Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'ppc-for-upstream' of git://github.com/agraf/qemu

* 'ppc-for-upstream' of git://github.com/agraf/qemu: (58 commits)
  target-ppc: Use NARROW_MODE macro for tlbie
  target-ppc: Use NARROW_MODE macro for addresses
  target-ppc: Use NARROW_MODE macro for comparisons
  target-ppc: Use NARROW_MODE macro for branches
  target-ppc: Fix add and subf carry generation in narrow mode
  target-ppc: Use QOM method dispatch for MMU fault handling
  target-ppc: Move ppc tlb_fill implementation into mmu_helper.c
  target-ppc: Split user only code out of mmu_helper.c
  mmu-hash64: Implement Virtual Page Class Key Protection
  mmu-hash*: Merge translate and fault handling functions
  mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for get_phys_page_debug()
  mmu-hash*: Correctly mask RPN from hash PTE
  mmu-hash*: Clean up real address calculation
  mmu-hash*: Clean up PTE flags update
  mmu-hash64: Factor SLB N bit into permissions bits
  mmu-hash*: Clean up permission checking
  mmu-hash32: Remove nx from context structure
  mmu-hash*: Don't update PTE flags when permission is denied
  mmu-hash32: Don't look up page tables on BAT permission error
  mmu-hash32: Cleanup BAT lookup
  ...
  • Loading branch information...
commit d76bb73549fcac07524aea5135280ea533a94fd6 2 parents 52ae646 + 9ca3f7f
@aurel32 aurel32 authored
View
3  gdbstub.c
@@ -781,7 +781,8 @@ static int cpu_gdb_write_register(CPUPPCState *env, uint8_t *mem_buf, int n)
/* fpscr */
if (gdb_has_xml)
return 0;
- return 4;
+ store_fpscr(env, ldtul_p(mem_buf), 0xffffffff);
+ return sizeof(target_ulong);
}
}
return 0;
View
16 hw/ppc/spapr.c
@@ -629,7 +629,7 @@ static void ppc_spapr_reset(void)
spapr->rtas_size);
/* Set up the entry state */
- first_cpu_cpu = CPU(first_cpu);
+ first_cpu_cpu = ENV_GET_CPU(first_cpu);
first_cpu->gpr[3] = spapr->fdt_addr;
first_cpu->gpr[5] = 0;
first_cpu_cpu->halted = 0;
@@ -779,6 +779,11 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
spapr->htab_shift++;
}
+ /* Set up Interrupt Controller before we create the VCPUs */
+ spapr->icp = xics_system_init(smp_cpus * kvmppc_smt_threads() / smp_threads,
+ XICS_IRQS);
+ spapr->next_irq = XICS_IRQ_BASE;
+
/* init CPUs */
if (cpu_model == NULL) {
cpu_model = kvm_enabled() ? "host" : "POWER7";
@@ -791,6 +796,8 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
}
env = &cpu->env;
+ xics_cpu_setup(spapr->icp, cpu);
+
/* Set time-base frequency to 512 MHz */
cpu_ppc_tb_init(env, TIMEBASE_FREQ);
@@ -830,11 +837,6 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
}
g_free(filename);
-
- /* Set up Interrupt Controller */
- spapr->icp = xics_system_init(XICS_IRQS);
- spapr->next_irq = XICS_IRQ_BASE;
-
/* Set up EPOW events infrastructure */
spapr_events_init(spapr);
@@ -856,7 +858,7 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
/* Set up PCI */
spapr_pci_rtas_init();
- phb = spapr_create_phb(spapr, 0, "pci");
+ phb = spapr_create_phb(spapr, 0);
for (i = 0; i < nb_nics; i++) {
NICInfo *nd = &nd_table[i];
View
102 hw/ppc/spapr_hcall.c
@@ -3,39 +3,7 @@
#include "sysemu/sysemu.h"
#include "helper_regs.h"
#include "hw/spapr.h"
-
-#define HPTES_PER_GROUP 8
-
-#define HPTE_V_SSIZE_SHIFT 62
-#define HPTE_V_AVPN_SHIFT 7
-#define HPTE_V_AVPN 0x3fffffffffffff80ULL
-#define HPTE_V_AVPN_VAL(x) (((x) & HPTE_V_AVPN) >> HPTE_V_AVPN_SHIFT)
-#define HPTE_V_COMPARE(x, y) (!(((x) ^ (y)) & 0xffffffffffffff80UL))
-#define HPTE_V_BOLTED 0x0000000000000010ULL
-#define HPTE_V_LOCK 0x0000000000000008ULL
-#define HPTE_V_LARGE 0x0000000000000004ULL
-#define HPTE_V_SECONDARY 0x0000000000000002ULL
-#define HPTE_V_VALID 0x0000000000000001ULL
-
-#define HPTE_R_PP0 0x8000000000000000ULL
-#define HPTE_R_TS 0x4000000000000000ULL
-#define HPTE_R_KEY_HI 0x3000000000000000ULL
-#define HPTE_R_RPN_SHIFT 12
-#define HPTE_R_RPN 0x3ffffffffffff000ULL
-#define HPTE_R_FLAGS 0x00000000000003ffULL
-#define HPTE_R_PP 0x0000000000000003ULL
-#define HPTE_R_N 0x0000000000000004ULL
-#define HPTE_R_G 0x0000000000000008ULL
-#define HPTE_R_M 0x0000000000000010ULL
-#define HPTE_R_I 0x0000000000000020ULL
-#define HPTE_R_W 0x0000000000000040ULL
-#define HPTE_R_WIMG 0x0000000000000078ULL
-#define HPTE_R_C 0x0000000000000080ULL
-#define HPTE_R_R 0x0000000000000100ULL
-#define HPTE_R_KEY_LO 0x0000000000000e00ULL
-
-#define HPTE_V_1TB_SEG 0x4000000000000000ULL
-#define HPTE_V_VRMA_MASK 0x4001ffffff000000ULL
+#include "mmu-hash64.h"
static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r,
target_ulong pte_index)
@@ -44,17 +12,17 @@ static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r,
rb = (v & ~0x7fULL) << 16; /* AVA field */
va_low = pte_index >> 3;
- if (v & HPTE_V_SECONDARY) {
+ if (v & HPTE64_V_SECONDARY) {
va_low = ~va_low;
}
/* xor vsid from AVA */
- if (!(v & HPTE_V_1TB_SEG)) {
+ if (!(v & HPTE64_V_1TB_SEG)) {
va_low ^= v >> 12;
} else {
va_low ^= v >> 24;
}
va_low &= 0x7ff;
- if (v & HPTE_V_LARGE) {
+ if (v & HPTE64_V_LARGE) {
rb |= 1; /* L field */
#if 0 /* Disable that P7 specific bit for now */
if (r & 0xff000) {
@@ -84,10 +52,10 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
target_ulong page_shift = 12;
target_ulong raddr;
target_ulong i;
- uint8_t *hpte;
+ hwaddr hpte;
/* only handle 4k and 16M pages for now */
- if (pteh & HPTE_V_LARGE) {
+ if (pteh & HPTE64_V_LARGE) {
#if 0 /* We don't support 64k pages yet */
if ((ptel & 0xf000) == 0x1000) {
/* 64k page */
@@ -105,11 +73,11 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
}
}
- raddr = (ptel & HPTE_R_RPN) & ~((1ULL << page_shift) - 1);
+ raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << page_shift) - 1);
if (raddr < spapr->ram_limit) {
/* Regular RAM - should have WIMG=0010 */
- if ((ptel & HPTE_R_WIMG) != HPTE_R_M) {
+ if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) {
return H_PARAMETER;
}
} else {
@@ -117,7 +85,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
/* FIXME: What WIMG combinations could be sensible for IO?
