search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
block/copy-before-write: relax permission requirements when no parents
[qemu.git] / target / ppc / mmu-radix64.c
blob5b0e62e676dc75d310d67bc58c9965d02e5cfd37
1 /*
2 * PowerPC Radix MMU mulation helpers for QEMU.
3 *
4 * Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "cpu.h"
22 #include "exec/exec-all.h"
23 #include "qemu/error-report.h"
24 #include "sysemu/kvm.h"
25 #include "kvm_ppc.h"
26 #include "exec/log.h"
27 #include "internal.h"
28 #include "mmu-radix64.h"
29 #include "mmu-book3s-v3.h"
30
31 static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env,
32 vaddr eaddr,
33 uint64_t *lpid, uint64_t *pid)
34 {
35 if (msr_hv) { /* MSR[HV] -> Hypervisor/bare metal */
36 switch (eaddr & R_EADDR_QUADRANT) {
37 case R_EADDR_QUADRANT0:
38 *lpid = 0;
39 *pid = env->spr[SPR_BOOKS_PID];
40 break;
41 case R_EADDR_QUADRANT1:
42 *lpid = env->spr[SPR_LPIDR];
43 *pid = env->spr[SPR_BOOKS_PID];
44 break;
45 case R_EADDR_QUADRANT2:
46 *lpid = env->spr[SPR_LPIDR];
47 *pid = 0;
48 break;
49 case R_EADDR_QUADRANT3:
50 *lpid = 0;
51 *pid = 0;
52 break;
53 default:
54 g_assert_not_reached();
55 }
56 } else { /* !MSR[HV] -> Guest */
57 switch (eaddr & R_EADDR_QUADRANT) {
58 case R_EADDR_QUADRANT0: /* Guest application */
59 *lpid = env->spr[SPR_LPIDR];
60 *pid = env->spr[SPR_BOOKS_PID];
61 break;
62 case R_EADDR_QUADRANT1: /* Illegal */
63 case R_EADDR_QUADRANT2:
64 return false;
65 case R_EADDR_QUADRANT3: /* Guest OS */
66 *lpid = env->spr[SPR_LPIDR];
67 *pid = 0; /* pid set to 0 -> addresses guest operating system */
68 break;
69 default:
70 g_assert_not_reached();
71 }
72 }
73
74 return true;
75 }
76
77 static void ppc_radix64_raise_segi(PowerPCCPU *cpu, MMUAccessType access_type,
78 vaddr eaddr)
79 {
80 CPUState *cs = CPU(cpu);
81 CPUPPCState *env = &cpu->env;
82
83 switch (access_type) {
84 case MMU_INST_FETCH:
85 /* Instruction Segment Interrupt */
86 cs->exception_index = POWERPC_EXCP_ISEG;
87 break;
88 case MMU_DATA_STORE:
89 case MMU_DATA_LOAD:
90 /* Data Segment Interrupt */
91 cs->exception_index = POWERPC_EXCP_DSEG;
92 env->spr[SPR_DAR] = eaddr;
93 break;
94 default:
95 g_assert_not_reached();
96 }
97 env->error_code = 0;
98 }
99
100 static void ppc_radix64_raise_si(PowerPCCPU *cpu, MMUAccessType access_type,
101 vaddr eaddr, uint32_t cause)
102 {
103 CPUState *cs = CPU(cpu);
104 CPUPPCState *env = &cpu->env;
105
106 switch (access_type) {
107 case MMU_INST_FETCH:
108 /* Instruction Storage Interrupt */
109 cs->exception_index = POWERPC_EXCP_ISI;
110 env->error_code = cause;
111 break;
112 case MMU_DATA_STORE:
113 cause |= DSISR_ISSTORE;
114 /* fall through */
115 case MMU_DATA_LOAD:
116 /* Data Storage Interrupt */
