2005-02-22 22:27:29 +03:00
|
|
|
/*
|
|
|
|
* ARM helper routines
|
2007-09-17 01:08:06 +04:00
|
|
|
*
|
2007-11-11 03:04:49 +03:00
|
|
|
* Copyright (c) 2005-2007 CodeSourcery, LLC
|
2005-02-22 22:27:29 +03:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
2020-10-23 15:29:13 +03:00
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
2005-02-22 22:27:29 +03:00
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2009-07-17 00:47:01 +04:00
|
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
2005-02-22 22:27:29 +03:00
|
|
|
*/
|
2015-12-07 19:23:44 +03:00
|
|
|
#include "qemu/osdep.h"
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
#include "qemu/main-loop.h"
|
2011-07-13 16:44:15 +04:00
|
|
|
#include "cpu.h"
|
2014-04-08 09:31:41 +04:00
|
|
|
#include "exec/helper-proto.h"
|
2014-04-15 22:18:37 +04:00
|
|
|
#include "internals.h"
|
2023-10-24 19:35:05 +03:00
|
|
|
#include "cpu-features.h"
|
2016-03-15 15:18:37 +03:00
|
|
|
#include "exec/exec-all.h"
|
2014-03-28 22:42:10 +04:00
|
|
|
#include "exec/cpu_ldst.h"
|
2022-05-01 08:49:43 +03:00
|
|
|
#include "cpregs.h"
|
2005-02-22 22:27:29 +03:00
|
|
|
|
2008-03-31 07:48:30 +04:00
|
|
|
#define SIGNBIT (uint32_t)0x80000000
|
|
|
|
#define SIGNBIT64 ((uint64_t)1 << 63)
|
|
|
|
|
2022-06-10 16:32:30 +03:00
|
|
|
int exception_target_el(CPUARMState *env)
|
|
|
|
{
|
|
|
|
int target_el = MAX(1, arm_current_el(env));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No such thing as secure EL1 if EL3 is aarch32,
|
|
|
|
* so update the target EL to EL3 in this case.
|
|
|
|
*/
|
|
|
|
if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
|
|
|
|
target_el = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
return target_el;
|
|
|
|
}
|
|
|
|
|
2021-05-26 15:18:45 +03:00
|
|
|
void raise_exception(CPUARMState *env, uint32_t excp,
|
|
|
|
uint32_t syndrome, uint32_t target_el)
|
2005-02-22 22:27:29 +03:00
|
|
|
{
|
2019-03-23 03:41:14 +03:00
|
|
|
CPUState *cs = env_cpu(env);
|
2013-08-26 10:31:06 +04:00
|
|
|
|
2018-12-13 16:48:08 +03:00
|
|
|
if (target_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) {
|
2018-08-14 19:17:21 +03:00
|
|
|
/*
|
|
|
|
* Redirect NS EL1 exceptions to NS EL2. These are reported with
|
|
|
|
* their original syndrome register value, with the exception of
|
|
|
|
* SIMD/FP access traps, which are reported as uncategorized
|
|
|
|
* (see DDI0478C.a D1.10.4)
|
|
|
|
*/
|
|
|
|
target_el = 2;
|
2018-10-24 09:50:18 +03:00
|
|
|
if (syn_get_ec(syndrome) == EC_ADVSIMDFPACCESSTRAP) {
|
2018-08-14 19:17:21 +03:00
|
|
|
syndrome = syn_uncategorized();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-29 13:28:51 +03:00
|
|
|
assert(!excp_is_internal(excp));
|
|
|
|
cs->exception_index = excp;
|
|
|
|
env->exception.syndrome = syndrome;
|
|
|
|
env->exception.target_el = target_el;
|
2013-08-27 19:52:12 +04:00
|
|
|
cpu_loop_exit(cs);
|
2005-02-22 22:27:29 +03:00
|
|
|
}
|
|
|
|
|
2019-01-21 13:23:11 +03:00
|
|
|
void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome,
|
|
|
|
uint32_t target_el, uintptr_t ra)
|
|
|
|
{
|
2021-05-26 15:18:44 +03:00
|
|
|
CPUState *cs = env_cpu(env);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* restore_state_to_opc() will set env->exception.syndrome, so
|
|
|
|
* we must restore CPU state here before setting the syndrome
|
|
|
|
* the caller passed us, and cannot use cpu_loop_exit_restore().
|
|
|
|
*/
|
2022-10-24 16:09:57 +03:00
|
|
|
cpu_restore_state(cs, ra);
|
2021-05-26 15:18:44 +03:00
|
|
|
raise_exception(env, excp, syndrome, target_el);
|
2019-01-21 13:23:11 +03:00
|
|
|
}
|
|
|
|
|
2020-11-05 20:11:26 +03:00
|
|
|
uint64_t HELPER(neon_tbl)(CPUARMState *env, uint32_t desc,
|
|
|
|
uint64_t ireg, uint64_t def)
|
2007-11-11 03:04:49 +03:00
|
|
|
{
|
2020-11-05 20:11:26 +03:00
|
|
|
uint64_t tmp, val = 0;
|
|
|
|
uint32_t maxindex = ((desc & 3) + 1) * 8;
|
|
|
|
uint32_t base_reg = desc >> 2;
|
|
|
|
uint32_t shift, index, reg;
|
2018-01-25 14:45:28 +03:00
|
|
|
|
2020-11-05 20:11:26 +03:00
|
|
|
for (shift = 0; shift < 64; shift += 8) {
|
|
|
|
index = (ireg >> shift) & 0xff;
|
2008-03-31 07:48:01 +04:00
|
|
|
if (index < maxindex) {
|
2020-11-05 20:11:26 +03:00
|
|
|
reg = base_reg + (index >> 3);
|
|
|
|
tmp = *aa32_vfp_dreg(env, reg);
|
|
|
|
tmp = ((tmp >> ((index & 7) << 3)) & 0xff) << shift;
|
2007-11-11 03:04:49 +03:00
|
|
|
} else {
|
2020-11-05 20:11:26 +03:00
|
|
|
tmp = def & (0xffull << shift);
|
2007-11-11 03:04:49 +03:00
|
|
|
}
|
2020-11-05 20:11:26 +03:00
|
|
|
val |= tmp;
|
2007-11-11 03:04:49 +03:00
|
|
|
}
|
2008-03-31 07:48:01 +04:00
|
|
|
return val;
|
2007-11-11 03:04:49 +03:00
|
|
|
}
|
|
|
|
|
2018-10-08 16:55:04 +03:00
|
|
|
void HELPER(v8m_stackcheck)(CPUARMState *env, uint32_t newvalue)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Perform the v8M stack limit check for SP updates from translated code,
|
|
|
|
* raising an exception if the limit is breached.
|
|
|
|
*/
|
|
|
|
if (newvalue < v7m_sp_limit(env)) {
|
|
|
|
/*
|
|
|
|
* Stack limit exceptions are a rare case, so rather than syncing
|
2021-05-26 15:18:47 +03:00
|
|
|
* PC/condbits before the call, we use raise_exception_ra() so
|
|
|
|
* that cpu_restore_state() will sort them out.
