]>
git.proxmox.com Git - qemu.git/blob - target-ppc/mmu-hash32.c
2 * PowerPC MMU, TLB and BAT emulation helpers for QEMU.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
5 * Copyright (c) 2013 David Gibson, IBM Corporation
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "sysemu/kvm.h"
25 #include "mmu-hash32.h"
30 # define LOG_MMU(...) qemu_log(__VA_ARGS__)
31 # define LOG_MMU_STATE(env) log_cpu_state((env), 0)
33 # define LOG_MMU(...) do { } while (0)
34 # define LOG_MMU_STATE(...) do { } while (0)
37 #define PTE_PTEM_MASK 0x7FFFFFBF
38 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
40 static inline int pte_is_valid_hash32(target_ulong pte0
)
42 return pte0
& 0x80000000 ? 1 : 0;
45 static int pte_check_hash32(mmu_ctx_t
*ctx
, target_ulong pte0
,
46 target_ulong pte1
, int h
, int rw
, int type
)
48 target_ulong ptem
, mmask
;
49 int access
, ret
, pteh
, ptev
, pp
;
52 /* Check validity and table match */
53 ptev
= pte_is_valid_hash32(pte0
);
54 pteh
= (pte0
>> 6) & 1;
55 if (ptev
&& h
== pteh
) {
56 /* Check vsid & api */
57 ptem
= pte0
& PTE_PTEM_MASK
;
58 mmask
= PTE_CHECK_MASK
;
59 pp
= pte1
& 0x00000003;
60 if (ptem
== ctx
->ptem
) {
61 if (ctx
->raddr
!= (hwaddr
)-1ULL) {
62 /* all matches should have equal RPN, WIMG & PP */
63 if ((ctx
->raddr
& mmask
) != (pte1
& mmask
)) {
64 qemu_log("Bad RPN/WIMG/PP\n");
68 /* Compute access rights */
69 access
= pp_check(ctx
->key
, pp
, ctx
->nx
);
70 /* Keep the matching PTE informations */
73 ret
= check_prot(ctx
->prot
, rw
, type
);
76 LOG_MMU("PTE access granted !\n");
78 /* Access right violation */
79 LOG_MMU("PTE access rejected\n");
87 /* PTE table lookup */
88 static int find_pte32(CPUPPCState
*env
, mmu_ctx_t
*ctx
, int h
,
89 int rw
, int type
, int target_page_bits
)
92 target_ulong pte0
, pte1
;
96 ret
= -1; /* No entry found */
97 pteg_off
= get_pteg_offset(env
, ctx
->hash
[h
], HASH_PTE_SIZE_32
);
98 for (i
= 0; i
< 8; i
++) {
99 if (env
->external_htab
) {
100 pte0
= ldl_p(env
->external_htab
+ pteg_off
+ (i
* 8));
101 pte1
= ldl_p(env
->external_htab
+ pteg_off
+ (i
* 8) + 4);
103 pte0
= ldl_phys(env
->htab_base
+ pteg_off
+ (i
* 8));
104 pte1
= ldl_phys(env
->htab_base
+ pteg_off
+ (i
* 8) + 4);
106 r
= pte_check_hash32(ctx
, pte0
, pte1
, h
, rw
, type
);
107 LOG_MMU("Load pte from %08" HWADDR_PRIx
" => " TARGET_FMT_lx
" "
108 TARGET_FMT_lx
" %d %d %d " TARGET_FMT_lx
"\n",
109 pteg_off
+ (i
* 8), pte0
, pte1
, (int)(pte0
>> 31), h
,
110 (int)((pte0
>> 6) & 1), ctx
->ptem
);
113 /* PTE inconsistency */
116 /* Access violation */
126 /* XXX: we should go on looping to check all PTEs consistency
127 * but if we can speed-up the whole thing as the
128 * result would be undefined if PTEs are not consistent.
