1/* 2 * Copyright (c) 2010, 2012-2016 ARM Limited 3 * All rights reserved 4 * 5 * The license below extends only to copyright in the software and shall 6 * not be construed as granting a license to any other intellectual 7 * property including but not limited to intellectual property relating 8 * to a hardware implementation of the functionality of the software 9 * licensed hereunder. You may use the software subject to the license 10 * terms below provided that you ensure that this notice is replicated 11 * unmodified and in its entirety in all distributions of the software, 12 * modified or unmodified, in source code or in binary form. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are 16 * met: redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer; 18 * redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution; 21 * neither the name of the copyright holders nor the names of its 22 * contributors may be used to endorse or promote products derived from 23 * this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 * 37 * Authors: Ali Saidi 38 * Giacomo Gabrielli 39 */ 40#include "arch/arm/table_walker.hh" 41 42#include <memory> 43 44#include "arch/arm/faults.hh" 45#include "arch/arm/stage2_mmu.hh" 46#include "arch/arm/system.hh" 47#include "arch/arm/tlb.hh" 48#include "cpu/base.hh" 49#include "cpu/thread_context.hh" 50#include "debug/Checkpoint.hh" 51#include "debug/Drain.hh" 52#include "debug/TLB.hh" 53#include "debug/TLBVerbose.hh" 54#include "dev/dma_device.hh" 55#include "sim/system.hh" 56 57using namespace ArmISA; 58 59TableWalker::TableWalker(const Params *p) 60 : MemObject(p), 61 stage2Mmu(NULL), port(NULL), masterId(Request::invldMasterId), 62 isStage2(p->is_stage2), tlb(NULL), 63 currState(NULL), pending(false), 64 numSquashable(p->num_squash_per_cycle), 65 pendingReqs(0), 66 pendingChangeTick(curTick()), 67 doL1DescEvent(this), doL2DescEvent(this),
|
68 doL0LongDescEvent(this), doL1LongDescEvent(this), doL2LongDescEvent(this),
69 doL3LongDescEvent(this),
|
68 doL0LongDescEvent(this), doL1LongDescEvent(this), 69 doL2LongDescEvent(this), doL3LongDescEvent(this), 70 LongDescEventByLevel { &doL0LongDescEvent, &doL1LongDescEvent, 71 &doL2LongDescEvent, &doL3LongDescEvent }, |
72 doProcessEvent(this) 73{ 74 sctlr = 0; 75 76 // Cache system-level properties 77 if (FullSystem) { 78 ArmSystem *armSys = dynamic_cast<ArmSystem *>(p->sys); 79 assert(armSys); 80 haveSecurity = armSys->haveSecurity(); 81 _haveLPAE = armSys->haveLPAE(); 82 _haveVirtualization = armSys->haveVirtualization(); 83 physAddrRange = armSys->physAddrRange(); 84 _haveLargeAsid64 = armSys->haveLargeAsid64(); 85 } else { 86 haveSecurity = _haveLPAE = _haveVirtualization = false; 87 _haveLargeAsid64 = false; 88 physAddrRange = 32; 89 } 90 91} 92 93TableWalker::~TableWalker() 94{ 95 ; 96} 97 98void 99TableWalker::setMMU(Stage2MMU *m, MasterID master_id) 100{ 101 stage2Mmu = m; 102 port = &m->getPort(); 103 masterId = master_id; 104} 105 106void 107TableWalker::init() 108{ 109 fatal_if(!stage2Mmu, "Table walker must have a valid stage-2 MMU\n"); 110 fatal_if(!port, "Table walker must have a valid port\n"); 111 fatal_if(!tlb, "Table walker must have a valid TLB\n"); 112} 113 114BaseMasterPort& 115TableWalker::getMasterPort(const std::string &if_name, PortID idx) 116{ 117 if (if_name == "port") { 118 if (!isStage2) { 119 return *port; 120 } else { 121 fatal("Cannot access table walker port through stage-two walker\n"); 122 } 123 } 124 return MemObject::getMasterPort(if_name, idx); 125} 126 127TableWalker::WalkerState::WalkerState() : 128 tc(nullptr), aarch64(false), el(EL0), physAddrRange(0), req(nullptr), 129 asid(0), vmid(0), isHyp(false), transState(nullptr), 130 vaddr(0), vaddr_tainted(0), isWrite(false), isFetch(false), isSecure(false), 131 secureLookup(false), rwTable(false), userTable(false), xnTable(false), 132 pxnTable(false), stage2Req(false), doingStage2(false), 133 stage2Tran(nullptr), timing(false), functional(false), 134 mode(BaseTLB::Read), tranType(TLB::NormalTran), l2Desc(l1Desc), 135 delayed(false), tableWalker(nullptr) 136{ 137} 138 139void 140TableWalker::completeDrain() 141{ 142 if (drainState() == DrainState::Draining &&
|
141 stateQueues[L1].empty() && stateQueues[L2].empty() &&
|
143 stateQueues[L0].empty() && stateQueues[L1].empty() && 144 stateQueues[L2].empty() && stateQueues[L3].empty() && |
145 pendingQueue.empty()) { 146 147 DPRINTF(Drain, "TableWalker done draining, processing drain event\n"); 148 signalDrainDone(); 149 } 150} 151 152DrainState 153TableWalker::drain() 154{ 155 bool state_queues_not_empty = false; 156 157 for (int i = 0; i < MAX_LOOKUP_LEVELS; ++i) { 158 if (!stateQueues[i].empty()) { 159 state_queues_not_empty = true; 160 break; 161 } 162 } 163 164 if (state_queues_not_empty || pendingQueue.size()) { 165 DPRINTF(Drain, "TableWalker not drained\n"); 166 return DrainState::Draining; 167 } else { 168 DPRINTF(Drain, "TableWalker free, no need to drain\n"); 169 return DrainState::Drained; 170 } 171} 172 173void 174TableWalker::drainResume() 175{ 176 if (params()->sys->isTimingMode() && currState) { 177 delete currState; 178 currState = NULL; 179 pendingChange(); 180 } 181} 182 183Fault 184TableWalker::walk(RequestPtr _req, ThreadContext *_tc, uint16_t _asid, 185 uint8_t _vmid, bool _isHyp, TLB::Mode _mode, 186 TLB::Translation *_trans, bool _timing, bool _functional, 187 bool secure, TLB::ArmTranslationType tranType, 188 bool _stage2Req) 189{ 190 assert(!(_functional && _timing)); 191 ++statWalks; 192 193 WalkerState *savedCurrState = NULL; 194 195 if (!currState && !_functional) { 196 // For atomic mode, a new WalkerState instance should be only created 197 // once per TLB. For timing mode, a new instance is generated for every 198 // TLB miss. 199 DPRINTF(TLBVerbose, "creating new instance of WalkerState\n"); 200 201 currState = new WalkerState(); 202 currState->tableWalker = this; 203 } else if (_functional) { 204 // If we are mixing functional mode with timing (or even 205 // atomic), we need to to be careful and clean up after 206 // ourselves to not risk getting into an inconsistent state. 207 DPRINTF(TLBVerbose, "creating functional instance of WalkerState\n"); 208 savedCurrState = currState; 209 currState = new WalkerState(); 210 currState->tableWalker = this; 211 } else if (_timing) { 212 // This is a translation that was completed and then faulted again 213 // because some underlying parameters that affect the translation 214 // changed out from under us (e.g. asid). It will either be a 215 // misprediction, in which case nothing will happen or we'll use 216 // this fault to re-execute the faulting instruction which should clean 217 // up everything. 218 if (currState->vaddr_tainted == _req->getVaddr()) { 219 ++statSquashedBefore; 220 return std::make_shared<ReExec>(); 221 } 222 } 223 pendingChange(); 224 225 currState->startTime = curTick(); 226 currState->tc = _tc; 227 // ARM DDI 0487A.f (ARMv8 ARM) pg J8-5672 228 // aarch32/translation/translation/AArch32.TranslateAddress dictates 229 // even AArch32 EL0 will use AArch64 translation if EL1 is in AArch64. 230 currState->aarch64 = isStage2 || opModeIs64(currOpMode(_tc)) || 231 ((currEL(_tc) == EL0) && ELIs64(_tc, EL1)); 232 currState->el = currEL(_tc); 233 currState->transState = _trans; 234 currState->req = _req; 235 currState->fault = NoFault; 236 currState->asid = _asid; 237 currState->vmid = _vmid; 238 currState->isHyp = _isHyp; 239 currState->timing = _timing; 240 currState->functional = _functional; 241 currState->mode = _mode; 242 currState->tranType = tranType; 243 currState->isSecure = secure; 244 currState->physAddrRange = physAddrRange; 245 246 /** @todo These should be cached or grabbed from cached copies in 247 the TLB, all these miscreg reads are expensive */ 248 currState->vaddr_tainted = currState->req->getVaddr(); 249 if (currState->aarch64) 250 currState->vaddr = purifyTaggedAddr(currState->vaddr_tainted, 251 currState->tc, currState->el); 252 else 253 currState->vaddr = currState->vaddr_tainted; 254 255 if (currState->aarch64) { 256 if (isStage2) { 257 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1); 258 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR_EL2); 259 } else switch (currState->el) { 260 case EL0: 261 case EL1: 262 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1); 263 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL1); 264 break; 265 case EL2: 266 assert(_haveVirtualization); 267 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL2); 268 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL2); 269 break; 270 case EL3: 271 assert(haveSecurity); 272 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL3); 273 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL3); 274 break; 275 default: 276 panic("Invalid exception level"); 277 break; 278 } 279 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR_EL2); 280 } else { 281 currState->sctlr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 282 MISCREG_SCTLR, currState->tc, !currState->isSecure)); 283 currState->ttbcr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 284 MISCREG_TTBCR, currState->tc, !currState->isSecure)); 285 currState->htcr = currState->tc->readMiscReg(MISCREG_HTCR); 286 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR); 287 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR); 288 } 289 sctlr = currState->sctlr; 290 291 currState->isFetch = (currState->mode == TLB::Execute); 292 currState->isWrite = (currState->mode == TLB::Write); 293 294 statRequestOrigin[REQUESTED][currState->isFetch]++; 295 296 // We only do a second stage of translation if we're not secure, or in 297 // hyp mode, the second stage MMU is enabled, and this table walker 298 // instance is the first stage. 