[mirror_qemu.git] / target / hppa / mem_helper.c

/*
 *  HPPA memory access helper routines
 *
 *  Copyright (c) 2017 Helge Deller
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include "qemu/osdep.h"
#include "qemu/log.h"
#include "cpu.h"
#include "exec/exec-all.h"
#include "exec/helper-proto.h"
#include "hw/core/cpu.h"
#include "trace.h"

static hppa_tlb_entry *hppa_find_tlb(CPUHPPAState *env, vaddr addr)
{
    int i;

    for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
        hppa_tlb_entry *ent = &env->tlb[i];
        if (ent->va_b <= addr && addr <= ent->va_e) {
            trace_hppa_tlb_find_entry(env, ent + i, ent->entry_valid,
                                      ent->va_b, ent->va_e, ent->pa);
            return ent;
        }
    }
    trace_hppa_tlb_find_entry_not_found(env, addr);
    return NULL;
}

static void hppa_flush_tlb_ent(CPUHPPAState *env, hppa_tlb_entry *ent)
{
    CPUState *cs = env_cpu(env);
    unsigned i, n = 1 << (2 * ent->page_size);
    uint64_t addr = ent->va_b;

    trace_hppa_tlb_flush_ent(env, ent, ent->va_b, ent->va_e, ent->pa);

    for (i = 0; i < n; ++i, addr += TARGET_PAGE_SIZE) {
        /* Do not flush MMU_PHYS_IDX.  */
        tlb_flush_page_by_mmuidx(cs, addr, 0xf);
    }

    memset(ent, 0, sizeof(*ent));
    ent->va_b = -1;
}

static hppa_tlb_entry *hppa_alloc_tlb_ent(CPUHPPAState *env)
{
    hppa_tlb_entry *ent;
    uint32_t i = env->tlb_last;

    env->tlb_last = (i == ARRAY_SIZE(env->tlb) - 1 ? 0 : i + 1);
    ent = &env->tlb[i];

    hppa_flush_tlb_ent(env, ent);
    return ent;
}

int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
                              int type, hwaddr *pphys, int *pprot)
{
    hwaddr phys;
    int prot, r_prot, w_prot, x_prot;
    hppa_tlb_entry *ent;
    int ret = -1;

    /* Virtual translation disabled.  Direct map virtual to physical.  */
    if (mmu_idx == MMU_PHYS_IDX) {
        phys = addr;
        prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
        goto egress;
    }

    /* Find a valid tlb entry that matches the virtual address.  */
    ent = hppa_find_tlb(env, addr);
    if (ent == NULL || !ent->entry_valid) {
        phys = 0;
        prot = 0;
        ret = (type == PAGE_EXEC) ? EXCP_ITLB_MISS : EXCP_DTLB_MISS;
        goto egress;
    }

    /* We now know the physical address.  */
    phys = ent->pa + (addr & ~TARGET_PAGE_MASK);

    /* Map TLB access_rights field to QEMU protection.  */
    r_prot = (mmu_idx <= ent->ar_pl1) * PAGE_READ;
    w_prot = (mmu_idx <= ent->ar_pl2) * PAGE_WRITE;
    x_prot = (ent->ar_pl2 <= mmu_idx && mmu_idx <= ent->ar_pl1) * PAGE_EXEC;
    switch (ent->ar_type) {
    case 0: /* read-only: data page */
        prot = r_prot;
        break;
    case 1: /* read/write: dynamic data page */
        prot = r_prot | w_prot;
        break;
    case 2: /* read/execute: normal code page */
        prot = r_prot | x_prot;
        break;
    case 3: /* read/write/execute: dynamic code page */
        prot = r_prot | w_prot | x_prot;
        break;
    default: /* execute: promote to privilege level type & 3 */
        prot = x_prot;
        break;
    }

    /* access_id == 0 means public page and no check is performed */
    if ((env->psw & PSW_P) && ent->access_id) {
        /* If bits [31:1] match, and bit 0 is set, suppress write.  */
        int match = ent->access_id * 2 + 1;

        if (match == env->cr[CR_PID1] || match == env->cr[CR_PID2] ||
            match == env->cr[CR_PID3] || match == env->cr[CR_PID4]) {
            prot &= PAGE_READ | PAGE_EXEC;
            if (type == PAGE_WRITE) {
                ret = EXCP_DMPI;
                goto egress;
            }
        }
    }

