| blob | 02f48aa6a775f59288fb49260197adff4104817f |
1 /*
2 * ARM helper routines
3 *
4 * Copyright (c) 2005-2007 CodeSourcery, LLC
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
25 #define SIGNBIT (uint32_t)0x80000000
26 #define SIGNBIT64 ((uint64_t)1 << 63)
28 static void QEMU_NORETURN
31 {
39 }
42 {
45 /* No such thing as secure EL1 if EL3 is aarch32, so update the target EL
46 * to EL3 in this case.
47 */
50 }
53 }
57 {
72 }
73 }
75 }
77 #if !defined(CONFIG_USER_ONLY)
79 /* try to fill the TLB and return an exception if error. If retaddr is
80 * NULL, it means that the function was called in C code (i.e. not
81 * from generated code or from helper.c)
82 */
85 {
88 ARMMMUFaultInfo fi = {};
99 /* now we have a real cpu fault */
101 }
107 }
109 /* AArch64 syndrome does not have an LPAE bit */
112 /* For insn and data aborts we assume there is no instruction syndrome
113 * information; this is always true for exceptions reported to EL1.
114 */
122 }
124 }
129 }
130 }
131 #endif
134 {
139 }
142 {
147 }
149 }
152 {
157 }
159 }
162 {
172 }
174 }
177 {
182 }
184 }
187 {
192 }
194 }
196 /* Signed saturation. */
198 {
210 }
212 }
214 /* Unsigned saturation. */
216 {
226 }
228 }
230 /* Signed saturate. */
232 {
234 }
236 /* Dual halfword signed saturate. */
238 {
244 }
246 /* Unsigned saturate. */
248 {
250 }
252 /* Dual halfword unsigned saturate. */
254 {
260 }
262 /* Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
263 * The function returns the target EL (1-3) if the instruction is to be trapped;
264 * otherwise it returns 0 indicating it is not trapped.
265 */
267 {
271 /* If we are currently in EL0 then we need to check if SCTLR is set up for
272 * WFx instructions being trapped to EL1. These trap bits don't exist in v7.
273 */
279 /* Secure EL0 and Secure PL1 is at EL3 */
283 }
287 }
288 }
290 /* We are not trapping to EL1; trap to EL2 if HCR_EL2 requires it
291 * No need for ARM_FEATURE check as if HCR_EL2 doesn't exist the
292 * bits will be zero indicating no trap.
293 */
298 }
299 }
301 /* We are not trapping to EL1 or EL2; trap to EL3 if SCR_EL3 requires it */
306 }
307 }
310 }
313 {
318 /* Don't bother to go into our "low power state" if
319 * we would just wake up immediately.
320 */
322 }
327 }
332 }
335 {
336 /* This is a hint instruction that is semantically different
337 * from YIELD even though we currently implement it identically.
338 * Don't actually halt the CPU, just yield back to top
339 * level loop. This is not going into a "low power state"
340 * (ie halting until some event occurs), so we never take
341 * a configurable trap to a different exception level.
342 */
344 }
347 {
351 /* This is a non-trappable hint instruction that generally indicates
352 * that the guest is currently busy-looping. Yield control back to the
353 * top level loop so that a more deserving VCPU has a chance to run.
354 */
357 }
359 /* Raise an internal-to-QEMU exception. This is limited to only
360 * those EXCP values which are special cases for QEMU to interrupt
361 * execution and not to be used for exceptions which are passed to
362 * the guest (those must all have syndrome information and thus should
363 * use exception_with_syndrome).
364 */
366 {
372 }
374 /* Raise an exception with the specified syndrome register value */
375 void QEMU_NORETURN
378 {
380 }
383 {
385 }
388 {
390 }
392 /* Access to user mode registers from privileged modes. */
394 {
406 }
408 }
411 {
421 }
422 }
425 {
432 }
436 }
445 /* Requesting a trap to EL2 when we're in EL3 or S-EL0/1 is
446 * a bug in the access function.
447 */
468 }
471 }
474 {
478 }
481 {
485 }
488 {
492 }
495 {
499 }
502 {
503 /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set.
504 * Note that SPSel is never OK from EL0; we rely on handle_msr_i()
505 * to catch that case at translate time.
506 */
512 }
526 }
527 }
530 {
532 }
535 {
538 /* FIXME: Use actual secure state. */
543 /* If PSCI is enabled and this looks like a valid PSCI call then
544 * that overrides the architecturally mandated HVC behaviour.
545 */
547 }
550 /* If EL2 doesn't exist, HVC always UNDEFs */
553 /* EL3.HCE has priority over EL2.HCD. */
557 }
559 /* In ARMv7 and ARMv8/AArch32, HVC is undef in secure state.
560 * For ARMv8/AArch64, HVC is allowed in EL3.
561 * Note that we've already trapped HVC from EL0 at translation
562 * time.
