[mirror_qemu.git] / target / ppc / mmu-hash32.c

/*
 *  PowerPC MMU, TLB and BAT emulation helpers for QEMU.
 *
 *  Copyright (c) 2003-2007 Jocelyn Mayer
 *  Copyright (c) 2013 David Gibson, IBM Corporation
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include "qemu/osdep.h"
#include "cpu.h"
#include "exec/exec-all.h"
#include "sysemu/kvm.h"
#include "kvm_ppc.h"
#include "internal.h"
#include "mmu-hash32.h"
#include "mmu-books.h"
#include "exec/log.h"

/* #define DEBUG_BATS */

#ifdef DEBUG_BATS
#  define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
#else
#  define LOG_BATS(...) do { } while (0)
#endif

struct mmu_ctx_hash32 {
    hwaddr raddr;      /* Real address              */
    int prot;                      /* Protection bits           */
    int key;                       /* Access key                */
};

static int ppc_hash32_pp_prot(int key, int pp, int nx)
{
    int prot;

    if (key == 0) {
        switch (pp) {
        case 0x0:
        case 0x1:
        case 0x2:
            prot = PAGE_READ | PAGE_WRITE;
            break;

        case 0x3:
            prot = PAGE_READ;
            break;

        default:
            abort();
        }
    } else {
        switch (pp) {
        case 0x0:
            prot = 0;
            break;

        case 0x1:
        case 0x3:
            prot = PAGE_READ;
            break;

        case 0x2:
            prot = PAGE_READ | PAGE_WRITE;
            break;

        default:
            abort();
        }
    }
    if (nx == 0) {
        prot |= PAGE_EXEC;
    }

    return prot;
}

static int ppc_hash32_pte_prot(int mmu_idx,
                               target_ulong sr, ppc_hash_pte32_t pte)
{
    unsigned pp, key;

    key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
    pp = pte.pte1 & HPTE32_R_PP;

    return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
}

static target_ulong hash32_bat_size(int mmu_idx,
                                    target_ulong batu, target_ulong batl)
{
    if ((mmuidx_pr(mmu_idx) && !(batu & BATU32_VP))
        || (!mmuidx_pr(mmu_idx) && !(batu & BATU32_VS))) {
        return 0;
    }

    return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
}

static int hash32_bat_prot(PowerPCCPU *cpu,
                           target_ulong batu, target_ulong batl)
{
    int pp, prot;

    prot = 0;
    pp = batl & BATL32_PP;
    if (pp != 0) {
        prot = PAGE_READ | PAGE_EXEC;
        if (pp == 0x2) {
            prot |= PAGE_WRITE;
        }
    }
    return prot;
}

static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
                                    MMUAccessType access_type, int *prot,
                                    int mmu_idx)
{
    CPUPPCState *env = &cpu->env;
    target_ulong *BATlt, *BATut;
    bool ifetch = access_type == MMU_INST_FETCH;
    int i;

    LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
             ifetch ? 'I' : 'D', ea);
    if (ifetch) {
        BATlt = env->IBAT[1];
        BATut = env->IBAT[0];
    } else {
        BATlt = env->DBAT[1];
        BATut = env->DBAT[0];
    }
    for (i = 0; i < env->nb_BATs; i++) {
        target_ulong batu = BATut[i];
        target_ulong batl = BATlt[i];
        target_ulong mask;

        mask = hash32_bat_size(mmu_idx, batu, batl);
        LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
                 " BATl " TARGET_FMT_lx "\n", __func__,
                 ifetch ? 'I' : 'D', i, ea, batu, batl);

        if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
            hwaddr raddr = (batl & mask) | (ea & ~mask);

            *prot = hash32_bat_prot(cpu, batu, batl);

            return raddr & TARGET_PAGE_MASK;
        }
    }

    /* No hit */
#if defined(DEBUG_BATS)
    if (qemu_log_enabled()) {
        target_ulong *BATu, *BATl;
        target_ulong BEPIl, BEPIu, bl;

        LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", ea);
        for (i = 0; i < 4; i++) {
            BATu = &BATut[i];
            BATl = &BATlt[i];
            BEPIu = *BATu & BATU32_BEPIU;
            BEPIl = *BATu & BATU32_BEPIL;
            bl = (*BATu & 0x00001FFC) << 15;
            LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
                     " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
                     TARGET_FMT_lx " " TARGET_FMT_lx "\n",
                     __func__, ifetch ? 'I' : 'D', i, ea,
                     *BATu, *BATl, BEPIu, BEPIl, bl);
        }
    }
#endif

    return -1;
}

static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
                                    target_ulong eaddr,
                                    MMUAccessType access_type,
                                    hwaddr *raddr, int *prot, int mmu_idx,
                                    bool guest_visible)
{
    CPUState *cs = CPU(cpu);
    CPUPPCState *env = &cpu->env;
    int key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));

    qemu_log_mask(CPU_LOG_MMU, "direct store...\n");

    if (access_type == MMU_INST_FETCH) {
        /* No code fetch is allowed in direct-store areas */
        if (guest_visible) {
            cs->exception_index = POWERPC_EXCP_ISI;
            env->error_code = 0x10000000;
        }
        return false;
    }

