This document presents the mapping of the rules in the RMM specification to the test cases and the steps followed in the tests. This also provides the information about the test coverage scenarios that are implemented in the current release of ACS and the scenarios that are planned for the future releases.
| TestName | Test Assertions | Test Approach or Comments | Validated by ACS |
|---|---|---|---|
| exception_rec_exit_wfe | 1. On REC entry, if the most recent exit from the target REC was not a REC exit due to PSCI, then GPR values X0 to X30 are restored from the REC to the PE. 2. On REC exit for any reason which is not REC exit due to PSCI, GPR values X0 to X30 are saved from the PE to the REC 3. On REC exit for any reason which is neither REC exit due to Host call nor REC exit due to PSCI, GPR exit.gprs = 0 |
1. enable TEST_WFE_TRAP=1 during build 2. create realm 3. rec enter with the entry.trap_wfe=1 4. save the gprs x0 to x30 5. from realm execute the wfe command 6. handle rec exit and check ESR_EL2 and do modify any gprs value and do rec enter from host 7. compare the earlier saved gprs and current gprs values 8. value should be same, if not test failed |
NO |
| exception_rec_exit_wfi | 1. On REC entry, if the most recent exit from the target REC was not a REC exit due to PSCI, then GPR values X0 to X30 are restored from the REC to the PE. 2. On REC exit for any reason which is not REC exit due to PSCI, GPR values X0 to X30 are saved from the PE to the REC 3. On REC exit for any reason which is neither REC exit due to Host call nor REC exit due to PSCI, GPR exit.gprs = 0 |
1. create realm 2. rec enter with the trap_wfi=1 3. save the gprs x0 to x30 4. from realm execute the wfi command 5. handle rec exit and check ESR_EL2 and do modify any gprs value and do rec enter from host 6. compare the earlier saved gprs and current gprs values 7. value should be same, if not test failed. |
YES |
| exception_rec_exit_hostcall | On REC exit due to Host call, all of the following are true: 1. rec.host_call_pending is HOST_CALL_PENDING. 2. exit.exit_reason is RMI_EXIT_HOST_CALL. 3. exit.imm contains the immediate value passed to the RSI_HOST_CALL command. 4. exit.gprs[0..30] contain the register values passed to the RSI_HOST_CALL command. 5. All other exit fields except for exit.givc3_, exit_cnt and exit.pmu_* are zero. 6. On REC entry, if rec.host_call_pending is HOST_CALL_PENDING, then GPR values X0 to X30 are copied from entry.gprs[0..30] to the RsiHostCall data structure |
1. create realm 2. rec enter 3. Fill the gprs registers before doing the hostcall SMC 4. call HOST CALL SMC to switch to host 5. verify the test assertion at host 6. Fill the gprs values from the host before rec enter 7. Validate the hostcall gprs values from the realm |
YES |
| exception_rec_exit_psci | On REC entry, if the most recent exit from the target REC was a REC exit due to PSCI, then all of the following occur 1. X0 to X6 contain the PSCI return code and PSCI output values. 2. GPR values X7 to X30 are restored from the REC to the PE. 3. On REC exit due to PSCI, all of the following are true: exit.gprs[0] contains the PSCI FID. exit.gprs[1..3] contain the corresponding PSCI arguments. If the PSCI command has fewer than 3 arguments, the remaining values contain zero. GPR values X7 to X30 are saved from the PE to the REC. 4. On REC exit due to PSCI, exit.exit_reason is RMI_EXIT_PSCI. |
1. create realm with two rec 2. execute rec enter on rec 1 3. from realm, execute PSCI_AFFINITY_INFO command for rec2 4. verify the rec exit reason and ESR_EL2 information at host 5. do PSCI_COMPLETE with gprs corrupted 6. do rec enter on rec 1 7. comparet he gprs vaues, if not same test fails |
YES |
| exception_realm_unsupported_smc | Realm execution of an SMC which is not part of one of the following ABIs results in a return value of SMCCC_NOT_SUPPORTED: PSCI RSI |
1. create realm 2. do rec enter 3. from realm, execute the RMI smc and check whether we are getting SMCCC_NOT_SUPPORTED, if not test fails. |
YES |
| exception_rec_exit_hvc | On Realm execution of HVC, an Unknown exception is taken to the Realm | 1. create ream 2. rec enter 3. realm : setup the synchronized exception handler 4. realm: execute the HVC call and see whether exception handler called. If not test fails |
YES |