|
2018-10-08 16:55:04 +03:00
|
|
|
*/
|
2021-05-26 15:18:47 +03:00
|
|
|
raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());
|
2018-10-08 16:55:04 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-19 20:57:48 +03:00
|
|
|
/* Sign/zero extend */
|
|
|
|
uint32_t HELPER(sxtb16)(uint32_t x)
|
|
|
|
{
|
|
|
|
uint32_t res;
|
|
|
|
res = (uint16_t)(int8_t)x;
|
|
|
|
res |= (uint32_t)(int8_t)(x >> 16) << 16;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void handle_possible_div0_trap(CPUARMState *env, uintptr_t ra)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Take a division-by-zero exception if necessary; otherwise return
|
|
|
|
* to get the usual non-trapping division behaviour (result of 0)
|
|
|
|
*/
|
|
|
|
if (arm_feature(env, ARM_FEATURE_M)
|
|
|
|
&& (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_DIV_0_TRP_MASK)) {
|
|
|
|
raise_exception_ra(env, EXCP_DIVBYZERO, 0, 1, ra);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t HELPER(uxtb16)(uint32_t x)
|
|
|
|
{
|
|
|
|
uint32_t res;
|
|
|
|
res = (uint16_t)(uint8_t)x;
|
|
|
|
res |= (uint32_t)(uint8_t)(x >> 16) << 16;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
int32_t HELPER(sdiv)(CPUARMState *env, int32_t num, int32_t den)
|
|
|
|
{
|
|
|
|
if (den == 0) {
|
|
|
|
handle_possible_div0_trap(env, GETPC());
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (num == INT_MIN && den == -1) {
|
|
|
|
return INT_MIN;
|
|
|
|
}
|
|
|
|
return num / den;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t HELPER(udiv)(CPUARMState *env, uint32_t num, uint32_t den)
|
|
|
|
{
|
|
|
|
if (den == 0) {
|
|
|
|
handle_possible_div0_trap(env, GETPC());
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return num / den;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t HELPER(rbit)(uint32_t x)
|
|
|
|
{
|
|
|
|
return revbit32(x);
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(add_setq)(CPUARMState *env, uint32_t a, uint32_t b)
|
2008-03-31 07:45:50 +04:00
|
|
|
{
|
|
|
|
uint32_t res = a + b;
|
|
|
|
if (((res ^ a) & SIGNBIT) && !((a ^ b) & SIGNBIT))
|
|
|
|
env->QF = 1;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(add_saturate)(CPUARMState *env, uint32_t a, uint32_t b)
|
2008-03-31 07:45:50 +04:00
|
|
|
{
|
|
|
|
uint32_t res = a + b;
|
|
|
|
if (((res ^ a) & SIGNBIT) && !((a ^ b) & SIGNBIT)) {
|
|
|
|
env->QF = 1;
|
|
|
|
res = ~(((int32_t)a >> 31) ^ SIGNBIT);
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(sub_saturate)(CPUARMState *env, uint32_t a, uint32_t b)
|
2008-03-31 07:45:50 +04:00
|
|
|
{
|
|
|
|
uint32_t res = a - b;
|
|
|
|
if (((res ^ a) & SIGNBIT) && ((a ^ b) & SIGNBIT)) {
|
|
|
|
env->QF = 1;
|
|
|
|
res = ~(((int32_t)a >> 31) ^ SIGNBIT);
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(add_usaturate)(CPUARMState *env, uint32_t a, uint32_t b)
|
2008-03-31 07:45:50 +04:00
|
|
|
{
|
|
|
|
uint32_t res = a + b;
|
|
|
|
if (res < a) {
|
|
|
|
env->QF = 1;
|
|
|
|
res = ~0;
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(sub_usaturate)(CPUARMState *env, uint32_t a, uint32_t b)
|
2008-03-31 07:45:50 +04:00
|
|
|
{
|
|
|
|
uint32_t res = a - b;
|
|
|
|
if (res > a) {
|
|
|
|
env->QF = 1;
|
|
|
|
res = 0;
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2008-03-31 07:46:33 +04:00
|
|
|
/* Signed saturation. */
|
2012-09-05 00:19:15 +04:00
|
|
|
static inline uint32_t do_ssat(CPUARMState *env, int32_t val, int shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
|
|
|
int32_t top;
|
|
|
|
uint32_t mask;
|
|
|
|
|
|
|
|
top = val >> shift;
|
|
|
|
mask = (1u << shift) - 1;
|
|
|
|
if (top > 0) {
|
|
|
|
env->QF = 1;
|
|
|
|
return mask;
|
|
|
|
} else if (top < -1) {
|
|
|
|
env->QF = 1;
|
|
|
|
return ~mask;
|
|
|
|
}
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Unsigned saturation. */
|
2012-09-05 00:19:15 +04:00
|
|
|
static inline uint32_t do_usat(CPUARMState *env, int32_t val, int shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
|
|
|
uint32_t max;
|
|
|
|
|
|
|
|
max = (1u << shift) - 1;
|
|
|
|
if (val < 0) {
|
|
|
|
env->QF = 1;
|
|
|
|
return 0;
|
|
|
|
} else if (val > max) {
|
|
|
|
env->QF = 1;
|
|
|
|
return max;
|
|
|
|
}
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Signed saturate. */
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(ssat)(CPUARMState *env, uint32_t x, uint32_t shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
2012-09-05 00:19:15 +04:00
|
|
|
return do_ssat(env, x, shift);
|
2008-03-31 07:46:33 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Dual halfword signed saturate. */
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(ssat16)(CPUARMState *env, uint32_t x, uint32_t shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
|
|
|
uint32_t res;
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
res = (uint16_t)do_ssat(env, (int16_t)x, shift);
|
|
|
|
res |= do_ssat(env, ((int32_t)x) >> 16, shift) << 16;
|
2008-03-31 07:46:33 +04:00
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Unsigned saturate. */
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(usat)(CPUARMState *env, uint32_t x, uint32_t shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
2012-09-05 00:19:15 +04:00
|
|
|
return do_usat(env, x, shift);
|
2008-03-31 07:46:33 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Dual halfword unsigned saturate. */
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(usat16)(CPUARMState *env, uint32_t x, uint32_t shift)
|
2008-03-31 07:46:33 +04:00
|
|
|
{
|
|
|
|
uint32_t res;
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
res = (uint16_t)do_usat(env, (int16_t)x, shift);
|
|
|
|
res |= do_usat(env, ((int32_t)x) >> 16, shift) << 16;
|
2008-03-31 07:46:33 +04:00
|
|
|
return res;
|
|
|
|
}
|
2008-03-31 07:46:50 +04:00
|
|
|
|
2016-03-04 14:30:21 +03:00
|
|
|
void HELPER(setend)(CPUARMState *env)
|
|
|
|
{
|
|
|
|
env->uncached_cpsr ^= CPSR_E;
|
2019-10-23 18:00:51 +03:00
|
|
|
arm_rebuild_hflags(env);
|
2016-03-04 14:30:21 +03:00
|
|
|
}
|
|
|
|
|
2021-08-16 21:03:05 +03:00
|
|
|
void HELPER(check_bxj_trap)(CPUARMState *env, uint32_t rm)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Only called if in NS EL0 or EL1 for a BXJ for a v7A CPU;
|
|
|
|
* check if HSTR.TJDBX means we need to trap to EL2.
|
|
|
|
*/
|
|
|
|
if (env->cp15.hstr_el2 & HSTR_TJDBX) {
|
|
|
|
/*
|
|
|
|
* We know the condition code check passed, so take the IMPDEF
|
|
|
|
* choice to always report CV=1 COND 0xe
|
|
|
|
*/
|
|
|
|
uint32_t syn = syn_bxjtrap(1, 0xe, rm);
|
|
|
|
raise_exception_ra(env, EXCP_HYP_TRAP, syn, 2, GETPC());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-30 19:22:12 +03:00
|
|
|
#ifndef CONFIG_USER_ONLY
|
2015-05-29 13:28:53 +03:00
|
|
|
/* Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
|
|
|
|
* The function returns the target EL (1-3) if the instruction is to be trapped;
|
|
|
|
* otherwise it returns 0 indicating it is not trapped.
|
|
|
|
*/
|
|
|
|
static inline int check_wfx_trap(CPUARMState *env, bool is_wfe)
|
|
|
|
{
|
|
|
|
int cur_el = arm_current_el(env);
|
|
|
|
uint64_t mask;
|
|
|
|
|
2017-09-04 17:21:51 +03:00
|
|
|
if (arm_feature(env, ARM_FEATURE_M)) {
|
|
|
|
/* M profile cores can never trap WFI/WFE. */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-05-29 13:28:53 +03:00
|
|
|
/* If we are currently in EL0 then we need to check if SCTLR is set up for
|
|
|
|
* WFx instructions being trapped to EL1. These trap bits don't exist in v7.
|
|
|
|
*/
|
|
|
|
if (cur_el < 1 && arm_feature(env, ARM_FEATURE_V8)) {
|
|
|
|
int target_el;
|
|
|
|
|
|
|
|
mask = is_wfe ? SCTLR_nTWE : SCTLR_nTWI;
|
|
|
|
if (arm_is_secure_below_el3(env) && !arm_el_is_aa64(env, 3)) {
|
|
|
|
/* Secure EL0 and Secure PL1 is at EL3 */
|
|
|
|
target_el = 3;
|
|
|
|
} else {
|
|
|
|
target_el = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(env->cp15.sctlr_el[target_el] & mask)) {
|
|
|
|
return target_el;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We are not trapping to EL1; trap to EL2 if HCR_EL2 requires it
|
|
|
|
* No need for ARM_FEATURE check as if HCR_EL2 doesn't exist the
|
|
|
|
* bits will be zero indicating no trap.
