As per the pseudo code from DDI0487 M.a.a (on J1-16021) AArch64.S1Walk():
// Check descriptor AF bit
elsif (descriptor<10> == '0' && walkparams.ha == '0' &&
(!accdesc.acctype IN {AccessType_DC, AccessType_IC} ||
boolean IMPLEMENTATION_DEFINED "Generate access flag fault on IC/DC
operations")) then
fault.statuscode = Fault_AccessFlag;
an access flag fault should be generated for AccessType_AT, if the AF bit
is 0 and !param.ha.
Fixes: efebeec13d07 ("target/arm: Skip AF and DB updates for AccessType_AT")
Signed-off-by: Zenghui Yu <[email protected]>
---
target/arm/ptw.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8b8dc09e72..572048d560 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -2118,6 +2118,12 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
descaddr &= ~(hwaddr)(page_size - 1);
descaddr |= (address & (page_size - 1));
+ /* Check descriptor AF bit */
+ if (!(descriptor & (1 << 10)) && !param.ha) {
+ fi->type = ARMFault_AccessFlag;
+ goto do_fault;
+ }
+
/*
* For AccessType_AT, DB is not updated (AArch64.SetDirtyFlag),
* and it is IMPLEMENTATION DEFINED whether AF is updated
@@ -2127,15 +2133,9 @@ static bool get_phys_addr_lpae(CPUARMState *env,
S1Translate *ptw,
/*
* Access flag.
* If HA is enabled, prepare to update the descriptor below.
- * Otherwise, pass the access fault on to software.
*/
- if (!(descriptor & (1 << 10))) {
- if (param.ha) {
- new_descriptor |= 1 << 10; /* AF */
- } else {
- fi->type = ARMFault_AccessFlag;
- goto do_fault;
- }
+ if (!(descriptor & (1 << 10)) && param.ha) {
+ new_descriptor |= 1 << 10; /* AF */
}
/*
--
2.53.0
