]>
git.proxmox.com Git - qemu.git/blob - target-ppc/mmu-hash32.c
2 * PowerPC MMU, TLB and BAT emulation helpers for QEMU.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
5 * Copyright (c) 2013 David Gibson, IBM Corporation
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "sysemu/kvm.h"
25 #include "mmu-hash32.h"
31 # define LOG_MMU(...) qemu_log(__VA_ARGS__)
32 # define LOG_MMU_STATE(env) log_cpu_state((env), 0)
34 # define LOG_MMU(...) do { } while (0)
35 # define LOG_MMU_STATE(...) do { } while (0)
39 # define LOG_BATS(...) qemu_log(__VA_ARGS__)
41 # define LOG_BATS(...) do { } while (0)
44 struct mmu_ctx_hash32
{
45 hwaddr raddr
; /* Real address */
46 int prot
; /* Protection bits */
47 int key
; /* Access key */
48 int nx
; /* Non-execute area */
51 static int ppc_hash32_pp_check(int key
, int pp
, int nx
)
55 /* Compute access rights */
78 access
= PAGE_READ
| PAGE_WRITE
;
89 static int ppc_hash32_check_prot(int prot
, int rwx
)
94 if (prot
& PAGE_EXEC
) {
100 if (prot
& PAGE_WRITE
) {
106 if (prot
& PAGE_READ
) {
116 /* Perform BAT hit & translation */
117 static void hash32_bat_size_prot(CPUPPCState
*env
, target_ulong
*blp
,
118 int *validp
, int *protp
, target_ulong
*BATu
,
124 bl
= (*BATu
& BATU32_BL
) << 15;
127 if (((msr_pr
== 0) && (*BATu
& BATU32_VS
)) ||
128 ((msr_pr
!= 0) && (*BATu
& BATU32_VP
))) {
130 pp
= *BATl
& BATL32_PP
;
132 prot
= PAGE_READ
| PAGE_EXEC
;
143 static void hash32_bat_601_size_prot(CPUPPCState
*env
, target_ulong
*blp
,
144 int *validp
, int *protp
,
145 target_ulong
*BATu
, target_ulong
*BATl
)
148 int key
, pp
, valid
, prot
;
150 bl
= (*BATl
& BATL32_601_BL
) << 17;
151 LOG_BATS("b %02x ==> bl " TARGET_FMT_lx
" msk " TARGET_FMT_lx
"\n",
152 (uint8_t)(*BATl
& BATL32_601_BL
), bl
, ~bl
);
154 valid
= !!(*BATl
& BATL32_601_V
);
156 pp
= *BATu
& BATU32_601_PP
;
158 key
= !!(*BATu
& BATU32_601_KS
);
160 key
= !!(*BATu
& BATU32_601_KP
);
162 prot
= ppc_hash32_pp_check(key
, pp
, 0);
169 static int ppc_hash32_get_bat(CPUPPCState
*env
, struct mmu_ctx_hash32
*ctx
,
170 target_ulong
virtual, int rwx
)
172 target_ulong
*BATlt
, *BATut
, *BATu
, *BATl
;
173 target_ulong BEPIl
, BEPIu
, bl
;
177 LOG_BATS("%s: %cBAT v " TARGET_FMT_lx
"\n", __func__
,
178 rwx
== 2 ? 'I' : 'D', virtual);
180 BATlt
= env
->IBAT
[1];
181 BATut
= env
->IBAT
[0];
183 BATlt
= env
->DBAT
[1];
184 BATut
= env
->DBAT
[0];
186 for (i
= 0; i
< env
->nb_BATs
; i
++) {
189 BEPIu
= *BATu
& BATU32_BEPIU
;
190 BEPIl
= *BATu
& BATU32_BEPIL
;
191 if (unlikely(env
->mmu_model
== POWERPC_MMU_601
)) {
192 hash32_bat_601_size_prot(env
, &bl
, &valid
, &prot
, BATu
, BATl
);
194 hash32_bat_size_prot(env
, &bl
, &valid
, &prot
, BATu
, BATl
);
196 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx
" BATu " TARGET_FMT_lx
197 " BATl " TARGET_FMT_lx
"\n", __func__
,
198 type
== ACCESS_CODE
? 'I' : 'D', i
, virtual, *BATu
, *BATl
);