|
|
|
|
*/
|
2018-12-13 16:48:08 +03:00
|
|
|
if (cur_el < 2) {
|
|
|
|
mask = is_wfe ? HCR_TWE : HCR_TWI;
|
|
|
|
if (arm_hcr_el2_eff(env) & mask) {
|
2015-05-29 13:28:53 +03:00
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We are not trapping to EL1 or EL2; trap to EL3 if SCR_EL3 requires it */
|
|
|
|
if (cur_el < 3) {
|
|
|
|
mask = (is_wfe) ? SCR_TWE : SCR_TWI;
|
|
|
|
if (env->cp15.scr_el3 & mask) {
|
|
|
|
return 3;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2021-04-30 19:22:12 +03:00
|
|
|
#endif
|
2015-05-29 13:28:53 +03:00
|
|
|
|
2017-10-31 14:50:50 +03:00
|
|
|
void HELPER(wfi)(CPUARMState *env, uint32_t insn_len)
|
2008-03-31 07:46:50 +04:00
|
|
|
{
|
2021-04-30 19:22:12 +03:00
|
|
|
#ifdef CONFIG_USER_ONLY
|
|
|
|
/*
|
|
|
|
* WFI in the user-mode emulator is technically permitted but not
|
|
|
|
* something any real-world code would do. AArch64 Linux kernels
|
|
|
|
* trap it via SCTRL_EL1.nTWI and make it an (expensive) NOP;
|
|
|
|
* AArch32 kernels don't trap it so it will delay a bit.
|
|
|
|
* For QEMU, make it NOP here, because trying to raise EXCP_HLT
|
|
|
|
* would trigger an abort.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
#else
|
2019-03-23 03:41:14 +03:00
|
|
|
CPUState *cs = env_cpu(env);
|
2015-05-29 13:28:53 +03:00
|
|
|
int target_el = check_wfx_trap(env, false);
|
2013-01-17 21:51:17 +04:00
|
|
|
|
2015-05-29 13:28:53 +03:00
|
|
|
if (cpu_has_work(cs)) {
|
|
|
|
/* Don't bother to go into our "low power state" if
|
|
|
|
* we would just wake up immediately.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-05-29 13:28:53 +03:00
|
|
|
if (target_el) {
|
2020-01-17 17:09:31 +03:00
|
|
|
if (env->aarch64) {
|
|
|
|
env->pc -= insn_len;
|
|
|
|
} else {
|
|
|
|
env->regs[15] -= insn_len;
|
|
|
|
}
|
|
|
|
|
2017-10-31 14:50:50 +03:00
|
|
|
raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, insn_len == 2),
|
|
|
|
target_el);
|
2015-05-29 13:28:53 +03:00
|
|
|
}
|
|
|
|
|
2013-08-26 10:31:06 +04:00
|
|
|
cs->exception_index = EXCP_HLT;
|
2013-01-17 21:51:17 +04:00
|
|
|
cs->halted = 1;
|
2013-08-27 19:52:12 +04:00
|
|
|
cpu_loop_exit(cs);
|
2021-04-30 19:22:12 +03:00
|
|
|
#endif
|
2008-03-31 07:46:50 +04:00
|
|
|
}
|
|
|
|
|
2024-04-30 17:00:35 +03:00
|
|
|
void HELPER(wfit)(CPUARMState *env, uint64_t timeout)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_USER_ONLY
|
|
|
|
/*
|
|
|
|
* WFI in the user-mode emulator is technically permitted but not
|
|
|
|
* something any real-world code would do. AArch64 Linux kernels
|
|
|
|
* trap it via SCTRL_EL1.nTWI and make it an (expensive) NOP;
|
|
|
|
* AArch32 kernels don't trap it so it will delay a bit.
|
|
|
|
* For QEMU, make it NOP here, because trying to raise EXCP_HLT
|
|
|
|
* would trigger an abort.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
#else
|
|
|
|
ARMCPU *cpu = env_archcpu(env);
|
|
|
|
CPUState *cs = env_cpu(env);
|
|
|
|
int target_el = check_wfx_trap(env, false);
|
|
|
|
/* The WFIT should time out when CNTVCT_EL0 >= the specified value. */
|
|
|
|
uint64_t cntval = gt_get_countervalue(env);
|
|
|
|
uint64_t offset = gt_virt_cnt_offset(env);
|
|
|
|
uint64_t cntvct = cntval - offset;
|
|
|
|
uint64_t nexttick;
|
|
|
|
|
|
|
|
if (cpu_has_work(cs) || cntvct >= timeout) {
|
|
|
|
/*
|
|
|
|
* Don't bother to go into our "low power state" if
|
|
|
|
* we would just wake up immediately.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (target_el) {
|
|
|
|
env->pc -= 4;
|
|
|
|
raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, false),
|
|
|
|
target_el);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (uadd64_overflow(timeout, offset, &nexttick)) {
|
|
|
|
nexttick = UINT64_MAX;
|
|
|
|
}
|
|
|
|
if (nexttick > INT64_MAX / gt_cntfrq_period_ns(cpu)) {
|
|
|
|
/*
|
|
|
|
* If the timeout is too long for the signed 64-bit range
|
|
|
|
* of a QEMUTimer, let it expire early.
|
|
|
|
*/
|
|
|
|
timer_mod_ns(cpu->wfxt_timer, INT64_MAX);
|
|
|
|
} else {
|
|
|
|
timer_mod(cpu->wfxt_timer, nexttick);
|
|
|
|
}
|
|
|
|
cs->exception_index = EXCP_HLT;
|
|
|
|
cs->halted = 1;
|
|
|
|
cpu_loop_exit(cs);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2014-03-10 18:56:30 +04:00
|
|
|
void HELPER(wfe)(CPUARMState *env)
|
|
|
|
{
|
2015-07-06 12:05:44 +03:00
|
|
|
/* This is a hint instruction that is semantically different
|
|
|
|
* from YIELD even though we currently implement it identically.
|
|
|
|
* Don't actually halt the CPU, just yield back to top
|
2015-05-29 13:28:53 +03:00
|
|
|
* level loop. This is not going into a "low power state"
|
|
|
|
* (ie halting until some event occurs), so we never take
|
|
|
|
* a configurable trap to a different exception level.
|
2014-03-10 18:56:30 +04:00
|
|
|
*/
|
2015-07-06 12:05:44 +03:00
|
|
|
HELPER(yield)(env);
|
|
|
|
}
|
|
|
|
|
|
|
|
void HELPER(yield)(CPUARMState *env)
|
|
|
|
{
|
2019-03-23 03:41:14 +03:00
|
|
|
CPUState *cs = env_cpu(env);
|
2015-07-06 12:05:44 +03:00
|
|
|
|
|
|
|
/* This is a non-trappable hint instruction that generally indicates
|
|
|
|
* that the guest is currently busy-looping. Yield control back to the
|
|
|
|
* top level loop so that a more deserving VCPU has a chance to run.
|
|
|
|
*/
|
2013-08-26 10:31:06 +04:00
|
|
|
cs->exception_index = EXCP_YIELD;
|
2013-08-27 19:52:12 +04:00
|
|
|
cpu_loop_exit(cs);
|
2014-03-10 18:56:30 +04:00
|
|
|
}
|
|
|
|
|
2014-04-15 22:18:38 +04:00
|
|
|
/* Raise an internal-to-QEMU exception. This is limited to only
|
|
|
|
* those EXCP values which are special cases for QEMU to interrupt
|
|
|
|
* execution and not to be used for exceptions which are passed to
|
|
|
|
* the guest (those must all have syndrome information and thus should
|
2022-06-10 16:32:31 +03:00
|
|
|
* use exception_with_syndrome*).
|
2014-04-15 22:18:38 +04:00
|
|
|
*/
|
|
|
|
void HELPER(exception_internal)(CPUARMState *env, uint32_t excp)
|
|
|
|
{
|
2019-03-23 03:41:14 +03:00
|
|
|
CPUState *cs = env_cpu(env);
|
2014-04-15 22:18:38 +04:00
|
|
|
|
|
|
|
assert(excp_is_internal(excp));
|
|
|
|
cs->exception_index = excp;
|
|
|
|
cpu_loop_exit(cs);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Raise an exception with the specified syndrome register value */
|
2022-06-10 16:32:31 +03:00
|
|
|
void HELPER(exception_with_syndrome_el)(CPUARMState *env, uint32_t excp,
|
|
|
|
uint32_t syndrome, uint32_t target_el)
|
2008-03-31 07:46:50 +04:00
|
|
|
{
|
2015-05-29 13:28:51 +03:00
|
|
|
raise_exception(env, excp, syndrome, target_el);
|
2008-03-31 07:46:50 +04:00
|
|
|
}
|
|
|
|
|
2022-06-10 16:32:34 +03:00
|
|
|
/*
|
|
|
|
* Raise an exception with the specified syndrome register value
|
|
|
|
* to the default target el.