    /*
     * From ppc_cpu_get_phys_page_debug, env->access_type is not set.
     * Assume ACCESS_INT for that case.
     */
    switch (guest_visible ? env->access_type : ACCESS_INT) {
    case ACCESS_INT:
        /* Integer load/store : only access allowed */
        break;
    case ACCESS_FLOAT:
        /* Floating point load/store */
        cs->exception_index = POWERPC_EXCP_ALIGN;
        env->error_code = POWERPC_EXCP_ALIGN_FP;
        env->spr[SPR_DAR] = eaddr;
        return false;
    case ACCESS_RES:
        /* lwarx, ldarx or srwcx. */
        env->error_code = 0;
        env->spr[SPR_DAR] = eaddr;
        if (access_type == MMU_DATA_STORE) {
            env->spr[SPR_DSISR] = 0x06000000;
        } else {
            env->spr[SPR_DSISR] = 0x04000000;
        }
        return false;
    case ACCESS_CACHE:
        /*
         * dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
         *
         * Should make the instruction do no-op.  As it already do
         * no-op, it's quite easy :-)
         */
        *raddr = eaddr;
        return true;
    case ACCESS_EXT:
        /* eciwx or ecowx */
        cs->exception_index = POWERPC_EXCP_DSI;
        env->error_code = 0;
        env->spr[SPR_DAR] = eaddr;
        if (access_type == MMU_DATA_STORE) {
            env->spr[SPR_DSISR] = 0x06100000;
        } else {
            env->spr[SPR_DSISR] = 0x04100000;
        }
        return false;
    default:
        cpu_abort(cs, "ERROR: insn should not need address translation\n");
    }

    *prot = key ? PAGE_READ | PAGE_WRITE : PAGE_READ;
    if (*prot & prot_for_access_type(access_type)) {
        *raddr = eaddr;
        return true;
    }

    if (guest_visible) {
        cs->exception_index = POWERPC_EXCP_DSI;
        env->error_code = 0;
        env->spr[SPR_DAR] = eaddr;
        if (access_type == MMU_DATA_STORE) {
            env->spr[SPR_DSISR] = 0x0a000000;
        } else {
            env->spr[SPR_DSISR] = 0x08000000;
        }
    }
    return false;
}

hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
{
    target_ulong mask = ppc_hash32_hpt_mask(cpu);

    return (hash * HASH_PTEG_SIZE_32) & mask;
}

static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
                                     bool secondary, target_ulong ptem,
                                     ppc_hash_pte32_t *pte)
{
    hwaddr pte_offset = pteg_off;
    target_ulong pte0, pte1;
    int i;

    for (i = 0; i < HPTES_PER_GROUP; i++) {
        pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
        /*
         * pte0 contains the valid bit and must be read before pte1,
         * otherwise we might see an old pte1 with a new valid bit and
         * thus an inconsistent hpte value
         */
        smp_rmb();
        pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);

        if ((pte0 & HPTE32_V_VALID)
            && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
            && HPTE32_V_COMPARE(pte0, ptem)) {
            pte->pte0 = pte0;
            pte->pte1 = pte1;
            return pte_offset;
        }

        pte_offset += HASH_PTE_SIZE_32;
    }

    return -1;
}

static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_offset, uint32_t pte1)
{
    target_ulong base = ppc_hash32_hpt_base(cpu);
    hwaddr offset = pte_offset + 6;

    /* The HW performs a non-atomic byte update */
    stb_phys(CPU(cpu)->as, base + offset, ((pte1 >> 8) & 0xff) | 0x01);
}

static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_offset, uint64_t pte1)
{
    target_ulong base = ppc_hash32_hpt_base(cpu);
    hwaddr offset = pte_offset + 7;

    /* The HW performs a non-atomic byte update */
    stb_phys(CPU(cpu)->as, base + offset, (pte1 & 0xff) | 0x80);
}

static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
                                     target_ulong sr, target_ulong eaddr,
                                     ppc_hash_pte32_t *pte)
{
    hwaddr pteg_off, pte_offset;
    hwaddr hash;
    uint32_t vsid, pgidx, ptem;

    vsid = sr & SR32_VSID;
    pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
    hash = vsid ^ pgidx;
    ptem = (vsid << 7) | (pgidx >> 10);

    /* Page address translation */
    qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx
            " htab_mask " HWADDR_FMT_plx
            " hash " HWADDR_FMT_plx "\n",
            ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);

