]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * PowerPC MMU, TLB and BAT emulation helpers for QEMU. | |
3 | * | |
4 | * Copyright (c) 2003-2007 Jocelyn Mayer | |
5 | * Copyright (c) 2013 David Gibson, IBM Corporation | |
6 | * | |
7 | * This library is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU Lesser General Public | |
9 | * License as published by the Free Software Foundation; either | |
10 | * version 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public | |
18 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
21 | #include "cpu.h" | |
22 | #include "helper.h" | |
23 | #include "sysemu/kvm.h" | |
24 | #include "kvm_ppc.h" | |
25 | #include "mmu-hash32.h" | |
26 | ||
27 | //#define DEBUG_MMU | |
28 | //#define DEBUG_BAT | |
29 | ||
30 | #ifdef DEBUG_MMU | |
31 | # define LOG_MMU(...) qemu_log(__VA_ARGS__) | |
32 | # define LOG_MMU_STATE(env) log_cpu_state((env), 0) | |
33 | #else | |
34 | # define LOG_MMU(...) do { } while (0) | |
35 | # define LOG_MMU_STATE(...) do { } while (0) | |
36 | #endif | |
37 | ||
38 | #ifdef DEBUG_BATS | |
39 | # define LOG_BATS(...) qemu_log(__VA_ARGS__) | |
40 | #else | |
41 | # define LOG_BATS(...) do { } while (0) | |
42 | #endif | |
43 | ||
44 | struct mmu_ctx_hash32 { | |
45 | hwaddr raddr; /* Real address */ | |
46 | int prot; /* Protection bits */ | |
47 | int key; /* Access key */ | |
48 | }; | |
49 | ||
50 | static int ppc_hash32_pp_prot(int key, int pp, int nx) | |
51 | { | |
52 | int prot; | |
53 | ||
54 | if (key == 0) { | |
55 | switch (pp) { | |
56 | case 0x0: | |
57 | case 0x1: | |
58 | case 0x2: | |
59 | prot = PAGE_READ | PAGE_WRITE; | |
60 | break; | |
61 | ||
62 | case 0x3: | |
63 | prot = PAGE_READ; | |
64 | break; | |
65 | ||
66 | default: | |
67 | abort(); | |
68 | } | |
69 | } else { | |
70 | switch (pp) { | |
71 | case 0x0: | |
72 | prot = 0; | |
73 | break; | |
74 | ||
75 | case 0x1: | |
76 | case 0x3: | |
77 | prot = PAGE_READ; | |
78 | break; | |
79 | ||
80 | case 0x2: | |
81 | prot = PAGE_READ | PAGE_WRITE; | |
82 | break; | |
83 | ||
84 | default: | |
85 | abort(); | |
86 | } | |
87 | } | |
88 | if (nx == 0) { | |
89 | prot |= PAGE_EXEC; | |
90 | } | |
91 | ||
92 | return prot; | |
93 | } | |
94 | ||
95 | static int ppc_hash32_pte_prot(CPUPPCState *env, | |
96 | target_ulong sr, ppc_hash_pte32_t pte) | |
97 | { | |
98 | unsigned pp, key; | |
99 | ||
100 | key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS)); | |
101 | pp = pte.pte1 & HPTE32_R_PP; | |
102 | ||
103 | return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX)); | |
104 | } | |
105 | ||
106 | static target_ulong hash32_bat_size(CPUPPCState *env, | |
107 | target_ulong batu, target_ulong batl) | |
108 | { | |
109 | if ((msr_pr && !(batu & BATU32_VP)) | |
110 | || (!msr_pr && !(batu & BATU32_VS))) { | |
111 | return 0; | |
112 | } | |
113 | ||
114 | return BATU32_BEPI & ~((batu & BATU32_BL) << 15); | |
115 | } | |
116 | ||
117 | static int hash32_bat_prot(CPUPPCState *env, | |
118 | target_ulong batu, target_ulong batl) | |
119 | { | |
120 | int pp, prot; | |
121 | ||
122 | prot = 0; | |
123 | pp = batl & BATL32_PP; | |
124 | if (pp != 0) { | |
125 | prot = PAGE_READ | PAGE_EXEC; | |
126 | if (pp == 0x2) { | |
127 | prot |= PAGE_WRITE; | |
128 | } | |
129 | } | |
130 | return prot; | |
131 | } | |
132 | ||
133 | static target_ulong hash32_bat_601_size(CPUPPCState *env, | |
134 | target_ulong batu, target_ulong batl) | |
135 | { | |
136 | if (!(batl & BATL32_601_V)) { | |
137 | return 0; | |
138 | } | |
139 | ||
