search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/ppc: initialize 'val' union in kvm_get_one_spr()
[qemu.git] / target / ppc / mmu_common.c
blobe9c5b14c0f4893a6c5f7005a31825eb031de956e
1 /*
2 * PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU.
3 *
4 * Copyright (c) 2003-2007 Jocelyn Mayer
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/units.h"
22 #include "cpu.h"
23 #include "sysemu/kvm.h"
24 #include "kvm_ppc.h"
25 #include "mmu-hash64.h"
26 #include "mmu-hash32.h"
27 #include "exec/exec-all.h"
28 #include "exec/log.h"
29 #include "helper_regs.h"
30 #include "qemu/error-report.h"
31 #include "qemu/main-loop.h"
32 #include "qemu/qemu-print.h"
33 #include "internal.h"
34 #include "mmu-book3s-v3.h"
35 #include "mmu-radix64.h"
36
37 /* #define DUMP_PAGE_TABLES */
38
39 void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
40 {
41 PowerPCCPU *cpu = env_archcpu(env);
42 qemu_log_mask(CPU_LOG_MMU, "%s: " TARGET_FMT_lx "\n", __func__, value);
43 assert(!cpu->env.has_hv_mode || !cpu->vhyp);
44 #if defined(TARGET_PPC64)
45 if (mmu_is_64bit(env->mmu_model)) {
46 target_ulong sdr_mask = SDR_64_HTABORG | SDR_64_HTABSIZE;
47 target_ulong htabsize = value & SDR_64_HTABSIZE;
48
49 if (value & ~sdr_mask) {
50 qemu_log_mask(LOG_GUEST_ERROR, "Invalid bits 0x"TARGET_FMT_lx
51 " set in SDR1", value & ~sdr_mask);
52 value &= sdr_mask;
53 }
54 if (htabsize > 28) {
55 qemu_log_mask(LOG_GUEST_ERROR, "Invalid HTABSIZE 0x" TARGET_FMT_lx
56 " stored in SDR1", htabsize);
57 return;
58 }
59 }
60 #endif /* defined(TARGET_PPC64) */
61 /* FIXME: Should check for valid HTABMASK values in 32-bit case */
62 env->spr[SPR_SDR1] = value;
63 }
64
65 /*****************************************************************************/
66 /* PowerPC MMU emulation */
67
68 static int pp_check(int key, int pp, int nx)
69 {
70 int access;
71
72 /* Compute access rights */
73 access = 0;
74 if (key == 0) {
75 switch (pp) {
76 case 0x0:
77 case 0x1:
78 case 0x2:
79 access |= PAGE_WRITE;
80 /* fall through */
81 case 0x3:
82 access |= PAGE_READ;
83 break;
84 }
85 } else {
86 switch (pp) {
87 case 0x0:
88 access = 0;
89 break;
90 case 0x1:
91 case 0x3:
92 access = PAGE_READ;
93 break;
94 case 0x2:
95 access = PAGE_READ | PAGE_WRITE;
96 break;
97 }
98 }
99 if (nx == 0) {
100 access |= PAGE_EXEC;
101 }
102
103 return access;
104 }
105
106 static int check_prot(int prot, MMUAccessType access_type)
107 {
108 return prot & prot_for_access_type(access_type) ? 0 : -2;
109 }
110
111 int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
112 int way, int is_code)
113 {
114 int nr;
115
116 /* Select TLB num in a way from address */
117 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
118 /* Select TLB way */
119 nr += env->tlb_per_way * way;
120 /* 6xx have separate TLBs for instructions and data */
121 if (is_code && env->id_tlbs == 1) {
122 nr += env->nb_tlb;
123 }
124
125 return nr;
126 }
127
128 static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
129 target_ulong pte1, int h,
130 MMUAccessType access_type)
131 {
132 target_ulong ptem, mmask;
133 int access, ret, pteh, ptev, pp;
134
135 ret = -1;
136 /* Check validity and table match */
137 ptev = pte_is_valid(pte0);
138 pteh = (pte0 >> 6) & 1;
139 if (ptev && h == pteh) {
140 /* Check vsid & api */
141 ptem = pte0 & PTE_PTEM_MASK;
142 mmask = PTE_CHECK_MASK;
143 pp = pte1 & 0x00000003;
144 if (ptem == ctx->ptem) {
145 if (ctx->raddr != (hwaddr)-1ULL) {
146 /* all matches should have equal RPN, WIMG & PP */
147 if ((ctx->raddr & mmask) != (pte1 & mmask)) {
148 qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
149 return -3;
150 }
151 }
152 /* Compute access rights */
153 access = pp_check(ctx->key, pp, ctx->nx);
154 /* Keep the matching PTE information */
155 ctx->raddr = pte1;
156 ctx->prot = access;
157 ret = check_prot(ctx->prot, access_type);
158 if (ret == 0) {
159 /* Access granted */
160 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
161 } else {
162 /* Access right violation */
163 qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
164 }
165 }
166 }
167
168 return ret;
169 }
170
171 static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
172 int ret, MMUAccessType access_type)
173 {
174 int store = 0;
175
176 /* Update page flags */
177 if (!(*pte1p & 0x00000100)) {
178 /* Update accessed flag */
179 *pte1p |= 0x00000100;
180 store = 1;
181 }
182 if (!(*pte1p & 0x00000080)) {
183 if (access_type == MMU_DATA_STORE && ret == 0) {
184 /* Update changed flag */
185 *pte1p |= 0x00000080;
186 store = 1;
187 } else {
188 /* Force page fault for first write access */
189 ctx->prot &= ~PAGE_WRITE;
190 }
191 }
192
193 return store;
194 }
195
196 /* Software driven TLB helpers */
197
198 static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
199 target_ulong eaddr, MMUAccessType access_type)
200 {
201 ppc6xx_tlb_t *tlb;
202 int nr, best, way;
203 int ret;
204
205 best = -1;
206 ret = -1; /* No TLB found */
207 for (way = 0; way < env->nb_ways; way++) {
208 nr = ppc6xx_tlb_getnum(env, eaddr, way, access_type == MMU_INST_FETCH);
209 tlb = &env->tlb.tlb6[nr];
210 /* This test "emulates" the PTE index match for hardware TLBs */
211 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
212 qemu_log_mask(CPU_LOG_MMU, "TLB %d/%d %s [" TARGET_FMT_lx
213 " " TARGET_FMT_lx "] <> " TARGET_FMT_lx "\n",
214 nr, env->nb_tlb,
215 pte_is_valid(tlb->pte0) ? "valid" : "inval",
216 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
217 continue;
218 }
219 qemu_log_mask(CPU_LOG_MMU, "TLB %d/%d %s " TARGET_FMT_lx " <> "
220 TARGET_FMT_lx " " TARGET_FMT_lx " %c %c\n",
221 nr, env->nb_tlb,
222 pte_is_valid(tlb->pte0) ? "valid" : "inval",
223 tlb->EPN, eaddr, tlb->pte1,
224 access_type == MMU_DATA_STORE ? 'S' : 'L',
225 access_type == MMU_INST_FETCH ? 'I' : 'D');
226 switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
227 0, access_type)) {
228 case -3:
229 /* TLB inconsistency */
230 return -1;
231 case -2:
232 /* Access violation */
233 ret = -2;
234 best = nr;
235 break;
236 case -1:
237 default:
238 /* No match */
239 break;
240 case 0:
241 /* access granted */
242 /*
243 * XXX: we should go on looping to check all TLBs
244 * consistency but we can speed-up the whole thing as
245 * the result would be undefined if TLBs are not
246 * consistent.
