table_walker.cc revision 12086:069c529a76fd
12SN/A/* 21762SN/A * Copyright (c) 2010, 2012-2017 ARM Limited 38332Snate@binkert.org * All rights reserved 42SN/A * 52SN/A * The license below extends only to copyright in the software and shall 62SN/A * not be construed as granting a license to any other intellectual 72SN/A * property including but not limited to intellectual property relating 82SN/A * to a hardware implementation of the functionality of the software 92SN/A * licensed hereunder. You may use the software subject to the license 102SN/A * terms below provided that you ensure that this notice is replicated 112SN/A * unmodified and in its entirety in all distributions of the software, 122SN/A * modified or unmodified, in source code or in binary form. 132SN/A * 142SN/A * Redistribution and use in source and binary forms, with or without 152SN/A * modification, are permitted provided that the following conditions are 162SN/A * met: redistributions of source code must retain the above copyright 172SN/A * notice, this list of conditions and the following disclaimer; 182SN/A * redistributions in binary form must reproduce the above copyright 192SN/A * notice, this list of conditions and the following disclaimer in the 202SN/A * documentation and/or other materials provided with the distribution; 212SN/A * neither the name of the copyright holders nor the names of its 222SN/A * contributors may be used to endorse or promote products derived from 232SN/A * this software without specific prior written permission. 242SN/A * 252SN/A * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 262SN/A * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 272SN/A * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 282665Ssaidi@eecs.umich.edu * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 292665Ssaidi@eecs.umich.edu * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 302665Ssaidi@eecs.umich.edu * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 317861Sgblack@eecs.umich.edu * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 322SN/A * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 332SN/A * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34488SN/A * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 358232Snate@binkert.org * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 368801Sgblack@eecs.umich.edu * 377861Sgblack@eecs.umich.edu * Authors: Ali Saidi 381609SN/A * Giacomo Gabrielli 397861Sgblack@eecs.umich.edu */ 407861Sgblack@eecs.umich.edu#include "arch/arm/table_walker.hh" 417861Sgblack@eecs.umich.edu 427861Sgblack@eecs.umich.edu#include <memory> 437861Sgblack@eecs.umich.edu 447861Sgblack@eecs.umich.edu#include "arch/arm/faults.hh" 457861Sgblack@eecs.umich.edu#include "arch/arm/stage2_mmu.hh" 467861Sgblack@eecs.umich.edu#include "arch/arm/system.hh" 477861Sgblack@eecs.umich.edu#include "arch/arm/tlb.hh" 487861Sgblack@eecs.umich.edu#include "cpu/base.hh" 492SN/A#include "cpu/thread_context.hh" 507861Sgblack@eecs.umich.edu#include "debug/Checkpoint.hh" 517861Sgblack@eecs.umich.edu#include "debug/Drain.hh" 527861Sgblack@eecs.umich.edu#include "debug/TLB.hh" 537861Sgblack@eecs.umich.edu#include "debug/TLBVerbose.hh" 547861Sgblack@eecs.umich.edu#include "dev/dma_device.hh" 557861Sgblack@eecs.umich.edu#include "sim/system.hh" 567861Sgblack@eecs.umich.edu 577861Sgblack@eecs.umich.eduusing namespace ArmISA; 587861Sgblack@eecs.umich.edu 597861Sgblack@eecs.umich.eduTableWalker::TableWalker(const Params *p) 607861Sgblack@eecs.umich.edu : MemObject(p), 617861Sgblack@eecs.umich.edu stage2Mmu(NULL), port(NULL), masterId(Request::invldMasterId), 627861Sgblack@eecs.umich.edu isStage2(p->is_stage2), tlb(NULL), 637861Sgblack@eecs.umich.edu currState(NULL), pending(false), 647861Sgblack@eecs.umich.edu numSquashable(p->num_squash_per_cycle), 657861Sgblack@eecs.umich.edu pendingReqs(0), 667861Sgblack@eecs.umich.edu pendingChangeTick(curTick()), 677861Sgblack@eecs.umich.edu doL1DescEvent([this]{ doL1DescriptorWrapper(); }, name()), 687861Sgblack@eecs.umich.edu doL2DescEvent([this]{ doL2DescriptorWrapper(); }, name()), 697861Sgblack@eecs.umich.edu doL0LongDescEvent([this]{ doL0LongDescriptorWrapper(); }, name()), 707861Sgblack@eecs.umich.edu doL1LongDescEvent([this]{ doL1LongDescriptorWrapper(); }, name()), 717861Sgblack@eecs.umich.edu doL2LongDescEvent([this]{ doL2LongDescriptorWrapper(); }, name()), 727861Sgblack@eecs.umich.edu doL3LongDescEvent([this]{ doL3LongDescriptorWrapper(); }, name()), 737861Sgblack@eecs.umich.edu LongDescEventByLevel { &doL0LongDescEvent, &doL1LongDescEvent, 747861Sgblack@eecs.umich.edu &doL2LongDescEvent, &doL3LongDescEvent }, 757861Sgblack@eecs.umich.edu doProcessEvent([this]{ processWalkWrapper(); }, name()) 767861Sgblack@eecs.umich.edu{ 777861Sgblack@eecs.umich.edu sctlr = 0; 787861Sgblack@eecs.umich.edu 797861Sgblack@eecs.umich.edu // Cache system-level properties 807861Sgblack@eecs.umich.edu if (FullSystem) { 817861Sgblack@eecs.umich.edu ArmSystem *armSys = dynamic_cast<ArmSystem *>(p->sys); 827861Sgblack@eecs.umich.edu assert(armSys); 837861Sgblack@eecs.umich.edu haveSecurity = armSys->haveSecurity(); 847861Sgblack@eecs.umich.edu _haveLPAE = armSys->haveLPAE(); 857861Sgblack@eecs.umich.edu _haveVirtualization = armSys->haveVirtualization(); 867861Sgblack@eecs.umich.edu physAddrRange = armSys->physAddrRange(); 877861Sgblack@eecs.umich.edu _haveLargeAsid64 = armSys->haveLargeAsid64(); 887861Sgblack@eecs.umich.edu } else { 897861Sgblack@eecs.umich.edu haveSecurity = _haveLPAE = _haveVirtualization = false; 907861Sgblack@eecs.umich.edu _haveLargeAsid64 = false; 917863Sgblack@eecs.umich.edu physAddrRange = 32; 927861Sgblack@eecs.umich.edu } 937861Sgblack@eecs.umich.edu 947861Sgblack@eecs.umich.edu} 957861Sgblack@eecs.umich.edu 967861Sgblack@eecs.umich.eduTableWalker::~TableWalker() 977861Sgblack@eecs.umich.edu{ 987861Sgblack@eecs.umich.edu ; 997861Sgblack@eecs.umich.edu} 1007861Sgblack@eecs.umich.edu 1017861Sgblack@eecs.umich.eduvoid 1027861Sgblack@eecs.umich.eduTableWalker::setMMU(Stage2MMU *m, MasterID master_id) 1037861Sgblack@eecs.umich.edu{ 1047861Sgblack@eecs.umich.edu stage2Mmu = m; 1057861Sgblack@eecs.umich.edu port = &m->getPort(); 1067861Sgblack@eecs.umich.edu masterId = master_id; 1077863Sgblack@eecs.umich.edu} 1087863Sgblack@eecs.umich.edu 1097861Sgblack@eecs.umich.eduvoid 1107861Sgblack@eecs.umich.eduTableWalker::init() 1117861Sgblack@eecs.umich.edu{ 1127861Sgblack@eecs.umich.edu fatal_if(!stage2Mmu, "Table walker must have a valid stage-2 MMU\n"); 1137942SAli.Saidi@ARM.com fatal_if(!port, "Table walker must have a valid port\n"); 1147942SAli.Saidi@ARM.com fatal_if(!tlb, "Table walker must have a valid TLB\n"); 1157942SAli.Saidi@ARM.com} 1167942SAli.Saidi@ARM.com 1177942SAli.Saidi@ARM.comBaseMasterPort& 1187942SAli.Saidi@ARM.comTableWalker::getMasterPort(const std::string &if_name, PortID idx) 1197942SAli.Saidi@ARM.com{ 1207942SAli.Saidi@ARM.com if (if_name == "port") { 1217942SAli.Saidi@ARM.com if (!isStage2) { 1227942SAli.Saidi@ARM.com return *port; 1237942SAli.Saidi@ARM.com } else { 1247942SAli.Saidi@ARM.com fatal("Cannot access table walker port through stage-two walker\n"); 1257861Sgblack@eecs.umich.edu } 1261104SN/A } 1278801Sgblack@eecs.umich.edu return MemObject::getMasterPort(if_name, idx); 1288901Sandreas.hansson@arm.com} 1298801Sgblack@eecs.umich.edu 1304762Snate@binkert.orgTableWalker::WalkerState::WalkerState() : 1314762Snate@binkert.org tc(nullptr), aarch64(false), el(EL0), physAddrRange(0), req(nullptr), 1321310SN/A asid(0), vmid(0), isHyp(false), transState(nullptr), 1331388SN/A vaddr(0), vaddr_tainted(0), isWrite(false), isFetch(false), isSecure(false), 1341388SN/A secureLookup(false), rwTable(false), userTable(false), xnTable(false), 1351388SN/A pxnTable(false), stage2Req(false), doingStage2(false), 1361388SN/A stage2Tran(nullptr), timing(false), functional(false), 1371388SN/A mode(BaseTLB::Read), tranType(TLB::NormalTran), l2Desc(l1Desc), 1381310SN/A delayed(false), tableWalker(nullptr) 1398801Sgblack@eecs.umich.edu{ 1408901Sandreas.hansson@arm.com} 1418801Sgblack@eecs.umich.edu 1424762Snate@binkert.orgvoid 1431310SN/ATableWalker::completeDrain() 144{ 145 if (drainState() == DrainState::Draining && 146 stateQueues[L0].empty() && stateQueues[L1].empty() && 147 stateQueues[L2].empty() && stateQueues[L3].empty() && 148 pendingQueue.empty()) { 149 150 DPRINTF(Drain, "TableWalker done draining, processing drain event\n"); 151 signalDrainDone(); 152 } 153} 154 155DrainState 156TableWalker::drain() 157{ 158 bool state_queues_not_empty = false; 159 160 for (int i = 0; i < MAX_LOOKUP_LEVELS; ++i) { 161 if (!stateQueues[i].empty()) { 162 state_queues_not_empty = true; 163 break; 164 } 165 } 166 167 if (state_queues_not_empty || pendingQueue.size()) { 168 DPRINTF(Drain, "TableWalker not drained\n"); 169 return DrainState::Draining; 170 } else { 171 DPRINTF(Drain, "TableWalker free, no need to drain\n"); 172 return DrainState::Drained; 173 } 174} 175 176void 177TableWalker::drainResume() 178{ 179 if (params()->sys->isTimingMode() && currState) { 180 delete currState; 181 currState = NULL; 182 pendingChange(); 183 } 184} 185 186Fault 187TableWalker::walk(RequestPtr _req, ThreadContext *_tc, uint16_t _asid, 188 uint8_t _vmid, bool _isHyp, TLB::Mode _mode, 189 TLB::Translation *_trans, bool _timing, bool _functional, 190 bool secure, TLB::ArmTranslationType tranType, 191 bool _stage2Req) 192{ 193 assert(!