From patchwork Mon Jun 17 17:53:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167086 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3175944ilk; Mon, 17 Jun 2019 10:56:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqwjS9Yf0LxO+C3tAzNFPYsDG9QDtZLCp8gHxb5jyQkL/ni6Pzw1EP2egAnuo2oBXWN/PLHh X-Received: by 2002:adf:81c8:: with SMTP id 66mr74551160wra.261.1560794166811; Mon, 17 Jun 2019 10:56:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794166; cv=none; d=google.com; s=arc-20160816; b=YccAwFUBj5GcGOXSnoDFJqkqsoHseTS06NcNAV8breDBp7r5IKWZ6B1x+XSr0kWOGR jZcUNvtqagB+2hTUET1ALjcPYoUz5w5MKPRqZj97OHEDpiTI3ni1wg2tdfEwBe7NVuX8 T0H7eC3l4Y+W6aZnfgKLt777hDTnRP3P7UipggcR/lFUzoNtSbxrBJcfRck8jS9y4Toc 4ouENsaA6RT4xkiUL4efnHzn1bxFhJCQ4K5QdLbwD1/e4g3nTLiU4BsthitvYDlVqfO9 Hx9DwZ4dZvuNx0MxAEZP9HEu91rd4KK8EXYyV/tcvhTCml4OZYeu7EdZYQe+ksE/mpa6 xLKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=LNjb5yrrFswq3SqrrRYoa3Pq5hhZDJpEtuJq5Ac2UUo=; b=SpqWHcgc62Uvqi2GISTmWQgfrMQrdsw7TqIpdWFU3hHnGlytgwj9hsJonNzK06KNCQ UM5swd+yWG/mD5gVG8DQwTcCoaIzp9G/4FGadw9n5pZuYew3RCWgNfyYqIza6brC50ud hSDLiWXprEILlWQgIlTTgj1gbbnnsSmQFkVsobFyOsI8gPb0y5YOlj+dxshtV/GZ7Vus 4jbJ6zWeOeBADw04+OiN71q5rTB0zAcA/B+CiaOd3PLEWwo5YAxiigNdbEl6aEvb0h4b H0mb9HTbQJ1FcifmYWVnZdNC241DbYUpdxFv26qUF6JZEx3fJk4PiAUTAH/iwCJKz35w JCEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=L0Tta1dd; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id v9si9801706edc.31.2019.06.17.10.56.06 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:56:06 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=L0Tta1dd; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50666 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvrR-0003ND-Mq for patch@linaro.org; Mon, 17 Jun 2019 13:56:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50691) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fL-Sv for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000c6-Ab for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:52596) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvos-0000aU-2Q for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wm1-x342.google.com with SMTP id s3so334765wms.2 for ; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=LNjb5yrrFswq3SqrrRYoa3Pq5hhZDJpEtuJq5Ac2UUo=; b=L0Tta1ddmSY+YQEB2MqxK8JDGmEjkUT+lARjCwnec/e7kSpPb8JhVY9XrFna+9ianz 9h5BRAhjTZTp6FJasiQZrZODumkKIAAivhk8JgKzUEU33Pq3SuDjYPj3MpsI70n2RZV7 tuUr4B5dJ/O2KqvAfWBD2K/P29Mn+mrLXz9sHWQfOzaRPkpVZD1I1miyaWRFaJC3o2Fq kebY3F/ZSZ3utPOEKiBMOaJlO4yTNB+Zwbeyd8/AsX3CPAZhqruXnZsY+0Np5Bf9WvlJ ABj9524FDxLe1tujOqKKnoBo2vL+GO1lqb03m05FbMTNq42OYyiBAeRzbN9LiDp+okn9 KfJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LNjb5yrrFswq3SqrrRYoa3Pq5hhZDJpEtuJq5Ac2UUo=; b=soOyx+JROkiLO6RdXa9D8tSCIuv09EdalesoqQ4huVjDz79NynBtSb1zwiK7C0cI2n mC4j7QR/upNdE29/26SDcaptCGxtoD/+pHtb9sn0r1lrKGNIDKt69NKbLnrQ/hT2n+z7 1uYJF+cS/BGD/7pfyknseB+kcbKVFEUuGlkTAT6rcq1tIpzfuAZ8a/+M4R0B7f/S6C6J ZJl8yeFmt5QarkRoVGZPYK3/cqccTBakl/1ZA3n41WtDj+3fIbhzD00G3KQ2UKheiTTV q0he+nraqxZW+tNDCnNV5Oo4faJ7XUIdy5zjmZ3te7b6H70ZP091RrvLMH9BD3a4Cwqx xdqg== X-Gm-Message-State: APjAAAVfcXSJkp3VE0PDUVek9TqsVlWc1cFvO0e4LbEMZY+DsXj6ZWsD Wqyc7PaEtnIDAJ6L68SVcqCgNw== X-Received: by 2002:a05:600c:2189:: with SMTP id e9mr18733039wme.56.1560794001023; Mon, 17 Jun 2019 10:53:21 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:20 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:12 +0100 Message-Id: <20190617175317.27557-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::342 Subject: [Qemu-devel] [PATCH 1/6] target/arm: NS BusFault on vector table fetch escalates to NS HardFault X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In the M-profile architecture, when we do a vector table fetch and it fails, we need to report a HardFault. Whether this is a Secure HF or a NonSecure HF depends on several things. If AIRCR.BFHFNMINS is 0 then HF is always Secure, because there is no NonSecure HardFault. Otherwise, the answer depends on whether the 'underlying exception' (MemManage, BusFault, SecureFault) targets Secure or NonSecure. (In the pseudocode, this is handled in the Vector() function: the final exc.isSecure is calculated by looking at the exc.isSecure from the exception returned from the memory access, not the isSecure input argument.) We weren't doing this correctly, because we were looking at the target security domain of the exception we were trying to load the vector table entry for. This produces errors of two kinds: * a load from the NS vector table which hits the "NS access to S memory" SecureFault should end up as a Secure HardFault, but we were raising an NS HardFault * a load from the S vector table which causes a BusFault should raise an NS HardFault if BFHFNMINS == 1 (because in that case all BusFaults are NonSecure), but we were raising a Secure HardFault Correct the logic. We also fix a comment error where we claimed that we might be escalating MemManage to HardFault, and forgot about SecureFault. (Vector loads can never hit MPU access faults, because they're always aligned and always use the default address map.) Signed-off-by: Peter Maydell --- target/arm/helper.