aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gdbstub.c14
-rw-r--r--semihosting/config.c1
-rw-r--r--target/arm/cpu.h133
-rw-r--r--target/arm/debug_helper.c220
-rw-r--r--target/arm/helper.c53
-rw-r--r--target/arm/helper.h8
-rw-r--r--target/arm/internals.h43
-rw-r--r--target/arm/op_helper.c52
-rw-r--r--target/arm/syndrome.h7
-rw-r--r--target/arm/translate-a64.c34
-rw-r--r--target/arm/translate-m-nocp.c15
-rw-r--r--target/arm/translate-mve.c3
-rw-r--r--target/arm/translate-vfp.c18
-rw-r--r--target/arm/translate.c106
-rw-r--r--target/arm/translate.h43
-rw-r--r--tests/qtest/npcm7xx_sdhci-test.c2
16 files changed, 390 insertions, 362 deletions
diff --git a/gdbstub.c b/gdbstub.c
index a3ff870..88a34c8 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -443,6 +443,15 @@ static int get_char(void)
}
#endif
+/*
+ * Return true if there is a GDB currently connected to the stub
+ * and attached to a CPU
+ */
+static bool gdb_attached(void)
+{
+ return gdbserver_state.init && gdbserver_state.c_cpu;
+}
+
static enum {
GDB_SYS_UNKNOWN,
GDB_SYS_ENABLED,
@@ -464,8 +473,7 @@ int use_gdb_syscalls(void)
/* -semihosting-config target=auto */
/* On the first call check if gdb is connected and remember. */
if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
- gdb_syscall_mode = gdbserver_state.init ?
- GDB_SYS_ENABLED : GDB_SYS_DISABLED;
+ gdb_syscall_mode = gdb_attached() ? GDB_SYS_ENABLED : GDB_SYS_DISABLED;
}
return gdb_syscall_mode == GDB_SYS_ENABLED;
}
@@ -2886,7 +2894,7 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
target_ulong addr;
uint64_t i64;
- if (!gdbserver_state.init) {
+ if (!gdb_attached()) {
return;
}
diff --git a/semihosting/config.c b/semihosting/config.c
index 50d8210..3afacf5 100644
--- a/semihosting/config.c
+++ b/semihosting/config.c
@@ -27,6 +27,7 @@
QemuOptsList qemu_semihosting_config_opts = {
.name = "semihosting-config",
+ .merge_lists = true,
.implied_opt_name = "enable",
.head = QTAILQ_HEAD_INITIALIZER(qemu_semihosting_config_opts.head),
.desc = {
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 78dbcb5..df677b2 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2986,27 +2986,6 @@ typedef enum ARMASIdx {
ARMASIdx_TagS = 3,
} ARMASIdx;
-/* Return the Exception Level targeted by debug exceptions. */
-static inline int arm_debug_target_el(CPUARMState *env)
-{
- bool secure = arm_is_secure(env);
- bool route_to_el2 = false;
-
- if (arm_is_el2_enabled(env)) {
- route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
- env->cp15.mdcr_el2 & MDCR_TDE;
- }
-
- if (route_to_el2) {
- return 2;
- } else if (arm_feature(env, ARM_FEATURE_EL3) &&
- !arm_el_is_aa64(env, 3) && secure) {
- return 3;
- } else {
- return 1;
- }
-}
-
static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
{
/* If all the CLIDR.Ctypem bits are 0 there are no caches, and
@@ -3015,107 +2994,6 @@ static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
return (cpu->clidr & R_V7M_CLIDR_CTYPE_ALL_MASK) != 0;
}
-/* See AArch64.GenerateDebugExceptionsFrom() in ARM ARM pseudocode */
-static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
-{
- int cur_el = arm_current_el(env);
- int debug_el;
-
- if (cur_el == 3) {
- return false;
- }
-
- /* MDCR_EL3.SDD disables debug events from Secure state */
- if (arm_is_secure_below_el3(env)
- && extract32(env->cp15.mdcr_el3, 16, 1)) {
- return false;
- }
-
- /*
- * Same EL to same EL debug exceptions need MDSCR_KDE enabled
- * while not masking the (D)ebug bit in DAIF.
- */
- debug_el = arm_debug_target_el(env);
-
- if (cur_el == debug_el) {
- return extract32(env->cp15.mdscr_el1, 13, 1)
- && !(env->daif & PSTATE_D);
- }
-
- /* Otherwise the debug target needs to be a higher EL */
- return debug_el > cur_el;
-}
-
-static inline bool aa32_generate_debug_exceptions(CPUARMState *env)
-{
- int el = arm_current_el(env);
-
- if (el == 0 && arm_el_is_aa64(env, 1)) {
- return aa64_generate_debug_exceptions(env);
- }
-
- if (arm_is_secure(env)) {
- int spd;
-
- if (el == 0 && (env->cp15.sder & 1)) {
- /* SDER.SUIDEN means debug exceptions from Secure EL0
- * are always enabled. Otherwise they are controlled by
- * SDCR.SPD like those from other Secure ELs.
- */
- return true;
- }
-
- spd = extract32(env->cp15.mdcr_el3, 14, 2);
- switch (spd) {
- case 1:
- /* SPD == 0b01 is reserved, but behaves as 0b00. */
- case 0:
- /* For 0b00 we return true if external secure invasive debug
- * is enabled. On real hardware this is controlled by external
- * signals to the core. QEMU always permits debug, and behaves
- * as if DBGEN, SPIDEN, NIDEN and SPNIDEN are all tied high.