(_functional && _timing)); 194 ++statWalks; 195 196 WalkerState *savedCurrState = NULL; 197 198 if (!currState && !_functional) { 199 // For atomic mode, a new WalkerState instance should be only created 200 // once per TLB. For timing mode, a new instance is generated for every 201 // TLB miss. 202 DPRINTF(TLBVerbose, "creating new instance of WalkerState\n"); 203 204 currState = new WalkerState(); 205 currState->tableWalker = this; 206 } else if (_functional) { 207 // If we are mixing functional mode with timing (or even 208 // atomic), we need to to be careful and clean up after 209 // ourselves to not risk getting into an inconsistent state. 210 DPRINTF(TLBVerbose, "creating functional instance of WalkerState\n"); 211 savedCurrState = currState; 212 currState = new WalkerState(); 213 currState->tableWalker = this; 214 } else if (_timing) { 215 // This is a translation that was completed and then faulted again 216 // because some underlying parameters that affect the translation 217 // changed out from under us (e.g. asid). It will either be a 218 // misprediction, in which case nothing will happen or we'll use 219 // this fault to re-execute the faulting instruction which should clean 220 // up everything. 221 if (currState->vaddr_tainted == _req->getVaddr()) { 222 ++statSquashedBefore; 223 return std::make_shared<ReExec>(); 224 } 225 } 226 pendingChange(); 227 228 currState->startTime = curTick(); 229 currState->tc = _tc; 230 // ARM DDI 0487A.f (ARMv8 ARM) pg J8-5672 231 // aarch32/translation/translation/AArch32.TranslateAddress dictates 232 // even AArch32 EL0 will use AArch64 translation if EL1 is in AArch64. 233 currState->aarch64 = isStage2 || opModeIs64(currOpMode(_tc)) || 234 ((currEL(_tc) == EL0) && ELIs64(_tc, EL1)); 235 currState->el = currEL(_tc); 236 currState->transState = _trans; 237 currState->req = _req; 238 currState->fault = NoFault; 239 currState->asid = _asid; 240 currState->vmid = _vmid; 241 currState->isHyp = _isHyp; 242 currState->timing = _timing; 243 currState->functional = _functional; 244 currState->mode = _mode; 245 currState->tranType = tranType; 246 currState->isSecure = secure; 247 currState->physAddrRange = physAddrRange; 248 249 /** @todo These should be cached or grabbed from cached copies in 250 the TLB, all these miscreg reads are expensive */ 251 currState->vaddr_tainted = currState->req->getVaddr(); 252 if (currState->aarch64) 253 currState->vaddr = purifyTaggedAddr(currState->vaddr_tainted, 254 currState->tc, currState->el); 255 else 256 currState->vaddr = currState->vaddr_tainted; 257 258 if (currState->aarch64) { 259 if (isStage2) { 260 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1); 261 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR_EL2); 262 } else switch (currState->el) { 263 case EL0: 264 case EL1: 265 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL1); 266 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL1); 267 break; 268 case EL2: 269 assert(_haveVirtualization); 270 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL2); 271 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL2); 272 break; 273 case EL3: 274 assert(haveSecurity); 275 currState->sctlr = currState->tc->readMiscReg(MISCREG_SCTLR_EL3); 276 currState->tcr = currState->tc->readMiscReg(MISCREG_TCR_EL3); 277 break; 278 default: 279 panic("Invalid exception level"); 280 break; 281 } 282 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR_EL2); 283 } else { 284 currState->sctlr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 285 MISCREG_SCTLR, currState->tc, !currState->isSecure)); 286 currState->ttbcr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 287 MISCREG_TTBCR, currState->tc, !currState->isSecure)); 288 currState->htcr = currState->tc->readMiscReg(MISCREG_HTCR); 289 currState->hcr = currState->tc->readMiscReg(MISCREG_HCR); 290 currState->vtcr = currState->tc->readMiscReg(MISCREG_VTCR); 291 } 292 sctlr = currState->sctlr; 293 294 currState->isFetch = (currState->mode == TLB::Execute); 295 currState->isWrite = (currState->mode == TLB::Write); 296 297 statRequestOrigin[REQUESTED][currState->isFetch]++; 298 299 // We only do a second stage of translation if we're not secure, or in 300 // hyp mode, the second stage MMU is enabled, and this table walker 301 // instance is the first stage. 302 // TODO: fix setting of doingStage2 for timing mode 303 currState->doingStage2 = false; 304 currState->stage2Req = _stage2Req && !isStage2; 305 306 bool long_desc_format = currState->aarch64 || _isHyp || isStage2 || 307 longDescFormatInUse(currState->tc); 308 309 if (long_desc_format) { 310 // Helper variables used for hierarchical permissions 311 currState->secureLookup = currState->isSecure; 312 currState->rwTable = true; 313 currState->userTable = true; 314 currState->xnTable = false; 315 currState->pxnTable = false; 316 317 ++statWalksLongDescriptor; 318 } else { 319 ++statWalksShortDescriptor; 320 } 321 322 if (!currState->timing) { 323 Fault fault = NoFault; 324 if (currState->aarch64) 325 fault = processWalkAArch64(); 326 else if (long_desc_format) 327 fault = processWalkLPAE(); 328 else 329 fault = processWalk(); 330 331 // If this was a functional non-timing access restore state to 332 // how we found it. 333 if (currState->functional) { 334 delete currState; 335 currState = savedCurrState; 336 } 337 return fault; 338 } 339 340 if (pending || pendingQueue.size()) { 341 pendingQueue.push_back(currState); 342 currState = NULL; 343 pendingChange(); 344 } else { 345 pending = true; 346 pendingChange(); 347 if (currState->aarch64) 348 return processWalkAArch64(); 349 else if (long_desc_format) 350 return processWalkLPAE(); 351 else 352 return processWalk(); 353 } 354 355 return NoFault; 356} 357 358void 359TableWalker::processWalkWrapper() 360{ 361 assert(!currState); 362 assert(pendingQueue.size()); 363 pendingChange(); 364 currState = pendingQueue.front(); 365 366 ExceptionLevel target_el = EL0; 367 if (currState->aarch64) 368 target_el = currEL(currState->tc); 369 else 370 target_el = EL1; 371 372 // Check if a previous walk filled this request already 373 // @TODO Should this always be the TLB or should we look in the stage2 TLB? 374 TlbEntry* te = tlb->lookup(currState->vaddr, currState->asid, 375 currState->vmid, currState->isHyp, currState->isSecure, true, false, 376 target_el); 377 378 // Check if we still need to have a walk for this request. If the requesting 379 // instruction has been squashed, or a previous walk has filled the TLB with 380 // a match, we just want to get rid of the walk. The latter could happen 381 // when there are multiple outstanding misses to a single page and a 382 // previous request has been successfully translated. 383 if (!currState->transState->squashed() && !te) { 384 // We've got a valid request, lets process it 385 pending = true; 386 pendingQueue.pop_front(); 387 // Keep currState in case one of the processWalk... calls NULLs it 388 WalkerState *curr_state_copy = currState; 389 Fault f; 390 if (currState->aarch64) 391 f = processWalkAArch64(); 392 else if (longDescFormatInUse(currState->tc) || 393 currState->isHyp || isStage2) 394 f = processWalkLPAE(); 395 else 396 f = processWalk(); 397 398 if (f != NoFault) { 399 curr_state_copy->transState->finish(f, curr_state_copy->req, 400 curr_state_copy->tc, curr_state_copy->mode); 401 402 delete curr_state_copy; 403 } 404 return; 405 } 406 407 408 // If the instruction that we were translating for has been 409 // squashed we shouldn't bother. 