projects / gem5.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
arch-arm: Do not use _flushMva for TLBI IPA
[gem5.git] / src / arch / arm / tlb.cc
1 /*
2 * Copyright (c) 2010-2013, 2016-2020 ARM Limited
3 * All rights reserved
4 *
5 * The license below extends only to copyright in the software and shall
6 * not be construed as granting a license to any other intellectual
7 * property including but not limited to intellectual property relating
8 * to a hardware implementation of the functionality of the software
9 * licensed hereunder. You may use the software subject to the license
10 * terms below provided that you ensure that this notice is replicated
11 * unmodified and in its entirety in all distributions of the software,
12 * modified or unmodified, in source code or in binary form.
13 *
14 * Copyright (c) 2001-2005 The Regents of The University of Michigan
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions are
19 * met: redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer;
21 * redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution;
24 * neither the name of the copyright holders nor the names of its
25 * contributors may be used to endorse or promote products derived from
26 * this software without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 */
40
41 #include "arch/arm/tlb.hh"
42
43 #include <memory>
44 #include <string>
45 #include <vector>
46
47 #include "arch/arm/faults.hh"
48 #include "arch/arm/isa.hh"
49 #include "arch/arm/pagetable.hh"
50 #include "arch/arm/self_debug.hh"
51 #include "arch/arm/stage2_lookup.hh"
52 #include "arch/arm/stage2_mmu.hh"
53 #include "arch/arm/system.hh"
54 #include "arch/arm/table_walker.hh"
55 #include "arch/arm/tlbi_op.hh"
56 #include "arch/arm/utility.hh"
57 #include "base/inifile.hh"
58 #include "base/str.hh"
59 #include "base/trace.hh"
60 #include "cpu/base.hh"
61 #include "cpu/thread_context.hh"
62 #include "debug/Checkpoint.hh"
63 #include "debug/TLB.hh"
64 #include "debug/TLBVerbose.hh"
65 #include "mem/packet_access.hh"
66 #include "mem/page_table.hh"
67 #include "mem/request.hh"
68 #include "params/ArmTLB.hh"
69 #include "sim/full_system.hh"
70 #include "sim/process.hh"
71 #include "sim/pseudo_inst.hh"
72
73 using namespace std;
74 using namespace ArmISA;
75
76 TLB::TLB(const ArmTLBParams &p)
77 : BaseTLB(p), table(new TlbEntry[p.size]), size(p.size),
78 isStage2(p.is_stage2), stage2Req(false), stage2DescReq(false), _attr(0),
79 directToStage2(false), tableWalker(p.walker), stage2Tlb(NULL),
80 stage2Mmu(NULL), test(nullptr), stats(this), rangeMRU(1),
81 aarch64(false), aarch64EL(EL0), isPriv(false), isSecure(false),
82 isHyp(false), asid(0), vmid(0), hcr(0), dacr(0),
83 miscRegValid(false), miscRegContext(0), curTranType(NormalTran)
84 {
85 const ArmSystem *sys = dynamic_cast<const ArmSystem *>(p.sys);
86
87 tableWalker->setTlb(this);
88
89 // Cache system-level properties
90 haveLPAE = tableWalker->haveLPAE();
91 haveVirtualization = tableWalker->haveVirtualization();
92 haveLargeAsid64 = tableWalker->haveLargeAsid64();
93 physAddrRange = tableWalker->physAddrRange();
94
95 if (sys)
96 m5opRange = sys->m5opRange();
97 }
98
99 TLB::~TLB()
100 {
101 delete[] table;
102 }
103
104 void
105 TLB::init()
106 {
107 if (stage2Mmu && !isStage2)
108 stage2Tlb = stage2Mmu->stage2Tlb();
109 }
110
111 void
112 TLB::setMMU(Stage2MMU *m, RequestorID requestor_id)
113 {
114 stage2Mmu = m;
115 tableWalker->setMMU(m, requestor_id);
116 }
117
118 bool
119 TLB::translateFunctional(ThreadContext *tc, Addr va, Addr &pa)
120 {
121 updateMiscReg(tc);
122
123 if (directToStage2) {
124 assert(stage2Tlb);
125 return stage2Tlb->translateFunctional(tc, va, pa);
126 }
127
128 TlbEntry *e = lookup(va, asid, vmid, isHyp, isSecure, true, false,
129 aarch64 ? aarch64EL : EL1, false);
130 if (!e)
131 return false;
132 pa = e->pAddr(va);
133 return true;
134 }
135
136 Fault
137 TLB::finalizePhysical(const RequestPtr &req,
138 ThreadContext *tc, Mode mode) const
139 {
140 const Addr paddr = req->getPaddr();
141
142 if (m5opRange.contains(paddr)) {
143 uint8_t func;
144 PseudoInst::decodeAddrOffset(paddr - m5opRange.start(), func);
145 req->setLocalAccessor(
146 [func, mode](ThreadContext *tc, PacketPtr pkt) -> Cycles
147 {
148 uint64_t ret;
149 PseudoInst::pseudoInst<PseudoInstABI>(tc, func, ret);
150 if (mode == Read)
151 pkt->setLE(ret);
152 return Cycles(1);
153 }
154 );
155 }
156
157 return NoFault;
158 }
159
160 TlbEntry*
161 TLB::lookup(Addr va, uint16_t asn, uint8_t vmid, bool hyp, bool secure,
162 bool functional, bool ignore_asn, ExceptionLevel target_el,
163 bool in_host)
164 {
165
166 TlbEntry *retval = NULL;
167
168 // Maintaining LRU array
169 int x = 0;
170 while (retval == NULL && x < size) {
171 if ((!ignore_asn && table[x].match(va, asn, vmid, hyp, secure, false,
172 target_el, in_host)) ||
173 (ignore_asn && table[x].match(va, vmid, hyp, secure, target_el,
174 in_host))) {
175 // We only move the hit entry ahead when the position is higher
176 // than rangeMRU
177 if (x > rangeMRU && !functional) {
178 TlbEntry tmp_entry = table[x];
179 for (int i = x; i > 0; i--)
180 table[i] = table[i - 1];
181 table[0] = tmp_entry;
182 retval = &table[0];
183 } else {
184 retval = &table[x];
185 }
186 break;
187 }
188 ++x;
189 }
190
191 DPRINTF(TLBVerbose, "Lookup %#x, asn %#x -> %s vmn 0x%x hyp %d secure %d "
192 "ppn %#x size: %#x pa: %#x ap:%d ns:%d nstid:%d g:%d asid: %d "
193 "el: %d\n",
194 va, asn, retval ? "hit" : "miss", vmid, hyp, secure,
195 retval ? retval->pfn : 0, retval ? retval->size : 0,
196 retval ? retval->pAddr(va) : 0, retval ? retval->ap : 0,
197 retval ? retval->ns : 0, retval ? retval->nstid : 0,
198 retval ? retval->global : 0, retval ? retval->asid : 0,
199 retval ? retval->el : 0);
200
201 return retval;
202 }
203
204 // insert a new TLB entry
205 void
206 TLB::insert(Addr addr, TlbEntry &entry)
207 {
208 DPRINTF(TLB, "Inserting entry into TLB with pfn:%#x size:%#x vpn: %#x"
209 " asid:%d vmid:%d N:%d global:%d valid:%d nc:%d xn:%d"
210 " ap:%#x domain:%#x ns:%d nstid:%d isHyp:%d\n", entry.pfn,
211 entry.size, entry.vpn, entry.asid, entry.vmid, entry.N,
212 entry.global, entry.valid, entry.nonCacheable, entry.xn,
213 entry.ap, static_cast<uint8_t>(entry.domain), entry.ns, entry.nstid,
214 entry.isHyp);
215
216 if (table[size - 1].valid)
217 DPRINTF(TLB, " - Replacing Valid entry %#x, asn %d vmn %d ppn %#x "
218 "size: %#x ap:%d ns:%d nstid:%d g:%d isHyp:%d el: %d\n",
219 table[size-1].vpn << table[size-1].N, table[size-1].asid,
