]>
git.proxmox.com Git - qemu.git/blob - target-ppc/mmu-hash32.c
2 * PowerPC MMU, TLB and BAT emulation helpers for QEMU.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
5 * Copyright (c) 2013 David Gibson, IBM Corporation
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "sysemu/kvm.h"
25 #include "mmu-hash32.h"
31 # define LOG_MMU(...) qemu_log(__VA_ARGS__)
32 # define LOG_MMU_STATE(env) log_cpu_state((env), 0)
34 # define LOG_MMU(...) do { } while (0)
35 # define LOG_MMU_STATE(...) do { } while (0)
39 # define LOG_BATS(...) qemu_log(__VA_ARGS__)
41 # define LOG_BATS(...) do { } while (0)
44 struct mmu_ctx_hash32
{
45 hwaddr raddr
; /* Real address */
46 int prot
; /* Protection bits */
47 int key
; /* Access key */
48 int nx
; /* Non-execute area */
51 static int ppc_hash32_pp_check(int key
, int pp
, int nx
)
55 /* Compute access rights */
78 access
= PAGE_READ
| PAGE_WRITE
;
89 static int ppc_hash32_check_prot(int prot
, int rwx
)
94 if (prot
& PAGE_EXEC
) {
100 if (prot
& PAGE_WRITE
) {
106 if (prot
& PAGE_READ
) {
116 static target_ulong
hash32_bat_size(CPUPPCState
*env
,
117 target_ulong batu
, target_ulong batl
)
119 if ((msr_pr
&& !(batu
& BATU32_VP
))
120 || (!msr_pr
&& !(batu
& BATU32_VS
))) {
124 return BATU32_BEPI
& ~((batu
& BATU32_BL
) << 15);
127 static int hash32_bat_prot(CPUPPCState
*env
,
128 target_ulong batu
, target_ulong batl
)
133 pp
= batl
& BATL32_PP
;
135 prot
= PAGE_READ
| PAGE_EXEC
;
143 static target_ulong
hash32_bat_601_size(CPUPPCState
*env
,
144 target_ulong batu
, target_ulong batl
)
146 if (!(batl
& BATL32_601_V
)) {
150 return BATU32_BEPI
& ~((batl
& BATL32_601_BL
) << 17);
153 static int hash32_bat_601_prot(CPUPPCState
*env
,
154 target_ulong batu
, target_ulong batl
)
158 pp
= batu
& BATU32_601_PP
;
160 key
= !!(batu
& BATU32_601_KS
);
162 key
= !!(batu
& BATU32_601_KP
);
164 return ppc_hash32_pp_check(key
, pp
, 0);
167 static hwaddr
ppc_hash32_bat_lookup(CPUPPCState
*env
, target_ulong ea
, int rwx
,
170 target_ulong
*BATlt
, *BATut
;
173 LOG_BATS("%s: %cBAT v " TARGET_FMT_lx
"\n", __func__
,
174 rwx
== 2 ? 'I' : 'D', ea
);
176 BATlt
= env
->IBAT
[1];
177 BATut
= env
->IBAT
[0];
179 BATlt
= env
->DBAT
[1];
180 BATut
= env
->DBAT
[0];
182 for (i
= 0; i
< env
->nb_BATs
; i
++) {
183 target_ulong batu
= BATut
[i
];
184 target_ulong batl
= BATlt
[i
];
187 if (unlikely(env
->mmu_model
== POWERPC_MMU_601
)) {
188 mask
= hash32_bat_601_size(env
, batu
, batl
);
190 mask
= hash32_bat_size(env
, batu
, batl
);
192 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx
" BATu " TARGET_FMT_lx
193 " BATl " TARGET_FMT_lx
"\n", __func__
,
194 type
== ACCESS_CODE
? 'I' : 'D', i
, ea
, batu
, batl
);
196 if (mask
&& ((ea
& mask
) == (batu
& BATU32_BEPI
))) {
197 hwaddr raddr
= (batl
& mask
) | (ea
& ~mask
);
199 if (unlikely(env
->mmu_model