247 */
248 ret = 0;
249 best = nr;
250 goto done;
251 }
252 }
253 if (best != -1) {
254 done:
255 qemu_log_mask(CPU_LOG_MMU, "found TLB at addr " TARGET_FMT_plx
256 " prot=%01x ret=%d\n",
257 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
258 /* Update page flags */
259 pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, access_type);
260 }
261
262 return ret;
263 }
264
265 /* Perform BAT hit & translation */
266 static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
267 int *validp, int *protp, target_ulong *BATu,
268 target_ulong *BATl)
269 {
270 target_ulong bl;
271 int pp, valid, prot;
272
273 bl = (*BATu & 0x00001FFC) << 15;
274 valid = 0;
275 prot = 0;
276 if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
277 ((msr_pr != 0) && (*BATu & 0x00000001))) {
278 valid = 1;
279 pp = *BATl & 0x00000003;
280 if (pp != 0) {
281 prot = PAGE_READ | PAGE_EXEC;
282 if (pp == 0x2) {
283 prot |= PAGE_WRITE;
284 }
285 }
286 }
287 *blp = bl;
288 *validp = valid;
289 *protp = prot;
290 }
291
292 static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
293 target_ulong virtual, MMUAccessType access_type)
294 {
295 target_ulong *BATlt, *BATut, *BATu, *BATl;
296 target_ulong BEPIl, BEPIu, bl;
297 int i, valid, prot;
298 int ret = -1;
299 bool ifetch = access_type == MMU_INST_FETCH;
300
301 qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
302 ifetch ? 'I' : 'D', virtual);
303 if (ifetch) {
304 BATlt = env->IBAT[1];
305 BATut = env->IBAT[0];
306 } else {
307 BATlt = env->DBAT[1];
308 BATut = env->DBAT[0];
309 }
310 for (i = 0; i < env->nb_BATs; i++) {
311 BATu = &BATut[i];
312 BATl = &BATlt[i];
313 BEPIu = *BATu & 0xF0000000;
314 BEPIl = *BATu & 0x0FFE0000;
315 bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
316 qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
317 TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
318 ifetch ? 'I' : 'D', i, virtual, *BATu, *BATl);
319 if ((virtual & 0xF0000000) == BEPIu &&
320 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
321 /* BAT matches */
322 if (valid != 0) {
323 /* Get physical address */
324 ctx->raddr = (*BATl & 0xF0000000) |
325 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
326 (virtual & 0x0001F000);
327 /* Compute access rights */
328 ctx->prot = prot;
329 ret = check_prot(ctx->prot, access_type);
330 if (ret == 0) {
331 qemu_log_mask(CPU_LOG_MMU, "BAT %d match: r " TARGET_FMT_plx
332 " prot=%c%c\n", i, ctx->raddr,
333 ctx->prot & PAGE_READ ? 'R' : '-',
334 ctx->prot & PAGE_WRITE ? 'W' : '-');
335 }
336 break;
337 }
338 }
339 }
340 if (ret < 0) {
341 if (qemu_log_enabled()) {
342 qemu_log_mask(CPU_LOG_MMU, "no BAT match for "
343 TARGET_FMT_lx ":\n", virtual);
344 for (i = 0; i < 4; i++) {
345 BATu = &BATut[i];
346 BATl = &BATlt[i];
347 BEPIu = *BATu & 0xF0000000;
348 BEPIl = *BATu & 0x0FFE0000;
349 bl = (*BATu & 0x00001FFC) << 15;
350 qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v "
351 TARGET_FMT_lx " BATu " TARGET_FMT_lx
352 " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
353 TARGET_FMT_lx " " TARGET_FMT_lx "\n",
354 __func__, ifetch ? 'I' : 'D', i, virtual,
355 *BATu, *BATl, BEPIu, BEPIl, bl);
356 }
357 }
358 }
359 /* No hit */
360 return ret;
361 }
362
363 /* Perform segment based translation */
364 static int get_segment_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
365 target_ulong eaddr, MMUAccessType access_type,
366 int type)
367 {
368 PowerPCCPU *cpu = env_archcpu(env);
369 hwaddr hash;
370 target_ulong vsid;
371 int ds, pr, target_page_bits;
372 int ret;
373 target_ulong sr, pgidx;
374
375 pr = msr_pr;
376 ctx->eaddr = eaddr;
377
378 sr = env->sr[eaddr >> 28];
379 ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
380 ((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
381 ds = sr & 0x80000000 ? 1 : 0;
382 ctx->nx = sr & 0x10000000 ? 1 : 0;
383 vsid = sr & 0x00FFFFFF;
384 target_page_bits = TARGET_PAGE_BITS;
385 qemu_log_mask(CPU_LOG_MMU,
386 "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
387 " nip=" TARGET_FMT_lx " lr=" TARGET_FMT_lx
388 " ir=%d dr=%d pr=%d %d t=%d\n",
389 eaddr, (int)(eaddr >> 28), sr, env->nip, env->lr, (int)msr_ir,
390 (int)msr_dr, pr != 0 ? 1 : 0,
391 access_type == MMU_DATA_STORE, type);
392 pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits;
393 hash = vsid ^ pgidx;
394 ctx->ptem = (vsid << 7) | (pgidx >> 10);
395
396 qemu_log_mask(CPU_LOG_MMU,
397 "pte segment: key=%d ds %d nx %d vsid " TARGET_FMT_lx "\n",
398 ctx->key, ds, ctx->nx, vsid);
399 ret = -1;
400 if (!ds) {
401 /* Check if instruction fetch is allowed, if needed */
402 if (type != ACCESS_CODE || ctx->nx == 0) {
403 /* Page address translation */
404 qemu_log_mask(CPU_LOG_MMU, "htab_base " TARGET_FMT_plx
405 " htab_mask " TARGET_FMT_plx
406 " hash " TARGET_FMT_plx "\n",
407 ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
408 ctx->hash[0] = hash;
409 ctx->hash[1] = ~hash;
410
411 /* Initialize real address with an invalid value */
412 ctx->raddr = (hwaddr)-1ULL;
413 /* Software TLB search */
414 ret = ppc6xx_tlb_check(env, ctx, eaddr, access_type);
415 #if defined(DUMP_PAGE_TABLES)
416 if (qemu_loglevel_mask(CPU_LOG_MMU)) {
417 CPUState *cs = env_cpu(env);
418 hwaddr curaddr;
419 uint32_t a0, a1, a2, a3;
420
421 qemu_log("Page table: " TARGET_FMT_plx " len " TARGET_FMT_plx