117 cs->exception_index = POWERPC_EXCP_DSI;
118 env->spr[SPR_DSISR] = cause;
119 env->spr[SPR_DAR] = eaddr;
120 env->error_code = 0;
121 break;
122 default:
123 g_assert_not_reached();
124 }
125 }
126
127 static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type,
128 vaddr eaddr, hwaddr g_raddr, uint32_t cause)
129 {
130 CPUState *cs = CPU(cpu);
131 CPUPPCState *env = &cpu->env;
132
133 switch (access_type) {
134 case MMU_INST_FETCH:
135 /* H Instruction Storage Interrupt */
136 cs->exception_index = POWERPC_EXCP_HISI;
137 env->spr[SPR_ASDR] = g_raddr;
138 env->error_code = cause;
139 break;
140 case MMU_DATA_STORE:
141 cause |= DSISR_ISSTORE;
142 /* fall through */
143 case MMU_DATA_LOAD:
144 /* H Data Storage Interrupt */
145 cs->exception_index = POWERPC_EXCP_HDSI;
146 env->spr[SPR_HDSISR] = cause;
147 env->spr[SPR_HDAR] = eaddr;
148 env->spr[SPR_ASDR] = g_raddr;
149 env->error_code = 0;
150 break;
151 default:
152 g_assert_not_reached();
153 }
154 }
155
156 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type,
157 uint64_t pte, int *fault_cause, int *prot,
158 int mmu_idx, bool partition_scoped)
159 {
160 CPUPPCState *env = &cpu->env;
161 int need_prot;
162
163 /* Check Page Attributes (pte58:59) */
164 if ((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO && access_type == MMU_INST_FETCH) {
165 /*
166 * Radix PTE entries with the non-idempotent I/O attribute are treated
167 * as guarded storage
168 */
169 *fault_cause |= SRR1_NOEXEC_GUARD;
170 return true;
171 }
172
173 /* Determine permissions allowed by Encoded Access Authority */
174 if (!partition_scoped && (pte & R_PTE_EAA_PRIV) && msr_pr) {
175 *prot = 0;
176 } else if (mmuidx_pr(mmu_idx) || (pte & R_PTE_EAA_PRIV) ||
177 partition_scoped) {
178 *prot = ppc_radix64_get_prot_eaa(pte);
179 } else { /* !msr_pr && !(pte & R_PTE_EAA_PRIV) && !partition_scoped */
180 *prot = ppc_radix64_get_prot_eaa(pte);
181 *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */
182 }
183
184 /* Check if requested access type is allowed */
185 need_prot = prot_for_access_type(access_type);
186 if (need_prot & ~*prot) { /* Page Protected for that Access */
187 *fault_cause |= DSISR_PROTFAULT;
188 return true;
189 }
190
191 return false;
192 }
193
194 static void ppc_radix64_set_rc(PowerPCCPU *cpu, MMUAccessType access_type,
195 uint64_t pte, hwaddr pte_addr, int *prot)
196 {
197 CPUState *cs = CPU(cpu);
198 uint64_t npte;
199
200 npte = pte | R_PTE_R; /* Always set reference bit */
201
202 if (access_type == MMU_DATA_STORE) { /* Store/Write */
203 npte |= R_PTE_C; /* Set change bit */
204 } else {
205 /*
206 * Treat the page as read-only for now, so that a later write
207 * will pass through this function again to set the C bit.
