projects / gem5.git / blob
? search:


cec459770ba2552270329c3f9aaf59361c42f197
[gem5.git] / src / arch / arm / tlb.cc
1 /*
2 * Copyright (c) 2010-2013, 2016-2019 ARM Limited
3 * All rights reserved
4 *
5 * The license below extends only to copyright in the software and shall
6 * not be construed as granting a license to any other intellectual
7 * property including but not limited to intellectual property relating
8 * to a hardware implementation of the functionality of the software
9 * licensed hereunder. You may use the software subject to the license
10 * terms below provided that you ensure that this notice is replicated
11 * unmodified and in its entirety in all distributions of the software,
12 * modified or unmodified, in source code or in binary form.
13 *
14 * Copyright (c) 2001-2005 The Regents of The University of Michigan
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions are
19 * met: redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer;
21 * redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution;
24 * neither the name of the copyright holders nor the names of its
25 * contributors may be used to endorse or promote products derived from
26 * this software without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 *
40 * Authors: Ali Saidi
41 * Nathan Binkert
42 * Steve Reinhardt
43 */
44
45 #include "arch/arm/tlb.hh"
46
47 #include <memory>
48 #include <string>
49 #include <vector>
50
51 #include "arch/arm/faults.hh"
52 #include "arch/arm/pagetable.hh"
53 #include "arch/arm/stage2_lookup.hh"
54 #include "arch/arm/stage2_mmu.hh"
55 #include "arch/arm/system.hh"
56 #include "arch/arm/table_walker.hh"
57 #include "arch/arm/utility.hh"
58 #include "base/inifile.hh"
59 #include "base/str.hh"
60 #include "base/trace.hh"
61 #include "cpu/base.hh"
62 #include "cpu/thread_context.hh"
63 #include "debug/Checkpoint.hh"
64 #include "debug/TLB.hh"
65 #include "debug/TLBVerbose.hh"
66 #include "mem/page_table.hh"
67 #include "mem/request.hh"
68 #include "params/ArmTLB.hh"
69 #include "sim/full_system.hh"
70 #include "sim/process.hh"
71
72 using namespace std;
73 using namespace ArmISA;
74
75 TLB::TLB(const ArmTLBParams *p)
76 : BaseTLB(p), table(new TlbEntry[p->size]), size(p->size),
77 isStage2(p->is_stage2), stage2Req(false), stage2DescReq(false), _attr(0),
78 directToStage2(false), tableWalker(p->walker), stage2Tlb(NULL),
79 stage2Mmu(NULL), test(nullptr), rangeMRU(1),
80 aarch64(false), aarch64EL(EL0), isPriv(false), isSecure(false),
81 isHyp(false), asid(0), vmid(0), hcr(0), dacr(0),
82 miscRegValid(false), miscRegContext(0), curTranType(NormalTran)
83 {
84 const ArmSystem *sys = dynamic_cast<const ArmSystem *>(p->sys);
85
86 tableWalker->setTlb(this);
87
88 // Cache system-level properties
89 haveLPAE = tableWalker->haveLPAE();
90 haveVirtualization = tableWalker->haveVirtualization();
91 haveLargeAsid64 = tableWalker->haveLargeAsid64();
92
93 if (sys)
94 m5opRange = sys->m5opRange();
95 }
96
97 TLB::~TLB()
98 {
99 delete[] table;
100 }
101
102 void
103 TLB::init()
104 {
105 if (stage2Mmu && !isStage2)
106 stage2Tlb = stage2Mmu->stage2Tlb();
107 }
108
109 void
110 TLB::setMMU(Stage2MMU *m, MasterID master_id)
111 {
112 stage2Mmu = m;
113 tableWalker->setMMU(m, master_id);
114 }
115
116 bool
117 TLB::translateFunctional(ThreadContext *tc, Addr va, Addr &pa)
118 {
119 updateMiscReg(tc);
120
121 if (directToStage2) {
122 assert(stage2Tlb);
123 return stage2Tlb->translateFunctional(tc, va, pa);
124 }
125
126 TlbEntry *e = lookup(va, asid, vmid, isHyp, isSecure, true, false,
127 aarch64 ? aarch64EL : EL1);
128 if (!e)
129 return false;
130 pa = e->pAddr(va);
131 return true;
132 }
133
134 Fault
135 TLB::finalizePhysical(const RequestPtr &req,
136 ThreadContext *tc, Mode mode) const
137 {
138 const Addr paddr = req->getPaddr();
139
140 if (m5opRange.contains(paddr))
141 req->setFlags(Request::MMAPPED_IPR);
142
143 return NoFault;
144 }
145
146 TlbEntry*
147 TLB::lookup(Addr va, uint16_t asn, uint8_t vmid, bool hyp, bool secure,
148 bool functional, bool ignore_asn, ExceptionLevel target_el)
149 {
150
151 TlbEntry *retval = NULL;
152
153 // Maintaining LRU array
154 int x = 0;
155 while (retval == NULL && x < size) {
156 if ((!ignore_asn && table[x].match(va, asn, vmid, hyp, secure, false,
157 target_el)) ||
158 (ignore_asn && table[x].match(va, vmid, hyp, secure, target_el))) {
159 // We only move the hit entry ahead when the position is higher
160 // than rangeMRU
161 if (x > rangeMRU && !functional) {
162 TlbEntry tmp_entry = table[x];
163 for (int i = x; i > 0; i--)
164 table[i] = table[i - 1];
165 table[0] = tmp_entry;
166 retval = &table[0];
167 } else {
168 retval = &table[x];
169 }
170 break;
171 }
172 ++x;
173 }
174
175 DPRINTF(TLBVerbose, "Lookup %#x, asn %#x -> %s vmn 0x%x hyp %d secure %d "
176 "ppn %#x size: %#x pa: %#x ap:%d ns:%d nstid:%d g:%d asid: %d "
177 "el: %d\n",
178 va, asn, retval ? "hit" : "miss", vmid, hyp, secure,
179 retval ? retval->pfn : 0, retval ? retval->size : 0,
180 retval ? retval->pAddr(va) : 0, retval ? retval->ap : 0,
181 retval ? retval->ns : 0, retval ? retval->nstid : 0,
182 retval ? retval->global : 0, retval ? retval->asid : 0,
183 retval ? retval->el : 0);
184
185 return retval;
186 }
187
188 // insert a new TLB entry
189 void
190 TLB::insert(Addr addr, TlbEntry &entry)
191 {
192 DPRINTF(TLB, "Inserting entry into TLB with pfn:%#x size:%#x vpn: %#x"
193 " asid:%d vmid:%d N:%d global:%d valid:%d nc:%d xn:%d"
194 " ap:%#x domain:%#x ns:%d nstid:%d isHyp:%d\n", entry.pfn,
195 entry.size, entry.vpn, entry.asid, entry.vmid, entry.N,
196 entry.global, entry.valid, entry.nonCacheable, entry.xn,
197 entry.ap, static_cast<uint8_t>(entry.domain), entry.ns, entry.nstid,
198 entry.isHyp);
199
200 if (table[size - 1].valid)
201 DPRINTF(TLB, " - Replacing Valid entry %#x, asn %d vmn %d ppn %#x "
202 "size: %#x ap:%d ns:%d nstid:%d g:%d isHyp:%d el: %d\n",
203 table[size-1].vpn << table[size-1].N, table[size-1].asid,
204 table[size-1].vmid, table[size-1].pfn << table[size-1].N,
205 table[size-1].size, table[size-1].ap, table[size-1].ns,
206 table[size-1].nstid, table[size-1].global, table[size-1].isHyp,
207 table[size-1].el);
208
209 //inserting to MRU position and evicting the LRU one
210
211 for (int i = size - 1; i > 0; --i)
212 table[i] = table[i-1];
213 table[0] = entry;
214
215 inserts++;
216 ppRefills->notify(1);
217 }
218
219 void
220 TLB::printTlb() const
221 {
222 int x = 0;
223 TlbEntry *te;
224 DPRINTF(TLB, "Current TLB contents:\n");
225 while (x < size) {
226 te = &table[x];
227 if (te->valid)
228 DPRINTF(TLB, " * %s\n", te->print());
229 ++x;
230 }
231 }
232
233 void
234 TLB::flushAllSecurity(bool secure_lookup, ExceptionLevel target_el,
235 bool ignore_el)
236 {
237 DPRINTF(TLB, "Flushing all TLB entries (%s lookup)\n",
238 (secure_lookup ? "secure" : "non-secure"));
239 int x = 0;
240 TlbEntry *te;
241 while (x < size) {
242 te = &table[x];
243 const bool el_match = ignore_el ?
