]> git.proxmox.com Git - mirror_qemu.git/blame - target/riscv/cpu_helper.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target/riscv: Don't allow guest to write to htinst
[mirror_qemu.git] / target / riscv / cpu_helper.c
CommitLineData
0c3e702a 1/*
df354dd4 2 * RISC-V CPU helpers for qemu.
0c3e702a
MC		 3 *
4 * Copyright (c) 2016-2017 Sagar Karandikar, sagark@eecs.berkeley.edu
5 * Copyright (c) 2017-2018 SiFive, Inc.
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2 or later, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "qemu/osdep.h"
21#include "qemu/log.h"
7ec5d303 22#include "qemu/main-loop.h"
0c3e702a
MC		 23#include "cpu.h"
24#include "exec/exec-all.h"
dcb32f1d 25#include "tcg/tcg-op.h"
929f0a7f 26#include "trace.h"
0c3e702a
MC		 27
28int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
29{
30#ifdef CONFIG_USER_ONLY
31 return 0;
32#else
33 return env->priv;
34#endif
35}
36
37#ifndef CONFIG_USER_ONLY
efbdbc26 38static int riscv_cpu_local_irq_pending(CPURISCVState *env)
0c3e702a 39{
3ef10a09
AF		 40 target_ulong irqs;
41
efbdbc26
MC		 42 target_ulong mstatus_mie = get_field(env->mstatus, MSTATUS_MIE);
43 target_ulong mstatus_sie = get_field(env->mstatus, MSTATUS_SIE);
3ef10a09
AF		 44 target_ulong hs_mstatus_sie = get_field(env->mstatus_hs, MSTATUS_SIE);
45
46 target_ulong pending = env->mip & env->mie &
47 ~(MIP_VSSIP | MIP_VSTIP | MIP_VSEIP);
48 target_ulong vspending = (env->mip & env->mie &
c5969a3a 49 (MIP_VSSIP | MIP_VSTIP | MIP_VSEIP));
3ef10a09
AF		 50
51 target_ulong mie = env->priv < PRV_M ||
52 (env->priv == PRV_M && mstatus_mie);
53 target_ulong sie = env->priv < PRV_S ||
54 (env->priv == PRV_S && mstatus_sie);
55 target_ulong hs_sie = env->priv < PRV_S ||
56 (env->priv == PRV_S && hs_mstatus_sie);
57
58 if (riscv_cpu_virt_enabled(env)) {
59 target_ulong pending_hs_irq = pending & -hs_sie;
60
61 if (pending_hs_irq) {
62 riscv_cpu_set_force_hs_excep(env, FORCE_HS_EXCEP);
63 return ctz64(pending_hs_irq);
64 }
65
66 pending = vspending;
67 }
68
69 irqs = (pending & ~env->mideleg & -mie) | (pending & env->mideleg & -sie);
0c3e702a 70
efbdbc26
MC		 71 if (irqs) {
72 return ctz64(irqs); /* since non-zero */
0c3e702a
MC		 73 } else {
74 return EXCP_NONE; /* indicates no pending interrupt */
75 }
76}
77#endif
78
79bool riscv_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
80{
81#if !defined(CONFIG_USER_ONLY)
82 if (interrupt_request & CPU_INTERRUPT_HARD) {
83 RISCVCPU *cpu = RISCV_CPU(cs);
84 CPURISCVState *env = &cpu->env;
efbdbc26 85 int interruptno = riscv_cpu_local_irq_pending(env);
0c3e702a
MC		 86 if (interruptno >= 0) {
87 cs->exception_index = RISCV_EXCP_INT_FLAG | interruptno;
88 riscv_cpu_do_interrupt(cs);
89 return true;
90 }
91 }
92#endif
93 return false;
94}
95
96#if !defined(CONFIG_USER_ONLY)
97
b345b480
AF		 98/* Return true is floating point support is currently enabled */
99bool riscv_cpu_fp_enabled(CPURISCVState *env)
100{
101 if (env->mstatus & MSTATUS_FS) {
29409c1d
AF		 102 if (riscv_cpu_virt_enabled(env) && !(env->mstatus_hs & MSTATUS_FS)) {
103 return false;
104 }
b345b480
AF		 105 return true;
106 }
107
108 return false;
109}
110
66e594f2
AF		 111void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env)
112{
113 target_ulong mstatus_mask = MSTATUS_MXR | MSTATUS_SUM | MSTATUS_FS |
114 MSTATUS_SPP | MSTATUS_SPIE | MSTATUS_SIE;
115 bool current_virt = riscv_cpu_virt_enabled(env);
116
117 g_assert(riscv_has_ext(env, RVH));
118
119#if defined(TARGET_RISCV64)
120 mstatus_mask |= MSTATUS64_UXL;
121#endif
122
123 if (current_virt) {
124 /* Current V=1 and we are about to change to V=0 */
125 env->vsstatus = env->mstatus & mstatus_mask;
126 env->mstatus &= ~mstatus_mask;
127 env->mstatus |= env->mstatus_hs;
128
551fa7e8
AF		 129#if defined(TARGET_RISCV32)
130 env->vsstatush = env->mstatush;
131 env->mstatush |= env->mstatush_hs;
132#endif
133
66e594f2
AF		 134 env->vstvec = env->stvec;
135 env->stvec = env->stvec_hs;
136
137 env->vsscratch = env->sscratch;
138 env->sscratch = env->sscratch_hs;
139
140 env->vsepc = env->sepc;
141 env->sepc = env->sepc_hs;
142
143 env->vscause = env->scause;
