1/*
2 * Copyright (c) 2010, 2012-2014 ARM Limited
3 * All rights reserved
4 *
5 * The license below extends only to copyright in the software and shall
6 * not be construed as granting a license to any other intellectual
7 * property including but not limited to intellectual property relating
8 * to a hardware implementation of the functionality of the software
9 * licensed hereunder. You may use the software subject to the license
10 * terms below provided that you ensure that this notice is replicated
11 * unmodified and in its entirety in all distributions of the software,
12 * modified or unmodified, in source code or in binary form.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions are
16 * met: redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer;
18 * redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution;
21 * neither the name of the copyright holders nor the names of its
22 * contributors may be used to endorse or promote products derived from
23 * this software without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 * Authors: Ali Saidi
38 * Giacomo Gabrielli
39 */
40
41#include <memory>
42
43#include "arch/arm/faults.hh"
44#include "arch/arm/stage2_mmu.hh"
45#include "arch/arm/system.hh"
46#include "arch/arm/table_walker.hh"
47#include "arch/arm/tlb.hh"
48#include "cpu/base.hh"
49#include "cpu/thread_context.hh"
50#include "debug/Checkpoint.hh"
51#include "debug/Drain.hh"
52#include "debug/TLB.hh"
53#include "debug/TLBVerbose.hh"
54#include "sim/system.hh"
55
56using namespace ArmISA;
57
58TableWalker::TableWalker(const Params *p)
59 : MemObject(p), port(this, p->sys), drainManager(NULL),
60 stage2Mmu(NULL), isStage2(p->is_stage2), tlb(NULL),
61 currState(NULL), pending(false), masterId(p->sys->getMasterId(name())),
62 numSquashable(p->num_squash_per_cycle),
63 doL1DescEvent(this), doL2DescEvent(this),
64 doL0LongDescEvent(this), doL1LongDescEvent(this), doL2LongDescEvent(this),
65 doL3LongDescEvent(this),
66 doProcessEvent(this)
67{
68 sctlr = 0;
69
70 // Cache system-level properties
71 if (FullSystem) {
72 armSys = dynamic_cast<ArmSystem *>(p->sys);
73 assert(armSys);
74 haveSecurity = armSys->haveSecurity();
75 _haveLPAE = armSys->haveLPAE();
76 _haveVirtualization = armSys->haveVirtualization();
77 physAddrRange = armSys->physAddrRange();
78 _haveLargeAsid64 = armSys->haveLargeAsid64();
79 } else {
80 armSys = NULL;
81 haveSecurity = _haveLPAE = _haveVirtualization = false;
82 _haveLargeAsid64 = false;
83 physAddrRange = 32;
84 }
85
86}
87
88TableWalker::~TableWalker()
89{
90 ;
91}
92
93TableWalker::WalkerState::WalkerState() : stage2Tran(NULL), l2Desc(l1Desc)
93TableWalker::WalkerState::WalkerState() :
94 tc(nullptr), aarch64(false), el(EL0), physAddrRange(0), req(nullptr),
95 asid(0), vmid(0), isHyp(false), transState(nullptr),
96 vaddr(0), vaddr_tainted(0), isWrite(false), isFetch(false), isSecure(false),
97 secureLookup(false), rwTable(false), userTable(false), xnTable(false),
98 pxnTable(false), stage2Req(false), doingStage2(false),
99 stage2Tran(nullptr), timing(false), functional(false),
100 mode(BaseTLB::Read), tranType(TLB::NormalTran), l2Desc(l1Desc),
101 delayed(false), tableWalker(nullptr)
102{
103}
104
105void
106TableWalker::completeDrain()
107{
108 if (drainManager && stateQueues[L1].empty() && stateQueues[L2].empty() &&
109 pendingQueue.empty()) {
110 setDrainState(Drainable::Drained);
111 DPRINTF(Drain, "TableWalker done draining, processing drain event\n");
112 drainManager->signalDrainDone();
113 drainManager = NULL;
114 }
115}
116
117unsigned int
118TableWalker::drain(DrainManager *dm)
119{
120 unsigned int count = port.drain(dm);
121
122 bool state_queues_not_empty = false;
123
124 for (int i = 0; i < MAX_LOOKUP_LEVELS; ++i) {
125 if (!stateQueues[i].empty()) {
126 state_queues_not_empty = true;
127 break;
128 }
129 }
130
131 if (state_queues_not_empty || pendingQueue.size()) {
132 drainManager = dm;
133 setDrainState(Drainable::Draining);
134 DPRINTF(Drain, "TableWalker not drained\n");
135
136 // return port drain count plus the table walker itself needs to drain
137 return count + 1;
138 } else {
139 setDrainState(Drainable::Drained);
140 DPRINTF(Drain, "TableWalker free, no need to drain\n");
141
142 // table walker is drained, but its ports may still need to be drained
143 return count;
144 }
145}
146
147void
148TableWalker::drainResume()
149{
150 Drainable::drainResume();
151 if (params()->sys->isTimingMode() && currState) {
152 delete currState;
153 currState = NULL;
154 }
155}
156
157BaseMasterPort&
158TableWalker::getMasterPort(const std::string &if_name, PortID idx)
159{
160 if (if_name == "port") {
161 return port;
162 }
163 return MemObject::getMasterPort(if_name, idx);
164}
165
166Fault
167TableWalker::walk(RequestPtr _req, ThreadContext *_tc, uint16_t _asid,
168 uint8_t _vmid, bool _isHyp, TLB::Mode _mode,
169 TLB::Translation *_trans, bool _timing, bool _functional,
170 bool secure, TLB::ArmTranslationType tranType)
171{
172 assert(!(_functional && _timing));
173 WalkerState *savedCurrState = NULL;
174
175 if (!currState && !_functional) {
176 // For atomic mode, a new WalkerState instance should be only created
177 // once per TLB. For timing mode, a new instance is generated for every
178 // TLB miss.
179 DPRINTF(TLBVerbose, "creating new instance of WalkerState\n");
180
181 currState = new WalkerState();
182 currState->tableWalker = this;
183 } else if (_functional) {
184 // If we are mixing functional mode with timing (or even
185 // atomic), we need to to be careful and clean up after
186 // ourselves to not risk getting into an inconsistent state.
187 DPRINTF(TLBVerbose, "creating functional instance of WalkerState\n");
188 savedCurrState = currState;
189 currState = new WalkerState();
190 currState->tableWalker = this;
191 } else if (_timing) {
192 // This is a translation that was completed and then faulted again
193 // because some underlying parameters that affect the translation
194 // changed out from under us (e.g. asid). It will either be a
195 // misprediction, in which case nothing will happen or we'll use
196 // this fault to re-execute the faulting instruction which should clean
197 // up everything.
198 if (currState->vaddr_tainted == _req->getVaddr()) {
199 return std::make_shared<ReExec>();
200 }
201 }
202
203 currState->tc = _tc;
204 currState->aarch64 = opModeIs64(currOpMode(_tc));
205 currState->el = currEL(_tc);
206 currState->transState = _trans;
207 currState->req = _req;
208 currState->fault = NoFault;
209 currState->asid = _asid;
210 currState->vmid = _vmid;
211 currState->isHyp = _isHyp;
212 currState->timing = _timing;
213 currState->functional = _functional;
214 currState->mode = _mode;
215 currState->tranType = tranType;
216 currState->isSecure = secure;
217 currState->physAddrRange = physAddrRange;
218
219 /** @todo These should be cached or grabbed from cached copies in
220 the TLB, all these miscreg reads are expensive */
221 currState->vaddr_tainted = currState->req->getVaddr();
222 if (currState->aarch64)
223 currState->vaddr = purifyTaggedAddr(currState->vaddr_tainted,
224 currState->tc, currState->el);
225 else
226 currState->vaddr = currState->vaddr_tainted;
227
228 if (currState->aarch64) {
229 switch (currState->el) {
230 case EL0:
231 case EL1:
232 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1);
233 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL1);
234 break;
235 // @todo: uncomment this to enable Virtualization
236 // case EL2:
237 // assert(haveVirtualization);
238 // currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL2);
239 // currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL2);
240 // break;
241 case EL3:
242 assert(haveSecurity);
243 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL3);
244 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL3);
245 break;
246 default:
247 panic("Invalid exception level");
248 break;
249 }
250 } else {
251 currState->sctlr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
252 MISCREG_SCTLR, currState->tc, !currState->isSecure));
253 currState->ttbcr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
254 MISCREG_TTBCR, currState->tc, !currState->isSecure));
255 currState->htcr = currState->tc->readMiscReg(MISCREG_HTCR);
256 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR);
257 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR);
258 }
259 sctlr = currState->sctlr;
260
261 currState->isFetch = (currState->mode == TLB::Execute);
262 currState->isWrite = (currState->mode == TLB::Write);
263
264 // We only do a second stage of translation if we're not secure, or in
265 // hyp mode, the second stage MMU is enabled, and this table walker
266 // instance is the first stage.