244 true : te->checkELMatch(target_el);
245
246 if (te->valid && secure_lookup == !te->nstid &&
247 (te->vmid == vmid || secure_lookup) && el_match) {
248
249 DPRINTF(TLB, " - %s\n", te->print());
250 te->valid = false;
251 flushedEntries++;
252 }
253 ++x;
254 }
255
256 flushTlb++;
257
258 // If there's a second stage TLB (and we're not it) then flush it as well
259 // if we're currently in hyp mode
260 if (!isStage2 && isHyp) {
261 stage2Tlb->flushAllSecurity(secure_lookup, EL1, true);
262 }
263 }
264
265 void
266 TLB::flushAllNs(ExceptionLevel target_el, bool ignore_el)
267 {
268 bool hyp = target_el == EL2;
269
270 DPRINTF(TLB, "Flushing all NS TLB entries (%s lookup)\n",
271 (hyp ? "hyp" : "non-hyp"));
272 int x = 0;
273 TlbEntry *te;
274 while (x < size) {
275 te = &table[x];
276 const bool el_match = ignore_el ?
277 true : te->checkELMatch(target_el);
278
279 if (te->valid && te->nstid && te->isHyp == hyp && el_match) {
280
281 DPRINTF(TLB, " - %s\n", te->print());
282 flushedEntries++;
283 te->valid = false;
284 }
285 ++x;
286 }
287
288 flushTlb++;
289
290 // If there's a second stage TLB (and we're not it) then flush it as well
291 if (!isStage2 && !hyp) {
292 stage2Tlb->flushAllNs(EL1, true);
293 }
294 }
295
296 void
297 TLB::flushMvaAsid(Addr mva, uint64_t asn, bool secure_lookup,
298 ExceptionLevel target_el)
299 {
300 DPRINTF(TLB, "Flushing TLB entries with mva: %#x, asid: %#x "
301 "(%s lookup)\n", mva, asn, (secure_lookup ?
302 "secure" : "non-secure"));
303 _flushMva(mva, asn, secure_lookup, false, target_el);
304 flushTlbMvaAsid++;
305 }
306
307 void
308 TLB::flushAsid(uint64_t asn, bool secure_lookup, ExceptionLevel target_el)
309 {
310 DPRINTF(TLB, "Flushing TLB entries with asid: %#x (%s lookup)\n", asn,
311 (secure_lookup ? "secure" : "non-secure"));
312
313 int x = 0 ;
314 TlbEntry *te;
315
316 while (x < size) {
317 te = &table[x];
318 if (te->valid && te->asid == asn && secure_lookup == !te->nstid &&
319 (te->vmid == vmid || secure_lookup) &&
320 te->checkELMatch(target_el)) {
321
322 te->valid = false;
323 DPRINTF(TLB, " - %s\n", te->print());
324 flushedEntries++;
325 }
326 ++x;
327 }
328 flushTlbAsid++;
329 }
330
331 void
332 TLB::flushMva(Addr mva, bool secure_lookup, ExceptionLevel target_el)
333 {
334 DPRINTF(TLB, "Flushing TLB entries with mva: %#x (%s lookup)\n", mva,
335 (secure_lookup ? "secure" : "non-secure"));
336 _flushMva(mva, 0xbeef, secure_lookup, true, target_el);
337 flushTlbMva++;
338 }
339
340 void
341 TLB::_flushMva(Addr mva, uint64_t asn, bool secure_lookup,
342 bool ignore_asn, ExceptionLevel target_el)
343 {
344 TlbEntry *te;
345 // D5.7.2: Sign-extend address to 64 bits
346 mva = sext<56>(mva);
347
348 bool hyp = target_el == EL2;
349
350 te = lookup(mva, asn, vmid, hyp, secure_lookup, false, ignore_asn,
351 target_el);
352 while (te != NULL) {
353 if (secure_lookup == !te->nstid) {
354 DPRINTF(TLB, " - %s\n", te->print());
355 te->valid = false;
356 flushedEntries++;
357 }
358 te = lookup(mva, asn, vmid, hyp, secure_lookup, false, ignore_asn,
359 target_el);
360 }
361 }
362
363 void
364 TLB::flushIpaVmid(Addr ipa, bool secure_lookup, ExceptionLevel target_el)
365 {
366 assert(!isStage2);
367 stage2Tlb->_flushMva(ipa, 0xbeef, secure_lookup, true, target_el);
368 }
369
370 void
371 TLB::drainResume()
372 {
373 // We might have unserialized something or switched CPUs, so make
374 // sure to re-read the misc regs.