- */
- return true;
- case 2:
- return false;
- case 3:
- return true;
- }
- }
-
- return el != 2;
-}
-
-/* Return true if debugging exceptions are currently enabled.
- * This corresponds to what in ARM ARM pseudocode would be
- * if UsingAArch32() then
- * return AArch32.GenerateDebugExceptions()
- * else
- * return AArch64.GenerateDebugExceptions()
- * We choose to push the if() down into this function for clarity,
- * since the pseudocode has it at all callsites except for the one in
- * CheckSoftwareStep(), where it is elided because both branches would
- * always return the same value.
- */
-static inline bool arm_generate_debug_exceptions(CPUARMState *env)
-{
- if (env->aarch64) {
- return aa64_generate_debug_exceptions(env);
- } else {
- return aa32_generate_debug_exceptions(env);
- }
-}
-
-/* Is single-stepping active? (Note that the "is EL_D AArch64?" check
- * implicitly means this always returns false in pre-v8 CPUs.)
- */
-static inline bool arm_singlestep_active(CPUARMState *env)
-{
- return extract32(env->cp15.mdscr_el1, 0, 1)
- && arm_el_is_aa64(env, arm_debug_target_el(env))
- && arm_generate_debug_exceptions(env);
-}
-
static inline bool arm_sctlr_b(CPUARMState *env)
{
return
@@ -3205,11 +3083,9 @@ FIELD(TBFLAG_ANY, BE_DATA, 3, 1)
FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
/* Target EL if we take a floating-point-disabled exception */
FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
-/* For A-profile only, target EL for debug exceptions. */
-FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
/* Memory operations require alignment: SCTLR_ELx.A or CCR.UNALIGN_TRP */
-FIELD(TBFLAG_ANY, ALIGN_MEM, 12, 1)
-FIELD(TBFLAG_ANY, PSTATE__IL, 13, 1)
+FIELD(TBFLAG_ANY, ALIGN_MEM, 10, 1)
+FIELD(TBFLAG_ANY, PSTATE__IL, 11, 1)
/*
* Bit usage when in AArch32 state, both A- and M-profile.
@@ -3978,6 +3854,11 @@ static inline bool isar_feature_aa64_aa32_el1(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL1) >= 2;
}
+static inline bool isar_feature_aa64_aa32_el2(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL2) >= 2;
+}
+
static inline bool isar_feature_aa64_ras(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RAS) != 0;
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 4689369..b18a6bd 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -11,6 +11,153 @@
#include "exec/exec-all.h"
#include "exec/helper-proto.h"
+
+/* Return the Exception Level targeted by debug exceptions. */
+static int arm_debug_target_el(CPUARMState *env)
+{
+ bool secure = arm_is_secure(env);
+ bool route_to_el2 = false;
+
+ if (arm_is_el2_enabled(env)) {
+ route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
+ env->cp15.mdcr_el2 & MDCR_TDE;
+ }
+
+ if (route_to_el2) {
+ return 2;
+ } else if (arm_feature(env, ARM_FEATURE_EL3) &&
+ !arm_el_is_aa64(env, 3) && secure) {
+ return 3;
+ } else {
+ return 1;
+ }
+}
+
+/*
+ * Raise an exception to the debug target el.
+ * Modify syndrome to indicate when origin and target EL are the same.
+ */
+G_NORETURN static void
+raise_exception_debug(CPUARMState *env, uint32_t excp, uint32_t syndrome)
+{
+ int debug_el = arm_debug_target_el(env);
+ int cur_el = arm_current_el(env);
+
+ /*
+ * If singlestep is targeting a lower EL than the current one, then
+ * DisasContext.ss_active must be false and we can never get here.
+ * Similarly for watchpoint and breakpoint matches.
+ */
+ assert(debug_el >= cur_el);
+ syndrome |= (debug_el == cur_el) << ARM_EL_EC_SHIFT;
+ raise_exception(env, excp, syndrome, debug_el);
+}
+
+/* See AArch64.GenerateDebugExceptionsFrom() in ARM ARM pseudocode */
+static bool aa64_generate_debug_exceptions(CPUARMState *env)
+{
+ int cur_el = arm_current_el(env);
+ int debug_el;
+
+ if (cur_el == 3) {
+ return false;
+ }
+
+ /* MDCR_EL3.SDD disables debug events from Secure state */
+ if (arm_is_secure_below_el3(env)
+ && extract32(env->cp15.mdcr_el3, 16, 1)) {
+ return false;
+ }
+
+ /*
+ * Same EL to same EL debug exceptions need MDSCR_KDE enabled
+ * while not masking the (D)ebug bit in DAIF.
+ */
+ debug_el = arm_debug_target_el(env);
+
+ if (cur_el == debug_el) {
+ return extract32(env->cp15.mdscr_el1, 13, 1)
+ && !(env->daif & PSTATE_D);
+ }
+
+ /* Otherwise the debug target needs to be a higher EL */
+ return debug_el > cur_el;
+}
+
+static bool aa32_generate_debug_exceptions(CPUARMState *env)
+{
+ int el = arm_current_el(env);
+
+ if (el == 0 && arm_el_is_aa64(env, 1)) {
+ return aa64_generate_debug_exceptions(env);
+ }
+
+ if (arm_is_secure(env)) {
+ int spd;
+
+ if (el == 0 && (env->cp15.sder & 1)) {
+ /*
+ * SDER.SUIDEN means debug exceptions from Secure EL0
+ * are always enabled. Otherwise they are controlled by
+ * SDCR.SPD like those from other Secure ELs.
