table_walker.cc revision 11517
1/* 2 * Copyright (c) 2010, 2012-2015 ARM Limited 3 * All rights reserved 4 * 5 * The license below extends only to copyright in the software and shall 6 * not be construed as granting a license to any other intellectual 7 * property including but not limited to intellectual property relating 8 * to a hardware implementation of the functionality of the software 9 * licensed hereunder. You may use the software subject to the license 10 * terms below provided that you ensure that this notice is replicated 11 * unmodified and in its entirety in all distributions of the software, 12 * modified or unmodified, in source code or in binary form. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are 16 * met: redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer; 18 * redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution; 21 * neither the name of the copyright holders nor the names of its 22 * contributors may be used to endorse or promote products derived from 23 * this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 * 37 * Authors: Ali Saidi 38 * Giacomo Gabrielli 39 */ 40#include "arch/arm/table_walker.hh" 41 42#include <memory> 43 44#include "arch/arm/faults.hh" 45#include "arch/arm/stage2_mmu.hh" 46#include "arch/arm/system.hh" 47#include "arch/arm/tlb.hh" 48#include "cpu/base.hh" 49#include "cpu/thread_context.hh" 50#include "debug/Checkpoint.hh" 51#include "debug/Drain.hh" 52#include "debug/TLB.hh" 53#include "debug/TLBVerbose.hh" 54#include "dev/dma_device.hh" 55#include "sim/system.hh" 56 57using namespace ArmISA; 58 59TableWalker::TableWalker(const Params *p) 60 : MemObject(p), 61 stage2Mmu(NULL), port(NULL), masterId(Request::invldMasterId), 62 isStage2(p->is_stage2), tlb(NULL), 63 currState(NULL), pending(false), 64 numSquashable(p->num_squash_per_cycle), 65 pendingReqs(0), 66 pendingChangeTick(curTick()), 67 doL1DescEvent(this), doL2DescEvent(this), 68 doL0LongDescEvent(this), doL1LongDescEvent(this), doL2LongDescEvent(this), 69 doL3LongDescEvent(this), 70 doProcessEvent(this) 71{ 72 sctlr = 0; 73 74 // Cache system-level properties 75 if (FullSystem) { 76 ArmSystem *armSys = dynamic_cast<ArmSystem *>(p->sys); 77 assert(armSys); 78 haveSecurity = armSys->haveSecurity(); 79 _haveLPAE = armSys->haveLPAE(); 80 _haveVirtualization = armSys->haveVirtualization(); 81 physAddrRange = armSys->physAddrRange(); 82 _haveLargeAsid64 = armSys->haveLargeAsid64(); 83 } else { 84 haveSecurity = _haveLPAE = _haveVirtualization = false; 85 _haveLargeAsid64 = false; 86 physAddrRange = 32; 87 } 88 89} 90 91TableWalker::~TableWalker() 92{ 93 ; 94} 95 96void 97TableWalker::setMMU(Stage2MMU *m, MasterID master_id) 98{ 99 stage2Mmu = m; 100 port = &m->getPort(); 101 masterId = master_id; 102} 103 104void 105TableWalker::init() 106{ 107 fatal_if(!stage2Mmu, "Table walker must have a valid stage-2 MMU\n"); 108 fatal_if(!port, "Table walker must have a valid port\n"); 109 fatal_if(!tlb, "Table walker must have a valid TLB\n"); 110} 111 112BaseMasterPort& 113TableWalker::getMasterPort(const std::string &if_name, PortID idx) 114{ 115 if (if_name == "port") { 116 if (!isStage2) { 117 return *port; 118 } else { 119 fatal("Cannot access table walker port through stage-two walker\n"); 120 } 121 } 122 return MemObject::getMasterPort(if_name, idx); 123} 124 125TableWalker::WalkerState::WalkerState() : 126 tc(nullptr), aarch64(false), el(EL0), physAddrRange(0), req(nullptr), 127 asid(0), vmid(0), isHyp(false), transState(nullptr), 128 vaddr(0), vaddr_tainted(0), isWrite(false), isFetch(false), isSecure(false), 129 secureLookup(false), rwTable(false), userTable(false), xnTable(false), 130 pxnTable(false), stage2Req(false), doingStage2(false), 131 stage2Tran(nullptr), timing(false), functional(false), 132 mode(BaseTLB::Read), tranType(TLB::NormalTran), l2Desc(l1Desc), 133 delayed(false), tableWalker(nullptr) 134{ 135} 136 137void 138TableWalker::completeDrain() 139{ 140 if (drainState() == DrainState::Draining && 141 stateQueues[L1].empty() && stateQueues[L2].empty() && 142 pendingQueue.empty()) { 143 144 DPRINTF(Drain, "TableWalker done draining, processing drain event\n"); 145 signalDrainDone(); 146 } 147} 148 149DrainState 150TableWalker::drain() 151{ 152 bool state_queues_not_empty = false; 153 154 for (int i = 0; i < MAX_LOOKUP_LEVELS; ++i) { 155 if (!stateQueues[i].empty()) { 156 state_queues_not_empty = true; 157 break; 158 } 159 } 160 161 if (state_queues_not_empty || pendingQueue.size()) { 162 DPRINTF(Drain, "TableWalker not drained\n"); 163 return DrainState::Draining; 164 } else { 165 DPRINTF(Drain, "TableWalker free, no need to drain\n"); 166 return DrainState::Drained; 167 } 168} 169 170void 171TableWalker::drainResume() 172{ 173 if (params()->sys->isTimingMode() && currState) { 174 delete currState; 175 currState = NULL; 176 pendingChange(); 177 } 178} 179 180Fault 181TableWalker::walk(RequestPtr _req, ThreadContext *_tc, uint16_t _asid, 182 uint8_t _vmid, bool _isHyp, TLB::Mode _mode, 183 TLB::Translation *_trans, bool _timing, bool _functional, 184 bool secure, TLB::ArmTranslationType tranType) 185{ 186 assert(!(_functional && _timing)); 187 ++statWalks; 188 189 WalkerState *savedCurrState = NULL; 190 191 if (!currState && !_functional) { 192 // For atomic mode, a new WalkerState instance should be only created 193 // once per TLB. For timing mode, a new instance is generated for every 194 // TLB miss. 195 DPRINTF(TLBVerbose, "creating new instance of WalkerState\n"); 196 197 currState = new WalkerState(); 198 currState->tableWalker = this; 199 } else if (_functional) { 200 // If we are mixing functional mode with timing (or even 201 // atomic), we need to to be careful and clean up after 202 // ourselves to not risk getting into an inconsistent state. 203 DPRINTF(TLBVerbose, "creating functional instance of WalkerState\n"); 204 savedCurrState = currState; 205 currState = new WalkerState(); 206 currState->tableWalker = this; 207 } else if (_timing) { 208 // This is a translation that was completed and then faulted again 209 // because some underlying parameters that affect the translation 210 // changed out from under us (e.g. asid). It will either be a 211 // misprediction, in which case nothing will happen or we'll use 212 // this fault to re-execute the faulting instruction which should clean 213 // up everything. 214 if (currState->vaddr_tainted == _req->getVaddr()) { 215 ++statSquashedBefore; 216 return std::make_shared<ReExec>(); 217 } 218 } 219 pendingChange(); 220 221 currState->startTime = curTick(); 222 currState->tc = _tc; 223 // ARM DDI 0487A.f (ARMv8 ARM) pg J8-5672 224 // aarch32/translation/translation/AArch32.TranslateAddress dictates 225 // even AArch32 EL0 will use AArch64 translation if EL1 is in AArch64. 226 currState->aarch64 = opModeIs64(currOpMode(_tc)) || 227 ((currEL(_tc) == EL0) && ELIs64(_tc, EL1)); 228 currState->el = currEL(_tc); 229 currState->transState = _trans; 230 currState->req = _req; 231 currState->fault = NoFault; 232 currState->asid = _asid; 233 currState->vmid = _vmid; 234 currState->isHyp = _isHyp; 235 currState->timing = _timing; 236 currState->functional = _functional; 237 currState->mode = _mode; 238 currState->tranType = tranType; 239 currState->isSecure = secure; 240 currState->physAddrRange = physAddrRange; 241 242 /** @todo These should be cached or grabbed from cached copies in 243 the TLB, all these miscreg reads are expensive */ 244 currState->vaddr_tainted = currState->req->getVaddr(); 245 if (currState->aarch64) 246 currState->vaddr = purifyTaggedAddr(currState->vaddr_tainted, 247 currState->tc, currState->el); 248 else 249 currState->vaddr = currState->vaddr_tainted; 250 251 if (currState->aarch64) { 252 switch (currState->el) { 253 case EL0: 254 case EL1: 255 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1); 256 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL1); 257 break; 258 // @todo: uncomment this to enable Virtualization 259 // case EL2: 260 // assert(haveVirtualization); 261 // currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL2); 262 // currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL2); 263 // break; 264 case EL3: 265 assert(haveSecurity); 266 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL3); 267 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL3); 268 break; 269 default: 270 panic("Invalid exception level"); 271 break; 272 } 273 } else { 274 currState->sctlr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 275 MISCREG_SCTLR, currState->tc, !currState->isSecure)); 276 currState->ttbcr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 277 MISCREG_TTBCR, currState->tc, !currState->isSecure)); 278 currState->htcr = currState->tc->readMiscReg(MISCREG_HTCR); 279 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR); 280 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR); 281 } 282 sctlr = currState->sctlr; 283 284 currState->isFetch = (currState->mode == TLB::Execute); 285 currState->isWrite = (currState->mode == TLB::Write); 286 287 statRequestOrigin[REQUESTED][currState->isFetch]++; 288 289 // We only do a second stage of translation if we're not secure, or in 290 // hyp mode, the second stage MMU is enabled, and this table walker 291 // instance is the first stage. 