299 // TODO: fix setting of doingStage2 for timing mode 300 currState->doingStage2 = false; 301 currState->stage2Req = _stage2Req && !isStage2; 302 303 bool long_desc_format = currState->aarch64 || _isHyp || isStage2 || 304 longDescFormatInUse(currState->tc); 305 306 if (long_desc_format) { 307 // Helper variables used for hierarchical permissions 308 currState->secureLookup = currState->isSecure; 309 currState->rwTable = true; 310 currState->userTable = true; 311 currState->xnTable = false; 312 currState->pxnTable = false; 313 314 ++statWalksLongDescriptor; 315 } else { 316 ++statWalksShortDescriptor; 317 } 318 319 if (!currState->timing) { 320 Fault fault = NoFault; 321 if (currState->aarch64) 322 fault = processWalkAArch64(); 323 else if (long_desc_format) 324 fault = processWalkLPAE(); 325 else 326 fault = processWalk(); 327 328 // If this was a functional non-timing access restore state to 329 // how we found it. 330 if (currState->functional) { 331 delete currState; 332 currState = savedCurrState; 333 } 334 return fault; 335 } 336 337 if (pending || pendingQueue.size()) { 338 pendingQueue.push_back(currState); 339 currState = NULL; 340 pendingChange(); 341 } else { 342 pending = true; 343 pendingChange(); 344 if (currState->aarch64) 345 return processWalkAArch64(); 346 else if (long_desc_format) 347 return processWalkLPAE(); 348 else 349 return processWalk(); 350 } 351 352 return NoFault; 353} 354 355void 356TableWalker::processWalkWrapper() 357{ 358 assert(!currState); 359 assert(pendingQueue.size()); 360 pendingChange(); 361 currState = pendingQueue.front(); 362 363 ExceptionLevel target_el = EL0; 364 if (currState->aarch64) 365 target_el = currEL(currState->tc); 366 else 367 target_el = EL1; 368 369 // Check if a previous walk filled this request already 370 // @TODO Should this always be the TLB or should we look in the stage2 TLB? 371 TlbEntry* te = tlb->lookup(currState->vaddr, currState->asid, 372 currState->vmid, currState->isHyp, currState->isSecure, true, false, 373 target_el); 374 375 // Check if we still need to have a walk for this request. If the requesting 376 // instruction has been squashed, or a previous walk has filled the TLB with 377 // a match, we just want to get rid of the walk. The latter could happen 378 // when there are multiple outstanding misses to a single page and a 379 // previous request has been successfully translated. 380 if (!currState->transState->squashed() && !te) { 381 // We've got a valid request, lets process it 382 pending = true; 383 pendingQueue.pop_front(); 384 // Keep currState in case one of the processWalk... calls NULLs it 385 WalkerState *curr_state_copy = currState; 386 Fault f; 387 if (currState->aarch64) 388 f = processWalkAArch64(); 389 else if (longDescFormatInUse(currState->tc) || 390 currState->isHyp || isStage2) 391 f = processWalkLPAE(); 392 else 393 f = processWalk(); 394 395 if (f != NoFault) { 396 curr_state_copy->transState->finish(f, curr_state_copy->req, 397 curr_state_copy->tc, curr_state_copy->mode); 398 399 delete curr_state_copy; 400 } 401 return; 402 } 403 404 405 // If the instruction that we were translating for has been 406 // squashed we shouldn't bother. 407 unsigned num_squashed = 0; 408 ThreadContext *tc = currState->tc; 409 while ((num_squashed < numSquashable) && currState && 410 (currState->transState->squashed() || te)) { 411 pendingQueue.pop_front(); 412 num_squashed++; 413 statSquashedBefore++; 414 415 DPRINTF(TLB, "Squashing table walk for address %#x\n", 416 currState->vaddr_tainted); 417 418 if (currState->transState->squashed()) { 419 // finish the translation which will delete the translation object 420 currState->transState->finish( 421 std::make_shared<UnimpFault>("Squashed Inst"), 422 currState->req, currState->tc, currState->mode); 423 } else { 424 // translate the request now that we know it will work 425 statWalkServiceTime.sample(curTick() - currState->startTime); 426 tlb->translateTiming(currState->req, currState->tc, 427 currState->transState, currState->mode); 428 429 } 430 431 // delete the current request 432 delete currState; 433 434 // peak at the next one 435 if (pendingQueue.size()) { 436 currState = pendingQueue.front(); 437 te = tlb->lookup(currState->vaddr, currState->asid, 438 currState->vmid, currState->isHyp, currState->isSecure, true, 439 false, target_el); 440 } else { 441 // Terminate the loop, nothing more to do 442 currState = NULL; 443 } 444 } 445 pendingChange(); 446 447 // if we still have pending translations, schedule more work 448 nextWalk(tc); 449 currState = NULL; 450} 451 452Fault 453TableWalker::processWalk() 454{ 455 Addr ttbr = 0; 456 457 // If translation isn't enabled, we shouldn't be here 458 assert(currState->sctlr.m || isStage2); 459 460 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x, bits:%#x\n", 461 currState->vaddr_tainted, currState->ttbcr, mbits(currState->vaddr, 31, 462 32 - currState->ttbcr.n)); 463 464 statWalkWaitTime.sample(curTick() - currState->startTime); 465 466 if (currState->ttbcr.n == 0 || !mbits(currState->vaddr, 31, 467 32 - currState->ttbcr.n)) { 468 DPRINTF(TLB, " - Selecting TTBR0\n"); 469 // Check if table walk is allowed when Security Extensions are enabled 470 if (haveSecurity && currState->ttbcr.pd0) { 471 if (currState->isFetch) 472 return std::make_shared<PrefetchAbort>( 473 currState->vaddr_tainted, 474 ArmFault::TranslationLL + L1, 475 isStage2, 476 ArmFault::VmsaTran); 477 else 478 return std::make_shared<DataAbort>( 479 currState->vaddr_tainted, 480 TlbEntry::DomainType::NoAccess, currState->isWrite, 481 ArmFault::TranslationLL + L1, isStage2, 482 ArmFault::VmsaTran); 483 } 484 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 485 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 486 } else { 487 DPRINTF(TLB, " - Selecting TTBR1\n"); 488 // Check if table walk is allowed when Security Extensions are enabled 489 if (haveSecurity && currState->ttbcr.pd1) { 490 if (currState->isFetch) 491 return std::make_shared<PrefetchAbort>( 492 currState->vaddr_tainted, 493 ArmFault::TranslationLL + L1, 494 isStage2, 495 ArmFault::VmsaTran); 496 else 497 return std::make_shared<DataAbort>( 498 currState->vaddr_tainted, 499 TlbEntry::DomainType::NoAccess, currState->isWrite, 500 ArmFault::TranslationLL + L1, isStage2, 501 ArmFault::VmsaTran); 502 } 503 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 504 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 505 currState->ttbcr.n = 0; 506 } 507 508 Addr l1desc_addr = mbits(ttbr, 31, 14 - currState->ttbcr.n) | 509 (bits(currState->vaddr, 31 - currState->ttbcr.n, 20) << 2); 510 DPRINTF(TLB, " - Descriptor at address %#x (%s)\n", l1desc_addr, 511 currState->isSecure ? "s" : "ns"); 512 513 // Trickbox address check 514 Fault f; 515 f = testWalk(l1desc_addr, sizeof(uint32_t), 516 TlbEntry::DomainType::NoAccess, L1); 517 if (f) { 518 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 519 if (currState->timing) { 520 pending = false; 521 nextWalk(currState->tc); 522 currState = NULL; 523 } else { 524 currState->tc = NULL; 525 currState->req = NULL; 526 } 527 return f; 528 } 529 530 Request::Flags flag = Request::PT_WALK; 531 if (currState->sctlr.c == 0) { 532 flag.set(Request::UNCACHEABLE); 533 } 534 535 if (currState->isSecure) { 536 flag.set(Request::SECURE); 537 } 538 539 bool delayed; 540 delayed = fetchDescriptor(l1desc_addr, (uint8_t*)&currState->l1Desc.data, 541 sizeof(uint32_t), flag, L1, &doL1DescEvent, 542 &TableWalker::doL1Descriptor); 543 if (!delayed) { 544 f = currState->fault; 545 } 546 547 return f; 548} 549 550Fault 551TableWalker::processWalkLPAE() 552{ 553 Addr ttbr, ttbr0_max, ttbr1_min, desc_addr; 554 int tsz, n; 555 LookupLevel start_lookup_level = L1; 556 557 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x\n", 558 currState->vaddr_tainted, currState->ttbcr); 559 560 statWalkWaitTime.sample(curTick() - currState->startTime); 561 562 Request::Flags flag = Request::PT_WALK; 563 if (currState->isSecure) 564 flag.set(Request::SECURE); 565 566 // work out which base address register to use, if in hyp mode we always 567 // use HTTBR 568 if (isStage2) { 569 DPRINTF(TLB, " - Selecting VTTBR (long-desc.)