19d7c3f4aSDavid Gibson /* 29d7c3f4aSDavid Gibson * PowerPC MMU, TLB and BAT emulation helpers for QEMU. 39d7c3f4aSDavid Gibson * 49d7c3f4aSDavid Gibson * Copyright (c) 2003-2007 Jocelyn Mayer 59d7c3f4aSDavid Gibson * Copyright (c) 2013 David Gibson, IBM Corporation 69d7c3f4aSDavid Gibson * 79d7c3f4aSDavid Gibson * This library is free software; you can redistribute it and/or 89d7c3f4aSDavid Gibson * modify it under the terms of the GNU Lesser General Public 99d7c3f4aSDavid Gibson * License as published by the Free Software Foundation; either 109d7c3f4aSDavid Gibson * version 2 of the License, or (at your option) any later version. 119d7c3f4aSDavid Gibson * 129d7c3f4aSDavid Gibson * This library is distributed in the hope that it will be useful, 139d7c3f4aSDavid Gibson * but WITHOUT ANY WARRANTY; without even the implied warranty of 149d7c3f4aSDavid Gibson * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 159d7c3f4aSDavid Gibson * Lesser General Public License for more details. 169d7c3f4aSDavid Gibson * 179d7c3f4aSDavid Gibson * You should have received a copy of the GNU Lesser General Public 189d7c3f4aSDavid Gibson * License along with this library; if not, see <http://www.gnu.org/licenses/>. 199d7c3f4aSDavid Gibson */ 209d7c3f4aSDavid Gibson 219d7c3f4aSDavid Gibson #include "cpu.h" 229d7c3f4aSDavid Gibson #include "helper.h" 239d7c3f4aSDavid Gibson #include "sysemu/kvm.h" 249d7c3f4aSDavid Gibson #include "kvm_ppc.h" 259d7c3f4aSDavid Gibson #include "mmu-hash32.h" 269d7c3f4aSDavid Gibson 279d7c3f4aSDavid Gibson //#define DEBUG_MMU 289d7c3f4aSDavid Gibson 299d7c3f4aSDavid Gibson #ifdef DEBUG_MMU 309d7c3f4aSDavid Gibson # define LOG_MMU(...) qemu_log(__VA_ARGS__) 319d7c3f4aSDavid Gibson # define LOG_MMU_STATE(env) log_cpu_state((env), 0) 329d7c3f4aSDavid Gibson #else 339d7c3f4aSDavid Gibson # define LOG_MMU(...) do { } while (0) 349d7c3f4aSDavid Gibson # define LOG_MMU_STATE(...) do { } while (0) 359d7c3f4aSDavid Gibson #endif 369d7c3f4aSDavid Gibson 379d7c3f4aSDavid Gibson #define PTE_PTEM_MASK 0x7FFFFFBF 389d7c3f4aSDavid Gibson #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B) 399d7c3f4aSDavid Gibson 409d7c3f4aSDavid Gibson static inline int pte_is_valid_hash32(target_ulong pte0) 419d7c3f4aSDavid Gibson { 429d7c3f4aSDavid Gibson return pte0 & 0x80000000 ? 1 : 0; 439d7c3f4aSDavid Gibson } 449d7c3f4aSDavid Gibson 45c69b6151SDavid Gibson static int pte_check_hash32(mmu_ctx_t *ctx, target_ulong pte0, 469d7c3f4aSDavid Gibson target_ulong pte1, int h, int rw, int type) 479d7c3f4aSDavid Gibson { 489d7c3f4aSDavid Gibson target_ulong ptem, mmask; 499d7c3f4aSDavid Gibson int access, ret, pteh, ptev, pp; 509d7c3f4aSDavid Gibson 519d7c3f4aSDavid Gibson ret = -1; 529d7c3f4aSDavid Gibson /* Check validity and table match */ 539d7c3f4aSDavid Gibson ptev = pte_is_valid_hash32(pte0); 549d7c3f4aSDavid Gibson pteh = (pte0 >> 6) & 1; 559d7c3f4aSDavid Gibson if (ptev && h == pteh) { 569d7c3f4aSDavid Gibson /* Check vsid & api */ 579d7c3f4aSDavid Gibson ptem = pte0 & PTE_PTEM_MASK; 589d7c3f4aSDavid Gibson mmask = PTE_CHECK_MASK; 599d7c3f4aSDavid