Fix wrong usage of ! and & in MMU related functions. Thanks to Blue
Swirl for reporting the issue.
Reported-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
SH4 is using 16-bit instructions which means most of the constants are
loaded through a constant pool at the end of the subroutine. The same
memory page is therefore accessed in exec and read mode.
With the current implementation, a QEMU TLB entry is set to read or
read/write mode after an UTLB search and to exec mode after an ITLB
search, which causes a lot of TLB exceptions to switch from read or
read/write to exec and vice versa.
This patch optimizes that by already setting the QEMU TLB entry in read
or read/write mode when an UTLB entry is copied into ITLB (during an
ITLB miss). This improve the emulation speed by about 14%.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Some Linux kernels seems to implement ITLB/UTLB flushing through by
writing all TLB entries through the memory mapped interface instead
of writing one to MMUCR.TI.
Implement memory mapped ITLB write interface so that such kernels can
boot. This fixes https://bugs.launchpad.net/bugs/700774 .
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When building with -DNDEBUG, assert(0) will not stop execution
so it must not be used for abnormal termination.
Use cpu_abort() when in CPU context, abort() otherwise.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
QEMU uses a fixed page size for the CPU TLB. If the guest uses large
pages then we effectively split these into multiple smaller pages, and
populate the corresponding TLB entries on demand.
When the guest invalidates the TLB by virtual address we must invalidate
all entries covered by the large page. However the address used to
invalidate the entry may not be present in the QEMU TLB, so we do not
know which regions to clear.
Implementing a full vaiable size TLB is hard and slow, so just keep a
simple address/mask pair to record which addresses may have been mapped by
large pages. If the guest invalidates this region then flush the
whole TLB.
Signed-off-by: Paul Brook <paul@codesourcery.com>
env->exception_index should be cleared with -1, not 0.
See also 821b19fe92.
Spotted by Igor Kovalenko.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
On SH4, the ITLB and UTLB configurations are memory mapped, so loading
ITLB entries from UTLB has to be simulated correctly. For that the QEMU
TLB has to be handle the execute (ITLB) and read/write permissions
(UTLB) seperately.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
With the current code, the QEMU TLB is setup to match the read/write
mode of the MMU fault. This means when read access is done, the page
is setup in read-only mode. When the page is later accessed in write
mode, an MMU fault happened, and the page is switch in write-only
mode. This flip-flop causes a lot of calls to the MMU code and slow
down the emulation.
This patch changes the MMU emulation, so that the QEMU TLB is setup
to match the UTLB protection key. This impressively increase the
speed of the emulation.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
There is an ITLB access violation if SR_MD=0 (user mode) while
the high bit of the protection key is 0 (priviledge mode).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In the very least, a change like this requires discussion on the list.
The naming convention is goofy and it causes a massive merge problem. Something
like this _must_ be presented on the list first so people can provide input
and cope with it.
This reverts commit 99a0949b72.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Include assert.h from qemu-common.h and remove other direct uses.
cpu-all.h still need to include it because of the dyngen-exec.h hacks
Signed-off-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6970 c046a42c-6fe2-441c-8c8c-71466251a162
The entire U0 area is assumed to be cacheable.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6969 c046a42c-6fe2-441c-8c8c-71466251a162
Author: Vladimir Prus <vladimir@codesourcery.com>
Fix movcal.l/ocbi emulation.
* target-sh4/cpu.h (memory_content): New.
(CPUSH4State): New fields movcal_backup and movcal_backup_tail.
* target-sh4/helper.h (helper_movcal)
(helper_discard_movcal_backup, helper_ocbi): New.
* target-sh4/op_helper.c (helper_movcal)
(helper_discard_movcal_backup, helper_ocbi): New.
* target-sh4/translate.c (DisasContext): New field has_movcal.
(sh4_defs): Update CVS for SH7785.
(cpu_sh4_init): Initialize env->movcal_backup_tail.
(_decode_opc): Discard movca.l-backup.
Make use of helper_movcal and helper_ocbi.
(gen_intermediate_code_internal): Initialize has_movcal to 1.