375 miscRegValid = false;
376 }
377
378 void
379 TLB::takeOverFrom(BaseTLB *_otlb)
380 {
381 TLB *otlb = dynamic_cast<TLB*>(_otlb);
382 /* Make sure we actually have a valid type */
383 if (otlb) {
384 _attr = otlb->_attr;
385 haveLPAE = otlb->haveLPAE;
386 directToStage2 = otlb->directToStage2;
387 stage2Req = otlb->stage2Req;
388 stage2DescReq = otlb->stage2DescReq;
389
390 /* Sync the stage2 MMU if they exist in both
391 * the old CPU and the new
392 */
393 if (!isStage2 &&
394 stage2Tlb && otlb->stage2Tlb) {
395 stage2Tlb->takeOverFrom(otlb->stage2Tlb);
396 }
397 } else {
398 panic("Incompatible TLB type!");
399 }
400 }
401
402 void
403 TLB::regStats()
404 {
405 BaseTLB::regStats();
406 instHits
407 .name(name() + ".inst_hits")
408 .desc("ITB inst hits")
409 ;
410
411 instMisses
412 .name(name() + ".inst_misses")
413 .desc("ITB inst misses")
414 ;
415
416 instAccesses
417 .name(name() + ".inst_accesses")
418 .desc("ITB inst accesses")
419 ;
420
421 readHits
422 .name(name() + ".read_hits")
423 .desc("DTB read hits")
424 ;
425
426 readMisses
427 .name(name() + ".read_misses")
428 .desc("DTB read misses")
429 ;
430
431 readAccesses
432 .name(name() + ".read_accesses")
433 .desc("DTB read accesses")
434 ;
435
436 writeHits
437 .name(name() + ".write_hits")
438 .desc("DTB write hits")
439 ;
440
441 writeMisses
442 .name(name() + ".write_misses")
443 .desc("DTB write misses")
444 ;
445
446 writeAccesses
447 .name(name() + ".write_accesses")
448 .desc("DTB write accesses")
449 ;
450
451 hits
452 .name(name() + ".hits")
453 .desc("DTB hits")
454 ;
455
456 misses
457 .name(name() + ".misses")
458 .desc("DTB misses")
459 ;
460
461 accesses
462 .name(name() + ".accesses")
463 .desc("DTB accesses")
464 ;
465
466 flushTlb
467 .name(name() + ".flush_tlb")
468 .desc("Number of times complete TLB was flushed")
469 ;
470
471 flushTlbMva
472 .name(name() + ".flush_tlb_mva")
473 .desc("Number of times TLB was flushed by MVA")
474 ;
475
476 flushTlbMvaAsid
477 .name(name() + ".flush_tlb_mva_asid")
478 .desc("Number of times TLB was flushed by MVA & ASID")
479 ;
480
481 flushTlbAsid
482 .name(name() + ".flush_tlb_asid")
483 .desc("Number of times TLB was flushed by ASID")
484 ;
485
486 flushedEntries
487 .name(name() + ".flush_entries")
488 .desc("Number of entries that have been flushed from TLB")
489 ;
490
491 alignFaults
492 .name(name() + ".align_faults")
493 .desc("Number of TLB faults due to alignment restrictions")
494 ;
495
496 prefetchFaults
497 .name(name() + ".prefetch_faults")
498 .desc("Number of TLB faults due to prefetch")
499 ;
500
501 domainFaults
502 .name(name() + ".domain_faults")
503 .desc("Number of TLB faults due to domain restrictions")
504 ;
505
506 permsFaults
507 .name(name() + ".perms_faults")
508 .desc("Number of TLB faults due to permissions restrictions")
509 ;
510
511 instAccesses = instHits + instMisses;
512 readAccesses = readHits + readMisses;
513 writeAccesses = writeHits + writeMisses;
514 hits = readHits + writeHits + instHits;
515 misses = readMisses + writeMisses + instMisses;
516 accesses = readAccesses + writeAccesses + instAccesses;
517 }
518
519 void
520 TLB::regProbePoints()
521 {
522 ppRefills.reset(new ProbePoints::PMU(getProbeManager(), "Refills"));
523 }
524
525 Fault
526 TLB::translateSe(const RequestPtr &req, ThreadContext *tc, Mode mode,
527 Translation *translation, bool &delay, bool timing)
528 {
529 updateMiscReg(tc);
530 Addr vaddr_tainted = req->getVaddr();
531 Addr vaddr = 0;
532 if (aarch64)
533 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
534 mode==Execute);
535 else
536 vaddr = vaddr_tainted;
537 Request::Flags flags = req->getFlags();
538
539 bool is_fetch = (mode == Execute);
540 bool is_write = (mode == Write);
541
542 if (!is_fetch) {
543 assert(flags & MustBeOne || req->isPrefetch());
544 if (sctlr.a || !(flags & AllowUnaligned)) {
545 if (vaddr & mask(flags & AlignmentMask)) {
546 // LPAE is always disabled in SE mode
547 return std::make_shared<DataAbort>(
548 vaddr_tainted,
549 TlbEntry::DomainType::NoAccess, is_write,
550 ArmFault::AlignmentFault, isStage2,
551 ArmFault::VmsaTran);
552 }
553 }
554 }
555
556 Addr paddr;
557 Process *p = tc->getProcessPtr();
558
559 if (!p->pTable->translate(vaddr, paddr))
560 return std::make_shared<GenericPageTableFault>(vaddr_tainted);
561 req->setPaddr(paddr);
562
563 return finalizePhysical(req, tc, mode);
564 }
565
566 Fault
567 TLB::checkPermissions(TlbEntry *te, const RequestPtr &req, Mode mode)
568 {
569 // a data cache maintenance instruction that operates by MVA does
570 // not generate a Data Abort exeception due to a Permission fault
571 if (req->isCacheMaintenance()) {
572 return NoFault;
573 }
574
575 Addr vaddr = req->getVaddr(); // 32-bit don't have to purify
576 Request::Flags flags = req->getFlags();
577 bool is_fetch = (mode == Execute);
578 bool is_write = (mode == Write);
579 bool is_priv = isPriv && !(flags & UserMode);
580
581 // Get the translation type from the actuall table entry
582 ArmFault::TranMethod tranMethod = te->longDescFormat ? ArmFault::LpaeTran
583 : ArmFault::VmsaTran;
584
585 // If this is the second stage of translation and the request is for a
586 // stage 1 page table walk then we need to check the HCR.PTW bit. This
587 // allows us to generate a fault if the request targets an area marked
588 // as a device or strongly ordered.
589 if (isStage2 && req->isPTWalk() && hcr.ptw &&
590 (te->mtype != TlbEntry::MemoryType::Normal)) {
591 return std::make_shared<DataAbort>(
592 vaddr, te->domain, is_write,
593 ArmFault::PermissionLL + te->lookupLevel,
594 isStage2, tranMethod);
595 }
596
597 // Generate an alignment fault for unaligned data accesses to device or
598 // strongly ordered memory
599 if (!is_fetch) {
600 if (te->mtype != TlbEntry::MemoryType::Normal) {
601 if (vaddr & mask(flags & AlignmentMask)) {
602 alignFaults++;
603 return std::make_shared<DataAbort>(
604 vaddr, TlbEntry::DomainType::NoAccess, is_write,
605 ArmFault::AlignmentFault, isStage2,
606 tranMethod);
607 }
608 }
609 }
610
611 if (te->nonCacheable) {
612 // Prevent prefetching from I/O devices.
613 if (req->isPrefetch()) {
614 // Here we can safely use the fault status for the short
615 // desc. format in all cases
616 return std::make_shared<PrefetchAbort>(
617 vaddr, ArmFault::PrefetchUncacheable,
618 isStage2, tranMethod);
619 }
620 }
621
622 if (!te->longDescFormat) {
623 switch ((dacr >> (static_cast<uint8_t>(te->domain) * 2)) & 0x3) {
624 case 0:
625 domainFaults++;
626 DPRINTF(TLB, "TLB Fault: Data abort on domain. DACR: %#x"
627 " domain: %#x write:%d\n", dacr,
628 static_cast<uint8_t>(te->domain), is_write);
629 if (is_fetch) {
630 // Use PC value instead of vaddr because vaddr might
631 // be aligned to cache line and should not be the
632 // address reported in FAR
633 return std::make_shared<PrefetchAbort>(
634 req->getPC(),
635 ArmFault::DomainLL + te->lookupLevel,
636 isStage2, tranMethod);
637 } else
638 return std::make_shared<DataAbort>(
639 vaddr, te->domain, is_write,
640 ArmFault::DomainLL + te->lookupLevel,
641 isStage2, tranMethod);
642 case 1:
643 // Continue with permissions check
644 break;
645 case 2:
646 panic("UNPRED domain\n");
647 case 3:
648 return NoFault;
649 }
650 }
651
652 // The 'ap' variable is AP[2:0] or {AP[2,1],1b'0}, i.e. always three bits
653 uint8_t ap = te->longDescFormat ? te->ap << 1 : te->ap;
654 uint8_t hap = te->hap;
655
656 if (sctlr.afe == 1 || te->longDescFormat)
657 ap |= 1;
658
659 bool abt;
660 bool isWritable = true;
661 // If this is a stage 2 access (eg for reading stage 1 page table entries)
662 // then don't perform the AP permissions check, we stil do the HAP check
663 // below.