267 currState->doingStage2 = false;
268 // @todo: for now disable this in AArch64 (HCR is not set)
269 currState->stage2Req = !currState->aarch64 && currState->hcr.vm &&
270 !isStage2 && !currState->isSecure && !currState->isHyp;
271
272 bool long_desc_format = currState->aarch64 ||
273 (_haveLPAE && currState->ttbcr.eae) ||
274 _isHyp || isStage2;
275
276 if (long_desc_format) {
277 // Helper variables used for hierarchical permissions
278 currState->secureLookup = currState->isSecure;
279 currState->rwTable = true;
280 currState->userTable = true;
281 currState->xnTable = false;
282 currState->pxnTable = false;
283 }
284
285 if (!currState->timing) {
286 Fault fault = NoFault;
287 if (currState->aarch64)
288 fault = processWalkAArch64();
289 else if (long_desc_format)
290 fault = processWalkLPAE();
291 else
292 fault = processWalk();
293
294 // If this was a functional non-timing access restore state to
295 // how we found it.
296 if (currState->functional) {
297 delete currState;
298 currState = savedCurrState;
299 }
300 return fault;
301 }
302
303 if (pending || pendingQueue.size()) {
304 pendingQueue.push_back(currState);
305 currState = NULL;
306 } else {
307 pending = true;
308 if (currState->aarch64)
309 return processWalkAArch64();
310 else if (long_desc_format)
311 return processWalkLPAE();
312 else
313 return processWalk();
314 }
315
316 return NoFault;
317}
318
319void
320TableWalker::processWalkWrapper()
321{
322 assert(!currState);
323 assert(pendingQueue.size());
324 currState = pendingQueue.front();
325
326 ExceptionLevel target_el = EL0;
327 if (currState->aarch64)
328 target_el = currEL(currState->tc);
329 else
330 target_el = EL1;
331
332 // Check if a previous walk filled this request already
333 // @TODO Should this always be the TLB or should we look in the stage2 TLB?
334 TlbEntry* te = tlb->lookup(currState->vaddr, currState->asid,
335 currState->vmid, currState->isHyp, currState->isSecure, true, false,
336 target_el);
337
338 // Check if we still need to have a walk for this request. If the requesting
339 // instruction has been squashed, or a previous walk has filled the TLB with
340 // a match, we just want to get rid of the walk. The latter could happen
341 // when there are multiple outstanding misses to a single page and a
342 // previous request has been successfully translated.
343 if (!currState->transState->squashed() && !te) {
344 // We've got a valid request, lets process it
345 pending = true;
346 pendingQueue.pop_front();
347 if (currState->aarch64)
348 processWalkAArch64();
349 else if ((_haveLPAE && currState->ttbcr.eae) || currState->isHyp || isStage2)
350 processWalkLPAE();
351 else
352 processWalk();
353 return;
354 }
355
356
357 // If the instruction that we were translating for has been
358 // squashed we shouldn't bother.
359 unsigned num_squashed = 0;
360 ThreadContext *tc = currState->tc;
361 while ((num_squashed < numSquashable) && currState &&
362 (currState->transState->squashed() || te)) {
363 pendingQueue.pop_front();
364 num_squashed++;
365
366 DPRINTF(TLB, "Squashing table walk for address %#x\n",
367 currState->vaddr_tainted);
368
369 if (currState->transState->squashed()) {
370 // finish the translation which will delete the translation object
371 currState->transState->finish(
372 std::make_shared<UnimpFault>("Squashed Inst"),
373 currState->req, currState->tc, currState->mode);
374 } else {
375 // translate the request now that we know it will work
376 tlb->translateTiming(currState->req, currState->tc,
377 currState->transState, currState->mode);
378
379 }
380
381 // delete the current request
382 delete currState;
383
384 // peak at the next one
385 if (pendingQueue.size()) {
386 currState = pendingQueue.front();
387 te = tlb->lookup(currState->vaddr, currState->asid,
388 currState->vmid, currState->isHyp, currState->isSecure, true,
389 false, target_el);
390 } else {
391 // Terminate the loop, nothing more to do
392 currState = NULL;
393 }
394 }
395
396 // if we've still got pending translations schedule more work
397 nextWalk(tc);
398 currState = NULL;
399}
400
401Fault
402TableWalker::processWalk()
403{
404 Addr ttbr = 0;
405
406 // If translation isn't enabled, we shouldn't be here
407 assert(currState->sctlr.m || isStage2);
408
409 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x, bits:%#x\n",
410 currState->vaddr_tainted, currState->ttbcr, mbits(currState->vaddr, 31,
411 32 - currState->ttbcr.n));
412
413 if (currState->ttbcr.n == 0 || !mbits(currState->vaddr, 31,
414 32 - currState->ttbcr.n)) {
415 DPRINTF(TLB, " - Selecting TTBR0\n");
416 // Check if table walk is allowed when Security Extensions are enabled
417 if (haveSecurity && currState->ttbcr.pd0) {
418 if (currState->isFetch)
419 return std::make_shared<PrefetchAbort>(
420 currState->vaddr_tainted,
421 ArmFault::TranslationLL + L1,
422 isStage2,
423 ArmFault::VmsaTran);
424 else
425 return std::make_shared<DataAbort>(
426 currState->vaddr_tainted,
427 TlbEntry::DomainType::NoAccess, currState->isWrite,
428 ArmFault::TranslationLL + L1, isStage2,
429 ArmFault::VmsaTran);
430 }
431 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
432 MISCREG_TTBR0, currState->tc, !currState->isSecure));
433 } else {
434 DPRINTF(TLB, " - Selecting TTBR1\n");
435 // Check if table walk is allowed when Security Extensions are enabled
436 if (haveSecurity && currState->ttbcr.pd1) {
437 if (currState->isFetch)
438 return std::make_shared<PrefetchAbort>(
439 currState->vaddr_tainted,
440 ArmFault::TranslationLL + L1,
441 isStage2,
442 ArmFault::VmsaTran);
443 else
444 return std::make_shared<DataAbort>(
445 currState->vaddr_tainted,
446 TlbEntry::DomainType::NoAccess, currState->isWrite,
447 ArmFault::TranslationLL + L1, isStage2,
448 ArmFault::VmsaTran);
449 }
450 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
451 MISCREG_TTBR1, currState->tc, !currState->isSecure));
452 currState->ttbcr.n = 0;
453 }
454
455 Addr l1desc_addr = mbits(ttbr, 31, 14 - currState->ttbcr.n) |
456 (bits(currState->vaddr, 31 - currState->ttbcr.n, 20) << 2);
457 DPRINTF(TLB, " - Descriptor at address %#x (%s)\n", l1desc_addr,
458 currState->isSecure ? "s" : "ns");
459
460 // Trickbox address check
461 Fault f;
462 f = tlb->walkTrickBoxCheck(l1desc_addr, currState->isSecure,
463 currState->vaddr, sizeof(uint32_t), currState->isFetch,
464 currState->isWrite, TlbEntry::DomainType::NoAccess, L1);
465 if (f) {
466 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted);
467 if (currState->timing) {
468 pending = false;
469 nextWalk(currState->tc);
470 currState = NULL;
471 } else {
472 currState->tc = NULL;
473 currState->req = NULL;
474 }
475 return f;
476 }
477
478 Request::Flags flag = 0;
479 if (currState->sctlr.c == 0) {
480 flag = Request::UNCACHEABLE;
481 }
482
483 bool delayed;
484 delayed = fetchDescriptor(l1desc_addr, (uint8_t*)&currState->l1Desc.data,
485 sizeof(uint32_t), flag, L1, &doL1DescEvent,
486 &TableWalker::doL1Descriptor);
487 if (!delayed) {
488 f = currState->fault;
489 }
490
491 return f;
492}
493
494Fault
495TableWalker::processWalkLPAE()
496{
497 Addr ttbr, ttbr0_max, ttbr1_min, desc_addr;
498 int tsz, n;
499 LookupLevel start_lookup_level = L1;
500
501 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x\n",
502 currState->vaddr_tainted, currState->ttbcr);
503
504 Request::Flags flag = 0;
505 if (currState->isSecure)
506 flag.set(Request::SECURE);
507
508 // work out which base address register to use, if in hyp mode we always
509 // use HTTBR
510 if (isStage2) {
511 DPRINTF(TLB, " - Selecting VTTBR (long-desc.)\n");
512 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR);
513 tsz = sext<4>(currState->vtcr.t0sz);
514 start_lookup_level = currState->vtcr.sl0 ? L1 : L2;
515 } else if (currState->isHyp) {
516 DPRINTF(TLB, " - Selecting HTTBR (long-desc.)\n");
517 ttbr = currState->tc->readMiscReg(MISCREG_HTTBR);
518 tsz = currState->htcr.t0sz;
519 } else {
520 assert(_haveLPAE && currState->ttbcr.eae);
521
522 // Determine boundaries of TTBR0/1 regions
523 if (currState->ttbcr.t0sz)
524 ttbr0_max = (1ULL << (32 - currState->ttbcr.t0sz)) - 1;
525 else if (currState->ttbcr.t1sz)
