exec/cpu: Extract page-protection definitions to page-protection.h

Extract page-protection definitions from "exec/cpu-all.h"
to "exec/page-protection.h".

The list of files requiring the new header

exec/cpu: Extract page-protection definitions to page-protection.h

Extract page-protection definitions from "exec/cpu-all.h"
to "exec/page-protection.h".

The list of files requiring the new header was generated
using:

$ git grep -wE \
'PAGE_(READ|WRITE|EXEC|RWX|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Nicholas Piggin <npiggin@gmail.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-3-philmd@linaro.org>

show more ...

Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards
* hw/c

Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards
* hw/char/pl011: Add support for loopback
* STM32L4x5: Implement RCC clock control device
* target/arm: Do memory type alignment checks
* atomic.h: Reword confusing comment for qatomic_cmpxchg
* qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXnI4gZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3p5ED/wOtAHA3PK+WbQhVhnji3+k
# gdhvVcldf+HLaI2v4tfaW152xjY80/j3PQFNkzptoXENA9U51F47oNYOIfULLZZX
# FTKmw/mjTBc2LqJ8gLpS8Wkr/PFtDq9JJzDwZd0MwguXpzIJp31JJpESvXlAqjjv
# FhuAcqNNuGwI2SXCBmp2lPoEMn8ExLDoG9rmzjxVZeZCyzUjVnJYM61ykhC4ByvK
# j5+/a7pUcpgHSX5cbq7kFloPOx3JXI5lS6xUKhGXXk75qHRwiQIsxMcPq8PD1+ok
# yrmp7cySwK8I7AlIPdDjpJmhU0OiBu+PkYiXmHlF2nvaUy6M0nVX2lSTzqj6VpVV
# 7yYhvWXHrtIA9AUspqTRsX7tP7iMJkco7qWfKSzYl+3pTbxS4+rEoee4jNR3hqsU
# lbWC47sNVtTN507qIL1dcsu+BaeSsYVftfxtFql3odTqRB+ticsjDfKg69dRSFyk
# SS0t8Zy3TdomcEoQkAv/ZSpkQnQUGavbRumCG58lJdiTwTuJUmGi1ufKBrD/GeKj
# IlDEl9yvKiR8uvdjj6EQqr5kOj09mmN5nvokNsq5a4aNXBYoesszWK2xodzXE2x5
# M9DHJ3S8xnN++p1idS2bikwEklG1XVQ/q52bDXQkUmQSNerVS1PCvg9hzYqA+x53
# ihJtMcsmGVfxY8aQHyHweA==
# =isAe
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Mar 2024 13:52:08 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm:
qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
atomic.h: Reword confusing comment for qatomic_cmpxchg
target/arm: Do memory type alignment check when translation enabled
target/arm: Do memory type alignment check when translation disabled
accel/tcg: Add TLB_CHECK_ALIGNED
accel/tcg: Add tlb_fill_flags to CPUTLBEntryFull
exec/memattrs: Remove target_tlb_bit*
target/arm: Support 32-byte alignment in pow2_align
tests/qtest/stm32l4x5_rcc-test.c: Add tests for the STM32L4x5_RCC
hw/arm/stm32l4x5_soc.c: Use the RCC Sysclk
hw/misc/stm32l4x5_rcc: Add write protections to CR register
hw/misc/stm32l4x5_rcc: Handle Register Updates
hw/misc/stm32l4x5_rcc: Initialize PLLs and clock multiplexers
hw/misc/stm32l4x5_rcc: Add an internal PLL Clock object
hw/misc/stm32l4x5_rcc: Add an internal clock multiplexer object
hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton
hw/char/pl011: Add support for loopback
tests/qtest: Add testcase for BCM2835 BSC
hw/arm: Connect BSC to BCM2835 board as I2C0, I2C1 and I2C2
hw/i2c: Implement Broadcom Serial Controller (BSC)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm: Do memory type alignment check when translation enabled

If translation is enabled, and the PTE memory type is Device,
enable checking alignment via TLB_CHECK_ALIGNMENT. While the
check

target/arm: Do memory type alignment check when translation enabled

If translation is enabled, and the PTE memory type is Device,
enable checking alignment via TLB_CHECK_ALIGNMENT. While the
check is done later than it should be per the ARM, it's better
than not performing the check at all.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301204110.656742-7-richard.henderson@linaro.org
[PMM: tweaks to comment text]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge tag 'pull-target-arm-20240227-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Handle atomic updates of page tables entries in MMIO during PTW
* Adverti

Merge tag 'pull-target-arm-20240227-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Handle atomic updates of page tables entries in MMIO during PTW
* Advertise Cortex-A53 erratum #843419 fix via REVIDR
* MAINTAINERS: Cover hw/ide/ahci-allwinner.c with AllWinner A10 machine
* misc: m48t59: replace qemu_system_reset_request() call with watchdog_perform_action()
* misc: pxa2xx_timer: replace qemu_system_reset_request() call with watchdog_perform_action()
* xlnx-versal-ospi: disable reentrancy detection for iomem_dac
* sbsa-ref: Simplify init since PCIe is always enabled
* stm32l4x5: Use TYPE_OR_IRQ when connecting STM32L4x5 EXTI fan-in IRQs
* pl031: Update last RTCLR value on write in case it's read back
* block: m25p80: Add support of mt35xu02gbba
* xlnx-versal-virt: Add machine property ospi-flash
* reset: refactor system reset to be three-phase aware
* new board model raspi4b