    /* No guest access type indicates a non-architectural access from
       within QEMU.  Bypass checks for access, D, B and T bits.  */
    if (type == 0) {
        goto egress;
    }

    if (unlikely(!(prot & type))) {
        /* The access isn't allowed -- Inst/Data Memory Protection Fault.  */
        ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR;
        goto egress;
    }

    /* In reverse priority order, check for conditions which raise faults.
       As we go, remove PROT bits that cover the condition we want to check.
       In this way, the resulting PROT will force a re-check of the
       architectural TLB entry for the next access.  */
    if (unlikely(!ent->d)) {
        if (type & PAGE_WRITE) {
            /* The D bit is not set -- TLB Dirty Bit Fault.  */
            ret = EXCP_TLB_DIRTY;
        }
        prot &= PAGE_READ | PAGE_EXEC;
    }
    if (unlikely(ent->b)) {
        if (type & PAGE_WRITE) {
            /* The B bit is set -- Data Memory Break Fault.  */
            ret = EXCP_DMB;
        }
        prot &= PAGE_READ | PAGE_EXEC;
    }
    if (unlikely(ent->t)) {
        if (!(type & PAGE_EXEC)) {
            /* The T bit is set -- Page Reference Fault.  */
            ret = EXCP_PAGE_REF;
        }
        prot &= PAGE_EXEC;
    }

 egress:
    *pphys = phys;
    *pprot = prot;
    trace_hppa_tlb_get_physical_address(env, ret, prot, addr, phys);
    return ret;
}

hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
{
    HPPACPU *cpu = HPPA_CPU(cs);
    hwaddr phys;
    int prot, excp;

    /* If the (data) mmu is disabled, bypass translation.  */
    /* ??? We really ought to know if the code mmu is disabled too,
       in order to get the correct debugging dumps.  */
    if (!(cpu->env.psw & PSW_D)) {
        return addr;
    }

    excp = hppa_get_physical_address(&cpu->env, addr, MMU_KERNEL_IDX, 0,
                                     &phys, &prot);

    /* Since we're translating for debugging, the only error that is a
       hard error is no translation at all.  Otherwise, while a real cpu
       access might not have permission, the debugger does.  */
    return excp == EXCP_DTLB_MISS ? -1 : phys;
}

bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
                       MMUAccessType type, int mmu_idx,
                       bool probe, uintptr_t retaddr)
{
    HPPACPU *cpu = HPPA_CPU(cs);
    CPUHPPAState *env = &cpu->env;
    int prot, excp, a_prot;
    hwaddr phys;

    switch (type) {
    case MMU_INST_FETCH:
        a_prot = PAGE_EXEC;
        break;
    case MMU_DATA_STORE:
        a_prot = PAGE_WRITE;
        break;
    default:
        a_prot = PAGE_READ;
        break;
    }

    excp = hppa_get_physical_address(env, addr, mmu_idx,
                                     a_prot, &phys, &prot);
    if (unlikely(excp >= 0)) {
        if (probe) {
            return false;
        }
        trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx);
        /* Failure.  Raise the indicated exception.  */
        cs->exception_index = excp;
        if (cpu->env.psw & PSW_Q) {
            /* ??? Needs tweaking for hppa64.  */
            cpu->env.cr[CR_IOR] = addr;
            cpu->env.cr[CR_ISR] = addr >> 32;
        }
        cpu_loop_exit_restore(cs, retaddr);
    }

    trace_hppa_tlb_fill_success(env, addr & TARGET_PAGE_MASK,
                                phys & TARGET_PAGE_MASK, size, type, mmu_idx);
    /* Success!  Store the translation into the QEMU TLB.  */
    tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK,
                 prot, mmu_idx, TARGET_PAGE_SIZE);
    return true;
}

/* Insert (Insn/Data) TLB Address.  Note this is PA 1.1 only.  */
void HELPER(itlba)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
{
    hppa_tlb_entry *empty = NULL;
    int i;