526 ttbr0_max = (1ULL << 32) -
527 (1ULL << (32 - currState->ttbcr.t1sz)) - 1;
528 else
529 ttbr0_max = (1ULL << 32) - 1;
530 if (currState->ttbcr.t1sz)
531 ttbr1_min = (1ULL << 32) - (1ULL << (32 - currState->ttbcr.t1sz));
532 else
533 ttbr1_min = (1ULL << (32 - currState->ttbcr.t0sz));
534
535 // The following code snippet selects the appropriate translation table base
536 // address (TTBR0 or TTBR1) and the appropriate starting lookup level
537 // depending on the address range supported by the translation table (ARM
538 // ARM issue C B3.6.4)
539 if (currState->vaddr <= ttbr0_max) {
540 DPRINTF(TLB, " - Selecting TTBR0 (long-desc.)\n");
541 // Check if table walk is allowed
542 if (currState->ttbcr.epd0) {
543 if (currState->isFetch)
544 return std::make_shared<PrefetchAbort>(
545 currState->vaddr_tainted,
546 ArmFault::TranslationLL + L1,
547 isStage2,
548 ArmFault::LpaeTran);
549 else
550 return std::make_shared<DataAbort>(
551 currState->vaddr_tainted,
552 TlbEntry::DomainType::NoAccess,
553 currState->isWrite,
554 ArmFault::TranslationLL + L1,
555 isStage2,
556 ArmFault::LpaeTran);
557 }
558 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
559 MISCREG_TTBR0, currState->tc, !currState->isSecure));
560 tsz = currState->ttbcr.t0sz;
561 if (ttbr0_max < (1ULL << 30)) // Upper limit < 1 GB
562 start_lookup_level = L2;
563 } else if (currState->vaddr >= ttbr1_min) {
564 DPRINTF(TLB, " - Selecting TTBR1 (long-desc.)\n");
565 // Check if table walk is allowed
566 if (currState->ttbcr.epd1) {
567 if (currState->isFetch)
568 return std::make_shared<PrefetchAbort>(
569 currState->vaddr_tainted,
570 ArmFault::TranslationLL + L1,
571 isStage2,
572 ArmFault::LpaeTran);
573 else
574 return std::make_shared<DataAbort>(
575 currState->vaddr_tainted,
576 TlbEntry::DomainType::NoAccess,
577 currState->isWrite,
578 ArmFault::TranslationLL + L1,
579 isStage2,
580 ArmFault::LpaeTran);
581 }
582 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked(
583 MISCREG_TTBR1, currState->tc, !currState->isSecure));
584 tsz = currState->ttbcr.t1sz;
585 if (ttbr1_min >= (1ULL << 31) + (1ULL << 30)) // Lower limit >= 3 GB
586 start_lookup_level = L2;
587 } else {
588 // Out of boundaries -> translation fault
589 if (currState->isFetch)
590 return std::make_shared<PrefetchAbort>(
591 currState->vaddr_tainted,
592 ArmFault::TranslationLL + L1,
593 isStage2,
594 ArmFault::LpaeTran);
595 else
596 return std::make_shared<DataAbort>(
597 currState->vaddr_tainted,
598 TlbEntry::DomainType::NoAccess,
599 currState->isWrite, ArmFault::TranslationLL + L1,
600 isStage2, ArmFault::LpaeTran);
601 }
602
603 }
604
605 // Perform lookup (ARM ARM issue C B3.6.6)
606 if (start_lookup_level == L1) {
607 n = 5 - tsz;
608 desc_addr = mbits(ttbr, 39, n) |
609 (bits(currState->vaddr, n + 26, 30) << 3);
610 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n",
611 desc_addr, currState->isSecure ? "s" : "ns");
612 } else {
613 // Skip first-level lookup
614 n = (tsz >= 2 ? 14 - tsz : 12);
615 desc_addr = mbits(ttbr, 39, n) |
616 (bits(currState->vaddr, n + 17, 21) << 3);
617 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n",
618 desc_addr, currState->isSecure ? "s" : "ns");
619 }
620
621 // Trickbox address check
622 Fault f = tlb->walkTrickBoxCheck(desc_addr, currState->isSecure,
623 currState->vaddr, sizeof(uint64_t), currState->isFetch,
624 currState->isWrite, TlbEntry::DomainType::NoAccess,
625 start_lookup_level);
626 if (f) {
627 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted);
628 if (currState->timing) {
629 pending = false;
630 nextWalk(currState->tc);
631 currState = NULL;
632 } else {
633 currState->tc = NULL;
634 currState->req = NULL;
635 }
636 return f;
637 }
638
639 if (currState->sctlr.c == 0) {
640 flag = Request::UNCACHEABLE;
641 }
642
643 if (currState->isSecure)
644 flag.set(Request::SECURE);
645
646 currState->longDesc.lookupLevel = start_lookup_level;
647 currState->longDesc.aarch64 = false;
648 currState->longDesc.grainSize = Grain4KB;
649
650 Event *event = start_lookup_level == L1 ? (Event *) &doL1LongDescEvent
651 : (Event *) &doL2LongDescEvent;
652
653 bool delayed = fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data,
654 sizeof(uint64_t), flag, start_lookup_level,
655 event, &TableWalker::doLongDescriptor);
656 if (!delayed) {
657 f = currState->fault;
658 }
659
660 return f;
661}
662
663unsigned
664TableWalker::adjustTableSizeAArch64(unsigned tsz)
665{
666 if (tsz < 25)
667 return 25;
668 if (tsz > 48)
669 return 48;
670 return tsz;
671}
672
673bool
674TableWalker::checkAddrSizeFaultAArch64(Addr addr, int currPhysAddrRange)
675{
676 return (currPhysAddrRange != MaxPhysAddrRange &&
677 bits(addr, MaxPhysAddrRange - 1, currPhysAddrRange));
678}
679
680Fault
681TableWalker::processWalkAArch64()
682{
683 assert(currState->aarch64);
684
685 DPRINTF(TLB, "Beginning table walk for address %#llx, TCR: %#llx\n",
686 currState->vaddr_tainted, currState->tcr);
687
688 static const GrainSize GrainMapDefault[] =
689 { Grain4KB, Grain64KB, Grain16KB, ReservedGrain };
690 static const GrainSize GrainMap_EL1_tg1[] =
691 { ReservedGrain, Grain16KB, Grain4KB, Grain64KB };
692
693 // Determine TTBR, table size, granule size and phys. address range
694 Addr ttbr = 0;
695 int tsz = 0, ps = 0;
696 GrainSize tg = Grain4KB; // grain size computed from tg* field
697 bool fault = false;
698 switch (currState->el) {
699 case EL0:
700 case EL1:
701 switch (bits(currState->vaddr, 63,48)) {
702 case 0:
703 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n");
704 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL1);
705 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz);
706 tg = GrainMapDefault[currState->tcr.tg0];
707 if (bits(currState->vaddr, 63, tsz) != 0x0 ||
708 currState->tcr.epd0)
709 fault = true;
710 break;
711 case 0xffff:
712 DPRINTF(TLB, " - Selecting TTBR1 (AArch64)\n");
713 ttbr = currState->tc->readMiscReg(MISCREG_TTBR1_EL1);
714 tsz = adjustTableSizeAArch64(64 - currState->tcr.t1sz);
715 tg = GrainMap_EL1_tg1[currState->tcr.tg1];
716 if (bits(currState->vaddr, 63, tsz) != mask(64-tsz) ||
717 currState->tcr.epd1)
718 fault = true;
719 break;
720 default:
721 // top two bytes must be all 0s or all 1s, else invalid addr
722 fault = true;
723 }
724 ps = currState->tcr.ips;
725 break;
726 case EL2:
727 case EL3:
728 switch(bits(currState->vaddr, 63,48)) {
729 case 0:
730 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n");
731 if (currState->el == EL2)
732 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL2);
733 else
734 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL3);
735 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz);
736 tg = GrainMapDefault[currState->tcr.tg0];
737 break;
738 default:
739 // invalid addr if top two bytes are not all 0s
740 fault = true;
741 }
742 ps = currState->tcr.ips;
743 break;
744 }
745
746 if (fault) {
747 Fault f;
748 if (currState->isFetch)
749 f = std::make_shared<PrefetchAbort>(
750 currState->vaddr_tainted,
751 ArmFault::TranslationLL + L0, isStage2,
752 ArmFault::LpaeTran);
753 else
754 f = std::make_shared<DataAbort>(
755 currState->vaddr_tainted,
756 TlbEntry::DomainType::NoAccess,
757 currState->isWrite,
758 ArmFault::TranslationLL + L0,
759 isStage2, ArmFault::LpaeTran);
760
761 if (currState->timing) {
762 pending = false;
763 nextWalk(currState->tc);
764 currState = NULL;
765 } else {
766 currState->tc = NULL;
767 currState->req = NULL;
768 }
769 return f;
770
771 }
772
773 if (tg == ReservedGrain) {
774 warn_once("Reserved granule size requested; gem5's IMPLEMENTATION "
775 "DEFINED behavior takes this to mean 4KB granules\n");
776 tg = Grain4KB;
777 }
778
779 int stride = tg - 3;
780 LookupLevel start_lookup_level = MAX_LOOKUP_LEVELS;
781
782 // Determine starting lookup level
783 // See aarch64/translation/walk in Appendix G: ARMv8 Pseudocode Library
784 // in ARM DDI 0487A. These table values correspond to the cascading tests
785 // to compute the lookup level and are of the form
786 // (grain_size + N*stride), for N = {1, 2, 3}.
787 // A value of 64 will never succeed and a value of 0 will always succeed.