144 env->scause = env->scause_hs;
145
146 env->vstval = env->sbadaddr;
147 env->sbadaddr = env->stval_hs;
148
149 env->vsatp = env->satp;
150 env->satp = env->satp_hs;
151 } else {
152 /* Current V=0 and we are about to change to V=1 */
153 env->mstatus_hs = env->mstatus & mstatus_mask;
154 env->mstatus &= ~mstatus_mask;
155 env->mstatus |= env->vsstatus;
156
551fa7e8
AF		 157#if defined(TARGET_RISCV32)
158 env->mstatush_hs = env->mstatush;
159 env->mstatush |= env->vsstatush;
160#endif
161
66e594f2
AF		 162 env->stvec_hs = env->stvec;
163 env->stvec = env->vstvec;
164
165 env->sscratch_hs = env->sscratch;
166 env->sscratch = env->vsscratch;
167
168 env->sepc_hs = env->sepc;
169 env->sepc = env->vsepc;
170
171 env->scause_hs = env->scause;
172 env->scause = env->vscause;
173
174 env->stval_hs = env->sbadaddr;
175 env->sbadaddr = env->vstval;
176
177 env->satp_hs = env->satp;
178 env->satp = env->vsatp;
179 }
180}
181
ef6bb7b6
AF		 182bool riscv_cpu_virt_enabled(CPURISCVState *env)
183{
184 if (!riscv_has_ext(env, RVH)) {
185 return false;
186 }
187
188 return get_field(env->virt, VIRT_ONOFF);
189}
190
191void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable)
192{
193 if (!riscv_has_ext(env, RVH)) {
194 return;
195 }
196
eccc5a12
AF		 197 /* Flush the TLB on all virt mode changes. */
198 if (get_field(env->virt, VIRT_ONOFF) != enable) {
199 tlb_flush(env_cpu(env));
200 }
201
ef6bb7b6
AF		 202 env->virt = set_field(env->virt, VIRT_ONOFF, enable);
203}
204
c7b1bbc8
AF		 205bool riscv_cpu_force_hs_excep_enabled(CPURISCVState *env)
206{
207 if (!riscv_has_ext(env, RVH)) {
208 return false;
209 }
210
211 return get_field(env->virt, FORCE_HS_EXCEP);
212}
213
214void riscv_cpu_set_force_hs_excep(CPURISCVState *env, bool enable)
215{
216 if (!riscv_has_ext(env, RVH)) {
217 return;
218 }
219
220 env->virt = set_field(env->virt, FORCE_HS_EXCEP, enable);
221}
222
5a894dd7
AF		 223bool riscv_cpu_two_stage_lookup(CPURISCVState *env)
224{
225 if (!riscv_has_ext(env, RVH)) {
226 return false;
227 }
228
229 return get_field(env->virt, HS_TWO_STAGE);
230}
231
232void riscv_cpu_set_two_stage_lookup(CPURISCVState *env, bool enable)
233{
234 if (!riscv_has_ext(env, RVH)) {
235 return;
236 }
237
238 env->virt = set_field(env->virt, HS_TWO_STAGE, enable);
239}
240
e3e7039c
MC		 241int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint32_t interrupts)
242{
243 CPURISCVState *env = &cpu->env;
244 if (env->miclaim & interrupts) {
245 return -1;
246 } else {
247 env->miclaim |= interrupts;
248 return 0;
249 }
250}
251
df354dd4
MC		 252uint32_t riscv_cpu_update_mip(RISCVCPU *cpu, uint32_t mask, uint32_t value)
253{
254 CPURISCVState *env = &cpu->env;
0a01f2ee 255 CPUState *cs = CPU(cpu);
7ec5d303
AF		 256 uint32_t old = env->mip;
257 bool locked = false;
258
259 if (!qemu_mutex_iothread_locked()) {
260 locked = true;
261 qemu_mutex_lock_iothread();
262 }
df354dd4 263
7ec5d303 264 env->mip = (env->mip & ~mask) | (value & mask);
df354dd4 265
7ec5d303
AF		 266 if (env->mip) {
267 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
268 } else {
269 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
270 }
0a01f2ee 271
7ec5d303
AF		 272 if (locked) {
273 qemu_mutex_unlock_iothread();
274 }
df354dd4
MC		 275
276 return old;
277}
278
c6957248
AP		 279void riscv_cpu_set_rdtime_fn(CPURISCVState *env, uint64_t (*fn)(void))
280{
281 env->rdtime_fn = fn;
282}
283
fb738839 284void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv)
df354dd4
MC		 285{
286 if (newpriv > PRV_M) {
287 g_assert_not_reached();
288 }
289 if (newpriv == PRV_H) {
290 newpriv = PRV_U;
291 }
292 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
293 env->priv = newpriv;
c13b169f
JS		 294
295 /*
296 * Clear the load reservation - otherwise a reservation placed in one
297 * context/process can be used by another, resulting in an SC succeeding
298 * incorrectly. Version 2.2 of the ISA specification explicitly requires
299 * this behaviour, while later revisions say that the kernel "should" use
300 * an SC instruction to force the yielding of a load reservation on a
301 * preemptive context switch. As a result, do both.