    /* Primary PTEG lookup */
    qemu_log_mask(CPU_LOG_MMU, "0 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
            " vsid=%" PRIx32 " ptem=%" PRIx32
            " hash=" HWADDR_FMT_plx "\n",
            ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
            vsid, ptem, hash);
    pteg_off = get_pteg_offset32(cpu, hash);
    pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
    if (pte_offset == -1) {
        /* Secondary PTEG lookup */
        qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
                " vsid=%" PRIx32 " api=%" PRIx32
                " hash=" HWADDR_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
                ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
        pteg_off = get_pteg_offset32(cpu, ~hash);
        pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
    }

    return pte_offset;
}

static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
                                   target_ulong eaddr)
{
    hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
    hwaddr mask = ~TARGET_PAGE_MASK;

    return (rpn & ~mask) | (eaddr & mask);
}

bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
                      hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                      bool guest_visible)
{
    CPUState *cs = CPU(cpu);
    CPUPPCState *env = &cpu->env;
    target_ulong sr;
    hwaddr pte_offset;
    ppc_hash_pte32_t pte;
    int prot;
    int need_prot;
    hwaddr raddr;

    /* There are no hash32 large pages. */
    *psizep = TARGET_PAGE_BITS;

    /* 1. Handle real mode accesses */
    if (mmuidx_real(mmu_idx)) {
        /* Translation is off */
        *raddrp = eaddr;
        *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
        return true;
    }

    need_prot = prot_for_access_type(access_type);

    /* 2. Check Block Address Translation entries (BATs) */
    if (env->nb_BATs != 0) {
        raddr = ppc_hash32_bat_lookup(cpu, eaddr, access_type, protp, mmu_idx);
        if (raddr != -1) {
            if (need_prot & ~*protp) {
                if (guest_visible) {
                    if (access_type == MMU_INST_FETCH) {
                        cs->exception_index = POWERPC_EXCP_ISI;
                        env->error_code = 0x08000000;
                    } else {
                        cs->exception_index = POWERPC_EXCP_DSI;
                        env->error_code = 0;
                        env->spr[SPR_DAR] = eaddr;
                        if (access_type == MMU_DATA_STORE) {
                            env->spr[SPR_DSISR] = 0x0a000000;
                        } else {
                            env->spr[SPR_DSISR] = 0x08000000;
                        }
                    }
                }
                return false;
            }
            *raddrp = raddr;
            return true;
        }
    }

    /* 3. Look up the Segment Register */
    sr = env->sr[eaddr >> 28];

    /* 4. Handle direct store segments */
    if (sr & SR32_T) {
        return ppc_hash32_direct_store(cpu, sr, eaddr, access_type,
                                       raddrp, protp, mmu_idx, guest_visible);
    }

    /* 5. Check for segment level no-execute violation */
    if (access_type == MMU_INST_FETCH && (sr & SR32_NX)) {
        if (guest_visible) {
            cs->exception_index = POWERPC_EXCP_ISI;
            env->error_code = 0x10000000;
        }
        return false;
    }

    /* 6. Locate the PTE in the hash table */
    pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
    if (pte_offset == -1) {
        if (guest_visible) {
            if (access_type == MMU_INST_FETCH) {
                cs->exception_index = POWERPC_EXCP_ISI;
                env->error_code = 0x40000000;
            } else {
                cs->exception_index = POWERPC_EXCP_DSI;
                env->error_code = 0;
                env->spr[SPR_DAR] = eaddr;
                if (access_type == MMU_DATA_STORE) {
                    env->spr[SPR_DSISR] = 0x42000000;
                } else {
                    env->spr[SPR_DSISR] = 0x40000000;
                }
            }
        }
        return false;
    }
    qemu_log_mask(CPU_LOG_MMU,
                "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);

    /* 7. Check access permissions */

    prot = ppc_hash32_pte_prot(mmu_idx, sr, pte);

    if (need_prot & ~prot) {
        /* Access right violation */
        qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
        if (guest_visible) {
            if (access_type == MMU_INST_FETCH) {
                cs->exception_index = POWERPC_EXCP_ISI;
                env->error_code = 0x08000000;
            } else {
                cs->exception_index = POWERPC_EXCP_DSI;
                env->error_code = 0;
                env->spr[SPR_DAR] = eaddr;
                if (access_type == MMU_DATA_STORE) {
                    env->spr[SPR_DSISR] = 0x0a000000;
                } else {
                    env->spr[SPR_DSISR] = 0x08000000;
                }
            }
        }
        return false;
    }

    qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");