422 "\n", ppc_hash32_hpt_base(cpu),
423 ppc_hash32_hpt_mask(cpu) + 0x80);
424 for (curaddr = ppc_hash32_hpt_base(cpu);
425 curaddr < (ppc_hash32_hpt_base(cpu)
426 + ppc_hash32_hpt_mask(cpu) + 0x80);
427 curaddr += 16) {
428 a0 = ldl_phys(cs->as, curaddr);
429 a1 = ldl_phys(cs->as, curaddr + 4);
430 a2 = ldl_phys(cs->as, curaddr + 8);
431 a3 = ldl_phys(cs->as, curaddr + 12);
432 if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
433 qemu_log(TARGET_FMT_plx ": %08x %08x %08x %08x\n",
434 curaddr, a0, a1, a2, a3);
435 }
436 }
437 }
438 #endif
439 } else {
440 qemu_log_mask(CPU_LOG_MMU, "No access allowed\n");
441 ret = -3;
442 }
443 } else {
444 qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
445 /* Direct-store segment : absolutely *BUGGY* for now */
446
447 switch (type) {
448 case ACCESS_INT:
449 /* Integer load/store : only access allowed */
450 break;
451 case ACCESS_CODE:
452 /* No code fetch is allowed in direct-store areas */
453 return -4;
454 case ACCESS_FLOAT:
455 /* Floating point load/store */
456 return -4;
457 case ACCESS_RES:
458 /* lwarx, ldarx or srwcx. */
459 return -4;
460 case ACCESS_CACHE:
461 /*
462 * dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
463 *
464 * Should make the instruction do no-op. As it already do
465 * no-op, it's quite easy :-)
466 */
467 ctx->raddr = eaddr;
468 return 0;
469 case ACCESS_EXT:
470 /* eciwx or ecowx */
471 return -4;
472 default:
473 qemu_log_mask(CPU_LOG_MMU, "ERROR: instruction should not need "
474 "address translation\n");
475 return -4;
476 }
477 if ((access_type == MMU_DATA_STORE || ctx->key != 1) &&
478 (access_type == MMU_DATA_LOAD || ctx->key != 0)) {
479 ctx->raddr = eaddr;
480 ret = 2;
481 } else {
482 ret = -2;
483 }
484 }
485
486 return ret;
487 }
488
489 /* Generic TLB check function for embedded PowerPC implementations */
490 int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
491 hwaddr *raddrp,
492 target_ulong address, uint32_t pid, int ext,
493 int i)
494 {
495 target_ulong mask;
496
497 /* Check valid flag */
498 if (!(tlb->prot & PAGE_VALID)) {
499 return -1;
500 }
501 mask = ~(tlb->size - 1);
502 qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
503 " PID %u <=> " TARGET_FMT_lx " " TARGET_FMT_lx " %u %x\n",
504 __func__, i, address, pid, tlb->EPN,
505 mask, (uint32_t)tlb->PID, tlb->prot);
506 /* Check PID */
507 if (tlb->PID != 0 && tlb->PID != pid) {
508 return -1;
509 }
510 /* Check effective address */
511 if ((address & mask) != tlb->EPN) {
512 return -1;
513 }
514 *raddrp = (tlb->RPN & mask) | (address & ~mask);
515 if (ext) {
516 /* Extend the physical address to 36 bits */
517 *raddrp |= (uint64_t)(tlb->RPN & 0xF) << 32;
518 }
519
520 return 0;
521 }
522
523 static int mmu40x_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
524 target_ulong address,
525 MMUAccessType access_type)
526 {
527 ppcemb_tlb_t *tlb;
528 hwaddr raddr;
529 int i, ret, zsel, zpr, pr;
530
531 ret = -1;
532 raddr = (hwaddr)-1ULL;
533 pr = msr_pr;
534 for (i = 0; i < env->nb_tlb; i++) {
535 tlb = &env->tlb.tlbe[i];
536 if (ppcemb_tlb_check(env, tlb, &raddr, address,
537 env->spr[SPR_40x_PID], 0, i) < 0) {
538 continue;
539 }
540 zsel = (tlb->attr >> 4) & 0xF;
541 zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
542 qemu_log_mask(CPU_LOG_MMU,
543 "%s: TLB %d zsel %d zpr %d ty %d attr %08x\n",
544 __func__, i, zsel, zpr, access_type, tlb->attr);
545 /* Check execute enable bit */
546 switch (zpr) {
547 case 0x2:
548 if (pr != 0) {
549 goto check_perms;
550 }
551 /* fall through */
552 case 0x3:
553 /* All accesses granted */
554 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
555 ret = 0;
556 break;
557 case 0x0:
558 if (pr != 0) {
559 /* Raise Zone protection fault. */
560 env->spr[SPR_40x_ESR] = 1 << 22;
561 ctx->prot = 0;
562 ret = -2;
563 break;
564 }
565 /* fall through */
566 case 0x1:
567 check_perms:
568 /* Check from TLB entry */
569 ctx->prot = tlb->prot;
570 ret = check_prot(ctx->prot, access_type);
571 if (ret == -2) {
572 env->spr[SPR_40x_ESR] = 0;
573 }
574 break;
575 }
576 if (ret >= 0) {
577 ctx->raddr = raddr;
578 qemu_log_mask(CPU_LOG_MMU, "%s: access granted " TARGET_FMT_lx
579 " => " TARGET_FMT_plx
580 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
581 ret);
582 return 0;
583 }
584 }
585 qemu_log_mask(CPU_LOG_MMU, "%s: access refused " TARGET_FMT_lx
586 " => " TARGET_FMT_plx
587 " %d %d\n", __func__, address, raddr, ctx->prot, ret);
588
589 return ret;
590 }
591
592 static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
593 hwaddr *raddr, int *prot, target_ulong address,
594 MMUAccessType access_type, int i)
595 {
596 int prot2;
597
598 if (ppcemb_tlb_check(env, tlb, raddr, address,
599 env->spr[SPR_BOOKE_PID],
600 !env->nb_pids, i) >= 0) {
601 goto found_tlb;
602 }
603
604 if (env->spr[SPR_BOOKE_PID1] &&
605 ppcemb_tlb_check(env, tlb, raddr, address,
606 env->spr[SPR_BOOKE_PID1], 0, i) >= 0) {
607 goto found_tlb;
608 }
609
610 if (env->spr[SPR_BOOKE_PID2] &&
611 ppcemb_tlb_check(env, tlb, raddr, address,
612 env->spr[SPR_BOOKE_PID2], 0, i) >= 0) {
613 goto found_tlb;
614 }
615
616 qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
617 return -1;
618
619 found_tlb:
620
621 if (msr_pr != 0) {
622 prot2 = tlb->prot & 0xF;
623 } else {
624 prot2 = (tlb->prot >> 4) & 0xF;