302 */
303 env->load_res = -1;
df354dd4
MC		 304}
305
0c3e702a
MC		 306/* get_physical_address - get the physical address for this virtual address
307 *
308 * Do a page table walk to obtain the physical address corresponding to a
309 * virtual address. Returns 0 if the translation was successful
310 *
311 * Adapted from Spike's mmu_t::translate and mmu_t::walk
312 *
1448689c
AF		 313 * @env: CPURISCVState
314 * @physical: This will be set to the calculated physical address
315 * @prot: The returned protection attributes
316 * @addr: The virtual address to be translated
317 * @access_type: The type of MMU access
318 * @mmu_idx: Indicates current privilege level
319 * @first_stage: Are we in first stage translation?
320 * Second stage is used for hypervisor guest translation
36a18664 321 * @two_stage: Are we going to perform two stage translation
0c3e702a
MC		 322 */
323static int get_physical_address(CPURISCVState *env, hwaddr *physical,
324 int *prot, target_ulong addr,
1448689c 325 int access_type, int mmu_idx,
36a18664 326 bool first_stage, bool two_stage)
0c3e702a
MC		 327{
328 /* NOTE: the env->pc value visible here will not be
329 * correct, but the value visible to the exception handler
330 * (riscv_cpu_do_interrupt) is correct */
aacb578f
PD		 331 MemTxResult res;
332 MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED;
0c3e702a 333 int mode = mmu_idx;
36a18664 334 bool use_background = false;
0c3e702a 335
36a18664
AF		 336 /*
337 * Check if we should use the background registers for the two
338 * stage translation. We don't need to check if we actually need
339 * two stage translation as that happened before this function
340 * was called. Background registers will be used if the guest has
341 * forced a two stage translation to be on (in HS or M mode).
342 */
29b3361b
AF		 343 if (riscv_cpu_two_stage_lookup(env) && access_type != MMU_INST_FETCH) {
344 use_background = true;
345 }
346
0c3e702a
MC		 347 if (mode == PRV_M && access_type != MMU_INST_FETCH) {
348 if (get_field(env->mstatus, MSTATUS_MPRV)) {
349 mode = get_field(env->mstatus, MSTATUS_MPP);
350 }
351 }
352
36a18664
AF		 353 if (first_stage == false) {
354 /* We are in stage 2 translation, this is similar to stage 1. */
355 /* Stage 2 is always taken as U-mode */
356 mode = PRV_U;
357 }
358
0c3e702a
MC		 359 if (mode == PRV_M || !riscv_feature(env, RISCV_FEATURE_MMU)) {
360 *physical = addr;
361 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
362 return TRANSLATE_SUCCESS;
363 }
364
365 *prot = 0;
366
ddf78132 367 hwaddr base;
36a18664
AF		 368 int levels, ptidxbits, ptesize, vm, sum, mxr, widened;
369
370 if (first_stage == true) {
371 mxr = get_field(env->mstatus, MSTATUS_MXR);
372 } else {
373 mxr = get_field(env->vsstatus, MSTATUS_MXR);
374 }
0c3e702a 375
1a9540d1
AF		 376 if (first_stage == true) {
377 if (use_background) {
378 base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT;
379 vm = get_field(env->vsatp, SATP_MODE);
36a18664 380 } else {
1a9540d1
AF		 381 base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT;
382 vm = get_field(env->satp, SATP_MODE);
0c3e702a 383 }
36a18664 384 widened = 0;
1a9540d1
AF		 385 } else {
386 base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT;
387 vm = get_field(env->hgatp, HGATP_MODE);
388 widened = 2;
389 }
390 sum = get_field(env->mstatus, MSTATUS_SUM);
391 switch (vm) {
392 case VM_1_10_SV32:
393 levels = 2; ptidxbits = 10; ptesize = 4; break;
394 case VM_1_10_SV39:
395 levels = 3; ptidxbits = 9; ptesize = 8; break;
396 case VM_1_10_SV48:
397 levels = 4; ptidxbits = 9; ptesize = 8; break;
398 case VM_1_10_SV57:
399 levels = 5; ptidxbits = 9; ptesize = 8; break;
400 case VM_1_10_MBARE:
401 *physical = addr;
402 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
403 return TRANSLATE_SUCCESS;
404 default:
405 g_assert_not_reached();
0c3e702a
MC		 406 }
407
3109cd98 408 CPUState *cs = env_cpu(env);
36a18664
AF		 409 int va_bits = PGSHIFT + levels * ptidxbits + widened;
410 target_ulong mask, masked_msbs;