| exception_rec_exit_ripas | Execute for: {{ACCEPT, REJECT} x RIPAS_CHANGE_REQUEST} Where RIPAS_CHANGE_REQUEST = EMPTY -> RAM RAM -> EMPTY RAM -> EMPTY[Partial ripas set] RAM -> EMPTY[RIPAS reject] Rule: 1. REC restore on entry 2. gprs saved from PE to REC 3. A REC exit due to RIPAS change pending is a REC exit due to the Realm issuing a RIPAS change request 4. On REC exit due to RIPAS change pending, all of the following are true: exit.exit_reason is RMI_EXIT_RIPAS_CHANGE. exit.ripas_base is the base address of the region on which a RIPAS change is pending. exit.ripas_top is the top address of the region on which a RIPAS change is pending. exit.ripas_value is the requested RIPAS value. 5. On REC exit due to RIPAS change pending: exit holds the base address and the size of the region on which a RIPAS change is pending. These values inform the Host of the bounds of the RIPAS change request. rec holds the next address to be processed in a RIPAS change, and the top of the requested RIPAS change region. These values are used by the RMM to enforce that the RMI_RTT_SET_RIPAS command can only apply RIPAS change within the bounds of the RIPAS change request, and to report the progress of the RIPAS change to the Realm on the next REC entry. |
1. create a realm 2. rec enter 3. realm : get the ipa and range from host 4. realm : execute the SET IPA STATE SMC 5. handle rec exit at host and verify the ESR_EL2 and execute the RMI SET RIPAS from host 6. do rec enter and check the return arguments 7. repeat the steps 1 to 6 for different state transition as mentioned in the test assertion. |
YES |
| exception_rec_exit_ia | A REC exit due to Instruction Abort is a REC exit due to a Realm instruction fetch from a Protected IPA whose HIPAS is UNASSIGNED or DESTROYED and whose RIPAS is RAM. 1. On REC exit due to Instruction Abort, all of the following are true: exit.exit_reason is RMI_EXIT_SYNC. exit.esr.EC contains the value of ESR_EL2.EC at the time of the Realm exit. exit.esr.ISS.SET contains the value of ESR_EL2.ISS.SET at the time of the Realm exit. exit.esr.ISS.EA contains the value of ESR_EL2.ISS.EA at the time of the Realm exit. exit.esr.ISS.IFSC contains the value of ESR_EL2.ISS.IFSC at the time of the Realm exit. exit.hpfar contains the value of HPFAR_EL2 at the time of the Realm exit. All other exit fields are zero. 2. HPFAR_EL2.FIPA does not include the lowest 12 bits of the faulting IPA. exit.hpfar therefore only reveals the Realms access patterns at a granularity of 4KB. If support was added to this specification for Granule sizes larger than 4KB, exit.hpfar would need to be masked accordingly. |
1. create realm 2. do rmi init ripas for an ipa, so that the stae of hipas and ripas will be unassigned and ram respectively 3. activate realm 4. read the entry and check their state and see whether what we wanted ? 5. realm : make the Stage 1 for the IPA whos Stage 2 is unassigned and ram 6. realm : call the ipa as function and see rec exit to host happens 7. verify the test assertion |
YES |
| exception_rec_exit_irq | A REC exit due to IRQ is a REC exit due to an IRQ exception which should be handled by the Host. 1. On REC exit due to IRQ, exit.exit_reason is RMI_EXIT_IRQ. On REC exit due to IRQ, exit.esr is zero 3. A REC exit due to IRQ is not generated for an interrupt which is masked by the value of ICC_PMR_EL1 at the time of REC entry. The RMM should preserve the value of ICC_PMR_EL1 during REC entry. |
1. create a realm 2. Create an IRQ request from one of the Agents with a priority higher than programmed in ICC_PMR_EL1. 3. Handle the rec exit at host and verify the exit_reason == RMI_EXIT_IRQ and exit.esr is zero. 4. handle the irq serive routine from the host. |
YES |
| exception_rec_exit_fiq | On REC exit due to FIQ, exit.reason is RMI_EXIT_FIQ On REC exit due to FIQ, exit.esr is zero |
1. create a realm 2. Create an FIQ request from one of the Agents with a priority higher than programmed in ICC_PMR_EL1. 3. Handle the rec exit at host and verify the exit_reason == RMI_EXIT_FIQ and exit.esr is zero. 4. handle the irq serive routine. |
NO |
