projects / gem5.git / blob
? search:


38aa38ed01f2b259e6d2aabbf3a7430b8a4d974b
[gem5.git] / src / arch / arm / tlb.cc
1 /*
2 * Copyright (c) 2010-2013, 2016-2020 ARM Limited
3 * All rights reserved
4 *
5 * The license below extends only to copyright in the software and shall
6 * not be construed as granting a license to any other intellectual
7 * property including but not limited to intellectual property relating
8 * to a hardware implementation of the functionality of the software
9 * licensed hereunder. You may use the software subject to the license
10 * terms below provided that you ensure that this notice is replicated
11 * unmodified and in its entirety in all distributions of the software,
12 * modified or unmodified, in source code or in binary form.
13 *
14 * Copyright (c) 2001-2005 The Regents of The University of Michigan
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions are
19 * met: redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer;
21 * redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution;
24 * neither the name of the copyright holders nor the names of its
25 * contributors may be used to endorse or promote products derived from
26 * this software without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 */
40
41 #include "arch/arm/tlb.hh"
42
43 #include <memory>
44 #include <string>
45 #include <vector>
46
47 #include "arch/arm/faults.hh"
48 #include "arch/arm/isa.hh"
49 #include "arch/arm/pagetable.hh"
50 #include "arch/arm/self_debug.hh"
51 #include "arch/arm/stage2_lookup.hh"
52 #include "arch/arm/stage2_mmu.hh"
53 #include "arch/arm/system.hh"
54 #include "arch/arm/table_walker.hh"
55 #include "arch/arm/tlbi_op.hh"
56 #include "arch/arm/utility.hh"
57 #include "base/inifile.hh"
58 #include "base/str.hh"
59 #include "base/trace.hh"
60 #include "cpu/base.hh"
61 #include "cpu/thread_context.hh"
62 #include "debug/Checkpoint.hh"
63 #include "debug/TLB.hh"
64 #include "debug/TLBVerbose.hh"
65 #include "mem/packet_access.hh"
66 #include "mem/page_table.hh"
67 #include "mem/request.hh"
68 #include "params/ArmTLB.hh"
69 #include "sim/full_system.hh"
70 #include "sim/process.hh"
71 #include "sim/pseudo_inst.hh"
72
73 using namespace std;
74 using namespace ArmISA;
75
76 TLB::TLB(const ArmTLBParams &p)
77 : BaseTLB(p), table(new TlbEntry[p.size]), size(p.size),
78 isStage2(p.is_stage2), stage2Req(false), stage2DescReq(false), _attr(0),
79 directToStage2(false), tableWalker(p.walker), stage2Tlb(NULL),
80 stage2Mmu(NULL), test(nullptr), stats(this), rangeMRU(1),
81 aarch64(false), aarch64EL(EL0), isPriv(false), isSecure(false),
82 isHyp(false), asid(0), vmid(0), hcr(0), dacr(0),
83 miscRegValid(false), miscRegContext(0), curTranType(NormalTran)
84 {
85 const ArmSystem *sys = dynamic_cast<const ArmSystem *>(p.sys);
86
87 tableWalker->setTlb(this);
88
89 // Cache system-level properties
90 haveLPAE = tableWalker->haveLPAE();
91 haveVirtualization = tableWalker->haveVirtualization();
92 haveLargeAsid64 = tableWalker->haveLargeAsid64();
93 physAddrRange = tableWalker->physAddrRange();
94
95 if (sys)
96 m5opRange = sys->m5opRange();
97 }
98
99 TLB::~TLB()
100 {
101 delete[] table;
102 }
103
104 void
105 TLB::init()
106 {
107 if (stage2Mmu && !isStage2)
108 stage2Tlb = stage2Mmu->stage2Tlb();
109 }
110
111 void
112 TLB::setMMU(Stage2MMU *m, RequestorID requestor_id)
113 {
114 stage2Mmu = m;
115 tableWalker->setMMU(m, requestor_id);
116 }
117
118 bool
119 TLB::translateFunctional(ThreadContext *tc, Addr va, Addr &pa)
120 {
121 updateMiscReg(tc);
122
123 if (directToStage2) {
124 assert(stage2Tlb);
125 return stage2Tlb->translateFunctional(tc, va, pa);
126 }
127
128 TlbEntry *e = lookup(va, asid, vmid, isHyp, isSecure, true, false,
129 aarch64 ? aarch64EL : EL1, false);
130 if (!e)
131 return false;
132 pa = e->pAddr(va);
133 return true;
134 }
135
136 Fault
137 TLB::finalizePhysical(const RequestPtr &req,
138 ThreadContext *tc, Mode mode) const
139 {
140 const Addr paddr = req->getPaddr();
141
142 if (m5opRange.contains(paddr)) {
143 uint8_t func;
144 PseudoInst::decodeAddrOffset(paddr - m5opRange.start(), func);
145 req->setLocalAccessor(
146 [func, mode](ThreadContext *tc, PacketPtr pkt) -> Cycles
147 {
148 uint64_t ret;
149 PseudoInst::pseudoInst<PseudoInstABI>(tc, func, ret);
150 if (mode == Read)
151 pkt->setLE(ret);
152 return Cycles(1);
153 }
154 );
155 }
156
157 return NoFault;
158 }
159
160 TlbEntry*
161 TLB::lookup(Addr va, uint16_t asn, uint8_t vmid, bool hyp, bool secure,
162 bool functional, bool ignore_asn, ExceptionLevel target_el,
163 bool in_host)
164 {
165
166 TlbEntry *retval = NULL;
167
168 // Maintaining LRU array
169 int x = 0;
170 while (retval == NULL && x < size) {
171 if ((!ignore_asn && table[x].match(va, asn, vmid, hyp, secure, false,
172 target_el, in_host)) ||
173 (ignore_asn && table[x].match(va, vmid, hyp, secure, target_el,
174 in_host))) {
175 // We only move the hit entry ahead when the position is higher
176 // than rangeMRU
177 if (x > rangeMRU && !functional) {
178 TlbEntry tmp_entry = table[x];
179 for (int i = x; i > 0; i--)
180 table[i] = table[i - 1];
181 table[0] = tmp_entry;
182 retval = &table[0];
183 } else {
184 retval = &table[x];
185 }
186 break;
187 }
188 ++x;
189 }
190
191 DPRINTF(TLBVerbose, "Lookup %#x, asn %#x -> %s vmn 0x%x hyp %d secure %d "
192 "ppn %#x size: %#x pa: %#x ap:%d ns:%d nstid:%d g:%d asid: %d "
193 "el: %d\n",
194 va, asn, retval ? "hit" : "miss", vmid, hyp, secure,
195 retval ? retval->pfn : 0, retval ? retval->size : 0,
196 retval ? retval->pAddr(va) : 0, retval ? retval->ap : 0,
197 retval ? retval->ns : 0, retval ? retval->nstid : 0,
198 retval ? retval->global : 0, retval ? retval->asid : 0,
199 retval ? retval->el : 0);
200
201 return retval;
202 }
203
204 // insert a new TLB entry
205 void
206 TLB::insert(Addr addr, TlbEntry &entry)
207 {
208 DPRINTF(TLB, "Inserting entry into TLB with pfn:%#x size:%#x vpn: %#x"
209 " asid:%d vmid:%d N:%d global:%d valid:%d nc:%d xn:%d"
210 " ap:%#x domain:%#x ns:%d nstid:%d isHyp:%d\n", entry.pfn,
211 entry.size, entry.vpn, entry.asid, entry.vmid, entry.N,