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXeAMEZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3syyD/4lJzzstbDIAsu94Z4Hi0So
# CFLAMJFsPy3fMsU2IqVP+TDTyhUeMPebwfj7sQHUtQcXVh5i1/HlYgdUgXsnjGWQ
# pc6BxycpW6uJWYb7Ma3CdSGS+hxEpQ+U8Qeijwqg0kAqhjNtrSIkTRQ4u8p8T+kN
# dWtQzp7D15BpEVhWl/2dLWWJwV3H6TThmr1FbK5wl/c7hJzy2uaXqmmCvercU0Zo
# 6ab3SnGyhaujdd/FsDvhnVEYqcmcO2p9UtSnGAbdfw0zsf4p8cS2Q6M9q4DHBFYn
# 6Bt51DFP5D+114VpqRSXF2Lv9K8swjTgqhDld9vCoios6pS3LMwcTAcONUxE8JU+
# uD7kXTN/lv3atNEy4MTFkTeNtKgbYJJuPwWrDRNdbVXPwrEHGWN3+ZYISmuYb+p+
# XL2/7HeP7/qEVMW2d18+7OCriZwKiBRZRKUrtG7mQSBZEMetbhpA+mLcxAZT0FAl
# 18O/mcvEJrrE7x6Bqyv96b8PE0/er5cVg/b/wrkKS8DL4NWU9bJSjJNRrvt9bvvl
# jSzPGo4ngHlfO0OpurLoFOZCVxKWVXgaKkQ3pOz301nsDyhEndNLeCxrITac8G2Q
# C/WQuMaeOoV1x7N2MzaCQmyRzy8yGkG9av0aI/8feobfV/Yg4wPsfhcEn/XQWXKv
# NUJ4/z78FbJlI2JeDP2QSA==
# =xaMv
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Feb 2024 15:33:21 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240227-1' of https://git.linaro.org/people/pmaydell/qemu-arm: (36 commits)
docs/system/arm: Add RPi4B to raspi.rst
hw/misc/bcm2835_property: Add missed BCM2835 properties
tests/avocado/boot_linux_console.py: Add Rpi4b boot tests
hw/arm/bcm2838_peripherals: Add clock_isp stub
hw/arm: Add memory region for BCM2837 RPiVid ASB
hw/arm/raspi4b: Temporarily disable unimplemented rpi4b devices
hw/arm: Introduce Raspberry PI 4 machine
hw/arm: Add GPIO and SD to BCM2838 periph
hw/gpio: Connect SD controller to BCM2838 GPIO
hw/gpio: Implement BCM2838 GPIO functionality
hw/gpio: Add BCM2838 GPIO stub
hw/arm/bcm2838: Add GIC-400 to BCM2838 SoC
hw/arm: Introduce BCM2838 SoC
hw/arm/raspi: Split out raspi machine common part
hw/arm/bcm2853_peripherals: Split out common part of peripherals
hw/arm/bcm2836: Split out common part of BCM283X classes
docs/devel/reset: Update to discuss system reset
hw/core/machine: Use qemu_register_resettable for sysbus reset
hw/core/reset: Implement qemu_register_reset via qemu_register_resettable
hw/core/reset: Add qemu_{register, unregister}_resettable()
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

arm/ptw: Handle atomic updates of page tables entries in MMIO during PTW.

I'm far from confident this handling here is correct. Hence
RFC. In particular not sure on what locks I should hold for thi

arm/ptw: Handle atomic updates of page tables entries in MMIO during PTW.

I'm far from confident this handling here is correct. Hence
RFC. In particular not sure on what locks I should hold for this
to be even moderately safe.

The function already appears to be inconsistent in what it returns
as the CONFIG_ATOMIC64 block returns the endian converted 'eventual'
value of the cmpxchg whereas the TCG_OVERSIZED_GUEST case returns
the previous value.

Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-id: 20240219161229.11776-1-Jonathan.Cameron@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge tag 'pull-target-arm-20240118' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* docs/devel/docs: Document .hx file syntax
* arm_pamax() no longer needs to

Merge tag 'pull-target-arm-20240118' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* docs/devel/docs: Document .hx file syntax
* arm_pamax() no longer needs to do feature propagation
* docs/system/arm/virt.rst: Improve 'highmem' option docs
* STM32L4x5 Implement SYSCFG and EXTI devices
* hw/timer: fix systick trace message
* hw/arm/virt: Consolidate valid CPU types
* load_elf: fix iterator's type for elf file processing

