", .state = ARM_CP_STATE_BOTH,
1469 .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
1470 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
1471 .writefn = vmsa_ttbr_write, .resetvalue = 0 },
1472 { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
1473 .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
1474 .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
1475 .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
1476 .fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
1477 { .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
1478 .access = PL1_RW, .type = ARM_CP_NO_MIGRATE, .writefn = vmsa_ttbcr_write,
1479 .resetfn = arm_cp_reset_ignore, .raw_writefn = vmsa_ttbcr_raw_write,
1480 .fieldoffset = offsetoflow32(CPUARMState, cp15.c2_control) },
1481 /* 64-bit FAR; this entry also gives us the AArch32 DFAR */
1482 { .name = "FAR_EL1", .state = ARM_CP_STATE_BOTH,
1483 .opc0 = 3, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
1484 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.far_el1),
1489 static void omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri,
1492 env->cp15.c15_ticonfig = value & 0xe7;
1493 /* The OS_TYPE bit in this register changes the reported CPUID! */
1494 env->cp15.c0_cpuid = (value & (1 << 5)) ?
1495 ARM_CPUID_TI915T : ARM_CPUID_TI925T;
1498 static void omap_threadid_write(CPUARMState *env, const ARMCPRegInfo *ri,
1501 env->cp15.c15_threadid = value & 0xffff;
1504 static void omap_wfi_write(CPUARMState *env, const ARMCPRegInfo *ri,
1507 /* Wait-for-interrupt (deprecated) */
1508 cpu_interrupt(CPU(arm_env_get_cpu(env)), CPU_INTERRUPT_HALT);
1511 static void omap_cachemaint_write(CPUARMState *env, const ARMCPRegInfo *ri,
1514 /* On OMAP there are registers indicating the max/min index of dcache lines
1515 * containing a dirty line; cache flush operations have to reset these.
1517 env->cp15.c15_i_max = 0x000;
1518 env->cp15.c15_i_min = 0xff0;
1521 static const ARMCPRegInfo omap_cp_reginfo[] = {
1522 { .name = "DFSR", .cp = 15, .crn = 5, .crm = CP_ANY,
1523 .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW, .type = ARM_CP_OVERRIDE,
1524 .fieldoffset = offsetoflow32(CPUARMState, cp15.esr_el1),
1526 { .name = "", .cp = 15, .crn = 15, .crm = 0, .opc1 = 0, .opc2 = 0,
1527 .access = PL1_RW, .type = ARM_CP_NOP },
1528 { .name = "TICONFIG", .cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0,
1530 .fieldoffset = offsetof(CPUARMState, cp15.c15_ticonfig), .resetvalue = 0,
1531 .writefn = omap_ticonfig_write },
1532 { .name = "IMAX", .cp = 15, .crn = 15, .crm = 2, .opc1 = 0, .opc2 = 0,
1534 .fieldoffset = offsetof(CPUARMState, cp15.c15_i_max), .resetvalue = 0, },
1535 { .name = "IMIN", .cp = 15, .crn = 15, .crm = 3, .opc1 = 0, .opc2 = 0,
1536 .access = PL1_RW, .resetvalue = 0xff0,
1537 .fieldoffset = offsetof(CPUARMState, cp15.c15_i_min) },
1538 { .name = "THREADID", .cp = 15, .crn = 15, .crm = 4, .opc1 = 0, .opc2 = 0,
1540 .fieldoffset = offsetof(CPUARMState, cp15.c15_threadid), .resetvalue = 0,
1541 .writefn = omap_threadid_write },
1542 { .name = "TI925T_STATUS", .cp = 15, .crn = 15,
1543 .crm = 8, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
1544 .type = ARM_CP_NO_MIGRATE,
1545 .readfn = arm_cp_read_zero, .writefn = omap_wfi_write, },
1546 /* TODO: Peripheral port remap register:
1547 * On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt controller
1548 * base address at $rn & ~0xfff and map size of 0x200 << ($rn & 0xfff),
1551 { .name = "OMAP_CACHEMAINT", .cp = 15, .crn = 7, .crm = CP_ANY,
1552 .opc1 = 0, .opc2 = CP_ANY, .access = PL1_W,
1553 .type = ARM_CP_OVERRIDE | ARM_CP_NO_MIGRATE,
1554 .writefn = omap_cachemaint_write },
1555 { .name = "C9", .cp = 15, .crn = 9,
1556 .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_RW,
1557 .type = ARM_CP_CONST | ARM_CP_OVERRIDE, .resetvalue = 0 },
1561 static void xscale_cpar_write(CPUARMState *env, const ARMCPRegInfo *ri,
1565 if (env->cp15.c15_cpar != value) {
1566 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
1568 env->cp15.c15_cpar = value;
1572 static const ARMCPRegInfo xscale_cp_reginfo[] = {
1573 { .name = "XSCALE_CPAR",
1574 .cp = 15, .crn = 15, .crm = 1, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
1575 .fieldoffset = offsetof(CPUARMState, cp15.c15_cpar), .resetvalue = 0,
1576 .writefn = xscale_cpar_write, },
1577 { .name = "XSCALE_AUXCR",
1578 .cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 1, .access = PL1_RW,
1579 .fieldoffset = offsetof(CPUARMState, cp15.c1_xscaleauxcr),
1581 /* XScale specific cache-lockdown: since we have no cache we NOP these
1582 * and hope the guest does not really rely on cache behaviour.
1584 { .name = "XSCALE_LOCK_ICACHE_LINE",
1585 .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 0,
1586 .access = PL1_W, .type = ARM_CP_NOP },
1587 { .name = "XSCALE_UNLOCK_ICACHE",
1588 .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 1,
1589 .access = PL1_W, .type = ARM_CP_NOP },
1590 { .name = "XSCALE_DCACHE_LOCK",
1591 .cp = 15, .opc1 = 0, .crn = 9, .crm = 2, .opc2 = 0,
1592 .access = PL1_RW, .type = ARM_CP_NOP },
1593 { .name = "XSCALE_UNLOCK_DCACHE",
1594 .cp = 15, .opc1 = 0, .crn = 9, .crm = 2, .opc2 = 1,
1595 .access = PL1_W, .type = ARM_CP_NOP },
1599 static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
1600 /* RAZ/WI the whole crn=15 space, when we don't have a more specific
1601 * implementation of this implementation-defined space.
1602 * Ideally this should eventually disappear in favour of actually
1603 * implementing the correct behaviour for all cores.
1605 { .name = "C15_IMPDEF", .cp = 15, .crn = 15,
1606 .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
1608 .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE | ARM_CP_OVERRIDE,
1613 static const ARMCPRegInfo cache_dirty_status_cp_reginfo[] = {
1614 /* Cache status: RAZ because we have no cache so it's always clean */
1615 { .name = "CDSR", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 6,
1616 .access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
1621 static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
1622 /* We never have a a block transfer operation in progress */
1623 { .name = "BXSR", .cp = 15, .crn = 7, .crm = 12, .opc1 = 0, .opc2 = 4,
1624 .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
1626 /* The cache ops themselves: these all NOP for QEMU */
1627 { .name = "IICR", .cp = 15, .crm = 5, .opc1 = 0,
1628 .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1629 { .name = "IDCR", .cp = 15, .crm = 6, .opc1 = 0,
1630 .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1631 { .name = "CDCR", .cp = 15, .crm = 12, .opc1 = 0,
1632 .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1633 { .name = "PIR", .cp = 15, .crm = 12, .opc1 = 1,
1634 .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1635 { .name = "PDR", .cp = 15, .crm = 12, .opc1 = 2,
1636 .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1637 { .name = "CIDCR", .cp = 15, .crm = 14, .opc1 = 0,
1638 .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
1642 static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
1643 /* The cache test-and-clean instructions always return (1 << 30)
1644 * to indicate that there are no dirty cache lines.
1646 { .name = "TC_DCACHE", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 3,
1647 .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
1648 .resetvalue = (1 << 30) },
1649 { .name = "TCI_DCACHE", .cp = 15, .crn = 7, .crm = 14, .opc1 = 0, .opc2 = 3,
1650 .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
1651 .resetvalue = (1 << 30) },
1655 static const ARMCPRegInfo strongarm_cp_reginfo[] = {
1656 /* Ignore ReadBuffer accesses */
1657 { .name = "C9_READBUFFER", .cp = 15, .crn = 9,
1658 .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
1659 .access = PL1_RW, .resetvalue = 0,
1660 .type = ARM_CP_CONST | ARM_CP_OVERRIDE | ARM_CP_NO_MIGRATE },
1664 static uint64_t mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1666 CPUState *cs = CPU(arm_env_get_cpu(env));
1667 uint32_t mpidr = cs->cpu_index;
1668 /* We don't support setting cluster ID ([8..11]) (known as Aff1
1669 * in later ARM ARM versions), or any of the higher affinity level fields,
1670 * so these bits always RAZ.
1672 if (arm_feature(env, ARM_FEATURE_V7MP)) {
1673 mpidr |= (1U << 31);
1674 /* Cores which are uniprocessor (non-coherent)
1675 * but still implement the MP extensions set
1676 * bit 30. (For instance, A9UP.) However we do
1677 * not currently model any of those cores.
1683 static const ARMCPRegInfo mpidr_cp_reginfo[] = {
1684 { .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
1685 .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
1686 .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_MIGRATE },
1690 static const ARMCPRegInfo lpae_cp_reginfo[] = {
1691 /* NOP AMAIR0/1: the override is because these clash with the rather
1692 * broadly specified TLB_LOCKDOWN entry in the generic cp_reginfo.
1694 { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
1695 .opc0 = 3, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 0,
1696 .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
1698 /* AMAIR1 is mapped to AMAIR_EL1[63:32] */
1699 { .name = "AMAIR1", .cp = 15, .crn = 10, .crm = 3, .opc1 = 0, .opc2 = 1,
1700 .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
1702 /* 64 bit access versions of the (dummy) debug registers */
1703 { .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
1704 .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
1705 { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
1706 .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
1707 { .name = "PAR", .cp = 15, .crm = 7, .opc1 = 0,
1708 .access = PL1_RW, .type = ARM_CP_64BIT,
1709 .fieldoffset = offsetof(CPUARMState, cp15.par_el1), .resetvalue = 0 },
1710 { .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
1711 .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
1712 .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
1713 .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
1714 { .name = "TTBR1", .cp = 15, .crm = 2, .opc1 = 1,
1715 .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
1716 .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
1717 .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
1721 static uint64_t aa64_fpcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1723 return vfp_get_fpcr(env);
1726 static void aa64_fpcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1729 vfp_set_fpcr(env, value);
1732 static uint64_t aa64_fpsr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1734 return vfp_get_fpsr(env);
1737 static void aa64_fpsr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1740 vfp_set_fpsr(env, value);
1743 static CPAccessResult aa64_daif_access(CPUARMState *env, const ARMCPRegInfo *ri)
1745 if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
1746 return CP_ACCESS_TRAP;
1748 return CP_ACCESS_OK;
1751 static void aa64_daif_write(CPUARMState *env, const ARMCPRegInfo *ri,
1754 env->daif = value & PSTATE_DAIF;
1757 static CPAccessResult aa64_cacheop_access(CPUARMState *env,
1758 const ARMCPRegInfo *ri)
1760 /* Cache invalidate/clean: NOP, but EL0 must UNDEF unless
1761 * SCTLR_EL1.UCI is set.
1763 if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCI)) {
1764 return CP_ACCESS_TRAP;
1766 return CP_ACCESS_OK;
1769 static void tlbi_aa64_va_write(CPUARMState *env, const ARMCPRegInfo *ri,
1772 /* Invalidate by VA (AArch64 version) */
1773 ARMCPU *cpu = arm_env_get_cpu(env);
1774 uint64_t pageaddr = value << 12;
1775 tlb_flush_page(CPU(cpu), pageaddr);
1778 static void tlbi_aa64_vaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
1781 /* Invalidate by VA, all ASIDs (AArch64 version) */
1782 ARMCPU *cpu = arm_env_get_cpu(env);
1783 uint64_t pageaddr = value << 12;
1784 tlb_flush_page(CPU(cpu), pageaddr);
1787 static void tlbi_aa64_asid_write(CPUARMState *env, const ARMCPRegInfo *ri,
1790 /* Invalidate by ASID (AArch64 version) */
1791 ARMCPU *cpu = arm_env_get_cpu(env);
1792 int asid = extract64(value, 48, 16);
1793 tlb_flush(CPU(cpu), asid == 0);
1796 static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri)
1798 /* We don't implement EL2, so the only control on DC ZVA is the
1799 * bit in the SCTLR which can prohibit access for EL0.
1801 if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_DZE)) {
1802 return CP_ACCESS_TRAP;
1804 return CP_ACCESS_OK;
1807 static uint64_t aa64_dczid_read(CPUARMState *env, const ARMCPRegInfo *ri)
1809 ARMCPU *cpu = arm_env_get_cpu(env);
1810 int dzp_bit = 1 << 4;
1812 /* DZP indicates whether DC ZVA access is allowed */
1813 if (aa64_zva_access(env, NULL) != CP_ACCESS_OK) {
1816 return cpu->dcz_blocksize | dzp_bit;
1819 static CPAccessResult sp_el0_access(CPUARMState *env, const ARMCPRegInfo *ri)
1821 if (!env->pstate & PSTATE_SP) {
1822 /* Access to SP_EL0 is undefined if it's being used as
1823 * the stack pointer.
1825 return CP_ACCESS_TRAP_UNCATEGORIZED;
1827 return CP_ACCESS_OK;
1830 static uint64_t spsel_read(CPUARMState *env, const ARMCPRegInfo *ri)
1832 return env->pstate & PSTATE_SP;
1835 static void spsel_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t val)
1837 update_spsel(env, val);
1840 static const ARMCPRegInfo v8_cp_reginfo[] = {
1841 /* Minimal set of EL0-visible registers. This will need to be expanded
1842 * significantly for system emulation of AArch64 CPUs.