292 currState->doingStage2 = false; 293 // @todo: for now disable this in AArch64 (HCR is not set) 294 currState->stage2Req = !currState->aarch64 && currState->hcr.vm && 295 !isStage2 && !currState->isSecure && !currState->isHyp; 296 297 bool long_desc_format = currState->aarch64 || _isHyp || isStage2 || 298 longDescFormatInUse(currState->tc); 299 300 if (long_desc_format) { 301 // Helper variables used for hierarchical permissions 302 currState->secureLookup = currState->isSecure; 303 currState->rwTable = true; 304 currState->userTable = true; 305 currState->xnTable = false; 306 currState->pxnTable = false; 307 308 ++statWalksLongDescriptor; 309 } else { 310 ++statWalksShortDescriptor; 311 } 312 313 if (!currState->timing) { 314 Fault fault = NoFault; 315 if (currState->aarch64) 316 fault = processWalkAArch64(); 317 else if (long_desc_format) 318 fault = processWalkLPAE(); 319 else 320 fault = processWalk(); 321 322 // If this was a functional non-timing access restore state to 323 // how we found it. 324 if (currState->functional) { 325 delete currState; 326 currState = savedCurrState; 327 } 328 return fault; 329 } 330 331 if (pending || pendingQueue.size()) { 332 pendingQueue.push_back(currState); 333 currState = NULL; 334 pendingChange(); 335 } else { 336 pending = true; 337 pendingChange(); 338 if (currState->aarch64) 339 return processWalkAArch64(); 340 else if (long_desc_format) 341 return processWalkLPAE(); 342 else 343 return processWalk(); 344 } 345 346 return NoFault; 347} 348 349void 350TableWalker::processWalkWrapper() 351{ 352 assert(!currState); 353 assert(pendingQueue.size()); 354 pendingChange(); 355 currState = pendingQueue.front(); 356 357 ExceptionLevel target_el = EL0; 358 if (currState->aarch64) 359 target_el = currEL(currState->tc); 360 else 361 target_el = EL1; 362 363 // Check if a previous walk filled this request already 364 // @TODO Should this always be the TLB or should we look in the stage2 TLB? 365 TlbEntry* te = tlb->lookup(currState->vaddr, currState->asid, 366 currState->vmid, currState->isHyp, currState->isSecure, true, false, 367 target_el); 368 369 // Check if we still need to have a walk for this request. If the requesting 370 // instruction has been squashed, or a previous walk has filled the TLB with 371 // a match, we just want to get rid of the walk. The latter could happen 372 // when there are multiple outstanding misses to a single page and a 373 // previous request has been successfully translated. 374 if (!currState->transState->squashed() && !te) { 375 // We've got a valid request, lets process it 376 pending = true; 377 pendingQueue.pop_front(); 378 // Keep currState in case one of the processWalk... calls NULLs it 379 WalkerState *curr_state_copy = currState; 380 Fault f; 381 if (currState->aarch64) 382 f = processWalkAArch64(); 383 else if (longDescFormatInUse(currState->tc) || 384 currState->isHyp || isStage2) 385 f = processWalkLPAE(); 386 else 387 f = processWalk(); 388 389 if (f != NoFault) { 390 curr_state_copy->transState->finish(f, curr_state_copy->req, 391 curr_state_copy->tc, curr_state_copy->mode); 392 393 delete curr_state_copy; 394 } 395 return; 396 } 397 398 399 // If the instruction that we were translating for has been 400 // squashed we shouldn't bother. 401 unsigned num_squashed = 0; 402 ThreadContext *tc = currState->tc; 403 while ((num_squashed < numSquashable) && currState && 404 (currState->transState->squashed() || te)) { 405 pendingQueue.pop_front(); 406 num_squashed++; 407 statSquashedBefore++; 408 409 DPRINTF(TLB, "Squashing table walk for address %#x\n", 410 currState->vaddr_tainted); 411 412 if (currState->transState->squashed()) { 413 // finish the translation which will delete the translation object 414 currState->transState->finish( 415 std::make_shared<UnimpFault>("Squashed Inst"), 416 currState->req, currState->tc, currState->mode); 417 } else { 418 // translate the request now that we know it will work 419 statWalkServiceTime.sample(curTick() - currState->startTime); 420 tlb->translateTiming(currState->req, currState->tc, 421 currState->transState, currState->mode); 422 423 } 424 425 // delete the current request 426 delete currState; 427 428 // peak at the next one 429 if (pendingQueue.size()) { 430 currState = pendingQueue.front(); 431 te = tlb->lookup(currState->vaddr, currState->asid, 432 currState->vmid, currState->isHyp, currState->isSecure, true, 433 false, target_el); 434 } else { 435 // Terminate the loop, nothing more to do 436 currState = NULL; 437 } 438 } 439 pendingChange(); 440 441 // if we still have pending translations, schedule more work 442 nextWalk(tc); 443 currState = NULL; 444} 445 446Fault 447TableWalker::processWalk() 448{ 449 Addr ttbr = 0; 450 451 // If translation isn't enabled, we shouldn't be here 452 assert(currState->sctlr.m || isStage2); 453 454 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x, bits:%#x\n", 455 currState->vaddr_tainted, currState->ttbcr, mbits(currState->vaddr, 31, 456 32 - currState->ttbcr.n)); 457 458 statWalkWaitTime.sample(curTick() - currState->startTime); 459 460 if (currState->ttbcr.n == 0 || !mbits(currState->vaddr, 31, 461 32 - currState->ttbcr.n)) { 462 DPRINTF(TLB, " - Selecting TTBR0\n"); 463 // Check if table walk is allowed when Security Extensions are enabled 464 if (haveSecurity && currState->ttbcr.pd0) { 465 if (currState->isFetch) 466 return std::make_shared<PrefetchAbort>( 467 currState->vaddr_tainted, 468 ArmFault::TranslationLL + L1, 469 isStage2, 470 ArmFault::VmsaTran); 471 else 472 return std::make_shared<DataAbort>( 473 currState->vaddr_tainted, 474 TlbEntry::DomainType::NoAccess, currState->isWrite, 475 ArmFault::TranslationLL + L1, isStage2, 476 ArmFault::VmsaTran); 477 } 478 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 479 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 480 } else { 481 DPRINTF(TLB, " - Selecting TTBR1\n"); 482 // Check if table walk is allowed when Security Extensions are enabled 483 if (haveSecurity && currState->ttbcr.pd1) { 484 if (currState->isFetch) 485 return std::make_shared<PrefetchAbort>( 486 currState->vaddr_tainted, 487 ArmFault::TranslationLL + L1, 488 isStage2, 489 ArmFault::VmsaTran); 490 else 491 return std::make_shared<DataAbort>( 492 currState->vaddr_tainted, 493 TlbEntry::DomainType::NoAccess, currState->isWrite, 494 ArmFault::TranslationLL + L1, isStage2, 495 ArmFault::VmsaTran); 496 } 497 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 498 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 499 currState->ttbcr.n = 0; 500 } 501 502 Addr l1desc_addr = mbits(ttbr, 31, 14 - currState->ttbcr.n) | 503 (bits(currState->vaddr, 31 - currState->ttbcr.n, 20) << 2); 504 DPRINTF(TLB, " - Descriptor at address %#x (%s)\n", l1desc_addr, 505 currState->isSecure ? "s" : "ns"); 506 507 // Trickbox address check 508 Fault f; 509 f = testWalk(l1desc_addr, sizeof(uint32_t), 510 TlbEntry::DomainType::NoAccess, L1); 511 if (f) { 512 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 513 if (currState->timing) { 514 pending = false; 515 nextWalk(currState->tc); 516 currState = NULL; 517 } else { 518 currState->tc = NULL; 519 currState->req = NULL; 520 } 521 return f; 522 } 523 524 Request::Flags flag = Request::PT_WALK; 525 if (currState->sctlr.c == 0) { 526 flag.set(Request::UNCACHEABLE); 527 } 528 529 if (currState->isSecure) { 530 flag.set(Request::SECURE); 531 } 532 533 bool delayed; 534 delayed = fetchDescriptor(l1desc_addr, (uint8_t*)&currState->l1Desc.data, 535 sizeof(uint32_t), flag, L1, &doL1DescEvent, 536 &TableWalker::doL1Descriptor); 537 if (!delayed) { 538 f = currState->fault; 539 } 540 541 return f; 542} 543 544Fault 545TableWalker::processWalkLPAE() 546{ 547 Addr ttbr, ttbr0_max, ttbr1_min, desc_addr; 548 int tsz, n; 549 LookupLevel start_lookup_level = L1; 550 551 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x\n", 552 currState->vaddr_tainted, currState->ttbcr); 553 554 statWalkWaitTime.sample(curTick() - currState->startTime); 555 556 Request::Flags flag = Request::PT_WALK; 557 if (currState->isSecure) 558 flag.set(Request::SECURE); 559 560 // work out which base address register to use, if in hyp mode we always 561 // use HTTBR 562 if (isStage2) { 563 DPRINTF(TLB, " - Selecting VTTBR (long-desc.)