* For now we allow WIMG=010x, but are there others? */
/* FIXME: Should we check against registered IO addresses? */
- if ((ptel & (HPTE_R_W | HPTE_R_I | HPTE_R_M)) != HPTE_R_I) {
+ if ((ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)) != HPTE64_R_I) {
return H_PARAMETER;
}
}
@@ -129,26 +97,26 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr,
}
if (likely((flags & H_EXACT) == 0)) {
pte_index &= ~7ULL;
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ hpte = pte_index * HASH_PTE_SIZE_64;
for (i = 0; ; ++i) {
if (i == 8) {
return H_PTEG_FULL;
}
- if ((ldq_p(hpte) & HPTE_V_VALID) == 0) {
+ if ((ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) == 0) {
break;
}
hpte += HASH_PTE_SIZE_64;
}
} else {
i = 0;
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
- if (ldq_p(hpte) & HPTE_V_VALID) {
+ hpte = pte_index * HASH_PTE_SIZE_64;
+ if (ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) {
return H_PTEG_FULL;
}
}
- stq_p(hpte + (HASH_PTE_SIZE_64/2), ptel);
+ ppc_hash64_store_hpte1(env, hpte, ptel);
/* eieio(); FIXME: need some sort of barrier for smp? */
- stq_p(hpte, pteh);
+ ppc_hash64_store_hpte0(env, hpte, pteh);
args[0] = pte_index + i;
return H_SUCCESS;
@@ -166,26 +134,26 @@ static target_ulong remove_hpte(CPUPPCState *env, target_ulong ptex,
target_ulong flags,
target_ulong *vp, target_ulong *rp)
{
- uint8_t *hpte;
+ hwaddr hpte;
target_ulong v, r, rb;
if ((ptex * HASH_PTE_SIZE_64) & ~env->htab_mask) {
return REMOVE_PARM;
}
- hpte = env->external_htab + (ptex * HASH_PTE_SIZE_64);
+ hpte = ptex * HASH_PTE_SIZE_64;
- v = ldq_p(hpte);
- r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
+ v = ppc_hash64_load_hpte0(env, hpte);
+ r = ppc_hash64_load_hpte1(env, hpte);
- if ((v & HPTE_V_VALID) == 0 ||
+ if ((v & HPTE64_V_VALID) == 0 ||
((flags & H_AVPN) && (v & ~0x7fULL) != avpn) ||
((flags & H_ANDCOND) && (v & avpn) != 0)) {
return REMOVE_NOT_FOUND;
}
*vp = v;
*rp = r;
- stq_p(hpte, 0);
+ ppc_hash64_store_hpte0(env, hpte, 0);
rb = compute_tlbie_rb(v, r, ptex);
ppc_tlb_invalidate_one(env, rb);
return REMOVE_SUCCESS;
@@ -271,7 +239,7 @@ static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPREnvironment *spapr,
switch (ret) {
case REMOVE_SUCCESS:
- *tsh |= (r & (HPTE_R_C | HPTE_R_R)) << 43;
+ *tsh |= (r & (HPTE64_R_C | HPTE64_R_R)) << 43;
break;
case REMOVE_PARM:
@@ -292,34 +260,34 @@ static target_ulong h_protect(PowerPCCPU *cpu, sPAPREnvironment *spapr,
target_ulong flags = args[0];
target_ulong pte_index = args[1];
target_ulong avpn = args[2];
- uint8_t *hpte;
+ hwaddr hpte;
target_ulong v, r, rb;
if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
return H_PARAMETER;
}
- hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64);
+ hpte = pte_index * HASH_PTE_SIZE_64;
- v = ldq_p(hpte);
- r = ldq_p(hpte + (HASH_PTE_SIZE_64/2));
+ v = ppc_hash64_load_hpte0(env, hpte);
+ r = ppc_hash64_load_hpte1(env, hpte);
- if ((v & HPTE_V_VALID) == 0 ||
+ if ((v & HPTE64_V_VALID) == 0 ||
((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) {
return H_NOT_FOUND;
}
- r &= ~(HPTE_R_PP0 | HPTE_R_PP | HPTE_R_N |
- HPTE_R_KEY_HI | HPTE_R_KEY_LO);
- r |= (flags << 55) & HPTE_R_PP0;
- r |= (flags << 48) & HPTE_R_KEY_HI;
- r |= flags & (HPTE_R_PP | HPTE_R_N | HPTE_R_KEY_LO);
+ r &= ~(HPTE64_R_PP0 | HPTE64_R_PP | HPTE64_R_N |
+ HPTE64_R_KEY_HI | HPTE64_R_KEY_LO);
+ r |= (flags << 55) & HPTE64_R_PP0;
+ r |= (flags << 48) & HPTE64_R_KEY_HI;
+ r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO);
rb = compute_tlbie_rb(v, r, pte_index);
- stq_p(hpte, v & ~HPTE_V_VALID);
+ ppc_hash64_store_hpte0(env, hpte, v & ~HPTE64_V_VALID);
ppc_tlb_invalidate_one(env, rb);
- stq_p(hpte + (HASH_PTE_SIZE_64/2), r);
+ ppc_hash64_store_hpte1(env, hpte, r);
/* Don't need a memory barrier, due to qemu's global lock */
- stq_p(hpte, v);
+ ppc_hash64_store_hpte0(env, hpte, v);
return H_SUCCESS;
}
View
57 hw/ppc/xics.c
@@ -521,45 +521,38 @@ static void xics_reset(void *opaque)
}
}
-struct icp_state *xics_system_init(int nr_irqs)
+void xics_cpu_setup(struct icp_state *icp, PowerPCCPU *cpu)
{
- CPUPPCState *env;
- CPUState *cpu;
- int max_server_num;
- struct icp_state *icp;
- struct ics_state *ics;
+ CPUState *cs = CPU(cpu);
+ CPUPPCState *env = &cpu->env;
+ struct icp_server_state *ss = &icp->ss[cs->cpu_index];
- max_server_num = -1;
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- cpu = CPU(ppc_env_get_cpu(env));
- if (cpu->cpu_index > max_server_num) {
- max_server_num = cpu->cpu_index;
- }
- }
+ assert(cs->cpu_index < icp->nr_servers);
- icp = g_malloc0(sizeof(*icp));
- icp->nr_servers = max_server_num + 1;
- icp->ss = g_malloc0(icp->nr_servers*sizeof(struct icp_server_state));
+ switch (PPC_INPUT(env)) {
+ case PPC_FLAGS_INPUT_POWER7:
+ ss->output = env->irq_inputs[POWER7_INPUT_INT];
+ break;
- for (env = first_cpu; env != NULL; env = env->next_cpu) {
- cpu = CPU(ppc_env_get_cpu(env));
- struct icp_server_state *ss = &icp->ss[cpu->cpu_index];
+ case PPC_FLAGS_INPUT_970:
+ ss->output = env->irq_inputs[PPC970_INPUT_INT];
+ break;
- switch (PPC_INPUT(env)) {
- case PPC_FLAGS_INPUT_POWER7:
- ss->output = env->irq_inputs[POWER7_INPUT_INT];
- break;
+ default:
+ fprintf(stderr, "XICS interrupt controller does not support this CPU "
+ "bus model\n");
+ abort();
+ }
+}
- case PPC_FLAGS_INPUT_970:
- ss->output = env->irq_inputs[PPC970_INPUT_INT];
- break;
+struct icp_state *xics_system_init(int nr_servers, int nr_irqs)
+{
+ struct icp_state *icp;
+ struct ics_state *ics;
- default:
- hw_error("XICS interrupt model does not support this CPU bus "
- "model\n");
- exit(1);
- }
- }
+ icp = g_malloc0(sizeof(*icp));
+ icp->nr_servers = nr_servers;
+ icp->ss = g_malloc0(icp->nr_servers*sizeof(struct icp_server_state));
ics = g_malloc0(sizeof(*ics));
ics->nr_irqs = nr_irqs;
View
30 hw/spapr_pci.c
@@ -518,6 +518,7 @@ static int spapr_phb_init(SysBusDevice *s)
{
sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
PCIHostState *phb = PCI_HOST_BRIDGE(s);
+ const char *busname;
char *namebuf;
int i;
PCIBus *bus;
@@ -575,9 +576,6 @@ static int spapr_phb_init(SysBusDevice *s)
}
sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
- if (!sphb->busname) {
- sphb->busname = sphb->dtbusname;
- }
namebuf = alloca(strlen(sphb->dtbusname) + 32);
@@ -621,7 +619,26 @@ static int spapr_phb_init(SysBusDevice *s)
&sphb->msiwindow);
}
- bus = pci_register_bus(DEVICE(s), sphb->busname,
+ /*
+ * Selecting a busname is more complex than you'd think, due to
+ * interacting constraints. If the user has specified an id
+ * explicitly for the phb , then we want to use the qdev default
+ * of naming the bus based on the bridge device (so the user can
+ * then assign devices to it in the way they expect). For the
+ * first / default PCI bus (index=0) we want to use just "pci"
+ * because libvirt expects there to be a bus called, simply,
+ * "pci". Otherwise, we use the same name as in the device tree,
+ * since it's unique by construction, and makes the guest visible
+ * BUID clear.
+ */
+ if (s->qdev.id) {
+ busname = NULL;
+ } else if (sphb->index == 0) {
+ busname = "pci";
+ } else {
+ busname = sphb->dtbusname;
+ }
+ bus = pci_register_bus(DEVICE(s), busname,
pci_spapr_set_irq, pci_spapr_map_irq, sphb,
&sphb->memspace, &sphb->iospace,
PCI_DEVFN(0, 0), PCI_NUM_PINS);
@@ -663,7 +680,6 @@ static void spapr_phb_reset(DeviceState *qdev)