411
412 if (TARGET_LONG_BITS > (va_bits - 1)) {
413 mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1;
414 } else {
415 mask = 0;
416 }
417 masked_msbs = (addr >> (va_bits - 1)) & mask;
418
0c3e702a
MC		 419 if (masked_msbs != 0 && masked_msbs != mask) {
420 return TRANSLATE_FAIL;
421 }
422
423 int ptshift = (levels - 1) * ptidxbits;
424 int i;
425
426#if !TCG_OVERSIZED_GUEST
427restart:
428#endif
429 for (i = 0; i < levels; i++, ptshift -= ptidxbits) {
36a18664
AF		 430 target_ulong idx;
431 if (i == 0) {
432 idx = (addr >> (PGSHIFT + ptshift)) &
433 ((1 << (ptidxbits + widened)) - 1);
434 } else {
435 idx = (addr >> (PGSHIFT + ptshift)) &
0c3e702a 436 ((1 << ptidxbits) - 1);
36a18664 437 }
0c3e702a
MC		 438
439 /* check that physical address of PTE is legal */
36a18664
AF		 440 hwaddr pte_addr;
441
442 if (two_stage && first_stage) {
38472890 443 int vbase_prot;
36a18664
AF		 444 hwaddr vbase;
445
446 /* Do the second stage translation on the base PTE address. */
88914473
AF		 447 int vbase_ret = get_physical_address(env, &vbase, &vbase_prot,
448 base, MMU_DATA_LOAD,
449 mmu_idx, false, true);
450
451 if (vbase_ret != TRANSLATE_SUCCESS) {
452 return vbase_ret;
453 }
36a18664
AF		 454
455 pte_addr = vbase + idx * ptesize;
456 } else {
457 pte_addr = base + idx * ptesize;
458 }
1f447aec
HA		 459
460 if (riscv_feature(env, RISCV_FEATURE_PMP) &&
461 !pmp_hart_has_privs(env, pte_addr, sizeof(target_ulong),
462 1 << MMU_DATA_LOAD, PRV_S)) {
463 return TRANSLATE_PMP_FAIL;
464 }
aacb578f 465
0c3e702a 466#if defined(TARGET_RISCV32)
aacb578f 467 target_ulong pte = address_space_ldl(cs->as, pte_addr, attrs, &res);
0c3e702a 468#elif defined(TARGET_RISCV64)
aacb578f 469 target_ulong pte = address_space_ldq(cs->as, pte_addr, attrs, &res);
0c3e702a 470#endif
aacb578f
PD		 471 if (res != MEMTX_OK) {
472 return TRANSLATE_FAIL;
473 }
474
ddf78132 475 hwaddr ppn = pte >> PTE_PPN_SHIFT;
0c3e702a 476
c3b03e58
MC		 477 if (!(pte & PTE_V)) {
478 /* Invalid PTE */
479 return TRANSLATE_FAIL;
480 } else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
481 /* Inner PTE, continue walking */
0c3e702a 482 base = ppn << PGSHIFT;
c3b03e58
MC		 483 } else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) {
484 /* Reserved leaf PTE flags: PTE_W */
485 return TRANSLATE_FAIL;
486 } else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) {
487 /* Reserved leaf PTE flags: PTE_W + PTE_X */
488 return TRANSLATE_FAIL;
489 } else if ((pte & PTE_U) && ((mode != PRV_U) &&
490 (!sum || access_type == MMU_INST_FETCH))) {
491 /* User PTE flags when not U mode and mstatus.SUM is not set,
492 or the access type is an instruction fetch */
493 return TRANSLATE_FAIL;
494 } else if (!(pte & PTE_U) && (mode != PRV_S)) {
495 /* Supervisor PTE flags when not S mode */
496 return TRANSLATE_FAIL;
497 } else if (ppn & ((1ULL << ptshift) - 1)) {
498 /* Misaligned PPN */
499 return TRANSLATE_FAIL;
500 } else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) ||
501 ((pte & PTE_X) && mxr))) {
502 /* Read access check failed */
503 return TRANSLATE_FAIL;
504 } else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) {
505 /* Write access check failed */
506 return TRANSLATE_FAIL;
507 } else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) {
508 /* Fetch access check failed */
509 return TRANSLATE_FAIL;
0c3e702a
MC		 510 } else {
511 /* if necessary, set accessed and dirty bits. */
512 target_ulong updated_pte = pte | PTE_A |
513 (access_type == MMU_DATA_STORE ? PTE_D : 0);
514
515 /* Page table updates need to be atomic with MTTCG enabled */
516 if (updated_pte != pte) {
c3b03e58
MC		 517 /*
518 * - if accessed or dirty bits need updating, and the PTE is
519 * in RAM, then we do so atomically with a compare and swap.
520 * - if the PTE is in IO space or ROM, then it can't be updated
521 * and we return TRANSLATE_FAIL.
522 * - if the PTE changed by the time we went to update it, then
523 * it is no longer valid and we must re-walk the page table.
