2013-03-12 01:31:07 +01:00
|
|
|
/*
|
|
|
|
|
* PowerPC MMU, TLB and BAT emulation helpers for QEMU.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2003-2007 Jocelyn Mayer
|
|
|
|
|
* Copyright (c) 2013 David Gibson, IBM Corporation
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
2020-10-19 08:11:26 +02:00
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
2013-03-12 01:31:07 +01:00
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-01-26 19:16:58 +01:00
|
|
|
#include "qemu/osdep.h"
|
2013-03-12 01:31:07 +01:00
|
|
|
#include "cpu.h"
|
2016-03-15 13:18:37 +01:00
|
|
|
#include "exec/exec-all.h"
|
2013-03-12 01:31:07 +01:00
|
|
|
#include "sysemu/kvm.h"
|
|
|
|
|
#include "kvm_ppc.h"
|
2021-05-18 22:11:23 +02:00
|
|
|
#include "internal.h"
|
2013-03-12 01:31:07 +01:00
|
|
|
#include "mmu-hash32.h"
|
2021-07-06 17:03:16 +02:00
|
|
|
#include "mmu-books.h"
|
2016-01-07 14:55:28 +01:00
|
|
|
#include "exec/log.h"
|
2013-03-12 01:31:07 +01:00
|
|
|
|
2021-07-02 23:52:35 +02:00
|
|
|
/* #define DEBUG_BATS */
|
2013-03-12 01:31:07 +01:00
|
|
|
|
2013-03-12 01:31:16 +01:00
|
|
|
#ifdef DEBUG_BATS
|
2015-11-13 13:34:23 +01:00
|
|
|
# define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
|
2013-03-12 01:31:16 +01:00
|
|
|
#else
|
|
|
|
|
# define LOG_BATS(...) do { } while (0)
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-03-12 01:31:17 +01:00
|
|
|
struct mmu_ctx_hash32 {
|
|
|
|
|
hwaddr raddr; /* Real address */
|
|
|
|
|
int prot; /* Protection bits */
|
|
|
|
|
int key; /* Access key */
|
|
|
|
|
};
|
|
|
|
|
|
2013-03-12 01:31:40 +01:00
|
|
|
static int ppc_hash32_pp_prot(int key, int pp, int nx)
|
2013-03-12 01:31:14 +01:00
|
|
|
{
|
2013-03-12 01:31:40 +01:00
|
|
|
int prot;
|
2013-03-12 01:31:14 +01:00
|
|
|
|
|
|
|
|
if (key == 0) {
|
|
|
|
|
switch (pp) {
|
|
|
|
|
case 0x0:
|
|
|
|
|
case 0x1:
|
|
|
|
|
case 0x2:
|
2013-03-12 01:31:40 +01:00
|
|
|
prot = PAGE_READ | PAGE_WRITE;
|
|
|
|
|
break;
|
|
|
|
|
|
2013-03-12 01:31:14 +01:00
|
|
|
case 0x3:
|
2013-03-12 01:31:40 +01:00
|
|
|
prot = PAGE_READ;
|
2013-03-12 01:31:14 +01:00
|
|
|
break;
|
2013-03-12 01:31:40 +01:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
abort();
|
2013-03-12 01:31:14 +01:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
switch (pp) {
|
|
|
|
|
case 0x0:
|
2013-03-12 01:31:40 +01:00
|
|
|
prot = 0;
|
2013-03-12 01:31:14 +01:00
|
|
|
break;
|
2013-03-12 01:31:40 +01:00
|
|
|
|
2013-03-12 01:31:14 +01:00
|
|
|
case 0x1:
|
|
|
|
|
case 0x3:
|
2013-03-12 01:31:40 +01:00
|
|
|
prot = PAGE_READ;
|
2013-03-12 01:31:14 +01:00
|
|
|
break;
|
2013-03-12 01:31:40 +01:00
|
|
|
|
2013-03-12 01:31:14 +01:00
|
|
|
case 0x2:
|
2013-03-12 01:31:40 +01:00
|
|
|
prot = PAGE_READ | PAGE_WRITE;
|
2013-03-12 01:31:14 +01:00
|
|
|
break;
|
2013-03-12 01:31:40 +01:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
abort();
|
2013-03-12 01:31:14 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (nx == 0) {
|
2013-03-12 01:31:40 +01:00
|
|
|
prot |= PAGE_EXEC;
|
