| blob | efcb60099277ce2bbce617dad8b70186126131c4 |
1 /*
2 * ARM helper routines
3 *
4 * Copyright (c) 2005-2007 CodeSourcery, LLC
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
27 #define SIGNBIT (uint32_t)0x80000000
28 #define SIGNBIT64 ((uint64_t)1 << 63)
32 {
36 /*
37 * Redirect NS EL1 exceptions to NS EL2. These are reported with
38 * their original syndrome register value, with the exception of
39 * SIMD/FP access traps, which are reported as uncategorized
40 * (see DDI0478C.a D1.10.4)
41 */
45 }
46 }
54 }
58 {
61 }
65 {
68 }
72 {
86 }
88 }
90 }
93 {
94 /*
95 * Perform the v8M stack limit check for SP updates from translated code,
96 * raising an exception if the limit is breached.
97 */
101 /*
102 * Stack limit exceptions are a rare case, so rather than syncing
103 * PC/condbits before the call, we use cpu_restore_state() to
104 * get them right before raising the exception.
105 */
108 }
109 }
112 {
117 }
120 {
125 }
127 }
130 {
135 }
137 }
140 {
145 }
147 }
150 {
155 }
157 }
159 /* Signed saturation. */
161 {
173 }
175 }
177 /* Unsigned saturation. */
179 {
189 }
191 }
193 /* Signed saturate. */
195 {
197 }
199 /* Dual halfword signed saturate. */
201 {
207 }
209 /* Unsigned saturate. */
211 {
213 }
215 /* Dual halfword unsigned saturate. */
217 {
223 }
226 {
229 }
231 #ifndef CONFIG_USER_ONLY
232 /* Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
233 * The function returns the target EL (1-3) if the instruction is to be trapped;
234 * otherwise it returns 0 indicating it is not trapped.
235 */
237 {
242 /* M profile cores can never trap WFI/WFE. */
244 }
246 /* If we are currently in EL0 then we need to check if SCTLR is set up for
247 * WFx instructions being trapped to EL1. These trap bits don't exist in v7.
248 */
254 /* Secure EL0 and Secure PL1 is at EL3 */
258 }
262 }
263 }
265 /* We are not trapping to EL1; trap to EL2 if HCR_EL2 requires it
266 * No need for ARM_FEATURE check as if HCR_EL2 doesn't exist the
267 * bits will be zero indicating no trap.
268 */
273 }
274 }
276 /* We are not trapping to EL1 or EL2; trap to EL3 if SCR_EL3 requires it */
281 }
282 }
285 }
286 #endif
289 {
290 #ifdef CONFIG_USER_ONLY
291 /*
292 * WFI in the user-mode emulator is technically permitted but not
293 * something any real-world code would do. AArch64 Linux kernels
294 * trap it via SCTRL_EL1.nTWI and make it an (expensive) NOP;
295 * AArch32 kernels don't trap it so it will delay a bit.
296 * For QEMU, make it NOP here, because trying to raise EXCP_HLT
297 * would trigger an abort.
298 */
300 #else
305 /* Don't bother to go into our "low power state" if
306 * we would just wake up immediately.
307 */
309 }
316 }
319 target_el);
320 }
325 #endif
326 }
329 {
330 /* This is a hint instruction that is semantically different
331 * from YIELD even though we currently implement it identically.
332 * Don't actually halt the CPU, just yield back to top
333 * level loop. This is not going into a "low power state"
334 * (ie halting until some event occurs), so we never take
335 * a configurable trap to a different exception level.
336 */
338 }
341 {
344 /* This is a non-trappable hint instruction that generally indicates
345 * that the guest is currently busy-looping. Yield control back to the
346 * top level loop so that a more deserving VCPU has a chance to run.
347 */
350 }
352 /* Raise an internal-to-QEMU exception. This is limited to only
353 * those EXCP values which are special cases for QEMU to interrupt
354 * execution and not to be used for exceptions which are passed to
355 * the guest (those must all have syndrome information and thus should
356 * use exception_with_syndrome).
357 */
359 {
365 }
367 /* Raise an exception with the specified syndrome register value */
370 {
372 }
374 /* Raise an EXCP_BKPT with the specified syndrome register value,
375 * targeting the correct exception level for debug exceptions.
376 */
378 {
382 /* FSR will only be used if the debug target EL is AArch32. */
384 /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing
385 * values to the guest that it shouldn't be able to see at its
386 * exception/security level.
387 */
389 /*
390 * Other kinds of architectural debug exception are ignored if
391 * they target an exception level below the current one (in QEMU
392 * this is checked by arm_generate_debug_exceptions()). Breakpoint
393 * instructions are special because they always generate an exception
394 * to somewhere: if they can't go to the configured debug exception
395 * level they are taken to the current exception level.
396 */
399 }
401 }
404 {
406 }
409 {
411 /* TODO: Not all cpsr bits are relevant to hflags. */
413 }
415 /* Write the CPSR for a 32-bit exception return */
417 {
427 /* Generated code has already stored the new PC value, but
428 * without masking out its low bits, because which bits need
429 * masking depends on whether we're returning to Thumb or ARM
430 * state. Do the masking now.
431 */
438 }
440 /* Access to user mode registers from privileged modes. */
442 {
454 }
456 }
459 {
469 }
470 }
473 {
478 }
479 }
482 {
484 /* SRS instruction is UNPREDICTABLE from System mode; we UNDEF.