\n"); 564 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR); 565 tsz = sext<4>(currState->vtcr.t0sz); 566 start_lookup_level = currState->vtcr.sl0 ? L1 : L2; 567 } else if (currState->isHyp) { 568 DPRINTF(TLB, " - Selecting HTTBR (long-desc.)\n"); 569 ttbr = currState->tc->readMiscReg(MISCREG_HTTBR); 570 tsz = currState->htcr.t0sz; 571 } else { 572 assert(longDescFormatInUse(currState->tc)); 573 574 // Determine boundaries of TTBR0/1 regions 575 if (currState->ttbcr.t0sz) 576 ttbr0_max = (1ULL << (32 - currState->ttbcr.t0sz)) - 1; 577 else if (currState->ttbcr.t1sz) 578 ttbr0_max = (1ULL << 32) - 579 (1ULL << (32 - currState->ttbcr.t1sz)) - 1; 580 else 581 ttbr0_max = (1ULL << 32) - 1; 582 if (currState->ttbcr.t1sz) 583 ttbr1_min = (1ULL << 32) - (1ULL << (32 - currState->ttbcr.t1sz)); 584 else 585 ttbr1_min = (1ULL << (32 - currState->ttbcr.t0sz)); 586 587 // The following code snippet selects the appropriate translation table base 588 // address (TTBR0 or TTBR1) and the appropriate starting lookup level 589 // depending on the address range supported by the translation table (ARM 590 // ARM issue C B3.6.4) 591 if (currState->vaddr <= ttbr0_max) { 592 DPRINTF(TLB, " - Selecting TTBR0 (long-desc.)\n"); 593 // Check if table walk is allowed 594 if (currState->ttbcr.epd0) { 595 if (currState->isFetch) 596 return std::make_shared<PrefetchAbort>( 597 currState->vaddr_tainted, 598 ArmFault::TranslationLL + L1, 599 isStage2, 600 ArmFault::LpaeTran); 601 else 602 return std::make_shared<DataAbort>( 603 currState->vaddr_tainted, 604 TlbEntry::DomainType::NoAccess, 605 currState->isWrite, 606 ArmFault::TranslationLL + L1, 607 isStage2, 608 ArmFault::LpaeTran); 609 } 610 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 611 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 612 tsz = currState->ttbcr.t0sz; 613 if (ttbr0_max < (1ULL << 30)) // Upper limit < 1 GB 614 start_lookup_level = L2; 615 } else if (currState->vaddr >= ttbr1_min) { 616 DPRINTF(TLB, " - Selecting TTBR1 (long-desc.)\n"); 617 // Check if table walk is allowed 618 if (currState->ttbcr.epd1) { 619 if (currState->isFetch) 620 return std::make_shared<PrefetchAbort>( 621 currState->vaddr_tainted, 622 ArmFault::TranslationLL + L1, 623 isStage2, 624 ArmFault::LpaeTran); 625 else 626 return std::make_shared<DataAbort>( 627 currState->vaddr_tainted, 628 TlbEntry::DomainType::NoAccess, 629 currState->isWrite, 630 ArmFault::TranslationLL + L1, 631 isStage2, 632 ArmFault::LpaeTran); 633 } 634 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 635 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 636 tsz = currState->ttbcr.t1sz; 637 if (ttbr1_min >= (1ULL << 31) + (1ULL << 30)) // Lower limit >= 3 GB 638 start_lookup_level = L2; 639 } else { 640 // Out of boundaries -> translation fault 641 if (currState->isFetch) 642 return std::make_shared<PrefetchAbort>( 643 currState->vaddr_tainted, 644 ArmFault::TranslationLL + L1, 645 isStage2, 646 ArmFault::LpaeTran); 647 else 648 return std::make_shared<DataAbort>( 649 currState->vaddr_tainted, 650 TlbEntry::DomainType::NoAccess, 651 currState->isWrite, ArmFault::TranslationLL + L1, 652 isStage2, ArmFault::LpaeTran); 653 } 654 655 } 656 657 // Perform lookup (ARM ARM issue C B3.6.6) 658 if (start_lookup_level == L1) { 659 n = 5 - tsz; 660 desc_addr = mbits(ttbr, 39, n) | 661 (bits(currState->vaddr, n + 26, 30) << 3); 662 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 663 desc_addr, currState->isSecure ? "s" : "ns"); 664 } else { 665 // Skip first-level lookup 666 n = (tsz >= 2 ? 14 - tsz : 12); 667 desc_addr = mbits(ttbr, 39, n) | 668 (bits(currState->vaddr, n + 17, 21) << 3); 669 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 670 desc_addr, currState->isSecure ? "s" : "ns"); 671 } 672 673 // Trickbox address check 674 Fault f = testWalk(desc_addr, sizeof(uint64_t), 675 TlbEntry::DomainType::NoAccess, start_lookup_level); 676 if (f) { 677 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 678 if (currState->timing) { 679 pending = false; 680 nextWalk(currState->tc); 681 currState = NULL; 682 } else { 683 currState->tc = NULL; 684 currState->req = NULL; 685 } 686 return f; 687 } 688 689 if (currState->sctlr.c == 0) { 690 flag.set(Request::UNCACHEABLE); 691 } 692 693 currState->longDesc.lookupLevel = start_lookup_level; 694 currState->longDesc.aarch64 = false; 695 currState->longDesc.grainSize = Grain4KB; 696 697 Event *event = start_lookup_level == L1 ? (Event *) &doL1LongDescEvent 698 : (Event *) &doL2LongDescEvent; 699 700 bool delayed = fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data, 701 sizeof(uint64_t), flag, start_lookup_level, 702 event, &TableWalker::doLongDescriptor); 703 if (!delayed) { 704 f = currState->fault; 705 } 706 707 return f; 708} 709 710unsigned 711TableWalker::adjustTableSizeAArch64(unsigned tsz) 712{ 713 if (tsz < 25) 714 return 25; 715 if (tsz > 48) 716 return 48; 717 return tsz; 718} 719 720bool 721TableWalker::checkAddrSizeFaultAArch64(Addr addr, int currPhysAddrRange) 722{ 723 return (currPhysAddrRange != MaxPhysAddrRange && 724 bits(addr, MaxPhysAddrRange - 1, currPhysAddrRange)); 725} 726 727Fault 728TableWalker::processWalkAArch64() 729{ 730 assert(currState->aarch64); 731 732 DPRINTF(TLB, "Beginning table walk for address %#llx, TCR: %#llx\n", 733 currState->vaddr_tainted, currState->tcr); 734 735 static const GrainSize GrainMapDefault[] = 736 { Grain4KB, Grain64KB, Grain16KB, ReservedGrain }; 737 static const GrainSize GrainMap_EL1_tg1[] = 738 { ReservedGrain, Grain16KB, Grain4KB, Grain64KB }; 739 740 statWalkWaitTime.sample(curTick() - currState->startTime); 741 742 // Determine TTBR, table size, granule size and phys. address range 743 Addr ttbr = 0; 744 int tsz = 0, ps = 0; 745 GrainSize tg = Grain4KB; // grain size computed from tg* field 746 bool fault = false; 747 switch (currState->el) { 748 case EL0: 749 case EL1: 750 switch (bits(currState->vaddr, 63,48)) { 751 case 0: 752 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 753 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL1); 754 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 755 tg = GrainMapDefault[currState->tcr.tg0]; 756 if (bits(currState->vaddr, 63, tsz) != 0x0 || 757 currState->tcr.epd0) 758 fault = true; 759 break; 760 case 0xffff: 761 DPRINTF(TLB, " - Selecting TTBR1 (AArch64)\n"); 762 ttbr = currState->tc->readMiscReg(MISCREG_TTBR1_EL1); 763 tsz = adjustTableSizeAArch64(64 - currState->tcr.t1sz); 764 tg = GrainMap_EL1_tg1[currState->tcr.tg1]; 765 if (bits(currState->vaddr, 63, tsz) != mask(64-tsz) || 766 currState->tcr.epd1) 767 fault = true; 768 break; 769 default: 770 // top two bytes must be all 0s or all 1s, else invalid addr 771 fault = true; 772 } 773 ps = currState->tcr.ips; 774 break; 775 case EL2: 776 case EL3: 777 switch(bits(currState->vaddr, 63,48)) { 778 case 0: 779 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 780 if (currState->el == EL2) 781 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL2); 782 else 783 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL3); 784 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 785 tg = GrainMapDefault[currState->tcr.tg0]; 786 break; 787 default: 788 // invalid addr if top two bytes are not all 0s 789 fault = true; 790 } 791 ps = currState->tcr.ips; 792 break; 793 } 794 795 if (fault) { 796 Fault f; 797 if (currState->isFetch) 798 f = std::make_shared<PrefetchAbort>( 799 currState->vaddr_tainted, 800 ArmFault::TranslationLL + L0, isStage2, 801 ArmFault::LpaeTran); 802 else 803 f = std::make_shared<DataAbort>( 804 currState->vaddr_tainted, 805 TlbEntry::DomainType::NoAccess, 806 currState->isWrite, 807 ArmFault::TranslationLL + L0, 808 isStage2, ArmFault::LpaeTran); 809 810 if (currState->timing) { 811 pending = false; 812 nextWalk(currState->tc); 813 currState = NULL; 814 } else { 815 currState->tc = NULL; 816 currState->req = NULL; 817 } 818 return f; 819 820 } 821 822 if (tg == ReservedGrain) { 823 warn_once("Reserved granule size requested; gem5's IMPLEMENTATION " 824 "DEFINED behavior takes this to mean 4KB granules\n"); 825 tg = Grain4KB; 826 } 827 828 int stride = tg - 3; 829 LookupLevel start_lookup_level = MAX_LOOKUP_LEVELS; 830 831 // Determine starting lookup level 832 // See aarch64/translation/walk in Appendix G: ARMv8 Pseudocode Library 833 // in ARM DDI 0487A. These table values correspond to the cascading tests 834 // to compute the lookup level and are of the form 835 // (grain_size + N*stride), for N = {1, 2, 3}. 