Lines Matching +full:secure +full:- +full:regions
6 * SPDX-License-Identifier: GPL-2.0-or-later
12 #include "qemu/main-loop.h"
13 #include "exec/exec-all.h"
14 #include "exec/page-protection.h"
17 #include "cpu-features.h"
30 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
37 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
43 * - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx
45 * - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security
48 * stage 1 is Secure; in that case the only possibilities for
49 * the ptw read are Secure and NonSecure, and the in_ptw_idx
102 for (int i = ARRAY_SIZE(pamax_map) - 1; i >= 0; i--) { in round_down_to_parange_index()
116 * The cpu-specific constant value of PAMax; also used by hw/arm/virt.
121 if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { in arm_pamax()
123 FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); in arm_pamax()
126 * id_aa64mmfr0 is a read-only register so values outside of the in arm_pamax()
133 if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) { in arm_pamax()
166 * Secure IPA or a NonSecure IPA, which we know from whether this is
168 * If this is the Secure EL1&0 regime we need to check the NSW and SW bits.
180 * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do in ptw_idx_for_stage_2()
194 s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW); in ptw_idx_for_stage_2()
196 s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW); in ptw_idx_for_stage_2()
213 return env->cp15.vttbr_el2; in regime_ttbr()
216 return env->cp15.vsttbr_el2; in regime_ttbr()
219 return env->cp15.ttbr0_el[regime_el(env, mmu_idx)]; in regime_ttbr()
221 return env->cp15.ttbr1_el[regime_el(env, mmu_idx)]; in regime_ttbr()
233 switch (env->v7m.mpu_ctrl[is_secure] & in regime_translation_disabled()
307 .secure = true, in granule_protection_check()
311 uint64_t gpccr = env->cp15.gpccr_el3; in granule_protection_check()
333 if (pps > FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE)) { in granule_protection_check()
342 case 0b00: /* non-shareable */ in granule_protection_check()
344 /* Inner and Outer non-cacheable requires Outer shareable. */ in granule_protection_check()
368 /* Note this field is read-only and fixed at reset. */ in granule_protection_check()
372 * GPC Priority 2: Secure, Realm or Root address exceeds PPS. in granule_protection_check()
384 tableaddr = env->cp15.gptbr_el3 << 12; in granule_protection_check()
394 align = MAX(pps - l0gptsz + 3, 12); in granule_protection_check()
401 index = extract64(paddress, l0gptsz, pps - l0gptsz); in granule_protection_check()
417 align = MAX(l0gptsz - pgs - 1, 12); in granule_protection_check()
429 index = extract64(paddress, pgs + 4, l0gptsz - pgs - 4); in granule_protection_check()
476 fi->gpcf = GPCF_Fail; in granule_protection_check()
479 fi->gpcf = GPCF_EABT; in granule_protection_check()
482 fi->gpcf = GPCF_AddressSize; in granule_protection_check()
485 fi->gpcf = GPCF_Walk; in granule_protection_check()
487 fi->level = level; in granule_protection_check()
488 fi->paddr = paddress; in granule_protection_check()
489 fi->paddr_space = pspace; in granule_protection_check()
496 * This slightly under-decodes the MAIR_ELx field: in S1_attrs_are_device()
532 * The only exception is when stage 1 is Secure; in that case in S2_security_space()
533 * the ptw read might be to the Secure or the NonSecure space in S2_security_space()
535 * Root translations are always single-stage. in S2_security_space()
553 * For stage 2 faults in Secure EL22, S1NS indicates in fault_s1ns()
554 * whether the faulting IPA is in the Secure or NonSecure in fault_s1ns()
565 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in S1_ptw_translate()
566 ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx; in S1_ptw_translate()
569 ptw->out_virt = addr; in S1_ptw_translate()
571 if (unlikely(ptw->in_debug)) { in S1_ptw_translate()
576 ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx); in S1_ptw_translate()
589 ptw->out_phys = s2.f.phys_addr; in S1_ptw_translate()
591 ptw->out_host = NULL; in S1_ptw_translate()
592 ptw->out_rw = false; in S1_ptw_translate()
593 ptw->out_space = s2.f.attrs.space; in S1_ptw_translate()
599 env->tlb_fi = fi; in S1_ptw_translate()
602 &ptw->out_host, &full); in S1_ptw_translate()
603 env->tlb_fi = NULL; in S1_ptw_translate()
608 ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK); in S1_ptw_translate()
609 ptw->out_rw = full->prot & PAGE_WRITE; in S1_ptw_translate()
610 pte_attrs = full->extra.arm.pte_attrs; in S1_ptw_translate()
611 ptw->out_space = full->attrs.space; in S1_ptw_translate()
