[09/13] armv7m: Implement M profile default memory map

Message ID	1493122030-32191-10-git-send-email-peter.maydell@linaro.org
State	Superseded
Headers	show Delivered-To: patches@linaro.org Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; From: Peter Maydell <peter.maydell@linaro.org> To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org, =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, Alistair Francis <alistair.francis@xilinx.com> Subject: [PATCH 09/13] armv7m: Implement M profile default memory map Date: Tue, 25 Apr 2017 13:07:06 +0100 Message-Id: <1493122030-32191-10-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1493122030-32191-1-git-send-email-peter.maydell@linaro.org> References: <1493122030-32191-1-git-send-email-peter.maydell@linaro.org>
Series	armv7m: Implement MPU support \| expand [00/13] armv7m: Implement MPU support [01/13] arm: Use the mmu_idx we're passed in arm_cpu_do_unaligned_access() [02/13] arm: Add support for M profile CPUs having different MMU index semantics [03/13] arm: Use different ARMMMUIdx values for M profile [04/13] arm: Clean up handling of no-MPU PMSA CPUs [05/13] arm: Don't clear ARM_FEATURE_PMSA for no-mpu configs [06/13] arm: Don't let no-MPU PMSA cores write to SCTLR.M [07/13] arm: Remove unnecessary check on cpu->pmsav7_dregion [08/13] armv7m: Improve "-d mmu" tracing for PMSAv7 MPU [09/13] armv7m: Implement M profile default memory map [10/13] arm: All M profile cores are PMSA [11/13] armv7m: Classify faults as MemManage or BusFault [12/13] arm: add MPU support to M profile CPUs [13/13] arm: Implement HFNMIENA support for M profile MPU

Message ID

1493122030-32191-10-git-send-email-peter.maydell@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: best guess record for domain of
	pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted
	sender) client-ip=2001:8b0:1d0::2; 
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org,
	qemu-devel@nongnu.org
Cc: patches@linaro.org, =?utf-8?q?Alex_Benn=C3=A9e?=
	<alex.bennee@linaro.org>, Alistair Francis <alistair.francis@xilinx.com>
Subject: [PATCH 09/13] armv7m: Implement M profile default memory map
Date: Tue, 25 Apr 2017 13:07:06 +0100
Message-Id: <1493122030-32191-10-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1493122030-32191-1-git-send-email-peter.maydell@linaro.org>
References: <1493122030-32191-1-git-send-email-peter.maydell@linaro.org>

Series

armv7m: Implement MPU support | expand

Commit Message

Peter Maydell April 25, 2017, 12:07 p.m. UTC

From: Michael Davidsaver <mdavidsaver@gmail.com>


Add support for the M profile default memory map which is used
if the MPU is not present or disabled.

The main differences in behaviour from implementing this
correctly are that we set the PAGE_EXEC attribute on
the right regions of memory, such that device regions
are not executable.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>

[PMM: rephrased comment and commit message; don't mark
 the flash memory region as not-writable]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---
 target/arm/helper.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

-- 
2.7.4

Comments

Philippe Mathieu-Daudé May 30, 2017, 2:56 p.m. UTC | #1

Hi Peter,

On 04/25/2017 09:07 AM, Peter Maydell wrote:
> From: Michael Davidsaver <mdavidsaver@gmail.com>

>

> Add support for the M profile default memory map which is used

> if the MPU is not present or disabled.

>

> The main differences in behaviour from implementing this

> correctly are that we set the PAGE_EXEC attribute on

> the right regions of memory, such that device regions

> are not executable.

>

> Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>

> [PMM: rephrased comment and commit message; don't mark

>  the flash memory region as not-writable]


"not-writable by system caches" maybe to clarify?

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

> ---

>  target/arm/helper.c | 35 ++++++++++++++++++++++++++---------

>  1 file changed, 26 insertions(+), 9 deletions(-)

>

> diff --git a/target/arm/helper.c b/target/arm/helper.c

> index 9e1ed1c..51662ad 100644

> --- a/target/arm/helper.c

> +++ b/target/arm/helper.c

> @@ -8129,18 +8129,35 @@ static inline void get_phys_addr_pmsav7_default(CPUARMState *env,

>                                                  ARMMMUIdx mmu_idx,

>                                                  int32_t address, int *prot)

>  {

> -    *prot = PAGE_READ | PAGE_WRITE;

> -    switch (address) {

> -    case 0xF0000000 ... 0xFFFFFFFF:

> -        if (regime_sctlr(env, mmu_idx) & SCTLR_V) { /* hivecs execing is ok */

> +    if (!arm_feature(env, ARM_FEATURE_M)) {

> +        *prot = PAGE_READ | PAGE_WRITE;

> +        switch (address) {

> +        case 0xF0000000 ... 0xFFFFFFFF:

> +            if (regime_sctlr(env, mmu_idx) & SCTLR_V) {

> +                /* hivecs execing is ok */

> +                *prot |= PAGE_EXEC;

> +            }

> +            break;

> +        case 0x00000000 ... 0x7FFFFFFF:

 >              *prot |= PAGE_EXEC;


I checked at Table B3-1 on the ARMv7-M Architecture Reference Manual I 
got at https://static.docs.arm.com/ddi0403/e/DDI0403E_B_armv7m_arm.pdf 
and the on-chip peripheral address space at 0x40000000 is eXecute Never.