410 unsigned num_squashed = 0; 411 ThreadContext *tc = currState->tc; 412 while ((num_squashed < numSquashable) && currState && 413 (currState->transState->squashed() || te)) { 414 pendingQueue.pop_front(); 415 num_squashed++; 416 statSquashedBefore++; 417 418 DPRINTF(TLB, "Squashing table walk for address %#x\n", 419 currState->vaddr_tainted); 420 421 if (currState->transState->squashed()) { 422 // finish the translation which will delete the translation object 423 currState->transState->finish( 424 std::make_shared<UnimpFault>("Squashed Inst"), 425 currState->req, currState->tc, currState->mode); 426 } else { 427 // translate the request now that we know it will work 428 statWalkServiceTime.sample(curTick() - currState->startTime); 429 tlb->translateTiming(currState->req, currState->tc, 430 currState->transState, currState->mode); 431 432 } 433 434 // delete the current request 435 delete currState; 436 437 // peak at the next one 438 if (pendingQueue.size()) { 439 currState = pendingQueue.front(); 440 te = tlb->lookup(currState->vaddr, currState->asid, 441 currState->vmid, currState->isHyp, currState->isSecure, true, 442 false, target_el); 443 } else { 444 // Terminate the loop, nothing more to do 445 currState = NULL; 446 } 447 } 448 pendingChange(); 449 450 // if we still have pending translations, schedule more work 451 nextWalk(tc); 452 currState = NULL; 453} 454 455Fault 456TableWalker::processWalk() 457{ 458 Addr ttbr = 0; 459 460 // If translation isn't enabled, we shouldn't be here 461 assert(currState->sctlr.m || isStage2); 462 463 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x, bits:%#x\n", 464 currState->vaddr_tainted, currState->ttbcr, mbits(currState->vaddr, 31, 465 32 - currState->ttbcr.n)); 466 467 statWalkWaitTime.sample(curTick() - currState->startTime); 468 469 if (currState->ttbcr.n == 0 || !mbits(currState->vaddr, 31, 470 32 - currState->ttbcr.n)) { 471 DPRINTF(TLB, " - Selecting TTBR0\n"); 472 // Check if table walk is allowed when Security Extensions are enabled 473 if (haveSecurity && currState->ttbcr.pd0) { 474 if (currState->isFetch) 475 return std::make_shared<PrefetchAbort>( 476 currState->vaddr_tainted, 477 ArmFault::TranslationLL + L1, 478 isStage2, 479 ArmFault::VmsaTran); 480 else 481 return std::make_shared<DataAbort>( 482 currState->vaddr_tainted, 483 TlbEntry::DomainType::NoAccess, currState->isWrite, 484 ArmFault::TranslationLL + L1, isStage2, 485 ArmFault::VmsaTran); 486 } 487 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 488 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 489 } else { 490 DPRINTF(TLB, " - Selecting TTBR1\n"); 491 // Check if table walk is allowed when Security Extensions are enabled 492 if (haveSecurity && currState->ttbcr.pd1) { 493 if (currState->isFetch) 494 return std::make_shared<PrefetchAbort>( 495 currState->vaddr_tainted, 496 ArmFault::TranslationLL + L1, 497 isStage2, 498 ArmFault::VmsaTran); 499 else 500 return std::make_shared<DataAbort>( 501 currState->vaddr_tainted, 502 TlbEntry::DomainType::NoAccess, currState->isWrite, 503 ArmFault::TranslationLL + L1, isStage2, 504 ArmFault::VmsaTran); 505 } 506 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 507 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 508 currState->ttbcr.n = 0; 509 } 510 511 Addr l1desc_addr = mbits(ttbr, 31, 14 - currState->ttbcr.n) | 512 (bits(currState->vaddr, 31 - currState->ttbcr.n, 20) << 2); 513 DPRINTF(TLB, " - Descriptor at address %#x (%s)\n", l1desc_addr, 514 currState->isSecure ? "s" : "ns"); 515 516 // Trickbox address check 517 Fault f; 518 f = testWalk(l1desc_addr, sizeof(uint32_t), 519 TlbEntry::DomainType::NoAccess, L1); 520 if (f) { 521 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 522 if (currState->timing) { 523 pending = false; 524 nextWalk(currState->tc); 525 currState = NULL; 526 } else { 527 currState->tc = NULL; 528 currState->req = NULL; 529 } 530 return f; 531 } 532 533 Request::Flags flag = Request::PT_WALK; 534 if (currState->sctlr.c == 0) { 535 flag.set(Request::UNCACHEABLE); 536 } 537 538 if (currState->isSecure) { 539 flag.set(Request::SECURE); 540 } 541 542 bool delayed; 543 delayed = fetchDescriptor(l1desc_addr, (uint8_t*)&currState->l1Desc.data, 544 sizeof(uint32_t), flag, L1, &doL1DescEvent, 545 &TableWalker::doL1Descriptor); 546 if (!delayed) { 547 f = currState->fault; 548 } 549 550 return f; 551} 552 553Fault 554TableWalker::processWalkLPAE() 555{ 556 Addr ttbr, ttbr0_max, ttbr1_min, desc_addr; 557 int tsz, n; 558 LookupLevel start_lookup_level = L1; 559 560 DPRINTF(TLB, "Beginning table walk for address %#x, TTBCR: %#x\n", 561 currState->vaddr_tainted, currState->ttbcr); 562 563 statWalkWaitTime.sample(curTick() - currState->startTime); 564 565 Request::Flags flag = Request::PT_WALK; 566 if (currState->isSecure) 567 flag.set(Request::SECURE); 568 569 // work out which base address register to use, if in hyp mode we always 570 // use HTTBR 571 if (isStage2) { 572 DPRINTF(TLB, " - Selecting VTTBR (long-desc.)\n"); 573 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR); 574 tsz = sext<4>(currState->vtcr.t0sz); 575 start_lookup_level = currState->vtcr.sl0 ? L1 : L2; 576 } else if (currState->isHyp) { 577 DPRINTF(TLB, " - Selecting HTTBR (long-desc.)\n"); 578 ttbr = currState->tc->readMiscReg(MISCREG_HTTBR); 579 tsz = currState->htcr.t0sz; 580 } else { 581 assert(longDescFormatInUse(currState->tc)); 582 583 // Determine boundaries of TTBR0/1 regions 584 if (currState->ttbcr.t0sz) 585 ttbr0_max = (1ULL << (32 - currState->ttbcr.t0sz)) - 1; 586 else if (currState->ttbcr.t1sz) 587 ttbr0_max = (1ULL << 32) - 588 (1ULL << (32 - currState->ttbcr.t1sz)) - 1; 589 else 590 ttbr0_max = (1ULL << 32) - 1; 591 if (currState->ttbcr.t1sz) 592 ttbr1_min = (1ULL << 32) - (1ULL << (32 - currState->ttbcr.t1sz)); 593 else 594 ttbr1_min = (1ULL << (32 - currState->ttbcr.t0sz)); 595 596 // The following code snippet selects the appropriate translation table base 597 // address (TTBR0 or TTBR1) and the appropriate starting lookup level 598 // depending on the address range supported by the translation table (ARM 599 // ARM issue C B3.6.4) 600 if (currState->vaddr <= ttbr0_max) { 601 DPRINTF(TLB, " - Selecting TTBR0 (long-desc.)\n"); 602 // Check if table walk is allowed 603 if (currState->ttbcr.epd0) { 604 if (currState->isFetch) 605 return std::make_shared<PrefetchAbort>( 606 currState->vaddr_tainted, 607 ArmFault::TranslationLL + L1, 608 isStage2, 609 ArmFault::LpaeTran); 610 else 611 return std::make_shared<DataAbort>( 612 currState->vaddr_tainted, 613 TlbEntry::DomainType::NoAccess, 614 currState->isWrite, 615 ArmFault::TranslationLL + L1, 616 isStage2, 617 ArmFault::LpaeTran); 618 } 619 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 620 MISCREG_TTBR0, currState->tc, !currState->isSecure)); 621 tsz = currState->ttbcr.t0sz; 622 if (ttbr0_max < (1ULL << 30)) // Upper limit < 1 GB 623 start_lookup_level = L2; 624 } else if (currState->vaddr >= ttbr1_min) { 625 DPRINTF(TLB, " - Selecting TTBR1 (long-desc.)\n"); 626 // Check if table walk is allowed 627 if (currState->ttbcr.epd1) { 628 if (currState->isFetch) 629 return std::make_shared<PrefetchAbort>( 630 currState->vaddr_tainted, 631 ArmFault::TranslationLL + L1, 632 isStage2, 633 ArmFault::LpaeTran); 634 else 635 return std::make_shared<DataAbort>( 636 currState->vaddr_tainted, 637 TlbEntry::DomainType::NoAccess, 638 currState->isWrite, 639 ArmFault::TranslationLL + L1, 640 isStage2, 641 ArmFault::LpaeTran); 642 } 643 ttbr = currState->tc->readMiscReg(flattenMiscRegNsBanked( 644 MISCREG_TTBR1, currState->tc, !currState->isSecure)); 645 tsz = currState->ttbcr.t1sz; 646 if (ttbr1_min >= (1ULL << 31) + (1ULL << 30)) // Lower limit >= 3 GB 647 start_lookup_level = L2; 648 } else { 649 // Out of boundaries -> translation fault 650 if (currState->isFetch) 651 return std::make_shared<PrefetchAbort>( 652 currState->vaddr_tainted, 653 ArmFault::TranslationLL + L1, 654 isStage2, 655 ArmFault::LpaeTran); 656 else 657 return std::make_shared<DataAbort>( 658 currState->vaddr_tainted, 659 TlbEntry::DomainType::NoAccess, 660 currState->isWrite, ArmFault::TranslationLL + L1, 661 isStage2, ArmFault::LpaeTran); 662 } 663 664 } 665 666 // Perform lookup (ARM ARM issue C B3.6.6) 667 if (start_lookup_level == L1) { 668 n = 5 - tsz; 669 desc_addr = mbits(ttbr, 39, n) | 670 (bits(currState->vaddr, n + 26, 30) << 3); 671 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 672 desc_addr, currState->isSecure ? "s" : "ns"); 673 } else { 674 // Skip first-level lookup 675 n = (tsz >= 2 ? 14 - tsz : 12); 676 desc_addr = mbits(ttbr, 39, n) | 677 (bits(currState->vaddr, n + 17, 21) << 3); 678 DPRINTF(TLB, " - Descriptor at address %#x (%s) (long-desc.)\n", 679 desc_addr, currState->isSecure ? "s" : "ns"); 680 } 681 682 // Trickbox address check 683 Fault f = testWalk(desc_addr, sizeof(uint64_t), 684 TlbEntry::DomainType::NoAccess, start_lookup_level); 685 if (f) { 686 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 687 if (currState->timing) { 688 pending = false; 689 nextWalk(currState->tc); 690 currState = NULL; 691 } else { 692 currState->tc = NULL; 693 currState->req = NULL; 694 } 695 return f; 696 } 697 698 if (currState->sctlr.c == 0) { 699 flag.set(Request::UNCACHEABLE); 700 } 701 702 currState->longDesc.lookupLevel = start_lookup_level; 703 currState->longDesc.aarch64 = false; 704 currState->longDesc.grainSize = Grain4KB; 705 706 bool delayed = fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data, 707 sizeof(uint64_t), flag, start_lookup_level, 708 LongDescEventByLevel[start_lookup_level], 709 &TableWalker::doLongDescriptor); 710 if (!delayed) { 711 f = currState->fault; 712 } 713 714 return f; 715} 716 717unsigned 718TableWalker::adjustTableSizeAArch64(unsigned tsz) 719{ 720 if (tsz < 25) 721 return 25; 722 if (tsz > 48) 723 return 48; 724 return tsz; 725} 726 727bool 728TableWalker::checkAddrSizeFaultAArch64(Addr addr, int currPhysAddrRange) 729{ 730 return (currPhysAddrRange != MaxPhysAddrRange && 731 bits(addr, MaxPhysAddrRange - 1, currPhysAddrRange)); 732} 733 734Fault 735TableWalker::processWalkAArch64() 736{ 737 assert(currState->aarch64); 738 739 DPRINTF(TLB, "Beginning table walk for address %#llx, TCR: %#llx\n", 740 currState->vaddr_tainted, currState->tcr); 741 742 static const GrainSize GrainMapDefault[] = 743 { Grain4KB, Grain64KB, Grain16KB, ReservedGrain }; 744 static const GrainSize GrainMap_EL1_tg1[] = 745 { ReservedGrain, Grain16KB, Grain4KB, Grain64KB }; 746 747 statWalkWaitTime.sample(curTick() - currState->startTime); 748 749 // Determine TTBR, table size, granule size and phys. address range 750 Addr ttbr = 0; 751 int tsz = 0, ps = 0; 752 GrainSize tg = Grain4KB; // grain size computed from tg* field 753 bool fault = false; 754 755 LookupLevel start_lookup_level = MAX_LOOKUP_LEVELS; 756 757 switch (currState->el) { 758 case EL0: 759 case EL1: 760 if (isStage2) { 761 DPRINTF(TLB, " - Selecting VTTBR0 (AArch64 stage 2)\n"); 762 ttbr = currState->tc->readMiscReg(MISCREG_VTTBR_EL2); 763 tsz = 64 - currState->vtcr.t0sz64; 764 tg = GrainMapDefault[currState->vtcr.tg0]; 765 // ARM DDI 0487A.f D7-2148 766 // The starting level of stage 2 translation depends on 767 // VTCR_EL2.SL0 and VTCR_EL2.TG0 768 LookupLevel __ = MAX_LOOKUP_LEVELS; // invalid level 769 uint8_t sl_tg = (currState->vtcr.sl0 << 2) | currState->vtcr.tg0; 770 static const LookupLevel SLL[] = { 771 L2, L3, L3, __, // sl0 == 0 772 L1, L2, L2, __, // sl0 == 1, etc. 773 L0, L1, L1, __, 774 __, __, __, __ 775 }; 776 start_lookup_level = SLL[sl_tg]; 777 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS, 778 "Cannot discern lookup level from vtcr.