1844 { .name = "NZCV", .state = ARM_CP_STATE_AA64,
1845 .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 2,
1846 .access = PL0_RW, .type = ARM_CP_NZCV },
1847 { .name = "DAIF", .state = ARM_CP_STATE_AA64,
1848 .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 2,
1849 .type = ARM_CP_NO_MIGRATE,
1850 .access = PL0_RW, .accessfn = aa64_daif_access,
1851 .fieldoffset = offsetof(CPUARMState, daif),
1852 .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
1853 { .name = "FPCR", .state = ARM_CP_STATE_AA64,
1854 .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
1855 .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
1856 { .name = "FPSR", .state = ARM_CP_STATE_AA64,
1857 .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
1858 .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
1859 { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
1860 .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
1861 .access = PL0_R, .type = ARM_CP_NO_MIGRATE,
1862 .readfn = aa64_dczid_read },
1863 { .name = "DC_ZVA", .state = ARM_CP_STATE_AA64,
1864 .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 4, .opc2 = 1,
1865 .access = PL0_W, .type = ARM_CP_DC_ZVA,
1866 #ifndef CONFIG_USER_ONLY
1867 /* Avoid overhead of an access check that always passes in user-mode */
1868 .accessfn = aa64_zva_access,
1871 { .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,
1872 .opc0 = 3, .opc1 = 0, .opc2 = 2, .crn = 4, .crm = 2,
1873 .access = PL1_R, .type = ARM_CP_CURRENTEL },
1874 /* Cache ops: all NOPs since we don't emulate caches */
1875 { .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
1876 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
1877 .access = PL1_W, .type = ARM_CP_NOP },
1878 { .name = "IC_IALLU", .state = ARM_CP_STATE_AA64,
1879 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
1880 .access = PL1_W, .type = ARM_CP_NOP },
1881 { .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
1882 .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
1883 .access = PL0_W, .type = ARM_CP_NOP,
1884 .accessfn = aa64_cacheop_access },
1885 { .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
1886 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
1887 .access = PL1_W, .type = ARM_CP_NOP },
1888 { .name = "DC_ISW", .state = ARM_CP_STATE_AA64,
1889 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 2,
1890 .access = PL1_W, .type = ARM_CP_NOP },
1891 { .name = "DC_CVAC", .state = ARM_CP_STATE_AA64,
1892 .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 1,
1893 .access = PL0_W, .type = ARM_CP_NOP,
1894 .accessfn = aa64_cacheop_access },
1895 { .name = "DC_CSW", .state = ARM_CP_STATE_AA64,
1896 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
1897 .access = PL1_W, .type = ARM_CP_NOP },
1898 { .name = "DC_CVAU", .state = ARM_CP_STATE_AA64,
1899 .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 11, .opc2 = 1,
1900 .access = PL0_W, .type = ARM_CP_NOP,
1901 .accessfn = aa64_cacheop_access },
1902 { .name = "DC_CIVAC", .state = ARM_CP_STATE_AA64,
1903 .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 1,
1904 .access = PL0_W, .type = ARM_CP_NOP,
1905 .accessfn = aa64_cacheop_access },
1906 { .name = "DC_CISW", .state = ARM_CP_STATE_AA64,
1907 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
1908 .access = PL1_W, .type = ARM_CP_NOP },
1909 /* TLBI operations */
1910 { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
1911 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
1912 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1913 .writefn = tlbiall_write },
1914 { .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
1915 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
1916 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1917 .writefn = tlbi_aa64_va_write },
1918 { .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
1919 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
1920 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1921 .writefn = tlbi_aa64_asid_write },
1922 { .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
1923 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
1924 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1925 .writefn = tlbi_aa64_vaa_write },
1926 { .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
1927 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
1928 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1929 .writefn = tlbi_aa64_va_write },
1930 { .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
1931 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
1932 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1933 .writefn = tlbi_aa64_vaa_write },
1934 { .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
1935 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
1936 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1937 .writefn = tlbiall_write },
1938 { .name = "TLBI_VAE1", .state = ARM_CP_STATE_AA64,
1939 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 1,
1940 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1941 .writefn = tlbi_aa64_va_write },
1942 { .name = "TLBI_ASIDE1", .state = ARM_CP_STATE_AA64,
1943 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 2,
1944 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1945 .writefn = tlbi_aa64_asid_write },
1946 { .name = "TLBI_VAAE1", .state = ARM_CP_STATE_AA64,
1947 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 3,
1948 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1949 .writefn = tlbi_aa64_vaa_write },
1950 { .name = "TLBI_VALE1", .state = ARM_CP_STATE_AA64,
1951 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
1952 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1953 .writefn = tlbi_aa64_va_write },
1954 { .name = "TLBI_VAALE1", .state = ARM_CP_STATE_AA64,
1955 .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 7,
1956 .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
1957 .writefn = tlbi_aa64_vaa_write },
1958 #ifndef CONFIG_USER_ONLY
1959 /* 64 bit address translation operations */
1960 { .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
1961 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0,
1962 .access = PL1_W, .type = ARM_CP_NO_MIGRATE, .writefn = ats_write },
1963 { .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
1964 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1,
1965 .access = PL1_W, .type = ARM_CP_NO_MIGRATE, .writefn = ats_write },
1966 { .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64,
1967 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2,
1968 .access = PL1_W, .type = ARM_CP_NO_MIGRATE, .writefn = ats_write },
1969 { .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64,
1970 .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
1971 .access = PL1_W, .type = ARM_CP_NO_MIGRATE, .writefn = ats_write },
1973 /* 32 bit TLB invalidates, Inner Shareable */
1974 { .name = "TLBIALLIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
1975 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_write },
1976 { .name = "TLBIMVAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
1977 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
1978 { .name = "TLBIASIDIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
1979 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiasid_write },
1980 { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
1981 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
1982 { .name = "TLBIMVALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
1983 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
1984 { .name = "TLBIMVAALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
1985 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
1986 /* 32 bit ITLB invalidates */
1987 { .name = "ITLBIALL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 0,
1988 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_write },
1989 { .name = "ITLBIMVA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 1,
1990 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
1991 { .name = "ITLBIASID", .cp = 15, .opc1 = 0, .crn = 8, .crm = 5, .opc2 = 2,
1992 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiasid_write },
1993 /* 32 bit DTLB invalidates */
1994 { .name = "DTLBIALL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 0,
1995 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_write },
1996 { .name = "DTLBIMVA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 1,
1997 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
1998 { .name = "DTLBIASID", .cp = 15, .opc1 = 0, .crn = 8, .crm = 6, .opc2 = 2,
1999 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiasid_write },
2000 /* 32 bit TLB invalidates */
2001 { .name = "TLBIALL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
2002 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_write },
2003 { .name = "TLBIMVA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 1,
2004 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
2005 { .name = "TLBIASID", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 2,
2006 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiasid_write },
2007 { .name = "TLBIMVAA", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 3,
2008 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
2009 { .name = "TLBIMVAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
2010 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
2011 { .name = "TLBIMVAAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 7,
2012 .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
2013 /* 32 bit cache operations */
2014 { .name = "ICIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
2015 .type = ARM_CP_NOP, .access = PL1_W },
2016 { .name = "BPIALLUIS", .cp = 15, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 6,
2017 .type = ARM_CP_NOP, .access = PL1_W },
2018 { .name = "ICIALLU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 0,
2019 .type = ARM_CP_NOP, .access = PL1_W },
2020 { .name = "ICIMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 1,
2021 .type = ARM_CP_NOP, .access = PL1_W },
2022 { .name = "BPIALL", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 6,
2023 .type = ARM_CP_NOP, .access = PL1_W },
2024 { .name = "BPIMVA", .cp = 15, .opc1 = 0, .crn = 7, .crm = 5, .opc2 = 7,
2025 .type = ARM_CP_NOP, .access = PL1_W },
2026 { .name = "DCIMVAC", .cp = 15, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
2027 .type = ARM_CP_NOP, .access = PL1_W },
2028 { .name = "DCISW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 2,
2029 .type = ARM_CP_NOP, .access = PL1_W },
2030 { .name = "DCCMVAC", .cp = 15, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 1,
2031 .type = ARM_CP_NOP, .access = PL1_W },
2032 { .name = "DCCSW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 2,
2033 .type = ARM_CP_NOP, .access = PL1_W },
2034 { .name = "DCCMVAU", .cp = 15, .opc1 = 0, .crn = 7, .crm = 11, .opc2 = 1,
2035 .type = ARM_CP_NOP, .access = PL1_W },
2036 { .name = "DCCIMVAC", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 1,
2037 .type = ARM_CP_NOP, .access = PL1_W },
2038 { .name = "DCCISW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
2039 .type = ARM_CP_NOP, .access = PL1_W },
2040 /* MMU Domain access control / MPU write buffer control */
2041 { .name = "DACR", .cp = 15,
2042 .opc1 = 0, .crn = 3, .crm = 0, .opc2 = 0,
2043 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
2044 .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
2045 /* Dummy implementation of monitor debug system control register:
2046 * we don't support debug.
2048 { .name = "MDSCR_EL1", .state = ARM_CP_STATE_AA64,
2049 .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
2050 .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
2051 /* We define a dummy WI OSLAR_EL1, because Linux writes to it. */
2052 { .name = "OSLAR_EL1", .state = ARM_CP_STATE_AA64,
2053 .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
2054 .access = PL1_W, .type = ARM_CP_NOP },
2055 { .name = "ELR_EL1", .state = ARM_CP_STATE_AA64,
2056 .type = ARM_CP_NO_MIGRATE,
2057 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 1,
2058 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, elr_el1) },
2059 { .name = "SPSR_EL1", .state = ARM_CP_STATE_AA64,
2060 .type = ARM_CP_NO_MIGRATE,
2061 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 0,
2062 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, banked_spsr[0]) },
2063 /* We rely on the access checks not allowing the guest to write to the
2064 * state field when SPSel indicates that it's being used as the stack
2067 { .name = "SP_EL0", .state = ARM_CP_STATE_AA64,
2068 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 1, .opc2 = 0,
2069 .access = PL1_RW, .accessfn = sp_el0_access,
2070 .type = ARM_CP_NO_MIGRATE,
2071 .fieldoffset = offsetof(CPUARMState, sp_el[0]) },
2072 { .name = "SPSel", .state = ARM_CP_STATE_AA64,
2073 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 2, .opc2 = 0,
2074 .type = ARM_CP_NO_MIGRATE,
2075 .access = PL1_RW, .readfn = spsel_read, .writefn = spsel_write },
2079 static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
2082 ARMCPU *cpu = arm_env_get_cpu(env);
2084 env->cp15.c1_sys = value;
2085 /* ??? Lots of these bits are not implemented. */
2086 /* This may enable/disable the MMU, so do a TLB flush. */
2087 tlb_flush(CPU(cpu), 1);
2090 static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri)
2092 /* Only accessible in EL0 if SCTLR.UCT is set (and only in AArch64,
2093 * but the AArch32 CTR has its own reginfo struct)
2095 if (arm_current_pl(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCT)) {
2096 return CP_ACCESS_TRAP;
2098 return CP_ACCESS_OK;
2101 static void define_aarch64_debug_regs(ARMCPU *cpu)
2103 /* Define breakpoint and watchpoint registers. These do nothing
2104 * but read as written, for now.
2108 for (i = 0; i < 16; i++) {
2109 ARMCPRegInfo dbgregs[] = {
2110 { .name = "DBGBVR", .state = ARM_CP_STATE_AA64,
2111 .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
2113 .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]) },
2114 { .name = "DBGBCR", .state = ARM_CP_STATE_AA64,
2115 .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
2117 .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]) },
2118 { .name = "DBGWVR", .state = ARM_CP_STATE_AA64,
2119 .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
2121 .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]) },
2122 { .name = "DBGWCR", .state = ARM_CP_STATE_AA64,
2123 .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
2125 .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]) },
2128 define_arm_cp_regs(cpu, dbgregs);
2132 void register_cp_regs_for_features(ARMCPU *cpu)
2134 /* Register all the coprocessor registers based on feature bits */
2135 CPUARMState *env = &cpu->env;
2136 if (arm_feature(env, ARM_FEATURE_M)) {
2137 /* M profile has no coprocessor registers */
2141 define_arm_cp_regs(cpu, cp_reginfo);
2142 if (!arm_feature(env, ARM_FEATURE_V8)) {
2143 /* Must go early as it is full of wildcards that may be
2144 * overridden by later definitions.
2146 define_arm_cp_regs(cpu, not_v8_cp_reginfo);
2149 if (arm_feature(env, ARM_FEATURE_V6)) {
2150 /* The ID registers all have impdef reset values */
2151 ARMCPRegInfo v6_idregs[] = {
2152 { .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
2153 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
2154 .access = PL1_R, .type = ARM_CP_CONST,
2155 .resetvalue = cpu->id_pfr0 },
2156 { .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
2157 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
2158 .access = PL1_R, .type = ARM_CP_CONST,
2159 .resetvalue = cpu->id_pfr1 },
2160 { .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
2161 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
2162 .access = PL1_R, .type = ARM_CP_CONST,
2163 .resetvalue = cpu->id_dfr0 },
2164 { .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
2165 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
2166 .access = PL1_R, .type = ARM_CP_CONST,
2167 .resetvalue = cpu->id_afr0 },
2168 { .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
2169 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
2170 .access = PL1_R, .type = ARM_CP_CONST,
2171 .resetvalue = cpu->id_mmfr0 },
2172 { .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
2173 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
2174 .access = PL1_R, .type = ARM_CP_CONST,
2175 .resetvalue = cpu->id_mmfr1 },
2176 { .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
2177 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
2178 .access = PL1_R, .type = ARM_CP_CONST,
2179 .resetvalue = cpu->id_mmfr2 },
2180 { .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
2181 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
2182 .access = PL1_R, .type = ARM_CP_CONST,
2183 .resetvalue = cpu->id_mmfr3 },
2184 { .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
2185 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
2186 .access = PL1_R, .type = ARM_CP_CONST,
2187 .resetvalue = cpu->id_isar0 },
2188 { .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
2189 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
2190 .access = PL1_R, .type = ARM_CP_CONST,
2191 .resetvalue = cpu->id_isar1 },
2192 { .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
2193 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
2194 .access = PL1_R, .type = ARM_CP_CONST,
2195 .resetvalue = cpu->id_isar2 },
2196 { .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
2197 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
2198 .access = PL1_R, .type = ARM_CP_CONST,
2199 .resetvalue = cpu->id_isar3 },
2200 { .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
2201 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
2202 .access = PL1_R, .type = ARM_CP_CONST,
2203 .resetvalue = cpu->id_isar4 },
2204 { .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
2205 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
2206 .access = PL1_R, .type = ARM_CP_CONST,
2207 .resetvalue = cpu->id_isar5 },
2208 /* 6..7 are as yet unallocated and must RAZ */
2209 { .name = "ID_ISAR6", .cp = 15, .crn = 0, .crm = 2,
2210 .opc1 = 0, .opc2 = 6, .access = PL1_R, .type = ARM_CP_CONST,
2212 { .name = "ID_ISAR7", .cp = 15, .crn = 0, .crm = 2,
2213 .opc1 = 0, .opc2 = 7, .access = PL1_R, .type = ARM_CP_CONST,
2217 define_arm_cp_regs(cpu, v6_idregs);
2218 define_arm_cp_regs(cpu, v6_cp_reginfo);
2220 define_arm_cp_regs(cpu, not_v6_cp_reginfo);
2222 if (arm_feature(env, ARM_FEATURE_V6K)) {
2223 define_arm_cp_regs(cpu, v6k_cp_reginfo);
2225 if (arm_feature(env, ARM_FEATURE_V7)) {
2226 /* v7 performance monitor control register: same implementor
2227 * field as main ID register, and we implement only the cycle
2230 #ifndef CONFIG_USER_ONLY
2231 ARMCPRegInfo pmcr = {
2232 .name = "PMCR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 0,
2233 .access = PL0_RW, .resetvalue = cpu->midr & 0xff000000,
2235 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr),
2236 .accessfn = pmreg_access, .writefn = pmcr_write,
2237 .raw_writefn = raw_write,
2239 define_one_arm_cp_reg(cpu, &pmcr);
2241 ARMCPRegInfo clidr = {
2242 .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
2243 .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
2244 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->clidr
2246 define_one_arm_cp_reg(cpu, &clidr);
2247 define_arm_cp_regs(cpu, v7_cp_reginfo);
2249 define_arm_cp_regs(cpu, not_v7_cp_reginfo);
2251 if (arm_feature(env, ARM_FEATURE_V8)) {
2252 /* AArch64 ID registers, which all have impdef reset values */
2253 ARMCPRegInfo v8_idregs[] = {
2254 { .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
2255 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
2256 .access = PL1_R, .type = ARM_CP_CONST,
2257 .resetvalue = cpu->id_aa64pfr0 },
2258 { .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
2259 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
2260 .access = PL1_R, .type = ARM_CP_CONST,
2261 .resetvalue = cpu->id_aa64pfr1},
2262 { .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
2263 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
2264 .access = PL1_R, .type = ARM_CP_CONST,
2265 /* We mask out the PMUVer field, beacuse we don't currently
2266 * implement the PMU. Not advertising it prevents the guest
2267 * from trying to use it and getting UNDEFs on registers we
2270 .resetvalue = cpu->id_aa64dfr0 & ~0xf00 },
2271 { .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
2272 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
2273 .access = PL1_R, .type = ARM_CP_CONST,
2274 .resetvalue = cpu->id_aa64dfr1 },
2275 { .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
2276 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
2277 .access = PL1_R, .type = ARM_CP_CONST,
2278 .resetvalue = cpu->id_aa64afr0 },
2279 { .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
2280 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
2281 .access = PL1_R, .type = ARM_CP_CONST,
2282 .resetvalue = cpu->id_aa64afr1 },
2283 { .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
2284 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
2285 .access = PL1_R, .type = ARM_CP_CONST,
2286 .resetvalue = cpu->id_aa64isar0 },
2287 { .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
2288 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
2289 .access = PL1_R, .type = ARM_CP_CONST,
2290 .resetvalue = cpu->id_aa64isar1 },
2291 { .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
2292 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
2293 .access = PL1_R, .type = ARM_CP_CONST,
2294 .resetvalue = cpu->id_aa64mmfr0 },
2295 { .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
2296 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
2297 .access = PL1_R, .type = ARM_CP_CONST,
2298 .resetvalue = cpu->id_aa64mmfr1 },
2299 { .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
2300 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
2301 .access = PL1_R, .type = ARM_CP_CONST,
2302 .resetvalue = cpu->mvfr0 },
2303 { .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
2304 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
2305 .access = PL1_R, .type = ARM_CP_CONST,
2306 .resetvalue = cpu->mvfr1 },
2307 { .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
2308 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
2309 .access = PL1_R, .type = ARM_CP_CONST,
2310 .resetvalue = cpu->mvfr2 },
2313 ARMCPRegInfo rvbar = {
2314 .name = "RVBAR_EL1", .state = ARM_CP_STATE_AA64,
2315 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 2,
2316 .type = ARM_CP_CONST, .access = PL1_R, .resetvalue = cpu->rvbar
2318 define_one_arm_cp_reg(cpu, &rvbar);
2319 define_arm_cp_regs(cpu, v8_idregs);
2320 define_arm_cp_regs(cpu, v8_cp_reginfo);
2321 define_aarch64_debug_regs(cpu);
2323 if (arm_feature(env, ARM_FEATURE_MPU)) {
2324 /* These are the MPU registers prior to PMSAv6. Any new
2325 * PMSA core later than the ARM946 will require that we
2326 * implement the PMSAv6 or PMSAv7 registers, which are
2327 * completely different.
