19d7c3f4aSDavid Gibson /* 29d7c3f4aSDavid Gibson * PowerPC MMU, TLB and BAT emulation helpers for QEMU. 39d7c3f4aSDavid Gibson * 49d7c3f4aSDavid Gibson * Copyright (c) 2003-2007 Jocelyn Mayer 59d7c3f4aSDavid Gibson * Copyright (c) 2013 David Gibson, IBM Corporation 69d7c3f4aSDavid Gibson * 79d7c3f4aSDavid Gibson * This library is free software; you can redistribute it and/or 89d7c3f4aSDavid Gibson * modify it under the terms of the GNU Lesser General Public 99d7c3f4aSDavid Gibson * License as published by the Free Software Foundation; either 109d7c3f4aSDavid Gibson * version 2 of the License, or (at your option) any later version. 119d7c3f4aSDavid Gibson * 129d7c3f4aSDavid Gibson * This library is distributed in the hope that it will be useful, 139d7c3f4aSDavid Gibson * but WITHOUT ANY WARRANTY; without even the implied warranty of 149d7c3f4aSDavid Gibson * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 159d7c3f4aSDavid Gibson * Lesser General Public License for more details. 169d7c3f4aSDavid Gibson * 179d7c3f4aSDavid Gibson * You should have received a copy of the GNU Lesser General Public 189d7c3f4aSDavid Gibson * License along with this library; if not, see <http://www.gnu.org/licenses/>. 199d7c3f4aSDavid Gibson */ 209d7c3f4aSDavid Gibson 219d7c3f4aSDavid Gibson #include "cpu.h" 229d7c3f4aSDavid Gibson #include "helper.h" 239d7c3f4aSDavid Gibson #include "sysemu/kvm.h" 249d7c3f4aSDavid Gibson #include "kvm_ppc.h" 259d7c3f4aSDavid Gibson #include "mmu-hash32.h" 269d7c3f4aSDavid Gibson 279d7c3f4aSDavid Gibson //#define DEBUG_MMU 2898132796SDavid Gibson //#define DEBUG_BAT 299d7c3f4aSDavid Gibson 309d7c3f4aSDavid Gibson #ifdef DEBUG_MMU 319d7c3f4aSDavid Gibson # define LOG_MMU(...) qemu_log(__VA_ARGS__) 329d7c3f4aSDavid Gibson # define LOG_MMU_STATE(env) log_cpu_state((env), 0) 339d7c3f4aSDavid Gibson #else 349d7c3f4aSDavid Gibson # define LOG_MMU(...) do { } while (0) 359d7c3f4aSDavid Gibson # define LOG_MMU_STATE(...) do { } while (0) 369d7c3f4aSDavid Gibson #endif 379d7c3f4aSDavid Gibson 3898132796SDavid Gibson #ifdef DEBUG_BATS 3998132796SDavid Gibson # define LOG_BATS(...) qemu_log(__VA_ARGS__) 4098132796SDavid Gibson #else 4198132796SDavid Gibson # define LOG_BATS(...) do { } while (0) 4298132796SDavid Gibson #endif 4398132796SDavid Gibson 445dc68eb0SDavid Gibson struct mmu_ctx_hash32 { 455dc68eb0SDavid Gibson hwaddr raddr; /* Real address */ 465dc68eb0SDavid Gibson int prot; /* Protection bits */ 475dc68eb0SDavid Gibson hwaddr hash[2]; /* Pagetable hash values */ 485dc68eb0SDavid Gibson target_ulong ptem; /* Virtual segment ID | API */ 495dc68eb0SDavid Gibson int key; /* Access key */ 505dc68eb0SDavid Gibson int nx; /* Non-execute area */ 515dc68eb0SDavid Gibson }; 525dc68eb0SDavid Gibson 53496272a7SDavid Gibson static int ppc_hash32_pp_check(int key, int pp, int nx) 54496272a7SDavid Gibson { 55496272a7SDavid Gibson int access; 56496272a7SDavid Gibson 57496272a7SDavid Gibson /* Compute access rights */ 58496272a7SDavid Gibson access = 0; 59496272a7SDavid Gibson if (key == 0) { 60496272a7SDavid Gibson switch (pp) { 61496272a7SDavid Gibson case 0x0: 62496272a7SDavid Gibson case 0x1: 63496272a7SDavid Gibson case 0x2: 64496272a7SDavid Gibson access |= PAGE_WRITE; 65496272a7SDavid Gibson /* No break here */ 66496272a7SDavid Gibson case 0x3: 67496272a7SDavid Gibson access |= PAGE_READ; 68496272a7SDavid Gibson break; 69496272a7SDavid Gibson } 70496272a7SDavid Gibson } else { 71496272a7SDavid Gibson switch (pp) { 72496272a7SDavid Gibson case 0x0: 73496272a7SDavid Gibson access = 0; 74496272a7SDavid Gibson break; 75496272a7SDavid Gibson case 0x1: 76496272a7SDavid Gibson case 0x3: 77496272a7SDavid Gibson access = PAGE_READ; 78496272a7SDavid Gibson break; 79496272a7SDavid Gibson case 0x2: 80496272a7SDavid Gibson access = PAGE_READ | PAGE_WRITE; 81496272a7SDavid Gibson break; 