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) -- 2.20.1 diff --git a/target/arm/helper.c b/target/arm/helper.c index df4276f5f6c..375249d3c72 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8225,7 +8225,11 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure, if (sattrs.ns) { attrs.secure = false; } else if (!targets_secure) { - /* NS access to S memory */ + /* + * NS access to S memory: the underlying exception which we escalate + * to HardFault is SecureFault, which always targets Secure. + */ + exc_secure = true; goto load_fail; } } @@ -8233,21 +8237,31 @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure, vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr, attrs, &result); if (result != MEMTX_OK) { + /* + * Underlying exception is BusFault: its target security state + * depends on BFHFNMINS. + */ + exc_secure = !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK); goto load_fail; } *pvec = vector_entry; return true; load_fail: - /* All vector table fetch fails are reported as HardFault, with + /* + * All vector table fetch fails are reported as HardFault, with * HFSR.VECTTBL and .FORCED set. (FORCED is set because - * technically the underlying exception is a MemManage or BusFault + * technically the underlying exception is a SecureFault or BusFault * that is escalated to HardFault.) This is a terminal exception, * so we will either take the HardFault immediately or else enter * lockup (the latter case is handled in armv7m_nvic_set_pending_derived()). + * The HardFault is Secure if BFHFNMINS is 0 (meaning that all HFs are + * secure); otherwise it targets the same security state as the + * underlying exception. */ - exc_secure = targets_secure || - !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK); + if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + exc_secure = false; + } env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK; armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure); return false; From patchwork Mon Jun 17 17:53:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167083 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3173306ilk; Mon, 17 Jun 2019 10:54:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqxJXD4KXDBoKNmDnW4+MBF/5Ogvtq5LhKYHn32gzLNnJhkVlUCXKmVuG0IjOskAbvTSCMtu X-Received: by 2002:a19:a87:: with SMTP id 129mr45832046lfk.98.1560794052652; Mon, 17 Jun 2019 10:54:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794052; cv=none; d=google.com; s=arc-20160816; b=RaC093VMDucdl6+VcDf9ofaSUk4TAFrcMftnvgoAHO+bNGGGUOeUsa8O75TkTwFPVQ WSzMlNwqsLpnFKy0FFkgO/sGePxxR5oJK0N/0D3oQ1BbvNcCWUfU7YDg8nMPLDuvT+id q3qxEVDaVJLeAb37ZcijjvBS33jPWZH7ri5nxxK/P0h3AIWOGwtdVjRjGc0sVunlVfvW 3qWBRc9lF5hFR5t5NyT551hvIvKlYAc8KylnU7oOoRRiuUeh8DL4d4jux7if+XuVC+vO Lp/kt+abLT5ny6/E8kZYx4E3SojzPDWPGrQHIlx7PzHQZpyJAu34Obo1JMU4ci53G6G2 qTiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=ZqxuBGrvpyV7bVVdQeK9vpv5xyuxJzmNpj8ibO3gKBw=; b=mWXiy2Big8nP/kSiKnflaRuFvQJxd3VaHbhBpx3SJwiBGgo9uKfHr30+5Tl9Ae0wzT UZfTA0oj9QMG2hs1S2JE6Odqk9IsGWYhz/NWTI/VFkDl2a0KOLWq/ZUd1gdXSFwAfomZ F1636fBX5Cou2W51vxHIYsa+RMOFTzr/JtRY6ZXC9nJOQyF5djsrIBS0qY4RmDTRZX6l oJtx7oKKopcMxUj2z6cIxh2wfog4TLAPbRVdRcHVZvFL4NpNwJUMzpNpEekilKHXTYx3 d+t7cqHDHemZMZO8XD0LNC7WmWDjBYDpj8zyZBNe70qdieBMQ8Te/W3YGYbdUqSbU04O gSCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qBnMrqiD; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id x3si9641501eda.298.2019.06.17.10.54.12 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:54:12 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qBnMrqiD; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50640 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvpb-00086w-HP for patch@linaro.org; Mon, 17 Jun 2019 13:54:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50692) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fM-T0 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000bl-3T for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]:40716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvoq-0000Zy-E3 