2013-03-12 01:31:14 +01:00
|
|
|
}
|
|
|
|
|
|
2013-03-12 01:31:40 +01:00
|
|
|
return prot;
|
2013-03-12 01:31:14 +01:00
|
|
|
}
|
|
|
|
|
|
2021-07-06 17:03:16 +02:00
|
|
|
static int ppc_hash32_pte_prot(int mmu_idx,
|
2013-03-12 01:31:40 +01:00
|
|
|
target_ulong sr, ppc_hash_pte32_t pte)
|
2013-03-12 01:31:14 +01:00
|
|
|
{
|
2013-03-12 01:31:40 +01:00
|
|
|
unsigned pp, key;
|
2013-03-12 01:31:14 +01:00
|
|
|
|
2021-07-06 17:03:16 +02:00
|
|
|
key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
|
2013-03-12 01:31:40 +01:00
|
|
|
pp = pte.pte1 & HPTE32_R_PP;
|
2013-03-12 01:31:14 +01:00
|
|
|
|
2013-03-12 01:31:40 +01:00
|
|
|
return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
|
2013-03-12 01:31:14 +01:00
|
|
|
}
|
|
|
|
|
|
2021-07-06 17:03:16 +02:00
|
|
|
static target_ulong hash32_bat_size(int mmu_idx,
|
2013-03-12 01:31:35 +01:00
|
|
|
target_ulong batu, target_ulong batl)
|
2013-03-12 01:31:16 +01:00
|
|
|
{
|
2021-07-06 17:03:16 +02:00
|
|
|
if ((mmuidx_pr(mmu_idx) && !(batu & BATU32_VP))
|
|
|
|
|
|| (!mmuidx_pr(mmu_idx) && !(batu & BATU32_VS))) {
|
2013-03-12 01:31:35 +01:00
|
|
|
return 0;
|
2013-03-12 01:31:16 +01:00
|
|
|
}
|
2013-03-12 01:31:35 +01:00
|
|
|
|
|
|
|
|
return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
|
2013-03-12 01:31:16 +01:00
|
|
|
}
|
|
|
|
|
|
2016-01-14 05:33:27 +01:00
|
|
|
static int hash32_bat_prot(PowerPCCPU *cpu,
|
2013-03-12 01:31:34 +01:00
|
|
|
target_ulong batu, target_ulong batl)
|
|
|
|
|
{
|
|
|
|
|
int pp, prot;
|
|
|
|
|
|
|
|
|
|
prot = 0;
|
|
|
|
|
pp = batl & BATL32_PP;
|
|
|
|
|
if (pp != 0) {
|
|
|
|
|
prot = PAGE_READ | PAGE_EXEC;
|
|
|
|
|
if (pp == 0x2) {
|
|
|
|
|
prot |= PAGE_WRITE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return prot;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-18 22:11:26 +02:00
|
|
|
static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
|
2021-07-06 17:03:16 +02:00
|
|
|
MMUAccessType access_type, int *prot,
|
|
|
|
|
int mmu_idx)
|
2013-03-12 01:31:16 +01:00
|
|
|
{
|
2016-01-14 05:33:27 +01:00
|
|
|
CPUPPCState *env = &cpu->env;
|
2013-03-12 01:31:33 +01:00
|
|
|
target_ulong *BATlt, *BATut;
|
2021-05-18 22:11:26 +02:00
|
|
|
bool ifetch = access_type == MMU_INST_FETCH;
|
2013-03-12 01:31:36 +01:00
|
|
|
int i;
|
2013-03-12 01:31:16 +01:00
|
|
|
|
|
|
|
|
LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
|
2021-05-18 22:11:26 +02:00
|
|
|
ifetch ? 'I' : 'D', ea);
|
|
|
|
|
if (ifetch) {
|
2013-03-12 01:31:16 +01:00
|
|
|
BATlt = env->IBAT[1];
|
|
|
|
|
BATut = env->IBAT[0];
|
2013-03-12 01:31:20 +01:00
|
|
|
} else {
|
2013-03-12 01:31:16 +01:00
|
|
|
BATlt = env->DBAT[1];
|
|
|
|
|
BATut = env->DBAT[0];
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i < env->nb_BATs; i++) {
|
2013-03-12 01:31:33 +01:00
|
|
|
target_ulong batu = BATut[i];
|
|
|
|
|
target_ulong batl = BATlt[i];
|
2013-03-12 01:31:35 +01:00
|
|
|
target_ulong mask;
|
2013-03-12 01:31:33 +01:00
|
|
|
|
2022-02-09 09:08:55 +01:00
|
|
|