+ */
+ return true;
+ }
+
+ spd = extract32(env->cp15.mdcr_el3, 14, 2);
+ switch (spd) {
+ case 1:
+ /* SPD == 0b01 is reserved, but behaves as 0b00. */
+ case 0:
+ /*
+ * For 0b00 we return true if external secure invasive debug
+ * is enabled. On real hardware this is controlled by external
+ * signals to the core. QEMU always permits debug, and behaves
+ * as if DBGEN, SPIDEN, NIDEN and SPNIDEN are all tied high.
+ */
+ return true;
+ case 2:
+ return false;
+ case 3:
+ return true;
+ }
+ }
+
+ return el != 2;
+}
+
+/*
+ * Return true if debugging exceptions are currently enabled.
+ * This corresponds to what in ARM ARM pseudocode would be
+ * if UsingAArch32() then
+ * return AArch32.GenerateDebugExceptions()
+ * else
+ * return AArch64.GenerateDebugExceptions()
+ * We choose to push the if() down into this function for clarity,
+ * since the pseudocode has it at all callsites except for the one in
+ * CheckSoftwareStep(), where it is elided because both branches would
+ * always return the same value.
+ */
+bool arm_generate_debug_exceptions(CPUARMState *env)
+{
+ if (is_a64(env)) {
+ return aa64_generate_debug_exceptions(env);
+ } else {
+ return aa32_generate_debug_exceptions(env);
+ }
+}
+
+/*
+ * Is single-stepping active? (Note that the "is EL_D AArch64?" check
+ * implicitly means this always returns false in pre-v8 CPUs.)
+ */
+bool arm_singlestep_active(CPUARMState *env)
+{
+ return extract32(env->cp15.mdscr_el1, 0, 1)
+ && arm_el_is_aa64(env, arm_debug_target_el(env))
+ && arm_generate_debug_exceptions(env);
+}
+
/* Return true if the linked breakpoint entry lbn passes its checks */
static bool linked_bp_matches(ARMCPU *cpu, int lbn)
{
@@ -273,6 +420,32 @@ bool arm_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp)
return check_watchpoints(cpu);
}
+/*
+ * Return the FSR value for a debug exception (watchpoint, hardware
+ * breakpoint or BKPT insn) targeting the specified exception level.
+ */
+static uint32_t arm_debug_exception_fsr(CPUARMState *env)
+{
+ ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
+ int target_el = arm_debug_target_el(env);
+ bool using_lpae = false;
+
+ if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
+ using_lpae = true;
+ } else {
+ if (arm_feature(env, ARM_FEATURE_LPAE) &&
+ (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
+ using_lpae = true;
+ }
+ }
+
+ if (using_lpae) {
+ return arm_fi_to_lfsc(&fi);
+ } else {
+ return arm_fi_to_sfsc(&fi);
+ }
+}
+
void arm_debug_excp_handler(CPUState *cs)
{
/*
@@ -286,19 +459,16 @@ void arm_debug_excp_handler(CPUState *cs)
if (wp_hit) {
if (wp_hit->flags & BP_CPU) {
bool wnr = (wp_hit->flags & BP_WATCHPOINT_HIT_WRITE) != 0;
- bool same_el = arm_debug_target_el(env) == arm_current_el(env);
cs->watchpoint_hit = NULL;
env->exception.fsr = arm_debug_exception_fsr(env);
env->exception.vaddress = wp_hit->hitaddr;
- raise_exception(env, EXCP_DATA_ABORT,
- syn_watchpoint(same_el, 0, wnr),
- arm_debug_target_el(env));
+ raise_exception_debug(env, EXCP_DATA_ABORT,
+ syn_watchpoint(0, 0, wnr));
}
} else {
uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
- bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
/*
* (1) GDB breakpoints should be handled first.
@@ -318,12 +488,46 @@ void arm_debug_excp_handler(CPUState *cs)
* exception/security level.
*/
env->exception.vaddress = 0;
- raise_exception(env, EXCP_PREFETCH_ABORT,
- syn_breakpoint(same_el),
- arm_debug_target_el(env));
+ raise_exception_debug(env, EXCP_PREFETCH_ABORT, syn_breakpoint(0));
}
}
+/*
+ * Raise an EXCP_BKPT with the specified syndrome register value,
+ * targeting the correct exception level for debug exceptions.
+ */
+void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
+{
+ int debug_el = arm_debug_target_el(env);
+ int cur_el = arm_current_el(env);
+
+ /* FSR will only be used if the debug target EL is AArch32. */
+ env->exception.fsr = arm_debug_exception_fsr(env);
+ /*
+ * FAR is UNKNOWN: clear vaddress to avoid potentially exposing
+ * values to the guest that it shouldn't be able to see at its
+ * exception/security level.
+ */
+ env->exception.vaddress = 0;
+ /*
+ * Other kinds of architectural debug exception are ignored if
+ * they target an exception level below the current one (in QEMU
+ * this is checked by arm_generate_debug_exceptions()). Breakpoint
+ * instructions are special because they always generate an exception
+ * to somewhere: if they can't go to the configured debug exception
+ * level they are taken to the current exception level.