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmWpHM4ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3pZxD/sGIXvTeoOCsum7OFpArKoQ
# J+wcy74pO526IDzjudgtwP8kFW09oVblMPgrt/68F9LY4Oa7sDNAZX/Xqlhs/hdJ
# SVbOXArRmyLvgLpn8KVii9xk9iI/olMGt0S6KcXAErdgFud+JcCevbS0D5fAF4Ua
# /G/4ldnwr+WcYUA5IIoi02ymSBm5VNeH2bKu0MPS3xpizjzgOFxWTBYwq3zkZYWD
# w5GjH9+F+IC67CiAlCLvuQBqpGLdRwFBttU05hLtGXuSlnvS+FtJTooI7gGD17CR
# 2wTa7qF716qDN1lNSIvxA6t8/dWNMIYCZYdlxJml476WzP3jECpth2WFWqE0G3yg
# Orr7sFVB8X6JmtlR34srW6e3CZA3t+4FIWqcdELFLi5IQtJeer90jqQ9xwx4SttJ
# nsHdy5M8txWSa61yAaDTXMID/smVlC7sWTKJrR9kV7v5+b9OPQ/R8k0mCODl5Aer
# mzAVuCvUQVYK3j7fzprGrlldla57s3v78OAhqACLgKflK0+aJSJjglulPrSMK1z5
# bRPS5jLZjFwEi2VaLVg3LPJiBMDj1s/wAl0ycfCQSv2oEzvmpkw+Ar1HDc2NFe+d
# 9dunbdhAZJMwh+ABIg7iMj+l0ncOXDa4DS+6BnjRxfECCa172u3viq1HATkLLAFI
# GTkcJ5hIQzNEeg9ob0MDIg==
# =Rfpe
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 18 Jan 2024 12:42:54 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240118' of https://git.linaro.org/people/pmaydell/qemu-arm:
load_elf: fix iterator's type for elf file processing
hw/arm/virt: Consolidate valid CPU types
hw/timer: fix systick trace message
tests/qtest: Add STM32L4x5 SYSCFG QTest testcase
hw/arm: Connect STM32L4x5 SYSCFG to STM32L4x5 SoC
hw/misc: Implement STM32L4x5 SYSCFG
tests/qtest: Add STM32L4x5 EXTI QTest testcase
hw/arm: Connect STM32L4x5 EXTI to STM32L4x5 SoC
hw/misc: Implement STM32L4x5 EXTI
docs/system/arm/virt.rst: Improve 'highmem' option docs
target/arm: arm_pamax() no longer needs to do feature propagation
docs/devel/docs: Document .hx file syntax

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm: arm_pamax() no longer needs to do feature propagation

In arm_pamax(), we need to cope with the virt board calling this
function on a CPU object which has been inited but not realize.
We

target/arm: arm_pamax() no longer needs to do feature propagation

In arm_pamax(), we need to cope with the virt board calling this
function on a CPU object which has been inited but not realize.
We used to do propagation of feature-flag implications (such as
"V7VE implies LPAE") at realize, so we have some code in arm_pamax()
which manually checks for both V7VE and LPAE feature flags.

In commit b8f7959f28c4f36 we moved the feature propagation for
almost all features from realize to post-init. That means that
now when the virt board calls arm_pamax(), the feature propagation
has been done. So we can drop the manual propagation handling
and check only for the feature we actually care about, which
is ARM_FEATURE_LPAE.

Retain the comment that the virt board is calling this function
with a not completely realized CPU object, because that is a
potential beartrap for later changes which is worth calling out.

(Note that b8f7959f28c4f36 actually fixed a bug in the arm_pamax()
handling: arm_pamax() was missing a check for ARM_FEATURE_V8, so it
incorrectly thought that the qemu-system-arm 'max' CPU did not have
LPAE and turned off 'highmem' support in the virt board. Following
b8f7959f28c4f36 qemu-system-arm 'max' is treated the same as
'cortex-a15' and other v7 LPAE CPUs, because the generic feature
propagation code does correctly propagate V8 -> V7VE -> LPAE.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240109143804.1118307-1-peter.maydell@linaro.org

show more ...

Merge tag 'pull-target-arm-20240111' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Emulate FEAT_NV, FEAT_NV2
* add cache controller for Freescale i.MX6
* Add