== POWERPC_MMU_601
)) {
200 *prot
= hash32_bat_601_prot(env
, batu
, batl
);
202 *prot
= hash32_bat_prot(env
, batu
, batl
);
205 return raddr
& TARGET_PAGE_MASK
;
210 #if defined(DEBUG_BATS)
211 if (qemu_log_enabled()) {
212 LOG_BATS("no BAT match for " TARGET_FMT_lx
":\n", ea
);
213 for (i
= 0; i
< 4; i
++) {
216 BEPIu
= *BATu
& BATU32_BEPIU
;
217 BEPIl
= *BATu
& BATU32_BEPIL
;
218 bl
= (*BATu
& 0x00001FFC) << 15;
219 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx
" BATu " TARGET_FMT_lx
220 " BATl " TARGET_FMT_lx
"\n\t" TARGET_FMT_lx
" "
221 TARGET_FMT_lx
" " TARGET_FMT_lx
"\n",
222 __func__
, type
== ACCESS_CODE
? 'I' : 'D', i
, ea
,
223 *BATu
, *BATl
, BEPIu
, BEPIl
, bl
);
231 static int ppc_hash32_direct_store(CPUPPCState
*env
, target_ulong sr
,
232 target_ulong eaddr
, int rwx
,
233 hwaddr
*raddr
, int *prot
)
235 int key
= !!(msr_pr
? (sr
& SR32_KP
) : (sr
& SR32_KS
));
237 LOG_MMU("direct store...\n");
239 if ((sr
& 0x1FF00000) >> 20 == 0x07f) {
240 /* Memory-forced I/O controller interface access */
241 /* If T=1 and BUID=x'07F', the 601 performs a memory access
242 * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
244 *raddr
= ((sr
& 0xF) << 28) | (eaddr
& 0x0FFFFFFF);
245 *prot
= PAGE_READ
| PAGE_WRITE
| PAGE_EXEC
;
250 /* No code fetch is allowed in direct-store areas */
254 switch (env
->access_type
) {
256 /* Integer load/store : only access allowed */
259 /* Floating point load/store */
262 /* lwarx, ldarx or srwcx. */
265 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
266 /* Should make the instruction do no-op.
267 * As it already do no-op, it's quite easy :-)
275 qemu_log("ERROR: instruction should not need "
276 "address translation\n");
279 if ((rwx
== 1 || key
!= 1) && (rwx
== 0 || key
!= 0)) {
287 static int ppc_hash32_pte_update_flags(struct mmu_ctx_hash32
*ctx
, uint32_t *pte1p
,
292 /* Update page flags */
293 if (!(*pte1p
& HPTE32_R_R
)) {
294 /* Update accessed flag */
295 *pte1p
|= HPTE32_R_R
;
298 if (!(*pte1p
& HPTE32_R_C
)) {
299 if (rwx
== 1 && ret
== 0) {
300 /* Update changed flag */
301 *pte1p
|= HPTE32_R_C
;
304 /* Force page fault for first write access */
305 ctx
->prot
&= ~PAGE_WRITE
;
312 hwaddr
get_pteg_offset32(CPUPPCState
*env
, hwaddr hash
)
314 return (hash
* HASH_PTEG_SIZE_32
) & env
->htab_mask
;
317 static hwaddr
ppc_hash32_pteg_search(CPUPPCState
*env
, hwaddr pteg_off
,
318 bool secondary
, target_ulong ptem
,
319 ppc_hash_pte32_t
*pte
)
321 hwaddr pte_offset
= pteg_off
;
322 target_ulong pte0
, pte1
;
325 for (i
= 0; i
< HPTES_PER_GROUP
; i
++) {
326 pte0
= ppc_hash32_load_hpte0(env
, pte_offset
);
327 pte1
= ppc_hash32_load_hpte1(env
, pte_offset
);
329 if ((pte0
& HPTE32_V_VALID
)
330 && (secondary
== !!(pte0
& HPTE32_V_SECONDARY
))
331 && HPTE32_V_COMPARE(pte0
, ptem
)) {
337 pte_offset
+= HASH_PTE_SIZE_32