+ */
+ if (debug_el < cur_el) {
+ debug_el = cur_el;
+ }
+ raise_exception(env, EXCP_BKPT, syndrome, debug_el);
+}
+
+void HELPER(exception_swstep)(CPUARMState *env, uint32_t syndrome)
+{
+ raise_exception_debug(env, EXCP_UDEF, syndrome);
+}
+
#if !defined(CONFIG_USER_ONLY)
vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ac9942d..6457e63 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1738,13 +1738,19 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
uint32_t valid_mask = 0x3fff;
ARMCPU *cpu = env_archcpu(env);
- if (ri->state == ARM_CP_STATE_AA64) {
- if (arm_feature(env, ARM_FEATURE_AARCH64) &&
- !cpu_isar_feature(aa64_aa32_el1, cpu)) {
- value |= SCR_FW | SCR_AW; /* these two bits are RES1. */
- }
- valid_mask &= ~SCR_NET;
+ /*
+ * Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
+ * passes the reginfo for SCR_EL3, which has type ARM_CP_STATE_AA64.
+ * Instead, choose the format based on the mode of EL3.
+ */
+ if (arm_el_is_aa64(env, 3)) {
+ value |= SCR_FW | SCR_AW; /* RES1 */
+ valid_mask &= ~SCR_NET; /* RES0 */
+ if (!cpu_isar_feature(aa64_aa32_el1, cpu) &&
+ !cpu_isar_feature(aa64_aa32_el2, cpu)) {
+ value |= SCR_RW; /* RAO/WI */
+ }
if (cpu_isar_feature(aa64_ras, cpu)) {
valid_mask |= SCR_TERR;
}
@@ -10879,27 +10885,22 @@ int fp_exception_el(CPUARMState *env, int cur_el)
int fpen = FIELD_EX64(env->cp15.cpacr_el1, CPACR_EL1, FPEN);
switch (fpen) {
+ case 1:
+ if (cur_el != 0) {
+ break;
+ }
+ /* fall through */
case 0:
case 2:
- if (cur_el == 0 || cur_el == 1) {
- /* Trap to PL1, which might be EL1 or EL3 */
- if (arm_is_secure(env) && !arm_el_is_aa64(env, 3)) {
- return 3;
- }
- return 1;
- }
- if (cur_el == 3 && !is_a64(env)) {
- /* Secure PL1 running at EL3 */
+ /* Trap from Secure PL0 or PL1 to Secure PL1. */
+ if (!arm_el_is_aa64(env, 3)
+ && (cur_el == 3 || arm_is_secure_below_el3(env))) {
return 3;
}
- break;
- case 1:
- if (cur_el == 0) {
+ if (cur_el <= 1) {
return 1;
}
break;
- case 3:
- break;
}
}
@@ -11102,18 +11103,10 @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
}
-static CPUARMTBFlags rebuild_hflags_aprofile(CPUARMState *env)
-{
- CPUARMTBFlags flags = {};
-
- DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
- return flags;
-}
-
static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
ARMMMUIdx mmu_idx)
{
- CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
+ CPUARMTBFlags flags = {};
int el = arm_current_el(env);
if (arm_sctlr(env, el) & SCTLR_A) {
@@ -11139,7 +11132,7 @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
ARMMMUIdx mmu_idx)
{
- CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
+ CPUARMTBFlags flags = {};
ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
uint64_t sctlr;
diff --git a/target/arm/helper.h b/target/arm/helper.h
index b1334e0..07d45fa 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -44,9 +44,11 @@ DEF_HELPER_FLAGS_2(usad8, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
i32, i32, i32, i32)
-DEF_HELPER_2(exception_internal, void, env, i32)
-DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32)
-DEF_HELPER_2(exception_bkpt_insn, void, env, i32)
+DEF_HELPER_2(exception_internal, noreturn, env, i32)
+DEF_HELPER_3(exception_with_syndrome, noreturn, env, i32, i32)
+DEF_HELPER_4(exception_with_syndrome_el, noreturn, env, i32, i32, i32)
+DEF_HELPER_2(exception_bkpt_insn, noreturn, env, i32)
+DEF_HELPER_2(exception_swstep, noreturn, env, i32)
DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl)
DEF_HELPER_1(setend, void, env)
DEF_HELPER_2(wfi, void, env, i32)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index a1bae45..6f94f30 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -793,31 +793,6 @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
}
-/* Return the FSR value for a debug exception (watchpoint, hardware
- * breakpoint or BKPT insn) targeting the specified exception level.
- */
-static inline uint32_t arm_debug_exception_fsr(CPUARMState *env)
-{
- ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
- int target_el = arm_debug_target_el(env);
- bool using_lpae = false;
-
- if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
- using_lpae = true;
- } else {
- if (arm_feature(env, ARM_FEATURE_LPAE) &&
- (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
- using_lpae = true;
- }
- }
-
- if (using_lpae) {
- return arm_fi_to_lfsc(&fi);
- } else {
- return arm_fi_to_sfsc(&fi);
- }
-}
-
/**
* arm_num_brps: Return number of implemented breakpoints.
* Note that the ID register BRPS field is "number of bps - 1",
@@ -1098,21 +1073,6 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx);
-static inline int exception_target_el(CPUARMState *env)
-{
- int target_el = MAX(1, arm_current_el(env));
-
- /*
- * No such thing as secure EL1 if EL3 is aarch32,
- * so update the target EL to EL3 in this case.