Merge tag 'pull-target-arm-20240111' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Emulate FEAT_NV, FEAT_NV2
* add cache controller for Freescale i.MX6
* Add minimal support for the B-L475E-IOT01A board
* Allow SoC models to configure M-profile CPUs with correct number
of NVIC priority bits
* Add missing QOM parent for v7-M SoCs
* Set CTR_EL0.{IDC,DIC} for the 'max' CPU
* hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmWfypMZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3sleD/4tQOMteba5BNMDns6R96E4
# kj5q0Iy9XyzQ486Q4cIZXI5N3BddCp2ks8WeS2W3w4IT/lms0U6UwXV4E98I4I/b
# KSfOoUd/cp8IvdvzfpWbmQcPMoauHZdCUN33pYYXOjfi1RkpzgNU5Qgh09Nl/xYU
# V3oaEvWhLtepT/fwJLYxoqVHDaEmyW+6zriF0+eGjZvkhgPyhllla9eti7AyHTfH
# T3A4Fyx/wudRE3NP6xsLfxldriJTxQeba+TqLSh3IXn/PMtK13/ARsY/hl72Q4ML
# Fgad8Zho4eXbuOQ9oiqb7gp4K3IKd9/8FbCzECoIAq7AnLAD4KwpLQR8GULRvYW3
# 0eQq2txTXQWNcmWpIyDRRME+qeNVwWSk+QJDs5WuhVqlVQ4hpqtgFf1EX+7ORdS1
# WG0fb8etvr8oCSkzCmP/o6xYGJ0EyTVMU5DmWviy3bxMrUMcmobjvCQr/n2gC713
# 1NDmEaYPbl+pX8EMu8byst7/No2PXRgIO0UVVb4KZybfhNy+BBs+LiMVlSRS5YH4
# 8NWtoYZlG9RcPnY+8Xrxz9VTi2cNAAcdbf5uK3snJxkFV2SmV3oBoMxWen3mee0f
# 2PNVEbt9zvPV8hViBVLsqRhVXd9wMq6motIRlkKge1u1TvwIxO21ibykI3tvYOGv
# BffIjhUdnYtX90JAtXtFDw==
# =yQwf
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 11 Jan 2024 11:01:39 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240111' of https://git.linaro.org/people/pmaydell/qemu-arm: (41 commits)
target/arm: Add FEAT_NV2 to max, neoverse-n2, neoverse-v1 CPUs
target/arm: Enhance CPU_LOG_INT to show SPSR on AArch64 exception-entry
target/arm: Report HCR_EL2.{NV,NV1,NV2} in cpu dumps
hw/intc/arm_gicv3_cpuif: Mark up VNCR offsets for GIC CPU registers
target/arm: Mark up VNCR offsets (offsets >= 0x200, except GIC)
target/arm: Mark up VNCR offsets (offsets 0x168..0x1f8)
target/arm: Mark up VNCR offsets (offsets 0x100..0x160)
target/arm: Mark up VNCR offsets (offsets 0x0..0xff)
target/arm: Report VNCR_EL2 based faults correctly
target/arm: Implement FEAT_NV2 redirection of sysregs to RAM
target/arm: Handle FEAT_NV2 redirection of SPSR_EL2, ELR_EL2, ESR_EL2, FAR_EL2
target/arm: Handle FEAT_NV2 changes to when SPSR_EL1.M reports EL2
target/arm: Implement VNCR_EL2 register
target/arm: Handle HCR_EL2 accesses for FEAT_NV2 bits
target/arm: Add FEAT_NV to max, neoverse-n2, neoverse-v1 CPUs
target/arm: Handle FEAT_NV page table attribute changes
target/arm: Treat LDTR* and STTR* as LDR/STR when NV, NV1 is 1, 1
target/arm: Don't honour PSTATE.PAN when HCR_EL2.{NV, NV1} == {1, 1}
target/arm: Always use arm_pan_enabled() when checking if PAN is enabled
target/arm: Trap registers when HCR_EL2.{NV, NV1} == {1, 1}
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm: Handle FEAT_NV page table attribute changes

FEAT_NV requires that when HCR_EL2.{NV,NV1} == {1,1} the handling
of some of the page table attribute bits changes for the EL1&0
translation r

target/arm: Handle FEAT_NV page table attribute changes

FEAT_NV requires that when HCR_EL2.{NV,NV1} == {1,1} the handling
of some of the page table attribute bits changes for the EL1&0
translation regime:

* for block and page descriptors:
- bit [54] holds PXN, not UXN
- bit [53] is RES0, and the effective value of UXN is 0
- bit [6], AP[1], is treated as 0
* for table descriptors, when hierarchical permissions are enabled:
- bit [60] holds PXNTable, not UXNTable
- bit [59] is RES0
- bit [61], APTable[0] is treated as 0

Implement these changes to the page table attribute handling.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Miguel Luis <miguel.luis@oracle.com>

show more ...

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmWcJMUACgkQnKSrs4Gr
# c

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmWcJMUACgkQnKSrs4Gr
# c8hh/Qf/Wt177UlhBR49OWmmegs8c8yS1mhyawo7YIJM4pqoXCYLaACpcKECXcGU
# rlgyR4ow68EXnnU8+/s2cp2UqHxrla+E2eNqBoTDmkNt3Cko5sJn5G5PM5EYK+mO
# JjFRzn7awRyxD6mGOuaMVoj6OuHbAA/U4JF7FhW0YuRl8v0/mvAxRSfQ4U6Crq/y
# 19Aa1CXHD1GH2CUJsMCY8zT47Dr4DJcvZx5IpcDFaHaYDCkktFwNzdo5IDnCx2M2
# xnP37Qp/Q93cu12lWkVOu8HCT6yhoszahyOqlBxDmo7QeGkskrxGbMyE+vHM3fFI
# aGSxiw193U7/QWu+Cq2/727C3YIq1g==
# =pKUb
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Jan 2024 16:37:25 GMT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
Rename "QEMU global mutex" to "BQL" in comments and docs
Replace "iothread lock" with "BQL" in comments
qemu/main-loop: rename qemu_cond_wait_iothread() to qemu_cond_wait_bql()
qemu/main-loop: rename QEMU_IOTHREAD_LOCK_GUARD to BQL_LOCK_GUARD
system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()
iothread: Remove unused Error** argument in aio_context_set_aio_params

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()

The Big QEMU Lock (BQL) has many names and they are confusing. The
actual QemuMutex variable is called qemu_global_mutex but it's commonl

system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()

The Big QEMU Lock (BQL) has many names and they are confusing. The
actual QemuMutex variable is called qemu_global_mutex but it's commonly
referred to as the BQL in discussions and some code comments. The
locking APIs, however, are called qemu_mutex_lock_iothread() and
qemu_mutex_unlock_iothread().