2329 assert(!arm_feature(env, ARM_FEATURE_V6));
2330 define_arm_cp_regs(cpu, pmsav5_cp_reginfo);
2332 define_arm_cp_regs(cpu, vmsa_cp_reginfo);
2334 if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
2335 define_arm_cp_regs(cpu, t2ee_cp_reginfo);
2337 if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
2338 define_arm_cp_regs(cpu, generic_timer_cp_reginfo);
2340 if (arm_feature(env, ARM_FEATURE_VAPA)) {
2341 define_arm_cp_regs(cpu, vapa_cp_reginfo);
2343 if (arm_feature(env, ARM_FEATURE_CACHE_TEST_CLEAN)) {
2344 define_arm_cp_regs(cpu, cache_test_clean_cp_reginfo);
2346 if (arm_feature(env, ARM_FEATURE_CACHE_DIRTY_REG)) {
2347 define_arm_cp_regs(cpu, cache_dirty_status_cp_reginfo);
2349 if (arm_feature(env, ARM_FEATURE_CACHE_BLOCK_OPS)) {
2350 define_arm_cp_regs(cpu, cache_block_ops_cp_reginfo);
2352 if (arm_feature(env, ARM_FEATURE_OMAPCP)) {
2353 define_arm_cp_regs(cpu, omap_cp_reginfo);
2355 if (arm_feature(env, ARM_FEATURE_STRONGARM)) {
2356 define_arm_cp_regs(cpu, strongarm_cp_reginfo);
2358 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2359 define_arm_cp_regs(cpu, xscale_cp_reginfo);
2361 if (arm_feature(env, ARM_FEATURE_DUMMY_C15_REGS)) {
2362 define_arm_cp_regs(cpu, dummy_c15_cp_reginfo);
2364 if (arm_feature(env, ARM_FEATURE_LPAE)) {
2365 define_arm_cp_regs(cpu, lpae_cp_reginfo);
2367 /* Slightly awkwardly, the OMAP and StrongARM cores need all of
2368 * cp15 crn=0 to be writes-ignored, whereas for other cores they should
2369 * be read-only (ie write causes UNDEF exception).
2372 ARMCPRegInfo id_pre_v8_midr_cp_reginfo[] = {
2373 /* Pre-v8 MIDR space.
2374 * Note that the MIDR isn't a simple constant register because
2375 * of the TI925 behaviour where writes to another register can
2376 * cause the MIDR value to change.
2378 * Unimplemented registers in the c15 0 0 0 space default to
2379 * MIDR. Define MIDR first as this entire space, then CTR, TCMTR
2380 * and friends override accordingly.
2383 .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = CP_ANY,
2384 .access = PL1_R, .resetvalue = cpu->midr,
2385 .writefn = arm_cp_write_ignore, .raw_writefn = raw_write,
2386 .fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid),
2387 .type = ARM_CP_OVERRIDE },
2388 /* crn = 0 op1 = 0 crm = 3..7 : currently unassigned; we RAZ. */
2390 .cp = 15, .crn = 0, .crm = 3, .opc1 = 0, .opc2 = CP_ANY,
2391 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2393 .cp = 15, .crn = 0, .crm = 4, .opc1 = 0, .opc2 = CP_ANY,
2394 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2396 .cp = 15, .crn = 0, .crm = 5, .opc1 = 0, .opc2 = CP_ANY,
2397 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2399 .cp = 15, .crn = 0, .crm = 6, .opc1 = 0, .opc2 = CP_ANY,
2400 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2402 .cp = 15, .crn = 0, .crm = 7, .opc1 = 0, .opc2 = CP_ANY,
2403 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2406 ARMCPRegInfo id_v8_midr_cp_reginfo[] = {
2407 /* v8 MIDR -- the wildcard isn't necessary, and nor is the
2408 * variable-MIDR TI925 behaviour. Instead we have a single
2409 * (strictly speaking IMPDEF) alias of the MIDR, REVIDR.
2411 { .name = "MIDR_EL1", .state = ARM_CP_STATE_BOTH,
2412 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 0,
2413 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->midr },
2414 { .name = "REVIDR_EL1", .state = ARM_CP_STATE_BOTH,
2415 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 6,
2416 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->midr },
2419 ARMCPRegInfo id_cp_reginfo[] = {
2420 /* These are common to v8 and pre-v8 */
2422 .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
2423 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
2424 { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
2425 .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
2426 .access = PL0_R, .accessfn = ctr_el0_access,
2427 .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
2428 /* TCMTR and TLBTR exist in v8 but have no 64-bit versions */
2430 .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
2431 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2433 .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 3,
2434 .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
2437 ARMCPRegInfo crn0_wi_reginfo = {
2438 .name = "CRN0_WI", .cp = 15, .crn = 0, .crm = CP_ANY,
2439 .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
2440 .type = ARM_CP_NOP | ARM_CP_OVERRIDE
2442 if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
2443 arm_feature(env, ARM_FEATURE_STRONGARM)) {
2445 /* Register the blanket "writes ignored" value first to cover the
2446 * whole space. Then update the specific ID registers to allow write
2447 * access, so that they ignore writes rather than causing them to
2450 define_one_arm_cp_reg(cpu, &crn0_wi_reginfo);
2451 for (r = id_pre_v8_midr_cp_reginfo;
2452 r->type != ARM_CP_SENTINEL; r++) {
2455 for (r = id_cp_reginfo; r->type != ARM_CP_SENTINEL; r++) {
2459 if (arm_feature(env, ARM_FEATURE_V8)) {
2460 define_arm_cp_regs(cpu, id_v8_midr_cp_reginfo);
2462 define_arm_cp_regs(cpu, id_pre_v8_midr_cp_reginfo);
2464 define_arm_cp_regs(cpu, id_cp_reginfo);
2467 if (arm_feature(env, ARM_FEATURE_MPIDR)) {
2468 define_arm_cp_regs(cpu, mpidr_cp_reginfo);
2471 if (arm_feature(env, ARM_FEATURE_AUXCR)) {
2472 ARMCPRegInfo auxcr = {
2473 .name = "ACTLR_EL1", .state = ARM_CP_STATE_BOTH,
2474 .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 1,
2475 .access = PL1_RW, .type = ARM_CP_CONST,
2476 .resetvalue = cpu->reset_auxcr
2478 define_one_arm_cp_reg(cpu, &auxcr);
2481 if (arm_feature(env, ARM_FEATURE_CBAR)) {
2482 if (arm_feature(env, ARM_FEATURE_AARCH64)) {
2483 /* 32 bit view is [31:18] 0...0 [43:32]. */
2484 uint32_t cbar32 = (extract64(cpu->reset_cbar, 18, 14) << 18)
2485 | extract64(cpu->reset_cbar, 32, 12);
2486 ARMCPRegInfo cbar_reginfo[] = {
2488 .type = ARM_CP_CONST,
2489 .cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 0,
2490 .access = PL1_R, .resetvalue = cpu->reset_cbar },
2491 { .name = "CBAR_EL1", .state = ARM_CP_STATE_AA64,
2492 .type = ARM_CP_CONST,
2493 .opc0 = 3, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 0,
2494 .access = PL1_R, .resetvalue = cbar32 },
2497 /* We don't implement a r/w 64 bit CBAR currently */
2498 assert(arm_feature(env, ARM_FEATURE_CBAR_RO));
2499 define_arm_cp_regs(cpu, cbar_reginfo);
2501 ARMCPRegInfo cbar = {
2503 .cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 0,
2504 .access = PL1_R|PL3_W, .resetvalue = cpu->reset_cbar,
2505 .fieldoffset = offsetof(CPUARMState,
2506 cp15.c15_config_base_address)
2508 if (arm_feature(env, ARM_FEATURE_CBAR_RO)) {
2509 cbar.access = PL1_R;
2510 cbar.fieldoffset = 0;
2511 cbar.type = ARM_CP_CONST;
2513 define_one_arm_cp_reg(cpu, &cbar);
2517 /* Generic registers whose values depend on the implementation */
2519 ARMCPRegInfo sctlr = {
2520 .name = "SCTLR", .state = ARM_CP_STATE_BOTH,
2521 .opc0 = 3, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
2522 .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c1_sys),
2523 .writefn = sctlr_write, .resetvalue = cpu->reset_sctlr,
2524 .raw_writefn = raw_write,
2526 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
2527 /* Normally we would always end the TB on an SCTLR write, but Linux
2528 * arch/arm/mach-pxa/sleep.S expects two instructions following
2529 * an MMU enable to execute from cache. Imitate this behaviour.
2531 sctlr.type |= ARM_CP_SUPPRESS_TB_END;
2533 define_one_arm_cp_reg(cpu, &sctlr);
2537 ARMCPU *cpu_arm_init(const char *cpu_model)
2539 return ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, cpu_model));
2542 void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
2544 CPUState *cs = CPU(cpu);
2545 CPUARMState *env = &cpu->env;
2547 if (arm_feature(env, ARM_FEATURE_AARCH64)) {
2548 gdb_register_coprocessor(cs, aarch64_fpu_gdb_get_reg,
2549 aarch64_fpu_gdb_set_reg,
2550 34, "aarch64-fpu.xml", 0);
2551 } else if (arm_feature(env, ARM_FEATURE_NEON)) {
2552 gdb_register_coprocessor(cs, vfp_gdb_get_reg, vfp_gdb_set_reg,
2553 51, "arm-neon.xml", 0);
2554 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
2555 gdb_register_coprocessor(cs, vfp_gdb_get_reg, vfp_gdb_set_reg,
2556 35, "arm-vfp3.xml", 0);
2557 } else if (arm_feature(env, ARM_FEATURE_VFP)) {
2558 gdb_register_coprocessor(cs, vfp_gdb_get_reg, vfp_gdb_set_reg,
2559 19, "arm-vfp.xml", 0);
2563 /* Sort alphabetically by type name, except for "any". */
2564 static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
2566 ObjectClass *class_a = (ObjectClass *)a;
2567 ObjectClass *class_b = (ObjectClass *)b;
2568 const char *name_a, *name_b;
2570 name_a = object_class_get_name(class_a);
2571 name_b = object_class_get_name(class_b);
2572 if (strcmp(name_a, "any-" TYPE_ARM_CPU) == 0) {
2574 } else if (strcmp(name_b, "any-" TYPE_ARM_CPU) == 0) {
2577 return strcmp(name_a, name_b);
2581 static void arm_cpu_list_entry(gpointer data, gpointer user_data)
2583 ObjectClass *oc = data;
2584 CPUListState *s = user_data;
2585 const char *typename;
2588 typename = object_class_get_name(oc);
2589 name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_ARM_CPU));
2590 (*s->cpu_fprintf)(s->file, " %s\n",
2595 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf)
2599 .cpu_fprintf = cpu_fprintf,
2603 list = object_class_get_list(TYPE_ARM_CPU, false);
2604 list = g_slist_sort(list, arm_cpu_list_compare);
2605 (*cpu_fprintf)(f, "Available CPUs:\n");
2606 g_slist_foreach(list, arm_cpu_list_entry, &s);
2609 /* The 'host' CPU type is dynamically registered only if KVM is
2610 * enabled, so we have to special-case it here:
2612 (*cpu_fprintf)(f, " host (only available in KVM mode)\n");
2616 static void arm_cpu_add_definition(gpointer data, gpointer user_data)
2618 ObjectClass *oc = data;
2619 CpuDefinitionInfoList **cpu_list = user_data;
2620 CpuDefinitionInfoList *entry;
2621 CpuDefinitionInfo *info;
2622 const char *typename;
2624 typename = object_class_get_name(oc);
2625 info = g_malloc0(sizeof(*info));
2626 info->name = g_strndup(typename,
2627 strlen(typename) - strlen("-" TYPE_ARM_CPU));
2629 entry = g_malloc0(sizeof(*entry));
2630 entry->value = info;
2631 entry->next = *cpu_list;
2635 CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
2637 CpuDefinitionInfoList *cpu_list = NULL;
2640 list = object_class_get_list(TYPE_ARM_CPU, false);
2641 g_slist_foreach(list, arm_cpu_add_definition, &cpu_list);
2647 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
2648 void *opaque, int state,
2649 int crm, int opc1, int opc2)
2651 /* Private utility function for define_one_arm_cp_reg_with_opaque():
2652 * add a single reginfo struct to the hash table.
2654 uint32_t *key = g_new(uint32_t, 1);
2655 ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
2656 int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
2657 if (r->state == ARM_CP_STATE_BOTH && state == ARM_CP_STATE_AA32) {
2658 /* The AArch32 view of a shared register sees the lower 32 bits
2659 * of a 64 bit backing field. It is not migratable as the AArch64
2660 * view handles that. AArch64 also handles reset.
2661 * We assume it is a cp15 register.
2664 r2->type |= ARM_CP_NO_MIGRATE;
2665 r2->resetfn = arm_cp_reset_ignore;
2666 #ifdef HOST_WORDS_BIGENDIAN
2667 if (r2->fieldoffset) {
2668 r2->fieldoffset += sizeof(uint32_t);
2672 if (state == ARM_CP_STATE_AA64) {
2673 /* To allow abbreviation of ARMCPRegInfo
2674 * definitions, we treat cp == 0 as equivalent to
2675 * the value for "standard guest-visible sysreg".
2678 r2->cp = CP_REG_ARM64_SYSREG_CP;
2680 *key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
2681 r2->opc0, opc1, opc2);
2683 *key = ENCODE_CP_REG(r2->cp, is64, r2->crn, crm, opc1, opc2);
2686 r2->opaque = opaque;
2688 /* reginfo passed to helpers is correct for the actual access,
2689 * and is never ARM_CP_STATE_BOTH:
2692 /* Make sure reginfo passed to helpers for wildcarded regs
2693 * has the correct crm/opc1/opc2 for this reg, not CP_ANY:
2698 /* By convention, for wildcarded registers only the first
2699 * entry is used for migration; the others are marked as
2700 * NO_MIGRATE so we don't try to transfer the register
2701 * multiple times. Special registers (ie NOP/WFI) are
2704 if ((r->type & ARM_CP_SPECIAL) ||
2705 ((r->crm == CP_ANY) && crm != 0) ||
2706 ((r->opc1 == CP_ANY) && opc1 != 0) ||
2707 ((r->opc2 == CP_ANY) && opc2 != 0)) {
2708 r2->type |= ARM_CP_NO_MIGRATE;
2711 /* Overriding of an existing definition must be explicitly
2714 if (!(r->type & ARM_CP_OVERRIDE)) {
2715 ARMCPRegInfo *oldreg;
2716 oldreg = g_hash_table_lookup(cpu->cp_regs, key);
2717 if (oldreg && !(oldreg->type & ARM_CP_OVERRIDE)) {
2718 fprintf(stderr, "Register redefined: cp=%d %d bit "
2719 "crn=%d crm=%d opc1=%d opc2=%d, "
2720 "was %s, now %s\n", r2->cp, 32 + 32 * is64,
2721 r2->crn, r2->crm, r2->opc1, r2->opc2,
2722 oldreg->name, r2->name);
2723 g_assert_not_reached();
2726 g_hash_table_insert(cpu->cp_regs, key, r2);
2730 void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
2731 const ARMCPRegInfo *r, void *opaque)
2733 /* Define implementations of coprocessor registers.