625 }
626
627 /* Check the address space */
628 if ((access_type == MMU_INST_FETCH ? msr_ir : msr_dr) != (tlb->attr & 1)) {
629 qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
630 return -1;
631 }
632
633 *prot = prot2;
634 if (prot2 & prot_for_access_type(access_type)) {
635 qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
636 return 0;
637 }
638
639 qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, prot2);
640 return access_type == MMU_INST_FETCH ? -3 : -2;
641 }
642
643 static int mmubooke_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
644 target_ulong address,
645 MMUAccessType access_type)
646 {
647 ppcemb_tlb_t *tlb;
648 hwaddr raddr;
649 int i, ret;
650
651 ret = -1;
652 raddr = (hwaddr)-1ULL;
653 for (i = 0; i < env->nb_tlb; i++) {
654 tlb = &env->tlb.tlbe[i];
655 ret = mmubooke_check_tlb(env, tlb, &raddr, &ctx->prot, address,
656 access_type, i);
657 if (ret != -1) {
658 break;
659 }
660 }
661
662 if (ret >= 0) {
663 ctx->raddr = raddr;
664 qemu_log_mask(CPU_LOG_MMU, "%s: access granted " TARGET_FMT_lx
665 " => " TARGET_FMT_plx " %d %d\n", __func__,
666 address, ctx->raddr, ctx->prot, ret);
667 } else {
668 qemu_log_mask(CPU_LOG_MMU, "%s: access refused " TARGET_FMT_lx
669 " => " TARGET_FMT_plx " %d %d\n", __func__,
670 address, raddr, ctx->prot, ret);
671 }
672
673 return ret;
674 }
675
676 hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
677 ppcmas_tlb_t *tlb)
678 {
679 int tlbm_size;
680
681 tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
682
683 return 1024ULL << tlbm_size;
684 }
685
686 /* TLB check function for MAS based SoftTLBs */
687 int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
688 hwaddr *raddrp, target_ulong address,
689 uint32_t pid)
690 {
691 hwaddr mask;
692 uint32_t tlb_pid;
693
694 if (!msr_cm) {
695 /* In 32bit mode we can only address 32bit EAs */
696 address = (uint32_t)address;
697 }
698
699 /* Check valid flag */
700 if (!(tlb->mas1 & MAS1_VALID)) {
701 return -1;
702 }
703
704 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
705 qemu_log_mask(CPU_LOG_MMU, "%s: TLB ADDR=0x" TARGET_FMT_lx
706 " PID=0x%x MAS1=0x%x MAS2=0x%" PRIx64 " mask=0x%"
707 HWADDR_PRIx " MAS7_3=0x%" PRIx64 " MAS8=0x%" PRIx32 "\n",
708 __func__, address, pid, tlb->mas1, tlb->mas2, mask,
709 tlb->mas7_3, tlb->mas8);
710
711 /* Check PID */
712 tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
713 if (tlb_pid != 0 && tlb_pid != pid) {
714 return -1;
715 }
716
717 /* Check effective address */
718 if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
719 return -1;
720 }
721
722 if (raddrp) {
723 *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
724 }
725
726 return 0;
727 }
728
729 static bool is_epid_mmu(int mmu_idx)
730 {
731 return mmu_idx == PPC_TLB_EPID_STORE || mmu_idx == PPC_TLB_EPID_LOAD;
732 }
733
734 static uint32_t mmubooke206_esr(int mmu_idx, MMUAccessType access_type)
735 {
736 uint32_t esr = 0;
737 if (access_type == MMU_DATA_STORE) {
738 esr |= ESR_ST;
739 }
740 if (is_epid_mmu(mmu_idx)) {
741 esr |= ESR_EPID;
742 }
743 return esr;
744 }
745
746 /*
747 * Get EPID register given the mmu_idx. If this is regular load,
748 * construct the EPID access bits from current processor state
749 *
750 * Get the effective AS and PR bits and the PID. The PID is returned
751 * only if EPID load is requested, otherwise the caller must detect
752 * the correct EPID. Return true if valid EPID is returned.
753 */
754 static bool mmubooke206_get_as(CPUPPCState *env,
755 int mmu_idx, uint32_t *epid_out,
756 bool *as_out, bool *pr_out)
757 {
758 if (is_epid_mmu(mmu_idx)) {
759 uint32_t epidr;
760 if (mmu_idx == PPC_TLB_EPID_STORE) {
761 epidr = env->spr[SPR_BOOKE_EPSC];
762 } else {
763 epidr = env->spr[SPR_BOOKE_EPLC];
764 }
765 *epid_out = (epidr & EPID_EPID) >> EPID_EPID_SHIFT;
766 *as_out = !!(epidr & EPID_EAS);
767 *pr_out = !!(epidr & EPID_EPR);
768 return true;
769 } else {
770 *as_out = msr_ds;
771 *pr_out = msr_pr;
772 return false;
773 }
774 }
775
776 /* Check if the tlb found by hashing really matches */
777 static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
778 hwaddr *raddr, int *prot,
779 target_ulong address,
780 MMUAccessType access_type, int mmu_idx)
781 {
782 int prot2 = 0;
783 uint32_t epid;
784 bool as, pr;
785 bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
786
787 if (!use_epid) {
788 if (ppcmas_tlb_check(env, tlb, raddr, address,
789 env->spr[SPR_BOOKE_PID]) >= 0) {
790 goto found_tlb;
791 }
792
793 if (env->spr[SPR_BOOKE_PID1] &&
794 ppcmas_tlb_check(env, tlb, raddr, address,
795 env->spr[SPR_BOOKE_PID1]) >= 0) {
796 goto found_tlb;
797 }
798
799 if (env->spr[SPR_BOOKE_PID2] &&
800 ppcmas_tlb_check(env, tlb, raddr, address,
801 env->spr[SPR_BOOKE_PID2]) >= 0) {
802 goto found_tlb;
803 }
804 } else {
805 if (ppcmas_tlb_check(env, tlb, raddr, address, epid) >= 0) {
806 goto found_tlb;
807 }
808 }
809
810 qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
811 return -1;
812
813 found_tlb:
814
815 if (pr) {
816 if (tlb->mas7_3 & MAS3_UR) {
817 prot2 |= PAGE_READ;
818 }
819 if (tlb->mas7_3 & MAS3_UW) {
820 prot2 |= PAGE_WRITE;
821 }
822 if (tlb->mas7_3 & MAS3_UX) {
823 prot2 |= PAGE_EXEC;
824 }
825 } else {
826 if (tlb->mas7_3 & MAS3_SR) {
827 prot2 |= PAGE_READ;
828 }
