From dc3c4c14f0f12854dbd967be3486f4db4e66d25b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2017 18:43:16 +0100 Subject: target/arm: Clear exclusive monitor on v7M reset, exception entry/exit For M profile we must clear the exclusive monitor on reset, exception entry and exception exit. We weren't doing any of these things; fix this bug. Signed-off-by: Peter Maydell Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Message-id: 1505137930-13255-3-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index 329e5178d8..668e3671bd 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6175,6 +6175,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) armv7m_nvic_acknowledge_irq(env->nvic); switch_v7m_sp(env, 0); + arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; env->regs[14] = lr; @@ -6354,6 +6355,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) } /* Otherwise, we have a successful exception exit. */ + arm_clear_exclusive(env); qemu_log_mask(CPU_LOG_INT, "...successful exception return\n"); } -- cgit 1.4.1 From c6158878650c01b2c753b2ea7d0967c8fe5ca59e Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2017 18:43:17 +0100 Subject: target/arm: Get PRECISERR and IBUSERR the right way round For a bus fault, the M profile BFSR bit PRECISERR means a bus fault on a data access, and IBUSERR means a bus fault on an instruction access. We had these the wrong way around; fix this. Signed-off-by: Peter Maydell Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Message-id: 1505137930-13255-4-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index 668e3671bd..1741e0daeb 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6430,15 +6430,15 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) case 0x8: /* External Abort */ switch (cs->exception_index) { case EXCP_PREFETCH_ABORT: - env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_PRECISERR_MASK; - qemu_log_mask(CPU_LOG_INT, "...with CFSR.PRECISERR\n"); + env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK; + qemu_log_mask(CPU_LOG_INT, "...with CFSR.IBUSERR\n"); break; case EXCP_DATA_ABORT: env->v7m.cfsr[M_REG_NS] |= - (R_V7M_CFSR_IBUSERR_MASK | R_V7M_CFSR_BFARVALID_MASK); + (R_V7M_CFSR_PRECISERR_MASK | R_V7M_CFSR_BFARVALID_MASK); env->v7m.bfar = env->exception.vaddress; qemu_log_mask(CPU_LOG_INT, - "...with CFSR.IBUSERR and BFAR 0x%x\n", + "...with CFSR.PRECISERR and BFAR 0x%x\n", env->v7m.bfar); break; } -- cgit 1.4.1 From 7115cdf5782922611bcc44c89eec5990db7f6466 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2017 18:43:17 +0100 Subject: target/arm: Remove unnecessary '| 0xf0000000' from do_v7m_exception_exit() In do_v7m_exception_exit(), there's no need to force the high 4 bits of 'type' to 1 when calling v7m_exception_taken(), because we know that they're always 1 or we could not have got to this "handle return to magic exception return address" code. Remove the unnecessary ORs. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Acked-by: Alistair Francis Message-id: 1505137930-13255-6-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index 1741e0daeb..fdd5cc6bae 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6306,7 +6306,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); - v7m_exception_taken(cpu, type | 0xf0000000); + v7m_exception_taken(cpu, type); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); return; @@ -6348,7 +6348,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); - v7m_exception_taken(cpu, type | 0xf0000000); + v7m_exception_taken(cpu, type); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: " "failed exception return integrity check\n"); return; -- cgit 1.4.1 From 4d1e7a4745c050f7ccac49a1c01437526b5130b5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2017 18:43:17 +0100 Subject: target/arm: Add and use defines for EXCRET constants The exception-return magic values get some new bits in v8M, which makes some bit definitions for them worthwhile. We don't use the bit definitions for the switch on the low bits which checks the return type for v7M, because this is defined in the v7M ARM ARM as a set of valid values rather than via per-bit checks. Signed-off-by: Peter Maydell Reviewed-by: Alistair Francis Message-id: 1505137930-13255-7-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 14 +++++++++----- target/arm/internals.h | 10 ++++++++++ 2 files changed, 19 insertions(+), 5 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index fdd5cc6bae..a502e4eb33 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6242,7 +6242,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) " previous exception %d\n", type, env->v7m.exception); - if (extract32(type, 5, 23) != extract32(-1, 5, 23)) { + if ((type & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) { qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero high bits in exception " "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", type); } @@ -6255,7 +6255,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.) */ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { - int es = type & 1; + int es = type & R_V7M_EXCRET_ES_MASK; if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) { env->v7m.faultmask[es] = 0; } @@ -6491,12 +6491,16 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) return; /* Never happens. Keep compiler happy. */ } - lr = 0xfffffff1; + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_S_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK | + R_V7M_EXCRET_ES_MASK; if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) { - lr |= 4; + lr |= R_V7M_EXCRET_SPSEL_MASK; } if (!arm_v7m_is_handler_mode(env)) { - lr |= 8; + lr |= R_V7M_EXCRET_MODE_MASK; } v7m_push_stack(cpu); diff --git a/target/arm/internals.h b/target/arm/internals.h index a315354cfd..18be3702f2 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -61,6 +61,16 @@ FIELD(V7M_CONTROL, NPRIV, 0, 1) FIELD(V7M_CONTROL, SPSEL, 1, 1) FIELD(V7M_CONTROL, FPCA, 2, 1) +/* Bit definitions for v7M exception return payload */ +FIELD(V7M_EXCRET, ES, 0, 1) +FIELD(V7M_EXCRET, RES0, 1, 1) +FIELD(V7M_EXCRET, SPSEL, 2, 1) +FIELD(V7M_EXCRET, MODE, 3, 1) +FIELD(V7M_EXCRET, FTYPE, 4, 1) +FIELD(V7M_EXCRET, DCRS, 5, 1) +FIELD(V7M_EXCRET, S, 6, 1) +FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */ + /* * For AArch64, map a given EL to an index in the banked_spsr array. * Note that this mapping and the AArch32 mapping defined in bank_number() -- cgit 1.4.1 From 351e527a613147aa2a2e6910f92923deef27ee48 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 14 Sep 2017 18:43:17 +0100 Subject: target/arm: Rename 'type' to 'excret' in do_v7m_exception_exit() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the v7M and v8M ARM ARM, the magic exception return values are referred to as EXC_RETURN values, and in QEMU we use V7M_EXCRET_* constants to define bits within them. Rename the 'type' variable which holds the exception return value in do_v7m_exception_exit() to excret, making it clearer that it does hold an EXC_RETURN value. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Message-id: 1505137930-13255-8-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'target/arm/helper.c') diff --git a/target/arm/helper.c b/target/arm/helper.c index a502e4eb33..4f41841ef6 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6212,7 +6212,7 @@ static void v7m_push_stack(ARMCPU *cpu) static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; - uint32_t type; + uint32_t excret; uint32_t xpsr; bool ufault = false; bool return_to_sp_process = false; @@ -6233,18 +6233,19 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * the target value up between env->regs[15] and env->thumb in * gen_bx(). Reconstitute it. */ - type = env->regs[15]; + excret = env->regs[15]; if (env->thumb) { - type |= 1; + excret |= 1; } qemu_log_mask(CPU_LOG_INT, "Exception return: magic PC %" PRIx32 " previous exception %d\n", - type, env->v7m.exception); + excret, env->v7m.exception); - if ((type & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) { + if ((excret & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) { qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero high bits in exception " - "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", type); + "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", + excret); } if (env->v7m.exception != ARMV7M_EXCP_NMI) { @@ -6255,7 +6256,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.) */ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { - int es = type & R_V7M_EXCRET_ES_MASK; + int es = excret & R_V7M_EXCRET_ES_MASK; if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) { env->v7m.faultmask[es] = 0; } @@ -6283,7 +6284,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } - switch (type & 0xf) { + switch (excret & 0xf) { case 1: /* Return to Handler */ return_to_handler = true; break; @@ -6306,7 +6307,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); - v7m_exception_taken(cpu, type); + v7m_exception_taken(cpu, excret); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); return; @@ -6341,14 +6342,14 @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the - * exception return type specified then this is a UsageFault. + * exception return excret specified then this is a UsageFault. */ if (return_to_handler != arm_v7m_is_handler_mode(env)) { /* Take an INVPC UsageFault by pushing the stack again. */ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); - v7m_exception_taken(cpu, type); + v7m_exception_taken(cpu, excret); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: " "failed exception return integrity check\n"); return; -- cgit 1.4.1