19d7c3f4aSDavid Gibson /* 29d7c3f4aSDavid Gibson * PowerPC MMU, TLB and BAT emulation helpers for QEMU. 39d7c3f4aSDavid Gibson * 49d7c3f4aSDavid Gibson * Copyright (c) 2003-2007 Jocelyn Mayer 59d7c3f4aSDavid Gibson * Copyright (c) 2013 David Gibson, IBM Corporation 69d7c3f4aSDavid Gibson * 79d7c3f4aSDavid Gibson * This library is free software; you can redistribute it and/or 89d7c3f4aSDavid Gibson * modify it under the terms of the GNU Lesser General Public 99d7c3f4aSDavid Gibson * License as published by the Free Software Foundation; either 109d7c3f4aSDavid Gibson * version 2 of the License, or (at your option) any later version. 119d7c3f4aSDavid Gibson * 129d7c3f4aSDavid Gibson * This library is distributed in the hope that it will be useful, 139d7c3f4aSDavid Gibson * but WITHOUT ANY WARRANTY; without even the implied warranty of 149d7c3f4aSDavid Gibson * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 159d7c3f4aSDavid Gibson * Lesser General Public License for more details. 169d7c3f4aSDavid Gibson * 179d7c3f4aSDavid Gibson * You should have received a copy of the GNU Lesser General Public 189d7c3f4aSDavid Gibson * License along with this library; if not, see <http://www.gnu.org/licenses/>. 199d7c3f4aSDavid Gibson */ 209d7c3f4aSDavid Gibson 219d7c3f4aSDavid Gibson #include "cpu.h" 229d7c3f4aSDavid Gibson #include "helper.h" 239d7c3f4aSDavid Gibson #include "sysemu/kvm.h" 249d7c3f4aSDavid Gibson #include "kvm_ppc.h" 259d7c3f4aSDavid Gibson #include "mmu-hash32.h" 269d7c3f4aSDavid Gibson 279d7c3f4aSDavid Gibson //#define DEBUG_MMU 2898132796SDavid Gibson //#define DEBUG_BAT 299d7c3f4aSDavid Gibson 309d7c3f4aSDavid Gibson #ifdef DEBUG_MMU 319d7c3f4aSDavid Gibson # define LOG_MMU(...) qemu_log(__VA_ARGS__) 329d7c3f4aSDavid Gibson # define LOG_MMU_STATE(env) log_cpu_state((env), 0) 339d7c3f4aSDavid Gibson #else 349d7c3f4aSDavid Gibson # define LOG_MMU(...) do { } while (0) 359d7c3f4aSDavid Gibson # define LOG_MMU_STATE(...) do { } while (0) 369d7c3f4aSDavid Gibson #endif 379d7c3f4aSDavid Gibson 3898132796SDavid Gibson #ifdef DEBUG_BATS 3998132796SDavid Gibson # define LOG_BATS(...) qemu_log(__VA_ARGS__) 4098132796SDavid Gibson #else 4198132796SDavid Gibson # define LOG_BATS(...) do { } while (0) 4298132796SDavid Gibson #endif 4398132796SDavid Gibson 445dc68eb0SDavid Gibson struct mmu_ctx_hash32 { 455dc68eb0SDavid Gibson hwaddr raddr; /* Real address */ 465dc68eb0SDavid Gibson hwaddr eaddr; /* Effective address */ 475dc68eb0SDavid Gibson int prot; /* Protection bits */ 485dc68eb0SDavid Gibson hwaddr hash[2]; /* Pagetable hash values */ 495dc68eb0SDavid Gibson target_ulong ptem; /* Virtual segment ID | API */ 505dc68eb0SDavid Gibson int key; /* Access key */ 515dc68eb0SDavid Gibson int nx; /* Non-execute area */ 525dc68eb0SDavid Gibson }; 535dc68eb0SDavid Gibson 549d7c3f4aSDavid Gibson #define PTE_PTEM_MASK 0x7FFFFFBF 559d7c3f4aSDavid Gibson #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B) 569d7c3f4aSDavid Gibson 57496272a7SDavid Gibson static int ppc_hash32_pp_check(int key, int pp, int nx) 58496272a7SDavid Gibson { 59496272a7SDavid Gibson int access; 60496272a7SDavid Gibson 61496272a7SDavid Gibson /* Compute access rights */ 62496272a7SDavid Gibson access = 0; 63496272a7SDavid Gibson if (key == 0) { 64496272a7SDavid Gibson switch (pp) { 65496272a7SDavid Gibson case 0x0: 66496272a7SDavid Gibson case 0x1: 67496272a7SDavid Gibson case 0x2: 68496272a7SDavid Gibson access |= PAGE_WRITE; 69496272a7SDavid Gibson /* No break here */ 70496272a7SDavid Gibson case 0x3: 71496272a7SDavid Gibson access |= PAGE_READ; 72496272a7SDavid Gibson break; 73496272a7SDavid Gibson } 74496272a7SDavid Gibson } else { 75496272a7SDavid Gibson switch (pp) { 76496272a7SDavid Gibson case 0x0: 77496272a7SDavid Gibson access = 0; 78496272a7SDavid Gibson break; 79496272a7SDavid Gibson case 0x1: 80496272a7SDavid Gibson case 0x3: 81496272a7SDavid Gibson access = PAGE_READ; 82496272a7SDavid Gibson break; 83496272a7SDavid Gibson case 0x2: 84496272a7SDavid Gibson access = PAGE_READ | PAGE_WRITE; 85496272a7SDavid Gibson break; 86496272a7SDavid Gibson } 87496272a7SDavid Gibson } 88496272a7SDavid Gibson if (nx == 0) { 89496272a7SDavid Gibson access |= PAGE_EXEC; 90496272a7SDavid Gibson } 91496272a7SDavid