The "iothread" name is historic and comes from when the main thread was
split into into KVM vcpu threads and the "iothread" (now called the main
loop thread). I have contributed to the confusion myself by introducing
a separate --object iothread, a separate concept unrelated to the BQL.

The "iothread" name is no longer appropriate for the BQL. Rename the
locking APIs to:
- void bql_lock(void)
- void bql_unlock(void)
- bool bql_locked(void)

There are more APIs with "iothread" in their names. Subsequent patches
will rename them. There are also comments and documentation that will be
updated in later patches.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Acked-by: Fabiano Rosas <farosas@suse.de>
Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Peter Xu <peterx@redhat.com>
Acked-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Acked-by: Hyman Huang <yong.huang@smartx.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20240102153529.486531-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

Merge tag 'pull-target-arm-20231102' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* linux-user/elfload: Add missing arm64 hwcap values
* stellaris-gamepad: Con

Merge tag 'pull-target-arm-20231102' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* linux-user/elfload: Add missing arm64 hwcap values
* stellaris-gamepad: Convert to qdev
* docs/specs: Convert various txt docs to rST
* MAINTAINERS: Make sure that gicv3_internal.h is covered, too
* hw/arm/pxa2xx_gpio: Pass CPU using QOM link property
* hw/watchdog/wdt_imx2: Trace MMIO access and timer activity
* hw/misc/imx7_snvs: Trace MMIO access
* hw/misc/imx6_ccm: Convert DPRINTF to trace events
* hw/i2c/pm_smbus: Convert DPRINTF to trace events
* target/arm: Enable FEAT_MOPS insns in user-mode emulation
* linux-user: Report AArch64 hwcap2 fields above bit 31
* target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly
* target/arm: Fix SVE STR increment
* hw/char/stm32f2xx_usart: implement TX interrupts
* target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk
* xlnx-versal-virt: Add AMD/Xilinx TRNG device

* tag 'pull-target-arm-20231102' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits)
tests/qtest: Introduce tests for AMD/Xilinx Versal TRNG device
hw/arm: xlnx-versal-virt: Add AMD/Xilinx TRNG device
hw/misc: Introduce AMD/Xilix Versal TRNG device
target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk
hw/char/stm32f2xx_usart: Add more definitions for CR1 register
hw/char/stm32f2xx_usart: Update IRQ when DR is written
hw/char/stm32f2xx_usart: Extract common IRQ update code to update_irq()
target/arm: Fix SVE STR increment
target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly
linux-user: Report AArch64 hwcap2 fields above bit 31
target/arm: Enable FEAT_MOPS insns in user-mode emulation
hw/i2c/pm_smbus: Convert DPRINTF to trace events
hw/misc/imx6_ccm: Convert DPRINTF to trace events
hw/misc/imx7_snvs: Trace MMIO access
hw/watchdog/wdt_imx2: Trace timer activity
hw/watchdog/wdt_imx2: Trace MMIO access
hw/arm/pxa2xx_gpio: Pass CPU using QOM link property
MAINTAINERS: Make sure that gicv3_internal.h is covered, too
docs/specs/vmgenid: Convert to rST
docs/specs/vmcoreinfo: Convert to rST
...

Conflicts:
hw/input/stellaris_input.c
The qdev conversion in this pull request ("stellaris-gamepad: Convert
to qdev") eliminates the vmstate_register() call that was converted to
vmstate_register_any() in the conflicting migration pull request.
vmstate_register_any() is no longer necessary now that this device has
been converted to qdev, so take this pull request's version of
stellaris_gamepad.c over the previous pull request's
stellaris_input.c (the file was renamed).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk

In a two-stage translation, the result of the BTI guarded bit should
be the guarded bit from the first stage of translatio

target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk

In a two-stage translation, the result of the BTI guarded bit should
be the guarded bit from the first stage of translation, as there is
no BTI guard information in stage two. Our code tried to do this,
but got it wrong, because we currently have two fields where the GP
bit information might live (ARMCacheAttrs::guarded and
CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit
in the latter during the stage 1 walk but trying to copy the former
in combine_cacheattrs().

Remove the duplicated storage, and always use the field in
CPUTLBEntryFull; correctly propagate the stage 1 value to the output
in get_phys_addr_twostage().

Note for stable backports: in v8.0 and earlier the field is named
result->f.guarded, not result->f.extra.arm.guarded.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231031173723.26582-1-peter.maydell@linaro.org

show more ...