836 // A value of 64 will never succeed and a value of 0 will always succeed. 837 { 838 struct GrainMap { 839 GrainSize grain_size; 840 unsigned lookup_level_cutoff[MAX_LOOKUP_LEVELS]; 841 }; 842 static const GrainMap GM[] = { 843 { Grain4KB, { 39, 30, 0, 0 } }, 844 { Grain16KB, { 47, 36, 25, 0 } }, 845 { Grain64KB, { 64, 42, 29, 0 } } 846 }; 847 848 const unsigned *lookup = NULL; // points to a lookup_level_cutoff 849 850 for (unsigned i = 0; i < 3; ++i) { // choose entry of GM[] 851 if (tg == GM[i].grain_size) { 852 lookup = GM[i].lookup_level_cutoff; 853 break; 854 } 855 } 856 assert(lookup); 857 858 for (int L = L0; L != MAX_LOOKUP_LEVELS; ++L) { 859 if (tsz > lookup[L]) { 860 start_lookup_level = (LookupLevel) L; 861 break; 862 } 863 } 864 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS, 865 "Table walker couldn't find lookup level\n"); 866 } 867 868 // Determine table base address 869 int base_addr_lo = 3 + tsz - stride * (3 - start_lookup_level) - tg; 870 Addr base_addr = mbits(ttbr, 47, base_addr_lo); 871 872 // Determine physical address size and raise an Address Size Fault if 873 // necessary 874 int pa_range = decodePhysAddrRange64(ps); 875 // Clamp to lower limit 876 if (pa_range > physAddrRange) 877 currState->physAddrRange = physAddrRange; 878 else 879 currState->physAddrRange = pa_range; 880 if (checkAddrSizeFaultAArch64(base_addr, currState->physAddrRange)) { 881 DPRINTF(TLB, "Address size fault before any lookup\n"); 882 Fault f; 883 if (currState->isFetch) 884 f = std::make_shared<PrefetchAbort>( 885 currState->vaddr_tainted, 886 ArmFault::AddressSizeLL + start_lookup_level, 887 isStage2, 888 ArmFault::LpaeTran); 889 else 890 f = std::make_shared<DataAbort>( 891 currState->vaddr_tainted, 892 TlbEntry::DomainType::NoAccess, 893 currState->isWrite, 894 ArmFault::AddressSizeLL + start_lookup_level, 895 isStage2, 896 ArmFault::LpaeTran); 897 898 899 if (currState->timing) { 900 pending = false; 901 nextWalk(currState->tc); 902 currState = NULL; 903 } else { 904 currState->tc = NULL; 905 currState->req = NULL; 906 } 907 return f; 908 909 } 910 911 // Determine descriptor address 912 Addr desc_addr = base_addr | 913 (bits(currState->vaddr, tsz - 1, 914 stride * (3 - start_lookup_level) + tg) << 3); 915 916 // Trickbox address check 917 Fault f = testWalk(desc_addr, sizeof(uint64_t), 918 TlbEntry::DomainType::NoAccess, start_lookup_level); 919 if (f) { 920 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 921 if (currState->timing) { 922 pending = false; 923 nextWalk(currState->tc); 924 currState = NULL; 925 } else { 926 currState->tc = NULL; 927 currState->req = NULL; 928 } 929 return f; 930 } 931 932 Request::Flags flag = Request::PT_WALK; 933 if (currState->sctlr.c == 0) { 934 flag.set(Request::UNCACHEABLE); 935 } 936 937 if (currState->isSecure) { 938 flag.set(Request::SECURE); 939 } 940 941 currState->longDesc.lookupLevel = start_lookup_level; 942 currState->longDesc.aarch64 = true; 943 currState->longDesc.grainSize = tg; 944 945 if (currState->timing) { 946 Event *event; 947 switch (start_lookup_level) { 948 case L0: 949 event = (Event *) &doL0LongDescEvent; 950 break; 951 case L1: 952 event = (Event *) &doL1LongDescEvent; 953 break; 954 case L2: 955 event = (Event *) &doL2LongDescEvent; 956 break; 957 case L3: 958 event = (Event *) &doL3LongDescEvent; 959 break; 960 default: 961 panic("Invalid table lookup level"); 962 break; 963 } 964 port->dmaAction(MemCmd::ReadReq, desc_addr, sizeof(uint64_t), 965 event, (uint8_t*) &currState->longDesc.data, 966 currState->tc->getCpuPtr()->clockPeriod(), flag); 967 DPRINTF(TLBVerbose, 968 "Adding to walker fifo: queue size before adding: %d\n", 969 stateQueues[start_lookup_level].size()); 970 stateQueues[start_lookup_level].push_back(currState); 971 currState = NULL; 972 } else if (!currState->functional) { 973 port->dmaAction(MemCmd::ReadReq, desc_addr, sizeof(uint64_t), 974 NULL, (uint8_t*) &currState->longDesc.data, 975 currState->tc->getCpuPtr()->clockPeriod(), flag); 976 doLongDescriptor(); 977 f = currState->fault; 978 } else { 979 RequestPtr req = new Request(desc_addr, sizeof(uint64_t), flag, 980 masterId); 981 PacketPtr pkt = new Packet(req, MemCmd::ReadReq); 982 pkt->dataStatic((uint8_t*) &currState->longDesc.data); 983 port->sendFunctional(pkt); 984 doLongDescriptor(); 985 delete req; 986 delete pkt; 987 f = currState->fault; 988 } 989 990 return f; 991} 992 993void 994TableWalker::memAttrs(ThreadContext *tc, TlbEntry &te, SCTLR sctlr, 995 uint8_t texcb, bool s) 996{ 997 // Note: tc and sctlr local variables are hiding tc and sctrl class 998 // variables 999 DPRINTF(TLBVerbose, "memAttrs texcb:%d s:%d\n", texcb, s); 1000 te.shareable = false; // default value 1001 te.nonCacheable = false; 1002 te.outerShareable = false; 1003 if (sctlr.tre == 0 || ((sctlr.tre == 1) && (sctlr.m == 0))) { 1004 switch(texcb) { 1005 case 0: // Stongly-ordered 1006 te.nonCacheable = true; 1007 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1008 te.shareable = true; 1009 te.innerAttrs = 1; 1010 te.outerAttrs = 0; 1011 break; 1012 case 1: // Shareable Device 1013 te.nonCacheable = true; 1014 te.mtype = TlbEntry::MemoryType::Device; 1015 te.shareable = true; 1016 te.innerAttrs = 3; 1017 te.outerAttrs = 0; 1018 break; 1019 case 2: // Outer and Inner Write-Through, no Write-Allocate 1020 te.mtype = TlbEntry::MemoryType::Normal; 1021 te.shareable = s; 1022 te.innerAttrs = 6; 1023 te.outerAttrs = bits(texcb, 1, 0); 1024 break; 1025 case 3: // Outer and Inner Write-Back, no Write-Allocate 1026 te.mtype = TlbEntry::MemoryType::Normal; 1027 te.shareable = s; 1028 te.innerAttrs = 7; 1029 te.outerAttrs = bits(texcb, 1, 0); 1030 break; 1031 case 4: // Outer and Inner Non-cacheable 1032 te.nonCacheable = true; 1033 te.mtype = TlbEntry::MemoryType::Normal; 1034 te.shareable = s; 1035 te.innerAttrs = 0; 1036 te.outerAttrs = bits(texcb, 1, 0); 1037 break; 1038 case 5: // Reserved 1039 panic("Reserved texcb value!\n"); 1040 break; 1041 case 6: // Implementation Defined 1042 panic("Implementation-defined texcb value!\n"); 1043 break; 1044 case 7: // Outer and Inner Write-Back, Write-Allocate 1045 te.mtype = TlbEntry::MemoryType::Normal; 1046 te.shareable = s; 1047 te.innerAttrs = 5; 1048 te.outerAttrs = 1; 1049 break; 1050 case 8: // Non-shareable Device 1051 te.nonCacheable = true; 1052 te.mtype = TlbEntry::MemoryType::Device; 1053 te.shareable = false; 1054 te.innerAttrs = 3; 1055 te.outerAttrs = 0; 1056 break; 1057 case 9 ... 15: // Reserved 1058 panic("Reserved texcb value!\n"); 1059 break; 1060 case 16 ... 31: // Cacheable Memory 1061 te.mtype = TlbEntry::MemoryType::Normal; 1062 te.shareable = s; 1063 if (bits(texcb, 1,0) == 0 || bits(texcb, 3,2) == 0) 1064 te.nonCacheable = true; 1065 te.innerAttrs = bits(texcb, 1, 0); 1066 te.outerAttrs = bits(texcb, 3, 2); 1067 break; 1068 default: 1069 panic("More than 32 states for 5 bits?