> +            break;

> +        }

> +    } else {

> +        /* Default system address map for M profile cores.

> +         * The architecture specifies which regions are execute-never;

> +         * at the MPU level no other checks are defined.

> +         */

> +        switch (address) {

> +        case 0x00000000 ... 0x1fffffff: /* ROM */

> +        case 0x20000000 ... 0x3fffffff: /* SRAM */

> +        case 0x60000000 ... 0x7fffffff: /* RAM */

> +        case 0x80000000 ... 0x9fffffff: /* RAM */

> +            *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;

> +            break;

> +        default: /* Peripheral, 2x Device, and System */

> +            *prot = PAGE_READ | PAGE_WRITE;


This body is correct, however what do you think about using cases with 
comments instead of 'default'? This would be clearer.

>          }

> -        break;

> -    case 0x00000000 ... 0x7FFFFFFF:

> -        *prot |= PAGE_EXEC;

> -        break;

>      }

> -

>  }

>

>  static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,

>


Regards,

Phil.

Peter Maydell May 30, 2017, 3:11 p.m. UTC | #2

On 30 May 2017 at 15:56, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> Hi Peter,

>

> On 04/25/2017 09:07 AM, Peter Maydell wrote:

>>

>> From: Michael Davidsaver <mdavidsaver@gmail.com>

>>

>> Add support for the M profile default memory map which is used

>> if the MPU is not present or disabled.

>>

>> The main differences in behaviour from implementing this

>> correctly are that we set the PAGE_EXEC attribute on

>> the right regions of memory, such that device regions

>> are not executable.

>>

>> Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>

>> [PMM: rephrased comment and commit message; don't mark

>>  the flash memory region as not-writable]

>

>

> "not-writable by system caches" maybe to clarify?


(Note that this is a comment describing something I
deleted from Michael's original patch.)
No, by 'not-writable' here I mean "not writeable by the CPU".

>

>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

>> ---

>>  target/arm/helper.c | 35 ++++++++++++++++++++++++++---------

>>  1 file changed, 26 insertions(+), 9 deletions(-)

>>

>> diff --git a/target/arm/helper.c b/target/arm/helper.c

>> index 9e1ed1c..51662ad 100644

>> --- a/target/arm/helper.c

>> +++ b/target/arm/helper.c

>> @@ -8129,18 +8129,35 @@ static inline void

>> get_phys_addr_pmsav7_default(CPUARMState *env,

>>                                                  ARMMMUIdx mmu_idx,

>>                                                  int32_t address, int

>> *prot)

>>  {

>> -    *prot = PAGE_READ | PAGE_WRITE;

>> -    switch (address) {

>> -    case 0xF0000000 ... 0xFFFFFFFF:

>> -        if (regime_sctlr(env, mmu_idx) & SCTLR_V) { /* hivecs execing is

>> ok */

>> +    if (!arm_feature(env, ARM_FEATURE_M)) {

>> +        *prot = PAGE_READ | PAGE_WRITE;

>> +        switch (address) {

>> +        case 0xF0000000 ... 0xFFFFFFFF:

>> +            if (regime_sctlr(env, mmu_idx) & SCTLR_V) {

>> +                /* hivecs execing is ok */

>> +                *prot |= PAGE_EXEC;

>> +            }

>> +            break;

>> +        case 0x00000000 ... 0x7FFFFFFF:

>

>>              *prot |= PAGE_EXEC;

>

> I checked at Table B3-1 on the ARMv7-M Architecture Reference Manual I got

> at https://static.docs.arm.com/ddi0403/e/DDI0403E_B_armv7m_arm.pdf and the

> on-chip peripheral address space at 0x40000000 is eXecute Never.


This is the arm of the if() that deals with R profile, and R profile's
background region is completely different to M profile. (In any
case the patch shouldn't change the behaviour there.)

>> +            break;

>> +        }

>> +    } else {

>> +        /* Default system address map for M profile cores.

>> +         * The architecture specifies which regions are execute-never;

>> +         * at the MPU level no other checks are defined.