\n"); 570 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR); 571 tsz = sext<4>(currState->vtcr.t0sz); 572 start_lookup_level = currState->vtcr.sl0 ? L1 : L2; 573 } else if (currState->isHyp) { 574 DPRINTF(TLB, " - Selecting HTTBR (long-desc.)\n"); 575 ttbr = currState->tc->readMiscReg(MISCREG_HTTBR); 576 tsz = currState->htcr.t0sz; 577 } else { 578 assert(longDescFormatInUse(currState->tc)); 579 580 // Determine boundaries of TTBR0/1 regions 581 if (currState->ttbcr.t0sz) 582 ttbr0_max = (1ULL << (32 - currState->ttbcr.t0sz)) - 1; 583 else if (currState->ttbcr.t1sz) 584 ttbr0_max = (1ULL << 32) - 585 (1ULL << (32 - currState->ttbcr.t1sz)) - 1; 586 else 587 ttbr0_max = (1ULL << 32) - 1; 588 if (currState->ttbcr.t1sz) 589 ttbr1_min = (1ULL << 32) - (1ULL << (32 - currState->ttbcr.t1sz)); 590 else 591 ttbr1_min = (1ULL << (32 - currState->ttbcr.t0sz)); 592 593 // The following code snippet selects the appropriate translation table base 594 // address (TTBR0 or TTBR1) and the appropriate starting lookup level 595 // depending on the address range supported by the translation table (ARM 596 // ARM issue C B3.6.4) 597 if (currState->vaddr <= ttbr0_max) { 598 DPRINTF(TLB, " - Selecting TTBR0 (long-desc.)\n"); 599 // Check if table walk is allowed 600 if (currState->ttbcr.epd0) { 601 if (currState->isFetch) 602 return std::make_shared<PrefetchAbort>( 603 currState->vaddr_tainted, 604 ArmFault::TranslationLL + L1, 605 isStage2, 606 ArmFault::LpaeTran); 607 else 608 return std::make_shared<DataAbort>( 609 currState->vaddr_tainted, 610 TlbEntry::DomainType::NoAccess, 611 currState->isWrite, 612 ArmFault::TranslationLL + L1, 613 isStage2, 614 ArmFault::LpaeTran); 615 } 616 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 617 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 618 tsz = currState->ttbcr.t0sz; 619 if (ttbr0_max < (1ULL << 30)) // Upper limit < 1 GB 620 start_lookup_level = L2; 621 } else if (currState->vaddr >= ttbr1_min) { 622 DPRINTF(TLB, " - Selecting TTBR1 (long-desc.)\n"); 623 // Check if table walk is allowed 624 if (currState->ttbcr.epd1) { 625 if (currState->isFetch) 626 return std::make_shared<PrefetchAbort>( 627 currState->vaddr_tainted, 628 ArmFault::TranslationLL + L1, 629 isStage2, 630 ArmFault::LpaeTran); 631 else 632 return std::make_shared<DataAbort>( 633 currState->vaddr_tainted, 634 TlbEntry::DomainType::NoAccess, 635 currState->isWrite, 636 ArmFault::TranslationLL + L1, 637 isStage2, 638 ArmFault::LpaeTran); 639 } 640 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 641 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 642 tsz = currState->ttbcr.t1sz; 643 if (ttbr1_min >= (1ULL << 31) + (1ULL << 30)) // Lower limit >= 3 GB 644 start_lookup_level = L2; 645 } else { 646 // Out of boundaries -> translation fault 647 if (currState->isFetch) 648 return std::make_shared<PrefetchAbort>( 649 currState->vaddr_tainted, 650 ArmFault::TranslationLL + L1, 651 isStage2, 652 ArmFault::LpaeTran); 653 else 654 return std::make_shared<DataAbort>( 655 currState->vaddr_tainted, 656 TlbEntry::DomainType::NoAccess, 657 currState->isWrite, ArmFault::TranslationLL + L1, 658 isStage2, ArmFault::LpaeTran); 659 } 660 661 } 662 663 // Perform lookup (ARM ARM issue C B3.6.6) 664 if (start_lookup_level == L1) { 665 n = 5 - tsz; 666 desc_addr = mbits(ttbr, 39, n) | 667 (bits(currState->vaddr, n + 26, 30) << 3); 668 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 669 desc_addr, currState->isSecure ? "s" : "ns"); 670 } else { 671 // Skip first-level lookup 672 n = (tsz >= 2 ? 14 - tsz : 12); 673 desc_addr = mbits(ttbr, 39, n) | 674 (bits(currState->vaddr, n + 17, 21) << 3); 675 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 676 desc_addr, currState->isSecure ? "s" : "ns"); 677 } 678 679 // Trickbox address check 680 Fault f = testWalk(desc_addr, sizeof(uint64_t), 681 TlbEntry::DomainType::NoAccess, start_lookup_level); 682 if (f) { 683 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 684 if (currState->timing) { 685 pending = false; 686 nextWalk(currState->tc); 687 currState = NULL; 688 } else { 689 currState->tc = NULL; 690 currState->req = NULL; 691 } 692 return f; 693 } 694 695 if (currState->sctlr.c == 0) { 696 flag.set(Request::UNCACHEABLE); 697 } 698 699 currState->longDesc.lookupLevel = start_lookup_level; 700 currState->longDesc.aarch64 = false; 701 currState->longDesc.grainSize = Grain4KB; 702
|
700 Event *event = start_lookup_level == L1 ? (Event *) &doL1LongDescEvent
701 : (Event *) &doL2LongDescEvent;
702
|
703 bool delayed = fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data, 704 sizeof(uint64_t), flag, start_lookup_level,
|
705 event, &TableWalker::doLongDescriptor);
|
705 LongDescEventByLevel[start_lookup_level], 706 &TableWalker::doLongDescriptor); |
707 if (!delayed) { 708 f = currState->fault; 709 } 710 711 return f; 712} 713 714unsigned 715TableWalker::adjustTableSizeAArch64(unsigned tsz) 716{ 717 if (tsz < 25) 718 return 25; 719 if (tsz > 48) 720 return 48; 721 return tsz; 722} 723 724bool 725TableWalker::checkAddrSizeFaultAArch64(Addr addr, int currPhysAddrRange) 726{ 727 return (currPhysAddrRange != MaxPhysAddrRange && 728 bits(addr, MaxPhysAddrRange - 1, currPhysAddrRange)); 729} 730 731Fault 732TableWalker::processWalkAArch64() 733{ 734 assert(currState->aarch64); 735 736 DPRINTF(TLB, "Beginning table walk for address %#llx, TCR: %#llx\n", 737 currState->vaddr_tainted, currState->tcr); 738 739 static const GrainSize GrainMapDefault[] = 740 { Grain4KB, Grain64KB, Grain16KB, ReservedGrain }; 741 static const GrainSize GrainMap_EL1_tg1[] = 742 { ReservedGrain, Grain16KB, Grain4KB, Grain64KB }; 743 744 statWalkWaitTime.sample(curTick() - currState->startTime); 745 746 // Determine TTBR, table size, granule size and phys. address range 747 Addr ttbr = 0; 748 int tsz = 0, ps = 0; 749 GrainSize tg = Grain4KB; // grain size computed from tg* field 750 bool fault = false; 751 752 LookupLevel start_lookup_level = MAX_LOOKUP_LEVELS; 753 754 switch (currState->el) { 755 case EL0: 756 case EL1: 757 if (isStage2) { 758 DPRINTF(TLB, " - Selecting VTTBR0 (AArch64 stage 2)\n"); 759 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR_EL2); 760 tsz = 64 - currState->vtcr.t0sz64; 761 tg = GrainMapDefault[currState->vtcr.tg0]; 762 // ARM DDI 0487A.f D7-2148 763 // The starting level of stage 2 translation depends on 764 // VTCR_EL2.SL0 and VTCR_EL2.TG0 765 LookupLevel __ = MAX_LOOKUP_LEVELS; // invalid level 766 uint8_t sl_tg = (currState->vtcr.sl0 << 2) | currState->vtcr.tg0; 767 static const LookupLevel SLL[] = { 768 L2, L3, L3, __, // sl0 == 0 769 L1, L2, L2, __, // sl0 == 1, etc. 770 L0, L1, L1, __, 771 __, __, __, __ 772 }; 773 start_lookup_level = SLL[sl_tg]; 774 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS, 775 "Cannot discern lookup level from vtcr.