485 * Other UNPREDICTABLE and UNDEF cases were caught at translate time.
486 */
489 }
495 }
496 }
500 {
501 /* Raise an exception if the requested access is one of the UNPREDICTABLE
502 * cases; otherwise return. This broadly corresponds to the pseudocode
503 * BankedRegisterAccessValid() and SPSRAccessValid(),
504 * except that we have already handled some cases at translate time.
505 */
509 /* ELR_Hyp: a special case because access from tgtmode is OK */
512 }
514 }
518 }
525 }
530 }
535 }
539 }
540 }
543 /* SPSR_Hyp, r13_hyp: accessible from Monitor mode only */
546 }
547 }
551 undef:
554 }
558 {
584 }
588 }
589 }
592 {
612 }
615 }
616 }
620 {
627 }
629 /*
630 * Check for an EL2 trap due to HSTR_EL2. We expect EL0 accesses
631 * to sysregs non accessible at EL0 to have UNDEF-ed already.
632 */
639 }
641 /* T4 and T14 are RES0 */
647 }
648 }
652 }
661 /* Requesting a trap to EL2 when we're in EL3 is
662 * a bug in the access function.
663 */
684 /* Since we are an implementation that takes exceptions on a trapped
685 * conditional insn only if the insn has passed its condition code
686 * check, we take the IMPDEF choice to always report CV=1 COND=0xe
687 * (which is also the required value for AArch64 traps).
688 */
697 }
699 exept:
701 }
704 {
713 }
714 }
717 {
727 }
730 }
733 {
742 }
743 }
746 {
756 }
759 }
762 {
765 /* FIXME: Use actual secure state. */
770 /* If PSCI is enabled and this looks like a valid PSCI call then
771 * that overrides the architecturally mandated HVC behaviour.
772 */
774 }
777 /* If EL2 doesn't exist, HVC always UNDEFs */
780 /* EL3.HCE has priority over EL2.HCD. */
784 }
786 /* In ARMv7 and ARMv8/AArch32, HVC is undef in secure state.
787 * For ARMv8/AArch64, HVC is allowed in EL3.
788 * Note that we've already trapped HVC from EL0 at translation
789 * time.
790 */
793 }
798 }
799 }
802 {
808 /*
809 * SMC behaviour is summarized in the following table.
810 * This helper handles the "Trap to EL2" and "Undef insn" cases.
811 * The "Trap to EL3" and "PSCI call" cases are handled in the exception
812 * helper.
813 *
814 * -> ARM_FEATURE_EL3 and !SMD
815 * HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
816 *
817 * Conduit SMC, valid call Trap to EL2 PSCI Call
818 * Conduit SMC, inval call Trap to EL2 Trap to EL3
819 * Conduit not SMC Trap to EL2 Trap to EL3
820 *
821 *
822 * -> ARM_FEATURE_EL3 and SMD
823 * HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
824 *
825 * Conduit SMC, valid call Trap to EL2 PSCI Call
826 * Conduit SMC, inval call Trap to EL2 Undef insn
827 * Conduit not SMC Trap to EL2 Undef insn
828 *
829 *
830 * -> !ARM_FEATURE_EL3
831 * HCR_TSC && NS EL1 !HCR_TSC || !NS EL1
832 *
833 * Conduit SMC, valid call Trap to EL2 PSCI Call
834 * Conduit SMC, inval call Trap to EL2 Undef insn
835 * Conduit not SMC Undef insn Undef insn
836 */
838 /* On ARMv8 with EL3 AArch64, SMD applies to both S and NS state.
839 * On ARMv8 with EL3 AArch32, or ARMv7 with the Virtualization
840 * extensions, SMD only applies to NS state.
841 * On ARMv7 without the Virtualization extensions, the SMD bit
842 * doesn't exist, but we forbid the guest to set it to 1 in scr_write(),
843 * so we need not special case this here.
844 */
850 /* If we have no EL3 then SMC always UNDEFs and can't be
851 * trapped to EL2. PSCI-via-SMC is a sort of ersatz EL3
852 * firmware within QEMU, and we want an EL2 guest to be able
853 * to forbid its EL1 from making PSCI calls into QEMU's
854 * "firmware" via HCR.TSC, so for these purposes treat
855 * PSCI-via-SMC as implying an EL3.
856 * This handles the very last line of the previous table.
857 */
860 }
863 /* In NS EL1, HCR controlled routing to EL2 has priority over SMD.
864 * We also want an EL2 guest to be able to forbid its EL1 from
865 * making PSCI calls into QEMU's "firmware" via HCR.TSC.
866 * This handles all the "Trap to EL2" cases of the previous table.
867 */
869 }
871 /* Catch the two remaining "Undef insn" cases of the previous table:
872 * - PSCI conduit is SMC but we don't have a valid PCSI call,
873 * - We don't have EL3 or SMD is set.
874 */
879 }
880 }
882 /* ??? Flag setting arithmetic is awkward because we need to do comparisons.
883 The only way to do that in TCG is a conditional branch, which clobbers
884 all our temporaries. For now implement these as helper functions. */
886 /* Similarly for variable shift instructions. */
889 {
894 else
900 }
902 }
905 {
910 else
916 }
918 }
921 {
929 }
931 }
934 {
945 }
946 }
951 {
961 }
962 }