mask = hash32_bat_size(mmu_idx, batu, batl);
|
2013-03-12 01:31:16 +01:00
|
|
|
LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
|
|
|
|
|
" BATl " TARGET_FMT_lx "\n", __func__,
|
2021-05-18 22:11:26 +02:00
|
|
|
ifetch ? 'I' : 'D', i, ea, batu, batl);
|
2013-03-12 01:31:36 +01:00
|
|
|
|
|
|
|
|
if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
|
|
|
|
|
hwaddr raddr = (batl & mask) | (ea & ~mask);
|
|
|
|
|
|
2022-02-09 09:08:55 +01:00
|
|
|
*prot = hash32_bat_prot(cpu, batu, batl);
|
2013-03-12 01:31:36 +01:00
|
|
|
|
|
|
|
|
return raddr & TARGET_PAGE_MASK;
|
2013-03-12 01:31:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
2013-03-12 01:31:36 +01:00
|
|
|
|
|
|
|
|
/* No hit */
|
2013-03-12 01:31:16 +01:00
|
|
|
#if defined(DEBUG_BATS)
|
2013-03-12 01:31:36 +01:00
|
|
|
if (qemu_log_enabled()) {
|
2021-07-02 23:52:35 +02:00
|
|
|
target_ulong *BATu, *BATl;
|
|
|
|
|
target_ulong BEPIl, BEPIu, bl;
|
|
|
|
|
|
2013-03-12 01:31:36 +01:00
|
|
|
LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", ea);
|
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
|
|
|
BATu = &BATut[i];
|
|
|
|
|
BATl = &BATlt[i];
|
|
|
|
|
BEPIu = *BATu & BATU32_BEPIU;
|
|
|
|
|
BEPIl = *BATu & BATU32_BEPIL;
|
|
|
|
|
bl = (*BATu & 0x00001FFC) << 15;
|
|
|
|
|
LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
|
|
|
|
|
" BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
|
|
|
|
|
TARGET_FMT_lx " " TARGET_FMT_lx "\n",
|
2021-05-18 22:11:26 +02:00
|
|
|
__func__, ifetch ? 'I' : 'D', i, ea,
|
2013-03-12 01:31:36 +01:00
|
|
|
*BATu, *BATl, BEPIu, BEPIl, bl);
|
2013-03-12 01:31:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
2013-03-12 01:31:36 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return -1;
|
2013-03-12 01:31:16 +01:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 14:51:11 +02:00
|
|
|
static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
|
|
|
|
|
target_ulong eaddr,
|
|
|
|
|
MMUAccessType access_type,
|
2021-07-06 17:03:16 +02:00
|
|
|
hwaddr *raddr, int *prot, int mmu_idx,
|
2021-06-21 14:51:11 +02:00
|
|
|
bool guest_visible)
|
2013-03-12 01:31:25 +01:00
|
|
|
{
|
2016-01-14 05:33:27 +01:00
|
|
|
CPUState *cs = CPU(cpu);
|
|
|
|
|
CPUPPCState *env = &cpu->env;
|
2021-07-06 17:03:16 +02:00
|
|
|
int key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
|
2013-03-12 01:31:25 +01:00
|
|
|
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
|
2013-03-12 01:31:25 +01:00
|
|
|
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_INST_FETCH) {
|
2013-03-12 01:31:25 +01:00
|
|
|
/* No code fetch is allowed in direct-store areas */
|
2021-06-21 14:51:11 +02:00
|
|
|
if (guest_visible) {
|
|
|
|
|
cs->exception_index = POWERPC_EXCP_ISI;
|
|
|
|
|
env->error_code = 0x10000000;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2013-03-12 01:31:25 +01:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 14:51:11 +02:00
|
|
|
/*
|
|
|
|
|
* From ppc_cpu_get_phys_page_debug, env->access_type is not set.
|
|
|
|
|
* Assume ACCESS_INT for that case.