82496272a7SDavid Gibson } 83496272a7SDavid Gibson } 84496272a7SDavid Gibson if (nx == 0) { 85496272a7SDavid Gibson access |= PAGE_EXEC; 86496272a7SDavid Gibson } 87496272a7SDavid Gibson 88496272a7SDavid Gibson return access; 89496272a7SDavid Gibson } 90496272a7SDavid Gibson 9191cda45bSDavid Gibson static int ppc_hash32_check_prot(int prot, int rwx) 92496272a7SDavid Gibson { 93496272a7SDavid Gibson int ret; 94496272a7SDavid Gibson 9591cda45bSDavid Gibson if (rwx == 2) { 96496272a7SDavid Gibson if (prot & PAGE_EXEC) { 97496272a7SDavid Gibson ret = 0; 98496272a7SDavid Gibson } else { 99496272a7SDavid Gibson ret = -2; 100496272a7SDavid Gibson } 10191cda45bSDavid Gibson } else if (rwx) { 102496272a7SDavid Gibson if (prot & PAGE_WRITE) { 103496272a7SDavid Gibson ret = 0; 104496272a7SDavid Gibson } else { 105496272a7SDavid Gibson ret = -2; 106496272a7SDavid Gibson } 107496272a7SDavid Gibson } else { 108496272a7SDavid Gibson if (prot & PAGE_READ) { 109496272a7SDavid Gibson ret = 0; 110496272a7SDavid Gibson } else { 111496272a7SDavid Gibson ret = -2; 112496272a7SDavid Gibson } 113496272a7SDavid Gibson } 114496272a7SDavid Gibson 115496272a7SDavid Gibson return ret; 116496272a7SDavid Gibson } 117496272a7SDavid Gibson 11898132796SDavid Gibson /* Perform BAT hit & translation */ 11998132796SDavid Gibson static void hash32_bat_size_prot(CPUPPCState *env, target_ulong *blp, 12098132796SDavid Gibson int *validp, int *protp, target_ulong *BATu, 12198132796SDavid Gibson target_ulong *BATl) 12298132796SDavid Gibson { 12398132796SDavid Gibson target_ulong bl; 12498132796SDavid Gibson int pp, valid, prot; 12598132796SDavid Gibson 126d5aea6f3SDavid Gibson bl = (*BATu & BATU32_BL) << 15; 12798132796SDavid Gibson valid = 0; 12898132796SDavid Gibson prot = 0; 129d5aea6f3SDavid Gibson if (((msr_pr == 0) && (*BATu & BATU32_VS)) || 130d5aea6f3SDavid Gibson ((msr_pr != 0) && (*BATu & BATU32_VP))) { 13198132796SDavid Gibson valid = 1; 132d5aea6f3SDavid Gibson pp = *BATl & BATL32_PP; 13398132796SDavid Gibson if (pp != 0) { 13498132796SDavid Gibson prot = PAGE_READ | PAGE_EXEC; 13598132796SDavid Gibson if (pp == 0x2) { 13698132796SDavid Gibson prot |= PAGE_WRITE; 13798132796SDavid Gibson } 13898132796SDavid Gibson } 13998132796SDavid Gibson } 14098132796SDavid Gibson *blp = bl; 14198132796SDavid Gibson *validp = valid; 14298132796SDavid Gibson *protp = prot; 14398132796SDavid Gibson } 14498132796SDavid Gibson 14598132796SDavid Gibson static void hash32_bat_601_size_prot(CPUPPCState *env, target_ulong *blp, 14698132796SDavid Gibson int *validp, int *protp, 14798132796SDavid Gibson target_ulong *BATu, target_ulong *BATl) 14898132796SDavid Gibson { 14998132796SDavid Gibson target_ulong bl; 15098132796SDavid Gibson int key, pp, valid, prot; 15198132796SDavid Gibson 152d5aea6f3SDavid Gibson bl = (*BATl & BATL32_601_BL) << 17; 15398132796SDavid Gibson LOG_BATS("b %02x ==> bl " TARGET_FMT_lx " msk " TARGET_FMT_lx "\n", 154d5aea6f3SDavid Gibson (uint8_t)(*BATl & BATL32_601_BL), bl, ~bl); 15598132796SDavid Gibson prot = 0; 156d5aea6f3SDavid Gibson valid = !!(*BATl & BATL32_601_V); 15798132796SDavid Gibson if (valid) { 158d5aea6f3SDavid Gibson pp = *BATu & BATU32_601_PP; 15998132796SDavid Gibson if (msr_pr == 0) { 160d5aea6f3SDavid Gibson key = !!(*BATu & BATU32_601_KS); 16198132796SDavid Gibson } else { 162d5aea6f3SDavid Gibson key = !!(*BATu & BATU32_601_KP); 16398132796SDavid Gibson } 16498132796SDavid Gibson prot = ppc_hash32_pp_check(key, pp, 0); 16598132796SDavid Gibson } 16698132796SDavid Gibson *blp = bl; 16798132796SDavid Gibson *validp = valid; 16898132796SDavid Gibson *protp = prot; 16998132796SDavid Gibson } 17098132796SDavid Gibson 1715dc68eb0SDavid Gibson static int ppc_hash32_get_bat(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 17291cda45bSDavid Gibson target_ulong virtual, int rwx) 17398132796SDavid Gibson { 17498132796SDavid Gibson target_ulong *BATlt, *BATut, *BATu, *BATl; 17598132796SDavid Gibson target_ulong BEPIl, BEPIu, bl; 17698132796SDavid Gibson int i, valid, prot; 17798132796SDavid Gibson int ret = -1; 17898132796SDavid Gibson 17998132796SDavid Gibson LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__, 18091cda45bSDavid Gibson rwx == 2 ? 