524 */
0c3e702a
MC		 525 MemoryRegion *mr;
526 hwaddr l = sizeof(target_ulong), addr1;
527 mr = address_space_translate(cs->as, pte_addr,
bc6b1cec 528 &addr1, &l, false, MEMTXATTRS_UNSPECIFIED);
c3b03e58 529 if (memory_region_is_ram(mr)) {
0c3e702a
MC		 530 target_ulong *pte_pa =
531 qemu_map_ram_ptr(mr->ram_block, addr1);
532#if TCG_OVERSIZED_GUEST
533 /* MTTCG is not enabled on oversized TCG guests so
534 * page table updates do not need to be atomic */
535 *pte_pa = pte = updated_pte;
536#else
537 target_ulong old_pte =
538 atomic_cmpxchg(pte_pa, pte, updated_pte);
539 if (old_pte != pte) {
540 goto restart;
541 } else {
542 pte = updated_pte;
543 }
544#endif
545 } else {
546 /* misconfigured PTE in ROM (AD bits are not preset) or
547 * PTE is in IO space and can't be updated atomically */
548 return TRANSLATE_FAIL;
549 }
550 }
551
552 /* for superpage mappings, make a fake leaf PTE for the TLB's
553 benefit. */
554 target_ulong vpn = addr >> PGSHIFT;
9ef82119
ZL		 555 *physical = ((ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT) |
556 (addr & ~TARGET_PAGE_MASK);
0c3e702a 557
c3b03e58
MC		 558 /* set permissions on the TLB entry */
559 if ((pte & PTE_R) || ((pte & PTE_X) && mxr)) {
0c3e702a
MC		 560 *prot |= PAGE_READ;
561 }
562 if ((pte & PTE_X)) {
563 *prot |= PAGE_EXEC;
564 }
c3b03e58
MC		 565 /* add write permission on stores or if the page is already dirty,
566 so that we TLB miss on later writes to update the dirty bit */
0c3e702a
MC		 567 if ((pte & PTE_W) &&
568 (access_type == MMU_DATA_STORE || (pte & PTE_D))) {
569 *prot |= PAGE_WRITE;
570 }
571 return TRANSLATE_SUCCESS;
572 }
573 }
574 return TRANSLATE_FAIL;
575}
576
577static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
1448689c
AF		 578 MMUAccessType access_type, bool pmp_violation,
579 bool first_stage)
0c3e702a 580{
3109cd98 581 CPUState *cs = env_cpu(env);
1448689c
AF		 582 int page_fault_exceptions;
583 if (first_stage) {
584 page_fault_exceptions =
1448689c
AF		 585 get_field(env->satp, SATP_MODE) != VM_1_10_MBARE &&
586 !pmp_violation;
587 } else {
588 page_fault_exceptions =
589 get_field(env->hgatp, HGATP_MODE) != VM_1_10_MBARE &&
590 !pmp_violation;
591 }
0c3e702a
MC		 592 switch (access_type) {
593 case MMU_INST_FETCH:
b2ef6ab9
AF		 594 if (riscv_cpu_virt_enabled(env) && !first_stage) {
595 cs->exception_index = RISCV_EXCP_INST_GUEST_PAGE_FAULT;
596 } else {
597 cs->exception_index = page_fault_exceptions ?
598 RISCV_EXCP_INST_PAGE_FAULT : RISCV_EXCP_INST_ACCESS_FAULT;
599 }
0c3e702a
MC		 600 break;
601 case MMU_DATA_LOAD:
29b3361b
AF		 602 if ((riscv_cpu_virt_enabled(env) || riscv_cpu_two_stage_lookup(env)) &&
603 !first_stage) {
b2ef6ab9
AF		 604 cs->exception_index = RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT;
605 } else {
606 cs->exception_index = page_fault_exceptions ?
607 RISCV_EXCP_LOAD_PAGE_FAULT : RISCV_EXCP_LOAD_ACCESS_FAULT;
608 }
0c3e702a
MC		 609 break;
610 case MMU_DATA_STORE:
29b3361b
AF		 611 if ((riscv_cpu_virt_enabled(env) || riscv_cpu_two_stage_lookup(env)) &&
612 !first_stage) {
b2ef6ab9
AF		 613 cs->exception_index = RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT;
614 } else {
615 cs->exception_index = page_fault_exceptions ?
616 RISCV_EXCP_STORE_PAGE_FAULT : RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
617 }
0c3e702a
MC		 618 break;
619 default:
620 g_assert_not_reached();
621 }
622 env->badaddr = address;
623}
624
625hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
626{
627 RISCVCPU *cpu = RISCV_CPU(cs);
36a18664 628 CPURISCVState *env = &cpu->env;
0c3e702a
MC		 629 hwaddr phys_addr;
630 int prot;
631 int mmu_idx = cpu_mmu_index(&cpu->env, false);
632
36a18664
AF		 633 if (get_physical_address(env, &phys_addr, &prot, addr, 0, mmu_idx,
634 true, riscv_cpu_virt_enabled(env))) {
0c3e702a
MC		 635 return -1;
636 }
36a18664
AF		 637
638 if (riscv_cpu_virt_enabled(env)) {
639 if (get_physical_address(env, &phys_addr, &prot, phys_addr,
640 0, mmu_idx, false, true)) {
641 return -1;
642 }
643 }
644
9ef82119 645 return phys_addr & TARGET_PAGE_MASK;
0c3e702a
MC		 646}
647
37207e12
