search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v9.0.0-rc3'
[qemu/ar7.git] / target / s390x / mmu_helper.c
blobfbb2f1b4d485ea702588d377ec75e16d10a8f103
1 /*
2 * S390x MMU related functions
3 *
4 * Copyright (c) 2011 Alexander Graf
5 * Copyright (c) 2015 Thomas Huth, IBM Corporation
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 */
17
18 #include "qemu/osdep.h"
19 #include "qemu/error-report.h"
20 #include "exec/address-spaces.h"
21 #include "cpu.h"
22 #include "s390x-internal.h"
23 #include "kvm/kvm_s390x.h"
24 #include "sysemu/kvm.h"
25 #include "sysemu/tcg.h"
26 #include "exec/exec-all.h"
27 #include "trace.h"
28 #include "hw/hw.h"
29 #include "hw/s390x/storage-keys.h"
30 #include "hw/boards.h"
31
32 /* Fetch/store bits in the translation exception code: */
33 #define FS_READ 0x800
34 #define FS_WRITE 0x400
35
36 static void trigger_access_exception(CPUS390XState *env, uint32_t type,
37 uint64_t tec)
38 {
39 S390CPU *cpu = env_archcpu(env);
40
41 if (kvm_enabled()) {
42 kvm_s390_access_exception(cpu, type, tec);
43 } else {
44 CPUState *cs = env_cpu(env);
45 if (type != PGM_ADDRESSING) {
46 stq_phys(cs->as, env->psa + offsetof(LowCore, trans_exc_code), tec);
47 }
48 trigger_pgm_exception(env, type);
49 }
50 }
51
52 /* check whether the address would be proteted by Low-Address Protection */
53 static bool is_low_address(uint64_t addr)
54 {
55 return addr <= 511 || (addr >= 4096 && addr <= 4607);
56 }
57
58 /* check whether Low-Address Protection is enabled for mmu_translate() */
59 static bool lowprot_enabled(const CPUS390XState *env, uint64_t asc)
60 {
61 if (!(env->cregs[0] & CR0_LOWPROT)) {
62 return false;
63 }
64 if (!(env->psw.mask & PSW_MASK_DAT)) {
65 return true;
66 }
67
68 /* Check the private-space control bit */
69 switch (asc) {
70 case PSW_ASC_PRIMARY:
71 return !(env->cregs[1] & ASCE_PRIVATE_SPACE);
72 case PSW_ASC_SECONDARY:
73 return !(env->cregs[7] & ASCE_PRIVATE_SPACE);
74 case PSW_ASC_HOME:
75 return !(env->cregs[13] & ASCE_PRIVATE_SPACE);
76 default:
77 /* We don't support access register mode */
78 error_report("unsupported addressing mode");
79 exit(1);
80 }
81 }
82
83 /**
84 * Translate real address to absolute (= physical)
85 * address by taking care of the prefix mapping.
86 */
87 target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr)
88 {
89 if (raddr < 0x2000) {
90 return raddr + env->psa; /* Map the lowcore. */
91 } else if (raddr >= env->psa && raddr < env->psa + 0x2000) {
92 return raddr - env->psa; /* Map the 0 page. */
93 }
94 return raddr;
95 }
96
97 bool mmu_absolute_addr_valid(target_ulong addr, bool is_write)
98 {
99 return address_space_access_valid(&address_space_memory,
100 addr & TARGET_PAGE_MASK,
101 TARGET_PAGE_SIZE, is_write,
102 MEMTXATTRS_UNSPECIFIED);
103 }
104
105 static inline bool read_table_entry(CPUS390XState *env, hwaddr gaddr,
106 uint64_t *entry)
107 {
108 CPUState *cs = env_cpu(env);
109
110 /*
111 * According to the PoP, these table addresses are "unpredictably real
112 * or absolute". Also, "it is unpredictable whether the address wraps
113 * or an addressing exception is recognized".
114 *
115 * We treat them as absolute addresses and don't wrap them.