220 table[size-1].vmid, table[size-1].pfn << table[size-1].N,
221 table[size-1].size, table[size-1].ap, table[size-1].ns,
222 table[size-1].nstid, table[size-1].global, table[size-1].isHyp,
223 table[size-1].el);
224
225 //inserting to MRU position and evicting the LRU one
226
227 for (int i = size - 1; i > 0; --i)
228 table[i] = table[i-1];
229 table[0] = entry;
230
231 stats.inserts++;
232 ppRefills->notify(1);
233 }
234
235 void
236 TLB::printTlb() const
237 {
238 int x = 0;
239 TlbEntry *te;
240 DPRINTF(TLB, "Current TLB contents:\n");
241 while (x < size) {
242 te = &table[x];
243 if (te->valid)
244 DPRINTF(TLB, " * %s\n", te->print());
245 ++x;
246 }
247 }
248
249 void
250 TLB::flushAll()
251 {
252 DPRINTF(TLB, "Flushing all TLB entries\n");
253 int x = 0;
254 TlbEntry *te;
255 while (x < size) {
256 te = &table[x];
257
258 DPRINTF(TLB, " - %s\n", te->print());
259 te->valid = false;
260 stats.flushedEntries++;
261 ++x;
262 }
263
264 stats.flushTlb++;
265
266 // If there's a second stage TLB (and we're not it) then flush it as well
267 if (!isStage2) {
268 stage2Tlb->flushAll();
269 }
270 }
271
272 void
273 TLB::flush(const TLBIALL& tlbi_op)
274 {
275 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
276 (tlbi_op.secureLookup ? "secure" : "non-secure"));
277 int x = 0;
278 TlbEntry *te;
279 while (x < size) {
280 te = &table[x];
281 const bool el_match = te->checkELMatch(
282 tlbi_op.targetEL, tlbi_op.inHost);
283 if (te->valid && tlbi_op.secureLookup == !te->nstid &&
284 (te->vmid == vmid || tlbi_op.el2Enabled) && el_match) {
285
286 DPRINTF(TLB, " - %s\n", te->print());
287 te->valid = false;
288 stats.flushedEntries++;
289 }
290 ++x;
291 }
292
293 stats.flushTlb++;
294
295 // If there's a second stage TLB (and we're not it) then flush it as well
296 // if we're currently in hyp mode
297 if (!isStage2 && isHyp) {
298 stage2Tlb->flush(tlbi_op.makeStage2());
299 }
300 }
301
302 void
303 TLB::flush(const TLBIALLEL &tlbi_op)
304 {
305 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
306 (tlbi_op.secureLookup ? "secure" : "non-secure"));
307 int x = 0;
308 TlbEntry *te;
309 while (x < size) {
310 te = &table[x];
311 const bool el_match = te->checkELMatch(
312 tlbi_op.targetEL, tlbi_op.inHost);
313 if (te->valid && tlbi_op.secureLookup == !te->nstid && el_match) {
314
315 DPRINTF(TLB, " - %s\n", te->print());
316 te->valid = false;
317 stats.flushedEntries++;
318 }
319 ++x;
320 }
321
322 stats.flushTlb++;
323
324 // If there's a second stage TLB (and we're not it)
325 // and if we're targeting EL1
326 // then flush it as well
327 if (!isStage2 && tlbi_op.targetEL == EL1) {
328 stage2Tlb->flush(tlbi_op.makeStage2());
329 }
330 }
331
332 void
333 TLB::flush(const TLBIVMALL &tlbi_op)
334 {
335 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
336 (tlbi_op.secureLookup ? "secure" : "non-secure"));
337 int x = 0;
338 TlbEntry *te;
339 while (x < size) {
340 te = &table[x];
341 const bool el_match = te->checkELMatch(
342 tlbi_op.targetEL, tlbi_op.inHost);
343 if (te->valid && tlbi_op.secureLookup == !te->nstid &&
344 (te->vmid == vmid || !tlbi_op.el2Enabled) && el_match) {
345
346 DPRINTF(TLB, " - %s\n", te->print());
347 te->valid = false;
348 stats.flushedEntries++;
349 }
350 ++x;
351 }
352
353 stats.flushTlb++;
354
355 // If there's a second stage TLB (and we're not it) then flush it as well
356 // if we're currently in hyp mode
357 if (!isStage2 && tlbi_op.stage2) {
358 stage2Tlb->flush(tlbi_op.makeStage2());
359 }
360 }
361
362 void
363 TLB::flush(const TLBIALLN &tlbi_op)
364 {
365 bool hyp = tlbi_op.targetEL == EL2;
366
367 DPRINTF(TLB, "Flushing all NS TLB entries (%s lookup)\n",
368 (hyp ? "hyp" : "non-hyp"));
369 int x = 0;
370 TlbEntry *te;
371 while (x < size) {
372 te = &table[x];
373 const bool el_match = te->checkELMatch(tlbi_op.targetEL, false);
374
375 if (te->valid && te->nstid && te->isHyp == hyp && el_match) {
376
377 DPRINTF(TLB, " - %s\n", te->print());
378 stats.flushedEntries++;
379 te->valid = false;
380 }
381 ++x;
382 }
383
384 stats.flushTlb++;
385
386 // If there's a second stage TLB (and we're not it) then flush it as well
387 if (!isStage2 && !hyp) {
388 stage2Tlb->flush(tlbi_op.makeStage2());
389 }
390 }
391
392 void
393 TLB::flush(const TLBIMVA &tlbi_op)
394 {
395 DPRINTF(TLB, "Flushing TLB entries with mva: %#x, asid: %#x "
396 "(%s lookup)\n", tlbi_op.addr, tlbi_op.asid,
397 (tlbi_op.secureLookup ? "secure" : "non-secure"));
398 _flushMva(tlbi_op.addr, tlbi_op.asid, tlbi_op.secureLookup, false,
399 tlbi_op.targetEL, tlbi_op.inHost);
400 stats.flushTlbMvaAsid++;
401 }
402
403 void
404 TLB::flush(const TLBIASID &tlbi_op)
405 {
406 DPRINTF(TLB, "Flushing TLB entries with asid: %#x (%s lookup)\n",
407 tlbi_op.asid, (tlbi_op.secureLookup ? "secure" : "non-secure"));
408
409 int x = 0 ;
410 TlbEntry *te;
411
412 while (x < size) {
413 te = &table[x];
414 if (te->valid && te->asid == tlbi_op.asid &&
415 tlbi_op.secureLookup == !te->nstid &&
416 (te->vmid == vmid || tlbi_op.el2Enabled) &&
417 te->checkELMatch(tlbi_op.targetEL, tlbi_op.inHost)) {
418
419 te->valid = false;
420 DPRINTF(TLB, " - %s\n", te->print());
421 stats.flushedEntries++;
422 }
423 ++x;
424 }
425 stats.flushTlbAsid++;
426 }
427
428 void
429 TLB::flush(const TLBIMVAA &tlbi_op) {
430
431 DPRINTF(TLB, "Flushing TLB entries with mva: %#x (%s lookup)\n",
432 tlbi_op.addr,
433 (tlbi_op.secureLookup ? "secure" : "non-secure"));
434 _flushMva(tlbi_op.addr, 0xbeef, tlbi_op.secureLookup, true,
435 tlbi_op.targetEL, tlbi_op.inHost);
436 stats.flushTlbMva++;
437 }
438
439 void
440 TLB::_flushMva(Addr mva, uint64_t asn, bool secure_lookup,
441 bool ignore_asn, ExceptionLevel target_el, bool in_host)
442 {
443 TlbEntry *te;
444 // D5.7.2: Sign-extend address to 64 bits
445 mva = sext<56>(mva);
446
447 bool hyp = target_el == EL2;
448
449 te = lookup(mva, asn, vmid, hyp, secure_lookup, true, ignore_asn,
450 target_el, in_host);
451 while (te != NULL) {
452 if (secure_lookup == !te->nstid) {
453 DPRINTF(TLB, " - %s\n", te->print());
454 te->valid = false;
455 stats.flushedEntries++;
456 }
457 te = lookup(mva, asn, vmid, hyp, secure_lookup, true, ignore_asn,
458 target_el, in_host);
459 }
460 }
461
462 void
463 TLB::flush(const TLBIIPA &tlbi_op)
464 {
465 assert(!isStage2);
466
467 // Note, TLBIIPA::makeStage2 will generare a TLBIMVAA
468 stage2Tlb->flush(tlbi_op.makeStage2());
469 }
470
471 void
472 TLB::drainResume()
473 {
474 // We might have unserialized something or switched CPUs, so make
475 // sure to re-read the misc regs.