|
|
|
|
*/
|
|
|
|
void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
|
|
|
|
uint32_t syndrome)
|
|
|
|
{
|
|
|
|
raise_exception(env, excp, syndrome, exception_target_el(env));
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(cpsr_read)(CPUARMState *env)
|
2008-03-31 07:46:50 +04:00
|
|
|
{
|
2021-02-08 09:56:58 +03:00
|
|
|
return cpsr_read(env) & ~CPSR_EXEC;
|
2008-03-31 07:46:50 +04:00
|
|
|
}
|
|
|
|
|
2012-09-05 00:08:34 +04:00
|
|
|
void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask)
|
2008-03-31 07:46:50 +04:00
|
|
|
{
|
2016-02-23 18:36:43 +03:00
|
|
|
cpsr_write(env, val, mask, CPSRWriteByInstr);
|
2019-10-23 18:00:51 +03:00
|
|
|
/* TODO: Not all cpsr bits are relevant to hflags. */
|
|
|
|
arm_rebuild_hflags(env);
|
2008-03-31 07:46:50 +04:00
|
|
|
}
|
2008-03-31 07:47:03 +04:00
|
|
|
|
2016-02-23 18:36:43 +03:00
|
|
|
/* Write the CPSR for a 32-bit exception return */
|
|
|
|
void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
|
|
|
|
{
|
2020-02-08 15:58:03 +03:00
|
|
|
uint32_t mask;
|
|
|
|
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
2019-03-23 03:41:14 +03:00
|
|
|
arm_call_pre_el_change_hook(env_archcpu(env));
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
2018-04-26 13:04:39 +03:00
|
|
|
|
2020-02-08 15:58:03 +03:00
|
|
|
mask = aarch32_cpsr_valid_mask(env->features, &env_archcpu(env)->isar);
|
|
|
|
cpsr_write(env, val, mask, CPSRWriteExceptionReturn);
|
2016-06-17 17:23:46 +03:00
|
|
|
|
2016-10-10 18:26:03 +03:00
|
|
|
/* Generated code has already stored the new PC value, but
|
|
|
|
* without masking out its low bits, because which bits need
|
|
|
|
* masking depends on whether we're returning to Thumb or ARM
|
|
|
|
* state. Do the masking now.
|
|
|
|
*/
|
|
|
|
env->regs[15] &= (env->thumb ? ~1 : ~3);
|
2019-10-23 18:00:49 +03:00
|
|
|
arm_rebuild_hflags(env);
|
2016-10-10 18:26:03 +03:00
|
|
|
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
2019-03-23 03:41:14 +03:00
|
|
|
arm_call_el_change_hook(env_archcpu(env));
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
2016-02-23 18:36:43 +03:00
|
|
|
}
|
|
|
|
|
2008-03-31 07:47:03 +04:00
|
|
|
/* Access to user mode registers from privileged modes. */
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(get_user_reg)(CPUARMState *env, uint32_t regno)
|
2008-03-31 07:47:03 +04:00
|
|
|
{
|
|
|
|
uint32_t val;
|
|
|
|
|
|
|
|
if (regno == 13) {
|
2015-11-03 16:49:41 +03:00
|
|
|
val = env->banked_r13[BANK_USRSYS];
|
2008-03-31 07:47:03 +04:00
|
|
|
} else if (regno == 14) {
|
2015-11-03 16:49:41 +03:00
|
|
|
val = env->banked_r14[BANK_USRSYS];
|
2008-03-31 07:47:03 +04:00
|
|
|
} else if (regno >= 8
|
|
|
|
&& (env->uncached_cpsr & 0x1f) == ARM_CPU_MODE_FIQ) {
|
|
|
|
val = env->usr_regs[regno - 8];
|
|
|
|
} else {
|
|
|
|
val = env->regs[regno];
|
|
|
|
}
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:08:34 +04:00
|
|
|
void HELPER(set_user_reg)(CPUARMState *env, uint32_t regno, uint32_t val)
|
2008-03-31 07:47:03 +04:00
|
|
|
{
|
|
|
|
if (regno == 13) {
|
2015-11-03 16:49:41 +03:00
|
|
|
env->banked_r13[BANK_USRSYS] = val;
|
2008-03-31 07:47:03 +04:00
|
|
|
} else if (regno == 14) {
|
2015-11-03 16:49:41 +03:00
|
|
|
env->banked_r14[BANK_USRSYS] = val;
|
2008-03-31 07:47:03 +04:00
|
|
|
} else if (regno >= 8
|
|
|
|
&& (env->uncached_cpsr & 0x1f) == ARM_CPU_MODE_FIQ) {
|
|
|
|
env->usr_regs[regno - 8] = val;
|
|
|
|
} else {
|
|
|
|
env->regs[regno] = val;
|
|
|
|
}
|
|
|
|
}
|
2012-06-20 15:57:06 +04:00
|
|
|
|
2016-02-18 17:16:16 +03:00
|
|
|
void HELPER(set_r13_banked)(CPUARMState *env, uint32_t mode, uint32_t val)
|
|
|
|
{
|
|
|
|
if ((env->uncached_cpsr & CPSR_M) == mode) {
|
|
|
|
env->regs[13] = val;
|
|
|
|
} else {
|
|
|
|
env->banked_r13[bank_number(mode)] = val;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t HELPER(get_r13_banked)(CPUARMState *env, uint32_t mode)
|
|
|
|
{
|
2016-02-18 17:16:17 +03:00
|
|
|
if ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_SYS) {
|
|
|
|
/* SRS instruction is UNPREDICTABLE from System mode; we UNDEF.
|
|
|
|
* Other UNPREDICTABLE and UNDEF cases were caught at translate time.
|
|
|
|
*/
|
|
|
|
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
|
|
|
|
exception_target_el(env));
|
|
|
|
}
|
|
|
|
|
2016-02-18 17:16:16 +03:00
|
|
|
if ((env->uncached_cpsr & CPSR_M) == mode) {
|
|
|
|
return env->regs[13];
|
|
|
|
} else {
|
|
|
|
return env->banked_r13[bank_number(mode)];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-16 20:05:58 +03:00
|
|
|
static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
|
|
|
|
uint32_t regno)
|
|
|
|
{
|
|
|
|
/* Raise an exception if the requested access is one of the UNPREDICTABLE
|
|
|
|
* cases; otherwise return. This broadly corresponds to the pseudocode
|
|
|
|
* BankedRegisterAccessValid() and SPSRAccessValid(),
|
|
|
|
* except that we have already handled some cases at translate time.
|
|
|
|
*/
|
|
|
|
int curmode = env->uncached_cpsr & CPSR_M;
|
|
|
|
|
target/arm: Allow access to SPSR_hyp from hyp mode
Architecturally, the AArch32 MSR/MRS to/from banked register
instructions are UNPREDICTABLE for attempts to access a banked
register that the guest could access in a more direct way (e.g.
using this insn to access r8_fiq when already in FIQ mode). QEMU has
chosen to UNDEF on all of these.
However, for the case of accessing SPSR_hyp from hyp mode, it turns
out that real hardware permits this, with the same effect as if the
guest had directly written to SPSR. Further, there is some
guest code out there that assumes it can do this, because it
happens to work on hardware: an example Cortex-R52 startup code
fragment uses this, and it got copied into various other places,
including Zephyr. Zephyr was fixed to not use this:
https://github.com/zephyrproject-rtos/zephyr/issues/47330
but other examples are still out there, like the selftest
binary for the MPS3-AN536.