PD		 648void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
649 vaddr addr, unsigned size,
650 MMUAccessType access_type,
651 int mmu_idx, MemTxAttrs attrs,
652 MemTxResult response, uintptr_t retaddr)
cbf58276
MC		 653{
654 RISCVCPU *cpu = RISCV_CPU(cs);
655 CPURISCVState *env = &cpu->env;
656
37207e12 657 if (access_type == MMU_DATA_STORE) {
cbf58276
MC		 658 cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
659 } else {
660 cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT;
661 }
662
663 env->badaddr = addr;
37207e12 664 riscv_raise_exception(&cpu->env, cs->exception_index, retaddr);
cbf58276
MC		 665}
666
0c3e702a
MC		 667void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
668 MMUAccessType access_type, int mmu_idx,
669 uintptr_t retaddr)
670{
671 RISCVCPU *cpu = RISCV_CPU(cs);
672 CPURISCVState *env = &cpu->env;
673 switch (access_type) {
674 case MMU_INST_FETCH:
675 cs->exception_index = RISCV_EXCP_INST_ADDR_MIS;
676 break;
677 case MMU_DATA_LOAD:
678 cs->exception_index = RISCV_EXCP_LOAD_ADDR_MIS;
679 break;
680 case MMU_DATA_STORE:
681 cs->exception_index = RISCV_EXCP_STORE_AMO_ADDR_MIS;
682 break;
683 default:
684 g_assert_not_reached();
685 }
686 env->badaddr = addr;
fb738839 687 riscv_raise_exception(env, cs->exception_index, retaddr);
0c3e702a 688}
0c3e702a
MC		 689#endif
690
8a4ca3c1
RH		 691bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
692 MMUAccessType access_type, int mmu_idx,
693 bool probe, uintptr_t retaddr)
0c3e702a
MC		 694{
695 RISCVCPU *cpu = RISCV_CPU(cs);
696 CPURISCVState *env = &cpu->env;
2921343b 697#ifndef CONFIG_USER_ONLY
36a18664 698 vaddr im_address;
0c3e702a 699 hwaddr pa = 0;
8f67cd6d 700 int prot, prot2;
635b0b0e 701 bool pmp_violation = false;
36a18664 702 bool first_stage_error = true;
0c3e702a 703 int ret = TRANSLATE_FAIL;
cc0fdb29 704 int mode = mmu_idx;
af3fc195 705 target_ulong tlb_size = 0;
0c3e702a 706
36a18664
AF		 707 env->guest_phys_fault_addr = 0;
708
8a4ca3c1
RH		 709 qemu_log_mask(CPU_LOG_MMU, "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n",
710 __func__, address, access_type, mmu_idx);
711
cc0fdb29
HA		 712 if (mode == PRV_M && access_type != MMU_INST_FETCH) {
713 if (get_field(env->mstatus, MSTATUS_MPRV)) {
714 mode = get_field(env->mstatus, MSTATUS_MPP);
715 }
716 }
717
29b3361b
AF		 718 if (riscv_has_ext(env, RVH) && env->priv == PRV_M &&
719 access_type != MMU_INST_FETCH &&
720 get_field(env->mstatus, MSTATUS_MPRV) &&
721 MSTATUS_MPV_ISSET(env)) {
722 riscv_cpu_set_two_stage_lookup(env, true);
723 }
724
725 if (riscv_cpu_virt_enabled(env) ||
726 (riscv_cpu_two_stage_lookup(env) && access_type != MMU_INST_FETCH)) {
36a18664
AF		 727 /* Two stage lookup */
728 ret = get_physical_address(env, &pa, &prot, address, access_type,
729 mmu_idx, true, true);
730
731 qemu_log_mask(CPU_LOG_MMU,
732 "%s 1st-stage address=%" VADDR_PRIx " ret %d physical "
733 TARGET_FMT_plx " prot %d\n",
734 __func__, address, ret, pa, prot);
735
736 if (ret != TRANSLATE_FAIL) {
737 /* Second stage lookup */
738 im_address = pa;
739
8f67cd6d 740 ret = get_physical_address(env, &pa, &prot2, im_address,
36a18664
AF		 741 access_type, mmu_idx, false, true);
742
743 qemu_log_mask(CPU_LOG_MMU,
744 "%s 2nd-stage address=%" VADDR_PRIx " ret %d physical "
745 TARGET_FMT_plx " prot %d\n",
8f67cd6d
AF		 746 __func__, im_address, ret, pa, prot2);
747
748 prot &= prot2;
36a18664
AF		 749
750 if (riscv_feature(env, RISCV_FEATURE_PMP) &&
751 (ret == TRANSLATE_SUCCESS) &&
752 !pmp_hart_has_privs(env, pa, size, 1 << access_type, mode)) {
753 ret = TRANSLATE_PMP_FAIL;
754 }
755
756 if (ret != TRANSLATE_SUCCESS) {
757 /*
758 * Guest physical address translation failed, this is a HS
759 * level exception
760 */
761 first_stage_error = false;
762 env->guest_phys_fault_addr = (im_address |
763 (address &
764 (TARGET_PAGE_SIZE - 1))) >> 2;
765 }
766 }
767 } else {
768 /* Single stage lookup */
769 ret = get_physical_address(env, &pa, &prot, address, access_type,
770 mmu_idx, true, false);
771
772 qemu_log_mask(CPU_LOG_MMU,
773 "%s address=%" VADDR_PRIx " ret %d physical "
774 TARGET_FMT_plx " prot %d\n",
775 __func__, address, ret, pa, prot);