2734 * We store these in a hashtable because typically
2735 * there are less than 150 registers in a space which
2736 * is 16*16*16*8*8 = 262144 in size.
2737 * Wildcarding is supported for the crm, opc1 and opc2 fields.
2738 * If a register is defined twice then the second definition is
2739 * used, so this can be used to define some generic registers and
2740 * then override them with implementation specific variations.
2741 * At least one of the original and the second definition should
2742 * include ARM_CP_OVERRIDE in its type bits -- this is just a guard
2743 * against accidental use.
2745 * The state field defines whether the register is to be
2746 * visible in the AArch32 or AArch64 execution state. If the
2747 * state is set to ARM_CP_STATE_BOTH then we synthesise a
2748 * reginfo structure for the AArch32 view, which sees the lower
2749 * 32 bits of the 64 bit register.
2751 * Only registers visible in AArch64 may set r->opc0; opc0 cannot
2752 * be wildcarded. AArch64 registers are always considered to be 64
2753 * bits; the ARM_CP_64BIT* flag applies only to the AArch32 view of
2754 * the register, if any.
2756 int crm, opc1, opc2, state;
2757 int crmmin = (r->crm == CP_ANY) ? 0 : r->crm;
2758 int crmmax = (r->crm == CP_ANY) ? 15 : r->crm;
2759 int opc1min = (r->opc1 == CP_ANY) ? 0 : r->opc1;
2760 int opc1max = (r->opc1 == CP_ANY) ? 7 : r->opc1;
2761 int opc2min = (r->opc2 == CP_ANY) ? 0 : r->opc2;
2762 int opc2max = (r->opc2 == CP_ANY) ? 7 : r->opc2;
2763 /* 64 bit registers have only CRm and Opc1 fields */
2764 assert(!((r->type & ARM_CP_64BIT) && (r->opc2 || r->crn)));
2765 /* op0 only exists in the AArch64 encodings */
2766 assert((r->state != ARM_CP_STATE_AA32) || (r->opc0 == 0));
2767 /* AArch64 regs are all 64 bit so ARM_CP_64BIT is meaningless */
2768 assert((r->state != ARM_CP_STATE_AA64) || !(r->type & ARM_CP_64BIT));
2769 /* The AArch64 pseudocode CheckSystemAccess() specifies that op1
2770 * encodes a minimum access level for the register. We roll this
2771 * runtime check into our general permission check code, so check
2772 * here that the reginfo's specified permissions are strict enough
2773 * to encompass the generic architectural permission check.
2775 if (r->state != ARM_CP_STATE_AA32) {
2778 case 0: case 1: case 2:
2791 /* unallocated encoding, so not possible */
2799 /* min_EL EL1, secure mode only (we don't check the latter) */
2803 /* broken reginfo with out-of-range opc1 */
2807 /* assert our permissions are not too lax (stricter is fine) */
2808 assert((r->access & ~mask) == 0);
2811 /* Check that the register definition has enough info to handle
2812 * reads and writes if they are permitted.
2814 if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
2815 if (r->access & PL3_R) {
2816 assert(r->fieldoffset || r->readfn);
2818 if (r->access & PL3_W) {
2819 assert(r->fieldoffset || r->writefn);
2822 /* Bad type field probably means missing sentinel at end of reg list */
2823 assert(cptype_valid(r->type));
2824 for (crm = crmmin; crm <= crmmax; crm++) {
2825 for (opc1 = opc1min; opc1 <= opc1max; opc1++) {
2826 for (opc2 = opc2min; opc2 <= opc2max; opc2++) {
2827 for (state = ARM_CP_STATE_AA32;
2828 state <= ARM_CP_STATE_AA64; state++) {
2829 if (r->state != state && r->state != ARM_CP_STATE_BOTH) {
2832 add_cpreg_to_hashtable(cpu, r, opaque, state,
2840 void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
2841 const ARMCPRegInfo *regs, void *opaque)
2843 /* Define a whole list of registers */
2844 const ARMCPRegInfo *r;
2845 for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
2846 define_one_arm_cp_reg_with_opaque(cpu, r, opaque);
2850 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp)
2852 return g_hash_table_lookup(cpregs, &encoded_cp);
2855 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
2858 /* Helper coprocessor write function for write-ignore registers */
2861 uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri)
2863 /* Helper coprocessor write function for read-as-zero registers */
2867 void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque)
2869 /* Helper coprocessor reset function for do-nothing-on-reset registers */
2872 static int bad_mode_switch(CPUARMState *env, int mode)
2874 /* Return true if it is not valid for us to switch to
2875 * this CPU mode (ie all the UNPREDICTABLE cases in
2876 * the ARM ARM CPSRWriteByInstr pseudocode).
2879 case ARM_CPU_MODE_USR:
2880 case ARM_CPU_MODE_SYS:
2881 case ARM_CPU_MODE_SVC:
2882 case ARM_CPU_MODE_ABT:
2883 case ARM_CPU_MODE_UND:
2884 case ARM_CPU_MODE_IRQ:
2885 case ARM_CPU_MODE_FIQ:
2892 uint32_t cpsr_read(CPUARMState *env)
2895 ZF = (env->ZF == 0);
2896 return env->uncached_cpsr | (env->NF & 0x80000000) | (ZF << 30) |
2897 (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
2898 | (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
2899 | ((env->condexec_bits & 0xfc) << 8)
2900 | (env->GE << 16) | (env->daif & CPSR_AIF);
2903 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
2905 if (mask & CPSR_NZCV) {
2906 env->ZF = (~val) & CPSR_Z;
2908 env->CF = (val >> 29) & 1;
2909 env->VF = (val << 3) & 0x80000000;
2912 env->QF = ((val & CPSR_Q) != 0);
2914 env->thumb = ((val & CPSR_T) != 0);
2915 if (mask & CPSR_IT_0_1) {
2916 env->condexec_bits &= ~3;
2917 env->condexec_bits |= (val >> 25) & 3;
2919 if (mask & CPSR_IT_2_7) {
2920 env->condexec_bits &= 3;
2921 env->condexec_bits |= (val >> 8) & 0xfc;
2923 if (mask & CPSR_GE) {
2924 env->GE = (val >> 16) & 0xf;
2927 env->daif &= ~(CPSR_AIF & mask);
2928 env->daif |= val & CPSR_AIF & mask;
2930 if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
2931 if (bad_mode_switch(env, val & CPSR_M)) {
2932 /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
2933 * We choose to ignore the attempt and leave the CPSR M field
2938 switch_mode(env, val & CPSR_M);
2941 mask &= ~CACHED_CPSR_BITS;
2942 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
2945 /* Sign/zero extend */
2946 uint32_t HELPER(sxtb16)(uint32_t x)
2949 res = (uint16_t)(int8_t)x;
2950 res |= (uint32_t)(int8_t)(x >> 16) << 16;
2954 uint32_t HELPER(uxtb16)(uint32_t x)
2957 res = (uint16_t)(uint8_t)x;
2958 res |= (uint32_t)(uint8_t)(x >> 16) << 16;
2962 uint32_t HELPER(clz)(uint32_t x)
2967 int32_t HELPER(sdiv)(int32_t num, int32_t den)
2971 if (num == INT_MIN && den == -1)
2976 uint32_t HELPER(udiv)(uint32_t num, uint32_t den)
2983 uint32_t HELPER(rbit)(uint32_t x)
2985 x = ((x & 0xff000000) >> 24)
2986 | ((x & 0x00ff0000) >> 8)
2987 | ((x & 0x0000ff00) << 8)
2988 | ((x & 0x000000ff) << 24);
2989 x = ((x & 0xf0f0f0f0) >> 4)
2990 | ((x & 0x0f0f0f0f) << 4);
2991 x = ((x & 0x88888888) >> 3)
2992 | ((x & 0x44444444) >> 1)
2993 | ((x & 0x22222222) << 1)
2994 | ((x & 0x11111111) << 3);
2998 #if defined(CONFIG_USER_ONLY)
3000 void arm_cpu_do_interrupt(CPUState *cs)
3002 cs->exception_index = -1;
3005 int arm_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw,
3008 ARMCPU *cpu = ARM_CPU(cs);
3009 CPUARMState *env = &cpu->env;
3011 env->exception.vaddress = address;
3013 cs->exception_index = EXCP_PREFETCH_ABORT;
3015 cs->exception_index = EXCP_DATA_ABORT;
3020 /* These should probably raise undefined insn exceptions. */
3021 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
3023 ARMCPU *cpu = arm_env_get_cpu(env);
3025 cpu_abort(CPU(cpu), "v7m_msr %d\n", reg);
3028 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
3030 ARMCPU *cpu = arm_env_get_cpu(env);
3032 cpu_abort(CPU(cpu), "v7m_mrs %d\n", reg);
3036 void switch_mode(CPUARMState *env, int mode)
3038 ARMCPU *cpu = arm_env_get_cpu(env);
3040 if (mode != ARM_CPU_MODE_USR) {
3041 cpu_abort(CPU(cpu), "Tried to switch out of user mode\n");
3045 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
3047 ARMCPU *cpu = arm_env_get_cpu(env);
3049 cpu_abort(CPU(cpu), "banked r13 write\n");
3052 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
3054 ARMCPU *cpu = arm_env_get_cpu(env);
3056 cpu_abort(CPU(cpu), "banked r13 read\n");
3062 /* Map CPU modes onto saved register banks. */
3063 int bank_number(int mode)
3066 case ARM_CPU_MODE_USR:
3067 case ARM_CPU_MODE_SYS:
3069 case ARM_CPU_MODE_SVC:
3071 case ARM_CPU_MODE_ABT:
3073 case ARM_CPU_MODE_UND:
3075 case ARM_CPU_MODE_IRQ:
3077 case ARM_CPU_MODE_FIQ:
3080 hw_error("bank number requested for bad CPSR mode value 0x%x\n", mode);
3083 void switch_mode(CPUARMState *env, int mode)
3088 old_mode = env->uncached_cpsr & CPSR_M;
3089 if (mode == old_mode)
3092 if (old_mode == ARM_CPU_MODE_FIQ) {
3093 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
3094 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
3095 } else if (mode == ARM_CPU_MODE_FIQ) {
3096 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
3097 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
3100 i = bank_number(old_mode);
3101 env->banked_r13[i] = env->regs[13];
3102 env->banked_r14[i] = env->regs[14];
3103 env->banked_spsr[i] = env->spsr;
3105 i = bank_number(mode);
3106 env->regs[13] = env->banked_r13[i];
3107 env->regs[14] = env->banked_r14[i];
3108 env->spsr = env->banked_spsr[i];
3111 static void v7m_push(CPUARMState *env, uint32_t val)
3113 CPUState *cs = CPU(arm_env_get_cpu(env));
3116 stl_phys(cs->as, env->regs[13], val);
3119 static uint32_t v7m_pop(CPUARMState *env)
3121 CPUState *cs = CPU(arm_env_get_cpu(env));
3124 val = ldl_phys(cs->as, env->regs[13]);
3129 /* Switch to V7M main or process stack pointer. */
3130 static void switch_v7m_sp(CPUARMState *env, int process)
3133 if (env->v7m.current_sp != process) {
3134 tmp = env->v7m.other_sp;
3135 env->v7m.other_sp = env->regs[13];
3136 env->regs[13] = tmp;
3137 env->v7m.current_sp = process;
3141 static void do_v7m_exception_exit(CPUARMState *env)
3146 type = env->regs[15];
3147 if (env->v7m.exception != 0)
3148 armv7m_nvic_complete_irq(env->nvic, env->v7m.exception);
3150 /* Switch to the target stack. */
3151 switch_v7m_sp(env, (type & 4) != 0);
3152 /* Pop registers. */
3153 env->regs[0] = v7m_pop(env);
3154 env->regs[1] = v7m_pop(env);
3155 env->regs[2] = v7m_pop(env);
3156 env->regs[3] = v7m_pop(env);
3157 env->regs[12] = v7m_pop(env);
3158 env->regs[14] = v7m_pop(env);
3159 env->regs[15] = v7m_pop(env);
3160 xpsr = v7m_pop(env);
3161 xpsr_write(env, xpsr, 0xfffffdff);
3162 /* Undo stack alignment. */
3165 /* ??? The exception return type specifies Thread/Handler mode. However
3166 this is also implied by the xPSR value. Not sure what to do
3167 if there is a mismatch. */
3168 /* ??? Likewise for mismatches between the CONTROL register and the stack
3172 void arm_v7m_cpu_do_interrupt(CPUState *cs)
3174 ARMCPU *cpu = ARM_CPU(cs);
3175 CPUARMState *env = &cpu->env;
3176 uint32_t xpsr = xpsr_read(env);
3180 arm_log_exception(cs->exception_index);
3183 if (env->v7m.current_sp)
3185 if (env->v7m.exception == 0)
3188 /* For exceptions we just mark as pending on the NVIC, and let that
3190 /* TODO: Need to escalate if the current priority is higher than the
3191 one we're raising. */
3192 switch (cs->exception_index) {
3194 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
3197 /* The PC already points to the next instruction. */
3198 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
3200 case EXCP_PREFETCH_ABORT:
3201 case EXCP_DATA_ABORT:
3202 /* TODO: if we implemented the MPU registers, this is where we
3203 * should set the MMFAR, etc from exception.fsr and exception.vaddress.
3205 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
3208 if (semihosting_enabled) {
3210 nr = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff;
3213 env->regs[0] = do_arm_semihosting(env);
3214 qemu_log_mask(CPU_LOG_INT, "...handled as semihosting call\n");
3218 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
3221 env->v7m.exception = armv7m_nvic_acknowledge_irq(env->nvic);
3223 case EXCP_EXCEPTION_EXIT:
3224 do_v7m_exception_exit(env);
3227 cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
3228 return; /* Never happens. Keep compiler happy. */
3231 /* Align stack pointer. */
3232 /* ??? Should only do this if Configuration Control Register
3233 STACKALIGN bit is set. */
3234 if (env->regs[13] & 4) {
3238 /* Switch to the handler mode. */
3239 v7m_push(env, xpsr);
3240 v7m_push(env, env->regs[15]);
3241 v7m_push(env, env->regs[14]);
3242 v7m_push(env, env->regs[12]);
3243 v7m_push(env, env->regs[3]);
3244 v7m_push(env, env->regs[2]);
3245 v7m_push(env, env->regs[1]);
3246 v7m_push(env, env->regs[0]);
3247 switch_v7m_sp(env, 0);
3249 env->condexec_bits = 0;
3251 addr = ldl_phys(cs->as, env->v7m.vecbase + env->v7m.exception * 4);
3252 env->regs[15] = addr & 0xfffffffe;
3253 env->thumb = addr & 1;
3256 /* Handle a CPU exception. */
3257 void arm_cpu_do_interrupt(CPUState *cs)
3259 ARMCPU *cpu = ARM_CPU(cs);
3260 CPUARMState *env = &cpu->env;
3268 arm_log_exception(cs->exception_index);
3270 /* TODO: Vectored interrupt controller. */
3271 switch (cs->exception_index) {
3273 new_mode = ARM_CPU_MODE_UND;
3282 if (semihosting_enabled) {
3283 /* Check for semihosting interrupt. */
3285 mask = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code)
3288 mask = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code)
3291 /* Only intercept calls from privileged modes, to provide some
3292 semblance of security. */
3293 if (((mask == 0x123456 && !env->thumb)
3294 || (mask == 0xab && env->thumb))
3295 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
3296 env->regs[0] = do_arm_semihosting(env);
3297 qemu_log_mask(CPU_LOG_INT, "...handled as semihosting call\n");
3301 new_mode = ARM_CPU_MODE_SVC;
3304 /* The PC already points to the next instruction. */
3308 /* See if this is a semihosting syscall. */
3309 if (env->thumb && semihosting_enabled) {
3310 mask = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff;
3312 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
3314 env->regs[0] = do_arm_semihosting(env);
3315 qemu_log_mask(CPU_LOG_INT, "...handled as semihosting call\n");
3319 env->exception.fsr = 2;
3320 /* Fall through to prefetch abort. */
3321 case EXCP_PREFETCH_ABORT:
3322 env->cp15.ifsr_el2 = env->exception.fsr;
3323 env->cp15.far_el1 = deposit64(env->cp15.far_el1, 32, 32,
3324 env->exception.vaddress);
3325 qemu_log_mask(CPU_LOG_INT, "...with IFSR 0x%x IFAR 0x%x\n",
3326 env->cp15.ifsr_el2, (uint32_t)env->exception.vaddress);
3327 new_mode = ARM_CPU_MODE_ABT;
3329 mask = CPSR_A | CPSR_I;
3332 case EXCP_DATA_ABORT:
3333 env->cp15.esr_el1 = env->exception.fsr;
3334 env->cp15.far_el1 = deposit64(env->cp15.far_el1, 0, 32,
3335 env->exception.vaddress);
3336 qemu_log_mask(CPU_LOG_INT, "...with DFSR 0x%x DFAR 0x%x\n",
3337 (uint32_t)env->cp15.esr_el1,
3338 (uint32_t)env->exception.vaddress);
3339 new_mode = ARM_CPU_MODE_ABT;
3341 mask = CPSR_A | CPSR_I;
3345 new_mode = ARM_CPU_MODE_IRQ;
3347 /* Disable IRQ and imprecise data aborts. */
3348 mask = CPSR_A | CPSR_I;
3352 new_mode = ARM_CPU_MODE_FIQ;
3354 /* Disable FIQ, IRQ and imprecise data aborts. */
3355 mask = CPSR_A | CPSR_I | CPSR_F;
3359 cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
3360 return; /* Never happens. Keep compiler happy. */
3363 if (env->cp15.c1_sys & SCTLR_V) {
3364 /* when enabled, base address cannot be remapped. */
3367 /* ARM v7 architectures provide a vector base address register to remap
3368 * the interrupt vector table.