For convenience of being able to run guest code, permit
this UNPREDICTABLE access instead of UNDEFing it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
2024-02-06 16:29:22 +03:00
|
|
|
if (tgtmode == ARM_CPU_MODE_HYP) {
|
|
|
|
/*
|
|
|
|
* Handle Hyp target regs first because some are special cases
|
|
|
|
* which don't want the usual "not accessible from tgtmode" check.
|
|
|
|
*/
|
|
|
|
switch (regno) {
|
|
|
|
case 16 ... 17: /* ELR_Hyp, SPSR_Hyp */
|
|
|
|
if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 13:
|
|
|
|
if (curmode != ARM_CPU_MODE_MON) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
2018-08-20 13:24:32 +03:00
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-03-16 20:05:58 +03:00
|
|
|
if (curmode == tgtmode) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tgtmode == ARM_CPU_MODE_USR) {
|
|
|
|
switch (regno) {
|
|
|
|
case 8 ... 12:
|
|
|
|
if (curmode != ARM_CPU_MODE_FIQ) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 13:
|
|
|
|
if (curmode == ARM_CPU_MODE_SYS) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 14:
|
|
|
|
if (curmode == ARM_CPU_MODE_HYP || curmode == ARM_CPU_MODE_SYS) {
|
|
|
|
goto undef;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
undef:
|
|
|
|
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
|
|
|
|
exception_target_el(env));
|
|
|
|
}
|
|
|
|
|
|
|
|
void HELPER(msr_banked)(CPUARMState *env, uint32_t value, uint32_t tgtmode,
|
|
|
|
uint32_t regno)
|
|
|
|
{
|
|
|
|
msr_mrs_banked_exc_checks(env, tgtmode, regno);
|
|
|
|
|
|
|
|
switch (regno) {
|
|
|
|
case 16: /* SPSRs */
|
target/arm: Allow access to SPSR_hyp from hyp mode
Architecturally, the AArch32 MSR/MRS to/from banked register
instructions are UNPREDICTABLE for attempts to access a banked
register that the guest could access in a more direct way (e.g.
using this insn to access r8_fiq when already in FIQ mode). QEMU has
chosen to UNDEF on all of these.
However, for the case of accessing SPSR_hyp from hyp mode, it turns
out that real hardware permits this, with the same effect as if the
guest had directly written to SPSR. Further, there is some
guest code out there that assumes it can do this, because it
happens to work on hardware: an example Cortex-R52 startup code
fragment uses this, and it got copied into various other places,
including Zephyr. Zephyr was fixed to not use this:
https://github.com/zephyrproject-rtos/zephyr/issues/47330
but other examples are still out there, like the selftest
binary for the MPS3-AN536.
For convenience of being able to run guest code, permit
this UNPREDICTABLE access instead of UNDEFing it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
2024-02-06 16:29:22 +03:00
|
|
|
if (tgtmode == (env->uncached_cpsr & CPSR_M)) {
|
|
|
|
/* Only happens for SPSR_Hyp access in Hyp mode */
|
|
|
|
env->spsr = value;
|
|
|
|
} else {
|
|
|
|
env->banked_spsr[bank_number(tgtmode)] = value;
|
|
|
|
}
|
2016-03-16 20:05:58 +03:00
|
|
|
break;
|
|
|
|
case 17: /* ELR_Hyp */
|
|
|
|
env->elr_el[2] = value;
|
|
|
|
break;
|
|
|
|
case 13:
|
|
|
|
env->banked_r13[bank_number(tgtmode)] = value;
|
|
|
|
break;
|
|
|
|
case 14:
|
2018-11-13 13:47:59 +03:00
|
|
|
env->banked_r14[r14_bank_number(tgtmode)] = value;
|
2016-03-16 20:05:58 +03:00
|
|
|
break;
|
|
|
|
case 8 ... 12:
|
|
|
|
switch (tgtmode) {
|
|
|
|
case ARM_CPU_MODE_USR:
|
|
|
|
env->usr_regs[regno - 8] = value;
|
|
|
|
break;
|
|
|
|
case ARM_CPU_MODE_FIQ:
|
|
|
|
env->fiq_regs[regno - 8] = value;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)
|
|
|
|
{
|
|
|
|
msr_mrs_banked_exc_checks(env, tgtmode, regno);
|
|
|
|
|
|
|
|
switch (regno) {
|
|
|
|
case 16: /* SPSRs */
|
target/arm: Allow access to SPSR_hyp from hyp mode
Architecturally, the AArch32 MSR/MRS to/from banked register
instructions are UNPREDICTABLE for attempts to access a banked
register that the guest could access in a more direct way (e.g.
using this insn to access r8_fiq when already in FIQ mode). QEMU has
chosen to UNDEF on all of these.
However, for the case of accessing SPSR_hyp from hyp mode, it turns
out that real hardware permits this, with the same effect as if the
guest had directly written to SPSR. Further, there is some
guest code out there that assumes it can do this, because it
happens to work on hardware: an example Cortex-R52 startup code
fragment uses this, and it got copied into various other places,
including Zephyr. Zephyr was fixed to not use this:
https://github.com/zephyrproject-rtos/zephyr/issues/47330
but other examples are still out there, like the selftest
binary for the MPS3-AN536.
For convenience of being able to run guest code, permit
this UNPREDICTABLE access instead of UNDEFing it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
2024-02-06 16:29:22 +03:00
|
|
|
if (tgtmode == (env->uncached_cpsr & CPSR_M)) {
|
|
|
|
/* Only happens for SPSR_Hyp access in Hyp mode */
|
|
|
|
return env->spsr;
|
|
|
|
} else {
|
|
|
|
return env->banked_spsr[bank_number(tgtmode)];
|
|
|
|
}
|
2016-03-16 20:05:58 +03:00
|
|
|
case 17: /* ELR_Hyp */
|
|
|
|
return env->elr_el[2];
|
|
|
|
case 13:
|
|
|
|
return env->banked_r13[bank_number(tgtmode)];
|
|
|
|
case 14:
|
2018-11-13 13:47:59 +03:00
|
|
|
return env->banked_r14[r14_bank_number(tgtmode)];
|
2016-03-16 20:05:58 +03:00
|
|
|
case 8 ... 12:
|
|
|
|
switch (tgtmode) {
|
|
|
|
case ARM_CPU_MODE_USR:
|
|
|
|
return env->usr_regs[regno - 8];
|
|
|
|
case ARM_CPU_MODE_FIQ:
|
|
|
|
return env->fiq_regs[regno - 8];
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
const void *HELPER(access_check_cp_reg)(CPUARMState *env, uint32_t key,
|
|
|
|
uint32_t syndrome, uint32_t isread)
|
2014-02-20 14:35:52 +04:00
|
|
|
{
|
2022-05-09 18:54:57 +03:00
|
|
|
ARMCPU *cpu = env_archcpu(env);
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
|
2022-05-01 08:49:44 +03:00
|
|
|
CPAccessResult res = CP_ACCESS_OK;
|
2015-05-29 13:28:52 +03:00
|
|
|
int target_el;
|
2014-09-29 21:48:48 +04:00
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
assert(ri != NULL);
|
|
|
|
|
2014-09-29 21:48:48 +04:00
|
|
|
if (arm_feature(env, ARM_FEATURE_XSCALE) && ri->cp < 14
|
|
|
|
&& extract32(env->cp15.c15_cpar, ri->cp, 1) == 0) {
|
2022-05-01 08:49:44 +03:00
|
|
|
res = CP_ACCESS_TRAP;
|
|
|
|
goto fail;
|
2014-09-29 21:48:48 +04:00
|
|
|
}
|
|
|
|
|
2023-01-30 21:24:41 +03:00
|
|
|
if (ri->accessfn) {
|
|
|
|
res = ri->accessfn(env, ri, isread);
|
|
|
|
}
|
|
|
|
|
2019-12-01 15:20:17 +03:00
|
|
|
/*
|
2023-01-30 21:24:41 +03:00
|
|
|
* If the access function indicates a trap from EL0 to EL1 then
|
|
|
|
* that always takes priority over the HSTR_EL2 trap. (If it indicates
|
|
|
|
* a trap to EL3, then the HSTR_EL2 trap takes priority; if it indicates
|
|
|
|
* a trap to EL2, then the syndrome is the same either way so we don't
|
|
|
|
* care whether technically the architecture says that HSTR_EL2 trap or
|
|
|
|
* the other trap takes priority. So we take the "check HSTR_EL2" path
|
|
|
|
* for all of those cases.)
|
2019-12-01 15:20:17 +03:00
|
|
|
*/
|
2023-01-30 21:24:41 +03:00
|
|
|
if (res != CP_ACCESS_OK && ((res & CP_ACCESS_EL_MASK) == 0) &&
|
|
|
|
arm_current_el(env) == 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2023-01-30 21:24:42 +03:00
|
|
|
/*
|
|
|
|
* HSTR_EL2 traps from EL1 are checked earlier, in generated code;
|
|
|
|
* we only need to check here for traps from EL0.
