Re: [Qemu-devel] [PATCH v6 10/37] target-arm: Add v8 mmu translation support

[Peter Crosthwaite]

On Fri, Apr 11, 2014 at 2:15 AM, Peter Maydell <address@hidden> wrote:
> From: Rob Herring <address@hidden>
>
> Add support for v8 page table walks. This supports stage 1 translations
> for 4KB, 16KB and 64KB page sizes starting with 0 or 1 level.
>
> Signed-off-by: Rob Herring <address@hidden>
> [PMM: fix style nits, fold in 16/64K page support patch, use
>  arm_el_is_aa64() to decide whether to do 64 bit page table walk]
> Signed-off-by: Peter Maydell <address@hidden>

reviewed-by: Peter Crosthwaite <address@hidden>

> ---
>  target-arm/helper.c | 109 
> +++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 77 insertions(+), 32 deletions(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 9866e50..4b6c1b6 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -10,7 +10,7 @@
>  #include <zlib.h> /* For crc32 */
>
>  #ifndef CONFIG_USER_ONLY
> -static inline int get_phys_addr(CPUARMState *env, uint32_t address,
> +static inline int get_phys_addr(CPUARMState *env, target_ulong address,
>                                  int access_type, int is_user,
>                                  hwaddr *phys_ptr, int *prot,
>                                  target_ulong *page_size);
> @@ -1151,14 +1151,15 @@ static void par_write(CPUARMState *env, const 
> ARMCPRegInfo *ri, uint64_t value)
>  #ifndef CONFIG_USER_ONLY
>  /* get_phys_addr() isn't present for user-mode-only targets */
>
> -/* Return true if extended addresses are enabled, ie this is an
> - * LPAE implementation and we are using the long-descriptor translation
> - * table format because the TTBCR EAE bit is set.
> +/* Return true if extended addresses are enabled.
> + * This is always the case if our translation regime is 64 bit,
> + * but depends on TTBCR.EAE for 32 bit.
>   */
>  static inline bool extended_addresses_enabled(CPUARMState *env)
>  {
> -    return arm_feature(env, ARM_FEATURE_LPAE)
> -        && (env->cp15.c2_control & (1U << 31));
> +    return arm_el_is_aa64(env, 1)
> +        || ((arm_feature(env, ARM_FEATURE_LPAE)
> +             && (env->cp15.c2_control & (1U << 31))));
>  }
>
>  static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri)
> @@ -3402,7 +3403,7 @@ typedef enum {
>      permission_fault = 3,
>  } MMUFaultType;
>
> -static int get_phys_addr_lpae(CPUARMState *env, uint32_t address,
> +static int get_phys_addr_lpae(CPUARMState *env, target_ulong address,
>                                int access_type, int is_user,
>                                hwaddr *phys_ptr, int *prot,
>                                target_ulong *page_size_ptr)
> @@ -3412,26 +3413,46 @@ static int get_phys_addr_lpae(CPUARMState *env, 
> uint32_t address,
>      MMUFaultType fault_type = translation_fault;
>      uint32_t level = 1;
>      uint32_t epd;
> -    uint32_t tsz;
> +    int32_t tsz;
> +    uint32_t tg;
>      uint64_t ttbr;
>      int ttbr_select;
> -    int n;
> -    hwaddr descaddr;
> +    hwaddr descaddr, descmask;
>      uint32_t tableattrs;
>      target_ulong page_size;
>      uint32_t attrs;
> +    int32_t granule_sz = 9;
> +    int32_t va_size = 32;
> +    int32_t tbi = 0;
> +
> +    if (arm_el_is_aa64(env, 1)) {
> +        va_size = 64;
> +        if (extract64(address, 55, 1))
> +            tbi = extract64(env->cp15.c2_control, 38, 1);
> +        else
> +            tbi = extract64(env->cp15.c2_control, 37, 1);
> +        tbi *= 8;
> +    }
>
>      /* Determine whether this address is in the region controlled by
>       * TTBR0 or TTBR1 (or if it is in neither region and should fault).
>       * This is a Non-secure PL0/1 stage 1 translation, so controlled by
>       * TTBCR/TTBR0/TTBR1 in accordance with ARM ARM DDI0406C table B-32:
>       */
> -    uint32_t t0sz = extract32(env->cp15.c2_control, 0, 3);
> -    uint32_t t1sz = extract32(env->cp15.c2_control, 16, 3);
> -    if (t0sz && !extract32(address, 32 - t0sz, t0sz)) {
> +    uint32_t t0sz = extract32(env->cp15.c2_control, 0, 6);
> +    if (arm_el_is_aa64(env, 1)) {
> +        t0sz = MIN(t0sz, 39);
> +        t0sz = MAX(t0sz, 16);
> +    }
> +    uint32_t t1sz = extract32(env->cp15.c2_control, 16, 6);
> +    if (arm_el_is_aa64(env, 1)) {
> +        t1sz = MIN(t1sz, 39);
> +        t1sz = MAX(t1sz, 16);
> +    }
> +    if (t0sz && !extract64(address, va_size - t0sz, t0sz - tbi)) {
>          /* there is a ttbr0 region and we are in it (high bits all zero) */
>          ttbr_select = 0;
> -    } else if (t1sz && !extract32(~address, 32 - t1sz, t1sz)) {
> +    } else if (t1sz && !extract64(~address, va_size - t1sz, t1sz - tbi)) {
>          /* there is a ttbr1 region and we are in it (high bits all one) */
>          ttbr_select = 1;
>      } else if (!t0sz) {
> @@ -3457,10 +3478,26 @@ static int get_phys_addr_lpae(CPUARMState *env, 