3369 * This register is only followed in non-monitor mode, and has a secure
3370 * and un-secure copy. Since the cpu is always in a un-secure operation
3371 * and is never in monitor mode this feature is always active.
3372 * Note: only bits 31:5 are valid.
3374 addr += env->cp15.c12_vbar;
3376 switch_mode (env, new_mode);
3377 env->spsr = cpsr_read(env);
3378 /* Clear IT bits. */
3379 env->condexec_bits = 0;
3380 /* Switch to the new mode, and to the correct instruction set. */
3381 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
3383 /* this is a lie, as the was no c1_sys on V4T/V5, but who cares
3384 * and we should just guard the thumb mode on V4 */
3385 if (arm_feature(env, ARM_FEATURE_V4T)) {
3386 env->thumb = (env->cp15.c1_sys & SCTLR_TE) != 0;
3388 env->regs[14] = env->regs[15] + offset;
3389 env->regs[15] = addr;
3390 cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
3393 /* Check section/page access permissions.
3394 Returns the page protection flags, or zero if the access is not
3396 static inline int check_ap(CPUARMState *env, int ap, int domain_prot,
3397 int access_type, int is_user)
3401 if (domain_prot == 3) {
3402 return PAGE_READ | PAGE_WRITE;
3405 if (access_type == 1)
3408 prot_ro = PAGE_READ;
3412 if (arm_feature(env, ARM_FEATURE_V7)) {
3415 if (access_type == 1)
3417 switch (env->cp15.c1_sys & (SCTLR_S | SCTLR_R)) {
3419 return is_user ? 0 : PAGE_READ;
3426 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
3431 return PAGE_READ | PAGE_WRITE;
3433 return PAGE_READ | PAGE_WRITE;
3434 case 4: /* Reserved. */
3437 return is_user ? 0 : prot_ro;
3441 if (!arm_feature (env, ARM_FEATURE_V6K))
3449 static uint32_t get_level1_table_address(CPUARMState *env, uint32_t address)
3453 if (address & env->cp15.c2_mask)
3454 table = env->cp15.ttbr1_el1 & 0xffffc000;
3456 table = env->cp15.ttbr0_el1 & env->cp15.c2_base_mask;
3458 table |= (address >> 18) & 0x3ffc;
3462 static int get_phys_addr_v5(CPUARMState *env, uint32_t address, int access_type,
3463 int is_user, hwaddr *phys_ptr,
3464 int *prot, target_ulong *page_size)
3466 CPUState *cs = CPU(arm_env_get_cpu(env));
3476 /* Pagetable walk. */
3477 /* Lookup l1 descriptor. */
3478 table = get_level1_table_address(env, address);
3479 desc = ldl_phys(cs->as, table);
3481 domain = (desc >> 5) & 0x0f;
3482 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
3484 /* Section translation fault. */
3488 if (domain_prot == 0 || domain_prot == 2) {
3490 code = 9; /* Section domain fault. */
3492 code = 11; /* Page domain fault. */
3497 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
3498 ap = (desc >> 10) & 3;
3500 *page_size = 1024 * 1024;
3502 /* Lookup l2 entry. */
3504 /* Coarse pagetable. */
3505 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
3507 /* Fine pagetable. */
3508 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
3510 desc = ldl_phys(cs->as, table);
3512 case 0: /* Page translation fault. */
3515 case 1: /* 64k page. */
3516 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
3517 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
3518 *page_size = 0x10000;
3520 case 2: /* 4k page. */
3521 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
3522 ap = (desc >> (4 + ((address >> 9) & 6))) & 3;
3523 *page_size = 0x1000;
3525 case 3: /* 1k page. */
3527 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
3528 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
3530 /* Page translation fault. */
3535 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
3537 ap = (desc >> 4) & 3;
3541 /* Never happens, but compiler isn't smart enough to tell. */
3546 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
3548 /* Access permission fault. */
3552 *phys_ptr = phys_addr;
3555 return code | (domain << 4);
3558 static int get_phys_addr_v6(CPUARMState *env, uint32_t address, int access_type,
3559 int is_user, hwaddr *phys_ptr,
3560 int *prot, target_ulong *page_size)
3562 CPUState *cs = CPU(arm_env_get_cpu(env));
3574 /* Pagetable walk. */
3575 /* Lookup l1 descriptor. */
3576 table = get_level1_table_address(env, address);
3577 desc = ldl_phys(cs->as, table);
3579 if (type == 0 || (type == 3 && !arm_feature(env, ARM_FEATURE_PXN))) {
3580 /* Section translation fault, or attempt to use the encoding
3581 * which is Reserved on implementations without PXN.
3586 if ((type == 1) || !(desc & (1 << 18))) {
3587 /* Page or Section. */
3588 domain = (desc >> 5) & 0x0f;
3590 domain_prot = (env->cp15.c3 >> (domain * 2)) & 3;
3591 if (domain_prot == 0 || domain_prot == 2) {
3593 code = 9; /* Section domain fault. */
3595 code = 11; /* Page domain fault. */
3600 if (desc & (1 << 18)) {
3602 phys_addr = (desc & 0xff000000) | (address & 0x00ffffff);
3603 *page_size = 0x1000000;
3606 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
3607 *page_size = 0x100000;
3609 ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
3610 xn = desc & (1 << 4);
3614 if (arm_feature(env, ARM_FEATURE_PXN)) {
3615 pxn = (desc >> 2) & 1;
3617 /* Lookup l2 entry. */
3618 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
3619 desc = ldl_phys(cs->as, table);
3620 ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
3622 case 0: /* Page translation fault. */
3625 case 1: /* 64k page. */
3626 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
3627 xn = desc & (1 << 15);
3628 *page_size = 0x10000;
3630 case 2: case 3: /* 4k page. */
3631 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
3633 *page_size = 0x1000;
3636 /* Never happens, but compiler isn't smart enough to tell. */
3641 if (domain_prot == 3) {
3642 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
3644 if (pxn && !is_user) {
3647 if (xn && access_type == 2)
3650 /* The simplified model uses AP[0] as an access control bit. */
3651 if ((env->cp15.c1_sys & SCTLR_AFE) && (ap & 1) == 0) {
3652 /* Access flag fault. */
3653 code = (code == 15) ? 6 : 3;
3656 *prot = check_ap(env, ap, domain_prot, access_type, is_user);
3658 /* Access permission fault. */
3665 *phys_ptr = phys_addr;
3668 return code | (domain << 4);
3671 /* Fault type for long-descriptor MMU fault reporting; this corresponds
3672 * to bits [5..2] in the STATUS field in long-format DFSR/IFSR.
3675 translation_fault = 1,
3677 permission_fault = 3,
3680 static int get_phys_addr_lpae(CPUARMState *env, target_ulong address,
3681 int access_type, int is_user,
3682 hwaddr *phys_ptr, int *prot,
3683 target_ulong *page_size_ptr)
3685 CPUState *cs = CPU(arm_env_get_cpu(env));
3686 /* Read an LPAE long-descriptor translation table. */
3687 MMUFaultType fault_type = translation_fault;
3694 hwaddr descaddr, descmask;
3695 uint32_t tableattrs;
3696 target_ulong page_size;
3698 int32_t granule_sz = 9;
3699 int32_t va_size = 32;
3702 if (arm_el_is_aa64(env, 1)) {
3704 if (extract64(address, 55, 1))
3705 tbi = extract64(env->cp15.c2_control, 38, 1);
3707 tbi = extract64(env->cp15.c2_control, 37, 1);
3711 /* Determine whether this address is in the region controlled by
3712 * TTBR0 or TTBR1 (or if it is in neither region and should fault).
3713 * This is a Non-secure PL0/1 stage 1 translation, so controlled by
3714 * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32:
3716 uint32_t t0sz = extract32(env->cp15.c2_control, 0, 6);
3717 if (arm_el_is_aa64(env, 1)) {
3718 t0sz = MIN(t0sz, 39);
3719 t0sz = MAX(t0sz, 16);
3721 uint32_t t1sz = extract32(env->cp15.c2_control, 16, 6);
3722 if (arm_el_is_aa64(env, 1)) {
3723 t1sz = MIN(t1sz, 39);
3724 t1sz = MAX(t1sz, 16);
3726 if (t0sz && !extract64(address, va_size - t0sz, t0sz - tbi)) {
3727 /* there is a ttbr0 region and we are in it (high bits all zero) */
3729 } else if (t1sz && !extract64(~address, va_size - t1sz, t1sz - tbi)) {
3730 /* there is a ttbr1 region and we are in it (high bits all one) */
3733 /* ttbr0 region is "everything not in the ttbr1 region" */
3736 /* ttbr1 region is "everything not in the ttbr0 region" */
3739 /* in the gap between the two regions, this is a Translation fault */
3740 fault_type = translation_fault;
3744 /* Note that QEMU ignores shareability and cacheability attributes,
3745 * so we don't need to do anything with the SH, ORGN, IRGN fields
3746 * in the TTBCR. Similarly, TTBCR:A1 selects whether we get the
3747 * ASID from TTBR0 or TTBR1, but QEMU's TLB doesn't currently
3748 * implement any ASID-like capability so we can ignore it (instead
3749 * we will always flush the TLB any time the ASID is changed).
3751 if (ttbr_select == 0) {
3752 ttbr = env->cp15.ttbr0_el1;
3753 epd = extract32(env->cp15.c2_control, 7, 1);
3756 tg = extract32(env->cp15.c2_control, 14, 2);
3757 if (tg == 1) { /* 64KB pages */
3760 if (tg == 2) { /* 16KB pages */
3764 ttbr = env->cp15.ttbr1_el1;
3765 epd = extract32(env->cp15.c2_control, 23, 1);
3768 tg = extract32(env->cp15.c2_control, 30, 2);
3769 if (tg == 3) { /* 64KB pages */
3772 if (tg == 1) { /* 16KB pages */
3778 /* Translation table walk disabled => Translation fault on TLB miss */
3782 /* The starting level depends on the virtual address size which can be
3783 * up to 48-bits and the translation granule size.
3785 if ((va_size - tsz) > (granule_sz * 4 + 3)) {
3787 } else if ((va_size - tsz) > (granule_sz * 3 + 3)) {
3793 /* Clear the vaddr bits which aren't part of the within-region address,
3794 * so that we don't have to special case things when calculating the
3795 * first descriptor address.
3798 address &= (1ULL << (va_size - tsz)) - 1;
3801 descmask = (1ULL << (granule_sz + 3)) - 1;
3803 /* Now we can extract the actual base address from the TTBR */
3804 descaddr = extract64(ttbr, 0, 48);
3805 descaddr &= ~((1ULL << (va_size - tsz - (granule_sz * (4 - level)))) - 1);
3809 uint64_t descriptor;
3811 descaddr |= (address >> (granule_sz * (4 - level))) & descmask;
3813 descriptor = ldq_phys(cs->as, descaddr);
3814 if (!(descriptor & 1) ||
3815 (!(descriptor & 2) && (level == 3))) {
3816 /* Invalid, or the Reserved level 3 encoding */
3819 descaddr = descriptor & 0xfffffff000ULL;
3821 if ((descriptor & 2) && (level < 3)) {
3822 /* Table entry. The top five bits are attributes which may
3823 * propagate down through lower levels of the table (and
3824 * which are all arranged so that 0 means "no effect", so
3825 * we can gather them up by ORing in the bits at each level).
3827 tableattrs |= extract64(descriptor, 59, 5);
3831 /* Block entry at level 1 or 2, or page entry at level 3.
3832 * These are basically the same thing, although the number
3833 * of bits we pull in from the vaddr varies.
3835 page_size = (1 << ((granule_sz * (4 - level)) + 3));
3836 descaddr |= (address & (page_size - 1));
3837 /* Extract attributes from the descriptor and merge with table attrs */
3838 if (arm_feature(env, ARM_FEATURE_V8)) {
3839 attrs = extract64(descriptor, 2, 10)
3840 | (extract64(descriptor, 53, 11) << 10);
3842 attrs = extract64(descriptor, 2, 10)
3843 | (extract64(descriptor, 52, 12) << 10);
3845 attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
3846 attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
3847 /* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
3848 * means "force PL1 access only", which means forcing AP[1] to 0.
3850 if (extract32(tableattrs, 2, 1)) {
3853 /* Since we're always in the Non-secure state, NSTable is ignored. */
3856 /* Here descaddr is the final physical address, and attributes
3859 fault_type = access_fault;
3860 if ((attrs & (1 << 8)) == 0) {
3864 fault_type = permission_fault;
3865 if (is_user && !(attrs & (1 << 4))) {
3866 /* Unprivileged access not enabled */
3869 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
3870 if (attrs & (1 << 12) || (!is_user && (attrs & (1 << 11)))) {
3872 if (access_type == 2) {
3875 *prot &= ~PAGE_EXEC;
3877 if (attrs & (1 << 5)) {
3878 /* Write access forbidden */
3879 if (access_type == 1) {
3882 *prot &= ~PAGE_WRITE;
3885 *phys_ptr = descaddr;
3886 *page_size_ptr = page_size;
3890 /* Long-descriptor format IFSR/DFSR value */
3891 return (1 << 9) | (fault_type << 2) | level;
3894 static int get_phys_addr_mpu(CPUARMState *env, uint32_t address,
3895 int access_type, int is_user,
3896 hwaddr *phys_ptr, int *prot)
3902 *phys_ptr = address;
3903 for (n = 7; n >= 0; n--) {
3904 base = env->cp15.c6_region[n];
3905 if ((base & 1) == 0)
3907 mask = 1 << ((base >> 1) & 0x1f);
3908 /* Keep this shift separate from the above to avoid an
3909 (undefined) << 32. */
3910 mask = (mask << 1) - 1;
3911 if (((base ^ address) & ~mask) == 0)
3917 if (access_type == 2) {
3918 mask = env->cp15.pmsav5_insn_ap;
3920 mask = env->cp15.pmsav5_data_ap;
3922 mask = (mask >> (n * 4)) & 0xf;
3929 *prot = PAGE_READ | PAGE_WRITE;
3934 *prot |= PAGE_WRITE;
3937 *prot = PAGE_READ | PAGE_WRITE;
3948 /* Bad permission. */
3955 /* get_phys_addr - get the physical address for this virtual address
3957 * Find the physical address corresponding to the given virtual address,
3958 * by doing a translation table walk on MMU based systems or using the
3959 * MPU state on MPU based systems.