618 uint64_t hcr = arm_hcr_el2_eff_secstate(env, ptw->in_space); in S1_ptw_translate()
625 fi->type = ARMFault_Permission; in S1_ptw_translate()
626 fi->s2addr = addr; in S1_ptw_translate()
627 fi->stage2 = true; in S1_ptw_translate()
628 fi->s1ptw = true; in S1_ptw_translate()
629 fi->s1ns = fault_s1ns(ptw->in_space, s2_mmu_idx); in S1_ptw_translate()
634 ptw->out_be = regime_translation_big_endian(env, mmu_idx); in S1_ptw_translate()
638 assert(fi->type != ARMFault_None); in S1_ptw_translate()
639 if (fi->type == ARMFault_GPCFOnOutput) { in S1_ptw_translate()
640 fi->type = ARMFault_GPCFOnWalk; in S1_ptw_translate()
642 fi->s2addr = addr; in S1_ptw_translate()
643 fi->stage2 = regime_is_stage2(s2_mmu_idx); in S1_ptw_translate()
644 fi->s1ptw = fi->stage2; in S1_ptw_translate()
645 fi->s1ns = fault_s1ns(ptw->in_space, s2_mmu_idx); in S1_ptw_translate()
654 void *host = ptw->out_host; in arm_ldl_ptw()
660 if (ptw->out_be) { in arm_ldl_ptw()
668 .space = ptw->out_space, in arm_ldl_ptw()
669 .secure = arm_space_is_secure(ptw->out_space), in arm_ldl_ptw()
674 if (ptw->out_be) { in arm_ldl_ptw()
675 data = address_space_ldl_be(as, ptw->out_phys, attrs, &result); in arm_ldl_ptw()
677 data = address_space_ldl_le(as, ptw->out_phys, attrs, &result); in arm_ldl_ptw()
680 fi->type = ARMFault_SyncExternalOnWalk; in arm_ldl_ptw()
681 fi->ea = arm_extabort_type(result); in arm_ldl_ptw()
692 void *host = ptw->out_host; in arm_ldq_ptw()
699 if (ptw->out_be) { in arm_ldq_ptw()
705 if (ptw->out_be) { in arm_ldq_ptw()
714 .space = ptw->out_space, in arm_ldq_ptw()
715 .secure = arm_space_is_secure(ptw->out_space), in arm_ldq_ptw()
720 if (ptw->out_be) { in arm_ldq_ptw()
721 data = address_space_ldq_be(as, ptw->out_phys, attrs, &result); in arm_ldq_ptw()
723 data = address_space_ldq_le(as, ptw->out_phys, attrs, &result); in arm_ldq_ptw()
726 fi->type = ARMFault_SyncExternalOnWalk; in arm_ldq_ptw()
727 fi->ea = arm_extabort_type(result); in arm_ldq_ptw()
740 void *host = ptw->out_host; in arm_casq_ptw()
746 .space = ptw->out_space, in arm_casq_ptw()
747 .secure = arm_space_is_secure(ptw->out_space), in arm_casq_ptw()
756 if (ptw->out_be) { in arm_casq_ptw()
757 cur_val = address_space_ldq_be(as, ptw->out_phys, attrs, &result); in arm_casq_ptw()
759 fi->type = ARMFault_SyncExternalOnWalk; in arm_casq_ptw()
760 fi->ea = arm_extabort_type(result); in arm_casq_ptw()
767 address_space_stq_be(as, ptw->out_phys, new_val, attrs, &result); in arm_casq_ptw()
769 fi->type = ARMFault_SyncExternalOnWalk; in arm_casq_ptw()
770 fi->ea = arm_extabort_type(result); in arm_casq_ptw()
779 cur_val = address_space_ldq_le(as, ptw->out_phys, attrs, &result); in arm_casq_ptw()
781 fi->type = ARMFault_SyncExternalOnWalk; in arm_casq_ptw()
782 fi->ea = arm_extabort_type(result); in arm_casq_ptw()
789 address_space_stq_le(as, ptw->out_phys, new_val, attrs, &result); in arm_casq_ptw()
791 fi->type = ARMFault_SyncExternalOnWalk; in arm_casq_ptw()
792 fi->ea = arm_extabort_type(result); in arm_casq_ptw()
808 * Raising a stage2 Protection fault for an atomic update to a read-only in arm_casq_ptw()
811 if (unlikely(!ptw->out_rw)) { in arm_casq_ptw()
814 env->tlb_fi = fi; in arm_casq_ptw()
815 flags = probe_access_full_mmu(env, ptw->out_virt, 0, in arm_casq_ptw()
817 arm_to_core_mmu_idx(ptw->in_ptw_idx), in arm_casq_ptw()
819 env->tlb_fi = NULL; in arm_casq_ptw()
828 assert(fi->type != ARMFault_None); in arm_casq_ptw()
829 fi->s2addr = ptw->out_virt; in arm_casq_ptw()
830 fi->stage2 = true; in arm_casq_ptw()
831 fi->s1ptw = true; in arm_casq_ptw()
832 fi->s1ns = fault_s1ns(ptw->in_space, ptw->in_ptw_idx); in arm_casq_ptw()
837 ptw->out_rw = true; in arm_casq_ptw()
840 if (ptw->out_be) { in arm_casq_ptw()
853 /* AArch32 does not have FEAT_HADFS; non-TCG guests only use debug-mode. */ in arm_casq_ptw()
889 * @ap: The 3-bit access permissions (AP[2:0])
890 * @domain_prot: The 2-bit domain access permissions
943 * @ap: The 3-bit access permissions (AP[2:0])
944 * @domain_prot: The 2-bit domain access permissions
955 * @ap: The 2-bit simple AP (AP[2:1])
995 if (!get_level1_table_address(env, ptw->in_mmu_idx, &table, address)) { in get_phys_addr_v5()
997 fi->type = ARMFault_Translation; in get_phys_addr_v5()
1004 if (fi->type != ARMFault_None) { in get_phys_addr_v5()
1009 if (regime_el(env, ptw->in_mmu_idx) == 1) { in get_phys_addr_v5()
1010 dacr = env->cp15.dacr_ns; in get_phys_addr_v5()
1012 dacr = env->cp15.dacr_s; in get_phys_addr_v5()
1017 fi->type = ARMFault_Translation; in get_phys_addr_v5()
1024 fi->type = ARMFault_Domain; in get_phys_addr_v5()
1031 result->f.lg_page_size = 20; /* 1MB */ in get_phys_addr_v5()
1045 if (fi->type != ARMFault_None) { in get_phys_addr_v5()