208 */
209 *prot &= ~PAGE_WRITE;
210 }
211
212 if (pte ^ npte) { /* If pte has changed then write it back */
213 stq_phys(cs->as, pte_addr, npte);
214 }
215 }
216
217 static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr,
218 uint64_t *pte_addr, uint64_t *nls,
219 int *psize, uint64_t *pte, int *fault_cause)
220 {
221 uint64_t index, pde;
222
223 if (*nls < 5) { /* Directory maps less than 2**5 entries */
224 *fault_cause |= DSISR_R_BADCONFIG;
225 return 1;
226 }
227
228 /* Read page <directory/table> entry from guest address space */
229 pde = ldq_phys(as, *pte_addr);
230 if (!(pde & R_PTE_VALID)) { /* Invalid Entry */
231 *fault_cause |= DSISR_NOPTE;
232 return 1;
233 }
234
235 *pte = pde;
236 *psize -= *nls;
237 if (!(pde & R_PTE_LEAF)) { /* Prepare for next iteration */
238 *nls = pde & R_PDE_NLS;
239 index = eaddr >> (*psize - *nls); /* Shift */
240 index &= ((1UL << *nls) - 1); /* Mask */
241 *pte_addr = (pde & R_PDE_NLB) + (index * sizeof(pde));
242 }
243 return 0;
244 }
245
246 static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr,
247 uint64_t base_addr, uint64_t nls,
248 hwaddr *raddr, int *psize, uint64_t *pte,
249 int *fault_cause, hwaddr *pte_addr)
250 {
251 uint64_t index, pde, rpn , mask;
252
253 if (nls < 5) { /* Directory maps less than 2**5 entries */
254 *fault_cause |= DSISR_R_BADCONFIG;
255 return 1;
256 }
257
258 index = eaddr >> (*psize - nls); /* Shift */
259 index &= ((1UL << nls) - 1); /* Mask */
260 *pte_addr = base_addr + (index * sizeof(pde));
261 do {
262 int ret;
263
264 ret = ppc_radix64_next_level(as, eaddr, pte_addr, &nls, psize, &pde,
265 fault_cause);
266 if (ret) {
267 return ret;
268 }
269 } while (!(pde & R_PTE_LEAF));
270
271 *pte = pde;
272 rpn = pde & R_PTE_RPN;
273 mask = (1UL << *psize) - 1;
274
275 /* Or high bits of rpn and low bits to ea to form whole real addr */
276 *raddr = (rpn & ~mask) | (eaddr & mask);
277 return 0;
278 }
279
280 static bool validate_pate(PowerPCCPU *cpu, uint64_t lpid, ppc_v3_pate_t *pate)
281 {
282 CPUPPCState *env = &cpu->env;
283
284 if (!(pate->dw0 & PATE0_HR)) {
285 return false;
286 }
287 if (lpid == 0 && !msr_hv) {
288 return false;
289 }
290 if ((pate->dw0 & PATE1_R_PRTS) < 5) {
291 return false;
292 }
293 /* More checks ... */
294 return true;
295 }
296
297 static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu,
298 MMUAccessType access_type,
299 vaddr eaddr, hwaddr g_raddr,
300 ppc_v3_pate_t pate,
301 hwaddr *h_raddr, int *h_prot,
302 int *h_page_size, bool pde_addr,
303 int mmu_idx, bool guest_visible)
304 {
305 int fault_cause = 0;
306 hwaddr pte_addr;
307 uint64_t pte;
308
309 *h_page_size = PRTBE_R_GET_RTS(pate.dw0);
310 /* No valid pte or access denied due to protection */
311 if (ppc_radix64_walk_tree(CPU(cpu)->as, g_raddr, pate.dw0 & PRTBE_R_RPDB,
312 pate.dw0 & PRTBE_R_RPDS, h_raddr, h_page_size,
313 &pte, &fault_cause, &pte_addr) ||
314 ppc_radix64_check_prot(cpu, access_type, pte,
315 &fault_cause, h_prot, mmu_idx, true)) {
316 if (pde_addr) { /* address being translated was that of a guest pde */
317 fault_cause |= DSISR_PRTABLE_FAULT;
318 }
319 if (guest_visible) {
320 ppc_radix64_raise_hsi(cpu, access_type, eaddr, g_raddr, fault_cause);
321 }
322 return 1;
323 }
324
325 if (guest_visible) {
326 ppc_radix64_set_rc(cpu, access_type, pte, pte_addr, h_prot);
327 }
328
329 return 0;
330 }
331
332 static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
333 MMUAccessType access_type,
334 vaddr eaddr, uint64_t pid,
335 ppc_v3_pate_t pate, hwaddr *g_raddr,
336 int *g_prot, int *g_page_size,
337 int mmu_idx, bool guest_visible)
338 {
339 CPUState *cs = CPU(cpu);
340 CPUPPCState *env = &cpu->env;
341 uint64_t offset, size, prtbe_addr, prtbe0, base_addr, nls, index, pte;
342 int fault_cause = 0, h_page_size, h_prot;
343 hwaddr h_raddr, pte_addr;
344 int ret;
345
346 /* Index Process Table by PID to Find Corresponding Process Table Entry */
347 offset = pid * sizeof(struct prtb_entry);
348 size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
349 if (offset >= size) {
350 /* offset exceeds size of the process table */
351 if (guest_visible) {
352 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
353 }
354 return 1;
355 }
356 prtbe_addr = (pate.dw1 & PATE1_R_PRTB) + offset;
357
358 if (cpu->vhyp) {
359 prtbe0 = ldq_phys(cs->as, prtbe_addr);
360 } else {
361 /*
362 * Process table addresses are subject to partition-scoped
363 * translation
364 *
365 * On a Radix host, the partition-scoped page table for LPID=0
366 * is only used to translate the effective addresses of the
367 * process table entries.