Gibson 92496272a7SDavid Gibson return access; 93496272a7SDavid Gibson } 94496272a7SDavid Gibson 95496272a7SDavid Gibson static int ppc_hash32_check_prot(int prot, int rw, int access_type) 96496272a7SDavid Gibson { 97496272a7SDavid Gibson int ret; 98496272a7SDavid Gibson 99496272a7SDavid Gibson if (access_type == ACCESS_CODE) { 100496272a7SDavid Gibson if (prot & PAGE_EXEC) { 101496272a7SDavid Gibson ret = 0; 102496272a7SDavid Gibson } else { 103496272a7SDavid Gibson ret = -2; 104496272a7SDavid Gibson } 105496272a7SDavid Gibson } else if (rw) { 106496272a7SDavid Gibson if (prot & PAGE_WRITE) { 107496272a7SDavid Gibson ret = 0; 108496272a7SDavid Gibson } else { 109496272a7SDavid Gibson ret = -2; 110496272a7SDavid Gibson } 111496272a7SDavid Gibson } else { 112496272a7SDavid Gibson if (prot & PAGE_READ) { 113496272a7SDavid Gibson ret = 0; 114496272a7SDavid Gibson } else { 115496272a7SDavid Gibson ret = -2; 116496272a7SDavid Gibson } 117496272a7SDavid Gibson } 118496272a7SDavid Gibson 119496272a7SDavid Gibson return ret; 120496272a7SDavid Gibson } 121496272a7SDavid Gibson 12298132796SDavid Gibson /* Perform BAT hit & translation */ 12398132796SDavid Gibson static void hash32_bat_size_prot(CPUPPCState *env, target_ulong *blp, 12498132796SDavid Gibson int *validp, int *protp, target_ulong *BATu, 12598132796SDavid Gibson target_ulong *BATl) 12698132796SDavid Gibson { 12798132796SDavid Gibson target_ulong bl; 12898132796SDavid Gibson int pp, valid, prot; 12998132796SDavid Gibson 13098132796SDavid Gibson bl = (*BATu & 0x00001FFC) << 15; 13198132796SDavid Gibson valid = 0; 13298132796SDavid Gibson prot = 0; 13398132796SDavid Gibson if (((msr_pr == 0) && (*BATu & 0x00000002)) || 13498132796SDavid Gibson ((msr_pr != 0) && (*BATu & 0x00000001))) { 13598132796SDavid Gibson valid = 1; 13698132796SDavid Gibson pp = *BATl & 0x00000003; 13798132796SDavid Gibson if (pp != 0) { 13898132796SDavid Gibson prot = PAGE_READ | PAGE_EXEC; 13998132796SDavid Gibson if (pp == 0x2) { 14098132796SDavid Gibson prot |= PAGE_WRITE; 14198132796SDavid Gibson } 14298132796SDavid Gibson } 14398132796SDavid Gibson } 14498132796SDavid Gibson *blp = bl; 14598132796SDavid Gibson *validp = valid; 14698132796SDavid Gibson *protp = prot; 14798132796SDavid Gibson } 14898132796SDavid Gibson 14998132796SDavid Gibson static void hash32_bat_601_size_prot(CPUPPCState *env, target_ulong *blp, 15098132796SDavid Gibson int *validp, int *protp, 15198132796SDavid Gibson target_ulong *BATu, target_ulong *BATl) 15298132796SDavid Gibson { 15398132796SDavid Gibson target_ulong bl; 15498132796SDavid Gibson int key, pp, valid, prot; 15598132796SDavid Gibson 15698132796SDavid Gibson bl = (*BATl & 0x0000003F) << 17; 15798132796SDavid Gibson LOG_BATS("b %02x ==> bl " TARGET_FMT_lx " msk " TARGET_FMT_lx "\n", 15898132796SDavid Gibson (uint8_t)(*BATl & 0x0000003F), bl, ~bl); 15998132796SDavid Gibson prot = 0; 16098132796SDavid Gibson valid = (*BATl >> 6) & 1; 16198132796SDavid Gibson if (valid) { 16298132796SDavid Gibson pp = *BATu & 0x00000003; 16398132796SDavid Gibson if (msr_pr == 0) { 16498132796SDavid Gibson key = (*BATu >> 3) & 1; 16598132796SDavid Gibson } else { 16698132796SDavid Gibson key = (*BATu >> 2) & 1; 16798132796SDavid Gibson } 16898132796SDavid Gibson prot = ppc_hash32_pp_check(key, pp, 0); 16998132796SDavid Gibson } 17098132796SDavid Gibson *blp = bl; 17198132796SDavid Gibson *validp = valid; 17298132796SDavid Gibson *protp = prot; 17398132796SDavid Gibson } 17498132796SDavid Gibson 1755dc68eb0SDavid Gibson static int ppc_hash32_get_bat(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 17698132796SDavid Gibson target_ulong virtual, int rw, int type) 17798132796SDavid Gibson { 17898132796SDavid Gibson target_ulong *BATlt, *BATut, *BATu, *BATl; 17998132796SDavid Gibson target_ulong BEPIl, BEPIu, bl; 18098132796SDavid Gibson int i, valid, prot; 18198132796SDavid Gibson int ret = -1; 18298132796SDavid Gibson 18398132796SDavid Gibson LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__, 18498132796SDavid Gibson type == ACCESS_CODE ? 