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wr1-x444.google.com with SMTP id p11so10953438wre.7 for ; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ZqxuBGrvpyV7bVVdQeK9vpv5xyuxJzmNpj8ibO3gKBw=; b=qBnMrqiDAX2devzhltrL3k5LNwxLL0pYFEAXPUwAhF+DEGVY0ImlTww8y8aHtNGju6 ffUdO85sB3X1bAvFocgGqqG7aHmxzLOmAU0hHzIAdhEJZ4hHseTTUW3Cd+1JfcK6AZuW FzniwmN9yUl2wE30w4XYIC9C44X0m8DeS4qawfB4u5ffFYXUTvfinP8QZLVoWbXNnX0V qJ/810BkgXp8Ttscsx5OkDZHVvKTN0JTRKJJ1DFtHP9fMRqfzx3vNGudVMnwcfqKGv9A svjn5Hqmk+LrJYmciUNKs/TQ02TBaHmj2TcCOoP95IgPGoXjH2gaaVsoEhdkXB6xXfyO ++Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZqxuBGrvpyV7bVVdQeK9vpv5xyuxJzmNpj8ibO3gKBw=; b=omuTGOJ1P9/0mldiY6oQ9PBVjy7DDycqpsQwD+yvxt6CuXXGq493g0enxeqlkxcdqb U5tAJdUTqybhMxnxXm7reEBg7TompaLBaCIfDobPpG/E9X3l+aKYLP9GD7bT9hlH0EXU 0+M7Vpgkbo25Apzcc2cNJjsr0pG32A+L1556riNGM0UWWlKKlUjYDXVSe+s/CNFDrAyJ ZIydeBPgrUpen1qLcj9QjLOP1Oa0K8fSk9Yn94UPwh3iz8okjuFutHoVywd3RkqUgv+a oVNwNEAPLjmCHnzwenWJs2AZq2LTOuKQRj1qZEZQhIREMN2SsfuV+MZ4Si+pA+HE3tBh 2K7Q== X-Gm-Message-State: APjAAAVcn+0OsJNbjf0fXifTRpMkqK4gEtgh8qdFn5ISxAWQtxUjci/K TXGejZVTRk56VmDVmIX0hGUttQ== X-Received: by 2002:adf:afe8:: with SMTP id y40mr22388286wrd.328.1560794002222; Mon, 17 Jun 2019 10:53:22 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:21 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:13 +0100 Message-Id: <20190617175317.27557-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::444 Subject: [Qemu-devel] [PATCH 2/6] arm v8M: Forcibly clear negative-priority exceptions on deactivate X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" To prevent execution priority remaining negative if the guest returns from an NMI or HardFault with a corrupted IPSR, the v8M interrupt deactivation process forces the HardFault and NMI to inactive based on the current raw execution priority, even if the interrupt the guest is trying to deactivate is something else. In the pseudocode this is done in the Deactivate() function. Signed-off-by: Peter Maydell --- hw/intc/armv7m_nvic.c | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) -- 2.20.1 Reviewed-by: Richard Henderson diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index b8ede30b3cb..330eb728dd5 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -812,15 +812,45 @@ void armv7m_nvic_get_pending_irq_info(void *opaque, int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) { NVICState *s = (NVICState *)opaque; - VecInfo *vec; + VecInfo *vec = NULL; int ret; assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); - if (secure && exc_is_banked(irq)) { - vec = &s->sec_vectors[irq]; - } else { - vec = &s->vectors[irq]; + /* + * For negative priorities, v8M will forcibly deactivate the appropriate + * NMI or HardFault regardless of what interrupt we're being asked to + * deactivate (compare the DeActivate() pseudocode). This is a guard + * against software returning from NMI or HardFault with a corrupted + * IPSR and leaving the CPU in a negative-priority state. + * v7M does not do this, but simply deactivates the requested interrupt. + */ + if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) { + switch (armv7m_nvic_raw_execution_priority(s)) { + case -1: + if (s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { + vec = &s->vectors[ARMV7M_EXCP_HARD]; + } else { + vec = &s->sec_vectors[ARMV7M_EXCP_HARD]; + } + break; + case -2: + vec = &s->vectors[ARMV7M_EXCP_NMI]; + break; + case -3: + vec = &s->sec_vectors[ARMV7M_EXCP_HARD]; + break; + default: + break; + } + } + + if (!vec) { + if (secure && exc_is_banked(irq)) { + vec = &s->sec_vectors[irq]; + } else { + vec = &s->vectors[irq]; + } } trace_nvic_complete_irq(irq, secure); From patchwork Mon Jun 17 17:53:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167084 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3175100ilk; Mon, 17 Jun 2019 10:55:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqzfcaBcgONtgRhZp5gMip08XzvgUARZ4LRuJD1ojJg/Mm6OrgSwb0tZ/Bno/1o1qihoeoZB X-Received: by 2002:ac2:4839:: with SMTP id 25mr17707903lft.79.1560794130247; Mon, 17 Jun 2019 10:55:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794130; cv=none; d=google.com; s=arc-20160816; b=fyt0rOgodakuQapVLtTrSLOJAtfFGyUpHahTRpg6LTVc6Zc7QdCmUIkrTKQM3FOxRg ytJcgBwCq6us3SgRD07g16OGwevU8bxCPvEmzYJqZKxuHfR0NZ5h4vNg9fUZMPeCFHY0 67zyRo5EcHGBfcW89Rl/p6x/ASWu1CJ8q8fcKrTXaojlwbC7VQL8Dzs40L8K18jqGwZb 1ny50NVG3KJ+D49LWamuAub23V5LdsCz8ftqOskLPW6i6q+iQy9kQk5GSLFBQEqnw+BQ HOKazFMsFve7IxrW9Qb+1kn+U4myj1KVpSEG8diKBlngdvsiVL3fQHo0uf+t57gHLCsx