3961 * Returns 0 if the translation was successful. Otherwise, phys_ptr,
3962 * prot and page_size are not filled in, and the return value provides
3963 * information on why the translation aborted, in the format of a
3964 * DFSR/IFSR fault register, with the following caveats:
3965 * * we honour the short vs long DFSR format differences.
3966 * * the WnR bit is never set (the caller must do this).
3967 * * for MPU based systems we don't bother to return a full FSR format
3971 * @address: virtual address to get physical address for
3972 * @access_type: 0 for read, 1 for write, 2 for execute
3973 * @is_user: 0 for privileged access, 1 for user
3974 * @phys_ptr: set to the physical address corresponding to the virtual address
3975 * @prot: set to the permissions for the page containing phys_ptr
3976 * @page_size: set to the size of the page containing phys_ptr
3978 static inline int get_phys_addr(CPUARMState *env, target_ulong address,
3979 int access_type, int is_user,
3980 hwaddr *phys_ptr, int *prot,
3981 target_ulong *page_size)
3983 /* Fast Context Switch Extension. */
3984 if (address < 0x02000000)
3985 address += env->cp15.c13_fcse;
3987 if ((env->cp15.c1_sys & SCTLR_M) == 0) {
3988 /* MMU/MPU disabled. */
3989 *phys_ptr = address;
3990 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
3991 *page_size = TARGET_PAGE_SIZE;
3993 } else if (arm_feature(env, ARM_FEATURE_MPU)) {
3994 *page_size = TARGET_PAGE_SIZE;
3995 return get_phys_addr_mpu(env, address, access_type, is_user, phys_ptr,
3997 } else if (extended_addresses_enabled(env)) {
3998 return get_phys_addr_lpae(env, address, access_type, is_user, phys_ptr,
4000 } else if (env->cp15.c1_sys & SCTLR_XP) {
4001 return get_phys_addr_v6(env, address, access_type, is_user, phys_ptr,
4004 return get_phys_addr_v5(env, address, access_type, is_user, phys_ptr,
4009 int arm_cpu_handle_mmu_fault(CPUState *cs, vaddr address,
4010 int access_type, int mmu_idx)
4012 ARMCPU *cpu = ARM_CPU(cs);
4013 CPUARMState *env = &cpu->env;
4015 target_ulong page_size;
4019 bool same_el = (arm_current_pl(env) != 0);
4021 is_user = mmu_idx == MMU_USER_IDX;
4022 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot,
4025 /* Map a single [sub]page. */
4026 phys_addr &= ~(hwaddr)0x3ff;
4027 address &= ~(target_ulong)0x3ff;
4028 tlb_set_page(cs, address, phys_addr, prot, mmu_idx, page_size);
4032 /* AArch64 syndrome does not have an LPAE bit */
4033 syn = ret & ~(1 << 9);
4035 /* For insn and data aborts we assume there is no instruction syndrome
4036 * information; this is always true for exceptions reported to EL1.
4038 if (access_type == 2) {
4039 syn = syn_insn_abort(same_el, 0, 0, syn);
4040 cs->exception_index = EXCP_PREFETCH_ABORT;
4042 syn = syn_data_abort(same_el, 0, 0, 0, access_type == 1, syn);
4043 if (access_type == 1 && arm_feature(env, ARM_FEATURE_V6)) {
4046 cs->exception_index = EXCP_DATA_ABORT;
4049 env->exception.syndrome = syn;
4050 env->exception.vaddress = address;
4051 env->exception.fsr = ret;
4055 hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
4057 ARMCPU *cpu = ARM_CPU(cs);
4059 target_ulong page_size;
4063 ret = get_phys_addr(&cpu->env, addr, 0, 0, &phys_addr, &prot, &page_size);
4072 void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
4074 if ((env->uncached_cpsr & CPSR_M) == mode) {
4075 env->regs[13] = val;
4077 env->banked_r13[bank_number(mode)] = val;
4081 uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
4083 if ((env->uncached_cpsr & CPSR_M) == mode) {
4084 return env->regs[13];
4086 return env->banked_r13[bank_number(mode)];
4090 uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
4092 ARMCPU *cpu = arm_env_get_cpu(env);
4096 return xpsr_read(env) & 0xf8000000;
4098 return xpsr_read(env) & 0xf80001ff;
4100 return xpsr_read(env) & 0xff00fc00;
4102 return xpsr_read(env) & 0xff00fdff;
4104 return xpsr_read(env) & 0x000001ff;
4106 return xpsr_read(env) & 0x0700fc00;
4108 return xpsr_read(env) & 0x0700edff;
4110 return env->v7m.current_sp ? env->v7m.other_sp : env->regs[13];
4112 return env->v7m.current_sp ? env->regs[13] : env->v7m.other_sp;
4113 case 16: /* PRIMASK */
4114 return (env->daif & PSTATE_I) != 0;
4115 case 17: /* BASEPRI */
4116 case 18: /* BASEPRI_MAX */
4117 return env->v7m.basepri;
4118 case 19: /* FAULTMASK */
4119 return (env->daif & PSTATE_F) != 0;
4120 case 20: /* CONTROL */
4121 return env->v7m.control;
4123 /* ??? For debugging only. */
4124 cpu_abort(CPU(cpu), "Unimplemented system register read (%d)\n", reg);
4129 void HELPER(v7m_msr)(CPUARMState *env, uint32_t reg, uint32_t val)
4131 ARMCPU *cpu = arm_env_get_cpu(env);
4135 xpsr_write(env, val, 0xf8000000);
4138 xpsr_write(env, val, 0xf8000000);
4141 xpsr_write(env, val, 0xfe00fc00);
4144 xpsr_write(env, val, 0xfe00fc00);
4147 /* IPSR bits are readonly. */
4150 xpsr_write(env, val, 0x0600fc00);
4153 xpsr_write(env, val, 0x0600fc00);
4156 if (env->v7m.current_sp)
4157 env->v7m.other_sp = val;
4159 env->regs[13] = val;
4162 if (env->v7m.current_sp)
4163 env->regs[13] = val;
4165 env->v7m.other_sp = val;
4167 case 16: /* PRIMASK */
4169 env->daif |= PSTATE_I;
4171 env->daif &= ~PSTATE_I;
4174 case 17: /* BASEPRI */
4175 env->v7m.basepri = val & 0xff;
4177 case 18: /* BASEPRI_MAX */
4179 if (val != 0 && (val < env->v7m.basepri || env->v7m.basepri == 0))
4180 env->v7m.basepri = val;
4182 case 19: /* FAULTMASK */
4184 env->daif |= PSTATE_F;
4186 env->daif &= ~PSTATE_F;
4189 case 20: /* CONTROL */
4190 env->v7m.control = val & 3;
4191 switch_v7m_sp(env, (val & 2) != 0);
4194 /* ??? For debugging only. */
4195 cpu_abort(CPU(cpu), "Unimplemented system register write (%d)\n", reg);
4202 void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in)
4204 /* Implement DC ZVA, which zeroes a fixed-length block of memory.
4205 * Note that we do not implement the (architecturally mandated)
4206 * alignment fault for attempts to use this on Device memory
4207 * (which matches the usual QEMU behaviour of not implementing either
4208 * alignment faults or any memory attribute handling).
4211 ARMCPU *cpu = arm_env_get_cpu(env);
4212 uint64_t blocklen = 4 << cpu->dcz_blocksize;
4213 uint64_t vaddr = vaddr_in & ~(blocklen - 1);
4215 #ifndef CONFIG_USER_ONLY
4217 /* Slightly awkwardly, QEMU's TARGET_PAGE_SIZE may be less than
4218 * the block size so we might have to do more than one TLB lookup.
4219 * We know that in fact for any v8 CPU the page size is at least 4K
4220 * and the block size must be 2K or less, but TARGET_PAGE_SIZE is only
4221 * 1K as an artefact of legacy v5 subpage support being present in the
4222 * same QEMU executable.
4224 int maxidx = DIV_ROUND_UP(blocklen, TARGET_PAGE_SIZE);
4225 void *hostaddr[maxidx];
4228 for (try = 0; try < 2; try++) {
4230 for (i = 0; i < maxidx; i++) {
4231 hostaddr[i] = tlb_vaddr_to_host(env,
4232 vaddr + TARGET_PAGE_SIZE * i,
4233 1, cpu_mmu_index(env));
4239 /* If it's all in the TLB it's fair game for just writing to;
4240 * we know we don't need to update dirty status, etc.
4242 for (i = 0; i < maxidx - 1; i++) {
4243 memset(hostaddr[i], 0, TARGET_PAGE_SIZE);
4245 memset(hostaddr[i], 0, blocklen - (i * TARGET_PAGE_SIZE));
4248 /* OK, try a store and see if we can populate the tlb. This
4249 * might cause an exception if the memory isn't writable,
4250 * in which case we will longjmp out of here. We must for
4251 * this purpose use the actual register value passed to us
4252 * so that we get the fault address right.
4254 helper_ret_stb_mmu(env, vaddr_in, 0, cpu_mmu_index(env), GETRA());
4255 /* Now we can populate the other TLB entries, if any */
4256 for (i = 0; i < maxidx; i++) {
4257 uint64_t va = vaddr + TARGET_PAGE_SIZE * i;
4258 if (va != (vaddr_in & TARGET_PAGE_MASK)) {
4259 helper_ret_stb_mmu(env, va, 0, cpu_mmu_index(env), GETRA());
4264 /* Slow path (probably attempt to do this to an I/O device or
4265 * similar, or clearing of a block of code we have translations
4266 * cached for). Just do a series of byte writes as the architecture
4267 * demands. It's not worth trying to use a cpu_physical_memory_map(),
4268 * memset(), unmap() sequence here because:
4269 * + we'd need to account for the blocksize being larger than a page
4270 * + the direct-RAM access case is almost always going to be dealt
4271 * with in the fastpath code above, so there's no speed benefit
4272 * + we would have to deal with the map returning NULL because the
4273 * bounce buffer was in use
4275 for (i = 0; i < blocklen; i++) {
4276 helper_ret_stb_mmu(env, vaddr + i, 0, cpu_mmu_index(env), GETRA());
4280 memset(g2h(vaddr), 0, blocklen);
4284 /* Note that signed overflow is undefined in C. The following routines are
4285 careful to use unsigned types where modulo arithmetic is required.
4286 Failure to do so _will_ break on newer gcc. */
4288 /* Signed saturating arithmetic. */
4290 /* Perform 16-bit signed saturating addition. */
4291 static inline uint16_t add16_sat(uint16_t a, uint16_t b)
4296 if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
4305 /* Perform 8-bit signed saturating addition. */
4306 static inline uint8_t add8_sat(uint8_t a, uint8_t b)
4311 if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
4320 /* Perform 16-bit signed saturating subtraction. */
4321 static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
4326 if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
4335 /* Perform 8-bit signed saturating subtraction. */
4336 static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
4341 if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
4350 #define ADD16(a, b, n) RESULT(add16_sat(a, b), n, 16);
4351 #define SUB16(a, b, n) RESULT(sub16_sat(a, b), n, 16);
4352 #define ADD8(a, b, n) RESULT(add8_sat(a, b), n, 8);
4353 #define SUB8(a, b, n) RESULT(sub8_sat(a, b), n, 8);
4356 #include "op_addsub.h"
4358 /* Unsigned saturating arithmetic. */
4359 static inline uint16_t add16_usat(uint16_t a, uint16_t b)
4368 static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
4376 static inline uint8_t add8_usat(uint8_t a, uint8_t b)
4385 static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
4393 #define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
4394 #define SUB16(a, b, n) RESULT(sub16_usat(a, b), n, 16);
4395 #define ADD8(a, b, n) RESULT(add8_usat(a, b), n, 8);
4396 #define SUB8(a, b, n) RESULT(sub8_usat(a, b), n, 8);
4399 #include "op_addsub.h"
4401 /* Signed modulo arithmetic. */
4402 #define SARITH16(a, b, n, op) do { \
4404 sum = (int32_t)(int16_t)(a) op (int32_t)(int16_t)(b); \
4405 RESULT(sum, n, 16); \
4407 ge |= 3 << (n * 2); \
4410 #define SARITH8(a, b, n, op) do { \
4412 sum = (int32_t)(int8_t)(a) op (int32_t)(int8_t)(b); \
4413 RESULT(sum, n, 8); \
4419 #define ADD16(a, b, n) SARITH16(a, b, n, +)
4420 #define SUB16(a, b, n) SARITH16(a, b, n, -)
4421 #define ADD8(a, b, n) SARITH8(a, b, n, +)
4422 #define SUB8(a, b, n) SARITH8(a, b, n, -)
4426 #include "op_addsub.h"
4428 /* Unsigned modulo arithmetic. */
4429 #define ADD16(a, b, n) do { \
4431 sum = (uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b); \
4432 RESULT(sum, n, 16); \
4433 if ((sum >> 16) == 1) \
4434 ge |= 3 << (n * 2); \
4437 #define ADD8(a, b, n) do { \
4439 sum = (uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b); \
4440 RESULT(sum, n, 8); \
4441 if ((sum >> 8) == 1) \
4445 #define SUB16(a, b, n) do { \
4447 sum = (uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b); \
4448 RESULT(sum, n, 16); \
4449 if ((sum >> 16) == 0) \
4450 ge |= 3 << (n * 2); \
4453 #define SUB8(a, b, n) do { \
4455 sum = (uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b); \
4456 RESULT(sum, n, 8); \
4457 if ((sum >> 8) == 0) \
4464 #include "op_addsub.h"
4466 /* Halved signed arithmetic. */
4467 #define ADD16(a, b, n) \
4468 RESULT(((int32_t)(int16_t)(a) + (int32_t)(int16_t)(b)) >> 1, n, 16)
4469 #define SUB16(a, b, n) \
4470 RESULT(((int32_t)(int16_t)(a) - (int32_t)(int16_t)(b)) >> 1, n, 16)
4471 #define ADD8(a, b, n) \
4472 RESULT(((int32_t)(int8_t)(a) + (int32_t)(int8_t)(b)) >> 1, n, 8)
4473 #define SUB8(a, b, n) \
4474 RESULT(((int32_t)(int8_t)(a) - (int32_t)(int8_t)(b)) >> 1, n, 8)
4477 #include "op_addsub.h"
4479 /* Halved unsigned arithmetic. */
4480 #define ADD16(a, b, n) \
4481 RESULT(((uint32_t)(uint16_t)(a) + (uint32_t)(uint16_t)(b)) >> 1, n, 16)
4482 #define SUB16(a, b, n) \
4483 RESULT(((uint32_t)(uint16_t)(a) - (uint32_t)(uint16_t)(b)) >> 1, n, 16)
4484 #define ADD8(a, b, n) \
4485 RESULT(((uint32_t)(uint8_t)(a) + (uint32_t)(uint8_t)(b)) >> 1, n, 8)
4486 #define SUB8(a, b, n) \
4487 RESULT(((uint32_t)(uint8_t)(a) - (uint32_t)(uint8_t)(b)) >> 1, n, 8)
4490 #include "op_addsub.h"
4492 static inline uint8_t do_usad(uint8_t a, uint8_t b)
4500 /* Unsigned sum of absolute byte differences. */
4501 uint32_t HELPER(usad8)(uint32_t a, uint32_t b)
4504 sum = do_usad(a, b);
4505 sum += do_usad(a >> 8, b >> 8);