'I' : 'D', virtual); 18191cda45bSDavid Gibson if (rwx == 2) { 18298132796SDavid Gibson BATlt = env->IBAT[1]; 18398132796SDavid Gibson BATut = env->IBAT[0]; 18491cda45bSDavid Gibson } else { 18598132796SDavid Gibson BATlt = env->DBAT[1]; 18698132796SDavid Gibson BATut = env->DBAT[0]; 18798132796SDavid Gibson } 18898132796SDavid Gibson for (i = 0; i < env->nb_BATs; i++) { 18998132796SDavid Gibson BATu = &BATut[i]; 19098132796SDavid Gibson BATl = &BATlt[i]; 191d5aea6f3SDavid Gibson BEPIu = *BATu & BATU32_BEPIU; 192d5aea6f3SDavid Gibson BEPIl = *BATu & BATU32_BEPIL; 19398132796SDavid Gibson if (unlikely(env->mmu_model == POWERPC_MMU_601)) { 19498132796SDavid Gibson hash32_bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl); 19598132796SDavid Gibson } else { 19698132796SDavid Gibson hash32_bat_size_prot(env, &bl, &valid, &prot, BATu, BATl); 19798132796SDavid Gibson } 19898132796SDavid Gibson LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx 19998132796SDavid Gibson " BATl " TARGET_FMT_lx "\n", __func__, 20098132796SDavid Gibson type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl); 201d5aea6f3SDavid Gibson if ((virtual & BATU32_BEPIU) == BEPIu && 202d5aea6f3SDavid Gibson ((virtual & BATU32_BEPIL) & ~bl) == BEPIl) { 20398132796SDavid Gibson /* BAT matches */ 20498132796SDavid Gibson if (valid != 0) { 20598132796SDavid Gibson /* Get physical address */ 206d5aea6f3SDavid Gibson ctx->raddr = (*BATl & BATL32_BRPNU) | 207d5aea6f3SDavid Gibson ((virtual & BATU32_BEPIL & bl) | (*BATl & BATL32_BRPNL)) | 20898132796SDavid Gibson (virtual & 0x0001F000); 20998132796SDavid Gibson /* Compute access rights */ 21098132796SDavid Gibson ctx->prot = prot; 21191cda45bSDavid Gibson ret = ppc_hash32_check_prot(ctx->prot, rwx); 21298132796SDavid Gibson if (ret == 0) { 21398132796SDavid Gibson LOG_BATS("BAT %d match: r " TARGET_FMT_plx " prot=%c%c\n", 21498132796SDavid Gibson i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-', 21598132796SDavid Gibson ctx->prot & PAGE_WRITE ? 'W' : '-'); 21698132796SDavid Gibson } 21798132796SDavid Gibson break; 21898132796SDavid Gibson } 21998132796SDavid Gibson } 22098132796SDavid Gibson } 22198132796SDavid Gibson if (ret < 0) { 22298132796SDavid Gibson #if defined(DEBUG_BATS) 22398132796SDavid Gibson if (qemu_log_enabled()) { 22498132796SDavid Gibson LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", virtual); 22598132796SDavid Gibson for (i = 0; i < 4; i++) { 22698132796SDavid Gibson BATu = &BATut[i]; 22798132796SDavid Gibson BATl = &BATlt[i]; 228d5aea6f3SDavid Gibson BEPIu = *BATu & BATU32_BEPIU; 229d5aea6f3SDavid Gibson BEPIl = *BATu & BATU32_BEPIL; 23098132796SDavid Gibson bl = (*BATu & 0x00001FFC) << 15; 23198132796SDavid Gibson LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx 23298132796SDavid Gibson " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " " 23398132796SDavid Gibson TARGET_FMT_lx " " TARGET_FMT_lx "\n", 23498132796SDavid Gibson __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual, 23598132796SDavid Gibson *BATu, *BATl, BEPIu, BEPIl, bl); 23698132796SDavid Gibson } 23798132796SDavid Gibson } 23898132796SDavid Gibson #endif 23998132796SDavid Gibson } 24098132796SDavid Gibson /* No hit */ 24198132796SDavid Gibson return ret; 24298132796SDavid Gibson } 24398132796SDavid Gibson 244723ed73aSDavid Gibson static int ppc_hash32_direct_store(CPUPPCState *env, target_ulong sr, 245723ed73aSDavid Gibson target_ulong eaddr, int rwx, 246723ed73aSDavid Gibson hwaddr *raddr, int *prot) 247723ed73aSDavid Gibson { 248723ed73aSDavid Gibson int key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS)); 249723ed73aSDavid Gibson 250723ed73aSDavid Gibson LOG_MMU("direct store...