- */
- if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
- target_el = 3;
- }
-
- return target_el;
-}
-
/* Determine if allocation tags are available. */
static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
uint64_t sctlr)
@@ -1339,6 +1299,9 @@ void define_cortex_a72_a57_a53_cp_reginfo(ARMCPU *cpu);
bool el_is_in_host(CPUARMState *env, int el);
void aa32_max_features(ARMCPU *cpu);
+int exception_target_el(CPUARMState *env);
+bool arm_singlestep_active(CPUARMState *env);
+bool arm_generate_debug_exceptions(CPUARMState *env);
/* Powers of 2 for sve_vq_map et al. */
#define SVE_VQ_POW2_MAP \
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index c4bd668..c5bde1c 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -28,6 +28,21 @@
#define SIGNBIT (uint32_t)0x80000000
#define SIGNBIT64 ((uint64_t)1 << 63)
+int exception_target_el(CPUARMState *env)
+{
+ int target_el = MAX(1, arm_current_el(env));
+
+ /*
+ * No such thing as secure EL1 if EL3 is aarch32,
+ * so update the target EL to EL3 in this case.
+ */
+ if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
+ target_el = 3;
+ }
+
+ return target_el;
+}
+
void raise_exception(CPUARMState *env, uint32_t excp,
uint32_t syndrome, uint32_t target_el)
{
@@ -366,7 +381,7 @@ void HELPER(yield)(CPUARMState *env)
* those EXCP values which are special cases for QEMU to interrupt
* execution and not to be used for exceptions which are passed to
* the guest (those must all have syndrome information and thus should
- * use exception_with_syndrome).
+ * use exception_with_syndrome*).
*/
void HELPER(exception_internal)(CPUARMState *env, uint32_t excp)
{
@@ -378,39 +393,20 @@ void HELPER(exception_internal)(CPUARMState *env, uint32_t excp)
}
/* Raise an exception with the specified syndrome register value */
-void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
- uint32_t syndrome, uint32_t target_el)
+void HELPER(exception_with_syndrome_el)(CPUARMState *env, uint32_t excp,
+ uint32_t syndrome, uint32_t target_el)
{
raise_exception(env, excp, syndrome, target_el);
}
-/* Raise an EXCP_BKPT with the specified syndrome register value,
- * targeting the correct exception level for debug exceptions.
+/*
+ * Raise an exception with the specified syndrome register value
+ * to the default target el.
*/
-void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
+void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
+ uint32_t syndrome)
{
- int debug_el = arm_debug_target_el(env);
- int cur_el = arm_current_el(env);
-
- /* FSR will only be used if the debug target EL is AArch32. */
- env->exception.fsr = arm_debug_exception_fsr(env);
- /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing
- * values to the guest that it shouldn't be able to see at its
- * exception/security level.
- */
- env->exception.vaddress = 0;
- /*
- * Other kinds of architectural debug exception are ignored if
- * they target an exception level below the current one (in QEMU
- * this is checked by arm_generate_debug_exceptions()). Breakpoint
- * instructions are special because they always generate an exception
- * to somewhere: if they can't go to the configured debug exception
- * level they are taken to the current exception level.
- */
- if (debug_el < cur_el) {
- debug_el = cur_el;
- }
- raise_exception(env, EXCP_BKPT, syndrome, debug_el);
+ raise_exception(env, excp, syndrome, exception_target_el(env));
}
uint32_t HELPER(cpsr_read)(CPUARMState *env)
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index 0cb26dd..c105f9e 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -185,12 +185,13 @@ static inline uint32_t syn_cp15_rrt_trap(int cv, int cond, int opc1, int crm,
| (rt2 << 10) | (rt << 5) | (crm << 1) | isread;
}
-static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)
+static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit,
+ int coproc)
{
- /* AArch32 FP trap or any AArch64 FP/SIMD trap: TA == 0 coproc == 0xa */
+ /* AArch32 FP trap or any AArch64 FP/SIMD trap: TA == 0 */
return (EC_ADVSIMDFPACCESSTRAP << ARM_EL_EC_SHIFT)
| (is_16bit ? 0 : ARM_EL_IL)
- | (cv << 24) | (cond << 20) | 0xa;
+ | (cv << 24) | (cond << 20) | coproc;
}
static inline uint32_t syn_simd_access_trap(int cv, int cond, bool is_16bit)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d438fb8..4c64546 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1161,8 +1161,9 @@ static bool fp_access_check(DisasContext *s)
assert(!s->fp_access_checked);
s->fp_access_checked = true;
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
+ syn_fp_access_trap(1, 0xe, false, 0),
+ s->fp_excp_el);
return false;
}
s->fp_access_checked = true;
@@ -1178,8 +1179,8 @@ bool sve_access_check(DisasContext *s)
assert(!s->sve_access_checked);
s->sve_access_checked = true;
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_sve_access_trap(), s->sve_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
+ syn_sve_access_trap(), s->sve_excp_el);
return false;
}
s->sve_access_checked = true;
@@ -1815,8 +1816,7 @@ static void gen_sysreg_undef(DisasContext *s, bool isread,
} else {
syndrome = syn_uncategorized();
}
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syndrome,
- default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syndrome);
}
/* MRS - move from system register
@@ -2069,7 +2069,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
case 1: /* SVC */
gen_ss_advance(s);
gen_exception_insn(s, s->base.pc_next, EXCP_SWI,
- syn_aa64_svc(imm16), default_exception_el(s));
+ syn_aa64_svc(imm16));
break;
case 2: /* HVC */
if (s->current_el == 0) {
@@ -2082,8 +2082,8 @@ static void disas_exc(DisasContext *s, uint32_t insn)
gen_a64_set_pc_im(s->pc_curr);
gen_helper_pre_hvc(cpu_env);
gen_ss_advance(s);
- gen_exception_insn(s, s->base.pc_next, EXCP_HVC,
- syn_aa64_hvc(imm16), 2);
+ gen_exception_insn_el(s, s->base.pc_next, EXCP_HVC,
+ syn_aa64_hvc(imm16), 2);
break;
case 3: /* SMC */
if (s->current_el == 0) {
@@ -2093,8 +2093,8 @@ static void disas_exc(DisasContext *s, uint32_t insn)
gen_a64_set_pc_im(s->pc_curr);
gen_helper_pre_smc(cpu_env, tcg_constant_i32(syn_aa64_smc(imm16)));
gen_ss_advance(s);
- gen_exception_insn(s, s->base.pc_next, EXCP_SMC,
- syn_aa64_smc(imm16), 3);
+ gen_exception_insn_el(s, s->base.pc_next, EXCP_SMC,
+ syn_aa64_smc(imm16), 3);
break;
default:
unallocated_encoding(s);
@@ -14585,11 +14585,6 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->condjmp = 0;
dc->aarch64 = true;
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
- * there is no secure EL1, so we route exceptions to EL3.