    /* Zap any old entries covering ADDR; notice empty entries on the way.  */
    for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
        hppa_tlb_entry *ent = &env->tlb[i];
        if (ent->va_b <= addr && addr <= ent->va_e) {
            if (ent->entry_valid) {
                hppa_flush_tlb_ent(env, ent);
            }
            if (!empty) {
                empty = ent;
            }
        }
    }

    /* If we didn't see an empty entry, evict one.  */
    if (empty == NULL) {
        empty = hppa_alloc_tlb_ent(env);
    }

    /* Note that empty->entry_valid == 0 already.  */
    empty->va_b = addr & TARGET_PAGE_MASK;
    empty->va_e = empty->va_b + TARGET_PAGE_SIZE - 1;
    empty->pa = extract32(reg, 5, 20) << TARGET_PAGE_BITS;
    trace_hppa_tlb_itlba(env, empty, empty->va_b, empty->va_e, empty->pa);
}

/* Insert (Insn/Data) TLB Protection.  Note this is PA 1.1 only.  */
void HELPER(itlbp)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
{
    hppa_tlb_entry *ent = hppa_find_tlb(env, addr);

    if (unlikely(ent == NULL)) {
        qemu_log_mask(LOG_GUEST_ERROR, "ITLBP not following ITLBA\n");
        return;
    }

    ent->access_id = extract32(reg, 1, 18);
    ent->u = extract32(reg, 19, 1);
    ent->ar_pl2 = extract32(reg, 20, 2);
    ent->ar_pl1 = extract32(reg, 22, 2);
    ent->ar_type = extract32(reg, 24, 3);
    ent->b = extract32(reg, 27, 1);
    ent->d = extract32(reg, 28, 1);
    ent->t = extract32(reg, 29, 1);
    ent->entry_valid = 1;
    trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u, ent->ar_pl2,
                         ent->ar_pl1, ent->ar_type, ent->b, ent->d, ent->t);
}

/* Purge (Insn/Data) TLB.  This is explicitly page-based, and is
   synchronous across all processors.  */
static void ptlb_work(CPUState *cpu, run_on_cpu_data data)
{
    CPUHPPAState *env = cpu->env_ptr;
    target_ulong addr = (target_ulong) data.target_ptr;
    hppa_tlb_entry *ent = hppa_find_tlb(env, addr);

    if (ent && ent->entry_valid) {
        hppa_flush_tlb_ent(env, ent);
    }
}

void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
{
    CPUState *src = env_cpu(env);
    CPUState *cpu;
    trace_hppa_tlb_ptlb(env);
    run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr);

    CPU_FOREACH(cpu) {
        if (cpu != src) {
            async_run_on_cpu(cpu, ptlb_work, data);
        }
    }
    async_safe_run_on_cpu(src, ptlb_work, data);
}

/* Purge (Insn/Data) TLB entry.  This affects an implementation-defined
   number of pages/entries (we choose all), and is local to the cpu.  */
void HELPER(ptlbe)(CPUHPPAState *env)
{
    trace_hppa_tlb_ptlbe(env);
    memset(env->tlb, 0, sizeof(env->tlb));
    tlb_flush_by_mmuidx(env_cpu(env), 0xf);
}

void cpu_hppa_change_prot_id(CPUHPPAState *env)
{
    if (env->psw & PSW_P) {
        tlb_flush_by_mmuidx(env_cpu(env), 0xf);
    }
}

void HELPER(change_prot_id)(CPUHPPAState *env)
{
    cpu_hppa_change_prot_id(env);
}

target_ureg HELPER(lpa)(CPUHPPAState *env, target_ulong addr)
{
    hwaddr phys;
    int prot, excp;

    excp = hppa_get_physical_address(env, addr, MMU_KERNEL_IDX, 0,
                                     &phys, &prot);
    if (excp >= 0) {
        if (env->psw & PSW_Q) {
            /* ??? Needs tweaking for hppa64.  */
            env->cr[CR_IOR] = addr;
            env->cr[CR_ISR] = addr >> 32;
        }
        if (excp == EXCP_DTLB_MISS) {
            excp = EXCP_NA_DTLB_MISS;
        }
        trace_hppa_tlb_lpa_failed(env, addr);
        hppa_dynamic_excp(env, excp, GETPC());
    }
    trace_hppa_tlb_lpa_success(env, addr, phys);
    return phys;
}