|
|
|
|
*/
|
|
|
|
if (!is_a64(env) && arm_current_el(env) == 0 && ri->cp == 15 &&
|
2023-01-30 21:24:43 +03:00
|
|
|
arm_is_el2_enabled(env) &&
|
2019-12-01 15:20:17 +03:00
|
|
|
(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
|
|
|
|
uint32_t mask = 1 << ri->crn;
|
|
|
|
|
|
|
|
if (ri->type & ARM_CP_64BIT) {
|
|
|
|
mask = 1 << ri->crm;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* T4 and T14 are RES0 */
|
|
|
|
mask &= ~((1 << 4) | (1 << 14));
|
|
|
|
|
|
|
|
if (env->cp15.hstr_el2 & mask) {
|
2022-05-01 08:49:44 +03:00
|
|
|
res = CP_ACCESS_TRAP_EL2;
|
|
|
|
goto fail;
|
2019-12-01 15:20:17 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-30 21:24:45 +03:00
|
|
|
/*
|
|
|
|
* Fine-grained traps also are lower priority than undef-to-EL1,
|
|
|
|
* higher priority than trap-to-EL3, and we don't care about priority
|
|
|
|
* order with other EL2 traps because the syndrome value is the same.
|
|
|
|
*/
|
|
|
|
if (arm_fgt_active(env, arm_current_el(env))) {
|
|
|
|
uint64_t trapword = 0;
|
|
|
|
unsigned int idx = FIELD_EX32(ri->fgt, FGT, IDX);
|
|
|
|
unsigned int bitpos = FIELD_EX32(ri->fgt, FGT, BITPOS);
|
|
|
|
bool rev = FIELD_EX32(ri->fgt, FGT, REV);
|
|
|
|
bool trapbit;
|
|
|
|
|
|
|
|
if (ri->fgt & FGT_EXEC) {
|
|
|
|
assert(idx < ARRAY_SIZE(env->cp15.fgt_exec));
|
|
|
|
trapword = env->cp15.fgt_exec[idx];
|
|
|
|
} else if (isread && (ri->fgt & FGT_R)) {
|
|
|
|
assert(idx < ARRAY_SIZE(env->cp15.fgt_read));
|
|
|
|
trapword = env->cp15.fgt_read[idx];
|
|
|
|
} else if (!isread && (ri->fgt & FGT_W)) {
|
|
|
|
assert(idx < ARRAY_SIZE(env->cp15.fgt_write));
|
|
|
|
trapword = env->cp15.fgt_write[idx];
|
|
|
|
}
|
|
|
|
|
|
|
|
trapbit = extract64(trapword, bitpos, 1);
|
|
|
|
if (trapbit != rev) {
|
|
|
|
res = CP_ACCESS_TRAP_EL2;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-05-01 08:49:44 +03:00
|
|
|
if (likely(res == CP_ACCESS_OK)) {
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
return ri;
|
2014-09-29 21:48:48 +04:00
|
|
|
}
|
|
|
|
|
2022-05-01 08:49:44 +03:00
|
|
|
fail:
|
|
|
|
switch (res & ~CP_ACCESS_EL_MASK) {
|
2014-02-20 14:35:52 +04:00
|
|
|
case CP_ACCESS_TRAP:
|
2014-04-15 22:18:38 +04:00
|
|
|
break;
|
2014-02-20 14:35:52 +04:00
|
|
|
case CP_ACCESS_TRAP_UNCATEGORIZED:
|
2023-01-30 21:24:39 +03:00
|
|
|
/* Only CP_ACCESS_TRAP traps are direct to a specified EL */
|
|
|
|
assert((res & CP_ACCESS_EL_MASK) == 0);
|
2022-05-09 18:54:57 +03:00
|
|
|
if (cpu_isar_feature(aa64_ids, cpu) && isread &&
|
|
|
|
arm_cpreg_in_idspace(ri)) {
|
|
|
|
/*
|
|
|
|
* FEAT_IDST says this should be reported as EC_SYSTEMREGISTERTRAP,
|
|
|
|
* not EC_UNCATEGORIZED
|
|
|
|
*/
|
|
|
|
break;
|
|
|
|
}
|
2015-05-29 13:28:51 +03:00
|
|
|
syndrome = syn_uncategorized();
|
2014-02-20 14:35:52 +04:00
|
|
|
break;
|
2022-05-01 08:49:44 +03:00
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
|
|
|
|
target_el = res & CP_ACCESS_EL_MASK;
|
|
|
|
switch (target_el) {
|
|
|
|
case 0:
|
|
|
|
target_el = exception_target_el(env);
|
2015-08-25 17:45:08 +03:00
|
|
|
break;
|
2022-05-01 08:49:44 +03:00
|
|
|
case 2:
|
|
|
|
assert(arm_current_el(env) != 3);
|
|
|
|
assert(arm_is_el2_enabled(env));
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
assert(arm_feature(env, ARM_FEATURE_EL3));
|
2015-08-25 17:45:08 +03:00
|
|
|
break;
|
2014-02-20 14:35:52 +04:00
|
|
|
default:
|
2022-05-01 08:49:44 +03:00
|
|
|
/* No "direct" traps to EL1 */
|
2014-02-20 14:35:52 +04:00
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
2015-05-29 13:28:51 +03:00
|
|
|
|
2015-05-29 13:28:52 +03:00
|
|
|
raise_exception(env, EXCP_UDEF, syndrome, target_el);
|
2014-02-20 14:35:52 +04:00
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
const void *HELPER(lookup_cp_reg)(CPUARMState *env, uint32_t key)
|
|
|
|
{
|
|
|
|
ARMCPU *cpu = env_archcpu(env);
|
|
|
|
const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, key);
|
|
|
|
|
|
|
|
assert(ri != NULL);
|
|
|
|
return ri;
|
|
|
|
}
|
|
|
|
|
2023-09-01 02:24:39 +03:00
|
|
|
/*
|
|
|
|
* Test for HCR_EL2.TIDCP at EL1.
|
|
|
|
* Since implementation defined registers are rare, and within QEMU
|
|
|
|
* most of them are no-op, do not waste HFLAGS space for this and
|
|
|
|
* always use a helper.
|
|
|
|
*/
|
|
|
|
void HELPER(tidcp_el1)(CPUARMState *env, uint32_t syndrome)
|
|
|
|
{
|
|
|
|
if (arm_hcr_el2_eff(env) & HCR_TIDCP) {
|
|
|
|
raise_exception_ra(env, EXCP_UDEF, syndrome, 2, GETPC());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-01 02:24:40 +03:00
|
|
|
/*
|
|
|
|
* Similarly, for FEAT_TIDCP1 at EL0.
|
|
|
|
* We have already checked for the presence of the feature.
|
|
|
|
*/
|
|
|
|
void HELPER(tidcp_el0)(CPUARMState *env, uint32_t syndrome)
|
|
|
|
{
|
|
|
|
/* See arm_sctlr(), but we also need the sctlr el. */
|
|
|
|
ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
|
|
|
|
int target_el = mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The bit is not valid unless the target el is aa64, but since the
|
|
|
|
* bit test is simpler perform that first and check validity after.
|
|
|
|
*/
|
|
|
|
if ((env->cp15.sctlr_el[target_el] & SCTLR_TIDCP)
|
|
|
|
&& arm_el_is_aa64(env, target_el)) {
|
|
|
|
raise_exception_ra(env, EXCP_UDEF, syndrome, target_el, GETPC());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
|
2012-06-20 15:57:06 +04:00
|
|
|
{
|
|
|
|
const ARMCPRegInfo *ri = rip;
|
2014-02-20 14:35:54 +04:00
|
|
|
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
if (ri->type & ARM_CP_IO) {
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
ri->writefn(env, ri, value);
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
} else {
|
|
|
|
ri->writefn(env, ri, value);
|
|
|
|
}
|
2012-06-20 15:57:06 +04:00
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)
|
2012-06-20 15:57:06 +04:00
|
|
|
{
|
|
|
|
const ARMCPRegInfo *ri = rip;
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
uint32_t res;
|
2014-02-20 14:35:54 +04:00
|
|
|
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
if (ri->type & ARM_CP_IO) {
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
res = ri->readfn(env, ri);
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
} else {
|
|
|
|
res = ri->readfn(env, ri);
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
2012-06-20 15:57:06 +04:00
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)
|
2012-06-20 15:57:06 +04:00
|
|
|
{
|
|
|
|
const ARMCPRegInfo *ri = rip;
|
2014-02-20 14:35:54 +04:00
|
|
|
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
if (ri->type & ARM_CP_IO) {
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
ri->writefn(env, ri, value);
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
} else {
|
|
|
|
ri->writefn(env, ri, value);
|
|
|
|
}
|
2012-06-20 15:57:06 +04:00
|
|
|
}
|
|
|
|
|
target/arm: Look up ARMCPRegInfo at runtime
Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed. It's also a
potential correctness issue in the theoretical case of a
slightly-heterogenous system, because if CPU 0 generates a
TB and then CPU 1 executes it, CPU 1 will end up using CPU 0's
hash table, which might have a wrong set of registers in it.
