Add support for v8 page table walks. This supports stage 1 translations
for 4KB, 16KB and 64KB page sizes starting with 0 or 1 level.
Signed-off-by: NRob Herring <rob.herring@linaro.org>
[PMM: fix style nits, fold in 16/64K page support patch, use
 arm_el_is_aa64() to decide whether to do 64 bit page table walk]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

The current A32/T32 decoder bases its "is VFP/Neon enabled?" check
on the FPSCR.EN bit. This is correct if EL1 is AArch32, but for
an AArch64 EL1 the logic is different: it must act as if FPSCR.EN
is always set. Instead, trapping must happen according to CPACR
bits for cp10/cp11; these cover all of FP/Neon, including the
FPSCR/FPSID/MVFR register accesses which FPSCR.EN does not affect.
Add support for CPACR checks (which are also required for ARMv7,
but were unimplemented because Linux happens not to use them)
and make sure they generate exceptions with the correct syndrome.

We actually return incorrect syndrome information for cases
where FP is disabled but the specific instruction bit pattern
is unallocated: strictly these should be the Uncategorized
exception, not a "SIMD disabled" exception. This should be
mostly harmless, and the structure of the A32/T32 VFP/Neon
decoder makes it painful to put the 'FP disabled?' checks in
the right places.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

Because unallocated encodings generate different exception syndrome
information from traps due to FP being disabled, we can't do a single
"is fp access disabled" check at a high level in the decode tree.
To help in catching bugs where the access check was forgotten in some
code path, we set this flag when the access check is done, and assert
that it is set at the point where we actually touch the FP regs.

This requires us to pass the DisasContext to the vec_reg_offset
and fp_reg_offset functions.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

For the A64 instruction set, the only FP/Neon disable trap
is the CPACR FPEN bits, which may indicate "enabled", "disabled"
or "disabled for EL0". Add a bit to the AArch64 tb flags indicating
whether FP/Neon access is currently enabled and make the decoder
emit code to raise exceptions on use of FP/Neon insns if it is not.

We use a new flag in DisasContext rather than borrowing the
existing vfp_enabled flag because the A32/T32 decoder is going
to need both.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Acked-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
---
I'm aware this is a rather hard to review patch; sorry.
I have done an exhaustive check that we have fp access checks
in all code paths with the aid of the assertions added in the
next patch plus the code-coverage hack patch I posted to the
list earlier.

This patch is correct as of
09e03735 target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
which was the last of the Neon insns to be added, so assuming
no refactoring of the code it should be fine.

Set up the required syndrome information when we detect an MMU fault.
Signed-off-by: NRob Herring <rob.herring@linaro.org>
[PMM: split out from exception handling patch, tweaked to bring
 in line with how we create other kinds of syndrome information]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

Add new helpers exception_with_syndrome (for generating an exception
with syndrome information) and exception_uncategorized (for generating
an exception with "Unknown or Uncategorized Reason", which have a syndrome
register value of zero), and use them to generate the correct syndrome
information for exceptions which are raised directly from generated code.

This patch includes moving the A32/T32 gen_exception_insn functions
further up in the source file; they will be needed for "VFP/Neon disabled"
exception generation later.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

For exceptions taken to AArch64, if a coprocessor/system register
access fails due to a trap or enable bit then the syndrome information
must include details of the failing instruction (crn/crm/opc1/opc2
fields, etc). Make the decoder construct the syndrome information
at translate time so it can be passed at runtime to the access-check
helper function and used as required.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

For AArch32 exceptions, the only information provided about
the cause of an exception is the individual exception type (data
abort, undef, etc), which we store in cs->exception_index. For
AArch64, the CPU provides much more detail about the cause of
the exception, which can be found in the syndrome register.
Create a set of fields in CPUARMState which must be filled in
whenever an exception is raised, so that exception entry can
correctly fill in the syndrome register for the guest.
This includes the information which in AArch32 appears in
the DFAR and IFAR (fault address registers) and the DFSR
and IFSR (fault status registers) for data aborts and
prefetch aborts, since if we end up taking the MMU fault
to AArch64 rather than AArch32 this will need to end up
in different system registers.

This patch does a refactoring which moves the setting of the
AArch32 DFAR/DFSR/IFAR/IFSR from the point where the exception
is raised to the point where it is taken. (This is no change
for cores with an MMU, retains the existing clearly incorrect
behaviour for ARM946 of trashing the MP access permissions
registers which share the c5_data and c5_insn state fields,
and has no effect for v7M because we don't implement its
MPU fault status or address registers.)