/* Return the ar_type of the TLB at VADDR, or -1.  */
int hppa_artype_for_page(CPUHPPAState *env, target_ulong vaddr)
{
    hppa_tlb_entry *ent = hppa_find_tlb(env, vaddr);
    return ent ? ent->ar_type : -1;
}
Commit	Line	Data
813dff13 HD	1	/*
	2	* HPPA memory access helper routines
	3	*
	4	* Copyright (c) 2017 Helge Deller
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
d6ea4236	9	* version 2.1 of the License, or (at your option) any later version.
813dff13 HD	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	#include "qemu/osdep.h"
cd617484	21	#include "qemu/log.h"
813dff13 HD	22	#include "cpu.h"
	23	#include "exec/exec-all.h"
	24	#include "exec/helper-proto.h"
2e5b09fd	25	#include "hw/core/cpu.h"
23c3d569	26	#include "trace.h"
813dff13	27
650cdb2a RH	28	static hppa_tlb_entry hppa_find_tlb(CPUHPPAState env, vaddr addr)
	29	{
	30	int i;
	31
	32	for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
	33	hppa_tlb_entry *ent = &env->tlb[i];
8d6ae7fb	34	if (ent->va_b <= addr && addr <= ent->va_e) {
23c3d569 SS	35	trace_hppa_tlb_find_entry(env, ent + i, ent->entry_valid,
23c3d569 SS	36	ent->va_b, ent->va_e, ent->pa);
650cdb2a RH	37	return ent;
	38	}
	39	}
23c3d569	40	trace_hppa_tlb_find_entry_not_found(env, addr);
650cdb2a RH	41	return NULL;
	42	}
	43
8d6ae7fb RH	44	static void hppa_flush_tlb_ent(CPUHPPAState env, hppa_tlb_entry ent)
8d6ae7fb RH	45	{
25f32708	46	CPUState *cs = env_cpu(env);
8d6ae7fb RH	47	unsigned i, n = 1 << (2 * ent->page_size);
	48	uint64_t addr = ent->va_b;
	49
23c3d569 SS	50	trace_hppa_tlb_flush_ent(env, ent, ent->va_b, ent->va_e, ent->pa);
23c3d569 SS	51
8d6ae7fb RH	52	for (i = 0; i < n; ++i, addr += TARGET_PAGE_SIZE) {
	53	/* Do not flush MMU_PHYS_IDX. */
	54	tlb_flush_page_by_mmuidx(cs, addr, 0xf);
	55	}
	56
	57	memset(ent, 0, sizeof(*ent));
	58	ent->va_b = -1;
	59	}
	60
	61	static hppa_tlb_entry hppa_alloc_tlb_ent(CPUHPPAState env)
	62	{
	63	hppa_tlb_entry *ent;
	64	uint32_t i = env->tlb_last;
	65
	66	env->tlb_last = (i == ARRAY_SIZE(env->tlb) - 1 ? 0 : i + 1);
	67	ent = &env->tlb[i];
	68
	69	hppa_flush_tlb_ent(env, ent);
	70	return ent;
	71	}
	72
650cdb2a RH	73	int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
	74	int type, hwaddr pphys, int pprot)
	75	{
	76	hwaddr phys;
	77	int prot, r_prot, w_prot, x_prot;
	78	hppa_tlb_entry *ent;
	79	int ret = -1;
	80
	81	/* Virtual translation disabled. Direct map virtual to physical. */
	82	if (mmu_idx == MMU_PHYS_IDX) {
	83	phys = addr;
	84	prot = PAGE_READ \| PAGE_WRITE \| PAGE_EXEC;
	85	goto egress;
	86	}
	87
	88	/* Find a valid tlb entry that matches the virtual address. */
	89	ent = hppa_find_tlb(env, addr);
8d6ae7fb	90	if (ent == NULL \|\| !ent->entry_valid) {
650cdb2a RH	91	phys = 0;
650cdb2a RH	92	prot = 0;
acd6ba74	93	ret = (type == PAGE_EXEC) ? EXCP_ITLB_MISS : EXCP_DTLB_MISS;
650cdb2a RH	94	goto egress;
	95	}
	96
	97	/* We now know the physical address. */
	98	phys = ent->pa + (addr & ~TARGET_PAGE_MASK);
	99
	100	/* Map TLB access_rights field to QEMU protection. */
	101	r_prot = (mmu_idx <= ent->ar_pl1) * PAGE_READ;
