From patchwork Wed Feb 26 19:47:11 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rob Herring X-Patchwork-Id: 25426 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-ie0-f200.google.com (mail-ie0-f200.google.com [209.85.223.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B25C820636 for ; Wed, 26 Feb 2014 19:47:34 +0000 (UTC) Received: by mail-ie0-f200.google.com with SMTP id to1sf4738985ieb.11 for ; Wed, 26 Feb 2014 11:47:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:mime-version:in-reply-to:references :from:date:message-id:subject:to:cc:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe:content-type; bh=1lcLJtOWW8EsAQpESTZ5fBUGq+nq3eudgOK6NtHOJng=; b=PgNIrq/DezOv1Ix3Se5rDiFpGSPuXs4hG+5dUeFJ69Y5Y3hhlgMhqeGsfuzWpVutjn qhVXI93aU7CGtRQTZksJTxbaqu2Z07CBPa3wdI4eq/jFHJFlMrUeMWkgSNqhuMVCvhGA ii6qmXSOKFIolKI7yrcjlqwZCEfjU8h9L1pTBahKRQjBLrRDRlBYWuV5HgsgSMjlvr2X dZTdyRKW6fqF9hHeGZvmSQZCjR+k2ZWCGWbPcLGGPGAJKEPQc5dxE2taMby7p5NCAXLW c03EIbEHIWV+ZZieMzoFWi/wgEnSivzQ5AMOWE5Sjvg4yIXWI0Dk3WHECGPeXVcct7Pa /iuA== X-Gm-Message-State: ALoCoQn0q4m/tplZ6/AFKK9i+Q128Q+0LUovCgYDSJLh8UboYAmeE7DHMwxuDAHhguvODctN0DjO X-Received: by 10.42.13.198 with SMTP id e6mr496466ica.21.1393444054138; Wed, 26 Feb 2014 11:47:34 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.25.212 with SMTP id 78ls390753qgt.30.gmail; Wed, 26 Feb 2014 11:47:34 -0800 (PST) X-Received: by 10.52.110.196 with SMTP id ic4mr2775308vdb.27.1393444054019; Wed, 26 Feb 2014 11:47:34 -0800 (PST) Received: from mail-ve0-f173.google.com (mail-ve0-f173.google.com [209.85.128.173]) by mx.google.com with ESMTPS id nc1si503801vec.62.2014.02.26.11.47.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Feb 2014 11:47:34 -0800 (PST) Received-SPF: neutral (google.com: 209.85.128.173 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.173; Received: by mail-ve0-f173.google.com with SMTP id jw12so2683256veb.4 for ; Wed, 26 Feb 2014 11:47:33 -0800 (PST) X-Received: by 10.52.89.230 with SMTP id br6mr6253147vdb.20.1393444053893; Wed, 26 Feb 2014 11:47:33 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.174.196 with SMTP id u4csp50566vcz; Wed, 26 Feb 2014 11:47:33 -0800 (PST) X-Received: by 10.112.181.232 with SMTP id dz8mr2737952lbc.46.1393444052377; Wed, 26 Feb 2014 11:47:32 -0800 (PST) Received: from mail-lb0-f176.google.com (mail-lb0-f176.google.com [209.85.217.176]) by mx.google.com with ESMTPS id th5si2766205lbb.5.2014.02.26.11.47.31 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Feb 2014 11:47:32 -0800 (PST) Received-SPF: neutral (google.com: 209.85.217.176 is neither permitted nor denied by best guess record for domain of rob.herring@linaro.org) client-ip=209.85.217.176; Received: by mail-lb0-f176.google.com with SMTP id 10so980738lbg.35 for ; Wed, 26 Feb 2014 11:47:31 -0800 (PST) X-Received: by 10.152.87.71 with SMTP id v7mr3602799laz.10.1393444051293; Wed, 26 Feb 2014 11:47:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.6.169 with HTTP; Wed, 26 Feb 2014 11:47:11 -0800 (PST) In-Reply-To: References: <1392480444-25565-1-git-send-email-peter.maydell@linaro.org> <1392480444-25565-32-git-send-email-peter.maydell@linaro.org> <20140226024959.GA28873@G08FNSTD100614.fnst.cn.fujitsu.com> <20140226033256.GB28873@G08FNSTD100614.fnst.cn.fujitsu.com> From: Rob Herring Date: Wed, 26 Feb 2014 13:47:11 -0600 Message-ID: Subject: Re: [Qemu-devel] [PATCH v3 31/31] target-arm: Add v8 mmu translation support To: Peter Maydell Cc: Hu Tao , Peter Crosthwaite , Laurent Desnogues , Patch Tracking , Michael Matz , QEMU Developers , Claudio Fontana , Dirk Mueller , Will Newton , "kvmarm@lists.cs.columbia.edu" , Richard Henderson X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: rob.herring@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.173 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , On Wed, Feb 26, 2014 at 4:31 AM, Peter Maydell wrote: > On 26 February 2014 03:32, Hu Tao wrote: >> On Wed, Feb 26, 2014 at 10:49:59AM +0800, Hu Tao wrote: >>> On Sat, Feb 15, 2014 at 04:07:24PM +0000, Peter Maydell wrote: >>> > From: Rob Herring > >>> > /* Determine whether this address is in the region controlled by >>> > * TTBR0 or TTBR1 (or if it is in neither region and should fault). >>> > * This is a Non-secure PL0/1 stage 1 translation, so controlled by >>> > * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32: >>> > */ >>> > - uint32_t t0sz = extract32(env->cp15.c2_control, 0, 3); >>> > - uint32_t t1sz = extract32(env->cp15.c2_control, 16, 3); >>> > - if (t0sz && !extract32(address, 32 - t0sz, t0sz)) { >>> > + uint32_t t0sz = extract32(env->cp15.c2_control, 0, 5); >>> > + uint32_t t1sz = extract32(env->cp15.c2_control, 16, 5); >>> >>> t0sz is bit [5:0], so shouldn't we extract 6 bits here? same for t1sz. > > Yes. > >>> > + if (t0sz && !extract64(address, va_size - t0sz, t0sz)) { >>> > /* there is a ttbr0 region and we are in it (high bits all zero) */ >>> > ttbr_select = 0; >>> > - } else if (t1sz && !extract32(~address, 32 - t1sz, t1sz)) { >>> > + } else if (t1sz && !extract64(~address, va_size - t1sz, t1sz)) { >>> > /* there is a ttbr1 region and we are in it (high bits all one) */ >>> > ttbr_select = 1; >>> > } else if (!t0sz) { >>> >>> Can't be true for Aarch64. the VA address space has a maximum address width >>> of 48 bits(page D5-1712 of ARM DDI 0487A.a), that means t0sz and t1sz should >>> have a minimum value of 16. >> >> It doesn't matter here. Maybe we should check the value when writing to >> TCR_EL1. What's the behaviour when writing an invalid tsz to TCR_EL1? > > I haven't checked through all the details, but it looks like the answer is > you can write anything, and the pseudocode for AArch64.TranslationTableWalk > specifies what happens if the tsz is outside the expected range (we > clamp tablesize to be 25 <= tablesize <= 48). > > I'm not sure we've correctly implemented the handling specified under > the AddrTop() pseudocode function either. Tagged addresses would probably be broken in other places as well as I don't think we handle all of the BranchTo() pseudocode. I'm not sure anything is using tagged addresses ATM. I've fixed the above issues and found another issue on v7 LPAE with the ttbr masking. I believe it to be correct now, but my formula does not match the pseudocode which is: baselowerbound = 3 + tablesize - stride*(3-level) - grainsize; baseaddress = base<47:baselowerbound>:Zeros(baselowerbound); This formula appears to be wrong AFAICT. Take a couple of examples: level=1,tablesize=32: 3 + 32 - 12*2 - 9 = 2 (correct value is 5) level=0,tablesize=48: 3 + 48 - 12*3 - 9 = 6 (correct value is 12) Here are the fixes I've made. I've pushed an updated patch here: git://git.linaro.org/people/rob.herring/qemu.git v8-mmu Rob } else if (!t0sz) { @@ -3403,7 +3421,7 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, /* Now we can extract the actual base address from the TTBR */ descaddr = extract64(ttbr, 0, 48); - descaddr &= ~descmask; + descaddr &= ~((1ULL << (va_size - tsz - (granule_sz * (4 - level)))) - 1); tableattrs = 0; for (;;) { diff --git a/target-arm/helper.c b/target-arm/helper.c index 8849df6..9f7b4f0 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -3315,19 +3315,37 @@ static int get_phys_addr_lpae(CPUARMState *env, target_ulong address, target_ulong page_size; uint32_t attrs; int32_t granule_sz = 9; - int32_t va_size = arm_el_is_aa64(env, 1) ? 64 : 32; + int32_t va_size = 32; + int32_t tbi = 0; + + if (arm_el_is_aa64(env, 1)) { + va_size = 64; + if (extract64(address, 55, 1)) + tbi = extract32(env->cp15.c2_control, 38, 1); + else + tbi = extract32(env->cp15.c2_control, 37, 1); + tbi *= 8; + } /* Determine whether this address is in the region controlled by * TTBR0 or TTBR1 (or if it is in neither region and should fault). * This is a Non-secure PL0/1 stage 1 translation, so controlled by * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32: */ - uint32_t t0sz = extract32(env->cp15.c2_control, 0, 5); - uint32_t t1sz = extract32(env->cp15.c2_control, 16, 5); - if (t0sz && !extract64(address, va_size - t0sz, t0sz)) { + uint32_t t0sz = extract32(env->cp15.c2_control, 0, 6); + if (arm_el_is_aa64(env, 1)) { + t0sz = MIN(t0sz, 39); + t0sz = MAX(t0sz, 16); + } + uint32_t t1sz = extract32(env->cp15.c2_control, 16, 6); + if (arm_el_is_aa64(env, 1)) { + t1sz = MIN(t1sz, 39); + t1sz = MAX(t1sz, 16); + } + if (t0sz && !extract64(address, va_size - t0sz, t0sz - tbi)) { /* there is a ttbr0 region and we are in it (high bits all zero) */ ttbr_select = 0; - } else if (t1sz && !extract64(~address, va_size - t1sz, t1sz)) { + } else if (t1sz && !extract64(~address, va_size - t1sz, t1sz - tbi)) { /* there is a ttbr1 region and we are in it (high bits all one) */ ttbr_select = 1;