829 if (tlb->mas7_3 & MAS3_SW) {
830 prot2 |= PAGE_WRITE;
831 }
832 if (tlb->mas7_3 & MAS3_SX) {
833 prot2 |= PAGE_EXEC;
834 }
835 }
836
837 /* Check the address space and permissions */
838 if (access_type == MMU_INST_FETCH) {
839 /* There is no way to fetch code using epid load */
840 assert(!use_epid);
841 as = msr_ir;
842 }
843
844 if (as != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
845 qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
846 return -1;
847 }
848
849 *prot = prot2;
850 if (prot2 & prot_for_access_type(access_type)) {
851 qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
852 return 0;
853 }
854
855 qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, prot2);
856 return access_type == MMU_INST_FETCH ? -3 : -2;
857 }
858
859 static int mmubooke206_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
860 target_ulong address,
861 MMUAccessType access_type,
862 int mmu_idx)
863 {
864 ppcmas_tlb_t *tlb;
865 hwaddr raddr;
866 int i, j, ret;
867
868 ret = -1;
869 raddr = (hwaddr)-1ULL;
870
871 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
872 int ways = booke206_tlb_ways(env, i);
873
874 for (j = 0; j < ways; j++) {
875 tlb = booke206_get_tlbm(env, i, address, j);
876 if (!tlb) {
877 continue;
878 }
879 ret = mmubooke206_check_tlb(env, tlb, &raddr, &ctx->prot, address,
880 access_type, mmu_idx);
881 if (ret != -1) {
882 goto found_tlb;
883 }
884 }
885 }
886
887 found_tlb:
888
889 if (ret >= 0) {
890 ctx->raddr = raddr;
891 qemu_log_mask(CPU_LOG_MMU, "%s: access granted " TARGET_FMT_lx
892 " => " TARGET_FMT_plx " %d %d\n", __func__, address,
893 ctx->raddr, ctx->prot, ret);
894 } else {
895 qemu_log_mask(CPU_LOG_MMU, "%s: access refused " TARGET_FMT_lx
896 " => " TARGET_FMT_plx " %d %d\n", __func__, address,
897 raddr, ctx->prot, ret);
898 }
899
900 return ret;
901 }
902
903 static const char *book3e_tsize_to_str[32] = {
904 "1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K", "512K",
905 "1M", "2M", "4M", "8M", "16M", "32M", "64M", "128M", "256M", "512M",
906 "1G", "2G", "4G", "8G", "16G", "32G", "64G", "128G", "256G", "512G",
907 "1T", "2T"
908 };
909
910 static void mmubooke_dump_mmu(CPUPPCState *env)
911 {
912 ppcemb_tlb_t *entry;
913 int i;
914
915 if (kvm_enabled() && !env->kvm_sw_tlb) {
916 qemu_printf("Cannot access KVM TLB\n");
917 return;
918 }
919
920 qemu_printf("\nTLB:\n");
921 qemu_printf("Effective Physical Size PID Prot "
922 "Attr\n");
923
924 entry = &env->tlb.tlbe[0];
925 for (i = 0; i < env->nb_tlb; i++, entry++) {
926 hwaddr ea, pa;
927 target_ulong mask;
928 uint64_t size = (uint64_t)entry->size;
929 char size_buf[20];
930
931 /* Check valid flag */
932 if (!(entry->prot & PAGE_VALID)) {
933 continue;
934 }
935
936 mask = ~(entry->size - 1);
937 ea = entry->EPN & mask;
938 pa = entry->RPN & mask;
939 /* Extend the physical address to 36 bits */
940 pa |= (hwaddr)(entry->RPN & 0xF) << 32;
941 if (size >= 1 * MiB) {
942 snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "M", size / MiB);
943 } else {
944 snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "k", size / KiB);
945 }
946 qemu_printf("0x%016" PRIx64 " 0x%016" PRIx64 " %s %-5u %08x %08x\n",
947 (uint64_t)ea, (uint64_t)pa, size_buf, (uint32_t)entry->PID,
948 entry->prot, entry->attr);
949 }
950
951 }
952
953 static void mmubooke206_dump_one_tlb(CPUPPCState *env, int tlbn, int offset,
954 int tlbsize)
955 {
956 ppcmas_tlb_t *entry;
957 int i;
958
959 qemu_printf("\nTLB%d:\n", tlbn);
960 qemu_printf("Effective Physical Size TID TS SRWX"
961 " URWX WIMGE U0123\n");
962
963 entry = &env->tlb.tlbm[offset];
964 for (i = 0; i < tlbsize; i++, entry++) {
965 hwaddr ea, pa, size;
966 int tsize;
967
968 if (!(entry->mas1 & MAS1_VALID)) {
969 continue;
970 }
971
972 tsize = (entry->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
973 size = 1024ULL << tsize;
974 ea = entry->mas2 & ~(size - 1);
975 pa = entry->mas7_3 & ~(size - 1);
976
977 qemu_printf("0x%016" PRIx64 " 0x%016" PRIx64 " %4s %-5u %1u S%c%c%c"
978 "U%c%c%c %c%c%c%c%c U%c%c%c%c\n",
979 (uint64_t)ea, (uint64_t)pa,
980 book3e_tsize_to_str[tsize],
981 (entry->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT,
982 (entry->mas1 & MAS1_TS) >> MAS1_TS_SHIFT,
983 entry->mas7_3 & MAS3_SR ? 'R' : '-',
984 entry->mas7_3 & MAS3_SW ? 'W' : '-',
985 entry->mas7_3 & MAS3_SX ? 'X' : '-',
986 entry->mas7_3 & MAS3_UR ? 'R' : '-',
987 entry->mas7_3 & MAS3_UW ? 'W' : '-',
988 entry->mas7_3 & MAS3_UX ? 'X' : '-',
989 entry->mas2 & MAS2_W ? 'W' : '-',
990 entry->mas2 & MAS2_I ? 'I' : '-',
991 entry->mas2 & MAS2_M ? 'M' : '-',
992 entry->mas2 & MAS2_G ? 'G' : '-',
993 entry->mas2 & MAS2_E ? 'E' : '-',
994 entry->mas7_3 & MAS3_U0 ? '0' : '-',
995 entry->mas7_3 & MAS3_U1 ? '1' : '-',
996 entry->mas7_3 & MAS3_U2 ? '2' : '-',
997 entry->mas7_3 & MAS3_U3 ? '3' : '-');
998 }
999 }
1000
1001 static void mmubooke206_dump_mmu(CPUPPCState *env)
1002 {
1003 int offset = 0;
1004 int i;
1005
1006 if (kvm_enabled() && !env->kvm_sw_tlb) {
1007 qemu_printf("Cannot access KVM TLB\n");
1008 return;
1009 }
1010
1011 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
1012 int size = booke206_tlb_size(env, i);
1013
1014 if (size == 0) {
1015 continue;
1016 }
1017
1018 mmubooke206_dump_one_tlb(env, i, offset, size);
1019 offset += size;
1020 }
1021 }
1022