199 if ((virtual & BATU32_BEPIU
) == BEPIu
&&
200 ((virtual & BATU32_BEPIL
) & ~bl
) == BEPIl
) {
203 /* Get physical address */
204 ctx
->raddr
= (*BATl
& BATL32_BRPNU
) |
205 ((virtual & BATU32_BEPIL
& bl
) | (*BATl
& BATL32_BRPNL
)) |
206 (virtual & 0x0001F000);
207 /* Compute access rights */
209 ret
= ppc_hash32_check_prot(ctx
->prot
, rwx
);
211 LOG_BATS("BAT %d match: r " TARGET_FMT_plx
" prot=%c%c\n",
212 i
, ctx
->raddr
, ctx
->prot
& PAGE_READ
? 'R' : '-',
213 ctx
->prot
& PAGE_WRITE
? 'W' : '-');
220 #if defined(DEBUG_BATS)
221 if (qemu_log_enabled()) {
222 LOG_BATS("no BAT match for " TARGET_FMT_lx
":\n", virtual);
223 for (i
= 0; i
< 4; i
++) {
226 BEPIu
= *BATu
& BATU32_BEPIU
;
227 BEPIl
= *BATu
& BATU32_BEPIL
;
228 bl
= (*BATu
& 0x00001FFC) << 15;
229 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx
" BATu " TARGET_FMT_lx
230 " BATl " TARGET_FMT_lx
"\n\t" TARGET_FMT_lx
" "
231 TARGET_FMT_lx
" " TARGET_FMT_lx
"\n",
232 __func__
, type
== ACCESS_CODE
? 'I' : 'D', i
, virtual,
233 *BATu
, *BATl
, BEPIu
, BEPIl
, bl
);
242 static int ppc_hash32_direct_store(CPUPPCState
*env
, target_ulong sr
,
243 target_ulong eaddr
, int rwx
,
244 hwaddr
*raddr
, int *prot
)
246 int key
= !!(msr_pr
? (sr
& SR32_KP
) : (sr
& SR32_KS
));
248 LOG_MMU("direct store...\n");
250 if ((sr
& 0x1FF00000) >> 20 == 0x07f) {
251 /* Memory-forced I/O controller interface access */
252 /* If T=1 and BUID=x'07F', the 601 performs a memory access
253 * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
255 *raddr
= ((sr
& 0xF) << 28) | (eaddr
& 0x0FFFFFFF);
256 *prot
= PAGE_READ
| PAGE_WRITE
| PAGE_EXEC
;
261 /* No code fetch is allowed in direct-store areas */
265 switch (env
->access_type
) {
267 /* Integer load/store : only access allowed */
270 /* Floating point load/store */
273 /* lwarx, ldarx or srwcx. */
276 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
277 /* Should make the instruction do no-op.
278 * As it already do no-op, it's quite easy :-)
286 qemu_log("ERROR: instruction should not need "
287 "address translation\n");
290 if ((rwx
== 1 || key
!= 1) && (rwx
== 0 || key
!= 0)) {
298 static int ppc_hash32_pte_update_flags(struct mmu_ctx_hash32
*ctx
, uint32_t *pte1p
,
303 /* Update page flags */
304 if (!(*pte1p
& HPTE32_R_R
)) {
305 /* Update accessed flag */
306 *pte1p
|= HPTE32_R_R
;
309 if (!(*pte1p
& HPTE32_R_C
)) {
310 if (rwx
== 1 && ret
== 0) {
311 /* Update changed flag */
312 *pte1p
|= HPTE32_R_C
;
315 /* Force page fault for first write access */
316 ctx
->prot
&= ~PAGE_WRITE
;
323 hwaddr
get_pteg_offset32(CPUPPCState
*env
, hwaddr hash
)
325 return (hash
* HASH_PTEG_SIZE_32
) & env
->htab_mask
;
328 static hwaddr
ppc_hash32_pteg_search(CPUPPCState
*env
, hwaddr pteg_off
,
329 bool secondary
, target_ulong ptem
,
330 ppc_hash_pte32_t
*pte
)
332 hwaddr pte_offset
= pteg_off
;
333 target_ulong pte0
, pte1
;
336 for (i
= 0; i
< HPTES_PER_GROUP