563 */
566 }
571 }
572 }
575 {
580 /* On ARMv8 AArch32, SMD only applies to NS state.
581 * On ARMv7 SMD only applies to NS state and only if EL2 is available.
582 * For ARMv7 non EL2, we force SMD to zero so we don't need to re-check
583 * the EL2 condition here.
584 */
588 /* If PSCI is enabled and this looks like a valid PSCI call then
589 * that overrides the architecturally mandated SMC behaviour.
590 */
592 }
595 /* If we have no EL3 then SMC always UNDEFs */
598 /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. */
600 }
605 }
606 }
609 {
619 /* We must squash the PSTATE.SS bit to zero unless both of the
620 * following hold:
621 * 1. debug exceptions are currently disabled
622 * 2. singlestep will be active in the EL we return to
623 * We check 1 here and 2 after we've done the pstate/cpsr write() to
624 * transition to the EL we're going to.
625 */
628 }
631 /* TODO: We currently assume EL1/2/3 are running in AArch64. */
638 }
646 /* Disallow return to an EL which is unimplemented or higher
647 * than the current one.
648 */
650 }
652 /* Return with reserved M[1] bit set */
654 }
656 /* Return to EL0 with M[0] bit set */
658 }
663 }
666 }
670 illegal_return:
671 /* Illegal return events of various kinds have architecturally
672 * mandated behaviour:
673 * restore NZCV and DAIF from SPSR_ELx
674 * set PSTATE.IL
675 * restore PC from ELR_ELx
676 * no change to exception level, execution state or stack pointer
677 */
685 }
686 }
688 /* Return true if the linked breakpoint entry lbn passes its checks */
690 {
698 /* Links to unimplemented or non-context aware breakpoints are
699 * CONSTRAINED UNPREDICTABLE: either behave as if disabled, or
700 * as if linked to an UNKNOWN context-aware breakpoint (in which
701 * case DBGWCR<n>_EL1.LBN must indicate that breakpoint).
702 * We choose the former.
703 */
706 }
711 /* Linked breakpoint disabled : generate no events */
713 }
717 /* We match the whole register even if this is AArch32 using the
718 * short descriptor format (in which case it holds both PROCID and ASID),
719 * since we don't implement the optional v7 context ID masking.
720 */
726 /* Context matches never fire in EL2 or (AArch64) EL3 */
728 }
734 /* Links to Unlinked context breakpoints must generate no
735 * events; we choose to do the same for reserved values too.
736 */
738 }
741 }
744 {
748 /* Note that for watchpoints the check is against the CPU security
749 * state, not the S/NS attribute on the offending data access.
750 */
759 }
762 /* The LDRT/STRT/LDT/STT "unprivileged access" instructions should
763 * match watchpoints as if they were accesses done at EL0, even if
764 * the CPU is at EL1 or higher.
765 */
767 }
773 }
775 }
776 /* The WATCHPOINT_HIT flag guarantees us that the watchpoint is
777 * enabled and that the address and access type match; for breakpoints
778 * we know the address matched; check the remaining fields, including
779 * linked breakpoints. We rely on WCR and BCR having the same layout
780 * for the LBN, SSC, HMC, PAC/PMC and is-linked fields.
781 * Note that some combinations of {PAC, HMC, SSC} are reserved and
782 * must act either like some valid combination or as if the watchpoint
783 * were disabled. We choose the former, and use this together with
784 * the fact that EL3 must always be Secure and EL2 must always be
785 * Non-Secure to simplify the code slightly compared to the full
786 * table in the ARM ARM.
787 */
799 }
804 }
806 }
813 }
818 }
823 }
827 }
834 }
837 }
840 {
844 /* If watchpoints are disabled globally or we can't take debug
845 * exceptions here then watchpoint firings are ignored.
846 */
850 }
855 }
856 }
858 }
861 {
865 /* If breakpoints are disabled globally or we can't take debug
866 * exceptions here then breakpoint firings are ignored.
867 */
871 }
876 }
877 }
879 }
882 {
887 }
888 }
891 {
892 /* Called by core code when a watchpoint or breakpoint fires;
893 * need to check which one and raise the appropriate exception.
894 */
910 }
917 }
918 }
923 /* (1) GDB breakpoints should be handled first.
924 * (2) Do not raise a CPU exception if no CPU breakpoint has fired,
925 * since singlestep is also done by generating a debug internal
926 * exception.
927 */
931 }
937 }
938 /* FAR is UNKNOWN, so doesn't need setting */
942 }
943 }
945 /* ??? Flag setting arithmetic is awkward because we need to do comparisons.
946 The only way to do that in TCG is a conditional branch, which clobbers
947 all our temporaries. For now implement these as helper functions. */
949 /* Similarly for variable shift instructions. */
952 {
957 else
963 }
965 }
968 {
973 else
979 }
981 }
984 {
992 }
994 }
997 {
1008 }
1009 }