212 entry.global, entry.valid, entry.nonCacheable, entry.xn,
213 entry.ap, static_cast<uint8_t>(entry.domain), entry.ns, entry.nstid,
214 entry.isHyp);
215
216 if (table[size - 1].valid)
217 DPRINTF(TLB, " - Replacing Valid entry %#x, asn %d vmn %d ppn %#x "
218 "size: %#x ap:%d ns:%d nstid:%d g:%d isHyp:%d el: %d\n",
219 table[size-1].vpn << table[size-1].N, table[size-1].asid,
220 table[size-1].vmid, table[size-1].pfn << table[size-1].N,
221 table[size-1].size, table[size-1].ap, table[size-1].ns,
222 table[size-1].nstid, table[size-1].global, table[size-1].isHyp,
223 table[size-1].el);
224
225 //inserting to MRU position and evicting the LRU one
226
227 for (int i = size - 1; i > 0; --i)
228 table[i] = table[i-1];
229 table[0] = entry;
230
231 stats.inserts++;
232 ppRefills->notify(1);
233 }
234
235 void
236 TLB::printTlb() const
237 {
238 int x = 0;
239 TlbEntry *te;
240 DPRINTF(TLB, "Current TLB contents:\n");
241 while (x < size) {
242 te = &table[x];
243 if (te->valid)
244 DPRINTF(TLB, " * %s\n", te->print());
245 ++x;
246 }
247 }
248
249 void
250 TLB::flushAll()
251 {
252 DPRINTF(TLB, "Flushing all TLB entries\n");
253 int x = 0;
254 TlbEntry *te;
255 while (x < size) {
256 te = &table[x];
257
258 DPRINTF(TLB, " - %s\n", te->print());
259 te->valid = false;
260 stats.flushedEntries++;
261 ++x;
262 }
263
264 stats.flushTlb++;
265
266 // If there's a second stage TLB (and we're not it) then flush it as well
267 if (!isStage2) {
268 stage2Tlb->flushAll();
269 }
270 }
271
272 void
273 TLB::flush(const TLBIALL& tlbi_op)
274 {
275 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
276 (tlbi_op.secureLookup ? "secure" : "non-secure"));
277 int x = 0;
278 TlbEntry *te;
279 while (x < size) {
280 te = &table[x];
281 const bool el_match = te->checkELMatch(
282 tlbi_op.targetEL, tlbi_op.inHost);
283 if (te->valid && tlbi_op.secureLookup == !te->nstid &&
284 (te->vmid == vmid || tlbi_op.el2Enabled) && el_match) {
285
286 DPRINTF(TLB, " - %s\n", te->print());
287 te->valid = false;
288 stats.flushedEntries++;
289 }
290 ++x;
291 }
292
293 stats.flushTlb++;
294
295 // If there's a second stage TLB (and we're not it) then flush it as well
296 // if we're currently in hyp mode
297 if (!isStage2 && isHyp) {
298 stage2Tlb->flush(tlbi_op.makeStage2());
299 }
300 }
301
302 void
303 TLB::flush(const TLBIALLEL &tlbi_op)
304 {
305 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
306 (tlbi_op.secureLookup ? "secure" : "non-secure"));
307 int x = 0;
308 TlbEntry *te;
309 while (x < size) {
310 te = &table[x];
311 const bool el_match = te->checkELMatch(
312 tlbi_op.targetEL, tlbi_op.inHost);
313 if (te->valid && tlbi_op.secureLookup == !te->nstid && el_match) {
314
315 DPRINTF(TLB, " - %s\n", te->print());
316 te->valid = false;
317 stats.flushedEntries++;
318 }
319 ++x;
320 }
321
322 stats.flushTlb++;
323
324 // If there's a second stage TLB (and we're not it)
325 // and if we're targeting EL1
326 // then flush it as well
327 if (!isStage2 && tlbi_op.targetEL == EL1) {
328 stage2Tlb->flush(tlbi_op.makeStage2());
329 }
330 }
331
332 void
333 TLB::flush(const TLBIALLN &tlbi_op)
334 {
335 bool hyp = tlbi_op.targetEL == EL2;
336
337 DPRINTF(TLB, "Flushing all NS TLB entries (%s lookup)\n",
338 (hyp ? "hyp" : "non-hyp"));
339 int x = 0;
340 TlbEntry *te;
341 while (x < size) {
342 te = &table[x];
343 const bool el_match = te->checkELMatch(tlbi_op.targetEL, false);
344
345 if (te->valid && te->nstid && te->isHyp == hyp && el_match) {
346
347 DPRINTF(TLB, " - %s\n", te->print());
348 stats.flushedEntries++;
349 te->valid = false;
350 }
351 ++x;
352 }
353
354 stats.flushTlb++;
355
356 // If there's a second stage TLB (and we're not it) then flush it as well
357 if (!isStage2 && !hyp) {
358 stage2Tlb->flush(tlbi_op.makeStage2());
359 }
360 }
361
362 void
363 TLB::flush(const TLBIMVA &tlbi_op)
364 {
365 DPRINTF(TLB, "Flushing TLB entries with mva: %#x, asid: %#x "
366 "(%s lookup)\n", tlbi_op.addr, tlbi_op.asid,
367 (tlbi_op.secureLookup ? "secure" : "non-secure"));
368 _flushMva(tlbi_op.addr, tlbi_op.asid, tlbi_op.secureLookup, false,
369 tlbi_op.targetEL, tlbi_op.inHost);
370 stats.flushTlbMvaAsid++;
371 }
372
373 void
374 TLB::flush(const TLBIASID &tlbi_op)
375 {
376 DPRINTF(TLB, "Flushing TLB entries with asid: %#x (%s lookup)\n",
377 tlbi_op.asid, (tlbi_op.secureLookup ? "secure" : "non-secure"));
378
379 int x = 0 ;
380 TlbEntry *te;
381
382 while (x < size) {
383 te = &table[x];
384 if (te->valid && te->asid == tlbi_op.asid &&
385 tlbi_op.secureLookup == !te->nstid &&
386 (te->vmid == vmid || tlbi_op.el2Enabled) &&
387 te->checkELMatch(tlbi_op.targetEL, tlbi_op.inHost)) {
388
389 te->valid = false;
390 DPRINTF(TLB, " - %s\n", te->print());
391 stats.flushedEntries++;
392 }
393 ++x;
394 }
395 stats.flushTlbAsid++;
396 }
397
398 void
399 TLB::flush(const TLBIMVAA &tlbi_op) {
400
401 DPRINTF(TLB, "Flushing TLB entries with mva: %#x (%s lookup)\n",
402 tlbi_op.addr,
403 (tlbi_op.secureLookup ? "secure" : "non-secure"));
404 _flushMva(tlbi_op.addr, 0xbeef, tlbi_op.secureLookup, true,
405 tlbi_op.targetEL, tlbi_op.inHost);
406 stats.flushTlbMva++;
407 }
408
409 void
410 TLB::_flushMva(Addr mva, uint64_t asn, bool secure_lookup,
411 bool ignore_asn, ExceptionLevel target_el, bool in_host)
412 {
413 TlbEntry *te;
414 // D5.7.2: Sign-extend address to 64 bits
415 mva = sext<56>(mva);
416
417 bool hyp = target_el == EL2;
418
419 te = lookup(mva, asn, vmid, hyp, secure_lookup, false, ignore_asn,
420 target_el, in_host);
421 while (te != NULL) {
422 if (secure_lookup == !te->nstid) {
423 DPRINTF(TLB, " - %s\n", te->print());
424 te->valid = false;
425 stats.flushedEntries++;
426 }
427 te = lookup(mva, asn, vmid, hyp, secure_lookup, false, ignore_asn,
428 target_el, in_host);
429 }
430 }
431
432 void
433 TLB::flush(const TLBIIPA &tlbi_op)
434 {
435 assert(!isStage2);
436 stage2Tlb->_flushMva(tlbi_op.addr, 0xbeef, tlbi_op.secureLookup,
437 true, tlbi_op.targetEL, false);
438 }
439
440 void
441 TLB::drainResume()
442 {
443 // We might have unserialized something or switched CPUs, so make
444 // sure to re-read the misc regs.