; i
++) {
337 pte0
= ppc_hash32_load_hpte0(env
, pte_offset
);
338 pte1
= ppc_hash32_load_hpte1(env
, pte_offset
);
340 if ((pte0
& HPTE32_V_VALID
)
341 && (secondary
== !!(pte0
& HPTE32_V_SECONDARY
))
342 && HPTE32_V_COMPARE(pte0
, ptem
)) {
348 pte_offset
+= HASH_PTE_SIZE_32
;
354 static hwaddr
ppc_hash32_htab_lookup(CPUPPCState
*env
,
355 target_ulong sr
, target_ulong eaddr
,
356 ppc_hash_pte32_t
*pte
)
358 hwaddr pteg_off
, pte_offset
;
360 uint32_t vsid
, pgidx
, ptem
;
362 vsid
= sr
& SR32_VSID
;
363 pgidx
= (eaddr
& ~SEGMENT_MASK_256M
) >> TARGET_PAGE_BITS
;
365 ptem
= (vsid
<< 7) | (pgidx
>> 10);
367 /* Page address translation */
368 LOG_MMU("htab_base " TARGET_FMT_plx
" htab_mask " TARGET_FMT_plx
369 " hash " TARGET_FMT_plx
"\n",
370 env
->htab_base
, env
->htab_mask
, hash
);
372 /* Primary PTEG lookup */
373 LOG_MMU("0 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
374 " vsid=%" PRIx32
" ptem=%" PRIx32
375 " hash=" TARGET_FMT_plx
"\n",
376 env
->htab_base
, env
->htab_mask
, vsid
, ptem
, hash
);
377 pteg_off
= get_pteg_offset32(env
, hash
);
378 pte_offset
= ppc_hash32_pteg_search(env
, pteg_off
, 0, ptem
, pte
);
379 if (pte_offset
== -1) {
380 /* Secondary PTEG lookup */
381 LOG_MMU("1 htab=" TARGET_FMT_plx
"/" TARGET_FMT_plx
382 " vsid=%" PRIx32
" api=%" PRIx32
383 " hash=" TARGET_FMT_plx
"\n", env
->htab_base
,
384 env
->htab_mask
, vsid
, ptem
, ~hash
);
385 pteg_off
= get_pteg_offset32(env
, ~hash
);
386 pte_offset
= ppc_hash32_pteg_search(env
, pteg_off
, 1, ptem
, pte
);
392 static int ppc_hash32_translate(CPUPPCState
*env
, struct mmu_ctx_hash32
*ctx
,
393 target_ulong eaddr
, int rwx
)
398 ppc_hash_pte32_t pte
;
400 assert((rwx
== 0) || (rwx
== 1) || (rwx
== 2));
402 /* 1. Handle real mode accesses */
403 if (((rwx
== 2) && (msr_ir
== 0)) || ((rwx
!= 2) && (msr_dr
== 0))) {
404 /* Translation is off */
406 ctx
->prot
= PAGE_READ
| PAGE_EXEC
| PAGE_WRITE
;
410 /* 2. Check Block Address Translation entries (BATs) */
411 if (env
->nb_BATs
!= 0) {
412 ret
= ppc_hash32_get_bat(env
, ctx
, eaddr
, rwx
);
418 /* 3. Look up the Segment Register */
419 sr
= env
->sr
[eaddr
>> 28];
421 /* 4. Handle direct store segments */
423 return ppc_hash32_direct_store(env
, sr
, eaddr
, rwx
,
424 &ctx
->raddr
, &ctx
->prot
);
427 /* 5. Check for segment level no-execute violation */
428 ctx
->nx
= !!(sr
& SR32_NX
);
429 if ((rwx
== 2) && ctx
->nx
) {
433 /* 6. Locate the PTE in the hash table */
434 pte_offset
= ppc_hash32_htab_lookup(env
, sr
, eaddr
, &pte
);
435 if (pte_offset
== -1) {
438 LOG_MMU("found PTE at offset %08" HWADDR_PRIx
"\n", pte_offset
);
440 /* 7. Check access permissions */
441 ctx
->key
= (((sr
& SR32_KP
) && (msr_pr
!= 0)) ||
442 ((sr
& SR32_KS
) && (msr_pr
== 0))) ? 1 : 0;
446 pp
= pte
.pte1
& HPTE32_R_PP
;
447 /* Compute access rights */
448 access
= ppc_hash32_pp_check(ctx
->key
, pp
, ctx
->nx
);