    /* 8. Update PTE referenced and changed bits if necessary */

    if (!(pte.pte1 & HPTE32_R_R)) {
        ppc_hash32_set_r(cpu, pte_offset, pte.pte1);
    }
    if (!(pte.pte1 & HPTE32_R_C)) {
        if (access_type == MMU_DATA_STORE) {
            ppc_hash32_set_c(cpu, pte_offset, pte.pte1);
        } else {
            /*
             * Treat the page as read-only for now, so that a later write
             * will pass through this function again to set the C bit
             */
            prot &= ~PAGE_WRITE;
        }
     }

    /* 9. Determine the real address from the PTE */

    *raddrp = ppc_hash32_pte_raddr(sr, pte, eaddr);
    *protp = prot;
    return true;
}
Commit	Line	Data
9d7c3f4a DG	1	/*
	2	* PowerPC MMU, TLB and BAT emulation helpers for QEMU.
	3	*
	4	* Copyright (c) 2003-2007 Jocelyn Mayer
	5	* Copyright (c) 2013 David Gibson, IBM Corporation
	6	*
	7	* This library is free software; you can redistribute it and/or
	8	* modify it under the terms of the GNU Lesser General Public
	9	* License as published by the Free Software Foundation; either
6bd039cd	10	* version 2.1 of the License, or (at your option) any later version.
9d7c3f4a DG	11	*
	12	* This library is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	* Lesser General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU Lesser General Public
	18	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	19	*/
	20
0d75590d	21	#include "qemu/osdep.h"
9d7c3f4a	22	#include "cpu.h"
63c91552	23	#include "exec/exec-all.h"
9d7c3f4a DG	24	#include "sysemu/kvm.h"
9d7c3f4a DG	25	#include "kvm_ppc.h"
182357db	26	#include "internal.h"
9d7c3f4a	27	#include "mmu-hash32.h"
d423baf9	28	#include "mmu-books.h"
508127e2	29	#include "exec/log.h"
9d7c3f4a	30
ba1b5df0	31	/* #define DEBUG_BATS */
9d7c3f4a	32
98132796	33	#ifdef DEBUG_BATS
48880da6	34	# define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
98132796 DG	35	#else
	36	# define LOG_BATS(...) do { } while (0)
	37	#endif
	38
5dc68eb0 DG	39	struct mmu_ctx_hash32 {
5dc68eb0 DG	40	hwaddr raddr; /* Real address */
5dc68eb0	41	int prot; /* Protection bits */
5dc68eb0	42	int key; /* Access key */
5dc68eb0 DG	43	};
5dc68eb0 DG	44
e01b4445	45	static int ppc_hash32_pp_prot(int key, int pp, int nx)
496272a7	46	{
e01b4445	47	int prot;
496272a7	48
496272a7 DG	49	if (key == 0) {
	50	switch (pp) {
	51	case 0x0:
	52	case 0x1:
	53	case 0x2:
e01b4445 DG	54	prot = PAGE_READ \| PAGE_WRITE;
	55	break;
	56
496272a7	57	case 0x3:
e01b4445	58	prot = PAGE_READ;
496272a7	59	break;
e01b4445 DG	60
	61	default:
	62	abort();
496272a7 DG	63	}
	64	} else {
	65	switch (pp) {
	66	case 0x0:
e01b4445	67	prot = 0;
496272a7	68	break;
e01b4445	69
496272a7 DG	70	case 0x1:
496272a7 DG	71	case 0x3:
e01b4445	72	prot = PAGE_READ;
496272a7	73	break;
e01b4445	74
496272a7	75	case 0x2:
e01b4445	76	prot = PAGE_READ \| PAGE_WRITE;
496272a7	77	break;
e01b4445 DG	78
	79	default:
	80	abort();
496272a7 DG	81	}
	82	}
	83	if (nx == 0) {
e01b4445	84	prot \|= PAGE_EXEC;
496272a7 DG	85	}
496272a7 DG	86
e01b4445	87	return prot;
496272a7 DG	88	}
496272a7 DG	89
d423baf9	90	static int ppc_hash32_pte_prot(int mmu_idx,
e01b4445	91	target_ulong sr, ppc_hash_pte32_t pte)
496272a7	92	{
e01b4445	93	unsigned pp, key;
496272a7	94
d423baf9	95	key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
e01b4445	96	pp = pte.pte1 & HPTE32_R_PP;
496272a7	97
e01b4445	98	return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
496272a7 DG	99	}
496272a7 DG	100
d423baf9	101	static target_ulong hash32_bat_size(int mmu_idx,
6fc76aa9	102	target_ulong batu, target_ulong batl)
98132796	103	{
d423baf9 BL	104	if ((mmuidx_pr(mmu_idx) && !(batu & BATU32_VP))