664 if (isStage2) {
665 abt = false;
666 } else {
667 switch (ap) {
668 case 0:
669 DPRINTF(TLB, "Access permissions 0, checking rs:%#x\n",
670 (int)sctlr.rs);
671 if (!sctlr.xp) {
672 switch ((int)sctlr.rs) {
673 case 2:
674 abt = is_write;
675 break;
676 case 1:
677 abt = is_write || !is_priv;
678 break;
679 case 0:
680 case 3:
681 default:
682 abt = true;
683 break;
684 }
685 } else {
686 abt = true;
687 }
688 break;
689 case 1:
690 abt = !is_priv;
691 break;
692 case 2:
693 abt = !is_priv && is_write;
694 isWritable = is_priv;
695 break;
696 case 3:
697 abt = false;
698 break;
699 case 4:
700 panic("UNPRED premissions\n");
701 case 5:
702 abt = !is_priv || is_write;
703 isWritable = false;
704 break;
705 case 6:
706 case 7:
707 abt = is_write;
708 isWritable = false;
709 break;
710 default:
711 panic("Unknown permissions %#x\n", ap);
712 }
713 }
714
715 bool hapAbt = is_write ? !(hap & 2) : !(hap & 1);
716 bool xn = te->xn || (isWritable && sctlr.wxn) ||
717 (ap == 3 && sctlr.uwxn && is_priv);
718 if (is_fetch && (abt || xn ||
719 (te->longDescFormat && te->pxn && is_priv) ||
720 (isSecure && te->ns && scr.sif))) {
721 permsFaults++;
722 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. AP:%d "
723 "priv:%d write:%d ns:%d sif:%d sctlr.afe: %d \n",
724 ap, is_priv, is_write, te->ns, scr.sif,sctlr.afe);
725 // Use PC value instead of vaddr because vaddr might be aligned to
726 // cache line and should not be the address reported in FAR
727 return std::make_shared<PrefetchAbort>(
728 req->getPC(),
729 ArmFault::PermissionLL + te->lookupLevel,
730 isStage2, tranMethod);
731 } else if (abt | hapAbt) {
732 permsFaults++;
733 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d priv:%d"
734 " write:%d\n", ap, is_priv, is_write);
735 return std::make_shared<DataAbort>(
736 vaddr, te->domain, is_write,
737 ArmFault::PermissionLL + te->lookupLevel,
738 isStage2 | !abt, tranMethod);
739 }
740 return NoFault;
741 }
742
743
744 Fault
745 TLB::checkPermissions64(TlbEntry *te, const RequestPtr &req, Mode mode,
746 ThreadContext *tc)
747 {
748 assert(aarch64);
749
750 // A data cache maintenance instruction that operates by VA does
751 // not generate a Permission fault unless:
752 // * It is a data cache invalidate (dc ivac) which requires write
753 // permissions to the VA, or
754 // * It is executed from EL0
755 if (req->isCacheClean() && aarch64EL != EL0 && !isStage2) {
756 return NoFault;
757 }
758
759 Addr vaddr_tainted = req->getVaddr();
760 Addr vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
761 mode==Execute);
762
763 Request::Flags flags = req->getFlags();
764 bool is_fetch = (mode == Execute);
765 // Cache clean operations require read permissions to the specified VA
766 bool is_write = !req->isCacheClean() && mode == Write;
767 bool is_atomic = req->isAtomic();
768 bool is_priv M5_VAR_USED = isPriv && !(flags & UserMode);
769
770 updateMiscReg(tc, curTranType);
771
772 // If this is the second stage of translation and the request is for a
773 // stage 1 page table walk then we need to check the HCR.PTW bit. This
774 // allows us to generate a fault if the request targets an area marked
775 // as a device or strongly ordered.
776 if (isStage2 && req->isPTWalk() && hcr.ptw &&
777 (te->mtype != TlbEntry::MemoryType::Normal)) {
778 return std::make_shared<DataAbort>(
779 vaddr_tainted, te->domain, is_write,
780 ArmFault::PermissionLL + te->lookupLevel,
781 isStage2, ArmFault::LpaeTran);
782 }
783
784 // Generate an alignment fault for unaligned accesses to device or
785 // strongly ordered memory
786 if (!is_fetch) {
787 if (te->mtype != TlbEntry::MemoryType::Normal) {
788 if (vaddr & mask(flags & AlignmentMask)) {
789 alignFaults++;
790 return std::make_shared<DataAbort>(
791 vaddr_tainted,
792 TlbEntry::DomainType::NoAccess,
793 is_atomic ? false : is_write,
794 ArmFault::AlignmentFault, isStage2,
795 ArmFault::LpaeTran);
796 }
797 }
798 }
799
800 if (te->nonCacheable) {
801 // Prevent prefetching from I/O devices.
802 if (req->isPrefetch()) {
803 // Here we can safely use the fault status for the short
804 // desc. format in all cases
805 return std::make_shared<PrefetchAbort>(
806 vaddr_tainted,
807 ArmFault::PrefetchUncacheable,
808 isStage2, ArmFault::LpaeTran);
809 }
810 }
811
812 uint8_t ap = 0x3 & (te->ap); // 2-bit access protection field
813 bool grant = false;
814
815 uint8_t xn = te->xn;
816 uint8_t pxn = te->pxn;
817 bool r = !is_write && !is_fetch;
818 bool w = is_write;
819 bool x = is_fetch;
820
821 // grant_read is used for faults from an atomic instruction that
822 // both reads and writes from a memory location. From a ISS point
823 // of view they count as read if a read to that address would have
824 // generated the fault; they count as writes otherwise
825 bool grant_read = true;
826 DPRINTF(TLBVerbose, "Checking permissions: ap:%d, xn:%d, pxn:%d, r:%d, "
827 "w:%d, x:%d\n", ap, xn, pxn, r, w, x);
828
829 if (isStage2) {
830 assert(ArmSystem::haveVirtualization(tc) && aarch64EL != EL2);
831 // In stage 2 we use the hypervisor access permission bits.