{sl0,tg0}"); 779 } else switch (bits(currState->vaddr, 63,48)) { 780 case 0: 781 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 782 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL1); 783 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 784 tg = GrainMapDefault[currState->tcr.tg0]; 785 if (bits(currState->vaddr, 63, tsz) != 0x0 || 786 currState->tcr.epd0) 787 fault = true; 788 break; 789 case 0xffff: 790 DPRINTF(TLB, " - Selecting TTBR1 (AArch64)\n"); 791 ttbr = currState->tc->readMiscReg(MISCREG_TTBR1_EL1); 792 tsz = adjustTableSizeAArch64(64 - currState->tcr.t1sz); 793 tg = GrainMap_EL1_tg1[currState->tcr.tg1]; 794 if (bits(currState->vaddr, 63, tsz) != mask(64-tsz) || 795 currState->tcr.epd1) 796 fault = true; 797 break; 798 default: 799 // top two bytes must be all 0s or all 1s, else invalid addr 800 fault = true; 801 } 802 ps = currState->tcr.ips; 803 break; 804 case EL2: 805 case EL3: 806 switch(bits(currState->vaddr, 63,48)) { 807 case 0: 808 DPRINTF(TLB, " - Selecting TTBR0 (AArch64)\n"); 809 if (currState->el == EL2) 810 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL2); 811 else 812 ttbr = currState->tc->readMiscReg(MISCREG_TTBR0_EL3); 813 tsz = adjustTableSizeAArch64(64 - currState->tcr.t0sz); 814 tg = GrainMapDefault[currState->tcr.tg0]; 815 break; 816 default: 817 // invalid addr if top two bytes are not all 0s 818 fault = true; 819 } 820 ps = currState->tcr.ips; 821 break; 822 } 823 824 if (fault) { 825 Fault f; 826 if (currState->isFetch) 827 f = std::make_shared<PrefetchAbort>( 828 currState->vaddr_tainted, 829 ArmFault::TranslationLL + L0, isStage2, 830 ArmFault::LpaeTran); 831 else 832 f = std::make_shared<DataAbort>( 833 currState->vaddr_tainted, 834 TlbEntry::DomainType::NoAccess, 835 currState->isWrite, 836 ArmFault::TranslationLL + L0, 837 isStage2, ArmFault::LpaeTran); 838 839 if (currState->timing) { 840 pending = false; 841 nextWalk(currState->tc); 842 currState = NULL; 843 } else { 844 currState->tc = NULL; 845 currState->req = NULL; 846 } 847 return f; 848 849 } 850 851 if (tg == ReservedGrain) { 852 warn_once("Reserved granule size requested; gem5's IMPLEMENTATION " 853 "DEFINED behavior takes this to mean 4KB granules\n"); 854 tg = Grain4KB; 855 } 856 857 // Determine starting lookup level 858 // See aarch64/translation/walk in Appendix G: ARMv8 Pseudocode Library 859 // in ARM DDI 0487A. These table values correspond to the cascading tests 860 // to compute the lookup level and are of the form 861 // (grain_size + N*stride), for N = {1, 2, 3}. 862 // A value of 64 will never succeed and a value of 0 will always succeed. 863 if (start_lookup_level == MAX_LOOKUP_LEVELS) { 864 struct GrainMap { 865 GrainSize grain_size; 866 unsigned lookup_level_cutoff[MAX_LOOKUP_LEVELS]; 867 }; 868 static const GrainMap GM[] = { 869 { Grain4KB, { 39, 30, 0, 0 } }, 870 { Grain16KB, { 47, 36, 25, 0 } }, 871 { Grain64KB, { 64, 42, 29, 0 } } 872 }; 873 874 const unsigned *lookup = NULL; // points to a lookup_level_cutoff 875 876 for (unsigned i = 0; i < 3; ++i) { // choose entry of GM[] 877 if (tg == GM[i].grain_size) { 878 lookup = GM[i].lookup_level_cutoff; 879 break; 880 } 881 } 882 assert(lookup); 883 884 for (int L = L0; L != MAX_LOOKUP_LEVELS; ++L) { 885 if (tsz > lookup[L]) { 886 start_lookup_level = (LookupLevel) L; 887 break; 888 } 889 } 890 panic_if(start_lookup_level == MAX_LOOKUP_LEVELS, 891 "Table walker couldn't find lookup level\n"); 892 } 893 894 int stride = tg - 3; 895 896 // Determine table base address 897 int base_addr_lo = 3 + tsz - stride * (3 - start_lookup_level) - tg; 898 Addr base_addr = mbits(ttbr, 47, base_addr_lo); 899 900 // Determine physical address size and raise an Address Size Fault if 901 // necessary 902 int pa_range = decodePhysAddrRange64(ps); 903 // Clamp to lower limit 904 if (pa_range > physAddrRange) 905 currState->physAddrRange = physAddrRange; 906 else 907 currState->physAddrRange = pa_range; 908 if (checkAddrSizeFaultAArch64(base_addr, currState->physAddrRange)) { 909 DPRINTF(TLB, "Address size fault before any lookup\n"); 910 Fault f; 911 if (currState->isFetch) 912 f = std::make_shared<PrefetchAbort>( 913 currState->vaddr_tainted, 914 ArmFault::AddressSizeLL + start_lookup_level, 915 isStage2, 916 ArmFault::LpaeTran); 917 else 918 f = std::make_shared<DataAbort>( 919 currState->vaddr_tainted, 920 TlbEntry::DomainType::NoAccess, 921 currState->isWrite, 922 ArmFault::AddressSizeLL + start_lookup_level, 923 isStage2, 924 ArmFault::LpaeTran); 925 926 927 if (currState->timing) { 928 pending = false; 929 nextWalk(currState->tc); 930 currState = NULL; 931 } else { 932 currState->tc = NULL; 933 currState->req = NULL; 934 } 935 return f; 936 937 } 938 939 // Determine descriptor address 940 Addr desc_addr = base_addr | 941 (bits(currState->vaddr, tsz - 1, 942 stride * (3 - start_lookup_level) + tg) << 3); 943 944 // Trickbox address check 945 Fault f = testWalk(desc_addr, sizeof(uint64_t), 946 TlbEntry::DomainType::NoAccess, start_lookup_level); 947 if (f) { 948 DPRINTF(TLB, "Trickbox check caused fault on %#x\n", currState->vaddr_tainted); 949 if (currState->timing) { 950 pending = false; 951 nextWalk(currState->tc); 952 currState = NULL; 953 } else { 954 currState->tc = NULL; 955 currState->req = NULL; 956 } 957 return f; 958 } 959 960 Request::Flags flag = Request::PT_WALK; 961 if (currState->sctlr.c == 0) { 962 flag.set(Request::UNCACHEABLE); 963 } 964 965 if (currState->isSecure) { 966 flag.set(Request::SECURE); 967 } 968 969 currState->longDesc.lookupLevel = start_lookup_level; 970 currState->longDesc.aarch64 = true; 971 currState->longDesc.grainSize = tg; 972 973 if (currState->timing) { 974 fetchDescriptor(desc_addr, (uint8_t*) &currState->longDesc.data, 975 sizeof(uint64_t), flag, start_lookup_level, 976 LongDescEventByLevel[start_lookup_level], NULL); 977 } else { 978 fetchDescriptor(desc_addr, (uint8_t*)&currState->longDesc.data, 979 sizeof(uint64_t), flag, -1, NULL, 980 &TableWalker::doLongDescriptor); 981 f = currState->fault; 982 } 983 984 return f; 985} 986 987void 988TableWalker::memAttrs(ThreadContext *tc, TlbEntry &te, SCTLR sctlr, 989 uint8_t texcb, bool s) 990{ 991 // Note: tc and sctlr local variables are hiding tc and sctrl class 992 // variables 993 DPRINTF(TLBVerbose, "memAttrs texcb:%d s:%d\n", texcb, s); 994 te.shareable = false; // default value 995 te.nonCacheable = false; 996 te.outerShareable = false; 997 if (sctlr.tre == 0 || ((sctlr.tre == 1) && (sctlr.m == 0))) { 998 switch(texcb) { 999 case 0: // Stongly-ordered 1000 te.nonCacheable = true; 1001 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1002 te.shareable = true; 1003 te.innerAttrs = 1; 1004 te.outerAttrs = 0; 1005 break; 1006 case 1: // Shareable Device 1007 te.nonCacheable = true; 1008 te.mtype = TlbEntry::MemoryType::Device; 1009 te.shareable = true; 1010 te.innerAttrs = 3; 1011 te.outerAttrs = 0; 1012 break; 1013 case 2: // Outer and Inner Write-Through, no Write-Allocate 1014 te.mtype = TlbEntry::MemoryType::Normal; 1015 te.shareable = s; 1016 te.innerAttrs = 6; 1017 te.outerAttrs = bits(texcb, 1, 0); 1018 break; 1019 case 3: // Outer and Inner Write-Back, no Write-Allocate 1020 te.mtype = TlbEntry::MemoryType::Normal; 1021 te.shareable = s; 1022 te.innerAttrs = 7; 1023 te.outerAttrs = bits(texcb, 1, 0); 1024 break; 1025 case 4: // Outer and Inner Non-cacheable 1026 te.nonCacheable = true; 1027 te.mtype = TlbEntry::MemoryType::Normal; 1028 te.shareable = s; 1029 te.innerAttrs = 0; 1030 te.outerAttrs = bits(texcb, 1, 0); 1031 break; 1032 case 5: // Reserved 1033 panic("Reserved texcb value!\n"); 1034 break; 1035 case 6: // Implementation Defined 1036 panic("Implementation-defined texcb value!