{sl0,tg0}"); 776 } else switch (bits(currState->vaddr, 63,48)) { 777 case 0: 778 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 779 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL1); 780 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 781 tg = GrainMapDefault[currState->tcr.tg0]; 782 if (bits(currState->vaddr, 63, tsz) != 0x0 || 783 currState->tcr.epd0) 784 fault = true; 785 break; 786 case 0xffff: 787 DPRINTF(TLB, " - Selecting TTBR1 (AArch64)\n"); 788 ttbr = currState->tc->readMiscReg(MISCREG_TTBR1_EL1); 789 tsz = adjustTableSizeAArch64(64 - currState->tcr.t1sz); 790 tg = GrainMap_EL1_tg1[currState->tcr.tg1]; 791 if (bits(currState->vaddr, 63, tsz) != mask(64-tsz) || 792 currState->tcr.epd1) 793 fault = true; 794 break; 795 default: 796 // top two bytes must be all 0s or all 1s, else invalid addr 797 fault = true; 798 } 799 ps = currState->tcr.ips; 800 break; 801 case EL2: 802 case EL3: 803 switch(bits(currState->vaddr, 63,48)) { 804 case 0: 805 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 806 if (currState->el == EL2) 807 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL2); 808 else 809 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL3); 810 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 811 tg = GrainMapDefault[currState->tcr.tg0]; 812 break; 813 default: 814 // invalid addr if top two bytes are not all 0s 815 fault = true; 816 } 817 ps = currState->tcr.ips; 818 break; 819 } 820 821 if (fault) { 822 Fault f; 823 if (currState->isFetch) 824 f = std::make_shared<PrefetchAbort>( 825 currState->vaddr_tainted, 826 ArmFault::TranslationLL + L0, isStage2, 827 ArmFault::LpaeTran); 828 else 829 f = std::make_shared<DataAbort>( 830 currState->vaddr_tainted, 831 TlbEntry::DomainType::NoAccess, 832 currState->isWrite, 833 ArmFault::TranslationLL + L0, 834 isStage2, ArmFault::LpaeTran); 835 836 if (currState->timing) { 837 pending = false; 838 nextWalk(currState->tc); 839 currState = NULL; 840 } else { 841 currState->tc = NULL; 842 currState->req = NULL; 843 } 844 return f; 845 846 } 847 848 if (tg == ReservedGrain) { 849 warn_once("Reserved granule size requested; gem5's IMPLEMENTATION " 850 "DEFINED behavior takes this to mean 4KB granules\n"); 851 tg = Grain4KB; 852 } 853 854 // Determine starting lookup level 855 // See aarch64/translation/walk in Appendix G: ARMv8 Pseudocode Library 856 // in ARM DDI 0487A. These table values correspond to the cascading tests 857 // to compute the lookup level and are of the form 858 // (grain_size + N*stride), for N = {1, 2, 3}. 859 // A value of 64 will never succeed and a value of 0 will always succeed. 860 if (start_lookup_level == MAX_LOOKUP_LEVELS) { 861 struct GrainMap { 862 GrainSize grain_size; 863 unsigned lookup_level_cutoff[MAX_LOOKUP_LEVELS]; 864 }; 865 static const GrainMap GM[] = { 866 { Grain4KB, { 39, 30, 0, 0 } }, 867 { Grain16KB, { 47, 36, 25, 0 } }, 868 { Grain64KB, { 64, 42, 29, 0 } } 869 }; 870 871 const unsigned *lookup = NULL; // points to a lookup_level_cutoff 872 873 for (unsigned i = 0; i < 3; ++i) { // choose entry of GM[] 874 if (tg == GM[i].grain_size) { 875 lookup = GM[i].lookup_level_cutoff; 876 break; 877 } 878 } 879 assert(lookup); 880 881 for (int L = L0; L != MAX_LOOKUP_LEVELS; ++L) { 882 if (tsz > lookup[L]) { 883 start_lookup_level = (LookupLevel) L; 884 break; 885 } 886 } 887 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS, 888 "Table walker couldn't find lookup level\n"); 889 } 890 891 int stride = tg - 3; 892 893 // Determine table base address 894 int base_addr_lo = 3 + tsz - stride * (3 - start_lookup_level) - tg; 895 Addr base_addr = mbits(ttbr, 47, base_addr_lo); 896 897 // Determine physical address size and raise an Address Size Fault if 898 // necessary 899 int pa_range = decodePhysAddrRange64(ps); 900 // Clamp to lower limit 901 if (pa_range > physAddrRange) 902 currState->physAddrRange = physAddrRange; 903 else 904 currState->physAddrRange = pa_range; 905 if (checkAddrSizeFaultAArch64(base_addr, currState->physAddrRange)) { 906 DPRINTF(TLB, "Address size fault before any lookup\n"); 907 Fault f; 908 if (currState->isFetch) 909 f = std::make_shared<PrefetchAbort>( 910 currState->vaddr_tainted, 911 ArmFault::AddressSizeLL + start_lookup_level, 912 isStage2, 913 ArmFault::LpaeTran); 914 else 915 f = std::make_shared<DataAbort>( 916 currState->vaddr_tainted, 917 TlbEntry::DomainType::NoAccess, 918 currState->isWrite, 919 ArmFault::AddressSizeLL + start_lookup_level, 920 isStage2, 921 ArmFault::LpaeTran); 922 923 924 if (currState->timing) { 925 pending = false; 926 nextWalk(currState->tc); 927 currState = NULL; 928 } else { 929 currState->tc = NULL; 930 currState->req = NULL; 931 } 932 return f; 933 934 } 935 936 // Determine descriptor address 937 Addr desc_addr = base_addr | 938 (bits(currState->vaddr, tsz - 1, 939 stride * (3 - start_lookup_level) + tg) << 3); 940 941 // Trickbox address check 942 Fault f = testWalk(desc_addr, sizeof(uint64_t), 943 TlbEntry::DomainType::NoAccess, start_lookup_level); 944 if (f) { 945 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 946 if (currState->timing) { 947 pending = false; 948 nextWalk(currState->tc); 949 currState = NULL; 950 } else { 951 currState->tc = NULL; 952 currState->req = NULL; 953 } 954 return f; 955 } 956 957 Request::Flags flag = Request::PT_WALK; 958 if (currState->sctlr.c == 0) { 959 flag.set(Request::UNCACHEABLE); 960 } 961 962 if (currState->isSecure) { 963 flag.set(Request::SECURE); 964 } 965 966 currState->longDesc.lookupLevel = start_lookup_level; 967 currState->longDesc.aarch64 = true; 968 currState->longDesc.grainSize = tg; 969 970 if (currState->timing) {
|
970 Event *event;
971 switch (start_lookup_level) {
972 case L0:
973 event = (Event *) &doL0LongDescEvent;
974 break;
975 case L1:
976 event = (Event *) &doL1LongDescEvent;
977 break;
978 case L2:
979 event = (Event *) &doL2LongDescEvent;
980 break;
981 case L3:
982 event = (Event *) &doL3LongDescEvent;
983 break;
984 default:
985 panic("Invalid table lookup level");
986 break;
987 }
988 port->dmaAction(MemCmd::ReadReq, desc_addr, sizeof(uint64_t),
989 event, (uint8_t*) &currState->longDesc.data,
990 currState->tc->getCpuPtr()->clockPeriod(), flag);
991 DPRINTF(TLBVerbose,
992 "Adding to walker fifo: queue size before adding: %d\n",
993 stateQueues[start_lookup_level].size());
994 stateQueues[start_lookup_level].push_back(currState);
995 currState = NULL;
|
971 fetchDescriptor(desc_addr, (uint8_t*) &currState->longDesc.data, 972 sizeof(uint64_t), flag, start_lookup_level, 973 LongDescEventByLevel[start_lookup_level], NULL); |
974 } else { 975 fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data, 976 sizeof(uint64_t), flag, -1, NULL, 977 &TableWalker::doLongDescriptor); 978 f = currState->fault; 979 } 980 981 return f; 982} 983 984void 985TableWalker::memAttrs(ThreadContext *tc, TlbEntry &te, SCTLR sctlr, 986 uint8_t texcb, bool s) 987{ 988 // Note: tc and sctlr local variables are hiding tc and sctrl class 989 // variables 990 DPRINTF(TLBVerbose, "memAttrs texcb:%d s:%d\n", texcb, s); 991 te.shareable = false; // default value 992 te.nonCacheable = false; 993 te.outerShareable = false; 994 if (sctlr.tre == 0 || ((sctlr.tre == 1) && (sctlr.m == 0))) { 995 switch(texcb) { 996 case 0: // Stongly-ordered 997 te.nonCacheable = true; 998 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 999 te.shareable = true; 1000 te.innerAttrs = 1; 1001 te.outerAttrs = 0; 1002 break; 1003 case 1: // Shareable Device 1004 te.nonCacheable = true; 1005 te.mtype = TlbEntry::MemoryType::Device; 1006 te.shareable = true; 1007 te.innerAttrs = 3; 1008 te.outerAttrs = 0; 1009 break; 1010 case 2: // Outer and Inner Write-Through, no Write-Allocate 1011 te.mtype = TlbEntry::MemoryType::Normal; 1012 te.shareable = s; 1013 te.innerAttrs = 6; 1014 te.outerAttrs = bits(texcb, 1, 0); 1015 break; 1016 case 3: // Outer and Inner Write-Back, no Write-Allocate 1017 te.mtype = TlbEntry::MemoryType::Normal; 1018 te.shareable = s; 1019 te.innerAttrs = 7; 1020 te.outerAttrs = bits(texcb, 1, 0); 1021 break; 1022 case 4: // Outer and Inner Non-cacheable 1023 te.nonCacheable = true; 1024 te.mtype = TlbEntry::MemoryType::Normal; 1025 te.shareable = s; 1026 te.innerAttrs = 0; 1027 te.outerAttrs = bits(texcb, 1, 0); 1028 break; 1029 case 5: // Reserved 1030 panic("Reserved texcb value!\n"); 1031 break; 1032 case 6: // Implementation Defined 1033 panic("Implementation-defined texcb value!\n"); 1034 break; 1035 case 7: // Outer and Inner Write-Back, Write-Allocate 1036 te.mtype = TlbEntry::MemoryType::Normal; 1037 te.shareable = s; 1038 te.innerAttrs = 5; 1039 te.outerAttrs = 1; 1040 break; 1041 case 8: // Non-shareable Device 1042 te.nonCacheable = true; 1043 te.mtype = TlbEntry::MemoryType::Device; 1044 te.shareable = false; 1045 te.innerAttrs = 3; 1046 te.outerAttrs = 0; 1047 break; 1048 case 9 ... 15: // Reserved 1049 panic("Reserved texcb value!\n"); 1050 break; 1051 case 16 ... 31: // Cacheable Memory 1052 te.mtype = TlbEntry::MemoryType::Normal; 1053 te.shareable = s; 1054 if (bits(texcb, 1,0) == 0 || bits(texcb, 3,2) == 0) 1055 te.nonCacheable = true; 1056 te.innerAttrs = bits(texcb, 1, 0); 1057 te.outerAttrs = bits(texcb, 3, 2); 1058 break; 1059 default: 1060 panic("More than 32 states for 5 bits?