> uint32_t address,
>          ttbr = env->cp15.ttbr0_el1;
>          epd = extract32(env->cp15.c2_control, 7, 1);
>          tsz = t0sz;
> +
> +        tg = extract32(env->cp15.c2_control, 14, 2);
> +        if (tg == 1) { /* 64KB pages */
> +            granule_sz = 13;
> +        }
> +        if (tg == 2) { /* 16KB pages */
> +            granule_sz = 11;
> +        }
>      } else {
>          ttbr = env->cp15.ttbr1_el1;
>          epd = extract32(env->cp15.c2_control, 23, 1);
>          tsz = t1sz;
> +
> +        tg = extract32(env->cp15.c2_control, 30, 2);
> +        if (tg == 3)  { /* 64KB pages */
> +            granule_sz = 13;
> +        }
> +        if (tg == 1) { /* 16KB pages */
> +            granule_sz = 11;
> +        }
>      }
>
>      if (epd) {
> @@ -3468,34 +3505,37 @@ static int get_phys_addr_lpae(CPUARMState *env, 
> uint32_t address,
>          goto do_fault;
>      }
>
> -    /* If the region is small enough we will skip straight to a 2nd level
> -     * lookup. This affects the number of bits of the address used in
> -     * combination with the TTBR to find the first descriptor. ('n' here
> -     * matches the usage in the ARM ARM sB3.6.6, where bits [39..n] are
> -     * from the TTBR, [n-1..3] from the vaddr, and [2..0] always zero).
> +    /* The starting level depends on the virtual address size which can be
> +     * up to 48-bits and the translation granule size.
>       */
> -    if (tsz > 1) {
> -        level = 2;
> -        n = 14 - tsz;
> +    if ((va_size - tsz) > (granule_sz * 4 + 3)) {
> +        level = 0;
> +    } else if ((va_size - tsz) > (granule_sz * 3 + 3)) {
> +        level = 1;
>      } else {
> -        n = 5 - tsz;
> +        level = 2;
>      }
>
>      /* Clear the vaddr bits which aren't part of the within-region address,
>       * so that we don't have to special case things when calculating the
>       * first descriptor address.
>       */
> -    address &= (0xffffffffU >> tsz);
> +    if (tsz) {
> +        address &= (1ULL << (va_size - tsz)) - 1;
> +    }
> +
> +    descmask = (1ULL << (granule_sz + 3)) - 1;
>
>      /* Now we can extract the actual base address from the TTBR */
> -    descaddr = extract64(ttbr, 0, 40);
> -    descaddr &= ~((1ULL << n) - 1);
> +    descaddr = extract64(ttbr, 0, 48);
> +    descaddr &= ~((1ULL << (va_size - tsz - (granule_sz * (4 - level)))) - 
> 1);
>
>      tableattrs = 0;
>      for (;;) {
>          uint64_t descriptor;
>
> -        descaddr |= ((address >> (9 * (4 - level))) & 0xff8);
> +        descaddr |= (address >> (granule_sz * (4 - level))) & descmask;
> +        descaddr &= ~7ULL;
>          descriptor = ldq_phys(cs->as, descaddr);
>          if (!(descriptor & 1) ||
>              (!(descriptor & 2) && (level == 3))) {
> @@ -3518,11 +3558,16 @@ static int get_phys_addr_lpae(CPUARMState *env, 
> uint32_t address,
>           * These are basically the same thing, although the number
>           * of bits we pull in from the vaddr varies.
>           */
> -        page_size = (1 << (39 - (9 * level)));
> +        page_size = (1 << ((granule_sz * (4 - level)) + 3));
>          descaddr |= (address & (page_size - 1));
>          /* Extract attributes from the descriptor and merge with table attrs 
> */
> -        attrs = extract64(descriptor, 2, 10)
> -            | (extract64(descriptor, 52, 12) << 10);
> +        if (arm_feature(env, ARM_FEATURE_V8)) {
> +            attrs = extract64(descriptor, 2, 10)
> +                | (extract64(descriptor, 53, 11) << 10);
> +        } else {
> +            attrs = extract64(descriptor, 2, 10)
> +                | (extract64(descriptor, 52, 12) << 10);
> +        }
>          attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
>          attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
>          /* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
> @@ -3656,7 +3701,7 @@ static int get_phys_addr_mpu(CPUARMState *env, uint32_t 
> address,
>   * @prot: set to the permissions for the page containing phys_ptr
>   * @page_size: set to the size of the page containing phys_ptr
>   */
> -static inline int get_phys_addr(CPUARMState *env, uint32_t address,
> +static inline int get_phys_addr(CPUARMState *env, target_ulong address,
>                                  int access_type, int is_user,
>                                  hwaddr *phys_ptr, int *prot,
>                                  target_ulong *page_size)
> @@ -3705,7 +3750,7 @@ int arm_cpu_handle_mmu_fault(CPUState *cs, vaddr 
> address,
>      if (ret == 0) {
>          /* Map a single [sub]page.  */
>          phys_addr &= ~(hwaddr)0x3ff;
> -        address &= ~(uint32_t)0x3ff;
> +        address &= ~(target_ulong)0x3ff;
>          tlb_set_page(cs, address, phys_addr, prot, mmu_idx, page_size);
>          return 0;
>      }
> --
> 1.9.1
>
>