788 {
789 struct GrainMap {
790 GrainSize grain_size;
791 unsigned lookup_level_cutoff[MAX_LOOKUP_LEVELS];
792 };
793 static const GrainMap GM[] = {
794 { Grain4KB, { 39, 30, 0, 0 } },
795 { Grain16KB, { 47, 36, 25, 0 } },
796 { Grain64KB, { 64, 42, 29, 0 } }
797 };
798
799 const unsigned *lookup = NULL; // points to a lookup_level_cutoff
800
801 for (unsigned i = 0; i < 3; ++i) { // choose entry of GM[]
802 if (tg == GM[i].grain_size) {
803 lookup = GM[i].lookup_level_cutoff;
804 break;
805 }
806 }
807 assert(lookup);
808
809 for (int L = L0; L != MAX_LOOKUP_LEVELS; ++L) {
810 if (tsz > lookup[L]) {
811 start_lookup_level = (LookupLevel) L;
812 break;
813 }
814 }
815 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS,
816 "Table walker couldn't find lookup level\n");
817 }
818
819 // Determine table base address
820 int base_addr_lo = 3 + tsz - stride * (3 - start_lookup_level) - tg;
821 Addr base_addr = mbits(ttbr, 47, base_addr_lo);
822
823 // Determine physical address size and raise an Address Size Fault if
824 // necessary
825 int pa_range = decodePhysAddrRange64(ps);
826 // Clamp to lower limit
827 if (pa_range > physAddrRange)
828 currState->physAddrRange = physAddrRange;
829 else
830 currState->physAddrRange = pa_range;
831 if (checkAddrSizeFaultAArch64(base_addr, currState->physAddrRange)) {
832 DPRINTF(TLB, "Address size fault before any lookup\n");
833 Fault f;
834 if (currState->isFetch)
835 f = std::make_shared<PrefetchAbort>(
836 currState->vaddr_tainted,
837 ArmFault::AddressSizeLL + start_lookup_level,
838 isStage2,
839 ArmFault::LpaeTran);
840 else
841 f = std::make_shared<DataAbort>(
842 currState->vaddr_tainted,
843 TlbEntry::DomainType::NoAccess,
844 currState->isWrite,
845 ArmFault::AddressSizeLL + start_lookup_level,
846 isStage2,
847 ArmFault::LpaeTran);
848
849
850 if (currState->timing) {
851 pending = false;
852 nextWalk(currState->tc);
853 currState = NULL;
854 } else {
855 currState->tc = NULL;
856 currState->req = NULL;
857 }
858 return f;
859
860 }
861
862 // Determine descriptor address
863 Addr desc_addr = base_addr |
864 (bits(currState->vaddr, tsz - 1,
865 stride * (3 - start_lookup_level) + tg) << 3);
866
867 // Trickbox address check
868 Fault f = tlb->walkTrickBoxCheck(desc_addr, currState->isSecure,
869 currState->vaddr, sizeof(uint64_t), currState->isFetch,
870 currState->isWrite, TlbEntry::DomainType::NoAccess,
871 start_lookup_level);
872 if (f) {
873 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted);
874 if (currState->timing) {
875 pending = false;
876 nextWalk(currState->tc);
877 currState = NULL;
878 } else {
879 currState->tc = NULL;
880 currState->req = NULL;
881 }
882 return f;
883 }
884
885 Request::Flags flag = 0;
886 if (currState->sctlr.c == 0) {
887 flag = Request::UNCACHEABLE;
888 }
889
890 currState->longDesc.lookupLevel = start_lookup_level;
891 currState->longDesc.aarch64 = true;
892 currState->longDesc.grainSize = tg;
893
894 if (currState->timing) {
895 Event *event;
896 switch (start_lookup_level) {
897 case L0:
898 event = (Event *) &doL0LongDescEvent;
899 break;
900 case L1:
901 event = (Event *) &doL1LongDescEvent;
902 break;
903 case L2:
904 event = (Event *) &doL2LongDescEvent;
905 break;
906 case L3:
907 event = (Event *) &doL3LongDescEvent;
908 break;
909 default:
910 panic("Invalid table lookup level");
911 break;
912 }
913 port.dmaAction(MemCmd::ReadReq, desc_addr, sizeof(uint64_t), event,
914 (uint8_t*) &currState->longDesc.data,
915 currState->tc->getCpuPtr()->clockPeriod(), flag);
916 DPRINTF(TLBVerbose,
917 "Adding to walker fifo: queue size before adding: %d\n",
918 stateQueues[start_lookup_level].size());
919 stateQueues[start_lookup_level].push_back(currState);
920 currState = NULL;
921 } else if (!currState->functional) {
922 port.dmaAction(MemCmd::ReadReq, desc_addr, sizeof(uint64_t),
923 NULL, (uint8_t*) &currState->longDesc.data,
924 currState->tc->getCpuPtr()->clockPeriod(), flag);
925 doLongDescriptor();
926 f = currState->fault;
927 } else {
928 RequestPtr req = new Request(desc_addr, sizeof(uint64_t), flag,
929 masterId);
930 PacketPtr pkt = new Packet(req, MemCmd::ReadReq);
931 pkt->dataStatic((uint8_t*) &currState->longDesc.data);
932 port.sendFunctional(pkt);
933 doLongDescriptor();
934 delete req;
935 delete pkt;
936 f = currState->fault;
937 }
938
939 return f;
940}
941
942void
943TableWalker::memAttrs(ThreadContext *tc, TlbEntry &te, SCTLR sctlr,
944 uint8_t texcb, bool s)
945{
946 // Note: tc and sctlr local variables are hiding tc and sctrl class
947 // variables
948 DPRINTF(TLBVerbose, "memAttrs texcb:%d s:%d\n", texcb, s);
949 te.shareable = false; // default value
950 te.nonCacheable = false;
951 te.outerShareable = false;
952 if (sctlr.tre == 0 || ((sctlr.tre == 1) && (sctlr.m == 0))) {
953 switch(texcb) {
954 case 0: // Stongly-ordered
955 te.nonCacheable = true;
956 te.mtype = TlbEntry::MemoryType::StronglyOrdered;
957 te.shareable = true;
958 te.innerAttrs = 1;
959 te.outerAttrs = 0;
960 break;
961 case 1: // Shareable Device
962 te.nonCacheable = true;
963 te.mtype = TlbEntry::MemoryType::Device;
964 te.shareable = true;
965 te.innerAttrs = 3;
966 te.outerAttrs = 0;
967 break;
968 case 2: // Outer and Inner Write-Through, no Write-Allocate
969 te.mtype = TlbEntry::MemoryType::Normal;
970 te.shareable = s;
971 te.innerAttrs = 6;
972 te.outerAttrs = bits(texcb, 1, 0);
973 break;
974 case 3: // Outer and Inner Write-Back, no Write-Allocate
975 te.mtype = TlbEntry::MemoryType::Normal;
976 te.shareable = s;
977 te.innerAttrs = 7;
978 te.outerAttrs = bits(texcb, 1, 0);
979 break;
980 case 4: // Outer and Inner Non-cacheable
981 te.nonCacheable = true;
982 te.mtype = TlbEntry::MemoryType::Normal;
983 te.shareable = s;
984 te.innerAttrs = 0;
985 te.outerAttrs = bits(texcb, 1, 0);
986 break;
987 case 5: // Reserved
988 panic("Reserved texcb value!\n");
989 break;
990 case 6: // Implementation Defined
991 panic("Implementation-defined texcb value!\n");
992 break;
993 case 7: // Outer and Inner Write-Back, Write-Allocate
994 te.mtype = TlbEntry::MemoryType::Normal;
995 te.shareable = s;
996 te.innerAttrs = 5;
997 te.outerAttrs = 1;
998 break;
999 case 8: // Non-shareable Device
1000 te.nonCacheable = true;
1001 te.mtype = TlbEntry::MemoryType::Device;
1002 te.shareable = false;
1003 te.innerAttrs = 3;
1004 te.outerAttrs = 0;
1005 break;
1006 case 9 ... 15: // Reserved
1007 panic("Reserved texcb value!\n");
1008 break;
1009 case 16 ... 31: // Cacheable Memory
1010 te.mtype = TlbEntry::MemoryType::Normal;
1011 te.shareable = s;
1012 if (bits(texcb, 1,0) == 0 || bits(texcb, 3,2) == 0)
1013 te.nonCacheable = true;
1014 te.innerAttrs = bits(texcb, 1, 0);
1015 te.outerAttrs = bits(texcb, 3, 2);
1016 break;
1017 default:
1018 panic("More than 32 states for 5 bits?\n");
1019 }
1020 } else {
1021 assert(tc);
1022 PRRR prrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_PRRR,
1023 currState->tc, !currState->isSecure));
1024 NMRR nmrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_NMRR,
1025 currState->tc, !currState->isSecure));
1026 DPRINTF(TLBVerbose, "memAttrs PRRR:%08x NMRR:%08x\n", prrr, nmrr);
1027 uint8_t curr_tr = 0, curr_ir = 0, curr_or = 0;