\n"); 1070 } 1071 } else { 1072 assert(tc); 1073 PRRR prrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_PRRR, 1074 currState->tc, !currState->isSecure)); 1075 NMRR nmrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_NMRR, 1076 currState->tc, !currState->isSecure)); 1077 DPRINTF(TLBVerbose, "memAttrs PRRR:%08x NMRR:%08x\n", prrr, nmrr); 1078 uint8_t curr_tr = 0, curr_ir = 0, curr_or = 0; 1079 switch(bits(texcb, 2,0)) { 1080 case 0: 1081 curr_tr = prrr.tr0; 1082 curr_ir = nmrr.ir0; 1083 curr_or = nmrr.or0; 1084 te.outerShareable = (prrr.nos0 == 0); 1085 break; 1086 case 1: 1087 curr_tr = prrr.tr1; 1088 curr_ir = nmrr.ir1; 1089 curr_or = nmrr.or1; 1090 te.outerShareable = (prrr.nos1 == 0); 1091 break; 1092 case 2: 1093 curr_tr = prrr.tr2; 1094 curr_ir = nmrr.ir2; 1095 curr_or = nmrr.or2; 1096 te.outerShareable = (prrr.nos2 == 0); 1097 break; 1098 case 3: 1099 curr_tr = prrr.tr3; 1100 curr_ir = nmrr.ir3; 1101 curr_or = nmrr.or3; 1102 te.outerShareable = (prrr.nos3 == 0); 1103 break; 1104 case 4: 1105 curr_tr = prrr.tr4; 1106 curr_ir = nmrr.ir4; 1107 curr_or = nmrr.or4; 1108 te.outerShareable = (prrr.nos4 == 0); 1109 break; 1110 case 5: 1111 curr_tr = prrr.tr5; 1112 curr_ir = nmrr.ir5; 1113 curr_or = nmrr.or5; 1114 te.outerShareable = (prrr.nos5 == 0); 1115 break; 1116 case 6: 1117 panic("Imp defined type\n"); 1118 case 7: 1119 curr_tr = prrr.tr7; 1120 curr_ir = nmrr.ir7; 1121 curr_or = nmrr.or7; 1122 te.outerShareable = (prrr.nos7 == 0); 1123 break; 1124 } 1125 1126 switch(curr_tr) { 1127 case 0: 1128 DPRINTF(TLBVerbose, "StronglyOrdered\n"); 1129 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1130 te.nonCacheable = true; 1131 te.innerAttrs = 1; 1132 te.outerAttrs = 0; 1133 te.shareable = true; 1134 break; 1135 case 1: 1136 DPRINTF(TLBVerbose, "Device ds1:%d ds0:%d s:%d\n", 1137 prrr.ds1, prrr.ds0, s); 1138 te.mtype = TlbEntry::MemoryType::Device; 1139 te.nonCacheable = true; 1140 te.innerAttrs = 3; 1141 te.outerAttrs = 0; 1142 if (prrr.ds1 && s) 1143 te.shareable = true; 1144 if (prrr.ds0 && !s) 1145 te.shareable = true; 1146 break; 1147 case 2: 1148 DPRINTF(TLBVerbose, "Normal ns1:%d ns0:%d s:%d\n", 1149 prrr.ns1, prrr.ns0, s); 1150 te.mtype = TlbEntry::MemoryType::Normal; 1151 if (prrr.ns1 && s) 1152 te.shareable = true; 1153 if (prrr.ns0 && !s) 1154 te.shareable = true; 1155 break; 1156 case 3: 1157 panic("Reserved type"); 1158 } 1159 1160 if (te.mtype == TlbEntry::MemoryType::Normal){ 1161 switch(curr_ir) { 1162 case 0: 1163 te.nonCacheable = true; 1164 te.innerAttrs = 0; 1165 break; 1166 case 1: 1167 te.innerAttrs = 5; 1168 break; 1169 case 2: 1170 te.innerAttrs = 6; 1171 break; 1172 case 3: 1173 te.innerAttrs = 7; 1174 break; 1175 } 1176 1177 switch(curr_or) { 1178 case 0: 1179 te.nonCacheable = true; 1180 te.outerAttrs = 0; 1181 break; 1182 case 1: 1183 te.outerAttrs = 1; 1184 break; 1185 case 2: 1186 te.outerAttrs = 2; 1187 break; 1188 case 3: 1189 te.outerAttrs = 3; 1190 break; 1191 } 1192 } 1193 } 1194 DPRINTF(TLBVerbose, "memAttrs: shareable: %d, innerAttrs: %d, " 1195 "outerAttrs: %d\n", 1196 te.shareable, te.innerAttrs, te.outerAttrs); 1197 te.setAttributes(false); 1198} 1199 1200void 1201TableWalker::memAttrsLPAE(ThreadContext *tc, TlbEntry &te, 1202 LongDescriptor &lDescriptor) 1203{ 1204 assert(_haveLPAE); 1205 1206 uint8_t attr; 1207 uint8_t sh = lDescriptor.sh(); 1208 // Different format and source of attributes if this is a stage 2 1209 // translation 1210 if (isStage2) { 1211 attr = lDescriptor.memAttr(); 1212 uint8_t attr_3_2 = (attr >> 2) & 0x3; 1213 uint8_t attr_1_0 = attr & 0x3; 1214 1215 DPRINTF(TLBVerbose, "memAttrsLPAE MemAttr:%#x sh:%#x\n", attr, sh); 1216 1217 if (attr_3_2 == 0) { 1218 te.mtype = attr_1_0 == 0 ? TlbEntry::MemoryType::StronglyOrdered 1219 : TlbEntry::MemoryType::Device; 1220 te.outerAttrs = 0; 1221 te.innerAttrs = attr_1_0 == 0 ? 1 : 3; 1222 te.nonCacheable = true; 1223 } else { 1224 te.mtype = TlbEntry::MemoryType::Normal; 1225 te.outerAttrs = attr_3_2 == 1 ? 0 : 1226 attr_3_2 == 2 ? 2 : 1; 1227 te.innerAttrs = attr_1_0 == 1 ? 0 : 1228 attr_1_0 == 2 ? 6 : 5; 1229 te.nonCacheable = (attr_3_2 == 1) || (attr_1_0 == 1); 1230 } 1231 } else { 1232 uint8_t attrIndx = lDescriptor.attrIndx(); 1233 1234 // LPAE always uses remapping of memory attributes, irrespective of the 1235 // value of SCTLR.TRE 1236 MiscRegIndex reg = attrIndx & 0x4 ? MISCREG_MAIR1 : MISCREG_MAIR0; 1237 int reg_as_int = flattenMiscRegNsBanked(reg, currState->tc, 1238 !currState->isSecure); 1239 uint32_t mair = currState->tc->readMiscReg(reg_as_int); 1240 attr = (mair >> (8 * (attrIndx % 4))) & 0xff; 1241 uint8_t attr_7_4 = bits(attr, 7, 4); 1242 uint8_t attr_3_0 = bits(attr, 3, 0); 1243 DPRINTF(TLBVerbose, "memAttrsLPAE AttrIndx:%#x sh:%#x, attr %#x\n", attrIndx, sh, attr); 1244 1245 // Note: the memory subsystem only cares about the 'cacheable' memory 1246 // attribute. The other attributes are only used to fill the PAR register 1247 // accordingly to provide the illusion of full support 1248 te.nonCacheable = false; 1249 1250 switch (attr_7_4) { 1251 case 0x0: 1252 // Strongly-ordered or Device memory 1253 if (attr_3_0 == 0x0) 1254 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1255 else if (attr_3_0 == 0x4) 1256 te.mtype = TlbEntry::MemoryType::Device; 1257 else 1258 panic("Unpredictable behavior\n"); 1259 te.nonCacheable = true; 1260 te.outerAttrs = 0; 1261 break; 1262 case 0x4: 1263 // Normal memory, Outer Non-cacheable 1264 te.mtype = TlbEntry::MemoryType::Normal; 1265 te.outerAttrs = 0; 1266 if (attr_3_0 == 0x4) 1267 // Inner Non-cacheable 1268 te.nonCacheable = true; 1269 else if (attr_3_0 < 0x8) 1270 panic("Unpredictable behavior\n"); 1271 break; 1272 case 0x8: 1273 case 0x9: 1274 case 0xa: 1275 case 0xb: 1276 case 0xc: 1277 case 0xd: 1278 case 0xe: 1279 case 0xf: 1280 if (attr_7_4 & 0x4) { 1281 te.outerAttrs = (attr_7_4 & 1) ? 1 : 3; 1282 } else { 1283 te.outerAttrs = 0x2; 1284 } 1285 // Normal memory, Outer Cacheable 1286 te.mtype = TlbEntry::MemoryType::Normal; 1287 if (attr_3_0 != 0x4 && attr_3_0 < 0x8) 1288 panic("Unpredictable behavior\n"); 1289 break; 1290 default: 1291 panic("Unpredictable behavior\n"); 1292 break; 1293 } 1294 1295 switch (attr_3_0) { 1296 case 0x0: 1297 te.innerAttrs = 0x1; 1298 break; 1299 case 0x4: 1300 te.innerAttrs = attr_7_4 == 0 ? 0x3 : 0; 1301 break; 1302 case 0x8: 1303 case 0x9: 1304 case 0xA: 1305 case 0xB: 1306 te.innerAttrs = 6; 1307 break; 1308 case 0xC: 1309 case 0xD: 1310 case 0xE: 1311 case 0xF: 1312 te.innerAttrs = attr_3_0 & 1 ? 0x5 : 0x7; 1313 break; 1314 default: 1315 panic("Unpredictable behavior\n"); 1316 break; 1317 } 1318 } 1319 1320 te.outerShareable = sh == 2; 1321 te.shareable = (sh & 0x2) ? true : false; 1322 te.setAttributes(true); 1323 te.attributes |= (uint64_t) attr << 56; 1324} 1325 1326void 1327TableWalker::memAttrsAArch64(ThreadContext *tc, TlbEntry &te, uint8_t attrIndx, 1328 uint8_t sh) 1329{ 1330 DPRINTF(TLBVerbose, "memAttrsAArch64 AttrIndx:%#x sh:%#x\n", attrIndx, sh); 1331 1332 // Select MAIR 1333 uint64_t mair; 1334 switch (currState->el) { 1335 case EL0: 1336 case EL1: 1337 mair = tc->readMiscReg(MISCREG_MAIR_EL1); 1338 break; 1339 case EL2: 1340 mair = tc->readMiscReg(MISCREG_MAIR_EL2); 1341 break; 1342 case EL3: 1343 mair = tc->readMiscReg(MISCREG_MAIR_EL3); 1344 break; 1345 default: 1346 panic("Invalid exception level"); 1347 break; 1348 } 1349 1350 // Select attributes 1351 uint8_t attr = bits(mair, 8 * attrIndx + 7, 8 * attrIndx); 1352 uint8_t attr_lo = bits(attr, 3, 0); 1353 uint8_t attr_hi = bits(attr, 7, 4); 1354 1355 // Memory type 1356 te.mtype = attr_hi == 0 ? TlbEntry::MemoryType::Device : TlbEntry::MemoryType::Normal; 1357 1358 // Cacheability 1359 te.nonCacheable = false; 1360 if (te.mtype == TlbEntry::MemoryType::Device || // Device memory 1361 attr_hi == 0x8 || // Normal memory, Outer Non-cacheable 1362 attr_lo == 0x8) { // Normal memory, Inner Non-cacheable 1363 te.nonCacheable = true; 1364 } 1365 1366 te.shareable = sh == 2; 1367 te.outerShareable = (sh & 0x2) ? true : false; 1368 // Attributes formatted according to the 64-bit PAR 1369 te.attributes = ((uint64_t) attr << 56) | 1370 (1 << 11) | // LPAE bit 1371 (te.ns << 9) | // NS bit 1372 (sh << 7); 1373} 1374 1375void 1376TableWalker::doL1Descriptor() 1377{ 1378 if (currState->fault != NoFault) { 1379 return; 1380 } 1381 1382 DPRINTF(TLB, "L1 descriptor for %#x is %#x\n", 1383 currState->vaddr_tainted, currState->l1Desc.data); 1384 TlbEntry te; 1385 1386 switch (currState->l1Desc.type()) { 1387 case L1Descriptor::Ignore: 1388 case L1Descriptor::Reserved: 1389 if (!currState->timing) { 1390 currState->tc = NULL; 1391 currState->req = NULL; 1392 } 1393 DPRINTF(TLB, "L1 Descriptor Reserved/Ignore, causing fault\n"); 1394 if (currState->isFetch) 1395 currState->fault = 1396 std::make_shared<PrefetchAbort>( 1397 currState->vaddr_tainted, 1398 