Merge tag 'pull-target-arm-20231027' of https://git-us.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Correct minor errors in Cortex-A710 definition
* Implement Neoverse N2 C

Merge tag 'pull-target-arm-20231027' of https://git-us.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Correct minor errors in Cortex-A710 definition
* Implement Neoverse N2 CPU model
* Refactor feature test functions out into separate header
* Fix syndrome for FGT traps on ERET
* Remove 'hw/arm/boot.h' includes from various header files
* pxa2xx: Refactoring/cleanup
* Avoid using 'first_cpu' when first ARM CPU is reachable
* misc/led: LED state is set opposite of what is expected
* hw/net/cadence_gen: clean up to use FIELD macros
* hw/net/cadence_gem: perform PHY access on write only
* hw/net/cadence_gem: enforce 32 bits variable size for CRC

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmU7yz0ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n4xEACK4ti+PFSJHVCQ69NzLLBT
# ybFGFMsMhXJTSNS30Pzs+KWCKWPP59knYBD4qO43W1iV6pPUhy+skr+BFCCRvBow
# se74+Fm1l4LmnuHxgukJzTdvRffI3v37alLn6Y/ioWe8bDpf/IJj8WLj8B1IPoNg
# fswJSGDLpPMovaz8NBQRzglUWpfyzxH+uuW779qBS1nuFdPOfIHKrocvvdrfogBP
# aO8AeiBzz5STW9Naeq+BIKho8S9LinSB6FHa+rRPUDkWx03lvRIvkgGPzHpXYy8I
# zAZ8gUQZyXprHAHMpnoBv8Wcw3Bwc2f+8xx8hnRRki3iBroXKfJA9NkeN0StQmL1
# ZHhfYkiKSS5diIFW5pX6ZixKbXHE2a4aH4zPVUNQriNWOevhe7n82mAPNFIYjk97
# ciTtd4I2oew48sDLSodMiirGL987Mit7KC23itVGezcNfQ9FnVTDmuGy8Rq52BZm
# u4TZjVBrtjQOdMBUcD2hKvXhikQNAdOhArPwNfOr0esSQL44MMEe+6Q5/Cbp0BOE
# stAY/xwSP2cY5mIPnAbIBELseEZsV8ySA3M0y1iRCJptjwbyWM+s1TYz0iXcqeOn
# l6LfiI6r1BqUeoWLGP4042R4FLyLNh6gU/TiFNLu7JJQjXl/EkRgqVXWYfzy2n51
# KKY6iGFi5r41sAU6GIXOkQ==
# =szC7
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 27 Oct 2023 23:37:49 JST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20231027' of https://git-us.linaro.org/people/pmaydell/qemu-arm: (41 commits)
hw/net/cadence_gem: enforce 32 bits variable size for CRC
hw/net/cadence_gem: perform PHY access on write only
hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields
hw/net/cadence_gem: use FIELD to describe DESCONF6 register fields
hw/net/cadence_gem: use FIELD to describe IRQ register fields
hw/net/cadence_gem: use FIELD to describe [TX|RX]STATUS register fields
hw/net/cadence_gem: use FIELD to describe DMACFG register fields
hw/net/cadence_gem: use FIELD to describe NWCFG register fields
hw/net/cadence_gem: use FIELD to describe NWCTRL register fields
hw/net/cadence_gem: use FIELD for screening registers
hw/net/cadence_gem: use REG32 macro for register definitions
misc/led: LED state is set opposite of what is expected
hw/arm: Avoid using 'first_cpu' when first ARM CPU is reachable
hw/arm/pxa2xx: Realize PXA2XX_I2C device before accessing it
hw/intc/pxa2xx: Factor pxa2xx_pic_realize() out of pxa2xx_pic_init()
hw/intc/pxa2xx: Pass CPU reference using QOM link property
hw/intc/pxa2xx: Convert to Resettable interface
hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init()
hw/pcmcia/pxa2xx: Do not open-code sysbus_create_simple()
hw/pcmcia/pxa2xx: Realize sysbus device before accessing it
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

target/arm: Move feature test functions to their own header

The feature test functions isar_feature_*() now take up nearly
a thousand lines in target/arm/cpu.h. This header file is included
by a lot

target/arm: Move feature test functions to their own header

The feature test functions isar_feature_*() now take up nearly
a thousand lines in target/arm/cpu.h. This header file is included
by a lot of source files, most of which don't need these functions.
Move the feature test functions to their own header file.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231024163510.2972081-2-peter.maydell@linaro.org

show more ...

Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging

accel: Introduce AccelClass::cpu_common_[un]realize
accel: Target agnostic code movement
accel/tcg: Cleanups to use CPUS

Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging

accel: Introduce AccelClass::cpu_common_[un]realize
accel: Target agnostic code movement
accel/tcg: Cleanups to use CPUState instead of CPUArchState
accel/tcg: Move CPUNegativeOffsetState into CPUState
tcg: Split out tcg init functions to tcg/startup.h
linux-user/hppa: Fix struct target_sigcontext layout
build: Remove --enable-gprof