4506 sum += do_usad(a >> 16, b >>16);
4507 sum += do_usad(a >> 24, b >> 24);
4511 /* For ARMv6 SEL instruction. */
4512 uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
4525 return (a & mask) | (b & ~mask);
4528 /* VFP support. We follow the convention used for VFP instructions:
4529 Single precision routines have a "s" suffix, double precision a
4532 /* Convert host exception flags to vfp form. */
4533 static inline int vfp_exceptbits_from_host(int host_bits)
4535 int target_bits = 0;
4537 if (host_bits & float_flag_invalid)
4539 if (host_bits & float_flag_divbyzero)
4541 if (host_bits & float_flag_overflow)
4543 if (host_bits & (float_flag_underflow | float_flag_output_denormal))
4545 if (host_bits & float_flag_inexact)
4546 target_bits |= 0x10;
4547 if (host_bits & float_flag_input_denormal)
4548 target_bits |= 0x80;
4552 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
4557 fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
4558 | (env->vfp.vec_len << 16)
4559 | (env->vfp.vec_stride << 20);
4560 i = get_float_exception_flags(&env->vfp.fp_status);
4561 i |= get_float_exception_flags(&env->vfp.standard_fp_status);
4562 fpscr |= vfp_exceptbits_from_host(i);
4566 uint32_t vfp_get_fpscr(CPUARMState *env)
4568 return HELPER(vfp_get_fpscr)(env);
4571 /* Convert vfp exception flags to target form. */
4572 static inline int vfp_exceptbits_to_host(int target_bits)
4576 if (target_bits & 1)
4577 host_bits |= float_flag_invalid;
4578 if (target_bits & 2)
4579 host_bits |= float_flag_divbyzero;
4580 if (target_bits & 4)
4581 host_bits |= float_flag_overflow;
4582 if (target_bits & 8)
4583 host_bits |= float_flag_underflow;
4584 if (target_bits & 0x10)
4585 host_bits |= float_flag_inexact;
4586 if (target_bits & 0x80)
4587 host_bits |= float_flag_input_denormal;
4591 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
4596 changed = env->vfp.xregs[ARM_VFP_FPSCR];
4597 env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
4598 env->vfp.vec_len = (val >> 16) & 7;
4599 env->vfp.vec_stride = (val >> 20) & 3;
4602 if (changed & (3 << 22)) {
4603 i = (val >> 22) & 3;
4605 case FPROUNDING_TIEEVEN:
4606 i = float_round_nearest_even;
4608 case FPROUNDING_POSINF:
4611 case FPROUNDING_NEGINF:
4612 i = float_round_down;
4614 case FPROUNDING_ZERO:
4615 i = float_round_to_zero;
4618 set_float_rounding_mode(i, &env->vfp.fp_status);
4620 if (changed & (1 << 24)) {
4621 set_flush_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
4622 set_flush_inputs_to_zero((val & (1 << 24)) != 0, &env->vfp.fp_status);
4624 if (changed & (1 << 25))
4625 set_default_nan_mode((val & (1 << 25)) != 0, &env->vfp.fp_status);
4627 i = vfp_exceptbits_to_host(val);
4628 set_float_exception_flags(i, &env->vfp.fp_status);
4629 set_float_exception_flags(0, &env->vfp.standard_fp_status);
4632 void vfp_set_fpscr(CPUARMState *env, uint32_t val)
4634 HELPER(vfp_set_fpscr)(env, val);
4637 #define VFP_HELPER(name, p) HELPER(glue(glue(vfp_,name),p))
4639 #define VFP_BINOP(name) \
4640 float32 VFP_HELPER(name, s)(float32 a, float32 b, void *fpstp) \
4642 float_status *fpst = fpstp; \
4643 return float32_ ## name(a, b, fpst); \
4645 float64 VFP_HELPER(name, d)(float64 a, float64 b, void *fpstp) \
4647 float_status *fpst = fpstp; \
4648 return float64_ ## name(a, b, fpst); \
4660 float32 VFP_HELPER(neg, s)(float32 a)
4662 return float32_chs(a);
4665 float64 VFP_HELPER(neg, d)(float64 a)
4667 return float64_chs(a);
4670 float32 VFP_HELPER(abs, s)(float32 a)
4672 return float32_abs(a);
4675 float64 VFP_HELPER(abs, d)(float64 a)
4677 return float64_abs(a);
4680 float32 VFP_HELPER(sqrt, s)(float32 a, CPUARMState *env)
4682 return float32_sqrt(a, &env->vfp.fp_status);
4685 float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
4687 return float64_sqrt(a, &env->vfp.fp_status);
4690 /* XXX: check quiet/signaling case */
4691 #define DO_VFP_cmp(p, type) \
4692 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env) \
4695 switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
4696 case 0: flags = 0x6; break; \
4697 case -1: flags = 0x8; break; \
4698 case 1: flags = 0x2; break; \
4699 default: case 2: flags = 0x3; break; \
4701 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
4702 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
4704 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
4707 switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
4708 case 0: flags = 0x6; break; \
4709 case -1: flags = 0x8; break; \
4710 case 1: flags = 0x2; break; \
4711 default: case 2: flags = 0x3; break; \
4713 env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
4714 | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
4716 DO_VFP_cmp(s, float32)
4717 DO_VFP_cmp(d, float64)
4720 /* Integer to float and float to integer conversions */
4722 #define CONV_ITOF(name, fsz, sign) \
4723 float##fsz HELPER(name)(uint32_t x, void *fpstp) \
4725 float_status *fpst = fpstp; \
4726 return sign##int32_to_##float##fsz((sign##int32_t)x, fpst); \
4729 #define CONV_FTOI(name, fsz, sign, round) \
4730 uint32_t HELPER(name)(float##fsz x, void *fpstp) \
4732 float_status *fpst = fpstp; \
4733 if (float##fsz##_is_any_nan(x)) { \
4734 float_raise(float_flag_invalid, fpst); \
4737 return float##fsz##_to_##sign##int32##round(x, fpst); \
4740 #define FLOAT_CONVS(name, p, fsz, sign) \
4741 CONV_ITOF(vfp_##name##to##p, fsz, sign) \
4742 CONV_FTOI(vfp_to##name##p, fsz, sign, ) \
4743 CONV_FTOI(vfp_to##name##z##p, fsz, sign, _round_to_zero)
4745 FLOAT_CONVS(si, s, 32, )
4746 FLOAT_CONVS(si, d, 64, )
4747 FLOAT_CONVS(ui, s, 32, u)
4748 FLOAT_CONVS(ui, d, 64, u)
4754 /* floating point conversion */
4755 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUARMState *env)
4757 float64 r = float32_to_float64(x, &env->vfp.fp_status);
4758 /* ARM requires that S<->D conversion of any kind of NaN generates
4759 * a quiet NaN by forcing the most significant frac bit to 1.
4761 return float64_maybe_silence_nan(r);
4764 float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
4766 float32 r = float64_to_float32(x, &env->vfp.fp_status);
4767 /* ARM requires that S<->D conversion of any kind of NaN generates
4768 * a quiet NaN by forcing the most significant frac bit to 1.
4770 return float32_maybe_silence_nan(r);
4773 /* VFP3 fixed point conversion. */
4774 #define VFP_CONV_FIX_FLOAT(name, p, fsz, isz, itype) \
4775 float##fsz HELPER(vfp_##name##to##p)(uint##isz##_t x, uint32_t shift, \
4778 float_status *fpst = fpstp; \
4780 tmp = itype##_to_##float##fsz(x, fpst); \
4781 return float##fsz##_scalbn(tmp, -(int)shift, fpst); \
4784 /* Notice that we want only input-denormal exception flags from the
4785 * scalbn operation: the other possible flags (overflow+inexact if
4786 * we overflow to infinity, output-denormal) aren't correct for the
4787 * complete scale-and-convert operation.
4789 #define VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, isz, itype, round) \
4790 uint##isz##_t HELPER(vfp_to##name##p##round)(float##fsz x, \
4794 float_status *fpst = fpstp; \
4795 int old_exc_flags = get_float_exception_flags(fpst); \
4797 if (float##fsz##_is_any_nan(x)) { \
4798 float_raise(float_flag_invalid, fpst); \
4801 tmp = float##fsz##_scalbn(x, shift, fpst); \
4802 old_exc_flags |= get_float_exception_flags(fpst) \
4803 & float_flag_input_denormal; \
4804 set_float_exception_flags(old_exc_flags, fpst); \
4805 return float##fsz##_to_##itype##round(tmp, fpst); \
4808 #define VFP_CONV_FIX(name, p, fsz, isz, itype) \
4809 VFP_CONV_FIX_FLOAT(name, p, fsz, isz, itype) \
4810 VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, isz, itype, _round_to_zero) \
4811 VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, isz, itype, )
4813 #define VFP_CONV_FIX_A64(name, p, fsz, isz, itype) \
4814 VFP_CONV_FIX_FLOAT(name, p, fsz, isz, itype) \
4815 VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, isz, itype, )
4817 VFP_CONV_FIX(sh, d, 64, 64, int16)
4818 VFP_CONV_FIX(sl, d, 64, 64, int32)
4819 VFP_CONV_FIX_A64(sq, d, 64, 64, int64)
4820 VFP_CONV_FIX(uh, d, 64, 64, uint16)
4821 VFP_CONV_FIX(ul, d, 64, 64, uint32)
4822 VFP_CONV_FIX_A64(uq, d, 64, 64, uint64)
4823 VFP_CONV_FIX(sh, s, 32, 32, int16)
4824 VFP_CONV_FIX(sl, s, 32, 32, int32)
4825 VFP_CONV_FIX_A64(sq, s, 32, 64, int64)
4826 VFP_CONV_FIX(uh, s, 32, 32, uint16)
4827 VFP_CONV_FIX(ul, s, 32, 32, uint32)
4828 VFP_CONV_FIX_A64(uq, s, 32, 64, uint64)
4830 #undef VFP_CONV_FIX_FLOAT
4831 #undef VFP_CONV_FLOAT_FIX_ROUND
4833 /* Set the current fp rounding mode and return the old one.
4834 * The argument is a softfloat float_round_ value.
4836 uint32_t HELPER(set_rmode)(uint32_t rmode, CPUARMState *env)
4838 float_status *fp_status = &env->vfp.fp_status;
4840 uint32_t prev_rmode = get_float_rounding_mode(fp_status);
4841 set_float_rounding_mode(rmode, fp_status);
4846 /* Set the current fp rounding mode in the standard fp status and return
4847 * the old one. This is for NEON instructions that need to change the
4848 * rounding mode but wish to use the standard FPSCR values for everything
4849 * else. Always set the rounding mode back to the correct value after
4851 * The argument is a softfloat float_round_ value.
4853 uint32_t HELPER(set_neon_rmode)(uint32_t rmode, CPUARMState *env)
4855 float_status *fp_status = &env->vfp.standard_fp_status;
4857 uint32_t prev_rmode = get_float_rounding_mode(fp_status);
4858 set_float_rounding_mode(rmode, fp_status);
4863 /* Half precision conversions. */
4864 static float32 do_fcvt_f16_to_f32(uint32_t a, CPUARMState *env, float_status *s)
4866 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
4867 float32 r = float16_to_float32(make_float16(a), ieee, s);
4869 return float32_maybe_silence_nan(r);
4874 static uint32_t do_fcvt_f32_to_f16(float32 a, CPUARMState *env, float_status *s)
4876 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
4877 float16 r = float32_to_float16(a, ieee, s);
4879 r = float16_maybe_silence_nan(r);
4881 return float16_val(r);
4884 float32 HELPER(neon_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
4886 return do_fcvt_f16_to_f32(a, env, &env->vfp.standard_fp_status);
4889 uint32_t HELPER(neon_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
4891 return do_fcvt_f32_to_f16(a, env, &env->vfp.standard_fp_status);
4894 float32 HELPER(vfp_fcvt_f16_to_f32)(uint32_t a, CPUARMState *env)
4896 return do_fcvt_f16_to_f32(a, env, &env->vfp.fp_status);
4899 uint32_t HELPER(vfp_fcvt_f32_to_f16)(float32 a, CPUARMState *env)
4901 return do_fcvt_f32_to_f16(a, env, &env->vfp.fp_status);
4904 float64 HELPER(vfp_fcvt_f16_to_f64)(uint32_t a, CPUARMState *env)
4906 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
4907 float64 r = float16_to_float64(make_float16(a), ieee, &env->vfp.fp_status);
4909 return float64_maybe_silence_nan(r);
4914 uint32_t HELPER(vfp_fcvt_f64_to_f16)(float64 a, CPUARMState *env)
4916 int ieee = (env->vfp.xregs[ARM_VFP_FPSCR] & (1 << 26)) == 0;
4917 float16 r = float64_to_float16(a, ieee, &env->vfp.fp_status);
4919 r = float16_maybe_silence_nan(r);
4921 return float16_val(r);
4924 #define float32_two make_float32(0x40000000)
4925 #define float32_three make_float32(0x40400000)
4926 #define float32_one_point_five make_float32(0x3fc00000)
4928 float32 HELPER(recps_f32)(float32 a, float32 b, CPUARMState *env)
4930 float_status *s = &env->vfp.standard_fp_status;
4931 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
4932 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
4933 if (!(float32_is_zero(a) || float32_is_zero(b))) {
4934 float_raise(float_flag_input_denormal, s);
4938 return float32_sub(float32_two, float32_mul(a, b, s), s);
4941 float32 HELPER(rsqrts_f32)(float32 a, float32 b, CPUARMState *env)
4943 float_status *s = &env->vfp.standard_fp_status;
4945 if ((float32_is_infinity(a) && float32_is_zero_or_denormal(b)) ||
4946 (float32_is_infinity(b) && float32_is_zero_or_denormal(a))) {
4947 if (!(float32_is_zero(a) || float32_is_zero(b))) {
4948 float_raise(float_flag_input_denormal, s);
4950 return float32_one_point_five;
4952 product = float32_mul(a, b, s);
4953 return float32_div(float32_sub(float32_three, product, s), float32_two, s);
4958 /* Constants 256 and 512 are used in some helpers; we avoid relying on
4959 * int->float conversions at run-time. */
4960 #define float64_256 make_float64(0x4070000000000000LL)
4961 #define float64_512 make_float64(0x4080000000000000LL)
4962 #define float32_maxnorm make_float32(0x7f7fffff)
4963 #define float64_maxnorm make_float64(0x7fefffffffffffffLL)
4965 /* Reciprocal functions
4967 * The algorithm that must be used to calculate the estimate
4968 * is specified by the ARM ARM, see FPRecipEstimate()
4971 static float64 recip_estimate(float64 a, float_status *real_fp_status)
4973 /* These calculations mustn't set any fp exception flags,
4974 * so we use a local copy of the fp_status.