|
|
|
|
|
*/
|
|
|
|
|
switch (guest_visible ? env->access_type : ACCESS_INT) {
|
2013-03-12 01:31:25 +01:00
|
|
|
case ACCESS_INT:
|
|
|
|
|
/* Integer load/store : only access allowed */
|
|
|
|
|
break;
|
|
|
|
|
case ACCESS_FLOAT:
|
|
|
|
|
/* Floating point load/store */
|
2013-08-26 08:31:06 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_ALIGN;
|
2013-03-12 01:31:46 +01:00
|
|
|
env->error_code = POWERPC_EXCP_ALIGN_FP;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:25 +01:00
|
|
|
case ACCESS_RES:
|
|
|
|
|
/* lwarx, ldarx or srwcx. */
|
2013-03-12 01:31:46 +01:00
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_DATA_STORE) {
|
2013-03-12 01:31:46 +01:00
|
|
|
env->spr[SPR_DSISR] = 0x06000000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x04000000;
|
|
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:25 +01:00
|
|
|
case ACCESS_CACHE:
|
2019-03-21 12:29:06 +01:00
|
|
|
/*
|
|
|
|
|
* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
|
|
|
|
|
*
|
|
|
|
|
* Should make the instruction do no-op. As it already do
|
|
|
|
|
* no-op, it's quite easy :-)
|
2013-03-12 01:31:25 +01:00
|
|
|
*/
|
|
|
|
|
*raddr = eaddr;
|
2021-06-21 14:51:11 +02:00
|
|
|
return true;
|
2013-03-12 01:31:25 +01:00
|
|
|
case ACCESS_EXT:
|
|
|
|
|
/* eciwx or ecowx */
|
2013-08-26 08:31:06 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_DSI;
|
2013-03-12 01:31:46 +01:00
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_DATA_STORE) {
|
2013-03-12 01:31:46 +01:00
|
|
|
env->spr[SPR_DSISR] = 0x06100000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x04100000;
|
|
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:25 +01:00
|
|
|
default:
|
2021-06-21 14:51:11 +02:00
|
|
|
cpu_abort(cs, "ERROR: insn should not need address translation\n");
|
2013-03-12 01:31:25 +01:00
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
|
|
|
|
|
*prot = key ? PAGE_READ | PAGE_WRITE : PAGE_READ;
|
|
|
|
|
if (*prot & prot_for_access_type(access_type)) {
|
2013-03-12 01:31:25 +01:00
|
|
|
*raddr = eaddr;
|
2021-06-21 14:51:11 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (guest_visible) {
|
2013-08-26 08:31:06 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_DSI;
|
2013-03-12 01:31:46 +01:00
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_DATA_STORE) {
|
2013-03-12 01:31:46 +01:00
|
|
|
env->spr[SPR_DSISR] = 0x0a000000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x08000000;
|
|
|
|
|
}
|
2013-03-12 01:31:25 +01:00
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:25 +01:00
|
|
|
}
|
|
|
|
|
|
2016-01-14 05:33:27 +01:00
|
|
|
hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
|
2013-03-12 01:31:15 +01:00
|
|
|
{
|
target/ppc: Eliminate htab_base and htab_mask variables
CPUPPCState includes fields htab_base and htab_mask which store the base
address (GPA) and size (as a mask) of the guest's hashed page table (HPT).
These are set when the SDR1 register is updated.
Keeping these in sync with the SDR1 is actually a little bit fiddly, and
probably not useful for performance, since keeping them expands the size of
CPUPPCState. It also makes some upcoming changes harder to implement.
This patch removes these fields, in favour of calculating them directly
from the SDR1 contents when necessary.
This does make a change to the behaviour of attempting to write a bad value
(invalid HPT size) to the SDR1 with an mtspr instruction. Previously, the
bad value would be stored in SDR1 and could be retrieved with a later
mfspr, but the HPT size as used by the softmmu would be, clamped to the
allowed values. Now, writing a bad value is treated as a no-op. An error
message is printed in both new and old versions.
I'm not sure which behaviour, if either, matches real hardware. I don't
think it matters that much, since it's pretty clear that if an OS writes
a bad value to SDR1, it's not going to boot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2017-02-24 06:36:44 +01:00
|
|
|
target_ulong mask = ppc_hash32_hpt_mask(cpu);
|
2016-01-14 05:33:27 +01:00
|
|
|
|
target/ppc: Eliminate htab_base and htab_mask variables
CPUPPCState includes fields htab_base and htab_mask which store the base
address (GPA) and size (as a mask) of the guest's hashed page table (HPT).
These are set when the SDR1 register is updated.
Keeping these in sync with the SDR1 is actually a little bit fiddly, and
probably not useful for performance, since keeping them expands the size of
CPUPPCState. It also makes some upcoming changes harder to implement.
This patch removes these fields, in favour of calculating them directly
from the SDR1 contents when necessary.
This does make a change to the behaviour of attempting to write a bad value
(invalid HPT size) to the SDR1 with an mtspr instruction. Previously, the
bad value would be stored in SDR1 and could be retrieved with a later
mfspr, but the HPT size as used by the softmmu would be, clamped to the
allowed values. Now, writing a bad value is treated as a no-op. An error
message is printed in both new and old versions.