1050 fi->type = ARMFault_Translation; in get_phys_addr_v5()
1055 result->f.lg_page_size = 16; in get_phys_addr_v5()
1060 result->f.lg_page_size = 12; in get_phys_addr_v5()
1068 result->f.lg_page_size = 12; in get_phys_addr_v5()
1074 fi->type = ARMFault_Translation; in get_phys_addr_v5()
1079 result->f.lg_page_size = 10; in get_phys_addr_v5()
1088 result->f.prot = ap_to_rw_prot(env, ptw->in_mmu_idx, ap, domain_prot); in get_phys_addr_v5()
1089 result->f.prot |= result->f.prot ? PAGE_EXEC : 0; in get_phys_addr_v5()
1090 if (!(result->f.prot & (1 << access_type))) { in get_phys_addr_v5()
1092 fi->type = ARMFault_Permission; in get_phys_addr_v5()
1095 result->f.phys_addr = phys_addr; in get_phys_addr_v5()
1098 fi->domain = domain; in get_phys_addr_v5()
1099 fi->level = level; in get_phys_addr_v5()
1108 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_v6()
1127 fi->type = ARMFault_Translation; in get_phys_addr_v6()
1134 if (fi->type != ARMFault_None) { in get_phys_addr_v6()
1142 fi->type = ARMFault_Translation; in get_phys_addr_v6()
1150 dacr = env->cp15.dacr_ns; in get_phys_addr_v6()
1152 dacr = env->cp15.dacr_s; in get_phys_addr_v6()
1160 fi->type = ARMFault_Domain; in get_phys_addr_v6()
1169 result->f.lg_page_size = 24; /* 16MB */ in get_phys_addr_v6()
1173 result->f.lg_page_size = 20; /* 1MB */ in get_phys_addr_v6()
1190 if (fi->type != ARMFault_None) { in get_phys_addr_v6()
1196 fi->type = ARMFault_Translation; in get_phys_addr_v6()
1201 result->f.lg_page_size = 16; in get_phys_addr_v6()
1206 result->f.lg_page_size = 12; in get_phys_addr_v6()
1213 out_space = ptw->in_space; in get_phys_addr_v6()
1217 * the CPU doesn't support TZ or this is a non-secure translation in get_phys_addr_v6()
1218 * regime, because the output space will already be non-secure. in get_phys_addr_v6()
1223 result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; in get_phys_addr_v6()
1232 fi->type = ARMFault_AccessFlag; in get_phys_addr_v6()
1242 result->f.prot = get_S1prot(env, mmu_idx, false, user_rw, prot_rw, in get_phys_addr_v6()
1243 xn, pxn, result->f.attrs.space, out_space); in get_phys_addr_v6()
1244 if (!(result->f.prot & (1 << access_type))) { in get_phys_addr_v6()
1246 fi->type = ARMFault_Permission; in get_phys_addr_v6()
1250 result->f.attrs.space = out_space; in get_phys_addr_v6()
1251 result->f.attrs.secure = arm_space_is_secure(out_space); in get_phys_addr_v6()
1252 result->f.phys_addr = phys_addr; in get_phys_addr_v6()
1255 fi->domain = domain; in get_phys_addr_v6()
1256 fi->level = level; in get_phys_addr_v6()
1263 * @s2ap: The 2-bit stage2 access permissions (S2AP)
1264 * @xn: XN (execute-never) bits
1321 * @xn: XN (execute-never) bit
1322 * @pxn: PXN (privileged execute-never) bit
1361 * R_ZWRVD: permission fault for insn fetched from non-Root, in get_S1prot()
1367 * R_PKTDS: permission fault for insn fetched from non-Realm, in get_S1prot()
1382 if (env->cp15.scr_el3 & SCR_SIF) { in get_S1prot()
1451 * If the sign-extend bit is not the same as t0sz[3], the result in aa32_va_parameters()
1506 * @stride: Page-table stride (See the ARM ARM)
1531 startlevel = -1; in check_s2_mmu_setup()
1533 startlevel = 2 - sl0; in check_s2_mmu_setup()
1562 startlevel = 3 - sl0; in check_s2_mmu_setup()
1574 startlevel = 3 - sl0; in check_s2_mmu_setup()
1589 startlevel = 2 - sl0; in check_s2_mmu_setup()
1593 levels = 3 - startlevel; in check_s2_mmu_setup()
1597 s1_max_iasize = s1_min_iasize + (stride - 1) + 4; in check_s2_mmu_setup()
1628 uint64_t hcr = arm_hcr_el2_eff_secstate(env, ptw->in_space); in nv_nv1_enabled()
1638 * of a long-format DFSR/IFSR fault register, with the following caveat:
1655 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_lpae()
1696 addrsize = 64 - 8 * param.tbi; in get_phys_addr_lpae()
1697 inputsize = 64 - param.tsz; in get_phys_addr_lpae()
1701 * ID_AA64MMFR0 is a read-only register so values outside of the in get_phys_addr_lpae()
1704 ps = FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); in get_phys_addr_lpae()
1720 inputsize = addrsize - param.tsz; in get_phys_addr_lpae()
1735 addrsize - inputsize); in get_phys_addr_lpae()
1736 if (-top_bits != param.select) { in get_phys_addr_lpae()
1737 /* The gap between the two regions is a Translation fault */ in get_phys_addr_lpae()
1742 stride = arm_granule_bits(param.gran) - 3; in get_phys_addr_lpae()
1749 * implement any ASID-like capability so we can ignore it (instead in get_phys_addr_lpae()
1762 * Note: This is always 0 on 64-bit EL2 and EL3. in get_phys_addr_lpae()
1773 * level = 4 - RoundUp((inputsize - grainsize) / stride) in get_phys_addr_lpae()