\n"); 251723ed73aSDavid Gibson 252723ed73aSDavid Gibson if ((sr & 0x1FF00000) >> 20 == 0x07f) { 253723ed73aSDavid Gibson /* Memory-forced I/O controller interface access */ 254723ed73aSDavid Gibson /* If T=1 and BUID=x'07F', the 601 performs a memory access 255723ed73aSDavid Gibson * to SR[28-31] LA[4-31], bypassing all protection mechanisms. 256723ed73aSDavid Gibson */ 257723ed73aSDavid Gibson *raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF); 258723ed73aSDavid Gibson *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 259723ed73aSDavid Gibson return 0; 260723ed73aSDavid Gibson } 261723ed73aSDavid Gibson 262723ed73aSDavid Gibson if (rwx == 2) { 263723ed73aSDavid Gibson /* No code fetch is allowed in direct-store areas */ 264723ed73aSDavid Gibson return -4; 265723ed73aSDavid Gibson } 266723ed73aSDavid Gibson 267723ed73aSDavid Gibson switch (env->access_type) { 268723ed73aSDavid Gibson case ACCESS_INT: 269723ed73aSDavid Gibson /* Integer load/store : only access allowed */ 270723ed73aSDavid Gibson break; 271723ed73aSDavid Gibson case ACCESS_FLOAT: 272723ed73aSDavid Gibson /* Floating point load/store */ 273723ed73aSDavid Gibson return -4; 274723ed73aSDavid Gibson case ACCESS_RES: 275723ed73aSDavid Gibson /* lwarx, ldarx or srwcx. */ 276723ed73aSDavid Gibson return -4; 277723ed73aSDavid Gibson case ACCESS_CACHE: 278723ed73aSDavid Gibson /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */ 279723ed73aSDavid Gibson /* Should make the instruction do no-op. 280723ed73aSDavid Gibson * As it already do no-op, it's quite easy :-) 281723ed73aSDavid Gibson */ 282723ed73aSDavid Gibson *raddr = eaddr; 283723ed73aSDavid Gibson return 0; 284723ed73aSDavid Gibson case ACCESS_EXT: 285723ed73aSDavid Gibson /* eciwx or ecowx */ 286723ed73aSDavid Gibson return -4; 287723ed73aSDavid Gibson default: 288723ed73aSDavid Gibson qemu_log("ERROR: instruction should not need " 289723ed73aSDavid Gibson "address translation\n"); 290723ed73aSDavid Gibson return -4; 291723ed73aSDavid Gibson } 292723ed73aSDavid Gibson if ((rwx == 1 || key != 1) && (rwx == 0 || key != 0)) { 293723ed73aSDavid Gibson *raddr = eaddr; 294723ed73aSDavid Gibson return 2; 295723ed73aSDavid Gibson } else { 296723ed73aSDavid Gibson return -2; 297723ed73aSDavid Gibson } 298723ed73aSDavid Gibson } 299723ed73aSDavid Gibson 300f95d7cc7SDavid Gibson static int pte_check_hash32(struct mmu_ctx_hash32 *ctx, target_ulong pte0, 301f95d7cc7SDavid Gibson target_ulong pte1, int rwx) 302f95d7cc7SDavid Gibson { 303d5aea6f3SDavid Gibson int access, ret, pp; 3049d7c3f4aSDavid Gibson 305d5aea6f3SDavid Gibson pp = pte1 & HPTE32_R_PP; 3069d7c3f4aSDavid Gibson /* Compute access rights */ 307496272a7SDavid Gibson access = ppc_hash32_pp_check(ctx->key, pp, ctx->nx); 3089d7c3f4aSDavid Gibson /* Keep the matching PTE informations */ 3099d7c3f4aSDavid Gibson ctx->raddr = pte1; 3109d7c3f4aSDavid Gibson ctx->prot = access; 31191cda45bSDavid Gibson ret = ppc_hash32_check_prot(ctx->prot, rwx); 3129d7c3f4aSDavid Gibson if (ret == 0) { 3139d7c3f4aSDavid Gibson /* Access granted */ 3149d7c3f4aSDavid Gibson LOG_MMU("PTE access granted !\n"); 3159d7c3f4aSDavid Gibson } else { 3169d7c3f4aSDavid Gibson /* Access right violation */ 3179d7c3f4aSDavid Gibson LOG_MMU("PTE access rejected\n"); 3189d7c3f4aSDavid Gibson } 3199d7c3f4aSDavid Gibson 3209d7c3f4aSDavid Gibson return ret; 3219d7c3f4aSDavid Gibson } 322c69b6151SDavid Gibson 323aea390e4SDavid Gibson static int ppc_hash32_pte_update_flags(struct mmu_ctx_hash32 *ctx, 324aea390e4SDavid Gibson uint32_t *pte1p, int ret, int rwx) 325496272a7SDavid Gibson { 326496272a7SDavid Gibson int store = 0; 327496272a7SDavid Gibson 328496272a7SDavid Gibson /* Update page flags */ 329d5aea6f3SDavid Gibson if (!