\n"); 1061 } 1062 } else { 1063 assert(tc); 1064 PRRR prrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_PRRR, 1065 currState->tc, !currState->isSecure)); 1066 NMRR nmrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_NMRR, 1067 currState->tc, !currState->isSecure)); 1068 DPRINTF(TLBVerbose, "memAttrs PRRR:%08x NMRR:%08x\n", prrr, nmrr); 1069 uint8_t curr_tr = 0, curr_ir = 0, curr_or = 0; 1070 switch(bits(texcb, 2,0)) { 1071 case 0: 1072 curr_tr = prrr.tr0; 1073 curr_ir = nmrr.ir0; 1074 curr_or = nmrr.or0; 1075 te.outerShareable = (prrr.nos0 == 0); 1076 break; 1077 case 1: 1078 curr_tr = prrr.tr1; 1079 curr_ir = nmrr.ir1; 1080 curr_or = nmrr.or1; 1081 te.outerShareable = (prrr.nos1 == 0); 1082 break; 1083 case 2: 1084 curr_tr = prrr.tr2; 1085 curr_ir = nmrr.ir2; 1086 curr_or = nmrr.or2; 1087 te.outerShareable = (prrr.nos2 == 0); 1088 break; 1089 case 3: 1090 curr_tr = prrr.tr3; 1091 curr_ir = nmrr.ir3; 1092 curr_or = nmrr.or3; 1093 te.outerShareable = (prrr.nos3 == 0); 1094 break; 1095 case 4: 1096 curr_tr = prrr.tr4; 1097 curr_ir = nmrr.ir4; 1098 curr_or = nmrr.or4; 1099 te.outerShareable = (prrr.nos4 == 0); 1100 break; 1101 case 5: 1102 curr_tr = prrr.tr5; 1103 curr_ir = nmrr.ir5; 1104 curr_or = nmrr.or5; 1105 te.outerShareable = (prrr.nos5 == 0); 1106 break; 1107 case 6: 1108 panic("Imp defined type\n"); 1109 case 7: 1110 curr_tr = prrr.tr7; 1111 curr_ir = nmrr.ir7; 1112 curr_or = nmrr.or7; 1113 te.outerShareable = (prrr.nos7 == 0); 1114 break; 1115 } 1116 1117 switch(curr_tr) { 1118 case 0: 1119 DPRINTF(TLBVerbose, "StronglyOrdered\n"); 1120 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1121 te.nonCacheable = true; 1122 te.innerAttrs = 1; 1123 te.outerAttrs = 0; 1124 te.shareable = true; 1125 break; 1126 case 1: 1127 DPRINTF(TLBVerbose, "Device ds1:%d ds0:%d s:%d\n", 1128 prrr.ds1, prrr.ds0, s); 1129 te.mtype = TlbEntry::MemoryType::Device; 1130 te.nonCacheable = true; 1131 te.innerAttrs = 3; 1132 te.outerAttrs = 0; 1133 if (prrr.ds1 && s) 1134 te.shareable = true; 1135 if (prrr.ds0 && !s) 1136 te.shareable = true; 1137 break; 1138 case 2: 1139 DPRINTF(TLBVerbose, "Normal ns1:%d ns0:%d s:%d\n", 1140 prrr.ns1, prrr.ns0, s); 1141 te.mtype = TlbEntry::MemoryType::Normal; 1142 if (prrr.ns1 && s) 1143 te.shareable = true; 1144 if (prrr.ns0 && !s) 1145 te.shareable = true; 1146 break; 1147 case 3: 1148 panic("Reserved type"); 1149 } 1150 1151 if (te.mtype == TlbEntry::MemoryType::Normal){ 1152 switch(curr_ir) { 1153 case 0: 1154 te.nonCacheable = true; 1155 te.innerAttrs = 0; 1156 break; 1157 case 1: 1158 te.innerAttrs = 5; 1159 break; 1160 case 2: 1161 te.innerAttrs = 6; 1162 break; 1163 case 3: 1164 te.innerAttrs = 7; 1165 break; 1166 } 1167 1168 switch(curr_or) { 1169 case 0: 1170 te.nonCacheable = true; 1171 te.outerAttrs = 0; 1172 break; 1173 case 1: 1174 te.outerAttrs = 1; 1175 break; 1176 case 2: 1177 te.outerAttrs = 2; 1178 break; 1179 case 3: 1180 te.outerAttrs = 3; 1181 break; 1182 } 1183 } 1184 } 1185 DPRINTF(TLBVerbose, "memAttrs: shareable: %d, innerAttrs: %d, " 1186 "outerAttrs: %d\n", 1187 te.shareable, te.innerAttrs, te.outerAttrs); 1188 te.setAttributes(false); 1189} 1190 1191void 1192TableWalker::memAttrsLPAE(ThreadContext *tc, TlbEntry &te, 1193 LongDescriptor &lDescriptor) 1194{ 1195 assert(_haveLPAE); 1196 1197 uint8_t attr; 1198 uint8_t sh = lDescriptor.sh(); 1199 // Different format and source of attributes if this is a stage 2 1200 // translation 1201 if (isStage2) { 1202 attr = lDescriptor.memAttr(); 1203 uint8_t attr_3_2 = (attr >> 2) & 0x3; 1204 uint8_t attr_1_0 = attr & 0x3; 1205 1206 DPRINTF(TLBVerbose, "memAttrsLPAE MemAttr:%#x sh:%#x\n", attr, sh); 1207 1208 if (attr_3_2 == 0) { 1209 te.mtype = attr_1_0 == 0 ? TlbEntry::MemoryType::StronglyOrdered 1210 : TlbEntry::MemoryType::Device; 1211 te.outerAttrs = 0; 1212 te.innerAttrs = attr_1_0 == 0 ? 1 : 3; 1213 te.nonCacheable = true; 1214 } else { 1215 te.mtype = TlbEntry::MemoryType::Normal; 1216 te.outerAttrs = attr_3_2 == 1 ? 0 : 1217 attr_3_2 == 2 ? 2 : 1; 1218 te.innerAttrs = attr_1_0 == 1 ? 0 : 1219 attr_1_0 == 2 ? 6 : 5; 1220 te.nonCacheable = (attr_3_2 == 1) || (attr_1_0 == 1); 1221 } 1222 } else { 1223 uint8_t attrIndx = lDescriptor.attrIndx(); 1224 1225 // LPAE always uses remapping of memory attributes, irrespective of the 1226 // value of SCTLR.TRE 1227 MiscRegIndex reg = attrIndx & 0x4 ? MISCREG_MAIR1 : MISCREG_MAIR0; 1228 int reg_as_int = flattenMiscRegNsBanked(reg, currState->tc, 1229 !currState->isSecure); 1230 uint32_t mair = currState->tc->readMiscReg(reg_as_int); 1231 attr = (mair >> (8 * (attrIndx % 4))) & 0xff; 1232 uint8_t attr_7_4 = bits(attr, 7, 4); 1233 uint8_t attr_3_0 = bits(attr, 3, 0); 1234 DPRINTF(TLBVerbose, "memAttrsLPAE AttrIndx:%#x sh:%#x, attr %#x\n", attrIndx, sh, attr); 1235 1236 // Note: the memory subsystem only cares about the 'cacheable' memory 1237 // attribute. The other attributes are only used to fill the PAR register 1238 // accordingly to provide the illusion of full support 1239 te.nonCacheable = false; 1240 1241 switch (attr_7_4) { 1242 case 0x0: 1243 // Strongly-ordered or Device memory 1244 if (attr_3_0 == 0x0) 1245 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1246 else if (attr_3_0 == 0x4) 1247 te.mtype = TlbEntry::MemoryType::Device; 1248 else 1249 panic("Unpredictable behavior\n"); 1250 te.nonCacheable = true; 1251 te.outerAttrs = 0; 1252 break; 1253 case 0x4: 1254 // Normal memory, Outer Non-cacheable 1255 te.mtype = TlbEntry::MemoryType::Normal; 1256 te.outerAttrs = 0; 1257 if (attr_3_0 == 0x4) 1258 // Inner Non-cacheable 1259 te.nonCacheable = true; 1260 else if (attr_3_0 < 0x8) 1261 panic("Unpredictable behavior\n"); 1262 break; 1263 case 0x8: 1264 case 0x9: 1265 case 0xa: 1266 case 0xb: 1267 case 0xc: 1268 case 0xd: 1269 case 0xe: 1270 case 0xf: 1271 if (attr_7_4 & 0x4) { 1272 te.outerAttrs = (attr_7_4 & 1) ? 1 : 3; 1273 } else { 1274 te.outerAttrs = 0x2; 1275 } 1276 // Normal memory, Outer Cacheable 1277 te.mtype = TlbEntry::MemoryType::Normal; 1278 if (attr_3_0 != 0x4 && attr_3_0 < 0x8) 1279 panic("Unpredictable behavior\n"); 1280 break; 1281 default: 1282 panic("Unpredictable behavior\n"); 1283 break; 1284 } 1285 1286 switch (attr_3_0) { 1287 case 0x0: 1288 te.innerAttrs = 0x1; 1289 break; 1290 case 0x4: 1291 te.innerAttrs = attr_7_4 == 0 ? 0x3 : 0; 1292 break; 1293 case 0x8: 1294 case 0x9: 1295 case 0xA: 1296 case 0xB: 1297 te.innerAttrs = 6; 1298 break; 1299 case 0xC: 1300 case 0xD: 1301 case 0xE: 1302 case 0xF: 1303 te.innerAttrs = attr_3_0 & 1 ? 0x5 : 0x7; 1304 break; 1305 default: 1306 panic("Unpredictable behavior\n"); 1307 break; 1308 } 1309 } 1310 1311 te.outerShareable = sh == 2; 1312 te.shareable = (sh & 0x2) ? true : false; 1313 te.setAttributes(true); 1314 te.attributes |= (uint64_t) attr << 56; 1315} 1316 1317void 1318TableWalker::memAttrsAArch64(ThreadContext *tc, TlbEntry &te, 1319 LongDescriptor &lDescriptor) 1320{ 1321 uint8_t attr; 1322 uint8_t attr_hi; 1323 uint8_t attr_lo; 1324 uint8_t sh = lDescriptor.sh(); 1325 1326 if (isStage2) { 1327 attr = lDescriptor.memAttr(); 1328 uint8_t attr_hi = (attr >> 2) & 0x3; 1329 uint8_t attr_lo = attr & 0x3; 1330 1331 DPRINTF(TLBVerbose, "memAttrsAArch64 MemAttr:%#x sh:%#x\n", attr, sh); 1332 1333 if (attr_hi == 0) { 1334 te.mtype = attr_lo == 0 ? TlbEntry::MemoryType::StronglyOrdered 1335 : TlbEntry::MemoryType::Device; 1336 te.outerAttrs = 0; 1337 te.innerAttrs = attr_lo == 0 ? 1 : 3; 1338 te.nonCacheable = true; 1339 } else { 1340 te.mtype = TlbEntry::MemoryType::Normal; 1341 te.outerAttrs = attr_hi == 1 ? 0 : 1342 attr_hi == 2 ? 2 : 1; 1343 te.innerAttrs = attr_lo == 1 ? 0 : 1344 attr_lo == 2 ? 6 : 5; 1345 te.nonCacheable = (attr_hi == 1) || (attr_lo == 1); 1346 } 1347 } else { 1348 uint8_t attrIndx = lDescriptor.attrIndx(); 1349 1350 DPRINTF(TLBVerbose, "memAttrsAArch64 AttrIndx:%#x sh:%#x\n", attrIndx, sh); 1351 1352 // Select MAIR 1353 uint64_t mair; 1354 switch (currState->el) { 1355 case EL0: 1356 case EL1: 1357 mair = tc->readMiscReg(MISCREG_MAIR_EL1); 1358 break; 1359 case EL2: 1360 mair = tc->readMiscReg(MISCREG_MAIR_EL2); 1361 break; 1362 case EL3: 1363 mair = tc->readMiscReg(MISCREG_MAIR_EL3); 1364 break; 1365 default: 1366 panic("Invalid exception level"); 1367 break; 1368 } 1369 1370 // Select attributes 1371 attr = bits(mair, 8 * attrIndx + 7, 8 * attrIndx); 1372 attr_lo = bits(attr, 3, 0); 1373 attr_hi = bits(attr, 7, 4); 1374 1375 // Memory type 1376 te.mtype = attr_hi == 0 ? TlbEntry::MemoryType::Device : TlbEntry::MemoryType::Normal; 1377 1378 // Cacheability 1379 te.nonCacheable = false; 1380 if (te.mtype == TlbEntry::MemoryType::Device || // Device memory 1381 attr_hi == 0x8 || // Normal memory, Outer Non-cacheable 1382 attr_lo == 0x8) { // Normal memory, Inner Non-cacheable 1383 te.nonCacheable = true; 1384 } 1385 1386 te.shareable = sh == 2; 1387 te.outerShareable = (sh & 0x2) ? true : false; 1388 // Attributes formatted according to the 64-bit PAR 1389 te.attributes = ((uint64_t) attr << 56) | 1390 (1 << 11) | // LPAE bit 1391 (te.ns << 9) | // NS bit 1392 (sh << 7); 1393 } 1394} 1395 1396void 1397TableWalker::doL1Descriptor() 1398{ 1399 if (currState->fault != NoFault) { 1400 return; 