1776 * Applying the usual "rounded up m/n is (m+n-1)/n" and simplifying: in get_phys_addr_lpae()
1777 * = 4 - (inputsize - stride - 3 + stride - 1) / stride in get_phys_addr_lpae()
1778 * = 4 - (inputsize - 4) / stride; in get_phys_addr_lpae()
1780 level = 4 - (inputsize - 4) / stride; in get_phys_addr_lpae()
1792 indexmask = MAKE_64BIT_MASK(0, inputsize - (stride * (4 - level))); in get_phys_addr_lpae()
1808 fi->type = ARMFault_AddressSize; in get_phys_addr_lpae()
1814 * and also to mask out CnP (bit 0) which could validly be non-zero. in get_phys_addr_lpae()
1824 * the highest bits of a 52-bit output are placed elsewhere. in get_phys_addr_lpae()
1837 descaddr |= (address >> (stride * (4 - level))) & indexmask; in get_phys_addr_lpae()
1842 * the table address space and the output space from Secure to in get_phys_addr_lpae()
1846 if (ptw->in_space == ARMSS_Secure in get_phys_addr_lpae()
1850 * Stage2_S -> Stage2 or Phys_S -> Phys_NS in get_phys_addr_lpae()
1851 * Assert the relative order of the secure/non-secure indexes. in get_phys_addr_lpae()
1855 ptw->in_ptw_idx += 1; in get_phys_addr_lpae()
1856 ptw->in_space = ARMSS_NonSecure; in get_phys_addr_lpae()
1863 if (fi->type != ARMFault_None) { in get_phys_addr_lpae()
1891 fi->type = ARMFault_AddressSize; in get_phys_addr_lpae()
1919 page_size = (1ULL << ((stride * (4 - level)) + 3)); in get_phys_addr_lpae()
1920 descaddr &= ~(hwaddr)(page_size - 1); in get_phys_addr_lpae()
1921 descaddr |= (address & (page_size - 1)); in get_phys_addr_lpae()
1923 if (likely(!ptw->in_debug)) { in get_phys_addr_lpae()
1933 fi->type = ARMFault_AccessFlag; in get_phys_addr_lpae()
1940 * If HD is enabled, pre-emptively set/clear the appropriate AP/S2AP in get_phys_addr_lpae()
1975 out_space = ptw->in_space; in get_phys_addr_lpae()
1980 * R_YMCSL: Executing an insn fetched from non-Realm causes in get_phys_addr_lpae()
1985 result->f.prot = get_S2prot_noexecute(ap); in get_phys_addr_lpae()
1988 result->f.prot = get_S2prot(env, ap, xn, ptw->in_s1_is_el0); in get_phys_addr_lpae()
1991 result->cacheattrs.is_s2_format = true; in get_phys_addr_lpae()
1992 result->cacheattrs.attrs = extract32(attrs, 2, 4); in get_phys_addr_lpae()
1998 result->cacheattrs.attrs); in get_phys_addr_lpae()
2036 * NS changes the output to non-secure space. in get_phys_addr_lpae()
2074 * Note that we modified ptw->in_space earlier for NSTable, but in get_phys_addr_lpae()
2075 * result->f.attrs retains a copy of the original security space. in get_phys_addr_lpae()
2077 result->f.prot = get_S1prot(env, mmu_idx, aarch64, user_rw, prot_rw, in get_phys_addr_lpae()
2078 xn, pxn, result->f.attrs.space, out_space); in get_phys_addr_lpae()
2082 mair = env->cp15.mair_el[regime_el(env, mmu_idx)]; in get_phys_addr_lpae()
2084 result->cacheattrs.is_s2_format = false; in get_phys_addr_lpae()
2085 result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8); in get_phys_addr_lpae()
2089 result->f.extra.arm.guarded = extract64(attrs, 50, 1); /* GP */ in get_phys_addr_lpae()
2091 device = S1_attrs_are_device(result->cacheattrs.attrs); in get_phys_addr_lpae()
2099 * - Alignment fault caused by the memory type in get_phys_addr_lpae()
2100 * - Permission fault in get_phys_addr_lpae()
2101 * - A stage 2 fault on the memory access in get_phys_addr_lpae()
2105 * non-device path so that tlb_fill_flags is consistent in the in get_phys_addr_lpae()
2115 if (address & ((1 << a_bits) - 1)) { in get_phys_addr_lpae()
2116 fi->type = ARMFault_Alignment; in get_phys_addr_lpae()
2119 result->f.tlb_fill_flags = TLB_CHECK_ALIGNED; in get_phys_addr_lpae()
2121 result->f.tlb_fill_flags = 0; in get_phys_addr_lpae()
2124 if (!(result->f.prot & (1 << access_type))) { in get_phys_addr_lpae()
2125 fi->type = ARMFault_Permission; in get_phys_addr_lpae()
2132 if (fi->type != ARMFault_None) { in get_phys_addr_lpae()
2136 * I_YZSVV says that if the in-memory descriptor has changed, in get_phys_addr_lpae()
2148 result->f.attrs.space = out_space; in get_phys_addr_lpae()
2149 result->f.attrs.secure = arm_space_is_secure(out_space); in get_phys_addr_lpae()
2153 * was re-purposed for output address bits. The SH attribute in in get_phys_addr_lpae()
2157 result->cacheattrs.shareability = param.sh; in get_phys_addr_lpae()
2159 result->cacheattrs.shareability = extract32(attrs, 8, 2); in get_phys_addr_lpae()
2162 result->f.phys_addr = descaddr; in get_phys_addr_lpae()
2163 result->f.lg_page_size = ctz64(page_size); in get_phys_addr_lpae()
2167 fi->type = ARMFault_Translation; in get_phys_addr_lpae()
2169 if (fi->s1ptw) { in get_phys_addr_lpae()
2170 /* Retain the existing stage 2 fi->level */ in get_phys_addr_lpae()
2171 assert(fi->stage2); in get_phys_addr_lpae()