1028 switch(bits(texcb, 2,0)) {
1029 case 0:
1030 curr_tr = prrr.tr0;
1031 curr_ir = nmrr.ir0;
1032 curr_or = nmrr.or0;
1033 te.outerShareable = (prrr.nos0 == 0);
1034 break;
1035 case 1:
1036 curr_tr = prrr.tr1;
1037 curr_ir = nmrr.ir1;
1038 curr_or = nmrr.or1;
1039 te.outerShareable = (prrr.nos1 == 0);
1040 break;
1041 case 2:
1042 curr_tr = prrr.tr2;
1043 curr_ir = nmrr.ir2;
1044 curr_or = nmrr.or2;
1045 te.outerShareable = (prrr.nos2 == 0);
1046 break;
1047 case 3:
1048 curr_tr = prrr.tr3;
1049 curr_ir = nmrr.ir3;
1050 curr_or = nmrr.or3;
1051 te.outerShareable = (prrr.nos3 == 0);
1052 break;
1053 case 4:
1054 curr_tr = prrr.tr4;
1055 curr_ir = nmrr.ir4;
1056 curr_or = nmrr.or4;
1057 te.outerShareable = (prrr.nos4 == 0);
1058 break;
1059 case 5:
1060 curr_tr = prrr.tr5;
1061 curr_ir = nmrr.ir5;
1062 curr_or = nmrr.or5;
1063 te.outerShareable = (prrr.nos5 == 0);
1064 break;
1065 case 6:
1066 panic("Imp defined type\n");
1067 case 7:
1068 curr_tr = prrr.tr7;
1069 curr_ir = nmrr.ir7;
1070 curr_or = nmrr.or7;
1071 te.outerShareable = (prrr.nos7 == 0);
1072 break;
1073 }
1074
1075 switch(curr_tr) {
1076 case 0:
1077 DPRINTF(TLBVerbose, "StronglyOrdered\n");
1078 te.mtype = TlbEntry::MemoryType::StronglyOrdered;
1079 te.nonCacheable = true;
1080 te.innerAttrs = 1;
1081 te.outerAttrs = 0;
1082 te.shareable = true;
1083 break;
1084 case 1:
1085 DPRINTF(TLBVerbose, "Device ds1:%d ds0:%d s:%d\n",
1086 prrr.ds1, prrr.ds0, s);
1087 te.mtype = TlbEntry::MemoryType::Device;
1088 te.nonCacheable = true;
1089 te.innerAttrs = 3;
1090 te.outerAttrs = 0;
1091 if (prrr.ds1 && s)
1092 te.shareable = true;
1093 if (prrr.ds0 && !s)
1094 te.shareable = true;
1095 break;
1096 case 2:
1097 DPRINTF(TLBVerbose, "Normal ns1:%d ns0:%d s:%d\n",
1098 prrr.ns1, prrr.ns0, s);
1099 te.mtype = TlbEntry::MemoryType::Normal;
1100 if (prrr.ns1 && s)
1101 te.shareable = true;
1102 if (prrr.ns0 && !s)
1103 te.shareable = true;
1104 break;
1105 case 3:
1106 panic("Reserved type");
1107 }
1108
1109 if (te.mtype == TlbEntry::MemoryType::Normal){
1110 switch(curr_ir) {
1111 case 0:
1112 te.nonCacheable = true;
1113 te.innerAttrs = 0;
1114 break;
1115 case 1:
1116 te.innerAttrs = 5;
1117 break;
1118 case 2:
1119 te.innerAttrs = 6;
1120 break;
1121 case 3:
1122 te.innerAttrs = 7;
1123 break;
1124 }
1125
1126 switch(curr_or) {
1127 case 0:
1128 te.nonCacheable = true;
1129 te.outerAttrs = 0;
1130 break;
1131 case 1:
1132 te.outerAttrs = 1;
1133 break;
1134 case 2:
1135 te.outerAttrs = 2;
1136 break;
1137 case 3:
1138 te.outerAttrs = 3;
1139 break;
1140 }
1141 }
1142 }
1143 DPRINTF(TLBVerbose, "memAttrs: shareable: %d, innerAttrs: %d, "
1144 "outerAttrs: %d\n",
1145 te.shareable, te.innerAttrs, te.outerAttrs);
1146 te.setAttributes(false);
1147}
1148
1149void
1150TableWalker::memAttrsLPAE(ThreadContext *tc, TlbEntry &te,
1151 LongDescriptor &lDescriptor)
1152{
1153 assert(_haveLPAE);
1154
1155 uint8_t attr;
1156 uint8_t sh = lDescriptor.sh();
1157 // Different format and source of attributes if this is a stage 2
1158 // translation
1159 if (isStage2) {
1160 attr = lDescriptor.memAttr();
1161 uint8_t attr_3_2 = (attr >> 2) & 0x3;
1162 uint8_t attr_1_0 = attr & 0x3;
1163
1164 DPRINTF(TLBVerbose, "memAttrsLPAE MemAttr:%#x sh:%#x\n", attr, sh);
1165
1166 if (attr_3_2 == 0) {
1167 te.mtype = attr_1_0 == 0 ? TlbEntry::MemoryType::StronglyOrdered
1168 : TlbEntry::MemoryType::Device;
1169 te.outerAttrs = 0;
1170 te.innerAttrs = attr_1_0 == 0 ? 1 : 3;
1171 te.nonCacheable = true;
1172 } else {
1173 te.mtype = TlbEntry::MemoryType::Normal;
1174 te.outerAttrs = attr_3_2 == 1 ? 0 :
1175 attr_3_2 == 2 ? 2 : 1;
1176 te.innerAttrs = attr_1_0 == 1 ? 0 :
1177 attr_1_0 == 2 ? 6 : 5;
1178 te.nonCacheable = (attr_3_2 == 1) || (attr_1_0 == 1);
1179 }
1180 } else {
1181 uint8_t attrIndx = lDescriptor.attrIndx();
1182
1183 // LPAE always uses remapping of memory attributes, irrespective of the
1184 // value of SCTLR.TRE
1185 MiscRegIndex reg = attrIndx & 0x4 ? MISCREG_MAIR1 : MISCREG_MAIR0;
1186 int reg_as_int = flattenMiscRegNsBanked(reg, currState->tc,
1187 !currState->isSecure);
1188 uint32_t mair = currState->tc->readMiscReg(reg_as_int);
1189 attr = (mair >> (8 * (attrIndx % 4))) & 0xff;
1190 uint8_t attr_7_4 = bits(attr, 7, 4);
1191 uint8_t attr_3_0 = bits(attr, 3, 0);
1192 DPRINTF(TLBVerbose, "memAttrsLPAE AttrIndx:%#x sh:%#x, attr %#x\n", attrIndx, sh, attr);
1193
1194 // Note: the memory subsystem only cares about the 'cacheable' memory
1195 // attribute. The other attributes are only used to fill the PAR register
1196 // accordingly to provide the illusion of full support
1197 te.nonCacheable = false;
1198
1199 switch (attr_7_4) {
1200 case 0x0:
1201 // Strongly-ordered or Device memory
1202 if (attr_3_0 == 0x0)
1203 te.mtype = TlbEntry::MemoryType::StronglyOrdered;
1204 else if (attr_3_0 == 0x4)
1205 te.mtype = TlbEntry::MemoryType::Device;
1206 else
1207 panic("Unpredictable behavior\n");
1208 te.nonCacheable = true;
1209 te.outerAttrs = 0;
1210 break;
1211 case 0x4:
1212 // Normal memory, Outer Non-cacheable
1213 te.mtype = TlbEntry::MemoryType::Normal;
1214 te.outerAttrs = 0;
1215 if (attr_3_0 == 0x4)
1216 // Inner Non-cacheable
1217 te.nonCacheable = true;
1218 else if (attr_3_0 < 0x8)
1219 panic("Unpredictable behavior\n");
1220 break;
1221 case 0x8:
1222 case 0x9:
1223 case 0xa:
1224 case 0xb:
1225 case 0xc:
1226 case 0xd:
1227 case 0xe:
1228 case 0xf:
1229 if (attr_7_4 & 0x4) {
1230 te.outerAttrs = (attr_7_4 & 1) ? 1 : 3;
1231 } else {
1232 te.outerAttrs = 0x2;
1233 }
1234 // Normal memory, Outer Cacheable
1235 te.mtype = TlbEntry::MemoryType::Normal;
1236 if (attr_3_0 != 0x4 && attr_3_0 < 0x8)
1237 panic("Unpredictable behavior\n");
1238 break;
1239 default:
1240 panic("Unpredictable behavior\n");
1241 break;
1242 }
1243
1244 switch (attr_3_0) {
1245 case 0x0:
1246 te.innerAttrs = 0x1;
1247 break;
1248 case 0x4:
1249 te.innerAttrs = attr_7_4 == 0 ? 0x3 : 0;
1250 break;
1251 case 0x8:
1252 case 0x9:
1253 case 0xA:
1254 case 0xB:
1255 te.innerAttrs = 6;
1256 break;
1257 case 0xC:
1258 case 0xD:
1259 case 0xE:
1260 case 0xF:
1261 te.innerAttrs = attr_3_0 & 1 ? 0x5 : 0x7;
1262 break;
1263 default:
1264 panic("Unpredictable behavior\n");
1265 break;
1266 }
1267 }
1268
1269 te.outerShareable = sh == 2;
1270 te.shareable = (sh & 0x2) ? true : false;
1271 te.setAttributes(true);
1272 te.attributes |= (uint64_t) attr << 56;
1273}
1274
1275void
1276TableWalker::memAttrsAArch64(ThreadContext *tc, TlbEntry &te, uint8_t attrIndx,
1277 uint8_t sh)
1278{
1279 DPRINTF(TLBVerbose, "memAttrsAArch64 AttrIndx:%#x sh:%#x\n", attrIndx, sh);
1280
1281 // Select MAIR
1282 uint64_t mair;
1283 switch (currState->el) {
1284 case EL0:
1285 case EL1:
1286 mair = tc->readMiscReg(MISCREG_MAIR_EL1);
1287 break;
1288 case EL2:
1289 mair = tc->readMiscReg(MISCREG_MAIR_EL2);
1290 break;
1291 case EL3:
1292 mair = tc->readMiscReg(MISCREG_MAIR_EL3);
1293 break;
1294 default:
1295 panic("Invalid exception level");
1296 break;
1297 }
1298
1299 // Select attributes
1300 uint8_t attr = bits(mair, 8 * attrIndx + 7, 8 * attrIndx);
1301 uint8_t attr_lo = bits(attr, 3, 0);
1302 uint8_t attr_hi = bits(attr, 7, 4);
1303
1304 // Memory type