	102	w_prot = (mmu_idx <= ent->ar_pl2) * PAGE_WRITE;
	103	x_prot = (ent->ar_pl2 <= mmu_idx && mmu_idx <= ent->ar_pl1) * PAGE_EXEC;
	104	switch (ent->ar_type) {
	105	case 0: /* read-only: data page */
	106	prot = r_prot;
	107	break;
	108	case 1: /* read/write: dynamic data page */
	109	prot = r_prot \| w_prot;
	110	break;
	111	case 2: /* read/execute: normal code page */
	112	prot = r_prot \| x_prot;
	113	break;
	114	case 3: /* read/write/execute: dynamic code page */
	115	prot = r_prot \| w_prot \| x_prot;
	116	break;
	117	default: /* execute: promote to privilege level type & 3 */
	118	prot = x_prot;
43e05652	119	break;
650cdb2a RH	120	}
650cdb2a RH	121
d5de20bd SS	122	/* access_id == 0 means public page and no check is performed */
	123	if ((env->psw & PSW_P) && ent->access_id) {
	124	/* If bits [31:1] match, and bit 0 is set, suppress write. */
	125	int match = ent->access_id * 2 + 1;
	126
	127	if (match == env->cr[CR_PID1] \|\| match == env->cr[CR_PID2] \|\|
	128	match == env->cr[CR_PID3] \|\| match == env->cr[CR_PID4]) {
	129	prot &= PAGE_READ \| PAGE_EXEC;
	130	if (type == PAGE_WRITE) {
	131	ret = EXCP_DMPI;
	132	goto egress;
	133	}
	134	}
	135	}
650cdb2a RH	136
	137	/* No guest access type indicates a non-architectural access from
	138	within QEMU. Bypass checks for access, D, B and T bits. */
	139	if (type == 0) {
	140	goto egress;
	141	}
	142
	143	if (unlikely(!(prot & type))) {
	144	/* The access isn't allowed -- Inst/Data Memory Protection Fault. */
affdb7e6	145	ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR;
650cdb2a RH	146	goto egress;
	147	}
	148
	149	/* In reverse priority order, check for conditions which raise faults.
	150	As we go, remove PROT bits that cover the condition we want to check.
	151	In this way, the resulting PROT will force a re-check of the
	152	architectural TLB entry for the next access. */
	153	if (unlikely(!ent->d)) {
	154	if (type & PAGE_WRITE) {
	155	/* The D bit is not set -- TLB Dirty Bit Fault. */
	156	ret = EXCP_TLB_DIRTY;
	157	}
	158	prot &= PAGE_READ \| PAGE_EXEC;
	159	}
	160	if (unlikely(ent->b)) {
	161	if (type & PAGE_WRITE) {
	162	/* The B bit is set -- Data Memory Break Fault. */
	163	ret = EXCP_DMB;
	164	}
	165	prot &= PAGE_READ \| PAGE_EXEC;
	166	}
	167	if (unlikely(ent->t)) {
	168	if (!(type & PAGE_EXEC)) {
	169	/* The T bit is set -- Page Reference Fault. */
	170	ret = EXCP_PAGE_REF;
	171	}
	172	prot &= PAGE_EXEC;
	173	}
	174
	175	egress:
	176	*pphys = phys;
	177	*pprot = prot;
23c3d569	178	trace_hppa_tlb_get_physical_address(env, ret, prot, addr, phys);
650cdb2a RH	179	return ret;
	180	}
	181
813dff13 HD	182	hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
813dff13 HD	183	{
650cdb2a RH	184	HPPACPU *cpu = HPPA_CPU(cs);
	185	hwaddr phys;
	186	int prot, excp;
	187
	188	/* If the (data) mmu is disabled, bypass translation. */
	189	/* ??? We really ought to know if the code mmu is disabled too,
	190	in order to get the correct debugging dumps. */
	191	if (!(cpu->env.psw & PSW_D)) {
	192	return addr;
	193	}
	194
	195	excp = hppa_get_physical_address(&cpu->env, addr, MMU_KERNEL_IDX, 0,
