]> git.proxmox.com Git - mirror_qemu.git/blob - target/hppa/mem_helper.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
target/hppa: Wire up diag instruction to support BTLB
[mirror_qemu.git] / target / hppa / mem_helper.c
1 /*
2 * HPPA memory access helper routines
3 *
4 * Copyright (c) 2017 Helge Deller
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/helper-proto.h"
25 #include "hw/core/cpu.h"
26 #include "trace.h"
27
28 static hppa_tlb_entry *hppa_find_tlb(CPUHPPAState *env, vaddr addr)
29 {
30 int i;
31
32 for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
33 hppa_tlb_entry *ent = &env->tlb[i];
34 if (ent->va_b <= addr && addr <= ent->va_e) {
35 trace_hppa_tlb_find_entry(env, ent + i, ent->entry_valid,
36 ent->va_b, ent->va_e, ent->pa);
37 return ent;
38 }
39 }
40 trace_hppa_tlb_find_entry_not_found(env, addr);
41 return NULL;
42 }
43
44 static void hppa_flush_tlb_ent(CPUHPPAState *env, hppa_tlb_entry *ent,
45 bool force_flush_btlb)
46 {
47 CPUState *cs = env_cpu(env);
48
49 if (!ent->entry_valid) {
50 return;
51 }
52
53 trace_hppa_tlb_flush_ent(env, ent, ent->va_b, ent->va_e, ent->pa);
54
55 tlb_flush_range_by_mmuidx(cs, ent->va_b,
56 ent->va_e - ent->va_b + 1,
57 HPPA_MMU_FLUSH_MASK, TARGET_LONG_BITS);
58
59 /* never clear BTLBs, unless forced to do so. */
60 if (ent < &env->tlb[HPPA_BTLB_ENTRIES] && !force_flush_btlb) {
61 return;
62 }
63
64 memset(ent, 0, sizeof(*ent));
65 ent->va_b = -1;
66 }
67
68 static hppa_tlb_entry *hppa_alloc_tlb_ent(CPUHPPAState *env)
69 {
70 hppa_tlb_entry *ent;
71 uint32_t i;
72
73 if (env->tlb_last < HPPA_BTLB_ENTRIES || env->tlb_last >= ARRAY_SIZE(env->tlb)) {
74 i = HPPA_BTLB_ENTRIES;
75 env->tlb_last = HPPA_BTLB_ENTRIES + 1;
76 } else {
77 i = env->tlb_last;
78 env->tlb_last++;
79 }
80
81 ent = &env->tlb[i];
82
83 hppa_flush_tlb_ent(env, ent, false);
84 return ent;
85 }
86
87 int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
88 int type, hwaddr *pphys, int *pprot,
89 hppa_tlb_entry **tlb_entry)
90 {
91 hwaddr phys;
92 int prot, r_prot, w_prot, x_prot, priv;
93 hppa_tlb_entry *ent;
94 int ret = -1;
95
96 if (tlb_entry) {
97 *tlb_entry = NULL;
98 }
99
100 /* Virtual translation disabled. Direct map virtual to physical. */
101 if (mmu_idx == MMU_PHYS_IDX) {
102 phys = addr;
103 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
104 goto egress;
105 }
106
107 /* Find a valid tlb entry that matches the virtual address. */
108 ent = hppa_find_tlb(env, addr);
109 if (ent == NULL || !ent->entry_valid) {
110 phys = 0;
111 prot = 0;
112 ret = (type == PAGE_EXEC) ? EXCP_ITLB_MISS : EXCP_DTLB_MISS;
113 goto egress;
114 }
115
116 if (tlb_entry) {
117 *tlb_entry = ent;
118 }
119
120 /* We now know the physical address. */
121 phys = ent->pa + (addr - ent->va_b);
122
123 /* Map TLB access_rights field to QEMU protection. */
124 priv = MMU_IDX_TO_PRIV(mmu_idx);
125 r_prot = (priv <= ent->ar_pl1) * PAGE_READ;
126 w_prot = (priv <= ent->ar_pl2) * PAGE_WRITE;
127 x_prot = (ent->ar_pl2 <= priv && priv <= ent->ar_pl1) * PAGE_EXEC;
128 switch (ent->ar_type) {
129 case 0: /* read-only: data page */
130 prot = r_prot;
131 break;
132 case 1: /* read/write: dynamic data page */
133 prot = r_prot | w_prot;
134 break;
135 case 2: /* read/execute: normal code page */
136 prot = r_prot | x_prot;
137 break;
138 case 3: /* read/write/execute: dynamic code page */
139 prot = r_prot | w_prot | x_prot;
140 break;
141 default: /* execute: promote to privilege level type & 3 */
142 prot = x_prot;
143 break;
144 }
145
146 /* access_id == 0 means public page and no check is performed */
147 if ((env->psw & PSW_P) && ent->access_id) {
148 /* If bits [31:1] match, and bit 0 is set, suppress write. */
149 int match = ent->access_id * 2 + 1;
150
151 if (match == env->cr[CR_PID1] || match == env->cr[CR_PID2] ||
152 match == env->cr[CR_PID3] || match == env->cr[CR_PID4]) {
153 prot &= PAGE_READ | PAGE_EXEC;
154 if (type == PAGE_WRITE) {
155 ret = EXCP_DMPI;
156 goto egress;
157 }
158 }
159 }
160
161 /* No guest access type indicates a non-architectural access from
162 within QEMU. Bypass checks for access, D, B and T bits. */
163 if (type == 0) {
164 goto egress;
165 }
166
167 if (unlikely(!(prot & type))) {
168 /* The access isn't allowed -- Inst/Data Memory Protection Fault. */
169 ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR;
170 goto egress;
171 }
172
173 /* In reverse priority order, check for conditions which raise faults.