- */
- dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
- !arm_el_is_aa64(env, 3);
dc->thumb = false;
dc->sctlr_b = 0;
dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
@@ -14645,7 +14640,6 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
dc->is_ldex = false;
- dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
/* Bound the number of insns to execute to those left on the page. */
bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
@@ -14724,8 +14718,7 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
* Illegal execution state. This has priority over BTI
* exceptions, but comes after instruction abort exceptions.
*/
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_illegalstate(), default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_illegalstate());
return;
}
@@ -14757,8 +14750,7 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
&& s->guarded_page
&& !btype_destination_ok(insn, s->bt, s->btype)) {
gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_btitrap(s->btype),
- default_exception_el(s));
+ syn_btitrap(s->btype));
return;
}
} else {
diff --git a/target/arm/translate-m-nocp.c b/target/arm/translate-m-nocp.c
index 27363a7..4029d7f 100644
--- a/target/arm/translate-m-nocp.c
+++ b/target/arm/translate-m-nocp.c
@@ -143,8 +143,8 @@ static bool trans_VSCCLRM(DisasContext *s, arg_VSCCLRM *a)
tcg_gen_brcondi_i32(TCG_COND_EQ, sfpa, 0, s->condlabel);
if (s->fp_excp_el != 0) {
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
- syn_uncategorized(), s->fp_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
+ syn_uncategorized(), s->fp_excp_el);
return true;
}
@@ -376,7 +376,7 @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
if (!vfp_access_check_m(s, true)) {
/*
* This was only a conditional exception, so override
- * gen_exception_insn()'s default to DISAS_NORETURN
+ * gen_exception_insn_el()'s default to DISAS_NORETURN
*/
s->base.is_jmp = DISAS_NEXT;
break;
@@ -532,7 +532,7 @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,
if (!vfp_access_check_m(s, true)) {
/*
* This was only a conditional exception, so override
- * gen_exception_insn()'s default to DISAS_NORETURN
+ * gen_exception_insn_el()'s default to DISAS_NORETURN
*/
s->base.is_jmp = DISAS_NEXT;
break;
@@ -765,14 +765,13 @@ static bool trans_NOCP(DisasContext *s, arg_nocp *a)
}
if (a->cp != 10) {
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
- syn_uncategorized(), default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized());
return true;
}
if (s->fp_excp_el != 0) {
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
- syn_uncategorized(), s->fp_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
+ syn_uncategorized(), s->fp_excp_el);
return true;
}
diff --git a/target/arm/translate-mve.c b/target/arm/translate-mve.c
index 4267d43..0cf1b5e 100644
--- a/target/arm/translate-mve.c
+++ b/target/arm/translate-mve.c
@@ -100,8 +100,7 @@ bool mve_eci_check(DisasContext *s)
return true;
default:
/* Reserved value: INVSTATE UsageFault */
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
- default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
return false;
}
}
diff --git a/target/arm/translate-vfp.c b/target/arm/translate-vfp.c
index 40a513b..82fdbca 100644
--- a/target/arm/translate-vfp.c
+++ b/target/arm/translate-vfp.c
@@ -219,8 +219,18 @@ static void gen_update_fp_context(DisasContext *s)
static bool vfp_access_check_a(DisasContext *s, bool ignore_vfp_enabled)
{
if (s->fp_excp_el) {
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
+ /*
+ * The full syndrome is only used for HSR when HCPTR traps:
+ * For v8, when TA==0, coproc is RES0.
+ * For v7, any use of a Floating-point instruction or access
+ * to a Floating-point Extension register that is trapped to
+ * Hyp mode because of a trap configured in the HCPTR sets
+ * this field to 0xA.
+ */
+ int coproc = arm_dc_feature(s, ARM_FEATURE_V8) ? 0 : 0xa;
+ uint32_t syn = syn_fp_access_trap(1, 0xe, false, coproc);
+
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syn, s->fp_excp_el);
return false;
}
@@ -250,8 +260,8 @@ bool vfp_access_check_m(DisasContext *s, bool skip_context_update)
* the encoding space handled by the patterns in m-nocp.decode,
* and for them we may need to raise NOCP here.