445 miscRegValid = false;
446 }
447
448 void
449 TLB::takeOverFrom(BaseTLB *_otlb)
450 {
451 TLB *otlb = dynamic_cast<TLB*>(_otlb);
452 /* Make sure we actually have a valid type */
453 if (otlb) {
454 _attr = otlb->_attr;
455 haveLPAE = otlb->haveLPAE;
456 directToStage2 = otlb->directToStage2;
457 stage2Req = otlb->stage2Req;
458 stage2DescReq = otlb->stage2DescReq;
459
460 /* Sync the stage2 MMU if they exist in both
461 * the old CPU and the new
462 */
463 if (!isStage2 &&
464 stage2Tlb && otlb->stage2Tlb) {
465 stage2Tlb->takeOverFrom(otlb->stage2Tlb);
466 }
467 } else {
468 panic("Incompatible TLB type!");
469 }
470 }
471
472 TLB::TlbStats::TlbStats(Stats::Group *parent)
473 : Stats::Group(parent),
474 ADD_STAT(instHits,"ITB inst hits"),
475 ADD_STAT(instMisses, "ITB inst misses"),
476 ADD_STAT(readHits, "DTB read hits"),
477 ADD_STAT(readMisses, "DTB read misses"),
478 ADD_STAT(writeHits, "DTB write hits"),
479 ADD_STAT(writeMisses, "DTB write misses"),
480 ADD_STAT(inserts, "Number of times an entry is inserted into the TLB"),
481 ADD_STAT(flushTlb, "Number of times complete TLB was flushed"),
482 ADD_STAT(flushTlbMva, "Number of times TLB was flushed by MVA"),
483 ADD_STAT(flushTlbMvaAsid, "Number of times TLB was flushed by MVA & ASID"),
484 ADD_STAT(flushTlbAsid, "Number of times TLB was flushed by ASID"),
485 ADD_STAT(flushedEntries, "Number of entries that have been flushed"
486 " from TLB"),
487 ADD_STAT(alignFaults, "Number of TLB faults due to alignment"
488 " restrictions"),
489 ADD_STAT(prefetchFaults, "Number of TLB faults due to prefetch"),
490 ADD_STAT(domainFaults, "Number of TLB faults due to domain restrictions"),
491 ADD_STAT(permsFaults, "Number of TLB faults due to permissions"
492 " restrictions"),
493 ADD_STAT(readAccesses, "DTB read accesses", readHits + readMisses),
494 ADD_STAT(writeAccesses, "DTB write accesses", writeHits + writeMisses),
495 ADD_STAT(instAccesses, "ITB inst accesses", instHits + instMisses),
496 ADD_STAT(hits, "Total TLB (inst and data) hits",
497 readHits + writeHits + instHits),
498 ADD_STAT(misses, "Total TLB (inst and data) misses",
499 readMisses + writeMisses + instMisses),
500 ADD_STAT(accesses, "Total TLB (inst and data) accesses",
501 readAccesses + writeAccesses + instAccesses)
502 {
503 }
504
505 void
506 TLB::regProbePoints()
507 {
508 ppRefills.reset(new ProbePoints::PMU(getProbeManager(), "Refills"));
509 }
510
511 Fault
512 TLB::translateSe(const RequestPtr &req, ThreadContext *tc, Mode mode,
513 Translation *translation, bool &delay, bool timing)
514 {
515 updateMiscReg(tc);
516 Addr vaddr_tainted = req->getVaddr();
517 Addr vaddr = 0;
518 if (aarch64)
519 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
520 mode==Execute);
521 else
522 vaddr = vaddr_tainted;
523 Request::Flags flags = req->getFlags();
524
525 bool is_fetch = (mode == Execute);
526 bool is_write = (mode == Write);
527
528 if (!is_fetch) {
529 if (sctlr.a || !(flags & AllowUnaligned)) {
530 if (vaddr & mask(flags & AlignmentMask)) {
531 // LPAE is always disabled in SE mode
532 return std::make_shared<DataAbort>(
533 vaddr_tainted,
534 TlbEntry::DomainType::NoAccess, is_write,
535 ArmFault::AlignmentFault, isStage2,
536 ArmFault::VmsaTran);
537 }
538 }
539 }
540
541 Addr paddr;
542 Process *p = tc->getProcessPtr();
543
544 if (!p->pTable->translate(vaddr, paddr))
545 return std::make_shared<GenericPageTableFault>(vaddr_tainted);
546 req->setPaddr(paddr);
547
548 return finalizePhysical(req, tc, mode);
549 }
550
551 Fault
552 TLB::checkPermissions(TlbEntry *te, const RequestPtr &req, Mode mode)
553 {
554 // a data cache maintenance instruction that operates by MVA does
555 // not generate a Data Abort exeception due to a Permission fault
556 if (req->isCacheMaintenance()) {
557 return NoFault;
558 }
559
560 Addr vaddr = req->getVaddr(); // 32-bit don't have to purify
561 Request::Flags flags = req->getFlags();
562 bool is_fetch = (mode == Execute);
563 bool is_write = (mode == Write);
564 bool is_priv = isPriv && !(flags & UserMode);
565
566 // Get the translation type from the actuall table entry
567 ArmFault::TranMethod tranMethod = te->longDescFormat ? ArmFault::LpaeTran
568 : ArmFault::VmsaTran;
569
570 // If this is the second stage of translation and the request is for a
571 // stage 1 page table walk then we need to check the HCR.PTW bit. This
572 // allows us to generate a fault if the request targets an area marked
573 // as a device or strongly ordered.
574 if (isStage2 && req->isPTWalk() && hcr.ptw &&
575 (te->mtype != TlbEntry::MemoryType::Normal)) {
576 return std::make_shared<DataAbort>(
577 vaddr, te->domain, is_write,
578 ArmFault::PermissionLL + te->lookupLevel,
579 isStage2, tranMethod);
580 }
581
582 // Generate an alignment fault for unaligned data accesses to device or
583 // strongly ordered memory
584 if (!is_fetch) {
585 if (te->mtype != TlbEntry::MemoryType::Normal) {
586 if (vaddr & mask(flags & AlignmentMask)) {
587 stats.alignFaults++;
588 return std::make_shared<DataAbort>(
589 vaddr, TlbEntry::DomainType::NoAccess, is_write,
590 ArmFault::AlignmentFault, isStage2,
591 tranMethod);
592 }
593 }
594 }
595
596 if (te->nonCacheable) {
597 // Prevent prefetching from I/O devices.
598 if (req->isPrefetch()) {
599 // Here we can safely use the fault status for the short
600 // desc. format in all cases
601 return std::make_shared<PrefetchAbort>(
602 vaddr, ArmFault::PrefetchUncacheable,
603 isStage2, tranMethod);
604 }
605 }
606
607 if (!te->longDescFormat) {
608 switch ((dacr >> (static_cast<uint8_t>(te->domain) * 2)) & 0x3) {
609 case 0:
610 stats.domainFaults++;
611 DPRINTF(TLB, "TLB Fault: Data abort on domain. DACR: %#x"
612 " domain: %#x write:%d\n", dacr,
613 static_cast<uint8_t>(te->domain), is_write);
614 if (is_fetch) {
615 // Use PC value instead of vaddr because vaddr might
616 // be aligned to cache line and should not be the
617 // address reported in FAR
618 return std::make_shared<PrefetchAbort>(
619 req->getPC(),
620 ArmFault::DomainLL + te->lookupLevel,
621 isStage2, tranMethod);
622 } else
623 return std::make_shared<DataAbort>(
624 vaddr, te->domain, is_write,
625 ArmFault::DomainLL + te->lookupLevel,
626 isStage2, tranMethod);
627 case 1:
628 // Continue with permissions check
629 break;
630 case 2:
631 panic("UNPRED domain\n");
632 case 3:
633 return NoFault;
634 }
635 }
636
637 // The 'ap' variable is AP[2:0] or {AP[2,1],1b'0}, i.e. always three bits
638 uint8_t ap = te->longDescFormat ? te->ap << 1 : te->ap;
639 uint8_t hap = te->hap;
640
641 if (sctlr.afe == 1 || te->longDescFormat)
642 ap |= 1;
643
644 bool abt;
645 bool isWritable = true;
646 // If this is a stage 2 access (eg for reading stage 1 page table entries)
647 // then don't perform the AP permissions check, we stil do the HAP check
648 // below.
