Re: [PATCH v4 05/24] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx

2022-10-14 Thread Peter Maydell 
On Tue, 11 Oct 2022 at 04:26, Richard Henderson
 wrote:
>
> We had been marking this ARM_MMU_IDX_NOTLB, move it to a real tlb.
> Flush the tlb when invalidating stage 1+2 translations.  Re-use
> alle1_tlbmask() for other instances of EL1&0 + Stage2.
>
> Signed-off-by: Richard Henderson 
> ---
> v4: Implement the IPAS2 and RIPAS2 tlb flushing insns;
> Reuse alle1_tlbmask to fix aa32 and vttbr flushing.
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v4 05/24] target/arm: Move ARMMMUIdx_Stage2 to a real tlb mmu_idx

2022-10-10 Thread Richard Henderson 
We had been marking this ARM_MMU_IDX_NOTLB, move it to a real tlb.
Flush the tlb when invalidating stage 1+2 translations.  Re-use
alle1_tlbmask() for other instances of EL1&0 + Stage2.

Signed-off-by: Richard Henderson 
---
v4: Implement the IPAS2 and RIPAS2 tlb flushing insns;
Reuse alle1_tlbmask to fix aa32 and vttbr flushing.
---
 target/arm/cpu-param.h |   2 +-
 target/arm/cpu.h   |  23 ---
 target/arm/helper.c| 151 ++---
 3 files changed, 127 insertions(+), 49 deletions(-)

diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index a5b27db275..b7bde18986 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -45,6 +45,6 @@
 bool guarded;
 #endif
 
-#define NB_MMU_MODES 10
+#define NB_MMU_MODES 12
 
 #endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index f93060e6d6..c94e289012 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2906,8 +2906,9 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
  * EL2 (aka NS PL2)
  * EL3 (aka S PL1)
  * Physical (NS & S)
+ * Stage2 (NS & S)
  *
- * for a total of 10 different mmu_idx.
+ * for a total of 12 different mmu_idx.
  *
  * R profile CPUs have an MPU, but can use the same set of MMU indexes
  * as A profile. They only need to distinguish EL0 and EL1 (and
@@ -2976,6 +2977,15 @@ typedef enum ARMMMUIdx {
 ARMMMUIdx_Phys_NS   = 8 | ARM_MMU_IDX_A,
 ARMMMUIdx_Phys_S= 9 | ARM_MMU_IDX_A,
 
+/*
+ * Used for second stage of an S12 page table walk, or for descriptor
+ * loads during first stage of an S1 page table walk.  Note that both
+ * are in use simultaneously for SecureEL2: the security state for
+ * the S2 ptw is selected by the NS bit from the S1 ptw.
+ */
+ARMMMUIdx_Stage2= 10 | ARM_MMU_IDX_A,
+ARMMMUIdx_Stage2_S  = 11 | ARM_MMU_IDX_A,
+
 /*
  * These are not allocated TLBs and are used only for AT system
  * instructions or for the first stage of an S12 page table walk.
@@ -2983,15 +2993,6 @@ typedef enum ARMMMUIdx {
 ARMMMUIdx_Stage1_E0 = 0 | ARM_MMU_IDX_NOTLB,
 ARMMMUIdx_Stage1_E1 = 1 | ARM_MMU_IDX_NOTLB,
 ARMMMUIdx_Stage1_E1_PAN = 2 | ARM_MMU_IDX_NOTLB,
-/*
- * Not allocated a TLB: used only for second stage of an S12 page
- * table walk, or for descriptor loads during first stage of an S1
- * page table walk. Note that if we ever want to have a TLB for this
- * then various TLB flush insns which currently are no-ops or flush
- * only stage 1 MMU indexes will need to change to flush stage 2.
- */
-ARMMMUIdx_Stage2 = 3 | ARM_MMU_IDX_NOTLB,
-ARMMMUIdx_Stage2_S   = 4 | ARM_MMU_IDX_NOTLB,
 
 /*
  * M-profile.
@@ -3022,6 +3023,8 @@ typedef enum ARMMMUIdxBit {
 TO_CORE_BIT(E20_2),
 TO_CORE_BIT(E20_2_PAN),
 TO_CORE_BIT(E3),
+TO_CORE_BIT(Stage2),
+TO_CORE_BIT(Stage2_S),
 
 TO_CORE_BIT(MUser),
 TO_CORE_BIT(MPriv),
diff --git a/target/arm/helper.c b/target/arm/helper.c
index dde64a487a..18c51bb777 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -399,6 +399,21 @@ static void contextidr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 raw_write(env, ri, value);
 }
 
+static int alle1_tlbmask(CPUARMState *env)
+{
+/*
+ * Note that the 'ALL' scope must invalidate both stage 1 and
+ * stage 2 translations, whereas most other scopes only invalidate
+ * stage 1 translations.
+ */
+return (ARMMMUIdxBit_E10_1 |
+ARMMMUIdxBit_E10_1_PAN |
+ARMMMUIdxBit_E10_0 |
+ARMMMUIdxBit_Stage2 |
+ARMMMUIdxBit_Stage2_S);
+}
+
+
 /* IS variants of TLB operations must affect all cores */
 static void tlbiall_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
  uint64_t value)
@@ -501,10 +516,7 @@ static void tlbiall_nsnh_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 {
 CPUState *cs = env_cpu(env);
 
-tlb_flush_by_mmuidx(cs,
-ARMMMUIdxBit_E10_1 |
-ARMMMUIdxBit_E10_1_PAN |
-ARMMMUIdxBit_E10_0);
+tlb_flush_by_mmuidx(cs, alle1_tlbmask(env));
 }
 
 static void tlbiall_nsnh_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -512,10 +524,7 @@ static void tlbiall_nsnh_is_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 {
 CPUState *cs = env_cpu(env);
 
-tlb_flush_by_mmuidx_all_cpus_synced(cs,
-ARMMMUIdxBit_E10_1 |
-ARMMMUIdxBit_E10_1_PAN |
-ARMMMUIdxBit_E10_0);
+tlb_flush_by_mmuidx_all_cpus_synced(cs, alle1_tlbmask(env));
 }
 
 
@@ -554,6 +563,24 @@ static void tlbimva_hyp_is_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
  ARMMMUIdxBit_E2);
 }
 
+static void tlbiipas2_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+