1305 te.mtype = attr_hi == 0 ? TlbEntry::MemoryType::Device : TlbEntry::MemoryType::Normal;
1306
1307 // Cacheability
1308 te.nonCacheable = false;
1309 if (te.mtype == TlbEntry::MemoryType::Device || // Device memory
1310 attr_hi == 0x8 || // Normal memory, Outer Non-cacheable
1311 attr_lo == 0x8) { // Normal memory, Inner Non-cacheable
1312 te.nonCacheable = true;
1313 }
1314
1315 te.shareable = sh == 2;
1316 te.outerShareable = (sh & 0x2) ? true : false;
1317 // Attributes formatted according to the 64-bit PAR
1318 te.attributes = ((uint64_t) attr << 56) |
1319 (1 << 11) | // LPAE bit
1320 (te.ns << 9) | // NS bit
1321 (sh << 7);
1322}
1323
1324void
1325TableWalker::doL1Descriptor()
1326{
1327 if (currState->fault != NoFault) {
1328 return;
1329 }
1330
1331 DPRINTF(TLB, "L1 descriptor for %#x is %#x\n",
1332 currState->vaddr_tainted, currState->l1Desc.data);
1333 TlbEntry te;
1334
1335 switch (currState->l1Desc.type()) {
1336 case L1Descriptor::Ignore:
1337 case L1Descriptor::Reserved:
1338 if (!currState->timing) {
1339 currState->tc = NULL;
1340 currState->req = NULL;
1341 }
1342 DPRINTF(TLB, "L1 Descriptor Reserved/Ignore, causing fault\n");
1343 if (currState->isFetch)
1344 currState->fault =
1345 std::make_shared<PrefetchAbort>(
1346 currState->vaddr_tainted,
1347 ArmFault::TranslationLL + L1,
1348 isStage2,
1349 ArmFault::VmsaTran);
1350 else
1351 currState->fault =
1352 std::make_shared<DataAbort>(
1353 currState->vaddr_tainted,
1354 TlbEntry::DomainType::NoAccess,
1355 currState->isWrite,
1356 ArmFault::TranslationLL + L1, isStage2,
1357 ArmFault::VmsaTran);
1358 return;
1359 case L1Descriptor::Section:
1360 if (currState->sctlr.afe && bits(currState->l1Desc.ap(), 0) == 0) {
1361 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is
1362 * enabled if set, do l1.Desc.setAp0() instead of generating
1363 * AccessFlag0
1364 */
1365
1366 currState->fault = std::make_shared<DataAbort>(
1367 currState->vaddr_tainted,
1368 currState->l1Desc.domain(),
1369 currState->isWrite,
1370 ArmFault::AccessFlagLL + L1,
1371 isStage2,
1372 ArmFault::VmsaTran);
1373 }
1374 if (currState->l1Desc.supersection()) {
1375 panic("Haven't implemented supersections\n");
1376 }
1377 insertTableEntry(currState->l1Desc, false);
1378 return;
1379 case L1Descriptor::PageTable:
1380 {
1381 Addr l2desc_addr;
1382 l2desc_addr = currState->l1Desc.l2Addr() |
1383 (bits(currState->vaddr, 19, 12) << 2);
1384 DPRINTF(TLB, "L1 descriptor points to page table at: %#x (%s)\n",
1385 l2desc_addr, currState->isSecure ? "s" : "ns");
1386
1387 // Trickbox address check
1388 currState->fault = tlb->walkTrickBoxCheck(
1389 l2desc_addr, currState->isSecure, currState->vaddr,
1390 sizeof(uint32_t), currState->isFetch, currState->isWrite,
1391 currState->l1Desc.domain(), L2);
1392
1393 if (currState->fault) {
1394 if (!currState->timing) {
1395 currState->tc = NULL;
1396 currState->req = NULL;
1397 }
1398 return;
1399 }
1400
1401 Request::Flags flag = 0;
1402 if (currState->isSecure)
1403 flag.set(Request::SECURE);
1404
1405 bool delayed;
1406 delayed = fetchDescriptor(l2desc_addr,
1407 (uint8_t*)&currState->l2Desc.data,
1408 sizeof(uint32_t), flag, -1, &doL2DescEvent,
1409 &TableWalker::doL2Descriptor);
1410 if (delayed) {
1411 currState->delayed = true;
1412 }
1413
1414 return;
1415 }
1416 default:
1417 panic("A new type in a 2 bit field?\n");
1418 }
1419}
1420
1421void
1422TableWalker::doLongDescriptor()
1423{
1424 if (currState->fault != NoFault) {
1425 return;
1426 }
1427
1428 DPRINTF(TLB, "L%d descriptor for %#llx is %#llx (%s)\n",
1429 currState->longDesc.lookupLevel, currState->vaddr_tainted,
1430 currState->longDesc.data,
1431 currState->aarch64 ? "AArch64" : "long-desc.");
1432
1433 if ((currState->longDesc.type() == LongDescriptor::Block) ||
1434 (currState->longDesc.type() == LongDescriptor::Page)) {
1435 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, pxn: %d, "
1436 "xn: %d, ap: %d, af: %d, type: %d\n",
1437 currState->longDesc.lookupLevel,
1438 currState->longDesc.data,
1439 currState->longDesc.pxn(),
1440 currState->longDesc.xn(),
1441 currState->longDesc.ap(),
1442 currState->longDesc.af(),
1443 currState->longDesc.type());
1444 } else {
1445 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, type: %d\n",
1446 currState->longDesc.lookupLevel,
1447 currState->longDesc.data,
1448 currState->longDesc.type());
1449 }
1450
1451 TlbEntry te;
1452
1453 switch (currState->longDesc.type()) {
1454 case LongDescriptor::Invalid:
1455 if (!currState->timing) {
1456 currState->tc = NULL;
1457 currState->req = NULL;
1458 }
1459
1460 DPRINTF(TLB, "L%d descriptor Invalid, causing fault type %d\n",
1461 currState->longDesc.lookupLevel,
1462 ArmFault::TranslationLL + currState->longDesc.lookupLevel);
1463 if (currState->isFetch)
1464 currState->fault = std::make_shared<PrefetchAbort>(
1465 currState->vaddr_tainted,
1466 ArmFault::TranslationLL + currState->longDesc.lookupLevel,
1467 isStage2,
1468 ArmFault::LpaeTran);
1469 else
1470 currState->fault = std::make_shared<DataAbort>(
1471 currState->vaddr_tainted,
1472 TlbEntry::DomainType::NoAccess,
1473 currState->isWrite,
1474 ArmFault::TranslationLL + currState->longDesc.lookupLevel,
1475 isStage2,
1476 ArmFault::LpaeTran);
1477 return;
1478 case LongDescriptor::Block:
1479 case LongDescriptor::Page:
1480 {
1481 bool fault = false;
1482 bool aff = false;
1483 // Check for address size fault
1484 if (checkAddrSizeFaultAArch64(
1485 mbits(currState->longDesc.data, MaxPhysAddrRange - 1,
1486 currState->longDesc.offsetBits()),
1487 currState->physAddrRange)) {
1488 fault = true;
1489 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n",
1490 currState->longDesc.lookupLevel);
1491 // Check for access fault
1492 } else if (currState->longDesc.af() == 0) {
1493 fault = true;
1494 DPRINTF(TLB, "L%d descriptor causing Access Fault\n",
1495 currState->longDesc.lookupLevel);
1496 aff = true;
1497 }
1498 if (fault) {
1499 if (currState->isFetch)
1500 currState->fault = std::make_shared<PrefetchAbort>(
1501 currState->vaddr_tainted,
1502 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) +
1503 currState->longDesc.lookupLevel,
1504 isStage2,
1505 ArmFault::LpaeTran);
1506 else
1507 currState->fault = std::make_shared<DataAbort>(
1508 currState->vaddr_tainted,
1509 TlbEntry::DomainType::NoAccess, currState->isWrite,
1510 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) +
1511 currState->longDesc.lookupLevel,
1512 isStage2,
1513 ArmFault::LpaeTran);
1514 } else {
1515 insertTableEntry(currState->longDesc, true);
1516 }
1517 }
1518 return;
1519 case LongDescriptor::Table:
1520 {
1521 // Set hierarchical permission flags
1522 currState->secureLookup = currState->secureLookup &&
1523 currState->longDesc.secureTable();
1524 currState->rwTable = currState->rwTable &&
1525 currState->longDesc.rwTable();
1526 currState->userTable = currState->userTable &&
1527 currState->longDesc.userTable();
1528 currState->xnTable = currState->xnTable ||
1529 currState->longDesc.xnTable();
1530 currState->pxnTable = currState->pxnTable ||
1531 currState->longDesc.pxnTable();
1532
1533 // Set up next level lookup
1534 Addr next_desc_addr = currState->longDesc.nextDescAddr(
