2 * PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
5 * Copyright (c) 2013 David Gibson, IBM Corporation
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu/osdep.h"
21 #include "qapi/error.h"
23 #include "exec/helper-proto.h"
24 #include "qemu/error-report.h"
25 #include "sysemu/kvm.h"
26 #include "qemu/error-report.h"
28 #include "mmu-hash64.h"
34 # define LOG_SLB(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
36 # define LOG_SLB(...) do { } while (0)
40 * Used to indicate that a CPU has its hash page table (HPT) managed
41 * within the host kernel
43 #define MMU_HASH64_KVM_MANAGED_HPT ((void *)-1)
49 static ppc_slb_t *slb_lookup(PowerPCCPU *cpu, target_ulong eaddr)
51 CPUPPCState *env = &cpu->env;
52 uint64_t esid_256M, esid_1T;
55 LOG_SLB("%s: eaddr " TARGET_FMT_lx "\n", __func__, eaddr);
57 esid_256M = (eaddr & SEGMENT_MASK_256M) | SLB_ESID_V;
58 esid_1T = (eaddr & SEGMENT_MASK_1T) | SLB_ESID_V;
60 for (n = 0; n < env->slb_nr; n++) {
61 ppc_slb_t *slb = &env->slb[n];
63 LOG_SLB("%s: slot %d %016" PRIx64 " %016"
64 PRIx64 "\n", __func__, n, slb->esid, slb->vsid);
65 /* We check for 1T matches on all MMUs here - if the MMU
66 * doesn't have 1T segment support, we will have prevented 1T
67 * entries from being inserted in the slbmte code. */
68 if (((slb->esid == esid_256M) &&
69 ((slb->vsid & SLB_VSID_B) == SLB_VSID_B_256M))
70 || ((slb->esid == esid_1T) &&
71 ((slb->vsid & SLB_VSID_B) == SLB_VSID_B_1T))) {
79 void dump_slb(FILE *f, fprintf_function cpu_fprintf, PowerPCCPU *cpu)
81 CPUPPCState *env = &cpu->env;
85 cpu_synchronize_state(CPU(cpu));
87 cpu_fprintf(f, "SLB\tESID\t\t\tVSID\n");
88 for (i = 0; i < env->slb_nr; i++) {
89 slbe = env->slb[i].esid;
90 slbv = env->slb[i].vsid;
91 if (slbe == 0 && slbv == 0) {
94 cpu_fprintf(f, "%d\t0x%016" PRIx64 "\t0x%016" PRIx64 "\n",
99 void helper_slbia(CPUPPCState *env)
101 PowerPCCPU *cpu = ppc_env_get_cpu(env);
102 int n, do_invalidate;
105 /* XXX: Warning: slbia never invalidates the first segment */
106 for (n = 1; n < env->slb_nr; n++) {
107 ppc_slb_t *slb = &env->slb[n];
109 if (slb->esid & SLB_ESID_V) {
110 slb->esid &= ~SLB_ESID_V;
111 /* XXX: given the fact that segment size is 256 MB or 1TB,
112 * and we still don't have a tlb_flush_mask(env, n, mask)
113 * in QEMU, we just invalidate all TLBs
119 tlb_flush(CPU(cpu), 1);
123 void helper_slbie(CPUPPCState *env, target_ulong addr)
125 PowerPCCPU *cpu = ppc_env_get_cpu(env);
128 slb = slb_lookup(cpu, addr);
133 if (slb->esid & SLB_ESID_V) {
134 slb->esid &= ~SLB_ESID_V;
136 /* XXX: given the fact that segment size is 256 MB or 1TB,
137 * and we still don't have a tlb_flush_mask(env, n, mask)
138 * in QEMU, we just invalidate all TLBs
140 tlb_flush(CPU(cpu), 1);
144 int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot,
145 target_ulong esid, target_ulong vsid)
147 CPUPPCState *env = &cpu->env;
148 ppc_slb_t *slb = &env->slb[slot];
149 const struct ppc_one_seg_page_size *sps = NULL;
152 if (slot >= env->slb_nr) {
153 return -1; /* Bad slot number */
155 if (esid & ~(SLB_ESID_ESID | SLB_ESID_V)) {
156 return -1; /* Reserved bits set */
158 if (vsid & (SLB_VSID_B & ~SLB_VSID_B_1T)) {
159 return -1; /* Bad segment size */
161 if ((vsid & SLB_VSID_B) && !(env->mmu_model & POWERPC_MMU_1TSEG)) {
162 return -1; /* 1T segment on MMU that doesn't support it */
165 for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
166 const struct ppc_one_seg_page_size *sps1 = &env->sps.sps[i];
168 if (!sps1->page_shift) {