Gibson pp = pte1 & 0x00000003; 609d7c3f4aSDavid Gibson if (ptem == ctx->ptem) { 619d7c3f4aSDavid Gibson if (ctx->raddr != (hwaddr)-1ULL) { 629d7c3f4aSDavid Gibson /* all matches should have equal RPN, WIMG & PP */ 639d7c3f4aSDavid Gibson if ((ctx->raddr & mmask) != (pte1 & mmask)) { 649d7c3f4aSDavid Gibson qemu_log("Bad RPN/WIMG/PP\n"); 659d7c3f4aSDavid Gibson return -3; 669d7c3f4aSDavid Gibson } 679d7c3f4aSDavid Gibson } 689d7c3f4aSDavid Gibson /* Compute access rights */ 699d7c3f4aSDavid Gibson access = pp_check(ctx->key, pp, ctx->nx); 709d7c3f4aSDavid Gibson /* Keep the matching PTE informations */ 719d7c3f4aSDavid Gibson ctx->raddr = pte1; 729d7c3f4aSDavid Gibson ctx->prot = access; 739d7c3f4aSDavid Gibson ret = check_prot(ctx->prot, rw, type); 749d7c3f4aSDavid Gibson if (ret == 0) { 759d7c3f4aSDavid Gibson /* Access granted */ 769d7c3f4aSDavid Gibson LOG_MMU("PTE access granted !\n"); 779d7c3f4aSDavid Gibson } else { 789d7c3f4aSDavid Gibson /* Access right violation */ 799d7c3f4aSDavid Gibson LOG_MMU("PTE access rejected\n"); 809d7c3f4aSDavid Gibson } 819d7c3f4aSDavid Gibson } 829d7c3f4aSDavid Gibson } 839d7c3f4aSDavid Gibson 849d7c3f4aSDavid Gibson return ret; 859d7c3f4aSDavid Gibson } 86c69b6151SDavid Gibson 87c69b6151SDavid Gibson /* PTE table lookup */ 880480884fSDavid Gibson static int find_pte32(CPUPPCState *env, mmu_ctx_t *ctx, int h, 89c69b6151SDavid Gibson int rw, int type, int target_page_bits) 90c69b6151SDavid Gibson { 91c69b6151SDavid Gibson hwaddr pteg_off; 92c69b6151SDavid Gibson target_ulong pte0, pte1; 93c69b6151SDavid Gibson int i, good = -1; 94c69b6151SDavid Gibson int ret, r; 95c69b6151SDavid Gibson 96c69b6151SDavid Gibson ret = -1; /* No entry found */ 97c69b6151SDavid Gibson pteg_off = get_pteg_offset(env, ctx->hash[h], HASH_PTE_SIZE_32); 98c69b6151SDavid Gibson for (i = 0; i < 8; i++) { 99c69b6151SDavid Gibson if (env->external_htab) { 100c69b6151SDavid Gibson pte0 = ldl_p(env->external_htab + pteg_off + (i * 8)); 101c69b6151SDavid Gibson pte1 = ldl_p(env->external_htab + pteg_off + (i * 8) + 4); 102c69b6151SDavid Gibson } else { 103c69b6151SDavid Gibson pte0 = ldl_phys(env->htab_base + pteg_off + (i * 8)); 104c69b6151SDavid Gibson pte1 = ldl_phys(env->htab_base + pteg_off + (i * 8) + 4); 105c69b6151SDavid Gibson } 106c69b6151SDavid Gibson r = pte_check_hash32(ctx, pte0, pte1, h, rw, type); 107c69b6151SDavid Gibson LOG_MMU("Load pte from %08" HWADDR_PRIx " => " TARGET_FMT_lx " " 108c69b6151SDavid Gibson TARGET_FMT_lx " %d %d %d " TARGET_FMT_lx "\n", 109c69b6151SDavid Gibson pteg_off + (i * 8), pte0, pte1, (int)(pte0 >> 31), h, 110c69b6151SDavid Gibson (int)((pte0 >> 6) & 1), ctx->ptem); 111c69b6151SDavid Gibson switch (r) { 112c69b6151SDavid Gibson case -3: 113c69b6151SDavid Gibson /* PTE inconsistency */ 114c69b6151SDavid Gibson return -1; 115c69b6151SDavid Gibson case -2: 116c69b6151SDavid Gibson /* Access violation */ 117c69b6151SDavid Gibson ret = -2; 118c69b6151SDavid Gibson good = i; 119c69b6151SDavid Gibson break; 120c69b6151SDavid Gibson case -1: 121c69b6151SDavid Gibson default: 122c69b6151SDavid Gibson /* No PTE match */ 123c69b6151SDavid Gibson break; 124c69b6151SDavid Gibson case 0: 125c69b6151SDavid Gibson /* access granted */ 126c69b6151SDavid Gibson /* XXX: we should go on looping to check all PTEs consistency 127c69b6151SDavid Gibson * but if we can speed-up the whole thing as the 128c69b6151SDavid Gibson * result would be undefined if PTEs are not consistent. 