d423baf9 BL	105	\|\| (!mmuidx_pr(mmu_idx) && !(batu & BATU32_VS))) {
6fc76aa9	106	return 0;
98132796	107	}
6fc76aa9 DG	108
6fc76aa9 DG	109	return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
98132796 DG	110	}
98132796 DG	111
7ef23068	112	static int hash32_bat_prot(PowerPCCPU *cpu,
e1d49515 DG	113	target_ulong batu, target_ulong batl)
	114	{
	115	int pp, prot;
	116
	117	prot = 0;
	118	pp = batl & BATL32_PP;
	119	if (pp != 0) {
	120	prot = PAGE_READ \| PAGE_EXEC;
	121	if (pp == 0x2) {
	122	prot \|= PAGE_WRITE;
	123	}
	124	}
	125	return prot;
	126	}
	127
31fa64ec	128	static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
d423baf9 BL	129	MMUAccessType access_type, int *prot,
d423baf9 BL	130	int mmu_idx)
98132796	131	{
7ef23068	132	CPUPPCState *env = &cpu->env;
9986ed1e	133	target_ulong BATlt, BATut;
31fa64ec	134	bool ifetch = access_type == MMU_INST_FETCH;
145e52f3	135	int i;
98132796 DG	136
98132796 DG	137	LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
31fa64ec RH	138	ifetch ? 'I' : 'D', ea);
31fa64ec RH	139	if (ifetch) {
98132796 DG	140	BATlt = env->IBAT[1];
98132796 DG	141	BATut = env->IBAT[0];
91cda45b	142	} else {
98132796 DG	143	BATlt = env->DBAT[1];
98132796 DG	144	BATut = env->DBAT[0];
98132796 DG	145	}
98132796 DG	146	for (i = 0; i < env->nb_BATs; i++) {
9986ed1e DG	147	target_ulong batu = BATut[i];
9986ed1e DG	148	target_ulong batl = BATlt[i];
6fc76aa9	149	target_ulong mask;
9986ed1e	150
005b69fd	151	mask = hash32_bat_size(mmu_idx, batu, batl);
98132796 DG	152	LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
98132796 DG	153	" BATl " TARGET_FMT_lx "\n", __func__,
31fa64ec	154	ifetch ? 'I' : 'D', i, ea, batu, batl);
145e52f3 DG	155
	156	if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
	157	hwaddr raddr = (batl & mask) \| (ea & ~mask);
	158
005b69fd	159	*prot = hash32_bat_prot(cpu, batu, batl);
145e52f3 DG	160
145e52f3 DG	161	return raddr & TARGET_PAGE_MASK;
98132796 DG	162	}
98132796 DG	163	}
145e52f3 DG	164
145e52f3 DG	165	/* No hit */
98132796	166	#if defined(DEBUG_BATS)
145e52f3	167	if (qemu_log_enabled()) {
ba1b5df0 FR	168	target_ulong BATu, BATl;
	169	target_ulong BEPIl, BEPIu, bl;
	170
145e52f3 DG	171	LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", ea);
	172	for (i = 0; i < 4; i++) {
	173	BATu = &BATut[i];
	174	BATl = &BATlt[i];
	175	BEPIu = *BATu & BATU32_BEPIU;
	176	BEPIl = *BATu & BATU32_BEPIL;
	177	bl = (*BATu & 0x00001FFC) << 15;
	178	LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
	179	" BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
	180	TARGET_FMT_lx " " TARGET_FMT_lx "\n",
31fa64ec	181	__func__, ifetch ? 'I' : 'D', i, ea,
145e52f3	182	BATu, BATl, BEPIu, BEPIl, bl);
98132796	183	}
98132796	184	}
145e52f3 DG	185	#endif
	186
	187	return -1;
98132796 DG	188	}
98132796 DG	189
6c3c873c RH	190	static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
	191	target_ulong eaddr,
	192	MMUAccessType access_type,
d423baf9	193	hwaddr raddr, int prot, int mmu_idx,
6c3c873c	194	bool guest_visible)
723ed73a	195	{
7ef23068 DG	196	CPUState *cs = CPU(cpu);
7ef23068 DG	197	CPUPPCState *env = &cpu->env;
d423baf9	198	int key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
723ed73a	199
339aaf5b	200	qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
723ed73a	201
31fa64ec	202	if (access_type == MMU_INST_FETCH) {
723ed73a	203	/* No code fetch is allowed in direct-store areas */
6c3c873c RH	204	if (guest_visible) {
	205	cs->exception_index = POWERPC_EXCP_ISI;
	206	env->error_code = 0x10000000;
	207	}
	208	return false;
723ed73a DG	209	}
723ed73a DG	210
6c3c873c RH	211	/*
	212	* From ppc_cpu_get_phys_page_debug, env->access_type is not set.