2173 fi->level = level; in get_phys_addr_lpae()
2174 fi->stage2 = regime_is_stage2(mmu_idx); in get_phys_addr_lpae()
2176 fi->s1ns = fault_s1ns(ptw->in_space, mmu_idx); in get_phys_addr_lpae()
2190 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_pmsav5()
2193 if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) { in get_phys_addr_pmsav5()
2195 result->f.phys_addr = address; in get_phys_addr_pmsav5()
2196 result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; in get_phys_addr_pmsav5()
2200 result->f.phys_addr = address; in get_phys_addr_pmsav5()
2201 for (n = 7; n >= 0; n--) { in get_phys_addr_pmsav5()
2202 base = env->cp15.c6_region[n]; in get_phys_addr_pmsav5()
2209 mask = (mask << 1) - 1; in get_phys_addr_pmsav5()
2215 fi->type = ARMFault_Background; in get_phys_addr_pmsav5()
2220 mask = env->cp15.pmsav5_insn_ap; in get_phys_addr_pmsav5()
2222 mask = env->cp15.pmsav5_data_ap; in get_phys_addr_pmsav5()
2227 fi->type = ARMFault_Permission; in get_phys_addr_pmsav5()
2228 fi->level = 1; in get_phys_addr_pmsav5()
2232 fi->type = ARMFault_Permission; in get_phys_addr_pmsav5()
2233 fi->level = 1; in get_phys_addr_pmsav5()
2236 result->f.prot = PAGE_READ | PAGE_WRITE; in get_phys_addr_pmsav5()
2239 result->f.prot = PAGE_READ; in get_phys_addr_pmsav5()
2241 result->f.prot |= PAGE_WRITE; in get_phys_addr_pmsav5()
2245 result->f.prot = PAGE_READ | PAGE_WRITE; in get_phys_addr_pmsav5()
2249 fi->type = ARMFault_Permission; in get_phys_addr_pmsav5()
2250 fi->level = 1; in get_phys_addr_pmsav5()
2253 result->f.prot = PAGE_READ; in get_phys_addr_pmsav5()
2256 result->f.prot = PAGE_READ; in get_phys_addr_pmsav5()
2260 fi->type = ARMFault_Permission; in get_phys_addr_pmsav5()
2261 fi->level = 1; in get_phys_addr_pmsav5()
2264 result->f.prot |= PAGE_EXEC; in get_phys_addr_pmsav5()
2286 * The architecture specifies which regions are execute-never; in get_phys_addr_pmsav7_default()
2310 /* True if address is in the M profile PPB region 0xe0000000 - 0xe00fffff */ in m_is_ppb_region()
2319 * 0xe0000000 - 0xffffffff in m_is_system_region()
2329 * "background" region if there are no hits against any MPU regions. in pmsav7_use_background_region()
2331 CPUARMState *env = &cpu->env; in pmsav7_use_background_region()
2338 return env->v7m.mpu_ctrl[is_secure] & R_V7M_MPU_CTRL_PRIVDEFENA_MASK; in pmsav7_use_background_region()
2357 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_pmsav7()
2359 bool secure = arm_space_is_secure(ptw->in_space); in get_phys_addr_pmsav7() local
2361 result->f.phys_addr = address; in get_phys_addr_pmsav7()
2362 result->f.lg_page_size = TARGET_PAGE_BITS; in get_phys_addr_pmsav7()
2363 result->f.prot = 0; in get_phys_addr_pmsav7()
2365 if (regime_translation_disabled(env, mmu_idx, ptw->in_space) || in get_phys_addr_pmsav7()
2375 get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot); in get_phys_addr_pmsav7()
2377 for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) { in get_phys_addr_pmsav7()
2379 uint32_t base = env->pmsav7.drbar[n]; in get_phys_addr_pmsav7()
2380 uint32_t rsize = extract32(env->pmsav7.drsr[n], 1, 5); in get_phys_addr_pmsav7()
2384 if (!(env->pmsav7.drsr[n] & 0x1)) { in get_phys_addr_pmsav7()
2394 rmask = (1ull << rsize) - 1; in get_phys_addr_pmsav7()
2417 result->f.lg_page_size = 0; in get_phys_addr_pmsav7()
2424 if (rsize >= 8) { /* no subregions for regions < 256 bytes */ in get_phys_addr_pmsav7()
2428 rsize -= 3; /* sub region size (power of 2) */ in get_phys_addr_pmsav7()
2429 snd = ((address - base) >> rsize) & 0x7; in get_phys_addr_pmsav7()
2430 srdis = extract32(env->pmsav7.drsr[n], snd + 8, 1); in get_phys_addr_pmsav7()
2441 int snd_rounded = snd & ~(i - 1); in get_phys_addr_pmsav7()
2442 uint32_t srdis_multi = extract32(env->pmsav7.drsr[n], in get_phys_addr_pmsav7()
2455 result->f.lg_page_size = rsize; in get_phys_addr_pmsav7()
2460 if (n == -1) { /* no hits */ in get_phys_addr_pmsav7()
2461 if (!pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) { in get_phys_addr_pmsav7()
2463 fi->type = ARMFault_Background; in get_phys_addr_pmsav7()
2467 &result->f.prot); in get_phys_addr_pmsav7()
2469 uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3); in get_phys_addr_pmsav7()
2470 uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1); in get_phys_addr_pmsav7()
2484 result->f.prot |= PAGE_WRITE; in get_phys_addr_pmsav7()
2488 result->f.prot |= PAGE_READ | PAGE_EXEC; in get_phys_addr_pmsav7()
2493 result->f.prot |= PAGE_READ | PAGE_EXEC; in get_phys_addr_pmsav7()
2509 result->f.prot |= PAGE_WRITE; in get_phys_addr_pmsav7()
2513 result->f.prot |= PAGE_READ | PAGE_EXEC; in get_phys_addr_pmsav7()