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmUdsL4dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/iYggAvDJEyMCAXSSH97BA
# wZT/2D/MFIhOMk6xrQRnrXfrG70N0iVKz44jl9j7k1D+9BOHcso//DDJH3c96k9A
# MgDb6W2bsWvC15/Qw6BALf5bb/II0MJuCcQvj3CNX5lNkXAWhwIOBhsZx7V9ST1+
# rihN4nowpRWdV5GeCjDGaJW455Y1gc96hICYHy6Eqw1cUgUFt9vm5aYU3FHlat29
# sYRaVYKUL2hRUPPNcPiPq0AaJ8wN6/s8gT+V1UvTzkhHqskoM4ZU89RchuXVoq1h
# SvhKElyULMRzM7thWtpW8qYJPj4mxZsKArESvHjsunGD6KEz3Fh1sy6EKRcdmpG/
# II1vkg==
# =k2Io
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 04 Oct 2023 14:36:46 EDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu: (47 commits)
tcg/loongarch64: Fix buid error
tests/avocado: Re-enable MIPS Malta tests (GitLab issue #1884 fixed)
build: Remove --enable-gprof
linux-user/hppa: Fix struct target_sigcontext layout
tcg: Split out tcg init functions to tcg/startup.h
tcg: Remove argument to tcg_prologue_init
accel/tcg: Make cpu-exec-common.c a target agnostic unit
accel/tcg: Make icount.o a target agnostic unit
accel/tcg: Make monitor.c a target-agnostic unit
accel/tcg: Rename target-specific 'internal.h' -> 'internal-target.h'
exec: Rename target specific page-vary.c -> page-vary-target.c
exec: Rename cpu.c -> cpu-target.c
accel: Rename accel-common.c -> accel-target.c
accel: Make accel-blocker.o target agnostic
accel/tcg: Restrict dump_exec_info() declaration
exec: Move cpu_loop_foo() target agnostic functions to 'cpu-common.h'
exec: Make EXCP_FOO definitions target agnostic
accel/tcg: move ld/st helpers to ldst_common.c.inc
accel/tcg: Unify user and softmmu do_[st|ld]*_mmu()
accel/tcg: Remove env_tlb()
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

target/arm: Replace TARGET_PAGE_ENTRY_EXTRA

TARGET_PAGE_ENTRY_EXTRA is a macro that allows guests to specify additional
fields for caching with the full TLB entry. This macro is replaced with
a uni

target/arm: Replace TARGET_PAGE_ENTRY_EXTRA

TARGET_PAGE_ENTRY_EXTRA is a macro that allows guests to specify additional
fields for caching with the full TLB entry. This macro is replaced with
a union in CPUTLBEntryFull, thus making CPUTLB target-agnostic at the
cost of slightly inflated CPUTLBEntryFull for non-arm guests.

Note, this is needed to ensure that fields in CPUTLB don't vary in
offset between various targets.

(arm is the only guest actually making use of this feature.)

Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20230912153428.17816-2-anjo@rev.ng>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

Merge tag 'pull-target-arm-20230824' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/gpio/nrf51: implement DETECT signal
* accel/kvm: Specify default IPA siz

Merge tag 'pull-target-arm-20230824' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/gpio/nrf51: implement DETECT signal
* accel/kvm: Specify default IPA size for arm64
* ptw: refactor, fix some FEAT_RME bugs
* target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types
* target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK
* Fix SME ST1Q
* Fix 64-bit SSRA

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmTnIoUZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vufEACPJcwyFvSBHDv4VQ6tbgOU
# zwjpUMv4RMKhCOjuxBlJ2DICwOcGNuKer0tc6wkH2T5Ebhoego1osYbRZZoawAJf
# ntg+Ndrx1QH9ORuGqYccLXtHnP741KiKggDHM05BJqB7rqtuH+N4fEn7Cdsw/DNg
# XuCYD5QrxMYvkSOD1l8W0aqp81ucYPgkFqLufypgxrXUiRZ1RBAmPF47BFFdnM8f
# NmrmT1LTF5jr70ySRB+ukK6BAGDc0CUfs6R6nYRwUjRPmSG2rrtUDGo+nOQGDqJo
# PHWmt7rdZQG2w7HVyE/yc3h/CQ3NciwWKbCkRlaoujxHx/B6DRynSeO3NXsP8ELu
# Gizoi3ltwHDQVIGQA19P5phZKHZf7x3MXmK4fDBGB9znvoSFTcjJqkdaN/ARXXO3
# e1vnK1MqnPI8Z1nGdeVIAUIrqhtLHnrrM7jf1tI/e4sjpl3prHq2PvQkakXu8clr
# H8bPZ9zZzyrrSbl4NhpaFTsUiYVxeLoJsNKAmG8dHb+9YsFGXTvEBhtR9eUxnbaV
# XyZ3jEdeW7/ngQ4C6XMD2ZDiKVdx2xJ2Pp5npvljldjmtGUvwQabKo+fPDt2fKjM
# BwjhHA50I633k4fYIwm8YOb70I4oxoL9Lr6PkKriWPMTI5r7+dtwgigREVwnCn+Y
# RsiByKMkDO2TcoQjvBZlCA==
# =3MJ8
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 24 Aug 2023 05:27:33 EDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20230824' of https://git.linaro.org/people/pmaydell/qemu-arm: (35 commits)
target/arm: Fix 64-bit SSRA
target/arm: Fix SME ST1Q
target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK
target/arm/helper: Check SCR_EL3.{NSE, NS} encoding for AT instructions
target/arm: Pass security space rather than flag for AT instructions
target/arm: Skip granule protection checks for AT instructions
target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2*
target/arm/ptw: Load stage-2 tables from realm physical space
target/arm: Adjust PAR_EL1.SH for Device and Normal-NC memory types
target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw
target/arm/ptw: Check for block descriptors at invalid levels
target/arm/ptw: Set attributes correctly for MMU disabled data accesses
target/arm/ptw: Drop S1Translate::out_secure
target/arm/ptw: Remove S1Translate::in_secure
target/arm/ptw: Remove last uses of ptw->in_secure
target/arm/ptw: Only fold in NSTable bit effects in Secure state
target/arm: Pass an ARMSecuritySpace to arm_is_el2_enabled_secstate()
target/arm/ptw: Pass an ARMSecuritySpace to arm_hcr_el2_eff_secstate()
target/arm/ptw: Pass ARMSecurityState to regime_translation_disabled()
target/arm/ptw: Pass ptw into get_phys_addr_pmsa*() and get_phys_addr_disabled()
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

