[PULL 14/41] target/arm: Correct errors in WFI/WFE trapping

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 14/41] target/arm: Correct errors in WFI/WFE trapping

From:	Peter Maydell
Subject:	[PULL 14/41] target/arm: Correct errors in WFI/WFE trapping
Date:	Thu, 20 Feb 2025 16:20:55 +0000

The code for WFI/WFE trapping has several errors:
 * it wasn't using arm_sctlr(), so it would look at SCTLR_EL1
   even if the CPU was in the EL2&0 translation regime
 * it was raising UNDEF, not Monitor Trap, for traps to
   AArch32 EL3 because of SCR.{TWE,TWI}
 * it was not honouring SCR.{TWE,TWI} when running in
   AArch32 at EL3 not in Monitor mode
 * it checked SCR.{TWE,TWI} even on v7 CPUs which don't have
   those bits

Fix these bugs.

Cc: qemu-stable@nongnu.org
Fixes: b1eced713d99 ("target-arm: Add WFx instruction trap support")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250130182309.717346-15-peter.maydell@linaro.org
---
 target/arm/tcg/op_helper.c | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 2230351a8f4..02c375d196d 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -313,15 +313,19 @@ void HELPER(check_bxj_trap)(CPUARMState *env, uint32_t rm)
 }
 
 #ifndef CONFIG_USER_ONLY
-/* Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
+/*
+ * Function checks whether WFx (WFI/WFE) instructions are set up to be trapped.
  * The function returns the target EL (1-3) if the instruction is to be 
trapped;
  * otherwise it returns 0 indicating it is not trapped.
+ * For a trap, *excp is updated with the EXCP_* trap type to use.
  */
-static inline int check_wfx_trap(CPUARMState *env, bool is_wfe)
+static inline int check_wfx_trap(CPUARMState *env, bool is_wfe, uint32_t *excp)
 {
     int cur_el = arm_current_el(env);
     uint64_t mask;
 
+    *excp = EXCP_UDEF;
+
     if (arm_feature(env, ARM_FEATURE_M)) {
         /* M profile cores can never trap WFI/WFE. */
         return 0;
@@ -331,18 +335,9 @@ static inline int check_wfx_trap(CPUARMState *env, bool 
is_wfe)
      * WFx instructions being trapped to EL1. These trap bits don't exist in 
v7.
      */
     if (cur_el < 1 && arm_feature(env, ARM_FEATURE_V8)) {
-        int target_el;
-
         mask = is_wfe ? SCTLR_nTWE : SCTLR_nTWI;
-        if (arm_is_secure_below_el3(env) && !arm_el_is_aa64(env, 3)) {
-            /* Secure EL0 and Secure PL1 is at EL3 */
-            target_el = 3;
-        } else {
-            target_el = 1;
-        }
-
-        if (!(env->cp15.sctlr_el[target_el] & mask)) {
-            return target_el;
+        if (!(arm_sctlr(env, cur_el) & mask)) {
+            return exception_target_el(env);
         }
     }
 
@@ -358,9 +353,12 @@ static inline int check_wfx_trap(CPUARMState *env, bool 
is_wfe)
     }
 
     /* We are not trapping to EL1 or EL2; trap to EL3 if SCR_EL3 requires it */
-    if (cur_el < 3) {
+    if (arm_feature(env, ARM_FEATURE_V8) && !arm_is_el3_or_mon(env)) {
         mask = (is_wfe) ? SCR_TWE : SCR_TWI;
         if (env->cp15.scr_el3 & mask) {
+            if (!arm_el_is_aa64(env, 3)) {
+                *excp = EXCP_MON_TRAP;
+            }
             return 3;
         }
     }
@@ -383,7 +381,8 @@ void HELPER(wfi)(CPUARMState *env, uint32_t insn_len)
     return;
 #else
     CPUState *cs = env_cpu(env);
-    int target_el = check_wfx_trap(env, false);
+    uint32_t excp;
+    int target_el = check_wfx_trap(env, false, &excp);
 
     if (cpu_has_work(cs)) {
         /* Don't bother to go into our "low power state" if
@@ -399,7 +398,7 @@ void HELPER(wfi)(CPUARMState *env, uint32_t insn_len)
             env->regs[15] -= insn_len;
         }
 
-        raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, insn_len == 2),
+        raise_exception(env, excp, syn_wfx(1, 0xe, 0, insn_len == 2),
                         target_el);
     }
 