172 if ((vsid & SLB_VSID_LLP_MASK) == sps1->slb_enc) {
179 error_report("Bad page size encoding in SLB store: slot "TARGET_FMT_lu
180 " esid 0x"TARGET_FMT_lx" vsid 0x"TARGET_FMT_lx,
189 LOG_SLB("%s: %d " TARGET_FMT_lx " - " TARGET_FMT_lx " => %016" PRIx64
190 " %016" PRIx64 "\n", __func__, slot, esid, vsid,
191 slb->esid, slb->vsid);
196 static int ppc_load_slb_esid(PowerPCCPU *cpu, target_ulong rb,
199 CPUPPCState *env = &cpu->env;
200 int slot = rb & 0xfff;
201 ppc_slb_t *slb = &env->slb[slot];
203 if (slot >= env->slb_nr) {
211 static int ppc_load_slb_vsid(PowerPCCPU *cpu, target_ulong rb,
214 CPUPPCState *env = &cpu->env;
215 int slot = rb & 0xfff;
216 ppc_slb_t *slb = &env->slb[slot];
218 if (slot >= env->slb_nr) {
226 void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs)
228 PowerPCCPU *cpu = ppc_env_get_cpu(env);
230 if (ppc_store_slb(cpu, rb & 0xfff, rb & ~0xfffULL, rs) < 0) {
231 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
236 target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb)
238 PowerPCCPU *cpu = ppc_env_get_cpu(env);
241 if (ppc_load_slb_esid(cpu, rb, &rt) < 0) {
242 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
248 target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
250 PowerPCCPU *cpu = ppc_env_get_cpu(env);
253 if (ppc_load_slb_vsid(cpu, rb, &rt) < 0) {
254 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
261 * 64-bit hash table MMU handling
263 void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
266 CPUPPCState *env = &cpu->env;
267 target_ulong htabsize = value & SDR_64_HTABSIZE;
269 env->spr[SPR_SDR1] = value;
272 "Invalid HTABSIZE 0x" TARGET_FMT_lx" stored in SDR1",
276 env->htab_mask = (1ULL << (htabsize + 18 - 7)) - 1;
277 env->htab_base = value & SDR_64_HTABORG;
280 void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
283 CPUPPCState *env = &cpu->env;
284 Error *local_err = NULL;
286 cpu_synchronize_state(CPU(cpu));
289 env->external_htab = hpt;
291 env->external_htab = MMU_HASH64_KVM_MANAGED_HPT;
293 ppc_hash64_set_sdr1(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
296 error_propagate(errp, local_err);
300 /* Not strictly necessary, but makes it clearer that an external
301 * htab is in use when debugging */
305 if (kvmppc_put_books_sregs(cpu) < 0) {
306 error_setg(errp, "Unable to update SDR1 in KVM");
311 static int ppc_hash64_pte_prot(PowerPCCPU *cpu,
312 ppc_slb_t *slb, ppc_hash_pte64_t pte)
314 CPUPPCState *env = &cpu->env;
316 /* Some pp bit combinations have undefined behaviour, so default
317 * to no access in those cases */
320 key = !!(msr_pr ? (slb->vsid & SLB_VSID_KP)
321 : (slb->vsid & SLB_VSID_KS));
322 pp = (pte.pte1 & HPTE64_R_PP) | ((pte.pte1 & HPTE64_R_PP0) >> 61);
329 prot = PAGE_READ | PAGE_WRITE;
350 prot = PAGE_READ | PAGE_WRITE;
355 /* No execute if either noexec or guarded bits set */
356 if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
357 || (slb->vsid & SLB_VSID_N)) {
364 static int ppc_hash64_amr_prot(PowerPCCPU *cpu, ppc_hash_pte64_t pte)
366 CPUPPCState *env = &cpu->env;
368 int prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
370 /* Only recent MMUs implement Virtual Page Class Key Protection */
371 if (!(env->mmu_model & POWERPC_MMU_AMR)) {
375 key = HPTE64_R_KEY(pte.pte1);
376 amrbits = (env->spr[SPR_AMR] >> 2*(31 - key)) & 0x3;
378 /* fprintf(stderr, "AMR protection: key=%d AMR=0x%" PRIx64 "\n", key, */
379 /* env->spr[SPR_AMR]); */
382 * A store is permitted if the AMR bit is 0. Remove write
383 * protection if it is set.