\n"); 1037 break; 1038 case 7: // Outer and Inner Write-Back, Write-Allocate 1039 te.mtype = TlbEntry::MemoryType::Normal; 1040 te.shareable = s; 1041 te.innerAttrs = 5; 1042 te.outerAttrs = 1; 1043 break; 1044 case 8: // Non-shareable Device 1045 te.nonCacheable = true; 1046 te.mtype = TlbEntry::MemoryType::Device; 1047 te.shareable = false; 1048 te.innerAttrs = 3; 1049 te.outerAttrs = 0; 1050 break; 1051 case 9 ... 15: // Reserved 1052 panic("Reserved texcb value!\n"); 1053 break; 1054 case 16 ... 31: // Cacheable Memory 1055 te.mtype = TlbEntry::MemoryType::Normal; 1056 te.shareable = s; 1057 if (bits(texcb, 1,0) == 0 || bits(texcb, 3,2) == 0) 1058 te.nonCacheable = true; 1059 te.innerAttrs = bits(texcb, 1, 0); 1060 te.outerAttrs = bits(texcb, 3, 2); 1061 break; 1062 default: 1063 panic("More than 32 states for 5 bits?\n"); 1064 } 1065 } else { 1066 assert(tc); 1067 PRRR prrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_PRRR, 1068 currState->tc, !currState->isSecure)); 1069 NMRR nmrr = tc->readMiscReg(flattenMiscRegNsBanked(MISCREG_NMRR, 1070 currState->tc, !currState->isSecure)); 1071 DPRINTF(TLBVerbose, "memAttrs PRRR:%08x NMRR:%08x\n", prrr, nmrr); 1072 uint8_t curr_tr = 0, curr_ir = 0, curr_or = 0; 1073 switch(bits(texcb, 2,0)) { 1074 case 0: 1075 curr_tr = prrr.tr0; 1076 curr_ir = nmrr.ir0; 1077 curr_or = nmrr.or0; 1078 te.outerShareable = (prrr.nos0 == 0); 1079 break; 1080 case 1: 1081 curr_tr = prrr.tr1; 1082 curr_ir = nmrr.ir1; 1083 curr_or = nmrr.or1; 1084 te.outerShareable = (prrr.nos1 == 0); 1085 break; 1086 case 2: 1087 curr_tr = prrr.tr2; 1088 curr_ir = nmrr.ir2; 1089 curr_or = nmrr.or2; 1090 te.outerShareable = (prrr.nos2 == 0); 1091 break; 1092 case 3: 1093 curr_tr = prrr.tr3; 1094 curr_ir = nmrr.ir3; 1095 curr_or = nmrr.or3; 1096 te.outerShareable = (prrr.nos3 == 0); 1097 break; 1098 case 4: 1099 curr_tr = prrr.tr4; 1100 curr_ir = nmrr.ir4; 1101 curr_or = nmrr.or4; 1102 te.outerShareable = (prrr.nos4 == 0); 1103 break; 1104 case 5: 1105 curr_tr = prrr.tr5; 1106 curr_ir = nmrr.ir5; 1107 curr_or = nmrr.or5; 1108 te.outerShareable = (prrr.nos5 == 0); 1109 break; 1110 case 6: 1111 panic("Imp defined type\n"); 1112 case 7: 1113 curr_tr = prrr.tr7; 1114 curr_ir = nmrr.ir7; 1115 curr_or = nmrr.or7; 1116 te.outerShareable = (prrr.nos7 == 0); 1117 break; 1118 } 1119 1120 switch(curr_tr) { 1121 case 0: 1122 DPRINTF(TLBVerbose, "StronglyOrdered\n"); 1123 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1124 te.nonCacheable = true; 1125 te.innerAttrs = 1; 1126 te.outerAttrs = 0; 1127 te.shareable = true; 1128 break; 1129 case 1: 1130 DPRINTF(TLBVerbose, "Device ds1:%d ds0:%d s:%d\n", 1131 prrr.ds1, prrr.ds0, s); 1132 te.mtype = TlbEntry::MemoryType::Device; 1133 te.nonCacheable = true; 1134 te.innerAttrs = 3; 1135 te.outerAttrs = 0; 1136 if (prrr.ds1 && s) 1137 te.shareable = true; 1138 if (prrr.ds0 && !s) 1139 te.shareable = true; 1140 break; 1141 case 2: 1142 DPRINTF(TLBVerbose, "Normal ns1:%d ns0:%d s:%d\n", 1143 prrr.ns1, prrr.ns0, s); 1144 te.mtype = TlbEntry::MemoryType::Normal; 1145 if (prrr.ns1 && s) 1146 te.shareable = true; 1147 if (prrr.ns0 && !s) 1148 te.shareable = true; 1149 break; 1150 case 3: 1151 panic("Reserved type"); 1152 } 1153 1154 if (te.mtype == TlbEntry::MemoryType::Normal){ 1155 switch(curr_ir) { 1156 case 0: 1157 te.nonCacheable = true; 1158 te.innerAttrs = 0; 1159 break; 1160 case 1: 1161 te.innerAttrs = 5; 1162 break; 1163 case 2: 1164 te.innerAttrs = 6; 1165 break; 1166 case 3: 1167 te.innerAttrs = 7; 1168 break; 1169 } 1170 1171 switch(curr_or) { 1172 case 0: 1173 te.nonCacheable = true; 1174 te.outerAttrs = 0; 1175 break; 1176 case 1: 1177 te.outerAttrs = 1; 1178 break; 1179 case 2: 1180 te.outerAttrs = 2; 1181 break; 1182 case 3: 1183 te.outerAttrs = 3; 1184 break; 1185 } 1186 } 1187 } 1188 DPRINTF(TLBVerbose, "memAttrs: shareable: %d, innerAttrs: %d, " 1189 "outerAttrs: %d\n", 1190 te.shareable, te.innerAttrs, te.outerAttrs); 1191 te.setAttributes(false); 1192} 1193 1194void 1195TableWalker::memAttrsLPAE(ThreadContext *tc, TlbEntry &te, 1196 LongDescriptor &lDescriptor) 1197{ 1198 assert(_haveLPAE); 1199 1200 uint8_t attr; 1201 uint8_t sh = lDescriptor.sh(); 1202 // Different format and source of attributes if this is a stage 2 1203 // translation 1204 if (isStage2) { 1205 attr = lDescriptor.memAttr(); 1206 uint8_t attr_3_2 = (attr >> 2) & 0x3; 1207 uint8_t attr_1_0 = attr & 0x3; 1208 1209 DPRINTF(TLBVerbose, "memAttrsLPAE MemAttr:%#x sh:%#x\n", attr, sh); 1210 1211 if (attr_3_2 == 0) { 1212 te.mtype = attr_1_0 == 0 ? TlbEntry::MemoryType::StronglyOrdered 1213 : TlbEntry::MemoryType::Device; 1214 te.outerAttrs = 0; 1215 te.innerAttrs = attr_1_0 == 0 ? 1 : 3; 1216 te.nonCacheable = true; 1217 } else { 1218 te.mtype = TlbEntry::MemoryType::Normal; 1219 te.outerAttrs = attr_3_2 == 1 ? 0 : 1220 attr_3_2 == 2 ? 2 : 1; 1221 te.innerAttrs = attr_1_0 == 1 ? 0 : 1222 attr_1_0 == 2 ? 6 : 5; 1223 te.nonCacheable = (attr_3_2 == 1) || (attr_1_0 == 1); 1224 } 1225 } else { 1226 uint8_t attrIndx = lDescriptor.attrIndx(); 1227 1228 // LPAE always uses remapping of memory attributes, irrespective of the 1229 // value of SCTLR.TRE 1230 MiscRegIndex reg = attrIndx & 0x4 ? MISCREG_MAIR1 : MISCREG_MAIR0; 1231 int reg_as_int = flattenMiscRegNsBanked(reg, currState->tc, 1232 !currState->isSecure); 1233 uint32_t mair = currState->tc->readMiscReg(reg_as_int); 1234 attr = (mair >> (8 * (attrIndx % 4))) & 0xff; 1235 uint8_t attr_7_4 = bits(attr, 7, 4); 1236 uint8_t attr_3_0 = bits(attr, 3, 0); 1237 DPRINTF(TLBVerbose, "memAttrsLPAE AttrIndx:%#x sh:%#x, attr %#x\n", attrIndx, sh, attr); 1238 1239 // Note: the memory subsystem only cares about the 'cacheable' memory 1240 // attribute. The other attributes are only used to fill the PAR register 1241 // accordingly to provide the illusion of full support 1242 te.nonCacheable = false; 1243 1244 switch (attr_7_4) { 1245 case 0x0: 1246 // Strongly-ordered or Device memory 1247 if (attr_3_0 == 0x0) 1248 te.mtype = TlbEntry::MemoryType::StronglyOrdered; 1249 else if (attr_3_0 == 0x4) 1250 te.mtype = TlbEntry::MemoryType::Device; 1251 else 1252 panic("Unpredictable behavior\n"); 1253 te.nonCacheable = true; 1254 te.outerAttrs = 0; 1255 break; 1256 case 0x4: 1257 // Normal memory, Outer Non-cacheable 1258 te.mtype = TlbEntry::MemoryType::Normal; 1259 te.outerAttrs = 0; 1260 if (attr_3_0 == 0x4) 1261 // Inner Non-cacheable 1262 te.nonCacheable = true; 1263 else if (attr_3_0 < 0x8) 1264 panic("Unpredictable behavior\n"); 1265 break; 1266 case 0x8: 1267 case 0x9: 1268 case 0xa: 1269 case 0xb: 1270 case 0xc: 1271 case 0xd: 1272 case 0xe: 1273 case 0xf: 1274 if (attr_7_4 & 0x4) { 1275 te.outerAttrs = (attr_7_4 & 1) ? 1 : 3; 1276 } else { 1277 te.outerAttrs = 0x2; 1278 } 1279 // Normal memory, Outer Cacheable 1280 te.mtype = TlbEntry::MemoryType::Normal; 1281 if (attr_3_0 != 0x4 && attr_3_0 < 0x8) 1282 panic("Unpredictable behavior\n"); 1283 break; 1284 default: 1285 panic("Unpredictable behavior\n"); 1286 break; 1287 } 1288 1289 switch (attr_3_0) { 1290 case 0x0: 1291 te.innerAttrs = 0x1; 1292 break; 1293 case 0x4: 1294 te.innerAttrs = attr_7_4 == 0 ? 0x3 : 0; 1295 break; 1296 case 0x8: 1297 case 0x9: 1298 case 0xA: 1299 case 0xB: 1300 te.innerAttrs = 6; 1301 break; 1302 case 0xC: 1303 case 0xD: 1304 case 0xE: 1305 case 0xF: 1306 te.innerAttrs = attr_3_0 & 1 ? 0x5 : 0x7; 1307 break; 1308 default: 1309 panic("Unpredictable behavior\n"); 1310 break; 1311 } 1312 } 1313 1314 te.outerShareable = sh == 2; 1315 te.shareable = (sh & 0x2) ? true : false; 1316 te.setAttributes(true); 1317 te.attributes |= (uint64_t) attr << 56; 1318} 1319 1320void 1321TableWalker::memAttrsAArch64(ThreadContext *tc, TlbEntry &te, 1322 LongDescriptor &lDescriptor) 1323{ 1324 uint8_t attr; 1325 uint8_t attr_hi; 1326 uint8_t attr_lo; 1327 uint8_t sh = lDescriptor.sh(); 1328 1329 if (isStage2) { 1330 attr = lDescriptor.memAttr(); 1331 uint8_t attr_hi = (attr >> 2) & 0x3; 1332 uint8_t attr_lo = attr & 0x3; 1333 1334 DPRINTF(TLBVerbose, "memAttrsAArch64 MemAttr:%#x sh:%#x\n", attr, sh); 1335 1336 if (attr_hi == 0) { 1337 te.mtype = attr_lo == 0 ? TlbEntry::MemoryType::StronglyOrdered 1338 : TlbEntry::MemoryType::Device; 1339 te.outerAttrs = 0; 1340 te.innerAttrs = attr_lo == 0 ? 1 : 3; 1341 te.nonCacheable = true; 1342 } else { 1343 te.mtype = TlbEntry::MemoryType::Normal; 1344 te.outerAttrs = attr_hi == 1 ? 0 : 1345 attr_hi == 2 ? 2 : 1; 1346 te.innerAttrs = attr_lo == 1 ? 0 : 1347 attr_lo == 2 ? 6 : 5; 1348 // Treat write-through memory as uncacheable, this is safe 1349 // but for performance reasons not optimal. 1350 te.nonCacheable = (attr_hi == 1) || (attr_hi == 2) || 1351 (attr_lo == 1) || (attr_lo == 2); 1352 } 1353 } else { 1354 uint8_t attrIndx = lDescriptor.attrIndx(); 1355 1356 DPRINTF(TLBVerbose, "memAttrsAArch64 AttrIndx:%#x sh:%#x\n", attrIndx, sh); 1357 1358 // Select MAIR 1359 uint64_t mair; 1360 switch (currState->el) { 1361 case EL0: 1362 case EL1: 1363 mair = tc->readMiscReg(MISCREG_MAIR_EL1); 1364 break; 1365 case EL2: 1366 mair = tc->readMiscReg(MISCREG_MAIR_EL2); 1367 break; 1368 case EL3: 1369 mair = tc->readMiscReg(MISCREG_MAIR_EL3); 1370 break; 1371 default: 1372 panic("Invalid exception level"); 1373 break; 1374 } 1375 1376 // Select attributes 1377 attr = bits(mair, 8 * attrIndx + 7, 8 * attrIndx); 1378 attr_lo = bits(attr, 3, 0); 1379 attr_hi = bits(attr, 7, 4); 1380 1381 // Memory type 1382 te.mtype = attr_hi == 0 ? TlbEntry::MemoryType::Device : TlbEntry::MemoryType::Normal; 1383 1384 // Cacheability 1385 te.nonCacheable = false; 1386 if (te.mtype == TlbEntry::MemoryType::Device) { // Device memory 1387 te.nonCacheable = true; 1388 } 1389 // Treat write-through memory as uncacheable, this is safe 1390 // but for performance reasons not optimal. 