	213	* Assume ACCESS_INT for that case.
	214	*/
	215	switch (guest_visible ? env->access_type : ACCESS_INT) {
723ed73a DG	216	case ACCESS_INT:
	217	/* Integer load/store : only access allowed */
	218	break;
	219	case ACCESS_FLOAT:
	220	/* Floating point load/store */
27103424	221	cs->exception_index = POWERPC_EXCP_ALIGN;
caa597bd DG	222	env->error_code = POWERPC_EXCP_ALIGN_FP;
caa597bd DG	223	env->spr[SPR_DAR] = eaddr;
6c3c873c	224	return false;
723ed73a DG	225	case ACCESS_RES:
723ed73a DG	226	/* lwarx, ldarx or srwcx. */
caa597bd DG	227	env->error_code = 0;
caa597bd DG	228	env->spr[SPR_DAR] = eaddr;
31fa64ec	229	if (access_type == MMU_DATA_STORE) {
caa597bd DG	230	env->spr[SPR_DSISR] = 0x06000000;
	231	} else {
	232	env->spr[SPR_DSISR] = 0x04000000;
	233	}
6c3c873c	234	return false;
723ed73a	235	case ACCESS_CACHE:
596e3ca8 DG	236	/*
	237	* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
	238	*
	239	* Should make the instruction do no-op. As it already do
	240	* no-op, it's quite easy :-)
723ed73a DG	241	*/
723ed73a DG	242	*raddr = eaddr;
6c3c873c	243	return true;
723ed73a DG	244	case ACCESS_EXT:
723ed73a DG	245	/* eciwx or ecowx */
27103424	246	cs->exception_index = POWERPC_EXCP_DSI;
caa597bd DG	247	env->error_code = 0;
caa597bd DG	248	env->spr[SPR_DAR] = eaddr;
31fa64ec	249	if (access_type == MMU_DATA_STORE) {
caa597bd DG	250	env->spr[SPR_DSISR] = 0x06100000;
	251	} else {
	252	env->spr[SPR_DSISR] = 0x04100000;
	253	}
6c3c873c	254	return false;
723ed73a	255	default:
6c3c873c	256	cpu_abort(cs, "ERROR: insn should not need address translation\n");
723ed73a	257	}
6c3c873c RH	258
	259	*prot = key ? PAGE_READ \| PAGE_WRITE : PAGE_READ;
	260	if (*prot & prot_for_access_type(access_type)) {
723ed73a	261	*raddr = eaddr;
6c3c873c RH	262	return true;
	263	}
	264
	265	if (guest_visible) {
27103424	266	cs->exception_index = POWERPC_EXCP_DSI;
caa597bd DG	267	env->error_code = 0;
caa597bd DG	268	env->spr[SPR_DAR] = eaddr;
31fa64ec	269	if (access_type == MMU_DATA_STORE) {
caa597bd DG	270	env->spr[SPR_DSISR] = 0x0a000000;
	271	} else {
	272	env->spr[SPR_DSISR] = 0x08000000;
	273	}
723ed73a	274	}
6c3c873c	275	return false;
723ed73a DG	276	}
723ed73a DG	277
7ef23068	278	hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
59191721	279	{
36778660	280	target_ulong mask = ppc_hash32_hpt_mask(cpu);
7ef23068	281
36778660	282	return (hash * HASH_PTEG_SIZE_32) & mask;
59191721 DG	283	}
59191721 DG	284
7ef23068	285	static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
aea390e4 DG	286	bool secondary, target_ulong ptem,
	287	ppc_hash_pte32_t *pte)
	288	{
	289	hwaddr pte_offset = pteg_off;
	290	target_ulong pte0, pte1;
	291	int i;
	292
	293	for (i = 0; i < HPTES_PER_GROUP; i++) {
7ef23068	294	pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
3054b0ca BH	295	/*
	296	* pte0 contains the valid bit and must be read before pte1,
	297	* otherwise we might see an old pte1 with a new valid bit and
	298	* thus an inconsistent hpte value
	299	*/
	300	smp_rmb();
7ef23068	301	pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
aea390e4 DG	302
	303	if ((pte0 & HPTE32_V_VALID)
	304	&& (secondary == !!(pte0 & HPTE32_V_SECONDARY))
	305	&& HPTE32_V_COMPARE(pte0, ptem)) {
	306	pte->pte0 = pte0;
	307	pte->pte1 = pte1;
	308	return pte_offset;
	309	}
	310
	311	pte_offset += HASH_PTE_SIZE_32;
	312	}
	313
	314	return -1;
	315	}
	316
6e8a65ab BH	317	static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_offset, uint32_t pte1)
	318	{
	319	target_ulong base = ppc_hash32_hpt_base(cpu);
	320	hwaddr offset = pte_offset + 6;
	321
	322	/* The HW performs a non-atomic byte update */
	323	stb_phys(CPU(cpu)->as, base + offset, ((pte1 >> 8) & 0xff) \| 0x01);