137 LOG_MMU("found PTE at addr %08" HWADDR_PRIx
" prot=%01x ret=%d\n",
138 ctx
->raddr
, ctx
->prot
, ret
);
139 /* Update page flags */
141 if (pte_update_flags(ctx
, &pte1
, ret
, rw
) == 1) {
142 if (env
->external_htab
) {
143 stl_p(env
->external_htab
+ pteg_off
+ (good
* 8) + 4,
146 stl_phys_notdirty(env
->htab_base
+ pteg_off
+
147 (good
* 8) + 4, pte1
);
152 /* We have a TLB that saves 4K pages, so let's
153 * split a huge page to 4k chunks */
154 if (target_page_bits
!= TARGET_PAGE_BITS
) {
155 ctx
->raddr
|= (ctx
->eaddr
& ((1 << target_page_bits
) - 1))
161 int get_segment32(CPUPPCState
*env
, mmu_ctx_t
*ctx
,
162 target_ulong eaddr
, int rw
, int type
)
166 int ds
, pr
, target_page_bits
;
168 target_ulong sr
, pgidx
;
173 sr
= env
->sr
[eaddr
>> 28];
174 ctx
->key
= (((sr
& 0x20000000) && (pr
!= 0)) ||
175 ((sr
& 0x40000000) && (pr
== 0))) ? 1 : 0;
176 ds
= sr
& 0x80000000 ? 1 : 0;
177 ctx
->nx
= sr
& 0x10000000 ? 1 : 0;
178 vsid
= sr
& 0x00FFFFFF;
179 target_page_bits
= TARGET_PAGE_BITS
;
180 LOG_MMU("Check segment v=" TARGET_FMT_lx
" %d " TARGET_FMT_lx
" nip="
181 TARGET_FMT_lx
" lr=" TARGET_FMT_lx
182 " ir=%d dr=%d pr=%d %d t=%d\n",
183 eaddr
, (int)(eaddr
>> 28), sr
, env
->nip
, env
->lr
, (int)msr_ir
,
184 (int)msr_dr
, pr
!= 0 ? 1 : 0, rw
, type
);
185 pgidx
= (eaddr
& ~SEGMENT_MASK_256M
) >> target_page_bits
;
187 ctx
->ptem
= (vsid
<< 7) | (pgidx
>> 10);
189 LOG_MMU("pte segment: key=%d ds %d nx %d vsid " TARGET_FMT_lx
"\n",
190 ctx
->key
, ds
, ctx
->nx
, vsid
);
193 /* Check if instruction fetch is allowed, if needed */
194 if (type
!= ACCESS_CODE
|| ctx
->nx
== 0) {
195 /* Page address translation */
196 LOG_MMU("htab_base " TARGET_FMT_plx
" htab_mask " TARGET_FMT_plx
197 " hash " TARGET_FMT_plx
"\n",
198 env
->htab_base
, env
->htab_mask
, hash
);
200 ctx
->hash
[1] = ~hash
;
202 /* Initialize real address with an invalid value */
203 ctx
->raddr
= (hwaddr
)-1ULL;
204 LOG_MMU("0 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
205 " vsid=" TARGET_FMT_lx
" ptem=" TARGET_FMT_lx
206 " hash=" TARGET_FMT_plx
"\n",
207 env
->htab_base
, env
->htab_mask
, vsid
, ctx
->ptem
,
209 /* Primary table lookup */
210 ret
= find_pte32(env
, ctx
, 0, rw
, type
, target_page_bits
);
212 /* Secondary table lookup */
213 LOG_MMU("1 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
214 " vsid=" TARGET_FMT_lx
" api=" TARGET_FMT_lx
215 " hash=" TARGET_FMT_plx
"\n", env
->htab_base
,
216 env
->htab_mask
, vsid
, ctx
->ptem
, ctx
->hash
[1]);
217 ret2
= find_pte32(env
, ctx
, 1, rw
, type
,
223 #if defined(DUMP_PAGE_TABLES)
224 if (qemu_log_enabled()) {
226 uint32_t a0
, a1
, a2
, a3
;
228 qemu_log("Page table: " TARGET_FMT_plx
" len " TARGET_FMT_plx
229 "\n", sdr
, mask
+ 0x80);
230 for (curaddr
= sdr
; curaddr
< (sdr
+ mask
+ 0x80);
232 a0
= ldl_phys(curaddr
);
233 a1
= ldl_phys(curaddr
+ 4);
234 a2
= ldl_phys(curaddr
+ 8);
235 a3
= ldl_phys(curaddr
+ 12);
236 if (a0
!= 0 || a1
!= 0 || a2
!= 0 || a3
!= 0) {
237 qemu_log(TARGET_FMT_plx
": %08x %08x %08x %08x\n",
238 curaddr
, a0
, a1
, a2
, a3
);
244 LOG_MMU("No access allowed\n");
250 LOG_MMU("direct store...\n");
251 /* Direct-store segment : absolutely *BUGGY* for now */
253 /* Direct-store implies a 32-bit MMU.
254 * Check the Segment Register's bus unit ID (BUID).
256 sr
= env
->sr
[eaddr
>> 28];
257 if ((sr
& 0x1FF00000) >> 20 == 0x07f) {
258 /* Memory-forced I/O controller interface access */
259 /* If T=1 and BUID=x'07F', the 601 performs a memory access
260 * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
262 ctx
->raddr
= ((sr
& 0xF) << 28) | (eaddr
& 0x0FFFFFFF);
263 ctx
->prot
= PAGE_READ
| PAGE_WRITE
| PAGE_EXEC
;
269 /* Integer load/store : only access allowed */
272 /* No code fetch is allowed in direct-store areas */
275 /* Floating point load/store */
278 /* lwarx, ldarx or srwcx. */
281 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
282 /* Should make the instruction do no-op.
283 * As it already do no-op, it's quite easy :-)
291 qemu_log("ERROR: instruction should not need "
292 "address translation\n");
295 if ((rw
== 1 || ctx
->key
!= 1) && (rw
== 0 || ctx
->key
!= 0)) {