449 /* Keep the matching PTE informations */
450 ctx
->raddr
= pte
.pte1
;
452 ret
= ppc_hash32_check_prot(ctx
->prot
, rwx
);
455 LOG_MMU("PTE access granted !\n");
457 /* Access right violation */
458 LOG_MMU("PTE access rejected\n");
461 /* Update page flags */
462 if (ppc_hash32_pte_update_flags(ctx
, &pte
.pte1
, ret
, rwx
) == 1) {
463 ppc_hash32_store_hpte1(env
, pte_offset
, pte
.pte1
);
469 hwaddr
ppc_hash32_get_phys_page_debug(CPUPPCState
*env
, target_ulong addr
)
471 struct mmu_ctx_hash32 ctx
;
473 /* FIXME: Will not behave sanely for direct store segments, but
474 * they're almost never used */
475 if (unlikely(ppc_hash32_translate(env
, &ctx
, addr
, 0)
480 return ctx
.raddr
& TARGET_PAGE_MASK
;
483 int ppc_hash32_handle_mmu_fault(CPUPPCState
*env
, target_ulong address
, int rwx
,
486 struct mmu_ctx_hash32 ctx
;
489 ret
= ppc_hash32_translate(env
, &ctx
, address
, rwx
);
491 tlb_set_page(env
, address
& TARGET_PAGE_MASK
,
492 ctx
.raddr
& TARGET_PAGE_MASK
, ctx
.prot
,
493 mmu_idx
, TARGET_PAGE_SIZE
);
495 } else if (ret
< 0) {
500 /* No matches in page tables or TLB */
501 env
->exception_index
= POWERPC_EXCP_ISI
;
502 env
->error_code
= 0x40000000;
505 /* Access rights violation */
506 env
->exception_index
= POWERPC_EXCP_ISI
;
507 env
->error_code
= 0x08000000;
510 /* No execute protection violation */
511 env
->exception_index
= POWERPC_EXCP_ISI
;
512 env
->error_code
= 0x10000000;
515 /* Direct store exception */
516 /* No code fetch is allowed in direct-store areas */
517 env
->exception_index
= POWERPC_EXCP_ISI
;
518 env
->error_code
= 0x10000000;
524 /* No matches in page tables or TLB */
525 env
->exception_index
= POWERPC_EXCP_DSI
;
527 env
->spr
[SPR_DAR
] = address
;
529 env
->spr
[SPR_DSISR
] = 0x42000000;
531 env
->spr
[SPR_DSISR
] = 0x40000000;
535 /* Access rights violation */
536 env
->exception_index
= POWERPC_EXCP_DSI
;
538 env
->spr
[SPR_DAR
] = address
;
540 env
->spr
[SPR_DSISR
] = 0x0A000000;
542 env
->spr
[SPR_DSISR
] = 0x08000000;
546 /* Direct store exception */
547 switch (env
->access_type
) {
549 /* Floating point load/store */
550 env
->exception_index
= POWERPC_EXCP_ALIGN
;
551 env
->error_code
= POWERPC_EXCP_ALIGN_FP
;
552 env
->spr
[SPR_DAR
] = address
;
555 /* lwarx, ldarx or stwcx. */
556 env
->exception_index
= POWERPC_EXCP_DSI
;
558 env
->spr
[SPR_DAR
] = address
;
560 env
->spr
[SPR_DSISR
] = 0x06000000;
562 env
->spr
[SPR_DSISR
] = 0x04000000;
567 env
->exception_index
= POWERPC_EXCP_DSI
;
569 env
->spr
[SPR_DAR
] = address
;
571 env
->spr
[SPR_DSISR
] = 0x06100000;
573 env
->spr
[SPR_DSISR
] = 0x04100000;
577 printf("DSI: invalid exception (%d)\n", ret
);
578 env
->exception_index
= POWERPC_EXCP_PROGRAM
;
580 POWERPC_EXCP_INVAL
| POWERPC_EXCP_INVAL_INVAL
;
581 env
->spr
[SPR_DAR
] = address
;
588 printf("%s: set exception to %d %02x\n", __func__
,
589 env
->exception
, env
->error_code
);