4976 float_status dummy_status = *real_fp_status;
4977 float_status *s = &dummy_status;
4978 /* q = (int)(a * 512.0) */
4979 float64 q = float64_mul(float64_512, a, s);
4980 int64_t q_int = float64_to_int64_round_to_zero(q, s);
4982 /* r = 1.0 / (((double)q + 0.5) / 512.0) */
4983 q = int64_to_float64(q_int, s);
4984 q = float64_add(q, float64_half, s);
4985 q = float64_div(q, float64_512, s);
4986 q = float64_div(float64_one, q, s);
4988 /* s = (int)(256.0 * r + 0.5) */
4989 q = float64_mul(q, float64_256, s);
4990 q = float64_add(q, float64_half, s);
4991 q_int = float64_to_int64_round_to_zero(q, s);
4993 /* return (double)s / 256.0 */
4994 return float64_div(int64_to_float64(q_int, s), float64_256, s);
4997 /* Common wrapper to call recip_estimate */
4998 static float64 call_recip_estimate(float64 num, int off, float_status *fpst)
5000 uint64_t val64 = float64_val(num);
5001 uint64_t frac = extract64(val64, 0, 52);
5002 int64_t exp = extract64(val64, 52, 11);
5004 float64 scaled, estimate;
5006 /* Generate the scaled number for the estimate function */
5008 if (extract64(frac, 51, 1) == 0) {
5010 frac = extract64(frac, 0, 50) << 2;
5012 frac = extract64(frac, 0, 51) << 1;
5016 /* scaled = '0' : '01111111110' : fraction<51:44> : Zeros(44); */
5017 scaled = make_float64((0x3feULL << 52)
5018 | extract64(frac, 44, 8) << 44);
5020 estimate = recip_estimate(scaled, fpst);
5022 /* Build new result */
5023 val64 = float64_val(estimate);
5024 sbit = 0x8000000000000000ULL & val64;
5026 frac = extract64(val64, 0, 52);
5029 frac = 1ULL << 51 | extract64(frac, 1, 51);
5030 } else if (exp == -1) {
5031 frac = 1ULL << 50 | extract64(frac, 2, 50);
5035 return make_float64(sbit | (exp << 52) | frac);
5038 static bool round_to_inf(float_status *fpst, bool sign_bit)
5040 switch (fpst->float_rounding_mode) {
5041 case float_round_nearest_even: /* Round to Nearest */
5043 case float_round_up: /* Round to +Inf */
5045 case float_round_down: /* Round to -Inf */
5047 case float_round_to_zero: /* Round to Zero */
5051 g_assert_not_reached();
5054 float32 HELPER(recpe_f32)(float32 input, void *fpstp)
5056 float_status *fpst = fpstp;
5057 float32 f32 = float32_squash_input_denormal(input, fpst);
5058 uint32_t f32_val = float32_val(f32);
5059 uint32_t f32_sbit = 0x80000000ULL & f32_val;
5060 int32_t f32_exp = extract32(f32_val, 23, 8);
5061 uint32_t f32_frac = extract32(f32_val, 0, 23);
5067 if (float32_is_any_nan(f32)) {
5069 if (float32_is_signaling_nan(f32)) {
5070 float_raise(float_flag_invalid, fpst);
5071 nan = float32_maybe_silence_nan(f32);
5073 if (fpst->default_nan_mode) {
5074 nan = float32_default_nan;
5077 } else if (float32_is_infinity(f32)) {
5078 return float32_set_sign(float32_zero, float32_is_neg(f32));
5079 } else if (float32_is_zero(f32)) {
5080 float_raise(float_flag_divbyzero, fpst);
5081 return float32_set_sign(float32_infinity, float32_is_neg(f32));
5082 } else if ((f32_val & ~(1ULL << 31)) < (1ULL << 21)) {
5083 /* Abs(value) < 2.0^-128 */
5084 float_raise(float_flag_overflow | float_flag_inexact, fpst);
5085 if (round_to_inf(fpst, f32_sbit)) {
5086 return float32_set_sign(float32_infinity, float32_is_neg(f32));
5088 return float32_set_sign(float32_maxnorm, float32_is_neg(f32));
5090 } else if (f32_exp >= 253 && fpst->flush_to_zero) {
5091 float_raise(float_flag_underflow, fpst);
5092 return float32_set_sign(float32_zero, float32_is_neg(f32));
5096 f64 = make_float64(((int64_t)(f32_exp) << 52) | (int64_t)(f32_frac) << 29);
5097 r64 = call_recip_estimate(f64, 253, fpst);
5098 r64_val = float64_val(r64);
5099 r64_exp = extract64(r64_val, 52, 11);
5100 r64_frac = extract64(r64_val, 0, 52);
5102 /* result = sign : result_exp<7:0> : fraction<51:29>; */
5103 return make_float32(f32_sbit |
5104 (r64_exp & 0xff) << 23 |
5105 extract64(r64_frac, 29, 24));
5108 float64 HELPER(recpe_f64)(float64 input, void *fpstp)
5110 float_status *fpst = fpstp;
5111 float64 f64 = float64_squash_input_denormal(input, fpst);
5112 uint64_t f64_val = float64_val(f64);
5113 uint64_t f64_sbit = 0x8000000000000000ULL & f64_val;
5114 int64_t f64_exp = extract64(f64_val, 52, 11);
5120 /* Deal with any special cases */
5121 if (float64_is_any_nan(f64)) {
5123 if (float64_is_signaling_nan(f64)) {
5124 float_raise(float_flag_invalid, fpst);
5125 nan = float64_maybe_silence_nan(f64);
5127 if (fpst->default_nan_mode) {
5128 nan = float64_default_nan;
5131 } else if (float64_is_infinity(f64)) {
5132 return float64_set_sign(float64_zero, float64_is_neg(f64));
5133 } else if (float64_is_zero(f64)) {
5134 float_raise(float_flag_divbyzero, fpst);
5135 return float64_set_sign(float64_infinity, float64_is_neg(f64));
5136 } else if ((f64_val & ~(1ULL << 63)) < (1ULL << 50)) {
5137 /* Abs(value) < 2.0^-1024 */
5138 float_raise(float_flag_overflow | float_flag_inexact, fpst);
5139 if (round_to_inf(fpst, f64_sbit)) {
5140 return float64_set_sign(float64_infinity, float64_is_neg(f64));
5142 return float64_set_sign(float64_maxnorm, float64_is_neg(f64));
5144 } else if (f64_exp >= 1023 && fpst->flush_to_zero) {
5145 float_raise(float_flag_underflow, fpst);
5146 return float64_set_sign(float64_zero, float64_is_neg(f64));
5149 r64 = call_recip_estimate(f64, 2045, fpst);
5150 r64_val = float64_val(r64);
5151 r64_exp = extract64(r64_val, 52, 11);
5152 r64_frac = extract64(r64_val, 0, 52);
5154 /* result = sign : result_exp<10:0> : fraction<51:0> */
5155 return make_float64(f64_sbit |
5156 ((r64_exp & 0x7ff) << 52) |
5160 /* The algorithm that must be used to calculate the estimate
5161 * is specified by the ARM ARM.
5163 static float64 recip_sqrt_estimate(float64 a, float_status *real_fp_status)
5165 /* These calculations mustn't set any fp exception flags,
5166 * so we use a local copy of the fp_status.
5168 float_status dummy_status = *real_fp_status;
5169 float_status *s = &dummy_status;
5173 if (float64_lt(a, float64_half, s)) {
5174 /* range 0.25 <= a < 0.5 */
5176 /* a in units of 1/512 rounded down */
5177 /* q0 = (int)(a * 512.0); */
5178 q = float64_mul(float64_512, a, s);
5179 q_int = float64_to_int64_round_to_zero(q, s);
5181 /* reciprocal root r */
5182 /* r = 1.0 / sqrt(((double)q0 + 0.5) / 512.0); */
5183 q = int64_to_float64(q_int, s);
5184 q = float64_add(q, float64_half, s);
5185 q = float64_div(q, float64_512, s);
5186 q = float64_sqrt(q, s);
5187 q = float64_div(float64_one, q, s);
5189 /* range 0.5 <= a < 1.0 */
5191 /* a in units of 1/256 rounded down */
5192 /* q1 = (int)(a * 256.0); */
5193 q = float64_mul(float64_256, a, s);
5194 int64_t q_int = float64_to_int64_round_to_zero(q, s);
5196 /* reciprocal root r */
5197 /* r = 1.0 /sqrt(((double)q1 + 0.5) / 256); */
5198 q = int64_to_float64(q_int, s);
5199 q = float64_add(q, float64_half, s);
5200 q = float64_div(q, float64_256, s);
5201 q = float64_sqrt(q, s);
5202 q = float64_div(float64_one, q, s);
5204 /* r in units of 1/256 rounded to nearest */
5205 /* s = (int)(256.0 * r + 0.5); */
5207 q = float64_mul(q, float64_256,s );
5208 q = float64_add(q, float64_half, s);
5209 q_int = float64_to_int64_round_to_zero(q, s);
5211 /* return (double)s / 256.0;*/
5212 return float64_div(int64_to_float64(q_int, s), float64_256, s);
5215 float32 HELPER(rsqrte_f32)(float32 input, void *fpstp)
5217 float_status *s = fpstp;
5218 float32 f32 = float32_squash_input_denormal(input, s);
5219 uint32_t val = float32_val(f32);
5220 uint32_t f32_sbit = 0x80000000 & val;
5221 int32_t f32_exp = extract32(val, 23, 8);
5222 uint32_t f32_frac = extract32(val, 0, 23);
5228 if (float32_is_any_nan(f32)) {
5230 if (float32_is_signaling_nan(f32)) {
5231 float_raise(float_flag_invalid, s);
5232 nan = float32_maybe_silence_nan(f32);
5234 if (s->default_nan_mode) {
5235 nan = float32_default_nan;
5238 } else if (float32_is_zero(f32)) {
5239 float_raise(float_flag_divbyzero, s);
5240 return float32_set_sign(float32_infinity, float32_is_neg(f32));
5241 } else if (float32_is_neg(f32)) {
5242 float_raise(float_flag_invalid, s);
5243 return float32_default_nan;
5244 } else if (float32_is_infinity(f32)) {
5245 return float32_zero;
5248 /* Scale and normalize to a double-precision value between 0.25 and 1.0,
5249 * preserving the parity of the exponent. */
5251 f64_frac = ((uint64_t) f32_frac) << 29;
5253 while (extract64(f64_frac, 51, 1) == 0) {
5254 f64_frac = f64_frac << 1;
5255 f32_exp = f32_exp-1;
5257 f64_frac = extract64(f64_frac, 0, 51) << 1;
5260 if (extract64(f32_exp, 0, 1) == 0) {
5261 f64 = make_float64(((uint64_t) f32_sbit) << 32
5265 f64 = make_float64(((uint64_t) f32_sbit) << 32
5270 result_exp = (380 - f32_exp) / 2;
5272 f64 = recip_sqrt_estimate(f64, s);
5274 val64 = float64_val(f64);
5276 val = ((result_exp & 0xff) << 23)
5277 | ((val64 >> 29) & 0x7fffff);
5278 return make_float32(val);
5281 float64 HELPER(rsqrte_f64)(float64 input, void *fpstp)
5283 float_status *s = fpstp;
5284 float64 f64 = float64_squash_input_denormal(input, s);
5285 uint64_t val = float64_val(f64);
5286 uint64_t f64_sbit = 0x8000000000000000ULL & val;
5287 int64_t f64_exp = extract64(val, 52, 11);
5288 uint64_t f64_frac = extract64(val, 0, 52);
5290 uint64_t result_frac;
5292 if (float64_is_any_nan(f64)) {
5294 if (float64_is_signaling_nan(f64)) {
5295 float_raise(float_flag_invalid, s);
5296 nan = float64_maybe_silence_nan(f64);
5298 if (s->default_nan_mode) {
5299 nan = float64_default_nan;
5302 } else if (float64_is_zero(f64)) {
5303 float_raise(float_flag_divbyzero, s);
5304 return float64_set_sign(float64_infinity, float64_is_neg(f64));
5305 } else if (float64_is_neg(f64)) {
5306 float_raise(float_flag_invalid, s);
5307 return float64_default_nan;
5308 } else if (float64_is_infinity(f64)) {
5309 return float64_zero;
5312 /* Scale and normalize to a double-precision value between 0.25 and 1.0,
5313 * preserving the parity of the exponent. */
5316 while (extract64(f64_frac, 51, 1) == 0) {
5317 f64_frac = f64_frac << 1;
5318 f64_exp = f64_exp - 1;
5320 f64_frac = extract64(f64_frac, 0, 51) << 1;
5323 if (extract64(f64_exp, 0, 1) == 0) {
5324 f64 = make_float64(f64_sbit
5328 f64 = make_float64(f64_sbit
5333 result_exp = (3068 - f64_exp) / 2;
5335 f64 = recip_sqrt_estimate(f64, s);
5337 result_frac = extract64(float64_val(f64), 0, 52);
5339 return make_float64(f64_sbit |
5340 ((result_exp & 0x7ff) << 52) |
5344 uint32_t HELPER(recpe_u32)(uint32_t a, void *fpstp)
5346 float_status *s = fpstp;
5349 if ((a & 0x80000000) == 0) {
5353 f64 = make_float64((0x3feULL << 52)
5354 | ((int64_t)(a & 0x7fffffff) << 21));
5356 f64 = recip_estimate(f64, s);
5358 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
5361 uint32_t HELPER(rsqrte_u32)(uint32_t a, void *fpstp)
5363 float_status *fpst = fpstp;
5366 if ((a & 0xc0000000) == 0) {
5370 if (a & 0x80000000) {
5371 f64 = make_float64((0x3feULL << 52)
5372 | ((uint64_t)(a & 0x7fffffff) << 21));
5373 } else { /* bits 31-30 == '01' */
5374 f64 = make_float64((0x3fdULL << 52)
5375 | ((uint64_t)(a & 0x3fffffff) << 22));
5378 f64 = recip_sqrt_estimate(f64, fpst);
5380 return 0x80000000 | ((float64_val(f64) >> 21) & 0x7fffffff);
5383 /* VFPv4 fused multiply-accumulate */
5384 float32 VFP_HELPER(muladd, s)(float32 a, float32 b, float32 c, void *fpstp)
5386 float_status *fpst = fpstp;
5387 return float32_muladd(a, b, c, 0, fpst);
5390 float64 VFP_HELPER(muladd, d)(float64 a, float64 b, float64 c, void *fpstp)
5392 float_status *fpst = fpstp;
5393 return float64_muladd(a, b, c, 0, fpst);
5396 /* ARMv8 round to integral */
5397 float32 HELPER(rints_exact)(float32 x, void *fp_status)
5399 return float32_round_to_int(x, fp_status);
5402 float64 HELPER(rintd_exact)(float64 x, void *fp_status)
5404 return float64_round_to_int(x, fp_status);
5407 float32 HELPER(rints)(float32 x, void *fp_status)
5409 int old_flags = get_float_exception_flags(fp_status), new_flags;
5412 ret = float32_round_to_int(x, fp_status);
5414 /* Suppress any inexact exceptions the conversion produced */
5415 if (!(old_flags & float_flag_inexact)) {
5416 new_flags = get_float_exception_flags(fp_status);
5417 set_float_exception_flags(new_flags & ~float_flag_inexact, fp_status);
5423 float64 HELPER(rintd)(float64 x, void *fp_status)
5425 int old_flags = get_float_exception_flags(fp_status), new_flags;
5428 ret = float64_round_to_int(x, fp_status);
5430 new_flags = get_float_exception_flags(fp_status);
5432 /* Suppress any inexact exceptions the conversion produced */
5433 if (!(old_flags & float_flag_inexact)) {
5434 new_flags = get_float_exception_flags(fp_status);
5435 set_float_exception_flags(new_flags & ~float_flag_inexact, fp_status);
5441 /* Convert ARM rounding mode to softfloat */
5442 int arm_rmode_to_sf(int rmode)
5445 case FPROUNDING_TIEAWAY:
5446 rmode = float_round_ties_away;
5448 case FPROUNDING_ODD:
5449 /* FIXME: add support for TIEAWAY and ODD */
5450 qemu_log_mask(LOG_UNIMP, "arm: unimplemented rounding mode: %d\n",
5452 case FPROUNDING_TIEEVEN:
5454 rmode = float_round_nearest_even;
5456 case FPROUNDING_POSINF:
5457 rmode = float_round_up;
5459 case FPROUNDING_NEGINF:
5460 rmode = float_round_down;
5462 case FPROUNDING_ZERO:
5463 rmode = float_round_to_zero;
5469 static void crc_init_buffer(uint8_t *buf, uint32_t val, uint32_t bytes)
5474 buf[0] = val & 0xff;
5475 } else if (bytes == 2) {
5476 buf[0] = val & 0xff;
5477 buf[1] = (val >> 8) & 0xff;
5479 buf[0] = val & 0xff;
5480 buf[1] = (val >> 8) & 0xff;
5481 buf[2] = (val >> 16) & 0xff;
5482 buf[3] = (val >> 24) & 0xff;
5486 uint32_t HELPER(crc32)(uint32_t acc, uint32_t val, uint32_t bytes)
5490 crc_init_buffer(buf, val, bytes);
5492 /* zlib crc32 converts the accumulator and output to one's complement. */
5493 return crc32(acc ^ 0xffffffff, buf, bytes) ^ 0xffffffff;
5496 uint32_t HELPER(crc32c)(uint32_t acc, uint32_t val, uint32_t bytes)
5500 crc_init_buffer(buf, val, bytes);
5502 /* Linux crc32c converts the output to one's complement. */
5503 return crc32c(acc, buf, bytes) ^ 0xffffffff;
projects / qemu.git / blob