1391 switch (attr_hi) { 1392 case 0x1 ... 0x3: // Normal Memory, Outer Write-through transient 1393 case 0x4: // Normal memory, Outer Non-cacheable 1394 case 0x8 ... 0xb: // Normal Memory, Outer Write-through non-transient 1395 te.nonCacheable = true; 1396 } 1397 switch (attr_lo) { 1398 case 0x1 ... 0x3: // Normal Memory, Inner Write-through transient 1399 case 0x9 ... 0xb: // Normal Memory, Inner Write-through non-transient 1400 warn_if(!attr_hi, "Unpredictable behavior"); 1401 case 0x4: // Device-nGnRE memory or 1402 // Normal memory, Inner Non-cacheable 1403 case 0x8: // Device-nGRE memory or 1404 // Normal memory, Inner Write-through non-transient 1405 te.nonCacheable = true; 1406 } 1407 1408 te.shareable = sh == 2; 1409 te.outerShareable = (sh & 0x2) ? true : false; 1410 // Attributes formatted according to the 64-bit PAR 1411 te.attributes = ((uint64_t) attr << 56) | 1412 (1 << 11) | // LPAE bit 1413 (te.ns << 9) | // NS bit 1414 (sh << 7); 1415 } 1416} 1417 1418void 1419TableWalker::doL1Descriptor() 1420{ 1421 if (currState->fault != NoFault) { 1422 return; 1423 } 1424 1425 DPRINTF(TLB, "L1 descriptor for %#x is %#x\n", 1426 currState->vaddr_tainted, currState->l1Desc.data); 1427 TlbEntry te; 1428 1429 switch (currState->l1Desc.type()) { 1430 case L1Descriptor::Ignore: 1431 case L1Descriptor::Reserved: 1432 if (!currState->timing) { 1433 currState->tc = NULL; 1434 currState->req = NULL; 1435 } 1436 DPRINTF(TLB, "L1 Descriptor Reserved/Ignore, causing fault\n"); 1437 if (currState->isFetch) 1438 currState->fault = 1439 std::make_shared<PrefetchAbort>( 1440 currState->vaddr_tainted, 1441 ArmFault::TranslationLL + L1, 1442 isStage2, 1443 ArmFault::VmsaTran); 1444 else 1445 currState->fault = 1446 std::make_shared<DataAbort>( 1447 currState->vaddr_tainted, 1448 TlbEntry::DomainType::NoAccess, 1449 currState->isWrite, 1450 ArmFault::TranslationLL + L1, isStage2, 1451 ArmFault::VmsaTran); 1452 return; 1453 case L1Descriptor::Section: 1454 if (currState->sctlr.afe && bits(currState->l1Desc.ap(), 0) == 0) { 1455 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is 1456 * enabled if set, do l1.Desc.setAp0() instead of generating 1457 * AccessFlag0 1458 */ 1459 1460 currState->fault = std::make_shared<DataAbort>( 1461 currState->vaddr_tainted, 1462 currState->l1Desc.domain(), 1463 currState->isWrite, 1464 ArmFault::AccessFlagLL + L1, 1465 isStage2, 1466 ArmFault::VmsaTran); 1467 } 1468 if (currState->l1Desc.supersection()) { 1469 panic("Haven't implemented supersections\n"); 1470 } 1471 insertTableEntry(currState->l1Desc, false); 1472 return; 1473 case L1Descriptor::PageTable: 1474 { 1475 Addr l2desc_addr; 1476 l2desc_addr = currState->l1Desc.l2Addr() | 1477 (bits(currState->vaddr, 19, 12) << 2); 1478 DPRINTF(TLB, "L1 descriptor points to page table at: %#x (%s)\n", 1479 l2desc_addr, currState->isSecure ? "s" : "ns"); 1480 1481 // Trickbox address check 1482 currState->fault = testWalk(l2desc_addr, sizeof(uint32_t), 1483 currState->l1Desc.domain(), L2); 1484 1485 if (currState->fault) { 1486 if (!currState->timing) { 1487 currState->tc = NULL; 1488 currState->req = NULL; 1489 } 1490 return; 1491 } 1492 1493 Request::Flags flag = Request::PT_WALK; 1494 if (currState->isSecure) 1495 flag.set(Request::SECURE); 1496 1497 bool delayed; 1498 delayed = fetchDescriptor(l2desc_addr, 1499 (uint8_t*)&currState->l2Desc.data, 1500 sizeof(uint32_t), flag, -1, &doL2DescEvent, 1501 &TableWalker::doL2Descriptor); 1502 if (delayed) { 1503 currState->delayed = true; 1504 } 1505 1506 return; 1507 } 1508 default: 1509 panic("A new type in a 2 bit field?\n"); 1510 } 1511} 1512 1513void 1514TableWalker::doLongDescriptor() 1515{ 1516 if (currState->fault != NoFault) { 1517 return; 1518 } 1519 1520 DPRINTF(TLB, "L%d descriptor for %#llx is %#llx (%s)\n", 1521 currState->longDesc.lookupLevel, currState->vaddr_tainted, 1522 currState->longDesc.data, 1523 currState->aarch64 ? "AArch64" : "long-desc."); 1524 1525 if ((currState->longDesc.type() == LongDescriptor::Block) || 1526 (currState->longDesc.type() == LongDescriptor::Page)) { 1527 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, pxn: %d, " 1528 "xn: %d, ap: %d, af: %d, type: %d\n", 1529 currState->longDesc.lookupLevel, 1530 currState->longDesc.data, 1531 currState->longDesc.pxn(), 1532 currState->longDesc.xn(), 1533 currState->longDesc.ap(), 1534 currState->longDesc.af(), 1535 currState->longDesc.type()); 1536 } else { 1537 DPRINTF(TLBVerbose, "Analyzing L%d descriptor: %#llx, type: %d\n", 1538 currState->longDesc.lookupLevel, 1539 currState->longDesc.data, 1540 currState->longDesc.type()); 1541 } 1542 1543 TlbEntry te; 1544 1545 switch (currState->longDesc.type()) { 1546 case LongDescriptor::Invalid: 1547 if (!currState->timing) { 1548 currState->tc = NULL; 1549 currState->req = NULL; 1550 } 1551 1552 DPRINTF(TLB, "L%d descriptor Invalid, causing fault type %d\n", 1553 currState->longDesc.lookupLevel, 1554 ArmFault::TranslationLL + currState->longDesc.lookupLevel); 1555 if (currState->isFetch) 1556 currState->fault = std::make_shared<PrefetchAbort>( 1557 currState->vaddr_tainted, 1558 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1559 isStage2, 1560 ArmFault::LpaeTran); 1561 else 1562 currState->fault = std::make_shared<DataAbort>( 1563 currState->vaddr_tainted, 1564 TlbEntry::DomainType::NoAccess, 1565 currState->isWrite, 1566 ArmFault::TranslationLL + currState->longDesc.lookupLevel, 1567 isStage2, 1568 ArmFault::LpaeTran); 1569 return; 1570 case LongDescriptor::Block: 1571 case LongDescriptor::Page: 1572 { 1573 bool fault = false; 1574 bool aff = false; 1575 // Check for address size fault 1576 if (checkAddrSizeFaultAArch64( 1577 mbits(currState->longDesc.data, MaxPhysAddrRange - 1, 1578 currState->longDesc.offsetBits()), 1579 currState->physAddrRange)) { 1580 fault = true; 1581 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1582 currState->longDesc.lookupLevel); 1583 // Check for access fault 1584 } else if (currState->longDesc.af() == 0) { 1585 fault = true; 1586 DPRINTF(TLB, "L%d descriptor causing Access Fault\n", 1587 currState->longDesc.lookupLevel); 1588 aff = true; 1589 } 1590 if (fault) { 1591 if (currState->isFetch) 1592 currState->fault = std::make_shared<PrefetchAbort>( 1593 currState->vaddr_tainted, 1594 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1595 currState->longDesc.lookupLevel, 1596 isStage2, 1597 ArmFault::LpaeTran); 1598 else 1599 currState->fault = std::make_shared<DataAbort>( 1600 currState->vaddr_tainted, 1601 TlbEntry::DomainType::NoAccess, currState->isWrite, 1602 (aff ? ArmFault::AccessFlagLL : ArmFault::AddressSizeLL) + 1603 currState->longDesc.lookupLevel, 1604 isStage2, 1605 ArmFault::LpaeTran); 1606 } else { 1607 insertTableEntry(currState->longDesc, true); 1608 } 1609 } 1610 return; 1611 case LongDescriptor::Table: 1612 { 1613 // Set hierarchical permission flags 1614 currState->secureLookup = currState->secureLookup && 1615 currState->longDesc.secureTable(); 1616 currState->rwTable = currState->rwTable && 1617 currState->longDesc.rwTable(); 1618 currState->userTable = currState->userTable && 1619 currState->longDesc.userTable(); 1620 currState->xnTable = currState->xnTable || 1621 currState->longDesc.xnTable(); 1622 currState->pxnTable = currState->pxnTable || 1623 currState->longDesc.pxnTable(); 1624 1625 // Set up next level lookup 1626 Addr next_desc_addr = currState->longDesc.nextDescAddr( 1627 currState->vaddr); 1628 1629 DPRINTF(TLB, "L%d descriptor points to L%d descriptor at: %#x (%s)\n", 1630 currState->longDesc.lookupLevel, 1631 currState->longDesc.lookupLevel + 1, 1632 next_desc_addr, 1633 currState->secureLookup ? "s" : "ns"); 1634 1635 // Check for address size fault 1636 if (currState->aarch64 && checkAddrSizeFaultAArch64( 1637 next_desc_addr, currState->physAddrRange)) { 1638 DPRINTF(TLB, "L%d descriptor causing Address Size Fault\n", 1639 currState->longDesc.lookupLevel); 1640 if (currState->isFetch) 1641 currState->fault = std::make_shared<PrefetchAbort>( 1642 currState->vaddr_tainted, 1643 ArmFault::AddressSizeLL 1644 + currState->longDesc.lookupLevel, 1645 isStage2, 1646 ArmFault::LpaeTran); 1647 else 1648 currState->fault = std::make_shared<DataAbort>( 1649 currState->vaddr_tainted, 1650 TlbEntry::DomainType::NoAccess, currState->isWrite, 1651 ArmFault::AddressSizeLL 1652 + currState->longDesc.lookupLevel, 1653 isStage2, 1654 ArmFault::LpaeTran); 1655 return; 1656 } 1657 1658 // Trickbox address check 1659 currState->fault = testWalk( 1660 next_desc_addr, sizeof(uint64_t), TlbEntry::DomainType::Client, 1661 toLookupLevel(currState->longDesc.lookupLevel +1)); 1662 1663 if (currState->fault) { 1664 if (!currState->timing) { 1665 currState->tc = NULL; 1666 currState->req = NULL; 1667 } 1668 return; 1669 } 1670 1671 Request::Flags flag = Request::PT_WALK; 1672 if (currState->secureLookup) 1673 flag.set(Request::SECURE); 1674 1675 LookupLevel L = currState->longDesc.lookupLevel = 1676 (LookupLevel) (currState->longDesc.lookupLevel + 1); 1677 Event *event = NULL; 1678 switch (L) { 1679 case L1: 1680 assert(currState->aarch64); 1681 case L2: 1682 case L3: 1683 event = LongDescEventByLevel[L]; 1684 break; 1685 default: 1686 panic("Wrong lookup level in table walk\n"); 1687 break; 1688 } 1689 1690 bool delayed; 1691 delayed = fetchDescriptor(next_desc_addr, (uint8_t*)&currState->longDesc.data, 1692 sizeof(uint64_t), flag, -1, event, 1693 &TableWalker::doLongDescriptor); 1694 if (delayed) { 1695 currState->delayed = true; 1696 } 1697 } 1698 return; 1699 default: 1700 panic("A new type in a 2 bit field?