;
343 static hwaddr
ppc_hash32_htab_lookup(CPUPPCState
*env
,
344 target_ulong sr
, target_ulong eaddr
,
345 ppc_hash_pte32_t
*pte
)
347 hwaddr pteg_off
, pte_offset
;
349 uint32_t vsid
, pgidx
, ptem
;
351 vsid
= sr
& SR32_VSID
;
352 pgidx
= (eaddr
& ~SEGMENT_MASK_256M
) >> TARGET_PAGE_BITS
;
354 ptem
= (vsid
<< 7) | (pgidx
>> 10);
356 /* Page address translation */
357 LOG_MMU("htab_base " TARGET_FMT_plx
" htab_mask " TARGET_FMT_plx
358 " hash " TARGET_FMT_plx
"\n",
359 env
->htab_base
, env
->htab_mask
, hash
);
361 /* Primary PTEG lookup */
362 LOG_MMU("0 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
363 " vsid=%" PRIx32
" ptem=%" PRIx32
364 " hash=" TARGET_FMT_plx
"\n",
365 env
->htab_base
, env
->htab_mask
, vsid
, ptem
, hash
);
366 pteg_off
= get_pteg_offset32(env
, hash
);
367 pte_offset
= ppc_hash32_pteg_search(env
, pteg_off
, 0, ptem
, pte
);
368 if (pte_offset
== -1) {
369 /* Secondary PTEG lookup */
370 LOG_MMU("1 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
371 " vsid=%" PRIx32
" api=%" PRIx32
372 " hash=" TARGET_FMT_plx
"\n", env
->htab_base
,
373 env
->htab_mask
, vsid
, ptem
, ~hash
);
374 pteg_off
= get_pteg_offset32(env
, ~hash
);
375 pte_offset
= ppc_hash32_pteg_search(env
, pteg_off
, 1, ptem
, pte
);
381 static int ppc_hash32_translate(CPUPPCState
*env
, struct mmu_ctx_hash32
*ctx
,
382 target_ulong eaddr
, int rwx
)
387 ppc_hash_pte32_t pte
;
389 assert((rwx
== 0) || (rwx
== 1) || (rwx
== 2));
391 /* 1. Handle real mode accesses */
392 if (((rwx
== 2) && (msr_ir
== 0)) || ((rwx
!= 2) && (msr_dr
== 0))) {
393 /* Translation is off */
395 ctx
->prot
= PAGE_READ
| PAGE_EXEC
| PAGE_WRITE
;
399 /* 2. Check Block Address Translation entries (BATs) */
400 if (env
->nb_BATs
!= 0) {
401 ctx
->raddr
= ppc_hash32_bat_lookup(env
, eaddr
, rwx
, &ctx
->prot
);
402 if (ctx
->raddr
!= -1) {
403 return ppc_hash32_check_prot(ctx
->prot
, rwx
);
407 /* 3. Look up the Segment Register */
408 sr
= env
->sr
[eaddr
>> 28];
410 /* 4. Handle direct store segments */
412 return ppc_hash32_direct_store(env
, sr
, eaddr
, rwx
,
413 &ctx
->raddr
, &ctx
->prot
);
416 /* 5. Check for segment level no-execute violation */
417 ctx
->nx
= !!(sr
& SR32_NX
);
418 if ((rwx
== 2) && ctx
->nx
) {
422 /* 6. Locate the PTE in the hash table */
423 pte_offset
= ppc_hash32_htab_lookup(env
, sr
, eaddr
, &pte
);
424 if (pte_offset
== -1) {
427 LOG_MMU("found PTE at offset %08" HWADDR_PRIx
"\n", pte_offset
);
429 /* 7. Check access permissions */
430 ctx
->key
= (((sr
& SR32_KP
) && (msr_pr
!= 0)) ||
431 ((sr
& SR32_KS
) && (msr_pr
== 0))) ? 1 : 0;
435 pp
= pte
.pte1
& HPTE32_R_PP
;
436 /* Compute access rights */
437 access
= ppc_hash32_pp_check(ctx
->key
, pp
, ctx
->nx
);
438 /* Keep the matching PTE informations */
439 ctx
->raddr
= pte
.pte1
;
441 ret
= ppc_hash32_check_prot(ctx