>> +         */

>> +        switch (address) {

>> +        case 0x00000000 ... 0x1fffffff: /* ROM */

>> +        case 0x20000000 ... 0x3fffffff: /* SRAM */

>> +        case 0x60000000 ... 0x7fffffff: /* RAM */

>> +        case 0x80000000 ... 0x9fffffff: /* RAM */

>> +            *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;

>> +            break;

>> +        default: /* Peripheral, 2x Device, and System */

>> +            *prot = PAGE_READ | PAGE_WRITE;

>

>

> This body is correct, however what do you think about using cases with

> comments instead of 'default'? This would be clearer.


Yeah, we could do that. I think this is one of those cases where
I opted to go with how Michael had already written the code rather
than rewriting it.

        /* Default system address map for M profile cores.
         * The architecture specifies which regions are execute-never;
         * at the MPU level no other checks are defined.
         */
        switch (address) {
        case 0x00000000 ... 0x1fffffff: /* ROM */
        case 0x20000000 ... 0x3fffffff: /* SRAM */
        case 0x60000000 ... 0x7fffffff: /* RAM */
        case 0x80000000 ... 0x9fffffff: /* RAM */
            *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
            break;
        case 0x40000000 ... 0x5fffffff: /* Peripheral */
        case 0xa0000000 ... 0xbfffffff: /* Device */
        case 0xc0000000 ... 0xdfffffff: /* Device */
        case 0xe0000000 ... 0xffffffff: /* System */
            *prot = PAGE_READ | PAGE_WRITE;
            break;
        default:
            g_assert_not_reached();
        }

would be the explicit version.

>>          }

>> -        break;

>> -    case 0x00000000 ... 0x7FFFFFFF:

>> -        *prot |= PAGE_EXEC;

>> -        break;

>>      }

>> -

>>  }

>>

>>  static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,


thanks
-- PMM

Philippe Mathieu-Daudé June 2, 2017, 5:10 a.m. UTC | #3

Hi Peter,

On 05/30/2017 12:11 PM, Peter Maydell wrote:
> On 30 May 2017 at 15:56, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:

>> Hi Peter,

>>

>> On 04/25/2017 09:07 AM, Peter Maydell wrote:

>>>

>>> From: Michael Davidsaver <mdavidsaver@gmail.com>

>>>

>>> Add support for the M profile default memory map which is used

>>> if the MPU is not present or disabled.

>>>

>>> The main differences in behaviour from implementing this

>>> correctly are that we set the PAGE_EXEC attribute on

>>> the right regions of memory, such that device regions

>>> are not executable.

>>>

>>> Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>

>>> [PMM: rephrased comment and commit message; don't mark

>>>  the flash memory region as not-writable]

>>

>>

>> "not-writable by system caches" maybe to clarify?

>

> (Note that this is a comment describing something I

> deleted from Michael's original patch.)

> No, by 'not-writable' here I mean "not writeable by the CPU".

>


Ok!

>>

>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

>>> ---

>>>  target/arm/helper.c | 35 ++++++++++++++++++++++++++---------

>>>  1 file changed, 26 insertions(+), 9 deletions(-)

>>>

>>> diff --git a/target/arm/helper.c b/target/arm/helper.c

>>> index 9e1ed1c..51662ad 100644

>>> --- a/target/arm/helper.c

>>> +++ b/target/arm/helper.c

>>> @@ -8129,18 +8129,35 @@ static inline void

>>> get_phys_addr_pmsav7_default(CPUARMState *env,

>>>                                                  ARMMMUIdx mmu_idx,

>>>                                                  int32_t address, int

>>> *prot)

>>>  {

>>> -    *prot = PAGE_READ | PAGE_WRITE;

>>> -    switch (address) {

>>> -    case 0xF0000000 ... 0xFFFFFFFF:

>>> -        if (regime_sctlr(env, mmu_idx) & SCTLR_V) { /* hivecs execing is

>>> ok */

>>> +    if (!arm_feature(env, ARM_FEATURE_M)) {

>>> +        *prot = PAGE_READ | PAGE_WRITE;

>>> +        switch (address) {

>>> +        case 0xF0000000 ... 0xFFFFFFFF:

>>> +            if (regime_sctlr(env, mmu_idx) & SCTLR_V) {

>>> +                /* hivecs execing is ok */

>>> +                *prot |= PAGE_EXEC;

>>> +            }

>>> +            break;

>>> +        case 0x00000000 ... 0x7FFFFFFF:

>>

>>>              *prot |= PAGE_EXEC;

>>

>> I checked at Table B3-1 on the ARMv7-M Architecture Reference Manual I got

>> at https://static.docs.arm.com/ddi0403/e/DDI0403E_B_armv7m_arm.pdf and the

>> on-chip peripheral address space at 0x40000000 is eXecute Never.

>

> This is the arm of the if() that deals with R profile, and R profile's


Oh I completely misunderstood that if() indeed. R and also A I suppose.