129c69b6151SDavid Gibson */ 130c69b6151SDavid Gibson ret = 0; 131c69b6151SDavid Gibson good = i; 132c69b6151SDavid Gibson goto done; 133c69b6151SDavid Gibson } 134c69b6151SDavid Gibson } 135c69b6151SDavid Gibson if (good != -1) { 136c69b6151SDavid Gibson done: 137c69b6151SDavid Gibson LOG_MMU("found PTE at addr %08" HWADDR_PRIx " prot=%01x ret=%d\n", 138c69b6151SDavid Gibson ctx->raddr, ctx->prot, ret); 139c69b6151SDavid Gibson /* Update page flags */ 140c69b6151SDavid Gibson pte1 = ctx->raddr; 141c69b6151SDavid Gibson if (pte_update_flags(ctx, &pte1, ret, rw) == 1) { 142c69b6151SDavid Gibson if (env->external_htab) { 143c69b6151SDavid Gibson stl_p(env->external_htab + pteg_off + (good * 8) + 4, 144c69b6151SDavid Gibson pte1); 145c69b6151SDavid Gibson } else { 146c69b6151SDavid Gibson stl_phys_notdirty(env->htab_base + pteg_off + 147c69b6151SDavid Gibson (good * 8) + 4, pte1); 148c69b6151SDavid Gibson } 149c69b6151SDavid Gibson } 150c69b6151SDavid Gibson } 151c69b6151SDavid Gibson 152c69b6151SDavid Gibson /* We have a TLB that saves 4K pages, so let's 153c69b6151SDavid Gibson * split a huge page to 4k chunks */ 154c69b6151SDavid Gibson if (target_page_bits != TARGET_PAGE_BITS) { 155c69b6151SDavid Gibson ctx->raddr |= (ctx->eaddr & ((1 << target_page_bits) - 1)) 156c69b6151SDavid Gibson & TARGET_PAGE_MASK; 157c69b6151SDavid Gibson } 158c69b6151SDavid Gibson return ret; 159c69b6151SDavid Gibson } 1600480884fSDavid Gibson 1610480884fSDavid Gibson int get_segment32(CPUPPCState *env, mmu_ctx_t *ctx, 1620480884fSDavid Gibson target_ulong eaddr, int rw, int type) 1630480884fSDavid Gibson { 1640480884fSDavid Gibson hwaddr hash; 1650480884fSDavid Gibson target_ulong vsid; 1660480884fSDavid Gibson int ds, pr, target_page_bits; 1670480884fSDavid Gibson int ret, ret2; 1680480884fSDavid Gibson target_ulong sr, pgidx; 1690480884fSDavid Gibson 1700480884fSDavid Gibson pr = msr_pr; 1710480884fSDavid Gibson ctx->eaddr = eaddr; 1720480884fSDavid Gibson 1730480884fSDavid Gibson sr = env->sr[eaddr >> 28]; 1740480884fSDavid Gibson ctx->key = (((sr & 0x20000000) && (pr != 0)) || 1750480884fSDavid Gibson ((sr & 0x40000000) && (pr == 0))) ? 1 : 0; 1760480884fSDavid Gibson ds = sr & 0x80000000 ? 1 : 0; 1770480884fSDavid Gibson ctx->nx = sr & 0x10000000 ? 1 : 0; 1780480884fSDavid Gibson vsid = sr & 0x00FFFFFF; 1790480884fSDavid Gibson target_page_bits = TARGET_PAGE_BITS; 1800480884fSDavid Gibson LOG_MMU("Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx " nip=" 1810480884fSDavid Gibson TARGET_FMT_lx " lr=" TARGET_FMT_lx 1820480884fSDavid Gibson " ir=%d dr=%d pr=%d %d t=%d\n", 1830480884fSDavid Gibson eaddr, (int)(eaddr >> 28), sr, env->nip, env->lr, (int)msr_ir, 1840480884fSDavid Gibson (int)msr_dr, pr != 0 ? 