ArmFault::TranslationLL + L1, 1399 isStage2, 1400 ArmFault::VmsaTran); 1401 else 1402 currState->fault = 1403 std::make_shared<DataAbort>( 1404 currState->vaddr_tainted, 1405 TlbEntry::DomainType::NoAccess, 1406 currState->isWrite, 1407 ArmFault::TranslationLL + L1, isStage2, 1408 ArmFault::VmsaTran); 1409 return; 1410 case L1Descriptor::Section: 1411 if (currState->sctlr.afe && bits(currState->l1Desc.ap(), 0) == 0) { 1412 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is 1413 * enabled if set, do l1.Desc.setAp0() instead of generating 1414 * AccessFlag0 1415 */ 1416 1417 currState->fault = std::make_shared<DataAbort>( 1418 currState->vaddr_tainted, 1419 currState->l1Desc.domain(), 1420 currState->isWrite, 1421 ArmFault::AccessFlagLL + L1, 1422 isStage2, 1423 ArmFault::VmsaTran); 1424 } 1425 if (currState->l1Desc.supersection()) { 1426 panic("Haven't implemented supersections\n"); 1427 } 1428 insertTableEntry(currState->l1Desc, false); 1429 return; 1430 case L1Descriptor::PageTable: 1431 { 1432 Addr l2desc_addr; 1433 l2desc_addr = currState->l1Desc.l2Addr() | 1434 (bits(currState->vaddr, 19, 12) << 2); 1435 DPRINTF(TLB, "L1 descriptor points to page table at: %#x (%s)\n", 1436 l2desc_addr, currState->isSecure ? "s" : "ns"); 1437 1438 // Trickbox address check 1439 currState->fault = testWalk(l2desc_addr, sizeof(uint32_t), 1440 currState->l1Desc.domain(), L2); 1441 1442 if (currState->fault) { 1443 if (!currState->timing) { 1444 currState->tc = NULL; 1445 currState->req = NULL; 1446 } 1447 return; 1448 } 1449 1450 Request::Flags flag = Request::PT_WALK; 1451 if (currState->isSecure) 1452 flag.set(Request::SECURE); 1453 1454 bool delayed; 1455 delayed = fetchDescriptor(l2desc_addr, 1456 (uint8_t*)&currState->l2Desc.data, 1457 sizeof(uint32_t), flag, -1, &doL2DescEvent, 1458 &TableWalker::doL2Descriptor); 1459 if (delayed) { 1460 currState->delayed = true; 1461 } 1462 1463 return; 1464 } 1465 default: 1466 panic("A new type in a 2 bit field?\n"); 1467 } 1468} 1469 1470void 1471TableWalker::doLongDescriptor() 1472{ 1473 if (currState->fault != NoFault) { 1474 return; 1475 } 1476 1477 DPRINTF(TLB, "L%d descriptor for %#llx is %#llx (%s)\n", 1478 currState->longDesc.lookupLevel, currState->vaddr_tainted, 1479 currState->longDesc.data, 1480 currState->aarch64 ? "AArch64" : "long-desc."); 1481 1482 if ((currState->longDesc.type() == LongDescriptor::Block) || 1483 (currState->longDesc.type() == LongDescriptor::Page)) { 1484 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, pxn: %d, " 1485 "xn: %d, ap: %d, af: %d, type: %d\n", 1486 currState->longDesc.lookupLevel, 1487 currState->longDesc.data, 1488 currState->longDesc.pxn(), 1489 currState->longDesc.xn(), 1490 currState->longDesc.ap(), 1491 currState->longDesc.af(), 1492 currState->longDesc.type()); 1493 } else { 1494 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, type: %d\n", 1495 currState->longDesc.lookupLevel, 1496 currState->longDesc.data, 1497 currState->longDesc.type()); 1498 } 1499 1500 TlbEntry te; 1501 1502 switch (currState->longDesc.type()) { 1503 case LongDescriptor::Invalid: 1504 if (!currState->timing) { 1505 currState->tc = NULL; 1506 currState->req = NULL; 1507 } 1508 1509 DPRINTF(TLB, "L%d descriptor Invalid, causing fault type %d\n", 1510 currState->longDesc.lookupLevel, 1511 ArmFault::TranslationLL + currState->longDesc.lookupLevel); 1512 if (currState->isFetch) 1513 currState->fault = std::make_shared<PrefetchAbort>( 1514 currState->vaddr_tainted, 1515 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1516 isStage2, 1517 ArmFault::LpaeTran); 1518 else 1519 currState->fault = std::make_shared<DataAbort>( 1520 currState->vaddr_tainted, 1521 TlbEntry::DomainType::NoAccess, 1522 currState->isWrite, 1523 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1524 isStage2, 1525 ArmFault::LpaeTran); 1526 return; 1527 case LongDescriptor::Block: 1528 case LongDescriptor::Page: 1529 { 1530 bool fault = false; 1531 bool aff = false; 1532 // Check for address size fault 1533 if (checkAddrSizeFaultAArch64( 1534 mbits(currState->longDesc.data, MaxPhysAddrRange - 1, 1535 currState->longDesc.offsetBits()), 1536 currState->physAddrRange)) { 1537 fault = true; 1538 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1539 currState->longDesc.lookupLevel); 1540 // Check for access fault 1541 } else if (currState->longDesc.af() == 0) { 1542 fault = true; 1543 DPRINTF(TLB, "L%d descriptor causing Access Fault\n", 1544 currState->longDesc.lookupLevel); 1545 aff = true; 1546 } 1547 if (fault) { 1548 if (currState->isFetch) 1549 currState->fault = std::make_shared<PrefetchAbort>( 1550 currState->vaddr_tainted, 1551 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1552 currState->longDesc.lookupLevel, 1553 isStage2, 1554 ArmFault::LpaeTran); 1555 else 1556 currState->fault = std::make_shared<DataAbort>( 1557 currState->vaddr_tainted, 1558 TlbEntry::DomainType::NoAccess, currState->isWrite, 1559 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1560 currState->longDesc.lookupLevel, 1561 isStage2, 1562 ArmFault::LpaeTran); 1563 } else { 1564 insertTableEntry(currState->longDesc, true); 1565 } 1566 } 1567 return; 1568 case LongDescriptor::Table: 1569 { 1570 // Set hierarchical permission flags 1571 currState->secureLookup = currState->secureLookup && 1572 currState->longDesc.secureTable(); 1573 currState->rwTable = currState->rwTable && 1574 currState->longDesc.rwTable(); 1575 currState->userTable = currState->userTable && 1576 currState->longDesc.userTable(); 1577 currState->xnTable = currState->xnTable || 1578 currState->longDesc.xnTable(); 1579 currState->pxnTable = currState->pxnTable || 1580 currState->longDesc.pxnTable(); 1581 1582 // Set up next level lookup 1583 Addr next_desc_addr = currState->longDesc.nextDescAddr( 1584 currState->vaddr); 1585 1586 DPRINTF(TLB, "L%d descriptor points to L%d descriptor at: %#x (%s)\n", 1587 currState->longDesc.lookupLevel, 1588 currState->longDesc.lookupLevel + 1, 1589 next_desc_addr, 1590 currState->secureLookup ? "s" : "ns"); 1591 1592 // Check for address size fault 1593 if (currState->aarch64 && checkAddrSizeFaultAArch64( 1594 next_desc_addr, currState->physAddrRange)) { 1595 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1596 currState->longDesc.lookupLevel); 1597 if (currState->isFetch) 1598 currState->fault = std::make_shared<PrefetchAbort>( 1599 currState->vaddr_tainted, 1600 ArmFault::AddressSizeLL 1601 + currState->longDesc.lookupLevel, 1602 isStage2, 1603 ArmFault::LpaeTran); 1604 else 1605 currState->fault = std::make_shared<DataAbort>( 1606 currState->vaddr_tainted, 1607 TlbEntry::DomainType::NoAccess, currState->isWrite, 1608 ArmFault::AddressSizeLL 1609 + currState->longDesc.lookupLevel, 1610 isStage2, 1611 ArmFault::LpaeTran); 1612 return; 1613 } 1614 1615 // Trickbox address check 1616 currState->fault = testWalk( 1617 next_desc_addr, sizeof(uint64_t), TlbEntry::DomainType::Client, 1618 toLookupLevel(currState->longDesc.lookupLevel +1)); 1619 1620 if (currState->fault) { 1621 if (!currState->timing) { 1622 currState->tc = NULL; 1623 currState->req = NULL; 1624 } 1625 return; 1626 } 1627 1628 Request::Flags flag = Request::PT_WALK; 1629 if (currState->secureLookup) 1630 flag.set(Request::SECURE); 1631 1632 currState->longDesc.lookupLevel = 1633 (LookupLevel) (currState->longDesc.lookupLevel + 1); 1634 Event *event = NULL; 1635 switch (currState->longDesc.lookupLevel) { 1636 case L1: 1637 assert(currState->aarch64); 1638 event = &doL1LongDescEvent; 1639 break; 1640 case L2: 1641 event = &doL2LongDescEvent; 1642 break; 1643 case L3: 1644 event = &doL3LongDescEvent; 1645 break; 1646 default: 1647 panic("Wrong lookup level in table walk\n"); 1648 break; 1649 } 1650 1651 bool delayed; 1652 delayed = fetchDescriptor(next_desc_addr, (uint8_t*)&currState->longDesc.data, 1653 sizeof(uint64_t), flag, -1, event, 1654 &TableWalker::doLongDescriptor); 1655 if (delayed) { 1656 currState->delayed = true; 1657 } 1658 } 1659 return; 1660 default: 1661 panic("A new type in a 2 bit field?