> background region is completely different to M profile. (In any

> case the patch shouldn't change the behaviour there.)

>

>>> +            break;

>>> +        }

>>> +    } else {

>>> +        /* Default system address map for M profile cores.

>>> +         * The architecture specifies which regions are execute-never;

>>> +         * at the MPU level no other checks are defined.

>>> +         */

>>> +        switch (address) {

>>> +        case 0x00000000 ... 0x1fffffff: /* ROM */

>>> +        case 0x20000000 ... 0x3fffffff: /* SRAM */

>>> +        case 0x60000000 ... 0x7fffffff: /* RAM */

>>> +        case 0x80000000 ... 0x9fffffff: /* RAM */

>>> +            *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;

>>> +            break;

>>> +        default: /* Peripheral, 2x Device, and System */

>>> +            *prot = PAGE_READ | PAGE_WRITE;

>>

>>

>> This body is correct, however what do you think about using cases with

>> comments instead of 'default'? This would be clearer.

>

> Yeah, we could do that. I think this is one of those cases where

> I opted to go with how Michael had already written the code rather

> than rewriting it.

>

>         /* Default system address map for M profile cores.

>          * The architecture specifies which regions are execute-never;

>          * at the MPU level no other checks are defined.

>          */

>         switch (address) {

>         case 0x00000000 ... 0x1fffffff: /* ROM */

>         case 0x20000000 ... 0x3fffffff: /* SRAM */

>         case 0x60000000 ... 0x7fffffff: /* RAM */

>         case 0x80000000 ... 0x9fffffff: /* RAM */

>             *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;

>             break;

>         case 0x40000000 ... 0x5fffffff: /* Peripheral */

>         case 0xa0000000 ... 0xbfffffff: /* Device */

>         case 0xc0000000 ... 0xdfffffff: /* Device */

>         case 0xe0000000 ... 0xffffffff: /* System */

>             *prot = PAGE_READ | PAGE_WRITE;

>             break;

>         default:

>             g_assert_not_reached();

>         }

>

> would be the explicit version.

>


I see you added that before your pull request, thank!

For what it's worth:
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>


>>>          }

>>> -        break;

>>> -    case 0x00000000 ... 0x7FFFFFFF:

>>> -        *prot |= PAGE_EXEC;

>>> -        break;

>>>      }

>>> -

>>>  }

>>>

>>>  static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,

>

> thanks

> -- PMM

>

Peter Maydell June 2, 2017, 9 a.m. UTC | #4

On 2 June 2017 at 06:10, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> On 05/30/2017 12:11 PM, Peter Maydell wrote:

>> This is the arm of the if() that deals with R profile, and R profile's

>

>

> Oh I completely misunderstood that if() indeed. R and also A I suppose.

A profile is never PMSA -- arguably VMSA (MMU) vs PMSA (MPU)) is the defining
distinction between A profile and R profile cores.

thanks
-- PMM

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9e1ed1c..51662ad 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8129,18 +8129,35 @@  static inline void get_phys_addr_pmsav7_default(CPUARMState *env,
                                                 ARMMMUIdx mmu_idx,
                                                 int32_t address, int *prot)
 {
-    *prot = PAGE_READ | PAGE_WRITE;
-    switch (address) {
-    case 0xF0000000 ... 0xFFFFFFFF:
-        if (regime_sctlr(env, mmu_idx) & SCTLR_V) { /* hivecs execing is ok */
+    if (!arm_feature(env, ARM_FEATURE_M)) {
+        *prot = PAGE_READ | PAGE_WRITE;
+        switch (address) {
+        case 0xF0000000 ... 0xFFFFFFFF:
+            if (regime_sctlr(env, mmu_idx) & SCTLR_V) {
+                /* hivecs execing is ok */
+                *prot |= PAGE_EXEC;
+            }
+            break;
+        case 0x00000000 ... 0x7FFFFFFF:
             *prot |= PAGE_EXEC;
+            break;
+        }
+    } else {
+        /* Default system address map for M profile cores.
+         * The architecture specifies which regions are execute-never;
+         * at the MPU level no other checks are defined.
+         */
+        switch (address) {
+        case 0x00000000 ... 0x1fffffff: /* ROM */
+        case 0x20000000 ... 0x3fffffff: /* SRAM */
+        case 0x60000000 ... 0x7fffffff: /* RAM */
+        case 0x80000000 ... 0x9fffffff: /* RAM */
+            *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+            break;
+        default: /* Peripheral, 2x Device, and System */
+            *prot = PAGE_READ | PAGE_WRITE;
         }
-        break;
-    case 0x00000000 ... 0x7FFFFFFF:
-        *prot |= PAGE_EXEC;
-        break;
     }
-
 }
 
 static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,

[09/13] armv7m: Implement M profile default memory map

Commit Message

Comments

Patch