Re: [PATCH v5 30/41] target/arm: Flush tlb for ASID changes in EL2&0 translation regime

[Peter Maydell]

On Wed, 29 Jan 2020 at 23:56, Richard Henderson
<address@hidden> wrote:
>
> Since we only support a single ASID, flush the tlb when it changes.
>
> Note that TCR_EL2, like TCR_EL1, has the A1 bit that chooses between
> the two TTBR* registers for the location of the ASID.
>
> Signed-off-by: Richard Henderson <address@hidden>
> ---
>  target/arm/helper.c | 22 +++++++++++++++-------
>  1 file changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 0b67cefcbb..708a2ecf91 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -3763,7 +3763,7 @@ static void vmsa_ttbcr_reset(CPUARMState *env, const 
> ARMCPRegInfo *ri)
>      tcr->base_mask = 0xffffc000u;
>  }
>
> -static void vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
> +static void vmsa_tcr_el12_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                 uint64_t value)
>  {
>      ARMCPU *cpu = env_archcpu(env);
> @@ -3789,7 +3789,17 @@ static void vmsa_ttbr_write(CPUARMState *env, const 
> ARMCPRegInfo *ri,
>  static void vmsa_tcr_ttbr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                                      uint64_t value)
>  {
> -    /* TODO: There are ASID fields in here with HCR_EL2.E2H */
> +    /*
> +     * If we are running with E2&0 regime, then an ASID is active.
> +     * Flush if that might be changing.  Note we're not checking
> +     * TCR_EL2.A1 to know if this is really the TTBRx_EL2 that
> +     * holds the active ASID, only checking the field that might.
> +     */
> +    if (extract64(raw_read(env, ri) ^ value, 48, 16) &&
> +        (arm_hcr_el2_eff(env) & HCR_E2H)) {
> +        tlb_flush_by_mmuidx(env_cpu(env),
> +                            ARMMMUIdxBit_E20_2 | ARMMMUIdxBit_E20_0);
> +    }
>      raw_write(env, ri, value);
>  }
>
> @@ -3849,7 +3859,7 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
>                               offsetof(CPUARMState, cp15.ttbr1_ns) } },
>      { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
>        .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
> -      .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
> +      .access = PL1_RW, .writefn = vmsa_tcr_el12_write,
>        .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
>        .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[1]) },
>      { .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
> @@ -5175,10 +5185,8 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
>        .resetvalue = 0 },
>      { .name = "TCR_EL2", .state = ARM_CP_STATE_BOTH,
>        .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 2,
> -      .access = PL2_RW,
> -      /* no .writefn needed as this can't cause an ASID change;
> -       * no .raw_writefn or .resetfn needed as we never use mask/base_mask
> -       */
> +      .access = PL2_RW, .writefn = vmsa_tcr_el12_write,

This blows away the entire TLB on a TCR_EL2 write, which is
safe but a bit overzealous; we could skip it if E2H was clear
(and probably also be a bit more precise about which TLB
indexes to clear). But it's not a big deal so I'm happy if
we leave this as-is.

> +      /* no .raw_writefn or .resetfn needed as we never use mask/base_mask */
>        .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) },
>      { .name = "VTCR", .state = ARM_CP_STATE_AA32,
>        .cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
> --
> 2.20.1

Reviewed-by: Peter Maydell <address@hidden>

thanks
-- PMM