832 // The following permissions are described in ARM DDI 0487A.f
833 // D4-1802
834 uint8_t hap = 0x3 & te->hap;
835 grant_read = hap & 0x1;
836 if (is_fetch) {
837 // sctlr.wxn overrides the xn bit
838 grant = !sctlr.wxn && !xn;
839 } else if (is_write) {
840 grant = hap & 0x2;
841 } else { // is_read
842 grant = grant_read;
843 }
844 } else {
845 switch (aarch64EL) {
846 case EL0:
847 {
848 grant_read = ap & 0x1;
849 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
850 switch (perm) {
851 case 0:
852 case 1:
853 case 8:
854 case 9:
855 grant = x;
856 break;
857 case 4:
858 case 5:
859 grant = r || w || (x && !sctlr.wxn);
860 break;
861 case 6:
862 case 7:
863 grant = r || w;
864 break;
865 case 12:
866 case 13:
867 grant = r || x;
868 break;
869 case 14:
870 case 15:
871 grant = r;
872 break;
873 default:
874 grant = false;
875 }
876 }
877 break;
878 case EL1:
879 {
880 if (checkPAN(tc, ap, req, mode)) {
881 grant = false;
882 grant_read = false;
883 break;
884 }
885
886 uint8_t perm = (ap << 2) | (xn << 1) | pxn;
887 switch (perm) {
888 case 0:
889 case 2:
890 grant = r || w || (x && !sctlr.wxn);
891 break;
892 case 1:
893 case 3:
894 case 4:
895 case 5:
896 case 6:
897 case 7:
898 // regions that are writeable at EL0 should not be
899 // executable at EL1
900 grant = r || w;
901 break;
902 case 8:
903 case 10:
904 case 12:
905 case 14:
906 grant = r || x;
907 break;
908 case 9:
909 case 11:
910 case 13:
911 case 15:
912 grant = r;
913 break;
914 default:
915 grant = false;
916 }
917 }
918 break;
919 case EL2:
920 if (hcr.e2h && checkPAN(tc, ap, req, mode)) {
921 grant = false;
922 grant_read = false;
923 break;
924 }
925 M5_FALLTHROUGH;
926 case EL3:
927 {
928 uint8_t perm = (ap & 0x2) | xn;
929 switch (perm) {
930 case 0:
931 grant = r || w || (x && !sctlr.wxn) ;
932 break;
933 case 1:
934 grant = r || w;
935 break;
936 case 2:
937 grant = r || x;
938 break;
939 case 3:
940 grant = r;
941 break;
942 default:
943 grant = false;
944 }
945 }
946 break;
947 }
948 }
949
950 if (!grant) {
951 if (is_fetch) {
952 permsFaults++;
953 DPRINTF(TLB, "TLB Fault: Prefetch abort on permission check. "
954 "AP:%d priv:%d write:%d ns:%d sif:%d "
955 "sctlr.afe: %d\n",
956 ap, is_priv, is_write, te->ns, scr.sif, sctlr.afe);
957 // Use PC value instead of vaddr because vaddr might be aligned to
958 // cache line and should not be the address reported in FAR
959 return std::make_shared<PrefetchAbort>(
960 req->getPC(),
961 ArmFault::PermissionLL + te->lookupLevel,
962 isStage2, ArmFault::LpaeTran);
963 } else {
964 permsFaults++;
965 DPRINTF(TLB, "TLB Fault: Data abort on permission check. AP:%d "
966 "priv:%d write:%d\n", ap, is_priv, is_write);
967 return std::make_shared<DataAbort>(
968 vaddr_tainted, te->domain,
969 (is_atomic && !grant_read) ? false : is_write,
970 ArmFault::PermissionLL + te->lookupLevel,
971 isStage2, ArmFault::LpaeTran);
972 }
973 }
974
975 return NoFault;
976 }
977
978 bool
979 TLB::checkPAN(ThreadContext *tc, uint8_t ap, const RequestPtr &req, Mode mode)
980 {
981 // The PAN bit has no effect on:
982 // 1) Instruction accesses.
983 // 2) Data Cache instructions other than DC ZVA
984 // 3) Address translation instructions, other than ATS1E1RP and
985 // ATS1E1WP when ARMv8.2-ATS1E1 is implemented. (Unimplemented in
986 // gem5)
987 // 4) Unprivileged instructions (Unimplemented in gem5)
988 AA64MMFR1 mmfr1 = tc->readMiscReg(MISCREG_ID_AA64MMFR1_EL1);
989 if (mmfr1.pan && cpsr.pan && (ap & 0x1) && mode != Execute &&
990 (!req->isCacheMaintenance() ||
991 (req->getFlags() & Request::CACHE_BLOCK_ZERO))) {
992 return true;
993 } else {
994 return false;
995 }
996 }
997
998 Fault
999 TLB::translateMmuOff(ThreadContext *tc, const RequestPtr &req, Mode mode,
1000 TLB::ArmTranslationType tranType, Addr vaddr, bool long_desc_format)
1001 {
1002 bool is_fetch = (mode == Execute);
1003 req->setPaddr(vaddr);
1004 // When the MMU is off the security attribute corresponds to the
1005 // security state of the processor
1006 if (isSecure)
1007 req->setFlags(Request::SECURE);
1008
1009 // @todo: double check this (ARM ARM issue C B3.2.1)
1010 if (long_desc_format || sctlr.tre == 0 || nmrr.ir0 == 0 ||
1011 nmrr.or0 == 0 || prrr.tr0 != 0x2) {
1012 if (!req->isCacheMaintenance()) {
1013 req->setFlags(Request::UNCACHEABLE);
1014 }
1015 req->setFlags(Request::STRICT_ORDER);
1016 }
1017
1018 // Set memory attributes
1019 TlbEntry temp_te;
1020 temp_te.ns = !isSecure;
1021 if (isStage2 || hcr.dc == 0 || isSecure ||
1022 (isHyp && !(tranType & S1CTran))) {
1023
1024 temp_te.mtype = is_fetch ? TlbEntry::MemoryType::Normal
1025 : TlbEntry::MemoryType::StronglyOrdered;
1026 temp_te.innerAttrs = 0x0;
1027 temp_te.outerAttrs = 0x0;
1028 temp_te.shareable = true;
1029 temp_te.outerShareable = true;
1030 } else {
1031 temp_te.mtype = TlbEntry::MemoryType::Normal;
1032 temp_te.innerAttrs = 0x3;
1033 temp_te.outerAttrs = 0x3;
1034 temp_te.shareable = false;
1035 temp_te.outerShareable = false;
1036 }
1037 temp_te.setAttributes(long_desc_format);
1038 DPRINTF(TLBVerbose, "(No MMU) setting memory attributes: shareable: "
1039 "%d, innerAttrs: %d, outerAttrs: %d, isStage2: %d\n",
1040 temp_te.shareable, temp_te.innerAttrs, temp_te.outerAttrs,
1041 isStage2);
1042 setAttr(temp_te.attributes);
1043
1044 return testTranslation(req, mode, TlbEntry::DomainType::NoAccess);
1045 }
1046
1047 Fault
1048 TLB::translateMmuOn(ThreadContext* tc, const RequestPtr &req, Mode mode,
1049 Translation *translation, bool &delay, bool timing,
1050 bool functional, Addr vaddr,
1051 ArmFault::TranMethod tranMethod)
1052 {
1053 TlbEntry *te = NULL;
1054 bool is_fetch = (mode == Execute);
1055 TlbEntry mergeTe;
1056
1057 Request::Flags flags = req->getFlags();
1058 Addr vaddr_tainted = req->getVaddr();
1059
1060 Fault fault = getResultTe(&te, req, tc, mode, translation, timing,
1061 functional, &mergeTe);
1062 // only proceed if we have a valid table entry
1063 if ((te == NULL) && (fault == NoFault)) delay = true;
1064
1065 // If we have the table entry transfer some of the attributes to the
1066 // request that triggered the translation
1067 if (te != NULL) {
1068 // Set memory attributes
1069 DPRINTF(TLBVerbose,
1070 "Setting memory attributes: shareable: %d, innerAttrs: %d, "
1071 "outerAttrs: %d, mtype: %d, isStage2: %d\n",
1072 te->shareable, te->innerAttrs, te->outerAttrs,
1073 static_cast<uint8_t>(te->mtype), isStage2);
1074 setAttr(te->attributes);
1075
1076 if (te->nonCacheable && !req->isCacheMaintenance())
1077 req->setFlags(Request::UNCACHEABLE);
1078
1079 // Require requests to be ordered if the request goes to
1080 // strongly ordered or device memory (i.e., anything other
1081 // than normal memory requires strict order).