476 miscRegValid = false;
477 }
478
479 void
480 TLB::takeOverFrom(BaseTLB *_otlb)
481 {
482 TLB *otlb = dynamic_cast<TLB*>(_otlb);
483 /* Make sure we actually have a valid type */
484 if (otlb) {
485 _attr = otlb->_attr;
486 haveLPAE = otlb->haveLPAE;
487 directToStage2 = otlb->directToStage2;
488 stage2Req = otlb->stage2Req;
489 stage2DescReq = otlb->stage2DescReq;
490
491 /* Sync the stage2 MMU if they exist in both
492 * the old CPU and the new
493 */
494 if (!isStage2 &&
495 stage2Tlb && otlb->stage2Tlb) {
496 stage2Tlb->takeOverFrom(otlb->stage2Tlb);
497 }
498 } else {
499 panic("Incompatible TLB type!");
500 }
501 }
502
503 TLB::TlbStats::TlbStats(Stats::Group *parent)
504 : Stats::Group(parent),
505 ADD_STAT(instHits,"ITB inst hits"),
506 ADD_STAT(instMisses, "ITB inst misses"),
507 ADD_STAT(readHits, "DTB read hits"),
508 ADD_STAT(readMisses, "DTB read misses"),
509 ADD_STAT(writeHits, "DTB write hits"),
510 ADD_STAT(writeMisses, "DTB write misses"),
511 ADD_STAT(inserts, "Number of times an entry is inserted into the TLB"),
512 ADD_STAT(flushTlb, "Number of times complete TLB was flushed"),
513 ADD_STAT(flushTlbMva, "Number of times TLB was flushed by MVA"),
514 ADD_STAT(flushTlbMvaAsid, "Number of times TLB was flushed by MVA & ASID"),
515 ADD_STAT(flushTlbAsid, "Number of times TLB was flushed by ASID"),
516 ADD_STAT(flushedEntries, "Number of entries that have been flushed"
517 " from TLB"),
518 ADD_STAT(alignFaults, "Number of TLB faults due to alignment"
519 " restrictions"),
520 ADD_STAT(prefetchFaults, "Number of TLB faults due to prefetch"),
521 ADD_STAT(domainFaults, "Number of TLB faults due to domain restrictions"),
522 ADD_STAT(permsFaults, "Number of TLB faults due to permissions"
523 " restrictions"),
524 ADD_STAT(readAccesses, "DTB read accesses", readHits + readMisses),
525 ADD_STAT(writeAccesses, "DTB write accesses", writeHits + writeMisses),
526 ADD_STAT(instAccesses, "ITB inst accesses", instHits + instMisses),
527 ADD_STAT(hits, "Total TLB (inst and data) hits",
528 readHits + writeHits + instHits),
529 ADD_STAT(misses, "Total TLB (inst and data) misses",
530 readMisses + writeMisses + instMisses),
531 ADD_STAT(accesses, "Total TLB (inst and data) accesses",
532 readAccesses + writeAccesses + instAccesses)
533 {
534 }
535
536 void
537 TLB::regProbePoints()
538 {
539 ppRefills.reset(new ProbePoints::PMU(getProbeManager(), "Refills"));
540 }
541
542 Fault
543 TLB::translateSe(const RequestPtr &req, ThreadContext *tc, Mode mode,
544 Translation *translation, bool &delay, bool timing)
545 {
546 updateMiscReg(tc);
547 Addr vaddr_tainted = req->getVaddr();
548 Addr vaddr = 0;
549 if (aarch64)
550 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
551 mode==Execute);
552 else
553 vaddr = vaddr_tainted;
554 Request::Flags flags = req->getFlags();
555
556 bool is_fetch = (mode == Execute);
557 bool is_write = (mode == Write);
558
559 if (!is_fetch) {
560 if (sctlr.a || !(flags & AllowUnaligned)) {
561 if (vaddr & mask(flags & AlignmentMask)) {
562 // LPAE is always disabled in SE mode
563 return std::make_shared<DataAbort>(
564 vaddr_tainted,
565 TlbEntry::DomainType::NoAccess, is_write,
566 ArmFault::AlignmentFault, isStage2,
567 ArmFault::VmsaTran);
568 }
569 }
570 }
571
572 Addr paddr;
573 Process *p = tc->getProcessPtr();
574
575 if (!p->pTable->translate(vaddr, paddr))
576 return std::make_shared<GenericPageTableFault>(vaddr_tainted);
577 req->setPaddr(paddr);
578
579 return finalizePhysical(req, tc, mode);
580 }
581
582 Fault
583 TLB::checkPermissions(TlbEntry *te, const RequestPtr &req, Mode mode)
584 {
585 // a data cache maintenance instruction that operates by MVA does
586 // not generate a Data Abort exeception due to a Permission fault
587 if (req->isCacheMaintenance()) {
588 return NoFault;
589 }
590
591 Addr vaddr = req->getVaddr(); // 32-bit don't have to purify
592 Request::Flags flags = req->getFlags();
593 bool is_fetch = (mode == Execute);
594 bool is_write = (mode == Write);
595 bool is_priv = isPriv && !(flags & UserMode);
596
597 // Get the translation type from the actuall table entry
598 ArmFault::TranMethod tranMethod = te->longDescFormat ? ArmFault::LpaeTran
599 : ArmFault::VmsaTran;
600
601 // If this is the second stage of translation and the request is for a
602 // stage 1 page table walk then we need to check the HCR.PTW bit. This
603 // allows us to generate a fault if the request targets an area marked
604 // as a device or strongly ordered.
605 if (isStage2 && req->isPTWalk() && hcr.ptw &&
606 (te->mtype != TlbEntry::MemoryType::Normal)) {
607 return std::make_shared<DataAbort>(
608 vaddr, te->domain, is_write,
609 ArmFault::PermissionLL + te->lookupLevel,
610 isStage2, tranMethod);
611 }
612
613 // Generate an alignment fault for unaligned data accesses to device or
614 // strongly ordered memory
615 if (!is_fetch) {
616 if (te->mtype != TlbEntry::MemoryType::Normal) {
617 if (vaddr & mask(flags & AlignmentMask)) {
618 stats.alignFaults++;
619 return std::make_shared<DataAbort>(
620 vaddr, TlbEntry::DomainType::NoAccess, is_write,
621 ArmFault::AlignmentFault, isStage2,
622 tranMethod);
623 }
624 }
625 }
626
627 if (te->nonCacheable) {
628 // Prevent prefetching from I/O devices.
629 if (req->isPrefetch()) {
630 // Here we can safely use the fault status for the short
631 // desc. format in all cases
632 return std::make_shared<PrefetchAbort>(
633 vaddr, ArmFault::PrefetchUncacheable,
634 isStage2, tranMethod);
635 }
636 }
637
638 if (!te->longDescFormat) {
639 switch ((dacr >> (static_cast<uint8_t>(te->domain) * 2)) & 0x3) {
640 case 0:
641 stats.domainFaults++;
642 DPRINTF(TLB, "TLB Fault: Data abort on domain. DACR: %#x"
643 " domain: %#x write:%d\n", dacr,
644 static_cast<uint8_t>(te->domain), is_write);
645 if (is_fetch) {
646 // Use PC value instead of vaddr because vaddr might
647 // be aligned to cache line and should not be the
648 // address reported in FAR
649 return std::make_shared<PrefetchAbort>(
650 req->getPC(),
651 ArmFault::DomainLL + te->lookupLevel,
652 isStage2, tranMethod);
653 } else
654 return std::make_shared<DataAbort>(
655 vaddr, te->domain, is_write,
656 ArmFault::DomainLL + te->lookupLevel,
657 isStage2, tranMethod);
658 case 1:
659 // Continue with permissions check
660 break;
661 case 2:
662 panic("UNPRED domain\n");
663 case 3:
664 return NoFault;
665 }
666 }
667
668 // The 'ap' variable is AP[2:0] or {AP[2,1],1b'0}, i.e. always three bits
669 uint8_t ap = te->longDescFormat ? te->ap << 1 : te->ap;
670 uint8_t hap = te->hap;
671
672 if (sctlr.afe == 1 || te->longDescFormat)
673 ap |= 1;
674
675 bool abt;
676 bool isWritable = true;
677 // If this is a stage 2 access (eg for reading stage 1 page table entries)
678 // then don't perform the AP permissions check, we stil do the HAP check
679 // below.