368 */
369 ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, prtbe_addr,
370 pate, &h_raddr, &h_prot,
371 &h_page_size, true,
372 /* mmu_idx is 5 because we're translating from hypervisor scope */
373 5, guest_visible);
374 if (ret) {
375 return ret;
376 }
377 prtbe0 = ldq_phys(cs->as, h_raddr);
378 }
379
380 /* Walk Radix Tree from Process Table Entry to Convert EA to RA */
381 *g_page_size = PRTBE_R_GET_RTS(prtbe0);
382 base_addr = prtbe0 & PRTBE_R_RPDB;
383 nls = prtbe0 & PRTBE_R_RPDS;
384 if (msr_hv || cpu->vhyp) {
385 /*
386 * Can treat process table addresses as real addresses
387 */
388 ret = ppc_radix64_walk_tree(cs->as, eaddr & R_EADDR_MASK, base_addr,
389 nls, g_raddr, g_page_size, &pte,
390 &fault_cause, &pte_addr);
391 if (ret) {
392 /* No valid PTE */
393 if (guest_visible) {
394 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
395 }
396 return ret;
397 }
398 } else {
399 uint64_t rpn, mask;
400
401 index = (eaddr & R_EADDR_MASK) >> (*g_page_size - nls); /* Shift */
402 index &= ((1UL << nls) - 1); /* Mask */
403 pte_addr = base_addr + (index * sizeof(pte));
404
405 /*
406 * Each process table address is subject to a partition-scoped
407 * translation
408 */
409 do {
410 ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, pte_addr,
411 pate, &h_raddr, &h_prot,
412 &h_page_size, true,
413 /* mmu_idx is 5 because we're translating from hypervisor scope */
414 5, guest_visible);
415 if (ret) {
416 return ret;
417 }
418
419 ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK, &h_raddr,
420 &nls, g_page_size, &pte, &fault_cause);
421 if (ret) {
422 /* No valid pte */
423 if (guest_visible) {
424 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
425 }
426 return ret;
427 }
428 pte_addr = h_raddr;
429 } while (!(pte & R_PTE_LEAF));
430
431 rpn = pte & R_PTE_RPN;
432 mask = (1UL << *g_page_size) - 1;
433
434 /* Or high bits of rpn and low bits to ea to form whole real addr */
435 *g_raddr = (rpn & ~mask) | (eaddr & mask);
436 }
437
438 if (ppc_radix64_check_prot(cpu, access_type, pte, &fault_cause,
439 g_prot, mmu_idx, false)) {
440 /* Access denied due to protection */
441 if (guest_visible) {
442 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
443 }
444 return 1;
445 }
446
447 if (guest_visible) {
448 ppc_radix64_set_rc(cpu, access_type, pte, pte_addr, g_prot);
449 }
450
451 return 0;
452 }
453
454 /*
455 * Radix tree translation is a 2 steps translation process:
456 *
457 * 1. Process-scoped translation: Guest Eff Addr -> Guest Real Addr
458 * 2. Partition-scoped translation: Guest Real Addr -> Host Real Addr
459 *
460 * MSR[HV]
461 * +-------------+----------------+---------------+
462 * | | HV = 0 | HV = 1 |
463 * +-------------+----------------+---------------+
464 * | Relocation | Partition | No |
465 * | = Off | Scoped | Translation |
466 * Relocation +-------------+----------------+---------------+
467 * | Relocation | Partition & | Process |
468 * | = On | Process Scoped | Scoped |
469 * +-------------+----------------+---------------+
470 */
471 bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
472 hwaddr *raddr, int *psizep, int *protp, int mmu_idx,