Thanks to Shin-ichiro KAWASAKI and Paul Mundt for valuable feedback.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6966 c046a42c-6fe2-441c-8c8c-71466251a162
With my previous patch (the one monitoring tlb), I found that the last
TLB entry was never use. Here a little fix.
Signed-off-by: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6671 c046a42c-6fe2-441c-8c8c-71466251a162
These are references to 'loglevel' that aren't on a simple 'if (loglevel &
X) qemu_log()' statement.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6340 c046a42c-6fe2-441c-8c8c-71466251a162
This is a large patch that changes all occurrences of logfile/loglevel
global variables to use the new qemu_log*() macros.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6338 c046a42c-6fe2-441c-8c8c-71466251a162
The attached patch updates the FSF address in the GPL/LGPL boilerplate
in most GPL/LGPLed files, and also in COPYING.LIB.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6162 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds SH bit handling to sh4's TLB, which is a part of MMU
functionality that had not been implemented in qemu.
Additionally, increment_urc() call in cpu_load_tlb() is deleted, because
the specification explicitly says that URC is not incremented by an LDTLB
instruction (at Section 3 of SH7751 Hardware manual(REJ09B0370-0400)).
Even though URC is not needed to be strictly same as HW because it is a
random number, this condition is not negligible.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5971 c046a42c-6fe2-441c-8c8c-71466251a162
Main purpose of this is to delete
*physical = address & 0x1fffffff;
at target-sh4/helper.c:449, using new mmio rule introduced by #5849
This masking is a nice trick to realize P4/A7 duality of SH registers.
But, IMHO, it is logically wrong.
Most of SH4 cpu control registers in P4 area(0xfc000000...0xffffffff) have
one more address called A7 which is usually P4 address with upper 3bits masked.
This is an address only appears in TLB's physical address part.
Current code use trick writing drivers as if they are really in A7
(that's why you see many *_A7 in hw/sh*.c), and using translation P4 to A7.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5935 c046a42c-6fe2-441c-8c8c-71466251a162
Based on a patch from Vladimir Prus and comments from Shin-ichiro KAWASAKI.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5770 c046a42c-6fe2-441c-8c8c-71466251a162
Some bugs on SH4 MMU are fixed.
- When a TLB entry is overwritten or invalidated, tlb_flush_page() should be
invoked to invalidate old entry.
- When a ASID is changed, tlb_flush() should be invoke to invalidate entries
which have old ASID.
- The check for shared bit in TLB entry causes multiple TLB hit exception.
As SH3's MMU, shared bit is ignored.
- ASID is used when MMUCR's SV bit or SR's MD bit is zero.
No need to check both bits are zero.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5068 c046a42c-6fe2-441c-8c8c-71466251a162
SH4 MMU's memory mapped TLB feature is implemented.
SH-Linux seems to write to memory mapped TLB to invalidate a TLB entry,
but does not to read it. So only memory write feature is implemented.
Work on memory read feature is left.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5067 c046a42c-6fe2-441c-8c8c-71466251a162
Two bugs about delay slot handlings are fixed.
- After an exception occurred in delay slot, the branch instruction
before delay slot should be executed again. To judge such re-execution
is necessery or not, delay slot status is kept in SH4 CPU data structure.
- When a branch instruction is placed at the end of memory segment,
the delay slot is placed at the start of next memory segment.
It means delay slot comes to the start of a translation block.
In such occasion, DELAY_SLOT_CLAREME flag is used to transmit status
between translation blocks. When an exception occurs on this kind of
delay slot, DELAY_SLOT_CLEARME flag cause a status confusion in exception
handling. DELAY_SLOT_CLEARME flag should be cleared on exceptions.
And some items are added to CPU status dump.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5066 c046a42c-6fe2-441c-8c8c-71466251a162
allowing support of more than 2 mmu access modes.
Add backward compatibility is_user variable in targets code when needed.
Implement per target cpu_mmu_index function, avoiding duplicated code
and #ifdef TARGET_xxx in softmmu core functions.
Implement per target mmu modes definitions. As an example, add PowerPC
hypervisor mode definition and Alpha executive and kernel modes definitions.
Optimize PowerPC case, precomputing mmu_idx when MSR register changes
and using the same definition in code translation code.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3384 c046a42c-6fe2-441c-8c8c-71466251a162