116 */
117 if (unlikely(address_space_read(cs->as, gaddr, MEMTXATTRS_UNSPECIFIED,
118 entry, sizeof(*entry)) !=
119 MEMTX_OK)) {
120 return false;
121 }
122 *entry = be64_to_cpu(*entry);
123 return true;
124 }
125
126 static int mmu_translate_asce(CPUS390XState *env, target_ulong vaddr,
127 uint64_t asc, uint64_t asce, target_ulong *raddr,
128 int *flags)
129 {
130 const bool edat1 = (env->cregs[0] & CR0_EDAT) &&
131 s390_has_feat(S390_FEAT_EDAT);
132 const bool edat2 = edat1 && s390_has_feat(S390_FEAT_EDAT_2);
133 const bool iep = (env->cregs[0] & CR0_IEP) &&
134 s390_has_feat(S390_FEAT_INSTRUCTION_EXEC_PROT);
135 const int asce_tl = asce & ASCE_TABLE_LENGTH;
136 const int asce_p = asce & ASCE_PRIVATE_SPACE;
137 hwaddr gaddr = asce & ASCE_ORIGIN;
138 uint64_t entry;
139
140 if (asce & ASCE_REAL_SPACE) {
141 /* direct mapping */
142 *raddr = vaddr;
143 return 0;
144 }
145
146 switch (asce & ASCE_TYPE_MASK) {
147 case ASCE_TYPE_REGION1:
148 if (VADDR_REGION1_TL(vaddr) > asce_tl) {
149 return PGM_REG_FIRST_TRANS;
150 }
151 gaddr += VADDR_REGION1_TX(vaddr) * 8;
152 break;
153 case ASCE_TYPE_REGION2:
154 if (VADDR_REGION1_TX(vaddr)) {
155 return PGM_ASCE_TYPE;
156 }
157 if (VADDR_REGION2_TL(vaddr) > asce_tl) {
158 return PGM_REG_SEC_TRANS;
159 }
160 gaddr += VADDR_REGION2_TX(vaddr) * 8;
161 break;
162 case ASCE_TYPE_REGION3:
163 if (VADDR_REGION1_TX(vaddr) || VADDR_REGION2_TX(vaddr)) {
164 return PGM_ASCE_TYPE;
165 }
166 if (VADDR_REGION3_TL(vaddr) > asce_tl) {
167 return PGM_REG_THIRD_TRANS;
168 }
169 gaddr += VADDR_REGION3_TX(vaddr) * 8;
170 break;
171 case ASCE_TYPE_SEGMENT:
172 if (VADDR_REGION1_TX(vaddr) || VADDR_REGION2_TX(vaddr) ||
173 VADDR_REGION3_TX(vaddr)) {
174 return PGM_ASCE_TYPE;
175 }
176 if (VADDR_SEGMENT_TL(vaddr) > asce_tl) {
177 return PGM_SEGMENT_TRANS;
178 }
179 gaddr += VADDR_SEGMENT_TX(vaddr) * 8;
180 break;
181 }
182
183 switch (asce & ASCE_TYPE_MASK) {
184 case ASCE_TYPE_REGION1:
185 if (!read_table_entry(env, gaddr, &entry)) {
186 return PGM_ADDRESSING;
187 }
188 if (entry & REGION_ENTRY_I) {
189 return PGM_REG_FIRST_TRANS;
190 }
191 if ((entry & REGION_ENTRY_TT) != REGION_ENTRY_TT_REGION1) {
192 return PGM_TRANS_SPEC;
193 }
194 if (VADDR_REGION2_TL(vaddr) < (entry & REGION_ENTRY_TF) >> 6 ||
195 VADDR_REGION2_TL(vaddr) > (entry & REGION_ENTRY_TL)) {
196 return PGM_REG_SEC_TRANS;
197 }
198 if (edat1 && (entry & REGION_ENTRY_P)) {
199 *flags &= ~PAGE_WRITE;
200 }
201 gaddr = (entry & REGION_ENTRY_ORIGIN) + VADDR_REGION2_TX(vaddr) * 8;
202 /* fall through */
203 case ASCE_TYPE_REGION2:
204 if (!read_table_entry(env, gaddr, &entry)) {
205 return PGM_ADDRESSING;
206 }
207 if (entry & REGION_ENTRY_I) {
208 return PGM_REG_SEC_TRANS;
209 }
210 if ((entry & REGION_ENTRY_TT) != REGION_ENTRY_TT_REGION2) {
211 return PGM_TRANS_SPEC;