	196	&phys, &prot);
	197
	198	/* Since we're translating for debugging, the only error that is a
	199	hard error is no translation at all. Otherwise, while a real cpu
	200	access might not have permission, the debugger does. */
	201	return excp == EXCP_DTLB_MISS ? -1 : phys;
813dff13 HD	202	}
813dff13 HD	203
3c7bef03 RH	204	bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
	205	MMUAccessType type, int mmu_idx,
	206	bool probe, uintptr_t retaddr)
813dff13	207	{
650cdb2a	208	HPPACPU *cpu = HPPA_CPU(cs);
23c3d569	209	CPUHPPAState *env = &cpu->env;
650cdb2a RH	210	int prot, excp, a_prot;
	211	hwaddr phys;
	212
	213	switch (type) {
	214	case MMU_INST_FETCH:
	215	a_prot = PAGE_EXEC;
	216	break;
	217	case MMU_DATA_STORE:
	218	a_prot = PAGE_WRITE;
	219	break;
	220	default:
	221	a_prot = PAGE_READ;
	222	break;
	223	}
	224
23c3d569	225	excp = hppa_get_physical_address(env, addr, mmu_idx,
650cdb2a RH	226	a_prot, &phys, &prot);
650cdb2a RH	227	if (unlikely(excp >= 0)) {
3c7bef03 RH	228	if (probe) {
	229	return false;
	230	}
23c3d569	231	trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx);
650cdb2a RH	232	/* Failure. Raise the indicated exception. */
	233	cs->exception_index = excp;
	234	if (cpu->env.psw & PSW_Q) {
	235	/* ??? Needs tweaking for hppa64. */
	236	cpu->env.cr[CR_IOR] = addr;
	237	cpu->env.cr[CR_ISR] = addr >> 32;
	238	}
	239	cpu_loop_exit_restore(cs, retaddr);
	240	}
813dff13	241
23c3d569 SS	242	trace_hppa_tlb_fill_success(env, addr & TARGET_PAGE_MASK,
23c3d569 SS	243	phys & TARGET_PAGE_MASK, size, type, mmu_idx);
813dff13 HD	244	/* Success! Store the translation into the QEMU TLB. */
	245	tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK,
	246	prot, mmu_idx, TARGET_PAGE_SIZE);
3c7bef03 RH	247	return true;
	248	}
	249
8d6ae7fb RH	250	/* Insert (Insn/Data) TLB Address. Note this is PA 1.1 only. */
	251	void HELPER(itlba)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
	252	{
	253	hppa_tlb_entry *empty = NULL;
	254	int i;
	255
	256	/* Zap any old entries covering ADDR; notice empty entries on the way. */
	257	for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
	258	hppa_tlb_entry *ent = &env->tlb[i];
0b49c339 SS	259	if (ent->va_b <= addr && addr <= ent->va_e) {
	260	if (ent->entry_valid) {
	261	hppa_flush_tlb_ent(env, ent);
	262	}
	263	if (!empty) {
	264	empty = ent;
	265	}
8d6ae7fb RH	266	}
	267	}
	268
	269	/* If we didn't see an empty entry, evict one. */
	270	if (empty == NULL) {
	271	empty = hppa_alloc_tlb_ent(env);
	272	}
	273
	274	/* Note that empty->entry_valid == 0 already. */
	275	empty->va_b = addr & TARGET_PAGE_MASK;
	276	empty->va_e = empty->va_b + TARGET_PAGE_SIZE - 1;
	277	empty->pa = extract32(reg, 5, 20) << TARGET_PAGE_BITS;
23c3d569	278	trace_hppa_tlb_itlba(env, empty, empty->va_b, empty->va_e, empty->pa);
8d6ae7fb RH	279	}
	280
	281	/* Insert (Insn/Data) TLB Protection. Note this is PA 1.1 only. */
	282	void HELPER(itlbp)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
	283	{
	284	hppa_tlb_entry *ent = hppa_find_tlb(env, addr);
	285
38188fd2	286	if (unlikely(ent == NULL)) {