'I' : 'D', virtual); 18598132796SDavid Gibson switch (type) { 18698132796SDavid Gibson case ACCESS_CODE: 18798132796SDavid Gibson BATlt = env->IBAT[1]; 18898132796SDavid Gibson BATut = env->IBAT[0]; 18998132796SDavid Gibson break; 19098132796SDavid Gibson default: 19198132796SDavid Gibson BATlt = env->DBAT[1]; 19298132796SDavid Gibson BATut = env->DBAT[0]; 19398132796SDavid Gibson break; 19498132796SDavid Gibson } 19598132796SDavid Gibson for (i = 0; i < env->nb_BATs; i++) { 19698132796SDavid Gibson BATu = &BATut[i]; 19798132796SDavid Gibson BATl = &BATlt[i]; 19898132796SDavid Gibson BEPIu = *BATu & 0xF0000000; 19998132796SDavid Gibson BEPIl = *BATu & 0x0FFE0000; 20098132796SDavid Gibson if (unlikely(env->mmu_model == POWERPC_MMU_601)) { 20198132796SDavid Gibson hash32_bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl); 20298132796SDavid Gibson } else { 20398132796SDavid Gibson hash32_bat_size_prot(env, &bl, &valid, &prot, BATu, BATl); 20498132796SDavid Gibson } 20598132796SDavid Gibson LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx 20698132796SDavid Gibson " BATl " TARGET_FMT_lx "\n", __func__, 20798132796SDavid Gibson type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl); 20898132796SDavid Gibson if ((virtual & 0xF0000000) == BEPIu && 20998132796SDavid Gibson ((virtual & 0x0FFE0000) & ~bl) == BEPIl) { 21098132796SDavid Gibson /* BAT matches */ 21198132796SDavid Gibson if (valid != 0) { 21298132796SDavid Gibson /* Get physical address */ 21398132796SDavid Gibson ctx->raddr = (*BATl & 0xF0000000) | 21498132796SDavid Gibson ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) | 21598132796SDavid Gibson (virtual & 0x0001F000); 21698132796SDavid Gibson /* Compute access rights */ 21798132796SDavid Gibson ctx->prot = prot; 21898132796SDavid Gibson ret = ppc_hash32_check_prot(ctx->prot, rw, type); 21998132796SDavid Gibson if (ret == 0) { 22098132796SDavid Gibson LOG_BATS("BAT %d match: r " TARGET_FMT_plx " prot=%c%c\n", 22198132796SDavid Gibson i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-', 22298132796SDavid Gibson ctx->prot & PAGE_WRITE ? 'W' : '-'); 22398132796SDavid Gibson } 22498132796SDavid Gibson break; 22598132796SDavid Gibson } 22698132796SDavid Gibson } 22798132796SDavid Gibson } 22898132796SDavid Gibson if (ret < 0) { 22998132796SDavid Gibson #if defined(DEBUG_BATS) 23098132796SDavid Gibson if (qemu_log_enabled()) { 23198132796SDavid Gibson LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", virtual); 23298132796SDavid Gibson for (i = 0; i < 4; i++) { 23398132796SDavid Gibson BATu = &BATut[i]; 23498132796SDavid Gibson BATl = &BATlt[i]; 23598132796SDavid Gibson BEPIu = *BATu & 0xF0000000; 23698132796SDavid Gibson BEPIl = *BATu & 0x0FFE0000; 23798132796SDavid Gibson bl = (*BATu & 0x00001FFC) << 15; 23898132796SDavid Gibson LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx 23998132796SDavid Gibson " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " " 24098132796SDavid Gibson TARGET_FMT_lx " " TARGET_FMT_lx "\n", 24198132796SDavid Gibson __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual, 24298132796SDavid Gibson *BATu, *BATl, BEPIu, BEPIl, bl); 24398132796SDavid Gibson } 24498132796SDavid Gibson } 24598132796SDavid Gibson #endif 24698132796SDavid Gibson } 24798132796SDavid Gibson /* No hit */ 24898132796SDavid Gibson return ret; 24998132796SDavid Gibson } 25098132796SDavid Gibson 25198132796SDavid Gibson 2529d7c3f4aSDavid Gibson static inline int pte_is_valid_hash32(target_ulong pte0) 2539d7c3f4aSDavid Gibson { 2549d7c3f4aSDavid Gibson return pte0 & 0x80000000 ? 1 : 0; 2559d7c3f4aSDavid Gibson } 2569d7c3f4aSDavid Gibson 2575dc68eb0SDavid Gibson static int pte_check_hash32(struct mmu_ctx_hash32 *ctx, target_ulong pte0, 2589d7c3f4aSDavid Gibson target_ulong pte1, int h, int rw, int type) 2599d7c3f4aSDavid Gibson { 2609d7c3f4aSDavid Gibson target_ulong ptem, mmask; 2619d7c3f4aSDavid Gibson int access, ret, pteh, ptev, pp; 2629d7c3f4aSDavid Gibson 2639d7c3f4aSDavid Gibson ret = -1; 2649d7c3f4aSDavid Gibson /* Check validity and table match */ 2659d7c3f4aSDavid Gibson ptev = pte_is_valid_hash32(pte0); 2669d7c3f4aSDavid Gibson pteh = (pte0 >> 6) & 1; 2679d7c3f4aSDavid Gibson if (ptev && h == pteh) { 2689d7c3f4aSDavid Gibson /* Check vsid & api */ 2699d7c3f4aSDavid Gibson ptem = pte0 & PTE_PTEM_MASK; 2709d7c3f4aSDavid Gibson mmask = PTE_CHECK_MASK; 2719d7c3f4aSDavid Gibson pp = pte1 & 0x00000003; 2729d7c3f4aSDavid