212 }
213 if (VADDR_REGION3_TL(vaddr) < (entry & REGION_ENTRY_TF) >> 6 ||
214 VADDR_REGION3_TL(vaddr) > (entry & REGION_ENTRY_TL)) {
215 return PGM_REG_THIRD_TRANS;
216 }
217 if (edat1 && (entry & REGION_ENTRY_P)) {
218 *flags &= ~PAGE_WRITE;
219 }
220 gaddr = (entry & REGION_ENTRY_ORIGIN) + VADDR_REGION3_TX(vaddr) * 8;
221 /* fall through */
222 case ASCE_TYPE_REGION3:
223 if (!read_table_entry(env, gaddr, &entry)) {
224 return PGM_ADDRESSING;
225 }
226 if (entry & REGION_ENTRY_I) {
227 return PGM_REG_THIRD_TRANS;
228 }
229 if ((entry & REGION_ENTRY_TT) != REGION_ENTRY_TT_REGION3) {
230 return PGM_TRANS_SPEC;
231 }
232 if (edat2 && (entry & REGION3_ENTRY_CR) && asce_p) {
233 return PGM_TRANS_SPEC;
234 }
235 if (edat1 && (entry & REGION_ENTRY_P)) {
236 *flags &= ~PAGE_WRITE;
237 }
238 if (edat2 && (entry & REGION3_ENTRY_FC)) {
239 if (iep && (entry & REGION3_ENTRY_IEP)) {
240 *flags &= ~PAGE_EXEC;
241 }
242 *raddr = (entry & REGION3_ENTRY_RFAA) |
243 (vaddr & ~REGION3_ENTRY_RFAA);
244 return 0;
245 }
246 if (VADDR_SEGMENT_TL(vaddr) < (entry & REGION_ENTRY_TF) >> 6 ||
247 VADDR_SEGMENT_TL(vaddr) > (entry & REGION_ENTRY_TL)) {
248 return PGM_SEGMENT_TRANS;
249 }
250 gaddr = (entry & REGION_ENTRY_ORIGIN) + VADDR_SEGMENT_TX(vaddr) * 8;
251 /* fall through */
252 case ASCE_TYPE_SEGMENT:
253 if (!read_table_entry(env, gaddr, &entry)) {
254 return PGM_ADDRESSING;
255 }
256 if (entry & SEGMENT_ENTRY_I) {
257 return PGM_SEGMENT_TRANS;
258 }
259 if ((entry & SEGMENT_ENTRY_TT) != SEGMENT_ENTRY_TT_SEGMENT) {
260 return PGM_TRANS_SPEC;
261 }
262 if ((entry & SEGMENT_ENTRY_CS) && asce_p) {
263 return PGM_TRANS_SPEC;
264 }
265 if (entry & SEGMENT_ENTRY_P) {
266 *flags &= ~PAGE_WRITE;
267 }
268 if (edat1 && (entry & SEGMENT_ENTRY_FC)) {
269 if (iep && (entry & SEGMENT_ENTRY_IEP)) {
270 *flags &= ~PAGE_EXEC;
271 }
272 *raddr = (entry & SEGMENT_ENTRY_SFAA) |
273 (vaddr & ~SEGMENT_ENTRY_SFAA);
274 return 0;
275 }
276 gaddr = (entry & SEGMENT_ENTRY_ORIGIN) + VADDR_PAGE_TX(vaddr) * 8;
277 break;
278 }
279
280 if (!read_table_entry(env, gaddr, &entry)) {
281 return PGM_ADDRESSING;
282 }
283 if (entry & PAGE_ENTRY_I) {
284 return PGM_PAGE_TRANS;
285 }
286 if (entry & PAGE_ENTRY_0) {
287 return PGM_TRANS_SPEC;
288 }
289 if (entry & PAGE_ENTRY_P) {
290 *flags &= ~PAGE_WRITE;
291 }
292 if (iep && (entry & PAGE_ENTRY_IEP)) {
293 *flags &= ~PAGE_EXEC;
294 }
295
296 *raddr = entry & TARGET_PAGE_MASK;
297 return 0;
298 }
299
300 static void mmu_handle_skey(target_ulong addr, int rw, int *flags)
301 {
302 static S390SKeysClass *skeyclass;
303 static S390SKeysState *ss;
304 uint8_t key, old_key;
305 int rc;
306
307 /*
308 * We expect to be called with an absolute address that has already been
309 * validated, such that we can reliably use it to lookup the storage key.