a8DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=tkA5eV6B+7bWXMQLTUuNg6Ny6QzZoudF4r4qdXt2dKw=; b=NPGpjGZHcnxEiSgKqdV9dDJoJfdUhKGF/+7zzMnGH7KR1om97Xq4p3c/z82aPGvP1h BKyxFGH0+DlS2AZpK3qtnHLNuPljwDVO2jQtkaAYSfC74j0pBG8IMvNaVqw28OOwCFY7 5sftdX6DuMAQHfn7XqaEvNeT20kncKyVuxOSAittkXSjGAL2qTEvKRjhUsI/JlhB2ePo omL1CDgzoQTeEWBKAzyzwUJDjoSR36wb/hbYL56HEIHlA0896X0NghFTKxeb6gqdKA26 PedW4CELC75XUKnXiw4waNUSvAr6FLbnDAKLR5ILODDvvH9olMma6RkSbxM/9Iv/wMFa qXkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=nRp4TDwe; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id z40si9311473edc.260.2019.06.17.10.55.30 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:55:30 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=nRp4TDwe; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50652 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvqr-0002pS-46 for patch@linaro.org; Mon, 17 Jun 2019 13:55:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50690) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvot-0007fK-Sw for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvos-0000bz-AG for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:27 -0400 Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341]:56117) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvos-0000ag-1I for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:26 -0400 Received: by mail-wm1-x341.google.com with SMTP id a15so316309wmj.5 for ; Mon, 17 Jun 2019 10:53:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=tkA5eV6B+7bWXMQLTUuNg6Ny6QzZoudF4r4qdXt2dKw=; b=nRp4TDwedZ2bj3uvzCgOxbHGnnIMrSlYGOSYYiyHPYh1po1TWvybV6Pwlhl7Fq2Vby 37y1NjDzBOxUP72RK+H8m6+/ciJ3epPK9nK1chEsySdwlhzBZgO6JqJUqhKSBsdnu90f lNXgKc0U/B/pBM8ZBS1VrHhce79nNl92Oi6InE1A9HvZDHhECJMYF9trq6ZPpSUL8Yn5 KfH0mLxTTPLq22qX2DyQIRaA75ecrOOaKbYcQpfrMcsMBSbP/ReX40n+M0P4YINsNQ3y WsVmdC/B/c3RacMMyl+i1hjcES2ifsNFXqa1zjTbt4wG6jKCLO21neU0DvVSAuzO2XHo gOgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tkA5eV6B+7bWXMQLTUuNg6Ny6QzZoudF4r4qdXt2dKw=; b=NJrC+Zpr6iDKOQ2WpGdm1J0pN8VT9vTELYBZnrgh1cUc8SQ9wi5r/LC7kFy5CY4RH0 WMVDLTB7mmd3+ak+Nx9TGGRHbIn3gr+N/v9JVb4UYPIHEPpVuEw80qEBAkG3AvP9nZ7I IX7Ivr2BvKGFth2LAqof4JdVsBvm1Gw54mE2bJoQCWtO/DnDXzg2dMj1I6P88rAiW0yb 5TiBksHXR/C9voOx+OC6F/o8Lz3hLY5hj6p0veLperoy3jSFRlnAMuXl9Ox1pZTGMfrG L03pyDaOTPDcLb9BjuPtMocwW1viVp4rXFwsOLLbV/ArBgCKmgBNc2Rj8Bzq7KxJVTb9 Impg== X-Gm-Message-State: APjAAAX0m8/0+xo5uJDVkUbX8DjgfSCQNT7Pg0qyUINqMLuIfk/PSZ/U sdPJNp45Ym8djQgrHOJqutFSpX5SF7bq3g== X-Received: by 2002:a05:600c:c6:: with SMTP id u6mr20220508wmm.153.1560794003623; Mon, 17 Jun 2019 10:53:23 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:22 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:14 +0100 Message-Id: <20190617175317.27557-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::341 Subject: [Qemu-devel] [PATCH 3/6] target/arm: v8M: Check state of exception being returned from X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In v8M, an attempt to return from an exception which is not active is an illegal exception return. For this purpose, exceptions which can configurably target either Secure or NonSecure are not considered to be active if they are configured for the opposite security state for the one we're trying to return from (eg attempt to return from an NS NMI but NMI targets Secure). In the pseudocode this is handled by IsActiveForState(). Detect this case rather than counting an active exception possibly of the wrong security state as being sufficient. Signed-off-by: Peter Maydell --- hw/intc/armv7m_nvic.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) -- 2.20.1 Reviewed-by: Richard Henderson diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 330eb728dd5..9f8f0d3ff55 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -860,7 +860,19 @@ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) return -1; } - ret = nvic_rettobase(s); + /* + * If this is a configurable exception and it is currently + * targeting the opposite security state from the one we're trying + * to complete it for, this counts as an illegal exception return. + * We still need to deactivate whatever vector the logic above has + * selected, though, as it might not be the same as the one for the + * requested exception number. + */ + if (!exc_is_banked(irq) && exc_targets_secure(s, irq) != secure) { + ret = -1; + } else { + ret = nvic_rettobase(s); + } vec->active = 0; if (vec->level) { From patchwork Mon Jun 17 17:53:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167089 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3179300ilk; Mon, 