Gibson if (ptem == ctx->ptem) { 2739d7c3f4aSDavid Gibson if (ctx->raddr != (hwaddr)-1ULL) { 2749d7c3f4aSDavid Gibson /* all matches should have equal RPN, WIMG & PP */ 2759d7c3f4aSDavid Gibson if ((ctx->raddr & mmask) != (pte1 & mmask)) { 2769d7c3f4aSDavid Gibson qemu_log("Bad RPN/WIMG/PP\n"); 2779d7c3f4aSDavid Gibson return -3; 2789d7c3f4aSDavid Gibson } 2799d7c3f4aSDavid Gibson } 2809d7c3f4aSDavid Gibson /* Compute access rights */ 281496272a7SDavid Gibson access = ppc_hash32_pp_check(ctx->key, pp, ctx->nx); 2829d7c3f4aSDavid Gibson /* Keep the matching PTE informations */ 2839d7c3f4aSDavid Gibson ctx->raddr = pte1; 2849d7c3f4aSDavid Gibson ctx->prot = access; 285496272a7SDavid Gibson ret = ppc_hash32_check_prot(ctx->prot, rw, type); 2869d7c3f4aSDavid Gibson if (ret == 0) { 2879d7c3f4aSDavid Gibson /* Access granted */ 2889d7c3f4aSDavid Gibson LOG_MMU("PTE access granted !\n"); 2899d7c3f4aSDavid Gibson } else { 2909d7c3f4aSDavid Gibson /* Access right violation */ 2919d7c3f4aSDavid Gibson LOG_MMU("PTE access rejected\n"); 2929d7c3f4aSDavid Gibson } 2939d7c3f4aSDavid Gibson } 2949d7c3f4aSDavid Gibson } 2959d7c3f4aSDavid Gibson 2969d7c3f4aSDavid Gibson return ret; 2979d7c3f4aSDavid Gibson } 298c69b6151SDavid Gibson 2995dc68eb0SDavid Gibson static int ppc_hash32_pte_update_flags(struct mmu_ctx_hash32 *ctx, target_ulong *pte1p, 300496272a7SDavid Gibson int ret, int rw) 301496272a7SDavid Gibson { 302496272a7SDavid Gibson int store = 0; 303496272a7SDavid Gibson 304496272a7SDavid Gibson /* Update page flags */ 305496272a7SDavid Gibson if (!(*pte1p & 0x00000100)) { 306496272a7SDavid Gibson /* Update accessed flag */ 307496272a7SDavid Gibson *pte1p |= 0x00000100; 308496272a7SDavid Gibson store = 1; 309496272a7SDavid Gibson } 310496272a7SDavid Gibson if (!(*pte1p & 0x00000080)) { 311496272a7SDavid Gibson if (rw == 1 && ret == 0) { 312496272a7SDavid Gibson /* Update changed flag */ 313496272a7SDavid Gibson *pte1p |= 0x00000080; 314496272a7SDavid Gibson store = 1; 315496272a7SDavid Gibson } else { 316496272a7SDavid Gibson /* Force page fault for first write access */ 317496272a7SDavid Gibson ctx->prot &= ~PAGE_WRITE; 318496272a7SDavid Gibson } 319496272a7SDavid Gibson } 320496272a7SDavid Gibson 321496272a7SDavid Gibson return store; 322496272a7SDavid Gibson } 323496272a7SDavid Gibson 32459191721SDavid Gibson hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash) 32559191721SDavid Gibson { 32659191721SDavid Gibson return (hash * HASH_PTE_SIZE_32 * 8) & env->htab_mask; 32759191721SDavid Gibson } 32859191721SDavid Gibson 329c69b6151SDavid Gibson /* PTE table lookup */ 3305dc68eb0SDavid Gibson static int find_pte32(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, int h, 331c69b6151SDavid Gibson int rw, int type, int target_page_bits) 332c69b6151SDavid Gibson { 333c69b6151SDavid Gibson hwaddr pteg_off; 334c69b6151SDavid Gibson target_ulong pte0, pte1; 335c69b6151SDavid Gibson int i, good = -1; 336c69b6151SDavid Gibson int ret, r; 337c69b6151SDavid Gibson 338c69b6151SDavid Gibson ret = -1; /* No entry found */ 33959191721SDavid Gibson pteg_off = get_pteg_offset32(env, ctx->hash[h]); 340c69b6151SDavid Gibson for (i = 0; i < 8; i++) { 341c69b6151SDavid Gibson if (env->external_htab) { 342c69b6151SDavid Gibson pte0 = ldl_p(env->external_htab + pteg_off + (i * 8)); 343c69b6151SDavid Gibson pte1 = ldl_p(env->external_htab + pteg_off + (i * 8) + 4); 344c69b6151SDavid Gibson } else { 345c69b6151SDavid Gibson pte0 = ldl_phys(env->htab_base + pteg_off + (i * 8)); 346c69b6151SDavid Gibson pte1 = ldl_phys(env->htab_base + pteg_off + (i * 8) + 4); 347c69b6151SDavid Gibson } 348c69b6151SDavid Gibson r = pte_check_hash32(ctx, pte0, pte1, h, rw, type); 349c69b6151SDavid Gibson LOG_MMU("Load pte from %08" HWADDR_PRIx " => " TARGET_FMT_lx " " 350c69b6151SDavid Gibson TARGET_FMT_lx " %d %d %d " TARGET_FMT_lx "\n", 351c69b6151SDavid Gibson pteg_off + (i * 8), pte0, pte1, (int)(pte0 >> 31), h, 352c69b6151SDavid Gibson (int)((pte0 >> 6) & 1), ctx->ptem); 353c69b6151SDavid Gibson switch (r) { 354c69b6151SDavid Gibson case -3: 355c69b6151SDavid Gibson /* PTE inconsistency */ 356c69b6151SDavid Gibson return -1; 357c69b6151SDavid Gibson case -2: 358c69b6151SDavid Gibson /* Access violation */ 359c69b6151SDavid Gibson ret = -2; 360c69b6151SDavid Gibson good = i; 361c69b6151SDavid Gibson break; 362c69b6151SDavid Gibson case -1: 363c69b6151SDavid Gibson default: 364c69b6151SDavid Gibson /* No PTE match */ 365c69b6151SDavid Gibson break; 366c69b6151SDavid Gibson case 0: 367c69b6151SDavid Gibson /* access granted */ 368c69b6151SDavid Gibson /* XXX: we should go on looping to check all PTEs consistency 369c69b6151SDavid Gibson * but if we can speed-up the whole thing as the 370c69b6151SDavid Gibson * result would be undefined if PTEs are not consistent. 