Hi Edgar, I was just writing a test to verify the correct behavior of the SCR AW/FW bits and I think there is an issue.
During an SCR write an initial valid mask is set from SCR_MASK which is defined to not include these bits. Then these bits are hard-coded into the write value using RES1. Last, the new value is masked against the valid bits for which these bits are masked off. I have a number of questions: - Why are we marking these bits off as reserved? Shouldn't they be RW? - Are you intending to always enable them or always disable them? - Why are we attempting to hard-code them 'on' in the value? Is it because they have no value when VIRT is enabled? If so, we should check for EL2. Thanks for any insight. Greg On 4 August 2014 10:19, Edgar E. Iglesias <[email protected]> wrote: > On Fri, Aug 01, 2014 at 02:34:14PM +0100, Peter Maydell wrote: > > On 17 June 2014 09:45, Edgar E. Iglesias <[email protected]> > wrote: > > > From: "Edgar E. Iglesias" <[email protected]> > > > > > > Signed-off-by: Edgar E. Iglesias <[email protected]> > > > --- > > > target-arm/cpu.h | 16 +++++++++++++++- > > > target-arm/helper.c | 31 ++++++++++++++++++++++++++++++- > > > 2 files changed, 45 insertions(+), 2 deletions(-) > > > > > > diff --git a/target-arm/cpu.h b/target-arm/cpu.h > > > index fd57fb5..fa8dee0 100644 > > > --- a/target-arm/cpu.h > > > +++ b/target-arm/cpu.h > > > @@ -172,7 +172,6 @@ typedef struct CPUARMState { > > > uint64_t c1_sys; /* System control register. */ > > > uint64_t c1_coproc; /* Coprocessor access register. */ > > > uint32_t c1_xscaleauxcr; /* XScale auxiliary control > register. */ > > > - uint32_t c1_scr; /* secure config register. */ > > > uint64_t ttbr0_el1; /* MMU translation table base 0. */ > > > uint64_t ttbr1_el1; /* MMU translation table base 1. */ > > > uint64_t c2_control; /* MMU translation table base control. > */ > > > @@ -185,6 +184,7 @@ typedef struct CPUARMState { > > > uint32_t pmsav5_data_ap; /* PMSAv5 MPU data access > permissions */ > > > uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access > permissions */ > > > uint64_t hcr_el2; /* Hypervisor configuration register */ > > > + uint32_t scr_el3; /* Secure configuration register. */ > > > uint32_t ifsr_el2; /* Fault status registers. */ > > > uint64_t esr_el[4]; > > > uint32_t c6_region[8]; /* MPU base/size registers. */ > > > @@ -562,6 +562,20 @@ static inline void xpsr_write(CPUARMState *env, > uint32_t val, uint32_t mask) > > > #define HCR_ID (1ULL << 33) > > > #define HCR_MASK ((1ULL << 34) - 1) > > > > > > +#define SCR_NS (1U << 0) > > > +#define SCR_IRQ (1U << 1) > > > +#define SCR_FIQ (1U << 2) > > > +#define SCR_EA (1U << 3) > > > +#define SCR_SMD (1U << 7) > > > +#define SCR_HCE (1U << 8) > > > +#define SCR_SIF (1U << 9) > > > +#define SCR_RW (1U << 10) > > > +#define SCR_ST (1U << 11) > > > +#define SCR_TWI (1U << 12) > > > +#define SCR_TWE (1U << 13) > > > +#define SCR_RES1_MASK (3U << 4) > > > +#define SCR_MASK (0x3fff & ~SCR_RES1_MASK) > > > + > > > /* Return the current FPSCR value. */ > > > uint32_t vfp_get_fpscr(CPUARMState *env); > > > void vfp_set_fpscr(CPUARMState *env, uint32_t val); > > > diff --git a/target-arm/helper.c b/target-arm/helper.c > > > index b04fb5d..6bacc24 100644 > > > --- a/target-arm/helper.c > > > +++ b/target-arm/helper.c > > > @@ -793,7 +793,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { > > > .fieldoffset = offsetof(CPUARMState, cp15.vbar_el[1]), > > > .resetvalue = 0 }, > > > { .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = > 0, > > > - .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, > cp15.c1_scr), > > > + .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, > cp15.scr_el3), > > > .resetvalue = 0, }, > > > > It's awkward that this is now separate from the AArch64 reginfo > > below, because it makes it non-obvious that they're both the > > same underlying state. In particular that probably means this > > one now needs a NO_MIGRATE marker? > > Yes, I've moved this into the el3 structure and added NO_MIGRATE. > > Thanks, > Edgar > > > > > > > { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH, > > > .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0, > > > @@ -2161,6 +2161,31 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = > { > > > REGINFO_SENTINEL > > > }; > > > > > > +static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, > uint64_t value) > > > +{ > > > + uint32_t valid_mask = SCR_MASK; > > > + > > > + if (!arm_feature(env, ARM_FEATURE_EL2)) { > > > + valid_mask &= ~SCR_HCE; > > > + > > > + /* On ARMv7, SMD (or SCD as it is called in v7) is only > > > + * supported if EL2 exists. The bit is UNK/SBZP when > > > + * EL2 is unavailable. In QEMU ARMv7, we force it to always > zero > > > + * when EL2 is unavailable. > > > + */ > > > + if (arm_feature(env, ARM_FEATURE_V7)) { > > > + valid_mask &= ~SCR_SMD; > > > + } > > > + } > > > + > > > + /* Set RES1 bits. */ > > > + value |= SCR_RES1_MASK; > > > + > > > + /* Clear RES0 bits. */ > > > + value &= valid_mask; > > > + raw_write(env, ri, value); > > > +} > > > + > > > static const ARMCPRegInfo v8_el3_cp_reginfo[] = { > > > { .name = "ELR_EL3", .state = ARM_CP_STATE_AA64, > > > .type = ARM_CP_NO_MIGRATE, > > > @@ -2183,6 +2208,10 @@ static const ARMCPRegInfo v8_el3_cp_reginfo[] = > { > > > .access = PL3_RW, .writefn = vbar_write, > > > .fieldoffset = offsetof(CPUARMState, cp15.vbar_el[3]), > > > .resetvalue = 0 }, > > > + { .name = "SCR_EL3", .state = ARM_CP_STATE_AA64, > > > + .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0, > > > + .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, > cp15.scr_el3), > > > + .writefn = scr_write }, > > > REGINFO_SENTINEL > > > }; > > > > thanks > > -- PMM >