As a side effect of the cleanup we fix a bug in the AArch64
linux-user mode code where we were passing a 64 bit fault
address through the 32 bit c6_data/c6_insn fields: it now
goes via the always-64-bit exception.vaddress.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

Implement the DAIF system register which is a view of the
DAIF bits in PSTATE. To avoid needing a readfn, we widen
the daif field in CPUARMState to uint64_t.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

Currently cpu.h defines a mixture of functions and types needed by
the rest of QEMU and those needed only by files within target-arm/.
Split the latter out into a new header so they aren't needlessly
exposed further than required.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

* remotes/rth/tcg-aarch-6-5: (25 commits)
  tcg-aarch64: Use tcg_out_mov in preference to tcg_out_movr
  tcg-aarch64: Prefer unsigned offsets before signed offsets for ldst
  tcg-aarch64: Introduce tcg_out_insn_3312, _3310, _3313
  tcg-aarch64: Merge aarch64_ldst_get_data/type into tcg_out_op
  tcg-aarch64: Introduce tcg_out_insn_3507
  tcg-aarch64: Support stores of zero
  tcg-aarch64: Implement TCG_TARGET_HAS_new_ldst
  tcg-aarch64: Pass qemu_ld/st arguments directly
  tcg-aarch64: Use TCGMemOp in qemu_ld/st
  tcg-aarch64: Use ADR to pass the return address to the ld/st helpers
  tcg-aarch64: Use tcg_out_call for qemu_ld/st
  tcg-aarch64: Avoid add with zero in tlb load
  tcg-aarch64: Implement tcg_register_jit
  tcg-aarch64: Introduce tcg_out_insn_3314
  tcg-aarch64: Reuse LR in translated code
  tcg-aarch64: Use CBZ and CBNZ
  tcg-aarch64: Create tcg_out_brcond
  tcg-aarch64: Use symbolic names for branches
  tcg-aarch64: Use adrp in tcg_out_movi
  tcg-aarch64: Special case small constants in tcg_out_movi
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

It's the more canonical interface.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The assembler seems to prefer them, perhaps we should too.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Replace aarch64_ldst_op_data with AArch64LdstType, as it wasn't encoded
for the proper shift for the field and was confusing.

Merge aarch64_ldst_op_data, AArch64LdstType, and a few stray opcode bits
into a single I3312_* argument, eliminating some magic numbers from the
helper functions.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Cleaning up the implementation of REV and REV16 at the same time.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Instead of passing them the "args" array.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Making the bswap conditional on the memop instead of a compile-time test.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

In some cases, a direct branch will be in range.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Some guest env are small enough to reach the tlb with only a 12-bit addition.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Combines 4 other inline functions and tidies the prologue.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

It's obviously call-clobbered, but is otherwise unused.
Repurpose it as the TCG temporary.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

A compare and branch against zero happens at the start of
every single TB.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Rearrange code to put the compare and branch in the same place.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Loading an qemu pointer as an immediate happens often.  E.g.

- exit_tb $0x7fa8140013
+ exit_tb $0x7f81ee0013
...
- :  d2800260        mov     x0, #0x13
- :  f2b50280        movk    x0, #0xa814, lsl #16
- :  f2c00fe0        movk    x0, #0x7f, lsl #32
+ :  90ff1000        adrp    x0, 0x7f81ee0000
+ :  91004c00        add     x0, x0, #0x13
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The subset of logical immediates that we support is quite quick to test,
and such constants are quite common to want to load.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

When profitable, initialize the register with MOVN instead of MOVZ,
before setting the remaining lanes with MOVK.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Rather than raw constants that could mean anything.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

As opposed to tcg_target_long.
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Since the kernel doesn't pass any info on the reason for the fault,
disassemble the instruction to detect a store.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This reverts commit b533f658.

The original code was wrong, because effectively it ignored errors
from kernel, because kernel does not return -1 on error case but
returns -errno, and does not return -EPERM for this particular ioctl.
But in some cases kernel actually returned unsuccessful result,
namely, when the dirty bitmap in requested slot does not exist
it returns -ENOENT.  With new code this condition becomes an
error when it shouldn't be.

Revert that patch instead of fixing it properly this late in the
release process.  I disagree with this approach, but let's make
things move _somewhere_, instead of arguing endlessly whch of
the 2 proposed fixes is better.
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>