371c69b6151SDavid Gibson */ 372c69b6151SDavid Gibson ret = 0; 373c69b6151SDavid Gibson good = i; 374c69b6151SDavid Gibson goto done; 375c69b6151SDavid Gibson } 376c69b6151SDavid Gibson } 377c69b6151SDavid Gibson if (good != -1) { 378c69b6151SDavid Gibson done: 379c69b6151SDavid Gibson LOG_MMU("found PTE at addr %08" HWADDR_PRIx " prot=%01x ret=%d\n", 380c69b6151SDavid Gibson ctx->raddr, ctx->prot, ret); 381c69b6151SDavid Gibson /* Update page flags */ 382c69b6151SDavid Gibson pte1 = ctx->raddr; 383496272a7SDavid Gibson if (ppc_hash32_pte_update_flags(ctx, &pte1, ret, rw) == 1) { 384c69b6151SDavid Gibson if (env->external_htab) { 385c69b6151SDavid Gibson stl_p(env->external_htab + pteg_off + (good * 8) + 4, 386c69b6151SDavid Gibson pte1); 387c69b6151SDavid Gibson } else { 388c69b6151SDavid Gibson stl_phys_notdirty(env->htab_base + pteg_off + 389c69b6151SDavid Gibson (good * 8) + 4, pte1); 390c69b6151SDavid Gibson } 391c69b6151SDavid Gibson } 392c69b6151SDavid Gibson } 393c69b6151SDavid Gibson 394c69b6151SDavid Gibson /* We have a TLB that saves 4K pages, so let's 395c69b6151SDavid Gibson * split a huge page to 4k chunks */ 396c69b6151SDavid Gibson if (target_page_bits != TARGET_PAGE_BITS) { 397c69b6151SDavid Gibson ctx->raddr |= (ctx->eaddr & ((1 << target_page_bits) - 1)) 398c69b6151SDavid Gibson & TARGET_PAGE_MASK; 399c69b6151SDavid Gibson } 400c69b6151SDavid Gibson return ret; 401c69b6151SDavid Gibson } 4020480884fSDavid Gibson 4035dc68eb0SDavid Gibson static int get_segment32(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 4040480884fSDavid Gibson target_ulong eaddr, int rw, int type) 4050480884fSDavid Gibson { 4060480884fSDavid Gibson hwaddr hash; 4070480884fSDavid Gibson target_ulong vsid; 4080480884fSDavid Gibson int ds, pr, target_page_bits; 4090480884fSDavid Gibson int ret, ret2; 4100480884fSDavid Gibson target_ulong sr, pgidx; 4110480884fSDavid Gibson 4120480884fSDavid Gibson pr = msr_pr; 4130480884fSDavid Gibson ctx->eaddr = eaddr; 4140480884fSDavid Gibson 4150480884fSDavid Gibson sr = env->sr[eaddr >> 28]; 4160480884fSDavid Gibson ctx->key = (((sr & 0x20000000) && (pr != 0)) || 4170480884fSDavid Gibson ((sr & 0x40000000) && (pr == 0))) ? 1 : 0; 4180480884fSDavid Gibson ds = sr & 0x80000000 ? 1 : 0; 4190480884fSDavid Gibson ctx->nx = sr & 0x10000000 ? 1 : 0; 4200480884fSDavid Gibson vsid = sr & 0x00FFFFFF; 4210480884fSDavid Gibson target_page_bits = TARGET_PAGE_BITS; 4220480884fSDavid Gibson LOG_MMU("Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx " nip=" 4230480884fSDavid Gibson TARGET_FMT_lx " lr=" TARGET_FMT_lx 4240480884fSDavid Gibson " ir=%d dr=%d pr=%d %d t=%d\n", 4250480884fSDavid Gibson eaddr, (int)(eaddr >> 28), sr, env->nip, env->lr, (int)msr_ir, 4260480884fSDavid Gibson (int)msr_dr, pr != 0 ? 1 : 0, rw, type); 4270480884fSDavid Gibson pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits; 4280480884fSDavid Gibson hash = vsid ^ pgidx; 4290480884fSDavid Gibson ctx->ptem = (vsid << 7) | (pgidx >> 10); 4300480884fSDavid Gibson 4310480884fSDavid Gibson LOG_MMU("pte segment: key=%d ds %d nx %d vsid " TARGET_FMT_lx "\n", 4320480884fSDavid Gibson ctx->key, ds, ctx->nx, vsid); 4330480884fSDavid Gibson ret = -1; 4340480884fSDavid Gibson if (!ds) { 4350480884fSDavid Gibson /* Check if instruction fetch is allowed, if needed */ 4360480884fSDavid Gibson if (type != ACCESS_CODE || ctx->nx == 0) { 4370480884fSDavid Gibson /* Page address translation */ 4380480884fSDavid Gibson LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx 4390480884fSDavid Gibson " hash " TARGET_FMT_plx "\n", 4400480884fSDavid Gibson env->htab_base, env->htab_mask, hash); 4410480884fSDavid Gibson ctx->hash[0] = hash; 