649 if (isStage2) {
650 abt = false;
651 } else {
652 switch (ap) {
653 case 0:
654 DPRINTF(TLB, "Access permissions 0, checking rs:%#x\n",
655 (int)sctlr.rs);
656 if (!sctlr.xp) {
657 switch ((int)sctlr.rs) {
658 case 2:
659 abt = is_write;
660 break;
661 case 1:
662 abt = is_write || !is_priv;
663 break;
664 case 0:
665 case 3:
666 default:
667 abt = true;
668 break;
669 }
670 } else {
671 abt = true;
672 }
673 break;
674 case 1:
675 abt = !is_priv;
676 break;
677 case 2:
678 abt = !is_priv && is_write;
679 isWritable = is_priv;
680 break;
681 case 3:
682 abt = false;
683 break;
684 case 4:
685 panic("UNPRED premissions\n");
686 case 5:
687 abt = !is_priv || is_write;
688 isWritable = false;
689 break;
690 case 6:
691 case 7:
692 abt = is_write;
693 isWritable = false;
694 break;
695 default:
696 panic("Unknown permissions %#x\n", ap);
697 }
698 }
699
700 bool hapAbt = is_write ? !(hap & 2) : !(hap & 1);
701 bool xn = te->xn || (isWritable && sctlr.wxn) ||
702 (ap == 3 && sctlr.uwxn && is_priv);
703 if (is_fetch && (abt || xn ||
704 (te->longDescFormat && te->pxn && is_priv) ||
705 (isSecure && te->ns && scr.sif))) {
706 stats.permsFaults++;
707 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. AP:%d "
708 "priv:%d write:%d ns:%d sif:%d sctlr.afe: %d \n",
709 ap, is_priv, is_write, te->ns, scr.sif,sctlr.afe);
710 // Use PC value instead of vaddr because vaddr might be aligned to
711 // cache line and should not be the address reported in FAR
712 return std::make_shared<PrefetchAbort>(
713 req->getPC(),
714 ArmFault::PermissionLL + te->lookupLevel,
715 isStage2, tranMethod);
716 } else if (abt | hapAbt) {
717 stats.permsFaults++;
718 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d priv:%d"
719 " write:%d\n", ap, is_priv, is_write);
720 return std::make_shared<DataAbort>(
721 vaddr, te->domain, is_write,
722 ArmFault::PermissionLL + te->lookupLevel,
723 isStage2 | !abt, tranMethod);
724 }
725 return NoFault;
726 }
727
728
729 Fault
730 TLB::checkPermissions64(TlbEntry *te, const RequestPtr &req, Mode mode,
731 ThreadContext *tc)
732 {
733 assert(aarch64);
734
735 // A data cache maintenance instruction that operates by VA does
736 // not generate a Permission fault unless:
737 // * It is a data cache invalidate (dc ivac) which requires write
738 // permissions to the VA, or
739 // * It is executed from EL0
740 if (req->isCacheClean() && aarch64EL != EL0 && !isStage2) {
741 return NoFault;
742 }
743
744 Addr vaddr_tainted = req->getVaddr();
745 Addr vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
746 mode==Execute);
747
748 Request::Flags flags = req->getFlags();
749 bool is_fetch = (mode == Execute);
750 // Cache clean operations require read permissions to the specified VA
751 bool is_write = !req->isCacheClean() && mode == Write;
752 bool is_atomic = req->isAtomic();
753 M5_VAR_USED bool is_priv = isPriv && !(flags & UserMode);
754
755 updateMiscReg(tc, curTranType);
756
757 // If this is the second stage of translation and the request is for a
758 // stage 1 page table walk then we need to check the HCR.PTW bit. This
759 // allows us to generate a fault if the request targets an area marked
760 // as a device or strongly ordered.
761 if (isStage2 && req->isPTWalk() && hcr.ptw &&
762 (te->mtype != TlbEntry::MemoryType::Normal)) {
763 return std::make_shared<DataAbort>(
764 vaddr_tainted, te->domain, is_write,
765 ArmFault::PermissionLL + te->lookupLevel,
766 isStage2, ArmFault::LpaeTran);
767 }
768
769 // Generate an alignment fault for unaligned accesses to device or
770 // strongly ordered memory
771 if (!is_fetch) {
772 if (te->mtype != TlbEntry::MemoryType::Normal) {
773 if (vaddr & mask(flags & AlignmentMask)) {
774 stats.alignFaults++;
775 return std::make_shared<DataAbort>(
776 vaddr_tainted,
777 TlbEntry::DomainType::NoAccess,
778 is_atomic ? false : is_write,
779 ArmFault::AlignmentFault, isStage2,
780 ArmFault::LpaeTran);
781 }
782 }
783 }
784
785 if (te->nonCacheable) {
786 // Prevent prefetching from I/O devices.
787 if (req->isPrefetch()) {
788 // Here we can safely use the fault status for the short
789 // desc. format in all cases
790 return std::make_shared<PrefetchAbort>(
791 vaddr_tainted,
792 ArmFault::PrefetchUncacheable,
793 isStage2, ArmFault::LpaeTran);
794 }
795 }
796
797 uint8_t ap = 0x3 & (te->ap); // 2-bit access protection field
798 bool grant = false;
799
800 bool wxn = sctlr.wxn;
801 uint8_t xn = te->xn;
802 uint8_t pxn = te->pxn;
803 bool r = (!is_write && !is_fetch);
804 bool w = is_write;
805 bool x = is_fetch;
806
807 if (ArmSystem::haveEL(tc, EL3) && isSecure && te->ns && scr.sif)
808 xn = true;
809
810 // grant_read is used for faults from an atomic instruction that
811 // both reads and writes from a memory location. From a ISS point
812 // of view they count as read if a read to that address would have
813 // generated the fault; they count as writes otherwise
814 bool grant_read = true;
815 DPRINTF(TLBVerbose, "Checking permissions: ap:%d, xn:%d, pxn:%d, r:%d, "
816 "w:%d, x:%d, is_priv: %d, wxn: %d\n", ap, xn,
817 pxn, r, w, x, is_priv, wxn);
818
819 if (isStage2) {
820 assert(ArmSystem::haveVirtualization(tc) && aarch64EL != EL2);
821 // In stage 2 we use the hypervisor access permission bits.