776 }
8a4ca3c1 777
29b3361b
AF		 778 /* We did the two stage lookup based on MPRV, unset the lookup */
779 if (riscv_has_ext(env, RVH) && env->priv == PRV_M &&
780 access_type != MMU_INST_FETCH &&
781 get_field(env->mstatus, MSTATUS_MPRV) &&
782 MSTATUS_MPV_ISSET(env)) {
783 riscv_cpu_set_two_stage_lookup(env, false);
784 }
785
a88365c1 786 if (riscv_feature(env, RISCV_FEATURE_PMP) &&
e0f8fa72 787 (ret == TRANSLATE_SUCCESS) &&
db21e6f7 788 !pmp_hart_has_privs(env, pa, size, 1 << access_type, mode)) {
1f447aec
HA		 789 ret = TRANSLATE_PMP_FAIL;
790 }
791 if (ret == TRANSLATE_PMP_FAIL) {
635b0b0e 792 pmp_violation = true;
0c3e702a 793 }
36a18664 794
0c3e702a 795 if (ret == TRANSLATE_SUCCESS) {
af3fc195
ZL		 796 if (pmp_is_range_in_tlb(env, pa & TARGET_PAGE_MASK, &tlb_size)) {
797 tlb_set_page(cs, address & ~(tlb_size - 1), pa & ~(tlb_size - 1),
798 prot, mmu_idx, tlb_size);
799 } else {
800 tlb_set_page(cs, address & TARGET_PAGE_MASK, pa & TARGET_PAGE_MASK,
801 prot, mmu_idx, TARGET_PAGE_SIZE);
802 }
8a4ca3c1
RH		 803 return true;
804 } else if (probe) {
805 return false;
806 } else {
36a18664 807 raise_mmu_exception(env, address, access_type, pmp_violation, first_stage_error);
8a4ca3c1 808 riscv_raise_exception(env, cs->exception_index, retaddr);
0c3e702a 809 }
36a18664
AF		 810
811 return true;
812
0c3e702a 813#else
8a4ca3c1 814 switch (access_type) {
0c3e702a
MC		 815 case MMU_INST_FETCH:
816 cs->exception_index = RISCV_EXCP_INST_PAGE_FAULT;
817 break;
818 case MMU_DATA_LOAD:
819 cs->exception_index = RISCV_EXCP_LOAD_PAGE_FAULT;
820 break;
821 case MMU_DATA_STORE:
822 cs->exception_index = RISCV_EXCP_STORE_PAGE_FAULT;
823 break;
2921343b
GM		 824 default:
825 g_assert_not_reached();
0c3e702a 826 }
2921343b 827 env->badaddr = address;
8a4ca3c1 828 cpu_loop_exit_restore(cs, retaddr);
0c3e702a 829#endif
0c3e702a
MC		 830}
831
832/*
833 * Handle Traps
834 *
835 * Adapted from Spike's processor_t::take_trap.
836 *
837 */
838void riscv_cpu_do_interrupt(CPUState *cs)
839{
840#if !defined(CONFIG_USER_ONLY)
841
842 RISCVCPU *cpu = RISCV_CPU(cs);
843 CPURISCVState *env = &cpu->env;
5eb9e782
AF		 844 bool force_hs_execp = riscv_cpu_force_hs_excep_enabled(env);
845 target_ulong s;
0c3e702a 846
acbbb94e
MC		 847 /* cs->exception is 32-bits wide unlike mcause which is XLEN-bits wide
848 * so we mask off the MSB and separate into trap type and cause.
849 */
850 bool async = !!(cs->exception_index & RISCV_EXCP_INT_FLAG);
851 target_ulong cause = cs->exception_index & RISCV_EXCP_INT_MASK;
852 target_ulong deleg = async ? env->mideleg : env->medeleg;
853 target_ulong tval = 0;
30675539
AF		 854 target_ulong htval = 0;
855 target_ulong mtval2 = 0;
acbbb94e 856
acbbb94e
MC		 857 if (!async) {
858 /* set tval to badaddr for traps with address information */
859 switch (cause) {
ab67a1d0
AF		 860 case RISCV_EXCP_INST_GUEST_PAGE_FAULT:
861 case RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT:
862 case RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT:
5eb9e782
AF		 863 force_hs_execp = true;
864 /* fallthrough */
acbbb94e
MC		 865 case RISCV_EXCP_INST_ADDR_MIS:
866 case RISCV_EXCP_INST_ACCESS_FAULT:
867 case RISCV_EXCP_LOAD_ADDR_MIS:
868 case RISCV_EXCP_STORE_AMO_ADDR_MIS:
869 case RISCV_EXCP_LOAD_ACCESS_FAULT:
870 case RISCV_EXCP_STORE_AMO_ACCESS_FAULT:
871 case RISCV_EXCP_INST_PAGE_FAULT:
872 case RISCV_EXCP_LOAD_PAGE_FAULT:
873 case RISCV_EXCP_STORE_PAGE_FAULT:
874 tval = env->badaddr;
875 break;
876 default:
877 break;
0c3e702a 878 }
acbbb94e
MC		 879 /* ecall is dispatched as one cause so translate based on mode */
880 if (cause == RISCV_EXCP_U_ECALL) {
881 assert(env->priv <= 3);
5eb9e782
AF		 882
883 if (env->priv == PRV_M) {
884 cause = RISCV_EXCP_M_ECALL;
885 } else if (env->priv == PRV_S && riscv_cpu_virt_enabled(env)) {
886 cause = RISCV_EXCP_VS_ECALL;
887 } else if (env->priv == PRV_S && !riscv_cpu_virt_enabled(env)) {
888 cause = RISCV_EXCP_S_ECALL;
889 } else if (env->priv == PRV_U) {
890 cause = RISCV_EXCP_U_ECALL;
891 }
0c3e702a
MC		 892 }
893 }
894
ab67a1d0 895 trace_riscv_trap(env->mhartid, async, cause, env->pc, tval, cause < 23 ?