1401 } 1402 1403 DPRINTF(TLB, "L1 descriptor for %#x is %#x\n", 1404 currState->vaddr_tainted, currState->l1Desc.data); 1405 TlbEntry te; 1406 1407 switch (currState->l1Desc.type()) { 1408 case L1Descriptor::Ignore: 1409 case L1Descriptor::Reserved: 1410 if (!currState->timing) { 1411 currState->tc = NULL; 1412 currState->req = NULL; 1413 } 1414 DPRINTF(TLB, "L1 Descriptor Reserved/Ignore, causing fault\n"); 1415 if (currState->isFetch) 1416 currState->fault = 1417 std::make_shared<PrefetchAbort>( 1418 currState->vaddr_tainted, 1419 ArmFault::TranslationLL + L1, 1420 isStage2, 1421 ArmFault::VmsaTran); 1422 else 1423 currState->fault = 1424 std::make_shared<DataAbort>( 1425 currState->vaddr_tainted, 1426 TlbEntry::DomainType::NoAccess, 1427 currState->isWrite, 1428 ArmFault::TranslationLL + L1, isStage2, 1429 ArmFault::VmsaTran); 1430 return; 1431 case L1Descriptor::Section: 1432 if (currState->sctlr.afe && bits(currState->l1Desc.ap(), 0) == 0) { 1433 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is 1434 * enabled if set, do l1.Desc.setAp0() instead of generating 1435 * AccessFlag0 1436 */ 1437 1438 currState->fault = std::make_shared<DataAbort>( 1439 currState->vaddr_tainted, 1440 currState->l1Desc.domain(), 1441 currState->isWrite, 1442 ArmFault::AccessFlagLL + L1, 1443 isStage2, 1444 ArmFault::VmsaTran); 1445 } 1446 if (currState->l1Desc.supersection()) { 1447 panic("Haven't implemented supersections\n"); 1448 } 1449 insertTableEntry(currState->l1Desc, false); 1450 return; 1451 case L1Descriptor::PageTable: 1452 { 1453 Addr l2desc_addr; 1454 l2desc_addr = currState->l1Desc.l2Addr() | 1455 (bits(currState->vaddr, 19, 12) << 2); 1456 DPRINTF(TLB, "L1 descriptor points to page table at: %#x (%s)\n", 1457 l2desc_addr, currState->isSecure ? "s" : "ns"); 1458 1459 // Trickbox address check 1460 currState->fault = testWalk(l2desc_addr, sizeof(uint32_t), 1461 currState->l1Desc.domain(), L2); 1462 1463 if (currState->fault) { 1464 if (!currState->timing) { 1465 currState->tc = NULL; 1466 currState->req = NULL; 1467 } 1468 return; 1469 } 1470 1471 Request::Flags flag = Request::PT_WALK; 1472 if (currState->isSecure) 1473 flag.set(Request::SECURE); 1474 1475 bool delayed; 1476 delayed = fetchDescriptor(l2desc_addr, 1477 (uint8_t*)&currState->l2Desc.data, 1478 sizeof(uint32_t), flag, -1, &doL2DescEvent, 1479 &TableWalker::doL2Descriptor); 1480 if (delayed) { 1481 currState->delayed = true; 1482 } 1483 1484 return; 1485 } 1486 default: 1487 panic("A new type in a 2 bit field?\n"); 1488 } 1489} 1490 1491void 1492TableWalker::doLongDescriptor() 1493{ 1494 if (currState->fault != NoFault) { 1495 return; 1496 } 1497 1498 DPRINTF(TLB, "L%d descriptor for %#llx is %#llx (%s)\n", 1499 currState->longDesc.lookupLevel, currState->vaddr_tainted, 1500 currState->longDesc.data, 1501 currState->aarch64 ? "AArch64" : "long-desc."); 1502 1503 if ((currState->longDesc.type() == LongDescriptor::Block) || 1504 (currState->longDesc.type() == LongDescriptor::Page)) { 1505 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, pxn: %d, " 1506 "xn: %d, ap: %d, af: %d, type: %d\n", 1507 currState->longDesc.lookupLevel, 1508 currState->longDesc.data, 1509 currState->longDesc.pxn(), 1510 currState->longDesc.xn(), 1511 currState->longDesc.ap(), 1512 currState->longDesc.af(), 1513 currState->longDesc.type()); 1514 } else { 1515 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, type: %d\n", 1516 currState->longDesc.lookupLevel, 1517 currState->longDesc.data, 1518 currState->longDesc.type()); 1519 } 1520 1521 TlbEntry te; 1522 1523 switch (currState->longDesc.type()) { 1524 case LongDescriptor::Invalid: 1525 if (!currState->timing) { 1526 currState->tc = NULL; 1527 currState->req = NULL; 1528 } 1529 1530 DPRINTF(TLB, "L%d descriptor Invalid, causing fault type %d\n", 1531 currState->longDesc.lookupLevel, 1532 ArmFault::TranslationLL + currState->longDesc.lookupLevel); 1533 if (currState->isFetch) 1534 currState->fault = std::make_shared<PrefetchAbort>( 1535 currState->vaddr_tainted, 1536 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1537 isStage2, 1538 ArmFault::LpaeTran); 1539 else 1540 currState->fault = std::make_shared<DataAbort>( 1541 currState->vaddr_tainted, 1542 TlbEntry::DomainType::NoAccess, 1543 currState->isWrite, 1544 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1545 isStage2, 1546 ArmFault::LpaeTran); 1547 return; 1548 case LongDescriptor::Block: 1549 case LongDescriptor::Page: 1550 { 1551 bool fault = false; 1552 bool aff = false; 1553 // Check for address size fault 1554 if (checkAddrSizeFaultAArch64( 1555 mbits(currState->longDesc.data, MaxPhysAddrRange - 1, 1556 currState->longDesc.offsetBits()), 1557 currState->physAddrRange)) { 1558 fault = true; 1559 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1560 currState->longDesc.lookupLevel); 1561 // Check for access fault 1562 } else if (currState->longDesc.af() == 0) { 1563 fault = true; 1564 DPRINTF(TLB, "L%d descriptor causing Access Fault\n", 1565 currState->longDesc.lookupLevel); 1566 aff = true; 1567 } 1568 if (fault) { 1569 if (currState->isFetch) 1570 currState->fault = std::make_shared<PrefetchAbort>( 1571 currState->vaddr_tainted, 1572 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1573 currState->longDesc.lookupLevel, 1574 isStage2, 1575 ArmFault::LpaeTran); 1576 else 1577 currState->fault = std::make_shared<DataAbort>( 1578 currState->vaddr_tainted, 1579 TlbEntry::DomainType::NoAccess, currState->isWrite, 1580 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1581 currState->longDesc.lookupLevel, 1582 isStage2, 1583 ArmFault::LpaeTran); 1584 } else { 1585 insertTableEntry(currState->longDesc, true); 1586 } 1587 } 1588 return; 1589 case LongDescriptor::Table: 1590 { 1591 // Set hierarchical permission flags 1592 currState->secureLookup = currState->secureLookup && 1593 currState->longDesc.secureTable(); 1594 currState->rwTable = currState->rwTable && 1595 currState->longDesc.rwTable(); 1596 currState->userTable = currState->userTable && 1597 currState->longDesc.userTable(); 1598 currState->xnTable = currState->xnTable || 1599 currState->longDesc.xnTable(); 1600 currState->pxnTable = currState->pxnTable || 1601 currState->longDesc.pxnTable(); 1602 1603 // Set up next level lookup 1604 Addr next_desc_addr = currState->longDesc.nextDescAddr( 1605 currState->vaddr); 1606 1607 DPRINTF(TLB, "L%d descriptor points to L%d descriptor at: %#x (%s)\n", 1608 currState->longDesc.lookupLevel, 1609 currState->longDesc.lookupLevel + 1, 1610 next_desc_addr, 1611 currState->secureLookup ? "s" : "ns"); 1612 1613 // Check for address size fault 1614 if (currState->aarch64 && checkAddrSizeFaultAArch64( 1615 next_desc_addr, currState->physAddrRange)) { 1616 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1617 currState->longDesc.lookupLevel); 1618 if (currState->isFetch) 1619 currState->fault = std::make_shared<PrefetchAbort>( 1620 currState->vaddr_tainted, 1621 ArmFault::AddressSizeLL 1622 + currState->longDesc.lookupLevel, 1623 isStage2, 1624 ArmFault::LpaeTran); 1625 else 1626 currState->fault = std::make_shared<DataAbort>( 1627 currState->vaddr_tainted, 1628 TlbEntry::DomainType::NoAccess, currState->isWrite, 1629 ArmFault::AddressSizeLL 1630 + currState->longDesc.lookupLevel, 1631 isStage2, 1632 ArmFault::LpaeTran); 1633 return; 1634 } 1635 1636 // Trickbox address check 1637 currState->fault = testWalk( 1638 next_desc_addr, sizeof(uint64_t), TlbEntry::DomainType::Client, 1639 toLookupLevel(currState->longDesc.lookupLevel +1)); 1640 1641 if (currState->fault) { 1642 if (!currState->timing) { 1643 currState->tc = NULL; 1644 currState->req = NULL; 1645 } 1646 return; 1647 } 1648 1649 Request::Flags flag = Request::PT_WALK; 1650 if (currState->secureLookup) 1651 flag.set(Request::SECURE); 1652
|
1675 currState->longDesc.lookupLevel =
|
1653 LookupLevel L = currState->longDesc.lookupLevel = |
1654 (LookupLevel) (currState->longDesc.lookupLevel + 1); 1655 Event *event = NULL;
|
1678 switch (currState->longDesc.lookupLevel) {
|
1656 switch (L) { |
1657 case L1: 1658 assert(currState->aarch64);
|
1681 event = &doL1LongDescEvent;
1682 break;
|
1659 case L2:
|
1684 event = &doL2LongDescEvent;
1685 break;
|
1660 case L3:
|
1687 event = &doL3LongDescEvent;
|
1661 event = LongDescEventByLevel[L]; |