->prot
, rwx
);
444 /* Access right violation */
445 LOG_MMU("PTE access rejected\n");
449 LOG_MMU("PTE access granted !\n");
451 /* 8. Update PTE referenced and changed bits if necessary */
453 if (ppc_hash32_pte_update_flags(ctx
, &pte
.pte1
, ret
, rwx
) == 1) {
454 ppc_hash32_store_hpte1(env
, pte_offset
, pte
.pte1
);
460 hwaddr
ppc_hash32_get_phys_page_debug(CPUPPCState
*env
, target_ulong addr
)
462 struct mmu_ctx_hash32 ctx
;
464 /* FIXME: Will not behave sanely for direct store segments, but
465 * they're almost never used */
466 if (unlikely(ppc_hash32_translate(env
, &ctx
, addr
, 0)
471 return ctx
.raddr
& TARGET_PAGE_MASK
;
474 int ppc_hash32_handle_mmu_fault(CPUPPCState
*env
, target_ulong address
, int rwx
,
477 struct mmu_ctx_hash32 ctx
;
480 ret
= ppc_hash32_translate(env
, &ctx
, address
, rwx
);
482 tlb_set_page(env
, address
& TARGET_PAGE_MASK
,
483 ctx
.raddr
& TARGET_PAGE_MASK
, ctx
.prot
,
484 mmu_idx
, TARGET_PAGE_SIZE
);
486 } else if (ret
< 0) {
491 /* No matches in page tables or TLB */
492 env
->exception_index
= POWERPC_EXCP_ISI
;
493 env
->error_code
= 0x40000000;
496 /* Access rights violation */
497 env
->exception_index
= POWERPC_EXCP_ISI
;
498 env
->error_code
= 0x08000000;
501 /* No execute protection violation */
502 env
->exception_index
= POWERPC_EXCP_ISI
;
503 env
->error_code
= 0x10000000;
506 /* Direct store exception */
507 /* No code fetch is allowed in direct-store areas */
508 env
->exception_index
= POWERPC_EXCP_ISI
;
509 env
->error_code
= 0x10000000;
515 /* No matches in page tables or TLB */
516 env
->exception_index
= POWERPC_EXCP_DSI
;
518 env
->spr
[SPR_DAR
] = address
;
520 env
->spr
[SPR_DSISR
] = 0x42000000;
522 env
->spr
[SPR_DSISR
] = 0x40000000;
526 /* Access rights violation */
527 env
->exception_index
= POWERPC_EXCP_DSI
;
529 env
->spr
[SPR_DAR
] = address
;
531 env
->spr
[SPR_DSISR
] = 0x0A000000;
533 env
->spr
[SPR_DSISR
] = 0x08000000;
537 /* Direct store exception */
538 switch (env
->access_type
) {
540 /* Floating point load/store */
541 env
->exception_index
= POWERPC_EXCP_ALIGN
;
542 env
->error_code
= POWERPC_EXCP_ALIGN_FP
;
543 env
->spr
[SPR_DAR
] = address
;
546 /* lwarx, ldarx or stwcx. */
547 env
->exception_index
= POWERPC_EXCP_DSI
;
549 env
->spr
[SPR_DAR
] = address
;
551 env
->spr
[SPR_DSISR
] = 0x06000000;
553 env
->spr
[SPR_DSISR
] = 0x04000000;
558 env
->exception_index
= POWERPC_EXCP_DSI
;
560 env
->spr
[SPR_DAR
] = address
;
562 env
->spr
[SPR_DSISR
] = 0x06100000;
564 env
->spr
[SPR_DSISR
] = 0x04100000;
568 printf("DSI: invalid exception (%d)\n", ret
);
569 env
->exception_index
= POWERPC_EXCP_PROGRAM
;
571 POWERPC_EXCP_INVAL
| POWERPC_EXCP_INVAL_INVAL
;
572 env
->spr
[SPR_DAR
] = address
;
579 printf("%s: set exception to %d %02x\n", __func__
,
580 env
->exception
, env
->error_code
);