310 */
311 if (unlikely(!ss)) {
312 ss = s390_get_skeys_device();
313 skeyclass = S390_SKEYS_GET_CLASS(ss);
314 }
315
316 /*
317 * Don't enable storage keys if they are still disabled, i.e., no actual
318 * storage key instruction was issued yet.
319 */
320 if (!skeyclass->skeys_are_enabled(ss)) {
321 return;
322 }
323
324 /*
325 * Whenever we create a new TLB entry, we set the storage key reference
326 * bit. In case we allow write accesses, we set the storage key change
327 * bit. Whenever the guest changes the storage key, we have to flush the
328 * TLBs of all CPUs (the whole TLB or all affected entries), so that the
329 * next reference/change will result in an MMU fault and make us properly
330 * update the storage key here.
331 *
332 * Note 1: "record of references ... is not necessarily accurate",
333 * "change bit may be set in case no storing has occurred".
334 * -> We can set reference/change bits even on exceptions.
335 * Note 2: certain accesses seem to ignore storage keys. For example,
336 * DAT translation does not set reference bits for table accesses.
337 *
338 * TODO: key-controlled protection. Only CPU accesses make use of the
339 * PSW key. CSS accesses are different - we have to pass in the key.
340 *
341 * TODO: we have races between getting and setting the key.
342 */
343 rc = skeyclass->get_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
344 if (rc) {
345 trace_get_skeys_nonzero(rc);
346 return;
347 }
348 old_key = key;
349
350 switch (rw) {
351 case MMU_DATA_LOAD:
352 case MMU_INST_FETCH:
353 /*
354 * The TLB entry has to remain write-protected on read-faults if
355 * the storage key does not indicate a change already. Otherwise
356 * we might miss setting the change bit on write accesses.
357 */
358 if (!(key & SK_C)) {
359 *flags &= ~PAGE_WRITE;
360 }
361 break;
362 case MMU_DATA_STORE:
363 key |= SK_C;
364 break;
365 default:
366 g_assert_not_reached();
367 }
368
369 /* Any store/fetch sets the reference bit */
370 key |= SK_R;
371
372 if (key != old_key) {
373 rc = skeyclass->set_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
374 if (rc) {
375 trace_set_skeys_nonzero(rc);
376 }
377 }
378 }
379
380 /**
381 * Translate a virtual (logical) address into a physical (absolute) address.
382 * @param vaddr the virtual address
383 * @param rw 0 = read, 1 = write, 2 = code fetch, < 0 = load real address
384 * @param asc address space control (one of the PSW_ASC_* modes)
385 * @param raddr the translated address is stored to this pointer
386 * @param flags the PAGE_READ/WRITE/EXEC flags are stored to this pointer
387 * @param tec the translation exception code if stored to this pointer if
388 * there is an exception to raise
389 * @return 0 = success, != 0, the exception to raise
390 */
391 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
392 target_ulong *raddr, int *flags, uint64_t *tec)
393 {
394 uint64_t asce;
395 int r;
396
397 *tec = (vaddr & TARGET_PAGE_MASK) | (asc >> 46) |
398 (rw == MMU_DATA_STORE ? FS_WRITE : FS_READ);
399 *flags = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
400
401 if (is_low_address(vaddr & TARGET_PAGE_MASK) && lowprot_enabled(env, asc)) {
402 /*
403 * If any part of this page is currently protected, make sure the
404 * TLB entry will not be reused.