1023 static void mmu6xx_dump_BATs(CPUPPCState *env, int type)
1024 {
1025 target_ulong *BATlt, *BATut, *BATu, *BATl;
1026 target_ulong BEPIl, BEPIu, bl;
1027 int i;
1028
1029 switch (type) {
1030 case ACCESS_CODE:
1031 BATlt = env->IBAT[1];
1032 BATut = env->IBAT[0];
1033 break;
1034 default:
1035 BATlt = env->DBAT[1];
1036 BATut = env->DBAT[0];
1037 break;
1038 }
1039
1040 for (i = 0; i < env->nb_BATs; i++) {
1041 BATu = &BATut[i];
1042 BATl = &BATlt[i];
1043 BEPIu = *BATu & 0xF0000000;
1044 BEPIl = *BATu & 0x0FFE0000;
1045 bl = (*BATu & 0x00001FFC) << 15;
1046 qemu_printf("%s BAT%d BATu " TARGET_FMT_lx
1047 " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
1048 TARGET_FMT_lx " " TARGET_FMT_lx "\n",
1049 type == ACCESS_CODE ? "code" : "data", i,
1050 *BATu, *BATl, BEPIu, BEPIl, bl);
1051 }
1052 }
1053
1054 static void mmu6xx_dump_mmu(CPUPPCState *env)
1055 {
1056 PowerPCCPU *cpu = env_archcpu(env);
1057 ppc6xx_tlb_t *tlb;
1058 target_ulong sr;
1059 int type, way, entry, i;
1060
1061 qemu_printf("HTAB base = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_base(cpu));
1062 qemu_printf("HTAB mask = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_mask(cpu));
1063
1064 qemu_printf("\nSegment registers:\n");
1065 for (i = 0; i < 32; i++) {
1066 sr = env->sr[i];
1067 if (sr & 0x80000000) {
1068 qemu_printf("%02d T=%d Ks=%d Kp=%d BUID=0x%03x "
1069 "CNTLR_SPEC=0x%05x\n", i,
1070 sr & 0x80000000 ? 1 : 0, sr & 0x40000000 ? 1 : 0,
1071 sr & 0x20000000 ? 1 : 0, (uint32_t)((sr >> 20) & 0x1FF),
1072 (uint32_t)(sr & 0xFFFFF));
1073 } else {
1074 qemu_printf("%02d T=%d Ks=%d Kp=%d N=%d VSID=0x%06x\n", i,
1075 sr & 0x80000000 ? 1 : 0, sr & 0x40000000 ? 1 : 0,
1076 sr & 0x20000000 ? 1 : 0, sr & 0x10000000 ? 1 : 0,
1077 (uint32_t)(sr & 0x00FFFFFF));
1078 }
1079 }
1080
1081 qemu_printf("\nBATs:\n");
1082 mmu6xx_dump_BATs(env, ACCESS_INT);
1083 mmu6xx_dump_BATs(env, ACCESS_CODE);
1084
1085 if (env->id_tlbs != 1) {
1086 qemu_printf("ERROR: 6xx MMU should have separated TLB"
1087 " for code and data\n");
1088 }
1089
1090 qemu_printf("\nTLBs [EPN EPN + SIZE]\n");
1091
1092 for (type = 0; type < 2; type++) {
1093 for (way = 0; way < env->nb_ways; way++) {
1094 for (entry = env->nb_tlb * type + env->tlb_per_way * way;
1095 entry < (env->nb_tlb * type + env->tlb_per_way * (way + 1));
1096 entry++) {
1097
1098 tlb = &env->tlb.tlb6[entry];
1099 qemu_printf("%s TLB %02d/%02d way:%d %s ["
1100 TARGET_FMT_lx " " TARGET_FMT_lx "]\n",
1101 type ? "code" : "data", entry % env->nb_tlb,
1102 env->nb_tlb, way,
1103 pte_is_valid(tlb->pte0) ? "valid" : "inval",
1104 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE);
1105 }
1106 }
1107 }
1108 }
1109
1110 void dump_mmu(CPUPPCState *env)
1111 {
1112 switch (env->mmu_model) {
1113 case POWERPC_MMU_BOOKE:
1114 mmubooke_dump_mmu(env);
1115 break;
1116 case POWERPC_MMU_BOOKE206:
1117 mmubooke206_dump_mmu(env);
1118 break;
1119 case POWERPC_MMU_SOFT_6xx:
1120 mmu6xx_dump_mmu(env);
1121 break;
1122 #if defined(TARGET_PPC64)
1123 case POWERPC_MMU_64B:
1124 case POWERPC_MMU_2_03:
1125 case POWERPC_MMU_2_06:
1126 case POWERPC_MMU_2_07:
1127 dump_slb(env_archcpu(env));
1128 break;
1129 case POWERPC_MMU_3_00:
1130 if (ppc64_v3_radix(env_archcpu(env))) {
1131 qemu_log_mask(LOG_UNIMP, "%s: the PPC64 MMU is unsupported\n",
1132 __func__);
1133 } else {
1134 dump_slb(env_archcpu(env));
1135 }
1136 break;
1137 #endif
1138 default:
1139 qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
1140 }
1141 }
1142
1143 static int check_physical(CPUPPCState *env, mmu_ctx_t *ctx, target_ulong eaddr,
1144 MMUAccessType access_type)
1145 {
1146 ctx->raddr = eaddr;
1147 ctx->prot = PAGE_READ | PAGE_EXEC;
1148
1149 switch (env->mmu_model) {
1150 case POWERPC_MMU_SOFT_6xx:
1151 case POWERPC_MMU_SOFT_4xx:
1152 case POWERPC_MMU_REAL:
1153 case POWERPC_MMU_BOOKE:
1154 ctx->prot |= PAGE_WRITE;
1155 break;
1156
1157 default:
1158 /* Caller's checks mean we should never get here for other models */
1159 g_assert_not_reached();
1160 }
1161
1162 return 0;
1163 }
1164
1165 int get_physical_address_wtlb(CPUPPCState *env, mmu_ctx_t *ctx,
1166 target_ulong eaddr,
1167 MMUAccessType access_type, int type,
1168 int mmu_idx)
1169 {
1170 int ret = -1;
1171 bool real_mode = (type == ACCESS_CODE && msr_ir == 0)
1172 || (type != ACCESS_CODE && msr_dr == 0);
1173
1174 switch (env->mmu_model) {
1175 case POWERPC_MMU_SOFT_6xx:
1176 if (real_mode) {
1177 ret = check_physical(env, ctx, eaddr, access_type);
1178 } else {
1179 /* Try to find a BAT */
1180 if (env->nb_BATs != 0) {
1181 ret = get_bat_6xx_tlb(env, ctx, eaddr, access_type);
1182 }
1183 if (ret < 0) {
1184 /* We didn't match any BAT entry or don't have BATs */
1185 ret = get_segment_6xx_tlb(env, ctx, eaddr, access_type, type);
1186 }
1187 }
1188 break;
1189
1190 case POWERPC_MMU_SOFT_4xx:
1191 if (real_mode) {
1192 ret = check_physical(env, ctx, eaddr, access_type);
1193 } else {
1194 ret = mmu40x_get_physical_address(env, ctx, eaddr, access_type);
1195 }
1196 break;
1197 case POWERPC_MMU_BOOKE:
1198 ret = mmubooke_get_physical_address(env, ctx, eaddr, access_type);
1199 break;
1200 case POWERPC_MMU_BOOKE206:
1201 ret = mmubooke206_get_physical_address(env, ctx, eaddr, access_type,
1202 mmu_idx);
1203 break;
1204 case POWERPC_MMU_MPC8xx:
1205 /* XXX: TODO */