1662 break; 1663 default: 1664 panic("Wrong lookup level in table walk\n"); 1665 break; 1666 } 1667 1668 bool delayed; 1669 delayed = fetchDescriptor(next_desc_addr, (uint8_t*)&currState->longDesc.data, 1670 sizeof(uint64_t), flag, -1, event, 1671 &TableWalker::doLongDescriptor); 1672 if (delayed) { 1673 currState->delayed = true; 1674 } 1675 } 1676 return; 1677 default: 1678 panic("A new type in a 2 bit field?\n"); 1679 } 1680} 1681 1682void 1683TableWalker::doL2Descriptor() 1684{ 1685 if (currState->fault != NoFault) { 1686 return; 1687 } 1688 1689 DPRINTF(TLB, "L2 descriptor for %#x is %#x\n", 1690 currState->vaddr_tainted, currState->l2Desc.data); 1691 TlbEntry te; 1692 1693 if (currState->l2Desc.invalid()) { 1694 DPRINTF(TLB, "L2 descriptor invalid, causing fault\n"); 1695 if (!currState->timing) { 1696 currState->tc = NULL; 1697 currState->req = NULL; 1698 } 1699 if (currState->isFetch) 1700 currState->fault = std::make_shared<PrefetchAbort>( 1701 currState->vaddr_tainted, 1702 ArmFault::TranslationLL + L2, 1703 isStage2, 1704 ArmFault::VmsaTran); 1705 else 1706 currState->fault = std::make_shared<DataAbort>( 1707 currState->vaddr_tainted, currState->l1Desc.domain(), 1708 currState->isWrite, ArmFault::TranslationLL + L2, 1709 isStage2, 1710 ArmFault::VmsaTran); 1711 return; 1712 } 1713 1714 if (currState->sctlr.afe && bits(currState->l2Desc.ap(), 0) == 0) { 1715 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is enabled 1716 * if set, do l2.Desc.setAp0() instead of generating AccessFlag0 1717 */ 1718 DPRINTF(TLB, "Generating access fault at L2, afe: %d, ap: %d\n", 1719 currState->sctlr.afe, currState->l2Desc.ap()); 1720 1721 currState->fault = std::make_shared<DataAbort>( 1722 currState->vaddr_tainted, 1723 TlbEntry::DomainType::NoAccess, currState->isWrite, 1724 ArmFault::AccessFlagLL + L2, isStage2, 1725 ArmFault::VmsaTran); 1726 } 1727 1728 insertTableEntry(currState->l2Desc, false); 1729} 1730 1731void 1732TableWalker::doL1DescriptorWrapper() 1733{ 1734 currState = stateQueues[L1].front(); 1735 currState->delayed = false; 1736 // if there's a stage2 translation object we don't need it any more 1737 if (currState->stage2Tran) { 1738 delete currState->stage2Tran; 1739 currState->stage2Tran = NULL; 1740 } 1741 1742 1743 DPRINTF(TLBVerbose, "L1 Desc object host addr: %p\n",&currState->l1Desc.data); 1744 DPRINTF(TLBVerbose, "L1 Desc object data: %08x\n",currState->l1Desc.data); 1745 1746 DPRINTF(TLBVerbose, "calling doL1Descriptor for vaddr:%#x\n", currState->vaddr_tainted); 1747 doL1Descriptor(); 1748 1749 stateQueues[L1].pop_front(); 1750 // Check if fault was generated 1751 if (currState->fault != NoFault) { 1752 currState->transState->finish(currState->fault, currState->req, 1753 currState->tc, currState->mode); 1754 statWalksShortTerminatedAtLevel[0]++; 1755 1756 pending = false; 1757 nextWalk(currState->tc); 1758 1759 currState->req = NULL; 1760 currState->tc = NULL; 1761 currState->delayed = false; 1762 delete currState; 1763 } 1764 else if (!currState->delayed) { 1765 // delay is not set so there is no L2 to do 1766 // Don't finish the translation if a stage 2 look up is underway 1767 if (!currState->doingStage2) { 1768 statWalkServiceTime.sample(curTick() - currState->startTime); 1769 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1770 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1771 currState->transState, currState->mode); 1772 statWalksShortTerminatedAtLevel[0]++; 1773 } 1774 1775 pending = false; 1776 nextWalk(currState->tc); 1777 1778 currState->req = NULL; 1779 currState->tc = NULL; 1780 currState->delayed = false; 1781 delete currState; 1782 } else { 1783 // need to do L2 descriptor 1784 stateQueues[L2].push_back(currState); 1785 } 1786 currState = NULL; 1787} 1788 1789void 1790TableWalker::doL2DescriptorWrapper() 1791{ 1792 currState = stateQueues[L2].front(); 1793 assert(currState->delayed); 1794 // if there's a stage2 translation object we don't need it any more 1795 if (currState->stage2Tran) { 1796 delete currState->stage2Tran; 1797 currState->stage2Tran = NULL; 1798 } 1799 1800 DPRINTF(TLBVerbose, "calling doL2Descriptor for vaddr:%#x\n", 1801 currState->vaddr_tainted); 1802 doL2Descriptor(); 1803 1804 // Check if fault was generated 1805 if (currState->fault != NoFault) { 1806 currState->transState->finish(currState->fault, currState->req, 1807 currState->tc, currState->mode); 1808 statWalksShortTerminatedAtLevel[1]++; 1809 } 1810 else { 1811 // Don't finish the translation if a stage 2 look up is underway 1812 if (!currState->doingStage2) { 1813 statWalkServiceTime.sample(curTick() - currState->startTime); 1814 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1815 currState->fault = tlb->translateTiming(currState->req, 1816 currState->tc, currState->transState, currState->mode); 1817 statWalksShortTerminatedAtLevel[1]++; 1818 } 1819 } 1820 1821 1822 stateQueues[L2].pop_front(); 1823 pending = false; 1824 nextWalk(currState->tc); 1825 1826 currState->req = NULL; 1827 currState->tc = NULL; 1828 currState->delayed = false; 1829 1830 delete currState; 1831 currState = NULL; 1832} 1833 1834void 1835TableWalker::doL0LongDescriptorWrapper() 1836{ 1837 doLongDescriptorWrapper(L0); 1838} 1839 1840void 1841TableWalker::doL1LongDescriptorWrapper() 1842{ 1843 doLongDescriptorWrapper(L1); 1844} 1845 1846void 1847TableWalker::doL2LongDescriptorWrapper() 1848{ 1849 doLongDescriptorWrapper(L2); 1850} 1851 1852void 1853TableWalker::doL3LongDescriptorWrapper() 1854{ 1855 doLongDescriptorWrapper(L3); 1856} 1857 1858void 1859TableWalker::doLongDescriptorWrapper(LookupLevel curr_lookup_level) 1860{ 1861 currState = stateQueues[curr_lookup_level].front(); 1862 assert(curr_lookup_level == currState->longDesc.lookupLevel); 1863 currState->delayed = false; 1864 1865 // if there's a stage2 translation object we don't need it any more 1866 if (currState->stage2Tran) { 1867 delete currState->stage2Tran; 1868 currState->stage2Tran = NULL; 1869 } 1870 1871 DPRINTF(TLBVerbose, "calling doLongDescriptor for vaddr:%#x\n", 1872 currState->vaddr_tainted); 1873 doLongDescriptor(); 1874 1875 stateQueues[curr_lookup_level].pop_front(); 1876 1877 if (currState->fault != NoFault) { 1878 // A fault was generated 1879 currState->transState->finish(currState->fault, currState->req, 1880 currState->tc, currState->mode); 1881 1882 pending = false; 1883 nextWalk(currState->tc); 1884 1885 currState->req = NULL; 1886 currState->tc = NULL; 1887 currState->delayed = false; 1888 delete currState; 1889 } else if (!currState->delayed) { 1890 // No additional lookups required 1891 // Don't finish the translation if a stage 2 look up is underway 1892 if (!currState->doingStage2) { 1893 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1894 statWalkServiceTime.sample(curTick() - currState->startTime); 1895 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1896 currState->transState, 1897 currState->mode); 1898 statWalksLongTerminatedAtLevel[(unsigned) curr_lookup_level]++; 1899 } 1900 1901 pending = false; 1902 nextWalk(currState->tc); 1903 1904 currState->req = NULL; 1905 currState->tc = NULL; 1906 currState->delayed = false; 1907 delete currState; 1908 } else { 1909 if (curr_lookup_level >= MAX_LOOKUP_LEVELS - 1) 1910 panic("Max. number of lookups already reached in table walk\n"); 1911 // Need to perform additional lookups 1912 stateQueues[currState->longDesc.lookupLevel].push_back(currState); 1913 } 1914 currState = NULL; 1915} 1916 1917 1918void 1919TableWalker::nextWalk(ThreadContext *tc) 1920{ 1921 if (pendingQueue.size()) 1922 schedule(doProcessEvent, clockEdge(Cycles(1))); 1923 else 1924 completeDrain(); 1925} 1926 1927bool 1928TableWalker::fetchDescriptor(Addr descAddr, uint8_t *data, int numBytes, 1929 Request::Flags flags, int queueIndex, Event *event, 1930 void (TableWalker::*doDescriptor)()) 1931{ 1932 bool isTiming = currState->timing; 1933 1934 DPRINTF(TLBVerbose, "Fetching descriptor at address: 0x%x stage2Req: %d\n", 1935 descAddr, currState->stage2Req); 1936 1937 // If this translation has a stage 2 then we know descAddr is an IPA and 1938 // needs to be translated before we can access the page table. Do that 1939 // check here. 1940 if (currState->stage2Req) { 1941 Fault fault; 1942 flags = flags | TLB::MustBeOne; 1943 1944 if (isTiming) { 1945 Stage2MMU::Stage2Translation *tran = new 1946 Stage2MMU::Stage2Translation(*stage2Mmu, data, event, 1947 currState->vaddr); 1948 currState->stage2Tran = tran; 1949 stage2Mmu->readDataTimed(currState->tc, descAddr, tran, numBytes, 1950 flags); 1951 fault = tran->fault; 1952 } else { 1953 fault = stage2Mmu->readDataUntimed(currState->tc, 1954 currState->vaddr, descAddr, data, numBytes, flags, 1955 currState->functional); 1956 } 1957 1958 if (fault != NoFault) { 1959 currState->fault = fault; 1960 } 1961 if (isTiming) { 1962 if (queueIndex >= 0) { 1963 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1964 stateQueues[queueIndex].size()); 1965 stateQueues[queueIndex].push_back(currState); 