405 *
406 * As the protected range is always the first 512 bytes of the
407 * two first pages, we are able to catch all writes to these areas
408 * just by looking at the start address (triggering the tlb miss).
409 */
410 *flags |= PAGE_WRITE_INV;
411 if (is_low_address(vaddr) && rw == MMU_DATA_STORE) {
412 /* LAP sets bit 56 */
413 *tec |= 0x80;
414 return PGM_PROTECTION;
415 }
416 }
417
418 vaddr &= TARGET_PAGE_MASK;
419
420 if (rw != MMU_S390_LRA && !(env->psw.mask & PSW_MASK_DAT)) {
421 *raddr = vaddr;
422 goto nodat;
423 }
424
425 switch (asc) {
426 case PSW_ASC_PRIMARY:
427 asce = env->cregs[1];
428 break;
429 case PSW_ASC_HOME:
430 asce = env->cregs[13];
431 break;
432 case PSW_ASC_SECONDARY:
433 asce = env->cregs[7];
434 break;
435 case PSW_ASC_ACCREG:
436 default:
437 hw_error("guest switched to unknown asc mode\n");
438 break;
439 }
440
441 /* perform the DAT translation */
442 r = mmu_translate_asce(env, vaddr, asc, asce, raddr, flags);
443 if (unlikely(r)) {
444 return r;
445 }
446
447 /* check for DAT protection */
448 if (unlikely(rw == MMU_DATA_STORE && !(*flags & PAGE_WRITE))) {
449 /* DAT sets bit 61 only */
450 *tec |= 0x4;
451 return PGM_PROTECTION;
452 }
453
454 /* check for Instruction-Execution-Protection */
455 if (unlikely(rw == MMU_INST_FETCH && !(*flags & PAGE_EXEC))) {
456 /* IEP sets bit 56 and 61 */
457 *tec |= 0x84;
458 return PGM_PROTECTION;
459 }
460
461 nodat:
462 if (rw >= 0) {
463 /* Convert real address -> absolute address */
464 *raddr = mmu_real2abs(env, *raddr);
465
466 if (!mmu_absolute_addr_valid(*raddr, rw == MMU_DATA_STORE)) {
467 *tec = 0; /* unused */
468 return PGM_ADDRESSING;
469 }
470
471 mmu_handle_skey(*raddr, rw, flags);
472 }
473 return 0;
474 }
475
476 /**
477 * translate_pages: Translate a set of consecutive logical page addresses
478 * to absolute addresses. This function is used for TCG and old KVM without
479 * the MEMOP interface.
480 */
481 static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages,
482 target_ulong *pages, bool is_write, uint64_t *tec)
483 {
484 uint64_t asc = cpu->env.psw.mask & PSW_MASK_ASC;
485 CPUS390XState *env = &cpu->env;
486 int ret, i, pflags;
487
488 for (i = 0; i < nr_pages; i++) {
489 ret = mmu_translate(env, addr, is_write, asc, &pages[i], &pflags, tec);
490 if (ret) {
491 return ret;
492 }
493 addr += TARGET_PAGE_SIZE;
494 }
495
496 return 0;
497 }
498
499 int s390_cpu_pv_mem_rw(S390CPU *cpu, unsigned int offset, void *hostbuf,
500 int len, bool is_write)
501 {
502 int ret;
503
504 if (kvm_enabled()) {
505 ret = kvm_s390_mem_op_pv(cpu, offset, hostbuf, len, is_write);
506 } else {
507 /* Protected Virtualization is a KVM/Hardware only feature */
508 g_assert_not_reached();
509 }
510 return ret;
511 }
512
513 /**
514 * s390_cpu_virt_mem_rw:
515 * @laddr: the logical start address
516 * @ar: the access register number
517 * @hostbuf: buffer in host memory. NULL = do only checks w/o copying
518 * @len: length that should be transferred
519 * @is_write: true = write, false = read
520 * Returns: 0 on success, non-zero if an exception occurred
521 *
522 * Copy from/to guest memory using logical addresses. Note that we inject a
523 * program interrupt in case there is an error while accessing the memory.