\n"); 1662 } 1663} 1664 1665void 1666TableWalker::doL2Descriptor() 1667{ 1668 if (currState->fault != NoFault) { 1669 return; 1670 } 1671 1672 DPRINTF(TLB, "L2 descriptor for %#x is %#x\n", 1673 currState->vaddr_tainted, currState->l2Desc.data); 1674 TlbEntry te; 1675 1676 if (currState->l2Desc.invalid()) { 1677 DPRINTF(TLB, "L2 descriptor invalid, causing fault\n"); 1678 if (!currState->timing) { 1679 currState->tc = NULL; 1680 currState->req = NULL; 1681 } 1682 if (currState->isFetch) 1683 currState->fault = std::make_shared<PrefetchAbort>( 1684 currState->vaddr_tainted, 1685 ArmFault::TranslationLL + L2, 1686 isStage2, 1687 ArmFault::VmsaTran); 1688 else 1689 currState->fault = std::make_shared<DataAbort>( 1690 currState->vaddr_tainted, currState->l1Desc.domain(), 1691 currState->isWrite, ArmFault::TranslationLL + L2, 1692 isStage2, 1693 ArmFault::VmsaTran); 1694 return; 1695 } 1696 1697 if (currState->sctlr.afe && bits(currState->l2Desc.ap(), 0) == 0) { 1698 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is enabled 1699 * if set, do l2.Desc.setAp0() instead of generating AccessFlag0 1700 */ 1701 DPRINTF(TLB, "Generating access fault at L2, afe: %d, ap: %d\n", 1702 currState->sctlr.afe, currState->l2Desc.ap()); 1703 1704 currState->fault = std::make_shared<DataAbort>( 1705 currState->vaddr_tainted, 1706 TlbEntry::DomainType::NoAccess, currState->isWrite, 1707 ArmFault::AccessFlagLL + L2, isStage2, 1708 ArmFault::VmsaTran); 1709 } 1710 1711 insertTableEntry(currState->l2Desc, false); 1712} 1713 1714void 1715TableWalker::doL1DescriptorWrapper() 1716{ 1717 currState = stateQueues[L1].front(); 1718 currState->delayed = false; 1719 // if there's a stage2 translation object we don't need it any more 1720 if (currState->stage2Tran) { 1721 delete currState->stage2Tran; 1722 currState->stage2Tran = NULL; 1723 } 1724 1725 1726 DPRINTF(TLBVerbose, "L1 Desc object host addr: %p\n",&currState->l1Desc.data); 1727 DPRINTF(TLBVerbose, "L1 Desc object data: %08x\n",currState->l1Desc.data); 1728 1729 DPRINTF(TLBVerbose, "calling doL1Descriptor for vaddr:%#x\n", currState->vaddr_tainted); 1730 doL1Descriptor(); 1731 1732 stateQueues[L1].pop_front(); 1733 // Check if fault was generated 1734 if (currState->fault != NoFault) { 1735 currState->transState->finish(currState->fault, currState->req, 1736 currState->tc, currState->mode); 1737 statWalksShortTerminatedAtLevel[0]++; 1738 1739 pending = false; 1740 nextWalk(currState->tc); 1741 1742 currState->req = NULL; 1743 currState->tc = NULL; 1744 currState->delayed = false; 1745 delete currState; 1746 } 1747 else if (!currState->delayed) { 1748 // delay is not set so there is no L2 to do 1749 // Don't finish the translation if a stage 2 look up is underway 1750 if (!currState->doingStage2) { 1751 statWalkServiceTime.sample(curTick() - currState->startTime); 1752 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1753 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1754 currState->transState, currState->mode); 1755 statWalksShortTerminatedAtLevel[0]++; 1756 } 1757 1758 pending = false; 1759 nextWalk(currState->tc); 1760 1761 currState->req = NULL; 1762 currState->tc = NULL; 1763 currState->delayed = false; 1764 delete currState; 1765 } else { 1766 // need to do L2 descriptor 1767 stateQueues[L2].push_back(currState); 1768 } 1769 currState = NULL; 1770} 1771 1772void 1773TableWalker::doL2DescriptorWrapper() 1774{ 1775 currState = stateQueues[L2].front(); 1776 assert(currState->delayed); 1777 // if there's a stage2 translation object we don't need it any more 1778 if (currState->stage2Tran) { 1779 delete currState->stage2Tran; 1780 currState->stage2Tran = NULL; 1781 } 1782 1783 DPRINTF(TLBVerbose, "calling doL2Descriptor for vaddr:%#x\n", 1784 currState->vaddr_tainted); 1785 doL2Descriptor(); 1786 1787 // Check if fault was generated 1788 if (currState->fault != NoFault) { 1789 currState->transState->finish(currState->fault, currState->req, 1790 currState->tc, currState->mode); 1791 statWalksShortTerminatedAtLevel[1]++; 1792 } 1793 else { 1794 // Don't finish the translation if a stage 2 look up is underway 1795 if (!currState->doingStage2) { 1796 statWalkServiceTime.sample(curTick() - currState->startTime); 1797 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1798 currState->fault = tlb->translateTiming(currState->req, 1799 currState->tc, currState->transState, currState->mode); 1800 statWalksShortTerminatedAtLevel[1]++; 1801 } 1802 } 1803 1804 1805 stateQueues[L2].pop_front(); 1806 pending = false; 1807 nextWalk(currState->tc); 1808 1809 currState->req = NULL; 1810 currState->tc = NULL; 1811 currState->delayed = false; 1812 1813 delete currState; 1814 currState = NULL; 1815} 1816 1817void 1818TableWalker::doL0LongDescriptorWrapper() 1819{ 1820 doLongDescriptorWrapper(L0); 1821} 1822 1823void 1824TableWalker::doL1LongDescriptorWrapper() 1825{ 1826 doLongDescriptorWrapper(L1); 1827} 1828 1829void 1830TableWalker::doL2LongDescriptorWrapper() 1831{ 1832 doLongDescriptorWrapper(L2); 1833} 1834 1835void 1836TableWalker::doL3LongDescriptorWrapper() 1837{ 1838 doLongDescriptorWrapper(L3); 1839} 1840 1841void 1842TableWalker::doLongDescriptorWrapper(LookupLevel curr_lookup_level) 1843{ 1844 currState = stateQueues[curr_lookup_level].front(); 1845 assert(curr_lookup_level == currState->longDesc.lookupLevel); 1846 currState->delayed = false; 1847 1848 // if there's a stage2 translation object we don't need it any more 1849 if (currState->stage2Tran) { 1850 delete currState->stage2Tran; 1851 currState->stage2Tran = NULL; 1852 } 1853 1854 DPRINTF(TLBVerbose, "calling doLongDescriptor for vaddr:%#x\n", 1855 currState->vaddr_tainted); 1856 doLongDescriptor(); 1857 1858 stateQueues[curr_lookup_level].pop_front(); 1859 1860 if (currState->fault != NoFault) { 1861 // A fault was generated 1862 currState->transState->finish(currState->fault, currState->req, 1863 currState->tc, currState->mode); 1864 1865 pending = false; 1866 nextWalk(currState->tc); 1867 1868 currState->req = NULL; 1869 currState->tc = NULL; 1870 currState->delayed = false; 1871 delete currState; 1872 } else if (!currState->delayed) { 1873 // No additional lookups required 1874 // Don't finish the translation if a stage 2 look up is underway 1875 if (!currState->doingStage2) { 1876 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1877 statWalkServiceTime.sample(curTick() - currState->startTime); 1878 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1879 currState->transState, 1880 currState->mode); 1881 statWalksLongTerminatedAtLevel[(unsigned) curr_lookup_level]++; 1882 } 1883 1884 pending = false; 1885 nextWalk(currState->tc); 1886 1887 currState->req = NULL; 1888 currState->tc = NULL; 1889 currState->delayed = false; 1890 delete currState; 1891 } else { 1892 if (curr_lookup_level >= MAX_LOOKUP_LEVELS - 1) 1893 panic("Max. number of lookups already reached in table walk\n"); 1894 // Need to perform additional lookups 1895 stateQueues[currState->longDesc.lookupLevel].push_back(currState); 1896 } 1897 currState = NULL; 1898} 1899 1900 1901void 1902TableWalker::nextWalk(ThreadContext *tc) 1903{ 1904 if (pendingQueue.size()) 1905 schedule(doProcessEvent, clockEdge(Cycles(1))); 1906 else 1907 completeDrain(); 1908} 1909 1910bool 1911TableWalker::fetchDescriptor(Addr descAddr, uint8_t *data, int numBytes, 1912 Request::Flags flags, int queueIndex, Event *event, 1913 void (TableWalker::*doDescriptor)()) 1914{ 1915 bool isTiming = currState->timing; 1916 1917 // do the requests for the page table descriptors have to go through the 1918 // second stage MMU 1919 if (currState->stage2Req) { 1920 Fault fault; 1921 flags = flags | TLB::MustBeOne; 1922 1923 if (isTiming) { 1924 Stage2MMU::Stage2Translation *tran = new 1925 Stage2MMU::Stage2Translation(*stage2Mmu, data, event, 1926 currState->vaddr); 1927 currState->stage2Tran = tran; 1928 stage2Mmu->readDataTimed(currState->tc, descAddr, tran, numBytes, 1929 flags); 1930 fault = tran->fault; 1931 } else { 1932 fault = stage2Mmu->readDataUntimed(currState->tc, 1933 currState->vaddr, descAddr, data, numBytes, flags, 1934 currState->functional); 1935 } 1936 1937 if (fault != NoFault) { 1938 currState->fault = fault; 1939 } 1940 if (isTiming) { 1941 if (queueIndex >= 0) { 1942 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1943 stateQueues[queueIndex].size()); 1944 stateQueues[queueIndex].push_back(currState); 1945 currState = NULL; 1946 } 1947 } else { 1948 (this->*doDescriptor)(); 1949 } 1950 } else { 1951 if (isTiming) { 1952 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, event, data, 1953 currState->tc->getCpuPtr()->clockPeriod(),flags); 1954 if (queueIndex >= 0) { 1955 