822 // The following permissions are described in ARM DDI 0487A.f
823 // D4-1802
824 uint8_t hap = 0x3 & te->hap;
825 grant_read = hap & 0x1;
826 if (is_fetch) {
827 // sctlr.wxn overrides the xn bit
828 grant = !wxn && !xn;
829 } else if (is_atomic) {
830 grant = r && w;
831 grant_read = r;
832 } else if (is_write) {
833 grant = hap & 0x2;
834 } else { // is_read
835 grant = grant_read;
836 }
837 } else {
838 switch (aarch64EL) {
839 case EL0:
840 {
841 grant_read = ap & 0x1;
842 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
843 switch (perm) {
844 case 0:
845 case 1:
846 case 8:
847 case 9:
848 grant = x;
849 break;
850 case 4:
851 case 5:
852 grant = r || w || (x && !wxn);
853 break;
854 case 6:
855 case 7:
856 grant = r || w;
857 break;
858 case 12:
859 case 13:
860 grant = r || x;
861 break;
862 case 14:
863 case 15:
864 grant = r;
865 break;
866 default:
867 grant = false;
868 }
869 }
870 break;
871 case EL1:
872 {
873 if (checkPAN(tc, ap, req, mode)) {
874 grant = false;
875 grant_read = false;
876 break;
877 }
878
879 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
880 switch (perm) {
881 case 0:
882 case 2:
883 grant = r || w || (x && !wxn);
884 break;
885 case 1:
886 case 3:
887 case 4:
888 case 5:
889 case 6:
890 case 7:
891 // regions that are writeable at EL0 should not be
892 // executable at EL1
893 grant = r || w;
894 break;
895 case 8:
896 case 10:
897 case 12:
898 case 14:
899 grant = r || x;
900 break;
901 case 9:
902 case 11:
903 case 13:
904 case 15:
905 grant = r;
906 break;
907 default:
908 grant = false;
909 }
910 }
911 break;
912 case EL2:
913 if (hcr.e2h && checkPAN(tc, ap, req, mode)) {
914 grant = false;
915 grant_read = false;
916 break;
917 }
918 M5_FALLTHROUGH;
919 case EL3:
920 {
921 uint8_t perm = (ap & 0x2) | xn;
922 switch (perm) {
923 case 0:
924 grant = r || w || (x && !wxn);
925 break;
926 case 1:
927 grant = r || w;
928 break;
929 case 2:
930 grant = r || x;
931 break;
932 case 3:
933 grant = r;
934 break;
935 default:
936 grant = false;
937 }
938 }
939 break;
940 }
941 }
942
943 if (!grant) {
944 if (is_fetch) {
945 stats.permsFaults++;
946 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. "
947 "AP:%d priv:%d write:%d ns:%d sif:%d "
948 "sctlr.afe: %d\n",
949 ap, is_priv, is_write, te->ns, scr.sif, sctlr.afe);
950 // Use PC value instead of vaddr because vaddr might be aligned to
951 // cache line and should not be the address reported in FAR
952 return std::make_shared<PrefetchAbort>(
953 req->getPC(),
954 ArmFault::PermissionLL + te->lookupLevel,
955 isStage2, ArmFault::LpaeTran);
956 } else {
957 stats.permsFaults++;
958 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d "
959 "priv:%d write:%d\n", ap, is_priv, is_write);
960 return std::make_shared<DataAbort>(
961 vaddr_tainted, te->domain,
962 (is_atomic && !grant_read) ? false : is_write,
963 ArmFault::PermissionLL + te->lookupLevel,
964 isStage2, ArmFault::LpaeTran);
965 }
966 }
967
968 return NoFault;
969 }
970
971 bool
972 TLB::checkPAN(ThreadContext *tc, uint8_t ap, const RequestPtr &req, Mode mode)
973 {
974 // The PAN bit has no effect on:
975 // 1) Instruction accesses.
976 // 2) Data Cache instructions other than DC ZVA
977 // 3) Address translation instructions, other than ATS1E1RP and
978 // ATS1E1WP when ARMv8.2-ATS1E1 is implemented. (Unimplemented in
979 // gem5)
980 // 4) Unprivileged instructions (Unimplemented in gem5)
981 AA64MMFR1 mmfr1 = tc->readMiscReg(MISCREG_ID_AA64MMFR1_EL1);
982 if (mmfr1.pan && cpsr.pan && (ap & 0x1) && mode != Execute &&
983 (!req->isCacheMaintenance() ||
984 (req->getFlags() & Request::CACHE_BLOCK_ZERO))) {
985 return true;
986 } else {
987 return false;
988 }
989 }
990
991 Fault
992 TLB::translateMmuOff(ThreadContext *tc, const RequestPtr &req, Mode mode,
993 TLB::ArmTranslationType tranType, Addr vaddr, bool long_desc_format)
994 {
995 bool is_fetch = (mode == Execute);
996 bool is_atomic = req->isAtomic();
997 req->setPaddr(vaddr);
998 // When the MMU is off the security attribute corresponds to the
999 // security state of the processor
1000 if (isSecure)
1001 req->setFlags(Request::SECURE);
1002
1003 if (aarch64) {
1004 bool selbit = bits(vaddr, 55);
1005 TCR tcr1 = tc->readMiscReg(MISCREG_TCR_EL1);
1006 int topbit = computeAddrTop(tc, selbit, is_fetch, tcr1, currEL(tc));
1007 int addr_sz = bits(vaddr, topbit, physAddrRange);
1008 if (addr_sz != 0){
1009 Fault f;
1010 if (is_fetch)
1011 f = std::make_shared<PrefetchAbort>(vaddr,
1012 ArmFault::AddressSizeLL, isStage2, ArmFault::LpaeTran);
1013 else
1014 f = std::make_shared<DataAbort>( vaddr,
1015 TlbEntry::DomainType::NoAccess,
1016 is_atomic ? false : mode==Write,
1017 ArmFault::AddressSizeLL, isStage2, ArmFault::LpaeTran);
1018 return f;
1019 }
1020 }
1021
1022 // @todo: double check this (ARM ARM issue C B3.2.1)
1023 if (long_desc_format || sctlr.tre == 0 || nmrr.ir0 == 0 ||
1024 nmrr.or0 == 0 || prrr.tr0 != 0x2) {
1025 if (!req->isCacheMaintenance()) {
1026 req->setFlags(Request::UNCACHEABLE);
1027 }
1028 req->setFlags(Request::STRICT_ORDER);
1029 }
1030
1031 // Set memory attributes
1032 TlbEntry temp_te;
1033 temp_te.ns = !isSecure;
1034 bool dc = (HaveVirtHostExt(tc)
1035 && hcr.e2h == 1 && hcr.tge == 1) ? 0: hcr.dc;
1036 bool i_cacheability = sctlr.i && !sctlr.m;
1037 if (isStage2 || !dc || isSecure ||
1038 (isHyp && !(tranType & S1CTran))) {
1039
1040 temp_te.mtype = is_fetch ? TlbEntry::MemoryType::Normal
1041 : TlbEntry::MemoryType::StronglyOrdered;
1042 temp_te.innerAttrs = i_cacheability? 0x2: 0x0;
1043 temp_te.outerAttrs = i_cacheability? 0x2: 0x0;
1044 temp_te.shareable = true;
1045 temp_te.outerShareable = true;
1046 } else {
1047 temp_te.mtype = TlbEntry::MemoryType::Normal;
1048 temp_te.innerAttrs = 0x3;
1049 temp_te.outerAttrs = 0x3;
1050 temp_te.shareable = false;
1051 temp_te.outerShareable = false;
1052 }
1053 temp_te.setAttributes(long_desc_format);
1054 DPRINTF(TLBVerbose, "(No MMU) setting memory attributes: shareable: "
1055 "%d, innerAttrs: %d, outerAttrs: %d, isStage2: %d\n",
1056 temp_te.shareable, temp_te.innerAttrs, temp_te.outerAttrs,
1057 isStage2);
1058 setAttr(temp_te.attributes);
1059
1060 return testTranslation(req, mode, TlbEntry::DomainType::NoAccess);
1061 }
1062
1063 Fault
1064 TLB::translateMmuOn(ThreadContext* tc, const RequestPtr &req, Mode mode,
1065 Translation *translation, bool &delay, bool timing,
1066 bool functional, Addr vaddr,
1067 ArmFault::TranMethod tranMethod)
1068 {
1069 TlbEntry *te = NULL;
1070 bool is_fetch = (mode == Execute);
1071 TlbEntry mergeTe;
1072
1073 Request::Flags flags = req->getFlags();
1074 Addr vaddr_tainted = req->getVaddr();
1075
1076 Fault fault = getResultTe(&te, req, tc, mode, translation, timing,
1077 functional, &mergeTe);
1078 // only proceed if we have a valid table entry
1079 if ((te == NULL) && (fault == NoFault)) delay = true;
1080
1081 // If we have the table entry transfer some of the attributes to the
1082 // request that triggered the translation
1083 if (te != NULL) {
1084 // Set memory attributes
1085 DPRINTF(TLBVerbose,
1086 "Setting memory attributes: shareable: %d, innerAttrs: %d, "
1087 "outerAttrs: %d, mtype: %d, isStage2: %d\n",
1088 te->shareable, te->innerAttrs, te->outerAttrs,
1089 static_cast<uint8_t>(te->mtype), isStage2);
1090 setAttr(te->attributes);
1091
1092 if (te->nonCacheable && !req->isCacheMaintenance())
1093 req->setFlags(Request::UNCACHEABLE);
1094
1095 // Require requests to be ordered if the request goes to
1096 // strongly ordered or device memory (i.e., anything other
1097 // than normal memory requires strict order).