(*pte1p & HPTE32_R_R)) { 330496272a7SDavid Gibson /* Update accessed flag */ 331d5aea6f3SDavid Gibson *pte1p |= HPTE32_R_R; 332496272a7SDavid Gibson store = 1; 333496272a7SDavid Gibson } 334d5aea6f3SDavid Gibson if (!(*pte1p & HPTE32_R_C)) { 33591cda45bSDavid Gibson if (rwx == 1 && ret == 0) { 336496272a7SDavid Gibson /* Update changed flag */ 337d5aea6f3SDavid Gibson *pte1p |= HPTE32_R_C; 338496272a7SDavid Gibson store = 1; 339496272a7SDavid Gibson } else { 340496272a7SDavid Gibson /* Force page fault for first write access */ 341496272a7SDavid Gibson ctx->prot &= ~PAGE_WRITE; 342496272a7SDavid Gibson } 343496272a7SDavid Gibson } 344496272a7SDavid Gibson 345496272a7SDavid Gibson return store; 346496272a7SDavid Gibson } 347496272a7SDavid Gibson 34859191721SDavid Gibson hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash) 34959191721SDavid Gibson { 350d5aea6f3SDavid Gibson return (hash * HASH_PTEG_SIZE_32) & env->htab_mask; 35159191721SDavid Gibson } 35259191721SDavid Gibson 353aea390e4SDavid Gibson static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off, 354aea390e4SDavid Gibson bool secondary, target_ulong ptem, 355aea390e4SDavid Gibson ppc_hash_pte32_t *pte) 356aea390e4SDavid Gibson { 357aea390e4SDavid Gibson hwaddr pte_offset = pteg_off; 358aea390e4SDavid Gibson target_ulong pte0, pte1; 359aea390e4SDavid Gibson int i; 360aea390e4SDavid Gibson 361aea390e4SDavid Gibson for (i = 0; i < HPTES_PER_GROUP; i++) { 362aea390e4SDavid Gibson pte0 = ppc_hash32_load_hpte0(env, pte_offset); 363aea390e4SDavid Gibson pte1 = ppc_hash32_load_hpte1(env, pte_offset); 364aea390e4SDavid Gibson 365aea390e4SDavid Gibson if ((pte0 & HPTE32_V_VALID) 366aea390e4SDavid Gibson && (secondary == !!(pte0 & HPTE32_V_SECONDARY)) 367aea390e4SDavid Gibson && HPTE32_V_COMPARE(pte0, ptem)) { 368aea390e4SDavid Gibson pte->pte0 = pte0; 369aea390e4SDavid Gibson pte->pte1 = pte1; 370aea390e4SDavid Gibson return pte_offset; 371aea390e4SDavid Gibson } 372aea390e4SDavid Gibson 373aea390e4SDavid Gibson pte_offset += HASH_PTE_SIZE_32; 374aea390e4SDavid Gibson } 375aea390e4SDavid Gibson 376aea390e4SDavid Gibson return -1; 377aea390e4SDavid Gibson } 378aea390e4SDavid Gibson 379f078cd46SDavid Gibson static int find_pte32(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 380f078cd46SDavid Gibson target_ulong eaddr, int h, int rwx, int target_page_bits) 381c69b6151SDavid Gibson { 382aea390e4SDavid Gibson hwaddr pteg_off, pte_offset; 383aea390e4SDavid Gibson ppc_hash_pte32_t pte; 384f95d7cc7SDavid Gibson int ret; 385c69b6151SDavid Gibson 386c69b6151SDavid Gibson ret = -1; /* No entry found */ 38759191721SDavid Gibson pteg_off = get_pteg_offset32(env, ctx->hash[h]); 388aea390e4SDavid Gibson pte_offset = ppc_hash32_pteg_search(env, pteg_off, h, ctx->ptem, &pte); 389aea390e4SDavid Gibson if (pte_offset != -1) { 390aea390e4SDavid Gibson ret = pte_check_hash32(ctx, pte.pte0, pte.pte1, rwx); 391c69b6151SDavid Gibson LOG_MMU("found PTE at addr %08" HWADDR_PRIx " prot=%01x ret=%d\n", 392c69b6151SDavid Gibson ctx->raddr, ctx->prot, ret); 393c69b6151SDavid Gibson /* Update page flags */ 394aea390e4SDavid Gibson if (ppc_hash32_pte_update_flags(ctx, &pte.pte1, ret, rwx) == 1) { 395aea390e4SDavid Gibson ppc_hash32_store_hpte1(env, pte_offset, pte.pte1); 396c69b6151SDavid Gibson } 397c69b6151SDavid Gibson } 398c69b6151SDavid Gibson 399c69b6151SDavid Gibson /* We have a TLB that saves 4K pages, so let's 400c69b6151SDavid Gibson * split a huge page to 4k chunks */ 401c69b6151SDavid Gibson if (target_page_bits != TARGET_PAGE_BITS) { 402f078cd46SDavid Gibson ctx->raddr |= (eaddr & ((1 << target_page_bits) - 1)) 403c69b6151SDavid Gibson & TARGET_PAGE_MASK; 404c69b6151SDavid Gibson } 405c69b6151SDavid Gibson return ret; 