	324	}
	325
	326	static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_offset, uint64_t pte1)
	327	{
	328	target_ulong base = ppc_hash32_hpt_base(cpu);
	329	hwaddr offset = pte_offset + 7;
	330
	331	/* The HW performs a non-atomic byte update */
	332	stb_phys(CPU(cpu)->as, base + offset, (pte1 & 0xff) \| 0x80);
	333	}
	334
7ef23068	335	static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
7f3bdc2d DG	336	target_ulong sr, target_ulong eaddr,
7f3bdc2d DG	337	ppc_hash_pte32_t *pte)
c69b6151	338	{
aea390e4	339	hwaddr pteg_off, pte_offset;
a1ff751a DG	340	hwaddr hash;
a1ff751a DG	341	uint32_t vsid, pgidx, ptem;
c69b6151	342
a1ff751a	343	vsid = sr & SR32_VSID;
a1ff751a DG	344	pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
	345	hash = vsid ^ pgidx;
	346	ptem = (vsid << 7) \| (pgidx >> 10);
	347
	348	/* Page address translation */
883f2c59 PMD	349	qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx
	350	" htab_mask " HWADDR_FMT_plx
	351	" hash " HWADDR_FMT_plx "\n",
36778660	352	ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
a1ff751a DG	353
a1ff751a DG	354	/* Primary PTEG lookup */
883f2c59	355	qemu_log_mask(CPU_LOG_MMU, "0 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
a1ff751a	356	" vsid=%" PRIx32 " ptem=%" PRIx32
883f2c59	357	" hash=" HWADDR_FMT_plx "\n",
36778660 DG	358	ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
36778660 DG	359	vsid, ptem, hash);
7ef23068 DG	360	pteg_off = get_pteg_offset32(cpu, hash);
7ef23068 DG	361	pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
a1ff751a DG	362	if (pte_offset == -1) {
a1ff751a DG	363	/* Secondary PTEG lookup */
883f2c59	364	qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
a1ff751a	365	" vsid=%" PRIx32 " api=%" PRIx32
883f2c59	366	" hash=" HWADDR_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
36778660	367	ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
7ef23068 DG	368	pteg_off = get_pteg_offset32(cpu, ~hash);
7ef23068 DG	369	pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
a1ff751a DG	370	}
a1ff751a DG	371
7f3bdc2d	372	return pte_offset;
c69b6151	373	}
0480884f	374
6d11d998 DG	375	static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
	376	target_ulong eaddr)
	377	{
75d5ec89	378	hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
6d11d998 DG	379	hwaddr mask = ~TARGET_PAGE_MASK;
	380
	381	return (rpn & ~mask) \| (eaddr & mask);
	382	}
	383
51806b54	384	bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
d423baf9	385	hwaddr raddrp, int psizep, int *protp, int mmu_idx,
51806b54	386	bool guest_visible)
0480884f	387	{
d0e39c5d AF	388	CPUState *cs = CPU(cpu);
d0e39c5d AF	389	CPUPPCState *env = &cpu->env;
a1ff751a	390	target_ulong sr;
7f3bdc2d DG	391	hwaddr pte_offset;
7f3bdc2d DG	392	ppc_hash_pte32_t pte;
caa597bd	393	int prot;
182357db	394	int need_prot;
caa597bd	395	hwaddr raddr;
0480884f	396
6c3c873c RH	397	/* There are no hash32 large pages. */
6c3c873c RH	398	*psizep = TARGET_PAGE_BITS;
6a980110	399
65d61643	400	/* 1. Handle real mode accesses */
d423baf9	401	if (mmuidx_real(mmu_idx)) {
65d61643	402	/* Translation is off */
6c3c873c RH	403	*raddrp = eaddr;
	404	*protp = PAGE_READ \| PAGE_WRITE \| PAGE_EXEC;
	405	return true;
65d61643 DG	406	}
65d61643 DG	407
6c3c873c RH	408	need_prot = prot_for_access_type(access_type);
6c3c873c RH	409
65d61643 DG	410	/* 2. Check Block Address Translation entries (BATs) */
65d61643 DG	411	if (env->nb_BATs != 0) {
d423baf9	412	raddr = ppc_hash32_bat_lookup(cpu, eaddr, access_type, protp, mmu_idx);
caa597bd	413	if (raddr != -1) {
6c3c873c RH	414	if (need_prot & ~*protp) {
	415	if (guest_visible) {
	416	if (access_type == MMU_INST_FETCH) {