1082 if (te->mtype != TlbEntry::MemoryType::Normal)
1083 req->setFlags(Request::STRICT_ORDER);
1084
1085 Addr pa = te->pAddr(vaddr);
1086 req->setPaddr(pa);
1087
1088 if (isSecure && !te->ns) {
1089 req->setFlags(Request::SECURE);
1090 }
1091 if ((!is_fetch) && (vaddr & mask(flags & AlignmentMask)) &&
1092 (te->mtype != TlbEntry::MemoryType::Normal)) {
1093 // Unaligned accesses to Device memory should always cause an
1094 // abort regardless of sctlr.a
1095 alignFaults++;
1096 bool is_write = (mode == Write);
1097 return std::make_shared<DataAbort>(
1098 vaddr_tainted,
1099 TlbEntry::DomainType::NoAccess, is_write,
1100 ArmFault::AlignmentFault, isStage2,
1101 tranMethod);
1102 }
1103
1104 // Check for a trickbox generated address fault
1105 if (fault == NoFault)
1106 fault = testTranslation(req, mode, te->domain);
1107 }
1108
1109 if (fault == NoFault) {
1110 // Don't try to finalize a physical address unless the
1111 // translation has completed (i.e., there is a table entry).
1112 return te ? finalizePhysical(req, tc, mode) : NoFault;
1113 } else {
1114 return fault;
1115 }
1116 }
1117
1118 Fault
1119 TLB::translateFs(const RequestPtr &req, ThreadContext *tc, Mode mode,
1120 Translation *translation, bool &delay, bool timing,
1121 TLB::ArmTranslationType tranType, bool functional)
1122 {
1123 // No such thing as a functional timing access
1124 assert(!(timing && functional));
1125
1126 updateMiscReg(tc, tranType);
1127
1128 Addr vaddr_tainted = req->getVaddr();
1129 Addr vaddr = 0;
1130 if (aarch64)
1131 vaddr = purifyTaggedAddr(vaddr_tainted, tc, aarch64EL, (TCR)ttbcr,
1132 mode==Execute);
1133 else
1134 vaddr = vaddr_tainted;
1135 Request::Flags flags = req->getFlags();
1136
1137 bool is_fetch = (mode == Execute);
1138 bool is_write = (mode == Write);
1139 bool long_desc_format = aarch64 || longDescFormatInUse(tc);
1140 ArmFault::TranMethod tranMethod = long_desc_format ? ArmFault::LpaeTran
1141 : ArmFault::VmsaTran;
1142
1143 req->setAsid(asid);
1144
1145 DPRINTF(TLBVerbose, "CPSR is priv:%d UserMode:%d secure:%d S1S2NsTran:%d\n",
1146 isPriv, flags & UserMode, isSecure, tranType & S1S2NsTran);
1147
1148 DPRINTF(TLB, "translateFs addr %#x, mode %d, st2 %d, scr %#x sctlr %#x "
1149 "flags %#lx tranType 0x%x\n", vaddr_tainted, mode, isStage2,
1150 scr, sctlr, flags, tranType);
1151
1152 if ((req->isInstFetch() && (!sctlr.i)) ||
1153 ((!req->isInstFetch()) && (!sctlr.c))){
1154 if (!req->isCacheMaintenance()) {
1155 req->setFlags(Request::UNCACHEABLE);
1156 }
1157 req->setFlags(Request::STRICT_ORDER);
1158 }
1159 if (!is_fetch) {
1160 assert(flags & MustBeOne || req->isPrefetch());
1161 if (sctlr.a || !(flags & AllowUnaligned)) {
1162 if (vaddr & mask(flags & AlignmentMask)) {
1163 alignFaults++;
1164 return std::make_shared<DataAbort>(
1165 vaddr_tainted,
1166 TlbEntry::DomainType::NoAccess, is_write,
1167 ArmFault::AlignmentFault, isStage2,
1168 tranMethod);
1169 }
1170 }
1171 }
1172
1173 // If guest MMU is off or hcr.vm=0 go straight to stage2
1174 if ((isStage2 && !hcr.vm) || (!isStage2 && !sctlr.m)) {
1175 return translateMmuOff(tc, req, mode, tranType, vaddr,
1176 long_desc_format);
1177 } else {
1178 DPRINTF(TLBVerbose, "Translating %s=%#x context=%d\n",
1179 isStage2 ? "IPA" : "VA", vaddr_tainted, asid);
1180 // Translation enabled
1181 return translateMmuOn(tc, req, mode, translation, delay, timing,
1182 functional, vaddr, tranMethod);
1183 }
1184 }
1185
1186 Fault
1187 TLB::translateAtomic(const RequestPtr &req, ThreadContext *tc, Mode mode,
1188 TLB::ArmTranslationType tranType)
1189 {
1190 updateMiscReg(tc, tranType);
1191
1192 if (directToStage2) {
1193 assert(stage2Tlb);
1194 return stage2Tlb->translateAtomic(req, tc, mode, tranType);
1195 }
1196
1197 bool delay = false;
1198 Fault fault;
1199 if (FullSystem)
1200 fault = translateFs(req, tc, mode, NULL, delay, false, tranType);
1201 else
1202 fault = translateSe(req, tc, mode, NULL, delay, false);
1203 assert(!delay);
1204 return fault;
1205 }
1206
1207 Fault
1208 TLB::translateFunctional(const RequestPtr &req, ThreadContext *tc, Mode mode,
1209 TLB::ArmTranslationType tranType)
1210 {
1211 updateMiscReg(tc, tranType);
1212
1213 if (directToStage2) {
1214 assert(stage2Tlb);
1215 return stage2Tlb->translateFunctional(req, tc, mode, tranType);
1216 }
1217
1218 bool delay = false;
1219 Fault fault;
1220 if (FullSystem)
1221 fault = translateFs(req, tc, mode, NULL, delay, false, tranType, true);
1222 else
1223 fault = translateSe(req, tc, mode, NULL, delay, false);
1224 assert(!delay);
1225 return fault;
1226 }
1227
1228 void
1229 TLB::translateTiming(const RequestPtr &req, ThreadContext *tc,
1230 Translation *translation, Mode mode, TLB::ArmTranslationType tranType)
1231 {
1232 updateMiscReg(tc, tranType);
1233
1234 if (directToStage2) {
1235 assert(stage2Tlb);
1236 stage2Tlb->translateTiming(req, tc, translation, mode, tranType);
1237 return;
1238 }
1239
1240 assert(translation);
1241
1242 translateComplete(req, tc, translation, mode, tranType, isStage2);
1243 }
1244
1245 Fault
1246 TLB::translateComplete(const RequestPtr &req, ThreadContext *tc,
1247 Translation *translation, Mode mode, TLB::ArmTranslationType tranType,
1248 bool callFromS2)
1249 {
1250 bool delay = false;
1251 Fault fault;
1252 if (FullSystem)
1253 fault = translateFs(req, tc, mode, translation, delay, true, tranType);
1254 else
1255 fault = translateSe(req, tc, mode, translation, delay, true);
1256 DPRINTF(TLBVerbose, "Translation returning delay=%d fault=%d\n", delay, fault !=
1257 NoFault);
1258 // If we have a translation, and we're not in the middle of doing a stage
1259 // 2 translation tell the translation that we've either finished or its
1260 // going to take a while. By not doing this when we're in the middle of a
1261 // stage 2 translation we prevent marking the translation as delayed twice,
1262 // one when the translation starts and again when the stage 1 translation
1263 // completes.