\n"); 1701 } 1702} 1703 1704void 1705TableWalker::doL2Descriptor() 1706{ 1707 if (currState->fault != NoFault) { 1708 return; 1709 } 1710 1711 DPRINTF(TLB, "L2 descriptor for %#x is %#x\n", 1712 currState->vaddr_tainted, currState->l2Desc.data); 1713 TlbEntry te; 1714 1715 if (currState->l2Desc.invalid()) { 1716 DPRINTF(TLB, "L2 descriptor invalid, causing fault\n"); 1717 if (!currState->timing) { 1718 currState->tc = NULL; 1719 currState->req = NULL; 1720 } 1721 if (currState->isFetch) 1722 currState->fault = std::make_shared<PrefetchAbort>( 1723 currState->vaddr_tainted, 1724 ArmFault::TranslationLL + L2, 1725 isStage2, 1726 ArmFault::VmsaTran); 1727 else 1728 currState->fault = std::make_shared<DataAbort>( 1729 currState->vaddr_tainted, currState->l1Desc.domain(), 1730 currState->isWrite, ArmFault::TranslationLL + L2, 1731 isStage2, 1732 ArmFault::VmsaTran); 1733 return; 1734 } 1735 1736 if (currState->sctlr.afe && bits(currState->l2Desc.ap(), 0) == 0) { 1737 /** @todo: check sctlr.ha (bit[17]) if Hardware Access Flag is enabled 1738 * if set, do l2.Desc.setAp0() instead of generating AccessFlag0 1739 */ 1740 DPRINTF(TLB, "Generating access fault at L2, afe: %d, ap: %d\n", 1741 currState->sctlr.afe, currState->l2Desc.ap()); 1742 1743 currState->fault = std::make_shared<DataAbort>( 1744 currState->vaddr_tainted, 1745 TlbEntry::DomainType::NoAccess, currState->isWrite, 1746 ArmFault::AccessFlagLL + L2, isStage2, 1747 ArmFault::VmsaTran); 1748 } 1749 1750 insertTableEntry(currState->l2Desc, false); 1751} 1752 1753void 1754TableWalker::doL1DescriptorWrapper() 1755{ 1756 currState = stateQueues[L1].front(); 1757 currState->delayed = false; 1758 // if there's a stage2 translation object we don't need it any more 1759 if (currState->stage2Tran) { 1760 delete currState->stage2Tran; 1761 currState->stage2Tran = NULL; 1762 } 1763 1764 1765 DPRINTF(TLBVerbose, "L1 Desc object host addr: %p\n",&currState->l1Desc.data); 1766 DPRINTF(TLBVerbose, "L1 Desc object data: %08x\n",currState->l1Desc.data); 1767 1768 DPRINTF(TLBVerbose, "calling doL1Descriptor for vaddr:%#x\n", currState->vaddr_tainted); 1769 doL1Descriptor(); 1770 1771 stateQueues[L1].pop_front(); 1772 // Check if fault was generated 1773 if (currState->fault != NoFault) { 1774 currState->transState->finish(currState->fault, currState->req, 1775 currState->tc, currState->mode); 1776 statWalksShortTerminatedAtLevel[0]++; 1777 1778 pending = false; 1779 nextWalk(currState->tc); 1780 1781 currState->req = NULL; 1782 currState->tc = NULL; 1783 currState->delayed = false; 1784 delete currState; 1785 } 1786 else if (!currState->delayed) { 1787 // delay is not set so there is no L2 to do 1788 // Don't finish the translation if a stage 2 look up is underway 1789 if (!currState->doingStage2) { 1790 statWalkServiceTime.sample(curTick() - currState->startTime); 1791 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1792 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1793 currState->transState, currState->mode); 1794 statWalksShortTerminatedAtLevel[0]++; 1795 } 1796 1797 pending = false; 1798 nextWalk(currState->tc); 1799 1800 currState->req = NULL; 1801 currState->tc = NULL; 1802 currState->delayed = false; 1803 delete currState; 1804 } else { 1805 // need to do L2 descriptor 1806 stateQueues[L2].push_back(currState); 1807 } 1808 currState = NULL; 1809} 1810 1811void 1812TableWalker::doL2DescriptorWrapper() 1813{ 1814 currState = stateQueues[L2].front(); 1815 assert(currState->delayed); 1816 // if there's a stage2 translation object we don't need it any more 1817 if (currState->stage2Tran) { 1818 delete currState->stage2Tran; 1819 currState->stage2Tran = NULL; 1820 } 1821 1822 DPRINTF(TLBVerbose, "calling doL2Descriptor for vaddr:%#x\n", 1823 currState->vaddr_tainted); 1824 doL2Descriptor(); 1825 1826 // Check if fault was generated 1827 if (currState->fault != NoFault) { 1828 currState->transState->finish(currState->fault, currState->req, 1829 currState->tc, currState->mode); 1830 statWalksShortTerminatedAtLevel[1]++; 1831 } 1832 else { 1833 // Don't finish the translation if a stage 2 look up is underway 1834 if (!currState->doingStage2) { 1835 statWalkServiceTime.sample(curTick() - currState->startTime); 1836 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1837 currState->fault = tlb->translateTiming(currState->req, 1838 currState->tc, currState->transState, currState->mode); 1839 statWalksShortTerminatedAtLevel[1]++; 1840 } 1841 } 1842 1843 1844 stateQueues[L2].pop_front(); 1845 pending = false; 1846 nextWalk(currState->tc); 1847 1848 currState->req = NULL; 1849 currState->tc = NULL; 1850 currState->delayed = false; 1851 1852 delete currState; 1853 currState = NULL; 1854} 1855 1856void 1857TableWalker::doL0LongDescriptorWrapper() 1858{ 1859 doLongDescriptorWrapper(L0); 1860} 1861 1862void 1863TableWalker::doL1LongDescriptorWrapper() 1864{ 1865 doLongDescriptorWrapper(L1); 1866} 1867 1868void 1869TableWalker::doL2LongDescriptorWrapper() 1870{ 1871 doLongDescriptorWrapper(L2); 1872} 1873 1874void 1875TableWalker::doL3LongDescriptorWrapper() 1876{ 1877 doLongDescriptorWrapper(L3); 1878} 1879 1880void 1881TableWalker::doLongDescriptorWrapper(LookupLevel curr_lookup_level) 1882{ 1883 currState = stateQueues[curr_lookup_level].front(); 1884 assert(curr_lookup_level == currState->longDesc.lookupLevel); 1885 currState->delayed = false; 1886 1887 // if there's a stage2 translation object we don't need it any more 1888 if (currState->stage2Tran) { 1889 delete currState->stage2Tran; 1890 currState->stage2Tran = NULL; 1891 } 1892 1893 DPRINTF(TLBVerbose, "calling doLongDescriptor for vaddr:%#x\n", 1894 currState->vaddr_tainted); 1895 doLongDescriptor(); 1896 1897 stateQueues[curr_lookup_level].pop_front(); 1898 1899 if (currState->fault != NoFault) { 1900 // A fault was generated 1901 currState->transState->finish(currState->fault, currState->req, 1902 currState->tc, currState->mode); 1903 1904 pending = false; 1905 nextWalk(currState->tc); 1906 1907 currState->req = NULL; 1908 currState->tc = NULL; 1909 currState->delayed = false; 1910 delete currState; 1911 } else if (!currState->delayed) { 1912 // No additional lookups required 1913 // Don't finish the translation if a stage 2 look up is underway 1914 if (!currState->doingStage2) { 1915 DPRINTF(TLBVerbose, "calling translateTiming again\n"); 1916 statWalkServiceTime.sample(curTick() - currState->startTime); 1917 currState->fault = tlb->translateTiming(currState->req, currState->tc, 1918 currState->transState, 1919 currState->mode); 1920 statWalksLongTerminatedAtLevel[(unsigned) curr_lookup_level]++; 1921 } 1922 1923 pending = false; 1924 nextWalk(currState->tc); 1925 1926 currState->req = NULL; 1927 currState->tc = NULL; 1928 currState->delayed = false; 1929 delete currState; 1930 } else { 1931 if (curr_lookup_level >= MAX_LOOKUP_LEVELS - 1) 1932 panic("Max. number of lookups already reached in table walk\n"); 1933 // Need to perform additional lookups 1934 stateQueues[currState->longDesc.lookupLevel].push_back(currState); 1935 } 1936 currState = NULL; 1937} 1938 1939 1940void 1941TableWalker::nextWalk(ThreadContext *tc) 1942{ 1943 if (pendingQueue.size()) 1944 schedule(doProcessEvent, clockEdge(Cycles(1))); 1945 else 1946 completeDrain(); 1947} 1948 1949bool 1950TableWalker::fetchDescriptor(Addr descAddr, uint8_t *data, int numBytes, 1951 Request::Flags flags, int queueIndex, Event *event, 1952 void (TableWalker::*doDescriptor)()) 1953{ 1954 bool isTiming = currState->timing; 1955 1956 DPRINTF(TLBVerbose, "Fetching descriptor at address: 0x%x stage2Req: %d\n", 1957 descAddr, currState->stage2Req); 1958 1959 // If this translation has a stage 2 then we know descAddr is an IPA and 1960 // needs to be translated before we can access the page table. Do that 1961 // check here. 1962 if (currState->stage2Req) { 1963 Fault fault; 1964 flags = flags | TLB::MustBeOne; 1965 1966 if (isTiming) { 1967 Stage2MMU::Stage2Translation *tran = new 1968 Stage2MMU::Stage2Translation(*stage2Mmu, data, event, 1969 currState->vaddr); 1970 currState->stage2Tran = tran; 1971 stage2Mmu->readDataTimed(currState->tc, descAddr, tran, numBytes, 1972 flags); 1973 