1535 currState->vaddr);
1536
1537 DPRINTF(TLB, "L%d descriptor points to L%d descriptor at: %#x (%s)\n",
1538 currState->longDesc.lookupLevel,
1539 currState->longDesc.lookupLevel + 1,
1540 next_desc_addr,
1541 currState->secureLookup ? "s" : "ns");
1542
1543 // Check for address size fault
1544 if (currState->aarch64 && checkAddrSizeFaultAArch64(
1545 next_desc_addr, currState->physAddrRange)) {
1546 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n",
1547 currState->longDesc.lookupLevel);
1548 if (currState->isFetch)
1549 currState->fault = std::make_shared<PrefetchAbort>(
1550 currState->vaddr_tainted,
1551 ArmFault::AddressSizeLL
1552 + currState->longDesc.lookupLevel,
1553 isStage2,
1554 ArmFault::LpaeTran);
1555 else
1556 currState->fault = std::make_shared<DataAbort>(
1557 currState->vaddr_tainted,
1558 TlbEntry::DomainType::NoAccess, currState->isWrite,
1559 ArmFault::AddressSizeLL
1560 + currState->longDesc.lookupLevel,
1561 isStage2,
1562 ArmFault::LpaeTran);
1563 return;
1564 }
1565
1566 // Trickbox address check
1567 currState->fault = tlb->walkTrickBoxCheck(
1568 next_desc_addr, currState->vaddr,
1569 currState->vaddr, sizeof(uint64_t),
1570 currState->isFetch, currState->isWrite,
1571 TlbEntry::DomainType::Client,
1572 toLookupLevel(currState->longDesc.lookupLevel +1));
1573
1574 if (currState->fault) {
1575 if (!currState->timing) {
1576 currState->tc = NULL;
1577 currState->req = NULL;
1578 }
1579 return;
1580 }
1581
1582 Request::Flags flag = 0;
1583 if (currState->secureLookup)
1584 flag.set(Request::SECURE);
1585
1586 currState->longDesc.lookupLevel =
1587 (LookupLevel) (currState->longDesc.lookupLevel + 1);
1588 Event *event = NULL;
1589 switch (currState->longDesc.lookupLevel) {
1590 case L1:
1591 assert(currState->aarch64);
1592 event = &doL1LongDescEvent;
1593 break;
1594 case L2:
1595 event = &doL2LongDescEvent;
1596 break;
1597 case L3:
1598 event = &doL3LongDescEvent;
1599 break;
1600 default:
1601 panic("Wrong lookup level in table walk\n");
1602 break;
1603 }
1604
1605 bool delayed;
1606 delayed = fetchDescriptor(next_desc_addr, (uint8_t*)&currState->longDesc.data,
1607 sizeof(uint64_t), flag, -1, event,
1608 &TableWalker::doLongDescriptor);
1609 if (delayed) {
1610 currState->delayed = true;
1611 }
1612 }
1613 return;
1614 default:
1615 panic("A new type in a 2 bit field?\n");
1616 }
1617}
1618
1619void
1620TableWalker::doL2Descriptor()
1621{
1622 if (currState->fault != NoFault) {
1623 return;
1624 }
1625
1626 DPRINTF(TLB, "L2 descriptor for %#x is %#x\n",
1627 currState->vaddr_tainted, currState->l2Desc.data);
1628 TlbEntry te;
1629
1630 if (currState->l2Desc.invalid()) {
1631 DPRINTF(TLB, "L2 descriptor invalid, causing fault\n");
1632 if (!currState->timing) {
1633 currState->tc = NULL;
1634 currState->req = NULL;
1635 }
1636 if (currState->isFetch)
1637 currState->fault = std::make_shared<PrefetchAbort>(
1638 currState->vaddr_tainted,
1639 ArmFault::TranslationLL + L2,
1640 isStage2,
1641 ArmFault::VmsaTran);
1642 else
1643 currState->fault = std::make_shared<DataAbort>(
1644 currState->vaddr_tainted, currState->l1Desc.domain(),
1645 currState->isWrite, ArmFault::TranslationLL + L2,
1646 isStage2,
1647 ArmFault::VmsaTran);
1648 return;
1649 }
1650
1651 if (currState->sctlr.afe && bits(currState->l2Desc.ap(), 0) == 0) {
1652 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is enabled
1653 * if set, do l2.Desc.setAp0() instead of generating AccessFlag0
1654 */
1655 DPRINTF(TLB, "Generating access fault at L2, afe: %d, ap: %d\n",
1656 currState->sctlr.afe, currState->l2Desc.ap());
1657
1658 currState->fault = std::make_shared<DataAbort>(
1659 currState->vaddr_tainted,
1660 TlbEntry::DomainType::NoAccess, currState->isWrite,
1661 ArmFault::AccessFlagLL + L2, isStage2,
1662 ArmFault::VmsaTran);
1663 }
1664
1665 insertTableEntry(currState->l2Desc, false);
1666}
1667
1668void
1669TableWalker::doL1DescriptorWrapper()
1670{
1671 currState = stateQueues[L1].front();
1672 currState->delayed = false;
1673 // if there's a stage2 translation object we don't need it any more
1674 if (currState->stage2Tran) {
1675 delete currState->stage2Tran;
1676 currState->stage2Tran = NULL;
1677 }
1678
1679
1680 DPRINTF(TLBVerbose, "L1 Desc object host addr: %p\n",&currState->l1Desc.data);
1681 DPRINTF(TLBVerbose, "L1 Desc object data: %08x\n",currState->l1Desc.data);
1682
1683 DPRINTF(TLBVerbose, "calling doL1Descriptor for vaddr:%#x\n", currState->vaddr_tainted);
1684 doL1Descriptor();
1685
1686 stateQueues[L1].pop_front();
1687 // Check if fault was generated
1688 if (currState->fault != NoFault) {
1689 currState->transState->finish(currState->fault, currState->req,
1690 currState->tc, currState->mode);
1691
1692 pending = false;
1693 nextWalk(currState->tc);
1694
1695 currState->req = NULL;
1696 currState->tc = NULL;
1697 currState->delayed = false;
1698 delete currState;
1699 }
1700 else if (!currState->delayed) {
1701 // delay is not set so there is no L2 to do
1702 // Don't finish the translation if a stage 2 look up is underway
1703 if (!currState->doingStage2) {
1704 DPRINTF(TLBVerbose, "calling translateTiming again\n");
1705 currState->fault = tlb->translateTiming(currState->req, currState->tc,
1706 currState->transState, currState->mode);
1707 }
1708
1709 pending = false;
1710 nextWalk(currState->tc);
1711
1712 currState->req = NULL;
1713 currState->tc = NULL;
1714 currState->delayed = false;
1715 delete currState;
1716 } else {
1717 // need to do L2 descriptor
1718 stateQueues[L2].push_back(currState);
1719 }
1720 currState = NULL;
1721}
1722
1723void
1724TableWalker::doL2DescriptorWrapper()
1725{
1726 currState = stateQueues[L2].front();
1727 assert(currState->delayed);
1728 // if there's a stage2 translation object we don't need it any more
1729 if (currState->stage2Tran) {
1730 delete currState->stage2Tran;
1731 currState->stage2Tran = NULL;
1732 }
1733
1734 DPRINTF(TLBVerbose, "calling doL2Descriptor for vaddr:%#x\n",
1735 currState->vaddr_tainted);
1736 doL2Descriptor();
1737
1738 // Check if fault was generated
1739 if (currState->fault != NoFault) {
1740 currState->transState->finish(currState->fault, currState->req,
1741 currState->tc, currState->mode);
1742 }
1743 else {
1744 // Don't finish the translation if a stage 2 look up is underway
1745 if (!currState->doingStage2) {
1746 DPRINTF(TLBVerbose, "calling translateTiming again\n");
1747 currState->fault = tlb->translateTiming(currState->req,
1748 currState->tc, currState->transState, currState->mode);
1749 }
1750 }
1751
1752
1753 stateQueues[L2].pop_front();
1754 pending = false;
1755 nextWalk(currState->tc);
1756
1757 currState->req = NULL;
1758 currState->tc = NULL;
1759 currState->delayed = false;
1760
1761 delete currState;
1762 currState = NULL;
1763}
1764
1765void
1766TableWalker::doL0LongDescriptorWrapper()
1767{
1768 doLongDescriptorWrapper(L0);
1769}
1770
1771void
1772TableWalker::doL1LongDescriptorWrapper()
1773{
1774 doLongDescriptorWrapper(L1);
1775}
1776
1777void
1778TableWalker::doL2LongDescriptorWrapper()
1779{
1780 doLongDescriptorWrapper(L2);
1781}
1782
1783void
1784TableWalker::doL3LongDescriptorWrapper()
1785{
1786 doLongDescriptorWrapper(L3);
1787}