1264 if (translation && (callFromS2 || !stage2Req || req->hasPaddr() || fault != NoFault)) {
1265 if (!delay)
1266 translation->finish(fault, req, tc, mode);
1267 else
1268 translation->markDelayed();
1269 }
1270 return fault;
1271 }
1272
1273 Port *
1274 TLB::getTableWalkerPort()
1275 {
1276 return &stage2Mmu->getDMAPort();
1277 }
1278
1279 void
1280 TLB::updateMiscReg(ThreadContext *tc, ArmTranslationType tranType)
1281 {
1282 // check if the regs have changed, or the translation mode is different.
1283 // NOTE: the tran type doesn't affect stage 2 TLB's as they only handle
1284 // one type of translation anyway
1285 if (miscRegValid && miscRegContext == tc->contextId() &&
1286 ((tranType == curTranType) || isStage2)) {
1287 return;
1288 }
1289
1290 DPRINTF(TLBVerbose, "TLB variables changed!\n");
1291 cpsr = tc->readMiscReg(MISCREG_CPSR);
1292
1293 // Dependencies: SCR/SCR_EL3, CPSR
1294 isSecure = inSecureState(tc) &&
1295 !(tranType & HypMode) && !(tranType & S1S2NsTran);
1296
1297 aarch64EL = tranTypeEL(cpsr, tranType);
1298 aarch64 = isStage2 ?
1299 ELIs64(tc, EL2) :
1300 ELIs64(tc, aarch64EL == EL0 ? EL1 : aarch64EL);
1301
1302 if (aarch64) { // AArch64
1303 // determine EL we need to translate in
1304 switch (aarch64EL) {
1305 case EL0:
1306 case EL1:
1307 {
1308 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL1);
1309 ttbcr = tc->readMiscReg(MISCREG_TCR_EL1);
1310 uint64_t ttbr_asid = ttbcr.a1 ?
1311 tc->readMiscReg(MISCREG_TTBR1_EL1) :
1312 tc->readMiscReg(MISCREG_TTBR0_EL1);
1313 asid = bits(ttbr_asid,
1314 (haveLargeAsid64 && ttbcr.as) ? 63 : 55, 48);
1315 }
1316 break;
1317 case EL2:
1318 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL2);
1319 ttbcr = tc->readMiscReg(MISCREG_TCR_EL2);
1320 asid = -1;
1321 break;
1322 case EL3:
1323 sctlr = tc->readMiscReg(MISCREG_SCTLR_EL3);
1324 ttbcr = tc->readMiscReg(MISCREG_TCR_EL3);
1325 asid = -1;
1326 break;
1327 }
1328 hcr = tc->readMiscReg(MISCREG_HCR_EL2);
1329 scr = tc->readMiscReg(MISCREG_SCR_EL3);
1330 isPriv = aarch64EL != EL0;
1331 if (haveVirtualization) {
1332 vmid = bits(tc->readMiscReg(MISCREG_VTTBR_EL2), 55, 48);
1333 isHyp = aarch64EL == EL2;
1334 isHyp |= tranType & HypMode;
1335 isHyp &= (tranType & S1S2NsTran) == 0;
1336 isHyp &= (tranType & S1CTran) == 0;
1337 // Work out if we should skip the first stage of translation and go
1338 // directly to stage 2. This value is cached so we don't have to
1339 // compute it for every translation.
1340 stage2Req = isStage2 ||
1341 (hcr.vm && !isHyp && !isSecure &&
1342 !(tranType & S1CTran) && (aarch64EL < EL2) &&
1343 !(tranType & S1E1Tran)); // <--- FIX THIS HACK
1344 stage2DescReq = isStage2 || (hcr.vm && !isHyp && !isSecure &&
1345 (aarch64EL < EL2));
1346 directToStage2 = !isStage2 && stage2Req && !sctlr.m;
1347 } else {
1348 vmid = 0;
1349 isHyp = false;
1350 directToStage2 = false;
1351 stage2Req = false;
1352 stage2DescReq = false;
1353 }
1354 } else { // AArch32
1355 sctlr = tc->readMiscReg(snsBankedIndex(MISCREG_SCTLR, tc,
1356 !isSecure));
1357 ttbcr = tc->readMiscReg(snsBankedIndex(MISCREG_TTBCR, tc,
1358 !isSecure));
1359 scr = tc->readMiscReg(MISCREG_SCR);
1360 isPriv = cpsr.mode != MODE_USER;
1361 if (longDescFormatInUse(tc)) {
1362 uint64_t ttbr_asid = tc->readMiscReg(
1363 snsBankedIndex(ttbcr.a1 ? MISCREG_TTBR1 :
1364 MISCREG_TTBR0,
1365 tc, !isSecure));
1366 asid = bits(ttbr_asid, 55, 48);
1367 } else { // Short-descriptor translation table format in use
1368 CONTEXTIDR context_id = tc->readMiscReg(snsBankedIndex(
1369 MISCREG_CONTEXTIDR, tc,!isSecure));
1370 asid = context_id.asid;
1371 }
1372 prrr = tc->readMiscReg(snsBankedIndex(MISCREG_PRRR, tc,
1373 !isSecure));
1374 nmrr = tc->readMiscReg(snsBankedIndex(MISCREG_NMRR, tc,
1375 !isSecure));
1376 dacr = tc->readMiscReg(snsBankedIndex(MISCREG_DACR, tc,
1377 !isSecure));
1378 hcr = tc->readMiscReg(MISCREG_HCR);
1379
1380 if (haveVirtualization) {
1381 vmid = bits(tc->readMiscReg(MISCREG_VTTBR), 55, 48);
1382 isHyp = cpsr.mode == MODE_HYP;
1383 isHyp |= tranType & HypMode;
1384 isHyp &= (tranType & S1S2NsTran) == 0;
1385 isHyp &= (tranType & S1CTran) == 0;
1386 if (isHyp) {
1387 sctlr = tc->readMiscReg(MISCREG_HSCTLR);
1388 }
1389 // Work out if we should skip the first stage of translation and go
1390 // directly to stage 2. This value is cached so we don't have to
1391 // compute it for every translation.
1392 stage2Req = hcr.vm && !isStage2 && !isHyp && !isSecure &&
1393 !(tranType & S1CTran);
1394 stage2DescReq = hcr.vm && !isStage2 && !isHyp && !isSecure;
1395 directToStage2 = stage2Req && !sctlr.m;
1396 } else {
1397 vmid = 0;
1398 stage2Req = false;
1399 isHyp = false;
1400 directToStage2 = false;
1401 stage2DescReq = false;
1402 }
1403 }
1404 miscRegValid = true;
1405 miscRegContext = tc->contextId();
1406 curTranType = tranType;
1407 }
1408
1409 ExceptionLevel
1410 TLB::tranTypeEL(CPSR cpsr, ArmTranslationType type)
1411 {
1412 switch (type) {
1413 case S1E0Tran:
1414 case S12E0Tran:
1415 return EL0;
1416
1417 case S1E1Tran:
1418 case S12E1Tran:
1419 return EL1;
1420
1421 case S1E2Tran:
1422 return EL2;
1423
1424 case S1E3Tran:
1425 return EL3;
1426
1427 case NormalTran:
1428 case S1CTran:
1429 case S1S2NsTran:
1430 case HypMode:
1431 return currEL(cpsr);
1432
1433 default:
1434 panic("Unknown translation mode!\n");
1435 }
1436 }
1437
1438 Fault
1439 TLB::getTE(TlbEntry **te, const RequestPtr &req, ThreadContext *tc, Mode mode,
1440 Translation *translation, bool timing, bool functional,
1441 bool is_secure, TLB::ArmTranslationType tranType)
1442 {
1443 // In a 2-stage system, the IPA->PA translation can be started via this
1444 // call so make sure the miscRegs are correct.