17 Jun 2019 10:58:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqznUfZeXQEGR/7TgMUdHFVI8Qc1WlO0ohdMdUKIDuq89/R3pUy/lQ8PRkXcROavmdn1shzg X-Received: by 2002:a1c:3:: with SMTP id 3mr20859707wma.44.1560794336377; Mon, 17 Jun 2019 10:58:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794336; cv=none; d=google.com; s=arc-20160816; b=U9B/r4llu2Fsnb4/GnqQv5OoPb6nKYoH2JytaKPFom/7lYR4FB4aFrmsIG6Qx/fbPN 1RWsmGQHCS5KJZExFDnPiMyXpxQwerWvJ/kaXwckJf4Ap8GUyTzGRwvS2PAXhX4fFkVT I2cTtVLPKnbm0/+uovFwIyqbucMvFVb7xxcciW4pxWTNm2m4C7J0EfW120/pu38VpE2q CznLGw/h0MVafMJmmjzS8fMIhGEvV2bP6NoEXhZoIvH6fiF0MtDAkbv//5oQ4omBzt6N TnWgW6npTuZOiJtmN6IG4676m/2Ggo6bXkLzaFsVp1W2BUC9MAR4umgNGwShIbRvvl82 5GUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=zKgJAfwPo8FOYTHjapPuTGTNS3c99ejdEGatbxYgWDQ=; b=sARQKu6IDMTJR4kzk0MOo5k+GxGRv5k7B14yEC0sz75GRZEUCpD5NqYug13cUq+PEb ZDS/YeZRdi6Q68f8uZTSnSziFuJ1tw/lJpoYKuJN067J4pJw8HJQgEi/lNIOi4L6/6xO EqaTM2iYfFVwKMNeiFhyZcAYEoXabHxkMqe9sxCwicU6aYmzeSArrtj7Izb53TvtcQqX 6JzV9kThS1zkRtbz2OGZqc9RtlrDmNRia0W4rWj+HeFyJkhLh804BoOrZ0kyytVyOReT he3UF7ndjMM2eox4ky33rJ7Bit3M135wIcI2azPYXm8Yc9yjF2CW+6jj4B0Yk1J1n+cL NPcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=xUCOyFhe; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id y2si9640776edb.188.2019.06.17.10.58.56 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:58:56 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=xUCOyFhe; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50682 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvuB-0006eH-CU for patch@linaro.org; Mon, 17 Jun 2019 13:58:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50787) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp1-0007iS-Om for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvp0-0000gH-1R for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:36703) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvox-0000ee-Sj for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: by mail-wm1-x342.google.com with SMTP id u8so328870wmm.1 for ; Mon, 17 Jun 2019 10:53:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zKgJAfwPo8FOYTHjapPuTGTNS3c99ejdEGatbxYgWDQ=; b=xUCOyFhemrpJA+/iI2WRVZ2yl1on1d11KGVAusGcu+jFM1tubF2R0lZnSu9OYt39ML ywYiqPlVQDh5aG6EeZPUVakYpUpsck5ZePwRTDzuG1mHZMTF01owgQ8/OucjwlUOPVWv 4wbddUAlu4RkwoLOuZMjSNAj6NE030fyMgomAT727nXYbdcphl6GLxeh+0vtCDkFRyzG JHJ+qhbdCYVjbISs6diRyfDOWAy1popaLjovZTclhZe8HERkTx757tNdnfrRUA4f3rjs qAO6+ViHOr7An63iXBEFIk/WSIIaR6VTNB22LoV8e741wCIYv/KpMnABVfhGkmgI3pUN saTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zKgJAfwPo8FOYTHjapPuTGTNS3c99ejdEGatbxYgWDQ=; b=O4rxnNiMkLGoYjSRma3npMz527qfN3yey6bFN6plxEyP63s1YZB5kCXcSVh3lyyqW+ Dm2QRNxhdeiUncC0ngBwDte4rgqlyXW3AJx90VWwh9Jw6JCZlTBK8lhGdOjqjG7P/ZrL 7aiRkCWzUhHzgE8oxcz5wA49q+O4Wfcp2NqZfCCU3NfhPxSIm0jVP8G/gucbIkYm6zWV j5vgL94ZYCqRTErxaPfRCpqc0VXN90iQVri/1WUCqW5jOaRDrqj8P9CcjY5MdOw4csaT voHHLE+xxwdMqUr/zEEWjMqm5l6/GWlWLgfPYoogZmOU+IUlIHFnR+oNE9C/q7b2L7Fh lpPQ== X-Gm-Message-State: APjAAAVhAw4scL/nxigxt59Ehxg7dV9uY9dmQUYvPoiCMJoKrc8LGI70 cSr7uRhW4Fv1dX88Sd0DbpWTEg== X-Received: by 2002:a1c:e0c4:: with SMTP id x187mr19004489wmg.177.1560794006206; Mon, 17 Jun 2019 10:53:26 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:24 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:15 +0100 Message-Id: <20190617175317.27557-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::342 Subject: [Qemu-devel] [PATCH 4/6] target/arm: Use _ra versions of cpu_stl_data() in v7M helpers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In the various helper functions for v7M/v8M instructions, use the _ra versions of cpu_stl_data() and friends. Otherwise we may get wrong behaviour or an assert() due to not being able to locate the TB if there is an exception on the memory access or if it performs an IO operation when in icount mode. Signed-off-by: Peter Maydell --- target/arm/helper.