406c69b6151SDavid Gibson } 4070480884fSDavid Gibson 40865d61643SDavid Gibson static int ppc_hash32_translate(CPUPPCState *env, struct mmu_ctx_hash32 *ctx, 40991cda45bSDavid Gibson target_ulong eaddr, int rwx) 4100480884fSDavid Gibson { 4110480884fSDavid Gibson hwaddr hash; 4120480884fSDavid Gibson target_ulong vsid; 4134b9605a5SDavid Gibson int pr, target_page_bits; 4140480884fSDavid Gibson int ret, ret2; 4150480884fSDavid Gibson target_ulong sr, pgidx; 4160480884fSDavid Gibson 41765d61643SDavid Gibson /* 1. Handle real mode accesses */ 41865d61643SDavid Gibson if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) { 41965d61643SDavid Gibson /* Translation is off */ 42065d61643SDavid Gibson ctx->raddr = eaddr; 42165d61643SDavid Gibson ctx->prot = PAGE_READ | PAGE_EXEC | PAGE_WRITE; 42265d61643SDavid Gibson return 0; 42365d61643SDavid Gibson } 42465d61643SDavid Gibson 42565d61643SDavid Gibson /* 2. Check Block Address Translation entries (BATs) */ 42665d61643SDavid Gibson if (env->nb_BATs != 0) { 42765d61643SDavid Gibson ret = ppc_hash32_get_bat(env, ctx, eaddr, rwx); 42865d61643SDavid Gibson if (ret == 0) { 42965d61643SDavid Gibson return 0; 43065d61643SDavid Gibson } 43165d61643SDavid Gibson } 43265d61643SDavid Gibson 4334b9605a5SDavid Gibson /* 3. Look up the Segment Register */ 4340480884fSDavid Gibson sr = env->sr[eaddr >> 28]; 4354b9605a5SDavid Gibson 436723ed73aSDavid Gibson /* 4. Handle direct store segments */ 437723ed73aSDavid Gibson if (sr & SR32_T) { 438723ed73aSDavid Gibson return ppc_hash32_direct_store(env, sr, eaddr, rwx, 439723ed73aSDavid Gibson &ctx->raddr, &ctx->prot); 440723ed73aSDavid Gibson } 441723ed73aSDavid Gibson 442bb218042SDavid Gibson /* 5. Check for segment level no-execute violation */ 443bb218042SDavid Gibson ctx->nx = !!(sr & SR32_NX); 444bb218042SDavid Gibson if ((rwx == 2) && ctx->nx) { 445bb218042SDavid Gibson return -3; 446bb218042SDavid Gibson } 447bb218042SDavid Gibson 4484b9605a5SDavid Gibson pr = msr_pr; 449d5aea6f3SDavid Gibson ctx->key = (((sr & SR32_KP) && (pr != 0)) || 450d5aea6f3SDavid Gibson ((sr & SR32_KS) && (pr == 0))) ? 1 : 0; 451bb218042SDavid Gibson 452d5aea6f3SDavid Gibson vsid = sr & SR32_VSID; 4530480884fSDavid Gibson target_page_bits = TARGET_PAGE_BITS; 4540480884fSDavid Gibson LOG_MMU("Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx " nip=" 4550480884fSDavid Gibson TARGET_FMT_lx " lr=" TARGET_FMT_lx 45691cda45bSDavid Gibson " ir=%d dr=%d pr=%d %d\n", 4570480884fSDavid Gibson eaddr, (int)(eaddr >> 28), sr, env->nip, env->lr, (int)msr_ir, 45891cda45bSDavid Gibson (int)msr_dr, pr != 0 ? 1 : 0, rwx); 4590480884fSDavid Gibson pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits; 4600480884fSDavid Gibson hash = vsid ^ pgidx; 4610480884fSDavid Gibson ctx->ptem = (vsid << 7) | (pgidx >> 10); 4620480884fSDavid Gibson 4634b9605a5SDavid Gibson LOG_MMU("pte segment: key=%d nx %d vsid " TARGET_FMT_lx "\n", 4644b9605a5SDavid Gibson ctx->key, ctx->nx, vsid); 4650480884fSDavid Gibson ret = -1; 4664b9605a5SDavid Gibson 4670480884fSDavid Gibson /* Page address translation */ 4680480884fSDavid Gibson LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx 4690480884fSDavid Gibson " hash " TARGET_FMT_plx "\n", 4700480884fSDavid Gibson env->htab_base, env->htab_mask, hash); 4710480884fSDavid Gibson ctx->hash[0] = hash; 4720480884fSDavid Gibson ctx->hash[1] = ~hash; 4730480884fSDavid Gibson 4740480884fSDavid Gibson LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 4750480884fSDavid Gibson " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx 4760480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", 4770480884fSDavid Gibson env->htab_base, env->htab_mask, vsid, ctx->ptem, 4780480884fSDavid Gibson ctx->hash[0]); 4790480884fSDavid Gibson /* Primary table lookup */ 480f078cd46SDavid Gibson ret = find_pte32(env, ctx, eaddr, 