4420480884fSDavid Gibson ctx->hash[1] = ~hash; 4430480884fSDavid Gibson 4440480884fSDavid Gibson /* Initialize real address with an invalid value */ 4450480884fSDavid Gibson ctx->raddr = (hwaddr)-1ULL; 4460480884fSDavid Gibson LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 4470480884fSDavid Gibson " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx 4480480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", 4490480884fSDavid Gibson env->htab_base, env->htab_mask, vsid, ctx->ptem, 4500480884fSDavid Gibson ctx->hash[0]); 4510480884fSDavid Gibson /* Primary table lookup */ 4520480884fSDavid Gibson ret = find_pte32(env, ctx, 0, rw, type, target_page_bits); 4530480884fSDavid Gibson if (ret < 0) { 4540480884fSDavid Gibson /* Secondary table lookup */ 4550480884fSDavid Gibson LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 4560480884fSDavid Gibson " vsid=" TARGET_FMT_lx " api=" TARGET_FMT_lx 4570480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", env->htab_base, 4580480884fSDavid Gibson env->htab_mask, vsid, ctx->ptem, ctx->hash[1]); 4590480884fSDavid Gibson ret2 = find_pte32(env, ctx, 1, rw, type, 4600480884fSDavid Gibson target_page_bits); 4610480884fSDavid Gibson if (ret2 != -1) { 4620480884fSDavid Gibson ret = ret2; 4630480884fSDavid Gibson } 4640480884fSDavid Gibson } 4650480884fSDavid Gibson #if defined(DUMP_PAGE_TABLES) 4660480884fSDavid Gibson if (qemu_log_enabled()) { 4670480884fSDavid Gibson hwaddr curaddr; 4680480884fSDavid Gibson uint32_t a0, a1, a2, a3; 4690480884fSDavid Gibson 4700480884fSDavid Gibson qemu_log("Page table: " TARGET_FMT_plx " len " TARGET_FMT_plx 4710480884fSDavid Gibson "\n", sdr, mask + 0x80); 4720480884fSDavid Gibson for (curaddr = sdr; curaddr < (sdr + mask + 0x80); 4730480884fSDavid Gibson curaddr += 16) { 4740480884fSDavid Gibson a0 = ldl_phys(curaddr); 4750480884fSDavid Gibson a1 = ldl_phys(curaddr + 4); 4760480884fSDavid Gibson a2 = ldl_phys(curaddr + 8); 4770480884fSDavid Gibson a3 = ldl_phys(curaddr + 12); 4780480884fSDavid Gibson if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) { 4790480884fSDavid Gibson qemu_log(TARGET_FMT_plx ": %08x %08x %08x %08x\n", 4800480884fSDavid Gibson curaddr, a0, a1, a2, a3); 4810480884fSDavid Gibson } 4820480884fSDavid Gibson } 4830480884fSDavid Gibson } 4840480884fSDavid Gibson #endif 4850480884fSDavid Gibson } else { 4860480884fSDavid Gibson LOG_MMU("No access allowed\n"); 4870480884fSDavid Gibson ret = -3; 4880480884fSDavid Gibson } 4890480884fSDavid Gibson } else { 4900480884fSDavid Gibson target_ulong sr; 4910480884fSDavid Gibson 4920480884fSDavid Gibson LOG_MMU("direct store...\n"); 4930480884fSDavid Gibson /* Direct-store segment : absolutely *BUGGY* for now */ 4940480884fSDavid Gibson 4950480884fSDavid Gibson /* Direct-store implies a 32-bit MMU. 4960480884fSDavid Gibson * Check the Segment Register's bus unit ID (BUID). 4970480884fSDavid Gibson */ 4980480884fSDavid Gibson sr = env->sr[eaddr >> 28]; 4990480884fSDavid Gibson if ((sr & 0x1FF00000) >> 20 == 0x07f) { 5000480884fSDavid Gibson /* Memory-forced I/O controller interface access */ 5010480884fSDavid Gibson /* If T=1 and BUID=x'07F', the 601 performs a memory access 5020480884fSDavid Gibson * to SR[28-31] LA[4-31], bypassing all protection mechanisms. 5030480884fSDavid Gibson */ 5040480884fSDavid Gibson ctx->raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF); 5050480884fSDavid Gibson ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 5060480884fSDavid Gibson return 0; 5070480884fSDavid Gibson } 5080480884fSDavid Gibson 5090480884fSDavid Gibson switch (type) { 5100480884fSDavid Gibson case ACCESS_INT: 5110480884fSDavid Gibson /* Integer load/store : only access allowed */ 5120480884fSDavid Gibson break; 5130480884fSDavid Gibson case ACCESS_CODE: 5140480884fSDavid Gibson /* No code fetch is allowed in direct-store areas */ 5150480884fSDavid Gibson return -4; 5160480884fSDavid Gibson case ACCESS_FLOAT: 5170480884fSDavid Gibson /* Floating point load/store */ 5180480884fSDavid Gibson return -4; 5190480884fSDavid Gibson case ACCESS_RES: 5200480884fSDavid Gibson /* lwarx, ldarx or srwcx. */ 5210480884fSDavid Gibson return -4; 5220480884fSDavid Gibson case ACCESS_CACHE: 5230480884fSDavid Gibson /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */ 5240480884fSDavid Gibson /* Should make the instruction do no-op. 5250480884fSDavid Gibson * As it already do no-op, it's quite easy :-) 5260480884fSDavid Gibson */ 5270480884fSDavid Gibson ctx->raddr = eaddr; 5280480884fSDavid Gibson return 0; 5290480884fSDavid Gibson case ACCESS_EXT: 5300480884fSDavid Gibson /* eciwx or ecowx */ 5310480884fSDavid Gibson return -4; 5320480884fSDavid Gibson default: 5330480884fSDavid Gibson qemu_log("ERROR: instruction should not need " 5340480884fSDavid Gibson "address translation\n"); 5350480884fSDavid Gibson return -4; 5360480884fSDavid Gibson } 5370480884fSDavid Gibson if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) { 5380480884fSDavid Gibson ctx->raddr = eaddr; 5390480884fSDavid Gibson ret = 2; 5400480884fSDavid Gibson } else { 5410480884fSDavid Gibson ret = -2; 5420480884fSDavid Gibson } 5430480884fSDavid Gibson } 5440480884fSDavid Gibson 5450480884fSDavid Gibson return ret; 5460480884fSDavid Gibson } 547629bd516SDavid Gibson 5485dc68eb0SDavid Gibson static int ppc_hash32_get_physical_address(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 549f2ad6be8SDavid Gibson target_ulong eaddr, int rw, 550f2ad6be8SDavid Gibson int access_type) 551629bd516SDavid Gibson { 552629bd516SDavid Gibson bool real_mode = (access_type == ACCESS_CODE && msr_ir == 0) 553629bd516SDavid Gibson || (access_type != ACCESS_CODE && msr_dr == 0); 554629bd516SDavid Gibson 555629bd516SDavid Gibson if (real_mode) { 556629bd516SDavid Gibson ctx->raddr = eaddr; 557629bd516SDavid Gibson ctx->prot = PAGE_READ | PAGE_EXEC | PAGE_WRITE; 558629bd516SDavid Gibson return 0; 559629bd516SDavid Gibson } else { 560629bd516SDavid Gibson int ret = -1; 561629bd516SDavid Gibson 562629bd516SDavid Gibson /* Try to find a BAT */ 563629bd516SDavid Gibson if (env->nb_BATs != 0) { 56498132796SDavid Gibson ret = ppc_hash32_get_bat(env, ctx, eaddr, rw, access_type); 565629bd516SDavid Gibson } 566629bd516SDavid Gibson if (ret < 0) { 567629bd516SDavid Gibson /* We didn't match any BAT entry or don't have BATs */ 568629bd516SDavid Gibson ret = get_segment32(env, ctx, eaddr, rw, access_type); 569629bd516SDavid Gibson } 570629bd516SDavid Gibson return ret; 571629bd516SDavid Gibson } 572629bd516SDavid Gibson } 57325de24abSDavid Gibson 574f2ad6be8SDavid Gibson hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong addr) 575f2ad6be8SDavid Gibson { 5765dc68eb0SDavid Gibson struct mmu_ctx_hash32 ctx; 577f2ad6be8SDavid Gibson 578f2ad6be8SDavid Gibson if (unlikely(ppc_hash32_get_physical_address(env, &ctx, addr, 0, ACCESS_INT) 579f2ad6be8SDavid Gibson != 0)) { 580f2ad6be8SDavid Gibson return -1; 581f2ad6be8SDavid Gibson } 582f2ad6be8SDavid Gibson 583f2ad6be8SDavid Gibson return ctx.raddr & TARGET_PAGE_MASK; 584f2ad6be8SDavid Gibson } 585f2ad6be8SDavid Gibson 58625de24abSDavid Gibson int ppc_hash32_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw, 58725de24abSDavid Gibson int mmu_idx) 58825de24abSDavid Gibson { 5895dc68eb0SDavid Gibson struct mmu_ctx_hash32 ctx; 59025de24abSDavid Gibson int access_type; 59125de24abSDavid Gibson int ret = 0; 59225de24abSDavid Gibson 59325de24abSDavid Gibson if (rw == 2) { 59425de24abSDavid Gibson /* code access */ 59525de24abSDavid Gibson rw = 0; 59625de24abSDavid Gibson access_type = ACCESS_CODE; 59725de24abSDavid Gibson } else { 59825de24abSDavid Gibson /* data access */ 59925de24abSDavid Gibson access_type = env->access_type; 60025de24abSDavid Gibson } 60125de24abSDavid Gibson ret = ppc_hash32_get_physical_address(env, &ctx, address, rw, access_type); 60225de24abSDavid Gibson if (ret == 0) { 60325de24abSDavid Gibson tlb_set_page(env, address & TARGET_PAGE_MASK, 60425de24abSDavid Gibson ctx.raddr & TARGET_PAGE_MASK, ctx.prot, 60525de24abSDavid Gibson mmu_idx, TARGET_PAGE_SIZE); 60625de24abSDavid Gibson ret = 0; 60725de24abSDavid Gibson } else if (ret < 0) { 60825de24abSDavid Gibson LOG_MMU_STATE(env); 60925de24abSDavid Gibson if (access_type == ACCESS_CODE) { 61025de24abSDavid Gibson switch (ret) { 61125de24abSDavid Gibson case -1: 61225de24abSDavid Gibson /* No matches in page tables or TLB */ 61325de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 61425de24abSDavid Gibson env->error_code = 0x40000000; 