174 As we go, remove PROT bits that cover the condition we want to check.
175 In this way, the resulting PROT will force a re-check of the
176 architectural TLB entry for the next access. */
177 if (unlikely(!ent->d)) {
178 if (type & PAGE_WRITE) {
179 /* The D bit is not set -- TLB Dirty Bit Fault. */
180 ret = EXCP_TLB_DIRTY;
181 }
182 prot &= PAGE_READ | PAGE_EXEC;
183 }
184 if (unlikely(ent->b)) {
185 if (type & PAGE_WRITE) {
186 /* The B bit is set -- Data Memory Break Fault. */
187 ret = EXCP_DMB;
188 }
189 prot &= PAGE_READ | PAGE_EXEC;
190 }
191 if (unlikely(ent->t)) {
192 if (!(type & PAGE_EXEC)) {
193 /* The T bit is set -- Page Reference Fault. */
194 ret = EXCP_PAGE_REF;
195 }
196 prot &= PAGE_EXEC;
197 }
198
199 egress:
200 *pphys = phys;
201 *pprot = prot;
202 trace_hppa_tlb_get_physical_address(env, ret, prot, addr, phys);
203 return ret;
204 }
205
206 hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
207 {
208 HPPACPU *cpu = HPPA_CPU(cs);
209 hwaddr phys;
210 int prot, excp;
211
212 /* If the (data) mmu is disabled, bypass translation. */
213 /* ??? We really ought to know if the code mmu is disabled too,
214 in order to get the correct debugging dumps. */
215 if (!(cpu->env.psw & PSW_D)) {
216 return addr;
217 }
218
219 excp = hppa_get_physical_address(&cpu->env, addr, MMU_KERNEL_IDX, 0,
220 &phys, &prot, NULL);
221
222 /* Since we're translating for debugging, the only error that is a
223 hard error is no translation at all. Otherwise, while a real cpu
224 access might not have permission, the debugger does. */
225 return excp == EXCP_DTLB_MISS ? -1 : phys;
226 }
227
228 bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
229 MMUAccessType type, int mmu_idx,
230 bool probe, uintptr_t retaddr)
231 {
232 HPPACPU *cpu = HPPA_CPU(cs);
233 CPUHPPAState *env = &cpu->env;
234 hppa_tlb_entry *ent;
235 int prot, excp, a_prot;
236 hwaddr phys;
237
238 switch (type) {
239 case MMU_INST_FETCH:
240 a_prot = PAGE_EXEC;
241 break;
242 case MMU_DATA_STORE:
243 a_prot = PAGE_WRITE;
244 break;
245 default:
246 a_prot = PAGE_READ;
247 break;
248 }
249
250 excp = hppa_get_physical_address(env, addr, mmu_idx,
251 a_prot, &phys, &prot, &ent);
252 if (unlikely(excp >= 0)) {
253 if (probe) {
254 return false;
255 }
256 trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx);
257 /* Failure. Raise the indicated exception. */
258 cs->exception_index = excp;
259 if (cpu->env.psw & PSW_Q) {
260 /* ??? Needs tweaking for hppa64. */
261 cpu->env.cr[CR_IOR] = addr;
262 cpu->env.cr[CR_ISR] = addr >> 32;
263 }
264 cpu_loop_exit_restore(cs, retaddr);
265 }
266
267 trace_hppa_tlb_fill_success(env, addr & TARGET_PAGE_MASK,
268 phys & TARGET_PAGE_MASK, size, type, mmu_idx);
269 /* Success! Store the translation into the QEMU TLB. */
270 tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK,
271 prot, mmu_idx, TARGET_PAGE_SIZE << (ent ? 2 * ent->page_size : 0));
272 return true;
273 }
274
275 /* Insert (Insn/Data) TLB Address. Note this is PA 1.1 only. */
276 void HELPER(itlba)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
277 {
278 hppa_tlb_entry *empty = NULL;
279 int i;
280
281 /* Zap any old entries covering ADDR; notice empty entries on the way. */
282 for (i = HPPA_BTLB_ENTRIES; i < ARRAY_SIZE(env->tlb); ++i) {
283 hppa_tlb_entry *ent = &env->tlb[i];
284 if (ent->va_b <= addr && addr <= ent->va_e) {
285 if (ent->entry_valid) {
286 hppa_flush_tlb_ent(env, ent, false);
287 }
288 if (!empty) {
289 empty = ent;
290 }
291 }
292 }
293
294 /* If we didn't see an empty entry, evict one. */
295 if (empty == NULL) {
296 empty = hppa_alloc_tlb_ent(env);
297 }
298
299 /* Note that empty->entry_valid == 0 already. */
300 empty->va_b = addr & TARGET_PAGE_MASK;