140 | return BATU32_BEPI & ~((batl & BATL32_601_BL) << 17); | |
141 | } | |
142 | ||
143 | static int hash32_bat_601_prot(CPUPPCState *env, | |
144 | target_ulong batu, target_ulong batl) | |
145 | { | |
146 | int key, pp; | |
147 | ||
148 | pp = batu & BATU32_601_PP; | |
149 | if (msr_pr == 0) { | |
150 | key = !!(batu & BATU32_601_KS); | |
151 | } else { | |
152 | key = !!(batu & BATU32_601_KP); | |
153 | } | |
154 | return ppc_hash32_pp_prot(key, pp, 0); | |
155 | } | |
156 | ||
157 | static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx, | |
158 | int *prot) | |
159 | { | |
160 | target_ulong *BATlt, *BATut; | |
161 | int i; | |
162 | ||
163 | LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__, | |
164 | rwx == 2 ? 'I' : 'D', ea); | |
165 | if (rwx == 2) { | |
166 | BATlt = env->IBAT[1]; | |
167 | BATut = env->IBAT[0]; | |
168 | } else { | |
169 | BATlt = env->DBAT[1]; | |
170 | BATut = env->DBAT[0]; | |
171 | } | |
172 | for (i = 0; i < env->nb_BATs; i++) { | |
173 | target_ulong batu = BATut[i]; | |
174 | target_ulong batl = BATlt[i]; | |
175 | target_ulong mask; | |
176 | ||
177 | if (unlikely(env->mmu_model == POWERPC_MMU_601)) { | |
178 | mask = hash32_bat_601_size(env, batu, batl); | |
179 | } else { | |
180 | mask = hash32_bat_size(env, batu, batl); | |
181 | } | |
182 | LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx | |
183 | " BATl " TARGET_FMT_lx "\n", __func__, | |
184 | type == ACCESS_CODE ? 'I' : 'D', i, ea, batu, batl); | |
185 | ||
186 | if (mask && ((ea & mask) == (batu & BATU32_BEPI))) { | |
187 | hwaddr raddr = (batl & mask) | (ea & ~mask); | |
188 | ||
189 | if (unlikely(env->mmu_model == POWERPC_MMU_601)) { | |
190 | *prot = hash32_bat_601_prot(env, batu, batl); | |
191 | } else { | |
192 | *prot = hash32_bat_prot(env, batu, batl); | |
193 | } | |
194 | ||
195 | return raddr & TARGET_PAGE_MASK; | |
196 | } | |
197 | } | |
198 | ||
199 | /* No hit */ | |
200 | #if defined(DEBUG_BATS) | |
201 | if (qemu_log_enabled()) { | |
202 | LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", ea); | |
203 | for (i = 0; i < 4; i++) { | |
204 | BATu = &BATut[i]; | |
205 | BATl = &BATlt[i]; | |
206 | BEPIu = *BATu & BATU32_BEPIU; | |
207 | BEPIl = *BATu & BATU32_BEPIL; | |
208 | bl = (*BATu & 0x00001FFC) << 15; | |
209 | LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx | |
210 | " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " " | |
211 | TARGET_FMT_lx " " TARGET_FMT_lx "\n", | |
212 | __func__, type == ACCESS_CODE ? 'I' : 'D', i, ea, | |
213 | *BATu, *BATl, BEPIu, BEPIl, bl); | |
214 | } | |
215 | } | |
216 | #endif | |
217 | ||
218 | return -1; | |
219 | } | |
220 | ||
221 | static int ppc_hash32_direct_store(CPUPPCState *env, target_ulong sr, | |
222 | target_ulong eaddr, int rwx, | |
223 | hwaddr *raddr, int *prot) | |
224 | { | |
225 | int key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS)); | |
226 | ||
227 | LOG_MMU("direct store...\n"); | |
228 | ||
229 | if ((sr & 0x1FF00000) >> 20 == 0x07f) { | |
230 | /* Memory-forced I/O controller interface access */ | |
231 | /* If T=1 and BUID=x'07F', the 601 performs a memory access | |
232 | * to SR[28-31] LA[4-31], bypassing all protection mechanisms. | |
233 | */ | |
234 | *raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF); | |
235 | *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; | |
236 | return 0; | |
237 | } | |
238 | ||
239 | if (rwx == 2) { | |
240 | /* No code fetch is allowed in direct-store areas */ | |
241 | return -4; | |
242 | } | |
243 | ||