I'm not sure which behaviour, if either, matches real hardware. I don't
think it matters that much, since it's pretty clear that if an OS writes
a bad value to SDR1, it's not going to boot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2017-02-24 06:36:44 +01:00
|
|
|
return (hash * HASH_PTEG_SIZE_32) & mask;
|
2013-03-12 01:31:15 +01:00
|
|
|
}
|
|
|
|
|
|
2016-01-14 05:33:27 +01:00
|
|
|
static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
|
2013-03-12 01:31:28 +01:00
|
|
|
bool secondary, target_ulong ptem,
|
|
|
|
|
ppc_hash_pte32_t *pte)
|
|
|
|
|
{
|
|
|
|
|
hwaddr pte_offset = pteg_off;
|
|
|
|
|
target_ulong pte0, pte1;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < HPTES_PER_GROUP; i++) {
|
2016-01-14 05:33:27 +01:00
|
|
|
pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
|
2019-02-15 18:00:23 +01:00
|
|
|
/*
|
|
|
|
|
* pte0 contains the valid bit and must be read before pte1,
|
|
|
|
|
* otherwise we might see an old pte1 with a new valid bit and
|
|
|
|
|
* thus an inconsistent hpte value
|
|
|
|
|
*/
|
|
|
|
|
smp_rmb();
|
2016-01-14 05:33:27 +01:00
|
|
|
pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
|
2013-03-12 01:31:28 +01:00
|
|
|
|
|
|
|
|
if ((pte0 & HPTE32_V_VALID)
|
|
|
|
|
&& (secondary == !!(pte0 & HPTE32_V_SECONDARY))
|
|
|
|
|
&& HPTE32_V_COMPARE(pte0, ptem)) {
|
|
|
|
|
pte->pte0 = pte0;
|
|
|
|
|
pte->pte1 = pte1;
|
|
|
|
|
return pte_offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pte_offset += HASH_PTE_SIZE_32;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-11 10:00:02 +02:00
|
|
|
static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_offset, uint32_t pte1)
|
|
|
|
|
{
|
|
|
|
|
target_ulong base = ppc_hash32_hpt_base(cpu);
|
|
|
|
|
hwaddr offset = pte_offset + 6;
|
|
|
|
|
|
|
|
|
|
/* The HW performs a non-atomic byte update */
|
|
|
|
|
stb_phys(CPU(cpu)->as, base + offset, ((pte1 >> 8) & 0xff) | 0x01);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_offset, uint64_t pte1)
|
|
|
|
|
{
|
|
|
|
|
target_ulong base = ppc_hash32_hpt_base(cpu);
|
|
|
|
|
hwaddr offset = pte_offset + 7;
|
|
|
|
|
|
|
|
|
|
/* The HW performs a non-atomic byte update */
|
|
|
|
|
stb_phys(CPU(cpu)->as, base + offset, (pte1 & 0xff) | 0x80);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-14 05:33:27 +01:00
|
|
|
static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
|
2013-03-12 01:31:30 +01:00
|
|
|
target_ulong sr, target_ulong eaddr,
|
|
|
|
|
ppc_hash_pte32_t *pte)
|
2013-03-12 01:31:08 +01:00
|
|
|
{
|
2013-03-12 01:31:28 +01:00
|
|
|
hwaddr pteg_off, pte_offset;
|
2013-03-12 01:31:29 +01:00
|
|
|
hwaddr hash;
|
|
|
|
|
uint32_t vsid, pgidx, ptem;
|
2013-03-12 01:31:08 +01:00
|
|
|
|
2013-03-12 01:31:29 +01:00
|
|
|
vsid = sr & SR32_VSID;
|
|
|
|
|
pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
|
|
|
|
|
hash = vsid ^ pgidx;
|
|
|
|
|
ptem = (vsid << 7) | (pgidx >> 10);
|
|
|
|
|
|
|
|
|
|
/* Page address translation */
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "htab_base " TARGET_FMT_plx
|
|
|
|
|
" htab_mask " TARGET_FMT_plx
|
2013-03-12 01:31:29 +01:00
|
|
|
" hash " TARGET_FMT_plx "\n",
|
target/ppc: Eliminate htab_base and htab_mask variables
CPUPPCState includes fields htab_base and htab_mask which store the base
address (GPA) and size (as a mask) of the guest's hashed page table (HPT).
These are set when the SDR1 register is updated.
Keeping these in sync with the SDR1 is actually a little bit fiddly, and
probably not useful for performance, since keeping them expands the size of
CPUPPCState. It also makes some upcoming changes harder to implement.