@@ -424,7 +423,8 @@ void HELPER(wfit)(CPUARMState *env, uint64_t timeout)
 #else
     ARMCPU *cpu = env_archcpu(env);
     CPUState *cs = env_cpu(env);
-    int target_el = check_wfx_trap(env, false);
+    uint32_t excp;
+    int target_el = check_wfx_trap(env, false, &excp);
     /* The WFIT should time out when CNTVCT_EL0 >= the specified value. */
     uint64_t cntval = gt_get_countervalue(env);
     uint64_t offset = gt_virt_cnt_offset(env);
@@ -441,8 +441,7 @@ void HELPER(wfit)(CPUARMState *env, uint64_t timeout)
 
     if (target_el) {
         env->pc -= 4;
-        raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, false),
-                        target_el);
+        raise_exception(env, excp, syn_wfx(1, 0xe, 0, false), target_el);
     }
 
     if (uadd64_overflow(timeout, offset, &nexttick)) {
-- 
2.43.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 05/41] target/arm: Make CP_ACCESS_TRAPs to AArch32 EL3 be Monitor traps, (continued)
- [PULL 05/41] target/arm: Make CP_ACCESS_TRAPs to AArch32 EL3 be Monitor traps, Peter Maydell, 2025/02/20
- [PULL 04/41] target/arm: Report correct syndrome for UNDEFINED LOR sysregs when NS=0, Peter Maydell, 2025/02/20
- [PULL 07/41] target/arm: Honour SDCR.TDCC and SCR.TERR in AArch32 EL3 non-Monitor modes, Peter Maydell, 2025/02/20
- [PULL 06/41] hw/intc/arm_gicv3_cpuif: Don't downgrade monitor traps for AArch32 EL3, Peter Maydell, 2025/02/20
- [PULL 08/41] hw/intc/arm_gicv3_cpuif(): Remove redundant tests of is_a64(), Peter Maydell, 2025/02/20
- [PULL 09/41] target/arm: Support CP_ACCESS_TRAP_EL1 as a CPAccessResult, Peter Maydell, 2025/02/20
- [PULL 11/41] target/arm: Use TRAP_UNCATEGORIZED for XScale CPAR traps, Peter Maydell, 2025/02/20
- [PULL 12/41] target/arm: Remove CP_ACCESS_TRAP handling, Peter Maydell, 2025/02/20
- [PULL 10/41] target/arm: Use CP_ACCESS_TRAP_EL1 for traps that are always to EL1, Peter Maydell, 2025/02/20
- [PULL 15/41] hw/arm/exynos4210: Replace magic 32 by proper 'GIC_INTERNAL' definition, Peter Maydell, 2025/02/20
- [PULL 14/41] target/arm: Correct errors in WFI/WFE trapping, Peter Maydell <=
- [PULL 17/41] hw/arm/realview: Specify explicitly the GIC has 64 external IRQs, Peter Maydell, 2025/02/20
- [PULL 16/41] hw/arm/exynos4210: Specify explicitly the GIC has 64 external IRQs, Peter Maydell, 2025/02/20
- [PULL 18/41] hw/arm/xilinx_zynq: Replace IRQ_OFFSET -> GIC_INTERNAL, Peter Maydell, 2025/02/20
- [PULL 13/41] target/arm: Rename CP_ACCESS_TRAP_UNCATEGORIZED to CP_ACCESS_UNDEFINED, Peter Maydell, 2025/02/20
- [PULL 19/41] hw/arm/xilinx_zynq: Specify explicitly the GIC has 64 external IRQs, Peter Maydell, 2025/02/20
- [PULL 21/41] hw/arm/highbank: Specify explicitly the GIC has 128 external IRQs, Peter Maydell, 2025/02/20
- [PULL 20/41] hw/arm/vexpress: Specify explicitly the GIC has 64 external IRQs, Peter Maydell, 2025/02/20
- [PULL 22/41] hw/cpu/arm_mpcore: Remove default values for GIC external IRQs, Peter Maydell, 2025/02/20
- [PULL 23/41] Kconfig: Extract CONFIG_USB_CHIPIDEA from CONFIG_IMX, Peter Maydell, 2025/02/20
- [PULL 24/41] target/arm: Use uint32_t in t32_expandimm_imm(), Peter Maydell, 2025/02/20

Prev by Date: [PULL 15/41] hw/arm/exynos4210: Replace magic 32 by proper 'GIC_INTERNAL' definition
Next by Date: [PULL 17/41] hw/arm/realview: Specify explicitly the GIC has 64 external IRQs
Previous by thread: [PULL 15/41] hw/arm/exynos4210: Replace magic 32 by proper 'GIC_INTERNAL' definition
Next by thread: [PULL 17/41] hw/arm/realview: Specify explicitly the GIC has 64 external IRQs
Index(es):
- Date
- Thread