244 | switch (env->access_type) { | |
245 | case ACCESS_INT: | |
246 | /* Integer load/store : only access allowed */ | |
247 | break; | |
248 | case ACCESS_FLOAT: | |
249 | /* Floating point load/store */ | |
250 | return -4; | |
251 | case ACCESS_RES: | |
252 | /* lwarx, ldarx or srwcx. */ | |
253 | return -4; | |
254 | case ACCESS_CACHE: | |
255 | /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */ | |
256 | /* Should make the instruction do no-op. | |
257 | * As it already do no-op, it's quite easy :-) | |
258 | */ | |
259 | *raddr = eaddr; | |
260 | return 0; | |
261 | case ACCESS_EXT: | |
262 | /* eciwx or ecowx */ | |
263 | return -4; | |
264 | default: | |
265 | qemu_log("ERROR: instruction should not need " | |
266 | "address translation\n"); | |
267 | return -4; | |
268 | } | |
269 | if ((rwx == 1 || key != 1) && (rwx == 0 || key != 0)) { | |
270 | *raddr = eaddr; | |
271 | return 2; | |
272 | } else { | |
273 | return -2; | |
274 | } | |
275 | } | |
276 | ||
277 | hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash) | |
278 | { | |
279 | return (hash * HASH_PTEG_SIZE_32) & env->htab_mask; | |
280 | } | |
281 | ||
282 | static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off, | |
283 | bool secondary, target_ulong ptem, | |
284 | ppc_hash_pte32_t *pte) | |
285 | { | |
286 | hwaddr pte_offset = pteg_off; | |
287 | target_ulong pte0, pte1; | |
288 | int i; | |
289 | ||
290 | for (i = 0; i < HPTES_PER_GROUP; i++) { | |
291 | pte0 = ppc_hash32_load_hpte0(env, pte_offset); | |
292 | pte1 = ppc_hash32_load_hpte1(env, pte_offset); | |
293 | ||
294 | if ((pte0 & HPTE32_V_VALID) | |
295 | && (secondary == !!(pte0 & HPTE32_V_SECONDARY)) | |
296 | && HPTE32_V_COMPARE(pte0, ptem)) { | |
297 | pte->pte0 = pte0; | |
298 | pte->pte1 = pte1; | |
299 | return pte_offset; | |
300 | } | |
301 | ||
302 | pte_offset += HASH_PTE_SIZE_32; | |
303 | } | |
304 | ||
305 | return -1; | |
306 | } | |
307 | ||
308 | static hwaddr ppc_hash32_htab_lookup(CPUPPCState *env, | |
309 | target_ulong sr, target_ulong eaddr, | |
310 | ppc_hash_pte32_t *pte) | |
311 | { | |
312 | hwaddr pteg_off, pte_offset; | |
313 | hwaddr hash; | |
314 | uint32_t vsid, pgidx, ptem; | |
315 | ||
316 | vsid = sr & SR32_VSID; | |
317 | pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS; | |
318 | hash = vsid ^ pgidx; | |
319 | ptem = (vsid << 7) | (pgidx >> 10); | |
320 | ||
321 | /* Page address translation */ | |
322 | LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx | |
323 | " hash " TARGET_FMT_plx "\n", | |
324 | env->htab_base, env->htab_mask, hash); | |
325 | ||
326 | /* Primary PTEG lookup */ | |
327 | LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx | |
328 | " vsid=%" PRIx32 " ptem=%" PRIx32 | |
329 | " hash=" TARGET_FMT_plx "\n", | |
330 | env->htab_base, env->htab_mask, vsid, ptem, hash); | |
331 | pteg_off = get_pteg_offset32(env, hash); | |
332 | pte_offset = ppc_hash32_pteg_search(env, pteg_off, 0, ptem, pte); | |
333 | if (pte_offset == -1) { | |
334 | /* Secondary PTEG lookup */ | |
335 | LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx | |
336 | " vsid=%" PRIx32 " api=%" PRIx32 | |
337 | " hash=" TARGET_FMT_plx "\n", env->htab_base, | |
338 | env->htab_mask, vsid, ptem, ~hash); | |
339 | pteg_off = get_pteg_offset32(env, ~hash); | |
340 | pte_offset = ppc_hash32_pteg_search(env, pteg_off, 1, ptem, pte); | |
341 | } | |
342 | ||
343 | return pte_offset; | |
344 | } | |
345 | ||
346 | static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte, | |