1206 cpu_abort(env_cpu(env), "MPC8xx MMU model is not implemented\n");
1207 break;
1208 case POWERPC_MMU_REAL:
1209 if (real_mode) {
1210 ret = check_physical(env, ctx, eaddr, access_type);
1211 } else {
1212 cpu_abort(env_cpu(env),
1213 "PowerPC in real mode do not do any translation\n");
1214 }
1215 return -1;
1216 default:
1217 cpu_abort(env_cpu(env), "Unknown or invalid MMU model\n");
1218 return -1;
1219 }
1220
1221 return ret;
1222 }
1223
1224 static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
1225 MMUAccessType access_type, int mmu_idx)
1226 {
1227 uint32_t epid;
1228 bool as, pr;
1229 uint32_t missed_tid = 0;
1230 bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
1231
1232 if (access_type == MMU_INST_FETCH) {
1233 as = msr_ir;
1234 }
1235 env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
1236 env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
1237 env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
1238 env->spr[SPR_BOOKE_MAS3] = 0;
1239 env->spr[SPR_BOOKE_MAS6] = 0;
1240 env->spr[SPR_BOOKE_MAS7] = 0;
1241
1242 /* AS */
1243 if (as) {
1244 env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
1245 env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
1246 }
1247
1248 env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
1249 env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
1250
1251 if (!use_epid) {
1252 switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
1253 case MAS4_TIDSELD_PID0:
1254 missed_tid = env->spr[SPR_BOOKE_PID];
1255 break;
1256 case MAS4_TIDSELD_PID1:
1257 missed_tid = env->spr[SPR_BOOKE_PID1];
1258 break;
1259 case MAS4_TIDSELD_PID2:
1260 missed_tid = env->spr[SPR_BOOKE_PID2];
1261 break;
1262 }
1263 env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
1264 } else {
1265 missed_tid = epid;
1266 env->spr[SPR_BOOKE_MAS6] |= missed_tid << 16;
1267 }
1268 env->spr[SPR_BOOKE_MAS1] |= (missed_tid << MAS1_TID_SHIFT);
1269
1270
1271 /* next victim logic */
1272 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
1273 env->last_way++;
1274 env->last_way &= booke206_tlb_ways(env, 0) - 1;
1275 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
1276 }
1277
1278 /* Perform address translation */
1279 /* TODO: Split this by mmu_model. */
1280 static bool ppc_jumbo_xlate(PowerPCCPU *cpu, vaddr eaddr,
1281 MMUAccessType access_type,
1282 hwaddr *raddrp, int *psizep, int *protp,
1283 int mmu_idx, bool guest_visible)
1284 {
1285 CPUState *cs = CPU(cpu);
1286 CPUPPCState *env = &cpu->env;
1287 mmu_ctx_t ctx;
1288 int type;
1289 int ret;
1290
1291 if (access_type == MMU_INST_FETCH) {
1292 /* code access */
1293 type = ACCESS_CODE;
1294 } else if (guest_visible) {
1295 /* data access */
1296 type = env->access_type;
1297 } else {
1298 type = ACCESS_INT;
1299 }
1300
1301 ret = get_physical_address_wtlb(env, &ctx, eaddr, access_type,
1302 type, mmu_idx);
1303 if (ret == 0) {
1304 *raddrp = ctx.raddr;
1305 *protp = ctx.prot;
1306 *psizep = TARGET_PAGE_BITS;
1307 return true;
1308 }
1309
1310 if (guest_visible) {
1311 log_cpu_state_mask(CPU_LOG_MMU, cs, 0);
1312 if (type == ACCESS_CODE) {
1313 switch (ret) {
1314 case -1:
1315 /* No matches in page tables or TLB */
1316 switch (env->mmu_model) {
1317 case POWERPC_MMU_SOFT_6xx:
1318 cs->exception_index = POWERPC_EXCP_IFTLB;
1319 env->error_code = 1 << 18;
1320 env->spr[SPR_IMISS] = eaddr;
1321 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1322 goto tlb_miss;
1323 case POWERPC_MMU_SOFT_4xx:
1324 cs->exception_index = POWERPC_EXCP_ITLB;
1325 env->error_code = 0;
1326 env->spr[SPR_40x_DEAR] = eaddr;
1327 env->spr[SPR_40x_ESR] = 0x00000000;
1328 break;
1329 case POWERPC_MMU_BOOKE206:
1330 booke206_update_mas_tlb_miss(env, eaddr, 2, mmu_idx);
1331 /* fall through */
1332 case POWERPC_MMU_BOOKE:
1333 cs->exception_index = POWERPC_EXCP_ITLB;
1334 env->error_code = 0;
1335 env->spr[SPR_BOOKE_DEAR] = eaddr;
1336 env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, MMU_DATA_LOAD);
1337 break;
1338 case POWERPC_MMU_MPC8xx:
1339 cpu_abort(cs, "MPC8xx MMU model is not implemented\n");
1340 case POWERPC_MMU_REAL:
1341 cpu_abort(cs, "PowerPC in real mode should never raise "
1342 "any MMU exceptions\n");
1343 default:
1344 cpu_abort(cs, "Unknown or invalid MMU model\n");
1345 }
1346 break;
1347 case -2:
1348 /* Access rights violation */
1349 cs->exception_index = POWERPC_EXCP_ISI;
1350 if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1351 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1352 env->error_code = 0;
1353 } else {
1354 env->error_code = 0x08000000;
1355 }
1356 break;
1357 case -3:
1358 /* No execute protection violation */
1359 if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1360 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1361 env->spr[SPR_BOOKE_ESR] = 0x00000000;
1362 env->error_code = 0;
1363 } else {
1364 env->error_code = 0x10000000;
1365 }
1366 cs->exception_index = POWERPC_EXCP_ISI;
1367 break;
1368 case -4:
1369 /* Direct store exception */
1370 /* No code fetch is allowed in direct-store areas */
1371 cs->exception_index = POWERPC_EXCP_ISI;
1372 if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1373 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1374 env->error_code = 0;
1375 } else {
1376 env->error_code = 0x10000000;
1377 }
1378 break;