This patch removes these fields, in favour of calculating them directly
from the SDR1 contents when necessary.
This does make a change to the behaviour of attempting to write a bad value
(invalid HPT size) to the SDR1 with an mtspr instruction. Previously, the
bad value would be stored in SDR1 and could be retrieved with a later
mfspr, but the HPT size as used by the softmmu would be, clamped to the
allowed values. Now, writing a bad value is treated as a no-op. An error
message is printed in both new and old versions.
I'm not sure which behaviour, if either, matches real hardware. I don't
think it matters that much, since it's pretty clear that if an OS writes
a bad value to SDR1, it's not going to boot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2017-02-24 06:36:44 +01:00
|
|
|
ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
|
2013-03-12 01:31:29 +01:00
|
|
|
|
|
|
|
|
/* Primary PTEG lookup */
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
|
2013-03-12 01:31:29 +01:00
|
|
|
" vsid=%" PRIx32 " ptem=%" PRIx32
|
|
|
|
|
" hash=" TARGET_FMT_plx "\n",
|
target/ppc: Eliminate htab_base and htab_mask variables
CPUPPCState includes fields htab_base and htab_mask which store the base
address (GPA) and size (as a mask) of the guest's hashed page table (HPT).
These are set when the SDR1 register is updated.
Keeping these in sync with the SDR1 is actually a little bit fiddly, and
probably not useful for performance, since keeping them expands the size of
CPUPPCState. It also makes some upcoming changes harder to implement.
This patch removes these fields, in favour of calculating them directly
from the SDR1 contents when necessary.
This does make a change to the behaviour of attempting to write a bad value
(invalid HPT size) to the SDR1 with an mtspr instruction. Previously, the
bad value would be stored in SDR1 and could be retrieved with a later
mfspr, but the HPT size as used by the softmmu would be, clamped to the
allowed values. Now, writing a bad value is treated as a no-op. An error
message is printed in both new and old versions.
I'm not sure which behaviour, if either, matches real hardware. I don't
think it matters that much, since it's pretty clear that if an OS writes
a bad value to SDR1, it's not going to boot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2017-02-24 06:36:44 +01:00
|
|
|
ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
|
|
|
|
|
vsid, ptem, hash);
|
2016-01-14 05:33:27 +01:00
|
|
|
pteg_off = get_pteg_offset32(cpu, hash);
|
|
|
|
|
pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
|
2013-03-12 01:31:29 +01:00
|
|
|
if (pte_offset == -1) {
|
|
|
|
|
/* Secondary PTEG lookup */
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
|
2013-03-12 01:31:29 +01:00
|
|
|
" vsid=%" PRIx32 " api=%" PRIx32
|
target/ppc: Eliminate htab_base and htab_mask variables
CPUPPCState includes fields htab_base and htab_mask which store the base
address (GPA) and size (as a mask) of the guest's hashed page table (HPT).
These are set when the SDR1 register is updated.
Keeping these in sync with the SDR1 is actually a little bit fiddly, and
probably not useful for performance, since keeping them expands the size of
CPUPPCState. It also makes some upcoming changes harder to implement.
This patch removes these fields, in favour of calculating them directly
from the SDR1 contents when necessary.
This does make a change to the behaviour of attempting to write a bad value
(invalid HPT size) to the SDR1 with an mtspr instruction. Previously, the
bad value would be stored in SDR1 and could be retrieved with a later
mfspr, but the HPT size as used by the softmmu would be, clamped to the
allowed values. Now, writing a bad value is treated as a no-op. An error
message is printed in both new and old versions.