389 * A load is permitted if the AMR bit is 0. Remove read
390 * protection if it is set.
399 uint64_t ppc_hash64_start_access(PowerPCCPU *cpu, target_ulong pte_index)
404 pte_offset = pte_index * HASH_PTE_SIZE_64;
405 if (cpu->env.external_htab == MMU_HASH64_KVM_MANAGED_HPT) {
407 * HTAB is controlled by KVM. Fetch the PTEG into a new buffer.
409 token = kvmppc_hash64_read_pteg(cpu, pte_index);
410 } else if (cpu->env.external_htab) {
412 * HTAB is controlled by QEMU. Just point to the internally
415 token = (uint64_t)(uintptr_t) cpu->env.external_htab + pte_offset;
416 } else if (cpu->env.htab_base) {
417 token = cpu->env.htab_base + pte_offset;
422 void ppc_hash64_stop_access(PowerPCCPU *cpu, uint64_t token)
424 if (cpu->env.external_htab == MMU_HASH64_KVM_MANAGED_HPT) {
425 kvmppc_hash64_free_pteg(token);
429 static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, hwaddr hash,
430 bool secondary, target_ulong ptem,
431 ppc_hash_pte64_t *pte)
433 CPUPPCState *env = &cpu->env;
436 target_ulong pte0, pte1;
437 target_ulong pte_index;
439 pte_index = (hash & env->htab_mask) * HPTES_PER_GROUP;
440 token = ppc_hash64_start_access(cpu, pte_index);
444 for (i = 0; i < HPTES_PER_GROUP; i++) {
445 pte0 = ppc_hash64_load_hpte0(cpu, token, i);
446 pte1 = ppc_hash64_load_hpte1(cpu, token, i);
448 if ((pte0 & HPTE64_V_VALID)
449 && (secondary == !!(pte0 & HPTE64_V_SECONDARY))
450 && HPTE64_V_COMPARE(pte0, ptem)) {
453 ppc_hash64_stop_access(cpu, token);
454 return (pte_index + i) * HASH_PTE_SIZE_64;
457 ppc_hash64_stop_access(cpu, token);
459 * We didn't find a valid entry.