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) -- 2.20.1 Reviewed-by: Richard Henderson diff --git a/target/arm/helper.c b/target/arm/helper.c index 375249d3c72..866fe54780e 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8141,8 +8141,8 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest) } /* Note that these stores can throw exceptions on MPU faults */ - cpu_stl_data(env, sp, nextinst); - cpu_stl_data(env, sp + 4, saved_psr); + cpu_stl_data_ra(env, sp, nextinst, GETPC()); + cpu_stl_data_ra(env, sp + 4, saved_psr, GETPC()); env->regs[13] = sp; env->regs[14] = 0xfeffffff; @@ -8557,6 +8557,7 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) /* fptr is the value of Rn, the frame pointer we store the FP regs to */ bool s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK; bool lspact = env->v7m.fpccr[s] & R_V7M_FPCCR_LSPACT_MASK; + uintptr_t ra = GETPC(); assert(env->v7m.secure); @@ -8582,7 +8583,7 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) * Note that we do not use v7m_stack_write() here, because the * accesses should not set the FSR bits for stacking errors if they * fail. (In pseudocode terms, they are AccType_NORMAL, not AccType_STACK - * or AccType_LAZYFP). Faults in cpu_stl_data() will throw exceptions + * or AccType_LAZYFP). Faults in cpu_stl_data_ra() will throw exceptions * and longjmp out. */ if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) { @@ -8598,10 +8599,10 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) if (i >= 16) { faddr += 8; /* skip the slot for the FPSCR */ } - cpu_stl_data(env, faddr, slo); - cpu_stl_data(env, faddr + 4, shi); + cpu_stl_data_ra(env, faddr, slo, ra); + cpu_stl_data_ra(env, faddr + 4, shi, ra); } - cpu_stl_data(env, fptr + 0x40, vfp_get_fpscr(env)); + cpu_stl_data_ra(env, fptr + 0x40, vfp_get_fpscr(env), ra); /* * If TS is 0 then s0 to s15 and FPSCR are UNKNOWN; we choose to @@ -8622,6 +8623,8 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) { + uintptr_t ra = GETPC(); + /* fptr is the value of Rn, the frame pointer we load the FP regs from */ assert(env->v7m.secure); @@ -8655,13 +8658,13 @@ void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) faddr += 8; /* skip the slot for the FPSCR */ } - slo = cpu_ldl_data(env, faddr); - shi = cpu_ldl_data(env, faddr + 4); + slo = cpu_ldl_data_ra(env, faddr, ra); + shi = cpu_ldl_data_ra(env, faddr + 4, ra); dn = (uint64_t) shi << 32 | slo; *aa32_vfp_dreg(env, i / 2) = dn; } - fpscr = cpu_ldl_data(env, fptr + 0x40); + fpscr = cpu_ldl_data_ra(env, fptr + 0x40, ra); vfp_set_fpscr(env, fpscr); } From patchwork Mon Jun 17 17:53:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167085 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3175745ilk; Mon, 17 Jun 2019 10:55:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqzOzoqI2oCCB2ppfsEW5pcwH1EToqnWFF7FOLmrTZVokDIArCeECyVoIOkV22/s8ej0LC4G X-Received: by 2002:a2e:6d02:: with SMTP id i2mr33292077ljc.124.1560794158536; Mon, 17 Jun 2019 10:55:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794158; cv=none; d=google.com; s=arc-20160816; b=TJYiu+/pUGOGW8bs0gsQHbzWYGCKWY8C+f/b6r571vvhDgUDoNOkMYQi9Kjypsa09h 0JELhXzZrjpRYBgbOHwYOg7985W35SirvdkAJAE2xUsYWE0xhX899qp3eBk3fwBFa6LS xJ+c78RItWmauKdzcQPayM7iFBRitJreLAXHYeKB5f7nrc5z4uIjv2PmLL8DVObNdijh 9fKqg7f/E5PLiDVGakkGohgSCmbate9cVGa26wWJheyH91bD/MgWuHyEobP20oDKdmLP olidDsCc8wGw2TLp8ihrS5qcgQ7VHErO6NZD8V1WAUNdxcAVn7Lc9TkvNU01/SaqC/mM FcFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=v8vwTZLuhwp+bmBixmmWp52i36uK/epxo9J3L5qAyYw=; b=UXCshzT+v9n/dHHaLePQ74xJrfxM/KmLldVjX8HS1f0DCx8Wd39BdfK0ZwOkaPGnHJ NTV2pkCfJaqWq0BO91Kj40YY9AuFfeIZBNqwzvB+SHz9054S3RqRcN5UHX+WZzJsSGtL wkLW0YAwMNNH4QjHr9uDmfuVa/E5wMO9N0A7DPoingvUfd3l9Ai87pdf8CDSeEzrOOy2 dGfNubyhlrqG4K9XjKFEfsXPh3MDhjZa2rVH0ucmzFTQCfHK6XwQO44P1ochfO/cCtuC OWFbTyv80vnIdMh5AZhzkejRCTAfRJu8zLq2ccRTvCiefgRU18/Aw9210/d/Hif6l1wd YJzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qQnFthMS; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id b10si7065346ejj.379.2019.06.17.10.55.58 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:55:58 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qQnFthMS; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50656 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvrJ-0002yx-GE for patch@linaro.org; Mon, 17 Jun 2019 13:55:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50760) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp0-0007hq-Dm for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvox-0000f5-RE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:38937) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvov-0000do-W1 for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:31 -0400 Received: by mail-wr1-x442.google.com with SMTP id x4so10944984wrt.6 for ; Mon, 17 Jun 2019 10:53:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=v8vwTZLuhwp+bmBixmmWp52i36uK/epxo9J3L5qAyYw=; b=qQnFthMSJo8bfP4HEGAgZBvsS1BmZaBI2he8FBMFZln/yYefl8iffG5CDe/FQCaaoz /VbmNkeZ7Q5CljJMhl+5A4Wl7KgcnpOPA6fmvxdbbHorj4vdDcrkVlPuQWCOMJfKRfQI 9CJMqwtN9y2sjTAyAf9/GH6LlNfn9pCifvGvQ15JSq2cOJj9ffzsI5T8EDAxvH905JS4 tQcsojAIxQqGO+8Elf74KN/udytwcM2zTY+cGuqCH2hg8M3VWQbGL4SRRjYI4dciXZPj wj3NAPb+aQGLs78EdDOgXQw41rS6CAwVXBo1yx1fAnI5Zb+XOeJlXXzeAV081w48sKSC tZAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v8vwTZLuhwp+bmBixmmWp52i36uK/epxo9J3L5qAyYw=; b=S+Abpxi7WLAh6fcvLfMRZRvGigo1mCyVG6XN2cCjRDfRM98kBKCxZkh5MPfpuSbxBD 1myq+COcCeD+qB933cZ32btikrvTpovI+yCvL717bBwSq7OgQgHH+/yTnJzhkly1i/Op 9RMlMuKX7p9F4YMyLUwPNIZ2njBYedP6AWc0Ehx3T9Ki9HmFoFv8eQ6WPrC5lCdzNKYi Fe4yeETM8heSKNfOrkwUX1dmSOkbMMtf6MZruKP+s3EOhIvt1hSSkQo2INzSi66zvtKZ i+pc7de6KrohoRwyk+6Gvp8rsCn0kKFIMpxP9PARcHHrMzllxRd9qQoSRKrpKfJkQ08I 2vPw== X-Gm-Message-State: APjAAAWii1pYQ0Pzonh1SnSvyw5McB7QqImCSbFvkUcaboooJxNGxmnH CrrelBoaCOfMvQKciI8h/WadIw== X-Received: by 2002:a5d:5302:: with SMTP id e2mr62712766wrv.347.1560794008245; Mon, 17 Jun 2019 10:53:28 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:27 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:16 +0100 Message-Id: <20190617175317.27557-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PATCH 5/6] hw/timer/armv7m_systick: Forbid non-privileged accesses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Like most of the v7M memory mapped system registers, the systick registers are accessible to privileged code only and user accesses must generate a BusFault. We implement that for registers in the NVIC proper already, but missed it for systick since we implement it as a separate device. Correct the omission. Signed-off-by: Peter Maydell --- hw/timer/armv7m_systick.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) -- 2.20.1 Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé diff --git a/hw/timer/armv7m_systick.c b/hw/timer/armv7m_systick.c index a17317ce2fe..94640743b5d 100644 --- a/hw/timer/armv7m_systick.c +++ b/hw/timer/armv7m_systick.c @@ -75,11 +75,17 @@ static void systick_timer_tick(void *opaque) } } -static uint64_t systick_read(void *opaque, hwaddr addr, unsigned size) +static MemTxResult systick_read(void *opaque, hwaddr addr, uint64_t *data, + unsigned size, MemTxAttrs attrs) { SysTickState *s = opaque; uint32_t val; + if (attrs.user) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + switch (addr) { case 0x0: /* SysTick Control and Status. */ val = s->control; @@ -121,14 +127,21 @@ static uint64_t systick_read(void *opaque, hwaddr addr, unsigned size) } trace_systick_read(addr, val, size); - return val; + *data = val; + return MEMTX_OK; } -static void systick_write(void *opaque, hwaddr addr, - uint64_t value, unsigned size) +static MemTxResult systick_write(void *opaque, hwaddr addr, + uint64_t value, unsigned size, + MemTxAttrs attrs) { SysTickState *s = opaque; + if (attrs.user) { + /* Generate BusFault for unprivileged accesses */ + return MEMTX_ERROR; + } + trace_systick_write(addr, value, size); switch (addr) { @@ -172,11 +185,12 @@ static void systick_write(void *opaque, hwaddr addr, qemu_log_mask(LOG_GUEST_ERROR, "SysTick: Bad write offset 0x%" HWADDR_PRIx "\n", addr); } + return MEMTX_OK; } static const MemoryRegionOps systick_ops = { - .read = systick_read, - .write = systick_write, + .read_with_attrs = systick_read, + .write_with_attrs = systick_write, .endianness = DEVICE_NATIVE_ENDIAN, .valid.min_access_size = 4, .valid.max_access_size = 4, From patchwork Mon Jun 17 17:53:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 167087 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3176309ilk; Mon, 17 Jun 2019 10:56:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqywSkOJCprgr98ut6i2zAy9dTlow5P+jkXgzG1VREaDrZnBBmLG4G3uNVWWgK164FY4mDrc X-Received: by 2002:a17:902:8d91:: with SMTP id v17mr90031019plo.91.1560794059509; Mon, 17 Jun 2019 10:54:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560794059; cv=none; d=google.com; s=arc-20160816; b=crPOOHWbj9kIo6QgjBHr8OD5Pa/7xWaVTtnDWOxFvy6DoIjyi6gvFjy0GFTmFqv+52 IS8rGvkutbYcMOpZBHuwfk4BQxutOJyQaWQkBwc/EccKobnnt8YfTvCEEEzJVrOH7dKp 1es+Vlf00Km+sLxYzEVwEwhI15vM7W5qfx5618KL9E1TNKFz9IfZYLDTKpMxwOJGdWm4 xxv9bU9PkY+q4xrCuo1xyY/aWpXg61NjDI3w/x9HcvYkLwzU3A3m1qgH4raaAWqzvtJg KaORro2TZQdtX6CyBnmy1HinRbsLu5+Aknp6QeUQ2Uol/Vw1R+OjOT347jzbO3kfnGdL Y54g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=575i0kl12NVak4MXLXn7jsLioeAHAQ7GMt0OozyFMPE=; b=PNYSQlCncfDUtry8ZgzfUE5qlkY66V5sQhUPvdrP7Ms4uzC3BgrmFePwqaAj56Dvnm i5Ddam3wyWCQvLb4wopKw29Al+UhxI3410mFSDk0M7Bc8MDMIcjnUbOxBABIpbc6MmdX eJ5hHK6RYgPBISaqsVUaCndXHZo46cY68Oi2ucNEpRsJS+nBq/KxC+VNz6rTU3NZDjJ6 hxLGXcwzROL6OIBf+SQ9ygYW7aMnpYbYzynVXnp+J0cMWet5R1pZGXKRkB7h87gD2z/X iYiZ3n9bEBwJBx/RnvItNErBjkCRTyFyJQK3Z0FqPlZLp+GDsp+c9kZ5vcHpKps2v0rS r2rA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=U6Zfhjte; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id