680 if (isStage2) {
681 abt = false;
682 } else {
683 switch (ap) {
684 case 0:
685 DPRINTF(TLB, "Access permissions 0, checking rs:%#x\n",
686 (int)sctlr.rs);
687 if (!sctlr.xp) {
688 switch ((int)sctlr.rs) {
689 case 2:
690 abt = is_write;
691 break;
692 case 1:
693 abt = is_write || !is_priv;
694 break;
695 case 0:
696 case 3:
697 default:
698 abt = true;
699 break;
700 }
701 } else {
702 abt = true;
703 }
704 break;
705 case 1:
706 abt = !is_priv;
707 break;
708 case 2:
709 abt = !is_priv && is_write;
710 isWritable = is_priv;
711 break;
712 case 3:
713 abt = false;
714 break;
715 case 4:
716 panic("UNPRED premissions\n");
717 case 5:
718 abt = !is_priv || is_write;
719 isWritable = false;
720 break;
721 case 6:
722 case 7:
723 abt = is_write;
724 isWritable = false;
725 break;
726 default:
727 panic("Unknown permissions %#x\n", ap);
728 }
729 }
730
731 bool hapAbt = is_write ? !(hap & 2) : !(hap & 1);
732 bool xn = te->xn || (isWritable && sctlr.wxn) ||
733 (ap == 3 && sctlr.uwxn && is_priv);
734 if (is_fetch && (abt || xn ||
735 (te->longDescFormat && te->pxn && is_priv) ||
736 (isSecure && te->ns && scr.sif))) {
737 stats.permsFaults++;
738 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. AP:%d "
739 "priv:%d write:%d ns:%d sif:%d sctlr.afe: %d \n",
740 ap, is_priv, is_write, te->ns, scr.sif,sctlr.afe);
741 // Use PC value instead of vaddr because vaddr might be aligned to
742 // cache line and should not be the address reported in FAR
743 return std::make_shared<PrefetchAbort>(
744 req->getPC(),
745 ArmFault::PermissionLL + te->lookupLevel,
746 isStage2, tranMethod);
747 } else if (abt | hapAbt) {
748 stats.permsFaults++;
749 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d priv:%d"
750 " write:%d\n", ap, is_priv, is_write);
751 return std::make_shared<DataAbort>(
752 vaddr, te->domain, is_write,
753 ArmFault::PermissionLL + te->lookupLevel,
754 isStage2 | !abt, tranMethod);
755 }
756 return NoFault;
757 }
758
759
760 Fault
761 TLB::checkPermissions64(TlbEntry *te, const RequestPtr &req, Mode mode,
762 ThreadContext *tc)
763 {
764 assert(aarch64);
765
766 // A data cache maintenance instruction that operates by VA does
767 // not generate a Permission fault unless:
768 // * It is a data cache invalidate (dc ivac) which requires write
769 // permissions to the VA, or
770 // * It is executed from EL0
771 if (req->isCacheClean() && aarch64EL != EL0 && !isStage2) {
772 return NoFault;
773 }
774
775 Addr vaddr_tainted = req->getVaddr();
776 Addr vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
777 mode==Execute);
778
779 Request::Flags flags = req->getFlags();
780 bool is_fetch = (mode == Execute);
781 // Cache clean operations require read permissions to the specified VA
782 bool is_write = !req->isCacheClean() && mode == Write;
783 bool is_atomic = req->isAtomic();
784 M5_VAR_USED bool is_priv = isPriv && !(flags & UserMode);
785
786 updateMiscReg(tc, curTranType);
787
788 // If this is the second stage of translation and the request is for a
789 // stage 1 page table walk then we need to check the HCR.PTW bit. This
790 // allows us to generate a fault if the request targets an area marked
791 // as a device or strongly ordered.
792 if (isStage2 && req->isPTWalk() && hcr.ptw &&
793 (te->mtype != TlbEntry::MemoryType::Normal)) {
794 return std::make_shared<DataAbort>(
795 vaddr_tainted, te->domain, is_write,
796 ArmFault::PermissionLL + te->lookupLevel,
797 isStage2, ArmFault::LpaeTran);
798 }
799
800 // Generate an alignment fault for unaligned accesses to device or
801 // strongly ordered memory
802 if (!is_fetch) {
803 if (te->mtype != TlbEntry::MemoryType::Normal) {
804 if (vaddr & mask(flags & AlignmentMask)) {
805 stats.alignFaults++;
806 return std::make_shared<DataAbort>(
807 vaddr_tainted,
808 TlbEntry::DomainType::NoAccess,
809 is_atomic ? false : is_write,
810 ArmFault::AlignmentFault, isStage2,
811 ArmFault::LpaeTran);
812 }
813 }
814 }
815
816 if (te->nonCacheable) {
817 // Prevent prefetching from I/O devices.
818 if (req->isPrefetch()) {
819 // Here we can safely use the fault status for the short
820 // desc. format in all cases
821 return std::make_shared<PrefetchAbort>(
822 vaddr_tainted,
823 ArmFault::PrefetchUncacheable,
824 isStage2, ArmFault::LpaeTran);
825 }
826 }
827
828 uint8_t ap = 0x3 & (te->ap); // 2-bit access protection field
829 bool grant = false;
830
831 bool wxn = sctlr.wxn;
832 uint8_t xn = te->xn;
833 uint8_t pxn = te->pxn;
834 bool r = (!is_write && !is_fetch);
835 bool w = is_write;
836 bool x = is_fetch;
837
838 if (ArmSystem::haveEL(tc, EL3) && isSecure && te->ns && scr.sif)
839 xn = true;
840
841 // grant_read is used for faults from an atomic instruction that
842 // both reads and writes from a memory location. From a ISS point
843 // of view they count as read if a read to that address would have
844 // generated the fault; they count as writes otherwise
845 bool grant_read = true;
846 DPRINTF(TLBVerbose, "Checking permissions: ap:%d, xn:%d, pxn:%d, r:%d, "
847 "w:%d, x:%d, is_priv: %d, wxn: %d\n", ap, xn,
848 pxn, r, w, x, is_priv, wxn);
849
850 if (isStage2) {
851 assert(ArmSystem::haveVirtualization(tc) && aarch64EL != EL2);
852 // In stage 2 we use the hypervisor access permission bits.