	417	cs->exception_index = POWERPC_EXCP_ISI;
	418	env->error_code = 0x08000000;
caa597bd	419	} else {
6c3c873c RH	420	cs->exception_index = POWERPC_EXCP_DSI;
	421	env->error_code = 0;
	422	env->spr[SPR_DAR] = eaddr;
	423	if (access_type == MMU_DATA_STORE) {
	424	env->spr[SPR_DSISR] = 0x0a000000;
	425	} else {
	426	env->spr[SPR_DSISR] = 0x08000000;
	427	}
caa597bd DG	428	}
caa597bd DG	429	}
6c3c873c	430	return false;
e01b4445	431	}
6c3c873c RH	432	*raddrp = raddr;
6c3c873c RH	433	return true;
65d61643 DG	434	}
	435	}
	436
4b9605a5	437	/* 3. Look up the Segment Register */
0480884f	438	sr = env->sr[eaddr >> 28];
4b9605a5	439
4b9605a5 DG	440	/* 4. Handle direct store segments */
4b9605a5 DG	441	if (sr & SR32_T) {
6c3c873c	442	return ppc_hash32_direct_store(cpu, sr, eaddr, access_type,
d423baf9	443	raddrp, protp, mmu_idx, guest_visible);
4b9605a5 DG	444	}
4b9605a5 DG	445
bb218042	446	/* 5. Check for segment level no-execute violation */
31fa64ec	447	if (access_type == MMU_INST_FETCH && (sr & SR32_NX)) {
6c3c873c RH	448	if (guest_visible) {
	449	cs->exception_index = POWERPC_EXCP_ISI;
	450	env->error_code = 0x10000000;
	451	}
	452	return false;
bb218042	453	}
7f3bdc2d DG	454
7f3bdc2d DG	455	/* 6. Locate the PTE in the hash table */
7ef23068	456	pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
7f3bdc2d	457	if (pte_offset == -1) {
6c3c873c RH	458	if (guest_visible) {
	459	if (access_type == MMU_INST_FETCH) {
	460	cs->exception_index = POWERPC_EXCP_ISI;
	461	env->error_code = 0x40000000;
caa597bd	462	} else {
6c3c873c RH	463	cs->exception_index = POWERPC_EXCP_DSI;
	464	env->error_code = 0;
	465	env->spr[SPR_DAR] = eaddr;
	466	if (access_type == MMU_DATA_STORE) {
	467	env->spr[SPR_DSISR] = 0x42000000;
	468	} else {
	469	env->spr[SPR_DSISR] = 0x40000000;
	470	}
caa597bd DG	471	}
caa597bd DG	472	}
6c3c873c	473	return false;
7f3bdc2d	474	}
339aaf5b AP	475	qemu_log_mask(CPU_LOG_MMU,
339aaf5b AP	476	"found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
7f3bdc2d DG	477
7f3bdc2d DG	478	/* 7. Check access permissions */
6a980110	479
d423baf9	480	prot = ppc_hash32_pte_prot(mmu_idx, sr, pte);
6a980110	481
182357db	482	if (need_prot & ~prot) {
6a980110	483	/* Access right violation */
339aaf5b	484	qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
6c3c873c RH	485	if (guest_visible) {
	486	if (access_type == MMU_INST_FETCH) {
	487	cs->exception_index = POWERPC_EXCP_ISI;
	488	env->error_code = 0x08000000;
caa597bd	489	} else {
6c3c873c RH	490	cs->exception_index = POWERPC_EXCP_DSI;
	491	env->error_code = 0;
	492	env->spr[SPR_DAR] = eaddr;
	493	if (access_type == MMU_DATA_STORE) {
	494	env->spr[SPR_DSISR] = 0x0a000000;
	495	} else {
	496	env->spr[SPR_DSISR] = 0x08000000;
	497	}
caa597bd DG	498	}
caa597bd DG	499	}
6c3c873c	500	return false;
6a980110 DG	501	}
6a980110 DG	502
339aaf5b	503	qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
87dc3fd1 DG	504
	505	/* 8. Update PTE referenced and changed bits if necessary */
	506
6e8a65ab BH	507	if (!(pte.pte1 & HPTE32_R_R)) {
6e8a65ab BH	508	ppc_hash32_set_r(cpu, pte_offset, pte.pte1);
7f3bdc2d	509	}
6e8a65ab	510	if (!(pte.pte1 & HPTE32_R_C)) {
31fa64ec	511	if (access_type == MMU_DATA_STORE) {
6e8a65ab BH	512	ppc_hash32_set_c(cpu, pte_offset, pte.pte1);
	513	} else {
	514	/*
	515	* Treat the page as read-only for now, so that a later write
	516	* will pass through this function again to set the C bit
	517	*/
	518	prot &= ~PAGE_WRITE;
	519	}
	520	}
0480884f	521
6d11d998 DG	522	/* 9. Determine the real address from the PTE */
6d11d998 DG	523
6c3c873c RH	524	*raddrp = ppc_hash32_pte_raddr(sr, pte, eaddr);
	525	*protp = prot;
	526	return true;
0480884f	527	}