target/arm: Pass security space rather than flag for AT instructions

At the moment we only handle Secure and Nonsecure security spaces for
the AT instructions. Add support for Realm and Root.

For A

target/arm: Pass security space rather than flag for AT instructions

At the moment we only handle Secure and Nonsecure security spaces for
the AT instructions. Add support for Realm and Root.

For AArch64, arm_security_space() gives the desired space. ARM DDI0487J
says (R_NYXTL):

If EL3 is implemented, then when an address translation instruction
that applies to an Exception level lower than EL3 is executed, the
Effective value of SCR_EL3.{NSE, NS} determines the target Security
state that the instruction applies to.

For AArch32, some instructions can access NonSecure space from Secure,
so we still need to pass the state explicitly to do_ats_write().

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-5-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm: Skip granule protection checks for AT instructions

GPC checks are not performed on the output address for AT instructions,
as stated by ARM DDI 0487J in D8.12.2:

When populating PAR_E

target/arm: Skip granule protection checks for AT instructions

GPC checks are not performed on the output address for AT instructions,
as stated by ARM DDI 0487J in D8.12.2:

When populating PAR_EL1 with the result of an address translation
instruction, granule protection checks are not performed on the final
output address of a successful translation.

Rename get_phys_addr_with_secure(), since it's only used to handle AT
instructions.

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-4-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm/ptw: Load stage-2 tables from realm physical space

In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).

Signed-off-by: Jean-Philippe Br

target/arm/ptw: Load stage-2 tables from realm physical space

In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230809123706.1842548-2-jean-philippe@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw

When we report faults due to stage 2 faults during a stage 1
page table walk, the 'level' parameter should be the level
o

target/arm/ptw: Report stage 2 fault level for stage 2 faults on stage 1 ptw

When we report faults due to stage 2 faults during a stage 1
page table walk, the 'level' parameter should be the level
of the walk in stage 2 that faulted, not the level of the
walk in stage 1. Correct the reporting of these faults.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-15-peter.maydell@linaro.org

show more ...

target/arm/ptw: Check for block descriptors at invalid levels

The architecture doesn't permit block descriptors at any arbitrary
level of the page table walk; it depends on the granule size which
le

target/arm/ptw: Check for block descriptors at invalid levels

The architecture doesn't permit block descriptors at any arbitrary
level of the page table walk; it depends on the granule size which
levels are permitted. We implemented only a partial version of this
check which assumes that block descriptors are valid at all levels
except level 3, which meant that we wouldn't deliver the Translation
fault for all cases of this sort of guest page table error.

Implement the logic corresponding to the pseudocode
AArch64.DecodeDescriptorType() and AArch64.BlockDescSupported().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-14-peter.maydell@linaro.org

show more ...

target/arm/ptw: Set attributes correctly for MMU disabled data accesses

When the MMU is disabled, data accesses should be Device nGnRnE,
Outer Shareable, Untagged. We handle the other cases from
AA

target/arm/ptw: Set attributes correctly for MMU disabled data accesses

When the MMU is disabled, data accesses should be Device nGnRnE,
Outer Shareable, Untagged. We handle the other cases from
AArch64.S1DisabledOutput() correctly but missed this one.
Device nGnRnE is memattr == 0, so the only part we were missing
was that shareability should be set to 2 for both insn fetches
and data accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-13-peter.maydell@linaro.org

show more ...

target/arm/ptw: Drop S1Translate::out_secure

We only use S1Translate::out_secure in two places, where we are
setting up MemTxAttrs for a page table load. We can use
arm_space_is_secure(ptw->out_spac

target/arm/ptw: Drop S1Translate::out_secure

We only use S1Translate::out_secure in two places, where we are
setting up MemTxAttrs for a page table load. We can use
arm_space_is_secure(ptw->out_space) instead, which guarantees
that we're setting the MemTxAttrs secure and space fields
consistently, and allows us to drop the out_secure field in
S1Translate entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230807141514.19075-12-peter.maydell@linaro.org

show more ...