}
static Property spapr_phb_properties[] = {
- DEFINE_PROP_STRING("busname", sPAPRPHBState, busname),
DEFINE_PROP_INT32("index", sPAPRPHBState, index, -1),
DEFINE_PROP_HEX64("buid", sPAPRPHBState, buid, -1),
DEFINE_PROP_HEX32("liobn", sPAPRPHBState, dma_liobn, -1),
@@ -694,14 +710,12 @@ static const TypeInfo spapr_phb_info = {
.class_init = spapr_phb_class_init,
};
-PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index,
- const char *busname)
+PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index)
{
DeviceState *dev;
dev = qdev_create(NULL, TYPE_SPAPR_PCI_HOST_BRIDGE);
qdev_prop_set_uint32(dev, "index", index);
- qdev_prop_set_string(dev, "busname", busname);
qdev_init_nofail(dev);
return PCI_HOST_BRIDGE(dev);
View
4 hw/spapr_pci.h
@@ -39,7 +39,6 @@ typedef struct sPAPRPHBState {
int32_t index;
uint64_t buid;
- char *busname;
char *dtbusname;
MemoryRegion memspace, iospace;
@@ -82,8 +81,7 @@ static inline qemu_irq spapr_phb_lsi_qirq(struct sPAPRPHBState *phb, int pin)
return xics_get_qirq(spapr->icp, phb->lsi_table[pin].irq);
}
-PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index,
- const char *busname);
+PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index);
int spapr_populate_pci_dt(sPAPRPHBState *phb,
uint32_t xics_phandle,
View
3  hw/xics.h
@@ -35,6 +35,7 @@ struct icp_state;
qemu_irq xics_get_qirq(struct icp_state *icp, int irq);
void xics_set_irq_type(struct icp_state *icp, int irq, bool lsi);
-struct icp_state *xics_system_init(int nr_irqs);
+struct icp_state *xics_system_init(int nr_servers, int nr_irqs);
+void xics_cpu_setup(struct icp_state *icp, PowerPCCPU *cpu);
#endif /* __XICS_H__ */
View
4 monitor.c
@@ -2960,10 +2960,6 @@ static const MonitorDef monitor_defs[] = {
{ "xer", 0, &monitor_get_xer, },
{ "tbu", 0, &monitor_get_tbu, },
{ "tbl", 0, &monitor_get_tbl, },
-#if defined(TARGET_PPC64)
- /* Address space register */
- { "asr", offsetof(CPUPPCState, asr) },
-#endif
/* Segment registers */
{ "sdr1", offsetof(CPUPPCState, spr[SPR_SDR1]) },
{ "sr0", offsetof(CPUPPCState, sr[0]) },
View
7 target-ppc/Makefile.objs
@@ -1,11 +1,14 @@
obj-y += cpu-models.o
obj-y += translate.o
-obj-$(CONFIG_SOFTMMU) += machine.o
+ifeq ($(CONFIG_SOFTMMU),y)
+obj-y += machine.o mmu_helper.o mmu-hash32.o
+obj-$(TARGET_PPC64) += mmu-hash64.o
+endif
obj-$(CONFIG_KVM) += kvm.o kvm_ppc.o
obj-y += excp_helper.o
obj-y += fpu_helper.o
obj-y += int_helper.o
-obj-y += mmu_helper.o
obj-y += timebase_helper.o
obj-y += misc_helper.o
obj-y += mem_helper.o
+obj-$(CONFIG_USER_ONLY) += user_only_helper.o
View
2  target-ppc/cpu-models.c
@@ -1101,9 +1101,9 @@
"PowerPC 7457A v1.2 (G4)")
/* 64 bits PowerPC */
#if defined (TARGET_PPC64)
+#if defined(TODO)
POWERPC_DEF("620", CPU_POWERPC_620, 620,
"PowerPC 620")
-#if defined(TODO)
POWERPC_DEF("630", CPU_POWERPC_630, 630,
"PowerPC 630 (POWER3)")
#endif
View
4 target-ppc/cpu-qom.h
@@ -68,6 +68,10 @@ typedef struct PowerPCCPUClass {
#endif
void (*init_proc)(CPUPPCState *env);
int (*check_pow)(CPUPPCState *env);
+#if defined(CONFIG_SOFTMMU)
+ int (*handle_mmu_fault)(CPUPPCState *env, target_ulong eaddr, int rwx,
+ int mmu_idx);
+#endif
} PowerPCCPUClass;
/**
View
91 target-ppc/cpu.h
@@ -113,13 +113,13 @@ enum powerpc_mmu_t {
#if defined(TARGET_PPC64)
#define POWERPC_MMU_64 0x00010000
#define POWERPC_MMU_1TSEG 0x00020000
+#define POWERPC_MMU_AMR 0x00040000
/* 64 bits PowerPC MMU */
POWERPC_MMU_64B = POWERPC_MMU_64 | 0x00000001,
- /* 620 variant (no segment exceptions) */
- POWERPC_MMU_620 = POWERPC_MMU_64 | 0x00000002,
/* Architecture 2.06 variant */
- POWERPC_MMU_2_06 = POWERPC_MMU_64 | POWERPC_MMU_1TSEG | 0x00000003,
- /* Architecture 2.06 "degraded" (no 1T segments) */
+ POWERPC_MMU_2_06 = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
+ | POWERPC_MMU_AMR | 0x00000003,
+ /* Architecture 2.06 "degraded" (no 1T segments or AMR) */
POWERPC_MMU_2_06d = POWERPC_MMU_64 | 0x00000003,
#endif /* defined(TARGET_PPC64) */
};
@@ -396,36 +396,12 @@ union ppc_tlb_t {
#define SDR_64_HTABSIZE 0x000000000000001FULL
#endif /* defined(TARGET_PPC64 */
-#define HASH_PTE_SIZE_32 8
-#define HASH_PTE_SIZE_64 16
-
typedef struct ppc_slb_t ppc_slb_t;
struct ppc_slb_t {
uint64_t esid;
uint64_t vsid;
};
-/* Bits in the SLB ESID word */
-#define SLB_ESID_ESID 0xFFFFFFFFF0000000ULL
-#define SLB_ESID_V 0x0000000008000000ULL /* valid */
-
-/* Bits in the SLB VSID word */
-#define SLB_VSID_SHIFT 12
-#define SLB_VSID_SHIFT_1T 24
-#define SLB_VSID_SSIZE_SHIFT 62
-#define SLB_VSID_B 0xc000000000000000ULL
-#define SLB_VSID_B_256M 0x0000000000000000ULL
-#define SLB_VSID_B_1T 0x4000000000000000ULL
-#define SLB_VSID_VSID 0x3FFFFFFFFFFFF000ULL
-#define SLB_VSID_PTEM (SLB_VSID_B | SLB_VSID_VSID)
-#define SLB_VSID_KS 0x0000000000000800ULL
-#define SLB_VSID_KP 0x0000000000000400ULL
-#define SLB_VSID_N 0x0000000000000200ULL /* no-execute */
-#define SLB_VSID_L 0x0000000000000100ULL
-#define SLB_VSID_C 0x0000000000000080ULL /* class */
-#define SLB_VSID_LP 0x0000000000000030ULL
-#define SLB_VSID_ATTR 0x0000000000000FFFULL
-
#define SEGMENT_SHIFT_256M 28
#define SEGMENT_MASK_256M (~((1ULL << SEGMENT_SHIFT_256M) - 1))
@@ -965,8 +941,6 @@ struct CPUPPCState {
/* MMU context - only relevant for full system emulation */
#if !defined(CONFIG_USER_ONLY)
#if defined(TARGET_PPC64)
- /* Address space register */
- target_ulong asr;
/* PowerPC 64 SLB area */
ppc_slb_t slb[64];
int slb_nr;
@@ -1105,20 +1079,6 @@ do { \
env->wdt_period[3] = (d_); \
} while (0)
-#if !defined(CONFIG_USER_ONLY)
-/* Context used internally during MMU translations */
-typedef struct mmu_ctx_t mmu_ctx_t;
-struct mmu_ctx_t {
- hwaddr raddr; /* Real address */
- hwaddr eaddr; /* Effective address */
- int prot; /* Protection bits */
- hwaddr hash[2]; /* Pagetable hash values */
- target_ulong ptem; /* Virtual segment ID | API */
- int key; /* Access key */
- int nx; /* Non-execute area */
-};
-#endif
-
#include "cpu-qom.h"
/*****************************************************************************/
@@ -1130,17 +1090,14 @@ int cpu_ppc_exec (CPUPPCState *s);
is returned if the signal was handled by the virtual CPU. */
int cpu_ppc_signal_handler (int host_signum, void *pinfo,
void *puc);
-int cpu_ppc_handle_mmu_fault (CPUPPCState *env, target_ulong address, int rw,
- int mmu_idx);
-#define cpu_handle_mmu_fault cpu_ppc_handle_mmu_fault
void ppc_hw_interrupt (CPUPPCState *env);
+#if defined(CONFIG_USER_ONLY)
+int cpu_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw,
+ int mmu_idx);
+#endif
#if !defined(CONFIG_USER_ONLY)
void ppc_store_sdr1 (CPUPPCState *env, target_ulong value);
-#if defined(TARGET_PPC64)
-void ppc_store_asr (CPUPPCState *env, target_ulong value);
-int ppc_store_slb (CPUPPCState *env, target_ulong rb, target_ulong rs);
-#endif /* defined(TARGET_PPC64) */
#endif /* !defined(CONFIG_USER_ONLY) */
void ppc_store_msr (CPUPPCState *env, target_ulong value);
@@ -1172,14 +1129,13 @@ void store_40x_dbcr0 (CPUPPCState *env, uint32_t val);
void store_40x_sler (CPUPPCState *env, uint32_t val);
void store_booke_tcr (CPUPPCState *env, target_ulong val);
void store_booke_tsr (CPUPPCState *env, target_ulong val);
-int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
- hwaddr *raddrp, target_ulong address,
- uint32_t pid);
void ppc_tlb_invalidate_all (CPUPPCState *env);