0, rwx, target_page_bits); 481f95d7cc7SDavid Gibson if (ret == -1) { 4820480884fSDavid Gibson /* Secondary table lookup */ 4830480884fSDavid Gibson LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx 4840480884fSDavid Gibson " vsid=" TARGET_FMT_lx " api=" TARGET_FMT_lx 4850480884fSDavid Gibson " hash=" TARGET_FMT_plx "\n", env->htab_base, 4860480884fSDavid Gibson env->htab_mask, vsid, ctx->ptem, ctx->hash[1]); 487f078cd46SDavid Gibson ret2 = find_pte32(env, ctx, eaddr, 1, rwx, target_page_bits); 4880480884fSDavid Gibson if (ret2 != -1) { 4890480884fSDavid Gibson ret = ret2; 4900480884fSDavid Gibson } 4910480884fSDavid Gibson } 4920480884fSDavid Gibson #if defined(DUMP_PAGE_TABLES) 4930480884fSDavid Gibson if (qemu_log_enabled()) { 4940480884fSDavid Gibson hwaddr curaddr; 4950480884fSDavid Gibson uint32_t a0, a1, a2, a3; 4960480884fSDavid Gibson 4970480884fSDavid Gibson qemu_log("Page table: " TARGET_FMT_plx " len " TARGET_FMT_plx 4980480884fSDavid Gibson "\n", sdr, mask + 0x80); 4990480884fSDavid Gibson for (curaddr = sdr; curaddr < (sdr + mask + 0x80); 5000480884fSDavid Gibson curaddr += 16) { 5010480884fSDavid Gibson a0 = ldl_phys(curaddr); 5020480884fSDavid Gibson a1 = ldl_phys(curaddr + 4); 5030480884fSDavid Gibson a2 = ldl_phys(curaddr + 8); 5040480884fSDavid Gibson a3 = ldl_phys(curaddr + 12); 5050480884fSDavid Gibson if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) { 5060480884fSDavid Gibson qemu_log(TARGET_FMT_plx ": %08x %08x %08x %08x\n", 5070480884fSDavid Gibson curaddr, a0, a1, a2, a3); 5080480884fSDavid Gibson } 5090480884fSDavid Gibson } 5100480884fSDavid Gibson } 5110480884fSDavid Gibson #endif 5120480884fSDavid Gibson 5130480884fSDavid Gibson return ret; 5140480884fSDavid Gibson } 515629bd516SDavid Gibson 516f2ad6be8SDavid Gibson hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong addr) 517f2ad6be8SDavid Gibson { 5185dc68eb0SDavid Gibson struct mmu_ctx_hash32 ctx; 519f2ad6be8SDavid Gibson 52091cda45bSDavid Gibson /* FIXME: Will not behave sanely for direct store segments, but 52191cda45bSDavid Gibson * they're almost never used */ 52265d61643SDavid Gibson if (unlikely(ppc_hash32_translate(env, &ctx, addr, 0) 523f2ad6be8SDavid Gibson != 0)) { 524f2ad6be8SDavid Gibson return -1; 525f2ad6be8SDavid Gibson } 526f2ad6be8SDavid Gibson 527f2ad6be8SDavid Gibson return ctx.raddr & TARGET_PAGE_MASK; 528f2ad6be8SDavid Gibson } 529f2ad6be8SDavid Gibson 53091cda45bSDavid Gibson int ppc_hash32_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rwx, 53125de24abSDavid Gibson int mmu_idx) 53225de24abSDavid Gibson { 5335dc68eb0SDavid Gibson struct mmu_ctx_hash32 ctx; 53425de24abSDavid Gibson int ret = 0; 53525de24abSDavid Gibson 53665d61643SDavid Gibson ret = ppc_hash32_translate(env, &ctx, address, rwx); 53725de24abSDavid Gibson if (ret == 0) { 53825de24abSDavid Gibson tlb_set_page(env, address & TARGET_PAGE_MASK, 53925de24abSDavid Gibson ctx.raddr & TARGET_PAGE_MASK, ctx.prot, 54025de24abSDavid Gibson mmu_idx, TARGET_PAGE_SIZE); 54125de24abSDavid Gibson ret = 0; 54225de24abSDavid Gibson } else if (ret < 0) { 54325de24abSDavid Gibson LOG_MMU_STATE(env); 54491cda45bSDavid Gibson if (rwx == 2) { 54525de24abSDavid Gibson switch (ret) { 54625de24abSDavid Gibson case -1: 54725de24abSDavid Gibson /* No matches in page tables or TLB */ 54825de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 54925de24abSDavid Gibson env->error_code = 0x40000000; 55025de24abSDavid Gibson break; 55125de24abSDavid Gibson case -2: 55225de24abSDavid Gibson /* Access rights violation */ 55325de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 55425de24abSDavid Gibson env->error_code = 0x08000000; 55525de24abSDavid Gibson break; 55625de24abSDavid Gibson case -3: 55725de24abSDavid Gibson /* No execute protection violation */ 55825de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 