853 // The following permissions are described in ARM DDI 0487A.f
854 // D4-1802
855 uint8_t hap = 0x3 & te->hap;
856 grant_read = hap & 0x1;
857 if (is_fetch) {
858 // sctlr.wxn overrides the xn bit
859 grant = !wxn && !xn;
860 } else if (is_atomic) {
861 grant = r && w;
862 grant_read = r;
863 } else if (is_write) {
864 grant = hap & 0x2;
865 } else { // is_read
866 grant = grant_read;
867 }
868 } else {
869 switch (aarch64EL) {
870 case EL0:
871 {
872 grant_read = ap & 0x1;
873 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
874 switch (perm) {
875 case 0:
876 case 1:
877 case 8:
878 case 9:
879 grant = x;
880 break;
881 case 4:
882 case 5:
883 grant = r || w || (x && !wxn);
884 break;
885 case 6:
886 case 7:
887 grant = r || w;
888 break;
889 case 12:
890 case 13:
891 grant = r || x;
892 break;
893 case 14:
894 case 15:
895 grant = r;
896 break;
897 default:
898 grant = false;
899 }
900 }
901 break;
902 case EL1:
903 {
904 if (checkPAN(tc, ap, req, mode)) {
905 grant = false;
906 grant_read = false;
907 break;
908 }
909
910 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
911 switch (perm) {
912 case 0:
913 case 2:
914 grant = r || w || (x && !wxn);
915 break;
916 case 1:
917 case 3:
918 case 4:
919 case 5:
920 case 6:
921 case 7:
922 // regions that are writeable at EL0 should not be
923 // executable at EL1
924 grant = r || w;
925 break;
926 case 8:
927 case 10:
928 case 12:
929 case 14:
930 grant = r || x;
931 break;
932 case 9:
933 case 11:
934 case 13:
935 case 15:
936 grant = r;
937 break;
938 default:
939 grant = false;
940 }
941 }
942 break;
943 case EL2:
944 if (hcr.e2h && checkPAN(tc, ap, req, mode)) {
945 grant = false;
946 grant_read = false;
947 break;
948 }
949 M5_FALLTHROUGH;
950 case EL3:
951 {
952 uint8_t perm = (ap & 0x2) | xn;
953 switch (perm) {
954 case 0:
955 grant = r || w || (x && !wxn);
956 break;
957 case 1:
958 grant = r || w;
959 break;
960 case 2:
961 grant = r || x;
962 break;
963 case 3:
964 grant = r;
965 break;
966 default:
967 grant = false;
968 }
969 }
970 break;
971 }
972 }
973
974 if (!grant) {
975 if (is_fetch) {
976 stats.permsFaults++;
977 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. "
978 "AP:%d priv:%d write:%d ns:%d sif:%d "
979 "sctlr.afe: %d\n",
980 ap, is_priv, is_write, te->ns, scr.sif, sctlr.afe);
981 // Use PC value instead of vaddr because vaddr might be aligned to
982 // cache line and should not be the address reported in FAR
983 return std::make_shared<PrefetchAbort>(
984 req->getPC(),
985 ArmFault::PermissionLL + te->lookupLevel,
986 isStage2, ArmFault::LpaeTran);
987 } else {
988 stats.permsFaults++;
989 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d "
990 "priv:%d write:%d\n", ap, is_priv, is_write);
991 return std::make_shared<DataAbort>(
992 vaddr_tainted, te->domain,
993 (is_atomic && !grant_read) ? false : is_write,
994 ArmFault::PermissionLL + te->lookupLevel,
995 isStage2, ArmFault::LpaeTran);
996 }
997 }
998
999 return NoFault;
1000 }
1001
1002 bool
1003 TLB::checkPAN(ThreadContext *tc, uint8_t ap, const RequestPtr &req, Mode mode)
1004 {
1005 // The PAN bit has no effect on:
1006 // 1) Instruction accesses.
1007 // 2) Data Cache instructions other than DC ZVA
1008 // 3) Address translation instructions, other than ATS1E1RP and
1009 // ATS1E1WP when ARMv8.2-ATS1E1 is implemented. (Unimplemented in
1010 // gem5)
1011 // 4) Unprivileged instructions (Unimplemented in gem5)
1012 AA64MMFR1 mmfr1 = tc->readMiscReg(MISCREG_ID_AA64MMFR1_EL1);
1013 if (mmfr1.pan && cpsr.pan && (ap & 0x1) && mode != Execute &&
1014 (!req->isCacheMaintenance() ||
1015 (req->getFlags() & Request::CACHE_BLOCK_ZERO))) {
1016 return true;
1017 } else {
1018 return false;
1019 }
1020 }
1021
1022 Fault
1023 TLB::translateMmuOff(ThreadContext *tc, const RequestPtr &req, Mode mode,
1024 TLB::ArmTranslationType tranType, Addr vaddr, bool long_desc_format)
1025 {
1026 bool is_fetch = (mode == Execute);
1027 bool is_atomic = req->isAtomic();
1028 req->setPaddr(vaddr);
1029 // When the MMU is off the security attribute corresponds to the
1030 // security state of the processor
1031 if (isSecure)
1032 req->setFlags(Request::SECURE);
1033
1034 if (aarch64) {
1035 bool selbit = bits(vaddr, 55);
1036 TCR tcr1 = tc->readMiscReg(MISCREG_TCR_EL1);
1037 int topbit = computeAddrTop(tc, selbit, is_fetch, tcr1, currEL(tc));
1038 int addr_sz = bits(vaddr, topbit, physAddrRange);
1039 if (addr_sz != 0){
1040 Fault f;
1041 if (is_fetch)
1042 f = std::make_shared<PrefetchAbort>(vaddr,
1043 ArmFault::AddressSizeLL, isStage2, ArmFault::LpaeTran);
1044 else
1045 f = std::make_shared<DataAbort>( vaddr,
1046 TlbEntry::DomainType::NoAccess,
1047 is_atomic ? false : mode==Write,
1048 ArmFault::AddressSizeLL, isStage2, ArmFault::LpaeTran);
1049 return f;
1050 }
1051 }
1052
1053 // @todo: double check this (ARM ARM issue C B3.2.1)
1054 if (long_desc_format || sctlr.tre == 0 || nmrr.ir0 == 0 ||
1055 nmrr.or0 == 0 || prrr.tr0 != 0x2) {
1056 if (!req->isCacheMaintenance()) {
1057 req->setFlags(Request::UNCACHEABLE);
1058 }
1059 req->setFlags(Request::STRICT_ORDER);
1060 }
1061
1062 // Set memory attributes
1063 TlbEntry temp_te;
1064 temp_te.ns = !isSecure;
1065 bool dc = (HaveVirtHostExt(tc)
1066 && hcr.e2h == 1 && hcr.tge == 1) ? 0: hcr.dc;
1067 bool i_cacheability = sctlr.i && !sctlr.m;
1068 if (isStage2 || !dc || isSecure ||
1069 (isHyp && !(tranType & S1CTran))) {
1070
1071 temp_te.mtype = is_fetch ? TlbEntry::MemoryType::Normal
1072 : TlbEntry::MemoryType::StronglyOrdered;
1073 temp_te.innerAttrs = i_cacheability? 0x2: 0x0;
1074 temp_te.outerAttrs = i_cacheability? 0x2: 0x0;
1075 temp_te.shareable = true;
1076 temp_te.outerShareable = true;
1077 } else {
1078 temp_te.mtype = TlbEntry::MemoryType::Normal;
1079 temp_te.innerAttrs = 0x3;
1080 temp_te.outerAttrs = 0x3;
1081 temp_te.shareable = false;
1082 temp_te.outerShareable = false;
1083 }
1084 temp_te.setAttributes(long_desc_format);
1085 DPRINTF(TLBVerbose, "(No MMU) setting memory attributes: shareable: "
1086 "%d, innerAttrs: %d, outerAttrs: %d, isStage2: %d\n",
1087 temp_te.shareable, temp_te.innerAttrs, temp_te.outerAttrs,
1088 isStage2);
1089 setAttr(temp_te.attributes);
1090
1091 return testTranslation(req, mode, TlbEntry::DomainType::NoAccess);
1092 }
1093
1094 Fault
1095 TLB::translateMmuOn(ThreadContext* tc, const RequestPtr &req, Mode mode,
1096 Translation *translation, bool &delay, bool timing,
1097 bool functional, Addr vaddr,
1098 ArmFault::TranMethod tranMethod)
1099 {
1100 TlbEntry *te = NULL;
1101 bool is_fetch = (mode == Execute);
1102 TlbEntry mergeTe;
1103
1104 Request::Flags flags = req->getFlags();
1105 Addr vaddr_tainted = req->getVaddr();
1106
1107 Fault fault = getResultTe(&te, req, tc, mode, translation, timing,
1108 functional, &mergeTe);
1109 // only proceed if we have a valid table entry
1110 if ((te == NULL) && (fault == NoFault)) delay = true;
1111
1112 // If we have the table entry transfer some of the attributes to the
1113 // request that triggered the translation
1114 if (te != NULL) {
1115 // Set memory attributes
1116 DPRINTF(TLBVerbose,
1117 "Setting memory attributes: shareable: %d, innerAttrs: %d, "
1118 "outerAttrs: %d, mtype: %d, isStage2: %d\n",
1119 te->shareable, te->innerAttrs, te->outerAttrs,
1120 static_cast<uint8_t>(te->mtype), isStage2);
1121 setAttr(te->attributes);
1122
1123 if (te->nonCacheable && !req->isCacheMaintenance())
1124 req->setFlags(Request::UNCACHEABLE);
1125
1126 // Require requests to be ordered if the request goes to
1127 // strongly ordered or device memory (i.e., anything other
1128 // than normal memory requires strict order).
