Merge tag 'pull-target-arm-20240408' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm:
* Use correct SecuritySpace for AArch64 AT ops at EL3
* Fix CNTPOFF_EL2 trap to missing EL3
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmYUC2EZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kyhD/9QQb8qrtd7Lan/ODI1PKuv
# gHl1MNCpf1qxfCzl/hL2+Ci2p220AL22EIBUBwzTXoIjidRKoqmUAkKvNk3xANI2
# ZiO1+NZIOqdVLbQGboJDbd4jEDuABPok6fOSyw1WCs9FvGFOWYswx1Eb/T9X31hz
# cSxakeW1cIQo0FNtVEGldUdKQLTxAw6pO/fuL/YleXq2Heiw6ktIe48LxQ0ufVLU
# 7ebpTWSbVeEqwKb4H1HixZ54a2in4NnsHQkkIxup7mPjH78l78WvQjEn1d4CDqJB
# /hzCV/tDrPzUYET7wYN5gHFYuMOOeDDcOn42Lj+qF+dyjMgg64qMMdZ46wxQKSdr
# KInSkcnKCsMWNN8fYFDrGcefuXmvFd81l368DczxCHOgTWZdnZj+M3yQQ85a6TER
# 5f9mmUOMLtvrogfxrlKJklo9P+FzHFp5luT3d8c8wXY46B5wkpS43tJGjZEyvHps
# 1cQnJN+Y3ys6VU7FfLO9Dl/qI4dR0xUhDvjqPEicuu79lTBPgFoQox7xSGVAk90y
# QKzz0eXV/ECy1kabMFDrZNINkg07KtNFKLrRgrHCPt4gdTO1Nu9UMWUTVjiNYSh4
# aEMy3xHCIKo315BvUsVVwpQLa98CYfLF/rw3J6ECaPTCYN7uCrlWyDEcDdbFfPXD
# xPbXgH7ocQoDn7Tj+KxfhQ==
# =WmlH
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Apr 2024 16:21:05 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20240408' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
target/arm: Fix CNTPOFF_EL2 trap to missing EL3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3f3a5b5..a620481 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3452,7 +3452,8 @@
const ARMCPRegInfo *ri,
bool isread)
{
- if (arm_current_el(env) == 2 && !(env->cp15.scr_el3 & SCR_ECVEN)) {
+ if (arm_current_el(env) == 2 && arm_feature(env, ARM_FEATURE_EL3) &&
+ !(env->cp15.scr_el3 & SCR_ECVEN)) {
return CP_ACCESS_TRAP_EL3;
}
return CP_ACCESS_OK;
@@ -3878,6 +3879,8 @@
ARMMMUIdx mmu_idx;
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
bool regime_e20 = (hcr_el2 & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE);
+ bool for_el3 = false;
+ ARMSecuritySpace ss;
switch (ri->opc2 & 6) {
case 0:
@@ -3895,6 +3898,7 @@
break;
case 6: /* AT S1E3R, AT S1E3W */
mmu_idx = ARMMMUIdx_E3;
+ for_el3 = true;
break;
default:
g_assert_not_reached();
@@ -3913,8 +3917,8 @@
g_assert_not_reached();
}
- env->cp15.par_el[1] = do_ats_write(env, value, access_type,
- mmu_idx, arm_security_space(env));
+ ss = for_el3 ? arm_security_space(env) : arm_security_space_below_el3(env);
+ env->cp15.par_el[1] = do_ats_write(env, value, access_type, mmu_idx, ss);
#else
/* Handled by hardware accelerator. */
g_assert_not_reached();