61525de24abSDavid Gibson break; 61625de24abSDavid Gibson case -2: 61725de24abSDavid Gibson /* Access rights violation */ 61825de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 61925de24abSDavid Gibson env->error_code = 0x08000000; 62025de24abSDavid Gibson break; 62125de24abSDavid Gibson case -3: 62225de24abSDavid Gibson /* No execute protection violation */ 62325de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 62425de24abSDavid Gibson env->error_code = 0x10000000; 62525de24abSDavid Gibson break; 62625de24abSDavid Gibson case -4: 62725de24abSDavid Gibson /* Direct store exception */ 62825de24abSDavid Gibson /* No code fetch is allowed in direct-store areas */ 62925de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 63025de24abSDavid Gibson env->error_code = 0x10000000; 63125de24abSDavid Gibson break; 63225de24abSDavid Gibson } 63325de24abSDavid Gibson } else { 63425de24abSDavid Gibson switch (ret) { 63525de24abSDavid Gibson case -1: 63625de24abSDavid Gibson /* No matches in page tables or TLB */ 63725de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 63825de24abSDavid Gibson env->error_code = 0; 63925de24abSDavid Gibson env->spr[SPR_DAR] = address; 64025de24abSDavid Gibson if (rw == 1) { 64125de24abSDavid Gibson env->spr[SPR_DSISR] = 0x42000000; 64225de24abSDavid Gibson } else { 64325de24abSDavid Gibson env->spr[SPR_DSISR] = 0x40000000; 64425de24abSDavid Gibson } 64525de24abSDavid Gibson break; 64625de24abSDavid Gibson case -2: 64725de24abSDavid Gibson /* Access rights violation */ 64825de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 64925de24abSDavid Gibson env->error_code = 0; 65025de24abSDavid Gibson env->spr[SPR_DAR] = address; 65125de24abSDavid Gibson if (rw == 1) { 65225de24abSDavid Gibson env->spr[SPR_DSISR] = 0x0A000000; 65325de24abSDavid Gibson } else { 65425de24abSDavid Gibson env->spr[SPR_DSISR] = 0x08000000; 65525de24abSDavid Gibson } 65625de24abSDavid Gibson break; 65725de24abSDavid Gibson case -4: 65825de24abSDavid Gibson /* Direct store exception */ 65925de24abSDavid Gibson switch (access_type) { 66025de24abSDavid Gibson case ACCESS_FLOAT: 66125de24abSDavid Gibson /* Floating point load/store */ 66225de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ALIGN; 66325de24abSDavid Gibson env->error_code = POWERPC_EXCP_ALIGN_FP; 66425de24abSDavid Gibson env->spr[SPR_DAR] = address; 66525de24abSDavid Gibson break; 66625de24abSDavid Gibson case ACCESS_RES: 66725de24abSDavid Gibson /* lwarx, ldarx or stwcx. */ 66825de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 66925de24abSDavid Gibson env->error_code = 0; 67025de24abSDavid Gibson env->spr[SPR_DAR] = address; 67125de24abSDavid Gibson if (rw == 1) { 67225de24abSDavid Gibson env->spr[SPR_DSISR] = 0x06000000; 67325de24abSDavid Gibson } else { 67425de24abSDavid Gibson env->spr[SPR_DSISR] = 0x04000000; 67525de24abSDavid Gibson } 67625de24abSDavid Gibson break; 67725de24abSDavid Gibson case ACCESS_EXT: 67825de24abSDavid Gibson /* eciwx or ecowx */ 67925de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 68025de24abSDavid Gibson env->error_code = 0; 68125de24abSDavid Gibson env->spr[SPR_DAR] = address; 68225de24abSDavid Gibson if (rw == 1) { 68325de24abSDavid Gibson env->spr[SPR_DSISR] = 0x06100000; 68425de24abSDavid Gibson } else { 68525de24abSDavid Gibson env->spr[SPR_DSISR] = 0x04100000; 68625de24abSDavid Gibson } 68725de24abSDavid Gibson break; 68825de24abSDavid Gibson default: 68925de24abSDavid Gibson printf("DSI: invalid exception (%d)\n", ret); 69025de24abSDavid Gibson env->exception_index = POWERPC_EXCP_PROGRAM; 69125de24abSDavid Gibson env->error_code = 69225de24abSDavid Gibson POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL; 69325de24abSDavid Gibson env->spr[SPR_DAR] = address; 69425de24abSDavid Gibson break; 69525de24abSDavid Gibson } 69625de24abSDavid Gibson break; 69725de24abSDavid Gibson } 69825de24abSDavid Gibson } 69925de24abSDavid Gibson #if 0 70025de24abSDavid Gibson printf("%s: set exception to %d %02x\n", __func__, 70125de24abSDavid Gibson env->exception, env->error_code); 70225de24abSDavid Gibson #endif 70325de24abSDavid Gibson ret = 1; 70425de24abSDavid Gibson } 70525de24abSDavid Gibson 70625de24abSDavid Gibson return ret; 70725de24abSDavid Gibson } 708