1129 if (te->mtype != TlbEntry::MemoryType::Normal)
1130 req->setFlags(Request::STRICT_ORDER);
1131
1132 Addr pa = te->pAddr(vaddr);
1133 req->setPaddr(pa);
1134
1135 if (isSecure && !te->ns) {
1136 req->setFlags(Request::SECURE);
1137 }
1138 if (!is_fetch && fault == NoFault &&
1139 (vaddr & mask(flags & AlignmentMask)) &&
1140 (te->mtype != TlbEntry::MemoryType::Normal)) {
1141 // Unaligned accesses to Device memory should always cause an
1142 // abort regardless of sctlr.a
1143 stats.alignFaults++;
1144 bool is_write = (mode == Write);
1145 return std::make_shared<DataAbort>(
1146 vaddr_tainted,
1147 TlbEntry::DomainType::NoAccess, is_write,
1148 ArmFault::AlignmentFault, isStage2,
1149 tranMethod);
1150 }
1151
1152 // Check for a trickbox generated address fault
1153 if (fault == NoFault)
1154 fault = testTranslation(req, mode, te->domain);
1155 }
1156
1157 if (fault == NoFault) {
1158 // Don't try to finalize a physical address unless the
1159 // translation has completed (i.e., there is a table entry).
1160 return te ? finalizePhysical(req, tc, mode) : NoFault;
1161 } else {
1162 return fault;
1163 }
1164 }
1165
1166 Fault
1167 TLB::translateFs(const RequestPtr &req, ThreadContext *tc, Mode mode,
1168 Translation *translation, bool &delay, bool timing,
1169 TLB::ArmTranslationType tranType, bool functional)
1170 {
1171 // No such thing as a functional timing access
1172 assert(!(timing && functional));
1173
1174 updateMiscReg(tc, tranType);
1175
1176 Addr vaddr_tainted = req->getVaddr();
1177 Addr vaddr = 0;
1178 if (aarch64)
1179 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
1180 mode==Execute);
1181 else
1182 vaddr = vaddr_tainted;
1183 Request::Flags flags = req->getFlags();
1184
1185 bool is_fetch = (mode == Execute);
1186 bool is_write = (mode == Write);
1187 bool long_desc_format = aarch64 || longDescFormatInUse(tc);
1188 ArmFault::TranMethod tranMethod = long_desc_format ? ArmFault::LpaeTran
1189 : ArmFault::VmsaTran;
1190
1191 DPRINTF(TLBVerbose,
1192 "CPSR is priv:%d UserMode:%d secure:%d S1S2NsTran:%d\n",
1193 isPriv, flags & UserMode, isSecure, tranType & S1S2NsTran);
1194
1195 DPRINTF(TLB, "translateFs addr %#x, mode %d, st2 %d, scr %#x sctlr %#x "
1196 "flags %#lx tranType 0x%x\n", vaddr_tainted, mode, isStage2,
1197 scr, sctlr, flags, tranType);
1198
1199 if ((req->isInstFetch() && (!sctlr.i)) ||
1200 ((!req->isInstFetch()) && (!sctlr.c))){
1201 if (!req->isCacheMaintenance()) {
1202 req->setFlags(Request::UNCACHEABLE);
1203 }
1204 req->setFlags(Request::STRICT_ORDER);
1205 }
1206 if (!is_fetch) {
1207 if (sctlr.a || !(flags & AllowUnaligned)) {
1208 if (vaddr & mask(flags & AlignmentMask)) {
1209 stats.alignFaults++;
1210 return std::make_shared<DataAbort>(
1211 vaddr_tainted,
1212 TlbEntry::DomainType::NoAccess, is_write,
1213 ArmFault::AlignmentFault, isStage2,
1214 tranMethod);
1215 }
1216 }
1217 }
1218
1219 bool vm = hcr.vm;
1220 if (HaveVirtHostExt(tc) && hcr.e2h == 1 && hcr.tge ==1)
1221 vm = 0;
1222 else if (hcr.dc == 1)
1223 vm = 1;
1224
1225 Fault fault = NoFault;
1226 // If guest MMU is off or hcr.vm=0 go straight to stage2
1227 if ((isStage2 && !vm) || (!isStage2 && !sctlr.m)) {
1228 fault = translateMmuOff(tc, req, mode, tranType, vaddr,
1229 long_desc_format);
1230 } else {
1231 DPRINTF(TLBVerbose, "Translating %s=%#x context=%d\n",
1232 isStage2 ? "IPA" : "VA", vaddr_tainted, asid);
1233 // Translation enabled
1234 fault = translateMmuOn(tc, req, mode, translation, delay, timing,
1235 functional, vaddr, tranMethod);
1236 }
1237
1238 // Check for Debug Exceptions
1239 SelfDebug *sd = ArmISA::ISA::getSelfDebug(tc);
1240
1241 if (sd->enabled() && fault == NoFault) {
1242 fault = sd->testDebug(tc, req, mode);
1243 }
1244
1245 return fault;
1246 }
1247
1248 Fault
1249 TLB::translateAtomic(const RequestPtr &req, ThreadContext *tc, Mode mode,
1250 TLB::ArmTranslationType tranType)
1251 {
1252 updateMiscReg(tc, tranType);
1253
1254 if (directToStage2) {
1255 assert(stage2Tlb);
1256 return stage2Tlb->translateAtomic(req, tc, mode, tranType);
1257 }
1258
1259 bool delay = false;
1260 Fault fault;
1261 if (FullSystem)
1262 fault = translateFs(req, tc, mode, NULL, delay, false, tranType);
1263 else
1264 fault = translateSe(req, tc, mode, NULL, delay, false);
1265 assert(!delay);
1266 return fault;
1267 }
1268
1269 Fault
1270 TLB::translateFunctional(const RequestPtr &req, ThreadContext *tc, Mode mode,
1271 TLB::ArmTranslationType tranType)
1272 {
1273 updateMiscReg(tc, tranType);
1274
1275 if (directToStage2) {
1276 assert(stage2Tlb);
1277 return stage2Tlb->translateFunctional(req, tc, mode, tranType);
1278 }
1279
1280 bool delay = false;
1281 Fault fault;
1282 if (FullSystem)
1283 fault = translateFs(req, tc, mode, NULL, delay, false, tranType, true);
1284 else
1285 fault = translateSe(req, tc, mode, NULL, delay, false);
1286 assert(!delay);
1287 return fault;
1288 }
1289
1290 void
1291 TLB::translateTiming(const RequestPtr &req, ThreadContext *tc,
1292 Translation *translation, Mode mode, TLB::ArmTranslationType tranType)
1293 {
1294 updateMiscReg(tc, tranType);
1295
1296 if (directToStage2) {
1297 assert(stage2Tlb);
1298 stage2Tlb->translateTiming(req, tc, translation, mode, tranType);
1299 return;
1300 }
1301
1302 assert(translation);
1303
1304 translateComplete(req, tc, translation, mode, tranType, isStage2);
1305 }
1306
1307 Fault
1308 TLB::translateComplete(const RequestPtr &req, ThreadContext *tc,
1309 Translation *translation, Mode mode, TLB::ArmTranslationType tranType,
1310 bool callFromS2)
1311 {
1312 bool delay = false;
1313 Fault fault;
1314 if (FullSystem)
1315 fault = translateFs(req, tc, mode, translation, delay, true, tranType);
1316 else
1317 fault = translateSe(req, tc, mode, translation, delay, true);
1318 DPRINTF(TLBVerbose, "Translation returning delay=%d fault=%d\n", delay, fault !=
1319 NoFault);
1320 // If we have a translation, and we're not in the middle of doing a stage
1321 // 2 translation tell the translation that we've either finished or its
1322 // going to take a while. By not doing this when we're in the middle of a
1323 // stage 2 translation we prevent marking the translation as delayed twice,
1324 // one when the translation starts and again when the stage 1 translation
1325 // completes.