301 empty->va_e = empty->va_b + TARGET_PAGE_SIZE - 1;
302 empty->pa = extract32(reg, 5, 20) << TARGET_PAGE_BITS;
303 trace_hppa_tlb_itlba(env, empty, empty->va_b, empty->va_e, empty->pa);
304 }
305
306 static void set_access_bits(CPUHPPAState *env, hppa_tlb_entry *ent, target_ureg reg)
307 {
308 ent->access_id = extract32(reg, 1, 18);
309 ent->u = extract32(reg, 19, 1);
310 ent->ar_pl2 = extract32(reg, 20, 2);
311 ent->ar_pl1 = extract32(reg, 22, 2);
312 ent->ar_type = extract32(reg, 24, 3);
313 ent->b = extract32(reg, 27, 1);
314 ent->d = extract32(reg, 28, 1);
315 ent->t = extract32(reg, 29, 1);
316 ent->entry_valid = 1;
317 trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u, ent->ar_pl2,
318 ent->ar_pl1, ent->ar_type, ent->b, ent->d, ent->t);
319 }
320
321 /* Insert (Insn/Data) TLB Protection. Note this is PA 1.1 only. */
322 void HELPER(itlbp)(CPUHPPAState *env, target_ulong addr, target_ureg reg)
323 {
324 hppa_tlb_entry *ent = hppa_find_tlb(env, addr);
325
326 if (unlikely(ent == NULL)) {
327 qemu_log_mask(LOG_GUEST_ERROR, "ITLBP not following ITLBA\n");
328 return;
329 }
330
331 set_access_bits(env, ent, reg);
332 }
333
334 /* Purge (Insn/Data) TLB. This is explicitly page-based, and is
335 synchronous across all processors. */
336 static void ptlb_work(CPUState *cpu, run_on_cpu_data data)
337 {
338 CPUHPPAState *env = cpu->env_ptr;
339 target_ulong addr = (target_ulong) data.target_ptr;
340 hppa_tlb_entry *ent = hppa_find_tlb(env, addr);
341
342 if (ent && ent->entry_valid) {
343 hppa_flush_tlb_ent(env, ent, false);
344 }
345 }
346
347 void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
348 {
349 CPUState *src = env_cpu(env);
350 CPUState *cpu;
351 trace_hppa_tlb_ptlb(env);
352 run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr);
353
354 CPU_FOREACH(cpu) {
355 if (cpu != src) {
356 async_run_on_cpu(cpu, ptlb_work, data);
357 }
358 }
359 async_safe_run_on_cpu(src, ptlb_work, data);
360 }
361
362 /* Purge (Insn/Data) TLB entry. This affects an implementation-defined
363 number of pages/entries (we choose all), and is local to the cpu. */
364 void HELPER(ptlbe)(CPUHPPAState *env)
365 {
366 trace_hppa_tlb_ptlbe(env);
367 qemu_log_mask(CPU_LOG_MMU, "FLUSH ALL TLB ENTRIES\n");
368 memset(&env->tlb[HPPA_BTLB_ENTRIES], 0,
369 sizeof(env->tlb) - HPPA_BTLB_ENTRIES * sizeof(env->tlb[0]));
370 env->tlb_last = HPPA_BTLB_ENTRIES;
371 tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_MASK);
372 }
373
374 void cpu_hppa_change_prot_id(CPUHPPAState *env)
375 {
376 if (env->psw & PSW_P) {
377 tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_MASK);
378 }
379 }
380
381 void HELPER(change_prot_id)(CPUHPPAState *env)
382 {
383 cpu_hppa_change_prot_id(env);
384 }
385
386 target_ureg HELPER(lpa)(CPUHPPAState *env, target_ulong addr)
387 {
388 hwaddr phys;
389 int prot, excp;
390
391 excp = hppa_get_physical_address(env, addr, MMU_KERNEL_IDX, 0,
392 &phys, &prot, NULL);
393 if (excp >= 0) {
394 if (env->psw & PSW_Q) {
395 /* ??? Needs tweaking for hppa64. */
396 env->cr[CR_IOR] = addr;
397 env->cr[CR_ISR] = addr >> 32;
398 }
399 if (excp == EXCP_DTLB_MISS) {
400 excp = EXCP_NA_DTLB_MISS;
401 }
402 trace_hppa_tlb_lpa_failed(env, addr);
403 hppa_dynamic_excp(env, excp, GETPC());
404 }
405 trace_hppa_tlb_lpa_success(env, addr, phys);
406 return phys;
407 }
408
409 /* Return the ar_type of the TLB at VADDR, or -1. */
410 int hppa_artype_for_page(CPUHPPAState *env, target_ulong vaddr)
411 {
412 hppa_tlb_entry *ent = hppa_find_tlb(env, vaddr);
413 return ent ? ent->ar_type : -1;
414 }
415
416 /*
417 * diag_btlb() emulates the PDC PDC_BLOCK_TLB firmware call to
418 * allow operating systems to modify the Block TLB (BTLB) entries.
