@@ -10,7 +10,7 @@
#ifdef TARGET_AARCH64
# define TARGET_LONG_BITS 64
-# define TARGET_PHYS_ADDR_SPACE_BITS 48
+# define TARGET_PHYS_ADDR_SPACE_BITS 52
# define TARGET_VIRT_ADDR_SPACE_BITS 52
#else
# define TARGET_LONG_BITS 32
@@ -765,7 +765,7 @@ static void aarch64_max_initfn(Object *obj)
cpu->isar.id_aa64pfr1 = t;
t = cpu->isar.id_aa64mmfr0;
- t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */
+ t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
cpu->isar.id_aa64mmfr0 = t;
t = cpu->isar.id_aa64mmfr1;
@@ -11171,6 +11171,7 @@ static const uint8_t pamax_map[] = {
[3] = 42,
[4] = 44,
[5] = 48,
+ [6] = 52,
};
/* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
@@ -11562,11 +11563,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
descaddr = extract64(ttbr, 0, 48);
/*
- * If the base address is out of range, raise AddressSizeFault.
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [5:2] of TTBR.
+ *
+ * Otherwise, if the base address is out of range, raise AddressSizeFault.
* In the pseudocode, this is !IsZero(baseregister<47:outputsize>),
* but we've just cleared the bits above 47, so simplify the test.
*/
- if (descaddr >> outputsize) {
+ if (outputsize > 48) {
+ descaddr |= extract64(ttbr, 2, 4) << 48;
+ } else if (descaddr >> outputsize) {
level = 0;
fault_type = ARMFault_AddressSize;
goto do_fault;
@@ -11618,7 +11623,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
}
descaddr = descriptor & descaddrmask;
- if (descaddr >> outputsize) {
+
+ /*
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
+ * of descriptor. Otherwise, if descaddr is out of range, raise
+ * AddressSizeFault.
+ */
+ if (outputsize > 48) {
+ descaddr |= extract64(descriptor, 12, 4) << 48;
+ } else if (descaddr >> outputsize) {
fault_type = ARMFault_AddressSize;
goto do_fault;
}