1326
1327 if (translation && (callFromS2 || !stage2Req || req->hasPaddr() ||
1328 fault != NoFault)) {
1329 if (!delay)
1330 translation->finish(fault, req, tc, mode);
1331 else
1332 translation->markDelayed();
1333 }
1334 return fault;
1335 }
1336
1337 Port *
1338 TLB::getTableWalkerPort()
1339 {
1340 return &stage2Mmu->getDMAPort();
1341 }
1342
1343 void
1344 TLB::updateMiscReg(ThreadContext *tc, ArmTranslationType tranType)
1345 {
1346 // check if the regs have changed, or the translation mode is different.
1347 // NOTE: the tran type doesn't affect stage 2 TLB's as they only handle
1348 // one type of translation anyway
1349 if (miscRegValid && miscRegContext == tc->contextId() &&
1350 ((tranType == curTranType) || isStage2)) {
1351 return;
1352 }
1353
1354 DPRINTF(TLBVerbose, "TLB variables changed!\n");
1355 cpsr = tc->readMiscReg(MISCREG_CPSR);
1356
1357 // Dependencies: SCR/SCR_EL3, CPSR
1358 isSecure = ArmISA::isSecure(tc) &&
1359 !(tranType & HypMode) && !(tranType & S1S2NsTran);
1360
1361 aarch64EL = tranTypeEL(cpsr, tranType);
1362 aarch64 = isStage2 ?
1363 ELIs64(tc, EL2) :
1364 ELIs64(tc, aarch64EL == EL0 ? EL1 : aarch64EL);
1365
1366 hcr = tc->readMiscReg(MISCREG_HCR_EL2);
1367 if (aarch64) { // AArch64
1368 // determine EL we need to translate in
1369 switch (aarch64EL) {
1370 case EL0:
1371 if (HaveVirtHostExt(tc) && hcr.tge == 1 && hcr.e2h == 1) {
1372 // VHE code for EL2&0 regime
1373 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL2);
1374 ttbcr = tc->readMiscReg(MISCREG_TCR_EL2);
1375 uint64_t ttbr_asid = ttbcr.a1 ?
1376 tc->readMiscReg(MISCREG_TTBR1_EL2) :
1377 tc->readMiscReg(MISCREG_TTBR0_EL2);
1378 asid = bits(ttbr_asid,
1379 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1380
1381 } else {
1382 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL1);
1383 ttbcr = tc->readMiscReg(MISCREG_TCR_EL1);
1384 uint64_t ttbr_asid = ttbcr.a1 ?
1385 tc->readMiscReg(MISCREG_TTBR1_EL1) :
1386 tc->readMiscReg(MISCREG_TTBR0_EL1);
1387 asid = bits(ttbr_asid,
1388 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1389
1390 }
1391 break;
1392 case EL1:
1393 {
1394 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL1);
1395 ttbcr = tc->readMiscReg(MISCREG_TCR_EL1);
1396 uint64_t ttbr_asid = ttbcr.a1 ?
1397 tc->readMiscReg(MISCREG_TTBR1_EL1) :
1398 tc->readMiscReg(MISCREG_TTBR0_EL1);
1399 asid = bits(ttbr_asid,
1400 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1401 }
1402 break;
1403 case EL2:
1404 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL2);
1405 ttbcr = tc->readMiscReg(MISCREG_TCR_EL2);
1406 if (hcr.e2h == 1) {
1407 // VHE code for EL2&0 regime
1408 uint64_t ttbr_asid = ttbcr.a1 ?
1409 tc->readMiscReg(MISCREG_TTBR1_EL2) :
1410 tc->readMiscReg(MISCREG_TTBR0_EL2);
1411 asid = bits(ttbr_asid,
1412 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1413 } else {
1414 asid = -1;
1415 }
1416 break;
1417 case EL3:
1418 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL3);
1419 ttbcr = tc->readMiscReg(MISCREG_TCR_EL3);
1420 asid = -1;
1421 break;
1422 }
1423
1424 scr = tc->readMiscReg(MISCREG_SCR_EL3);
1425 isPriv = aarch64EL != EL0;
1426 if (haveVirtualization) {
1427 vmid = bits(tc->readMiscReg(MISCREG_VTTBR_EL2), 55, 48);
1428 isHyp = aarch64EL == EL2;
1429 isHyp |= tranType & HypMode;
1430 isHyp &= (tranType & S1S2NsTran) == 0;
1431 isHyp &= (tranType & S1CTran) == 0;
1432 bool vm = hcr.vm;
1433 if (HaveVirtHostExt(tc) && hcr.e2h == 1 && hcr.tge ==1) {
1434 vm = 0;
1435 }
1436
1437 if (hcr.e2h == 1 && (aarch64EL == EL2
1438 || (hcr.tge ==1 && aarch64EL == EL0))) {
1439 isHyp = true;
1440 directToStage2 = false;
1441 stage2Req = false;
1442 stage2DescReq = false;
1443 } else {
1444 // Work out if we should skip the first stage of translation and go
1445 // directly to stage 2. This value is cached so we don't have to
1446 // compute it for every translation.
1447 bool sec = !isSecure || (isSecure && IsSecureEL2Enabled(tc));
1448 stage2Req = isStage2 ||
1449 (vm && !isHyp && sec &&
1450 !(tranType & S1CTran) && (aarch64EL < EL2) &&
1451 !(tranType & S1E1Tran)); // <--- FIX THIS HACK
1452 stage2DescReq = isStage2 || (vm && !isHyp && sec &&
1453 (aarch64EL < EL2));
1454 directToStage2 = !isStage2 && stage2Req && !sctlr.m;
1455 }
1456 } else {
1457 vmid = 0;
1458 isHyp = false;
1459 directToStage2 = false;
1460 stage2Req = false;
1461 stage2DescReq = false;
1462 }
1463 } else { // AArch32
1464 sctlr = tc->readMiscReg(snsBankedIndex(MISCREG_SCTLR, tc,
1465 !isSecure));
1466 ttbcr = tc->readMiscReg(snsBankedIndex(MISCREG_TTBCR, tc,
1467 !isSecure));
1468 scr = tc->readMiscReg(MISCREG_SCR);
1469 isPriv = cpsr.mode != MODE_USER;
1470 if (longDescFormatInUse(tc)) {
1471 uint64_t ttbr_asid = tc->readMiscReg(
1472 snsBankedIndex(ttbcr.a1 ? MISCREG_TTBR1 :
1473 MISCREG_TTBR0,
1474 tc, !isSecure));
1475 asid = bits(ttbr_asid, 55, 48);
1476 } else { // Short-descriptor translation table format in use
1477 CONTEXTIDR context_id = tc->readMiscReg(snsBankedIndex(
1478 MISCREG_CONTEXTIDR, tc,!isSecure));
1479 asid = context_id.asid;
1480 }
1481 prrr = tc->readMiscReg(snsBankedIndex(MISCREG_PRRR, tc,
1482 !isSecure));
1483 nmrr = tc->readMiscReg(snsBankedIndex(MISCREG_NMRR, tc,
1484 !isSecure));
1485 dacr = tc->readMiscReg(snsBankedIndex(MISCREG_DACR, tc,
1486 !isSecure));
1487 hcr = tc->readMiscReg(MISCREG_HCR);
1488
1489 if (haveVirtualization) {
1490 vmid = bits(tc->readMiscReg(MISCREG_VTTBR), 55, 48);
1491 isHyp = cpsr.mode == MODE_HYP;
1492 isHyp |= tranType & HypMode;
1493 isHyp &= (tranType & S1S2NsTran) == 0;
1494 isHyp &= (tranType & S1CTran) == 0;
1495 if (isHyp) {
1496 sctlr = tc->readMiscReg(MISCREG_HSCTLR);
1497 }
1498 // Work out if we should skip the first stage of translation and go
1499 // directly to stage 2. This value is cached so we don't have to
1500 // compute it for every translation.