524 *
525 * This function will always return (also for TCG), make sure to call
526 * s390_cpu_virt_mem_handle_exc() to properly exit the CPU loop.
527 */
528 int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,
529 int len, bool is_write)
530 {
531 int currlen, nr_pages, i;
532 target_ulong *pages;
533 uint64_t tec;
534 int ret;
535
536 if (kvm_enabled()) {
537 ret = kvm_s390_mem_op(cpu, laddr, ar, hostbuf, len, is_write);
538 if (ret >= 0) {
539 return ret;
540 }
541 }
542
543 nr_pages = (((laddr & ~TARGET_PAGE_MASK) + len - 1) >> TARGET_PAGE_BITS)
544 + 1;
545 pages = g_malloc(nr_pages * sizeof(*pages));
546
547 ret = translate_pages(cpu, laddr, nr_pages, pages, is_write, &tec);
548 if (ret) {
549 trigger_access_exception(&cpu->env, ret, tec);
550 } else if (hostbuf != NULL) {
551 /* Copy data by stepping through the area page by page */
552 for (i = 0; i < nr_pages; i++) {
553 currlen = MIN(len, TARGET_PAGE_SIZE - (laddr % TARGET_PAGE_SIZE));
554 cpu_physical_memory_rw(pages[i] | (laddr & ~TARGET_PAGE_MASK),
555 hostbuf, currlen, is_write);
556 laddr += currlen;
557 hostbuf += currlen;
558 len -= currlen;
559 }
560 }
561
562 g_free(pages);
563 return ret;
564 }
565
566 void s390_cpu_virt_mem_handle_exc(S390CPU *cpu, uintptr_t ra)
567 {
568 /* KVM will handle the interrupt automatically, TCG has to exit the TB */
569 #ifdef CONFIG_TCG
570 if (tcg_enabled()) {
571 cpu_loop_exit_restore(CPU(cpu), ra);
572 }
573 #endif
574 }
575
576 /**
577 * Translate a real address into a physical (absolute) address.
578 * @param raddr the real address
579 * @param rw 0 = read, 1 = write, 2 = code fetch
580 * @param addr the translated address is stored to this pointer
581 * @param flags the PAGE_READ/WRITE/EXEC flags are stored to this pointer
582 * @return 0 = success, != 0, the exception to raise
583 */
584 int mmu_translate_real(CPUS390XState *env, target_ulong raddr, int rw,
585 target_ulong *addr, int *flags, uint64_t *tec)
586 {
587 const bool lowprot_enabled = env->cregs[0] & CR0_LOWPROT;
588
589 *flags = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
590 if (is_low_address(raddr & TARGET_PAGE_MASK) && lowprot_enabled) {
591 /* see comment in mmu_translate() how this works */
592 *flags |= PAGE_WRITE_INV;
593 if (is_low_address(raddr) && rw == MMU_DATA_STORE) {
594 /* LAP sets bit 56 */
595 *tec = (raddr & TARGET_PAGE_MASK) | FS_WRITE | 0x80;
596 return PGM_PROTECTION;
597 }
598 }
599
600 *addr = mmu_real2abs(env, raddr & TARGET_PAGE_MASK);
601
602 if (!mmu_absolute_addr_valid(*addr, rw == MMU_DATA_STORE)) {
603 /* unused */
604 *tec = 0;
605 return PGM_ADDRESSING;
606 }
607
608 mmu_handle_skey(*addr, rw, flags);
609 return 0;
610 }
AR7 emulation for QEMU