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1956 stateQueues[queueIndex].size()); 1957 stateQueues[queueIndex].push_back(currState); 1958 currState = NULL; 1959 } 1960 } else if (!currState->functional) { 1961 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, NULL, data, 1962 currState->tc->getCpuPtr()->clockPeriod(), flags); 1963 (this->*doDescriptor)(); 1964 } else { 1965 RequestPtr req = new Request(descAddr, numBytes, flags, masterId); 1966 req->taskId(ContextSwitchTaskId::DMA); 1967 PacketPtr pkt = new Packet(req, MemCmd::ReadReq); 1968 pkt->dataStatic(data); 1969 port->sendFunctional(pkt); 1970 (this->*doDescriptor)(); 1971 delete req; 1972 delete pkt; 1973 } 1974 } 1975 return (isTiming); 1976} 1977 1978void 1979TableWalker::insertTableEntry(DescriptorBase &descriptor, bool longDescriptor) 1980{ 1981 TlbEntry te; 1982 1983 // Create and fill a new page table entry 1984 te.valid = true; 1985 te.longDescFormat = longDescriptor; 1986 te.isHyp = currState->isHyp; 1987 te.asid = currState->asid; 1988 te.vmid = currState->vmid; 1989 te.N = descriptor.offsetBits(); 1990 te.vpn = currState->vaddr >> te.N; 1991 te.size = (1<<te.N) - 1; 1992 te.pfn = descriptor.pfn(); 1993 te.domain = descriptor.domain(); 1994 te.lookupLevel = descriptor.lookupLevel; 1995 te.ns = !descriptor.secure(haveSecurity, currState) || isStage2; 1996 te.nstid = !currState->isSecure; 1997 te.xn = descriptor.xn(); 1998 if (currState->aarch64) 1999 te.el = currState->el; 2000 else 2001 te.el = 1; 2002 2003 statPageSizes[pageSizeNtoStatBin(te.N)]++; 2004 statRequestOrigin[COMPLETED][currState->isFetch]++; 2005 2006 // ASID has no meaning for stage 2 TLB entries, so mark all stage 2 entries 2007 // as global 2008 te.global = descriptor.global(currState) || isStage2; 2009 if (longDescriptor) { 2010 LongDescriptor lDescriptor = 2011 dynamic_cast<LongDescriptor &>(descriptor); 2012 2013 te.xn |= currState->xnTable; 2014 te.pxn = currState->pxnTable || lDescriptor.pxn(); 2015 if (isStage2) { 2016 // this is actually the HAP field, but its stored in the same bit 2017 // possitions as the AP field in a stage 1 translation. 2018 te.hap = lDescriptor.ap(); 2019 } else { 2020 te.ap = ((!currState->rwTable || descriptor.ap() >> 1) << 1) | 2021 (currState->userTable && (descriptor.ap() & 0x1)); 2022 } 2023 if (currState->aarch64) 2024 memAttrsAArch64(currState->tc, te, currState->longDesc.attrIndx(), 2025 currState->longDesc.sh()); 2026 else 2027 memAttrsLPAE(currState->tc, te, lDescriptor); 2028 } else { 2029 te.ap = descriptor.ap(); 2030 memAttrs(currState->tc, te, currState->sctlr, descriptor.texcb(), 2031 descriptor.shareable()); 2032 } 2033 2034 // Debug output 2035 DPRINTF(TLB, descriptor.dbgHeader().c_str()); 2036 DPRINTF(TLB, " - N:%d pfn:%#x size:%#x global:%d valid:%d\n", 2037 te.N, te.pfn, te.size, te.global, te.valid); 2038 DPRINTF(TLB, " - vpn:%#x xn:%d pxn:%d ap:%d domain:%d asid:%d " 2039 "vmid:%d hyp:%d nc:%d ns:%d\n", te.vpn, te.xn, te.pxn, 2040 te.ap, static_cast<uint8_t>(te.domain), te.asid, te.vmid, te.isHyp, 2041 te.nonCacheable, te.ns); 2042 DPRINTF(TLB, " - domain from L%d desc:%d data:%#x\n", 2043 descriptor.lookupLevel, static_cast<uint8_t>(descriptor.domain()), 2044 descriptor.getRawData()); 2045 2046 // Insert the entry into the TLB 2047 tlb->insert(currState->vaddr, te); 2048 if (!currState->timing) { 2049 currState->tc = NULL; 2050 currState->req = NULL; 2051 } 2052} 2053 2054ArmISA::TableWalker * 2055ArmTableWalkerParams::create() 2056{ 2057 return new ArmISA::TableWalker(this); 2058} 2059 2060LookupLevel 2061TableWalker::toLookupLevel(uint8_t lookup_level_as_int) 2062{ 2063 switch (lookup_level_as_int) { 2064 case L1: 2065 return L1; 2066 case L2: 2067 return L2; 2068 case L3: 2069 return L3; 2070 default: 2071 panic("Invalid lookup level conversion"); 2072 } 2073} 2074 2075/* this method keeps track of the table walker queue's residency, so 2076 * needs to be called whenever requests start and complete. */ 2077void 2078TableWalker::pendingChange() 2079{ 2080 unsigned n = pendingQueue.size(); 2081 if ((currState != NULL) && (currState != pendingQueue.front())) { 2082 ++n; 2083 } 2084 2085 if (n != pendingReqs) { 2086 Tick now = curTick(); 2087 statPendingWalks.sample(pendingReqs, now - pendingChangeTick); 2088 pendingReqs = n; 2089 pendingChangeTick = now; 2090 } 2091} 2092 2093Fault 2094TableWalker::testWalk(Addr pa, Addr size, TlbEntry::DomainType domain, 2095 LookupLevel lookup_level) 2096{ 2097 return tlb->testWalk(pa, size, currState->vaddr, currState->isSecure, 2098 currState->mode, domain, lookup_level); 2099} 2100 2101 2102uint8_t 2103TableWalker::pageSizeNtoStatBin(uint8_t N) 2104{ 2105 /* for statPageSizes */ 2106 switch(N) { 2107 case 12: return 0; // 4K 2108 case 14: return 1; // 16K (using 16K granule in v8-64) 2109 case 16: return 2; // 64K 2110 case 20: return 3; // 1M 2111 case 21: return 4; // 2M-LPAE 2112 case 24: return 5; // 16M 2113 case 25: return 6; // 32M (using 16K granule in v8-64) 2114 case 29: return 7; // 512M (using 64K granule in v8-64) 2115 case 30: return 8; // 1G-LPAE 2116 default: 2117 panic("unknown page size"); 2118 return 255; 2119 } 2120} 2121 2122void 2123TableWalker::regStats() 2124{ 2125 statWalks 2126 .name(name() + ".walks") 2127 .desc("Table walker walks requested") 2128 ; 2129 2130 statWalksShortDescriptor 2131 .name(name() + ".walksShort") 2132 .desc("Table walker walks initiated with short descriptors") 2133 .flags(Stats::nozero) 2134 ; 2135 2136 statWalksLongDescriptor 2137 .name(name() + ".walksLong") 2138 .desc("Table walker walks initiated with long descriptors") 2139 .flags(Stats::nozero) 2140 ; 2141 2142 statWalksShortTerminatedAtLevel 2143 .init(2) 2144 .name(name() + ".walksShortTerminationLevel") 2145 .desc("Level at which table walker walks " 2146 "with short descriptors terminate") 2147 .flags(Stats::nozero) 2148 ; 2149 statWalksShortTerminatedAtLevel.subname(0, "Level1"); 2150 statWalksShortTerminatedAtLevel.subname(1, "Level2"); 2151 2152 statWalksLongTerminatedAtLevel 2153 .init(4) 2154 .name(name() + ".walksLongTerminationLevel") 2155 .desc("Level at which table walker walks " 2156 "with long descriptors terminate") 2157 .flags(Stats::nozero) 2158 ; 2159 statWalksLongTerminatedAtLevel.subname(0, "Level0"); 2160 statWalksLongTerminatedAtLevel.subname(1, "Level1"); 2161 statWalksLongTerminatedAtLevel.subname(2, "Level2"); 2162 statWalksLongTerminatedAtLevel.subname(3, "Level3"); 2163 2164 statSquashedBefore 2165 .name(name() + ".walksSquashedBefore") 2166 .desc("Table walks squashed before starting") 2167 .flags(Stats::nozero) 2168 ; 2169 2170 statSquashedAfter 2171 .name(name() + ".walksSquashedAfter") 2172 .desc("Table walks squashed after completion") 2173 .flags(Stats::nozero) 2174 ; 2175 2176 statWalkWaitTime 2177 .init(16) 2178 .name(name() + ".walkWaitTime") 2179 .desc("Table walker wait (enqueue to first request) latency") 2180 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2181 ; 2182 2183 statWalkServiceTime 2184 .init(16) 2185 .name(name() + ".walkCompletionTime") 2186 .desc("Table walker service (enqueue to completion) latency") 2187 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2188 ; 2189 2190 statPendingWalks 2191 .init(16) 2192 .name(name() + ".walksPending") 2193 .desc("Table walker pending requests distribution") 2194 .flags(Stats::pdf | Stats::dist | Stats::nozero | Stats::nonan) 2195 ; 2196 2197 statPageSizes // see DDI 0487A D4-1661 2198 .init(9) 2199 .name(name() + ".walkPageSizes") 2200 .desc("Table walker page sizes translated") 2201 .flags(Stats::total | Stats::pdf | Stats::dist | Stats::nozero) 2202 ; 2203 statPageSizes.subname(0, "4K"); 2204 statPageSizes.subname(1, "16K"); 2205 statPageSizes.subname(2, "64K"); 2206 statPageSizes.subname(3, "1M"); 2207 statPageSizes.subname(4, "2M"); 2208 statPageSizes.subname(5, "16M"); 2209 statPageSizes.subname(6, "32M"); 2210 statPageSizes.subname(7, "512M"); 2211 statPageSizes.subname(8, "1G"); 2212 2213 statRequestOrigin 2214 .init(2,2) // Instruction/Data, requests/completed 2215 .name(name() + ".walkRequestOrigin") 2216 .desc("Table walker requests started/completed, data/inst") 2217 .flags(Stats::total) 2218 ; 2219 statRequestOrigin.subname(0,"Requested"); 2220 statRequestOrigin.subname(1,"Completed"); 2221 statRequestOrigin.ysubname(0,"Data"); 2222 statRequestOrigin.ysubname(1,"Inst"); 2223} 2224