k3si10176538pjt.87.2019.06.17.10.54.18 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 17 Jun 2019 10:54:19 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=U6Zfhjte; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:50638 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvpa-00086A-Sb for patch@linaro.org; Mon, 17 Jun 2019 13:54:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50785) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcvp1-0007iQ-OE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcvp0-0000gL-1e for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:35 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:43845) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcvox-0000eN-SE for qemu-devel@nongnu.org; Mon, 17 Jun 2019 13:53:33 -0400 Received: by mail-wr1-x442.google.com with SMTP id p13so10916016wru.10 for ; Mon, 17 Jun 2019 10:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=575i0kl12NVak4MXLXn7jsLioeAHAQ7GMt0OozyFMPE=; b=U6Zfhjte7H1zjJkqBenhLCw1tAgmTlKq/0q9BWk2JkWrXIUcYqp+vqPBu0w7GL9Q4O bEUqqAJN/f9/R+M3pjyh02+p0iUAkCilSBVAzSdKULqfFexI70Wplkuqpmty6iLFON3Y exJ0/+7QXwOqxptLkkPrTg9ZvAIUobfhkqWcH5PVpcHxEkXDMmlNqhcuWHP8CaGc7GPL b4b35DL4edaG3fv3hd3otwIAXnfTGQZ1n9gtk0nFoi8CVmQCbdjSjqoheZDym/ujS8hV knl7w4+LRmHbRo72HdVzpfgtsAD4jGeB5LUo46tKYfPdifLzOYR7/gBVu6ZoT8cUksFJ jTig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=575i0kl12NVak4MXLXn7jsLioeAHAQ7GMt0OozyFMPE=; b=MKbPW7c7LA217bFetVBhVxizsajVlEnZ0U0U5Na9wVAUoDWmmEPNkPc+AZh4YZPK1c VugBTLg8dmUN8Rvls4EOpx6l0rieH+S9+crFmR4UvClrMFFOhSYPloUzzUDzaxUWf7VG svfssgTvHuTtD9QVvc97mWF+D73UGOHa7OADv8WjloGCcx9BvhXs0F1ImyWhQfHarn4k u/w81TuNqcCY6+CohK9V0+jqGBFuvkefyWkKOitOjjaMzvqFyNT81QjT7N6rDoeG9VV0 FtTUDTtlxWZvs3ajE+WVnJmECjsA+zgxxfPOc0a783YdVRWjLFNMBA4m2p/rsOggWXU/ Cc/w== X-Gm-Message-State: APjAAAX88vS1LD/OACiKKOEwXB0ShhbhLu7VbzO5OQgPBQfl+RhMYlih hH0d9e/BV2ECIE5wK78ED3I0Pg== X-Received: by 2002:a5d:51d1:: with SMTP id n17mr21127446wrv.52.1560794009196; Mon, 17 Jun 2019 10:53:29 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t14sm8713619wrr.33.2019.06.17.10.53.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:53:28 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 17 Jun 2019 18:53:17 +0100 Message-Id: <20190617175317.27557-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190617175317.27557-1-peter.maydell@linaro.org> References: <20190617175317.27557-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PATCH 6/6] target/arm: Execute Thumb instructions when their condbits are 0xf X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Thumb instructions in an IT block are set up to be conditionally executed depending on a set of condition bits encoded into the IT bits of the CPSR/XPSR. The architecture specifies that if the condition bits are 0b1111 this means "always execute" (like 0b1110), not "never execute"; we were treating it as "never execute". (See the ConditionHolds() pseudocode in both the A-profile and M-profile Arm ARM.) This is a bit of an obscure corner case, because the only legal way to get to an 0b1111 set of condbits is to do an exception return which sets the XPSR/CPSR up that way. An IT instruction which encodes a condition sequence that would include an 0b1111 is UNPREDICTABLE, and for v8A the CONSTRAINED UNPREDICTABLE choices for such an IT insn are to NOP, UNDEF, or treat 0b1111 like 0b1110. Add a comment noting that we take the latter option. Signed-off-by: Peter Maydell --- target/arm/translate.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) -- 2.20.1 Reviewed-by: Richard Henderson diff --git a/target/arm/translate.c b/target/arm/translate.c index 4750b9fa1bb..45ea0a11c7c 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -11595,7 +11595,14 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) gen_nop_hint(s, (insn >> 4) & 0xf); break; } - /* If Then. */ + /* + * IT (If-Then) + * + * Combinations of firstcond and mask which set up an 0b1111 + * condition are UNPREDICTABLE; we take the CONSTRAINED + * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110, + * i.e. both meaning "execute always". + */ s->condexec_cond = (insn >> 4) & 0xe; s->condexec_mask = insn & 0x1f; /* No actual code generated for this insn, just setup state. */ @@ -12129,7 +12136,11 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) { uint32_t cond = dc->condexec_cond; - if (cond != 0x0e) { /* Skip conditional when condition is AL. */ + /* + * Conditionally skip the insn. Note that both 0xe and 0xf mean + * "always"; 0xf is not "never". + */ + if (cond < 0x0e) { arm_skip_unless(dc, cond); } }