1098 if (te->mtype != TlbEntry::MemoryType::Normal)
1099 req->setFlags(Request::STRICT_ORDER);
1100
1101 Addr pa = te->pAddr(vaddr);
1102 req->setPaddr(pa);
1103
1104 if (isSecure && !te->ns) {
1105 req->setFlags(Request::SECURE);
1106 }
1107 if (!is_fetch && fault == NoFault &&
1108 (vaddr & mask(flags & AlignmentMask)) &&
1109 (te->mtype != TlbEntry::MemoryType::Normal)) {
1110 // Unaligned accesses to Device memory should always cause an
1111 // abort regardless of sctlr.a
1112 stats.alignFaults++;
1113 bool is_write = (mode == Write);
1114 return std::make_shared<DataAbort>(
1115 vaddr_tainted,
1116 TlbEntry::DomainType::NoAccess, is_write,
1117 ArmFault::AlignmentFault, isStage2,
1118 tranMethod);
1119 }
1120
1121 // Check for a trickbox generated address fault
1122 if (fault == NoFault)
1123 fault = testTranslation(req, mode, te->domain);
1124 }
1125
1126 if (fault == NoFault) {
1127 // Don't try to finalize a physical address unless the
1128 // translation has completed (i.e., there is a table entry).
1129 return te ? finalizePhysical(req, tc, mode) : NoFault;
1130 } else {
1131 return fault;
1132 }
1133 }
1134
1135 Fault
1136 TLB::translateFs(const RequestPtr &req, ThreadContext *tc, Mode mode,
1137 Translation *translation, bool &delay, bool timing,
1138 TLB::ArmTranslationType tranType, bool functional)
1139 {
1140 // No such thing as a functional timing access
1141 assert(!(timing && functional));
1142
1143 updateMiscReg(tc, tranType);
1144
1145 Addr vaddr_tainted = req->getVaddr();
1146 Addr vaddr = 0;
1147 if (aarch64)
1148 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
1149 mode==Execute);
1150 else
1151 vaddr = vaddr_tainted;
1152 Request::Flags flags = req->getFlags();
1153
1154 bool is_fetch = (mode == Execute);
1155 bool is_write = (mode == Write);
1156 bool long_desc_format = aarch64 || longDescFormatInUse(tc);
1157 ArmFault::TranMethod tranMethod = long_desc_format ? ArmFault::LpaeTran
1158 : ArmFault::VmsaTran;
1159
1160 DPRINTF(TLBVerbose,
1161 "CPSR is priv:%d UserMode:%d secure:%d S1S2NsTran:%d\n",
1162 isPriv, flags & UserMode, isSecure, tranType & S1S2NsTran);
1163
1164 DPRINTF(TLB, "translateFs addr %#x, mode %d, st2 %d, scr %#x sctlr %#x "
1165 "flags %#lx tranType 0x%x\n", vaddr_tainted, mode, isStage2,
1166 scr, sctlr, flags, tranType);
1167
1168 if ((req->isInstFetch() && (!sctlr.i)) ||
1169 ((!req->isInstFetch()) && (!sctlr.c))){
1170 if (!req->isCacheMaintenance()) {
1171 req->setFlags(Request::UNCACHEABLE);
1172 }
1173 req->setFlags(Request::STRICT_ORDER);
1174 }
1175 if (!is_fetch) {
1176 if (sctlr.a || !(flags & AllowUnaligned)) {
1177 if (vaddr & mask(flags & AlignmentMask)) {
1178 stats.alignFaults++;
1179 return std::make_shared<DataAbort>(
1180 vaddr_tainted,
1181 TlbEntry::DomainType::NoAccess, is_write,
1182 ArmFault::AlignmentFault, isStage2,
1183 tranMethod);
1184 }
1185 }
1186 }
1187
1188 bool vm = hcr.vm;
1189 if (HaveVirtHostExt(tc) && hcr.e2h == 1 && hcr.tge ==1)
1190 vm = 0;
1191 else if (hcr.dc == 1)
1192 vm = 1;
1193
1194 Fault fault = NoFault;
1195 // If guest MMU is off or hcr.vm=0 go straight to stage2
1196 if ((isStage2 && !vm) || (!isStage2 && !sctlr.m)) {
1197 fault = translateMmuOff(tc, req, mode, tranType, vaddr,
1198 long_desc_format);
1199 } else {
1200 DPRINTF(TLBVerbose, "Translating %s=%#x context=%d\n",
1201 isStage2 ? "IPA" : "VA", vaddr_tainted, asid);
1202 // Translation enabled
1203 fault = translateMmuOn(tc, req, mode, translation, delay, timing,
1204 functional, vaddr, tranMethod);
1205 }
1206
1207 // Check for Debug Exceptions
1208 SelfDebug *sd = ArmISA::ISA::getSelfDebug(tc);
1209
1210 if (sd->enabled() && fault == NoFault) {
1211 fault = sd->testDebug(tc, req, mode);
1212 }
1213
1214 return fault;
1215 }
1216
1217 Fault
1218 TLB::translateAtomic(const RequestPtr &req, ThreadContext *tc, Mode mode,
1219 TLB::ArmTranslationType tranType)
1220 {
1221 updateMiscReg(tc, tranType);
1222
1223 if (directToStage2) {
1224 assert(stage2Tlb);
1225 return stage2Tlb->translateAtomic(req, tc, mode, tranType);
1226 }
1227
1228 bool delay = false;
1229 Fault fault;
1230 if (FullSystem)
1231 fault = translateFs(req, tc, mode, NULL, delay, false, tranType);
1232 else
1233 fault = translateSe(req, tc, mode, NULL, delay, false);
1234 assert(!delay);
1235 return fault;
1236 }
1237
1238 Fault
1239 TLB::translateFunctional(const RequestPtr &req, ThreadContext *tc, Mode mode,
1240 TLB::ArmTranslationType tranType)
1241 {
1242 updateMiscReg(tc, tranType);
1243
1244 if (directToStage2) {
1245 assert(stage2Tlb);
1246 return stage2Tlb->translateFunctional(req, tc, mode, tranType);
1247 }
1248
1249 bool delay = false;
1250 Fault fault;
1251 if (FullSystem)
1252 fault = translateFs(req, tc, mode, NULL, delay, false, tranType, true);
1253 else
1254 fault = translateSe(req, tc, mode, NULL, delay, false);
1255 assert(!delay);
1256 return fault;
1257 }
1258
1259 void
1260 TLB::translateTiming(const RequestPtr &req, ThreadContext *tc,
1261 Translation *translation, Mode mode, TLB::ArmTranslationType tranType)
1262 {
1263 updateMiscReg(tc, tranType);
1264
1265 if (directToStage2) {
1266 assert(stage2Tlb);
1267 stage2Tlb->translateTiming(req, tc, translation, mode, tranType);
1268 return;
1269 }
1270
1271 assert(translation);
1272
1273 translateComplete(req, tc, translation, mode, tranType, isStage2);
1274 }
1275
1276 Fault
1277 TLB::translateComplete(const RequestPtr &req, ThreadContext *tc,
1278 Translation *translation, Mode mode, TLB::ArmTranslationType tranType,
1279 bool callFromS2)
1280 {
1281 bool delay = false;
1282 Fault fault;
1283 if (FullSystem)
1284 fault = translateFs(req, tc, mode, translation, delay, true, tranType);
1285 else
1286 fault = translateSe(req, tc, mode, translation, delay, true);
1287 DPRINTF(TLBVerbose, "Translation returning delay=%d fault=%d\n", delay, fault !=
1288 NoFault);
1289 // If we have a translation, and we're not in the middle of doing a stage
1290 // 2 translation tell the translation that we've either finished or its
1291 // going to take a while. By not doing this when we're in the middle of a
1292 // stage 2 translation we prevent marking the translation as delayed twice,
1293 // one when the translation starts and again when the stage 1 translation
1294 // completes.