1 : 0, rw, type); 1850480884fSDavid Gibson pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits; 1860480884fSDavid Gibson hash = vsid ^ pgidx; 1870480884fSDavid Gibson ctx->ptem = (vsid << 7) | (pgidx >> 10); 1880480884fSDavid Gibson 1890480884fSDavid Gibson LOG_MMU("pte segment: key=%d ds %d nx %d vsid " TARGET_FMT_lx "\n", 1900480884fSDavid Gibson ctx->key, ds, ctx->nx, vsid); 1910480884fSDavid Gibson ret = -1; 1920480884fSDavid Gibson if (!ds) { 1930480884fSDavid Gibson /* Check if instruction fetch is allowed, if needed */ 1940480884fSDavid Gibson if (type != ACCESS_CODE || ctx->nx == 0) { 1950480884fSDavid Gibson /* Page address translation */ 1960480884fSDavid Gibson LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx 1970480884fSDavid Gibson " hash " TARGET_FMT_plx "\n", 1980480884fSDavid Gibson env->htab_base, env->htab_mask, hash); 1990480884fSDavid Gibson ctx->hash[0] = hash; 2000480884fSDavid Gibson ctx->hash[1] = ~hash; 2010480884fSDavid Gibson 2020480884fSDavid Gibson /* Initialize real address with an invalid value */ 2030480884fSDavid Gibson ctx->raddr = (hwaddr)-1ULL; 2040480884fSDavid Gibson LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 2050480884fSDavid Gibson " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx 2060480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", 2070480884fSDavid Gibson env->htab_base, env->htab_mask, vsid, ctx->ptem, 2080480884fSDavid Gibson ctx->hash[0]); 2090480884fSDavid Gibson /* Primary table lookup */ 2100480884fSDavid Gibson ret = find_pte32(env, ctx, 0, rw, type, target_page_bits); 2110480884fSDavid Gibson if (ret < 0) { 2120480884fSDavid Gibson /* Secondary table lookup */ 2130480884fSDavid Gibson LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 2140480884fSDavid Gibson " vsid=" TARGET_FMT_lx " api=" TARGET_FMT_lx 2150480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", env->htab_base, 2160480884fSDavid Gibson env->htab_mask, vsid, ctx->ptem, ctx->hash[1]); 2170480884fSDavid Gibson ret2 = find_pte32(env, ctx, 1, rw, type, 2180480884fSDavid Gibson target_page_bits); 2190480884fSDavid Gibson if (ret2 != -1) { 2200480884fSDavid Gibson ret = ret2; 2210480884fSDavid Gibson } 2220480884fSDavid Gibson } 2230480884fSDavid Gibson #if defined(DUMP_PAGE_TABLES) 2240480884fSDavid Gibson if (qemu_log_enabled()) { 2250480884fSDavid Gibson hwaddr curaddr; 2260480884fSDavid Gibson uint32_t a0, a1, a2, a3; 2270480884fSDavid Gibson 2280480884fSDavid Gibson qemu_log("Page table: " TARGET_FMT_plx " len " TARGET_FMT_plx 2290480884fSDavid Gibson "\n", sdr, mask + 0x80); 2300480884fSDavid Gibson for (curaddr = sdr; curaddr < (sdr + mask + 0x80); 2310480884fSDavid Gibson curaddr += 16) { 2320480884fSDavid Gibson a0 = ldl_phys(curaddr); 2330480884fSDavid Gibson a1 = ldl_phys(curaddr + 4); 2340480884fSDavid Gibson a2 = ldl_phys(curaddr + 8); 2350480884fSDavid Gibson a3 = ldl_phys(curaddr + 12); 2360480884fSDavid Gibson if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) { 2370480884fSDavid Gibson qemu_log(TARGET_FMT_plx ": %08x %08x %08x %08x\n", 2380480884fSDavid Gibson curaddr, a0, a1, a2, a3); 2390480884fSDavid Gibson } 2400480884fSDavid Gibson } 2410480884fSDavid Gibson } 2420480884fSDavid Gibson #endif 2430480884fSDavid Gibson } else { 2440480884fSDavid Gibson LOG_MMU("No access allowed\n"); 2450480884fSDavid Gibson ret = -3; 2460480884fSDavid Gibson } 2470480884fSDavid Gibson } else { 2480480884fSDavid Gibson target_ulong sr; 2490480884fSDavid Gibson 2500480884fSDavid Gibson LOG_MMU("direct store...