| exception_rec_exit_serror | On REC exit due to SError, all of the following occur: exit.exit_reason is RMI_EXIT_SERROR. exit.esr.EC contains the value of ESR_EL2.EC at the time of the Realm exit. exit.esr.ISS.IDS contains the value of ESR_EL2.ISS.IDS at the time of the Realm exit. exit.esr.ISS.AET contains the value of ESR_EL2.ISS.AET at the time of the Realm exit. exit.esr.ISS.EA contains the value of ESR_EL2.ISS.EA at the time of the Realm exit. exit.esr.ISS.DFSC contains the value of ESR_EL2.ISS.DFSC at the time of the Realm exit. All other exit fields except for exit.givc3_, exit_cnt and exit.pmu_* are zero. |
Out of ACS scope | NO |
| exception_emulatable_da exception_non_emulatable_da exception_non_emulatable_da_1 exception_non_emulatable_da_2 exception_non_emulatable_da_3 |
1. On REC entry, if the most recent exit from the target REC was a REC exit due to Emulatable Data Abort and entry.flags.emul_mmio == RMI_EMULATED_MMIO, then the return address is the next instruction following the faulting instruction 2. On REC entry, if the most recent exit from the target REC was a REC exit due to Emulatable Data Abort and the Realm memory access was a read and entry.flags.emul_mmio == RMI_EMULATED_MMIO, then the register indicated by ESR_EL2.ISS.SRT is set to entry.gprs[0] 3. On REC entry, if the most recent exit from the target REC was a REC exit due to Data Abort at an Unprotected IPA and entry.flags.emul_mmio == RMI_NOT_EMULATED_MMIO and entry.flags.inject_sea == RMI_INJECT_SEA, then a Synchronous External Abort is taken to the Realm 4. A REC exit due to Emulatable Data Abort is a REC exit due to a Realm data access to an Unprotected IPA whose HIPAS is UNASSIGNED, where the access caused ESR_EL2.ISS.ISV to be set to '1' 5. A REC exit due to Non-emulatable Data Abort is a REC exit due to a Realm data access to one of the following: an Unprotected IPA whose HIPAS is UNASSIGNED, where the access caused ESR_EL2.ISS.ISV to be set to '0' an Unprotected IPA whose HIPAS is ASSIGNED, where the access caused a stage 2 permission fault a Protected IPA whose HIPAS is UNASSIGNED or DESTROYED and whose RIPAS is RAM. 5. On REC exit due to Data Abort, all of the following are true: exit.exit_reason is RMI_EXIT_SYNC. exit.esr.EC contains the value of ESR_EL2.EC at the time of the Realm exit. exit.esr.ISS.SET contains the value of ESR_EL2.ISS.SET at the time of the Realm exit. exit.esr.ISS.FnV contains the value of ESR_EL2.ISS.FnV at the time of the Realm exit. exit.esr.ISS.EA contains the value of ESR_EL2.ISS.EA at the time of the Realm exit. exit.esr.ISS.DFSC contains the value of ESR_EL2.ISS.DFSC at the time of the Realm exit. exit.hpfar contains the value of HPFAR_EL2 at the time of the Realm exit. On REC exit due to Emulatable Data Abort, all of the following are true: rec.emulatable_abort is EMULATABLE_ABORT. exit.esr.ISS.ISV contains the value of ESR_EL2.ISS.ISV at the time of the Realm exit. exit.esr.ISS.SAS contains the value of ESR_EL2.ISS.SAS at the time of the Realm exit. exit.esr.ISS.SF contains the value of ESR_EL2.ISS.SF at the time of the Realm exit. exit.esr.ISS.WnR contains the value of ESR_EL2.ISS.WnR at the time of the Realm exit. exit.far contains the value of FAR_EL2 at the time of the Realm exit, with bits more significant than the size of a Granule masked to zero. On REC exit due to Non-emulatable Data Abort at an Unprotected IPA, all of the following are true: exit.esr.IL contains the value of ESR_EL2.IL at the time of the Realm exit. On REC exit due to Data Abort, all of the other exit fields are zero. |
1. create realm 2. Set Unprotected IPA whose HIPAS is UNASSIGNED 3. activate realm 4. Rec enter to realm and try to access the Unprotected IPA whose HIPAS is UNASSIGNED from the realm. 5. verify the test assertion for Emulatable Data Abort. 6. Check the exit fields as mentioned in the specification. 7. Repeat step-1 to step-6 for the non-Emulatable abort with below test assertions: an Unprotected IPA whose HIPAS is UNASSIGNED, where the access caused ESR_EL2.ISS.ISV to be set to '0' an Unprotected IPA whose HIPAS is ASSIGNED, where the access caused a stage 2 permission fault a Protected IPA whose HIPAS is UNASSIGNED or DESTROYED and whose RIPAS is RAM. |
YES |
| exception_entry_gpf | On REC entry, if RMM access to entry causes a GPF then the RMI_REC_ENTER command fails with RMI_ERROR_INPUT On REC exit, if RMM access to exit causes a GPF then the RMI_REC_ENTER command fails with RMI_ERROR_INPUT |
Out of ACS scope | NO |
| exception_trapped_write | Verify the "Trapped MSR, MRS or System instruction execution in AArch64 state" class of syndromes | Out of ACS scope | NO |