(All our current systems are either completely homogenous,
M-profile, or have CPUs sufficiently different that they
wouldn't be sharing TBs anyway because the differences would
show up in the TB flags, so the correctness issue is only
theoretical, not practical.)
Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230106194451.1213153-3-richard.henderson@linaro.org
[PMM: added note in commit message about correctness issue]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06 22:44:51 +03:00
|
|
|
uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)
|
2012-06-20 15:57:06 +04:00
|
|
|
{
|
|
|
|
const ARMCPRegInfo *ri = rip;
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
uint64_t res;
|
|
|
|
|
|
|
|
if (ri->type & ARM_CP_IO) {
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_lock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
res = ri->readfn(env, ri);
|
2024-01-02 18:35:25 +03:00
|
|
|
bql_unlock();
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
} else {
|
|
|
|
res = ri->readfn(env, ri);
|
|
|
|
}
|
2014-02-20 14:35:54 +04:00
|
|
|
|
tcg: drop global lock during TCG code execution
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
Still, a Linux x86 UP guest and my Musicpal ARM model boot fine here.
These numbers demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <1439220437-23957-10-git-send-email-fred.konrad@greensocs.com>
[FK: Rebase, fix qemu_devices_reset deadlock, rm address_space_* mutex]
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
[EGC: fixed iothread lock for cpu-exec IRQ handling]
Signed-off-by: Emilio G. Cota <cota@braap.org>
[AJB: -smp single-threaded fix, clean commit msg, BQL fixes]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Pranith Kumar <bobby.prani@gmail.com>
[PM: target-arm changes]
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-23 21:29:11 +03:00
|
|
|
return res;
|
2012-06-20 15:57:06 +04:00
|
|
|
}
|
2008-03-31 07:47:03 +04:00
|
|
|
|
2014-09-29 21:48:50 +04:00
|
|
|
void HELPER(pre_hvc)(CPUARMState *env)
|
|
|
|
{
|
2019-03-23 03:41:14 +03:00
|
|
|
ARMCPU *cpu = env_archcpu(env);
|
2014-10-24 15:19:14 +04:00
|
|
|
int cur_el = arm_current_el(env);
|
2014-09-29 21:48:50 +04:00
|
|
|
/* FIXME: Use actual secure state. */
|
|
|
|
bool secure = false;
|
|
|
|
bool undef;
|
|
|
|
|
2014-10-24 15:19:13 +04:00
|
|
|
if (arm_is_psci_call(cpu, EXCP_HVC)) {
|
|
|
|
/* If PSCI is enabled and this looks like a valid PSCI call then
|
|
|
|
* that overrides the architecturally mandated HVC behaviour.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-10-24 15:19:12 +04:00
|
|
|
if (!arm_feature(env, ARM_FEATURE_EL2)) {
|
|
|
|
/* If EL2 doesn't exist, HVC always UNDEFs */
|
|
|
|
undef = true;
|
|
|
|
} else if (arm_feature(env, ARM_FEATURE_EL3)) {
|
|
|
|
/* EL3.HCE has priority over EL2.HCD. */
|
2014-09-29 21:48:50 +04:00
|
|
|
undef = !(env->cp15.scr_el3 & SCR_HCE);
|
|
|
|
} else {
|
|
|
|
undef = env->cp15.hcr_el2 & HCR_HCD;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* In ARMv7 and ARMv8/AArch32, HVC is undef in secure state.
|
|
|
|
* For ARMv8/AArch64, HVC is allowed in EL3.
|
|
|
|
* Note that we've already trapped HVC from EL0 at translation
|
|
|
|
* time.
|
|
|
|
*/
|
|
|
|
if (secure && (!is_a64(env) || cur_el == 1)) {
|
|
|
|
undef = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (undef) {
|
2015-05-29 13:28:51 +03:00
|
|
|
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
|
|
|
|
exception_target_el(env));
|
2014-09-29 21:48:50 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-29 21:48:50 +04:00
|
|
|
void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome)
|
|
|
|
{
|
2019-03-23 03:41:14 +03:00
|
|
|
ARMCPU *cpu = env_archcpu(env);
|
2014-10-24 15:19:14 +04:00
|
|
|
int cur_el = arm_current_el(env);
|
2014-10-24 15:19:15 +04:00
|
|
|
bool secure = arm_is_secure(env);
|
2018-11-19 18:29:08 +03:00
|
|
|
bool smd_flag = env->cp15.scr_el3 & SCR_SMD;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* SMC behaviour is summarized in the following table.
|
|
|
|
* This helper handles the "Trap to EL2" and "Undef insn" cases.
|
|
|
|
* The "Trap to EL3" and "PSCI call" cases are handled in the exception
|
|
|
|
* helper.
|
|
|
|
*
|
|
|
|
* -> ARM_FEATURE_EL3 and !SMD
|
|
|
|
* HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
|
|
|
|
*
|
|
|
|
* Conduit SMC, valid call Trap to EL2 PSCI Call
|
|
|
|
* Conduit SMC, inval call Trap to EL2 Trap to EL3
|
|
|
|
* Conduit not SMC Trap to EL2 Trap to EL3
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* -> ARM_FEATURE_EL3 and SMD
|
|
|
|
* HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
|
|
|
|
*
|
|
|
|
* Conduit SMC, valid call Trap to EL2 PSCI Call
|
|
|
|
* Conduit SMC, inval call Trap to EL2 Undef insn
|
|
|
|
* Conduit not SMC Trap to EL2 Undef insn
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* -> !ARM_FEATURE_EL3
|
|
|
|
* HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
|
|
|
|
*
|
|
|
|
* Conduit SMC, valid call Trap to EL2 PSCI Call
|
|
|
|
* Conduit SMC, inval call Trap to EL2 Undef insn
|
2024-01-09 17:43:46 +03:00
|
|
|
* Conduit not SMC Undef or trap[1] Undef insn
|
|
|
|
*
|
|
|
|
* [1] In this case:
|
|
|
|
* - if HCR_EL2.NV == 1 we must trap to EL2
|
|
|
|
* - if HCR_EL2.NV == 0 then newer architecture revisions permit
|
|
|
|
* AArch64 (but not AArch32) to trap to EL2 as an IMPDEF choice
|
|
|
|
* - otherwise we must UNDEF
|
|
|
|
* We take the IMPDEF choice to always UNDEF if HCR_EL2.NV == 0.
|
2018-11-19 18:29:08 +03:00
|
|
|
*/
|
|
|
|
|
2016-02-18 17:16:15 +03:00
|
|
|
/* On ARMv8 with EL3 AArch64, SMD applies to both S and NS state.
|
|
|
|
* On ARMv8 with EL3 AArch32, or ARMv7 with the Virtualization
|
|
|
|
* extensions, SMD only applies to NS state.
|
|
|
|
* On ARMv7 without the Virtualization extensions, the SMD bit
|
|
|
|
* doesn't exist, but we forbid the guest to set it to 1 in scr_write(),
|
|
|
|
* so we need not special case this here.
|
2014-09-29 21:48:50 +04:00
|
|
|
*/
|
2018-11-19 18:29:08 +03:00
|
|
|
bool smd = arm_feature(env, ARM_FEATURE_AARCH64) ? smd_flag
|
|
|
|
: smd_flag && !secure;
|
2014-09-29 21:48:50 +04:00
|
|
|
|
2017-10-06 18:46:47 +03:00
|
|
|
if (!arm_feature(env, ARM_FEATURE_EL3) &&
|
2024-01-09 17:43:46 +03:00
|
|
|
!(arm_hcr_el2_eff(env) & HCR_NV) &&
|
2017-10-06 18:46:47 +03:00
|
|
|
cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) {
|
2024-01-09 17:43:46 +03:00
|
|
|
/*
|
|
|
|
* If we have no EL3 then traditionally SMC always UNDEFs and can't be
|
|
|
|
* trapped to EL2. For nested virtualization, SMC can be trapped to
|
|
|
|
* the outer hypervisor. PSCI-via-SMC is a sort of ersatz EL3
|
2017-10-06 18:46:47 +03:00
|
|
|
* firmware within QEMU, and we want an EL2 guest to be able
|
|
|
|
* to forbid its EL1 from making PSCI calls into QEMU's
|
|
|
|
* "firmware" via HCR.TSC, so for these purposes treat
|
|
|
|
* PSCI-via-SMC as implying an EL3.