void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr);
#endif
#endif
+void store_fpscr(CPUPPCState *env, uint64_t arg, uint32_t mask);
+
static inline uint64_t ppc_dump_gpr(CPUPPCState *env, int gprn)
{
uint64_t gprv;
@@ -1270,6 +1226,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_601_UDECR (0x006)
#define SPR_LR (0x008)
#define SPR_CTR (0x009)
+#define SPR_UAMR (0x00C)
#define SPR_DSCR (0x011)
#define SPR_DSISR (0x012)
#define SPR_DAR (0x013) /* DAE for PowerPC 601 */
@@ -1307,6 +1264,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_MPC_CMPH (0x09B)
#define SPR_MPC_LCTRL1 (0x09C)
#define SPR_MPC_LCTRL2 (0x09D)
+#define SPR_UAMOR (0x09D)
#define SPR_MPC_ICTRL (0x09E)
#define SPR_MPC_BAR (0x09F)
#define SPR_VRSAVE (0x100)
@@ -1489,11 +1447,9 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_RCPU_MI_RBA2 (0x302)
#define SPR_MPC_MI_AP (0x302)
#define SPR_PERF3 (0x303)
-#define SPR_620_PMC1R (0x303)
#define SPR_RCPU_MI_RBA3 (0x303)
#define SPR_MPC_MI_EPN (0x303)
#define SPR_PERF4 (0x304)
-#define SPR_620_PMC2R (0x304)
#define SPR_PERF5 (0x305)
#define SPR_MPC_MI_TWC (0x305)
#define SPR_PERF6 (0x306)
@@ -1509,7 +1465,6 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_RCPU_L2U_RBA2 (0x30A)
#define SPR_MPC_MD_AP (0x30A)
#define SPR_PERFB (0x30B)
-#define SPR_620_MMCR0R (0x30B)
#define SPR_RCPU_L2U_RBA3 (0x30B)
#define SPR_MPC_MD_EPN (0x30B)
#define SPR_PERFC (0x30C)
@@ -1524,9 +1479,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_UPERF1 (0x311)
#define SPR_UPERF2 (0x312)
#define SPR_UPERF3 (0x313)
-#define SPR_620_PMC1W (0x313)
#define SPR_UPERF4 (0x314)
-#define SPR_620_PMC2W (0x314)
#define SPR_UPERF5 (0x315)
#define SPR_UPERF6 (0x316)
#define SPR_UPERF7 (0x317)
@@ -1534,7 +1487,6 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_UPERF9 (0x319)
#define SPR_UPERFA (0x31A)
#define SPR_UPERFB (0x31B)
-#define SPR_620_MMCR0W (0x31B)
#define SPR_UPERFC (0x31C)
#define SPR_UPERFD (0x31D)
#define SPR_UPERFE (0x31E)
@@ -1606,49 +1558,33 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_USDA (0x3AF)
#define SPR_40x_ZPR (0x3B0)
#define SPR_BOOKE_MAS7 (0x3B0)
-#define SPR_620_PMR0 (0x3B0)
#define SPR_MMCR2 (0x3B0)
#define SPR_PMC5 (0x3B1)
#define SPR_40x_PID (0x3B1)
-#define SPR_620_PMR1 (0x3B1)
#define SPR_PMC6 (0x3B2)
#define SPR_440_MMUCR (0x3B2)
-#define SPR_620_PMR2 (0x3B2)
#define SPR_4xx_CCR0 (0x3B3)
#define SPR_BOOKE_EPLC (0x3B3)
-#define SPR_620_PMR3 (0x3B3)
#define SPR_405_IAC3 (0x3B4)
#define SPR_BOOKE_EPSC (0x3B4)
-#define SPR_620_PMR4 (0x3B4)
#define SPR_405_IAC4 (0x3B5)
-#define SPR_620_PMR5 (0x3B5)
#define SPR_405_DVC1 (0x3B6)
-#define SPR_620_PMR6 (0x3B6)
#define SPR_405_DVC2 (0x3B7)
-#define SPR_620_PMR7 (0x3B7)
#define SPR_BAMR (0x3B7)
#define SPR_MMCR0 (0x3B8)
-#define SPR_620_PMR8 (0x3B8)
#define SPR_PMC1 (0x3B9)
#define SPR_40x_SGR (0x3B9)
-#define SPR_620_PMR9 (0x3B9)
#define SPR_PMC2 (0x3BA)
#define SPR_40x_DCWR (0x3BA)
-#define SPR_620_PMRA (0x3BA)
#define SPR_SIAR (0x3BB)
#define SPR_405_SLER (0x3BB)
-#define SPR_620_PMRB (0x3BB)
#define SPR_MMCR1 (0x3BC)
#define SPR_405_SU0R (0x3BC)
-#define SPR_620_PMRC (0x3BC)
#define SPR_401_SKR (0x3BC)
#define SPR_PMC3 (0x3BD)
#define SPR_405_DBCR1 (0x3BD)
-#define SPR_620_PMRD (0x3BD)
#define SPR_PMC4 (0x3BE)
-#define SPR_620_PMRE (0x3BE)
#define SPR_SDA (0x3BF)
-#define SPR_620_PMRF (0x3BF)
#define SPR_403_VTBL (0x3CC)
#define SPR_403_VTBU (0x3CD)
#define SPR_DMISS (0x3D0)
@@ -1716,15 +1652,12 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp)
#define SPR_LDSTCR (0x3F8)
#define SPR_L2PMCR (0x3F8)
#define SPR_750FX_HID2 (0x3F8)
-#define SPR_620_BUSCSR (0x3F8)
#define SPR_Exxx_L1FINV0 (0x3F8)
#define SPR_L2CR (0x3F9)
-#define SPR_620_L2CR (0x3F9)
#define SPR_L3CR (0x3FA)
#define SPR_750_TDCH (0x3FA)
#define SPR_IABR2 (0x3FA)
#define SPR_40x_DCCR (0x3FA)
-#define SPR_620_L2SR (0x3FA)
#define SPR_ICTC (0x3FB)
#define SPR_40x_ICCR (0x3FB)
#define SPR_THRM1 (0x3FC)
View
5 target-ppc/fpu_helper.c
@@ -463,6 +463,11 @@ void helper_store_fpscr(CPUPPCState *env, uint64_t arg, uint32_t mask)
fpscr_set_rounding_mode(env);
}
+void store_fpscr(CPUPPCState *env, uint64_t arg, uint32_t mask)
+{
+ helper_store_fpscr(env, arg, mask);
+}
+
void helper_float_check_status(CPUPPCState *env)
{
if (env->exception_index == POWERPC_EXCP_PROGRAM &&
View
1  target-ppc/helper.h
@@ -382,7 +382,6 @@ DEF_HELPER_1(load_601_rtcl, tl, env)
DEF_HELPER_1(load_601_rtcu, tl, env)
#if !defined(CONFIG_USER_ONLY)
#if defined(TARGET_PPC64)
-DEF_HELPER_2(store_asr, void, env, tl)
DEF_HELPER_1(load_purr, tl, env)
#endif
DEF_HELPER_2(store_sdr1, void, env, tl)
View
3  target-ppc/kvm.c
@@ -32,6 +32,7 @@
#include "sysemu/device_tree.h"
#include "hw/sysbus.h"
#include "hw/spapr.h"
+#include "mmu-hash64.h"
#include "hw/sysbus.h"
#include "hw/spapr.h"
@@ -1077,7 +1078,7 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
dprintf("handle halt\n");
ret = kvmppc_handle_halt(cpu);
break;
-#ifdef CONFIG_PSERIES
+#if defined(TARGET_PPC64)
case KVM_EXIT_PAPR_HCALL:
dprintf("handle PAPR hypercall\n");
run->papr_hcall.ret = spapr_hypercall(cpu,
View
4 target-ppc/machine.c
@@ -37,7 +37,7 @@ void cpu_save(QEMUFile *f, void *opaque)
qemu_put_be32s(f, &fpscr);
qemu_put_sbe32s(f, &env->access_type);
#if defined(TARGET_PPC64)
- qemu_put_betls(f, &env->asr);
+ qemu_put_betls(f, &env->spr[SPR_ASR]);
qemu_put_sbe32s(f, &env->slb_nr);
#endif
qemu_put_betls(f, &env->spr[SPR_SDR1]);
@@ -125,7 +125,7 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
env->fpscr = fpscr;
qemu_get_sbe32s(f, &env->access_type);
#if defined(TARGET_PPC64)
- qemu_get_betls(f, &env->asr);
+ qemu_get_betls(f, &env->spr[SPR_ASR]);
qemu_get_sbe32s(f, &env->slb_nr);
#endif
qemu_get_betls(f, &sdr1);
View
38 target-ppc/mem_helper.c
@@ -252,41 +252,3 @@ STVE(stvewx, cpu_stl_data, bswap32, u32)
#undef HI_IDX
#undef LO_IDX
-
-/*****************************************************************************/
-/* Softmmu support */
-#if !defined(CONFIG_USER_ONLY)
-
-#define MMUSUFFIX _mmu
-
-#define SHIFT 0
-#include "exec/softmmu_template.h"
-
-#define SHIFT 1
-#include "exec/softmmu_template.h"
-
-#define SHIFT 2
-#include "exec/softmmu_template.h"
-
-#define SHIFT 3
-#include "exec/softmmu_template.h"
-
-/* try to fill the TLB and return an exception if error. If retaddr is
- NULL, it means that the function was called in C code (i.e. not
- from generated code or from helper.c) */
-/* XXX: fix it to restore all registers */
-void tlb_fill(CPUPPCState *env, target_ulong addr, int is_write, int mmu_idx,
- uintptr_t retaddr)
-{
- int ret;
-
- ret = cpu_ppc_handle_mmu_fault(env, addr, is_write, mmu_idx);
- if (unlikely(ret != 0)) {
- if (likely(retaddr)) {
- /* now we have a real cpu fault */
- cpu_restore_state(env, retaddr);
- }
- helper_raise_exception_err(env, env->exception_index, env->error_code);
- }
-}
-#endif /* !CONFIG_USER_ONLY */
View
6 target-ppc/misc_helper.c
@@ -35,12 +35,6 @@ void helper_store_dump_spr(CPUPPCState *env, uint32_t sprn)
env->spr[sprn]);
}
#if !defined(CONFIG_USER_ONLY)
-#if defined(TARGET_PPC64)
-void helper_store_asr(CPUPPCState *env, target_ulong val)
-{
- ppc_store_asr(env, val);
-}
-#endif
void helper_store_sdr1(CPUPPCState *env, target_ulong val)
{
View
560 target-ppc/mmu-hash32.c
@@ -0,0 +1,560 @@
+/*
+ * PowerPC MMU, TLB and BAT emulation helpers for QEMU.