929f0a7f 896 (async ? riscv_intr_names : riscv_excp_names)[cause] : "(unknown)");
0c3e702a 897
acbbb94e
MC		 898 if (env->priv <= PRV_S &&
899 cause < TARGET_LONG_BITS && ((deleg >> cause) & 1)) {
0c3e702a 900 /* handle the trap in S-mode */
5eb9e782
AF		 901 if (riscv_has_ext(env, RVH)) {
902 target_ulong hdeleg = async ? env->hideleg : env->hedeleg;
903
904 if (riscv_cpu_virt_enabled(env) && ((hdeleg >> cause) & 1) &&
905 !force_hs_execp) {
c5969a3a
RK		 906 /*
907 * See if we need to adjust cause. Yes if its VS mode interrupt
908 * no if hypervisor has delegated one of hs mode's interrupt
909 */
910 if (cause == IRQ_VS_TIMER || cause == IRQ_VS_SOFT ||
911 cause == IRQ_VS_EXT)
912 cause = cause - 1;
5eb9e782
AF		 913 /* Trap to VS mode */
914 } else if (riscv_cpu_virt_enabled(env)) {
915 /* Trap into HS mode, from virt */
916 riscv_cpu_swap_hypervisor_regs(env);
917 env->hstatus = set_field(env->hstatus, HSTATUS_SP2V,
918 get_field(env->hstatus, HSTATUS_SPV));
919 env->hstatus = set_field(env->hstatus, HSTATUS_SP2P,
920 get_field(env->mstatus, SSTATUS_SPP));
921 env->hstatus = set_field(env->hstatus, HSTATUS_SPV,
922 riscv_cpu_virt_enabled(env));
923
30675539
AF		 924 htval = env->guest_phys_fault_addr;
925
5eb9e782
AF		 926 riscv_cpu_set_virt_enabled(env, 0);
927 riscv_cpu_set_force_hs_excep(env, 0);
928 } else {
929 /* Trap into HS mode */
930 env->hstatus = set_field(env->hstatus, HSTATUS_SP2V,
931 get_field(env->hstatus, HSTATUS_SPV));
932 env->hstatus = set_field(env->hstatus, HSTATUS_SP2P,
933 get_field(env->mstatus, SSTATUS_SPP));
934 env->hstatus = set_field(env->hstatus, HSTATUS_SPV,
935 riscv_cpu_virt_enabled(env));
30675539
AF		 936
937 htval = env->guest_phys_fault_addr;
5eb9e782
AF		 938 }
939 }
940
941 s = env->mstatus;
1a9540d1 942 s = set_field(s, MSTATUS_SPIE, get_field(s, MSTATUS_SIE));
0c3e702a
MC		 943 s = set_field(s, MSTATUS_SPP, env->priv);
944 s = set_field(s, MSTATUS_SIE, 0);
c7b95171 945 env->mstatus = s;
16fdb8ff 946 env->scause = cause | ((target_ulong)async << (TARGET_LONG_BITS - 1));
acbbb94e
MC		 947 env->sepc = env->pc;
948 env->sbadaddr = tval;
30675539 949 env->htval = htval;
acbbb94e
MC		 950 env->pc = (env->stvec >> 2 << 2) +
951 ((async && (env->stvec & 3) == 1) ? cause * 4 : 0);
fb738839 952 riscv_cpu_set_mode(env, PRV_S);
0c3e702a 953 } else {
acbbb94e 954 /* handle the trap in M-mode */
5eb9e782
AF		 955 if (riscv_has_ext(env, RVH)) {
956 if (riscv_cpu_virt_enabled(env)) {
957 riscv_cpu_swap_hypervisor_regs(env);
958 }
551fa7e8
AF		 959#ifdef TARGET_RISCV32
960 env->mstatush = set_field(env->mstatush, MSTATUS_MPV,
961 riscv_cpu_virt_enabled(env));
962 env->mstatush = set_field(env->mstatush, MSTATUS_MTL,
963 riscv_cpu_force_hs_excep_enabled(env));
964#else
5eb9e782
AF		 965 env->mstatus = set_field(env->mstatus, MSTATUS_MPV,
966 riscv_cpu_virt_enabled(env));
967 env->mstatus = set_field(env->mstatus, MSTATUS_MTL,
968 riscv_cpu_force_hs_excep_enabled(env));
551fa7e8 969#endif
5eb9e782 970
30675539
AF		 971 mtval2 = env->guest_phys_fault_addr;
972
5eb9e782
AF		 973 /* Trapping to M mode, virt is disabled */
974 riscv_cpu_set_virt_enabled(env, 0);
975 riscv_cpu_set_force_hs_excep(env, 0);
976 }
977
978 s = env->mstatus;
1a9540d1 979 s = set_field(s, MSTATUS_MPIE, get_field(s, MSTATUS_MIE));
0c3e702a
MC		 980 s = set_field(s, MSTATUS_MPP, env->priv);
981 s = set_field(s, MSTATUS_MIE, 0);
c7b95171 982 env->mstatus = s;
acbbb94e
MC		 983 env->mcause = cause | ~(((target_ulong)-1) >> async);
984 env->mepc = env->pc;
985 env->mbadaddr = tval;
30675539 986 env->mtval2 = mtval2;
acbbb94e
MC		 987 env->pc = (env->mtvec >> 2 << 2) +
988 ((async && (env->mtvec & 3) == 1) ? cause * 4 : 0);
fb738839 989 riscv_cpu_set_mode(env, PRV_M);
0c3e702a 990 }
d9360e96
MC		 991
992 /* NOTE: it is not necessary to yield load reservations here. It is only
993 * necessary for an SC from "another hart" to cause a load reservation
994 * to be yielded. Refer to the memory consistency model section of the
995 * RISC-V ISA Specification.
996 */
997
0c3e702a
MC		 998#endif
999 cs->exception_index = EXCP_NONE; /* mark handled to qemu */
1000}
QEMU mirror