2518 result->f.prot |= PAGE_READ | PAGE_EXEC; in get_phys_addr_pmsav7()
2531 result->f.prot &= ~PAGE_EXEC; in get_phys_addr_pmsav7()
2536 fi->type = ARMFault_Permission; in get_phys_addr_pmsav7()
2537 fi->level = 1; in get_phys_addr_pmsav7()
2538 return !(result->f.prot & (1 << access_type)); in get_phys_addr_pmsav7()
2542 uint32_t secure) in regime_rbar() argument
2545 return env->pmsav8.hprbar; in regime_rbar()
2547 return env->pmsav8.rbar[secure]; in regime_rbar()
2552 uint32_t secure) in regime_rlar() argument
2555 return env->pmsav8.hprlar; in regime_rlar()
2557 return env->pmsav8.rlar[secure]; in regime_rlar()
2563 bool secure, GetPhysAddrResult *result, in pmsav8_mpu_lookup() argument
2568 * that a full phys-to-virt translation does). in pmsav8_mpu_lookup()
2570 * or -1 if no region number is returned (MPU off, address did not in pmsav8_mpu_lookup()
2571 * hit a region, address hit in multiple regions). in pmsav8_mpu_lookup()
2579 int matchregion = -1; in pmsav8_mpu_lookup()
2582 uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1); in pmsav8_mpu_lookup()
2586 region_counter = cpu->pmsav8r_hdregion; in pmsav8_mpu_lookup()
2588 region_counter = cpu->pmsav7_dregion; in pmsav8_mpu_lookup()
2591 result->f.lg_page_size = TARGET_PAGE_BITS; in pmsav8_mpu_lookup()
2592 result->f.phys_addr = address; in pmsav8_mpu_lookup()
2593 result->f.prot = 0; in pmsav8_mpu_lookup()
2595 *mregion = -1; in pmsav8_mpu_lookup()
2599 fi->stage2 = true; in pmsav8_mpu_lookup()
2609 if (regime_translation_disabled(env, mmu_idx, arm_secure_to_space(secure))) { in pmsav8_mpu_lookup()
2615 if (pmsav7_use_background_region(cpu, mmu_idx, secure, is_user)) { in pmsav8_mpu_lookup()
2624 fi->level = 0; in pmsav8_mpu_lookup()
2627 for (n = region_counter - 1; n >= 0; n--) { in pmsav8_mpu_lookup()
2631 * with bits [x-1:0] all zeroes, but the limit address is bits in pmsav8_mpu_lookup()
2633 * 5 for Cortex-M and 6 for Cortex-R in pmsav8_mpu_lookup()
2635 uint32_t base = regime_rbar(env, mmu_idx, secure)[n] & ~bitmask; in pmsav8_mpu_lookup()
2636 uint32_t limit = regime_rlar(env, mmu_idx, secure)[n] | bitmask; in pmsav8_mpu_lookup()
2638 if (!(regime_rlar(env, mmu_idx, secure)[n] & 0x1)) { in pmsav8_mpu_lookup()
2654 ranges_overlap(base, limit - base + 1, in pmsav8_mpu_lookup()
2657 result->f.lg_page_size = 0; in pmsav8_mpu_lookup()
2663 result->f.lg_page_size = 0; in pmsav8_mpu_lookup()
2666 if (matchregion != -1) { in pmsav8_mpu_lookup()
2668 * Multiple regions match -- always a failure (unlike in pmsav8_mpu_lookup()
2669 * PMSAv7 where highest-numbered-region wins) in pmsav8_mpu_lookup()
2671 fi->type = ARMFault_Permission; in pmsav8_mpu_lookup()
2673 fi->level = 1; in pmsav8_mpu_lookup()
2685 fi->type = ARMFault_Background; in pmsav8_mpu_lookup()
2687 fi->type = ARMFault_Permission; in pmsav8_mpu_lookup()
2692 if (matchregion == -1) { in pmsav8_mpu_lookup()
2694 get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot); in pmsav8_mpu_lookup()
2696 uint32_t matched_rbar = regime_rbar(env, mmu_idx, secure)[matchregion]; in pmsav8_mpu_lookup()
2697 uint32_t matched_rlar = regime_rlar(env, mmu_idx, secure)[matchregion]; in pmsav8_mpu_lookup()
2712 result->f.prot = simple_ap_to_rw_prot_is_user(ap, in pmsav8_mpu_lookup()
2715 result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap); in pmsav8_mpu_lookup()
2720 uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)]; in pmsav8_mpu_lookup()
2724 result->f.prot & PAGE_WRITE && mmu_idx != ARMMMUIdx_Stage2) { in pmsav8_mpu_lookup()
2733 result->cacheattrs.is_s2_format = false; in pmsav8_mpu_lookup()
2734 result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8); in pmsav8_mpu_lookup()
2735 result->cacheattrs.shareability = sh; in pmsav8_mpu_lookup()
2738 if (result->f.prot && !xn && !(pxn && !is_user)) { in pmsav8_mpu_lookup()
2739 result->f.prot |= PAGE_EXEC; in pmsav8_mpu_lookup()
2747 fi->type = ARMFault_Permission; in pmsav8_mpu_lookup()
2749 fi->level = 1; in pmsav8_mpu_lookup()
2751 return !(result->f.prot & (1 << access_type)); in pmsav8_mpu_lookup()
2777 * We assume the caller has zero-initialized *sattrs. in v8m_security_lookup()
2784 uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1); in v8m_security_lookup()
2786 if (cpu->idau) { in v8m_security_lookup()
2787 IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(cpu->idau); in v8m_security_lookup()
2788 IDAUInterface *ii = IDAU_INTERFACE(cpu->idau); in v8m_security_lookup()
2790 iic->check(ii, address, &idau_region, &idau_exempt, &idau_ns, in v8m_security_lookup()
2800 sattrs->ns = !is_secure; in v8m_security_lookup()
2805 sattrs->irvalid = true; in v8m_security_lookup()