1966 currState = NULL; 1967 } 1968 } else { 1969 (this->*doDescriptor)(); 1970 } 1971 } else { 1972 if (isTiming) { 1973 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, event, data, 1974 currState->tc->getCpuPtr()->clockPeriod(),flags); 1975 if (queueIndex >= 0) { 1976 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1977 stateQueues[queueIndex].size()); 1978 stateQueues[queueIndex].push_back(currState); 1979 currState = NULL; 1980 } 1981 } else if (!currState->functional) { 1982 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, NULL, data, 1983 currState->tc->getCpuPtr()->clockPeriod(), flags); 1984 (this->*doDescriptor)(); 1985 } else { 1986 RequestPtr req = new Request(descAddr, numBytes, flags, masterId); 1987 req->taskId(ContextSwitchTaskId::DMA); 1988 PacketPtr pkt = new Packet(req, MemCmd::ReadReq); 1989 pkt->dataStatic(data); 1990 port->sendFunctional(pkt); 1991 (this->*doDescriptor)(); 1992 delete req; 1993 delete pkt; 1994 } 1995 } 1996 return (isTiming); 1997} 1998 1999void 2000TableWalker::insertTableEntry(DescriptorBase &descriptor, bool longDescriptor) 2001{ 2002 TlbEntry te; 2003 2004 // Create and fill a new page table entry 2005 te.valid = true; 2006 te.longDescFormat = longDescriptor; 2007 te.isHyp = currState->isHyp; 2008 te.asid = currState->asid; 2009 te.vmid = currState->vmid; 2010 te.N = descriptor.offsetBits(); 2011 te.vpn = currState->vaddr >> te.N; 2012 te.size = (1<<te.N) - 1; 2013 te.pfn = descriptor.pfn(); 2014 te.domain = descriptor.domain(); 2015 te.lookupLevel = descriptor.lookupLevel; 2016 te.ns = !descriptor.secure(haveSecurity, currState) || isStage2; 2017 te.nstid = !currState->isSecure; 2018 te.xn = descriptor.xn(); 2019 if (currState->aarch64) 2020 te.el = currState->el; 2021 else 2022 te.el = 1; 2023 2024 statPageSizes[pageSizeNtoStatBin(te.N)]++; 2025 statRequestOrigin[COMPLETED][currState->isFetch]++; 2026 2027 // ASID has no meaning for stage 2 TLB entries, so mark all stage 2 entries 2028 // as global 2029 te.global = descriptor.global(currState) || isStage2; 2030 if (longDescriptor) { 2031 LongDescriptor lDescriptor = 2032 dynamic_cast<LongDescriptor &>(descriptor); 2033 2034 te.xn |= currState->xnTable; 2035 te.pxn = currState->pxnTable || lDescriptor.pxn(); 2036 if (isStage2) { 2037 // this is actually the HAP field, but its stored in the same bit 2038 // possitions as the AP field in a stage 1 translation. 2039 te.hap = lDescriptor.ap(); 2040 } else { 2041 te.ap = ((!currState->rwTable || descriptor.ap() >> 1) << 1) | 2042 (currState->userTable && (descriptor.ap() & 0x1)); 2043 } 2044 if (currState->aarch64) 2045 memAttrsAArch64(currState->tc, te, lDescriptor); 2046 else 2047 memAttrsLPAE(currState->tc, te, lDescriptor); 2048 } else { 2049 te.ap = descriptor.ap(); 2050 memAttrs(currState->tc, te, currState->sctlr, descriptor.texcb(), 2051 descriptor.shareable()); 2052 } 2053 2054 // Debug output 2055 DPRINTF(TLB, descriptor.dbgHeader().c_str()); 2056 DPRINTF(TLB, " - N:%d pfn:%#x size:%#x global:%d valid:%d\n", 2057 te.N, te.pfn, te.size, te.global, te.valid); 2058 DPRINTF(TLB, " - vpn:%#x xn:%d pxn:%d ap:%d domain:%d asid:%d " 2059 "vmid:%d hyp:%d nc:%d ns:%d\n", te.vpn, te.xn, te.pxn, 2060 te.ap, static_cast<uint8_t>(te.domain), te.asid, te.vmid, te.isHyp, 2061 te.nonCacheable, te.ns); 2062 DPRINTF(TLB, " - domain from L%d desc:%d data:%#x\n", 2063 descriptor.lookupLevel, static_cast<uint8_t>(descriptor.domain()), 2064 descriptor.getRawData()); 2065 2066 // Insert the entry into the TLB 2067 tlb->insert(currState->vaddr, te); 2068 if (!currState->timing) { 2069 currState->tc = NULL; 2070 currState->req = NULL; 2071 } 2072} 2073 2074ArmISA::TableWalker * 2075ArmTableWalkerParams::create() 2076{ 2077 return new ArmISA::TableWalker(this); 2078} 2079 2080LookupLevel 2081TableWalker::toLookupLevel(uint8_t lookup_level_as_int) 2082{ 2083 switch (lookup_level_as_int) { 2084 case L1: 2085 return L1; 2086 case L2: 2087 return L2; 2088 case L3: 2089 return L3; 2090 default: 2091 panic("Invalid lookup level conversion"); 2092 } 2093} 2094 2095/* this method keeps track of the table walker queue's residency, so 2096 * needs to be called whenever requests start and complete. */ 2097void 2098TableWalker::pendingChange() 2099{ 2100 unsigned n = pendingQueue.size(); 2101 if ((currState != NULL) && (currState != pendingQueue.front())) { 2102 ++n; 2103 } 2104 2105 if (n != pendingReqs) { 2106 Tick now = curTick(); 2107 statPendingWalks.sample(pendingReqs, now - pendingChangeTick); 2108 pendingReqs = n; 2109 pendingChangeTick = now; 2110 } 2111} 2112 2113Fault 2114TableWalker::testWalk(Addr pa, Addr size, TlbEntry::DomainType domain, 2115 LookupLevel lookup_level) 2116{ 2117 return tlb->testWalk(pa, size, currState->vaddr, currState->isSecure, 2118 currState->mode, domain, lookup_level); 2119} 2120 2121 2122uint8_t 2123TableWalker::pageSizeNtoStatBin(uint8_t N) 2124{ 2125 /* for statPageSizes */ 2126 switch(N) { 2127 case 12: return 0; // 4K 2128 case 14: return 1; // 16K (using 16K granule in v8-64) 2129 case 16: return 2; // 64K 2130 case 20: return 3; // 1M 2131 case 21: return 4; // 2M-LPAE 2132 case 24: return 5; // 16M 2133 case 25: return 6; // 32M (using 16K granule in v8-64) 2134 case 29: return 7; // 512M (using 64K granule in v8-64) 2135 case 30: return 8; // 1G-LPAE 2136 default: 2137 panic("unknown page size"); 2138 return 255; 2139 } 2140} 2141 2142void 2143TableWalker::regStats() 2144{ 2145 ClockedObject::regStats(); 2146 2147 statWalks 2148 .name(name() + ".walks") 2149 .desc("Table walker walks requested") 2150 ; 2151 2152 statWalksShortDescriptor 2153 .name(name() + ".walksShort") 2154 .desc("Table walker walks initiated with short descriptors") 2155 .flags(Stats::nozero) 2156 ; 2157 2158 statWalksLongDescriptor 2159 .name(name() + ".walksLong") 2160 .desc("Table walker walks initiated with long descriptors") 2161 .flags(Stats::nozero) 2162 ; 2163 2164 statWalksShortTerminatedAtLevel 2165 .init(2) 2166 .name(name() + ".walksShortTerminationLevel") 2167 .desc("Level at which table walker walks " 2168 "with short descriptors terminate") 2169 .flags(Stats::nozero) 2170 ; 2171 statWalksShortTerminatedAtLevel.subname(0, "Level1"); 2172 statWalksShortTerminatedAtLevel.subname(1, "Level2"); 2173 2174 statWalksLongTerminatedAtLevel 2175 .init(4) 2176 .name(name() + ".walksLongTerminationLevel") 2177 .desc("Level at which table walker walks " 2178 "with long descriptors terminate") 2179 .flags(Stats::nozero) 2180 ; 2181 statWalksLongTerminatedAtLevel.subname(0, "Level0"); 2182 statWalksLongTerminatedAtLevel.subname(1, "Level1"); 2183 statWalksLongTerminatedAtLevel.subname(2, "Level2"); 2184 statWalksLongTerminatedAtLevel.subname(3, "Level3"); 2185 2186 statSquashedBefore 2187 .name(name() + ".walksSquashedBefore") 2188 .desc("Table walks squashed before starting") 2189 .flags(Stats::nozero) 2190 ; 2191 2192 statSquashedAfter 2193 .name(name() + ".walksSquashedAfter") 2194 .desc("Table walks squashed after completion") 2195 .flags(Stats::nozero) 2196 ; 2197 2198 statWalkWaitTime 2199 .init(16) 2200 .name(name() + ".walkWaitTime") 2201 .desc("Table walker wait (enqueue to first request) latency") 2202 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2203 ; 2204 2205 statWalkServiceTime 2206 .init(16) 2207 .name(name() + ".walkCompletionTime") 2208 .desc("Table walker service (enqueue to completion) latency") 2209 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2210 ; 2211 2212 statPendingWalks 2213 .init(16) 2214 .name(name() + ".walksPending") 2215 .desc("Table walker pending requests distribution") 2216 .flags(Stats::pdf | Stats::dist | Stats::nozero | Stats::nonan) 2217 ; 2218 2219 statPageSizes // see DDI 0487A D4-1661 2220 .init(9) 2221 .name(name() + ".walkPageSizes") 2222 .desc("Table walker page sizes translated") 2223 .flags(Stats::total | Stats::pdf | Stats::dist | Stats::nozero) 2224 ; 2225 statPageSizes.subname(0, "4K"); 2226 statPageSizes.subname(1, "16K"); 2227 statPageSizes.subname(2, "64K"); 2228 statPageSizes.subname(3, "1M"); 2229 statPageSizes.subname(4, "2M"); 2230 statPageSizes.subname(5, "16M"); 2231 statPageSizes.subname(6, "32M"); 2232 statPageSizes.subname(7, "512M"); 2233 statPageSizes.subname(8, "1G"); 2234 2235 statRequestOrigin 2236 .init(2,2) // Instruction/Data, requests/completed 2237 .name(name() + ".walkRequestOrigin") 2238 .desc("Table walker requests started/completed, data/inst") 2239 .flags(Stats::total) 2240 ; 2241 statRequestOrigin.subname(0,"Requested"); 2242 statRequestOrigin.subname(1,"Completed"); 2243 statRequestOrigin.ysubname(0,"Data"); 2244 statRequestOrigin.ysubname(1,"Inst"); 2245}
|