464 static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu,
465 ppc_slb_t *slb, target_ulong eaddr,
466 ppc_hash_pte64_t *pte)
468 CPUPPCState *env = &cpu->env;
471 uint64_t vsid, epnmask, epn, ptem;
473 /* The SLB store path should prevent any bad page size encodings
474 * getting in there, so: */
477 epnmask = ~((1ULL << slb->sps->page_shift) - 1);
479 if (slb->vsid & SLB_VSID_B) {
481 vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT_1T;
482 epn = (eaddr & ~SEGMENT_MASK_1T) & epnmask;
483 hash = vsid ^ (vsid << 25) ^ (epn >> slb->sps->page_shift);
486 vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT;
487 epn = (eaddr & ~SEGMENT_MASK_256M) & epnmask;
488 hash = vsid ^ (epn >> slb->sps->page_shift);
490 ptem = (slb->vsid & SLB_VSID_PTEM) | ((epn >> 16) & HPTE64_V_AVPN);
492 /* Page address translation */
493 qemu_log_mask(CPU_LOG_MMU,
494 "htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx
495 " hash " TARGET_FMT_plx "\n",
496 env->htab_base, env->htab_mask, hash);
498 /* Primary PTEG lookup */
499 qemu_log_mask(CPU_LOG_MMU,
500 "0 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
501 " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx
502 " hash=" TARGET_FMT_plx "\n",
503 env->htab_base, env->htab_mask, vsid, ptem, hash);
504 pte_offset = ppc_hash64_pteg_search(cpu, hash, 0, ptem, pte);
506 if (pte_offset == -1) {
507 /* Secondary PTEG lookup */
508 qemu_log_mask(CPU_LOG_MMU,
509 "1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx
510 " vsid=" TARGET_FMT_lx " api=" TARGET_FMT_lx
511 " hash=" TARGET_FMT_plx "\n", env->htab_base,
512 env->htab_mask, vsid, ptem, ~hash);
514 pte_offset = ppc_hash64_pteg_search(cpu, ~hash, 1, ptem, pte);
520 static unsigned hpte_page_shift(const struct ppc_one_seg_page_size *sps,
521 uint64_t pte0, uint64_t pte1)
525 if (!(pte0 & HPTE64_V_LARGE)) {
526 if (sps->page_shift != 12) {
527 /* 4kiB page in a non 4kiB segment */
530 /* Normal 4kiB page */
534 for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
535 const struct ppc_one_page_size *ps = &sps->enc[i];
538 if (!ps->page_shift) {
542 if (ps->page_shift == 12) {
543 /* L bit is set so this can't be a 4kiB page */
547 mask = ((1ULL << ps->page_shift) - 1) & HPTE64_R_RPN;
549 if ((pte1 & mask) == (ps->pte_enc << HPTE64_R_RPN_SHIFT)) {
550 return ps->page_shift;
554 return 0; /* Bad page size encoding */
557 unsigned ppc_hash64_hpte_page_shift_noslb(PowerPCCPU *cpu,
558 uint64_t pte0, uint64_t pte1,
559 unsigned *seg_page_shift)
561 CPUPPCState *env = &cpu->env;
564 if (!(pte0 & HPTE64_V_LARGE)) {
565 *seg_page_shift = 12;
570 * The encodings in env->sps need to be carefully chosen so that
571 * this gives an unambiguous result.
573 for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
574 const struct ppc_one_seg_page_size *sps = &env->sps.sps[i];
577 if (!sps->page_shift) {
581 shift = hpte_page_shift(sps, pte0, pte1);
583 *seg_page_shift = sps->page_shift;
592 int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr,
593 int rwx, int mmu_idx)
595 CPUState *cs = CPU(cpu);
596 CPUPPCState *env = &cpu->env;
600 ppc_hash_pte64_t pte;
601 int pp_prot, amr_prot, prot;
603 const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC};
606 assert((rwx == 0) || (rwx == 1) || (rwx == 2));
608 /* 1. Handle real mode accesses */
609 if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) {
610 /* Translation is off */
611 /* In real mode the top 4 effective address bits are ignored */
612 raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
613 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
614 PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
619 /* 2. Translation is on, so look up the SLB */
620 slb = slb_lookup(cpu, eaddr);
624 cs->exception_index = POWERPC_EXCP_ISEG;
627 cs->exception_index = POWERPC_EXCP_DSEG;