473 bool guest_visible)
474 {
475 CPUPPCState *env = &cpu->env;
476 uint64_t lpid, pid;
477 ppc_v3_pate_t pate;
478 int psize, prot;
479 hwaddr g_raddr;
480 bool relocation;
481
482 assert(!(mmuidx_hv(mmu_idx) && cpu->vhyp));
483
484 relocation = !mmuidx_real(mmu_idx);
485
486 /* HV or virtual hypervisor Real Mode Access */
487 if (!relocation && (mmuidx_hv(mmu_idx) || cpu->vhyp)) {
488 /* In real mode top 4 effective addr bits (mostly) ignored */
489 *raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
490
491 /* In HV mode, add HRMOR if top EA bit is clear */
492 if (mmuidx_hv(mmu_idx) || !env->has_hv_mode) {
493 if (!(eaddr >> 63)) {
494 *raddr |= env->spr[SPR_HRMOR];
495 }
496 }
497 *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
498 *psizep = TARGET_PAGE_BITS;
499 return true;
500 }
501
502 /*
503 * Check UPRT (we avoid the check in real mode to deal with
504 * transitional states during kexec.
505 */
506 if (guest_visible && !ppc64_use_proc_tbl(cpu)) {
507 qemu_log_mask(LOG_GUEST_ERROR,
508 "LPCR:UPRT not set in radix mode ! LPCR="
509 TARGET_FMT_lx "\n", env->spr[SPR_LPCR]);
510 }
511
512 /* Virtual Mode Access - get the fully qualified address */
513 if (!ppc_radix64_get_fully_qualified_addr(&cpu->env, eaddr, &lpid, &pid)) {
514 if (guest_visible) {
515 ppc_radix64_raise_segi(cpu, access_type, eaddr);
516 }
517 return false;
518 }
519
520 /* Get Process Table */
521 if (cpu->vhyp) {
522 PPCVirtualHypervisorClass *vhc;
523 vhc = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
524 vhc->get_pate(cpu->vhyp, &pate);
525 } else {
526 if (!ppc64_v3_get_pate(cpu, lpid, &pate)) {
527 if (guest_visible) {
528 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
529 }
530 return false;
531 }
532 if (!validate_pate(cpu, lpid, &pate)) {
533 if (guest_visible) {
534 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG);
535 }
536 return false;
537 }
538 }
539
540 *psizep = INT_MAX;
541 *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
542
543 /*
544 * Perform process-scoped translation if relocation enabled.
545 *
546 * - Translates an effective address to a host real address in
547 * quadrants 0 and 3 when HV=1.
548 *
549 * - Translates an effective address to a guest real address.
550 */
551 if (relocation) {
552 int ret = ppc_radix64_process_scoped_xlate(cpu, access_type, eaddr, pid,
553 pate, &g_raddr, &prot,
554 &psize, mmu_idx, guest_visible);
555 if (ret) {
556 return false;
557 }
558 *psizep = MIN(*psizep, psize);
559 *protp &= prot;
560 } else {
561 g_raddr = eaddr & R_EADDR_MASK;
562 }
563
564 if (cpu->vhyp) {
565 *raddr = g_raddr;
566 } else {
567 /*
568 * Perform partition-scoped translation if !HV or HV access to
569 * quadrants 1 or 2. Translates a guest real address to a host
570 * real address.
571 */
572 if (lpid || !mmuidx_hv(mmu_idx)) {
573 int ret;
574
575 ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr,
576 g_raddr, pate, raddr,
577 &prot, &psize, false,
578 mmu_idx, guest_visible);
579 if (ret) {
580 return false;
581 }
582 *psizep = MIN(*psizep, psize);
583 *protp &= prot;
584 } else {
585 *raddr = g_raddr;
586 }
587 }
588
589 return true;
590 }
QEmu