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ * Copyright (c) 2013 David Gibson, IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "cpu.h"
+#include "helper.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "mmu-hash32.h"
+
+//#define DEBUG_MMU
+//#define DEBUG_BAT
+
+#ifdef DEBUG_MMU
+# define LOG_MMU(...) qemu_log(__VA_ARGS__)
+# define LOG_MMU_STATE(env) log_cpu_state((env), 0)
+#else
+# define LOG_MMU(...) do { } while (0)
+# define LOG_MMU_STATE(...) do { } while (0)
+#endif
+
+#ifdef DEBUG_BATS
+# define LOG_BATS(...) qemu_log(__VA_ARGS__)
+#else
+# define LOG_BATS(...) do { } while (0)
+#endif
+
+struct mmu_ctx_hash32 {
+ hwaddr raddr; /* Real address */
+ int prot; /* Protection bits */
+ int key; /* Access key */
+};
+
+static int ppc_hash32_pp_prot(int key, int pp, int nx)
+{
+ int prot;
+
+ if (key == 0) {
+ switch (pp) {
+ case 0x0:
+ case 0x1:
+ case 0x2:
+ prot = PAGE_READ | PAGE_WRITE;
+ break;
+
+ case 0x3:
+ prot = PAGE_READ;
+ break;
+
+ default:
+ abort();
+ }
+ } else {
+ switch (pp) {
+ case 0x0:
+ prot = 0;
+ break;
+
+ case 0x1:
+ case 0x3:
+ prot = PAGE_READ;
+ break;
+
+ case 0x2:
+ prot = PAGE_READ | PAGE_WRITE;
+ break;
+
+ default:
+ abort();
+ }
+ }
+ if (nx == 0) {
+ prot |= PAGE_EXEC;
+ }
+
+ return prot;
+}
+
+static int ppc_hash32_pte_prot(CPUPPCState *env,
+ target_ulong sr, ppc_hash_pte32_t pte)
+{
+ unsigned pp, key;
+
+ key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS));
+ pp = pte.pte1 & HPTE32_R_PP;
+
+ return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
+}
+
+static target_ulong hash32_bat_size(CPUPPCState *env,
+ target_ulong batu, target_ulong batl)
+{
+ if ((msr_pr && !(batu & BATU32_VP))
+ || (!msr_pr && !(batu & BATU32_VS))) {
+ return 0;
+ }
+
+ return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
+}
+
+static int hash32_bat_prot(CPUPPCState *env,
+ target_ulong batu, target_ulong batl)
+{
+ int pp, prot;
+
+ prot = 0;
+ pp = batl & BATL32_PP;
+ if (pp != 0) {
+ prot = PAGE_READ | PAGE_EXEC;
+ if (pp == 0x2) {
+ prot |= PAGE_WRITE;
+ }
+ }
+ return prot;
+}
+
+static target_ulong hash32_bat_601_size(CPUPPCState *env,
+ target_ulong batu, target_ulong batl)
+{
+ if (!(batl & BATL32_601_V)) {
+ return 0;
+ }
+
+ return BATU32_BEPI & ~((batl & BATL32_601_BL) << 17);
+}
+
+static int hash32_bat_601_prot(CPUPPCState *env,
+ target_ulong batu, target_ulong batl)
+{
+ int key, pp;
+
+ pp = batu & BATU32_601_PP;
+ if (msr_pr == 0) {
+ key = !!(batu & BATU32_601_KS);
+ } else {
+ key = !!(batu & BATU32_601_KP);
+ }
+ return ppc_hash32_pp_prot(key, pp, 0);
+}
+
+static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx,
+ int *prot)
+{
+ target_ulong *BATlt, *BATut;
+ int i;
+
+ LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
+ rwx == 2 ? 'I' : 'D', ea);
+ if (rwx == 2) {
+ BATlt = env->IBAT[1];
+ BATut = env->IBAT[0];
+ } else {
+ BATlt = env->DBAT[1];
+ BATut = env->DBAT[0];
+ }
+ for (i = 0; i < env->nb_BATs; i++) {
+ target_ulong batu = BATut[i];
+ target_ulong batl = BATlt[i];
+ target_ulong mask;
+
+ if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
+ mask = hash32_bat_601_size(env, batu, batl);
+ } else {
+ mask = hash32_bat_size(env, batu, batl);
+ }
+ LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
+ " BATl " TARGET_FMT_lx "\n", __func__,
+ type == ACCESS_CODE ? 'I' : 'D', i, ea, batu, batl);
+
+ if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
+ hwaddr raddr = (batl & mask) | (ea & ~mask);
+
+ if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
+ *prot = hash32_bat_601_prot(env, batu, batl);
+ } else {
+ *prot = hash32_bat_prot(env, batu, batl);
+ }
+
+ return raddr & TARGET_PAGE_MASK;
+ }
+ }
+
+ /* No hit */
+#if defined(DEBUG_BATS)
+ if (qemu_log_enabled()) {
+ LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", ea);
+ for (i = 0; i < 4; i++) {
+ BATu = &BATut[i];
+ BATl = &BATlt[i];
+ BEPIu = *BATu & BATU32_BEPIU;
+ BEPIl = *BATu & BATU32_BEPIL;
+ bl = (*BATu & 0x00001FFC) << 15;
+ LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
+ " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
+ TARGET_FMT_lx " " TARGET_FMT_lx "\n",
+ __func__, type == ACCESS_CODE ? 'I' : 'D', i, ea,
+ *BATu, *BATl, BEPIu, BEPIl, bl);
+ }
+ }
+#endif
+
+ return -1;
+}
+
+static int ppc_hash32_direct_store(CPUPPCState *env, target_ulong sr,
+ target_ulong eaddr, int rwx,
+ hwaddr *raddr, int *prot)
+{
+ int key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS));
+
+ LOG_MMU("direct store...\n");
+
+ if ((sr & 0x1FF00000) >> 20 == 0x07f) {
+ /* Memory-forced I/O controller interface access */
+ /* If T=1 and BUID=x'07F', the 601 performs a memory access
+ * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
+ */
+ *raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF);
+ *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ return 0;
+ }
+
+ if (rwx == 2) {
+ /* No code fetch is allowed in direct-store areas */
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x10000000;
+ return 1;
+ }
+
+ switch (env->access_type) {
+ case ACCESS_INT:
+ /* Integer load/store : only access allowed */
+ break;
+ case ACCESS_FLOAT:
+ /* Floating point load/store */
+ env->exception_index = POWERPC_EXCP_ALIGN;
+ env->error_code = POWERPC_EXCP_ALIGN_FP;
+ env->spr[SPR_DAR] = eaddr;
+ return 1;
+ case ACCESS_RES:
+ /* lwarx, ldarx or srwcx. */
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x06000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x04000000;
+ }
+ return 1;
+ case ACCESS_CACHE:
+ /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
+ /* Should make the instruction do no-op.
+ * As it already do no-op, it's quite easy :-)
+ */
+ *raddr = eaddr;
+ return 0;
+ case ACCESS_EXT:
+ /* eciwx or ecowx */
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x06100000;
+ } else {
+ env->spr[SPR_DSISR] = 0x04100000;
+ }
+ return 1;
+ default:
+ qemu_log("ERROR: instruction should not need "
+ "address translation\n");
+ abort();
+ }
+ if ((rwx == 1 || key != 1) && (rwx == 0 || key != 0)) {
+ *raddr = eaddr;
+ return 0;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x0a000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x08000000;
+ }
+ return 1;
+ }
+}
+
+hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash)
+{
+ return (hash * HASH_PTEG_SIZE_32) & env->htab_mask;
+}
+
+static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off,
+ bool secondary, target_ulong ptem,
+ ppc_hash_pte32_t *pte)
+{
+ hwaddr pte_offset = pteg_off;
+ target_ulong pte0, pte1;
+ int i;
+
+ for (i = 0; i < HPTES_PER_GROUP; i++) {
+ pte0 = ppc_hash32_load_hpte0(env, pte_offset);
+ pte1 = ppc_hash32_load_hpte1(env, pte_offset);
+
+ if ((pte0 & HPTE32_V_VALID)
+ && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
+ && HPTE32_V_COMPARE(pte0, ptem)) {
+ pte->pte0 = pte0;
+ pte->pte1 = pte1;
+ return pte_offset;
+ }
+
+ pte_offset += HASH_PTE_SIZE_32;
+ }
+
+ return -1;
+}
+
+static hwaddr ppc_hash32_htab_lookup(CPUPPCState *env,
+ target_ulong sr, target_ulong eaddr,
+ ppc_hash_pte32_t *pte)
+{
+ hwaddr pteg_off, pte_offset;
+ hwaddr hash;
+ uint32_t vsid, pgidx, ptem;
+
+ vsid = sr & SR32_VSID;
+ pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
+ hash = vsid ^ pgidx;
+ ptem = (vsid << 7) | (pgidx >> 10);
+
+ /* Page address translation */
+ LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx
+ " hash " TARGET_FMT_plx "\n",
+ env->htab_base, env->htab_mask, hash);
+
+ /* Primary PTEG lookup */
+ LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
+ " vsid=%" PRIx32 " ptem=%" PRIx32
+ " hash=" TARGET_FMT_plx "\n",
+ env->htab_base, env->htab_mask, vsid, ptem, hash);
+ pteg_off = get_pteg_offset32(env, hash);
+ pte_offset = ppc_hash32_pteg_search(env, pteg_off, 0, ptem, pte);
+ if (pte_offset == -1) {
+ /* Secondary PTEG lookup */
+ LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
+ " vsid=%" PRIx32 " api=%" PRIx32
+ " hash=" TARGET_FMT_plx "\n", env->htab_base,
+ env->htab_mask, vsid, ptem, ~hash);
+ pteg_off = get_pteg_offset32(env, ~hash);
+ pte_offset = ppc_hash32_pteg_search(env, pteg_off, 1, ptem, pte);
+ }
+
+ return pte_offset;
+}
+
+static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
+ target_ulong eaddr)
+{
+ hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
+ hwaddr mask = ~TARGET_PAGE_MASK;
+
+ return (rpn & ~mask) | (eaddr & mask);
+}
+
+int ppc_hash32_handle_mmu_fault(CPUPPCState *env, target_ulong eaddr, int rwx,
+ int mmu_idx)
+{
+ target_ulong sr;
+ hwaddr pte_offset;