2806 sattrs->iregion = idau_region; in v8m_security_lookup()
2809 switch (env->sau.ctrl & 3) { in v8m_security_lookup()
2813 sattrs->ns = true; in v8m_security_lookup()
2816 for (r = 0; r < cpu->sau_sregion; r++) { in v8m_security_lookup()
2817 if (env->sau.rlar[r] & 1) { in v8m_security_lookup()
2818 uint32_t base = env->sau.rbar[r] & ~0x1f; in v8m_security_lookup()
2819 uint32_t limit = env->sau.rlar[r] | 0x1f; in v8m_security_lookup()
2823 sattrs->subpage = true; in v8m_security_lookup()
2825 if (sattrs->srvalid) { in v8m_security_lookup()
2828 * as Secure, not NS-Callable, with no valid region in v8m_security_lookup()
2831 sattrs->ns = false; in v8m_security_lookup()
2832 sattrs->nsc = false; in v8m_security_lookup()
2833 sattrs->sregion = 0; in v8m_security_lookup()
2834 sattrs->srvalid = false; in v8m_security_lookup()
2837 if (env->sau.rlar[r] & 2) { in v8m_security_lookup()
2838 sattrs->nsc = true; in v8m_security_lookup()
2840 sattrs->ns = true; in v8m_security_lookup()
2842 sattrs->srvalid = true; in v8m_security_lookup()
2843 sattrs->sregion = r; in v8m_security_lookup()
2856 ranges_overlap(base, limit - base + 1, in v8m_security_lookup()
2859 sattrs->subpage = true; in v8m_security_lookup()
2872 if (sattrs->ns || (!idau_nsc && sattrs->nsc)) { in v8m_security_lookup()
2873 sattrs->ns = false; in v8m_security_lookup()
2874 sattrs->nsc = idau_nsc; in v8m_security_lookup()
2887 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_pmsav8()
2888 bool secure = arm_space_is_secure(ptw->in_space); in get_phys_addr_pmsav8() local
2893 secure, &sattrs); in get_phys_addr_pmsav8()
2913 if (sattrs.ns != !secure) { in get_phys_addr_pmsav8()
2915 fi->type = ARMFault_QEMU_NSCExec; in get_phys_addr_pmsav8()
2917 fi->type = ARMFault_QEMU_SFault; in get_phys_addr_pmsav8()
2919 result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS; in get_phys_addr_pmsav8()
2920 result->f.phys_addr = address; in get_phys_addr_pmsav8()
2921 result->f.prot = 0; in get_phys_addr_pmsav8()
2928 * might downgrade a secure access to nonsecure. in get_phys_addr_pmsav8()
2931 result->f.attrs.secure = false; in get_phys_addr_pmsav8()
2932 result->f.attrs.space = ARMSS_NonSecure; in get_phys_addr_pmsav8()
2933 } else if (!secure) { in get_phys_addr_pmsav8()
2944 fi->type = ARMFault_QEMU_SFault; in get_phys_addr_pmsav8()
2945 result->f.lg_page_size = sattrs.subpage ? 0 : TARGET_PAGE_BITS; in get_phys_addr_pmsav8()
2946 result->f.phys_addr = address; in get_phys_addr_pmsav8()
2947 result->f.prot = 0; in get_phys_addr_pmsav8()
2953 ret = pmsav8_mpu_lookup(env, address, access_type, mmu_idx, secure, in get_phys_addr_pmsav8()
2956 result->f.lg_page_size = 0; in get_phys_addr_pmsav8()
2962 * Translate from the 4-bit stage 2 representation of
2963 * memory attributes (without cache-allocation hints) to
2964 * the 8-bit representation of the stage 1 MAIR registers
2978 hiattr = loattr = 1; /* non-cacheable */ in convert_stage2_attrs()
2980 if (hiattr != 1) { /* Write-through or write-back */ in convert_stage2_attrs()
2983 if (loattr != 1) { /* Write-through or write-back */ in convert_stage2_attrs()
2994 * memory, according to table D4-42 and pseudocode procedure
3003 /* non-cacheable has precedence */ in combine_cacheattr_nibble()
3006 /* stage 1 write-through takes precedence */ in combine_cacheattr_nibble()
3009 /* stage 2 write-through takes precedence, but the allocation hint in combine_cacheattr_nibble()
3013 } else { /* write-back */ in combine_cacheattr_nibble()
3046 /* non-Reordering has precedence over Reordering */ in combined_attrs_nofwb()
3049 /* non-Gathering has precedence over Gathering */ in combined_attrs_nofwb()
3066 * in MAIR format, return a value specifying Normal Write-Back, in force_cacheattr_nibble_wb()
3073 * 4 == Non-cacheable in force_cacheattr_nibble_wb()
3074 * Either way, force Write-Back RW allocate non-transient in force_cacheattr_nibble_wb()
3097 * Force Normal Write-Back. Note that if S1 is Normal cacheable in combined_attrs_fwb()
3099 * RW allocate, non-transient. in combined_attrs_fwb()
3109 /* If S1 attrs are Device, use them; otherwise Normal Non-cacheable */ in combined_attrs_fwb()
3148 /* Combine shareability attributes (table D4-43) */ in combine_cacheattrs()
3150 /* if either are outer-shareable, the result is outer-shareable */ in combine_cacheattrs()
3153 /* if either are inner-shareable, the result is inner-shareable */ in combine_cacheattrs()
3156 /* both non-shareable */ in combine_cacheattrs()
3171 * Inner Non-cacheable, Outer Non-cacheable is always treated in combine_cacheattrs()
3189 * still checked for bounds -- see AArch64.S1DisabledOutput().