1379 }
1380 } else {
1381 switch (ret) {
1382 case -1:
1383 /* No matches in page tables or TLB */
1384 switch (env->mmu_model) {
1385 case POWERPC_MMU_SOFT_6xx:
1386 if (access_type == MMU_DATA_STORE) {
1387 cs->exception_index = POWERPC_EXCP_DSTLB;
1388 env->error_code = 1 << 16;
1389 } else {
1390 cs->exception_index = POWERPC_EXCP_DLTLB;
1391 env->error_code = 0;
1392 }
1393 env->spr[SPR_DMISS] = eaddr;
1394 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1395 tlb_miss:
1396 env->error_code |= ctx.key << 19;
1397 env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
1398 get_pteg_offset32(cpu, ctx.hash[0]);
1399 env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
1400 get_pteg_offset32(cpu, ctx.hash[1]);
1401 break;
1402 case POWERPC_MMU_SOFT_4xx:
1403 cs->exception_index = POWERPC_EXCP_DTLB;
1404 env->error_code = 0;
1405 env->spr[SPR_40x_DEAR] = eaddr;
1406 if (access_type == MMU_DATA_STORE) {
1407 env->spr[SPR_40x_ESR] = 0x00800000;
1408 } else {
1409 env->spr[SPR_40x_ESR] = 0x00000000;
1410 }
1411 break;
1412 case POWERPC_MMU_MPC8xx:
1413 /* XXX: TODO */
1414 cpu_abort(cs, "MPC8xx MMU model is not implemented\n");
1415 case POWERPC_MMU_BOOKE206:
1416 booke206_update_mas_tlb_miss(env, eaddr, access_type, mmu_idx);
1417 /* fall through */
1418 case POWERPC_MMU_BOOKE:
1419 cs->exception_index = POWERPC_EXCP_DTLB;
1420 env->error_code = 0;
1421 env->spr[SPR_BOOKE_DEAR] = eaddr;
1422 env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
1423 break;
1424 case POWERPC_MMU_REAL:
1425 cpu_abort(cs, "PowerPC in real mode should never raise "
1426 "any MMU exceptions\n");
1427 default:
1428 cpu_abort(cs, "Unknown or invalid MMU model\n");
1429 }
1430 break;
1431 case -2:
1432 /* Access rights violation */
1433 cs->exception_index = POWERPC_EXCP_DSI;
1434 env->error_code = 0;
1435 if (env->mmu_model == POWERPC_MMU_SOFT_4xx) {
1436 env->spr[SPR_40x_DEAR] = eaddr;
1437 if (access_type == MMU_DATA_STORE) {
1438 env->spr[SPR_40x_ESR] |= 0x00800000;
1439 }
1440 } else if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1441 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1442 env->spr[SPR_BOOKE_DEAR] = eaddr;
1443 env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
1444 } else {
1445 env->spr[SPR_DAR] = eaddr;
1446 if (access_type == MMU_DATA_STORE) {
1447 env->spr[SPR_DSISR] = 0x0A000000;
1448 } else {
1449 env->spr[SPR_DSISR] = 0x08000000;
1450 }
1451 }
1452 break;
1453 case -4:
1454 /* Direct store exception */
1455 switch (type) {
1456 case ACCESS_FLOAT:
1457 /* Floating point load/store */
1458 cs->exception_index = POWERPC_EXCP_ALIGN;
1459 env->error_code = POWERPC_EXCP_ALIGN_FP;
1460 env->spr[SPR_DAR] = eaddr;
1461 break;
1462 case ACCESS_RES:
1463 /* lwarx, ldarx or stwcx. */
1464 cs->exception_index = POWERPC_EXCP_DSI;
1465 env->error_code = 0;
1466 env->spr[SPR_DAR] = eaddr;
1467 if (access_type == MMU_DATA_STORE) {
1468 env->spr[SPR_DSISR] = 0x06000000;
1469 } else {
1470 env->spr[SPR_DSISR] = 0x04000000;
1471 }
1472 break;
1473 case ACCESS_EXT:
1474 /* eciwx or ecowx */
1475 cs->exception_index = POWERPC_EXCP_DSI;
1476 env->error_code = 0;
1477 env->spr[SPR_DAR] = eaddr;
1478 if (access_type == MMU_DATA_STORE) {
1479 env->spr[SPR_DSISR] = 0x06100000;
1480 } else {
1481 env->spr[SPR_DSISR] = 0x04100000;
1482 }
1483 break;
1484 default:
1485 printf("DSI: invalid exception (%d)\n", ret);
1486 cs->exception_index = POWERPC_EXCP_PROGRAM;
1487 env->error_code =
1488 POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1489 env->spr[SPR_DAR] = eaddr;
1490 break;
1491 }
1492 break;
1493 }
1494 }
1495 }
1496 return false;
1497 }
1498
1499 /*****************************************************************************/
1500
1501 bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
1502 hwaddr *raddrp, int *psizep, int *protp,
1503 int mmu_idx, bool guest_visible)
1504 {
1505 switch (cpu->env.mmu_model) {
1506 #if defined(TARGET_PPC64)
1507 case POWERPC_MMU_3_00:
1508 if (ppc64_v3_radix(cpu)) {
1509 return ppc_radix64_xlate(cpu, eaddr, access_type, raddrp,
1510 psizep, protp, mmu_idx, guest_visible);
1511 }
1512 /* fall through */
1513 case POWERPC_MMU_64B:
1514 case POWERPC_MMU_2_03:
1515 case POWERPC_MMU_2_06:
1516 case POWERPC_MMU_2_07:
1517 return ppc_hash64_xlate(cpu, eaddr, access_type,
1518 raddrp, psizep, protp, mmu_idx, guest_visible);
1519 #endif
1520
1521 case POWERPC_MMU_32B:
1522 return ppc_hash32_xlate(cpu, eaddr, access_type, raddrp,
1523 psizep, protp, mmu_idx, guest_visible);
1524
1525 default:
1526 return ppc_jumbo_xlate(cpu, eaddr, access_type, raddrp,
1527 psizep, protp, mmu_idx, guest_visible);
1528 }
1529 }
1530
1531 hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
1532 {
1533 PowerPCCPU *cpu = POWERPC_CPU(cs);
1534 hwaddr raddr;
1535 int s, p;
1536
1537 /*
1538 * Some MMUs have separate TLBs for code and data. If we only
1539 * try an MMU_DATA_LOAD, we may not be able to read instructions
1540 * mapped by code TLBs, so we also try a MMU_INST_FETCH.
1541 */
1542 if (ppc_xlate(cpu, addr, MMU_DATA_LOAD, &raddr, &s, &p,
1543 cpu_mmu_index(&cpu->env, false), false) ||
1544 ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
1545 cpu_mmu_index(&cpu->env, true), false)) {
1546 return raddr & TARGET_PAGE_MASK;
1547 }
1548 return -1;
1549 }
QEmu