I'm not sure which behaviour, if either, matches real hardware. I don't
think it matters that much, since it's pretty clear that if an OS writes
a bad value to SDR1, it's not going to boot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2017-02-24 06:36:44 +01:00
|
|
|
" hash=" TARGET_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
|
|
|
|
|
ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
|
2016-01-14 05:33:27 +01:00
|
|
|
pteg_off = get_pteg_offset32(cpu, ~hash);
|
|
|
|
|
pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
|
2013-03-12 01:31:29 +01:00
|
|
|
}
|
|
|
|
|
|
2013-03-12 01:31:30 +01:00
|
|
|
return pte_offset;
|
2013-03-12 01:31:08 +01:00
|
|
|
}
|
2013-03-12 01:31:09 +01:00
|
|
|
|
2013-03-12 01:31:43 +01:00
|
|
|
static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
|
|
|
|
|
target_ulong eaddr)
|
|
|
|
|
{
|
2013-03-12 01:31:44 +01:00
|
|
|
hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
|
2013-03-12 01:31:43 +01:00
|
|
|
hwaddr mask = ~TARGET_PAGE_MASK;
|
|
|
|
|
|
|
|
|
|
return (rpn & ~mask) | (eaddr & mask);
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-21 14:51:13 +02:00
|
|
|
bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
|
2021-07-06 17:03:16 +02:00
|
|
|
hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
|
2021-06-21 14:51:13 +02:00
|
|
|
bool guest_visible)
|
2013-03-12 01:31:09 +01:00
|
|
|
{
|
2013-09-02 14:14:24 +02:00
|
|
|
CPUState *cs = CPU(cpu);
|
|
|
|
|
CPUPPCState *env = &cpu->env;
|
2013-03-12 01:31:29 +01:00
|
|
|
target_ulong sr;
|
2013-03-12 01:31:30 +01:00
|
|
|
hwaddr pte_offset;
|
|
|
|
|
ppc_hash_pte32_t pte;
|
2013-03-12 01:31:46 +01:00
|
|
|
int prot;
|
2021-05-18 22:11:23 +02:00
|
|
|
int need_prot;
|
2013-03-12 01:31:46 +01:00
|
|
|
hwaddr raddr;
|
2013-03-12 01:31:09 +01:00
|
|
|
|
2021-06-21 14:51:11 +02:00
|
|
|
/* There are no hash32 large pages. */
|
|
|
|
|
*psizep = TARGET_PAGE_BITS;
|
2013-03-12 01:31:32 +01:00
|
|
|
|
2013-03-12 01:31:23 +01:00
|
|
|
/* 1. Handle real mode accesses */
|
2021-07-06 17:03:16 +02:00
|
|
|
if (mmuidx_real(mmu_idx)) {
|
2013-03-12 01:31:23 +01:00
|
|
|
/* Translation is off */
|
2021-06-21 14:51:11 +02:00
|
|
|
*raddrp = eaddr;
|
|
|
|
|
*protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
|
|
|
|
|
return true;
|
2013-03-12 01:31:23 +01:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 14:51:11 +02:00
|
|
|
need_prot = prot_for_access_type(access_type);
|
|
|
|
|
|
2013-03-12 01:31:23 +01:00
|
|
|
/* 2. Check Block Address Translation entries (BATs) */
|
|
|
|
|
if (env->nb_BATs != 0) {
|
2021-07-06 17:03:16 +02:00
|
|
|
raddr = ppc_hash32_bat_lookup(cpu, eaddr, access_type, protp, mmu_idx);
|
2013-03-12 01:31:46 +01:00
|
|
|
if (raddr != -1) {
|
2021-06-21 14:51:11 +02:00
|
|
|
if (need_prot & ~*protp) {
|
|
|
|
|
if (guest_visible) {
|
|
|
|
|
if (access_type == MMU_INST_FETCH) {
|
|
|
|
|
cs->exception_index = POWERPC_EXCP_ISI;
|
|
|
|
|
env->error_code = 0x08000000;
|
2013-03-12 01:31:46 +01:00
|
|
|
} else {
|
2021-06-21 14:51:11 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_DSI;
|
|
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
|
|
|
|
if (access_type == MMU_DATA_STORE) {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x0a000000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x08000000;
|
|
|
|
|
}
|
2013-03-12 01:31:46 +01:00
|
|
|
}
|
|
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:40 +01:00
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
*raddrp = raddr;
|
|
|
|
|
return true;
|
2013-03-12 01:31:23 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-12 01:31:24 +01:00
|
|
|
/* 3. Look up the Segment Register */
|
2013-03-12 01:31:09 +01:00
|
|
|
sr = env->sr[eaddr >> 28];
|
2013-03-12 01:31:24 +01:00
|
|
|
|
|
|
|
|
/* 4. Handle direct store segments */
|
|
|
|
|
if (sr & SR32_T) {
|
2021-06-21 14:51:11 +02:00
|
|
|