347 | target_ulong eaddr) | |
348 | { | |
349 | hwaddr rpn = pte.pte1; | |
350 | hwaddr mask = ~TARGET_PAGE_MASK; | |
351 | ||
352 | return (rpn & ~mask) | (eaddr & mask); | |
353 | } | |
354 | ||
355 | static int ppc_hash32_translate(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, | |
356 | target_ulong eaddr, int rwx) | |
357 | { | |
358 | target_ulong sr; | |
359 | hwaddr pte_offset; | |
360 | ppc_hash_pte32_t pte; | |
361 | uint32_t new_pte1; | |
362 | const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC}; | |
363 | ||
364 | assert((rwx == 0) || (rwx == 1) || (rwx == 2)); | |
365 | ||
366 | /* 1. Handle real mode accesses */ | |
367 | if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) { | |
368 | /* Translation is off */ | |
369 | ctx->raddr = eaddr; | |
370 | ctx->prot = PAGE_READ | PAGE_EXEC | PAGE_WRITE; | |
371 | return 0; | |
372 | } | |
373 | ||
374 | /* 2. Check Block Address Translation entries (BATs) */ | |
375 | if (env->nb_BATs != 0) { | |
376 | ctx->raddr = ppc_hash32_bat_lookup(env, eaddr, rwx, &ctx->prot); | |
377 | if (ctx->raddr != -1) { | |
378 | if (need_prot[rwx] & ~ctx->prot) { | |
379 | return -2; | |
380 | } | |
381 | return 0; | |
382 | } | |
383 | } | |
384 | ||
385 | /* 3. Look up the Segment Register */ | |
386 | sr = env->sr[eaddr >> 28]; | |
387 | ||
388 | /* 4. Handle direct store segments */ | |
389 | if (sr & SR32_T) { | |
390 | return ppc_hash32_direct_store(env, sr, eaddr, rwx, | |
391 | &ctx->raddr, &ctx->prot); | |
392 | } | |
393 | ||
394 | /* 5. Check for segment level no-execute violation */ | |
395 | if ((rwx == 2) && (sr & SR32_NX)) { | |
396 | return -3; | |
397 | } | |
398 | ||
399 | /* 6. Locate the PTE in the hash table */ | |
400 | pte_offset = ppc_hash32_htab_lookup(env, sr, eaddr, &pte); | |
401 | if (pte_offset == -1) { | |
402 | return -1; | |
403 | } | |
404 | LOG_MMU("found PTE at offset %08" HWADDR_PRIx "\n", pte_offset); | |
405 | ||
406 | /* 7. Check access permissions */ | |
407 | ||
408 | ctx->prot = ppc_hash32_pte_prot(env, sr, pte); | |
409 | ||
410 | if (need_prot[rwx] & ~ctx->prot) { | |
411 | /* Access right violation */ | |
412 | LOG_MMU("PTE access rejected\n"); | |
413 | return -2; | |
414 | } | |
415 | ||
416 | LOG_MMU("PTE access granted !\n"); | |
417 | ||
418 | /* 8. Update PTE referenced and changed bits if necessary */ | |
419 | ||
420 | new_pte1 = pte.pte1 | HPTE32_R_R; /* set referenced bit */ | |
421 | if (rwx == 1) { | |
422 | new_pte1 |= HPTE32_R_C; /* set changed (dirty) bit */ | |
423 | } else { | |
424 | /* Treat the page as read-only for now, so that a later write | |
425 | * will pass through this function again to set the C bit */ | |
426 | ctx->prot &= ~PAGE_WRITE; | |
427 | } | |
428 | ||
429 | if (new_pte1 != pte.pte1) { | |
430 | ppc_hash32_store_hpte1(env, pte_offset, new_pte1); | |
431 | } | |
432 | ||
433 | /* 9. Determine the real address from the PTE */ | |
434 | ||
435 | ctx->raddr = ppc_hash32_pte_raddr(sr, pte, eaddr); | |
436 | ||
437 | return 0; | |
438 | } | |
439 | ||
440 | hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong addr) | |
441 | { | |
442 | struct mmu_ctx_hash32 ctx; | |
443 | ||
444 | /* FIXME: Will not behave sanely for direct store segments, but | |
445 | * they're almost never used */ | |
446 | if (unlikely(ppc_hash32_translate(env, &ctx, addr, 0) | |
447 | != 0)) { | |
448 | return -1; | |
449 | } | |
450 | ||
451 | return ctx.raddr & TARGET_PAGE_MASK; | |
452 | } | |
453 | ||
454 | int ppc_hash32_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rwx, | |