55925de24abSDavid Gibson env->error_code = 0x10000000; 56025de24abSDavid Gibson break; 56125de24abSDavid Gibson case -4: 56225de24abSDavid Gibson /* Direct store exception */ 56325de24abSDavid Gibson /* No code fetch is allowed in direct-store areas */ 56425de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ISI; 56525de24abSDavid Gibson env->error_code = 0x10000000; 56625de24abSDavid Gibson break; 56725de24abSDavid Gibson } 56825de24abSDavid Gibson } else { 56925de24abSDavid Gibson switch (ret) { 57025de24abSDavid Gibson case -1: 57125de24abSDavid Gibson /* No matches in page tables or TLB */ 57225de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 57325de24abSDavid Gibson env->error_code = 0; 57425de24abSDavid Gibson env->spr[SPR_DAR] = address; 57591cda45bSDavid Gibson if (rwx == 1) { 57625de24abSDavid Gibson env->spr[SPR_DSISR] = 0x42000000; 57725de24abSDavid Gibson } else { 57825de24abSDavid Gibson env->spr[SPR_DSISR] = 0x40000000; 57925de24abSDavid Gibson } 58025de24abSDavid Gibson break; 58125de24abSDavid Gibson case -2: 58225de24abSDavid Gibson /* Access rights violation */ 58325de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 58425de24abSDavid Gibson env->error_code = 0; 58525de24abSDavid Gibson env->spr[SPR_DAR] = address; 58691cda45bSDavid Gibson if (rwx == 1) { 58725de24abSDavid Gibson env->spr[SPR_DSISR] = 0x0A000000; 58825de24abSDavid Gibson } else { 58925de24abSDavid Gibson env->spr[SPR_DSISR] = 0x08000000; 59025de24abSDavid Gibson } 59125de24abSDavid Gibson break; 59225de24abSDavid Gibson case -4: 59325de24abSDavid Gibson /* Direct store exception */ 59491cda45bSDavid Gibson switch (env->access_type) { 59525de24abSDavid Gibson case ACCESS_FLOAT: 59625de24abSDavid Gibson /* Floating point load/store */ 59725de24abSDavid Gibson env->exception_index = POWERPC_EXCP_ALIGN; 59825de24abSDavid Gibson env->error_code = POWERPC_EXCP_ALIGN_FP; 59925de24abSDavid Gibson env->spr[SPR_DAR] = address; 60025de24abSDavid Gibson break; 60125de24abSDavid Gibson case ACCESS_RES: 60225de24abSDavid Gibson /* lwarx, ldarx or stwcx. */ 60325de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 60425de24abSDavid Gibson env->error_code = 0; 60525de24abSDavid Gibson env->spr[SPR_DAR] = address; 60691cda45bSDavid Gibson if (rwx == 1) { 60725de24abSDavid Gibson env->spr[SPR_DSISR] = 0x06000000; 60825de24abSDavid Gibson } else { 60925de24abSDavid Gibson env->spr[SPR_DSISR] = 0x04000000; 61025de24abSDavid Gibson } 61125de24abSDavid Gibson break; 61225de24abSDavid Gibson case ACCESS_EXT: 61325de24abSDavid Gibson /* eciwx or ecowx */ 61425de24abSDavid Gibson env->exception_index = POWERPC_EXCP_DSI; 61525de24abSDavid Gibson env->error_code = 0; 61625de24abSDavid Gibson env->spr[SPR_DAR] = address; 61791cda45bSDavid Gibson if (rwx == 1) { 61825de24abSDavid Gibson env->spr[SPR_DSISR] = 0x06100000; 61925de24abSDavid Gibson } else { 62025de24abSDavid Gibson env->spr[SPR_DSISR] = 0x04100000; 62125de24abSDavid Gibson } 62225de24abSDavid Gibson break; 62325de24abSDavid Gibson default: 62425de24abSDavid Gibson printf("DSI: invalid exception (%d)\n", ret); 62525de24abSDavid Gibson env->exception_index = POWERPC_EXCP_PROGRAM; 62625de24abSDavid Gibson env->error_code = 62725de24abSDavid Gibson POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL; 62825de24abSDavid Gibson env->spr[SPR_DAR] = address; 62925de24abSDavid Gibson break; 63025de24abSDavid Gibson } 63125de24abSDavid Gibson break; 63225de24abSDavid Gibson } 63325de24abSDavid Gibson } 63425de24abSDavid Gibson #if 0 63525de24abSDavid Gibson printf("%s: set exception to %d %02x\n", __func__, 63625de24abSDavid Gibson env->exception, env->error_code); 63725de24abSDavid Gibson #endif 63825de24abSDavid Gibson ret = 1; 63925de24abSDavid Gibson } 64025de24abSDavid Gibson 64125de24abSDavid Gibson return ret; 64225de24abSDavid Gibson } 643