3198 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_disabled()
3200 uint8_t shareability = 0; /* non-shareable */ in get_phys_addr_disabled()
3216 uint64_t tcr = env->cp15.tcr_el[r_el]; in get_phys_addr_disabled()
3226 if (extract64(address, pamax, addrtop - pamax + 1) != 0) { in get_phys_addr_disabled()
3227 fi->type = ARMFault_AddressSize; in get_phys_addr_disabled()
3228 fi->level = 0; in get_phys_addr_disabled()
3229 fi->stage2 = false; in get_phys_addr_disabled()
3242 /* Fill in cacheattr a-la AArch64.TranslateAddressS1Off. */ in get_phys_addr_disabled()
3244 uint64_t hcr = arm_hcr_el2_eff_secstate(env, ptw->in_space); in get_phys_addr_disabled()
3263 result->cacheattrs.is_s2_format = false; in get_phys_addr_disabled()
3267 result->f.phys_addr = address; in get_phys_addr_disabled()
3268 result->f.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; in get_phys_addr_disabled()
3269 result->f.lg_page_size = TARGET_PAGE_BITS; in get_phys_addr_disabled()
3270 result->cacheattrs.shareability = shareability; in get_phys_addr_disabled()
3271 result->cacheattrs.attrs = memattr; in get_phys_addr_disabled()
3283 ARMSecuritySpace in_space = ptw->in_space; in get_phys_addr_twostage()
3297 ipa = result->f.phys_addr; in get_phys_addr_twostage()
3298 ipa_secure = result->f.attrs.secure; in get_phys_addr_twostage()
3299 ipa_space = result->f.attrs.space; in get_phys_addr_twostage()
3301 ptw->in_s1_is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0; in get_phys_addr_twostage()
3302 ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2; in get_phys_addr_twostage()
3303 ptw->in_space = ipa_space; in get_phys_addr_twostage()
3304 ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx); in get_phys_addr_twostage()
3310 s1_prot = result->f.prot; in get_phys_addr_twostage()
3311 s1_lgpgsz = result->f.lg_page_size; in get_phys_addr_twostage()
3312 s1_guarded = result->f.extra.arm.guarded; in get_phys_addr_twostage()
3313 cacheattrs1 = result->cacheattrs; in get_phys_addr_twostage()
3318 fi->s2addr = ipa; in get_phys_addr_twostage()
3321 result->f.prot &= s1_prot; in get_phys_addr_twostage()
3339 if (result->f.lg_page_size < TARGET_PAGE_BITS || in get_phys_addr_twostage()
3341 result->f.lg_page_size = 0; in get_phys_addr_twostage()
3342 } else if (result->f.lg_page_size < s1_lgpgsz) { in get_phys_addr_twostage()
3343 result->f.lg_page_size = s1_lgpgsz; in get_phys_addr_twostage()
3351 * Normal Non-Shareable, in get_phys_addr_twostage()
3352 * Inner Write-Back Read-Allocate Write-Allocate, in get_phys_addr_twostage()
3353 * Outer Write-Back Read-Allocate Write-Allocate. in get_phys_addr_twostage()
3361 result->cacheattrs = combine_cacheattrs(hcr, cacheattrs1, in get_phys_addr_twostage()
3362 result->cacheattrs); in get_phys_addr_twostage()
3365 result->f.extra.arm.guarded = s1_guarded; in get_phys_addr_twostage()
3368 * Check if IPA translates to secure or non-secure PA space. in get_phys_addr_twostage()
3372 result->f.attrs.secure = in get_phys_addr_twostage()
3373 !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)) in get_phys_addr_twostage()
3375 || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))); in get_phys_addr_twostage()
3376 result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure); in get_phys_addr_twostage()
3388 ARMMMUIdx mmu_idx = ptw->in_mmu_idx; in get_phys_addr_nogpc()
3392 * The page table entries may downgrade Secure to NonSecure, but in get_phys_addr_nogpc()
3394 * to Secure or Realm. in get_phys_addr_nogpc()
3396 result->f.attrs.space = ptw->in_space; in get_phys_addr_nogpc()
3397 result->f.attrs.secure = arm_space_is_secure(ptw->in_space); in get_phys_addr_nogpc()
3413 * Secure has both S and NS IPA and starts with Stage2_S. in get_phys_addr_nogpc()
3415 ptw->in_ptw_idx = (ptw->in_space == ARMSS_Secure) ? in get_phys_addr_nogpc()
3424 * the Secure EL2&0 regime. in get_phys_addr_nogpc()
3426 ptw->in_ptw_idx = ptw_idx_for_stage_2(env, mmu_idx); in get_phys_addr_nogpc()
3440 * translations if mmu_idx is a two-stage regime, and EL2 present. in get_phys_addr_nogpc()
3443 ptw->in_mmu_idx = mmu_idx = s1_mmu_idx; in get_phys_addr_nogpc()
3445 !regime_translation_disabled(env, ARMMMUIdx_Stage2, ptw->in_space)) { in get_phys_addr_nogpc()
3453 ptw->in_ptw_idx = arm_space_to_phys(ptw->in_space); in get_phys_addr_nogpc()
3457 result->f.attrs.user = regime_is_user(env, mmu_idx); in get_phys_addr_nogpc()
3466 address += env->cp15.fcseidr_s; in get_phys_addr_nogpc()
3468 address += env->cp15.fcseidr_ns; in get_phys_addr_nogpc()
3474 result->f.lg_page_size = TARGET_PAGE_BITS; in get_phys_addr_nogpc()
3485 /* Pre-v7 MPU */ in get_phys_addr_nogpc()
3490 " mmu_idx %u -> %s (prot %c%c%c)\n", in get_phys_addr_nogpc()
3495 result->f.prot & PAGE_READ ? 'r' : '-', in get_phys_addr_nogpc()
3496 result->f.prot & PAGE_WRITE ? 'w' : '-', in get_phys_addr_nogpc()
3497 result->f.prot & PAGE_EXEC ? 'x' : '-'); in get_phys_addr_nogpc()
3504 if (regime_translation_disabled(env, mmu_idx, ptw->in_space)) { in get_phys_addr_nogpc()
3530 if (!granule_protection_check(env, result->f.phys_addr, in get_phys_addr_gpc()
3531 result->f.attrs.space, fi)) { in get_phys_addr_gpc()
3532 fi->type = ARMFault_GPCFOnOutput; in get_phys_addr_gpc()
3576 * For Secure EL2, we need this index to be NonSecure; in get_phys_addr()
3628 CPUARMState *env = &cpu->env; in arm_cpu_get_phys_page_attrs_debug()
3644 return -1; in arm_cpu_get_phys_page_attrs_debug()