1295
1296 if (translation && (callFromS2 || !stage2Req || req->hasPaddr() ||
1297 fault != NoFault)) {
1298 if (!delay)
1299 translation->finish(fault, req, tc, mode);
1300 else
1301 translation->markDelayed();
1302 }
1303 return fault;
1304 }
1305
1306 Port *
1307 TLB::getTableWalkerPort()
1308 {
1309 return &stage2Mmu->getDMAPort();
1310 }
1311
1312 void
1313 TLB::updateMiscReg(ThreadContext *tc, ArmTranslationType tranType)
1314 {
1315 // check if the regs have changed, or the translation mode is different.
1316 // NOTE: the tran type doesn't affect stage 2 TLB's as they only handle
1317 // one type of translation anyway
1318 if (miscRegValid && miscRegContext == tc->contextId() &&
1319 ((tranType == curTranType) || isStage2)) {
1320 return;
1321 }
1322
1323 DPRINTF(TLBVerbose, "TLB variables changed!\n");
1324 cpsr = tc->readMiscReg(MISCREG_CPSR);
1325
1326 // Dependencies: SCR/SCR_EL3, CPSR
1327 isSecure = ArmISA::isSecure(tc) &&
1328 !(tranType & HypMode) && !(tranType & S1S2NsTran);
1329
1330 aarch64EL = tranTypeEL(cpsr, tranType);
1331 aarch64 = isStage2 ?
1332 ELIs64(tc, EL2) :
1333 ELIs64(tc, aarch64EL == EL0 ? EL1 : aarch64EL);
1334
1335 hcr = tc->readMiscReg(MISCREG_HCR_EL2);
1336 if (aarch64) { // AArch64
1337 // determine EL we need to translate in
1338 switch (aarch64EL) {
1339 case EL0:
1340 if (HaveVirtHostExt(tc) && hcr.tge == 1 && hcr.e2h == 1) {
1341 // VHE code for EL2&0 regime
1342 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL2);
1343 ttbcr = tc->readMiscReg(MISCREG_TCR_EL2);
1344 uint64_t ttbr_asid = ttbcr.a1 ?
1345 tc->readMiscReg(MISCREG_TTBR1_EL2) :
1346 tc->readMiscReg(MISCREG_TTBR0_EL2);
1347 asid = bits(ttbr_asid,
1348 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1349
1350 } else {
1351 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL1);
1352 ttbcr = tc->readMiscReg(MISCREG_TCR_EL1);
1353 uint64_t ttbr_asid = ttbcr.a1 ?
1354 tc->readMiscReg(MISCREG_TTBR1_EL1) :
1355 tc->readMiscReg(MISCREG_TTBR0_EL1);
1356 asid = bits(ttbr_asid,
1357 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1358
1359 }
1360 break;
1361 case EL1:
1362 {
1363 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL1);
1364 ttbcr = tc->readMiscReg(MISCREG_TCR_EL1);
1365 uint64_t ttbr_asid = ttbcr.a1 ?
1366 tc->readMiscReg(MISCREG_TTBR1_EL1) :
1367 tc->readMiscReg(MISCREG_TTBR0_EL1);
1368 asid = bits(ttbr_asid,
1369 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1370 }
1371 break;
1372 case EL2:
1373 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL2);
1374 ttbcr = tc->readMiscReg(MISCREG_TCR_EL2);
1375 if (hcr.e2h == 1) {
1376 // VHE code for EL2&0 regime
1377 uint64_t ttbr_asid = ttbcr.a1 ?
1378 tc->readMiscReg(MISCREG_TTBR1_EL2) :
1379 tc->readMiscReg(MISCREG_TTBR0_EL2);
1380 asid = bits(ttbr_asid,
1381 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1382 } else {
1383 asid = -1;
1384 }
1385 break;
1386 case EL3:
1387 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL3);
1388 ttbcr = tc->readMiscReg(MISCREG_TCR_EL3);
1389 asid = -1;
1390 break;
1391 }
1392
1393 scr = tc->readMiscReg(MISCREG_SCR_EL3);
1394 isPriv = aarch64EL != EL0;
1395 if (haveVirtualization) {
1396 vmid = bits(tc->readMiscReg(MISCREG_VTTBR_EL2), 55, 48);
1397 isHyp = aarch64EL == EL2;
1398 isHyp |= tranType & HypMode;
1399 isHyp &= (tranType & S1S2NsTran) == 0;
1400 isHyp &= (tranType & S1CTran) == 0;
1401 bool vm = hcr.vm;
1402 if (HaveVirtHostExt(tc) && hcr.e2h == 1 && hcr.tge ==1) {
1403 vm = 0;
1404 }
1405
1406 if (hcr.e2h == 1 && (aarch64EL == EL2
1407 || (hcr.tge ==1 && aarch64EL == EL0))) {
1408 isHyp = true;
1409 directToStage2 = false;
1410 stage2Req = false;
1411 stage2DescReq = false;
1412 } else {
1413 // Work out if we should skip the first stage of translation and go
1414 // directly to stage 2. This value is cached so we don't have to
1415 // compute it for every translation.
1416 bool sec = !isSecure || (isSecure && IsSecureEL2Enabled(tc));
1417 stage2Req = isStage2 ||
1418 (vm && !isHyp && sec &&
1419 !(tranType & S1CTran) && (aarch64EL < EL2) &&
1420 !(tranType & S1E1Tran)); // <--- FIX THIS HACK
1421 stage2DescReq = isStage2 || (vm && !isHyp && sec &&
1422 (aarch64EL < EL2));
1423 directToStage2 = !isStage2 && stage2Req && !sctlr.m;
1424 }
1425 } else {
1426 vmid = 0;
1427 isHyp = false;
1428 directToStage2 = false;
1429 stage2Req = false;
1430 stage2DescReq = false;
1431 }
1432 } else { // AArch32
1433 sctlr = tc->readMiscReg(snsBankedIndex(MISCREG_SCTLR, tc,
1434 !isSecure));
1435 ttbcr = tc->readMiscReg(snsBankedIndex(MISCREG_TTBCR, tc,
1436 !isSecure));
1437 scr = tc->readMiscReg(MISCREG_SCR);
1438 isPriv = cpsr.mode != MODE_USER;
1439 if (longDescFormatInUse(tc)) {
1440 uint64_t ttbr_asid = tc->readMiscReg(
1441 snsBankedIndex(ttbcr.a1 ? MISCREG_TTBR1 :
1442 MISCREG_TTBR0,
1443 tc, !isSecure));
1444 asid = bits(ttbr_asid, 55, 48);
1445 } else { // Short-descriptor translation table format in use
1446 CONTEXTIDR context_id = tc->readMiscReg(snsBankedIndex(
1447 MISCREG_CONTEXTIDR, tc,!isSecure));
1448 asid = context_id.asid;
1449 }
1450 prrr = tc->readMiscReg(snsBankedIndex(MISCREG_PRRR, tc,
1451 !isSecure));
1452 nmrr = tc->readMiscReg(snsBankedIndex(MISCREG_NMRR, tc,
1453 !isSecure));
1454 dacr = tc->readMiscReg(snsBankedIndex(MISCREG_DACR, tc,
1455 !isSecure));
1456 hcr = tc->readMiscReg(MISCREG_HCR);
1457
1458 if (haveVirtualization) {
1459 vmid = bits(tc->readMiscReg(MISCREG_VTTBR), 55, 48);
1460 isHyp = cpsr.mode == MODE_HYP;
1461 isHyp |= tranType & HypMode;
1462 isHyp &= (tranType & S1S2NsTran) == 0;
1463 isHyp &= (tranType & S1CTran) == 0;
1464 if (isHyp) {
1465 sctlr = tc->readMiscReg(MISCREG_HSCTLR);
1466 }
1467 // Work out if we should skip the first stage of translation and go
1468 // directly to stage 2. This value is cached so we don't have to
1469 // compute it for every translation.