\n"); 2510480884fSDavid Gibson /* Direct-store segment : absolutely *BUGGY* for now */ 2520480884fSDavid Gibson 2530480884fSDavid Gibson /* Direct-store implies a 32-bit MMU. 2540480884fSDavid Gibson * Check the Segment Register's bus unit ID (BUID). 2550480884fSDavid Gibson */ 2560480884fSDavid Gibson sr = env->sr[eaddr >> 28]; 2570480884fSDavid Gibson if ((sr & 0x1FF00000) >> 20 == 0x07f) { 2580480884fSDavid Gibson /* Memory-forced I/O controller interface access */ 2590480884fSDavid Gibson /* If T=1 and BUID=x'07F', the 601 performs a memory access 2600480884fSDavid Gibson * to SR[28-31] LA[4-31], bypassing all protection mechanisms. 2610480884fSDavid Gibson */ 2620480884fSDavid Gibson ctx->raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF); 2630480884fSDavid Gibson ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 2640480884fSDavid Gibson return 0; 2650480884fSDavid Gibson } 2660480884fSDavid Gibson 2670480884fSDavid Gibson switch (type) { 2680480884fSDavid Gibson case ACCESS_INT: 2690480884fSDavid Gibson /* Integer load/store : only access allowed */ 2700480884fSDavid Gibson break; 2710480884fSDavid Gibson case ACCESS_CODE: 2720480884fSDavid Gibson /* No code fetch is allowed in direct-store areas */ 2730480884fSDavid Gibson return -4; 2740480884fSDavid Gibson case ACCESS_FLOAT: 2750480884fSDavid Gibson /* Floating point load/store */ 2760480884fSDavid Gibson return -4; 2770480884fSDavid Gibson case ACCESS_RES: 2780480884fSDavid Gibson /* lwarx, ldarx or srwcx. */ 2790480884fSDavid Gibson return -4; 2800480884fSDavid Gibson case ACCESS_CACHE: 2810480884fSDavid Gibson /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */ 2820480884fSDavid Gibson /* Should make the instruction do no-op. 2830480884fSDavid Gibson * As it already do no-op, it's quite easy :-) 2840480884fSDavid Gibson */ 2850480884fSDavid Gibson ctx->raddr = eaddr; 2860480884fSDavid Gibson return 0; 2870480884fSDavid Gibson case ACCESS_EXT: 2880480884fSDavid Gibson /* eciwx or ecowx */ 2890480884fSDavid Gibson return -4; 2900480884fSDavid Gibson default: 2910480884fSDavid Gibson qemu_log("ERROR: instruction should not need " 2920480884fSDavid Gibson "address translation\n"); 2930480884fSDavid Gibson return -4; 2940480884fSDavid Gibson } 2950480884fSDavid Gibson if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) { 2960480884fSDavid Gibson ctx->raddr = eaddr; 2970480884fSDavid Gibson ret = 2; 2980480884fSDavid Gibson } else { 2990480884fSDavid Gibson ret = -2; 3000480884fSDavid Gibson } 3010480884fSDavid Gibson } 3020480884fSDavid Gibson 3030480884fSDavid Gibson return ret; 3040480884fSDavid Gibson } 305