|
2018-11-19 18:29:08 +03:00
|
|
|
* This handles the very last line of the previous table.
|
2014-10-24 15:19:13 +04:00
|
|
|
*/
|
2018-11-19 18:29:08 +03:00
|
|
|
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
|
|
|
|
exception_target_el(env));
|
|
|
|
}
|
|
|
|
|
2018-12-13 16:48:08 +03:00
|
|
|
if (cur_el == 1 && (arm_hcr_el2_eff(env) & HCR_TSC)) {
|
2017-10-06 18:46:47 +03:00
|
|
|
/* In NS EL1, HCR controlled routing to EL2 has priority over SMD.
|
|
|
|
* We also want an EL2 guest to be able to forbid its EL1 from
|
|
|
|
* making PSCI calls into QEMU's "firmware" via HCR.TSC.
|
2018-11-19 18:29:08 +03:00
|
|
|
* This handles all the "Trap to EL2" cases of the previous table.
|
2017-10-06 18:46:47 +03:00
|
|
|
*/
|
2015-05-29 13:28:51 +03:00
|
|
|
raise_exception(env, EXCP_HYP_TRAP, syndrome, 2);
|
2014-09-29 21:48:50 +04:00
|
|
|
}
|
|
|
|
|
2018-11-19 18:29:08 +03:00
|
|
|
/* Catch the two remaining "Undef insn" cases of the previous table:
|
|
|
|
* - PSCI conduit is SMC but we don't have a valid PCSI call,
|
|
|
|
* - We don't have EL3 or SMD is set.
|
2017-10-06 18:46:47 +03:00
|
|
|
*/
|
2018-11-19 18:29:08 +03:00
|
|
|
if (!arm_is_psci_call(cpu, EXCP_SMC) &&
|
|
|
|
(smd || !arm_feature(env, ARM_FEATURE_EL3))) {
|
2015-05-29 13:28:51 +03:00
|
|
|
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
|
|
|
|
exception_target_el(env));
|
2014-09-29 21:48:50 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-03-31 07:47:48 +04:00
|
|
|
/* ??? Flag setting arithmetic is awkward because we need to do comparisons.
|
|
|
|
The only way to do that in TCG is a conditional branch, which clobbers
|
|
|
|
all our temporaries. For now implement these as helper functions. */
|
|
|
|
|
|
|
|
/* Similarly for variable shift instructions. */
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(shl_cc)(CPUARMState *env, uint32_t x, uint32_t i)
|
2008-03-31 07:47:48 +04:00
|
|
|
{
|
|
|
|
int shift = i & 0xff;
|
|
|
|
if (shift >= 32) {
|
|
|
|
if (shift == 32)
|
|
|
|
env->CF = x & 1;
|
|
|
|
else
|
|
|
|
env->CF = 0;
|
|
|
|
return 0;
|
|
|
|
} else if (shift != 0) {
|
|
|
|
env->CF = (x >> (32 - shift)) & 1;
|
|
|
|
return x << shift;
|
|
|
|
}
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(shr_cc)(CPUARMState *env, uint32_t x, uint32_t i)
|
2008-03-31 07:47:48 +04:00
|
|
|
{
|
|
|
|
int shift = i & 0xff;
|
|
|
|
if (shift >= 32) {
|
|
|
|
if (shift == 32)
|
|
|
|
env->CF = (x >> 31) & 1;
|
|
|
|
else
|
|
|
|
env->CF = 0;
|
|
|
|
return 0;
|
|
|
|
} else if (shift != 0) {
|
|
|
|
env->CF = (x >> (shift - 1)) & 1;
|
|
|
|
return x >> shift;
|
|
|
|
}
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(sar_cc)(CPUARMState *env, uint32_t x, uint32_t i)
|
2008-03-31 07:47:48 +04:00
|
|
|
{
|
|
|
|
int shift = i & 0xff;
|
|
|
|
if (shift >= 32) {
|
|
|
|
env->CF = (x >> 31) & 1;
|
|
|
|
return (int32_t)x >> 31;
|
|
|
|
} else if (shift != 0) {
|
|
|
|
env->CF = (x >> (shift - 1)) & 1;
|
|
|
|
return (int32_t)x >> shift;
|
|
|
|
}
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
|
2012-09-05 00:19:15 +04:00
|
|
|
uint32_t HELPER(ror_cc)(CPUARMState *env, uint32_t x, uint32_t i)
|
2008-03-31 07:47:48 +04:00
|
|
|
{
|
|
|
|
int shift1, shift;
|
|
|
|
shift1 = i & 0xff;
|
|
|
|
shift = shift1 & 0x1f;
|
|
|
|
if (shift == 0) {
|
|
|
|
if (shift1 != 0)
|
|
|
|
env->CF = (x >> 31) & 1;
|
|
|
|
return x;
|
|
|
|
} else {
|
|
|
|
env->CF = (x >> (shift - 1)) & 1;
|
|
|
|
return ((uint32_t)x >> shift) | (x << (32 - shift));
|
|
|
|
}
|
|
|
|
}
|
2020-06-26 06:31:13 +03:00
|
|
|
|
|
|
|
void HELPER(probe_access)(CPUARMState *env, target_ulong ptr,
|
|
|
|
uint32_t access_type, uint32_t mmu_idx,
|
|
|
|
uint32_t size)
|
|
|
|
{
|
|
|
|
uint32_t in_page = -((uint32_t)ptr | TARGET_PAGE_SIZE);
|
|
|
|
uintptr_t ra = GETPC();
|
|
|
|
|
|
|
|
if (likely(size <= in_page)) {
|
|
|
|
probe_access(env, ptr, size, access_type, mmu_idx, ra);
|
|
|
|
} else {
|
|
|
|
probe_access(env, ptr, in_page, access_type, mmu_idx, ra);
|
|
|
|
probe_access(env, ptr + in_page, size - in_page,
|
|
|
|
access_type, mmu_idx, ra);
|
|
|
|
}
|
|
|
|
}
|
2022-05-06 21:02:34 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This function corresponds to AArch64.vESBOperation().
|
|
|
|
* Note that the AArch32 version is not functionally different.
|
|
|
|
*/
|
|
|
|
void HELPER(vesb)(CPUARMState *env)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* The EL2Enabled() check is done inside arm_hcr_el2_eff,
|
|
|
|
* and will return HCR_EL2.VSE == 0, so nothing happens.
|
|
|
|
*/
|
|
|
|
uint64_t hcr = arm_hcr_el2_eff(env);
|
|
|
|
bool enabled = !(hcr & HCR_TGE) && (hcr & HCR_AMO);
|
|
|
|
bool pending = enabled && (hcr & HCR_VSE);
|
|
|
|
bool masked = (env->daif & PSTATE_A);
|
|
|
|
|
|
|
|
/* If VSE pending and masked, defer the exception. */
|
|
|
|
if (pending && masked) {
|
|
|
|
uint32_t syndrome;
|
|
|
|
|
|
|
|
if (arm_el_is_aa64(env, 1)) {
|
|
|
|
/* Copy across IDS and ISS from VSESR. */
|
|
|
|
syndrome = env->cp15.vsesr_el2 & 0x1ffffff;
|
|
|
|
} else {
|
|
|
|
ARMMMUFaultInfo fi = { .type = ARMFault_AsyncExternal };
|
|
|
|
|
|
|
|
if (extended_addresses_enabled(env)) {
|
|
|
|
syndrome = arm_fi_to_lfsc(&fi);
|
|
|
|
} else {
|
|
|
|
syndrome = arm_fi_to_sfsc(&fi);
|
|
|
|
}
|
|
|
|
/* Copy across AET and ExT from VSESR. */
|
|
|
|
syndrome |= env->cp15.vsesr_el2 & 0xd000;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set VDISR_EL2.A along with the syndrome. */
|
|
|
|
env->cp15.vdisr_el2 = syndrome | (1u << 31);
|
|
|
|
|
|
|
|
/* Clear pending virtual SError */
|
|
|
|
env->cp15.hcr_el2 &= ~HCR_VSE;
|
|
|
|
cpu_reset_interrupt(env_cpu(env), CPU_INTERRUPT_VSERR);
|
|
|
|
}
|
|
|
|
}
|