1788
1789void
1790TableWalker::doLongDescriptorWrapper(LookupLevel curr_lookup_level)
1791{
1792 currState = stateQueues[curr_lookup_level].front();
1793 assert(curr_lookup_level == currState->longDesc.lookupLevel);
1794 currState->delayed = false;
1795
1796 // if there's a stage2 translation object we don't need it any more
1797 if (currState->stage2Tran) {
1798 delete currState->stage2Tran;
1799 currState->stage2Tran = NULL;
1800 }
1801
1802 DPRINTF(TLBVerbose, "calling doLongDescriptor for vaddr:%#x\n",
1803 currState->vaddr_tainted);
1804 doLongDescriptor();
1805
1806 stateQueues[curr_lookup_level].pop_front();
1807
1808 if (currState->fault != NoFault) {
1809 // A fault was generated
1810 currState->transState->finish(currState->fault, currState->req,
1811 currState->tc, currState->mode);
1812
1813 pending = false;
1814 nextWalk(currState->tc);
1815
1816 currState->req = NULL;
1817 currState->tc = NULL;
1818 currState->delayed = false;
1819 delete currState;
1820 } else if (!currState->delayed) {
1821 // No additional lookups required
1822 // Don't finish the translation if a stage 2 look up is underway
1823 if (!currState->doingStage2) {
1824 DPRINTF(TLBVerbose, "calling translateTiming again\n");
1825 currState->fault = tlb->translateTiming(currState->req, currState->tc,
1826 currState->transState,
1827 currState->mode);
1828 }
1829
1830 pending = false;
1831 nextWalk(currState->tc);
1832
1833 currState->req = NULL;
1834 currState->tc = NULL;
1835 currState->delayed = false;
1836 delete currState;
1837 } else {
1838 if (curr_lookup_level >= MAX_LOOKUP_LEVELS - 1)
1839 panic("Max. number of lookups already reached in table walk\n");
1840 // Need to perform additional lookups
1841 stateQueues[currState->longDesc.lookupLevel].push_back(currState);
1842 }
1843 currState = NULL;
1844}
1845
1846
1847void
1848TableWalker::nextWalk(ThreadContext *tc)
1849{
1850 if (pendingQueue.size())
1851 schedule(doProcessEvent, clockEdge(Cycles(1)));
1852 else
1853 completeDrain();
1854}
1855
1856bool
1857TableWalker::fetchDescriptor(Addr descAddr, uint8_t *data, int numBytes,
1858 Request::Flags flags, int queueIndex, Event *event,
1859 void (TableWalker::*doDescriptor)())
1860{
1861 bool isTiming = currState->timing;
1862
1863 // do the requests for the page table descriptors have to go through the
1864 // second stage MMU
1865 if (currState->stage2Req) {
1866 Fault fault;
1867 flags = flags | TLB::MustBeOne;
1868
1869 if (isTiming) {
1870 Stage2MMU::Stage2Translation *tran = new
1871 Stage2MMU::Stage2Translation(*stage2Mmu, data, event,
1872 currState->vaddr);
1873 currState->stage2Tran = tran;
1874 stage2Mmu->readDataTimed(currState->tc, descAddr, tran, numBytes,
1875 flags, masterId);
1876 fault = tran->fault;
1877 } else {
1878 fault = stage2Mmu->readDataUntimed(currState->tc,
1879 currState->vaddr, descAddr, data, numBytes, flags, masterId,
1880 currState->functional);
1881 }
1882
1883 if (fault != NoFault) {
1884 currState->fault = fault;
1885 }
1886 if (isTiming) {
1887 if (queueIndex >= 0) {
1888 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n",
1889 stateQueues[queueIndex].size());
1890 stateQueues[queueIndex].push_back(currState);
1891 currState = NULL;
1892 }
1893 } else {
1894 (this->*doDescriptor)();
1895 }
1896 } else {
1897 if (isTiming) {
1898 port.dmaAction(MemCmd::ReadReq, descAddr, numBytes, event, data,
1899 currState->tc->getCpuPtr()->clockPeriod(), flags);
1900 if (queueIndex >= 0) {
1901 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n",
1902 stateQueues[queueIndex].size());
1903 stateQueues[queueIndex].push_back(currState);
1904 currState = NULL;
1905 }
1906 } else if (!currState->functional) {
1907 port.dmaAction(MemCmd::ReadReq, descAddr, numBytes, NULL, data,
1908 currState->tc->getCpuPtr()->clockPeriod(), flags);
1909 (this->*doDescriptor)();
1910 } else {
1911 RequestPtr req = new Request(descAddr, numBytes, flags, masterId);
1912 req->taskId(ContextSwitchTaskId::DMA);
1913 PacketPtr pkt = new Packet(req, MemCmd::ReadReq);
1914 pkt->dataStatic(data);
1915 port.sendFunctional(pkt);
1916 (this->*doDescriptor)();
1917 delete req;
1918 delete pkt;
1919 }
1920 }
1921 return (isTiming);
1922}
1923
1924void
1925TableWalker::insertTableEntry(DescriptorBase &descriptor, bool longDescriptor)
1926{
1927 TlbEntry te;
1928
1929 // Create and fill a new page table entry
1930 te.valid = true;
1931 te.longDescFormat = longDescriptor;
1932 te.isHyp = currState->isHyp;
1933 te.asid = currState->asid;
1934 te.vmid = currState->vmid;
1935 te.N = descriptor.offsetBits();
1936 te.vpn = currState->vaddr >> te.N;
1937 te.size = (1<<te.N) - 1;
1938 te.pfn = descriptor.pfn();
1939 te.domain = descriptor.domain();
1940 te.lookupLevel = descriptor.lookupLevel;
1941 te.ns = !descriptor.secure(haveSecurity, currState) || isStage2;
1942 te.nstid = !currState->isSecure;
1943 te.xn = descriptor.xn();
1944 if (currState->aarch64)
1945 te.el = currState->el;
1946 else
1947 te.el = 1;
1948
1949 // ASID has no meaning for stage 2 TLB entries, so mark all stage 2 entries
1950 // as global
1951 te.global = descriptor.global(currState) || isStage2;
1952 if (longDescriptor) {
1953 LongDescriptor lDescriptor =
1954 dynamic_cast<LongDescriptor &>(descriptor);
1955
1956 te.xn |= currState->xnTable;
1957 te.pxn = currState->pxnTable || lDescriptor.pxn();
1958 if (isStage2) {
1959 // this is actually the HAP field, but its stored in the same bit
1960 // possitions as the AP field in a stage 1 translation.
1961 te.hap = lDescriptor.ap();
1962 } else {
1963 te.ap = ((!currState->rwTable || descriptor.ap() >> 1) << 1) |
1964 (currState->userTable && (descriptor.ap() & 0x1));
1965 }
1966 if (currState->aarch64)
1967 memAttrsAArch64(currState->tc, te, currState->longDesc.attrIndx(),
1968 currState->longDesc.sh());
1969 else
1970 memAttrsLPAE(currState->tc, te, lDescriptor);
1971 } else {
1972 te.ap = descriptor.ap();
1973 memAttrs(currState->tc, te, currState->sctlr, descriptor.texcb(),
1974 descriptor.shareable());
1975 }
1976
1977 // Debug output
1978 DPRINTF(TLB, descriptor.dbgHeader().c_str());
1979 DPRINTF(TLB, " - N:%d pfn:%#x size:%#x global:%d valid:%d\n",
1980 te.N, te.pfn, te.size, te.global, te.valid);
1981 DPRINTF(TLB, " - vpn:%#x xn:%d pxn:%d ap:%d domain:%d asid:%d "
1982 "vmid:%d hyp:%d nc:%d ns:%d\n", te.vpn, te.xn, te.pxn,
1983 te.ap, static_cast<uint8_t>(te.domain), te.asid, te.vmid, te.isHyp,
1984 te.nonCacheable, te.ns);
1985 DPRINTF(TLB, " - domain from L%d desc:%d data:%#x\n",
1986 descriptor.lookupLevel, static_cast<uint8_t>(descriptor.domain()),
1987 descriptor.getRawData());
1988
1989 // Insert the entry into the TLB
1990 tlb->insert(currState->vaddr, te);
1991 if (!currState->timing) {
1992 currState->tc = NULL;
1993 currState->req = NULL;
1994 }
1995}
1996
1997ArmISA::TableWalker *
1998ArmTableWalkerParams::create()
1999{
2000 return new ArmISA::TableWalker(this);
2001}
2002
2003LookupLevel
2004TableWalker::toLookupLevel(uint8_t lookup_level_as_int)
2005{
2006 switch (lookup_level_as_int) {
2007 case L1:
2008 return L1;
2009 case L2:
2010 return L2;
2011 case L3:
2012 return L3;
2013 default:
2014 panic("Invalid lookup level conversion");
2015 }
2016}