629 env->spr[SPR_DAR] = eaddr;
634 /* 3. Check for segment level no-execute violation */
635 if ((rwx == 2) && (slb->vsid & SLB_VSID_N)) {
636 cs->exception_index = POWERPC_EXCP_ISI;
637 env->error_code = 0x10000000;
641 /* 4. Locate the PTE in the hash table */
642 pte_offset = ppc_hash64_htab_lookup(cpu, slb, eaddr, &pte);
643 if (pte_offset == -1) {
645 cs->exception_index = POWERPC_EXCP_ISI;
646 env->error_code = 0x40000000;
648 cs->exception_index = POWERPC_EXCP_DSI;
650 env->spr[SPR_DAR] = eaddr;
652 env->spr[SPR_DSISR] = 0x42000000;
654 env->spr[SPR_DSISR] = 0x40000000;
659 qemu_log_mask(CPU_LOG_MMU,
660 "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
662 /* Validate page size encoding */
663 apshift = hpte_page_shift(slb->sps, pte.pte0, pte.pte1);
665 error_report("Bad page size encoding in HPTE 0x%"PRIx64" - 0x%"PRIx64
666 " @ 0x%"HWADDR_PRIx, pte.pte0, pte.pte1, pte_offset);
667 /* Not entirely sure what the right action here, but machine
668 * check seems reasonable */
669 cs->exception_index = POWERPC_EXCP_MCHECK;
674 /* 5. Check access permissions */
676 pp_prot = ppc_hash64_pte_prot(cpu, slb, pte);
677 amr_prot = ppc_hash64_amr_prot(cpu, pte);
678 prot = pp_prot & amr_prot;
680 if ((need_prot[rwx] & ~prot) != 0) {
681 /* Access right violation */
682 qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
684 cs->exception_index = POWERPC_EXCP_ISI;
685 env->error_code = 0x08000000;
687 target_ulong dsisr = 0;
689 cs->exception_index = POWERPC_EXCP_DSI;
691 env->spr[SPR_DAR] = eaddr;
692 if (need_prot[rwx] & ~pp_prot) {
698 if (need_prot[rwx] & ~amr_prot) {
701 env->spr[SPR_DSISR] = dsisr;
706 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
708 /* 6. Update PTE referenced and changed bits if necessary */
710 new_pte1 = pte.pte1 | HPTE64_R_R; /* set referenced bit */
712 new_pte1 |= HPTE64_R_C; /* set changed (dirty) bit */
714 /* Treat the page as read-only for now, so that a later write
715 * will pass through this function again to set the C bit */
719 if (new_pte1 != pte.pte1) {
720 ppc_hash64_store_hpte(cpu, pte_offset / HASH_PTE_SIZE_64,
724 /* 7. Determine the real address from the PTE */
726 raddr = deposit64(pte.pte1 & HPTE64_R_RPN, 0, apshift, eaddr);
728 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
729 prot, mmu_idx, 1ULL << apshift);
734 hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr)
736 CPUPPCState *env = &cpu->env;
739 ppc_hash_pte64_t pte;
743 /* In real mode the top 4 effective address bits are ignored */
744 return addr & 0x0FFFFFFFFFFFFFFFULL;
747 slb = slb_lookup(cpu, addr);
752 pte_offset = ppc_hash64_htab_lookup(cpu, slb, addr, &pte);
753 if (pte_offset == -1) {
757 apshift = hpte_page_shift(slb->sps, pte.pte0, pte.pte1);
762 return deposit64(pte.pte1 & HPTE64_R_RPN, 0, apshift, addr)
766 void ppc_hash64_store_hpte(PowerPCCPU *cpu,
767 target_ulong pte_index,
768 target_ulong pte0, target_ulong pte1)
770 CPUPPCState *env = &cpu->env;
772 if (env->external_htab == MMU_HASH64_KVM_MANAGED_HPT) {
773 kvmppc_hash64_write_pte(env, pte_index, pte0, pte1);
777 pte_index *= HASH_PTE_SIZE_64;
778 if (env->external_htab) {
779 stq_p(env->external_htab + pte_index, pte0);
780 stq_p(env->external_htab + pte_index + HASH_PTE_SIZE_64 / 2, pte1);
782 stq_phys(CPU(cpu)->as, env->htab_base + pte_index, pte0);
783 stq_phys(CPU(cpu)->as,
784 env->htab_base + pte_index + HASH_PTE_SIZE_64 / 2, pte1);
788 void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu,
789 target_ulong pte_index,
790 target_ulong pte0, target_ulong pte1)
793 * XXX: given the fact that there are too many segments to
794 * invalidate, and we still don't have a tlb_flush_mask(env, n,
795 * mask) in QEMU, we just invalidate all TLBs
797 tlb_flush(CPU(cpu), 1);
Code Review / kvmfornfv.git / blob