8d6ae7fb RH	287	qemu_log_mask(LOG_GUEST_ERROR, "ITLBP not following ITLBA\n");
	288	return;
	289	}
	290
	291	ent->access_id = extract32(reg, 1, 18);
	292	ent->u = extract32(reg, 19, 1);
	293	ent->ar_pl2 = extract32(reg, 20, 2);
	294	ent->ar_pl1 = extract32(reg, 22, 2);
	295	ent->ar_type = extract32(reg, 24, 3);
	296	ent->b = extract32(reg, 27, 1);
	297	ent->d = extract32(reg, 28, 1);
	298	ent->t = extract32(reg, 29, 1);
	299	ent->entry_valid = 1;
23c3d569 SS	300	trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u, ent->ar_pl2,
23c3d569 SS	301	ent->ar_pl1, ent->ar_type, ent->b, ent->d, ent->t);
8d6ae7fb	302	}
63300a00 RH	303
	304	/* Purge (Insn/Data) TLB. This is explicitly page-based, and is
	305	synchronous across all processors. */
	306	static void ptlb_work(CPUState *cpu, run_on_cpu_data data)
	307	{
	308	CPUHPPAState *env = cpu->env_ptr;
	309	target_ulong addr = (target_ulong) data.target_ptr;
	310	hppa_tlb_entry *ent = hppa_find_tlb(env, addr);
	311
	312	if (ent && ent->entry_valid) {
	313	hppa_flush_tlb_ent(env, ent);
	314	}
	315	}
	316
	317	void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
	318	{
25f32708	319	CPUState *src = env_cpu(env);
63300a00	320	CPUState *cpu;
23c3d569	321	trace_hppa_tlb_ptlb(env);
63300a00 RH	322	run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr);
	323
	324	CPU_FOREACH(cpu) {
	325	if (cpu != src) {
	326	async_run_on_cpu(cpu, ptlb_work, data);
	327	}
	328	}
	329	async_safe_run_on_cpu(src, ptlb_work, data);
	330	}
	331
	332	/* Purge (Insn/Data) TLB entry. This affects an implementation-defined
	333	number of pages/entries (we choose all), and is local to the cpu. */
	334	void HELPER(ptlbe)(CPUHPPAState *env)
	335	{
23c3d569	336	trace_hppa_tlb_ptlbe(env);
63300a00	337	memset(env->tlb, 0, sizeof(env->tlb));
25f32708	338	tlb_flush_by_mmuidx(env_cpu(env), 0xf);
63300a00	339	}
2dfcca9f	340
d5de20bd SS	341	void cpu_hppa_change_prot_id(CPUHPPAState *env)
	342	{
	343	if (env->psw & PSW_P) {
25f32708	344	tlb_flush_by_mmuidx(env_cpu(env), 0xf);
d5de20bd SS	345	}
	346	}
	347
	348	void HELPER(change_prot_id)(CPUHPPAState *env)
	349	{
	350	cpu_hppa_change_prot_id(env);
	351	}
	352
2dfcca9f RH	353	target_ureg HELPER(lpa)(CPUHPPAState *env, target_ulong addr)
	354	{
	355	hwaddr phys;
	356	int prot, excp;
	357
	358	excp = hppa_get_physical_address(env, addr, MMU_KERNEL_IDX, 0,
	359	&phys, &prot);
	360	if (excp >= 0) {
	361	if (env->psw & PSW_Q) {
	362	/* ??? Needs tweaking for hppa64. */
	363	env->cr[CR_IOR] = addr;
	364	env->cr[CR_ISR] = addr >> 32;
	365	}
	366	if (excp == EXCP_DTLB_MISS) {
	367	excp = EXCP_NA_DTLB_MISS;
	368	}
23c3d569	369	trace_hppa_tlb_lpa_failed(env, addr);
2dfcca9f RH	370	hppa_dynamic_excp(env, excp, GETPC());
2dfcca9f RH	371	}
23c3d569	372	trace_hppa_tlb_lpa_success(env, addr, phys);
2dfcca9f RH	373	return phys;
2dfcca9f RH	374	}
43e05652 RH	375
	376	/* Return the ar_type of the TLB at VADDR, or -1. */
	377	int hppa_artype_for_page(CPUHPPAState *env, target_ulong vaddr)
	378	{
	379	hppa_tlb_entry *ent = hppa_find_tlb(env, vaddr);
	380	return ent ? ent->ar_type : -1;
	381	}