+ ppc_hash_pte32_t pte;
+ int prot;
+ uint32_t new_pte1;
+ const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC};
+ hwaddr raddr;
+
+ assert((rwx == 0) || (rwx == 1) || (rwx == 2));
+
+ /* 1. Handle real mode accesses */
+ if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) {
+ /* Translation is off */
+ raddr = eaddr;
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
+ TARGET_PAGE_SIZE);
+ return 0;
+ }
+
+ /* 2. Check Block Address Translation entries (BATs) */
+ if (env->nb_BATs != 0) {
+ raddr = ppc_hash32_bat_lookup(env, eaddr, rwx, &prot);
+ if (raddr != -1) {
+ if (need_prot[rwx] & ~prot) {
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x08000000;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x0a000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x08000000;
+ }
+ }
+ return 1;
+ }
+
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK,
+ raddr & TARGET_PAGE_MASK, prot, mmu_idx,
+ TARGET_PAGE_SIZE);
+ return 0;
+ }
+ }
+
+ /* 3. Look up the Segment Register */
+ sr = env->sr[eaddr >> 28];
+
+ /* 4. Handle direct store segments */
+ if (sr & SR32_T) {
+ if (ppc_hash32_direct_store(env, sr, eaddr, rwx,
+ &raddr, &prot) == 0) {
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK,
+ raddr & TARGET_PAGE_MASK, prot, mmu_idx,
+ TARGET_PAGE_SIZE);
+ return 0;
+ } else {
+ return 1;
+ }
+ }
+
+ /* 5. Check for segment level no-execute violation */
+ if ((rwx == 2) && (sr & SR32_NX)) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x10000000;
+ return 1;
+ }
+
+ /* 6. Locate the PTE in the hash table */
+ pte_offset = ppc_hash32_htab_lookup(env, sr, eaddr, &pte);
+ if (pte_offset == -1) {
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x40000000;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x42000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x40000000;
+ }
+ }
+
+ return 1;
+ }
+ LOG_MMU("found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
+
+ /* 7. Check access permissions */
+
+ prot = ppc_hash32_pte_prot(env, sr, pte);
+
+ if (need_prot[rwx] & ~prot) {
+ /* Access right violation */
+ LOG_MMU("PTE access rejected\n");
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x08000000;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x0a000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x08000000;
+ }
+ }
+ return 1;
+ }
+
+ LOG_MMU("PTE access granted !\n");
+
+ /* 8. Update PTE referenced and changed bits if necessary */
+
+ new_pte1 = pte.pte1 | HPTE32_R_R; /* set referenced bit */
+ if (rwx == 1) {
+ new_pte1 |= HPTE32_R_C; /* set changed (dirty) bit */
+ } else {
+ /* Treat the page as read-only for now, so that a later write
+ * will pass through this function again to set the C bit */
+ prot &= ~PAGE_WRITE;
+ }
+
+ if (new_pte1 != pte.pte1) {
+ ppc_hash32_store_hpte1(env, pte_offset, new_pte1);
+ }
+
+ /* 9. Determine the real address from the PTE */
+
+ raddr = ppc_hash32_pte_raddr(sr, pte, eaddr);
+
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ prot, mmu_idx, TARGET_PAGE_SIZE);
+
+ return 0;
+}
+
+hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong eaddr)
+{
+ target_ulong sr;
+ hwaddr pte_offset;
+ ppc_hash_pte32_t pte;
+ int prot;
+
+ if (msr_dr == 0) {
+ /* Translation is off */
+ return eaddr;
+ }
+
+ if (env->nb_BATs != 0) {
+ hwaddr raddr = ppc_hash32_bat_lookup(env, eaddr, 0, &prot);
+ if (raddr != -1) {
+ return raddr;
+ }
+ }
+
+ sr = env->sr[eaddr >> 28];
+
+ if (sr & SR32_T) {
+ /* FIXME: Add suitable debug support for Direct Store segments */
+ return -1;
+ }
+
+ pte_offset = ppc_hash32_htab_lookup(env, sr, eaddr, &pte);
+ if (pte_offset == -1) {
+ return -1;
+ }
+
+ return ppc_hash32_pte_raddr(sr, pte, eaddr) & TARGET_PAGE_MASK;
+}
View
102 target-ppc/mmu-hash32.h
@@ -0,0 +1,102 @@
+#if !defined (__MMU_HASH32_H__)
+#define __MMU_HASH32_H__
+
+#ifndef CONFIG_USER_ONLY
+
+hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash);
+hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong addr);
+int ppc_hash32_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw,
+ int mmu_idx);
+
+/*
+ * Segment register definitions
+ */
+
+#define SR32_T 0x80000000
+#define SR32_KS 0x40000000
+#define SR32_KP 0x20000000
+#define SR32_NX 0x10000000
+#define SR32_VSID 0x00ffffff
+
+/*
+ * Block Address Translation (BAT) definitions
+ */
+
+#define BATU32_BEPI 0xfffe0000
+#define BATU32_BL 0x00001ffc
+#define BATU32_VS 0x00000002
+#define BATU32_VP 0x00000001
+
+
+#define BATL32_BRPN 0xfffe0000
+#define BATL32_WIMG 0x00000078
+#define BATL32_PP 0x00000003
+
+/* PowerPC 601 has slightly different BAT registers */
+
+#define BATU32_601_KS 0x00000008
+#define BATU32_601_KP 0x00000004
+#define BATU32_601_PP 0x00000003
+
+#define BATL32_601_V 0x00000040
+#define BATL32_601_BL 0x0000003f
+
+/*
+ * Hash page table definitions
+ */
+
+#define HPTES_PER_GROUP 8
+#define HASH_PTE_SIZE_32 8
+#define HASH_PTEG_SIZE_32 (HASH_PTE_SIZE_32 * HPTES_PER_GROUP)
+
+#define HPTE32_V_VALID 0x80000000
+#define HPTE32_V_VSID 0x7fffff80
+#define HPTE32_V_SECONDARY 0x00000040
+#define HPTE32_V_API 0x0000003f
+#define HPTE32_V_COMPARE(x, y) (!(((x) ^ (y)) & 0x7fffffbf))
+
+#define HPTE32_R_RPN 0xfffff000
+#define HPTE32_R_R 0x00000100
+#define HPTE32_R_C 0x00000080
+#define HPTE32_R_W 0x00000040
+#define HPTE32_R_I 0x00000020
+#define HPTE32_R_M 0x00000010
+#define HPTE32_R_G 0x00000008
+#define HPTE32_R_WIMG 0x00000078
+#define HPTE32_R_PP 0x00000003
+
+static inline target_ulong ppc_hash32_load_hpte0(CPUPPCState *env,
+ hwaddr pte_offset)
+{
+ assert(!env->external_htab); /* Not supported on 32-bit for now */
+ return ldl_phys(env->htab_base + pte_offset);
+}
+
+static inline target_ulong ppc_hash32_load_hpte1(CPUPPCState *env,
+ hwaddr pte_offset)
+{
+ assert(!env->external_htab); /* Not supported on 32-bit for now */
+ return ldl_phys(env->htab_base + pte_offset + HASH_PTE_SIZE_32/2);
+}
+
+static inline void ppc_hash32_store_hpte0(CPUPPCState *env,
+ hwaddr pte_offset, target_ulong pte0)
+{
+ assert(!env->external_htab); /* Not supported on 32-bit for now */
+ stl_phys(env->htab_base + pte_offset, pte0);
+}
+
+static inline void ppc_hash32_store_hpte1(CPUPPCState *env,
+ hwaddr pte_offset, target_ulong pte1)
+{
+ assert(!env->external_htab); /* Not supported on 32-bit for now */
+ stl_phys(env->htab_base + pte_offset + HASH_PTE_SIZE_32/2, pte1);
+}
+
+typedef struct {
+ uint32_t pte0, pte1;
+} ppc_hash_pte32_t;
+
+#endif /* CONFIG_USER_ONLY */
+
+#endif /* __MMU_HASH32_H__ */
View
546 target-ppc/mmu-hash64.c
@@ -0,0 +1,546 @@
+/*
+ * PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU.
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ * Copyright (c) 2013 David Gibson, IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "cpu.h"
+#include "helper.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "mmu-hash64.h"
+
+//#define DEBUG_MMU
+//#define DEBUG_SLB
+
+#ifdef DEBUG_MMU
+# define LOG_MMU(...) qemu_log(__VA_ARGS__)
+# define LOG_MMU_STATE(env) log_cpu_state((env), 0)
+#else
+# define LOG_MMU(...) do { } while (0)
+# define LOG_MMU_STATE(...) do { } while (0)
+#endif
+
+#ifdef DEBUG_SLB
+# define LOG_SLB(...) qemu_log(__VA_ARGS__)
+#else
+# define LOG_SLB(...) do { } while (0)
+#endif
+
+/*
+ * SLB handling
+ */
+
+static ppc_slb_t *slb_lookup(CPUPPCState *env, target_ulong eaddr)
+{
+ uint64_t esid_256M, esid_1T;
+ int n;
+
+ LOG_SLB("%s: eaddr " TARGET_FMT_lx "\n", __func__, eaddr);
+
+ esid_256M = (eaddr & SEGMENT_MASK_256M) | SLB_ESID_V;
+ esid_1T = (eaddr & SEGMENT_MASK_1T) | SLB_ESID_V;
+
+ for (n = 0; n < env->slb_nr; n++) {
+ ppc_slb_t *slb = &env->slb[n];
+
+ LOG_SLB("%s: slot %d %016" PRIx64 " %016"
+ PRIx64 "\n", __func__, n, slb->esid, slb->vsid);
+ /* We check for 1T matches on all MMUs here - if the MMU
+ * doesn't have 1T segment support, we will have prevented 1T
+ * entries from being inserted in the slbmte code. */
+ if (((slb->esid == esid_256M) &&
+ ((slb->vsid & SLB_VSID_B) == SLB_VSID_B_256M))
+ || ((slb->esid == esid_1T) &&
+ ((slb->vsid & SLB_VSID_B) == SLB_VSID_B_1T))) {
+ return slb;
+ }
+ }
+
+ return NULL;
+}
+
+void dump_slb(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)
+{
+ int i;
+ uint64_t slbe, slbv;
+
+ cpu_synchronize_state(env);
+
+ cpu_fprintf(f, "SLB\tESID\t\t\tVSID\n");
+ for (i = 0; i < env->slb_nr; i++) {
+ slbe = env->slb[i].esid;
+ slbv = env->slb[i].vsid;
+ if (slbe == 0 && slbv == 0) {
+ continue;
+ }
+ cpu_fprintf(f, "%d\t0x%016" PRIx64 "\t0x%016" PRIx64 "\n",
+ i, slbe, slbv);
+ }
+}
+