419 * For implementation details see page 1-13 in
420 * https://parisc.wiki.kernel.org/images-parisc/e/ef/Pdc11-v0.96-Ch1-procs.pdf
421 */
422 void HELPER(diag_btlb)(CPUHPPAState *env)
423 {
424 unsigned int phys_page, len, slot;
425 int mmu_idx = cpu_mmu_index(env, 0);
426 uintptr_t ra = GETPC();
427 hppa_tlb_entry *btlb;
428 uint64_t virt_page;
429 uint32_t *vaddr;
430
431 #ifdef TARGET_HPPA64
432 /* BTLBs are not supported on 64-bit CPUs */
433 env->gr[28] = -1; /* nonexistent procedure */
434 return;
435 #endif
436 env->gr[28] = 0; /* PDC_OK */
437
438 switch (env->gr[25]) {
439 case 0:
440 /* return BTLB parameters */
441 qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_INFO\n");
442 vaddr = probe_access(env, env->gr[24], 4 * sizeof(target_ulong),
443 MMU_DATA_STORE, mmu_idx, ra);
444 if (vaddr == NULL) {
445 env->gr[28] = -10; /* invalid argument */
446 } else {
447 vaddr[0] = cpu_to_be32(1);
448 vaddr[1] = cpu_to_be32(16 * 1024);
449 vaddr[2] = cpu_to_be32(HPPA_BTLB_FIXED);
450 vaddr[3] = cpu_to_be32(HPPA_BTLB_VARIABLE);
451 }
452 break;
453 case 1:
454 /* insert BTLB entry */
455 virt_page = env->gr[24]; /* upper 32 bits */
456 virt_page <<= 32;
457 virt_page |= env->gr[23]; /* lower 32 bits */
458 phys_page = env->gr[22];
459 len = env->gr[21];
460 slot = env->gr[19];
461 qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_INSERT "
462 "0x%08llx-0x%08llx: vpage 0x%llx for phys page 0x%04x len %d "
463 "into slot %d\n",
464 (long long) virt_page << TARGET_PAGE_BITS,
465 (long long) (virt_page + len) << TARGET_PAGE_BITS,
466 (long long) virt_page, phys_page, len, slot);
467 if (slot < HPPA_BTLB_ENTRIES) {
468 btlb = &env->tlb[slot];
469 /* force flush of possibly existing BTLB entry */
470 hppa_flush_tlb_ent(env, btlb, true);
471 /* create new BTLB entry */
472 btlb->va_b = virt_page << TARGET_PAGE_BITS;
473 btlb->va_e = btlb->va_b + len * TARGET_PAGE_SIZE - 1;
474 btlb->pa = phys_page << TARGET_PAGE_BITS;
475 set_access_bits(env, btlb, env->gr[20]);
476 btlb->t = 0;
477 btlb->d = 1;
478 } else {
479 env->gr[28] = -10; /* invalid argument */
480 }
481 break;
482 case 2:
483 /* Purge BTLB entry */
484 slot = env->gr[22];
485 qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_PURGE slot %d\n",
486 slot);
487 if (slot < HPPA_BTLB_ENTRIES) {
488 btlb = &env->tlb[slot];
489 hppa_flush_tlb_ent(env, btlb, true);
490 } else {
491 env->gr[28] = -10; /* invalid argument */
492 }
493 break;
494 case 3:
495 /* Purge all BTLB entries */
496 qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_PURGE_ALL\n");
497 for (slot = 0; slot < HPPA_BTLB_ENTRIES; slot++) {
498 btlb = &env->tlb[slot];
499 hppa_flush_tlb_ent(env, btlb, true);
500 }
501 break;
502 default:
503 env->gr[28] = -2; /* nonexistent option */
504 break;
505 }
506 }
QEMU mirror