455 | int mmu_idx) | |
456 | { | |
457 | struct mmu_ctx_hash32 ctx; | |
458 | int ret = 0; | |
459 | ||
460 | ret = ppc_hash32_translate(env, &ctx, address, rwx); | |
461 | if (ret == 0) { | |
462 | tlb_set_page(env, address & TARGET_PAGE_MASK, | |
463 | ctx.raddr & TARGET_PAGE_MASK, ctx.prot, | |
464 | mmu_idx, TARGET_PAGE_SIZE); | |
465 | ret = 0; | |
466 | } else if (ret < 0) { | |
467 | LOG_MMU_STATE(env); | |
468 | if (rwx == 2) { | |
469 | switch (ret) { | |
470 | case -1: | |
471 | /* No matches in page tables or TLB */ | |
472 | env->exception_index = POWERPC_EXCP_ISI; | |
473 | env->error_code = 0x40000000; | |
474 | break; | |
475 | case -2: | |
476 | /* Access rights violation */ | |
477 | env->exception_index = POWERPC_EXCP_ISI; | |
478 | env->error_code = 0x08000000; | |
479 | break; | |
480 | case -3: | |
481 | /* No execute protection violation */ | |
482 | env->exception_index = POWERPC_EXCP_ISI; | |
483 | env->error_code = 0x10000000; | |
484 | break; | |
485 | case -4: | |
486 | /* Direct store exception */ | |
487 | /* No code fetch is allowed in direct-store areas */ | |
488 | env->exception_index = POWERPC_EXCP_ISI; | |
489 | env->error_code = 0x10000000; | |
490 | break; | |
491 | } | |
492 | } else { | |
493 | switch (ret) { | |
494 | case -1: | |
495 | /* No matches in page tables or TLB */ | |
496 | env->exception_index = POWERPC_EXCP_DSI; | |
497 | env->error_code = 0; | |
498 | env->spr[SPR_DAR] = address; | |
499 | if (rwx == 1) { | |
500 | env->spr[SPR_DSISR] = 0x42000000; | |
501 | } else { | |
502 | env->spr[SPR_DSISR] = 0x40000000; | |
503 | } | |
504 | break; | |
505 | case -2: | |
506 | /* Access rights violation */ | |
507 | env->exception_index = POWERPC_EXCP_DSI; | |
508 | env->error_code = 0; | |
509 | env->spr[SPR_DAR] = address; | |
510 | if (rwx == 1) { | |
511 | env->spr[SPR_DSISR] = 0x0A000000; | |
512 | } else { | |
513 | env->spr[SPR_DSISR] = 0x08000000; | |
514 | } | |
515 | break; | |
516 | case -4: | |
517 | /* Direct store exception */ | |
518 | switch (env->access_type) { | |
519 | case ACCESS_FLOAT: | |
520 | /* Floating point load/store */ | |
521 | env->exception_index = POWERPC_EXCP_ALIGN; | |
522 | env->error_code = POWERPC_EXCP_ALIGN_FP; | |
523 | env->spr[SPR_DAR] = address; | |
524 | break; | |
525 | case ACCESS_RES: | |
526 | /* lwarx, ldarx or stwcx. */ | |
527 | env->exception_index = POWERPC_EXCP_DSI; | |
528 | env->error_code = 0; | |
529 | env->spr[SPR_DAR] = address; | |
530 | if (rwx == 1) { | |
531 | env->spr[SPR_DSISR] = 0x06000000; | |
532 | } else { | |
533 | env->spr[SPR_DSISR] = 0x04000000; | |
534 | } | |
535 | break; | |
536 | case ACCESS_EXT: | |
537 | /* eciwx or ecowx */ | |
538 | env->exception_index = POWERPC_EXCP_DSI; | |
539 | env->error_code = 0; | |
540 | env->spr[SPR_DAR] = address; | |
541 | if (rwx == 1) { | |
542 | env->spr[SPR_DSISR] = 0x06100000; | |
543 | } else { | |
544 | env->spr[SPR_DSISR] = 0x04100000; | |
545 | } | |
546 | break; | |
547 | default: | |
548 | printf("DSI: invalid exception (%d)\n", ret); | |
549 | env->exception_index = POWERPC_EXCP_PROGRAM; | |
550 | env->error_code = | |
551 | POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL; | |
552 | env->spr[SPR_DAR] = address; | |
553 | break; | |
554 | } | |
555 | break; | |
556 | } | |
557 | } | |
558 | #if 0 | |
559 | printf("%s: set exception to %d %02x\n", __func__, | |
560 | env->exception, env->error_code); | |
561 | #endif | |
562 | ret = 1; | |
563 | } | |
564 | ||
565 | return ret; | |
566 | } |