1501 bool sec = !isSecure || (isSecure && IsSecureEL2Enabled(tc));
1502 stage2Req = hcr.vm && !isStage2 && !isHyp && sec &&
1503 !(tranType & S1CTran);
1504 stage2DescReq = hcr.vm && !isStage2 && !isHyp && sec;
1505 directToStage2 = stage2Req && !sctlr.m;
1506 } else {
1507 vmid = 0;
1508 stage2Req = false;
1509 isHyp = false;
1510 directToStage2 = false;
1511 stage2DescReq = false;
1512 }
1513 }
1514 miscRegValid = true;
1515 miscRegContext = tc->contextId();
1516 curTranType = tranType;
1517 }
1518
1519 ExceptionLevel
1520 TLB::tranTypeEL(CPSR cpsr, ArmTranslationType type)
1521 {
1522 switch (type) {
1523 case S1E0Tran:
1524 case S12E0Tran:
1525 return EL0;
1526
1527 case S1E1Tran:
1528 case S12E1Tran:
1529 return EL1;
1530
1531 case S1E2Tran:
1532 return EL2;
1533
1534 case S1E3Tran:
1535 return EL3;
1536
1537 case NormalTran:
1538 case S1CTran:
1539 case S1S2NsTran:
1540 case HypMode:
1541 return currEL(cpsr);
1542
1543 default:
1544 panic("Unknown translation mode!\n");
1545 }
1546 }
1547
1548 Fault
1549 TLB::getTE(TlbEntry **te, const RequestPtr &req, ThreadContext *tc, Mode mode,
1550 Translation *translation, bool timing, bool functional,
1551 bool is_secure, TLB::ArmTranslationType tranType)
1552 {
1553 // In a 2-stage system, the IPA->PA translation can be started via this
1554 // call so make sure the miscRegs are correct.
1555 if (isStage2) {
1556 updateMiscReg(tc, tranType);
1557 }
1558 bool is_fetch = (mode == Execute);
1559 bool is_write = (mode == Write);
1560
1561 Addr vaddr_tainted = req->getVaddr();
1562 Addr vaddr = 0;
1563 ExceptionLevel target_el = aarch64 ? aarch64EL : EL1;
1564 if (aarch64) {
1565 vaddr = purifyTaggedAddr(vaddr_tainted, tc, target_el, (TCR)ttbcr,
1566 mode==Execute);
1567 } else {
1568 vaddr = vaddr_tainted;
1569 }
1570 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false, target_el,
1571 false);
1572 if (*te == NULL) {
1573 if (req->isPrefetch()) {
1574 // if the request is a prefetch don't attempt to fill the TLB or go
1575 // any further with the memory access (here we can safely use the
1576 // fault status for the short desc. format in all cases)
1577 stats.prefetchFaults++;
1578 return std::make_shared<PrefetchAbort>(
1579 vaddr_tainted, ArmFault::PrefetchTLBMiss, isStage2);
1580 }
1581
1582 if (is_fetch)
1583 stats.instMisses++;
1584 else if (is_write)
1585 stats.writeMisses++;
1586 else
1587 stats.readMisses++;
1588
1589 // start translation table walk, pass variables rather than
1590 // re-retreaving in table walker for speed
1591 DPRINTF(TLB, "TLB Miss: Starting hardware table walker for %#x(%d:%d)\n",
1592 vaddr_tainted, asid, vmid);
1593 Fault fault;
1594 fault = tableWalker->walk(req, tc, asid, vmid, isHyp, mode,
1595 translation, timing, functional, is_secure,
1596 tranType, stage2DescReq);
1597 // for timing mode, return and wait for table walk,
1598 if (timing || fault != NoFault) {
1599 return fault;
1600 }
1601
1602 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false,
1603 target_el, false);
1604 if (!*te)
1605 printTlb();
1606 assert(*te);
1607 } else {
1608 if (is_fetch)
1609 stats.instHits++;
1610 else if (is_write)
1611 stats.writeHits++;
1612 else
1613 stats.readHits++;
1614 }
1615 return NoFault;
1616 }
1617
1618 Fault
1619 TLB::getResultTe(TlbEntry **te, const RequestPtr &req,
1620 ThreadContext *tc, Mode mode,
1621 Translation *translation, bool timing, bool functional,
1622 TlbEntry *mergeTe)
1623 {
1624 Fault fault;
1625
1626 if (isStage2) {
1627 // We are already in the stage 2 TLB. Grab the table entry for stage
1628 // 2 only. We are here because stage 1 translation is disabled.
1629 TlbEntry *s2Te = NULL;
1630 // Get the stage 2 table entry
1631 fault = getTE(&s2Te, req, tc, mode, translation, timing, functional,
1632 isSecure, curTranType);
1633 // Check permissions of stage 2
1634 if ((s2Te != NULL) && (fault == NoFault)) {
1635 if (aarch64)
1636 fault = checkPermissions64(s2Te, req, mode, tc);
1637 else
1638 fault = checkPermissions(s2Te, req, mode);
1639 }
1640 *te = s2Te;
1641 return fault;
1642 }
1643
1644 TlbEntry *s1Te = NULL;
1645
1646 Addr vaddr_tainted = req->getVaddr();
1647
1648 // Get the stage 1 table entry
1649 fault = getTE(&s1Te, req, tc, mode, translation, timing, functional,
1650 isSecure, curTranType);
1651 // only proceed if we have a valid table entry
1652 if ((s1Te != NULL) && (fault == NoFault)) {
1653 // Check stage 1 permissions before checking stage 2
1654 if (aarch64)
1655 fault = checkPermissions64(s1Te, req, mode, tc);
1656 else
1657 fault = checkPermissions(s1Te, req, mode);
1658 if (stage2Req & (fault == NoFault)) {
1659 Stage2LookUp *s2Lookup = new Stage2LookUp(this, stage2Tlb, *s1Te,
1660 req, translation, mode, timing, functional, isSecure,
1661 curTranType);
1662 fault = s2Lookup->getTe(tc, mergeTe);
1663 if (s2Lookup->isComplete()) {
1664 *te = mergeTe;
1665 // We've finished with the lookup so delete it
1666 delete s2Lookup;
1667 } else {
1668 // The lookup hasn't completed, so we can't delete it now. We
1669 // get round this by asking the object to self delete when the
1670 // translation is complete.
1671 s2Lookup->setSelfDelete();
1672 }
1673 } else {
1674 // This case deals with an S1 hit (or bypass), followed by
1675 // an S2 hit-but-perms issue
1676 if (isStage2) {
1677 DPRINTF(TLBVerbose, "s2TLB: reqVa %#x, reqPa %#x, fault %p\n",
1678 vaddr_tainted, req->hasPaddr() ? req->getPaddr() : ~0, fault);
1679 if (fault != NoFault) {
1680 ArmFault *armFault = reinterpret_cast<ArmFault *>(fault.get());
1681 armFault->annotate(ArmFault::S1PTW, false);
1682 armFault->annotate(ArmFault::OVA, vaddr_tainted);
1683 }
1684 }
1685 *te = s1Te;
1686 }
1687 }
1688 return fault;
1689 }
1690
1691 void
1692 TLB::setTestInterface(SimObject *_ti)
1693 {
1694 if (!_ti) {
1695 test = nullptr;
1696 } else {
1697 TlbTestInterface *ti(dynamic_cast<TlbTestInterface *>(_ti));
1698 fatal_if(!ti, "%s is not a valid ARM TLB tester\n", _ti->name());
1699 test = ti;
1700 }
1701 }
1702
1703 Fault
1704 TLB::testTranslation(const RequestPtr &req, Mode mode,
1705 TlbEntry::DomainType domain)
1706 {
1707 if (!test || !req->hasSize() || req->getSize() == 0 ||
1708 req->isCacheMaintenance()) {
1709 return NoFault;
1710 } else {
1711 return test->translationCheck(req, isPriv, mode, domain);
1712 }
1713 }
1714
1715 Fault
1716 TLB::testWalk(Addr pa, Addr size, Addr va, bool is_secure, Mode mode,
1717 TlbEntry::DomainType domain, LookupLevel lookup_level)
1718 {
1719 if (!test) {
1720 return NoFault;
1721 } else {
1722 return test->walkCheck(pa, size, va, is_secure, isPriv, mode,
1723 domain, lookup_level);
1724 }
1725 }