1470 bool sec = !isSecure || (isSecure && IsSecureEL2Enabled(tc));
1471 stage2Req = hcr.vm && !isStage2 && !isHyp && sec &&
1472 !(tranType & S1CTran);
1473 stage2DescReq = hcr.vm && !isStage2 && !isHyp && sec;
1474 directToStage2 = stage2Req && !sctlr.m;
1475 } else {
1476 vmid = 0;
1477 stage2Req = false;
1478 isHyp = false;
1479 directToStage2 = false;
1480 stage2DescReq = false;
1481 }
1482 }
1483 miscRegValid = true;
1484 miscRegContext = tc->contextId();
1485 curTranType = tranType;
1486 }
1487
1488 ExceptionLevel
1489 TLB::tranTypeEL(CPSR cpsr, ArmTranslationType type)
1490 {
1491 switch (type) {
1492 case S1E0Tran:
1493 case S12E0Tran:
1494 return EL0;
1495
1496 case S1E1Tran:
1497 case S12E1Tran:
1498 return EL1;
1499
1500 case S1E2Tran:
1501 return EL2;
1502
1503 case S1E3Tran:
1504 return EL3;
1505
1506 case NormalTran:
1507 case S1CTran:
1508 case S1S2NsTran:
1509 case HypMode:
1510 return currEL(cpsr);
1511
1512 default:
1513 panic("Unknown translation mode!\n");
1514 }
1515 }
1516
1517 Fault
1518 TLB::getTE(TlbEntry **te, const RequestPtr &req, ThreadContext *tc, Mode mode,
1519 Translation *translation, bool timing, bool functional,
1520 bool is_secure, TLB::ArmTranslationType tranType)
1521 {
1522 // In a 2-stage system, the IPA->PA translation can be started via this
1523 // call so make sure the miscRegs are correct.
1524 if (isStage2) {
1525 updateMiscReg(tc, tranType);
1526 }
1527 bool is_fetch = (mode == Execute);
1528 bool is_write = (mode == Write);
1529
1530 Addr vaddr_tainted = req->getVaddr();
1531 Addr vaddr = 0;
1532 ExceptionLevel target_el = aarch64 ? aarch64EL : EL1;
1533 if (aarch64) {
1534 vaddr = purifyTaggedAddr(vaddr_tainted, tc, target_el, (TCR)ttbcr,
1535 mode==Execute);
1536 } else {
1537 vaddr = vaddr_tainted;
1538 }
1539 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false, target_el,
1540 false);
1541 if (*te == NULL) {
1542 if (req->isPrefetch()) {
1543 // if the request is a prefetch don't attempt to fill the TLB or go
1544 // any further with the memory access (here we can safely use the
1545 // fault status for the short desc. format in all cases)
1546 stats.prefetchFaults++;
1547 return std::make_shared<PrefetchAbort>(
1548 vaddr_tainted, ArmFault::PrefetchTLBMiss, isStage2);
1549 }
1550
1551 if (is_fetch)
1552 stats.instMisses++;
1553 else if (is_write)
1554 stats.writeMisses++;
1555 else
1556 stats.readMisses++;
1557
1558 // start translation table walk, pass variables rather than
1559 // re-retreaving in table walker for speed
1560 DPRINTF(TLB, "TLB Miss: Starting hardware table walker for %#x(%d:%d)\n",
1561 vaddr_tainted, asid, vmid);
1562 Fault fault;
1563 fault = tableWalker->walk(req, tc, asid, vmid, isHyp, mode,
1564 translation, timing, functional, is_secure,
1565 tranType, stage2DescReq);
1566 // for timing mode, return and wait for table walk,
1567 if (timing || fault != NoFault) {
1568 return fault;
1569 }
1570
1571 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false,
1572 target_el, false);
1573 if (!*te)
1574 printTlb();
1575 assert(*te);
1576 } else {
1577 if (is_fetch)
1578 stats.instHits++;
1579 else if (is_write)
1580 stats.writeHits++;
1581 else
1582 stats.readHits++;
1583 }
1584 return NoFault;
1585 }
1586
1587 Fault
1588 TLB::getResultTe(TlbEntry **te, const RequestPtr &req,
1589 ThreadContext *tc, Mode mode,
1590 Translation *translation, bool timing, bool functional,
1591 TlbEntry *mergeTe)
1592 {
1593 Fault fault;
1594
1595 if (isStage2) {
1596 // We are already in the stage 2 TLB. Grab the table entry for stage
1597 // 2 only. We are here because stage 1 translation is disabled.
1598 TlbEntry *s2Te = NULL;
1599 // Get the stage 2 table entry
1600 fault = getTE(&s2Te, req, tc, mode, translation, timing, functional,
1601 isSecure, curTranType);
1602 // Check permissions of stage 2
1603 if ((s2Te != NULL) && (fault == NoFault)) {
1604 if (aarch64)
1605 fault = checkPermissions64(s2Te, req, mode, tc);
1606 else
1607 fault = checkPermissions(s2Te, req, mode);
1608 }
1609 *te = s2Te;
1610 return fault;
1611 }
1612
1613 TlbEntry *s1Te = NULL;
1614
1615 Addr vaddr_tainted = req->getVaddr();
1616
1617 // Get the stage 1 table entry
1618 fault = getTE(&s1Te, req, tc, mode, translation, timing, functional,
1619 isSecure, curTranType);
1620 // only proceed if we have a valid table entry
1621 if ((s1Te != NULL) && (fault == NoFault)) {
1622 // Check stage 1 permissions before checking stage 2
1623 if (aarch64)
1624 fault = checkPermissions64(s1Te, req, mode, tc);
1625 else
1626 fault = checkPermissions(s1Te, req, mode);
1627 if (stage2Req & (fault == NoFault)) {
1628 Stage2LookUp *s2Lookup = new Stage2LookUp(this, stage2Tlb, *s1Te,
1629 req, translation, mode, timing, functional, isSecure,
1630 curTranType);
1631 fault = s2Lookup->getTe(tc, mergeTe);
1632 if (s2Lookup->isComplete()) {
1633 *te = mergeTe;
1634 // We've finished with the lookup so delete it
1635 delete s2Lookup;
1636 } else {
1637 // The lookup hasn't completed, so we can't delete it now. We
1638 // get round this by asking the object to self delete when the
1639 // translation is complete.
1640 s2Lookup->setSelfDelete();
1641 }
1642 } else {
1643 // This case deals with an S1 hit (or bypass), followed by
1644 // an S2 hit-but-perms issue
1645 if (isStage2) {
1646 DPRINTF(TLBVerbose, "s2TLB: reqVa %#x, reqPa %#x, fault %p\n",
1647 vaddr_tainted, req->hasPaddr() ? req->getPaddr() : ~0, fault);
1648 if (fault != NoFault) {
1649 ArmFault *armFault = reinterpret_cast<ArmFault *>(fault.get());
1650 armFault->annotate(ArmFault::S1PTW, false);
1651 armFault->annotate(ArmFault::OVA, vaddr_tainted);
1652 }
1653 }
1654 *te = s1Te;
1655 }
1656 }
1657 return fault;
1658 }
1659
1660 void
1661 TLB::setTestInterface(SimObject *_ti)
1662 {
1663 if (!_ti) {
1664 test = nullptr;
1665 } else {
1666 TlbTestInterface *ti(dynamic_cast<TlbTestInterface *>(_ti));
1667 fatal_if(!ti, "%s is not a valid ARM TLB tester\n", _ti->name());
1668 test = ti;
1669 }
1670 }
1671
1672 Fault
1673 TLB::testTranslation(const RequestPtr &req, Mode mode,
1674 TlbEntry::DomainType domain)
1675 {
1676 if (!test || !req->hasSize() || req->getSize() == 0 ||
1677 req->isCacheMaintenance()) {
1678 return NoFault;
1679 } else {
1680 return test->translationCheck(req, isPriv, mode, domain);
1681 }
1682 }
1683
1684 Fault
1685 TLB::testWalk(Addr pa, Addr size, Addr va, bool is_secure, Mode mode,
1686 TlbEntry::DomainType domain, LookupLevel lookup_level)
1687 {
1688 if (!test) {
1689 return NoFault;
1690 } else {
1691 return test->walkCheck(pa, size, va, is_secure, isPriv, mode,
1692 domain, lookup_level);
1693 }
1694 }