1445 if (isStage2) {
1446 updateMiscReg(tc, tranType);
1447 }
1448 bool is_fetch = (mode == Execute);
1449 bool is_write = (mode == Write);
1450
1451 Addr vaddr_tainted = req->getVaddr();
1452 Addr vaddr = 0;
1453 ExceptionLevel target_el = aarch64 ? aarch64EL : EL1;
1454 if (aarch64) {
1455 vaddr = purifyTaggedAddr(vaddr_tainted, tc, target_el, (TCR)ttbcr,
1456 mode==Execute);
1457 } else {
1458 vaddr = vaddr_tainted;
1459 }
1460 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false, target_el);
1461 if (*te == NULL) {
1462 if (req->isPrefetch()) {
1463 // if the request is a prefetch don't attempt to fill the TLB or go
1464 // any further with the memory access (here we can safely use the
1465 // fault status for the short desc. format in all cases)
1466 prefetchFaults++;
1467 return std::make_shared<PrefetchAbort>(
1468 vaddr_tainted, ArmFault::PrefetchTLBMiss, isStage2);
1469 }
1470
1471 if (is_fetch)
1472 instMisses++;
1473 else if (is_write)
1474 writeMisses++;
1475 else
1476 readMisses++;
1477
1478 // start translation table walk, pass variables rather than
1479 // re-retreaving in table walker for speed
1480 DPRINTF(TLB, "TLB Miss: Starting hardware table walker for %#x(%d:%d)\n",
1481 vaddr_tainted, asid, vmid);
1482 Fault fault;
1483 fault = tableWalker->walk(req, tc, asid, vmid, isHyp, mode,
1484 translation, timing, functional, is_secure,
1485 tranType, stage2DescReq);
1486 // for timing mode, return and wait for table walk,
1487 if (timing || fault != NoFault) {
1488 return fault;
1489 }
1490
1491 *te = lookup(vaddr, asid, vmid, isHyp, is_secure, false, false, target_el);
1492 if (!*te)
1493 printTlb();
1494 assert(*te);
1495 } else {
1496 if (is_fetch)
1497 instHits++;
1498 else if (is_write)
1499 writeHits++;
1500 else
1501 readHits++;
1502 }
1503 return NoFault;
1504 }
1505
1506 Fault
1507 TLB::getResultTe(TlbEntry **te, const RequestPtr &req,
1508 ThreadContext *tc, Mode mode,
1509 Translation *translation, bool timing, bool functional,
1510 TlbEntry *mergeTe)
1511 {
1512 Fault fault;
1513
1514 if (isStage2) {
1515 // We are already in the stage 2 TLB. Grab the table entry for stage
1516 // 2 only. We are here because stage 1 translation is disabled.
1517 TlbEntry *s2Te = NULL;
1518 // Get the stage 2 table entry
1519 fault = getTE(&s2Te, req, tc, mode, translation, timing, functional,
1520 isSecure, curTranType);
1521 // Check permissions of stage 2
1522 if ((s2Te != NULL) && (fault == NoFault)) {
1523 if (aarch64)
1524 fault = checkPermissions64(s2Te, req, mode, tc);
1525 else
1526 fault = checkPermissions(s2Te, req, mode);
1527 }
1528 *te = s2Te;
1529 return fault;
1530 }
1531
1532 TlbEntry *s1Te = NULL;
1533
1534 Addr vaddr_tainted = req->getVaddr();
1535
1536 // Get the stage 1 table entry
1537 fault = getTE(&s1Te, req, tc, mode, translation, timing, functional,
1538 isSecure, curTranType);
1539 // only proceed if we have a valid table entry
1540 if ((s1Te != NULL) && (fault == NoFault)) {
1541 // Check stage 1 permissions before checking stage 2
1542 if (aarch64)
1543 fault = checkPermissions64(s1Te, req, mode, tc);
1544 else
1545 fault = checkPermissions(s1Te, req, mode);
1546 if (stage2Req & (fault == NoFault)) {
1547 Stage2LookUp *s2Lookup = new Stage2LookUp(this, stage2Tlb, *s1Te,
1548 req, translation, mode, timing, functional, curTranType);
1549 fault = s2Lookup->getTe(tc, mergeTe);
1550 if (s2Lookup->isComplete()) {
1551 *te = mergeTe;
1552 // We've finished with the lookup so delete it
1553 delete s2Lookup;
1554 } else {
1555 // The lookup hasn't completed, so we can't delete it now. We
1556 // get round this by asking the object to self delete when the
1557 // translation is complete.
1558 s2Lookup->setSelfDelete();
1559 }
1560 } else {
1561 // This case deals with an S1 hit (or bypass), followed by
1562 // an S2 hit-but-perms issue
1563 if (isStage2) {
1564 DPRINTF(TLBVerbose, "s2TLB: reqVa %#x, reqPa %#x, fault %p\n",
1565 vaddr_tainted, req->hasPaddr() ? req->getPaddr() : ~0, fault);
1566 if (fault != NoFault) {
1567 ArmFault *armFault = reinterpret_cast<ArmFault *>(fault.get());
1568 armFault->annotate(ArmFault::S1PTW, false);
1569 armFault->annotate(ArmFault::OVA, vaddr_tainted);
1570 }
1571 }
1572 *te = s1Te;
1573 }
1574 }
1575 return fault;
1576 }
1577
1578 void
1579 TLB::setTestInterface(SimObject *_ti)
1580 {
1581 if (!_ti) {
1582 test = nullptr;
1583 } else {
1584 TlbTestInterface *ti(dynamic_cast<TlbTestInterface *>(_ti));
1585 fatal_if(!ti, "%s is not a valid ARM TLB tester\n", _ti->name());
1586 test = ti;
1587 }
1588 }
1589
1590 Fault
1591 TLB::testTranslation(const RequestPtr &req, Mode mode,
1592 TlbEntry::DomainType domain)
1593 {
1594 if (!test || !req->hasSize() || req->getSize() == 0 ||
1595 req->isCacheMaintenance()) {
1596 return NoFault;
1597 } else {
1598 return test->translationCheck(req, isPriv, mode, domain);
1599 }
1600 }
1601
1602 Fault
1603 TLB::testWalk(Addr pa, Addr size, Addr va, bool is_secure, Mode mode,
1604 TlbEntry::DomainType domain, LookupLevel lookup_level)
1605 {
1606 if (!test) {
1607 return NoFault;
1608 } else {
1609 return test->walkCheck(pa, size, va, is_secure, isPriv, mode,
1610 domain, lookup_level);
1611 }
1612 }
1613
1614
1615 ArmISA::TLB *
1616 ArmTLBParams::create()
1617 {
1618 return new ArmISA::TLB(this);
1619 }