fault = tran->fault; 1974 } else { 1975 fault = stage2Mmu->readDataUntimed(currState->tc, 1976 currState->vaddr, descAddr, data, numBytes, flags, 1977 currState->functional); 1978 } 1979 1980 if (fault != NoFault) { 1981 currState->fault = fault; 1982 } 1983 if (isTiming) { 1984 if (queueIndex >= 0) { 1985 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1986 stateQueues[queueIndex].size()); 1987 stateQueues[queueIndex].push_back(currState); 1988 currState = NULL; 1989 } 1990 } else { 1991 (this->*doDescriptor)(); 1992 } 1993 } else { 1994 if (isTiming) { 1995 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, event, data, 1996 currState->tc->getCpuPtr()->clockPeriod(),flags); 1997 if (queueIndex >= 0) { 1998 DPRINTF(TLBVerbose, "Adding to walker fifo: queue size before adding: %d\n", 1999 stateQueues[queueIndex].size()); 2000 stateQueues[queueIndex].push_back(currState); 2001 currState = NULL; 2002 } 2003 } else if (!currState->functional) { 2004 port->dmaAction(MemCmd::ReadReq, descAddr, numBytes, NULL, data, 2005 currState->tc->getCpuPtr()->clockPeriod(), flags); 2006 (this->*doDescriptor)(); 2007 } else { 2008 RequestPtr req = new Request(descAddr, numBytes, flags, masterId); 2009 req->taskId(ContextSwitchTaskId::DMA); 2010 PacketPtr pkt = new Packet(req, MemCmd::ReadReq); 2011 pkt->dataStatic(data); 2012 port->sendFunctional(pkt); 2013 (this->*doDescriptor)(); 2014 delete req; 2015 delete pkt; 2016 } 2017 } 2018 return (isTiming); 2019} 2020 2021void 2022TableWalker::insertTableEntry(DescriptorBase &descriptor, bool longDescriptor) 2023{ 2024 TlbEntry te; 2025 2026 // Create and fill a new page table entry 2027 te.valid = true; 2028 te.longDescFormat = longDescriptor; 2029 te.isHyp = currState->isHyp; 2030 te.asid = currState->asid; 2031 te.vmid = currState->vmid; 2032 te.N = descriptor.offsetBits(); 2033 te.vpn = currState->vaddr >> te.N; 2034 te.size = (1<<te.N) - 1; 2035 te.pfn = descriptor.pfn(); 2036 te.domain = descriptor.domain(); 2037 te.lookupLevel = descriptor.lookupLevel; 2038 te.ns = !descriptor.secure(haveSecurity, currState) || isStage2; 2039 te.nstid = !currState->isSecure; 2040 te.xn = descriptor.xn(); 2041 if (currState->aarch64) 2042 te.el = currState->el; 2043 else 2044 te.el = 1; 2045 2046 statPageSizes[pageSizeNtoStatBin(te.N)]++; 2047 statRequestOrigin[COMPLETED][currState->isFetch]++; 2048 2049 // ASID has no meaning for stage 2 TLB entries, so mark all stage 2 entries 2050 // as global 2051 te.global = descriptor.global(currState) || isStage2; 2052 if (longDescriptor) { 2053 LongDescriptor lDescriptor = 2054 dynamic_cast<LongDescriptor &>(descriptor); 2055 2056 te.xn |= currState->xnTable; 2057 te.pxn = currState->pxnTable || lDescriptor.pxn(); 2058 if (isStage2) { 2059 // this is actually the HAP field, but its stored in the same bit 2060 // possitions as the AP field in a stage 1 translation. 2061 te.hap = lDescriptor.ap(); 2062 } else { 2063 te.ap = ((!currState->rwTable || descriptor.ap() >> 1) << 1) | 2064 (currState->userTable && (descriptor.ap() & 0x1)); 2065 } 2066 if (currState->aarch64) 2067 memAttrsAArch64(currState->tc, te, lDescriptor); 2068 else 2069 memAttrsLPAE(currState->tc, te, lDescriptor); 2070 } else { 2071 te.ap = descriptor.ap(); 2072 memAttrs(currState->tc, te, currState->sctlr, descriptor.texcb(), 2073 descriptor.shareable()); 2074 } 2075 2076 // Debug output 2077 DPRINTF(TLB, descriptor.dbgHeader().c_str()); 2078 DPRINTF(TLB, " - N:%d pfn:%#x size:%#x global:%d valid:%d\n", 2079 te.N, te.pfn, te.size, te.global, te.valid); 2080 DPRINTF(TLB, " - vpn:%#x xn:%d pxn:%d ap:%d domain:%d asid:%d " 2081 "vmid:%d hyp:%d nc:%d ns:%d\n", te.vpn, te.xn, te.pxn, 2082 te.ap, static_cast<uint8_t>(te.domain), te.asid, te.vmid, te.isHyp, 2083 te.nonCacheable, te.ns); 2084 DPRINTF(TLB, " - domain from L%d desc:%d data:%#x\n", 2085 descriptor.lookupLevel, static_cast<uint8_t>(descriptor.domain()), 2086 descriptor.getRawData()); 2087 2088 // Insert the entry into the TLB 2089 tlb->insert(currState->vaddr, te); 2090 if (!currState->timing) { 2091 currState->tc = NULL; 2092 currState->req = NULL; 2093 } 2094} 2095 2096ArmISA::TableWalker * 2097ArmTableWalkerParams::create() 2098{ 2099 return new ArmISA::TableWalker(this); 2100} 2101 2102LookupLevel 2103TableWalker::toLookupLevel(uint8_t lookup_level_as_int) 2104{ 2105 switch (lookup_level_as_int) { 2106 case L1: 2107 return L1; 2108 case L2: 2109 return L2; 2110 case L3: 2111 return L3; 2112 default: 2113 panic("Invalid lookup level conversion"); 2114 } 2115} 2116 2117/* this method keeps track of the table walker queue's residency, so 2118 * needs to be called whenever requests start and complete. */ 2119void 2120TableWalker::pendingChange() 2121{ 2122 unsigned n = pendingQueue.size(); 2123 if ((currState != NULL) && (currState != pendingQueue.front())) { 2124 ++n; 2125 } 2126 2127 if (n != pendingReqs) { 2128 Tick now = curTick(); 2129 statPendingWalks.sample(pendingReqs, now - pendingChangeTick); 2130 pendingReqs = n; 2131 pendingChangeTick = now; 2132 } 2133} 2134 2135Fault 2136TableWalker::testWalk(Addr pa, Addr size, TlbEntry::DomainType domain, 2137 LookupLevel lookup_level) 2138{ 2139 return tlb->testWalk(pa, size, currState->vaddr, currState->isSecure, 2140 currState->mode, domain, lookup_level); 2141} 2142 2143 2144uint8_t 2145TableWalker::pageSizeNtoStatBin(uint8_t N) 2146{ 2147 /* for statPageSizes */ 2148 switch(N) { 2149 case 12: return 0; // 4K 2150 case 14: return 1; // 16K (using 16K granule in v8-64) 2151 case 16: return 2; // 64K 2152 case 20: return 3; // 1M 2153 case 21: return 4; // 2M-LPAE 2154 case 24: return 5; // 16M 2155 case 25: return 6; // 32M (using 16K granule in v8-64) 2156 case 29: return 7; // 512M (using 64K granule in v8-64) 2157 case 30: return 8; // 1G-LPAE 2158 default: 2159 panic("unknown page size"); 2160 return 255; 2161 } 2162} 2163 2164void 2165TableWalker::regStats() 2166{ 2167 ClockedObject::regStats(); 2168 2169 statWalks 2170 .name(name() + ".walks") 2171 .desc("Table walker walks requested") 2172 ; 2173 2174 statWalksShortDescriptor 2175 .name(name() + ".walksShort") 2176 .desc("Table walker walks initiated with short descriptors") 2177 .flags(Stats::nozero) 2178 ; 2179 2180 statWalksLongDescriptor 2181 .name(name() + ".walksLong") 2182 .desc("Table walker walks initiated with long descriptors") 2183 .flags(Stats::nozero) 2184 ; 2185 2186 statWalksShortTerminatedAtLevel 2187 .init(2) 2188 .name(name() + ".walksShortTerminationLevel") 2189 .desc("Level at which table walker walks " 2190 "with short descriptors terminate") 2191 .flags(Stats::nozero) 2192 ; 2193 statWalksShortTerminatedAtLevel.subname(0, "Level1"); 2194 statWalksShortTerminatedAtLevel.subname(1, "Level2"); 2195 2196 statWalksLongTerminatedAtLevel 2197 .init(4) 2198 .name(name() + ".walksLongTerminationLevel") 2199 .desc("Level at which table walker walks " 2200 "with long descriptors terminate") 2201 .flags(Stats::nozero) 2202 ; 2203 statWalksLongTerminatedAtLevel.subname(0, "Level0"); 2204 statWalksLongTerminatedAtLevel.subname(1, "Level1"); 2205 statWalksLongTerminatedAtLevel.subname(2, "Level2"); 2206 statWalksLongTerminatedAtLevel.subname(3, "Level3"); 2207 2208 statSquashedBefore 2209 .name(name() + ".walksSquashedBefore") 2210 .desc("Table walks squashed before starting") 2211 .flags(Stats::nozero) 2212 ; 2213 2214 statSquashedAfter 2215 .name(name() + ".walksSquashedAfter") 2216 .desc("Table walks squashed after completion") 2217 .flags(Stats::nozero) 2218 ; 2219 2220 statWalkWaitTime 2221 .init(16) 2222 .name(name() + ".walkWaitTime") 2223 .desc("Table walker wait (enqueue to first request) latency") 2224 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2225 ; 2226 2227 statWalkServiceTime 2228 .init(16) 2229 .name(name() + ".walkCompletionTime") 2230 .desc("Table walker service (enqueue to completion) latency") 2231 .flags(Stats::pdf | Stats::nozero | Stats::nonan) 2232 ; 2233 2234 statPendingWalks 2235 .init(16) 2236 .name(name() + ".walksPending") 2237 .desc("Table walker pending requests distribution") 2238 .flags(Stats::pdf | Stats::dist | Stats::nozero | Stats::nonan) 2239 ; 2240 2241 statPageSizes // see DDI 0487A D4-1661 2242 .init(9) 2243 .name(name() + ".walkPageSizes") 2244 .desc("Table walker page sizes translated") 2245 .flags(Stats::total | Stats::pdf | Stats::dist | Stats::nozero) 2246 ; 2247 statPageSizes.subname(0, "4K"); 2248 statPageSizes.subname(1, "16K"); 2249 statPageSizes.subname(2, "64K"); 2250 statPageSizes.subname(3, "1M"); 2251 statPageSizes.subname(4, "2M"); 2252 statPageSizes.subname(5, "16M"); 2253 statPageSizes.subname(6, "32M"); 2254 statPageSizes.subname(7, "512M"); 2255 statPageSizes.subname(8, "1G"); 2256 2257 statRequestOrigin 2258 .init(2,2) // Instruction/Data, requests/completed 2259 .name(name() + ".walkRequestOrigin") 2260 .desc("Table walker requests started/completed, data/inst") 2261 .flags(Stats::total) 2262 ; 2263 statRequestOrigin.subname(0,"Requested"); 2264 statRequestOrigin.subname(1,"Completed"); 2265 statRequestOrigin.ysubname(0,"Data"); 2266 statRequestOrigin.ysubname(1,"Inst"); 2267} 2268