return ppc_hash32_direct_store(cpu, sr, eaddr, access_type,
|
2021-07-06 17:03:16 +02:00
|
|
|
raddrp, protp, mmu_idx, guest_visible);
|
2013-03-12 01:31:24 +01:00
|
|
|
}
|
|
|
|
|
|
2013-03-12 01:31:26 +01:00
|
|
|
/* 5. Check for segment level no-execute violation */
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_INST_FETCH && (sr & SR32_NX)) {
|
2021-06-21 14:51:11 +02:00
|
|
|
if (guest_visible) {
|
|
|
|
|
cs->exception_index = POWERPC_EXCP_ISI;
|
|
|
|
|
env->error_code = 0x10000000;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2013-03-12 01:31:26 +01:00
|
|
|
}
|
2013-03-12 01:31:30 +01:00
|
|
|
|
|
|
|
|
/* 6. Locate the PTE in the hash table */
|
2016-01-14 05:33:27 +01:00
|
|
|
pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
|
2013-03-12 01:31:30 +01:00
|
|
|
if (pte_offset == -1) {
|
2021-06-21 14:51:11 +02:00
|
|
|
if (guest_visible) {
|
|
|
|
|
if (access_type == MMU_INST_FETCH) {
|
|
|
|
|
cs->exception_index = POWERPC_EXCP_ISI;
|
|
|
|
|
env->error_code = 0x40000000;
|
2013-03-12 01:31:46 +01:00
|
|
|
} else {
|
2021-06-21 14:51:11 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_DSI;
|
|
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
|
|
|
|
if (access_type == MMU_DATA_STORE) {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x42000000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x40000000;
|
|
|
|
|
}
|
2013-03-12 01:31:46 +01:00
|
|
|
}
|
|
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:30 +01:00
|
|
|
}
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU,
|
|
|
|
|
"found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
|
2013-03-12 01:31:30 +01:00
|
|
|
|
|
|
|
|
/* 7. Check access permissions */
|
2013-03-12 01:31:32 +01:00
|
|
|
|
2021-07-06 17:03:16 +02:00
|
|
|
prot = ppc_hash32_pte_prot(mmu_idx, sr, pte);
|
2013-03-12 01:31:32 +01:00
|
|
|
|
2021-05-18 22:11:23 +02:00
|
|
|
if (need_prot & ~prot) {
|
2013-03-12 01:31:32 +01:00
|
|
|
/* Access right violation */
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
|
2021-06-21 14:51:11 +02:00
|
|
|
if (guest_visible) {
|
|
|
|
|
if (access_type == MMU_INST_FETCH) {
|
|
|
|
|
cs->exception_index = POWERPC_EXCP_ISI;
|
|
|
|
|
env->error_code = 0x08000000;
|
2013-03-12 01:31:46 +01:00
|
|
|
} else {
|
2021-06-21 14:51:11 +02:00
|
|
|
cs->exception_index = POWERPC_EXCP_DSI;
|
|
|
|
|
env->error_code = 0;
|
|
|
|
|
env->spr[SPR_DAR] = eaddr;
|
|
|
|
|
if (access_type == MMU_DATA_STORE) {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x0a000000;
|
|
|
|
|
} else {
|
|
|
|
|
env->spr[SPR_DSISR] = 0x08000000;
|
|
|
|
|
}
|
2013-03-12 01:31:46 +01:00
|
|
|
}
|
|
|
|
|
}
|
2021-06-21 14:51:11 +02:00
|
|
|
return false;
|
2013-03-12 01:31:32 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-13 17:48:18 +01:00
|
|
|
qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
|
2013-03-12 01:31:38 +01:00
|
|
|
|
|
|
|
|
/* 8. Update PTE referenced and changed bits if necessary */
|
|
|
|
|
|
2019-04-11 10:00:02 +02:00
|
|
|
if (!(pte.pte1 & HPTE32_R_R)) {
|
|
|
|
|
ppc_hash32_set_r(cpu, pte_offset, pte.pte1);
|
2013-03-12 01:31:30 +01:00
|
|
|
}
|
2019-04-11 10:00:02 +02:00
|
|
|
if (!(pte.pte1 & HPTE32_R_C)) {
|
2021-05-18 22:11:26 +02:00
|
|
|
if (access_type == MMU_DATA_STORE) {
|
2019-04-11 10:00:02 +02:00
|
|
|
ppc_hash32_set_c(cpu, pte_offset, pte.pte1);
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Treat the page as read-only for now, so that a later write
|
|
|
|
|
* will pass through this function again to set the C bit
|
|
|
|
|
*/
|
|
|
|
|
prot &= ~PAGE_WRITE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-03-12 01:31:09 +01:00
|
|
|
|
2013-03-12 01:31:43 +01:00
|
|
|
/* 9. Determine the real address from the PTE */
|
|
|
|
|
|
2021-06-21 14:51:11 +02:00
|
|
|
*raddrp = ppc_hash32_pte_raddr(sr, pte, eaddr);
|
|
|
|
|
*protp = prot;
|
|
|
|
|
return true;
|
2013-03-12 01:31:09 +01:00
|
|
|
}
|