From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 04/24] target/arm: Handle page table walk load failures correctly
Date: Tue, 16 Jan 2018 13:33:59 +0000 [thread overview]
Message-ID: <1516109659-1557-5-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1516109659-1557-1-git-send-email-peter.maydell@linaro.org>
Instead of ignoring the response from address_space_ld*()
(indicating an attempt to read a page table descriptor from
an invalid physical address), use it to report the failure
correctly.
Since this is another couple of locations where we need to
decide the value of the ARMMMUFaultInfo ea bit based on a
MemTxResult, we factor out that operation into a helper
function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/internals.h | 10 ++++++++++
target/arm/helper.c | 39 ++++++++++++++++++++++++++++++++++-----
target/arm/op_helper.c | 7 +------
3 files changed, 45 insertions(+), 11 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 876854d..89f5d2f 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -687,6 +687,16 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
return fsc;
}
+static inline bool arm_extabort_type(MemTxResult result)
+{
+ /* The EA bit in syndromes and fault status registers is an
+ * IMPDEF classification of external aborts. ARM implementations
+ * usually use this to indicate AXI bus Decode error (0) or
+ * Slave error (1); in QEMU we follow that.
+ */
+ return result != MEMTX_DECODE_ERROR;
+}
+
/* Do a page table walk and add page to TLB if possible */
bool arm_tlb_fill(CPUState *cpu, vaddr address,
MMUAccessType access_type, int mmu_idx,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index eb80f79..c83c901 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8305,6 +8305,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
&txattrs, &s2prot, &s2size, fi, NULL);
if (ret) {
+ assert(fi->type != ARMFault_None);
fi->s2addr = addr;
fi->stage2 = true;
fi->s1ptw = true;
@@ -8328,7 +8329,9 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
MemTxAttrs attrs = {};
+ MemTxResult result = MEMTX_OK;
AddressSpace *as;
+ uint32_t data;
attrs.secure = is_secure;
as = arm_addressspace(cs, attrs);
@@ -8337,10 +8340,16 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
return 0;
}
if (regime_translation_big_endian(env, mmu_idx)) {
- return address_space_ldl_be(as, addr, attrs, NULL);
+ data = address_space_ldl_be(as, addr, attrs, &result);
} else {
- return address_space_ldl_le(as, addr, attrs, NULL);
+ data = address_space_ldl_le(as, addr, attrs, &result);
}
+ if (result == MEMTX_OK) {
+ return data;
+ }
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
}
static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
@@ -8349,7 +8358,9 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
MemTxAttrs attrs = {};
+ MemTxResult result = MEMTX_OK;
AddressSpace *as;
+ uint32_t data;
attrs.secure = is_secure;
as = arm_addressspace(cs, attrs);
@@ -8358,10 +8369,16 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
return 0;
}
if (regime_translation_big_endian(env, mmu_idx)) {
- return address_space_ldq_be(as, addr, attrs, NULL);
+ data = address_space_ldq_be(as, addr, attrs, &result);
} else {
- return address_space_ldq_le(as, addr, attrs, NULL);
+ data = address_space_ldq_le(as, addr, attrs, &result);
+ }
+ if (result == MEMTX_OK) {
+ return data;
}
+ fi->type = ARMFault_SyncExternalOnWalk;
+ fi->ea = arm_extabort_type(result);
+ return 0;
}
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
@@ -8390,6 +8407,9 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
mmu_idx, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
type = (desc & 3);
domain = (desc >> 5) & 0x0f;
if (regime_el(env, mmu_idx) == 1) {
@@ -8426,6 +8446,9 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
mmu_idx, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
switch (desc & 3) {
case 0: /* Page translation fault. */
fi->type = ARMFault_Translation;
@@ -8508,6 +8531,9 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
mmu_idx, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
type = (desc & 3);
if (type == 0 || (type == 3 && !arm_feature(env, ARM_FEATURE_PXN))) {
/* Section translation fault, or attempt to use the encoding
@@ -8559,6 +8585,9 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
mmu_idx, fi);
+ if (fi->type != ARMFault_None) {
+ goto do_fault;
+ }
ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
switch (desc & 3) {
case 0: /* Page translation fault. */
@@ -8964,7 +8993,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
descriptor = arm_ldq_ptw(cs, descaddr, !nstable, mmu_idx, fi);
- if (fi->s1ptw) {
+ if (fi->type != ARMFault_None) {
goto do_fault;
}
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index b362063..712c5c5 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -220,12 +220,7 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
- /* The EA bit in syndromes and fault status registers is an
- * IMPDEF classification of external aborts. ARM implementations
- * usually use this to indicate AXI bus Decode error (0) or
- * Slave error (1); in QEMU we follow that.
- */
- fi.ea = (response != MEMTX_DECODE_ERROR);
+ fi.ea = arm_extabort_type(response);
fi.type = ARMFault_SyncExternal;
deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
}
--
2.7.4
next prev parent reply other threads:[~2018-01-16 13:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-16 13:33 [Qemu-devel] [PULL 00/24] target-arm queue Peter Maydell
2018-01-16 13:33 ` [Qemu-devel] [PULL 01/24] hw/intc/armv7m: Support byte and halfword accesses to CFSR Peter Maydell
2018-01-16 13:33 ` [Qemu-devel] [PULL 02/24] get_phys_addr_pmsav7: Support AP=0b111 for v7M Peter Maydell
2018-01-16 13:33 ` [Qemu-devel] [PULL 03/24] hw/arm/virt: Add virt-2.12 machine type Peter Maydell
2018-01-16 13:33 ` Peter Maydell [this message]
2018-01-16 13:34 ` [Qemu-devel] [PULL 05/24] hw/sd/pl181: Reset SD card on controller reset Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 06/24] hw/sd/milkymist-memcard: " Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 07/24] hw/sd/ssi-sd: " Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 08/24] hw/sd/omap_mmc: " Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 09/24] target/arm: Split out vfp_expand_imm Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 10/24] target/arm: Add fp16 support to vfp_expand_imm Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 11/24] sdhci: clean up includes Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 12/24] sdhci: remove dead code Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 13/24] sdhci: use DEFINE_SDHCI_COMMON_PROPERTIES() for common sysbus/pci properties Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 14/24] sdhci: refactor common sysbus/pci class_init() into sdhci_common_class_init() Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 15/24] sdhci: refactor common sysbus/pci realize() into sdhci_common_realize() Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 16/24] sdhci: refactor common sysbus/pci unrealize() into sdhci_common_unrealize() Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 17/24] sdhci: use qemu_log_mask(UNIMP) instead of fprintf() Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 18/24] sdhci: convert the DPRINT() calls into trace events Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 19/24] sdhci: move MASK_TRNMOD with other SDHC_TRN* defines in "sd-internal.h" Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 20/24] sdhci: rename the SDHC_CAPAB register Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 21/24] sdhci: fix CAPAB/MAXCURR registers, both are 64bit and read-only Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 22/24] sdhci: Implement write method of ACMD12ERRSTS register Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 23/24] sdhci: fix the PCI device, using the PCI address space for DMA Peter Maydell
2018-01-16 13:34 ` [Qemu-devel] [PULL 24/24] sdhci: add a 'dma' property to the sysbus devices Peter Maydell
2018-01-16 15:44 ` [Qemu-devel] [PULL 00/24] target-arm queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516109659-1557-5-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.