+void helper_slbia(CPUPPCState *env)
+{
+ int n, do_invalidate;
+
+ do_invalidate = 0;
+ /* XXX: Warning: slbia never invalidates the first segment */
+ for (n = 1; n < env->slb_nr; n++) {
+ ppc_slb_t *slb = &env->slb[n];
+
+ if (slb->esid & SLB_ESID_V) {
+ slb->esid &= ~SLB_ESID_V;
+ /* XXX: given the fact that segment size is 256 MB or 1TB,
+ * and we still don't have a tlb_flush_mask(env, n, mask)
+ * in QEMU, we just invalidate all TLBs
+ */
+ do_invalidate = 1;
+ }
+ }
+ if (do_invalidate) {
+ tlb_flush(env, 1);
+ }
+}
+
+void helper_slbie(CPUPPCState *env, target_ulong addr)
+{
+ ppc_slb_t *slb;
+
+ slb = slb_lookup(env, addr);
+ if (!slb) {
+ return;
+ }
+
+ if (slb->esid & SLB_ESID_V) {
+ slb->esid &= ~SLB_ESID_V;
+
+ /* XXX: given the fact that segment size is 256 MB or 1TB,
+ * and we still don't have a tlb_flush_mask(env, n, mask)
+ * in QEMU, we just invalidate all TLBs
+ */
+ tlb_flush(env, 1);
+ }
+}
+
+int ppc_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs)
+{
+ int slot = rb & 0xfff;
+ ppc_slb_t *slb = &env->slb[slot];
+
+ if (rb & (0x1000 - env->slb_nr)) {
+ return -1; /* Reserved bits set or slot too high */
+ }
+ if (rs & (SLB_VSID_B & ~SLB_VSID_B_1T)) {
+ return -1; /* Bad segment size */
+ }
+ if ((rs & SLB_VSID_B) && !(env->mmu_model & POWERPC_MMU_1TSEG)) {
+ return -1; /* 1T segment on MMU that doesn't support it */
+ }
+
+ /* Mask out the slot number as we store the entry */
+ slb->esid = rb & (SLB_ESID_ESID | SLB_ESID_V);
+ slb->vsid = rs;
+
+ LOG_SLB("%s: %d " TARGET_FMT_lx " - " TARGET_FMT_lx " => %016" PRIx64
+ " %016" PRIx64 "\n", __func__, slot, rb, rs,
+ slb->esid, slb->vsid);
+
+ return 0;
+}
+
+static int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb,
+ target_ulong *rt)
+{
+ int slot = rb & 0xfff;
+ ppc_slb_t *slb = &env->slb[slot];
+
+ if (slot >= env->slb_nr) {
+ return -1;
+ }
+
+ *rt = slb->esid;
+ return 0;
+}
+
+static int ppc_load_slb_vsid(CPUPPCState *env, target_ulong rb,
+ target_ulong *rt)
+{
+ int slot = rb & 0xfff;
+ ppc_slb_t *slb = &env->slb[slot];
+
+ if (slot >= env->slb_nr) {
+ return -1;
+ }
+
+ *rt = slb->vsid;
+ return 0;
+}
+
+void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs)
+{
+ if (ppc_store_slb(env, rb, rs) < 0) {
+ helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+ POWERPC_EXCP_INVAL);
+ }
+}
+
+target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb)
+{
+ target_ulong rt = 0;
+
+ if (ppc_load_slb_esid(env, rb, &rt) < 0) {
+ helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+ POWERPC_EXCP_INVAL);
+ }
+ return rt;
+}
+
+target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
+{
+ target_ulong rt = 0;
+
+ if (ppc_load_slb_vsid(env, rb, &rt) < 0) {
+ helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+ POWERPC_EXCP_INVAL);
+ }
+ return rt;
+}
+
+/*
+ * 64-bit hash table MMU handling
+ */
+
+static int ppc_hash64_pte_prot(CPUPPCState *env,
+ ppc_slb_t *slb, ppc_hash_pte64_t pte)
+{
+ unsigned pp, key;
+ /* Some pp bit combinations have undefined behaviour, so default
+ * to no access in those cases */
+ int prot = 0;
+
+ key = !!(msr_pr ? (slb->vsid & SLB_VSID_KP)
+ : (slb->vsid & SLB_VSID_KS));
+ pp = (pte.pte1 & HPTE64_R_PP) | ((pte.pte1 & HPTE64_R_PP0) >> 61);
+
+ if (key == 0) {
+ switch (pp) {
+ case 0x0:
+ case 0x1:
+ case 0x2:
+ prot = PAGE_READ | PAGE_WRITE;
+ break;
+
+ case 0x3:
+ case 0x6:
+ prot = PAGE_READ;
+ break;
+ }
+ } else {
+ switch (pp) {
+ case 0x0:
+ case 0x6:
+ prot = 0;
+ break;
+
+ case 0x1:
+ case 0x3:
+ prot = PAGE_READ;
+ break;
+
+ case 0x2:
+ prot = PAGE_READ | PAGE_WRITE;
+ break;
+ }
+ }
+
+ /* No execute if either noexec or guarded bits set */
+ if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
+ || (slb->vsid & SLB_VSID_N)) {
+ prot |= PAGE_EXEC;
+ }
+
+ return prot;
+}
+
+static int ppc_hash64_amr_prot(CPUPPCState *env, ppc_hash_pte64_t pte)
+{
+ int key, amrbits;
+ int prot = PAGE_EXEC;
+
+
+ /* Only recent MMUs implement Virtual Page Class Key Protection */
+ if (!(env->mmu_model & POWERPC_MMU_AMR)) {
+ return PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ }
+
+ key = HPTE64_R_KEY(pte.pte1);
+ amrbits = (env->spr[SPR_AMR] >> 2*(31 - key)) & 0x3;
+
+ /* fprintf(stderr, "AMR protection: key=%d AMR=0x%" PRIx64 "\n", key, */
+ /* env->spr[SPR_AMR]); */
+
+ if (amrbits & 0x2) {
+ prot |= PAGE_WRITE;
+ }
+ if (amrbits & 0x1) {
+ prot |= PAGE_READ;
+ }
+
+ return prot;
+}
+
+static hwaddr ppc_hash64_pteg_search(CPUPPCState *env, hwaddr pteg_off,
+ bool secondary, target_ulong ptem,
+ ppc_hash_pte64_t *pte)
+{
+ hwaddr pte_offset = pteg_off;
+ target_ulong pte0, pte1;
+ int i;
+
+ for (i = 0; i < HPTES_PER_GROUP; i++) {
+ pte0 = ppc_hash64_load_hpte0(env, pte_offset);
+ pte1 = ppc_hash64_load_hpte1(env, pte_offset);
+
+ if ((pte0 & HPTE64_V_VALID)
+ && (secondary == !!(pte0 & HPTE64_V_SECONDARY))
+ && HPTE64_V_COMPARE(pte0, ptem)) {
+ pte->pte0 = pte0;
+ pte->pte1 = pte1;
+ return pte_offset;
+ }
+
+ pte_offset += HASH_PTE_SIZE_64;
+ }
+
+ return -1;
+}
+
+static hwaddr ppc_hash64_htab_lookup(CPUPPCState *env,
+ ppc_slb_t *slb, target_ulong eaddr,
+ ppc_hash_pte64_t *pte)
+{
+ hwaddr pteg_off, pte_offset;
+ hwaddr hash;
+ uint64_t vsid, epnshift, epnmask, epn, ptem;
+
+ /* Page size according to the SLB, which we use to generate the
+ * EPN for hash table lookup.. When we implement more recent MMU
+ * extensions this might be different from the actual page size
+ * encoded in the PTE */
+ epnshift = (slb->vsid & SLB_VSID_L)
+ ? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;
+ epnmask = ~((1ULL << epnshift) - 1);
+
+ if (slb->vsid & SLB_VSID_B) {
+ /* 1TB segment */
+ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT_1T;
+ epn = (eaddr & ~SEGMENT_MASK_1T) & epnmask;
+ hash = vsid ^ (vsid << 25) ^ (epn >> epnshift);
+ } else {
+ /* 256M segment */
+ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT;
+ epn = (eaddr & ~SEGMENT_MASK_256M) & epnmask;
+ hash = vsid ^ (epn >> epnshift);
+ }
+ ptem = (slb->vsid & SLB_VSID_PTEM) | ((epn >> 16) & HPTE64_V_AVPN);
+
+ /* Page address translation */
+ LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx
+ " hash " TARGET_FMT_plx "\n",
+ env->htab_base, env->htab_mask, hash);
+
+ /* Primary PTEG lookup */
+ LOG_MMU("0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
+ " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx
+ " hash=" TARGET_FMT_plx "\n",
+ env->htab_base, env->htab_mask, vsid, ptem, hash);
+ pteg_off = (hash * HASH_PTEG_SIZE_64) & env->htab_mask;
+ pte_offset = ppc_hash64_pteg_search(env, pteg_off, 0, ptem, pte);
+
+ if (pte_offset == -1) {
+ /* Secondary PTEG lookup */
+ LOG_MMU("1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
+ " vsid=" TARGET_FMT_lx " api=" TARGET_FMT_lx
+ " hash=" TARGET_FMT_plx "\n", env->htab_base,
+ env->htab_mask, vsid, ptem, ~hash);
+
+ pteg_off = (~hash * HASH_PTEG_SIZE_64) & env->htab_mask;
+ pte_offset = ppc_hash64_pteg_search(env, pteg_off, 1, ptem, pte);
+ }
+
+ return pte_offset;
+}
+
+static hwaddr ppc_hash64_pte_raddr(ppc_slb_t *slb, ppc_hash_pte64_t pte,
+ target_ulong eaddr)
+{
+ hwaddr rpn = pte.pte1 & HPTE64_R_RPN;
+ /* FIXME: Add support for SLLP extended page sizes */
+ int target_page_bits = (slb->vsid & SLB_VSID_L)
+ ? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;
+ hwaddr mask = (1ULL << target_page_bits) - 1;
+
+ return (rpn & ~mask) | (eaddr & mask);
+}
+
+int ppc_hash64_handle_mmu_fault(CPUPPCState *env, target_ulong eaddr,
+ int rwx, int mmu_idx)
+{
+ ppc_slb_t *slb;
+ hwaddr pte_offset;
+ ppc_hash_pte64_t pte;
+ int pp_prot, amr_prot, prot;
+ uint64_t new_pte1;
+ const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC};
+ hwaddr raddr;
+
+ assert((rwx == 0) || (rwx == 1) || (rwx == 2));
+
+ /* 1. Handle real mode accesses */
+ if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) {
+ /* Translation is off */
+ /* In real mode the top 4 effective address bits are ignored */
+ raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
+ TARGET_PAGE_SIZE);
+ return 0;
+ }
+
+ /* 2. Translation is on, so look up the SLB */
+ slb = slb_lookup(env, eaddr);
+
+ if (!slb) {
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISEG;
+ env->error_code = 0;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSEG;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ }
+ return 1;
+ }
+
+ /* 3. Check for segment level no-execute violation */
+ if ((rwx == 2) && (slb->vsid & SLB_VSID_N)) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x10000000;