*/
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
- syn_uncategorized(), s->fp_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
+ syn_uncategorized(), s->fp_excp_el);
return false;
}
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 87a899d..6617de7 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1086,8 +1086,43 @@ static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
s->base.is_jmp = DISAS_NORETURN;
}
-void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
- uint32_t syn, uint32_t target_el)
+static void gen_exception_el_v(int excp, uint32_t syndrome, TCGv_i32 tcg_el)
+{
+ gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
+ tcg_constant_i32(syndrome), tcg_el);
+}
+
+static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
+{
+ gen_exception_el_v(excp, syndrome, tcg_constant_i32(target_el));
+}
+
+static void gen_exception(int excp, uint32_t syndrome)
+{
+ gen_helper_exception_with_syndrome(cpu_env, tcg_constant_i32(excp),
+ tcg_constant_i32(syndrome));
+}
+
+static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
+ uint32_t syn, TCGv_i32 tcg_el)
+{
+ if (s->aarch64) {
+ gen_a64_set_pc_im(pc);
+ } else {
+ gen_set_condexec(s);
+ gen_set_pc_im(s, pc);
+ }
+ gen_exception_el_v(excp, syn, tcg_el);
+ s->base.is_jmp = DISAS_NORETURN;
+}
+
+void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
+ uint32_t syn, uint32_t target_el)
+{
+ gen_exception_insn_el_v(s, pc, excp, syn, tcg_constant_i32(target_el));
+}
+
+void gen_exception_insn(DisasContext *s, uint64_t pc, int excp, uint32_t syn)
{
if (s->aarch64) {
gen_a64_set_pc_im(pc);
@@ -1095,7 +1130,7 @@ void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
gen_set_condexec(s);
gen_set_pc_im(s, pc);
}
- gen_exception(excp, syn, target_el);
+ gen_exception(excp, syn);
s->base.is_jmp = DISAS_NORETURN;
}
@@ -1110,19 +1145,7 @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
void unallocated_encoding(DisasContext *s)
{
/* Unallocated and reserved encodings are uncategorized */
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
- default_exception_el(s));
-}
-
-static void gen_exception_el(DisasContext *s, int excp, uint32_t syn,
- TCGv_i32 tcg_el)
-{
- gen_set_condexec(s);
- gen_set_pc_im(s, s->pc_curr);
- gen_helper_exception_with_syndrome(cpu_env,
- tcg_constant_i32(excp),
- tcg_constant_i32(syn), tcg_el);
- s->base.is_jmp = DISAS_NORETURN;
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized());
}
/* Force a TB lookup after an instruction that changes the CPU state. */
@@ -2735,8 +2758,6 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
* an exception and return false. Otherwise it will return true,
* and set *tgtmode and *regno appropriately.
*/
- int exc_target = default_exception_el(s);
-
/* These instructions are present only in ARMv8, or in ARMv7 with the
* Virtualization Extensions.
*/
@@ -2847,7 +2868,8 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
tcg_el = tcg_constant_i32(3);
}
- gen_exception_el(s, EXCP_UDEF, syn_uncategorized(), tcg_el);
+ gen_exception_insn_el_v(s, s->pc_curr, EXCP_UDEF,
+ syn_uncategorized(), tcg_el);
tcg_temp_free_i32(tcg_el);
return false;
}
@@ -2872,8 +2894,7 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
undef:
/* If we get here then some access check did not pass */
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_uncategorized(), exc_target);
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized());
return false;
}
@@ -5097,7 +5118,8 @@ static void gen_srs(DisasContext *s,
* For the UNPREDICTABLE cases we choose to UNDEF.
*/
if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
+ syn_uncategorized(), 3);
return;
}
@@ -8482,8 +8504,8 @@ static bool trans_WLS(DisasContext *s, arg_WLS *a)
* Do the check-and-raise-exception by hand.
*/
if (s->fp_excp_el) {
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
- syn_uncategorized(), s->fp_excp_el);
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
+ syn_uncategorized(), s->fp_excp_el);
return true;
}
}
@@ -8585,8 +8607,7 @@ static bool trans_LE(DisasContext *s, arg_LE *a)
tmp = load_cpu_field(v7m.ltpsize);
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 4, skipexc);
tcg_temp_free_i32(tmp);
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
- default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
gen_set_label(skipexc);
}
@@ -9056,8 +9077,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
* UsageFault exception.
*/
if (arm_dc_feature(s, ARM_FEATURE_M)) {
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
- default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
return;
}
@@ -9066,8 +9086,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
* Illegal execution state. This has priority over BTI
* exceptions, but comes after instruction abort exceptions.
*/
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
- syn_illegalstate(), default_exception_el(s));
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_illegalstate());
return;
}
@@ -9300,11 +9319,6 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->condjmp = 0;
dc->aarch64 = false;
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
- * there is no secure EL1, so we route exceptions to EL3.
- */
- dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
- !arm_el_is_aa64(env, 3);
dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB);
dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC);
@@ -9354,7 +9368,6 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT);
dc->mve_no_pred = EX_TBFLAG_M32(tb_flags, MVE_NO_PRED);
} else {
- dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B);
dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE);
dc->ns = EX_TBFLAG_A32(tb_flags, NS);
@@ -9636,8 +9649,7 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
* Illegal execution state. This has priority over BTI
* exceptions, but comes after instruction abort exceptions.