+ return 1;
+ }
+
+ /* 4. Locate the PTE in the hash table */
+ pte_offset = ppc_hash64_htab_lookup(env, slb, eaddr, &pte);
+ if (pte_offset == -1) {
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x40000000;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x42000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x40000000;
+ }
+ }
+ return 1;
+ }
+ LOG_MMU("found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
+
+ /* 5. Check access permissions */
+
+ pp_prot = ppc_hash64_pte_prot(env, slb, pte);
+ amr_prot = ppc_hash64_amr_prot(env, pte);
+ prot = pp_prot & amr_prot;
+
+ if ((need_prot[rwx] & ~prot) != 0) {
+ /* Access right violation */
+ LOG_MMU("PTE access rejected\n");
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x08000000;
+ } else {
+ target_ulong dsisr = 0;
+
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (need_prot[rwx] & ~pp_prot) {
+ dsisr |= 0x08000000;
+ }
+ if (rwx == 1) {
+ dsisr |= 0x02000000;
+ }
+ if (need_prot[rwx] & ~amr_prot) {
+ dsisr |= 0x00200000;
+ }
+ env->spr[SPR_DSISR] = dsisr;
+ }
+ return 1;
+ }
+
+ LOG_MMU("PTE access granted !\n");
+
+ /* 6. Update PTE referenced and changed bits if necessary */
+
+ new_pte1 = pte.pte1 | HPTE64_R_R; /* set referenced bit */
+ if (rwx == 1) {
+ new_pte1 |= HPTE64_R_C; /* set changed (dirty) bit */
+ } else {
+ /* Treat the page as read-only for now, so that a later write
+ * will pass through this function again to set the C bit */
+ prot &= ~PAGE_WRITE;
+ }
+
+ if (new_pte1 != pte.pte1) {
+ ppc_hash64_store_hpte1(env, pte_offset, new_pte1);
+ }
+
+ /* 7. Determine the real address from the PTE */
+
+ raddr = ppc_hash64_pte_raddr(slb, pte, eaddr);
+
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ prot, mmu_idx, TARGET_PAGE_SIZE);
+
+ return 0;
+}
+
+hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr)
+{
+ ppc_slb_t *slb;
+ hwaddr pte_offset;
+ ppc_hash_pte64_t pte;
+
+ if (msr_dr == 0) {
+ /* In real mode the top 4 effective address bits are ignored */
+ return addr & 0x0FFFFFFFFFFFFFFFULL;
+ }
+
+ slb = slb_lookup(env, addr);
+ if (!slb) {
+ return -1;
+ }
+
+ pte_offset = ppc_hash64_htab_lookup(env, slb, addr, &pte);
+ if (pte_offset == -1) {
+ return -1;
+ }
+
+ return ppc_hash64_pte_raddr(slb, pte, addr) & TARGET_PAGE_MASK;
+}
View
124 target-ppc/mmu-hash64.h
@@ -0,0 +1,124 @@
+#if !defined (__MMU_HASH64_H__)
+#define __MMU_HASH64_H__
+
+#ifndef CONFIG_USER_ONLY
+
+#ifdef TARGET_PPC64
+void dump_slb(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env);
+int ppc_store_slb (CPUPPCState *env, target_ulong rb, target_ulong rs);
+hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr);
+int ppc_hash64_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw,
+ int mmu_idx);
+#endif
+
+/*
+ * SLB definitions
+ */
+
+/* Bits in the SLB ESID word */
+#define SLB_ESID_ESID 0xFFFFFFFFF0000000ULL
+#define SLB_ESID_V 0x0000000008000000ULL /* valid */
+
+/* Bits in the SLB VSID word */
+#define SLB_VSID_SHIFT 12
+#define SLB_VSID_SHIFT_1T 24
+#define SLB_VSID_SSIZE_SHIFT 62
+#define SLB_VSID_B 0xc000000000000000ULL
+#define SLB_VSID_B_256M 0x0000000000000000ULL
+#define SLB_VSID_B_1T 0x4000000000000000ULL
+#define SLB_VSID_VSID 0x3FFFFFFFFFFFF000ULL
+#define SLB_VSID_PTEM (SLB_VSID_B | SLB_VSID_VSID)
+#define SLB_VSID_KS 0x0000000000000800ULL
+#define SLB_VSID_KP 0x0000000000000400ULL
+#define SLB_VSID_N 0x0000000000000200ULL /* no-execute */
+#define SLB_VSID_L 0x0000000000000100ULL
+#define SLB_VSID_C 0x0000000000000080ULL /* class */
+#define SLB_VSID_LP 0x0000000000000030ULL
+#define SLB_VSID_ATTR 0x0000000000000FFFULL
+
+/*
+ * Hash page table definitions
+ */
+
+#define HPTES_PER_GROUP 8
+#define HASH_PTE_SIZE_64 16
+#define HASH_PTEG_SIZE_64 (HASH_PTE_SIZE_64 * HPTES_PER_GROUP)
+
+#define HPTE64_V_SSIZE_SHIFT 62
+#define HPTE64_V_AVPN_SHIFT 7
+#define HPTE64_V_AVPN 0x3fffffffffffff80ULL
+#define HPTE64_V_AVPN_VAL(x) (((x) & HPTE64_V_AVPN) >> HPTE64_V_AVPN_SHIFT)
+#define HPTE64_V_COMPARE(x, y) (!(((x) ^ (y)) & 0xffffffffffffff80ULL))
+#define HPTE64_V_LARGE 0x0000000000000004ULL
+#define HPTE64_V_SECONDARY 0x0000000000000002ULL
+#define HPTE64_V_VALID 0x0000000000000001ULL
+
+#define HPTE64_R_PP0 0x8000000000000000ULL
+#define HPTE64_R_TS 0x4000000000000000ULL
+#define HPTE64_R_KEY_HI 0x3000000000000000ULL
+#define HPTE64_R_RPN_SHIFT 12
+#define HPTE64_R_RPN 0x0ffffffffffff000ULL
+#define HPTE64_R_FLAGS 0x00000000000003ffULL
+#define HPTE64_R_PP 0x0000000000000003ULL
+#define HPTE64_R_N 0x0000000000000004ULL
+#define HPTE64_R_G 0x0000000000000008ULL
+#define HPTE64_R_M 0x0000000000000010ULL
+#define HPTE64_R_I 0x0000000000000020ULL
+#define HPTE64_R_W 0x0000000000000040ULL
+#define HPTE64_R_WIMG 0x0000000000000078ULL
+#define HPTE64_R_C 0x0000000000000080ULL
+#define HPTE64_R_R 0x0000000000000100ULL
+#define HPTE64_R_KEY_LO 0x0000000000000e00ULL
+#define HPTE64_R_KEY(x) ((((x) & HPTE64_R_KEY_HI) >> 60) | \
+ (((x) & HPTE64_R_KEY_LO) >> 9))
+
+#define HPTE64_V_1TB_SEG 0x4000000000000000ULL
+#define HPTE64_V_VRMA_MASK 0x4001ffffff000000ULL
+
+static inline target_ulong ppc_hash64_load_hpte0(CPUPPCState *env,
+ hwaddr pte_offset)
+{
+ if (env->external_htab) {
+ return ldq_p(env->external_htab + pte_offset);
+ } else {
+ return ldq_phys(env->htab_base + pte_offset);
+ }
+}
+
+static inline target_ulong ppc_hash64_load_hpte1(CPUPPCState *env,
+ hwaddr pte_offset)
+{
+ if (env->external_htab) {
+ return ldq_p(env->external_htab + pte_offset + HASH_PTE_SIZE_64/2);
+ } else {
+ return ldq_phys(env->htab_base + pte_offset + HASH_PTE_SIZE_64/2);
+ }
+}
+
+static inline void ppc_hash64_store_hpte0(CPUPPCState *env,
+ hwaddr pte_offset, target_ulong pte0)
+{
+ if (env->external_htab) {
+ stq_p(env->external_htab + pte_offset, pte0);
+ } else {
+ stq_phys(env->htab_base + pte_offset, pte0);
+ }
+}
+
+static inline void ppc_hash64_store_hpte1(CPUPPCState *env,
+ hwaddr pte_offset, target_ulong pte1)
+{
+ if (env->external_htab) {
+ stq_p(env->external_htab + pte_offset + HASH_PTE_SIZE_64/2, pte1);
+ } else {
+ stq_phys(env->htab_base + pte_offset + HASH_PTE_SIZE_64/2, pte1);
+ }
+}
+
+typedef struct {
+ uint64_t pte0, pte1;
+} ppc_hash_pte64_t;
+
+#endif /* CONFIG_USER_ONLY */
+
+#endif /* !defined (__MMU_HASH64_H__) */
View
835 target-ppc/mmu_helper.c
@@ -20,10 +20,11 @@
#include "helper.h"
#include "sysemu/kvm.h"
#include "kvm_ppc.h"
+#include "mmu-hash64.h"
+#include "mmu-hash32.h"
//#define DEBUG_MMU
//#define DEBUG_BATS
-//#define DEBUG_SLB
//#define DEBUG_SOFTWARE_TLB
//#define DUMP_PAGE_TABLES
//#define DEBUG_SOFTWARE_TLB
@@ -49,39 +50,21 @@
# define LOG_BATS(...) do { } while (0)
#endif
-#ifdef DEBUG_SLB
-# define LOG_SLB(...) qemu_log(__VA_ARGS__)
-#else
-# define LOG_SLB(...) do { } while (0)
-#endif
-
/*****************************************************************************/
/* PowerPC MMU emulation */
-#if defined(CONFIG_USER_ONLY)
-int cpu_ppc_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw,
- int mmu_idx)
-{
- int exception, error_code;
- if (rw == 2) {
- exception = POWERPC_EXCP_ISI;
- error_code = 0x40000000;
- } else {
- exception = POWERPC_EXCP_DSI;
- error_code = 0x40000000;
- if (rw) {
- error_code |= 0x02000000;
- }
- env->spr[SPR_DAR] = address;
- env->spr[SPR_DSISR] = error_code;
- }
- env->exception_index = exception;
- env->error_code = error_code;
-
- return 1;
-}
+/* Context used internally during MMU translations */
+typedef struct mmu_ctx_t mmu_ctx_t;
+struct mmu_ctx_t {
+ hwaddr raddr; /* Real address */
+ hwaddr eaddr; /* Effective address */
+ int prot; /* Protection bits */
+ hwaddr hash[2]; /* Pagetable hash values */
+ target_ulong ptem; /* Virtual segment ID | API */
+ int key; /* Access key */
+ int nx; /* Non-execute area */
+};
-#else
/* Common routines used by software and hardware TLBs emulation */
static inline int pte_is_valid(target_ulong pte0)
{
@@ -93,31 +76,14 @@ static inline void pte_invalidate(target_ulong *pte0)
*pte0 &= ~0x80000000;
}
-#if defined(TARGET_PPC64)
-static inline int pte64_is_valid(target_ulong pte0)
-{
- return pte0 & 0x0000000000000001ULL ? 1 : 0;
-}
-
-static inline void pte64_invalidate(target_ulong *pte0)
-{
- *pte0 &= ~0x0000000000000001ULL;
-}
-#endif
-
#define PTE_PTEM_MASK 0x7FFFFFBF
#define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
-#if defined(TARGET_PPC64)
-#define PTE64_PTEM_MASK 0xFFFFFFFFFFFFFF80ULL
-#define PTE64_CHECK_MASK (TARGET_PAGE_MASK | 0x7F)
-#endif
-static inline int pp_check(int key, int pp, int nx)
+static int