*/
- gen_exception_insn(dc, dc->pc_curr, EXCP_UDEF,
- syn_illegalstate(), default_exception_el(dc));
+ gen_exception_insn(dc, dc->pc_curr, EXCP_UDEF, syn_illegalstate());
return;
}
@@ -9710,8 +9722,8 @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
*/
tcg_remove_ops_after(dc->insn_eci_rewind);
dc->condjmp = 0;
- gen_exception_insn(dc, dc->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
- default_exception_el(dc));
+ gen_exception_insn(dc, dc->pc_curr, EXCP_INVSTATE,
+ syn_uncategorized());
}
arm_post_translate_insn(dc);
@@ -9757,16 +9769,15 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
switch (dc->base.is_jmp) {
case DISAS_SWI:
gen_ss_advance(dc);
- gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
- default_exception_el(dc));
+ gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
break;
case DISAS_HVC:
gen_ss_advance(dc);
- gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
+ gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
break;
case DISAS_SMC:
gen_ss_advance(dc);
- gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
+ gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3);
break;
case DISAS_NEXT:
case DISAS_TOO_MANY:
@@ -9827,14 +9838,13 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
gen_helper_yield(cpu_env);
break;
case DISAS_SWI:
- gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
- default_exception_el(dc));
+ gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
break;
case DISAS_HVC:
- gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
+ gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
break;
case DISAS_SMC:
- gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
+ gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3);
break;
}
}
diff --git a/target/arm/translate.h b/target/arm/translate.h
index f473a21..88dc18a 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -43,8 +43,6 @@ typedef struct DisasContext {
int fp_excp_el; /* FP exception EL or 0 if enabled */
int sve_excp_el; /* SVE exception EL or 0 if enabled */
int vl; /* current vector length in bytes */
- /* Flag indicating that exceptions from secure mode are routed to EL3. */
- bool secure_routed_to_el3;
bool vfp_enabled; /* FP enabled via FPSCR.EN */
int vec_len;
int vec_stride;
@@ -59,8 +57,6 @@ typedef struct DisasContext {
*/
uint32_t svc_imm;
int current_el;
- /* Debug target exception level for single-step exceptions */
- int debug_target_el;
GHashTable *cp_regs;
uint64_t features; /* CPU features bits */
bool aarch64;
@@ -201,20 +197,6 @@ static inline int get_mem_index(DisasContext *s)
return arm_to_core_mmu_idx(s->mmu_idx);
}
-/* Function used to determine the target exception EL when otherwise not known
- * or default.
- */
-static inline int default_exception_el(DisasContext *s)
-{
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
- * there is no secure EL1, so we route exceptions to EL3. Otherwise,
- * exceptions can only be routed to ELs above 1, so we target the higher of
- * 1 or the current EL.
- */
- return (s->mmu_idx == ARMMMUIdx_SE10_0 && s->secure_routed_to_el3)
- ? 3 : MAX(1, s->current_el);
-}
-
static inline void disas_set_insn_syndrome(DisasContext *s, uint32_t syn)
{
/* We don't need to save all of the syndrome so we mask and shift
@@ -279,8 +261,9 @@ void arm_jump_cc(DisasCompare *cmp, TCGLabel *label);
void arm_gen_test_cc(int cc, TCGLabel *label);
MemOp pow2_align(unsigned i);
void unallocated_encoding(DisasContext *s);
-void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
- uint32_t syn, uint32_t target_el);
+void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
+ uint32_t syn, uint32_t target_el);
+void gen_exception_insn(DisasContext *s, uint64_t pc, int excp, uint32_t syn);
/* Return state of Alternate Half-precision flag, caller frees result */
static inline TCGv_i32 get_ahp_flag(void)
@@ -329,26 +312,12 @@ static inline void gen_ss_advance(DisasContext *s)
}
}
-static inline void gen_exception(int excp, uint32_t syndrome,
- uint32_t target_el)
-{
- gen_helper_exception_with_syndrome(cpu_env, tcg_constant_i32(excp),
- tcg_constant_i32(syndrome),
- tcg_constant_i32(target_el));
-}
-
/* Generate an architectural singlestep exception */
static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
{
- bool same_el = (s->debug_target_el == s->current_el);
-
- /*
- * If singlestep is targeting a lower EL than the current one,
- * then s->ss_active must be false and we can never get here.
- */
- assert(s->debug_target_el >= s->current_el);
-
- gen_exception(EXCP_UDEF, syn_swstep(same_el, isv, ex), s->debug_target_el);
+ /* Fill in the same_el field of the syndrome in the helper. */
+ uint32_t syn = syn_swstep(false, isv, ex);
+ gen_helper_exception_swstep(cpu_env, tcg_constant_i32(syn));
}
/*
diff --git a/tests/qtest/npcm7xx_sdhci-test.c b/tests/qtest/npcm7xx_sdhci-test.c
index aa35a77..5d68540 100644
--- a/tests/qtest/npcm7xx_sdhci-test.c
+++ b/tests/qtest/npcm7xx_sdhci-test.c
@@ -24,7 +24,7 @@
#define NPCM7XX_REG_SIZE 0x100
#define NPCM7XX_MMC_BA 0xF0842000
#define NPCM7XX_BLK_SIZE 512
-#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30)
+#define NPCM7XX_TEST_IMAGE_SIZE (1 << 20)
char *sd_path;